31#ifdef HAVE_SYS_SYSCALL_H
32#include <sys/syscall.h>
34#include "dbus-credentials.h"
35#include "dbus-internals.h"
37#include "dbus-sysdeps-unix.h"
68 char *linux_security_label;
70 dbus_int32_t adt_audit_data_size;
96 creds->unix_gids =
NULL;
97 creds->n_unix_gids = 0;
100 creds->windows_sid =
NULL;
101 creds->linux_security_label =
NULL;
102 creds->adt_audit_data =
NULL;
103 creds->adt_audit_data_size = 0;
139 credentials->refcount += 1;
152 credentials->refcount -= 1;
153 if (credentials->refcount == 0)
157 dbus_free (credentials->linux_security_label);
160 if (credentials->pid_fd >= 0)
162 close (credentials->pid_fd);
163 credentials->pid_fd = -1;
184 credentials->pid = pid;
204 if (credentials->pid_fd >= 0)
205 close (credentials->pid_fd);
206 credentials->pid_fd = pid_fd;
223 credentials->unix_uid = uid;
229cmp_gidp (
const void *a_,
const void *b_)
257 qsort (gids, n_gids,
sizeof (
dbus_gid_t), cmp_gidp);
260 credentials->unix_gids = gids;
261 credentials->n_unix_gids = n_gids;
277 *gids = credentials->unix_gids;
280 *n_gids = credentials->n_unix_gids;
282 return (credentials->unix_gids !=
NULL);
294 const char *windows_sid)
303 credentials->windows_sid = copy;
326 dbus_free (credentials->linux_security_label);
327 credentials->linux_security_label = copy;
351 credentials->adt_audit_data = copy;
352 credentials->adt_audit_data_size = size;
366 DBusCredentialType type)
370 case DBUS_CREDENTIAL_UNIX_PROCESS_ID:
372 credentials->pid_fd >= 0;
373 case DBUS_CREDENTIAL_UNIX_PROCESS_FD:
374 return credentials->pid_fd >= 0;
375 case DBUS_CREDENTIAL_UNIX_USER_ID:
377 case DBUS_CREDENTIAL_UNIX_GROUP_IDS:
378 return credentials->unix_gids !=
NULL;
379 case DBUS_CREDENTIAL_WINDOWS_SID:
380 return credentials->windows_sid !=
NULL;
381 case DBUS_CREDENTIAL_LINUX_SECURITY_LABEL:
382 return credentials->linux_security_label !=
NULL;
383 case DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID:
384 return credentials->adt_audit_data !=
NULL;
406 if (credentials->pid_fd >= 0)
414 return credentials->pid;
429 return credentials->pid_fd;
442 return credentials->unix_uid;
455 return credentials->windows_sid;
468 return credentials->linux_security_label;
481 return credentials->adt_audit_data;
494 return credentials->adt_audit_data_size;
511 possible_subset->pid == credentials->pid) &&
513 possible_subset->unix_uid == credentials->unix_uid) &&
514 (possible_subset->unix_gids ==
NULL ||
515 (possible_subset->n_unix_gids == credentials->n_unix_gids &&
516 memcmp (possible_subset->unix_gids, credentials->unix_gids,
517 sizeof (
dbus_gid_t) * credentials->n_unix_gids) == 0)) &&
518 (possible_subset->windows_sid ==
NULL ||
519 (credentials->windows_sid && strcmp (possible_subset->windows_sid,
520 credentials->windows_sid) == 0)) &&
521 (possible_subset->linux_security_label ==
NULL ||
522 (credentials->linux_security_label !=
NULL &&
523 strcmp (possible_subset->linux_security_label,
524 credentials->linux_security_label) == 0)) &&
525 (possible_subset->adt_audit_data ==
NULL ||
526 (credentials->adt_audit_data && memcmp (possible_subset->adt_audit_data,
527 credentials->adt_audit_data,
528 credentials->adt_audit_data_size) == 0));
542 credentials->pid_fd == -1 &&
544 credentials->unix_gids ==
NULL &&
545 credentials->n_unix_gids == 0 &&
546 credentials->windows_sid ==
NULL &&
547 credentials->linux_security_label ==
NULL &&
548 credentials->adt_audit_data ==
NULL;
562 credentials->windows_sid ==
NULL;
579 DBUS_CREDENTIAL_UNIX_PROCESS_FD,
580 other_credentials) &&
582 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
583 other_credentials) &&
585 DBUS_CREDENTIAL_UNIX_USER_ID,
586 other_credentials) &&
588 DBUS_CREDENTIAL_UNIX_GROUP_IDS,
589 other_credentials) &&
591 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
592 other_credentials) &&
594 DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
595 other_credentials) &&
597 DBUS_CREDENTIAL_WINDOWS_SID,
615 DBusCredentialType which,
618 if (which == DBUS_CREDENTIAL_UNIX_PROCESS_ID &&
624 else if (which == DBUS_CREDENTIAL_UNIX_USER_ID &&
630 else if (which == DBUS_CREDENTIAL_UNIX_GROUP_IDS &&
631 other_credentials->unix_gids !=
NULL)
640 memcpy (gids, other_credentials->unix_gids,
641 sizeof (
dbus_gid_t) * other_credentials->n_unix_gids);
644 other_credentials->n_unix_gids);
646 else if (which == DBUS_CREDENTIAL_WINDOWS_SID &&
647 other_credentials->windows_sid !=
NULL)
652 else if (which == DBUS_CREDENTIAL_LINUX_SECURITY_LABEL &&
653 other_credentials->linux_security_label !=
NULL)
656 other_credentials->linux_security_label))
659 else if (which == DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID &&
660 other_credentials->adt_audit_data !=
NULL)
667 else if (which == DBUS_CREDENTIAL_UNIX_PROCESS_FD &&
668 other_credentials->pid_fd >= 0)
692 if (credentials->pid_fd >= 0)
694 close (credentials->pid_fd);
695 credentials->pid_fd = -1;
700 credentials->unix_gids =
NULL;
701 credentials->n_unix_gids = 0;
703 credentials->windows_sid =
NULL;
704 dbus_free (credentials->linux_security_label);
705 credentials->linux_security_label =
NULL;
707 credentials->adt_audit_data =
NULL;
708 credentials->adt_audit_data_size = 0;
753 return credentials->unix_uid == other_credentials->unix_uid &&
754 ((!(credentials->windows_sid || other_credentials->windows_sid)) ||
755 (credentials->windows_sid && other_credentials->windows_sid &&
756 strcmp (credentials->windows_sid, other_credentials->windows_sid) == 0));
780 if (credentials->pid !=
DBUS_PID_UNSET || credentials->pid_fd >= 0)
790 if (credentials->unix_gids !=
NULL)
794 for (i = 0; i < credentials->n_unix_gids; i++)
798 credentials->unix_gids[i]))
805 if (credentials->windows_sid !=
NULL)
812 if (credentials->linux_security_label !=
NULL)
816 credentials->linux_security_label))
821 if (credentials->pid_fd >= 0)
void _dbus_credentials_ref(DBusCredentials *credentials)
Increment refcount on credentials.
dbus_bool_t _dbus_credentials_include(DBusCredentials *credentials, DBusCredentialType type)
Checks whether the given credential is present.
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_credentials_same_user(DBusCredentials *credentials, DBusCredentials *other_credentials)
Check whether the user-identifying credentials in two credentials objects are identical.
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
dbus_uid_t _dbus_credentials_get_unix_uid(DBusCredentials *credentials)
Gets the UNIX user ID in the credentials, or DBUS_UID_UNSET if the credentials object doesn't contain...
DBusCredentials * _dbus_credentials_copy(DBusCredentials *credentials)
Copy a credentials object.
DBusCredentials * _dbus_credentials_new_from_current_process(void)
Creates a new object with the most important credentials (user ID and process ID) from the current pr...
dbus_bool_t _dbus_credentials_to_string_append(DBusCredentials *credentials, DBusString *string)
Convert the credentials in this object to a human-readable string format, and append to the given str...
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
void * _dbus_credentials_get_adt_audit_data(DBusCredentials *credentials)
Gets the ADT audit data in the credentials, or NULL if the credentials object doesn't contain ADT aud...
_DBUS_GNUC_NORETURN void _dbus_credentials_take_pid_fd(DBusCredentials *credentials, int pid_fd)
Add a UNIX process ID FD to the credentials.
dbus_bool_t _dbus_credentials_add_linux_security_label(DBusCredentials *credentials, const char *label)
Add a Linux security label, as used by LSMs such as SELinux, Smack and AppArmor, to the credentials.
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
const char * _dbus_credentials_get_linux_security_label(DBusCredentials *credentials)
Gets the Linux security label (as used by LSMs) from the credentials, or NULL if the credentials obje...
void _dbus_credentials_take_unix_gids(DBusCredentials *credentials, dbus_gid_t *gids, size_t n_gids)
Add UNIX group IDs to the credentials, replacing any group IDs that might already have been present.
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
dbus_bool_t _dbus_credentials_get_unix_gids(DBusCredentials *credentials, const dbus_gid_t **gids, size_t *n_gids)
Get the Unix group IDs.
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
dbus_bool_t _dbus_credentials_add_unix_uid(DBusCredentials *credentials, dbus_uid_t uid)
Add a UNIX user ID to the credentials.
dbus_bool_t _dbus_credentials_add_windows_sid(DBusCredentials *credentials, const char *windows_sid)
Add a Windows user SID to the credentials.
dbus_bool_t _dbus_credentials_add_pid(DBusCredentials *credentials, dbus_pid_t pid)
Add a UNIX process ID to the credentials.
dbus_pid_t _dbus_credentials_get_pid(DBusCredentials *credentials)
Gets the UNIX process ID in the credentials, or DBUS_PID_UNSET if the credentials object doesn't cont...
dbus_bool_t _dbus_credentials_add_adt_audit_data(DBusCredentials *credentials, void *audit_data, dbus_int32_t size)
Add ADT audit data to the credentials.
dbus_int32_t _dbus_credentials_get_adt_audit_data_size(DBusCredentials *credentials)
Gets the ADT audit data size in the credentials, or 0 if the credentials object doesn't contain ADT a...
const char * _dbus_credentials_get_windows_sid(DBusCredentials *credentials)
Gets the Windows user SID in the credentials, or NULL if the credentials object doesn't contain a Win...
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
int _dbus_credentials_get_pid_fd(DBusCredentials *credentials)
Gets the UNIX process ID FD in the credentials as obtained by 'safe' means (e.g.: Linux's SO_PEERPIDF...
#define _dbus_assert_not_reached(explanation)
Aborts with an error message if called.
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
char * _dbus_strdup(const char *str)
Duplicates a string.
void * _dbus_memdup(const void *mem, size_t n_bytes)
Duplicates a block of memory.
#define NULL
A null pointer, defined appropriately for C or C++.
#define TRUE
Expands to "1".
#define FALSE
Expands to "0".
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
#define dbus_new(type, count)
Safe macro for using dbus_malloc().
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
int _dbus_dup(int fd, DBusError *error)
Duplicates a file descriptor.
unsigned long dbus_uid_t
A user ID.
unsigned long dbus_pid_t
A process ID.
unsigned long dbus_gid_t
A group ID.
#define DBUS_UID_UNSET
an invalid UID used to represent an uninitialized dbus_uid_t field
#define DBUS_PID_UNSET
an invalid PID used to represent an uninitialized dbus_pid_t field
dbus_pid_t _dbus_resolve_pid_fd(int pid_fd)
Resolve the PID from the PID FD, if any.
dbus_bool_t _dbus_credentials_add_from_current_process(DBusCredentials *credentials)
Adds the most important credentials of the current process (the uid and pid) to the passed-in credent...
#define DBUS_GID_FORMAT
an appropriate printf format for dbus_gid_t
#define DBUS_UID_FORMAT
an appropriate printf format for dbus_uid_t
#define DBUS_PID_FORMAT
an appropriate printf format for dbus_pid_t