D-Bus  1.13.7
dbus-credentials.c
1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-credentials.c Credentials provable through authentication
3  *
4  * Copyright (C) 2007 Red Hat Inc.
5  *
6  * Licensed under the Academic Free License version 2.1
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21  *
22  */
23 #include <config.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include "dbus-credentials.h"
27 #include "dbus-internals.h"
28 
50  int refcount;
51  dbus_uid_t unix_uid;
52  dbus_gid_t *unix_gids;
53  size_t n_unix_gids;
54  dbus_pid_t pid;
55  char *windows_sid;
56  char *linux_security_label;
57  void *adt_audit_data;
58  dbus_int32_t adt_audit_data_size;
59 };
60 
75 {
76  DBusCredentials *creds;
77 
78  creds = dbus_new (DBusCredentials, 1);
79  if (creds == NULL)
80  return NULL;
81 
82  creds->refcount = 1;
83  creds->unix_uid = DBUS_UID_UNSET;
84  creds->unix_gids = NULL;
85  creds->n_unix_gids = 0;
86  creds->pid = DBUS_PID_UNSET;
87  creds->windows_sid = NULL;
88  creds->linux_security_label = NULL;
89  creds->adt_audit_data = NULL;
90  creds->adt_audit_data_size = 0;
91 
92  return creds;
93 }
94 
101 {
102  DBusCredentials *creds;
103 
104  creds = _dbus_credentials_new ();
105  if (creds == NULL)
106  return NULL;
107 
109  {
110  _dbus_credentials_unref (creds);
111  return NULL;
112  }
113 
114  return creds;
115 }
116 
122 void
124 {
125  _dbus_assert (credentials->refcount > 0);
126  credentials->refcount += 1;
127 }
128 
134 void
136 {
137  _dbus_assert (credentials->refcount > 0);
138 
139  credentials->refcount -= 1;
140  if (credentials->refcount == 0)
141  {
142  dbus_free (credentials->unix_gids);
143  dbus_free (credentials->windows_sid);
144  dbus_free (credentials->linux_security_label);
145  dbus_free (credentials->adt_audit_data);
146  dbus_free (credentials);
147  }
148 }
149 
159  dbus_pid_t pid)
160 {
161  credentials->pid = pid;
162  return TRUE;
163 }
164 
174  dbus_uid_t uid)
175 {
176  credentials->unix_uid = uid;
177  return TRUE;
178 
179 }
180 
181 static int
182 cmp_gidp (const void *a_, const void *b_)
183 {
184  const dbus_gid_t *a = a_;
185  const dbus_gid_t *b = b_;
186 
187  if (*a < *b)
188  return -1;
189 
190  if (*a > *b)
191  return 1;
192 
193  return 0;
194 }
195 
204 void
206  dbus_gid_t *gids,
207  size_t n_gids)
208 {
209  /* So we can compare arrays via a simple memcmp */
210  qsort (gids, n_gids, sizeof (dbus_gid_t), cmp_gidp);
211 
212  dbus_free (credentials->unix_gids);
213  credentials->unix_gids = gids;
214  credentials->n_unix_gids = n_gids;
215 }
216 
226  const dbus_gid_t **gids,
227  size_t *n_gids)
228 {
229  if (gids != NULL)
230  *gids = credentials->unix_gids;
231 
232  if (n_gids != NULL)
233  *n_gids = credentials->n_unix_gids;
234 
235  return (credentials->unix_gids != NULL);
236 }
237 
247  const char *windows_sid)
248 {
249  char *copy;
250 
251  copy = _dbus_strdup (windows_sid);
252  if (copy == NULL)
253  return FALSE;
254 
255  dbus_free (credentials->windows_sid);
256  credentials->windows_sid = copy;
257 
258  return TRUE;
259 }
260 
271  const char *label)
272 {
273  char *copy;
274 
275  copy = _dbus_strdup (label);
276  if (copy == NULL)
277  return FALSE;
278 
279  dbus_free (credentials->linux_security_label);
280  credentials->linux_security_label = copy;
281 
282  return TRUE;
283 }
284 
295  void *audit_data,
296  dbus_int32_t size)
297 {
298  void *copy;
299  copy = _dbus_memdup (audit_data, size);
300  if (copy == NULL)
301  return FALSE;
302 
303  dbus_free (credentials->adt_audit_data);
304  credentials->adt_audit_data = copy;
305  credentials->adt_audit_data_size = size;
306 
307  return TRUE;
308 }
309 
319  DBusCredentialType type)
320 {
321  switch (type)
322  {
323  case DBUS_CREDENTIAL_UNIX_PROCESS_ID:
324  return credentials->pid != DBUS_PID_UNSET;
325  case DBUS_CREDENTIAL_UNIX_USER_ID:
326  return credentials->unix_uid != DBUS_UID_UNSET;
327  case DBUS_CREDENTIAL_UNIX_GROUP_IDS:
328  return credentials->unix_gids != NULL;
329  case DBUS_CREDENTIAL_WINDOWS_SID:
330  return credentials->windows_sid != NULL;
331  case DBUS_CREDENTIAL_LINUX_SECURITY_LABEL:
332  return credentials->linux_security_label != NULL;
333  case DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID:
334  return credentials->adt_audit_data != NULL;
335  default:
336  _dbus_assert_not_reached ("Unknown credential enum value");
337  return FALSE;
338  }
339 }
340 
350 {
351  return credentials->pid;
352 }
353 
363 {
364  return credentials->unix_uid;
365 }
366 
374 const char*
376 {
377  return credentials->windows_sid;
378 }
379 
387 const char *
389 {
390  return credentials->linux_security_label;
391 }
392 
400 void *
402 {
403  return credentials->adt_audit_data;
404 }
405 
413 dbus_int32_t
415 {
416  return credentials->adt_audit_data_size;
417 }
418 
429  DBusCredentials *possible_subset)
430 {
431  return
432  (possible_subset->pid == DBUS_PID_UNSET ||
433  possible_subset->pid == credentials->pid) &&
434  (possible_subset->unix_uid == DBUS_UID_UNSET ||
435  possible_subset->unix_uid == credentials->unix_uid) &&
436  (possible_subset->unix_gids == NULL ||
437  (possible_subset->n_unix_gids == credentials->n_unix_gids &&
438  memcmp (possible_subset->unix_gids, credentials->unix_gids,
439  sizeof (dbus_gid_t) * credentials->n_unix_gids) == 0)) &&
440  (possible_subset->windows_sid == NULL ||
441  (credentials->windows_sid && strcmp (possible_subset->windows_sid,
442  credentials->windows_sid) == 0)) &&
443  (possible_subset->linux_security_label == NULL ||
444  (credentials->linux_security_label != NULL &&
445  strcmp (possible_subset->linux_security_label,
446  credentials->linux_security_label) == 0)) &&
447  (possible_subset->adt_audit_data == NULL ||
448  (credentials->adt_audit_data && memcmp (possible_subset->adt_audit_data,
449  credentials->adt_audit_data,
450  credentials->adt_audit_data_size) == 0));
451 }
452 
461 {
462  return
463  credentials->pid == DBUS_PID_UNSET &&
464  credentials->unix_uid == DBUS_UID_UNSET &&
465  credentials->unix_gids == NULL &&
466  credentials->n_unix_gids == 0 &&
467  credentials->windows_sid == NULL &&
468  credentials->linux_security_label == NULL &&
469  credentials->adt_audit_data == NULL;
470 }
471 
480 {
481  return
482  credentials->unix_uid == DBUS_UID_UNSET &&
483  credentials->windows_sid == NULL;
484 }
485 
496  DBusCredentials *other_credentials)
497 {
498  return
500  DBUS_CREDENTIAL_UNIX_PROCESS_ID,
501  other_credentials) &&
503  DBUS_CREDENTIAL_UNIX_USER_ID,
504  other_credentials) &&
506  DBUS_CREDENTIAL_UNIX_GROUP_IDS,
507  other_credentials) &&
509  DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
510  other_credentials) &&
512  DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
513  other_credentials) &&
515  DBUS_CREDENTIAL_WINDOWS_SID,
516  other_credentials);
517 }
518 
533  DBusCredentialType which,
534  DBusCredentials *other_credentials)
535 {
536  if (which == DBUS_CREDENTIAL_UNIX_PROCESS_ID &&
537  other_credentials->pid != DBUS_PID_UNSET)
538  {
539  if (!_dbus_credentials_add_pid (credentials, other_credentials->pid))
540  return FALSE;
541  }
542  else if (which == DBUS_CREDENTIAL_UNIX_USER_ID &&
543  other_credentials->unix_uid != DBUS_UID_UNSET)
544  {
545  if (!_dbus_credentials_add_unix_uid (credentials, other_credentials->unix_uid))
546  return FALSE;
547  }
548  else if (which == DBUS_CREDENTIAL_UNIX_GROUP_IDS &&
549  other_credentials->unix_gids != NULL)
550  {
551  dbus_gid_t *gids;
552 
553  gids = dbus_new (dbus_gid_t, other_credentials->n_unix_gids);
554 
555  if (gids == NULL)
556  return FALSE;
557 
558  memcpy (gids, other_credentials->unix_gids,
559  sizeof (dbus_gid_t) * other_credentials->n_unix_gids);
560 
561  _dbus_credentials_take_unix_gids (credentials, gids,
562  other_credentials->n_unix_gids);
563  }
564  else if (which == DBUS_CREDENTIAL_WINDOWS_SID &&
565  other_credentials->windows_sid != NULL)
566  {
567  if (!_dbus_credentials_add_windows_sid (credentials, other_credentials->windows_sid))
568  return FALSE;
569  }
570  else if (which == DBUS_CREDENTIAL_LINUX_SECURITY_LABEL &&
571  other_credentials->linux_security_label != NULL)
572  {
574  other_credentials->linux_security_label))
575  return FALSE;
576  }
577  else if (which == DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID &&
578  other_credentials->adt_audit_data != NULL)
579  {
580  if (!_dbus_credentials_add_adt_audit_data (credentials, other_credentials->adt_audit_data, other_credentials->adt_audit_data_size))
581  return FALSE;
582  }
583 
584  return TRUE;
585 }
586 
592 void
594 {
595  credentials->pid = DBUS_PID_UNSET;
596  credentials->unix_uid = DBUS_UID_UNSET;
597  dbus_free (credentials->unix_gids);
598  credentials->unix_gids = NULL;
599  credentials->n_unix_gids = 0;
600  dbus_free (credentials->windows_sid);
601  credentials->windows_sid = NULL;
602  dbus_free (credentials->linux_security_label);
603  credentials->linux_security_label = NULL;
604  dbus_free (credentials->adt_audit_data);
605  credentials->adt_audit_data = NULL;
606  credentials->adt_audit_data_size = 0;
607 }
608 
617 {
618  DBusCredentials *copy;
619 
620  copy = _dbus_credentials_new ();
621  if (copy == NULL)
622  return NULL;
623 
624  if (!_dbus_credentials_add_credentials (copy, credentials))
625  {
627  return NULL;
628  }
629 
630  return copy;
631 }
632 
646  DBusCredentials *other_credentials)
647 {
648  /* both windows and unix user must be the same (though pretty much
649  * in all conceivable cases, one will be unset)
650  */
651  return credentials->unix_uid == other_credentials->unix_uid &&
652  ((!(credentials->windows_sid || other_credentials->windows_sid)) ||
653  (credentials->windows_sid && other_credentials->windows_sid &&
654  strcmp (credentials->windows_sid, other_credentials->windows_sid) == 0));
655 }
656 
667  DBusString *string)
668 {
669  dbus_bool_t join;
670 
671  join = FALSE;
672  if (credentials->unix_uid != DBUS_UID_UNSET)
673  {
674  if (!_dbus_string_append_printf (string, "uid=" DBUS_UID_FORMAT, credentials->unix_uid))
675  goto oom;
676  join = TRUE;
677  }
678  if (credentials->pid != DBUS_PID_UNSET)
679  {
680  if (!_dbus_string_append_printf (string, "%spid=" DBUS_PID_FORMAT, join ? " " : "", credentials->pid))
681  goto oom;
682  join = TRUE;
683  }
684 
685  if (credentials->unix_gids != NULL)
686  {
687  size_t i;
688 
689  for (i = 0; i < credentials->n_unix_gids; i++)
690  {
691  if (!_dbus_string_append_printf (string, "%sgid=" DBUS_GID_FORMAT,
692  join ? " " : "",
693  credentials->unix_gids[i]))
694  goto oom;
695 
696  join = TRUE;
697  }
698  }
699 
700  if (credentials->windows_sid != NULL)
701  {
702  if (!_dbus_string_append_printf (string, "%ssid=%s", join ? " " : "", credentials->windows_sid))
703  goto oom;
704  join = TRUE;
705  }
706 
707  if (credentials->linux_security_label != NULL)
708  {
709  if (!_dbus_string_append_printf (string, "%slsm='%s'",
710  join ? " " : "",
711  credentials->linux_security_label))
712  goto oom;
713  join = TRUE;
714  }
715 
716  return TRUE;
717 oom:
718  return FALSE;
719 }
720 
723 /* tests in dbus-credentials-util.c */
dbus_uid_t _dbus_credentials_get_unix_uid(DBusCredentials *credentials)
Gets the UNIX user ID in the credentials, or DBUS_UID_UNSET if the credentials object doesn&#39;t contain...
#define NULL
A null pointer, defined appropriately for C or C++.
dbus_bool_t _dbus_credentials_include(DBusCredentials *credentials, DBusCredentialType type)
Checks whether the given credential is present.
DBusCredentials * _dbus_credentials_copy(DBusCredentials *credentials)
Copy a credentials object.
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
Definition: dbus-memory.c:703
dbus_int32_t _dbus_credentials_get_adt_audit_data_size(DBusCredentials *credentials)
Gets the ADT audit data size in the credentials, or 0 if the credentials object doesn&#39;t contain ADT a...
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
#define dbus_new(type, count)
Safe macro for using dbus_malloc().
Definition: dbus-memory.h:57
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
#define DBUS_GID_FORMAT
an appropriate printf format for dbus_gid_t
Definition: dbus-sysdeps.h:150
#define DBUS_PID_FORMAT
an appropriate printf format for dbus_pid_t
Definition: dbus-sysdeps.h:146
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
dbus_bool_t _dbus_credentials_add_linux_security_label(DBusCredentials *credentials, const char *label)
Add a Linux security label, as used by LSMs such as SELinux, Smack and AppArmor, to the credentials...
dbus_bool_t _dbus_credentials_add_windows_sid(DBusCredentials *credentials, const char *windows_sid)
Add a Windows user SID to the credentials.
#define DBUS_PID_UNSET
an invalid PID used to represent an uninitialized dbus_pid_t field
Definition: dbus-sysdeps.h:139
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
#define DBUS_UID_UNSET
an invalid UID used to represent an uninitialized dbus_uid_t field
Definition: dbus-sysdeps.h:141
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
unsigned long dbus_pid_t
A process ID.
Definition: dbus-sysdeps.h:132
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
Definition: dbus-types.h:35
void _dbus_credentials_take_unix_gids(DBusCredentials *credentials, dbus_gid_t *gids, size_t n_gids)
Add UNIX group IDs to the credentials, replacing any group IDs that might already have been present...
DBusCredentials * _dbus_credentials_new_from_current_process(void)
Creates a new object with the most important credentials (user ID and process ID) from the current pr...
void * _dbus_memdup(const void *mem, size_t n_bytes)
Duplicates a block of memory.
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
Definition: dbus-string.c:1131
void _dbus_credentials_ref(DBusCredentials *credentials)
Increment refcount on credentials.
dbus_bool_t _dbus_credentials_add_adt_audit_data(DBusCredentials *credentials, void *audit_data, dbus_int32_t size)
Add ADT audit data to the credentials.
dbus_bool_t _dbus_credentials_add_from_current_process(DBusCredentials *credentials)
Adds the most important credentials of the current process (the uid and pid) to the passed-in credent...
#define TRUE
Expands to "1".
#define _dbus_assert_not_reached(explanation)
Aborts with an error message if called.
dbus_bool_t _dbus_credentials_add_pid(DBusCredentials *credentials, dbus_pid_t pid)
Add a UNIX process ID to the credentials.
#define DBUS_UID_FORMAT
an appropriate printf format for dbus_uid_t
Definition: dbus-sysdeps.h:148
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
dbus_pid_t _dbus_credentials_get_pid(DBusCredentials *credentials)
Gets the UNIX process ID in the credentials, or DBUS_PID_UNSET if the credentials object doesn&#39;t cont...
dbus_bool_t _dbus_credentials_get_unix_gids(DBusCredentials *credentials, const dbus_gid_t **gids, size_t *n_gids)
Get the Unix group IDs.
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
#define FALSE
Expands to "0".
const char * _dbus_credentials_get_linux_security_label(DBusCredentials *credentials)
Gets the Linux security label (as used by LSMs) from the credentials, or NULL if the credentials obje...
dbus_bool_t _dbus_credentials_same_user(DBusCredentials *credentials, DBusCredentials *other_credentials)
Check whether the user-identifying credentials in two credentials objects are identical.
dbus_bool_t _dbus_credentials_to_string_append(DBusCredentials *credentials, DBusString *string)
Convert the credentials in this object to a human-readable string format, and append to the given str...
const char * _dbus_credentials_get_windows_sid(DBusCredentials *credentials)
Gets the Windows user SID in the credentials, or NULL if the credentials object doesn&#39;t contain a Win...
unsigned long dbus_gid_t
A group ID.
Definition: dbus-sysdeps.h:136
char * _dbus_strdup(const char *str)
Duplicates a string.
dbus_bool_t _dbus_credentials_add_unix_uid(DBusCredentials *credentials, dbus_uid_t uid)
Add a UNIX user ID to the credentials.
unsigned long dbus_uid_t
A user ID.
Definition: dbus-sysdeps.h:134
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
void * _dbus_credentials_get_adt_audit_data(DBusCredentials *credentials)
Gets the ADT audit data in the credentials, or NULL if the credentials object doesn&#39;t contain ADT aud...