1 This patch provides Python ucred support. It may be contributed upstream at
2 some point, but the suitability (or lack thereof) has not yet been determined.
4 diff --git Python-2.6.4/Modules/ucred.c Python-2.6.4/Modules/ucred.c
6 --- Python-3.9.1/Modules/ucred.c
7 +++ Python-3.9.1/Modules/ucred.c
10 + * Permission is hereby granted, free of charge, to any person obtaining a copy
11 + * of this software and associated documentation files (the "Software"), to
12 + * deal in the Software without restriction, including without limitation the
13 + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
14 + * sell copies of the Software, and to permit persons to whom the Software is
15 + * furnished to do so, subject to the following conditions:
17 + * The above copyright notice and this permission notice shall be included in
18 + * all copies or substantial portions of the Software.
20 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23 + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
25 + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
26 + * DEALINGS IN THE SOFTWARE.
28 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
37 +#include <tsol/label.h>
44 +#define pyucred_getlongid(name, type) \
46 + pyucred_get##name(pyucred_t *uc) \
50 + if (uc->ucred == NULL) { \
52 + PyErr_SetFromErrno(PyExc_OSError); \
56 + if ((val = ucred_get##name(uc->ucred)) == -1) { \
57 + PyErr_SetFromErrno(PyExc_OSError); \
61 + return (Py_BuildValue("l", (long)val)); \
64 +pyucred_getlongid(euid, uid_t)
65 +pyucred_getlongid(ruid, uid_t)
66 +pyucred_getlongid(suid, uid_t)
67 +pyucred_getlongid(egid, gid_t)
68 +pyucred_getlongid(rgid, gid_t)
69 +pyucred_getlongid(sgid, gid_t)
70 +pyucred_getlongid(pid, pid_t)
71 +pyucred_getlongid(projid, projid_t)
72 +pyucred_getlongid(zoneid, zoneid_t)
75 +pyucred_getgroups(pyucred_t *uc)
77 + const gid_t *groups;
82 + if (uc->ucred == NULL) {
84 + PyErr_SetFromErrno(PyExc_OSError);
88 + if ((len = ucred_getgroups(uc->ucred, &groups)) == -1) {
89 + PyErr_SetFromErrno(PyExc_OSError);
93 + if ((list = PyList_New(len)) == NULL)
96 + for (i = 0; i < len; i++) {
97 + PyObject *gid = Py_BuildValue("l", (long)groups[i]);
98 + if (PyList_SetItem(list, i, gid) == -1)
106 +pyucred_getlabel(pyucred_t *uc)
112 + if (uc->ucred == NULL) {
114 + PyErr_SetFromErrno(PyExc_OSError);
118 + label = ucred_getlabel(uc->ucred);
120 + return (Py_BuildValue("s", ""));
122 + if (label_to_str(label, &str, M_LABEL, DEF_NAMES) == -1) {
123 + PyErr_SetFromErrno(PyExc_OSError);
127 + ret = Py_BuildValue("s", str);
133 +pyucred_getpflags(pyucred_t *uc, PyObject *args, PyObject *kwargs)
135 + static char *kwlist[] = { "flags", NULL };
138 + if (uc->ucred == NULL) {
140 + PyErr_SetFromErrno(PyExc_OSError);
144 + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i", kwlist,
148 + if ((flags = ucred_getpflags(uc->ucred, flags)) == (uint_t)-1) {
149 + PyErr_SetFromErrno(PyExc_OSError);
153 + return (Py_BuildValue("i", flags));
157 +pyucred_has_priv(pyucred_t *uc, PyObject *args, PyObject *kwargs)
159 + static char *kwlist[] = { "set", "priv", NULL };
160 + const priv_set_t *privs;
164 + if (uc->ucred == NULL) {
166 + PyErr_SetFromErrno(PyExc_OSError);
170 + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "ss", kwlist,
174 + if ((privs = ucred_getprivset(uc->ucred, set)) == NULL) {
175 + PyErr_SetFromErrno(PyExc_OSError);
179 + if (priv_ismember(privs, priv)) {
180 + Py_INCREF(Py_True);
184 + Py_INCREF(Py_False);
188 +PyDoc_STRVAR(pyucred_getlabel_doc,
189 + "getlabel() -> string\n"
191 + "Return the Trusted Extensions label string, or an "
192 + "empty string if not available. The label string is "
193 + "converted using the default name and M_LABEL (human-readable). "
194 + "Raises OSError. See label_to_str(3TSOL).");
195 +PyDoc_STRVAR(pyucred_getpflags_doc,
196 + "getpflags(flags) -> int\n"
198 + "Return the values of the specified privilege flags.");
199 +PyDoc_STRVAR(pyucred_has_priv_doc,
200 + "has_priv(set, priv) -> bool\n"
202 + "Return true if the given privilege is set in the "
203 + "specified set. Raises OSError if the set or privilege is "
204 + "invalid, or a problem occurs.\n"
206 + "Currently, the following privilege sets are defined, as "
207 + "described in privileges(5):\n"
214 +static PyMethodDef pyucred_methods[] = {
215 + { "geteuid", (PyCFunction)pyucred_geteuid, METH_NOARGS,
216 + "Return the effective user ID." },
217 + { "getruid", (PyCFunction)pyucred_getruid, METH_NOARGS,
218 + "Return the real user ID." },
219 + { "getsuid", (PyCFunction)pyucred_getsuid, METH_NOARGS,
220 + "Return the saved user ID." },
221 + { "getegid", (PyCFunction)pyucred_getegid, METH_NOARGS,
222 + "Return the effective group ID." },
223 + { "getrgid", (PyCFunction)pyucred_getrgid, METH_NOARGS,
224 + "Return the real group ID." },
225 + { "getsgid", (PyCFunction)pyucred_getsgid, METH_NOARGS,
226 + "Return the saved group ID." },
227 + { "getpid", (PyCFunction)pyucred_getpid, METH_NOARGS,
228 + "Return the effective user ID." },
229 + { "getprojid", (PyCFunction)pyucred_getprojid, METH_NOARGS,
230 + "Return the project ID." },
231 + { "getzoneid", (PyCFunction)pyucred_getzoneid, METH_NOARGS,
232 + "Return the zone ID." },
233 + { "getgroups", (PyCFunction)pyucred_getgroups, METH_NOARGS,
234 + "Return a list of group IDs." },
235 + { "getlabel", (PyCFunction)pyucred_getlabel, METH_NOARGS,
236 + pyucred_getlabel_doc },
237 + { "getpflags", (PyCFunction)pyucred_getpflags,
238 + METH_VARARGS|METH_KEYWORDS, pyucred_getpflags_doc },
239 + { "has_priv", (PyCFunction)pyucred_has_priv,
240 + METH_VARARGS|METH_KEYWORDS, pyucred_has_priv_doc },
245 +pyucred_init(PyObject *self, PyObject *args, PyObject *kwargs)
247 + pyucred_t *uc = (pyucred_t *)self;
253 +pyucred_dealloc(PyObject *self)
255 + pyucred_t *uc = (pyucred_t *)self;
256 + if (uc->ucred != NULL)
257 + ucred_free(uc->ucred);
258 + Py_TYPE(self)->tp_free(self);
261 +static PyTypeObject pyucred_type = {
262 + PyVarObject_HEAD_INIT(NULL, 0)
263 + "ucred.ucred", /*tp_name*/
264 + sizeof (pyucred_t), /*tp_basicsize*/
266 + pyucred_dealloc, /*tp_dealloc*/
272 + 0, /*tp_as_number*/
273 + 0, /*tp_as_sequence*/
274 + 0, /*tp_as_mapping*/
280 + 0, /*tp_as_buffer*/
281 + Py_TPFLAGS_DEFAULT, /*tp_flags*/
282 + "user credentials", /*tp_doc */
283 + 0, /* tp_traverse */
285 + 0, /* tp_richcompare */
286 + 0, /* tp_weaklistoffset */
288 + 0, /* tp_iternext */
289 + pyucred_methods, /* tp_methods */
290 + 0, /* tp_members */
294 + 0, /* tp_descr_get */
295 + 0, /* tp_descr_set */
296 + 0, /* tp_dictoffset */
297 + (initproc)pyucred_init, /* tp_init */
305 +pyucred_new(const ucred_t *uc)
309 + self = (pyucred_t *)PyObject_CallObject((PyObject *)&pyucred_type, NULL);
314 + self->ucred = (ucred_t *)uc;
316 + return ((PyObject *)self);
320 +pyucred_get(PyObject *o, PyObject *args, PyObject *kwargs)
322 + static char *kwlist[] = { "pid", NULL };
323 + ucred_t *ucred = NULL;
326 + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i", kwlist,
330 + ucred = ucred_get(pid);
332 + if (ucred == NULL) {
333 + PyErr_SetFromErrno(PyExc_OSError);
337 + return (pyucred_new(ucred));
341 +pyucred_getpeer(PyObject *o, PyObject *args, PyObject *kwargs)
343 + static char *kwlist[] = { "fd", NULL };
344 + ucred_t *ucred = NULL;
347 + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "i", kwlist,
351 + if (getpeerucred(fd, &ucred) == -1) {
352 + PyErr_SetFromErrno(PyExc_OSError);
356 + return (pyucred_new(ucred));
359 +PyDoc_STRVAR(pyucred_get_doc,
360 + "get(pid) -> ucred\n"
362 + "Return the credentials of the specified process ID. "
363 + "Raises OSError. See ucred_get(3C).");
364 +PyDoc_STRVAR(pyucred_getpeer_doc,
365 + "getpeer(fd) -> ucred\n"
367 + "Return the credentials of the peer endpoint of a "
368 + "connection-oriented socket (SOCK_STREAM) or STREAM fd "
369 + "at the time the endpoint was created or the connection "
370 + "was established. Raises OSError. See getpeerucred(3C).");
372 +static struct PyMethodDef pyucred_module_methods[] = {
373 + { "get", (PyCFunction) pyucred_get,
374 + METH_VARARGS|METH_KEYWORDS, pyucred_get_doc },
375 + { "getpeer", (PyCFunction) pyucred_getpeer,
376 + METH_VARARGS|METH_KEYWORDS, pyucred_getpeer_doc },
377 + { NULL, NULL, 0, NULL }
380 +PyDoc_STRVAR(pyucred_module_doc,
381 + "This module provides an interface to the user credential access "
382 + "methods, obtainable either by process ID or file descriptor.");
389 + static struct PyModuleDef moduledef = {
390 + PyModuleDef_HEAD_INIT,
392 + pyucred_module_doc,
394 + pyucred_module_methods,
401 + m = PyModule_Create(&moduledef);
403 + pyucred_type.tp_new = PyType_GenericNew;
404 + if (PyType_Ready(&pyucred_type) < 0)
407 + Py_INCREF(&pyucred_type);
409 + PyModule_AddObject(m, "ucred", (PyObject *)&pyucred_type);
413 --- Python-3.9.1/setup.py
414 +++ Python-3.9.1/setup.py
415 @@ -1814,6 +1814,13 @@ class PyBuildExt(build_ext):
417 self.missing.append('_uuid')
419 + def detect_ucred(self):
420 + # ucred module (Solaris)
421 + ucred_inc = find_file('ucred.h', [], self.inc_dirs)
422 + tsol_inc = find_file('tsol/label.h', [], self.inc_dirs)
423 + if ucred_inc is not None and tsol_inc is not None:
424 + self.add(Extension('ucred', ['ucred.c'], libraries=['tsol']))
426 def detect_modules(self):
427 self.configure_compiler()
428 self.init_inc_lib_dirs()
429 @@ -1834,6 +1841,7 @@ class PyBuildExt(build_ext):
430 self.detect_expat_elementtree()
431 self.detect_multibytecodecs()
432 self.detect_decimal()
433 + self.detect_ucred()
435 self.detect_multiprocessing()
436 if not self.detect_tkinter():
437 --- Python-3.9.1/Lib/test/ucredtest.py
438 +++ Python-3.9.1/Lib/test/ucredtest.py
440 +#!/usr/bin/python3.9
445 +uc = ucred.get(os.getpid())
447 +print("pid = %d" % uc.getpid())
448 +print("euid = %d" % uc.geteuid())
449 +print("ruid = %d" % uc.getruid())
450 +print("suid = %d" % uc.getsuid())
451 +print("egid = %d" % uc.getegid())
452 +print("rgid = %d" % uc.getrgid())
453 +print("sgid = %d" % uc.getsgid())
454 +print("zoneid = %d" % uc.getzoneid())
455 +print("projid = %d" % uc.getprojid())
456 +print("groups = %s" % uc.getgroups())
457 +print("label = %s" % uc.getlabel())
459 +print("getpflags(0x1) = %d" % uc.getpflags(0x1))
460 +print("getpflags(0x2) = %d" % uc.getpflags(0x2))
461 +print("has_priv(Effective, proc_fork) = %d" % uc.has_priv("Effective", "proc_fork"))
462 +print("has_priv(Permitted, proc_fork) = %d" % uc.has_priv("Permitted", "proc_fork"))
463 +print("has_priv(Inheritable, proc_fork) = %d" % uc.has_priv("Inheritable", "proc_fork"))
464 +print("has_priv(Limit, file_setid) = %d" % uc.has_priv("Limit", "file_setid"))
465 +print("has_priv(Effective, file_setid) = %d" % uc.has_priv("Effective", "file_setid"))
467 + uc.has_priv("Effective", "proc_bork")
468 +except OSError as e:
471 + uc.has_priv("Defective", "proc_fork")
472 +except OSError as e:
475 + uc.has_priv("Defective", "proc_bork")
476 +except OSError as e:
483 +except OSError as e: