Merge branch '976-disable-assert-checks' into 'master'
[glib.git] / gio / gcredentials.c
blobcc0cd82ceef7bbe778c0953c6d2929bbb1d6beac
1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2010 Red Hat, Inc.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 * Author: David Zeuthen <davidz@redhat.com>
21 #include "config.h"
23 #include <stdlib.h>
24 #include <string.h>
26 #include <gobject/gvaluecollector.h>
28 #include "gcredentials.h"
29 #include "gcredentialsprivate.h"
30 #include "gnetworking.h"
31 #include "gioerror.h"
32 #include "gioenumtypes.h"
34 #include "glibintl.h"
36 /**
37 * SECTION:gcredentials
38 * @short_description: An object containing credentials
39 * @include: gio/gio.h
41 * The #GCredentials type is a reference-counted wrapper for native
42 * credentials. This information is typically used for identifying,
43 * authenticating and authorizing other processes.
45 * Some operating systems supports looking up the credentials of the
46 * remote peer of a communication endpoint - see e.g.
47 * g_socket_get_credentials().
49 * Some operating systems supports securely sending and receiving
50 * credentials over a Unix Domain Socket, see
51 * #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
52 * g_unix_connection_receive_credentials() for details.
54 * On Linux, the native credential type is a struct ucred - see the
55 * unix(7) man page for details. This corresponds to
56 * %G_CREDENTIALS_TYPE_LINUX_UCRED.
58 * On FreeBSD, Debian GNU/kFreeBSD, and GNU/Hurd, the native
59 * credential type is a struct cmsgcred. This corresponds
60 * to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED.
62 * On NetBSD, the native credential type is a struct unpcbid.
63 * This corresponds to %G_CREDENTIALS_TYPE_NETBSD_UNPCBID.
65 * On OpenBSD, the native credential type is a struct sockpeercred.
66 * This corresponds to %G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED.
68 * On Solaris (including OpenSolaris and its derivatives), the native
69 * credential type is a ucred_t. This corresponds to
70 * %G_CREDENTIALS_TYPE_SOLARIS_UCRED.
73 /**
74 * GCredentials:
76 * The #GCredentials structure contains only private data and
77 * should only be accessed using the provided API.
79 * Since: 2.26
81 struct _GCredentials
83 /*< private >*/
84 GObject parent_instance;
86 #if G_CREDENTIALS_USE_LINUX_UCRED
87 struct ucred native;
88 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
89 struct cmsgcred native;
90 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
91 struct unpcbid native;
92 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
93 struct sockpeercred native;
94 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
95 ucred_t *native;
96 #else
97 #ifdef __GNUC__
98 #pragma GCC diagnostic push
99 #pragma GCC diagnostic warning "-Wcpp"
100 #warning Please add GCredentials support for your OS
101 #pragma GCC diagnostic pop
102 #endif
103 #endif
107 * GCredentialsClass:
109 * Class structure for #GCredentials.
111 * Since: 2.26
113 struct _GCredentialsClass
115 /*< private >*/
116 GObjectClass parent_class;
119 G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT)
121 static void
122 g_credentials_finalize (GObject *object)
124 #if G_CREDENTIALS_USE_SOLARIS_UCRED
125 GCredentials *credentials = G_CREDENTIALS (object);
127 ucred_free (credentials->native);
128 #endif
130 if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL)
131 G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object);
135 static void
136 g_credentials_class_init (GCredentialsClass *klass)
138 GObjectClass *gobject_class;
140 gobject_class = G_OBJECT_CLASS (klass);
141 gobject_class->finalize = g_credentials_finalize;
144 static void
145 g_credentials_init (GCredentials *credentials)
147 #if G_CREDENTIALS_USE_LINUX_UCRED
148 credentials->native.pid = getpid ();
149 credentials->native.uid = geteuid ();
150 credentials->native.gid = getegid ();
151 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
152 memset (&credentials->native, 0, sizeof (struct cmsgcred));
153 credentials->native.cmcred_pid = getpid ();
154 credentials->native.cmcred_euid = geteuid ();
155 credentials->native.cmcred_gid = getegid ();
156 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
157 credentials->native.unp_pid = getpid ();
158 credentials->native.unp_euid = geteuid ();
159 credentials->native.unp_egid = getegid ();
160 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
161 credentials->native.pid = getpid ();
162 credentials->native.uid = geteuid ();
163 credentials->native.gid = getegid ();
164 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
165 credentials->native = ucred_get (P_MYID);
166 #endif
169 /* ---------------------------------------------------------------------------------------------------- */
172 * g_credentials_new:
174 * Creates a new #GCredentials object with credentials matching the
175 * the current process.
177 * Returns: A #GCredentials. Free with g_object_unref().
179 * Since: 2.26
181 GCredentials *
182 g_credentials_new (void)
184 return g_object_new (G_TYPE_CREDENTIALS, NULL);
187 /* ---------------------------------------------------------------------------------------------------- */
190 * g_credentials_to_string:
191 * @credentials: A #GCredentials object.
193 * Creates a human-readable textual representation of @credentials
194 * that can be used in logging and debug messages. The format of the
195 * returned string may change in future GLib release.
197 * Returns: A string that should be freed with g_free().
199 * Since: 2.26
201 gchar *
202 g_credentials_to_string (GCredentials *credentials)
204 GString *ret;
206 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
208 ret = g_string_new ("GCredentials:");
209 #if G_CREDENTIALS_USE_LINUX_UCRED
210 g_string_append (ret, "linux-ucred:");
211 if (credentials->native.pid != -1)
212 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
213 if (credentials->native.uid != -1)
214 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
215 if (credentials->native.gid != -1)
216 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
217 if (ret->str[ret->len - 1] == ',')
218 ret->str[ret->len - 1] = '\0';
219 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
220 g_string_append (ret, "freebsd-cmsgcred:");
221 if (credentials->native.cmcred_pid != -1)
222 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_pid);
223 if (credentials->native.cmcred_euid != -1)
224 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_euid);
225 if (credentials->native.cmcred_gid != -1)
226 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_gid);
227 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
228 g_string_append (ret, "netbsd-unpcbid:");
229 if (credentials->native.unp_pid != -1)
230 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_pid);
231 if (credentials->native.unp_euid != -1)
232 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_euid);
233 if (credentials->native.unp_egid != -1)
234 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_egid);
235 ret->str[ret->len - 1] = '\0';
236 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
237 g_string_append (ret, "openbsd-sockpeercred:");
238 if (credentials->native.pid != -1)
239 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
240 if (credentials->native.uid != -1)
241 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
242 if (credentials->native.gid != -1)
243 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
244 if (ret->str[ret->len - 1] == ',')
245 ret->str[ret->len - 1] = '\0';
246 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
247 g_string_append (ret, "solaris-ucred:");
249 id_t id;
250 if ((id = ucred_getpid (credentials->native)) != -1)
251 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) id);
252 if ((id = ucred_geteuid (credentials->native)) != -1)
253 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) id);
254 if ((id = ucred_getegid (credentials->native)) != -1)
255 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) id);
256 if (ret->str[ret->len - 1] == ',')
257 ret->str[ret->len - 1] = '\0';
259 #else
260 g_string_append (ret, "unknown");
261 #endif
263 return g_string_free (ret, FALSE);
266 /* ---------------------------------------------------------------------------------------------------- */
269 * g_credentials_is_same_user:
270 * @credentials: A #GCredentials.
271 * @other_credentials: A #GCredentials.
272 * @error: Return location for error or %NULL.
274 * Checks if @credentials and @other_credentials is the same user.
276 * This operation can fail if #GCredentials is not supported on the
277 * the OS.
279 * Returns: %TRUE if @credentials and @other_credentials has the same
280 * user, %FALSE otherwise or if @error is set.
282 * Since: 2.26
284 gboolean
285 g_credentials_is_same_user (GCredentials *credentials,
286 GCredentials *other_credentials,
287 GError **error)
289 gboolean ret;
291 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
292 g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials), FALSE);
293 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
295 ret = FALSE;
296 #if G_CREDENTIALS_USE_LINUX_UCRED
297 if (credentials->native.uid == other_credentials->native.uid)
298 ret = TRUE;
299 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
300 if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
301 ret = TRUE;
302 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
303 if (credentials->native.unp_euid == other_credentials->native.unp_euid)
304 ret = TRUE;
305 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
306 if (credentials->native.uid == other_credentials->native.uid)
307 ret = TRUE;
308 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
309 if (ucred_geteuid (credentials->native) == ucred_geteuid (other_credentials->native))
310 ret = TRUE;
311 #else
312 g_set_error_literal (error,
313 G_IO_ERROR,
314 G_IO_ERROR_NOT_SUPPORTED,
315 _("GCredentials is not implemented on this OS"));
316 #endif
318 return ret;
321 static gboolean
322 credentials_native_type_check (GCredentialsType requested_type,
323 const char *op)
325 GEnumClass *enum_class;
326 GEnumValue *requested;
327 #if G_CREDENTIALS_SUPPORTED
328 GEnumValue *supported;
329 #endif
331 #if G_CREDENTIALS_SUPPORTED
332 if (requested_type == G_CREDENTIALS_NATIVE_TYPE)
333 return TRUE;
334 #endif
336 enum_class = g_type_class_ref (g_credentials_type_get_type ());
337 requested = g_enum_get_value (enum_class, requested_type);
339 #if G_CREDENTIALS_SUPPORTED
340 supported = g_enum_get_value (enum_class, G_CREDENTIALS_NATIVE_TYPE);
341 g_assert (supported);
342 g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
343 "but only %s is supported on this platform.",
344 op, op,
345 requested ? requested->value_name : "(unknown)",
346 supported->value_name);
347 #else
348 g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
349 "but there is no support for GCredentials on this platform.",
350 op, op,
351 requested ? requested->value_name : "(unknown)");
352 #endif
354 g_type_class_unref (enum_class);
355 return FALSE;
359 * g_credentials_get_native: (skip)
360 * @credentials: A #GCredentials.
361 * @native_type: The type of native credentials to get.
363 * Gets a pointer to native credentials of type @native_type from
364 * @credentials.
366 * It is a programming error (which will cause an warning to be
367 * logged) to use this method if there is no #GCredentials support for
368 * the OS or if @native_type isn't supported by the OS.
370 * Returns: The pointer to native credentials or %NULL if the
371 * operation there is no #GCredentials support for the OS or if
372 * @native_type isn't supported by the OS. Do not free the returned
373 * data, it is owned by @credentials.
375 * Since: 2.26
377 gpointer
378 g_credentials_get_native (GCredentials *credentials,
379 GCredentialsType native_type)
381 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
383 if (!credentials_native_type_check (native_type, "get"))
384 return NULL;
386 #if G_CREDENTIALS_USE_SOLARIS_UCRED
387 return credentials->native;
388 #elif G_CREDENTIALS_SUPPORTED
389 return &credentials->native;
390 #else
391 g_assert_not_reached ();
392 #endif
396 * g_credentials_set_native:
397 * @credentials: A #GCredentials.
398 * @native_type: The type of native credentials to set.
399 * @native: (not nullable): A pointer to native credentials.
401 * Copies the native credentials of type @native_type from @native
402 * into @credentials.
404 * It is a programming error (which will cause an warning to be
405 * logged) to use this method if there is no #GCredentials support for
406 * the OS or if @native_type isn't supported by the OS.
408 * Since: 2.26
410 void
411 g_credentials_set_native (GCredentials *credentials,
412 GCredentialsType native_type,
413 gpointer native)
415 if (!credentials_native_type_check (native_type, "set"))
416 return;
418 #if G_CREDENTIALS_USE_SOLARIS_UCRED
419 memcpy (credentials->native, native, ucred_size ());
420 #elif G_CREDENTIALS_SUPPORTED
421 memcpy (&credentials->native, native, sizeof (credentials->native));
422 #else
423 g_assert_not_reached ();
424 #endif
427 /* ---------------------------------------------------------------------------------------------------- */
429 #ifdef G_OS_UNIX
431 * g_credentials_get_unix_user:
432 * @credentials: A #GCredentials
433 * @error: Return location for error or %NULL.
435 * Tries to get the UNIX user identifier from @credentials. This
436 * method is only available on UNIX platforms.
438 * This operation can fail if #GCredentials is not supported on the
439 * OS or if the native credentials type does not contain information
440 * about the UNIX user.
442 * Returns: The UNIX user identifier or -1 if @error is set.
444 * Since: 2.26
446 uid_t
447 g_credentials_get_unix_user (GCredentials *credentials,
448 GError **error)
450 uid_t ret;
452 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
453 g_return_val_if_fail (error == NULL || *error == NULL, -1);
455 #if G_CREDENTIALS_USE_LINUX_UCRED
456 ret = credentials->native.uid;
457 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
458 ret = credentials->native.cmcred_euid;
459 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
460 ret = credentials->native.unp_euid;
461 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
462 ret = credentials->native.uid;
463 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
464 ret = ucred_geteuid (credentials->native);
465 #else
466 ret = -1;
467 g_set_error_literal (error,
468 G_IO_ERROR,
469 G_IO_ERROR_NOT_SUPPORTED,
470 _("There is no GCredentials support for your platform"));
471 #endif
473 return ret;
477 * g_credentials_get_unix_pid:
478 * @credentials: A #GCredentials
479 * @error: Return location for error or %NULL.
481 * Tries to get the UNIX process identifier from @credentials. This
482 * method is only available on UNIX platforms.
484 * This operation can fail if #GCredentials is not supported on the
485 * OS or if the native credentials type does not contain information
486 * about the UNIX process ID.
488 * Returns: The UNIX process ID, or -1 if @error is set.
490 * Since: 2.36
492 pid_t
493 g_credentials_get_unix_pid (GCredentials *credentials,
494 GError **error)
496 pid_t ret;
498 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
499 g_return_val_if_fail (error == NULL || *error == NULL, -1);
501 #if G_CREDENTIALS_USE_LINUX_UCRED
502 ret = credentials->native.pid;
503 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
504 ret = credentials->native.cmcred_pid;
505 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
506 ret = credentials->native.unp_pid;
507 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
508 ret = credentials->native.pid;
509 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
510 ret = ucred_getpid (credentials->native);
511 #else
512 ret = -1;
513 g_set_error_literal (error,
514 G_IO_ERROR,
515 G_IO_ERROR_NOT_SUPPORTED,
516 _("GCredentials does not contain a process ID on this OS"));
517 #endif
519 return ret;
523 * g_credentials_set_unix_user:
524 * @credentials: A #GCredentials.
525 * @uid: The UNIX user identifier to set.
526 * @error: Return location for error or %NULL.
528 * Tries to set the UNIX user identifier on @credentials. This method
529 * is only available on UNIX platforms.
531 * This operation can fail if #GCredentials is not supported on the
532 * OS or if the native credentials type does not contain information
533 * about the UNIX user. It can also fail if the OS does not allow the
534 * use of "spoofed" credentials.
536 * Returns: %TRUE if @uid was set, %FALSE if error is set.
538 * Since: 2.26
540 gboolean
541 g_credentials_set_unix_user (GCredentials *credentials,
542 uid_t uid,
543 GError **error)
545 gboolean ret;
547 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
548 g_return_val_if_fail (uid != -1, FALSE);
549 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
551 ret = FALSE;
552 #if G_CREDENTIALS_USE_LINUX_UCRED
553 credentials->native.uid = uid;
554 ret = TRUE;
555 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
556 credentials->native.cmcred_euid = uid;
557 ret = TRUE;
558 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
559 credentials->native.unp_euid = uid;
560 ret = TRUE;
561 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
562 credentials->native.uid = uid;
563 ret = TRUE;
564 #elif !G_CREDENTIALS_SPOOFING_SUPPORTED
565 g_set_error_literal (error,
566 G_IO_ERROR,
567 G_IO_ERROR_PERMISSION_DENIED,
568 _("Credentials spoofing is not possible on this OS"));
569 ret = FALSE;
570 #else
571 g_set_error_literal (error,
572 G_IO_ERROR,
573 G_IO_ERROR_NOT_SUPPORTED,
574 _("GCredentials is not implemented on this OS"));
575 ret = FALSE;
576 #endif
578 return ret;
581 #endif /* G_OS_UNIX */