libreplace: Add getpeereid implementation.

11 files changed, 77 insertions, 67 deletions

diff --git a/lib/replace/libreplace_network.m4 b/lib/replace/libreplace_network.m4
index eadcc6bfc1..bb2a84324e 100644
--- a/lib/replace/libreplace_network.m4
+++ b/lib/replace/libreplace_network.m4
@@ -473,6 +473,30 @@ fi
 LIBS=$old_LIBS
 CPPFLAGS="$libreplace_SAVE_CPPFLAGS"
 
+AC_CACHE_CHECK([for SO_PEERCRED],libreplace_cv_HAVE_PEERCRED,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>],
+[struct ucred cred;
+ socklen_t cred_len;
+ int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);
+],
+libreplace_cv_HAVE_PEERCRED=yes,libreplace_cv_HAVE_PEERCRED=no,libreplace_cv_HAVE_PEERCRED=cross)])
+if test x"$libreplace_cv_HAVE_PEERCRED" = x"yes"; then
+    AC_DEFINE(HAVE_PEERCRED,1,[Whether we can use SO_PEERCRED to get socket credentials])
+fi
+
+AC_CACHE_CHECK([for getpeereid],libreplace_cv_HAVE_GETPEEREID,[
+AC_TRY_LINK([#include <sys/types.h>
+#include <unistd.h>],
+[uid_t uid; gid_t gid; int ret;
+ ret = getpeereid(0, &uid, &gid);
+],
+libreplace_cv_HAVE_GETPEEREID=yes,libreplace_cv_HAVE_GETPEEREID=no)])
+if test x"$libreplace_cv_HAVE_GETPEEREID" = xyes; then
+   AC_DEFINE(HAVE_GETPEEREID,1,
+	     [Whether we have getpeereid to get socket credentials])
+fi
+
 LIBREPLACEOBJ="${LIBREPLACEOBJ} ${LIBREPLACE_NETWORK_OBJS}"
 
 echo "LIBREPLACE_NETWORK_CHECKS: END"
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index f1454cbcd6..d7f9cc1758 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -860,3 +860,31 @@ void *rep_memalign( size_t align, size_t size )
 #endif
 }
 #endif
+
+#ifndef HAVE_GETPEEREID
+int rep_getpeereid(int s, uid_t *uid, gid_t *gid)
+{
+#if defined(HAVE_PEERCRED)
+	struct ucred cred;
+	socklen_t cred_len = sizeof(struct ucred);
+	int ret;
+
+	ret = getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &cred_len);
+	if (ret != 0) {
+		return -1;
+	}
+
+	if (cred_len != sizeof(struct ucred)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	*uid = cred.uid;
+	*gid = cred.gid;
+	return 0;
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+#endif
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 3f289d7f47..f2b1952376 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -112,6 +112,10 @@
 #include <bsd/string.h>
 #endif
 
+#ifdef HAVE_BSD_UNISTD_H
+#include <bsd/unistd.h>
+#endif
+
 #ifdef HAVE_STRING_H
 #include <string.h>
 #endif
@@ -826,4 +830,9 @@ char *rep_getpass(const char *prompt);
 #endif
 #endif
 
+#ifndef HAVE_GETPEEREID
+#define getpeereid rep_getpeereid
+int rep_getpeereid(int s, uid_t *uid, gid_t *gid);
+#endif
+
 #endif /* _LIBREPLACE_REPLACE_H */
diff --git a/lib/replace/wscript b/lib/replace/wscript
index e1dc1e6a30..025dda460d 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -174,6 +174,16 @@ def configure(conf):
     if not conf.CHECK_FUNCS('strlcpy strlcat'):
         conf.CHECK_FUNCS_IN('strlcpy strlcat', 'bsd', headers='bsd/string.h',
                 checklibc=True)
+    if not conf.CHECK_FUNCS('getpeereid'):
+        conf.CHECK_FUNCS_IN('getpeereid', 'bsd', headers='sys/types.h bsd/unistd.h')
+
+    conf.CHECK_CODE('''
+                struct ucred cred;
+                socklen_t cred_len;
+                int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);''',
+                'HAVE_PEERCRED',
+                msg="Checking whether we can use SO_PEERCRED to get socket credentials",
+                headers='sys/types.h sys/socket.h')
 
     #Some OS (ie. freebsd) return EINVAL if the convertion could not be done, it's not what we expect
     #Let's detect those cases
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 0c3fd1aeaf..f989231102 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -123,8 +123,6 @@ _PUBLIC_ pid_t sys_fork(void);
  **/
 _PUBLIC_ pid_t sys_getpid(void);
 
-_PUBLIC_ int sys_getpeereid( int s, uid_t *uid);
-
 struct sockaddr;
 
 _PUBLIC_ int sys_getnameinfo(const struct sockaddr *psa,
diff --git a/lib/util/system.c b/lib/util/system.c
index a7141bf9b0..f34fabd292 100644
--- a/lib/util/system.c
+++ b/lib/util/system.c
@@ -71,35 +71,6 @@ _PUBLIC_ pid_t sys_getpid(void)
 }
 
 
-_PUBLIC_ int sys_getpeereid( int s, uid_t *uid)
-{
-#if defined(HAVE_PEERCRED)
-	struct ucred cred;
-	socklen_t cred_len = sizeof(struct ucred);
-	int ret;
-
-	ret = getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &cred_len);
-	if (ret != 0) {
-		return -1;
-	}
-
-	if (cred_len != sizeof(struct ucred)) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	*uid = cred.uid;
-	return 0;
-#else
-#if defined(HAVE_GETPEEREID)
-	gid_t gid;
-	return getpeereid(s, uid, &gid);
-#endif
-	errno = ENOSYS;
-	return -1;
-#endif
-}
-
 _PUBLIC_ int sys_getnameinfo(const struct sockaddr *psa,
 			     int salen,
 			     char *host,
diff --git a/source3/configure.in b/source3/configure.in
index ffa2b808a3..11bd744dc9 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -6577,31 +6577,6 @@ AC_CHECK_MEMBERS([struct secmethod_table.method_attrlist], , ,
 AC_CHECK_MEMBERS([struct secmethod_table.method_version], , ,
        [#include <usersec.h>])
 
-AC_CACHE_CHECK([for SO_PEERCRED],samba_cv_HAVE_PEERCRED,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <sys/socket.h>],
-[struct ucred cred;
- socklen_t cred_len;
- int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);
-],
-samba_cv_HAVE_PEERCRED=yes,samba_cv_HAVE_PEERCRED=no,samba_cv_HAVE_PEERCRED=cross)])
-if test x"$samba_cv_HAVE_PEERCRED" = x"yes"; then
-    AC_DEFINE(HAVE_PEERCRED,1,[Whether we can use SO_PEERCRED to get socket credentials])
-fi
-
-AC_CACHE_CHECK([for getpeereid],samba_cv_HAVE_GETPEEREID,[
-AC_TRY_LINK([#include <sys/types.h>
-#include <unistd.h>],
-[uid_t uid; gid_t gid; int ret;
- ret = getpeereid(0, &uid, &gid);
-],
-samba_cv_HAVE_GETPEEREID=yes,samba_cv_HAVE_GETPEEREID=no)])
-if test x"$samba_cv_HAVE_GETPEEREID" = xyes; then
-   AC_DEFINE(HAVE_GETPEEREID,1,
-	     [Whether we have getpeereid to get socket credentials])
-fi
-
-
 #################################################
 # Check to see if we should use the included popt
 
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 89885b9230..675d0d5e93 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -1008,6 +1008,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
 	NTSTATUS status;
 	int sys_errno;
 	uid_t uid;
+	gid_t gid;
 	int rc;
 
 	DEBUG(10, ("dcerpc_ncacn_accept\n"));
@@ -1068,7 +1069,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
 
 			break;
 		case NCALRPC:
-			rc = sys_getpeereid(s, &uid);
+			rc = getpeereid(s, &uid, &gid);
 			if (rc < 0) {
 				DEBUG(2, ("Failed to get ncalrpc connecting "
 					  "uid - %s!\n", strerror(errno)));
diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c
index 411b2b4c3a..5557b959f0 100644
--- a/source3/winbindd/winbindd_ccache_access.c
+++ b/source3/winbindd/winbindd_ccache_access.c
@@ -157,10 +157,11 @@ static bool check_client_uid(struct winbindd_cli_state *state, uid_t uid)
 {
 	int ret;
 	uid_t ret_uid;
+	gid_t ret_gid;
 
 	ret_uid = (uid_t)-1;
 
-	ret = sys_getpeereid(state->sock, &ret_uid);
+	ret = getpeereid(state->sock, &ret_uid, &ret_gid);
 	if (ret != 0) {
 		DEBUG(1, ("check_client_uid: Could not get socket peer uid: %s; "
 			"denying access\n", strerror(errno)));
diff --git a/source3/winbindd/winbindd_pam_logoff.c b/source3/winbindd/winbindd_pam_logoff.c
index c32a63e146..b3c60adf85 100644
--- a/source3/winbindd/winbindd_pam_logoff.c
+++ b/source3/winbindd/winbindd_pam_logoff.c
@@ -37,6 +37,7 @@ struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
 	struct winbindd_domain *domain;
 	fstring name_domain, user;
 	uid_t caller_uid;
+	gid_t caller_gid;
 	int res;
 
 	req = tevent_req_create(mem_ctx, &state,
@@ -71,7 +72,7 @@ struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
 
 	caller_uid = (uid_t)-1;
 
-	res = sys_getpeereid(cli->sock, &caller_uid);
+	res = getpeereid(cli->sock, &caller_uid, &caller_gid);
 	if (res != 0) {
 		DEBUG(1,("winbindd_pam_logoff: failed to check peerid: %s\n",
 			strerror(errno)));
diff --git a/source3/wscript b/source3/wscript
index 476fb109b5..5b480f0ee7 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -357,14 +357,6 @@ return acl_get_perm_np(permset_d, perm);
     conf.CHECK_DECLS('readahead', headers='fcntl.h', always=True)
 
     conf.CHECK_CODE('''
-                struct ucred cred;
-                socklen_t cred_len;
-                int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);''',
-                'HAVE_PEERCRED',
-                msg="Checking whether we can use SO_PEERCRED to get socket credentials",
-                headers='sys/types.h sys/socket.h')
-
-    conf.CHECK_CODE('''
                 #if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8)))
                 #include <sys/types.h>
                 #else