getpeereid() can now be a library routine using getsockopt() with

SOL_SOCKET and SO_PEERCRED, only issue being that it cannot return
EFAULT for a page fault.  The kernel code will soon be put into
compat, and then in 10 years or so tedu will delete it.
ok guenther millert

3 files changed, 158 insertions, 3 deletions

diff --git a/src/lib/libc/net/Makefile.inc b/src/lib/libc/net/Makefile.inc
index 66f181d473..530bc3f3f0 100644
--- a/src/lib/libc/net/Makefile.inc
+++ b/src/lib/libc/net/Makefile.inc
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile.inc,v 1.47 2010/02/03 20:49:00 miod Exp $
+#       $OpenBSD: Makefile.inc,v 1.48 2010/07/01 19:15:30 deraadt Exp $
 
 # net sources
 .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/net ${LIBCSRCDIR}/net
@@ -7,7 +7,7 @@ CFLAGS+=-DRESOLVSORT
 
 SRCS+=  base64.c freeaddrinfo.c gai_strerror.c getaddrinfo.c gethostnamadr.c \
         getifaddrs.c getnameinfo.c getnetbyaddr.c getnetbyname.c getnetent.c \
-        getnetnamadr.c getproto.c getprotoent.c getprotoname.c \
+        getnetnamadr.c getpeereid.c getproto.c getprotoent.c getprotoname.c \
         getservbyname.c getservbyport.c getservent.c getrrsetbyname.c \
         herror.c if_indextoname.c if_nameindex.c if_nametoindex.c inet_addr.c \
         inet_lnaof.c inet_makeaddr.c inet_neta.c inet_netof.c inet_network.c \
@@ -28,7 +28,7 @@ SRCS+=	ip6opt.c rthdr.c vars6.c
 .include "${LIBCSRCDIR}/arch/${MACHINE_CPU}/net/Makefile.inc"
 
 MAN+=   byteorder.3 ethers.3 gai_strerror.3 getaddrinfo.3 gethostbyname.3 \
-        getifaddrs.3 getnameinfo.3 getnetent.3 getprotoent.3 \
+        getifaddrs.3 getnameinfo.3 getnetent.3 getpeereid.3 getprotoent.3 \
         getrrsetbyname.3 getservent.3 if_indextoname.3 inet.3 \
         inet_net.3 inet6_option_space.3 inet6_rthdr_space.3 \
         inet6_opt_init.3 inet6_rth_space.3 \
diff --git a/src/lib/libc/net/getpeereid.3 b/src/lib/libc/net/getpeereid.3
new file mode 100644
index 0000000000..c1671a7516
--- /dev/null
+++ b/src/lib/libc/net/getpeereid.3
@@ -0,0 +1,119 @@
+.\"     $OpenBSD: getpeereid.3,v 1.1 2010/07/01 19:15:30 deraadt Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"     The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.Dd $Mdocdate: July 1 2010 $
+.Dt GETPEEREID 3
+.Os
+.Sh NAME
+.Nm getpeereid
+.Nd get effective user and group identification of locally-connected peer
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <sys/socket.h>
+.Ft int
+.Fn getpeereid "int s" "uid_t *euid" "gid_t *egid"
+.Sh DESCRIPTION
+.Fn getpeereid
+returns the effective user ID and group ID of the peer connected to
+a
+.Ux Ns -domain
+socket (see
+.Xr unix 4 ) .
+The argument
+.Fa s
+must be of type
+.Dv SOCK_STREAM .
+.Pp
+One common use is for
+.Ux Ns -domain
+servers to determine the credentials of clients that have connected to it.
+.Pp
+.Fn getpeereid
+takes three parameters:
+.Bl -bullet
+.It
+.Fa s
+contains the file descriptor of the socket whose peer credentials
+should be looked up.
+.It
+.Fa euid
+points to a
+.Li uid_t
+variable into which the effective user ID for the connected peer will
+be stored.
+.It
+.Fa egid
+points to a
+.Li gid_t
+variable into which the effective group ID for the connected peer will
+be stored.
+.El
+.Sh RETURN VALUES
+If the call succeeds, a 0 is returned and
+.Fa euid
+and
+.Fa egid
+are set to the effective user ID and group ID of the connected peer.
+Otherwise,
+.Va errno
+is set and a value of \-1 is returned.
+.Sh ERRORS
+On failure,
+.Va errno
+is set to one of the following:
+.Bl -tag -width Er
+.It Bq Er EBADF
+The argument
+.Fa s
+is not a valid descriptor.
+.It Bq Er ENOTSOCK
+The argument
+.Fa s
+is a file, not a socket.
+.It Bq Er EOPNOTSUPP
+The socket is not in the
+.Ux Ns -domain .
+.It Bq Er ENOTCONN
+The socket is not connected.
+.It Bq Er ENOBUFS
+Insufficient resources were available in the system
+to perform the operation.
+.El
+.Sh SEE ALSO
+.Xr accept 2 ,
+.Xr bind 2 ,
+.Xr getpeername 2 ,
+.Xr getsockname 2 ,
+.Xr getsockopt 2 ,
+.Xr socket 2 ,
+.Xr unix 4
+.Sh HISTORY
+The
+.Fn getpeereid
+function call appeared in
+.Ox 3.0 .
diff --git a/src/lib/libc/net/getpeereid.c b/src/lib/libc/net/getpeereid.c
new file mode 100644
index 0000000000..208e541f17
--- /dev/null
+++ b/src/lib/libc/net/getpeereid.c
@@ -0,0 +1,36 @@
+/*      $OpenBSD: getpeereid.c,v 1.1 2010/07/01 19:15:30 deraadt Exp $  */
+
+/*
+ * Copyright (c) 2010 Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+getpeereid(int s, uid_t *euid, gid_t *egid)
+{
+        struct sockpeercred creds;
+        socklen_t credslen = sizeof(creds);
+        int error;
+
+        error = getsockopt(s, SOL_SOCKET, SO_PEERCRED,
+            &creds, &credslen);
+        if (error)
+                return (error);
+        *euid = creds.uid;
+        *egid = creds.gid;
+        return (0);
+}