search for: scm_credentials

...mments From carl at chage.com 2003-01-10 05:38 ------- I noticed the same problem with a compile error where ucred is undefined in SUSE Linux 6.1. The problem is the test for SO_PEERCRED-- the feature is not available even though the define is present. In my linux/socket.h there is a "#define SCM_CREDENTIALS" next to the ucred definition, so the change from #if defined(SO_PEERCRED) to #if defined(SO_PEERCRED) && defined(SCM_CREDENTIALS) solves the compile problem, but I don't know which other distributions have the same. It may be SCM_CREDS or SCM_RIGHTS. Perhaps the only good way...

On Wed, 2018-08-22 at 09:02 -0500, kevin martin wrote: > Simple seems to have fixed it. I was also trying with "forking" as > the > type and that was failing as well. That is not as simple as that -- we lived with "simple" for long time, but it was not covering some corner cases so we ended up using the sd_notify, since that was the only reliable way for systemd to

...vileges. The sample program is a primitve modem manager that hands out open file descriptors to modems. This is done by passing the file descriptor over a UNIX domain socket. The protocol also provides for some kind of authentication, but it''s not really good. Recent 2.1 kernels provide SCM_CREDENTIALS passing, which could be used here. The source can be found on ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir/modemmgr-0.2.tar.gz Feedback welcome, Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir....

...ould be good to have sshd integrate with systemd here, but we need to avoid the libsystemd dependency. Fortunately, sd_notify() doesn't need to do all too much; almost everything is used before in the OpenSSH codebase, so it's easy enough to add local code for it. It's a sendmsg() with SCM_CREDENTIALS to the AF_UNIX SOCK_DGRAM named in $NOTIFY_SOCKET. The file descriptor passing code in monitor_fdpass.c sends other messages with ancillary data. Damien, how do you feel about adding the notification without the dependency, maybe conditioned on a configure.ac check for (Linux-only) SCM_CREDENTIA...

...setuid enabled (and at first glance, setuid privileges seem to be handled quite carefully). We''re currently looking into this. Anybody would like to share their experience with making LPRng setuid root? Cheers Olaf PS: Excercise to the reader:-) Problems like this can be solved using the SCM_CREDENTIALS stuff in 2.1.x kernels. Lpr can authenticate itself with the local lpd via a unix socket, and have lpd forward the job to the remote printer using a privileged port. Any takers? -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@monad.swb.de | / | \ sol.dhoop....

as the next klibc release 1.5.16 looks like shaping up, I have a trouble to build that for Debian. currently I build depent on linux-libc-dev, I don't know what against I can build latest klibc, see klibc fails to build due too: make -C linux/ ARCH=x86_64 INSTALL_HDR_PATH=debian/tmp/usr/lib/klibc/ headers_install make[3]: *** No rule to make target `headers_install'. Stop. make[2]: ***

...ine struct cmsghdr * cmsg_nxthdr (struct msghdr *__msg, struct cmsghdr *__cmsg) +{ + return __cmsg_nxthdr(__msg->msg_control, __msg->msg_controllen, __cmsg); +} + +/* "Socket"-level control message types: */ + +#define SCM_RIGHTS 0x01 /* rw: access rights (array of int) */ +#define SCM_CREDENTIALS 0x02 /* rw: struct ucred */ +#define SCM_SECURITY 0x03 /* rw: security label */ + +struct ucred { + __u32 pid; + __u32 uid; + __u32 gid; +}; +#endif /* CMSG_FIRSTHDR */ + __extern int socket(int, int, int); __extern int bind(int, struct sockaddr *, int); commit 23d04ca085b97f8075b0e2296e54...