D-Bus 1.15.4
dbus-credentials.c
1/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2/* dbus-credentials.c Credentials provable through authentication
3 *
4 * Copyright (C) 2007 Red Hat Inc.
5 *
6 * SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
7 *
8 * Licensed under the Academic Free License version 2.1
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 *
24 */
25#include <config.h>
26#include <stdlib.h>
27#include <string.h>
28#include "dbus-credentials.h"
29#include "dbus-internals.h"
30
52 int refcount;
53 dbus_uid_t unix_uid;
54 dbus_gid_t *unix_gids;
55 size_t n_unix_gids;
56 dbus_pid_t pid;
57 char *windows_sid;
58 char *linux_security_label;
59 void *adt_audit_data;
60 dbus_int32_t adt_audit_data_size;
61};
62
77{
78 DBusCredentials *creds;
79
80 creds = dbus_new (DBusCredentials, 1);
81 if (creds == NULL)
82 return NULL;
83
84 creds->refcount = 1;
85 creds->unix_uid = DBUS_UID_UNSET;
86 creds->unix_gids = NULL;
87 creds->n_unix_gids = 0;
88 creds->pid = DBUS_PID_UNSET;
89 creds->windows_sid = NULL;
90 creds->linux_security_label = NULL;
91 creds->adt_audit_data = NULL;
92 creds->adt_audit_data_size = 0;
93
94 return creds;
95}
96
103{
104 DBusCredentials *creds;
105
106 creds = _dbus_credentials_new ();
107 if (creds == NULL)
108 return NULL;
109
111 {
113 return NULL;
114 }
115
116 return creds;
117}
118
124void
126{
127 _dbus_assert (credentials->refcount > 0);
128 credentials->refcount += 1;
129}
130
136void
138{
139 _dbus_assert (credentials->refcount > 0);
140
141 credentials->refcount -= 1;
142 if (credentials->refcount == 0)
143 {
144 dbus_free (credentials->unix_gids);
145 dbus_free (credentials->windows_sid);
146 dbus_free (credentials->linux_security_label);
147 dbus_free (credentials->adt_audit_data);
148 dbus_free (credentials);
149 }
150}
151
161 dbus_pid_t pid)
162{
163 credentials->pid = pid;
164 return TRUE;
165}
166
176 dbus_uid_t uid)
177{
178 credentials->unix_uid = uid;
179 return TRUE;
180
181}
182
183static int
184cmp_gidp (const void *a_, const void *b_)
185{
186 const dbus_gid_t *a = a_;
187 const dbus_gid_t *b = b_;
188
189 if (*a < *b)
190 return -1;
191
192 if (*a > *b)
193 return 1;
194
195 return 0;
196}
197
206void
208 dbus_gid_t *gids,
209 size_t n_gids)
210{
211 /* So we can compare arrays via a simple memcmp */
212 qsort (gids, n_gids, sizeof (dbus_gid_t), cmp_gidp);
213
214 dbus_free (credentials->unix_gids);
215 credentials->unix_gids = gids;
216 credentials->n_unix_gids = n_gids;
217}
218
228 const dbus_gid_t **gids,
229 size_t *n_gids)
230{
231 if (gids != NULL)
232 *gids = credentials->unix_gids;
233
234 if (n_gids != NULL)
235 *n_gids = credentials->n_unix_gids;
236
237 return (credentials->unix_gids != NULL);
238}
239
249 const char *windows_sid)
250{
251 char *copy;
252
253 copy = _dbus_strdup (windows_sid);
254 if (copy == NULL)
255 return FALSE;
256
257 dbus_free (credentials->windows_sid);
258 credentials->windows_sid = copy;
259
260 return TRUE;
261}
262
273 const char *label)
274{
275 char *copy;
276
277 copy = _dbus_strdup (label);
278 if (copy == NULL)
279 return FALSE;
280
281 dbus_free (credentials->linux_security_label);
282 credentials->linux_security_label = copy;
283
284 return TRUE;
285}
286
297 void *audit_data,
298 dbus_int32_t size)
299{
300 void *copy;
301 copy = _dbus_memdup (audit_data, size);
302 if (copy == NULL)
303 return FALSE;
304
305 dbus_free (credentials->adt_audit_data);
306 credentials->adt_audit_data = copy;
307 credentials->adt_audit_data_size = size;
308
309 return TRUE;
310}
311
321 DBusCredentialType type)
322{
323 switch (type)
324 {
325 case DBUS_CREDENTIAL_UNIX_PROCESS_ID:
326 return credentials->pid != DBUS_PID_UNSET;
327 case DBUS_CREDENTIAL_UNIX_USER_ID:
328 return credentials->unix_uid != DBUS_UID_UNSET;
329 case DBUS_CREDENTIAL_UNIX_GROUP_IDS:
330 return credentials->unix_gids != NULL;
331 case DBUS_CREDENTIAL_WINDOWS_SID:
332 return credentials->windows_sid != NULL;
333 case DBUS_CREDENTIAL_LINUX_SECURITY_LABEL:
334 return credentials->linux_security_label != NULL;
335 case DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID:
336 return credentials->adt_audit_data != NULL;
337 default:
338 _dbus_assert_not_reached ("Unknown credential enum value");
339 return FALSE;
340 }
341}
342
352{
353 return credentials->pid;
354}
355
365{
366 return credentials->unix_uid;
367}
368
376const char*
378{
379 return credentials->windows_sid;
380}
381
389const char *
391{
392 return credentials->linux_security_label;
393}
394
402void *
404{
405 return credentials->adt_audit_data;
406}
407
417{
418 return credentials->adt_audit_data_size;
419}
420
431 DBusCredentials *possible_subset)
432{
433 return
434 (possible_subset->pid == DBUS_PID_UNSET ||
435 possible_subset->pid == credentials->pid) &&
436 (possible_subset->unix_uid == DBUS_UID_UNSET ||
437 possible_subset->unix_uid == credentials->unix_uid) &&
438 (possible_subset->unix_gids == NULL ||
439 (possible_subset->n_unix_gids == credentials->n_unix_gids &&
440 memcmp (possible_subset->unix_gids, credentials->unix_gids,
441 sizeof (dbus_gid_t) * credentials->n_unix_gids) == 0)) &&
442 (possible_subset->windows_sid == NULL ||
443 (credentials->windows_sid && strcmp (possible_subset->windows_sid,
444 credentials->windows_sid) == 0)) &&
445 (possible_subset->linux_security_label == NULL ||
446 (credentials->linux_security_label != NULL &&
447 strcmp (possible_subset->linux_security_label,
448 credentials->linux_security_label) == 0)) &&
449 (possible_subset->adt_audit_data == NULL ||
450 (credentials->adt_audit_data && memcmp (possible_subset->adt_audit_data,
451 credentials->adt_audit_data,
452 credentials->adt_audit_data_size) == 0));
453}
454
463{
464 return
465 credentials->pid == DBUS_PID_UNSET &&
466 credentials->unix_uid == DBUS_UID_UNSET &&
467 credentials->unix_gids == NULL &&
468 credentials->n_unix_gids == 0 &&
469 credentials->windows_sid == NULL &&
470 credentials->linux_security_label == NULL &&
471 credentials->adt_audit_data == NULL;
472}
473
482{
483 return
484 credentials->unix_uid == DBUS_UID_UNSET &&
485 credentials->windows_sid == NULL;
486}
487
498 DBusCredentials *other_credentials)
499{
500 return
502 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
503 other_credentials) &&
505 DBUS_CREDENTIAL_UNIX_USER_ID,
506 other_credentials) &&
508 DBUS_CREDENTIAL_UNIX_GROUP_IDS,
509 other_credentials) &&
511 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
512 other_credentials) &&
514 DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
515 other_credentials) &&
517 DBUS_CREDENTIAL_WINDOWS_SID,
518 other_credentials);
519}
520
535 DBusCredentialType which,
536 DBusCredentials *other_credentials)
537{
538 if (which == DBUS_CREDENTIAL_UNIX_PROCESS_ID &&
539 other_credentials->pid != DBUS_PID_UNSET)
540 {
541 if (!_dbus_credentials_add_pid (credentials, other_credentials->pid))
542 return FALSE;
543 }
544 else if (which == DBUS_CREDENTIAL_UNIX_USER_ID &&
545 other_credentials->unix_uid != DBUS_UID_UNSET)
546 {
547 if (!_dbus_credentials_add_unix_uid (credentials, other_credentials->unix_uid))
548 return FALSE;
549 }
550 else if (which == DBUS_CREDENTIAL_UNIX_GROUP_IDS &&
551 other_credentials->unix_gids != NULL)
552 {
553 dbus_gid_t *gids;
554
555 gids = dbus_new (dbus_gid_t, other_credentials->n_unix_gids);
556
557 if (gids == NULL)
558 return FALSE;
559
560 memcpy (gids, other_credentials->unix_gids,
561 sizeof (dbus_gid_t) * other_credentials->n_unix_gids);
562
563 _dbus_credentials_take_unix_gids (credentials, gids,
564 other_credentials->n_unix_gids);
565 }
566 else if (which == DBUS_CREDENTIAL_WINDOWS_SID &&
567 other_credentials->windows_sid != NULL)
568 {
569 if (!_dbus_credentials_add_windows_sid (credentials, other_credentials->windows_sid))
570 return FALSE;
571 }
572 else if (which == DBUS_CREDENTIAL_LINUX_SECURITY_LABEL &&
573 other_credentials->linux_security_label != NULL)
574 {
576 other_credentials->linux_security_label))
577 return FALSE;
578 }
579 else if (which == DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID &&
580 other_credentials->adt_audit_data != NULL)
581 {
582 if (!_dbus_credentials_add_adt_audit_data (credentials, other_credentials->adt_audit_data, other_credentials->adt_audit_data_size))
583 return FALSE;
584 }
585
586 return TRUE;
587}
588
594void
596{
597 credentials->pid = DBUS_PID_UNSET;
598 credentials->unix_uid = DBUS_UID_UNSET;
599 dbus_free (credentials->unix_gids);
600 credentials->unix_gids = NULL;
601 credentials->n_unix_gids = 0;
602 dbus_free (credentials->windows_sid);
603 credentials->windows_sid = NULL;
604 dbus_free (credentials->linux_security_label);
605 credentials->linux_security_label = NULL;
606 dbus_free (credentials->adt_audit_data);
607 credentials->adt_audit_data = NULL;
608 credentials->adt_audit_data_size = 0;
609}
610
619{
620 DBusCredentials *copy;
621
622 copy = _dbus_credentials_new ();
623 if (copy == NULL)
624 return NULL;
625
626 if (!_dbus_credentials_add_credentials (copy, credentials))
627 {
629 return NULL;
630 }
631
632 return copy;
633}
634
648 DBusCredentials *other_credentials)
649{
650 /* both windows and unix user must be the same (though pretty much
651 * in all conceivable cases, one will be unset)
652 */
653 return credentials->unix_uid == other_credentials->unix_uid &&
654 ((!(credentials->windows_sid || other_credentials->windows_sid)) ||
655 (credentials->windows_sid && other_credentials->windows_sid &&
656 strcmp (credentials->windows_sid, other_credentials->windows_sid) == 0));
657}
658
669 DBusString *string)
670{
671 dbus_bool_t join;
672
673 join = FALSE;
674 if (credentials->unix_uid != DBUS_UID_UNSET)
675 {
676 if (!_dbus_string_append_printf (string, "uid=" DBUS_UID_FORMAT, credentials->unix_uid))
677 goto oom;
678 join = TRUE;
679 }
680 if (credentials->pid != DBUS_PID_UNSET)
681 {
682 if (!_dbus_string_append_printf (string, "%spid=" DBUS_PID_FORMAT, join ? " " : "", credentials->pid))
683 goto oom;
684 join = TRUE;
685 }
686
687 if (credentials->unix_gids != NULL)
688 {
689 size_t i;
690
691 for (i = 0; i < credentials->n_unix_gids; i++)
692 {
693 if (!_dbus_string_append_printf (string, "%sgid=" DBUS_GID_FORMAT,
694 join ? " " : "",
695 credentials->unix_gids[i]))
696 goto oom;
697
698 join = TRUE;
699 }
700 }
701
702 if (credentials->windows_sid != NULL)
703 {
704 if (!_dbus_string_append_printf (string, "%ssid=%s", join ? " " : "", credentials->windows_sid))
705 goto oom;
706 join = TRUE;
707 }
708
709 if (credentials->linux_security_label != NULL)
710 {
711 if (!_dbus_string_append_printf (string, "%slsm='%s'",
712 join ? " " : "",
713 credentials->linux_security_label))
714 goto oom;
715 join = TRUE;
716 }
717
718 return TRUE;
719oom:
720 return FALSE;
721}
722
725/* tests in dbus-credentials-util.c */
void _dbus_credentials_ref(DBusCredentials *credentials)
Increment refcount on credentials.
dbus_bool_t _dbus_credentials_include(DBusCredentials *credentials, DBusCredentialType type)
Checks whether the given credential is present.
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_credentials_same_user(DBusCredentials *credentials, DBusCredentials *other_credentials)
Check whether the user-identifying credentials in two credentials objects are identical.
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
dbus_uid_t _dbus_credentials_get_unix_uid(DBusCredentials *credentials)
Gets the UNIX user ID in the credentials, or DBUS_UID_UNSET if the credentials object doesn't contain...
DBusCredentials * _dbus_credentials_copy(DBusCredentials *credentials)
Copy a credentials object.
DBusCredentials * _dbus_credentials_new_from_current_process(void)
Creates a new object with the most important credentials (user ID and process ID) from the current pr...
dbus_bool_t _dbus_credentials_to_string_append(DBusCredentials *credentials, DBusString *string)
Convert the credentials in this object to a human-readable string format, and append to the given str...
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
void * _dbus_credentials_get_adt_audit_data(DBusCredentials *credentials)
Gets the ADT audit data in the credentials, or NULL if the credentials object doesn't contain ADT aud...
dbus_bool_t _dbus_credentials_add_linux_security_label(DBusCredentials *credentials, const char *label)
Add a Linux security label, as used by LSMs such as SELinux, Smack and AppArmor, to the credentials.
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
const char * _dbus_credentials_get_linux_security_label(DBusCredentials *credentials)
Gets the Linux security label (as used by LSMs) from the credentials, or NULL if the credentials obje...
void _dbus_credentials_take_unix_gids(DBusCredentials *credentials, dbus_gid_t *gids, size_t n_gids)
Add UNIX group IDs to the credentials, replacing any group IDs that might already have been present.
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
dbus_bool_t _dbus_credentials_get_unix_gids(DBusCredentials *credentials, const dbus_gid_t **gids, size_t *n_gids)
Get the Unix group IDs.
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
dbus_bool_t _dbus_credentials_add_unix_uid(DBusCredentials *credentials, dbus_uid_t uid)
Add a UNIX user ID to the credentials.
dbus_bool_t _dbus_credentials_add_windows_sid(DBusCredentials *credentials, const char *windows_sid)
Add a Windows user SID to the credentials.
dbus_bool_t _dbus_credentials_add_pid(DBusCredentials *credentials, dbus_pid_t pid)
Add a UNIX process ID to the credentials.
dbus_pid_t _dbus_credentials_get_pid(DBusCredentials *credentials)
Gets the UNIX process ID in the credentials, or DBUS_PID_UNSET if the credentials object doesn't cont...
dbus_bool_t _dbus_credentials_add_adt_audit_data(DBusCredentials *credentials, void *audit_data, dbus_int32_t size)
Add ADT audit data to the credentials.
dbus_int32_t _dbus_credentials_get_adt_audit_data_size(DBusCredentials *credentials)
Gets the ADT audit data size in the credentials, or 0 if the credentials object doesn't contain ADT a...
const char * _dbus_credentials_get_windows_sid(DBusCredentials *credentials)
Gets the Windows user SID in the credentials, or NULL if the credentials object doesn't contain a Win...
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
#define _dbus_assert_not_reached(explanation)
Aborts with an error message if called.
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
char * _dbus_strdup(const char *str)
Duplicates a string.
void * _dbus_memdup(const void *mem, size_t n_bytes)
Duplicates a block of memory.
#define NULL
A null pointer, defined appropriately for C or C++.
#define TRUE
Expands to "1".
#define FALSE
Expands to "0".
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
Definition: dbus-memory.c:694
#define dbus_new(type, count)
Safe macro for using dbus_malloc().
Definition: dbus-memory.h:59
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
Definition: dbus-string.c:1147
unsigned long dbus_uid_t
A user ID.
Definition: dbus-sysdeps.h:137
unsigned long dbus_pid_t
A process ID.
Definition: dbus-sysdeps.h:135
unsigned long dbus_gid_t
A group ID.
Definition: dbus-sysdeps.h:139
#define DBUS_UID_UNSET
an invalid UID used to represent an uninitialized dbus_uid_t field
Definition: dbus-sysdeps.h:144
#define DBUS_PID_UNSET
an invalid PID used to represent an uninitialized dbus_pid_t field
Definition: dbus-sysdeps.h:142
dbus_bool_t _dbus_credentials_add_from_current_process(DBusCredentials *credentials)
Adds the most important credentials of the current process (the uid and pid) to the passed-in credent...
#define DBUS_GID_FORMAT
an appropriate printf format for dbus_gid_t
Definition: dbus-sysdeps.h:153
#define DBUS_UID_FORMAT
an appropriate printf format for dbus_uid_t
Definition: dbus-sysdeps.h:151
#define DBUS_PID_FORMAT
an appropriate printf format for dbus_pid_t
Definition: dbus-sysdeps.h:149
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
Definition: dbus-types.h:37
int dbus_int32_t
A 32-bit signed integer on all platforms.