Allow cron to call private methods

src/middlewared/middlewared/api/base/server/ws_handler/rpc.py

@@ -289,6 +289,16 @@ def _can_call_private_methods(self, app: RpcWebSocketApp):
             # System-initiated calls to `midclt`
             return True
 
+        if ppids := app.origin.ppids():
+            try:
+                with open("/run/crond.pid") as f:
+                    cron_pid = int(f.read())
+            except (FileNotFoundError, ValueError):
+                return False
+
+            if cron_pid in ppids:
+                return True
+
         return False
 
     async def process_method_call(self, app: RpcWebSocketApp, id_: Any, method: Method, params: list):

src/middlewared/middlewared/utils/origin.py

@@ -1,5 +1,5 @@
 from dataclasses import dataclass
-from functools import cached_property
+import re
 from socket import AF_INET, AF_INET6, AF_UNIX, SO_PEERCRED, SOL_SOCKET
 from struct import calcsize, unpack
 
@@ -113,6 +113,30 @@ def loginuid(self) -> int | None:
 
         return loginuid
 
+    def ppids(self) -> set[int]:
+        if self.pid is None:
+            return set()
+
+        pid = self.pid
+        ppids = set()
+        while True:
+            try:
+                with open(f"/proc/{pid}/status") as f:
+                    status = f.read()
+            except FileNotFoundError:
+                break
+
+            if m := re.search(r"PPid:\t([0-9]+)", status):
+                pid = int(m.group(1))
+                if pid <= 1:
+                    break
+
+                ppids.add(pid)
+            else:
+                break
+
+        return ppids
+
 
 def get_tcp_ip_info(sock, request) -> tuple:
     # All API connections are terminated by nginx reverse