Re: Adding sc_pid to SCM_CREDS

[Roy Marples <roy%marples.name@localhost>]

On 31/03/2016 03:44, Christos Zoulas wrote:
> In article <56FAB3EC.4070406%marples.name@localhost>,
> Roy Marples  <roy%marples.name@localhost> wrote:
>> -=-=-=-=-=-
>> For AF_UNIX SOCK_DGRAM sockets, the only way of obtaining credentials is
>> via LOCAL_CREDS which returns SCM_CREDS as a cmsg.
>> However, struct sockcred lacks the process id of the sender which is of
>> use to many applications.
>>
>> For SOCK_STREAM and SOCK_SEQPACKET, we do have LOCAL_PEEREID, but that
>> comes at the extra expense of a syscall after accepting.
>>
>> There was a previous discussion here:
>> https://mail-index.netbsd.org/tech-kern/2008/07/05/msg001969.html
>>
>> And an open gnats ticket with a LOCAL_PROC suggestion under kern/39108
>> http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=39108
>>
>> Attached is a patch which adds sc_pid to struct sockcred and correctly
>> fills it out. The old sockcred structure is available as osockcred in
>> compat/sys/socket.h and guarded by COMPAT_70.
>>
>> Everything seems to work ok with old binaries, but would appreciate some
>> extra eyes on the compat code or any suggestion how it could be done better.
>>
>> Roy
> 
> I think that most of the code and defines for the compatibility interfaces
> belongs in compat/ except of course for the parts that are need to be in
> the original socket code because it can't be done differently.

OK.

New patch, with man page update here:
http://www.netbsd.org/~roy/SCM_CREDS-pid.patch

This should be good to go now.

Roy

Index: sys/sys/socket.h
===================================================================
RCS file: /cvsroot/src/sys/sys/socket.h,v
retrieving revision 1.118
diff -u -r1.118 socket.h
--- sys/sys/socket.h	13 Oct 2015 21:28:34 -0000	1.118
+++ sys/sys/socket.h	31 Mar 2016 11:50:48 -0000
@@ -349,6 +349,7 @@
  * Socket credentials.
  */
 struct sockcred {
+	pid_t	sc_pid;			/* process id */
 	uid_t	sc_uid;			/* real user id */
 	uid_t	sc_euid;		/* effective user id */
 	gid_t	sc_gid;			/* real group id */
@@ -595,9 +596,10 @@
 /* "Socket"-level control message types: */
 #define	SCM_RIGHTS	0x01		/* access rights (array of int) */
 #if defined(_NETBSD_SOURCE)
-/* 			0x02		   timestamp (struct timeval50) */
-#define	SCM_CREDS	0x04		/* credentials (struct sockcred) */
+/*			0x02		   timestamp (struct timeval50) */
+/*			0x04		   credentials (struct sockcred70) */
 #define	SCM_TIMESTAMP	0x08		/* timestamp (struct timeval) */
+#define	SCM_CREDS	0x10		/* credentials (struct sockcred) */
 #endif
 
 /*
Index: sys/sys/un.h
===================================================================
RCS file: /cvsroot/src/sys/sys/un.h,v
retrieving revision 1.56
diff -u -r1.56 un.h
--- sys/sys/un.h	2 May 2015 17:18:04 -0000	1.56
+++ sys/sys/un.h	31 Mar 2016 11:50:49 -0000
@@ -56,9 +56,10 @@
  * Socket options for UNIX IPC domain.
  */
 #if defined(_NETBSD_SOURCE)
-#define	LOCAL_CREDS	0x0001		/* pass credentials to receiver */
+#define	LOCAL_OCREDS	0x0001		/* pass credentials to receiver */
 #define	LOCAL_CONNWAIT	0x0002		/* connects block until accepted */
 #define	LOCAL_PEEREID	0x0003		/* get peer identification */
+#define	LOCAL_CREDS	0x0004		/* pass credentials to receiver */
 #endif
 
 /*
Index: sys/sys/unpcb.h
===================================================================
RCS file: /cvsroot/src/sys/sys/unpcb.h,v
retrieving revision 1.17
diff -u -r1.17 unpcb.h
--- sys/sys/unpcb.h	24 Apr 2008 11:38:39 -0000	1.17
+++ sys/sys/unpcb.h	31 Mar 2016 11:50:49 -0000
@@ -97,11 +97,12 @@
  * in with data for the listening process.  This is set up in unp_bind() when
  * it fills in unp_connid for later consumption by unp_connect().
  */
-#define	UNP_WANTCRED	0x0001		/* credentials wanted */
+#define	UNP_OWANTCRED	0x0001		/* credentials wanted */
 #define	UNP_CONNWAIT	0x0002		/* connect blocks until accepted */
 #define	UNP_EIDSVALID	0x0004		/* unp_connid contains valid data */
 #define	UNP_EIDSBIND	0x0008		/* unp_connid was set by bind() */
 #define	UNP_BUSY	0x0010		/* busy connecting or binding */
+#define	UNP_WANTCRED	0x0020		/* credentials wanted */
 
 #define	sotounpcb(so)	((struct unpcb *)((so)->so_pcb))
 
Index: sys/kern/uipc_usrreq.c
===================================================================
RCS file: /cvsroot/src/sys/kern/uipc_usrreq.c,v
retrieving revision 1.179
diff -u -r1.179 uipc_usrreq.c
--- sys/kern/uipc_usrreq.c	2 May 2015 17:18:03 -0000	1.179
+++ sys/kern/uipc_usrreq.c	31 Mar 2016 11:50:50 -0000
@@ -120,6 +120,10 @@
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 
+#ifdef COMPAT_70
+#include <compat/sys/socket.h>
+#endif
+
 /*
  * Unix communications domain.
  *
@@ -319,6 +323,10 @@
 		sun = &sun_noname;
 	if (unp->unp_conn->unp_flags & UNP_WANTCRED)
 		control = unp_addsockcred(curlwp, control);
+#ifdef COMPAT_SOCKCRED70
+	if (unp->unp_conn->unp_flags & UNP_OWANTCRED)
+		control = compat70_unp_addsockcred(curlwp, control);
+#endif
 	if (sbappendaddr(&so2->so_rcv, (const struct sockaddr *)sun, m,
 	    control) == 0) {
 		so2->so_rcv.sb_overflowed++;
@@ -491,6 +499,16 @@
 			unp->unp_conn->unp_flags &= ~UNP_WANTCRED;
 			control = unp_addsockcred(l, control);
 		}
+#ifdef COMPAT_SOCKCRED70
+		if (unp->unp_conn->unp_flags & UNP_OWANTCRED) {
+			/*
+			 * Credentials are passed only once on
+			 * SOCK_STREAM and SOCK_SEQPACKET.
+			 */
+			unp->unp_conn->unp_flags &= ~UNP_OWANTCRED;
+			control = compat70_unp_addsockcred(l, control);
+		}
+#endif
 		/*
 		 * Send to paired receive port, and then reduce
 		 * send buffer hiwater marks to maintain backpressure.
@@ -566,6 +584,9 @@
 		switch (sopt->sopt_name) {
 		case LOCAL_CREDS:
 		case LOCAL_CONNWAIT:
+#ifdef COMPAT_SOCKCRED70
+		case LOCAL_OCREDS:
+#endif
 			error = sockopt_getint(sopt, &optval);
 			if (error)
 				break;
@@ -582,6 +603,11 @@
 			case LOCAL_CONNWAIT:
 				OPTSET(UNP_CONNWAIT);
 				break;
+#ifdef COMPAT_SOCKCRED70
+			case LOCAL_OCREDS:
+				OPTSET(UNP_OWANTCRED);
+				break;
+#endif
 			}
 			break;
 #undef OPTSET
@@ -609,6 +635,12 @@
 			optval = OPTBIT(UNP_WANTCRED);
 			error = sockopt_setint(sopt, optval);
 			break;
+#ifdef COMPAT_SOCKCRED70
+		case LOCAL_OCREDS:
+			optval = OPTBIT(UNP_OWANTCRED);
+			error = sockopt_setint(sopt, optval);
+			break;
+#endif
 #undef OPTBIT
 
 		default:
@@ -1572,8 +1604,9 @@
 		SCM_CREDS, SOL_SOCKET, M_WAITOK);
 	if (m == NULL)
 		return control;
-		
+
 	sc = p;
+	sc->sc_pid = l->l_proc->p_pid;
 	sc->sc_uid = kauth_cred_getuid(l->l_cred);
 	sc->sc_euid = kauth_cred_geteuid(l->l_cred);
 	sc->sc_gid = kauth_cred_getgid(l->l_cred);
Index: sys/compat/common/Makefile
===================================================================
RCS file: /cvsroot/src/sys/compat/common/Makefile,v
retrieving revision 1.55
diff -u -r1.55 Makefile
--- sys/compat/common/Makefile	22 Mar 2016 08:25:23 -0000	1.55
+++ sys/compat/common/Makefile	31 Mar 2016 11:50:50 -0000
@@ -47,6 +47,9 @@
 # Compatibility code for NetBSD 6.0
 SRCS+=	kern_sa_60.c tty_60.c kern_time_60.c
 
+# Compatibility code for NetBSD 7.0
+SRCS+=	uipc_usrreq_70.c
+
 # really, all machines where sizeof(int) != sizeof(long) (LP64)
 .if (${MACHINE_ARCH} != "alpha" && ${MACHINE_ARCH} != "sparc64" \
   && ${MACHINE_ARCH} != "x86_64")
Index: sys/compat/common/uipc_usrreq_70.c
===================================================================
RCS file: sys/compat/common/uipc_usrreq_70.c
diff -N sys/compat/common/uipc_usrreq_70.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ sys/compat/common/uipc_usrreq_70.c	31 Mar 2016 11:50:50 -0000
@@ -0,0 +1,136 @@
+/*	$NetBSD: uipc_usrreq.c,v 1.179 2015/05/02 17:18:03 rtr Exp $	*/
+
+/*-
+ * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
+ * NASA Ames Research Center, and by Andrew Doran.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (c) 1982, 1986, 1989, 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)uipc_usrreq.c	8.9 (Berkeley) 5/14/95
+ */
+
+/*
+ * Copyright (c) 1997 Christopher G. Demetriou.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)uipc_usrreq.c	8.9 (Berkeley) 5/14/95
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.179 2015/05/02 17:18:03 rtr Exp $");
+
+#include <sys/param.h>
+#include <sys/lwp.h>
+#include <sys/socket.h>
+#include <sys/socketvar.h>
+#include <sys/unpcb.h>
+#include <sys/mbuf.h>
+#include <sys/kauth.h>
+
+#include <compat/sys/socket.h>
+
+#ifdef COMPAT_SOCKCRED70
+struct mbuf *
+compat70_unp_addsockcred(struct lwp *l, struct mbuf *control)
+{
+	struct sockcred70 *sc;
+	struct mbuf *m;
+	void *p;
+
+	m = sbcreatecontrol1(&p, SOCKCRED70SIZE(kauth_cred_ngroups(l->l_cred)),
+		SCM_OCREDS, SOL_SOCKET, M_WAITOK);
+	if (m == NULL)
+		return control;
+
+	sc = p;
+	sc->sc_uid = kauth_cred_getuid(l->l_cred);
+	sc->sc_euid = kauth_cred_geteuid(l->l_cred);
+	sc->sc_gid = kauth_cred_getgid(l->l_cred);
+	sc->sc_egid = kauth_cred_getegid(l->l_cred);
+	sc->sc_ngroups = kauth_cred_ngroups(l->l_cred);
+
+	for (int i = 0; i < sc->sc_ngroups; i++)
+		sc->sc_groups[i] = kauth_cred_group(l->l_cred, i);
+
+	return m_add(control, m);
+}
+#endif
Index: sys/compat/sys/socket.h
===================================================================
RCS file: /cvsroot/src/sys/compat/sys/socket.h,v
retrieving revision 1.12
diff -u -r1.12 socket.h
--- sys/compat/sys/socket.h	13 Feb 2009 22:41:04 -0000	1.12
+++ sys/compat/sys/socket.h	31 Mar 2016 11:50:52 -0000
@@ -47,6 +47,10 @@
 #define COMPAT_OSOCK
 #endif
 
+#ifdef COMPAT_70
+#define COMPAT_SOCKCRED70
+#endif
+
 #else
 #define COMPAT_OSOCK
 #endif
@@ -71,12 +75,28 @@
 	int		msg_accrightslen;
 };
 
+/*
+ * 7.0 compat sockcred
+ */
+struct sockcred70 {
+	uid_t	sc_uid;			/* real user id */
+	uid_t	sc_euid;		/* effective user id */
+	gid_t	sc_gid;			/* real group id */
+	gid_t	sc_egid;		/* effective group id */
+	int	sc_ngroups;		/* number of supplemental groups */
+	gid_t	sc_groups[1];		/* variable length */
+};
+#define	SOCKCRED70SIZE(ngrps) \
+	(/*CONSTCOND*/sizeof(struct sockcred70) + (sizeof(gid_t) * \
+	    ((ngrps) ? ((ngrps) - 1) : 0)))
+
 #ifdef _KERNEL
 
 #define	SO_OSNDTIMEO	0x1005
 #define	SO_ORCVTIMEO	0x1006
 #define	SO_OTIMESTAMP	0x0400
 #define	SCM_OTIMESTAMP	0x2
+#define	SCM_OCREDS	0x4
 
 __BEGIN_DECLS
 struct socket;
@@ -84,6 +104,8 @@
 u_long compat_cvtcmd(u_long cmd);
 int compat_ifioctl(struct socket *, u_long, u_long, void *, struct lwp *);
 int compat43_set_accrights(struct msghdr *, void *, int);
+
+struct mbuf * compat70_unp_addsockcred(struct lwp *, struct mbuf *);
 __END_DECLS
 #else
 int	__socket30(int, int, int);
Index: share/man/man4/unix.4
===================================================================
RCS file: /cvsroot/src/share/man/man4/unix.4,v
retrieving revision 1.24
diff -u -r1.24 unix.4
--- share/man/man4/unix.4	29 May 2011 08:46:42 -0000	1.24
+++ share/man/man4/unix.4	31 Mar 2016 11:50:53 -0000
@@ -29,7 +29,7 @@
 .\"
 .\"     @(#)unix.4	8.1 (Berkeley) 6/9/93
 .\"
-.Dd May 29, 2011
+.Dd March 31, 2016
 .Dt UNIX 4
 .Os
 .Sh NAME
@@ -198,6 +198,7 @@
 as follows:
 .Bd -literal
 struct sockcred {
+	pid_t	sc_pid;			/* process id */
 	uid_t	sc_uid;			/* real user id */
 	uid_t	sc_euid;		/* effective user id */
 	gid_t	sc_gid;			/* real group id */
@@ -289,3 +290,8 @@
 .%A Chris Torek
 .Re
 .Pq see Pa /usr/share/doc/psd/21.ipc
+.Sh HISTORY
+The
+.Ar sc_pid
+field was introduced in
+.Nx 8.0 .