/* GDBus - GLib D-Bus Library * * Copyright (C) 2008-2010 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General * Public License along with this library; if not, see . * * Author: David Zeuthen */ #include "config.h" #include #include #include #include "gcredentials.h" #include "gcredentialsprivate.h" #include "gnetworking.h" #include "gioerror.h" #include "gioenumtypes.h" #include "glibintl.h" /** * SECTION:gcredentials * @short_description: An object containing credentials * @include: gio/gio.h * * The #GCredentials type is a reference-counted wrapper for native * credentials. This information is typically used for identifying, * authenticating and authorizing other processes. * * Some operating systems supports looking up the credentials of the * remote peer of a communication endpoint - see e.g. * g_socket_get_credentials(). * * Some operating systems supports securely sending and receiving * credentials over a Unix Domain Socket, see * #GUnixCredentialsMessage, g_unix_connection_send_credentials() and * g_unix_connection_receive_credentials() for details. * * On Linux, the native credential type is a `struct ucred` - see the * unix(7) man page for details. This corresponds to * %G_CREDENTIALS_TYPE_LINUX_UCRED. * * On Apple operating systems (including iOS, tvOS, and macOS), * the native credential type is a `struct xucred`. * This corresponds to %G_CREDENTIALS_TYPE_APPLE_XUCRED. * * On FreeBSD, Debian GNU/kFreeBSD, and GNU/Hurd, the native * credential type is a `struct cmsgcred`. This corresponds * to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED. * * On NetBSD, the native credential type is a `struct unpcbid`. * This corresponds to %G_CREDENTIALS_TYPE_NETBSD_UNPCBID. * * On OpenBSD, the native credential type is a `struct sockpeercred`. * This corresponds to %G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED. * * On Solaris (including OpenSolaris and its derivatives), the native * credential type is a `ucred_t`. This corresponds to * %G_CREDENTIALS_TYPE_SOLARIS_UCRED. */ /** * GCredentials: * * The #GCredentials structure contains only private data and * should only be accessed using the provided API. * * Since: 2.26 */ struct _GCredentials { /*< private >*/ GObject parent_instance; #if G_CREDENTIALS_USE_LINUX_UCRED struct ucred native; #elif G_CREDENTIALS_USE_APPLE_XUCRED struct xucred native; #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED struct cmsgcred native; #elif G_CREDENTIALS_USE_NETBSD_UNPCBID struct unpcbid native; #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED struct sockpeercred native; #elif G_CREDENTIALS_USE_SOLARIS_UCRED ucred_t *native; #else #ifdef __GNUC__ #pragma GCC diagnostic push #pragma GCC diagnostic warning "-Wcpp" #warning Please add GCredentials support for your OS #pragma GCC diagnostic pop #endif #endif }; /** * GCredentialsClass: * * Class structure for #GCredentials. * * Since: 2.26 */ struct _GCredentialsClass { /*< private >*/ GObjectClass parent_class; }; G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT) static void g_credentials_finalize (GObject *object) { #if G_CREDENTIALS_USE_SOLARIS_UCRED GCredentials *credentials = G_CREDENTIALS (object); ucred_free (credentials->native); #endif if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL) G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object); } static void g_credentials_class_init (GCredentialsClass *klass) { GObjectClass *gobject_class; gobject_class = G_OBJECT_CLASS (klass); gobject_class->finalize = g_credentials_finalize; } static void g_credentials_init (GCredentials *credentials) { #if G_CREDENTIALS_USE_LINUX_UCRED credentials->native.pid = getpid (); credentials->native.uid = geteuid (); credentials->native.gid = getegid (); #elif G_CREDENTIALS_USE_APPLE_XUCRED gsize i; credentials->native.cr_version = XUCRED_VERSION; credentials->native.cr_uid = geteuid (); credentials->native.cr_ngroups = 1; credentials->native.cr_groups[0] = getegid (); /* FIXME: In principle this could use getgroups() to fill in the rest * of cr_groups, but then we'd have to handle the case where a process * can have more than NGROUPS groups, if that's even possible. A macOS * user would have to develop and test this. * * For now we fill it with -1 (meaning "no data"). */ for (i = 1; i < NGROUPS; i++) credentials->native.cr_groups[i] = -1; #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED memset (&credentials->native, 0, sizeof (struct cmsgcred)); credentials->native.cmcred_pid = getpid (); credentials->native.cmcred_euid = geteuid (); credentials->native.cmcred_gid = getegid (); #elif G_CREDENTIALS_USE_NETBSD_UNPCBID credentials->native.unp_pid = getpid (); credentials->native.unp_euid = geteuid (); credentials->native.unp_egid = getegid (); #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED credentials->native.pid = getpid (); credentials->native.uid = geteuid (); credentials->native.gid = getegid (); #elif G_CREDENTIALS_USE_SOLARIS_UCRED credentials->native = ucred_get (P_MYID); #endif } /* ---------------------------------------------------------------------------------------------------- */ /** * g_credentials_new: * * Creates a new #GCredentials object with credentials matching the * the current process. * * Returns: (transfer full): A #GCredentials. Free with g_object_unref(). * * Since: 2.26 */ GCredentials * g_credentials_new (void) { return g_object_new (G_TYPE_CREDENTIALS, NULL); } /* ---------------------------------------------------------------------------------------------------- */ /** * g_credentials_to_string: * @credentials: A #GCredentials object. * * Creates a human-readable textual representation of @credentials * that can be used in logging and debug messages. The format of the * returned string may change in future GLib release. * * Returns: (transfer full): A string that should be freed with g_free(). * * Since: 2.26 */ gchar * g_credentials_to_string (GCredentials *credentials) { GString *ret; #if G_CREDENTIALS_USE_APPLE_XUCRED glib_typeof (credentials->native.cr_ngroups) i; #endif g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL); ret = g_string_new ("GCredentials:"); #if G_CREDENTIALS_USE_LINUX_UCRED g_string_append (ret, "linux-ucred:"); if (credentials->native.pid != -1) g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid); if (credentials->native.uid != -1) g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid); if (credentials->native.gid != -1) g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid); if (ret->str[ret->len - 1] == ',') ret->str[ret->len - 1] = '\0'; #elif G_CREDENTIALS_USE_APPLE_XUCRED g_string_append (ret, "apple-xucred:"); g_string_append_printf (ret, "version=%u,", credentials->native.cr_version); if (credentials->native.cr_uid != -1) g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_uid); for (i = 0; i < credentials->native.cr_ngroups; i++) g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_groups[i]); if (ret->str[ret->len - 1] == ',') ret->str[ret->len - 1] = '\0'; #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED g_string_append (ret, "freebsd-cmsgcred:"); if (credentials->native.cmcred_pid != -1) g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_pid); if (credentials->native.cmcred_euid != -1) g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_euid); if (credentials->native.cmcred_gid != -1) g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_gid); #elif G_CREDENTIALS_USE_NETBSD_UNPCBID g_string_append (ret, "netbsd-unpcbid:"); if (credentials->native.unp_pid != -1) g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_pid); if (credentials->native.unp_euid != -1) g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_euid); if (credentials->native.unp_egid != -1) g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_egid); ret->str[ret->len - 1] = '\0'; #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED g_string_append (ret, "openbsd-sockpeercred:"); if (credentials->native.pid != -1) g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid); if (credentials->native.uid != -1) g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid); if (credentials->native.gid != -1) g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid); if (ret->str[ret->len - 1] == ',') ret->str[ret->len - 1] = '\0'; #elif G_CREDENTIALS_USE_SOLARIS_UCRED g_string_append (ret, "solaris-ucred:"); { id_t id; if ((id = ucred_getpid (credentials->native)) != -1) g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) id); if ((id = ucred_geteuid (credentials->native)) != -1) g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) id); if ((id = ucred_getegid (credentials->native)) != -1) g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) id); if (ret->str[ret->len - 1] == ',') ret->str[ret->len - 1] = '\0'; } #else g_string_append (ret, "unknown"); #endif return g_string_free (ret, FALSE); } /* ---------------------------------------------------------------------------------------------------- */ #if G_CREDENTIALS_USE_LINUX_UCRED /* * Check whether @native contains invalid data. If getsockopt SO_PEERCRED * is used on a TCP socket, it succeeds but yields a credentials structure * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a * receiving Unix socket when the sending socket did not also enable * SO_PASSCRED, it can succeed but yield a credentials structure with * pid 0, uid /proc/sys/kernel/overflowuid and gid * /proc/sys/kernel/overflowgid. */ static gboolean linux_ucred_check_valid (struct ucred *native, GError **error) { if (native->pid == 0 || native->uid == -1 || native->gid == -1) { g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, _("GCredentials contains invalid data")); return FALSE; } return TRUE; } #endif /** * g_credentials_is_same_user: * @credentials: A #GCredentials. * @other_credentials: A #GCredentials. * @error: Return location for error or %NULL. * * Checks if @credentials and @other_credentials is the same user. * * This operation can fail if #GCredentials is not supported on the * the OS. * * Returns: %TRUE if @credentials and @other_credentials has the same * user, %FALSE otherwise or if @error is set. * * Since: 2.26 */ gboolean g_credentials_is_same_user (GCredentials *credentials, GCredentials *other_credentials, GError **error) { gboolean ret; g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE); g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials), FALSE); g_return_val_if_fail (error == NULL || *error == NULL, FALSE); ret = FALSE; #if G_CREDENTIALS_USE_LINUX_UCRED if (linux_ucred_check_valid (&credentials->native, NULL) && credentials->native.uid == other_credentials->native.uid) ret = TRUE; #elif G_CREDENTIALS_USE_APPLE_XUCRED if (credentials->native.cr_version == other_credentials->native.cr_version && credentials->native.cr_uid == other_credentials->native.cr_uid) ret = TRUE; #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid) ret = TRUE; #elif G_CREDENTIALS_USE_NETBSD_UNPCBID if (credentials->native.unp_euid == other_credentials->native.unp_euid) ret = TRUE; #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED if (credentials->native.uid == other_credentials->native.uid) ret = TRUE; #elif G_CREDENTIALS_USE_SOLARIS_UCRED if (ucred_geteuid (credentials->native) == ucred_geteuid (other_credentials->native)) ret = TRUE; #else g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, _("GCredentials is not implemented on this OS")); #endif return ret; } static gboolean credentials_native_type_check (GCredentialsType requested_type, const char *op) { GEnumClass *enum_class; GEnumValue *requested; #if G_CREDENTIALS_SUPPORTED GEnumValue *supported; #endif #if G_CREDENTIALS_SUPPORTED if (requested_type == G_CREDENTIALS_NATIVE_TYPE) return TRUE; #endif enum_class = g_type_class_ref (g_credentials_type_get_type ()); requested = g_enum_get_value (enum_class, requested_type); #if G_CREDENTIALS_SUPPORTED supported = g_enum_get_value (enum_class, G_CREDENTIALS_NATIVE_TYPE); g_assert (supported); g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s " "but only %s is supported on this platform.", op, op, requested ? requested->value_name : "(unknown)", supported->value_name); #else g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s " "but there is no support for GCredentials on this platform.", op, op, requested ? requested->value_name : "(unknown)"); #endif g_type_class_unref (enum_class); return FALSE; } /** * g_credentials_get_native: (skip) * @credentials: A #GCredentials. * @native_type: The type of native credentials to get. * * Gets a pointer to native credentials of type @native_type from * @credentials. * * It is a programming error (which will cause a warning to be * logged) to use this method if there is no #GCredentials support for * the OS or if @native_type isn't supported by the OS. * * Returns: (transfer none) (nullable): The pointer to native credentials or * %NULL if there is no #GCredentials support for the OS or if @native_type * isn't supported by the OS. Do not free the returned data, it is owned * by @credentials. * * Since: 2.26 */ gpointer g_credentials_get_native (GCredentials *credentials, GCredentialsType native_type) { g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL); if (!credentials_native_type_check (native_type, "get")) return NULL; #if G_CREDENTIALS_USE_SOLARIS_UCRED return credentials->native; #elif G_CREDENTIALS_SUPPORTED return &credentials->native; #else g_assert_not_reached (); #endif } /** * g_credentials_set_native: * @credentials: A #GCredentials. * @native_type: The type of native credentials to set. * @native: (not nullable): A pointer to native credentials. * * Copies the native credentials of type @native_type from @native * into @credentials. * * It is a programming error (which will cause a warning to be * logged) to use this method if there is no #GCredentials support for * the OS or if @native_type isn't supported by the OS. * * Since: 2.26 */ void g_credentials_set_native (GCredentials *credentials, GCredentialsType native_type, gpointer native) { if (!credentials_native_type_check (native_type, "set")) return; #if G_CREDENTIALS_USE_SOLARIS_UCRED memcpy (credentials->native, native, ucred_size ()); #elif G_CREDENTIALS_SUPPORTED memcpy (&credentials->native, native, sizeof (credentials->native)); #else g_assert_not_reached (); #endif } /* ---------------------------------------------------------------------------------------------------- */ #ifdef G_OS_UNIX /** * g_credentials_get_unix_user: * @credentials: A #GCredentials * @error: Return location for error or %NULL. * * Tries to get the UNIX user identifier from @credentials. This * method is only available on UNIX platforms. * * This operation can fail if #GCredentials is not supported on the * OS or if the native credentials type does not contain information * about the UNIX user. * * Returns: The UNIX user identifier or `-1` if @error is set. * * Since: 2.26 */ uid_t g_credentials_get_unix_user (GCredentials *credentials, GError **error) { uid_t ret; g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1); g_return_val_if_fail (error == NULL || *error == NULL, -1); #if G_CREDENTIALS_USE_LINUX_UCRED if (linux_ucred_check_valid (&credentials->native, error)) ret = credentials->native.uid; else ret = -1; #elif G_CREDENTIALS_USE_APPLE_XUCRED if (credentials->native.cr_version == XUCRED_VERSION) { ret = credentials->native.cr_uid; } else { g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, /* No point in translating the part in parentheses... */ "%s (struct xucred cr_version %u != %u)", _("There is no GCredentials support for your platform"), credentials->native.cr_version, XUCRED_VERSION); ret = -1; } #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED ret = credentials->native.cmcred_euid; #elif G_CREDENTIALS_USE_NETBSD_UNPCBID ret = credentials->native.unp_euid; #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED ret = credentials->native.uid; #elif G_CREDENTIALS_USE_SOLARIS_UCRED ret = ucred_geteuid (credentials->native); #else ret = -1; g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, _("There is no GCredentials support for your platform")); #endif return ret; } /** * g_credentials_get_unix_pid: * @credentials: A #GCredentials * @error: Return location for error or %NULL. * * Tries to get the UNIX process identifier from @credentials. This * method is only available on UNIX platforms. * * This operation can fail if #GCredentials is not supported on the * OS or if the native credentials type does not contain information * about the UNIX process ID (for example this is the case for * %G_CREDENTIALS_TYPE_APPLE_XUCRED). * * Returns: The UNIX process ID, or `-1` if @error is set. * * Since: 2.36 */ pid_t g_credentials_get_unix_pid (GCredentials *credentials, GError **error) { pid_t ret; g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1); g_return_val_if_fail (error == NULL || *error == NULL, -1); #if G_CREDENTIALS_USE_LINUX_UCRED if (linux_ucred_check_valid (&credentials->native, error)) ret = credentials->native.pid; else ret = -1; #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED ret = credentials->native.cmcred_pid; #elif G_CREDENTIALS_USE_NETBSD_UNPCBID ret = credentials->native.unp_pid; #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED ret = credentials->native.pid; #elif G_CREDENTIALS_USE_SOLARIS_UCRED ret = ucred_getpid (credentials->native); #else /* this case includes G_CREDENTIALS_USE_APPLE_XUCRED */ ret = -1; g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, _("GCredentials does not contain a process ID on this OS")); #endif return ret; } /** * g_credentials_set_unix_user: * @credentials: A #GCredentials. * @uid: The UNIX user identifier to set. * @error: Return location for error or %NULL. * * Tries to set the UNIX user identifier on @credentials. This method * is only available on UNIX platforms. * * This operation can fail if #GCredentials is not supported on the * OS or if the native credentials type does not contain information * about the UNIX user. It can also fail if the OS does not allow the * use of "spoofed" credentials. * * Returns: %TRUE if @uid was set, %FALSE if error is set. * * Since: 2.26 */ gboolean g_credentials_set_unix_user (GCredentials *credentials, uid_t uid, GError **error) { gboolean ret = FALSE; g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE); g_return_val_if_fail (uid != -1, FALSE); g_return_val_if_fail (error == NULL || *error == NULL, FALSE); #if G_CREDENTIALS_USE_LINUX_UCRED credentials->native.uid = uid; ret = TRUE; #elif G_CREDENTIALS_USE_APPLE_XUCRED credentials->native.cr_uid = uid; ret = TRUE; #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED credentials->native.cmcred_euid = uid; ret = TRUE; #elif G_CREDENTIALS_USE_NETBSD_UNPCBID credentials->native.unp_euid = uid; ret = TRUE; #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED credentials->native.uid = uid; ret = TRUE; #elif !G_CREDENTIALS_SPOOFING_SUPPORTED g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED, _("Credentials spoofing is not possible on this OS")); ret = FALSE; #else g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, _("GCredentials is not implemented on this OS")); ret = FALSE; #endif return ret; } #endif /* G_OS_UNIX */