gcredentials.c 14.8 KB
Newer Older
1 2
/* GDBus - GLib D-Bus Library
 *
3
 * Copyright (C) 2008-2010 Red Hat, Inc.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General
 * Public License along with this library; if not, write to the
 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
 * Boston, MA 02111-1307, USA.
 *
 * Author: David Zeuthen <davidz@redhat.com>
 */

#include "config.h"

#include <stdlib.h>
Dan Winship's avatar
Dan Winship committed
26
#include <string.h>
27

Matthias Clasen's avatar
Matthias Clasen committed
28 29 30
#include <gobject/gvaluecollector.h>

#include "gcredentials.h"
Dan Winship's avatar
Dan Winship committed
31
#include "gnetworking.h"
Matthias Clasen's avatar
Matthias Clasen committed
32 33
#include "gioerror.h"

David Zeuthen's avatar
David Zeuthen committed
34 35
#include "glibintl.h"

36 37
/**
 * SECTION:gcredentials
David Zeuthen's avatar
David Zeuthen committed
38 39
 * @short_description: An object containing credentials
 * @include: gio/gio.h
40
 *
41 42 43
 * The #GCredentials type is a reference-counted wrapper for native
 * credentials. This information is typically used for identifying,
 * authenticating and authorizing other processes.
44 45 46 47
 *
 * Some operating systems supports looking up the credentials of the
 * remote peer of a communication endpoint - see e.g.
 * g_socket_get_credentials().
48
 *
49 50
 * Some operating systems supports securely sending and receiving
 * credentials over a Unix Domain Socket, see
51 52
 * #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
 * g_unix_connection_receive_credentials() for details.
53
 *
54 55 56 57 58
 * On Linux, the native credential type is a <type>struct ucred</type>
 * - see the
 * <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>
 * man page for details. This corresponds to
 * %G_CREDENTIALS_TYPE_LINUX_UCRED.
59 60 61
 *
 * On FreeBSD, the native credential type is a <type>struct cmsgcred</type>.
 * This corresponds to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED.
62 63 64
 *
 * On OpenBSD, the native credential type is a <type>struct sockpeercred</type>.
 * This corresponds to %G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED.
65 66
 */

67 68 69 70 71 72 73 74 75
/**
 * GCredentials:
 *
 * The #GCredentials structure contains only private data and
 * should only be accessed using the provided API.
 *
 * Since: 2.26
 */
struct _GCredentials
76
{
77 78 79
  /*< private >*/
  GObject parent_instance;

80 81
#ifdef __linux__
  struct ucred native;
82
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
83
  struct cmsgcred native;
84 85
#elif defined(__OpenBSD__)
  struct sockpeercred native;
86
#else
87
#ifdef __GNUC__
88
#warning Please add GCredentials support for your OS
89
#endif
90
#endif
91 92
};

93 94 95 96 97 98 99 100 101 102 103 104 105
/**
 * GCredentialsClass:
 *
 * Class structure for #GCredentials.
 *
 * Since: 2.26
 */
struct _GCredentialsClass
{
  /*< private >*/
  GObjectClass parent_class;
};

106 107 108 109 110
G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT);

static void
g_credentials_finalize (GObject *object)
{
111
  G_GNUC_UNUSED GCredentials *credentials = G_CREDENTIALS (object);
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129

  if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL)
    G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object);
}


static void
g_credentials_class_init (GCredentialsClass *klass)
{
  GObjectClass *gobject_class;

  gobject_class = G_OBJECT_CLASS (klass);
  gobject_class->finalize = g_credentials_finalize;
}

static void
g_credentials_init (GCredentials *credentials)
{
130
#ifdef __linux__
131
  credentials->native.pid = getpid ();
132 133
  credentials->native.uid = geteuid ();
  credentials->native.gid = getegid ();
134
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
135 136 137 138
  memset (&credentials->native, 0, sizeof (struct cmsgcred));
  credentials->native.cmcred_pid  = getpid ();
  credentials->native.cmcred_euid = geteuid ();
  credentials->native.cmcred_gid  = getegid ();
139 140 141 142
#elif defined(__OpenBSD__)
  credentials->native.pid = getpid ();
  credentials->native.uid = geteuid ();
  credentials->native.gid = getegid ();
143
#endif
144 145 146 147 148 149 150
}

/* ---------------------------------------------------------------------------------------------------- */

/**
 * g_credentials_new:
 *
151 152
 * Creates a new #GCredentials object with credentials matching the
 * the current process.
153 154
 *
 * Returns: A #GCredentials. Free with g_object_unref().
155 156
 *
 * Since: 2.26
157 158 159 160 161 162 163 164 165 166 167 168 169
 */
GCredentials *
g_credentials_new (void)
{
  return g_object_new (G_TYPE_CREDENTIALS, NULL);
}

/* ---------------------------------------------------------------------------------------------------- */

/**
 * g_credentials_to_string:
 * @credentials: A #GCredentials object.
 *
170 171 172
 * Creates a human-readable textual representation of @credentials
 * that can be used in logging and debug messages. The format of the
 * returned string may change in future GLib release.
173 174
 *
 * Returns: A string that should be freed with g_free().
175 176
 *
 * Since: 2.26
177 178 179 180 181 182 183 184 185
 */
gchar *
g_credentials_to_string (GCredentials *credentials)
{
  GString *ret;

  g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);

  ret = g_string_new ("GCredentials:");
186
#ifdef __linux__
187 188 189 190 191 192 193
  g_string_append (ret, "linux-ucred:");
  if (credentials->native.pid != -1)
    g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
  if (credentials->native.uid != -1)
    g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
  if (credentials->native.gid != -1)
    g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
194 195
  if (ret->str[ret->len - 1] == ',')
    ret->str[ret->len - 1] = '\0';
196
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
197 198 199 200 201 202 203
  g_string_append (ret, "freebsd-cmsgcred:");
  if (credentials->native.cmcred_pid != -1)
    g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_pid);
  if (credentials->native.cmcred_euid != -1)
    g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_euid);
  if (credentials->native.cmcred_gid != -1)
    g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_gid);
204 205 206 207 208 209 210 211 212 213
#elif defined(__OpenBSD__)
  g_string_append (ret, "openbsd-sockpeercred:");
  if (credentials->native.pid != -1)
    g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
  if (credentials->native.uid != -1)
    g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
  if (credentials->native.gid != -1)
    g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
  if (ret->str[ret->len - 1] == ',')
    ret->str[ret->len - 1] = '\0';
214 215 216
#else
  g_string_append (ret, "unknown");
#endif
217 218 219 220 221 222 223

  return g_string_free (ret, FALSE);
}

/* ---------------------------------------------------------------------------------------------------- */

/**
224
 * g_credentials_is_same_user:
225
 * @credentials: A #GCredentials.
226 227
 * @other_credentials: A #GCredentials.
 * @error: Return location for error or %NULL.
228
 *
229
 * Checks if @credentials and @other_credentials is the same user.
230
 *
231 232 233 234 235
 * This operation can fail if #GCredentials is not supported on the
 * the OS.
 *
 * Returns: %TRUE if @credentials and @other_credentials has the same
 * user, %FALSE otherwise or if @error is set.
236 237
 *
 * Since: 2.26
238 239
 */
gboolean
240 241 242
g_credentials_is_same_user (GCredentials  *credentials,
                            GCredentials  *other_credentials,
                            GError       **error)
243
{
244 245
  gboolean ret;

246
  g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
247 248
  g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials), FALSE);
  g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
249

250 251
  ret = FALSE;
#ifdef __linux__
252
  if (credentials->native.uid == other_credentials->native.uid)
253
    ret = TRUE;
254
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
255 256
  if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
    ret = TRUE;
257 258 259
#elif defined(__OpenBSD__)
  if (credentials->native.uid == other_credentials->native.uid)
    ret = TRUE;
260 261 262 263 264 265
#else
  g_set_error_literal (error,
                       G_IO_ERROR,
                       G_IO_ERROR_NOT_SUPPORTED,
                       _("GCredentials is not implemented on this OS"));
#endif
266

267
  return ret;
268 269 270
}

/**
271
 * g_credentials_get_native: (skip)
272
 * @credentials: A #GCredentials.
273
 * @native_type: The type of native credentials to get.
274
 *
275
 * Gets a pointer to native credentials of type @native_type from
276
 * @credentials.
277
 *
278 279 280 281 282 283 284 285 286
 * It is a programming error (which will cause an warning to be
 * logged) to use this method if there is no #GCredentials support for
 * the OS or if @native_type isn't supported by the OS.
 *
 * Returns: The pointer to native credentials or %NULL if the
 * operation there is no #GCredentials support for the OS or if
 * @native_type isn't supported by the OS. Do not free the returned
 * data, it is owned by @credentials.
 *
287
 * Since: 2.26
288
 */
289
gpointer
290 291
g_credentials_get_native (GCredentials     *credentials,
                          GCredentialsType  native_type)
292
{
293
  gpointer ret;
294

295
  g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
296

297 298
  ret = NULL;

299
#ifdef __linux__
300 301 302 303 304 305 306 307 308 309
  if (native_type != G_CREDENTIALS_TYPE_LINUX_UCRED)
    {
      g_warning ("g_credentials_get_native: Trying to get credentials of type %d but only "
                 "G_CREDENTIALS_TYPE_LINUX_UCRED is supported.",
                 native_type);
    }
  else
    {
      ret = &credentials->native;
    }
310
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
311 312 313 314 315 316 317 318 319 320
  if (native_type != G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED)
    {
      g_warning ("g_credentials_get_native: Trying to get credentials of type %d but only "
		 "G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED is supported.",
		 native_type);
    }
  else
    {
      ret = &credentials->native;
    }
321 322 323 324 325 326 327 328 329 330 331
#elif defined(__OpenBSD__)
  if (native_type != G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED)
    {
      g_warning ("g_credentials_get_native: Trying to get credentials of type %d but only "
                 "G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED is supported.",
                 native_type);
    }
  else
    {
      ret = &credentials->native;
    }
332
#else
333 334
  g_warning ("g_credentials_get_native: Trying to get credentials but GLib has no support "
             "for the native credentials type. Please add support.");
335 336 337
#endif

  return ret;
338 339 340
}

/**
341
 * g_credentials_set_native:
342
 * @credentials: A #GCredentials.
343
 * @native_type: The type of native credentials to set.
344
 * @native: A pointer to native credentials.
345
 *
346 347
 * Copies the native credentials of type @native_type from @native
 * into @credentials.
348 349 350
 *
 * It is a programming error (which will cause an warning to be
 * logged) to use this method if there is no #GCredentials support for
351
 * the OS or if @native_type isn't supported by the OS.
352 353
 *
 * Since: 2.26
354 355
 */
void
356 357 358
g_credentials_set_native (GCredentials     *credentials,
                          GCredentialsType  native_type,
                          gpointer          native)
359
{
360
#ifdef __linux__
361 362 363 364 365 366 367 368 369 370
  if (native_type != G_CREDENTIALS_TYPE_LINUX_UCRED)
    {
      g_warning ("g_credentials_set_native: Trying to set credentials of type %d "
                 "but only G_CREDENTIALS_TYPE_LINUX_UCRED is supported.",
                 native_type);
    }
  else
    {
      memcpy (&credentials->native, native, sizeof (struct ucred));
    }
371
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
372 373 374 375 376 377 378 379 380 381
  if (native_type != G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED)
    {
      g_warning ("g_credentials_set_native: Trying to set credentials of type %d "
		  "but only G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED is supported.",
		  native_type);
    }
  else
    {
      memcpy (&credentials->native, native, sizeof (struct cmsgcred));
    }
382 383 384 385 386 387 388 389 390 391 392
#elif defined(__OpenBSD__)
  if (native_type != G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED)
    {
      g_warning ("g_credentials_set_native: Trying to set credentials of type %d "
                 "but only G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED is supported.",
                 native_type);
    }
  else
    {
      memcpy (&credentials->native, native, sizeof (struct sockpeercred));
    }
393 394 395 396
#else
  g_warning ("g_credentials_set_native: Trying to set credentials but GLib has no support "
             "for the native credentials type. Please add support.");
#endif
397 398 399 400
}

/* ---------------------------------------------------------------------------------------------------- */

401
#ifdef G_OS_UNIX
402
/**
403 404 405
 * g_credentials_get_unix_user:
 * @credentials: A #GCredentials
 * @error: Return location for error or %NULL.
406
 *
407 408
 * Tries to get the UNIX user identifier from @credentials. This
 * method is only available on UNIX platforms.
409
 *
410 411 412
 * This operation can fail if #GCredentials is not supported on the
 * OS or if the native credentials type does not contain information
 * about the UNIX user.
413
 *
414
 * Returns: The UNIX user identifier or -1 if @error is set.
415 416
 *
 * Since: 2.26
417
 */
418 419 420
uid_t
g_credentials_get_unix_user (GCredentials    *credentials,
                             GError         **error)
421
{
422 423
  uid_t ret;

424
  g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
425
  g_return_val_if_fail (error == NULL || *error == NULL, -1);
426

427
#ifdef __linux__
428
  ret = credentials->native.uid;
429
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
430
  ret = credentials->native.cmcred_euid;
431 432
#elif defined(__OpenBSD__)
  ret = credentials->native.uid;
433 434 435 436 437
#else
  ret = -1;
  g_set_error_literal (error,
                       G_IO_ERROR,
                       G_IO_ERROR_NOT_SUPPORTED,
438
                       _("There is no GCredentials support for your platform"));
439
#endif
440

441 442
  return ret;
}
443 444

/**
445
 * g_credentials_set_unix_user:
446
 * @credentials: A #GCredentials.
447 448 449 450 451
 * @uid: The UNIX user identifier to set.
 * @error: Return location for error or %NULL.
 *
 * Tries to set the UNIX user identifier on @credentials. This method
 * is only available on UNIX platforms.
452
 *
453 454 455
 * This operation can fail if #GCredentials is not supported on the
 * OS or if the native credentials type does not contain information
 * about the UNIX user.
456
 *
457
 * Returns: %TRUE if @uid was set, %FALSE if error is set.
458 459
 *
 * Since: 2.26
460 461
 */
gboolean
462 463 464
g_credentials_set_unix_user (GCredentials    *credentials,
                             uid_t            uid,
                             GError         **error)
465
{
466 467
  gboolean ret;

468
  g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
469 470
  g_return_val_if_fail (uid != -1, FALSE);
  g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
471

472 473
  ret = FALSE;
#ifdef __linux__
474
  credentials->native.uid = uid;
475
  ret = TRUE;
476
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
477 478
  credentials->native.cmcred_euid = uid;
  ret = TRUE;
479 480 481
#elif defined(__OpenBSD__)
  credentials->native.uid = uid;
  ret = TRUE;
482 483 484 485 486 487
#else
  g_set_error_literal (error,
                       G_IO_ERROR,
                       G_IO_ERROR_NOT_SUPPORTED,
                       _("GCredentials is not implemented on this OS"));
#endif
488

489
  return ret;
490
}
491
#endif /* G_OS_UNIX */