fixup! wsgi: add peer UNIX credential to a non-standard environment v…

…ariable
cherrypy · Jun 28, 2017 · 831ec2d · 831ec2d
1 parent 5bedde2
commit 831ec2d
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/cheroot/wsgi.py b/cheroot/wsgi.py
@@ -255,7 +255,9 @@ def get_environ(self):
             # AF_UNIX. This isn't really allowed by WSGI, which doesn't
             # address unix domain sockets. But it's better than nothing.
             env['SERVER_PORT'] = ''
-            env['_REMOTE_UID'] = self._get_peer_uid()
+            uid = self._get_peer_uid()
+            if uid is not None:
+                env['_REMOTE_UID'] = str(uid)
         else:
             env['SERVER_PORT'] = str(req.server.bind_addr[1])
 
@@ -279,10 +281,20 @@ def get_environ(self):
         return env
 
     def _get_peer_uid(self):
-        creds = self.req.server.socket.getsockopt(socket.SOL_SOCKET, socket.SO_PEERCRED, struct.calcsize('3i'))
-        pid, uid, gid = struct.unpack('3i', creds)
-        return uid
+        """Returns the UID of the peer socket in the case of UNIX domain sockets
 
+        This function uses SO_PEERCRED to query the UNIX UID of the peer, which
+        is only available if the bind address is a UNIX domain socket.
+        """
+
+        # NOTE: the value for SO_PEERCRED can be architecture specific
+        SO_PEERCRED = getattr(socket, 'SO_PEERCRED', 17)
+        try:
+            creds = self.req.server.socket.getsockopt(socket.SOL_SOCKET, SO_PEERCRED, struct.calcsize('3i'))
+            pid, uid, gid = struct.unpack('3i', creds)
+            return uid
+        except socket.error:
+            pass
 
 class Gateway_u0(Gateway_10):
     """A Gateway class to interface HTTPServer with WSGI u.0.