From f510cd0de5b55e3b2d0d65bc873d652829a7e2ed Mon Sep 17 00:00:00 2001

Message-Id: <f510cd0de5b55e3b2d0d65bc873d652829a7e2ed.1383321465.git.jdenemar@redhat.com>

From: "Daniel P. Berrange" <berrange@redhat.com>

Date: Wed, 30 Oct 2013 17:01:56 +0000

Subject: [PATCH] Remove (nearly) all use of getuid()/getgid()

For

  https://bugzilla.redhat.com/show_bug.cgi?id=1015247

Most of the usage of getuid()/getgid() is in cases where we are

considering what privileges we have. As such the code should be

using the effective IDs, not real IDs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

(cherry picked from commit 9b0af09240618184fea5884952941217e65b824f)

Conflicts:

	tests/qemumonitortestutils.c

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

---

 src/libvirt.c                         |  2 +-

 src/locking/lock_daemon.c             |  2 +-

 src/locking/lock_driver_lockd.c       |  4 ++--

 src/lxc/lxc_controller.c              |  2 +-

 src/qemu/qemu_driver.c                |  6 +++---

 src/remote/remote_driver.c            |  4 ++--

 src/storage/storage_backend.c         |  4 ++--

 src/storage/storage_backend_fs.c      |  4 ++--

 src/storage/storage_backend_logical.c |  2 +-

 src/util/virfile.c                    | 16 ++++++++--------

 src/util/viridentity.c                |  8 ++++----

 src/util/virstoragefile.c             |  2 +-

 src/vbox/vbox_driver.c                |  2 +-

 src/vbox/vbox_tmpl.c                  |  2 +-

 tests/qemumonitortestutils.c          |  4 ++--

 tests/virnetsockettest.c              |  4 ++--

 16 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/libvirt.c b/src/libvirt.c

index 8a3cc42..54c90ec 100644

--- a/src/libvirt.c

+++ b/src/libvirt.c

@@ -133,7 +133,7 @@ static int virConnectAuthGainPolkit(const char *privilege) {

     int status;

     int ret = -1;

-    if (getuid() == 0)

+    if (geteuid() == 0)

         return 0;

     cmd = virCommandNewArgList(POLKIT_AUTH, "--obtain", privilege, NULL);

diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c

index 0ac16c3..d74af13 100644

--- a/src/locking/lock_daemon.c

+++ b/src/locking/lock_daemon.c

@@ -1167,7 +1167,7 @@ int main(int argc, char **argv) {

         {0, 0, 0, 0}

     };

-    privileged = getuid() == 0;

+    privileged = geteuid() == 0;

     if (setlocale(LC_ALL, "") == NULL ||

         bindtextdomain(PACKAGE, LOCALEDIR) == NULL ||

diff --git a/src/locking/lock_driver_lockd.c b/src/locking/lock_driver_lockd.c

index 86ce2d8..f3b9467 100644

--- a/src/locking/lock_driver_lockd.c

+++ b/src/locking/lock_driver_lockd.c

@@ -302,7 +302,7 @@ virLockManagerLockDaemonConnect(virLockManagerPtr lock,

 {

     virNetClientPtr client;

-    if (!(client = virLockManagerLockDaemonConnectionNew(getuid() == 0, program)))

+    if (!(client = virLockManagerLockDaemonConnectionNew(geteuid() == 0, program)))

         return NULL;

     if (virLockManagerLockDaemonConnectionRegister(lock,

@@ -331,7 +331,7 @@ static int virLockManagerLockDaemonSetupLockspace(const char *path)

     memset(&args, 0, sizeof(args));

     args.path = (char*)path;

-    if (!(client = virLockManagerLockDaemonConnectionNew(getuid() == 0, &program)))

+    if (!(client = virLockManagerLockDaemonConnectionNew(geteuid() == 0, &program)))

         return -1;

     if (virNetClientProgramCall(program,

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c

index 357910d..5754c92 100644

--- a/src/lxc/lxc_controller.c

+++ b/src/lxc/lxc_controller.c

@@ -2353,7 +2353,7 @@ int main(int argc, char *argv[])

         goto cleanup;

     }

-    if (getuid() != 0) {

+    if (geteuid() != 0) {

         fprintf(stderr, "%s: must be run as the 'root' user\n", argv[0]);

         goto cleanup;

     }

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c

index 226e32d..e7b0f37 100644

--- a/src/qemu/qemu_driver.c

+++ b/src/qemu/qemu_driver.c

@@ -2796,8 +2796,8 @@ qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,

     unsigned int vfoflags = 0;

     int fd = -1;

     int path_shared = virStorageFileIsSharedFS(path);

-    uid_t uid = getuid();

-    gid_t gid = getgid();

+    uid_t uid = geteuid();

+    gid_t gid = getegid();

     /* path might be a pre-existing block dev, in which case

      * we need to skip the create step, and also avoid unlink

@@ -2837,7 +2837,7 @@ qemuOpenFileAs(uid_t fallback_uid, gid_t fallback_gid,

                qemu user is non-root, just set a flag to

                bypass security driver shenanigans, and retry the operation

                after doing setuid to qemu user */

-            if ((fd != -EACCES && fd != -EPERM) || fallback_uid == getuid())

+            if ((fd != -EACCES && fd != -EPERM) || fallback_uid == geteuid())

                 goto error;

             /* On Linux we can also verify the FS-type of the directory. */

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c

index 7688bf6..b3e86e1 100644

--- a/src/remote/remote_driver.c

+++ b/src/remote/remote_driver.c

@@ -995,7 +995,7 @@ remoteConnectOpen(virConnectPtr conn,

          (strstr(conn->uri->scheme, "+unix") != NULL)) &&

         (STREQ(conn->uri->path, "/session") ||

          STRPREFIX(conn->uri->scheme, "test+")) &&

-        getuid() > 0) {

+        geteuid() > 0) {

         VIR_DEBUG("Auto-spawn user daemon instance");

         rflags |= VIR_DRV_OPEN_REMOTE_USER;

         if (!virIsSUID() &&

@@ -1013,7 +1013,7 @@ remoteConnectOpen(virConnectPtr conn,

     if (!conn->uri) {

         VIR_DEBUG("Auto-probe remote URI");

 #ifndef __sun

-        if (getuid() > 0) {

+        if (geteuid() > 0) {

             VIR_DEBUG("Auto-spawn user daemon instance");

             rflags |= VIR_DRV_OPEN_REMOTE_USER;

             if (!virIsSUID() &&

diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c

index 4ebe11b..4bbf988 100644

--- a/src/storage/storage_backend.c

+++ b/src/storage/storage_backend.c

@@ -527,11 +527,11 @@ virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool,

     bool filecreated = false;

     if ((pool->def->type == VIR_STORAGE_POOL_NETFS)

-        && (((getuid() == 0)

+        && (((geteuid() == 0)

              && (vol->target.perms.uid != (uid_t) -1)

              && (vol->target.perms.uid != 0))

             || ((vol->target.perms.gid != (gid_t) -1)

-                && (vol->target.perms.gid != getgid())))) {

+                && (vol->target.perms.gid != getegid())))) {

         virCommandSetUID(cmd, vol->target.perms.uid);

         virCommandSetGID(cmd, vol->target.perms.gid);

diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c

index d305b06..8bbee92 100644

--- a/src/storage/storage_backend_fs.c

+++ b/src/storage/storage_backend_fs.c

@@ -786,9 +786,9 @@ virStorageBackendFileSystemBuild(virConnectPtr conn ATTRIBUTE_UNUSED,

     /* Reflect the actual uid and gid to the config. */

     if (pool->def->target.perms.uid == (uid_t) -1)

-        pool->def->target.perms.uid = getuid();

+        pool->def->target.perms.uid = geteuid();

     if (pool->def->target.perms.gid == (gid_t) -1)

-        pool->def->target.perms.gid = getgid();

+        pool->def->target.perms.gid = getegid();

     if (flags != 0) {

         ret = virStorageBackendMakeFileSystem(pool, flags);

diff --git a/src/storage/storage_backend_logical.c b/src/storage/storage_backend_logical.c

index 8998a11..817edd5 100644

--- a/src/storage/storage_backend_logical.c

+++ b/src/storage/storage_backend_logical.c

@@ -719,7 +719,7 @@ virStorageBackendLogicalCreateVol(virConnectPtr conn,

         goto error;

     /* We can only chown/grp if root */

-    if (getuid() == 0) {

+    if (geteuid() == 0) {

         if (fchown(fd, vol->target.perms.uid, vol->target.perms.gid) < 0) {

             virReportSystemError(errno,

                                  _("cannot set file owner '%s'"),

diff --git a/src/util/virfile.c b/src/util/virfile.c

index 92a81a5..33a8a6d 100644

--- a/src/util/virfile.c

+++ b/src/util/virfile.c

@@ -1457,8 +1457,8 @@ virFileAccessibleAs(const char *path, int mode,

     gid_t *groups;

     int ngroups;

-    if (uid == getuid() &&

-        gid == getgid())

+    if (uid == geteuid() &&

+        gid == getegid())

         return access(path, mode);

     ngroups = virGetGroupList(uid, gid, &groups);

@@ -1750,9 +1750,9 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,

     /* allow using -1 to mean "current value" */

     if (uid == (uid_t) -1)

-        uid = getuid();

+        uid = geteuid();

     if (gid == (gid_t) -1)

-        gid = getgid();

+        gid = getegid();

     /* treat absence of both flags as presence of both for simpler

      * calling. */

@@ -1760,7 +1760,7 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,

         flags |= VIR_FILE_OPEN_NOFORK|VIR_FILE_OPEN_FORK;

     if ((flags & VIR_FILE_OPEN_NOFORK)

-        || (getuid() != 0)

+        || (geteuid() != 0)

         || ((uid == 0) && (gid == 0))) {

         if ((fd = open(path, openflags, mode)) < 0) {

@@ -1871,12 +1871,12 @@ virDirCreate(const char *path,

     /* allow using -1 to mean "current value" */

     if (uid == (uid_t) -1)

-        uid = getuid();

+        uid = geteuid();

     if (gid == (gid_t) -1)

-        gid = getgid();

+        gid = getegid();

     if ((!(flags & VIR_DIR_CREATE_AS_UID))

-        || (getuid() != 0)

+        || (geteuid() != 0)

         || ((uid == 0) && (gid == 0))

         || ((flags & VIR_DIR_CREATE_ALLOW_EXIST) && (stat(path, &st) >= 0))) {

         return virDirCreateNoFork(path, mode, uid, gid, flags);

diff --git a/src/util/viridentity.c b/src/util/viridentity.c

index f681f85..4f5127c 100644

--- a/src/util/viridentity.c

+++ b/src/util/viridentity.c

@@ -157,14 +157,14 @@ virIdentityPtr virIdentityGetSystem(void)

         virAsprintf(&processtime, "%llu", timestamp) < 0)

         goto cleanup;

-    if (!(username = virGetUserName(getuid())))

+    if (!(username = virGetUserName(geteuid())))

         goto cleanup;

-    if (virAsprintf(&userid, "%d", (int)getuid()) < 0)

+    if (virAsprintf(&userid, "%d", (int)geteuid()) < 0)

         goto cleanup;

-    if (!(groupname = virGetGroupName(getgid())))

+    if (!(groupname = virGetGroupName(getegid())))

         goto cleanup;

-    if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)

+    if (virAsprintf(&groupid, "%d", (int)getegid()) < 0)

         goto cleanup;

 #if WITH_SELINUX

diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c

index 0b9cec3..9453599 100644

--- a/src/util/virstoragefile.c

+++ b/src/util/virstoragefile.c

@@ -572,7 +572,7 @@ virFindBackingFile(const char *start, bool start_is_dir, const char *path,

         goto cleanup;

     }

-    if (virFileAccessibleAs(combined, F_OK, getuid(), getgid()) < 0) {

+    if (virFileAccessibleAs(combined, F_OK, geteuid(), getegid()) < 0) {

         virReportSystemError(errno,

                              _("Cannot access backing file '%s'"),

                              combined);

diff --git a/src/vbox/vbox_driver.c b/src/vbox/vbox_driver.c

index 9d07574..4978913 100644

--- a/src/vbox/vbox_driver.c

+++ b/src/vbox/vbox_driver.c

@@ -153,7 +153,7 @@ static virDrvOpenStatus vboxConnectOpen(virConnectPtr conn,

                                         virConnectAuthPtr auth ATTRIBUTE_UNUSED,

                                         unsigned int flags)

 {

-    uid_t uid = getuid();

+    uid_t uid = geteuid();

     virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);

diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c

index 2130590..5b17048 100644

--- a/src/vbox/vbox_tmpl.c

+++ b/src/vbox/vbox_tmpl.c

@@ -999,7 +999,7 @@ static virDrvOpenStatus vboxConnectOpen(virConnectPtr conn,

                                         unsigned int flags)

 {

     vboxGlobalData *data = NULL;

-    uid_t uid = getuid();

+    uid_t uid = geteuid();

     virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);

diff --git a/tests/qemumonitortestutils.c b/tests/qemumonitortestutils.c

index 56368a2..1bcdb1f 100644

--- a/tests/qemumonitortestutils.c

+++ b/tests/qemumonitortestutils.c

@@ -482,8 +482,8 @@ qemuMonitorTestPtr qemuMonitorTestNew(bool json, virDomainXMLOptionPtr xmlopt)

     if (virNetSocketNewListenUNIX(path,

                                   0700,

-                                  getuid(),

-                                  getgid(),

+                                  geteuid(),

+                                  getegid(),

                                   &test->server) < 0)

         goto error;

diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c

index 5b434ba..bb0e572 100644

--- a/tests/virnetsockettest.c

+++ b/tests/virnetsockettest.c

@@ -220,7 +220,7 @@ static int testSocketUNIXAccept(const void *data ATTRIBUTE_UNUSED)

     if (virAsprintf(&path, "%s/test.sock", tmpdir) < 0)

         goto cleanup;

-    if (virNetSocketNewListenUNIX(path, 0700, -1, getgid(), &lsock) < 0)

+    if (virNetSocketNewListenUNIX(path, 0700, -1, getegid(), &lsock) < 0)

         goto cleanup;

     if (virNetSocketListen(lsock, 0) < 0)

@@ -270,7 +270,7 @@ static int testSocketUNIXAddrs(const void *data ATTRIBUTE_UNUSED)

     if (virAsprintf(&path, "%s/test.sock", tmpdir) < 0)

         goto cleanup;

-    if (virNetSocketNewListenUNIX(path, 0700, -1, getgid(), &lsock) < 0)

+    if (virNetSocketNewListenUNIX(path, 0700, -1, getegid(), &lsock) < 0)

         goto cleanup;

     if (STRNEQ(virNetSocketLocalAddrString(lsock), "127.0.0.1;0")) {

-- 

1.8.4.2