rust/sim: Remove dependency on nightly Rust

Awaiting stabilization in rust-lang/rust#42839
ThomasHabets · Aug 8, 2024 · 9dd4bb0 · 9dd4bb0
1 parent 22037d4
commit 9dd4bb0
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 6 deletions.
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
diff --git a/rust/Cargo.toml b/rust/Cargo.toml
@@ -10,6 +10,7 @@ path = "src/bin/sim.rs"
 [dependencies]
 anyhow = "1.0.86"
 clap = { version = "4.5.13", features = ["derive"] }
+libc = "0.2.155"
 log = "0.4.22"
 nix = { version = "0.29.0", features = ["env", "process", "user", "hostname"] }
 protobuf = "3.5.0"
@@ -18,3 +19,4 @@ socket2 = { version = "0.5.7", features = ["all"]}
 
 [build-dependencies]
 protobuf-codegen = "3.5.0"
+cc = "1.1.8"
diff --git a/rust/README.md b/rust/README.md
@@ -4,8 +4,6 @@ Test implementation of sim in Rust.
 
 ## Building
 
-Because of unix socket peer credentials, we currently require nightly.
-
 ```
-cargo +nightly build --release
+cargo build --release
 ```
diff --git a/rust/build.rs b/rust/build.rs
@@ -5,4 +5,7 @@ fn main() {
         .include("src")
         .input("src/simproto.proto")
         .run_from_script();
+    cc::Build::new()
+        .file("src/peer_cred.c")
+        .compile("get_peer_uid");
 }
diff --git a/rust/src/bin/sim.rs b/rust/src/bin/sim.rs
@@ -13,8 +13,6 @@
  *    See the License for the specific language governing permissions and
  *    limitations under the License.
  */
-#![feature(peer_credentials_unix_socket)]
-
 use anyhow::Error;
 use anyhow::Result;
 use clap::Parser;
@@ -120,12 +118,39 @@ fn make_approve_request(
     })
 }
 
+// This wrapper is only needed because the std implementation of peer_cred is
+// nightly only. https://github.com/rust-lang/rust/issues/42839
+#[repr(C)]
+#[derive(Debug, Default)]
+// WARNING: If this struct changes, it must also change identically in peer_cred.c.
+struct UCred {
+    pid: libc::pid_t,
+    uid: libc::uid_t,
+    gid: libc::gid_t,
+}
+extern "C" {
+    fn peer_cred_c(sockfd: std::os::fd::RawFd, cred: *mut UCred) -> libc::c_int;
+}
+fn peer_cred(sock: &std::os::unix::net::UnixStream) -> Result<UCred> {
+    let mut cred = UCred::default();
+    use std::os::fd::AsRawFd;
+    let rc = unsafe { peer_cred_c(sock.as_raw_fd(), &mut cred) };
+    if rc != 0 {
+        Err(Error::msg(format!(
+            "getting peer credentials failed: {}",
+            std::io::Error::from_raw_os_error(rc)
+        )))
+    } else {
+        Ok(cred)
+    }
+}
+
 fn check_approver(
     approver_gid: u32,
     mut sock: std::os::unix::net::UnixStream,
     req: &simproto::ApproveRequest,
 ) -> Result<()> {
-    let peer = sock.peer_cred()?;
+    let peer = peer_cred(&sock)?;
     debug!("sim: Peer creds: {peer:?}");
     let group = nix::unistd::Group::from_gid(nix::unistd::Gid::from_raw(peer.gid))?
         .ok_or(Error::msg(format!("unknown peer gid {}", peer.gid)))?;

diff --git a/rust/src/peer_cred.c b/rust/src/peer_cred.c
@@ -0,0 +1,29 @@
+// This wrapper is only needed because the std implementation of peer_cred is
+// nightly only. https://github.com/rust-lang/rust/issues/42839
+#define _GNU_SOURCE
+#include <sys/socket.h>
+
+// WARNING: If this struct changes, it must also change identically in sim.rs.
+struct UCred {
+    pid_t pid;
+    uid_t uid;
+    gid_t gid;
+};
+
+int peer_cred_c(int sockfd, struct UCred* cred)
+{
+    socklen_t len = sizeof(struct ucred);
+    struct ucred ucred;
+    cred.pid = -1;
+    cred.uid = -1;
+    cred.gid = -1;
+
+    if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1) {
+        return errno;
+    }
+
+    cred->pid = ucred.pid;
+    cred->uid = ucred.uid;
+    cred->gid = ucred.gid;
+    return 0;
+}