Access to Unix Domain Socket Peer Credentials in Go
622 views
Skip to first unread message
Dave Quigley
Feb 26, 2018, 5:38:59 PM2/26/18
to grpc.io
Hello,
I am writing a client which uses gRPC to communicate remotely to another gRPC service but also locally receives requests using gRPC on a UNIX domain socket. Part of the request to the remote service is some information about the requesting process such as the uid and gid it is running as. Normally I would be able to get a ucred structure using SO_PEERCRED on the socket descriptor however I don't see a way to do that in the interfaces provided to Go. I can't rely on the process to provide that info in its request because there is no guarantee that it won't lie so the best way is to get this information from the kernel itself. Does anyone know how I might accomplish this? Would this require modifications to the core grpc libraries?
Dave
Doug Fawley
Feb 28, 2018, 7:29:50 PM2/28/18
to grpc.io
Hi Dave,
Great question! You should be able to get exactly what you want by doing the following:
1. Create a TransportCredentials with a ServerHandshake function that gets the information you need from the net.Conn* and includes it in the returned AuthInfo. (It can return the net.Conn passed to it without doing any handshaking or wrapping.)
2. In your service's RPC handler, retrieve the AuthInfo from the context using peer.FromContext.
* - It sounds like you may have also been unsure of how to get the info from the net.Conn; I found this example to show how to do that.
Thanks,
* - It sounds like you may have also been unsure of how to get the info from the net.Conn; I found this example to show how to do that.
Thanks,
Doug
Dave Quigley
Feb 28, 2018, 11:16:31 PM2/28/18
to grpc.io
Hi Doug,
Thank you for the info. This is exactly what I needed. I wasn't sure if this was possible without having to modify the core grpc go code but I'm glad to see I don't need to do that. The example for pulling the peercreds is exactly the one I found and was using in my tests. I'll look into how to create a custom TransportCredentials for this. Are there any examples for doing this in the repo or will I have to crawl through documentation to figure it out?
Dave
smita deshpande
Jul 13, 2023, 3:01:17 PM7/13/23
to grpc.io
I am not able to access this example. Do you have any other source. I am exploring solution for running grpc in kernel mode for. a client
Reply all
Reply to author
Forward
0 new messages