How can I pass user credentials through a Unix-domain socket on Mac OS X?

Question

Under many operating systems Unix-domain sockets allow a process to reliably pass its credentials to another process in a way that can't be maliciously subverted. For instance, this is done on Linux through the SO_PASSCRED and SO_PEERCRED options, on FreeBSD by passing messages that include the cmsgcred structure, and on NetBSD by setting the LOCAL_CREDS option. However, I haven't been able to find a way to perform this operation under Mac OS X. The corresponding header (socket.h) seems to have the functionality disabled for Apple's build.

#if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE)
#ifndef __APPLE__
// ...
struct cmsgcred {

Any idea of another Mac OS X facility that can accomplish the same result?

Answer 1

I haven't ever worked with it, but I think you're looking for LOCAL_PEERCRED. ( see man unix)

*You can confirm the identity of the program at the other end of the socket using the LOCAL_PEERCRED socket option, introduced in Mac OS X 10.4.*

See Technical Note TN2083. Daemons and Agents

Answer 2

Even better, thanks to the accepted answer, I found that getpeereid(), directly returns the required data.