A bug with getsockopt(SOL_LOCAL, LOCAL_PEERCRED) ?

Wed Apr 21 22:00:30 UTC 2021

On 2021-Apr-21, at 11:27, Gleb Popov <arrowd at freebsd.org> wrote:

>> On Thu, Apr 15, 2021 at 10:58 PM Mark Millard <marklmi at yahoo.com> wrote:
>> The way I read the above quote and your code and
>> related documentation: s2 after the accept4 assignment
>> is specific to the client's specific connect and
>> will give access to the connected user's credentials
>> --but s is not specific to the specific connect in
>> question (after that assignment or later) and would
>> not give the information that you indicate that you
>> want: you need a connection-specific identifier.
>> 
>> In other words, it looks to me like what you quoted
>> agrees with what Konstantin reported.
>> 
>> . . .
> 
> 
> This makes sense, thanks.
> 
> However, this code works on Linux and seems to return credentials of the user that started the process. I actually stumbled upon this when porting this code: https://github.com/CollaboraOnline/online/blob/master/net/Socket.cpp#L805
> 
> Would it make sense if FreeBSD followed Linux semantics in this case? If not, what are my options for porting the software?

From what I can tell . . .

FreeBSD defines LOCAL_PEERCRED and what goes with its use, not linux.
Linux defines SO_PEERCRED and what goes with its use, not FreeBSD.

If I understand right, your code is incompatible with the referenced
CollaboraOnline  code from just after the #else (so __FreeBSD__ case,
not the linux case):

getsockopt(getFD(), 0, LOCAL_PEERCRED, &creds, &credSize)
vs. your:
getsockopt(s, SOL_LOCAL, LOCAL_PEERCRED, &creds, &credSize)

Note the 0 vs. the SOL_LOCAL. Your code is a mix of Linux
and FreeBSD code when it should not be.

See also the following that involved replacing a SOL_LOCAL
with a 0 for getsockopt used with LOCAL_PEERCRED:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234722

===
Mark Millard
marklmi at yahoo.com
( dsl-only.net went
away in early 2018-Mar)