Brian Vetter wrote:
> I've been using getpeerucred on my server to capture the credentials of the 
> connecting process successfully. Recently, I was asked to verify the 
> credentials of the server from the client side of the connection so after 
> reading the getpeerucred(3C) manual page, it would appear that they would be 
> available after the call to connect().
> 
> What I am seeing is that getpeerucred() is providing me with the credentials 
> of the client side of the connection (not the server side as I had hoped). I 
> see my connecting processes uid/euid, gid/egid, etc and not the server 
> processes information.
> 
> I thought that perhaps since this was in a zone, TX environment that it could 
> have been due to the fact that it was over a MLP, but I tried it within a 
> single zone and got the same results. I'm currently running this on Solaris 
> 10 8/07 with TX installed.
> 
> So is it the case that getpeerucred should return the server credentials to 
> the connecting side of the INET socket? Or am I reading the man page 
> incorrectly?

getpeerucred(2) says:

                                A process that initiates a con-
      nection retrieves the credentials of its peer  at  the  time
      the  peer's endpoint was created. A process that listens for
      connections retrieves the credentials of  the  peer  at  the
      time the peer initiated the connection.


So it depends on what the creds of the server program were when it 
created the end point.

Since this is on Solaris 10 it is probably best you follow up by logging 
a Sun Service contract call.

-- 
Darren J Moffat

Reply via email to