ra-rpc: add Unix peer cred to RemoteEndpoint::Unix

kvinwang · kvinwang · commit 9641daca29f3 · 2026-04-01T10:59:02.000Z
diff --git a/ra-rpc/src/lib.rs b/ra-rpc/src/lib.rs
@@ -22,11 +22,24 @@ pub mod client;
 #[cfg(feature = "openapi")]
 pub mod openapi;
 
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct UnixPeerCred {
+    /// Peer process ID (platform-independent representation)
+    pub pid: u64,
+    /// Peer user ID
+    pub uid: u64,
+    /// Peer group ID
+    pub gid: u64,
+}
+
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum RemoteEndpoint {
     Tcp(SocketAddr),
     Quic(SocketAddr),
-    Unix(PathBuf),
+    /// Unix domain socket endpoint.
+    ///
+    /// When available, `peer` can carry SO_PEERCRED (pid/uid/gid) of the caller.
+    Unix { path: PathBuf, peer: Option<UnixPeerCred> },
     Vsock { cid: u32, port: u32 },
     Other(String),
 }
diff --git a/ra-rpc/src/rocket_helper.rs b/ra-rpc/src/rocket_helper.rs
@@ -5,7 +5,7 @@
 use std::convert::Infallible;
 
 #[cfg(all(feature = "rocket", feature = "openapi"))]
-use crate::openapi::{OpenApiDoc, RenderedDoc};
+    use crate::openapi::{OpenApiDoc, RenderedDoc};
 #[cfg(all(feature = "rocket", feature = "openapi"))]
 use rocket::response::content::{RawHtml, RawJson};
 #[cfg(all(feature = "rocket", feature = "openapi"))]
@@ -265,7 +265,10 @@ impl From<Endpoint> for RemoteEndpoint {
         match endpoint {
             Endpoint::Tcp(addr) => RemoteEndpoint::Tcp(addr),
             Endpoint::Quic(addr) => RemoteEndpoint::Quic(addr),
-            Endpoint::Unix(path) => RemoteEndpoint::Unix(path),
+            Endpoint::Unix(path) => RemoteEndpoint::Unix {
+                path,
+                peer: None,
+            },
             _ => {
                 let address = endpoint.to_string();
                 match address.parse::<VsockEndpoint>() {
