diff options
author | Pavel Odvody <podvody@redhat.com> | 2015-08-31 15:44:53 +0200 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-09-01 11:28:49 -0400 |
commit | 30d9c646b9520b9a69b405e11ad3e60be987a3b2 (patch) | |
tree | 82894c0242ec19a8ae51decb1fd850a0e182bd01 | |
parent | 5de27c3fe0c248b5a7b59e966cf9f1fbab6c3ba4 (diff) | |
download | custodia-30d9c646b9520b9a69b405e11ad3e60be987a3b2.tar.gz custodia-30d9c646b9520b9a69b405e11ad3e60be987a3b2.tar.xz custodia-30d9c646b9520b9a69b405e11ad3e60be987a3b2.zip |
Also capture loginuid of the remote process
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #9
-rw-r--r-- | custodia/httpd/server.py | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/custodia/httpd/server.py b/custodia/httpd/server.py index fd6ef0c..949c00b 100644 --- a/custodia/httpd/server.py +++ b/custodia/httpd/server.py @@ -18,6 +18,7 @@ import shutil import six import socket import struct +import errno SO_PEERCRED = 17 MAX_REQUEST_SIZE = 10*1024*1024 # For now limit body to 10MiB @@ -107,13 +108,25 @@ class LocalHTTPRequestHandler(BaseHTTPRequestHandler): self.query = None self.url = None self.body = None + self.loginuid = None def version_string(self): return self.server.server_string + def _get_loginuid(self, pid): + loginuid = None + try: + with open("/proc/" + str(pid) + "/loginuid", "r") as f: + loginuid = int(f.read(), 10) + except IOError as e: + if e.errno != errno.ENOENT: + raise + if loginuid == -1: + loginuid = None + return loginuid + @property def peer_creds(self): - creds = self.request.getsockopt(socket.SOL_SOCKET, SO_PEERCRED, struct.calcsize('3i')) pid, uid, gid = struct.unpack('3i', creds) @@ -123,6 +136,10 @@ class LocalHTTPRequestHandler(BaseHTTPRequestHandler): if not BaseHTTPRequestHandler.parse_request(self, *args, **kwargs): return False + # grab the loginuid from `/proc` as soon as possible + creds = self.peer_creds + self.loginuid = self._get_loginuid(creds['pid']) + # after basic parsing also use urlparse to retrieve individual # elements of a request. url = urlparse(self.path) |