mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-11-10 03:16:17 +01:00
Merge branch 'dbus-external-sid' into 'main'
gdbus: make client work with EXTERNAL on Windows See merge request GNOME/glib!2429
This commit is contained in:
commit
cc2b28b68c
@ -29,6 +29,10 @@
|
||||
|
||||
#include "glibintl.h"
|
||||
|
||||
#ifdef G_OS_WIN32
|
||||
#include "gwin32sid.h"
|
||||
#endif
|
||||
|
||||
struct _GDBusAuthMechanismExternalPrivate
|
||||
{
|
||||
gboolean is_client;
|
||||
@ -124,11 +128,17 @@ static gboolean
|
||||
mechanism_is_supported (GDBusAuthMechanism *mechanism)
|
||||
{
|
||||
g_return_val_if_fail (G_IS_DBUS_AUTH_MECHANISM_EXTERNAL (mechanism), FALSE);
|
||||
|
||||
#if defined(G_OS_WIN32)
|
||||
/* all that is required is current process SID */
|
||||
return TRUE;
|
||||
#else
|
||||
/* This mechanism is only available if credentials has been exchanged */
|
||||
if (_g_dbus_auth_mechanism_get_credentials (mechanism) != NULL)
|
||||
return TRUE;
|
||||
else
|
||||
return FALSE;
|
||||
#endif
|
||||
}
|
||||
|
||||
static gint
|
||||
@ -329,32 +339,39 @@ mechanism_client_initiate (GDBusAuthMechanism *mechanism,
|
||||
{
|
||||
GDBusAuthMechanismExternal *m = G_DBUS_AUTH_MECHANISM_EXTERNAL (mechanism);
|
||||
gchar *initial_response = NULL;
|
||||
#if defined(G_OS_UNIX)
|
||||
GCredentials *credentials;
|
||||
#endif
|
||||
|
||||
g_return_val_if_fail (G_IS_DBUS_AUTH_MECHANISM_EXTERNAL (mechanism), NULL);
|
||||
g_return_val_if_fail (!m->priv->is_server && !m->priv->is_client, NULL);
|
||||
|
||||
m->priv->is_client = TRUE;
|
||||
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_ACCEPTED;
|
||||
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_REJECTED;
|
||||
|
||||
*out_initial_response_len = 0;
|
||||
|
||||
/* return the uid */
|
||||
#if defined(G_OS_UNIX)
|
||||
credentials = _g_dbus_auth_mechanism_get_credentials (mechanism);
|
||||
g_assert (credentials != NULL);
|
||||
|
||||
/* return the uid */
|
||||
#if defined(G_OS_UNIX)
|
||||
initial_response = g_strdup_printf ("%" G_GINT64_FORMAT, (gint64) g_credentials_get_unix_user (credentials, NULL));
|
||||
*out_initial_response_len = strlen (initial_response);
|
||||
#elif defined(G_OS_WIN32)
|
||||
initial_response = _g_win32_current_process_sid_string (NULL);
|
||||
#else
|
||||
#ifdef __GNUC__
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic warning "-Wcpp"
|
||||
#warning Dont know how to send credentials on this OS. The EXTERNAL D-Bus authentication mechanism will not work.
|
||||
#pragma GCC diagnostic pop
|
||||
#endif
|
||||
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_REJECTED;
|
||||
#endif
|
||||
if (initial_response)
|
||||
{
|
||||
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_ACCEPTED;
|
||||
*out_initial_response_len = strlen (initial_response);
|
||||
}
|
||||
return initial_response;
|
||||
}
|
||||
|
||||
|
@ -32,6 +32,7 @@
|
||||
#endif
|
||||
#ifdef G_OS_WIN32
|
||||
#include <io.h>
|
||||
#include "gwin32sid.h"
|
||||
#endif
|
||||
|
||||
#include "gdbusauthmechanismsha1.h"
|
||||
@ -990,9 +991,12 @@ mechanism_server_initiate (GDBusAuthMechanism *mechanism,
|
||||
}
|
||||
#elif defined(G_OS_WIN32)
|
||||
gchar *sid;
|
||||
sid = _g_dbus_win32_get_user_sid ();
|
||||
|
||||
sid = _g_win32_current_process_sid_string (NULL);
|
||||
|
||||
if (g_strcmp0 (initial_response, sid) == 0)
|
||||
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND;
|
||||
|
||||
g_free (sid);
|
||||
#else
|
||||
#error Please implement for your OS
|
||||
@ -1142,20 +1146,25 @@ mechanism_client_initiate (GDBusAuthMechanism *mechanism,
|
||||
g_return_val_if_fail (!m->priv->is_server && !m->priv->is_client, NULL);
|
||||
|
||||
m->priv->is_client = TRUE;
|
||||
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA;
|
||||
|
||||
*out_initial_response_len = 0;
|
||||
|
||||
#ifdef G_OS_UNIX
|
||||
initial_response = g_strdup_printf ("%" G_GINT64_FORMAT, (gint64) getuid ());
|
||||
*out_initial_response_len = strlen (initial_response);
|
||||
#elif defined (G_OS_WIN32)
|
||||
initial_response = _g_dbus_win32_get_user_sid ();
|
||||
*out_initial_response_len = strlen (initial_response);
|
||||
initial_response = _g_win32_current_process_sid_string (NULL);
|
||||
#else
|
||||
#error Please implement for your OS
|
||||
#endif
|
||||
g_assert (initial_response != NULL);
|
||||
if (initial_response)
|
||||
{
|
||||
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA;
|
||||
*out_initial_response_len = strlen (initial_response);
|
||||
}
|
||||
else
|
||||
{
|
||||
m->priv->state = G_DBUS_AUTH_MECHANISM_STATE_REJECTED;
|
||||
}
|
||||
|
||||
return initial_response;
|
||||
}
|
||||
|
@ -55,6 +55,7 @@
|
||||
#include <windows.h>
|
||||
#include <io.h>
|
||||
#include <conio.h>
|
||||
#include "gwin32sid.h"
|
||||
#endif
|
||||
|
||||
#include "glibintl.h"
|
||||
@ -2010,69 +2011,6 @@ _g_dbus_compute_complete_signature (GDBusArgInfo **args)
|
||||
|
||||
#ifdef G_OS_WIN32
|
||||
|
||||
extern BOOL WINAPI ConvertSidToStringSidA (PSID Sid, LPSTR *StringSid);
|
||||
|
||||
gchar *
|
||||
_g_dbus_win32_get_user_sid (void)
|
||||
{
|
||||
HANDLE h;
|
||||
TOKEN_USER *user;
|
||||
DWORD token_information_len;
|
||||
PSID psid;
|
||||
gchar *sid;
|
||||
gchar *ret;
|
||||
|
||||
ret = NULL;
|
||||
user = NULL;
|
||||
h = INVALID_HANDLE_VALUE;
|
||||
|
||||
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &h))
|
||||
{
|
||||
g_warning ("OpenProcessToken failed with error code %d", (gint) GetLastError ());
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Get length of buffer */
|
||||
token_information_len = 0;
|
||||
if (!GetTokenInformation (h, TokenUser, NULL, 0, &token_information_len))
|
||||
{
|
||||
if (GetLastError () != ERROR_INSUFFICIENT_BUFFER)
|
||||
{
|
||||
g_warning ("GetTokenInformation() failed with error code %d", (gint) GetLastError ());
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
user = g_malloc (token_information_len);
|
||||
if (!GetTokenInformation (h, TokenUser, user, token_information_len, &token_information_len))
|
||||
{
|
||||
g_warning ("GetTokenInformation() failed with error code %d", (gint) GetLastError ());
|
||||
goto out;
|
||||
}
|
||||
|
||||
psid = user->User.Sid;
|
||||
if (!IsValidSid (psid))
|
||||
{
|
||||
g_warning ("Invalid SID");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!ConvertSidToStringSidA (psid, &sid))
|
||||
{
|
||||
g_warning ("Invalid SID");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = g_strdup (sid);
|
||||
LocalFree (sid);
|
||||
|
||||
out:
|
||||
g_free (user);
|
||||
if (h != INVALID_HANDLE_VALUE)
|
||||
CloseHandle (h);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
#define DBUS_DAEMON_ADDRESS_INFO "DBusDaemonAddressInfo"
|
||||
#define DBUS_DAEMON_MUTEX "DBusDaemonMutex"
|
||||
#define UNIQUE_DBUS_INIT_MUTEX "UniqueDBusInitMutex"
|
||||
|
234
gio/gwin32sid.c
Normal file
234
gio/gwin32sid.c
Normal file
@ -0,0 +1,234 @@
|
||||
/* GIO - GLib Input, Output and Streaming Library
|
||||
*
|
||||
* Copyright (C) 2018 Руслан Ижбулатов
|
||||
* Copyright (C) 2022 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General
|
||||
* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* Author: Руслан Ижбулатов <lrn1986@gmail.com>
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include "gwin32sid.h"
|
||||
#include "gioerror.h"
|
||||
|
||||
#include <sddl.h>
|
||||
|
||||
/**
|
||||
* _g_win32_sid_replace: (skip)
|
||||
* @dest: A pointer to a SID storage
|
||||
* @src: Existing SID
|
||||
* @error: return location for a #GError, or %NULL
|
||||
*
|
||||
* Creates a copy of the @src SID and puts that into @dest, after freeing
|
||||
* existing SID in @dest (if any).
|
||||
*
|
||||
* The @src SID must be valid (use IsValidSid() to ensure that).
|
||||
*
|
||||
* Returns: TRUE on success, FALSE otherwise
|
||||
*/
|
||||
static gboolean
|
||||
_g_win32_sid_replace (SID **dest,
|
||||
SID *src,
|
||||
GError **error)
|
||||
{
|
||||
DWORD sid_len;
|
||||
SID *new_sid;
|
||||
|
||||
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
||||
g_return_val_if_fail (src != NULL, FALSE);
|
||||
g_return_val_if_fail (dest && *dest == NULL, FALSE);
|
||||
|
||||
sid_len = GetLengthSid (src);
|
||||
new_sid = g_malloc (sid_len);
|
||||
|
||||
if (!CopySid (sid_len, new_sid, src))
|
||||
{
|
||||
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
|
||||
"Failed to copy SID");
|
||||
|
||||
g_free (new_sid);
|
||||
return FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
g_free (*dest);
|
||||
*dest = g_steal_pointer (&new_sid);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* _g_win32_token_get_sid: (skip)
|
||||
* @token: A handle of an access token
|
||||
* @error: return location for a #GError, or %NULL
|
||||
*
|
||||
* Gets user SID of the @token and returns a copy of that SID.
|
||||
*
|
||||
* Returns: A newly-allocated SID, or NULL in case of an error.
|
||||
* Free the returned SID with g_free().
|
||||
*/
|
||||
static SID *
|
||||
_g_win32_token_get_sid (HANDLE token,
|
||||
GError **error)
|
||||
{
|
||||
TOKEN_USER *token_user = NULL;
|
||||
DWORD n;
|
||||
PSID psid;
|
||||
SID *result = NULL;
|
||||
|
||||
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
|
||||
|
||||
if (!GetTokenInformation (token, TokenUser, NULL, 0, &n)
|
||||
&& GetLastError () != ERROR_INSUFFICIENT_BUFFER)
|
||||
{
|
||||
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
|
||||
"Failed to GetTokenInformation");
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
token_user = g_alloca (n);
|
||||
|
||||
if (!GetTokenInformation (token, TokenUser, token_user, n, &n))
|
||||
{
|
||||
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
|
||||
"Failed to GetTokenInformation");
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
psid = token_user->User.Sid;
|
||||
|
||||
if (!IsValidSid (psid))
|
||||
{
|
||||
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
|
||||
"Invalid SID token");
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
_g_win32_sid_replace (&result, psid, error);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* _g_win32_process_get_access_token_sid: (skip)
|
||||
* @process_id: Identifier of a process to get an access token of
|
||||
* (use 0 to get a token of the current process)
|
||||
* @error: return location for a #GError, or %NULL
|
||||
*
|
||||
* Opens the process identified by @process_id and opens its token,
|
||||
* then retrieves SID of the token user and returns a copy of that SID.
|
||||
*
|
||||
* Returns: A newly-allocated SID, or NULL in case of an error.
|
||||
* Free the returned SID with g_free().
|
||||
*/
|
||||
SID *
|
||||
_g_win32_process_get_access_token_sid (DWORD process_id,
|
||||
GError **error)
|
||||
{
|
||||
HANDLE process_handle;
|
||||
HANDLE process_token;
|
||||
SID *result = NULL;
|
||||
|
||||
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
|
||||
|
||||
if (process_id == 0)
|
||||
process_handle = GetCurrentProcess ();
|
||||
else
|
||||
process_handle = OpenProcess (PROCESS_QUERY_LIMITED_INFORMATION, FALSE, process_id);
|
||||
|
||||
if (process_handle == NULL)
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
|
||||
"%s failed", process_id == 0 ? "GetCurrentProcess" : "OpenProcess");
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!OpenProcessToken (process_handle, TOKEN_QUERY, &process_token))
|
||||
{
|
||||
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
|
||||
"OpenProcessToken failed");
|
||||
|
||||
CloseHandle (process_handle);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
result = _g_win32_token_get_sid (process_token, error);
|
||||
|
||||
CloseHandle (process_token);
|
||||
CloseHandle (process_handle);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* _g_win32_sid_to_string: (skip)
|
||||
* @sid: a SID.
|
||||
* @error: return location for a #GError, or %NULL
|
||||
*
|
||||
* Convert a SID to its string form.
|
||||
*
|
||||
* Returns: A newly-allocated string, or NULL in case of an error.
|
||||
*/
|
||||
gchar *
|
||||
_g_win32_sid_to_string (SID *sid, GError **error)
|
||||
{
|
||||
gchar *tmp, *ret;
|
||||
|
||||
g_return_val_if_fail (sid != NULL, NULL);
|
||||
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
|
||||
|
||||
if (!ConvertSidToStringSidA (sid, &tmp))
|
||||
{
|
||||
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (GetLastError ()),
|
||||
"Failed to ConvertSidToString");
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = g_strdup (tmp);
|
||||
LocalFree (tmp);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* _g_win32_current_process_sid_string: (skip)
|
||||
* @error: return location for a #GError, or %NULL
|
||||
*
|
||||
* Get the current process SID, as a string.
|
||||
*
|
||||
* Returns: A newly-allocated string, or NULL in case of an error.
|
||||
*/
|
||||
gchar *
|
||||
_g_win32_current_process_sid_string (GError **error)
|
||||
{
|
||||
SID *sid;
|
||||
gchar *ret;
|
||||
|
||||
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
|
||||
|
||||
sid = _g_win32_process_get_access_token_sid (0, error);
|
||||
if (!sid)
|
||||
return NULL;
|
||||
|
||||
ret = _g_win32_sid_to_string (sid, error);
|
||||
g_free (sid);
|
||||
return ret;
|
||||
}
|
40
gio/gwin32sid.h
Normal file
40
gio/gwin32sid.h
Normal file
@ -0,0 +1,40 @@
|
||||
/* GIO - GLib Input, Output and Streaming Library
|
||||
*
|
||||
* Copyright (C) 2018 Руслан Ижбулатов
|
||||
* Copyright (C) 2022 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General
|
||||
* Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* Author: Руслан Ижбулатов <lrn1986@gmail.com>
|
||||
*/
|
||||
|
||||
#ifndef __G_WIN32_SID_H__
|
||||
#define __G_WIN32_SID_H__
|
||||
|
||||
#include <glib.h>
|
||||
#include <windows.h>
|
||||
|
||||
G_BEGIN_DECLS
|
||||
|
||||
SID * _g_win32_process_get_access_token_sid (DWORD process_id,
|
||||
GError **error);
|
||||
|
||||
gchar * _g_win32_sid_to_string (SID *sid,
|
||||
GError **error);
|
||||
|
||||
gchar * _g_win32_current_process_sid_string (GError **error);
|
||||
|
||||
G_END_DECLS
|
||||
|
||||
#endif /* __G_WIN32_SID_H__ */
|
@ -433,6 +433,8 @@ else
|
||||
'gwin32networkmonitor.c',
|
||||
'gwin32networkmonitor.h',
|
||||
'gwin32notificationbackend.c',
|
||||
'gwin32sid.c',
|
||||
'gwin32sid.h',
|
||||
)
|
||||
|
||||
gio_win_rc = configure_file(
|
||||
|
Loading…
Reference in New Issue
Block a user