Also retrieve GID from SO_PEERCRED

* daemon/remote.c, src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h, src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add gid parameter

Also retrieve GID from SO_PEERCRED
* daemon/remote.c, src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h, src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add gid parameter
59cf0398 · Daniel P. Berrange · 4c82f09e · 59cf0398 · 59cf0398 · 59cf0398
5 changed file
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2030,6 +2030,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
    int rv = -1;
    int auth = virNetServerClientGetAuth(client);
    uid_t callerUid;
+    gid_t callerGid;
    pid_t callerPid;

    /* If the client is root then we want to bypass the
@@ -2037,7 +2038,7 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
     * some piece of polkit isn't present/running
     */
    if (auth == VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
-        if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
+        if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
            /* Don't do anything on error - it'll be validated at next
             * phase of auth anyway */
            virResetLastError();
@@ -2463,6 +2464,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
                         remote_auth_polkit_ret *ret)
 {
    pid_t callerPid = -1;
+    gid_t callerGid = -1;
    uid_t callerUid = -1;
    const char *action;
    int status = -1;
@@ -2493,7 +2495,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
        goto authfail;
    }

-    if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
+    if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
        goto authfail;
    }

@@ -2563,6 +2565,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
                         remote_auth_polkit_ret *ret)
 {
    pid_t callerPid;
+    gid_t callerGid;
    uid_t callerUid;
    PolKitCaller *pkcaller = NULL;
    PolKitAction *pkaction = NULL;
@@ -2590,7 +2593,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
        goto authfail;
    }

-    if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerPid) < 0) {
+    if (virNetServerClientGetLocalIdentity(client, &callerUid, &callerGid, &callerPid) < 0) {
        VIR_ERROR(_("cannot get peer socket identity"));
        goto authfail;
    }

--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -448,12 +448,12 @@ int virNetServerClientGetFD(virNetServerClientPtr client)
 }

 int virNetServerClientGetLocalIdentity(virNetServerClientPtr client,
-                                       uid_t *uid, pid_t *pid)
+                                       uid_t *uid, gid_t *gid, pid_t *pid)
 {
    int ret = -1;
    virNetServerClientLock(client);
    if (client->sock)
-        ret = virNetSocketGetLocalIdentity(client->sock, uid, pid);
+        ret = virNetSocketGetLocalIdentity(client->sock, uid, gid, pid);
    virNetServerClientUnlock(client);
    return ret;
 }

--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@@ -71,7 +71,7 @@ int virNetServerClientSetIdentity(virNetServerClientPtr client,
 const char *virNetServerClientGetIdentity(virNetServerClientPtr client);

 int virNetServerClientGetLocalIdentity(virNetServerClientPtr client,
-                                       uid_t *uid, pid_t *pid);
+                                       uid_t *uid, gid_t *gid, pid_t *pid);

 void virNetServerClientRef(virNetServerClientPtr client);


--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -826,6 +826,7 @@ int virNetSocketGetPort(virNetSocketPtr sock)
 #ifdef SO_PEERCRED
 int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
                                 uid_t *uid,
+                                 gid_t *gid,
                                 pid_t *pid)
 {
    struct ucred cr;
@@ -841,6 +842,7 @@ int virNetSocketGetLocalIdentity(virNetSocketPtr sock,

    *pid = cr.pid;
    *uid = cr.uid;
+    *gid = cr.gid;

    virMutexUnlock(&sock->lock);
    return 0;
@@ -848,6 +850,7 @@ int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
 #else
 int virNetSocketGetLocalIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
                                 uid_t *uid ATTRIBUTE_UNUSED,
+                                 gid_t *gid ATTRIBUTE_UNUSED,
                                 pid_t *pid ATTRIBUTE_UNUSED)
 {
    /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/

--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -88,6 +88,7 @@ int virNetSocketGetPort(virNetSocketPtr sock);

 int virNetSocketGetLocalIdentity(virNetSocketPtr sock,
                                 uid_t *uid,
+                                 gid_t *gid,
                                 pid_t *pid);

 int virNetSocketSetBlocking(virNetSocketPtr sock,