implement djb's getpeereid(2), to allow local-domain servers to determine client credentials. mostly from superscript.com. deraadt@ ok

4 files changed, 125 insertions, 4 deletions

diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index f5be72d2c2e..1462401308e 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.43 2001/03/14 04:01:59 aaron Exp $
+#	$OpenBSD: Makefile.inc,v 1.44 2001/06/26 19:56:52 dugsong Exp $
 #	$NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $
 #	@(#)Makefile.inc	8.1 (Berkeley) 6/17/93
 
@@ -37,7 +37,8 @@ ASM=	accept.o access.o acct.o adjtime.o bind.o chdir.o chflags.o chmod.o \
 	fchflags.o fchmod.o fchown.o fcntl.o fhopen.o fhstat.o fhstatfs.o \
 	flock.o fpathconf.o fstat.o \
 	fstatfs.o fsync.o futimes.o getdirentries.o getegid.o geteuid.o \
-	getfh.o getfsstat.o getgid.o getgroups.o getitimer.o getpeername.o \
+	getfh.o getfsstat.o getgid.o getgroups.o getitimer.o getpeereid.o \
+	getpeername.o \
 	getpgid.o \
 	getpgrp.o getpid.o getppid.o getpriority.o getrlimit.o getrusage.o \
 	getsid.o \
diff --git a/lib/libc/sys/getpeereid.2 b/lib/libc/sys/getpeereid.2
new file mode 100644
index 00000000000..23eff8ee7a9
--- /dev/null
+++ b/lib/libc/sys/getpeereid.2
@@ -0,0 +1,118 @@
+.\"	$OpenBSD: getpeereid.2,v 1.1 2001/06/26 19:56:52 dugsong Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.Dd June 26, 2001
+.Dt GETPEEREID 2
+.Os
+.Sh NAME
+.Nm getpeereid
+.Nd get effective user and group identification of locally-connected peer
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <sys/socket.h>
+.Ft int
+.Fn getpeereid "int s" "uid_t *euid" "gid_t *egid"
+.Sh DESCRIPTION
+.Fn getpeereid
+returns the effective user ID and group ID of the peer connected to
+the UNIX domain socket
+.Fa s .
+
+One common use is for UNIX domain servers to determine the credentials
+of clients that have connected to it.
+.Pp
+.Fn getpeereid
+takes three parameters:
+.Pp
+.Fa s
+Contains the file descriptor of the socket whose peer credentials
+should be looked up.
+.Pp
+.Fa euid
+Points to a
+.Li uid_t
+variable into which the effective user ID for the connected peer will
+be stored.
+.Pp
+.Fa guid
+Points to a
+.Li gid_t
+variable into which the effective group ID for the connected peer will
+be stored.
+.Sh RETURN VALUES
+If the call succeeds, a 0 is returned and
+.Fa euid
+and
+.Fa egid
+are set to the effective user ID and group ID of the connected peer.
+Otherwise,
+.Va errno
+is set and a value of \-1 is returned.
+.Sh ERRORS
+On failure,
+.Va errno
+is set to one of the following:
+.Bl -tag -width Er
+.It Bq Er EBADF
+The argument
+.Fa s
+is not a valid descriptor.
+.It Bq Er ENOTSOCK
+The argument
+.Fa s
+is a file, not a socket.
+.It Bq Er EOPNOTSUPP
+The socket is not in the UNIX domain.
+.It Bq Er ENOTCONN
+The socket is not connected.
+.It Bq Er ENOBUFS
+Insufficient resources were available in the system
+to perform the operation.
+.It Bq Er EFAULT
+The
+.Fa euid
+or
+.Fa egid
+parameters point to memory not in a valid part of the
+process address space.
+.El
+.Sh SEE ALSO
+.Xr accept 2 ,
+.Xr bind 2 ,
+.Xr getsockname 2 ,
+.Xr getpeername 2 ,
+.Xr socket 2
+.Sh HISTORY
+The
+.Fn getpeereid
+function call appeared in
+.Ox 3.0 .
diff --git a/lib/libc/sys/getpeername.2 b/lib/libc/sys/getpeername.2
index 1d51351d687..b5503153b18 100644
--- a/lib/libc/sys/getpeername.2
+++ b/lib/libc/sys/getpeername.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: getpeername.2,v 1.15 2001/06/25 00:13:22 pjanzen Exp $
+.\"	$OpenBSD: getpeername.2,v 1.16 2001/06/26 19:56:52 dugsong Exp $
 .\"	$NetBSD: getpeername.2,v 1.6 1995/10/12 15:40:56 jtc Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -132,6 +132,7 @@ process address space.
 .Xr accept 2 ,
 .Xr bind 2 ,
 .Xr getsockname 2 ,
+.Xr getpeereid 2 ,
 .Xr socket 2
 .Sh HISTORY
 The
diff --git a/lib/libc/sys/getsockname.2 b/lib/libc/sys/getsockname.2
index c960ed77f6a..b1b15fb48c5 100644
--- a/lib/libc/sys/getsockname.2
+++ b/lib/libc/sys/getsockname.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: getsockname.2,v 1.14 2000/10/18 05:12:09 aaron Exp $
+.\"	$OpenBSD: getsockname.2,v 1.15 2001/06/26 19:56:52 dugsong Exp $
 .\"	$NetBSD: getsockname.2,v 1.6 1995/10/12 15:41:00 jtc Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -152,6 +152,7 @@ process address space.
 .Xr accept 2 ,
 .Xr bind 2 ,
 .Xr getpeername 2 ,
+.Xr getpeereid 2 ,
 .Xr socket 2
 .Sh BUGS
 Names bound to sockets in the UNIX domain are inaccessible;