On Wed, Aug 09, 2000 at 12:19:04PM -0700, web-netbsd@superscript.com wrote:

 > >Synopsis:       getpeereid system call

 > 	A local-domain server uses getpeereid() to obtain
 > 	credentials from clients.  Credentials are passed
 > 	when the client calls connect() and do not require
 > 	that the client send any data.

I implemented a different mechanism, the LOCAL_CREDS socket option,
which is based on the BSD/OS method as described by Stevens, some
time ago, and will appear in NetBSD 1.5.  NetBSD's libc/rpc library
already uses it.

LOCAL_CREDS, set by a server listening on a Unix domain socket,
causes a "sockcreds" message (which includes the supplemental group
list for the user, as well) to come in as ancillary data.  This
happens for every datagram in the SOCK_DGRAM case, and upon the
client's first send of data in the SOCK_STREAM case.

It is not possible for the client to forge the credentials.

 > 	I would like to see getpeereid() or sufficient basis for
 > 	it incorporated into future NetBSD releases so that we
 > 	can all use ucspi-ipc without the need for a kernel patch.

I suppose NetBSD *could* add getpeereid(), but we already have
a (more flexible mechanism), and if ucspi-ipc were changed to
use it, we still wouldn't need a kernel patch :-)

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>