Peer credentials on Unix socket

[Kixunil]

tokio-rs/tokio-uds#13 was recently merged, so I'd like to open an issue of adding same thing to stdlib. TL;DR It allows one to get effective UID and GID of the process which created the remote socket.

I suggest to test it with Tokio now and when there is consensus, we can merge similar change. I need this function, so I'm going to test it anyway.

[Kixunil]

Considering that newtypes for pid_t, uid_t and gid_t landed in nix, we shoul consider using same newtypes in std and then simply reexport them in nix.

[sfackler]

This seems like a reasonable addition. It looks like there are some extra platforms that require special handling though - Solaris and FreeBSD: https://doxygen.postgresql.org/getpeereid_8c_source.html

[Kixunil]

The implementation in tokio handles Linux and FreeBSD (incl. macOS). I doesn't handle Solaris because I don't have Solaris machine.

[dtolnay]

This isn't my area of expertise but I would be interested to see an API proposed for this in a PR.

[joechrisellis]

Hi guys. We're quite keen for something like this in the stdlib. The implementation in the Tokio repository looks good to me, and from a cursory glance it looks like the stdlib can be very similar. I'm happy to give this a crack -- should I submit an RFC first or is a normal code pull request OK? 😄

Cheers! 🙂

[hug-dev]

The PR which implements this issue is ready for review 🚀
#75148

[Kixunil]

Since the PR was merged should the labels (and perhaps also the title) be updated to tracking issue?

[hug-dev]

I would agree with that!
I guess the steps to follow for stabilization are here?

[woodruffw]

I noticed that #75148 doesn't include the PID on macOS/iOS, presumably because it uses getpeereid. However, macOS/iOS do provide LOCAL_PEERPID, which can be used with getsockopt to get just the peer's PID. Would anybody be opposed to a follow-up PR that adds support via LOCAL_PEERPID on macOS?

[Kixunil]

Yeah, I don't see a reason to not do that. It'd be nice to document which platforms support it.

[woodruffw]

Yeah, I don't see a reason to not do that. It'd be nice to document which platforms support it.

Sounds good! I've opened #79387. And yeah, documentation for these across the different Unices can be difficult to find:

• OpenBSD appears to support SO_PEERCRED with a structure definition that's identical to Linux's ucred: https://github.com/openbsd/src/blob/0e2efb92954da6bfe2c3ee0a27e3261f42d5f339/sys/sys/socket.h#L300

• FreeBSD supports LOCAL_PEERCRED with a xucred ("extended" ucred?) structure that includes a PID: https://github.com/freebsd/freebsd/blob/b7a3cee9e0227e0787cbfb3408d6a3ec26d1ac86/sys/sys/ucred.h#L98

• NetBSD supports LOCAL_PEEREID like macOS, but actually includes the PID: https://man.netbsd.org/unix.4

[tormol]

The cr_pid on FreeBSD was added somewhat recently and is only available in FreeBSD 13 which is not released yet. The man page for FreeBSD 12 doesn't mention it.

The uds crate can be used to get peer credentials for blocking sockets on stable.

[Kixunil]

I write which platforms std supports in its doc comment.

[voidc]

With #69864 merged there are now two very similar types: UCred and SocketCred. Can these two types be combined into one?

[woodruffw]

With #69864 merged there are now two very similar types: UCred and SocketCred. Can these two types be combined into one?

Potentially? Looking at the current code, the two currently perform slightly different functions: UCred (which I think is badly named, more on that below) is used in a somewhat platform agnostic way to get the peer credentials associated with a domain socket client, while SocketCred seems to be associated with ancillary data mechanisms that I'm not 100% clear on (I've never touched them at all).

IMO, it makes sense to rename UCred to PeerCred (since struct ucred is a non-POSIX implementation detail and we're only using it in a peer credential context) and to unify it with SocketCred, if possible. I'm not sure about the latter, since it means changing Option<pid_t> to a standalone pid_t, and I'm not sure if all (Unixy) OSes support getting a peer's PID.

[Kixunil]

I'm not sure if all (Unixy) OSes support getting a peer's PID.

They don't, that's the reason there's Option in the first place. The structs seem to be sufficiently different to be different types but I may be missing something.

[woodruffw]

They don't, that's the reason there's Option in the first place.

I'm not sure if it's 100% of Unices, but I think almost all of them support some mechanism for getting the peer's PID. It's just not through struct ucred, hence my comment about UCred being a misleading wrapper.

For example, macOS doesn't have a PID in its struct ucred, but it does support getting the peer's PID through the LOCAL_PEERPID sockopt. All of the BSDs expose similar mechanisms.

[Kixunil]

UCred being a misleading wrapper.

Sure, I agree with renaming.

but it does support getting the peer's PID through the LOCAL_PEERPID sockopt.

Yes, this is implemented. :)

All of the BSDs expose similar mechanisms.

A PR would be nice if you happen to have some experience with this. Shouldn't be big, most of the stuff is already there.

[woodruffw]

A PR would be nice if you happen to have some experience with this. Shouldn't be big, most of the stuff is already there.

I can definitely try! I have #79387 open for macOS right now, and I'll try to get some similar ones in the pipeline for the BSDs.

[msolters]

What is the current status of this feature peer_credentials_unix_socket graduating to stable? I was surprised to find this issue is 5 years old.
It's a great feature but it sucks having to be on nightly to get it!

[Kixunil]

Looks like there were at least no complaints about it apart from UCred being misleading name. Looking at the docs the struct description could use some polishing. Maybe open an ACP? If you have some experience with using it on nightly that should help. I changed my interests over time and don't have it.

[woodruffw]

I'm happy to help with the stabilization here as well.

@msolters: if you do an ACP for renaming UCred, I'd suggest PeerCred (per #42839 (comment)). Otherwise, I can do the ACP and from there begin the stabilization process (at least the outsider bits).