Brian Vetter wrote: > I've been using getpeerucred on my server to capture the credentials of the > connecting process successfully. Recently, I was asked to verify the > credentials of the server from the client side of the connection so after > reading the getpeerucred(3C) manual page, it would appear that they would be > available after the call to connect(). > > What I am seeing is that getpeerucred() is providing me with the credentials > of the client side of the connection (not the server side as I had hoped). I > see my connecting processes uid/euid, gid/egid, etc and not the server > processes information. > > I thought that perhaps since this was in a zone, TX environment that it could > have been due to the fact that it was over a MLP, but I tried it within a > single zone and got the same results. I'm currently running this on Solaris > 10 8/07 with TX installed. > > So is it the case that getpeerucred should return the server credentials to > the connecting side of the INET socket? Or am I reading the man page > incorrectly?
getpeerucred(2) says: A process that initiates a con- nection retrieves the credentials of its peer at the time the peer's endpoint was created. A process that listens for connections retrieves the credentials of the peer at the time the peer initiated the connection. So it depends on what the creds of the server program were when it created the end point. Since this is on Solaris 10 it is probably best you follow up by logging a Sun Service contract call. -- Darren J Moffat