Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for SO_PEERCRED #4

Closed
cgwalters opened this issue Aug 30, 2022 · 1 comment · Fixed by #5
Closed

support for SO_PEERCRED #4

cgwalters opened this issue Aug 30, 2022 · 1 comment · Fixed by #5

Comments

@cgwalters
Copy link
Collaborator

In one project I'm using SO_PEERCRED: https://github.com/coreos/bootupd/blob/main/src/ipc.rs - looking at using this crate instead. What do you think about exposing that via an API?

The usual pattern here is to pass credentials on the first message. In the above code I represented this as a state machine encoded via structs; e.g. perhaps we'd add RawAuthenticatingSender and RawUnauthenticatedReceiver, where e.g.

impl RawUnauthenticatedReceiver {
   pub async fn recv(self) -> Result<(RawReceiver, Credentials, Vec<u8>, Option<Vec<RawFd>>)>

Note this consumes the unauthenticated type and returns credentials. Would need to debate exposing e.g. https://docs.rs/nix/latest/nix/sys/socket/struct.UnixCredentials.html or (probably better for semver) a new struct here.

Alternatively we could add recv_with_creds() and send_with_creds() to the raw types.
@mitsuhiko
Copy link
Owner

Good question. While I think the RawUnauthenticatedReceiver is interesting I wonder if it's not in practice too impractical to have to swap the type after the first message. I'm slightly favoring the recv_with_creds option. This would also translate better through the serde version if needed.

@cgwalters cgwalters mentioned this issue Aug 31, 2022
Open
cgwalters added a commit to cgwalters/tokio-unix-ipc that referenced this issue Sep 14, 2022
@cgwalters
raw: Add methods to send and receive msgs with Unix credentials
54dfeb2 
I have several projects that might make use of this crate, and one
of them today uses `SO_PEERCRED` to validate the sender's identity.

Add basic support for this.

I chose to make a small new struct for credentials
instead of exposing nix in our public types (perhaps we want to use
rustix in the future, etc.)

Closes: mitsuhiko#4
cgwalters added a commit to cgwalters/tokio-unix-ipc that referenced this issue Sep 14, 2022
@cgwalters
raw: Add methods to send and receive msgs with Unix credentials
edf2b9d 
I have several projects that might make use of this crate, and one
of them today uses `SO_PEERCRED` to validate the sender's identity.

Add basic support for this.

I chose to make a small new struct for credentials
instead of exposing nix in our public types (perhaps we want to use
rustix in the future, etc.)

Closes: mitsuhiko#4
@cgwalters cgwalters mentioned this issue Sep 14, 2022
Merged
cgwalters added a commit to cgwalters/tokio-unix-ipc that referenced this issue Sep 14, 2022
@cgwalters
raw: Add methods to send and receive msgs with Unix credentials
512e34a 
I have several projects that might make use of this crate, and one
of them today uses `SO_PEERCRED` to validate the sender's identity.

Add basic support for this.

I chose to make a small new struct for credentials
instead of exposing nix in our public types (perhaps we want to use
rustix in the future, etc.)

Closes: mitsuhiko#4
cgwalters added a commit to cgwalters/tokio-unix-ipc that referenced this issue Sep 14, 2022
@cgwalters
raw: Add methods to send and receive msgs with Unix credentials
06a1d7a 
I have several projects that might make use of this crate, and one
of them today uses `SO_PEERCRED` to validate the sender's identity.

Add basic support for this.

I chose to make a small new struct for credentials
instead of exposing nix in our public types (perhaps we want to use
rustix in the future, etc.)

Closes: mitsuhiko#4
cgwalters added a commit to cgwalters/tokio-unix-ipc that referenced this issue Sep 14, 2022
@cgwalters
raw: Add methods to send and receive msgs with Unix credentials
707ea67 
I have several projects that might make use of this crate, and one
of them today uses `SO_PEERCRED` to validate the sender's identity.

Add basic support for this.

I chose to make a small new struct for credentials
instead of exposing nix in our public types (perhaps we want to use
rustix in the future, etc.)

Closes: mitsuhiko#4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

raw: Add methods to send and receive msgs with Unix credentials cgwalters/tokio-unix-ipc
2 participants
@mitsuhiko @cgwalters