2010-05-06 14:13:59 -04:00
|
|
|
/* GDBus - GLib D-Bus Library
|
|
|
|
|
*
|
2010-05-09 13:14:55 -04:00
|
|
|
* Copyright (C) 2008-2010 Red Hat, Inc.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
2017-05-27 18:21:30 +02:00
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General
|
2014-01-23 12:58:29 +01:00
|
|
|
* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
|
|
|
|
* Author: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
2010-11-11 09:57:25 -05:00
|
|
|
#include <string.h>
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2010-05-14 08:38:07 -04:00
|
|
|
#include <gobject/gvaluecollector.h>
|
|
|
|
|
|
|
|
|
|
#include "gcredentials.h"
|
2013-09-18 13:40:09 -04:00
|
|
|
#include "gcredentialsprivate.h"
|
2010-11-11 09:57:25 -05:00
|
|
|
#include "gnetworking.h"
|
2010-05-14 08:38:07 -04:00
|
|
|
#include "gioerror.h"
|
2013-09-18 13:40:09 -04:00
|
|
|
#include "gioenumtypes.h"
|
2010-05-14 08:38:07 -04:00
|
|
|
|
2010-05-06 16:34:23 -04:00
|
|
|
#include "glibintl.h"
|
|
|
|
|
|
2010-05-06 14:13:59 -04:00
|
|
|
/**
|
|
|
|
|
* SECTION:gcredentials
|
2010-05-06 15:31:45 -04:00
|
|
|
* @short_description: An object containing credentials
|
|
|
|
|
* @include: gio/gio.h
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-07-20 14:02:14 -04:00
|
|
|
* The #GCredentials type is a reference-counted wrapper for native
|
|
|
|
|
* credentials. This information is typically used for identifying,
|
|
|
|
|
* authenticating and authorizing other processes.
|
2010-05-09 10:02:56 -04:00
|
|
|
*
|
|
|
|
|
* Some operating systems supports looking up the credentials of the
|
|
|
|
|
* remote peer of a communication endpoint - see e.g.
|
|
|
|
|
* g_socket_get_credentials().
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* Some operating systems supports securely sending and receiving
|
|
|
|
|
* credentials over a Unix Domain Socket, see
|
2010-05-06 14:13:59 -04:00
|
|
|
* #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
|
|
|
|
|
* g_unix_connection_receive_credentials() for details.
|
2010-05-09 10:02:56 -04:00
|
|
|
*
|
2020-04-21 14:29:47 +01:00
|
|
|
* On Linux, the native credential type is a `struct ucred` - see the
|
2014-01-31 05:58:17 -05:00
|
|
|
* unix(7) man page for details. This corresponds to
|
2010-07-20 14:02:14 -04:00
|
|
|
* %G_CREDENTIALS_TYPE_LINUX_UCRED.
|
2010-09-09 14:10:01 -04:00
|
|
|
*
|
2018-02-18 15:26:54 +01:00
|
|
|
* On Apple operating systems (including iOS, tvOS, and macOS),
|
|
|
|
|
* the native credential type is a `struct xucred`.
|
|
|
|
|
* This corresponds to %G_CREDENTIALS_TYPE_APPLE_XUCRED.
|
|
|
|
|
*
|
2013-09-19 12:56:56 -04:00
|
|
|
* On FreeBSD, Debian GNU/kFreeBSD, and GNU/Hurd, the native
|
2020-04-21 14:29:47 +01:00
|
|
|
* credential type is a `struct cmsgcred`. This corresponds
|
2013-09-19 12:56:56 -04:00
|
|
|
* to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED.
|
2011-05-27 15:51:08 +02:00
|
|
|
*
|
2020-04-21 14:29:47 +01:00
|
|
|
* On NetBSD, the native credential type is a `struct unpcbid`.
|
2014-04-15 15:09:22 +01:00
|
|
|
* This corresponds to %G_CREDENTIALS_TYPE_NETBSD_UNPCBID.
|
|
|
|
|
*
|
2020-04-21 14:29:47 +01:00
|
|
|
* On OpenBSD, the native credential type is a `struct sockpeercred`.
|
2011-05-27 15:51:08 +02:00
|
|
|
* This corresponds to %G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED.
|
2013-09-19 16:09:38 -04:00
|
|
|
*
|
|
|
|
|
* On Solaris (including OpenSolaris and its derivatives), the native
|
2020-04-21 14:29:47 +01:00
|
|
|
* credential type is a `ucred_t`. This corresponds to
|
2013-09-19 16:09:38 -04:00
|
|
|
* %G_CREDENTIALS_TYPE_SOLARIS_UCRED.
|
2022-01-19 20:35:45 +04:00
|
|
|
*
|
|
|
|
|
* Since GLib 2.72, on Windows, the native credentials may contain the PID of a
|
|
|
|
|
* process. This corresponds to %G_CREDENTIALS_TYPE_WIN32_PID.
|
2010-05-06 14:13:59 -04:00
|
|
|
*/
|
|
|
|
|
|
2010-07-20 14:02:14 -04:00
|
|
|
/**
|
|
|
|
|
* GCredentials:
|
|
|
|
|
*
|
|
|
|
|
* The #GCredentials structure contains only private data and
|
|
|
|
|
* should only be accessed using the provided API.
|
|
|
|
|
*
|
|
|
|
|
* Since: 2.26
|
|
|
|
|
*/
|
|
|
|
|
struct _GCredentials
|
2010-05-06 14:13:59 -04:00
|
|
|
{
|
2010-07-20 14:02:14 -04:00
|
|
|
/*< private >*/
|
|
|
|
|
GObject parent_instance;
|
|
|
|
|
|
2013-09-18 13:40:09 -04:00
|
|
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
2010-05-09 10:02:56 -04:00
|
|
|
struct ucred native;
|
2018-02-18 15:26:54 +01:00
|
|
|
#elif G_CREDENTIALS_USE_APPLE_XUCRED
|
|
|
|
|
struct xucred native;
|
2021-11-24 11:15:05 +01:00
|
|
|
pid_t pid;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
2010-09-09 14:10:01 -04:00
|
|
|
struct cmsgcred native;
|
2014-04-15 15:09:22 +01:00
|
|
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
|
|
struct unpcbid native;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
2011-05-27 15:51:08 +02:00
|
|
|
struct sockpeercred native;
|
2013-09-19 16:09:38 -04:00
|
|
|
#elif G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
ucred_t *native;
|
2022-01-19 20:35:45 +04:00
|
|
|
#elif G_CREDENTIALS_USE_WIN32_PID
|
|
|
|
|
DWORD native;
|
2010-05-09 10:02:56 -04:00
|
|
|
#else
|
2013-09-18 13:40:09 -04:00
|
|
|
#ifdef __GNUC__
|
2018-04-25 16:07:59 +02:00
|
|
|
#pragma GCC diagnostic push
|
|
|
|
|
#pragma GCC diagnostic warning "-Wcpp"
|
2013-09-18 13:40:09 -04:00
|
|
|
#warning Please add GCredentials support for your OS
|
2018-04-25 16:07:59 +02:00
|
|
|
#pragma GCC diagnostic pop
|
2013-09-18 13:40:09 -04:00
|
|
|
#endif
|
2010-05-09 10:02:56 -04:00
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
};
|
|
|
|
|
|
2010-07-20 14:02:14 -04:00
|
|
|
/**
|
|
|
|
|
* GCredentialsClass:
|
|
|
|
|
*
|
|
|
|
|
* Class structure for #GCredentials.
|
|
|
|
|
*
|
|
|
|
|
* Since: 2.26
|
|
|
|
|
*/
|
|
|
|
|
struct _GCredentialsClass
|
|
|
|
|
{
|
|
|
|
|
/*< private >*/
|
|
|
|
|
GObjectClass parent_class;
|
|
|
|
|
};
|
|
|
|
|
|
2014-10-17 11:54:02 +01:00
|
|
|
G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT)
|
2010-05-06 14:13:59 -04:00
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
g_credentials_finalize (GObject *object)
|
|
|
|
|
{
|
2013-09-19 16:09:38 -04:00
|
|
|
#if G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
GCredentials *credentials = G_CREDENTIALS (object);
|
|
|
|
|
|
|
|
|
|
ucred_free (credentials->native);
|
|
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
|
|
|
|
|
if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL)
|
|
|
|
|
G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
g_credentials_class_init (GCredentialsClass *klass)
|
|
|
|
|
{
|
|
|
|
|
GObjectClass *gobject_class;
|
|
|
|
|
|
|
|
|
|
gobject_class = G_OBJECT_CLASS (klass);
|
|
|
|
|
gobject_class->finalize = g_credentials_finalize;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
g_credentials_init (GCredentials *credentials)
|
|
|
|
|
{
|
2013-09-18 13:40:09 -04:00
|
|
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
2010-07-20 14:02:14 -04:00
|
|
|
credentials->native.pid = getpid ();
|
2010-07-30 11:26:43 -04:00
|
|
|
credentials->native.uid = geteuid ();
|
|
|
|
|
credentials->native.gid = getegid ();
|
2018-02-18 15:26:54 +01:00
|
|
|
#elif G_CREDENTIALS_USE_APPLE_XUCRED
|
|
|
|
|
gsize i;
|
|
|
|
|
|
|
|
|
|
credentials->native.cr_version = XUCRED_VERSION;
|
|
|
|
|
credentials->native.cr_uid = geteuid ();
|
|
|
|
|
credentials->native.cr_ngroups = 1;
|
|
|
|
|
credentials->native.cr_groups[0] = getegid ();
|
|
|
|
|
|
|
|
|
|
/* FIXME: In principle this could use getgroups() to fill in the rest
|
|
|
|
|
* of cr_groups, but then we'd have to handle the case where a process
|
|
|
|
|
* can have more than NGROUPS groups, if that's even possible. A macOS
|
|
|
|
|
* user would have to develop and test this.
|
|
|
|
|
*
|
|
|
|
|
* For now we fill it with -1 (meaning "no data"). */
|
|
|
|
|
for (i = 1; i < NGROUPS; i++)
|
|
|
|
|
credentials->native.cr_groups[i] = -1;
|
2021-11-24 11:15:05 +01:00
|
|
|
|
|
|
|
|
credentials->pid = -1;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
2010-09-09 14:10:01 -04:00
|
|
|
memset (&credentials->native, 0, sizeof (struct cmsgcred));
|
|
|
|
|
credentials->native.cmcred_pid = getpid ();
|
|
|
|
|
credentials->native.cmcred_euid = geteuid ();
|
|
|
|
|
credentials->native.cmcred_gid = getegid ();
|
2014-04-15 15:09:22 +01:00
|
|
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
|
|
credentials->native.unp_pid = getpid ();
|
|
|
|
|
credentials->native.unp_euid = geteuid ();
|
|
|
|
|
credentials->native.unp_egid = getegid ();
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
2011-05-27 15:51:08 +02:00
|
|
|
credentials->native.pid = getpid ();
|
|
|
|
|
credentials->native.uid = geteuid ();
|
|
|
|
|
credentials->native.gid = getegid ();
|
2013-09-19 16:09:38 -04:00
|
|
|
#elif G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
credentials->native = ucred_get (P_MYID);
|
2022-01-19 20:35:45 +04:00
|
|
|
#elif G_CREDENTIALS_USE_WIN32_PID
|
|
|
|
|
credentials->native = GetCurrentProcessId ();
|
2010-05-09 10:02:56 -04:00
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* g_credentials_new:
|
|
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* Creates a new #GCredentials object with credentials matching the
|
|
|
|
|
* the current process.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2020-12-15 09:09:59 +00:00
|
|
|
* Returns: (transfer full): A #GCredentials. Free with g_object_unref().
|
2010-05-06 16:02:08 -04:00
|
|
|
*
|
|
|
|
|
* Since: 2.26
|
2010-05-06 14:13:59 -04:00
|
|
|
*/
|
|
|
|
|
GCredentials *
|
|
|
|
|
g_credentials_new (void)
|
|
|
|
|
{
|
|
|
|
|
return g_object_new (G_TYPE_CREDENTIALS, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* g_credentials_to_string:
|
|
|
|
|
* @credentials: A #GCredentials object.
|
|
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* Creates a human-readable textual representation of @credentials
|
|
|
|
|
* that can be used in logging and debug messages. The format of the
|
|
|
|
|
* returned string may change in future GLib release.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2020-12-15 09:09:59 +00:00
|
|
|
* Returns: (transfer full): A string that should be freed with g_free().
|
2010-05-06 16:02:08 -04:00
|
|
|
*
|
|
|
|
|
* Since: 2.26
|
2010-05-06 14:13:59 -04:00
|
|
|
*/
|
|
|
|
|
gchar *
|
|
|
|
|
g_credentials_to_string (GCredentials *credentials)
|
|
|
|
|
{
|
|
|
|
|
GString *ret;
|
2018-02-18 15:26:54 +01:00
|
|
|
#if G_CREDENTIALS_USE_APPLE_XUCRED
|
2020-07-25 15:05:51 -04:00
|
|
|
glib_typeof (credentials->native.cr_ngroups) i;
|
2018-02-18 15:26:54 +01:00
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
|
|
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
|
|
|
|
|
|
|
|
|
|
ret = g_string_new ("GCredentials:");
|
2013-09-18 13:40:09 -04:00
|
|
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
2010-07-20 14:02:14 -04:00
|
|
|
g_string_append (ret, "linux-ucred:");
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.pid != (pid_t) -1)
|
2010-07-20 14:02:14 -04:00
|
|
|
g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.uid != (uid_t) -1)
|
2010-07-20 14:02:14 -04:00
|
|
|
g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.gid != (gid_t) -1)
|
2010-07-20 14:02:14 -04:00
|
|
|
g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
|
2010-05-06 14:13:59 -04:00
|
|
|
if (ret->str[ret->len - 1] == ',')
|
|
|
|
|
ret->str[ret->len - 1] = '\0';
|
2018-02-18 15:26:54 +01:00
|
|
|
#elif G_CREDENTIALS_USE_APPLE_XUCRED
|
|
|
|
|
g_string_append (ret, "apple-xucred:");
|
|
|
|
|
g_string_append_printf (ret, "version=%u,", credentials->native.cr_version);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.cr_uid != (uid_t) -1)
|
2018-02-18 15:26:54 +01:00
|
|
|
g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_uid);
|
|
|
|
|
for (i = 0; i < credentials->native.cr_ngroups; i++)
|
|
|
|
|
g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_groups[i]);
|
|
|
|
|
if (ret->str[ret->len - 1] == ',')
|
|
|
|
|
ret->str[ret->len - 1] = '\0';
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
2010-09-09 14:10:01 -04:00
|
|
|
g_string_append (ret, "freebsd-cmsgcred:");
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.cmcred_pid != (pid_t) -1)
|
2010-09-09 14:10:01 -04:00
|
|
|
g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_pid);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.cmcred_euid != (uid_t) -1)
|
2010-09-09 14:10:01 -04:00
|
|
|
g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_euid);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.cmcred_gid != (gid_t) -1)
|
2010-09-09 14:10:01 -04:00
|
|
|
g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_gid);
|
2014-04-15 15:09:22 +01:00
|
|
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
|
|
g_string_append (ret, "netbsd-unpcbid:");
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.unp_pid != (pid_t) -1)
|
2014-04-15 15:09:22 +01:00
|
|
|
g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_pid);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.unp_euid != (uid_t) -1)
|
2014-04-15 15:09:22 +01:00
|
|
|
g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_euid);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.unp_egid != (gid_t) -1)
|
2014-04-15 15:09:22 +01:00
|
|
|
g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_egid);
|
|
|
|
|
ret->str[ret->len - 1] = '\0';
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
2011-05-27 15:51:08 +02:00
|
|
|
g_string_append (ret, "openbsd-sockpeercred:");
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.pid != (pid_t) -1)
|
2011-05-27 15:51:08 +02:00
|
|
|
g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.uid != (uid_t) -1)
|
2011-05-27 15:51:08 +02:00
|
|
|
g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
|
2020-11-16 23:40:47 +01:00
|
|
|
if (credentials->native.gid != (gid_t) -1)
|
2011-05-27 15:51:08 +02:00
|
|
|
g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
|
|
|
|
|
if (ret->str[ret->len - 1] == ',')
|
|
|
|
|
ret->str[ret->len - 1] = '\0';
|
2013-09-19 16:09:38 -04:00
|
|
|
#elif G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
g_string_append (ret, "solaris-ucred:");
|
|
|
|
|
{
|
|
|
|
|
id_t id;
|
2020-11-16 23:40:47 +01:00
|
|
|
if ((id = ucred_getpid (credentials->native)) != (id_t) -1)
|
2013-09-19 16:09:38 -04:00
|
|
|
g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) id);
|
2020-11-16 23:40:47 +01:00
|
|
|
if ((id = ucred_geteuid (credentials->native)) != (id_t) -1)
|
2013-09-19 16:09:38 -04:00
|
|
|
g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) id);
|
2020-11-16 23:40:47 +01:00
|
|
|
if ((id = ucred_getegid (credentials->native)) != (id_t) -1)
|
2013-09-19 16:09:38 -04:00
|
|
|
g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) id);
|
|
|
|
|
if (ret->str[ret->len - 1] == ',')
|
|
|
|
|
ret->str[ret->len - 1] = '\0';
|
|
|
|
|
}
|
2022-01-19 20:35:45 +04:00
|
|
|
#elif G_CREDENTIALS_USE_WIN32_PID
|
|
|
|
|
g_string_append_printf (ret, "win32-pid:pid=%lu", credentials->native);
|
2010-05-09 10:02:56 -04:00
|
|
|
#else
|
|
|
|
|
g_string_append (ret, "unknown");
|
|
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
|
|
|
|
|
return g_string_free (ret, FALSE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
credentials: Invalid Linux struct ucred means "no information"
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
might expect it to fail with an appropriate error like ENOTSUP or
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
yields a credentials structure with pid 0, uid -1 and gid -1. These
are not real process, user and group IDs that can be allocated to a
real process (pid 0 needs to be reserved to give kill(0) its documented
special semantics, and similarly uid and gid -1 need to be reserved for
setresuid() and setresgid()) so it is not meaningful to signal them to
high-level API users.
An API user with Linux-specific knowledge can still inspect these fields
via g_credentials_get_native() if desired.
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
on a receiving Unix socket, but the sending socket had not enabled
SO_PASSCRED at the time that the message was sent, it is possible
for it to succeed but yield a credentials structure with pid 0, uid
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
if we were to read those pseudo-files, we cannot distinguish between
the overflow IDs and a real process that legitimately has the same IDs
(typically they are set to 'nobody' and 'nogroup', which can be used
by a real process), so we detect this situation by noticing that
pid == 0, and to save syscalls we do not read the overflow IDs from
/proc at all.
This results in a small API change: g_credentials_is_same_user() now
returns FALSE if we compare two credentials structures that are both
invalid. This seems like reasonable, conservative behaviour: if we cannot
prove that they are the same user, we should assume they are not.
Signed-off-by: Simon McVittie <smcv@collabora.com>
2019-10-18 10:55:09 +01:00
|
|
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
|
|
|
/*
|
|
|
|
|
* Check whether @native contains invalid data. If getsockopt SO_PEERCRED
|
|
|
|
|
* is used on a TCP socket, it succeeds but yields a credentials structure
|
|
|
|
|
* with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
|
|
|
|
|
* receiving Unix socket when the sending socket did not also enable
|
|
|
|
|
* SO_PASSCRED, it can succeed but yield a credentials structure with
|
|
|
|
|
* pid 0, uid /proc/sys/kernel/overflowuid and gid
|
|
|
|
|
* /proc/sys/kernel/overflowgid.
|
|
|
|
|
*/
|
|
|
|
|
static gboolean
|
|
|
|
|
linux_ucred_check_valid (struct ucred *native,
|
|
|
|
|
GError **error)
|
|
|
|
|
{
|
|
|
|
|
if (native->pid == 0
|
2020-11-16 23:44:10 +01:00
|
|
|
|| native->uid == (uid_t) -1
|
|
|
|
|
|| native->gid == (gid_t) -1)
|
credentials: Invalid Linux struct ucred means "no information"
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
might expect it to fail with an appropriate error like ENOTSUP or
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
yields a credentials structure with pid 0, uid -1 and gid -1. These
are not real process, user and group IDs that can be allocated to a
real process (pid 0 needs to be reserved to give kill(0) its documented
special semantics, and similarly uid and gid -1 need to be reserved for
setresuid() and setresgid()) so it is not meaningful to signal them to
high-level API users.
An API user with Linux-specific knowledge can still inspect these fields
via g_credentials_get_native() if desired.
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
on a receiving Unix socket, but the sending socket had not enabled
SO_PASSCRED at the time that the message was sent, it is possible
for it to succeed but yield a credentials structure with pid 0, uid
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
if we were to read those pseudo-files, we cannot distinguish between
the overflow IDs and a real process that legitimately has the same IDs
(typically they are set to 'nobody' and 'nogroup', which can be used
by a real process), so we detect this situation by noticing that
pid == 0, and to save syscalls we do not read the overflow IDs from
/proc at all.
This results in a small API change: g_credentials_is_same_user() now
returns FALSE if we compare two credentials structures that are both
invalid. This seems like reasonable, conservative behaviour: if we cannot
prove that they are the same user, we should assume they are not.
Signed-off-by: Simon McVittie <smcv@collabora.com>
2019-10-18 10:55:09 +01:00
|
|
|
{
|
|
|
|
|
g_set_error_literal (error,
|
|
|
|
|
G_IO_ERROR,
|
|
|
|
|
G_IO_ERROR_INVALID_DATA,
|
|
|
|
|
_("GCredentials contains invalid data"));
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2010-05-06 14:13:59 -04:00
|
|
|
/**
|
2010-05-09 10:02:56 -04:00
|
|
|
* g_credentials_is_same_user:
|
2010-05-06 14:13:59 -04:00
|
|
|
* @credentials: A #GCredentials.
|
2010-05-09 10:02:56 -04:00
|
|
|
* @other_credentials: A #GCredentials.
|
|
|
|
|
* @error: Return location for error or %NULL.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* Checks if @credentials and @other_credentials is the same user.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* This operation can fail if #GCredentials is not supported on the
|
|
|
|
|
* the OS.
|
|
|
|
|
*
|
|
|
|
|
* Returns: %TRUE if @credentials and @other_credentials has the same
|
|
|
|
|
* user, %FALSE otherwise or if @error is set.
|
2010-05-06 16:02:08 -04:00
|
|
|
*
|
|
|
|
|
* Since: 2.26
|
2010-05-06 14:13:59 -04:00
|
|
|
*/
|
|
|
|
|
gboolean
|
2010-05-09 10:02:56 -04:00
|
|
|
g_credentials_is_same_user (GCredentials *credentials,
|
|
|
|
|
GCredentials *other_credentials,
|
|
|
|
|
GError **error)
|
2010-05-06 14:13:59 -04:00
|
|
|
{
|
2010-05-09 10:02:56 -04:00
|
|
|
gboolean ret;
|
|
|
|
|
|
2010-05-06 14:13:59 -04:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
|
2010-05-09 10:02:56 -04:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials), FALSE);
|
|
|
|
|
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2010-05-09 10:02:56 -04:00
|
|
|
ret = FALSE;
|
2013-09-18 13:40:09 -04:00
|
|
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
credentials: Invalid Linux struct ucred means "no information"
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
might expect it to fail with an appropriate error like ENOTSUP or
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
yields a credentials structure with pid 0, uid -1 and gid -1. These
are not real process, user and group IDs that can be allocated to a
real process (pid 0 needs to be reserved to give kill(0) its documented
special semantics, and similarly uid and gid -1 need to be reserved for
setresuid() and setresgid()) so it is not meaningful to signal them to
high-level API users.
An API user with Linux-specific knowledge can still inspect these fields
via g_credentials_get_native() if desired.
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
on a receiving Unix socket, but the sending socket had not enabled
SO_PASSCRED at the time that the message was sent, it is possible
for it to succeed but yield a credentials structure with pid 0, uid
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
if we were to read those pseudo-files, we cannot distinguish between
the overflow IDs and a real process that legitimately has the same IDs
(typically they are set to 'nobody' and 'nogroup', which can be used
by a real process), so we detect this situation by noticing that
pid == 0, and to save syscalls we do not read the overflow IDs from
/proc at all.
This results in a small API change: g_credentials_is_same_user() now
returns FALSE if we compare two credentials structures that are both
invalid. This seems like reasonable, conservative behaviour: if we cannot
prove that they are the same user, we should assume they are not.
Signed-off-by: Simon McVittie <smcv@collabora.com>
2019-10-18 10:55:09 +01:00
|
|
|
if (linux_ucred_check_valid (&credentials->native, NULL)
|
|
|
|
|
&& credentials->native.uid == other_credentials->native.uid)
|
2010-05-09 10:02:56 -04:00
|
|
|
ret = TRUE;
|
2018-02-18 15:26:54 +01:00
|
|
|
#elif G_CREDENTIALS_USE_APPLE_XUCRED
|
|
|
|
|
if (credentials->native.cr_version == other_credentials->native.cr_version &&
|
|
|
|
|
credentials->native.cr_uid == other_credentials->native.cr_uid)
|
|
|
|
|
ret = TRUE;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
2010-09-09 14:10:01 -04:00
|
|
|
if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
|
|
|
|
|
ret = TRUE;
|
2014-04-15 15:09:22 +01:00
|
|
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
|
|
if (credentials->native.unp_euid == other_credentials->native.unp_euid)
|
|
|
|
|
ret = TRUE;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
2011-05-27 15:51:08 +02:00
|
|
|
if (credentials->native.uid == other_credentials->native.uid)
|
|
|
|
|
ret = TRUE;
|
2013-09-19 16:09:38 -04:00
|
|
|
#elif G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
if (ucred_geteuid (credentials->native) == ucred_geteuid (other_credentials->native))
|
|
|
|
|
ret = TRUE;
|
2010-05-09 10:02:56 -04:00
|
|
|
#else
|
|
|
|
|
g_set_error_literal (error,
|
|
|
|
|
G_IO_ERROR,
|
|
|
|
|
G_IO_ERROR_NOT_SUPPORTED,
|
|
|
|
|
_("GCredentials is not implemented on this OS"));
|
|
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2010-05-09 10:02:56 -04:00
|
|
|
return ret;
|
2010-05-06 14:13:59 -04:00
|
|
|
}
|
|
|
|
|
|
2013-09-18 13:40:09 -04:00
|
|
|
static gboolean
|
|
|
|
|
credentials_native_type_check (GCredentialsType requested_type,
|
|
|
|
|
const char *op)
|
|
|
|
|
{
|
|
|
|
|
GEnumClass *enum_class;
|
|
|
|
|
GEnumValue *requested;
|
|
|
|
|
#if G_CREDENTIALS_SUPPORTED
|
|
|
|
|
GEnumValue *supported;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if G_CREDENTIALS_SUPPORTED
|
|
|
|
|
if (requested_type == G_CREDENTIALS_NATIVE_TYPE)
|
|
|
|
|
return TRUE;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
enum_class = g_type_class_ref (g_credentials_type_get_type ());
|
|
|
|
|
requested = g_enum_get_value (enum_class, requested_type);
|
|
|
|
|
|
|
|
|
|
#if G_CREDENTIALS_SUPPORTED
|
|
|
|
|
supported = g_enum_get_value (enum_class, G_CREDENTIALS_NATIVE_TYPE);
|
2014-07-22 14:31:25 -04:00
|
|
|
g_assert (supported);
|
2013-09-18 13:40:09 -04:00
|
|
|
g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
|
|
|
|
|
"but only %s is supported on this platform.",
|
|
|
|
|
op, op,
|
|
|
|
|
requested ? requested->value_name : "(unknown)",
|
|
|
|
|
supported->value_name);
|
|
|
|
|
#else
|
|
|
|
|
g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
|
|
|
|
|
"but there is no support for GCredentials on this platform.",
|
|
|
|
|
op, op,
|
|
|
|
|
requested ? requested->value_name : "(unknown)");
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
g_type_class_unref (enum_class);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-06 14:13:59 -04:00
|
|
|
/**
|
2010-09-24 18:24:41 -03:00
|
|
|
* g_credentials_get_native: (skip)
|
2010-05-06 14:13:59 -04:00
|
|
|
* @credentials: A #GCredentials.
|
2010-07-20 14:02:14 -04:00
|
|
|
* @native_type: The type of native credentials to get.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-07-20 14:02:14 -04:00
|
|
|
* Gets a pointer to native credentials of type @native_type from
|
2010-05-09 10:02:56 -04:00
|
|
|
* @credentials.
|
2010-05-06 16:02:08 -04:00
|
|
|
*
|
2019-08-23 21:45:16 +00:00
|
|
|
* It is a programming error (which will cause a warning to be
|
2010-07-20 14:02:14 -04:00
|
|
|
* logged) to use this method if there is no #GCredentials support for
|
|
|
|
|
* the OS or if @native_type isn't supported by the OS.
|
|
|
|
|
*
|
2020-12-15 09:09:59 +00:00
|
|
|
* Returns: (transfer none) (nullable): The pointer to native credentials or
|
|
|
|
|
* %NULL if there is no #GCredentials support for the OS or if @native_type
|
|
|
|
|
* isn't supported by the OS. Do not free the returned data, it is owned
|
|
|
|
|
* by @credentials.
|
2010-07-20 14:02:14 -04:00
|
|
|
*
|
2010-05-06 16:02:08 -04:00
|
|
|
* Since: 2.26
|
2010-05-06 14:13:59 -04:00
|
|
|
*/
|
2010-05-09 10:02:56 -04:00
|
|
|
gpointer
|
2010-07-20 14:02:14 -04:00
|
|
|
g_credentials_get_native (GCredentials *credentials,
|
|
|
|
|
GCredentialsType native_type)
|
2010-05-06 14:13:59 -04:00
|
|
|
{
|
2010-05-09 10:02:56 -04:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2013-09-18 13:40:09 -04:00
|
|
|
if (!credentials_native_type_check (native_type, "get"))
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2013-09-19 16:09:38 -04:00
|
|
|
#if G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
return credentials->native;
|
|
|
|
|
#elif G_CREDENTIALS_SUPPORTED
|
2013-09-18 13:40:09 -04:00
|
|
|
return &credentials->native;
|
2010-05-09 10:02:56 -04:00
|
|
|
#else
|
2013-09-18 13:40:09 -04:00
|
|
|
g_assert_not_reached ();
|
2010-05-09 10:02:56 -04:00
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2010-05-09 10:02:56 -04:00
|
|
|
* g_credentials_set_native:
|
2010-05-06 14:13:59 -04:00
|
|
|
* @credentials: A #GCredentials.
|
2010-07-20 14:02:14 -04:00
|
|
|
* @native_type: The type of native credentials to set.
|
2013-12-06 12:23:09 +00:00
|
|
|
* @native: (not nullable): A pointer to native credentials.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-07-20 14:02:14 -04:00
|
|
|
* Copies the native credentials of type @native_type from @native
|
|
|
|
|
* into @credentials.
|
2010-05-09 10:02:56 -04:00
|
|
|
*
|
2019-08-23 21:45:16 +00:00
|
|
|
* It is a programming error (which will cause a warning to be
|
2010-05-09 10:02:56 -04:00
|
|
|
* logged) to use this method if there is no #GCredentials support for
|
2010-07-20 14:02:14 -04:00
|
|
|
* the OS or if @native_type isn't supported by the OS.
|
2010-05-06 16:02:08 -04:00
|
|
|
*
|
|
|
|
|
* Since: 2.26
|
2010-05-06 14:13:59 -04:00
|
|
|
*/
|
|
|
|
|
void
|
2010-07-20 14:02:14 -04:00
|
|
|
g_credentials_set_native (GCredentials *credentials,
|
|
|
|
|
GCredentialsType native_type,
|
|
|
|
|
gpointer native)
|
2010-05-06 14:13:59 -04:00
|
|
|
{
|
2013-09-18 13:40:09 -04:00
|
|
|
if (!credentials_native_type_check (native_type, "set"))
|
|
|
|
|
return;
|
|
|
|
|
|
2013-09-19 16:09:38 -04:00
|
|
|
#if G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
memcpy (credentials->native, native, ucred_size ());
|
|
|
|
|
#elif G_CREDENTIALS_SUPPORTED
|
2013-09-18 13:40:09 -04:00
|
|
|
memcpy (&credentials->native, native, sizeof (credentials->native));
|
2010-05-09 10:02:56 -04:00
|
|
|
#else
|
2013-09-18 13:40:09 -04:00
|
|
|
g_assert_not_reached ();
|
2010-05-09 10:02:56 -04:00
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
2010-05-09 10:02:56 -04:00
|
|
|
#ifdef G_OS_UNIX
|
2010-05-06 14:13:59 -04:00
|
|
|
/**
|
2010-05-09 10:02:56 -04:00
|
|
|
* g_credentials_get_unix_user:
|
|
|
|
|
* @credentials: A #GCredentials
|
|
|
|
|
* @error: Return location for error or %NULL.
|
2010-05-06 16:02:08 -04:00
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* Tries to get the UNIX user identifier from @credentials. This
|
|
|
|
|
* method is only available on UNIX platforms.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* This operation can fail if #GCredentials is not supported on the
|
|
|
|
|
* OS or if the native credentials type does not contain information
|
|
|
|
|
* about the UNIX user.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2020-12-15 09:10:19 +00:00
|
|
|
* Returns: The UNIX user identifier or `-1` if @error is set.
|
2010-05-06 16:02:08 -04:00
|
|
|
*
|
|
|
|
|
* Since: 2.26
|
2010-05-06 14:13:59 -04:00
|
|
|
*/
|
2010-05-09 10:02:56 -04:00
|
|
|
uid_t
|
|
|
|
|
g_credentials_get_unix_user (GCredentials *credentials,
|
|
|
|
|
GError **error)
|
2010-05-06 14:13:59 -04:00
|
|
|
{
|
2010-05-09 10:02:56 -04:00
|
|
|
uid_t ret;
|
|
|
|
|
|
2010-05-06 14:13:59 -04:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
|
2010-05-09 10:02:56 -04:00
|
|
|
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2013-09-18 13:40:09 -04:00
|
|
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
credentials: Invalid Linux struct ucred means "no information"
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
might expect it to fail with an appropriate error like ENOTSUP or
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
yields a credentials structure with pid 0, uid -1 and gid -1. These
are not real process, user and group IDs that can be allocated to a
real process (pid 0 needs to be reserved to give kill(0) its documented
special semantics, and similarly uid and gid -1 need to be reserved for
setresuid() and setresgid()) so it is not meaningful to signal them to
high-level API users.
An API user with Linux-specific knowledge can still inspect these fields
via g_credentials_get_native() if desired.
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
on a receiving Unix socket, but the sending socket had not enabled
SO_PASSCRED at the time that the message was sent, it is possible
for it to succeed but yield a credentials structure with pid 0, uid
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
if we were to read those pseudo-files, we cannot distinguish between
the overflow IDs and a real process that legitimately has the same IDs
(typically they are set to 'nobody' and 'nogroup', which can be used
by a real process), so we detect this situation by noticing that
pid == 0, and to save syscalls we do not read the overflow IDs from
/proc at all.
This results in a small API change: g_credentials_is_same_user() now
returns FALSE if we compare two credentials structures that are both
invalid. This seems like reasonable, conservative behaviour: if we cannot
prove that they are the same user, we should assume they are not.
Signed-off-by: Simon McVittie <smcv@collabora.com>
2019-10-18 10:55:09 +01:00
|
|
|
if (linux_ucred_check_valid (&credentials->native, error))
|
|
|
|
|
ret = credentials->native.uid;
|
|
|
|
|
else
|
|
|
|
|
ret = -1;
|
2018-02-18 15:26:54 +01:00
|
|
|
#elif G_CREDENTIALS_USE_APPLE_XUCRED
|
|
|
|
|
if (credentials->native.cr_version == XUCRED_VERSION)
|
|
|
|
|
{
|
|
|
|
|
ret = credentials->native.cr_uid;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
|
|
|
|
|
/* No point in translating the part in parentheses... */
|
|
|
|
|
"%s (struct xucred cr_version %u != %u)",
|
|
|
|
|
_("There is no GCredentials support for your platform"),
|
|
|
|
|
credentials->native.cr_version,
|
|
|
|
|
XUCRED_VERSION);
|
|
|
|
|
ret = -1;
|
|
|
|
|
}
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
2010-09-09 14:10:01 -04:00
|
|
|
ret = credentials->native.cmcred_euid;
|
2014-04-15 15:09:22 +01:00
|
|
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
|
|
ret = credentials->native.unp_euid;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
2011-05-27 15:51:08 +02:00
|
|
|
ret = credentials->native.uid;
|
2013-09-19 16:09:38 -04:00
|
|
|
#elif G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
ret = ucred_geteuid (credentials->native);
|
2010-05-09 10:02:56 -04:00
|
|
|
#else
|
|
|
|
|
ret = -1;
|
|
|
|
|
g_set_error_literal (error,
|
|
|
|
|
G_IO_ERROR,
|
|
|
|
|
G_IO_ERROR_NOT_SUPPORTED,
|
2010-05-18 23:45:54 +02:00
|
|
|
_("There is no GCredentials support for your platform"));
|
2010-05-09 10:02:56 -04:00
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2010-05-09 10:02:56 -04:00
|
|
|
return ret;
|
|
|
|
|
}
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2012-11-08 14:08:24 +00:00
|
|
|
/**
|
|
|
|
|
* g_credentials_get_unix_pid:
|
|
|
|
|
* @credentials: A #GCredentials
|
|
|
|
|
* @error: Return location for error or %NULL.
|
|
|
|
|
*
|
|
|
|
|
* Tries to get the UNIX process identifier from @credentials. This
|
|
|
|
|
* method is only available on UNIX platforms.
|
|
|
|
|
*
|
|
|
|
|
* This operation can fail if #GCredentials is not supported on the
|
|
|
|
|
* OS or if the native credentials type does not contain information
|
2021-11-24 11:15:05 +01:00
|
|
|
* about the UNIX process ID.
|
2012-11-08 14:08:24 +00:00
|
|
|
*
|
2020-12-15 09:10:19 +00:00
|
|
|
* Returns: The UNIX process ID, or `-1` if @error is set.
|
2012-11-08 14:08:24 +00:00
|
|
|
*
|
|
|
|
|
* Since: 2.36
|
|
|
|
|
*/
|
|
|
|
|
pid_t
|
|
|
|
|
g_credentials_get_unix_pid (GCredentials *credentials,
|
|
|
|
|
GError **error)
|
|
|
|
|
{
|
|
|
|
|
pid_t ret;
|
|
|
|
|
|
|
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
|
|
|
|
|
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
|
|
|
|
|
2013-09-18 13:40:09 -04:00
|
|
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
credentials: Invalid Linux struct ucred means "no information"
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
might expect it to fail with an appropriate error like ENOTSUP or
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
yields a credentials structure with pid 0, uid -1 and gid -1. These
are not real process, user and group IDs that can be allocated to a
real process (pid 0 needs to be reserved to give kill(0) its documented
special semantics, and similarly uid and gid -1 need to be reserved for
setresuid() and setresgid()) so it is not meaningful to signal them to
high-level API users.
An API user with Linux-specific knowledge can still inspect these fields
via g_credentials_get_native() if desired.
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
on a receiving Unix socket, but the sending socket had not enabled
SO_PASSCRED at the time that the message was sent, it is possible
for it to succeed but yield a credentials structure with pid 0, uid
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
if we were to read those pseudo-files, we cannot distinguish between
the overflow IDs and a real process that legitimately has the same IDs
(typically they are set to 'nobody' and 'nogroup', which can be used
by a real process), so we detect this situation by noticing that
pid == 0, and to save syscalls we do not read the overflow IDs from
/proc at all.
This results in a small API change: g_credentials_is_same_user() now
returns FALSE if we compare two credentials structures that are both
invalid. This seems like reasonable, conservative behaviour: if we cannot
prove that they are the same user, we should assume they are not.
Signed-off-by: Simon McVittie <smcv@collabora.com>
2019-10-18 10:55:09 +01:00
|
|
|
if (linux_ucred_check_valid (&credentials->native, error))
|
|
|
|
|
ret = credentials->native.pid;
|
|
|
|
|
else
|
|
|
|
|
ret = -1;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
2012-11-08 14:08:24 +00:00
|
|
|
ret = credentials->native.cmcred_pid;
|
2014-04-15 15:09:22 +01:00
|
|
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
|
|
ret = credentials->native.unp_pid;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
2012-11-08 14:08:24 +00:00
|
|
|
ret = credentials->native.pid;
|
2013-09-19 16:09:38 -04:00
|
|
|
#elif G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
|
|
ret = ucred_getpid (credentials->native);
|
2022-01-19 20:35:45 +04:00
|
|
|
#elif G_CREDENTIALS_USE_WIN32_PID
|
|
|
|
|
ret = credentials->native;
|
2012-11-08 14:08:24 +00:00
|
|
|
#else
|
2021-11-24 11:15:05 +01:00
|
|
|
|
|
|
|
|
#if G_CREDENTIALS_USE_APPLE_XUCRED
|
|
|
|
|
ret = credentials->pid;
|
|
|
|
|
#else
|
2012-11-08 14:08:24 +00:00
|
|
|
ret = -1;
|
2021-11-24 11:15:05 +01:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (ret == -1)
|
|
|
|
|
g_set_error_literal (error,
|
|
|
|
|
G_IO_ERROR,
|
|
|
|
|
G_IO_ERROR_NOT_SUPPORTED,
|
|
|
|
|
_("GCredentials does not contain a process ID on this OS"));
|
2012-11-08 14:08:24 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-06 14:13:59 -04:00
|
|
|
/**
|
2010-05-09 10:02:56 -04:00
|
|
|
* g_credentials_set_unix_user:
|
2010-05-06 14:13:59 -04:00
|
|
|
* @credentials: A #GCredentials.
|
2010-05-09 10:02:56 -04:00
|
|
|
* @uid: The UNIX user identifier to set.
|
|
|
|
|
* @error: Return location for error or %NULL.
|
|
|
|
|
*
|
|
|
|
|
* Tries to set the UNIX user identifier on @credentials. This method
|
|
|
|
|
* is only available on UNIX platforms.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* This operation can fail if #GCredentials is not supported on the
|
|
|
|
|
* OS or if the native credentials type does not contain information
|
2013-09-19 16:09:38 -04:00
|
|
|
* about the UNIX user. It can also fail if the OS does not allow the
|
|
|
|
|
* use of "spoofed" credentials.
|
2010-05-06 14:13:59 -04:00
|
|
|
*
|
2010-05-09 10:02:56 -04:00
|
|
|
* Returns: %TRUE if @uid was set, %FALSE if error is set.
|
2010-05-06 16:02:08 -04:00
|
|
|
*
|
|
|
|
|
* Since: 2.26
|
2010-05-06 14:13:59 -04:00
|
|
|
*/
|
|
|
|
|
gboolean
|
2010-05-09 10:02:56 -04:00
|
|
|
g_credentials_set_unix_user (GCredentials *credentials,
|
|
|
|
|
uid_t uid,
|
|
|
|
|
GError **error)
|
2010-05-06 14:13:59 -04:00
|
|
|
{
|
2019-05-01 12:53:56 +01:00
|
|
|
gboolean ret = FALSE;
|
2010-05-09 10:02:56 -04:00
|
|
|
|
2010-05-06 14:13:59 -04:00
|
|
|
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
|
2020-11-16 23:44:10 +01:00
|
|
|
g_return_val_if_fail (uid != (uid_t) -1, FALSE);
|
2010-05-09 10:02:56 -04:00
|
|
|
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2013-09-18 13:40:09 -04:00
|
|
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
2010-07-20 14:02:14 -04:00
|
|
|
credentials->native.uid = uid;
|
2010-05-09 10:02:56 -04:00
|
|
|
ret = TRUE;
|
2018-02-18 15:26:54 +01:00
|
|
|
#elif G_CREDENTIALS_USE_APPLE_XUCRED
|
|
|
|
|
credentials->native.cr_uid = uid;
|
|
|
|
|
ret = TRUE;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
2010-09-09 14:10:01 -04:00
|
|
|
credentials->native.cmcred_euid = uid;
|
|
|
|
|
ret = TRUE;
|
2014-04-15 15:09:22 +01:00
|
|
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
|
|
credentials->native.unp_euid = uid;
|
|
|
|
|
ret = TRUE;
|
2013-09-18 13:40:09 -04:00
|
|
|
#elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
2011-05-27 15:51:08 +02:00
|
|
|
credentials->native.uid = uid;
|
|
|
|
|
ret = TRUE;
|
2013-09-19 16:09:38 -04:00
|
|
|
#elif !G_CREDENTIALS_SPOOFING_SUPPORTED
|
|
|
|
|
g_set_error_literal (error,
|
|
|
|
|
G_IO_ERROR,
|
|
|
|
|
G_IO_ERROR_PERMISSION_DENIED,
|
|
|
|
|
_("Credentials spoofing is not possible on this OS"));
|
|
|
|
|
ret = FALSE;
|
2010-05-09 10:02:56 -04:00
|
|
|
#else
|
|
|
|
|
g_set_error_literal (error,
|
|
|
|
|
G_IO_ERROR,
|
|
|
|
|
G_IO_ERROR_NOT_SUPPORTED,
|
|
|
|
|
_("GCredentials is not implemented on this OS"));
|
2013-09-19 16:09:38 -04:00
|
|
|
ret = FALSE;
|
2010-05-09 10:02:56 -04:00
|
|
|
#endif
|
2010-05-06 14:13:59 -04:00
|
|
|
|
2010-05-09 10:02:56 -04:00
|
|
|
return ret;
|
2010-05-06 14:13:59 -04:00
|
|
|
}
|
2012-11-08 14:08:24 +00:00
|
|
|
|
2021-11-24 11:15:05 +01:00
|
|
|
#ifdef __APPLE__
|
|
|
|
|
void
|
|
|
|
|
_g_credentials_set_local_peerid (GCredentials *credentials,
|
|
|
|
|
pid_t pid)
|
|
|
|
|
{
|
|
|
|
|
g_return_if_fail (G_IS_CREDENTIALS (credentials));
|
|
|
|
|
g_return_if_fail (pid >= 0);
|
|
|
|
|
|
|
|
|
|
credentials->pid = pid;
|
|
|
|
|
}
|
|
|
|
|
#endif /* __APPLE__ */
|
|
|
|
|
|
2010-05-09 10:02:56 -04:00
|
|
|
#endif /* G_OS_UNIX */
|