Merge branch 'dbus-external-sid' into 'main'

gdbus: make client work with EXTERNAL on Windows

See merge request GNOME/glib!2429
This commit is contained in:
Simon McVittie 2022-01-19 18:38:20 +00:00
commit cc2b28b68c
6 changed files with 314 additions and 74 deletions

View File

@ -29,6 +29,10 @@
#include "glibintl.h"
#ifdef G_OS_WIN32
#include "gwin32sid.h"
#endif
struct _GDBusAuthMechanismExternalPrivate
{
gboolean is_client;
@ -124,11 +128,17 @@ static gboolean
mechanism_is_supported (GDBusAuthMechanism *mechanism)
{
g_return_val_if_fail (G_IS_DBUS_AUTH_MECHANISM_EXTERNAL (mechanism), FALSE);
#if defined(G_OS_WIN32)
/* all that is required is current process SID */
return TRUE;
#else
/* This mechanism is only available if credentials has been exchanged */
if (_g_dbus_auth_mechanism_get_credentials (mechanism) != NULL)
return TRUE;
else
return FALSE;
#endif
}
static gint
@ -329,32 +339,39 @@ mechanism_client_initiate (GDBusAuthMechanism *mechanism,
{
GDBusAuthMechanismExternal *m = G_DBUS_AUTH_MECHANISM_EXTERNAL (mechanism);
gchar *initial_response = NULL;
#if defined(G_OS_UNIX)
GCredentials *credentials;
#endif
g_return_val_if_fail (G_IS_DBUS_AUTH_MECHANISM_EXTERNAL (mechanism), NULL);
g_return_val_if_fail (!m->priv->is_server && !m->priv->is_client, NULL);
m->priv->is_client = TRUE;
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_ACCEPTED;
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_REJECTED;
*out_initial_response_len = 0;
/* return the uid */
#if defined(G_OS_UNIX)
credentials = _g_dbus_auth_mechanism_get_credentials (mechanism);
g_assert (credentials != NULL);
/* return the uid */
#if defined(G_OS_UNIX)
initial_response = g_strdup_printf ("%" G_GINT64_FORMAT, (gint64) g_credentials_get_unix_user (credentials, NULL));
*out_initial_response_len = strlen (initial_response);
#elif defined(G_OS_WIN32)
initial_response = _g_win32_current_process_sid_string (NULL);
#else
#ifdef __GNUC__
#pragma GCC diagnostic push
#pragma GCC diagnostic warning "-Wcpp"
#warning Dont know how to send credentials on this OS. The EXTERNAL D-Bus authentication mechanism will not work.
#pragma GCC diagnostic pop
#endif
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_REJECTED;
#endif
if (initial_response)
{
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_ACCEPTED;
*out_initial_response_len = strlen (initial_response);
}
return initial_response;
}

View File

@ -32,6 +32,7 @@
#endif
#ifdef G_OS_WIN32
#include <io.h>
#include "gwin32sid.h"
#endif
#include "gdbusauthmechanismsha1.h"
@ -990,9 +991,12 @@ mechanism_server_initiate (GDBusAuthMechanism *mechanism,
}
#elif defined(G_OS_WIN32)
gchar *sid;
sid = _g_dbus_win32_get_user_sid ();
sid = _g_win32_current_process_sid_string (NULL);
if (g_strcmp0 (initial_response, sid) == 0)
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND;
g_free (sid);
#else
#error Please implement for your OS
@ -1142,20 +1146,25 @@ mechanism_client_initiate (GDBusAuthMechanism *mechanism,
g_return_val_if_fail (!m->priv->is_server && !m->priv->is_client, NULL);
m->priv->is_client = TRUE;
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA;
*out_initial_response_len = 0;
#ifdef G_OS_UNIX
initial_response = g_strdup_printf ("%" G_GINT64_FORMAT, (gint64) getuid ());
*out_initial_response_len = strlen (initial_response);
#elif defined (G_OS_WIN32)
initial_response = _g_dbus_win32_get_user_sid ();
*out_initial_response_len = strlen (initial_response);
initial_response = _g_win32_current_process_sid_string (NULL);
#else
#error Please implement for your OS
#endif
g_assert (initial_response != NULL);
if (initial_response)
{
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA;
*out_initial_response_len = strlen (initial_response);
}
else
{
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_REJECTED;
}
return initial_response;
}

View File

@ -55,6 +55,7 @@
#include <windows.h>
#include <io.h>
#include <conio.h>
#include "gwin32sid.h"
#endif
#include "glibintl.h"
@ -2010,69 +2011,6 @@ _g_dbus_compute_complete_signature (GDBusArgInfo **args)
#ifdef G_OS_WIN32
extern BOOL WINAPI ConvertSidToStringSidA (PSID Sid, LPSTR *StringSid);
gchar *
_g_dbus_win32_get_user_sid (void)
{
HANDLE h;
TOKEN_USER *user;
DWORD token_information_len;
PSID psid;
gchar *sid;
gchar *ret;
ret = NULL;
user = NULL;
h = INVALID_HANDLE_VALUE;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &h))
{
g_warning ("OpenProcessToken failed with error code %d", (gint) GetLastError ());
goto out;
}
/* Get length of buffer */
token_information_len = 0;
if (!GetTokenInformation (h, TokenUser, NULL, 0, &token_information_len))
{
if (GetLastError () != ERROR_INSUFFICIENT_BUFFER)
{
g_warning ("GetTokenInformation() failed with error code %d", (gint) GetLastError ());
goto out;
}
}
user = g_malloc (token_information_len);
if (!GetTokenInformation (h, TokenUser, user, token_information_len, &token_information_len))
{
g_warning ("GetTokenInformation() failed with error code %d", (gint) GetLastError ());
goto out;
}
psid = user->User.Sid;
if (!IsValidSid (psid))
{
g_warning ("Invalid SID");
goto out;
}
if (!ConvertSidToStringSidA (psid, &sid))
{
g_warning ("Invalid SID");
goto out;
}
ret = g_strdup (sid);
LocalFree (sid);
out:
g_free (user);
if (h != INVALID_HANDLE_VALUE)
CloseHandle (h);
return ret;
}
#define DBUS_DAEMON_ADDRESS_INFO "DBusDaemonAddressInfo"
#define DBUS_DAEMON_MUTEX "DBusDaemonMutex"
#define UNIQUE_DBUS_INIT_MUTEX "UniqueDBusInitMutex"

234
gio/gwin32sid.c Normal file
View File

@ -0,0 +1,234 @@
/* GIO - GLib Input, Output and Streaming Library
*
* Copyright (C) 2018 Руслан Ижбулатов
* Copyright (C) 2022 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
* Author: Руслан Ижбулатов <lrn1986@gmail.com>
*/
#include "config.h"
#include "gwin32sid.h"
#include "gioerror.h"
#include <sddl.h>
/**
* _g_win32_sid_replace: (skip)
* @dest: A pointer to a SID storage
* @src: Existing SID
* @error: return location for a #GError, or %NULL
*
* Creates a copy of the @src SID and puts that into @dest, after freeing
* existing SID in @dest (if any).
*
* The @src SID must be valid (use IsValidSid() to ensure that).
*
* Returns: TRUE on success, FALSE otherwise
*/
static gboolean
_g_win32_sid_replace (SID **dest,
SID *src,
GError **error)
{
DWORD sid_len;
SID *new_sid;
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
g_return_val_if_fail (src != NULL, FALSE);
g_return_val_if_fail (dest && *dest == NULL, FALSE);
sid_len = GetLengthSid (src);
new_sid = g_malloc (sid_len);
if (!CopySid (sid_len, new_sid, src))
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
"Failed to copy SID");
g_free (new_sid);
return FALSE;
}
else
{
g_free (*dest);
*dest = g_steal_pointer (&new_sid);
return TRUE;
}
}
/**
* _g_win32_token_get_sid: (skip)
* @token: A handle of an access token
* @error: return location for a #GError, or %NULL
*
* Gets user SID of the @token and returns a copy of that SID.
*
* Returns: A newly-allocated SID, or NULL in case of an error.
* Free the returned SID with g_free().
*/
static SID *
_g_win32_token_get_sid (HANDLE token,
GError **error)
{
TOKEN_USER *token_user = NULL;
DWORD n;
PSID psid;
SID *result = NULL;
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
if (!GetTokenInformation (token, TokenUser, NULL, 0, &n)
&& GetLastError () != ERROR_INSUFFICIENT_BUFFER)
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
"Failed to GetTokenInformation");
return NULL;
}
token_user = g_alloca (n);
if (!GetTokenInformation (token, TokenUser, token_user, n, &n))
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
"Failed to GetTokenInformation");
return NULL;
}
psid = token_user->User.Sid;
if (!IsValidSid (psid))
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
"Invalid SID token");
return NULL;
}
_g_win32_sid_replace (&result, psid, error);
return result;
}
/**
* _g_win32_process_get_access_token_sid: (skip)
* @process_id: Identifier of a process to get an access token of
* (use 0 to get a token of the current process)
* @error: return location for a #GError, or %NULL
*
* Opens the process identified by @process_id and opens its token,
* then retrieves SID of the token user and returns a copy of that SID.
*
* Returns: A newly-allocated SID, or NULL in case of an error.
* Free the returned SID with g_free().
*/
SID *
_g_win32_process_get_access_token_sid (DWORD process_id,
GError **error)
{
HANDLE process_handle;
HANDLE process_token;
SID *result = NULL;
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
if (process_id == 0)
process_handle = GetCurrentProcess ();
else
process_handle = OpenProcess (PROCESS_QUERY_LIMITED_INFORMATION, FALSE, process_id);
if (process_handle == NULL)
{
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
"%s failed", process_id == 0 ? "GetCurrentProcess" : "OpenProcess");
return NULL;
}
if (!OpenProcessToken (process_handle, TOKEN_QUERY, &process_token))
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
"OpenProcessToken failed");
CloseHandle (process_handle);
return NULL;
}
result = _g_win32_token_get_sid (process_token, error);
CloseHandle (process_token);
CloseHandle (process_handle);
return result;
}
/**
* _g_win32_sid_to_string: (skip)
* @sid: a SID.
* @error: return location for a #GError, or %NULL
*
* Convert a SID to its string form.
*
* Returns: A newly-allocated string, or NULL in case of an error.
*/
gchar *
_g_win32_sid_to_string (SID *sid, GError **error)
{
gchar *tmp, *ret;
g_return_val_if_fail (sid != NULL, NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
if (!ConvertSidToStringSidA (sid, &tmp))
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
"Failed to ConvertSidToString");
return NULL;
}
ret = g_strdup (tmp);
LocalFree (tmp);
return ret;
}
/**
* _g_win32_current_process_sid_string: (skip)
* @error: return location for a #GError, or %NULL
*
* Get the current process SID, as a string.
*
* Returns: A newly-allocated string, or NULL in case of an error.
*/
gchar *
_g_win32_current_process_sid_string (GError **error)
{
SID *sid;
gchar *ret;
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
sid = _g_win32_process_get_access_token_sid (0, error);
if (!sid)
return NULL;
ret = _g_win32_sid_to_string (sid, error);
g_free (sid);
return ret;
}

40
gio/gwin32sid.h Normal file
View File

@ -0,0 +1,40 @@
/* GIO - GLib Input, Output and Streaming Library
*
* Copyright (C) 2018 Руслан Ижбулатов
* Copyright (C) 2022 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
* Author: Руслан Ижбулатов <lrn1986@gmail.com>
*/
#ifndef __G_WIN32_SID_H__
#define __G_WIN32_SID_H__
#include <glib.h>
#include <windows.h>
G_BEGIN_DECLS
SID * _g_win32_process_get_access_token_sid (DWORD process_id,
GError **error);
gchar * _g_win32_sid_to_string (SID *sid,
GError **error);
gchar * _g_win32_current_process_sid_string (GError **error);
G_END_DECLS
#endif /* __G_WIN32_SID_H__ */

View File

@ -433,6 +433,8 @@ else
'gwin32networkmonitor.c',
'gwin32networkmonitor.h',
'gwin32notificationbackend.c',
'gwin32sid.c',
'gwin32sid.h',
)
gio_win_rc = configure_file(