unix: add GetPeerUcred and UcredGet for solaris

nshalman · gopherbot · commit 1c14dcadc3ab · 2025-01-07T00:03:00.000-08:00
Change-Id: I74ba119fb729ef46899de04c686115f960975bb3 Reviewed-on: https://go-review.googlesource.com/c/sys/+/639755 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Matt Layher <mdlayher@gmail.com>
diff --git a/unix/syscall_solaris.go b/unix/syscall_solaris.go
@@ -1102,3 +1102,90 @@ func (s *Strioctl) SetInt(i int) {
 func IoctlSetStrioctlRetInt(fd int, req int, s *Strioctl) (int, error) {
 	return ioctlPtrRet(fd, req, unsafe.Pointer(s))
 }
+
+// Ucred Helpers
+// See ucred(3c) and getpeerucred(3c)
+
+//sys	getpeerucred(fd uintptr, ucred *uintptr) (err error)
+//sys	ucredFree(ucred uintptr) = ucred_free
+//sys	ucredGet(pid int) (ucred uintptr, err error) = ucred_get
+//sys	ucredGeteuid(ucred uintptr) (uid int) = ucred_geteuid
+//sys	ucredGetegid(ucred uintptr) (gid int) = ucred_getegid
+//sys	ucredGetruid(ucred uintptr) (uid int) = ucred_getruid
+//sys	ucredGetrgid(ucred uintptr) (gid int) = ucred_getrgid
+//sys	ucredGetsuid(ucred uintptr) (uid int) = ucred_getsuid
+//sys	ucredGetsgid(ucred uintptr) (gid int) = ucred_getsgid
+//sys	ucredGetpid(ucred uintptr) (pid int) = ucred_getpid
+
+// Ucred is an opaque struct that holds user credentials.
+type Ucred struct {
+	ucred uintptr
+}
+
+// We need to ensure that ucredFree is called on the underlying ucred
+// when the Ucred is garbage collected.
+func ucredFinalizer(u *Ucred) {
+	ucredFree(u.ucred)
+}
+
+func GetPeerUcred(fd uintptr) (*Ucred, error) {
+	var ucred uintptr
+	err := getpeerucred(fd, &ucred)
+	if err != nil {
+		return nil, err
+	}
+	result := &Ucred{
+		ucred: ucred,
+	}
+	// set the finalizer on the result so that the ucred will be freed
+	runtime.SetFinalizer(result, ucredFinalizer)
+	return result, nil
+}
+
+func UcredGet(pid int) (*Ucred, error) {
+	ucred, err := ucredGet(pid)
+	if err != nil {
+		return nil, err
+	}
+	result := &Ucred{
+		ucred: ucred,
+	}
+	// set the finalizer on the result so that the ucred will be freed
+	runtime.SetFinalizer(result, ucredFinalizer)
+	return result, nil
+}
+
+func (u *Ucred) Geteuid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGeteuid(u.ucred)
+}
+
+func (u *Ucred) Getruid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetruid(u.ucred)
+}
+
+func (u *Ucred) Getsuid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetsuid(u.ucred)
+}
+
+func (u *Ucred) Getegid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetegid(u.ucred)
+}
+
+func (u *Ucred) Getrgid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetrgid(u.ucred)
+}
+
+func (u *Ucred) Getsgid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetsgid(u.ucred)
+}
+
+func (u *Ucred) Getpid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetpid(u.ucred)
+}
diff --git a/unix/syscall_solaris_test.go b/unix/syscall_solaris_test.go
@@ -8,6 +8,7 @@ package unix_test
 
 import (
 	"fmt"
+	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -420,3 +421,66 @@ func TestLifreqGetMTU(t *testing.T) {
 		}
 	}
 }
+
+func TestUcredGet(t *testing.T) {
+	euid := unix.Geteuid()
+	creds, err := unix.UcredGet(unix.Getpid())
+	if err != nil {
+		t.Fatalf("unix.UcredGet failed: %v", err)
+	}
+	if euid != creds.Geteuid() {
+		t.Fatalf("mismatched euid")
+	}
+}
+
+func TestGetPeerUcred(t *testing.T) {
+	d := t.TempDir()
+	path := filepath.Join(d, "foo.sock")
+	sock, err := net.Listen("unix", path)
+	if err != nil {
+		t.Fatalf("net.Listen: %v", err)
+	}
+	defer sock.Close()
+
+	c1, err := net.Dial("unix", path)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	defer c1.Close()
+
+	c2, err := sock.Accept()
+	if err != nil {
+		t.Fatalf("Accept: %v", err)
+	}
+	defer c2.Close()
+
+	switch unixconn := c2.(type) {
+	case *net.UnixConn:
+		raw, err := unixconn.SyscallConn()
+		if err != nil {
+			t.Fatalf("SyscallConn failed: %v", err)
+		}
+
+		var creds *unix.Ucred
+		cerr := raw.Control(func(fd uintptr) {
+			creds, err = unix.GetPeerUcred(fd)
+			if err != nil {
+				err = fmt.Errorf("unix.GetPeerUcred: %w", err)
+				return
+			}
+		})
+		if cerr != nil {
+			t.Fatalf("raw.Control failed: %v", err)
+		}
+		if creds == nil {
+			t.Fatalf("Got a nil Ucred response")
+		}
+		euid := unix.Geteuid()
+		if euid != creds.Geteuid() {
+			t.Fatalf("mismatched euid")
+		}
+	default:
+		t.Fatalf("Somehow didn't get a UnixConn")
+	}
+}
diff --git a/unix/zsyscall_solaris_amd64.go b/unix/zsyscall_solaris_amd64.go
