From f510cd0de5b55e3b2d0d65bc873d652829a7e2ed Mon Sep 17 00:00:00 2001
Message-Id: <f510cd0de5b55e3b2d0d65bc873d652829a7e2ed.1383321465.git.jdenemar@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 30 Oct 2013 17:01:56 +0000
Subject: [PATCH] Remove (nearly) all use of getuid()/getgid()

For

  https://bugzilla.redhat.com/show_bug.cgi?id=1015247

Most of the usage of getuid()/getgid() is in cases where we are
considering what privileges we have. As such the code should be
using the effective IDs, not real IDs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 9b0af09240618184fea5884952941217e65b824f)

Conflicts:
	tests/qemumonitortestutils.c
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/libvirt.c                         |  2 +-
 src/locking/lock_daemon.c             |  2 +-
 src/locking/lock_driver_lockd.c       |  4 ++--
 src/lxc/lxc_controller.c              |  2 +-
 src/qemu/qemu_driver.c                |  6 +++---
 src/remote/remote_driver.c            |  4 ++--
 src/storage/storage_backend.c         |  4 ++--
 src/storage/storage_backend_fs.c      |  4 ++--
 src/storage/storage_backend_logical.c |  2 +-
 src/util/virfile.c                    | 16 ++++++++--------
 src/util/viridentity.c                |  8 ++++----
 src/util/virstoragefile.c             |  2 +-
 src/vbox/vbox_driver.c                |  2 +-
 src/vbox/vbox_tmpl.c                  |  2 +-
 tests/qemumonitortestutils.c          |  4 ++--
 tests/virnetsockettest.c              |  4 ++--
 16 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/libvirt.c b/src/libvirt.c
index 8a3cc42..54c90ec 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -133,7 +133,7 @@ static int virConnectAuthGainPolkit(const char *privilege) {
     int status;
     int ret = -1;
 
-    if (getuid() == 0)
+    if (geteuid() == 0)
         return 0;
 
     cmd = virCommandNewArgList(POLKIT_AUTH, "--obtain", privilege, NULL);
diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c
index 0ac16c3..d74af13 100644
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@@ -1167,7 +1167,7 @@ int main(int argc, char **argv) {
         {0, 0, 0, 0}
     };
 
-    privileged = getuid() == 0;
+    privileged = geteuid() == 0;
 
     if (setlocale(LC_ALL, "") == NULL ||
         bindtextdomain(PACKAGE, LOCALEDIR) == NULL ||
diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lockd.c
index 86ce2d8..f3b9467 100644
--- a/src/locking/lock_driver_lockd.c
+++ b/src/locking/lock_driver_lockd.c
@@ -302,7 +302,7 @@ virLockManagerLockDaemonConnect(virLockManagerPtr lock,
 {
     virNetClientPtr client;
 
-    if (!(client = virLockManagerLockDaemonConnectionNew(getuid() == 0, program)))
+    if (!(client = virLockManagerLockDaemonConnectionNew(geteuid() == 0, program)))
         return NULL;
 
     if (virLockManagerLockDaemonConnectionRegister(lock,
@@ -331,7 +331,7 @@ static int virLockManagerLockDaemonSetupLockspace(const char *path)
     memset(&args, 0, sizeof(args));
     args.path = (char*)path;
 
-    if (!(client = virLockManagerLockDaemonConnectionNew(getuid() == 0, &program)))
+    if (!(client = virLockManagerLockDaemonConnectionNew(geteuid() == 0, &program)))
         return -1;
 
     if (virNetClientProgramCall(program,
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 357910d..5754c92 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2353,7 +2353,7 @@ int main(int argc, char *argv[])
         goto cleanup;
     }
 
-    if (getuid() != 0) {
+    if (geteuid() != 0) {
         fprintf(stderr, "%s: must be run as the 'root' user\n", argv[0]);
         goto cleanup;
     }
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 226e32d..e7b0f37 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -2796,8 +2796,8 @@ qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,
     unsigned int vfoflags = 0;
     int fd = -1;
     int path_shared = virStorageFileIsSharedFS(path);
-    uid_t uid = getuid();
-    gid_t gid = getgid();
+    uid_t uid = geteuid();
+    gid_t gid = getegid();
 
     /* path might be a pre-existing block dev, in which case
      * we need to skip the create step, and also avoid unlink
@@ -2837,7 +2837,7 @@ qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,
                qemu user is non-root, just set a flag to
                bypass security driver shenanigans, and retry the operation
                after doing setuid to qemu user */
-            if ((fd != -EACCES && fd != -EPERM) || fallback_uid == getuid())
+            if ((fd != -EACCES && fd != -EPERM) || fallback_uid == geteuid())
                 goto error;
 
             /* On Linux we can also verify the FS-type of the directory. */
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 7688bf6..b3e86e1 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -995,7 +995,7 @@ remoteConnectOpen(virConnectPtr conn,
          (strstr(conn->uri->scheme, "+unix") != NULL)) &&
         (STREQ(conn->uri->path, "/session") ||
          STRPREFIX(conn->uri->scheme, "test+")) &&
-        getuid() > 0) {
+        geteuid() > 0) {
         VIR_DEBUG("Auto-spawn user daemon instance");
         rflags |= VIR_DRV_OPEN_REMOTE_USER;
         if (!virIsSUID() &&
@@ -1013,7 +1013,7 @@ remoteConnectOpen(virConnectPtr conn,
     if (!conn->uri) {
         VIR_DEBUG("Auto-probe remote URI");
 #ifndef __sun
-        if (getuid() > 0) {
+        if (geteuid() > 0) {
             VIR_DEBUG("Auto-spawn user daemon instance");
             rflags |= VIR_DRV_OPEN_REMOTE_USER;
             if (!virIsSUID() &&
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 4ebe11b..4bbf988 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -527,11 +527,11 @@ virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool,
     bool filecreated = false;
 
     if ((pool->def->type == VIR_STORAGE_POOL_NETFS)
-        && (((getuid() == 0)
+        && (((geteuid() == 0)
              && (vol->target.perms.uid != (uid_t) -1)
              && (vol->target.perms.uid != 0))
             || ((vol->target.perms.gid != (gid_t) -1)
-                && (vol->target.perms.gid != getgid())))) {
+                && (vol->target.perms.gid != getegid())))) {
 
         virCommandSetUID(cmd, vol->target.perms.uid);
         virCommandSetGID(cmd, vol->target.perms.gid);
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index d305b06..8bbee92 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -786,9 +786,9 @@ virStorageBackendFileSystemBuild(virConnectPtr conn ATTRIBUTE_UNUSED,
 
     /* Reflect the actual uid and gid to the config. */
     if (pool->def->target.perms.uid == (uid_t) -1)
-        pool->def->target.perms.uid = getuid();
+        pool->def->target.perms.uid = geteuid();
     if (pool->def->target.perms.gid == (gid_t) -1)
-        pool->def->target.perms.gid = getgid();
+        pool->def->target.perms.gid = getegid();
 
     if (flags != 0) {
         ret = virStorageBackendMakeFileSystem(pool, flags);
diff --git a/src/storage/storage_backend_logical.c b/src/storage/storage_backend_logical.c
index 8998a11..817edd5 100644
--- a/src/storage/storage_backend_logical.c
+++ b/src/storage/storage_backend_logical.c
@@ -719,7 +719,7 @@ virStorageBackendLogicalCreateVol(virConnectPtr conn,
         goto error;
 
     /* We can only chown/grp if root */
-    if (getuid() == 0) {
+    if (geteuid() == 0) {
         if (fchown(fd, vol->target.perms.uid, vol->target.perms.gid) < 0) {
             virReportSystemError(errno,
                                  _("cannot set file owner '%s'"),
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 92a81a5..33a8a6d 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -1457,8 +1457,8 @@ virFileAccessibleAs(const char *path, int mode,
     gid_t *groups;
     int ngroups;
 
-    if (uid == getuid() &&
-        gid == getgid())
+    if (uid == geteuid() &&
+        gid == getegid())
         return access(path, mode);
 
     ngroups = virGetGroupList(uid, gid, &groups);
@@ -1750,9 +1750,9 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,
 
     /* allow using -1 to mean "current value" */
     if (uid == (uid_t) -1)
-        uid = getuid();
+        uid = geteuid();
     if (gid == (gid_t) -1)
-        gid = getgid();
+        gid = getegid();
 
     /* treat absence of both flags as presence of both for simpler
      * calling. */
@@ -1760,7 +1760,7 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,
         flags |= VIR_FILE_OPEN_NOFORK|VIR_FILE_OPEN_FORK;
 
     if ((flags & VIR_FILE_OPEN_NOFORK)
-        || (getuid() != 0)
+        || (geteuid() != 0)
         || ((uid == 0) && (gid == 0))) {
 
         if ((fd = open(path, openflags, mode)) < 0) {
@@ -1871,12 +1871,12 @@ virDirCreate(const char *path,
 
     /* allow using -1 to mean "current value" */
     if (uid == (uid_t) -1)
-        uid = getuid();
+        uid = geteuid();
     if (gid == (gid_t) -1)
-        gid = getgid();
+        gid = getegid();
 
     if ((!(flags & VIR_DIR_CREATE_AS_UID))
-        || (getuid() != 0)
+        || (geteuid() != 0)
         || ((uid == 0) && (gid == 0))
         || ((flags & VIR_DIR_CREATE_ALLOW_EXIST) && (stat(path, &st) >= 0))) {
         return virDirCreateNoFork(path, mode, uid, gid, flags);
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index f681f85..4f5127c 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -157,14 +157,14 @@ virIdentityPtr virIdentityGetSystem(void)
         virAsprintf(&processtime, "%llu", timestamp) < 0)
         goto cleanup;
 
-    if (!(username = virGetUserName(getuid())))
+    if (!(username = virGetUserName(geteuid())))
         goto cleanup;
-    if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
+    if (virAsprintf(&userid, "%d", (int)geteuid()) < 0)
         goto cleanup;
 
-    if (!(groupname = virGetGroupName(getgid())))
+    if (!(groupname = virGetGroupName(getegid())))
         goto cleanup;
-    if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
+    if (virAsprintf(&groupid, "%d", (int)getegid()) < 0)
         goto cleanup;
 
 #if WITH_SELINUX
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 0b9cec3..9453599 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -572,7 +572,7 @@ virFindBackingFile(const char *start, bool start_is_dir, const char *path,
         goto cleanup;
     }
 
-    if (virFileAccessibleAs(combined, F_OK, getuid(), getgid()) < 0) {
+    if (virFileAccessibleAs(combined, F_OK, geteuid(), getegid()) < 0) {
         virReportSystemError(errno,
                              _("Cannot access backing file '%s'"),
                              combined);
diff --git a/src/vbox/vbox_driver.c b/src/vbox/vbox_driver.c
index 9d07574..4978913 100644
--- a/src/vbox/vbox_driver.c
+++ b/src/vbox/vbox_driver.c
@@ -153,7 +153,7 @@ static virDrvOpenStatus vboxConnectOpen(virConnectPtr conn,
                                         virConnectAuthPtr auth ATTRIBUTE_UNUSED,
                                         unsigned int flags)
 {
-    uid_t uid = getuid();
+    uid_t uid = geteuid();
 
     virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);
 
diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
index 2130590..5b17048 100644
--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
@@ -999,7 +999,7 @@ static virDrvOpenStatus vboxConnectOpen(virConnectPtr conn,
                                         unsigned int flags)
 {
     vboxGlobalData *data = NULL;
-    uid_t uid = getuid();
+    uid_t uid = geteuid();
 
     virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);
 
diff --git a/tests/qemumonitortestutils.c b/tests/qemumonitortestutils.c
index 56368a2..1bcdb1f 100644
--- a/tests/qemumonitortestutils.c
+++ b/tests/qemumonitortestutils.c
@@ -482,8 +482,8 @@ qemuMonitorTestPtr qemuMonitorTestNew(bool json, virDomainXMLOptionPtr xmlopt)
 
     if (virNetSocketNewListenUNIX(path,
                                   0700,
-                                  getuid(),
-                                  getgid(),
+                                  geteuid(),
+                                  getegid(),
                                   &test->server) < 0)
         goto error;
 
diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
index 5b434ba..bb0e572 100644
--- a/tests/virnetsockettest.c
+++ b/tests/virnetsockettest.c
@@ -220,7 +220,7 @@ static int testSocketUNIXAccept(const void *data ATTRIBUTE_UNUSED)
     if (virAsprintf(&path, "%s/test.sock", tmpdir) < 0)
         goto cleanup;
 
-    if (virNetSocketNewListenUNIX(path, 0700, -1, getgid(), &lsock) < 0)
+    if (virNetSocketNewListenUNIX(path, 0700, -1, getegid(), &lsock) < 0)
         goto cleanup;
 
     if (virNetSocketListen(lsock, 0) < 0)
@@ -270,7 +270,7 @@ static int testSocketUNIXAddrs(const void *data ATTRIBUTE_UNUSED)
     if (virAsprintf(&path, "%s/test.sock", tmpdir) < 0)
         goto cleanup;
 
-    if (virNetSocketNewListenUNIX(path, 0700, -1, getgid(), &lsock) < 0)
+    if (virNetSocketNewListenUNIX(path, 0700, -1, getegid(), &lsock) < 0)
         goto cleanup;
 
     if (STRNEQ(virNetSocketLocalAddrString(lsock), "127.0.0.1;0")) {
-- 
1.8.4.2