| blob | c4971d75987fbac010c71e80483c95291774df84 |
1 This patch provides Python ucred support.
3 diff --git Python-2.6.4/Modules/ucred.c Python-2.6.4/Modules/ucred.c
4 new file mode 100644
5 --- /dev/null
6 +++ Python-2.6.4/Modules/ucred.c
7 @@ -0,0 +1,390 @@
8 +/*
9 + * Permission is hereby granted, free of charge, to any person obtaining a copy
10 + * of this software and associated documentation files (the "Software"), to
11 + * deal in the Software without restriction, including without limitation the
12 + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
13 + * sell copies of the Software, and to permit persons to whom the Software is
14 + * furnished to do so, subject to the following conditions:
15 + *
16 + * The above copyright notice and this permission notice shall be included in
17 + * all copies or substantial portions of the Software.
18 + *
19 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20 + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21 + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22 + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23 + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24 + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
25 + * DEALINGS IN THE SOFTWARE.
26 + *
27 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
28 + */
29 +
30 +#include <Python.h>
31 +
32 +#include <stdio.h>
33 +#include <priv.h>
34 +#include <ucred.h>
35 +#include <ctype.h>
36 +#include <tsol/label.h>
37 +
38 +typedef struct {
39 + PyObject_HEAD
40 + ucred_t *ucred;
41 +} pyucred_t;
42 +
43 +#define pyucred_getlongid(name, type) \
44 + static PyObject * \
45 + pyucred_get##name(pyucred_t *uc) \
46 + { \
47 + type val; \
48 + \
49 + if (uc->ucred == NULL) { \
50 + errno = EINVAL; \
51 + PyErr_SetFromErrno(PyExc_OSError); \
52 + return (NULL); \
53 + } \
54 + \
55 + if ((val = ucred_get##name(uc->ucred)) == -1) { \
56 + PyErr_SetFromErrno(PyExc_OSError); \
57 + return (NULL); \
58 + } \
59 + \
60 + return (Py_BuildValue("l", (long)val)); \
61 + }
62 +
63 +pyucred_getlongid(euid, uid_t)
64 +pyucred_getlongid(ruid, uid_t)
65 +pyucred_getlongid(suid, uid_t)
66 +pyucred_getlongid(egid, gid_t)
67 +pyucred_getlongid(rgid, gid_t)
68 +pyucred_getlongid(sgid, gid_t)
69 +pyucred_getlongid(pid, pid_t)
70 +pyucred_getlongid(projid, projid_t)
71 +pyucred_getlongid(zoneid, zoneid_t)
72 +
73 +static PyObject *
74 +pyucred_getgroups(pyucred_t *uc)
75 +{
76 + const gid_t *groups;
77 + PyObject *list;
78 + int len;
79 + int i;
80 +
81 + if (uc->ucred == NULL) {
82 + errno = EINVAL;
83 + PyErr_SetFromErrno(PyExc_OSError);
84 + return (NULL);
85 + }
86 +
87 + if ((len = ucred_getgroups(uc->ucred, &groups)) == -1) {
88 + PyErr_SetFromErrno(PyExc_OSError);
89 + return (NULL);
90 + }
91 +
92 + if ((list = PyList_New(len)) == NULL)
93 + return (NULL);
94 +
95 + for (i = 0; i < len; i++) {
96 + PyObject *gid = Py_BuildValue("l", (long)groups[i]);
97 + if (PyList_SetItem(list, i, gid) == -1)
98 + return (NULL);
99 + }
100 +
101 + return (list);
102 +}
103 +
104 +static PyObject *
105 +pyucred_getlabel(pyucred_t *uc)
106 +{
107 + m_label_t *label;
108 + PyObject *ret;
109 + char *str;
110 +
111 + if (uc->ucred == NULL) {
112 + errno = EINVAL;
113 + PyErr_SetFromErrno(PyExc_OSError);
114 + return (NULL);
115 + }
116 +
117 + label = ucred_getlabel(uc->ucred);
118 + if (label == NULL)
119 + return (Py_BuildValue("s", ""));
120 +
121 + if (label_to_str(label, &str, M_LABEL, DEF_NAMES) == -1) {
122 + PyErr_SetFromErrno(PyExc_OSError);
123 + return (NULL);
124 + }
125 +
126 + ret = Py_BuildValue("s", str);
127 + free(str);
128 + return (ret);
129 +}
130 +
131 +static PyObject *
132 +pyucred_getpflags(pyucred_t *uc, PyObject *args, PyObject *kwargs)
133 +{
134 + static char *kwlist[] = { "flags", NULL };
135 + uint_t flags;
136 +
137 + if (uc->ucred == NULL) {
138 + errno = EINVAL;
139 + PyErr_SetFromErrno(PyExc_OSError);
140 + return (NULL);
141 + }
142 +
143 + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i", kwlist,
144 + &flags))
145 + return (NULL);
146 +
147 + if ((flags = ucred_getpflags(uc->ucred, flags)) == (uint_t)-1) {
148 + PyErr_SetFromErrno(PyExc_OSError);
149 + return (NULL);
150 + }
151 +
152 + return (Py_BuildValue("i", flags));
153 +}
154 +
155 +static PyObject *
156 +pyucred_has_priv(pyucred_t *uc, PyObject *args, PyObject *kwargs)
157 +{
158 + static char *kwlist[] = { "set", "priv", NULL };
159 + const priv_set_t *privs;
160 + const char *set;
161 + const char *priv;
162 +
163 + if (uc->ucred == NULL) {
164 + errno = EINVAL;
165 + PyErr_SetFromErrno(PyExc_OSError);
166 + return (NULL);
167 + }
168 +
169 + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ss", kwlist,
170 + &set, &priv))
171 + return (NULL);
172 +
173 + if ((privs = ucred_getprivset(uc->ucred, set)) == NULL) {
174 + PyErr_SetFromErrno(PyExc_OSError);
175 + return (NULL);
176 + }
177 +
178 + if (priv_ismember(privs, priv)) {
179 + Py_INCREF(Py_True);
180 + return Py_True;
181 + }
182 +
183 + Py_INCREF(Py_False);
184 + return Py_False;
185 +}
186 +
187 +PyDoc_STRVAR(pyucred_getlabel_doc,
188 + "getlabel() -> string\n"
189 + "\n"
190 + "Return the Trusted Extensions label string, or an "
191 + "empty string if not available. The label string is "
192 + "converted using the default name and M_LABEL (human-readable). "
193 + "Raises OSError. See label_to_str(3TSOL).");
194 +PyDoc_STRVAR(pyucred_getpflags_doc,
195 + "getpflags(flags) -> int\n"
196 + "\n"
197 + "Return the values of the specified privilege flags.");
198 +PyDoc_STRVAR(pyucred_has_priv_doc,
199 + "has_priv(set, priv) -> bool\n"
200 + "\n"
201 + "Return true if the given privilege is set in the "
202 + "specified set. Raises OSError if the set or privilege is "
203 + "invalid, or a problem occurs.\n"
204 + "\n"
205 + "Currently, the following privilege sets are defined, as "
206 + "described in privileges(5):\n"
207 + "\n"
208 + "Effective\n"
209 + "Permitted\n"
210 + "Inheritable\n"
211 + "Limit\n");
212 +
213 +static PyMethodDef pyucred_methods[] = {
214 + { "geteuid", (PyCFunction)pyucred_geteuid, METH_NOARGS,
215 + "Return the effective user ID." },
216 + { "getruid", (PyCFunction)pyucred_getruid, METH_NOARGS,
217 + "Return the real user ID." },
218 + { "getsuid", (PyCFunction)pyucred_getsuid, METH_NOARGS,
219 + "Return the saved user ID." },
220 + { "getegid", (PyCFunction)pyucred_getegid, METH_NOARGS,
221 + "Return the effective group ID." },
222 + { "getrgid", (PyCFunction)pyucred_getrgid, METH_NOARGS,
223 + "Return the real group ID." },
224 + { "getsgid", (PyCFunction)pyucred_getsgid, METH_NOARGS,
225 + "Return the saved group ID." },
226 + { "getpid", (PyCFunction)pyucred_getpid, METH_NOARGS,
227 + "Return the effective user ID." },
228 + { "getprojid", (PyCFunction)pyucred_getprojid, METH_NOARGS,
229 + "Return the project ID." },
230 + { "getzoneid", (PyCFunction)pyucred_getzoneid, METH_NOARGS,
231 + "Return the zone ID." },
232 + { "getgroups", (PyCFunction)pyucred_getgroups, METH_NOARGS,
233 + "Return a list of group IDs." },
234 + { "getlabel", (PyCFunction)pyucred_getlabel, METH_NOARGS,
235 + pyucred_getlabel_doc },
236 + { "getpflags", (PyCFunction)pyucred_getpflags,
237 + METH_VARARGS|METH_KEYWORDS, pyucred_getpflags_doc },
238 + { "has_priv", (PyCFunction)pyucred_has_priv,
239 + METH_VARARGS|METH_KEYWORDS, pyucred_has_priv_doc },
240 + { NULL }
241 +};
242 +
243 +static int
244 +pyucred_init(PyObject *self, PyObject *args, PyObject *kwargs)
245 +{
246 + pyucred_t *uc = (pyucred_t *)self;
247 + uc->ucred = NULL;
248 + return (0);
249 +}
250 +
251 +static void
252 +pyucred_dealloc(PyObject *self)
253 +{
254 + pyucred_t *uc = (pyucred_t *)self;
255 + if (uc->ucred != NULL)
256 + ucred_free(uc->ucred);
257 + self->ob_type->tp_free(self);
258 +}
259 +
260 +static PyTypeObject pyucred_type = {
261 + PyObject_HEAD_INIT(NULL)
262 + 0, /*ob_size*/
263 + "ucred.ucred", /*tp_name*/
264 + sizeof (pyucred_t), /*tp_basicsize*/
265 + 0, /*tp_itemsize*/
266 + pyucred_dealloc, /*tp_dealloc*/
267 + 0, /*tp_print*/
268 + 0, /*tp_getattr*/
269 + 0, /*tp_setattr*/
270 + 0, /*tp_compare*/
271 + 0, /*tp_repr*/
272 + 0, /*tp_as_number*/
273 + 0, /*tp_as_sequence*/
274 + 0, /*tp_as_mapping*/
275 + 0, /*tp_hash */
276 + 0, /*tp_call*/
277 + 0, /*tp_str*/
278 + 0, /*tp_getattro*/
279 + 0, /*tp_setattro*/
280 + 0, /*tp_as_buffer*/
281 + Py_TPFLAGS_DEFAULT, /*tp_flags*/
282 + "user credentials", /*tp_doc */
283 + 0, /* tp_traverse */
284 + 0, /* tp_clear */
285 + 0, /* tp_richcompare */
286 + 0, /* tp_weaklistoffset */
287 + 0, /* tp_iter */
288 + 0, /* tp_iternext */
289 + pyucred_methods, /* tp_methods */
290 + 0, /* tp_members */
291 + 0, /* tp_getset */
292 + 0, /* tp_base */
293 + 0, /* tp_dict */
294 + 0, /* tp_descr_get */
295 + 0, /* tp_descr_set */
296 + 0, /* tp_dictoffset */
297 + (initproc)pyucred_init, /* tp_init */
298 + 0, /* tp_alloc */
299 + 0, /* tp_new */
300 +};
301 +
302 +static PyObject *
303 +pyucred_new(const ucred_t *uc)
304 +{
305 + pyucred_t *self;
306 +
307 + self = (pyucred_t *)PyObject_CallObject((PyObject *)&pyucred_type, NULL);
308 +
309 + if (self == NULL)
310 + return (NULL);
311 +
312 + self->ucred = (ucred_t *)uc;
313 +
314 + return ((PyObject *)self);
315 +}
316 +
317 +static PyObject *
318 +pyucred_get(PyObject *o, PyObject *args, PyObject *kwargs)
319 +{
320 + static char *kwlist[] = { "pid", NULL };
321 + ucred_t *ucred = NULL;
322 + int pid;
323 +
324 + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i", kwlist,
325 + &pid))
326 + return (NULL);
327 +
328 + ucred = ucred_get(pid);
329 +
330 + if (ucred == NULL) {
331 + PyErr_SetFromErrno(PyExc_OSError);
332 + return (NULL);
333 + }
334 +
335 + return (pyucred_new(ucred));
336 +}
337 +
338 +static PyObject *
339 +pyucred_getpeer(PyObject *o, PyObject *args, PyObject *kwargs)
340 +{
341 + static char *kwlist[] = { "fd", NULL };
342 + ucred_t *ucred = NULL;
343 + int fd;
344 +
345 + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i", kwlist,
346 + &fd))
347 + return (NULL);
348 +
349 + if (getpeerucred(fd, &ucred) == -1) {
350 + PyErr_SetFromErrno(PyExc_OSError);
351 + return (NULL);
352 + }
353 +
354 + return (pyucred_new(ucred));
355 +}
356 +
357 +PyDoc_STRVAR(pyucred_get_doc,
358 + "get(pid) -> ucred\n"
359 + "\n"
360 + "Return the credentials of the specified process ID. "
361 + "Raises OSError. See ucred_get(3C).");
362 +PyDoc_STRVAR(pyucred_getpeer_doc,
363 + "getpeer(fd) -> ucred\n"
364 + "\n"
365 + "Return the credentials of the peer endpoint of a "
366 + "connection-oriented socket (SOCK_STREAM) or STREAM fd "
367 + "at the time the endpoint was created or the connection "
368 + "was established. Raises OSError. See getpeerucred(3C).");
369 +
370 +static struct PyMethodDef pyucred_module_methods[] = {
371 + { "get", (PyCFunction) pyucred_get,
372 + METH_VARARGS|METH_KEYWORDS, pyucred_get_doc },
373 + { "getpeer", (PyCFunction) pyucred_getpeer,
374 + METH_VARARGS|METH_KEYWORDS, pyucred_getpeer_doc },
375 + { NULL, NULL, 0, NULL }
376 +};
377 +
378 +PyDoc_STRVAR(pyucred_module_doc,
379 + "This module provides an interface to the user credential access "
380 + "methods, obtainable either by process ID or file descriptor.");
381 +
382 +PyMODINIT_FUNC
383 +initucred(void)
384 +{
385 + PyObject *m;
386 +
387 + m = Py_InitModule3("ucred", pyucred_module_methods,
388 + pyucred_module_doc);
389 +
390 + pyucred_type.tp_new = PyType_GenericNew;
391 + if (PyType_Ready(&pyucred_type) < 0)
392 + return;
393 +
394 + Py_INCREF(&pyucred_type);
395 +
396 + PyModule_AddObject(m, "ucred", (PyObject *)&pyucred_type);
397 +}
398 --- Python-2.7.6/setup.py.~2~ 2014-05-14 13:07:52.803164982 -0700
399 +++ Python-2.7.6/setup.py 2014-05-14 13:07:52.917214713 -0700
400 @@ -1536,6 +1536,13 @@
401 else:
402 missing.append('dl')
404 + # ucred module (Solaris)
405 + ucred_inc = find_file('ucred.h', [], inc_dirs)
406 + tsol_inc = find_file('tsol/label.h', [], inc_dirs)
407 + if ucred_inc is not None and tsol_inc is not None:
408 + exts.append( Extension('ucred', ['ucred.c'],
409 + libraries = ['tsol']) )
410 +
411 # Thomas Heller's _ctypes module
412 self.detect_ctypes(inc_dirs, lib_dirs)
414 --- /dev/null 2011-02-12 03:14:16.000000000 -0600
415 +++ Python-2.6.4/Lib/test/ucredtest.py 2011-01-20 13:52:42.945657919 -0600
416 @@ -0,0 +1,45 @@
417 +#!/usr/bin/python2.7
418 +
419 +import ucred
420 +import os
421 +
422 +uc = ucred.get(os.getpid())
423 +
424 +print "pid = %d" % uc.getpid()
425 +print "euid = %d" % uc.geteuid()
426 +print "ruid = %d" % uc.getruid()
427 +print "suid = %d" % uc.getsuid()
428 +print "egid = %d" % uc.getegid()
429 +print "rgid = %d" % uc.getrgid()
430 +print "sgid = %d" % uc.getsgid()
431 +print "zoneid = %d" % uc.getzoneid()
432 +print "projid = %d" % uc.getprojid()
433 +print "groups = %s" % uc.getgroups()
434 +print "label = %s" % uc.getlabel()
435 +
436 +print "getpflags(0x1) = %d" % uc.getpflags(0x1)
437 +print "getpflags(0x2) = %d" % uc.getpflags(0x2)
438 +print "has_priv(Effective, proc_fork) = %d" % uc.has_priv("Effective", "proc_fork")
439 +print "has_priv(Permitted, proc_fork) = %d" % uc.has_priv("Permitted", "proc_fork")
440 +print "has_priv(Inheritable, proc_fork) = %d" % uc.has_priv("Inheritable", "proc_fork")
441 +print "has_priv(Limit, file_setid) = %d" % uc.has_priv("Limit", "file_setid")
442 +print "has_priv(Effective, file_setid) = %d" % uc.has_priv("Effective", "file_setid")
443 +try:
444 + uc.has_priv("Effective", "proc_bork")
445 +except OSError, e:
446 + print e
447 +try:
448 + uc.has_priv("Defective", "proc_fork")
449 +except OSError, e:
450 + print e
451 +try:
452 + uc.has_priv("Defective", "proc_bork")
453 +except OSError, e:
454 + print e
455 +
456 +del uc
457 +uc = ucred.ucred()
458 +try:
459 + uc.getpid()
460 +except OSError, e:
461 + print e