> The security issue is why I developed it. There were complaints from people
> who did not want to have identd running at all.
>
> I think the feature is available in Linux, Solaris and some BSD. It can be
> tested for by whether SO_PEERCRED is defined in sys/socket.h.
Yes, I see something similar in BSD/OS. Manual page attached.
>
> I don't see the need to strip mention from the comments in pg_hba.conf. The
> situation is no different from those systems which do not have Kerberos or
> SSL available.
Yea, I guess.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
RECV(2) BSD Programmer's Manual RECV(2)
NAME
recv, recvfrom, recvmsg - receive a message from a socket
SYNOPSIS
#include <sys/types.h>
#include <sys/socket.h>
ssize_t
recv(int s, void *buf, size_t len, int flags);
ssize_t
recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from,
socklen_t *fromlen);
ssize_t
recvmsg(int s, struct msghdr *msg, int flags);
DESCRIPTION
The recvfrom() and recvmsg() calls are used to receive messages from a
socket, and may be used to receive data on a socket whether or not it is
connection-oriented.
If from is non-null, and the socket is not connection-oriented, the
source address of the message is filled in. The fromlen pointer refers
to a value-result parameter; it should initially contain the amount of
space pointed to by from; on return that location will contain the actual
length (in bytes) of the address returned. If the buffer provided is too
small, the name is truncated and the full size is returned in the loca-
tion to which fromlen points. If from is null, the value pointed to by
fromlen is not modified. Otherwise, if the socket is connection-orient-
ed, the address buffer will not be modified, and the value pointed to by
fromlen will be set to zero.
The recv() call is normally used only on a connected socket (see
connect(2)) and is identical to recvfrom() with a nil from parameter.
As it is redundant, it may not be supported in future releases.
All three routines return the length of the message on successful comple-
tion. If a message is too long to fit in the supplied buffer, excess
bytes may be discarded depending on the type of socket the message is re-
ceived from (see socket(2)).
If no messages are available at the socket, the receive call waits for a
message to arrive, unless the socket is nonblocking (see fcntl(2)) in
which case the value -1 is returned and the external variable errno set
to EAGAIN. The receive calls normally return any data available, up to
the requested amount, rather than waiting for receipt of the full amount
requested; this behavior is affected by the socket-level options
SO_RCVLOWAT and SO_RCVTIMEO described in getsockopt(2).
The select(2) call may be used to determine when more data arrive.
The flags argument to a recv call is formed by or'ing one or more of the
values:
MSG_OOB process out-of-band data
MSG_PEEK peek at incoming message
MSG_WAITALL wait for full request or error
The MSG_OOB flag requests receipt of out-of-band data that would not be
received in the normal data stream. Some protocols place expedited data
at the head of the normal data queue, and thus this flag cannot be used
with such protocols. The MSG_PEEK flag causes the receive operation to
return data from the beginning of the receive queue without removing that
data from the queue. Thus, a subsequent receive call will return the
same data. The MSG_WAITALL flag requests that the operation block until
the full request is satisfied. However, the call may still return less
data than requested if a signal is caught, an error or disconnect occurs,
or the next data to be received is of a different type than that re-
turned.
The recvmsg() call uses a msghdr structure to minimize the number of di-
rectly supplied parameters. This structure has the following form, as
defined in <sys/socket.h>:
struct msghdr {
caddr_t msg_name; /* optional address */
u_int msg_namelen; /* size of address */
struct iovec *msg_iov; /* scatter/gather array */
u_int msg_iovlen; /* # elements in msg_iov */
caddr_t msg_control; /* ancillary data, see below */
u_int msg_controllen; /* ancillary data buffer len */
int msg_flags; /* flags on received message */
};
If msg_name is non-null, and the socket is not connection-oriented, the
source address of the message is filled in. The amount of space avail-
able for the address is provided by msg_namelen, which is modified on re-
turn to reflect the length of the stored address. If the buffer is too
small, the address is truncated; this is indicated when msg_namelen is
less than the length embedded in the address (sa_len). If msg_name is
null, msg_namelen is not modified. Otherwise, if the socket is connec-
tion-oriented, the address buffer will not be modified, and msg_namelen
will be set to zero.
Msg_iov and msg_iovlen describe scatter gather locations, as discussed in
read(2). Msg_control, which has length msg_controllen, points to a
buffer for other protocol control related messages or other miscellaneous
ancillary data. The messages are of the form:
struct cmsghdr {
u_int cmsg_len; /* data byte count, including hdr */
int cmsg_level; /* originating protocol */
int cmsg_type; /* protocol-specific type */
/* followed by
u_char cmsg_data[]; */
};
As an example, one could use this to learn of changes in the data-stream
in XNS/SPP, or in ISO, to obtain user-connection-request data by request-
ing a recvmsg with no data buffer provided immediately after an accept()
call.
Open file descriptors are now passed as ancillary data for AF_LOCAL do-
main sockets, with cmsg_level set to SOL_SOCKET and cmsg_type set to
SCM_RIGHTS.
The msg_flags field is set on return according to the message received.
MSG_EOR indicates end-of-record; the data returned completed a record
(generally used with sockets of type SOCK_SEQPACKET). MSG_TRUNC indicates
that the trailing portion of a datagram was discarded because the data-
gram was larger than the buffer supplied. MSG_CTRUNC indicates that some
control data were discarded due to lack of space in the buffer for ancil-
lary data. MSG_OOB is returned to indicate that expedited or out-of-band
data were received.
RETURN VALUES
These calls return the number of bytes received, or -1 if an error oc-
curred.
EXAMPLES
The following code is an example of parsing the control information re-
turned in the msg_control field. This example shows how to parse the
control messages for a localdomain(4) socket to obtain passed file de-
scriptors and the sender's credentials.
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/ucred.h>
struct msghdr msghdr;
struct cmsghdr *cm;
struct fcred *fc; /* Pointer to the credentials */
int fdcnt; /* The number of file descriptors passed */
int *fds; /* The passed array of file descriptors */
#define ENOUGH_CMSG(p, size) ((p)->cmsg_len >= ((size) + sizeof(*(p))))
fc = NULL;
fdcnt = 0;
fds = NULL;
if (msghdr.msg_controllen >= sizeof (struct cmsghdr) &&
(msghdr.msg_flags & MSG_CTRUNC) == 0) {
for (cm = CMSG_FIRSTHDR(&msghdr);
cm != NULL && cm->cmsg_len >= sizeof(*cm);
cm = CMSG_NXTHDR(&msghdr, cm)) {
if (cm->cmsg_level != SOL_SOCKET)
continue;
switch (cm->cmsg_type) {
case SCM_RIGHTS:
fdcnt = (cm->cmsg_len - sizeof(*cm)) / sizeof(int);
fds = (int *)CMSG_DATA(cm);
break;
case SCM_CREDS:
if (ENOUGH_CMSG(cm, sizeof(*fc)))
fc = (struct fcred *)CMSG_DATA(cm);
break;
}
}
}
ERRORS
The calls fail if:
[EBADF] The argument s is an invalid descriptor.
[ENOTCONN] The socket is associated with a connection-oriented protocol
and has not been connected (see connect(2) and accept(2)).
[ENOTSOCK] The argument s does not refer to a socket.
[EAGAIN] The socket is marked non-blocking, and the receive operation
would block, or a receive timeout had been set, and the time-
out expired before data were received.
[EINTR] The receive was interrupted by delivery of a signal before
any data were available.
[EFAULT] The receive buffer pointer(s) point outside the process's ad-
dress space.
SEE ALSO
fcntl(2), read(2), select(2), getsockopt(2), socket(2), ip(4), lo-
cal(4)
HISTORY
The recv function call appeared in 4.2BSD.
4.3-Reno Berkeley Distribution February 21, 1994 4