[PATCH] server: Add an API to get the socket fd for a client
Pekka Paalanen
ppaalanen at gmail.com
Wed Jan 13 02:35:14 PST 2016
On Wed, 13 Jan 2016 10:02:18 +0000 (GMT)
박성진 <sj76.park at samsung.com> wrote:
> Samsung Enterprise Portal mySingle
>
> Pekka Paalanen, thank you for your review on this. :)
>
>
>
> >The fd may not always be from a socket file, it can also be from a call
> >to socketpair(2).
>
> Yes, exactly.
>
> >Please refer to wl_client_get_credentials() for the
> >caveat there, and evaluate whether it applies to your use case.
> >wl_client_get_fd() doc should probably have a "see also
> >wl_client_get_credentials()" so that someone reading the doc finds out
> >about socketpair().
>
> I'll append "see also wl_client_get_credentials() to wl_client_get_fd() doc. :)
>
>
>
> Regarding your recommendation, as you meant, if I just need to distinguish between
> the client's request and the request from compositor itself, it'll be better to use
> wl_client_get_credentials() because comparing between the compositor's uid and
> the uid from the function will be enough to make a decision for sth.
Hi,
sorry, that sounds completely bogus and I never implied anything like
that.
socketpair() is used for creating a connection before fork()'ing and
exec()'ing a client process, so that the process starts with an already
open connection. In that case, wl_client_get_credentials() provides
wrong information. Particularly the returned PID will be the
compositor's, not the client's. I do not know if the security context
you are interested in suffers from the same problem.
Upstream Weston never sends requests to itself, FWIW. It does use
socketpair() when launching special clients, though.
> In my use case, I would like to get the client fd and check whether the client
> has the needed privilege for doing sth with a request. The security context getting from
> the client fd will be used to check the client's privilege.
Yes, this is clear, assuming the security context information you
receive is actually always correct. I would assume it does not suffer
from the same caveat as getsockopt(SO_PEERCRED), but I don't know that.
Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20160113/ff7a2224/attachment.sig>
More information about the wayland-devel
mailing list