From 30d9c646b9520b9a69b405e11ad3e60be987a3b2 Mon Sep 17 00:00:00 2001 From: Pavel Odvody Date: Mon, 31 Aug 2015 15:44:53 +0200 Subject: Also capture loginuid of the remote process Reviewed-by: Simo Sorce Closes #9 --- custodia/httpd/server.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/custodia/httpd/server.py b/custodia/httpd/server.py index fd6ef0c..949c00b 100644 --- a/custodia/httpd/server.py +++ b/custodia/httpd/server.py @@ -18,6 +18,7 @@ import shutil import six import socket import struct +import errno SO_PEERCRED = 17 MAX_REQUEST_SIZE = 10*1024*1024 # For now limit body to 10MiB @@ -107,13 +108,25 @@ class LocalHTTPRequestHandler(BaseHTTPRequestHandler): self.query = None self.url = None self.body = None + self.loginuid = None def version_string(self): return self.server.server_string + def _get_loginuid(self, pid): + loginuid = None + try: + with open("/proc/" + str(pid) + "/loginuid", "r") as f: + loginuid = int(f.read(), 10) + except IOError as e: + if e.errno != errno.ENOENT: + raise + if loginuid == -1: + loginuid = None + return loginuid + @property def peer_creds(self): - creds = self.request.getsockopt(socket.SOL_SOCKET, SO_PEERCRED, struct.calcsize('3i')) pid, uid, gid = struct.unpack('3i', creds) @@ -123,6 +136,10 @@ class LocalHTTPRequestHandler(BaseHTTPRequestHandler): if not BaseHTTPRequestHandler.parse_request(self, *args, **kwargs): return False + # grab the loginuid from `/proc` as soon as possible + creds = self.peer_creds + self.loginuid = self._get_loginuid(creds['pid']) + # after basic parsing also use urlparse to retrieve individual # elements of a request. url = urlparse(self.path) -- cgit