[libvirt] [PATCH 1/4] Also retrieve GID from SO_PEERCRED
Daniel P. Berrange
berrange at redhat.com
Thu Jan 19 13:51:19 UTC 2012
From: "Daniel P. Berrange" <berrange at redhat.com>
* daemon/remote.c, src/rpc/virnetserverclient.c,
src/rpc/virnetserverclient.h, src/rpc/virnetsocket.c,
src/rpc/virnetsocket.h: Add gid parameter
---
daemon/remote.c | 9 ++++++---
src/rpc/virnetserverclient.c | 4 ++--
src/rpc/virnetserverclient.h | 2 +-
src/rpc/virnetsocket.c | 3 +++
src/rpc/virnetsocket.h | 1 +
5 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index a28a754..80a2c1f 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2030,6 +2030,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
int rv = -1;
int auth = virNetServerClientGetAuth(client);
uid_t callerUid;
+ gid_t callerGid;
pid_t callerPid;
/* If the client is root then we want to bypass the
@@ -2037,7 +2038,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
* some piece of polkit isn't present/running
*/
if (auth == VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
- if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
+ if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
/* Don't do anything on error - it'll be validated at next
* phase of auth anyway */
virResetLastError();
@@ -2463,6 +2464,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
remote_auth_polkit_ret *ret)
{
pid_t callerPid = -1;
+ gid_t callerGid = -1;
uid_t callerUid = -1;
const char *action;
int status = -1;
@@ -2493,7 +2495,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
goto authfail;
}
- if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
+ if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
goto authfail;
}
@@ -2563,6 +2565,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
remote_auth_polkit_ret *ret)
{
pid_t callerPid;
+ gid_t callerGid;
uid_t callerUid;
PolKitCaller *pkcaller = NULL;
PolKitAction *pkaction = NULL;
@@ -2590,7 +2593,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
goto authfail;
}
- if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
+ if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
VIR_ERROR(_("cannot get peer socket identity"));
goto authfail;
}
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index cb07dd9..ed08e40 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -448,12 +448,12 @@ int virNetServerClientGetFD(virNetServerClientPtr client)
}
int virNetServerClientGetLocalIdentity(virNetServerClientPtr client,
- uid_t *uid, pid_t *pid)
+ uid_t *uid, gid_t *gid, pid_t *pid)
{
int ret = -1;
virNetServerClientLock(client);
if (client->sock)
- ret = virNetSocketGetLocalIdentity(client->sock, uid, pid);
+ ret = virNetSocketGetLocalIdentity(client->sock, uid, gid, pid);
virNetServerClientUnlock(client);
return ret;
}
diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h
index a201dca..2dd01c5 100644
--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@@ -71,7 +71,7 @@ int virNetServerClientSetIdentity(virNetServerClientPtr client,
const char *virNetServerClientGetIdentity(virNetServerClientPtr client);
int virNetServerClientGetLocalIdentity(virNetServerClientPtr client,
- uid_t *uid, pid_t *pid);
+ uid_t *uid, gid_t *gid, pid_t *pid);
void virNetServerClientRef(virNetServerClientPtr client);
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index af4fc5e..8178ac3 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -826,6 +826,7 @@ int virNetSocketGetPort(virNetSocketPtr sock)
#ifdef SO_PEERCRED
int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
uid_t *uid,
+ gid_t *gid,
pid_t *pid)
{
struct ucred cr;
@@ -841,6 +842,7 @@ int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
*pid = cr.pid;
*uid = cr.uid;
+ *gid = cr.gid;
virMutexUnlock(&sock->lock);
return 0;
@@ -848,6 +850,7 @@ int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
#else
int virNetSocketGetLocalIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
uid_t *uid ATTRIBUTE_UNUSED,
+ gid_t *gid ATTRIBUTE_UNUSED,
pid_t *pid ATTRIBUTE_UNUSED)
{
/* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index ef9baa8..c2a040f 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -88,6 +88,7 @@ int virNetSocketGetPort(virNetSocketPtr sock);
int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
uid_t *uid,
+ gid_t *gid,
pid_t *pid);
int virNetSocketSetBlocking(virNetSocketPtr sock,
--
1.7.7.5
More information about the libvir-list
mailing list