Implementation of peer credentials for Unix sockets #75148
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @withoutboats (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. Please see the contribution instructions for more information. |
rust-highfive
added
the
S-waiting-on-review
|
Awesome, thanks for the credit and for your additional work on getting this to std! Looking forward to another opportunity when I can use it. :) |
Kixunil
reviewed
Aug 4, 2020
| #[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)] | ||
| pub struct UCred { | ||
| pub uid: uid_t, | ||
| pub gid: gid_t, |
There was a problem hiding this comment.
something_t types are not used in std often (at all?), is this a good idea?
Personally I'd love seeing use of newtypes as done in nix, but not sure if that should go to std.
There was a problem hiding this comment.
I did a quick grep of the codebase and I can see a few places where these are used... I'll leave it as it is for now! If you would strongly like this to change feel free to follow up. 🙂
| let mut ucred_size = ucred_size as u32; | ||
|
|
||
| unsafe { | ||
| let mut ucred: ucred = MaybeUninit::uninit().assume_init(); |
There was a problem hiding this comment.
I don't think assume_init is correct here. I believe raw ptr should be obtained from MaybeUninit, then passed to getsockopt and only after it succeeds calling assume_init
There was a problem hiding this comment.
Done -- I opted against using MemUninit in the end, it doesn't seem necessary.
| &mut ucred_size, | ||
| ); | ||
|
|
||
| if ret == 0 && ucred_size as usize == mem::size_of::<ucred>() { |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
| pub fn peer_cred(socket: &UnixStream) -> io::Result<UCred> { | ||
| unsafe { | ||
| // Create `cred` and attempt to populate it. | ||
| let mut cred: UCred = MaybeUninit::uninit().assume_init(); |
There was a problem hiding this comment.
Same issue with assume_init here
Kixunil
reviewed
Aug 5, 2020
| assert!(ucred_size <= u32::max_value() as usize); | ||
|
|
||
| let mut ucred_size = ucred_size as u32; | ||
| let mut ucred: ucred = ucred { pid: 1, uid: 1, gid: 1 }; |
There was a problem hiding this comment.
Oooh, nice defensive programming using 1 instead of 0! ❤️
tesuji
reviewed
Aug 5, 2020
ionut-arm
reviewed
Aug 5, 2020
Comment on lines
14
to
26
| pub struct UCred { | ||
| pub uid: uid_t, | ||
| pub gid: gid_t, | ||
| } |
There was a problem hiding this comment.
Out of curiosity - why not return the process ID too, since that's returned by the syscall?
There was a problem hiding this comment.
PID is only available on Linux, it's not available on BSD.
There was a problem hiding this comment.
Is it possible to include it (conditionally) on Linux?
There was a problem hiding this comment.
Technically yes. It'd require change of the API due to coding standard in std (mainly using extension traits for additional platforms, IDK why such standard exists).
There was a problem hiding this comment.
Ah, fair enough, I was hoping for a small, clean change :) nevermind then
There was a problem hiding this comment.
Could we make the PID an Option<pid_t>? A quick search reveals that it is in fact supported on quite a few BSD platforms (e.g. FreeBSD).
There was a problem hiding this comment.
Done -- however, my Google-fu is failing me here. I can't find anything about retrieving the PID from a domain socket on FreeBSD. The closest I can find is getpeereid which accepts a UID and GID only. So at the moment, the optional PID is set to None for BSD, and Some(pid) on Linux.
There was a problem hiding this comment.
It seems to have been added relatively recently: https://svnweb.freebsd.org/base?view=revision&revision=348419
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Aug 6, 2020
This authenticator uses Unix peer credentials for authentication. Unix
peer credentials provide direct access to the (effective) uid/gid on the
other end of a domain socket connect, without cooperation between the
endpoints. This means that we can determine the uid/gid of the
connecting process, and therefore infer the username of the user that
owns said process.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- determine the username of the owner of the connecting process based on
the uid.
- creates an `ApplicationName` based on the username.
Note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Aug 6, 2020
This authenticator uses Unix peer credentials for authentication. Unix
peer credentials provide direct access to the (effective) uid/gid on the
other end of a domain socket connect, without cooperation between the
endpoints. This means that we can determine the uid/gid of the
connecting process, and therefore infer the username of the user that
owns said process.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- determine the username of the owner of the connecting process based on
the uid.
- creates an `ApplicationName` based on the username.
Note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Aug 6, 2020
This authenticator uses Unix peer credentials for authentication. Unix
peer credentials provide direct access to the (effective) uid/gid on the
other end of a domain socket connect, without cooperation between the
endpoints. This means that we can determine the uid/gid of the
connecting process, and therefore infer the username of the user that
owns said process.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`uds-authenticator`.
Note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Aug 11, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
|
Hi all! Just gently pinging this PR for review. 🙂 |
crlf0710
added
S-waiting-on-review
|
@joechrisellis thanks but would advise not to ping for reviewers. The triage team currently uses the last time a PR was updated as a parameter to filter which pull requests need to be checked, which means posting a message that doesn't contribute to the PR can delay the process further. In future, if anyone reading this wants to grab attention on a PR that's sitting idle for a while, you can contact the triage-team on zulip and we will take care of it |
|
r? @Amanieu |
joechrisellis
force-pushed
the
master
branch
2 times, most recently
from
d1e209f
to
318f84e
Compare
Amanieu
reviewed
Sep 8, 2020
| pub uid: uid_t, | ||
| pub gid: gid_t, | ||
| // pid field is an option because it is not supported on some platforms. | ||
| pub pid: Option<pid_t>, |
There was a problem hiding this comment.
Could we get doc comments for each of the public fields? In particular the Option<pid_t> should be explained in the docs.
|
@bors r+ |
|
📌 Commit 80860181445f14e6f305c687b2056f11ebc4629a has been approved by |
bors
removed
the
S-waiting-on-review
|
📌 Commit 68ff495 has been approved by |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions, checks-azure |
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 16, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 17, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 17, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 21, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 21, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 21, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 21, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 21, 2020
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
pushed a commit
to joechrisellis/parsec
that referenced
this pull request
Sep 21, 2020
The code introduced in this patch has been cherry-picked from the
following PR:
rust-lang/rust#75148
At the time of writing (16/09/20), this patch is in the nightly Rust
channel. To avoid needing to use the nightly compiler to build Parsec,
this patch includes the change from the standard library to allow us to
use this feature 'early'.
Once the feature hits the stable branch, it should be safe to revert
this commit with `git revert`.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 9, 2020
…s, r=Amanieu ext/ucred: Support PID in peer creds on macOS This is a follow-up to rust-lang#75148 (RFC: rust-lang#42839). The original PR used `getpeereid` on macOS and the BSDs, since they don't (generally) support the `SO_PEERCRED` mechanism that Linux supplies. This PR splits the macOS/iOS implementation of `peer_cred()` from that of the BSDs, since macOS supplies the `LOCAL_PEERPID` sockopt as a source of the missing PID. It also adds a `cfg`-gated tests that ensures that platforms with support for PIDs in `UCred` have the expected data.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The code in
ucred.rsis based on the work done in PR 13 in the tokio-uds repository on GitHub.This commit is effectively a port to the stdlib, so credit to Martin Habovštiak (@Kixunil) and contributors for the meat of this work. 🥇
Happy to make changes as needed. 🙂