ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

qio: add support for SO_PEERCRED for socket channel 

The function qio_channel_get_peercred() returns a pointer to the
credentials of the peer process connected to this socket.

This credentials structure is defined in <sys/socket.h> as follows:

struct ucred {
	pid_t pid;    /* Process ID of the sending process */
	uid_t uid;    /* User ID of the sending process */
	gid_t gid;    /* Group ID of the sending process */
};

The use of this function is possible only for connected AF_UNIX stream
sockets and for AF_UNIX stream and datagram socket pairs.

On platform other than Linux, the function return 0.

Signed-off-by: Anthony Harivel <aharivel@redhat.com>
Link: https://lore.kernel.org/r/20240522153453.1230389-2-aharivel@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Anthony Harivel 2024-05-22 17:34:50 +02:00 committed by Paolo Bonzini
parent 13be929aff
commit 95fa0c79a0
3 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
include/io/channel.h
View File

@ -160,6 +160,9 @@ struct QIOChannelClass {
void *opaque); void *opaque);
int (*io_flush)(QIOChannel *ioc, int (*io_flush)(QIOChannel *ioc,
Error **errp); Error **errp);
int (*io_peerpid)(QIOChannel *ioc,
unsigned int *pid,
Error **errp);
}; };
/* General I/O handling functions */ /* General I/O handling functions */
@ -981,4 +984,22 @@ int coroutine_mixed_fn qio_channel_writev_full_all(QIOChannel *ioc,
int qio_channel_flush(QIOChannel *ioc, int qio_channel_flush(QIOChannel *ioc,
Error **errp); Error **errp);
/**
* qio_channel_get_peercred:
* @ioc: the channel object
* @pid: pointer to pid
* @errp: pointer to a NULL-initialized error object
*
* Returns the pid of the peer process connected to this socket.
*
* The use of this function is possible only for connected
* AF_UNIX stream sockets and for AF_UNIX stream and datagram
* socket pairs on Linux.
* Return -1 on error with pid -1 for the non-Linux OS.
*
*/
int qio_channel_get_peerpid(QIOChannel *ioc,
unsigned int *pid,
Error **errp);
#endif /* QIO_CHANNEL_H */ #endif /* QIO_CHANNEL_H */

28
io/channel-socket.c
View File

@ -841,6 +841,33 @@ qio_channel_socket_set_cork(QIOChannel *ioc,
socket_set_cork(sioc->fd, v); socket_set_cork(sioc->fd, v);
} }
static int
qio_channel_socket_get_peerpid(QIOChannel *ioc,
unsigned int *pid,
Error **errp)
{
#ifdef CONFIG_LINUX
QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
Error *err = NULL;
socklen_t len = sizeof(struct ucred);
struct ucred cred;
if (getsockopt(sioc->fd,
SOL_SOCKET, SO_PEERCRED,
&cred, &len) == -1) {
error_setg_errno(&err, errno, "Unable to get peer credentials");
error_propagate(errp, err);
*pid = -1;
return -1;
}
*pid = (unsigned int)cred.pid;
return 0;
#else
error_setg(errp, "Unsupported feature");
*pid = -1;
return -1;
#endif
}
static int static int
qio_channel_socket_close(QIOChannel *ioc, qio_channel_socket_close(QIOChannel *ioc,
@ -938,6 +965,7 @@ static void qio_channel_socket_class_init(ObjectClass *klass,
#ifdef QEMU_MSG_ZEROCOPY #ifdef QEMU_MSG_ZEROCOPY
ioc_klass->io_flush = qio_channel_socket_flush; ioc_klass->io_flush = qio_channel_socket_flush;
#endif #endif
ioc_klass->io_peerpid = qio_channel_socket_get_peerpid;
} }
static const TypeInfo qio_channel_socket_info = { static const TypeInfo qio_channel_socket_info = {

13
io/channel.c
View File

@ -548,6 +548,19 @@ void qio_channel_set_cork(QIOChannel *ioc,
} }
} }
int qio_channel_get_peerpid(QIOChannel *ioc,
unsigned int *pid,
Error **errp)
{
QIOChannelClass *klass = QIO_CHANNEL_GET_CLASS(ioc);
if (!klass->io_peerpid) {
error_setg(errp, "Channel does not support peer pid");
return -1;
}
klass->io_peerpid(ioc, pid, errp);
return 0;
}
off_t qio_channel_io_seek(QIOChannel *ioc, off_t qio_channel_io_seek(QIOChannel *ioc,
off_t offset, off_t offset,