David Markey wrote:
netbsd# /usr/pkg/libexec/slapd -V @(#) $OpenLDAP: slapd 2.4.11 (Sep 15 2008 00:03:54) $ root@netbsd.dmarkey.com:/usr/pkgsrc/databases/openldap-server/work/openldap-2.4.11/servers/slapd
netbsd# ldapsearch -x -H ldapi:// -b '' -s base -LLL supportedSASLMechanisms dn:
External isnt listed.
Pretty sure none of what you quoted below is supported (yet). As far as I knew, the *BSDs all provided a native getpeereid() function so nothing else was needed. At least, FreeBSD and OpenBSD do. If NetBSD doesn't, then I suggest you submit an ITS to get one of the below APIs supported.
I assume that the unix socket API is slightly different.:
man unix
The LOCAL_CREDS option may be enabled on a SOCK_DGRAM or a SOCK_STREAM socket. This option provides a mechanism for the receiver to receive the credentials of the process as a recvmsg(2) control message. The msg_con- trol field in the msghdr structure points to a buffer that contains a cmsghdr structure followed by a variable length sockcred structure, defined in <sys/socket.h> as follows:
struct sockcred { uid_t sc_uid; /* real user id */ uid_t sc_euid; /* effective user id */ gid_t sc_gid; /* real group id */ gid_t sc_egid; /* effective group id */ int sc_ngroups; /* number of supplemental groups */ gid_t sc_groups[1]; /* variable length */ };
The LOCAL_PEEREID option may be used with getsockopt(2) to get the PID and effective user and group IDs of a SOCK_STREAM peer when it did connect(2) or bind(2). The returned structure is
struct unpcbid { pid_t unp_pid; /* process id */ uid_t unp_euid; /* effective user id */ gid_t unp_egid; /* effective group id */ }; as defined in <sys/un.h>.
The SOCKCREDSIZE() macro computes the size of the sockcred structure for a specified number of groups. The cmsghdr fields have the following val- ues:
cmsg_len = sizeof(struct cmsghdr) + SOCKCREDSIZE(ngroups) cmsg_level = SOL_SOCKET cmsg_type = SCM_CREDS