[Libguestfs] [PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.

Eric Blake eblake at redhat.com
Mon Oct 5 13:21:50 UTC 2020 

On 10/3/20 1:50 PM, Richard W.M. Jones wrote:
> New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be
> used on Linux (only) to read the peer PID, UID and GID from clients
> connected over a Unix domain socket.  This can be used in the
> preconnect phase to add additional filtering.
> 
> One use for this is to add an extra layer of authentication for local
> connections.  A subsequent commit will enhance the now misnamed
> nbdkit-ip-filter to allow filtering on these extra fields.
> 
> It appears as if it would be possible to implement this for FreeBSD
> too (see comment in code).
> ---
>  docs/nbdkit-plugin.pod  |  47 +++++++++++++++--
>  include/nbdkit-common.h |   3 ++
>  server/nbdkit.syms      |   3 ++
>  server/public.c         | 108 ++++++++++++++++++++++++++++++++++++++++
>  4 files changed, 156 insertions(+), 5 deletions(-)
> 

> +=head2 C<nbdkit_peer_pid>
> +
> +(nbdkit E<ge> 1.24)
> +
> + int nbdkit_peer_pid (void);
> +
> +Return the peer process ID.  This is only available when the client
> +connected over a Unix domain socket, and only works for Linux.
> +
> +On success this returns the peer process ID.  On error,
> +C<nbdkit_error> is called and this call returns C<-1>.

Is int always going to be sufficient?  Or are there platforms with
64-bit pid_t?  Mingw is an interesting beast; I've seen conflicting
stories on whether 64-bit windows has 32- or 64-bit pids (the spawn APIs
manage 64-bit handles, but other windows APIs return 32-bit int), so
64-bit pid_t on mingw does seem to be a real concern.

> +
> +=head2 C<nbdkit_peer_uid>
> +
> +(nbdkit E<ge> 1.24)
> +
> + int nbdkit_peer_uid (void);
> +
> +Return the peer user ID.  This is only available when the client
> +connected over a Unix domain socket, and only works for Linux.
> +
> +On success this returns the user ID.  On error, C<nbdkit_error> is
> +called and this call returns C<-1>.
> +
> +=head2 C<nbdkit_peer_gid>
> +
> +(nbdkit E<ge> 1.24)
> +
> + int nbdkit_peer_gid (void);

int for these two is probably fine.

> +
> +Return the peer group ID.  This is only available when the client
> +connected over a Unix domain socket, and only works for Linux.
> +
> +On success this returns the user ID.  On error, C<nbdkit_error> is
> +called and this call returns C<-1>.
> +
>  =head1 DEBUGGING
>  

> +static int
> +get_peercred (int s, int *pid, int *uid, int *gid)
> +{
> +  struct ucred ucred;
> +  socklen_t n = sizeof ucred;
> +
> +  if (getsockopt (s, SOL_SOCKET, SO_PEERCRED, &ucred, &n) == -1) {
> +    nbdkit_error ("getsockopt: SO_PEERCRED: %m");
> +    return -1;
> +  }
> +
> +  if (pid && ucred.pid >= 1) {
> +    if (ucred.pid <= INT_MAX)
> +      *pid = ucred.pid;
> +    else
> +      nbdkit_error ("pid out of range: cannot be mapped to int");
> +  }

well, at least you are acknowledging that int might not always map to pid_t.

Otherwise, looks fine to me.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20201005/fcbfc383/attachment.sig>

More information about the Libguestfs mailing list