D-Bus 1.15.2
dbus-credentials.c
1/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2/* dbus-credentials.c Credentials provable through authentication
3 *
4 * Copyright (C) 2007 Red Hat Inc.
5 *
6 * Licensed under the Academic Free License version 2.1
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21 *
22 */
23#include <config.h>
24#include <stdlib.h>
25#include <string.h>
26#include "dbus-credentials.h"
27#include "dbus-internals.h"
28
50 int refcount;
51 dbus_uid_t unix_uid;
52 dbus_gid_t *unix_gids;
53 size_t n_unix_gids;
54 dbus_pid_t pid;
55 char *windows_sid;
56 char *linux_security_label;
57 void *adt_audit_data;
58 dbus_int32_t adt_audit_data_size;
59};
60
75{
76 DBusCredentials *creds;
77
78 creds = dbus_new (DBusCredentials, 1);
79 if (creds == NULL)
80 return NULL;
81
82 creds->refcount = 1;
83 creds->unix_uid = DBUS_UID_UNSET;
84 creds->unix_gids = NULL;
85 creds->n_unix_gids = 0;
86 creds->pid = DBUS_PID_UNSET;
87 creds->windows_sid = NULL;
88 creds->linux_security_label = NULL;
89 creds->adt_audit_data = NULL;
90 creds->adt_audit_data_size = 0;
91
92 return creds;
93}
94
101{
102 DBusCredentials *creds;
103
104 creds = _dbus_credentials_new ();
105 if (creds == NULL)
106 return NULL;
107
109 {
111 return NULL;
112 }
113
114 return creds;
115}
116
122void
124{
125 _dbus_assert (credentials->refcount > 0);
126 credentials->refcount += 1;
127}
128
134void
136{
137 _dbus_assert (credentials->refcount > 0);
138
139 credentials->refcount -= 1;
140 if (credentials->refcount == 0)
141 {
142 dbus_free (credentials->unix_gids);
143 dbus_free (credentials->windows_sid);
144 dbus_free (credentials->linux_security_label);
145 dbus_free (credentials->adt_audit_data);
146 dbus_free (credentials);
147 }
148}
149
159 dbus_pid_t pid)
160{
161 credentials->pid = pid;
162 return TRUE;
163}
164
174 dbus_uid_t uid)
175{
176 credentials->unix_uid = uid;
177 return TRUE;
178
179}
180
181static int
182cmp_gidp (const void *a_, const void *b_)
183{
184 const dbus_gid_t *a = a_;
185 const dbus_gid_t *b = b_;
186
187 if (*a < *b)
188 return -1;
189
190 if (*a > *b)
191 return 1;
192
193 return 0;
194}
195
204void
206 dbus_gid_t *gids,
207 size_t n_gids)
208{
209 /* So we can compare arrays via a simple memcmp */
210 qsort (gids, n_gids, sizeof (dbus_gid_t), cmp_gidp);
211
212 dbus_free (credentials->unix_gids);
213 credentials->unix_gids = gids;
214 credentials->n_unix_gids = n_gids;
215}
216
226 const dbus_gid_t **gids,
227 size_t *n_gids)
228{
229 if (gids != NULL)
230 *gids = credentials->unix_gids;
231
232 if (n_gids != NULL)
233 *n_gids = credentials->n_unix_gids;
234
235 return (credentials->unix_gids != NULL);
236}
237
247 const char *windows_sid)
248{
249 char *copy;
250
251 copy = _dbus_strdup (windows_sid);
252 if (copy == NULL)
253 return FALSE;
254
255 dbus_free (credentials->windows_sid);
256 credentials->windows_sid = copy;
257
258 return TRUE;
259}
260
271 const char *label)
272{
273 char *copy;
274
275 copy = _dbus_strdup (label);
276 if (copy == NULL)
277 return FALSE;
278
279 dbus_free (credentials->linux_security_label);
280 credentials->linux_security_label = copy;
281
282 return TRUE;
283}
284
295 void *audit_data,
296 dbus_int32_t size)
297{
298 void *copy;
299 copy = _dbus_memdup (audit_data, size);
300 if (copy == NULL)
301 return FALSE;
302
303 dbus_free (credentials->adt_audit_data);
304 credentials->adt_audit_data = copy;
305 credentials->adt_audit_data_size = size;
306
307 return TRUE;
308}
309
319 DBusCredentialType type)
320{
321 switch (type)
322 {
323 case DBUS_CREDENTIAL_UNIX_PROCESS_ID:
324 return credentials->pid != DBUS_PID_UNSET;
325 case DBUS_CREDENTIAL_UNIX_USER_ID:
326 return credentials->unix_uid != DBUS_UID_UNSET;
327 case DBUS_CREDENTIAL_UNIX_GROUP_IDS:
328 return credentials->unix_gids != NULL;
329 case DBUS_CREDENTIAL_WINDOWS_SID:
330 return credentials->windows_sid != NULL;
331 case DBUS_CREDENTIAL_LINUX_SECURITY_LABEL:
332 return credentials->linux_security_label != NULL;
333 case DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID:
334 return credentials->adt_audit_data != NULL;
335 default:
336 _dbus_assert_not_reached ("Unknown credential enum value");
337 return FALSE;
338 }
339}
340
350{
351 return credentials->pid;
352}
353
363{
364 return credentials->unix_uid;
365}
366
374const char*
376{
377 return credentials->windows_sid;
378}
379
387const char *
389{
390 return credentials->linux_security_label;
391}
392
400void *
402{
403 return credentials->adt_audit_data;
404}
405
415{
416 return credentials->adt_audit_data_size;
417}
418
429 DBusCredentials *possible_subset)
430{
431 return
432 (possible_subset->pid == DBUS_PID_UNSET ||
433 possible_subset->pid == credentials->pid) &&
434 (possible_subset->unix_uid == DBUS_UID_UNSET ||
435 possible_subset->unix_uid == credentials->unix_uid) &&
436 (possible_subset->unix_gids == NULL ||
437 (possible_subset->n_unix_gids == credentials->n_unix_gids &&
438 memcmp (possible_subset->unix_gids, credentials->unix_gids,
439 sizeof (dbus_gid_t) * credentials->n_unix_gids) == 0)) &&
440 (possible_subset->windows_sid == NULL ||
441 (credentials->windows_sid && strcmp (possible_subset->windows_sid,
442 credentials->windows_sid) == 0)) &&
443 (possible_subset->linux_security_label == NULL ||
444 (credentials->linux_security_label != NULL &&
445 strcmp (possible_subset->linux_security_label,
446 credentials->linux_security_label) == 0)) &&
447 (possible_subset->adt_audit_data == NULL ||
448 (credentials->adt_audit_data && memcmp (possible_subset->adt_audit_data,
449 credentials->adt_audit_data,
450 credentials->adt_audit_data_size) == 0));
451}
452
461{
462 return
463 credentials->pid == DBUS_PID_UNSET &&
464 credentials->unix_uid == DBUS_UID_UNSET &&
465 credentials->unix_gids == NULL &&
466 credentials->n_unix_gids == 0 &&
467 credentials->windows_sid == NULL &&
468 credentials->linux_security_label == NULL &&
469 credentials->adt_audit_data == NULL;
470}
471
480{
481 return
482 credentials->unix_uid == DBUS_UID_UNSET &&
483 credentials->windows_sid == NULL;
484}
485
496 DBusCredentials *other_credentials)
497{
498 return
500 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
501 other_credentials) &&
503 DBUS_CREDENTIAL_UNIX_USER_ID,
504 other_credentials) &&
506 DBUS_CREDENTIAL_UNIX_GROUP_IDS,
507 other_credentials) &&
509 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
510 other_credentials) &&
512 DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
513 other_credentials) &&
515 DBUS_CREDENTIAL_WINDOWS_SID,
516 other_credentials);
517}
518
533 DBusCredentialType which,
534 DBusCredentials *other_credentials)
535{
536 if (which == DBUS_CREDENTIAL_UNIX_PROCESS_ID &&
537 other_credentials->pid != DBUS_PID_UNSET)
538 {
539 if (!_dbus_credentials_add_pid (credentials, other_credentials->pid))
540 return FALSE;
541 }
542 else if (which == DBUS_CREDENTIAL_UNIX_USER_ID &&
543 other_credentials->unix_uid != DBUS_UID_UNSET)
544 {
545 if (!_dbus_credentials_add_unix_uid (credentials, other_credentials->unix_uid))
546 return FALSE;
547 }
548 else if (which == DBUS_CREDENTIAL_UNIX_GROUP_IDS &&
549 other_credentials->unix_gids != NULL)
550 {
551 dbus_gid_t *gids;
552
553 gids = dbus_new (dbus_gid_t, other_credentials->n_unix_gids);
554
555 if (gids == NULL)
556 return FALSE;
557
558 memcpy (gids, other_credentials->unix_gids,
559 sizeof (dbus_gid_t) * other_credentials->n_unix_gids);
560
561 _dbus_credentials_take_unix_gids (credentials, gids,
562 other_credentials->n_unix_gids);
563 }
564 else if (which == DBUS_CREDENTIAL_WINDOWS_SID &&
565 other_credentials->windows_sid != NULL)
566 {
567 if (!_dbus_credentials_add_windows_sid (credentials, other_credentials->windows_sid))
568 return FALSE;
569 }
570 else if (which == DBUS_CREDENTIAL_LINUX_SECURITY_LABEL &&
571 other_credentials->linux_security_label != NULL)
572 {
574 other_credentials->linux_security_label))
575 return FALSE;
576 }
577 else if (which == DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID &&
578 other_credentials->adt_audit_data != NULL)
579 {
580 if (!_dbus_credentials_add_adt_audit_data (credentials, other_credentials->adt_audit_data, other_credentials->adt_audit_data_size))
581 return FALSE;
582 }
583
584 return TRUE;
585}
586
592void
594{
595 credentials->pid = DBUS_PID_UNSET;
596 credentials->unix_uid = DBUS_UID_UNSET;
597 dbus_free (credentials->unix_gids);
598 credentials->unix_gids = NULL;
599 credentials->n_unix_gids = 0;
600 dbus_free (credentials->windows_sid);
601 credentials->windows_sid = NULL;
602 dbus_free (credentials->linux_security_label);
603 credentials->linux_security_label = NULL;
604 dbus_free (credentials->adt_audit_data);
605 credentials->adt_audit_data = NULL;
606 credentials->adt_audit_data_size = 0;
607}
608
617{
618 DBusCredentials *copy;
619
620 copy = _dbus_credentials_new ();
621 if (copy == NULL)
622 return NULL;
623
624 if (!_dbus_credentials_add_credentials (copy, credentials))
625 {
627 return NULL;
628 }
629
630 return copy;
631}
632
646 DBusCredentials *other_credentials)
647{
648 /* both windows and unix user must be the same (though pretty much
649 * in all conceivable cases, one will be unset)
650 */
651 return credentials->unix_uid == other_credentials->unix_uid &&
652 ((!(credentials->windows_sid || other_credentials->windows_sid)) ||
653 (credentials->windows_sid && other_credentials->windows_sid &&
654 strcmp (credentials->windows_sid, other_credentials->windows_sid) == 0));
655}
656
667 DBusString *string)
668{
669 dbus_bool_t join;
670
671 join = FALSE;
672 if (credentials->unix_uid != DBUS_UID_UNSET)
673 {
674 if (!_dbus_string_append_printf (string, "uid=" DBUS_UID_FORMAT, credentials->unix_uid))
675 goto oom;
676 join = TRUE;
677 }
678 if (credentials->pid != DBUS_PID_UNSET)
679 {
680 if (!_dbus_string_append_printf (string, "%spid=" DBUS_PID_FORMAT, join ? " " : "", credentials->pid))
681 goto oom;
682 join = TRUE;
683 }
684
685 if (credentials->unix_gids != NULL)
686 {
687 size_t i;
688
689 for (i = 0; i < credentials->n_unix_gids; i++)
690 {
691 if (!_dbus_string_append_printf (string, "%sgid=" DBUS_GID_FORMAT,
692 join ? " " : "",
693 credentials->unix_gids[i]))
694 goto oom;
695
696 join = TRUE;
697 }
698 }
699
700 if (credentials->windows_sid != NULL)
701 {
702 if (!_dbus_string_append_printf (string, "%ssid=%s", join ? " " : "", credentials->windows_sid))
703 goto oom;
704 join = TRUE;
705 }
706
707 if (credentials->linux_security_label != NULL)
708 {
709 if (!_dbus_string_append_printf (string, "%slsm='%s'",
710 join ? " " : "",
711 credentials->linux_security_label))
712 goto oom;
713 join = TRUE;
714 }
715
716 return TRUE;
717oom:
718 return FALSE;
719}
720
723/* tests in dbus-credentials-util.c */
void _dbus_credentials_ref(DBusCredentials *credentials)
Increment refcount on credentials.
dbus_bool_t _dbus_credentials_include(DBusCredentials *credentials, DBusCredentialType type)
Checks whether the given credential is present.
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_credentials_same_user(DBusCredentials *credentials, DBusCredentials *other_credentials)
Check whether the user-identifying credentials in two credentials objects are identical.
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
dbus_uid_t _dbus_credentials_get_unix_uid(DBusCredentials *credentials)
Gets the UNIX user ID in the credentials, or DBUS_UID_UNSET if the credentials object doesn't contain...
DBusCredentials * _dbus_credentials_copy(DBusCredentials *credentials)
Copy a credentials object.
DBusCredentials * _dbus_credentials_new_from_current_process(void)
Creates a new object with the most important credentials (user ID and process ID) from the current pr...
dbus_bool_t _dbus_credentials_to_string_append(DBusCredentials *credentials, DBusString *string)
Convert the credentials in this object to a human-readable string format, and append to the given str...
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
void * _dbus_credentials_get_adt_audit_data(DBusCredentials *credentials)
Gets the ADT audit data in the credentials, or NULL if the credentials object doesn't contain ADT aud...
dbus_bool_t _dbus_credentials_add_linux_security_label(DBusCredentials *credentials, const char *label)
Add a Linux security label, as used by LSMs such as SELinux, Smack and AppArmor, to the credentials.
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
const char * _dbus_credentials_get_linux_security_label(DBusCredentials *credentials)
Gets the Linux security label (as used by LSMs) from the credentials, or NULL if the credentials obje...
void _dbus_credentials_take_unix_gids(DBusCredentials *credentials, dbus_gid_t *gids, size_t n_gids)
Add UNIX group IDs to the credentials, replacing any group IDs that might already have been present.
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
dbus_bool_t _dbus_credentials_get_unix_gids(DBusCredentials *credentials, const dbus_gid_t **gids, size_t *n_gids)
Get the Unix group IDs.
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
dbus_bool_t _dbus_credentials_add_unix_uid(DBusCredentials *credentials, dbus_uid_t uid)
Add a UNIX user ID to the credentials.
dbus_bool_t _dbus_credentials_add_windows_sid(DBusCredentials *credentials, const char *windows_sid)
Add a Windows user SID to the credentials.
dbus_bool_t _dbus_credentials_add_pid(DBusCredentials *credentials, dbus_pid_t pid)
Add a UNIX process ID to the credentials.
dbus_pid_t _dbus_credentials_get_pid(DBusCredentials *credentials)
Gets the UNIX process ID in the credentials, or DBUS_PID_UNSET if the credentials object doesn't cont...
dbus_bool_t _dbus_credentials_add_adt_audit_data(DBusCredentials *credentials, void *audit_data, dbus_int32_t size)
Add ADT audit data to the credentials.
dbus_int32_t _dbus_credentials_get_adt_audit_data_size(DBusCredentials *credentials)
Gets the ADT audit data size in the credentials, or 0 if the credentials object doesn't contain ADT a...
const char * _dbus_credentials_get_windows_sid(DBusCredentials *credentials)
Gets the Windows user SID in the credentials, or NULL if the credentials object doesn't contain a Win...
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
#define _dbus_assert_not_reached(explanation)
Aborts with an error message if called.
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
char * _dbus_strdup(const char *str)
Duplicates a string.
void * _dbus_memdup(const void *mem, size_t n_bytes)
Duplicates a block of memory.
#define NULL
A null pointer, defined appropriately for C or C++.
#define TRUE
Expands to "1".
#define FALSE
Expands to "0".
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
Definition: dbus-memory.c:692
#define dbus_new(type, count)
Safe macro for using dbus_malloc().
Definition: dbus-memory.h:57
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
Definition: dbus-string.c:1145
unsigned long dbus_uid_t
A user ID.
Definition: dbus-sysdeps.h:135
unsigned long dbus_pid_t
A process ID.
Definition: dbus-sysdeps.h:133
unsigned long dbus_gid_t
A group ID.
Definition: dbus-sysdeps.h:137
#define DBUS_UID_UNSET
an invalid UID used to represent an uninitialized dbus_uid_t field
Definition: dbus-sysdeps.h:142
#define DBUS_PID_UNSET
an invalid PID used to represent an uninitialized dbus_pid_t field
Definition: dbus-sysdeps.h:140
dbus_bool_t _dbus_credentials_add_from_current_process(DBusCredentials *credentials)
Adds the most important credentials of the current process (the uid and pid) to the passed-in credent...
#define DBUS_GID_FORMAT
an appropriate printf format for dbus_gid_t
Definition: dbus-sysdeps.h:151
#define DBUS_UID_FORMAT
an appropriate printf format for dbus_uid_t
Definition: dbus-sysdeps.h:149
#define DBUS_PID_FORMAT
an appropriate printf format for dbus_pid_t
Definition: dbus-sysdeps.h:147
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
Definition: dbus-types.h:35
int dbus_int32_t
A 32-bit signed integer on all platforms.