1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2010 Red Hat, Inc.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: David Zeuthen <davidz@redhat.com>
28 #include <gobject/gvaluecollector.h>
30 #include "gcredentials.h"
31 #include "gcredentialsprivate.h"
32 #include "gnetworking.h"
34 #include "gioenumtypes.h"
39 * SECTION:gcredentials
40 * @short_description: An object containing credentials
43 * The #GCredentials type is a reference-counted wrapper for native
44 * credentials. This information is typically used for identifying,
45 * authenticating and authorizing other processes.
47 * Some operating systems supports looking up the credentials of the
48 * remote peer of a communication endpoint - see e.g.
49 * g_socket_get_credentials().
51 * Some operating systems supports securely sending and receiving
52 * credentials over a Unix Domain Socket, see
53 * #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
54 * g_unix_connection_receive_credentials() for details.
56 * On Linux, the native credential type is a <type>struct ucred</type>
58 * <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>
59 * man page for details. This corresponds to
60 * %G_CREDENTIALS_TYPE_LINUX_UCRED.
62 * On FreeBSD, Debian GNU/kFreeBSD, and GNU/Hurd, the native
63 * credential type is a <type>struct cmsgcred</type>. This corresponds
64 * to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED.
66 * On OpenBSD, the native credential type is a <type>struct sockpeercred</type>.
67 * This corresponds to %G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED.
69 * On Solaris (including OpenSolaris and its derivatives), the native
70 * credential type is a <type>ucred_t</type>. This corresponds to
71 * %G_CREDENTIALS_TYPE_SOLARIS_UCRED.
77 * The #GCredentials structure contains only private data and
78 * should only be accessed using the provided API.
85 GObject parent_instance
;
87 #if G_CREDENTIALS_USE_LINUX_UCRED
89 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
90 struct cmsgcred native
;
91 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
92 struct sockpeercred native
;
93 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
97 #warning Please add GCredentials support for your OS
105 * Class structure for #GCredentials.
109 struct _GCredentialsClass
112 GObjectClass parent_class
;
115 G_DEFINE_TYPE (GCredentials
, g_credentials
, G_TYPE_OBJECT
);
118 g_credentials_finalize (GObject
*object
)
120 #if G_CREDENTIALS_USE_SOLARIS_UCRED
121 GCredentials
*credentials
= G_CREDENTIALS (object
);
123 ucred_free (credentials
->native
);
126 if (G_OBJECT_CLASS (g_credentials_parent_class
)->finalize
!= NULL
)
127 G_OBJECT_CLASS (g_credentials_parent_class
)->finalize (object
);
132 g_credentials_class_init (GCredentialsClass
*klass
)
134 GObjectClass
*gobject_class
;
136 gobject_class
= G_OBJECT_CLASS (klass
);
137 gobject_class
->finalize
= g_credentials_finalize
;
141 g_credentials_init (GCredentials
*credentials
)
143 #if G_CREDENTIALS_USE_LINUX_UCRED
144 credentials
->native
.pid
= getpid ();
145 credentials
->native
.uid
= geteuid ();
146 credentials
->native
.gid
= getegid ();
147 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
148 memset (&credentials
->native
, 0, sizeof (struct cmsgcred
));
149 credentials
->native
.cmcred_pid
= getpid ();
150 credentials
->native
.cmcred_euid
= geteuid ();
151 credentials
->native
.cmcred_gid
= getegid ();
152 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
153 credentials
->native
.pid
= getpid ();
154 credentials
->native
.uid
= geteuid ();
155 credentials
->native
.gid
= getegid ();
156 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
157 credentials
->native
= ucred_get (P_MYID
);
161 /* ---------------------------------------------------------------------------------------------------- */
166 * Creates a new #GCredentials object with credentials matching the
167 * the current process.
169 * Returns: A #GCredentials. Free with g_object_unref().
174 g_credentials_new (void)
176 return g_object_new (G_TYPE_CREDENTIALS
, NULL
);
179 /* ---------------------------------------------------------------------------------------------------- */
182 * g_credentials_to_string:
183 * @credentials: A #GCredentials object.
185 * Creates a human-readable textual representation of @credentials
186 * that can be used in logging and debug messages. The format of the
187 * returned string may change in future GLib release.
189 * Returns: A string that should be freed with g_free().
194 g_credentials_to_string (GCredentials
*credentials
)
198 g_return_val_if_fail (G_IS_CREDENTIALS (credentials
), NULL
);
200 ret
= g_string_new ("GCredentials:");
201 #if G_CREDENTIALS_USE_LINUX_UCRED
202 g_string_append (ret
, "linux-ucred:");
203 if (credentials
->native
.pid
!= -1)
204 g_string_append_printf (ret
, "pid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.pid
);
205 if (credentials
->native
.uid
!= -1)
206 g_string_append_printf (ret
, "uid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.uid
);
207 if (credentials
->native
.gid
!= -1)
208 g_string_append_printf (ret
, "gid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.gid
);
209 if (ret
->str
[ret
->len
- 1] == ',')
210 ret
->str
[ret
->len
- 1] = '\0';
211 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
212 g_string_append (ret
, "freebsd-cmsgcred:");
213 if (credentials
->native
.cmcred_pid
!= -1)
214 g_string_append_printf (ret
, "pid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.cmcred_pid
);
215 if (credentials
->native
.cmcred_euid
!= -1)
216 g_string_append_printf (ret
, "uid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.cmcred_euid
);
217 if (credentials
->native
.cmcred_gid
!= -1)
218 g_string_append_printf (ret
, "gid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.cmcred_gid
);
219 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
220 g_string_append (ret
, "openbsd-sockpeercred:");
221 if (credentials
->native
.pid
!= -1)
222 g_string_append_printf (ret
, "pid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.pid
);
223 if (credentials
->native
.uid
!= -1)
224 g_string_append_printf (ret
, "uid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.uid
);
225 if (credentials
->native
.gid
!= -1)
226 g_string_append_printf (ret
, "gid=%" G_GINT64_FORMAT
",", (gint64
) credentials
->native
.gid
);
227 if (ret
->str
[ret
->len
- 1] == ',')
228 ret
->str
[ret
->len
- 1] = '\0';
229 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
230 g_string_append (ret
, "solaris-ucred:");
233 if ((id
= ucred_getpid (credentials
->native
)) != -1)
234 g_string_append_printf (ret
, "pid=%" G_GINT64_FORMAT
",", (gint64
) id
);
235 if ((id
= ucred_geteuid (credentials
->native
)) != -1)
236 g_string_append_printf (ret
, "uid=%" G_GINT64_FORMAT
",", (gint64
) id
);
237 if ((id
= ucred_getegid (credentials
->native
)) != -1)
238 g_string_append_printf (ret
, "gid=%" G_GINT64_FORMAT
",", (gint64
) id
);
239 if (ret
->str
[ret
->len
- 1] == ',')
240 ret
->str
[ret
->len
- 1] = '\0';
243 g_string_append (ret
, "unknown");
246 return g_string_free (ret
, FALSE
);
249 /* ---------------------------------------------------------------------------------------------------- */
252 * g_credentials_is_same_user:
253 * @credentials: A #GCredentials.
254 * @other_credentials: A #GCredentials.
255 * @error: Return location for error or %NULL.
257 * Checks if @credentials and @other_credentials is the same user.
259 * This operation can fail if #GCredentials is not supported on the
262 * Returns: %TRUE if @credentials and @other_credentials has the same
263 * user, %FALSE otherwise or if @error is set.
268 g_credentials_is_same_user (GCredentials
*credentials
,
269 GCredentials
*other_credentials
,
274 g_return_val_if_fail (G_IS_CREDENTIALS (credentials
), FALSE
);
275 g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials
), FALSE
);
276 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, FALSE
);
279 #if G_CREDENTIALS_USE_LINUX_UCRED
280 if (credentials
->native
.uid
== other_credentials
->native
.uid
)
282 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
283 if (credentials
->native
.cmcred_euid
== other_credentials
->native
.cmcred_euid
)
285 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
286 if (credentials
->native
.uid
== other_credentials
->native
.uid
)
288 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
289 if (ucred_geteuid (credentials
->native
) == ucred_geteuid (other_credentials
->native
))
292 g_set_error_literal (error
,
294 G_IO_ERROR_NOT_SUPPORTED
,
295 _("GCredentials is not implemented on this OS"));
302 credentials_native_type_check (GCredentialsType requested_type
,
305 GEnumClass
*enum_class
;
306 GEnumValue
*requested
;
307 #if G_CREDENTIALS_SUPPORTED
308 GEnumValue
*supported
;
311 #if G_CREDENTIALS_SUPPORTED
312 if (requested_type
== G_CREDENTIALS_NATIVE_TYPE
)
316 enum_class
= g_type_class_ref (g_credentials_type_get_type ());
317 requested
= g_enum_get_value (enum_class
, requested_type
);
319 #if G_CREDENTIALS_SUPPORTED
320 supported
= g_enum_get_value (enum_class
, G_CREDENTIALS_NATIVE_TYPE
);
321 g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
322 "but only %s is supported on this platform.",
324 requested
? requested
->value_name
: "(unknown)",
325 supported
->value_name
);
327 g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
328 "but there is no support for GCredentials on this platform.",
330 requested
? requested
->value_name
: "(unknown)");
333 g_type_class_unref (enum_class
);
338 * g_credentials_get_native: (skip)
339 * @credentials: A #GCredentials.
340 * @native_type: The type of native credentials to get.
342 * Gets a pointer to native credentials of type @native_type from
345 * It is a programming error (which will cause an warning to be
346 * logged) to use this method if there is no #GCredentials support for
347 * the OS or if @native_type isn't supported by the OS.
349 * Returns: The pointer to native credentials or %NULL if the
350 * operation there is no #GCredentials support for the OS or if
351 * @native_type isn't supported by the OS. Do not free the returned
352 * data, it is owned by @credentials.
357 g_credentials_get_native (GCredentials
*credentials
,
358 GCredentialsType native_type
)
360 g_return_val_if_fail (G_IS_CREDENTIALS (credentials
), NULL
);
362 if (!credentials_native_type_check (native_type
, "get"))
365 #if G_CREDENTIALS_USE_SOLARIS_UCRED
366 return credentials
->native
;
367 #elif G_CREDENTIALS_SUPPORTED
368 return &credentials
->native
;
370 g_assert_not_reached ();
375 * g_credentials_set_native:
376 * @credentials: A #GCredentials.
377 * @native_type: The type of native credentials to set.
378 * @native: A pointer to native credentials.
380 * Copies the native credentials of type @native_type from @native
383 * It is a programming error (which will cause an warning to be
384 * logged) to use this method if there is no #GCredentials support for
385 * the OS or if @native_type isn't supported by the OS.
390 g_credentials_set_native (GCredentials
*credentials
,
391 GCredentialsType native_type
,
394 if (!credentials_native_type_check (native_type
, "set"))
397 #if G_CREDENTIALS_USE_SOLARIS_UCRED
398 memcpy (credentials
->native
, native
, ucred_size ());
399 #elif G_CREDENTIALS_SUPPORTED
400 memcpy (&credentials
->native
, native
, sizeof (credentials
->native
));
402 g_assert_not_reached ();
406 /* ---------------------------------------------------------------------------------------------------- */
410 * g_credentials_get_unix_user:
411 * @credentials: A #GCredentials
412 * @error: Return location for error or %NULL.
414 * Tries to get the UNIX user identifier from @credentials. This
415 * method is only available on UNIX platforms.
417 * This operation can fail if #GCredentials is not supported on the
418 * OS or if the native credentials type does not contain information
419 * about the UNIX user.
421 * Returns: The UNIX user identifier or -1 if @error is set.
426 g_credentials_get_unix_user (GCredentials
*credentials
,
431 g_return_val_if_fail (G_IS_CREDENTIALS (credentials
), -1);
432 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, -1);
434 #if G_CREDENTIALS_USE_LINUX_UCRED
435 ret
= credentials
->native
.uid
;
436 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
437 ret
= credentials
->native
.cmcred_euid
;
438 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
439 ret
= credentials
->native
.uid
;
440 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
441 ret
= ucred_geteuid (credentials
->native
);
444 g_set_error_literal (error
,
446 G_IO_ERROR_NOT_SUPPORTED
,
447 _("There is no GCredentials support for your platform"));
454 * g_credentials_get_unix_pid:
455 * @credentials: A #GCredentials
456 * @error: Return location for error or %NULL.
458 * Tries to get the UNIX process identifier from @credentials. This
459 * method is only available on UNIX platforms.
461 * This operation can fail if #GCredentials is not supported on the
462 * OS or if the native credentials type does not contain information
463 * about the UNIX process ID.
465 * Returns: The UNIX process ID, or -1 if @error is set.
470 g_credentials_get_unix_pid (GCredentials
*credentials
,
475 g_return_val_if_fail (G_IS_CREDENTIALS (credentials
), -1);
476 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, -1);
478 #if G_CREDENTIALS_USE_LINUX_UCRED
479 ret
= credentials
->native
.pid
;
480 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
481 ret
= credentials
->native
.cmcred_pid
;
482 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
483 ret
= credentials
->native
.pid
;
484 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
485 ret
= ucred_getpid (credentials
->native
);
488 g_set_error_literal (error
,
490 G_IO_ERROR_NOT_SUPPORTED
,
491 _("GCredentials does not contain a process ID on this OS"));
498 * g_credentials_set_unix_user:
499 * @credentials: A #GCredentials.
500 * @uid: The UNIX user identifier to set.
501 * @error: Return location for error or %NULL.
503 * Tries to set the UNIX user identifier on @credentials. This method
504 * is only available on UNIX platforms.
506 * This operation can fail if #GCredentials is not supported on the
507 * OS or if the native credentials type does not contain information
508 * about the UNIX user. It can also fail if the OS does not allow the
509 * use of "spoofed" credentials.
511 * Returns: %TRUE if @uid was set, %FALSE if error is set.
516 g_credentials_set_unix_user (GCredentials
*credentials
,
522 g_return_val_if_fail (G_IS_CREDENTIALS (credentials
), FALSE
);
523 g_return_val_if_fail (uid
!= -1, FALSE
);
524 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, FALSE
);
527 #if G_CREDENTIALS_USE_LINUX_UCRED
528 credentials
->native
.uid
= uid
;
530 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
531 credentials
->native
.cmcred_euid
= uid
;
533 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
534 credentials
->native
.uid
= uid
;
536 #elif !G_CREDENTIALS_SPOOFING_SUPPORTED
537 g_set_error_literal (error
,
539 G_IO_ERROR_PERMISSION_DENIED
,
540 _("Credentials spoofing is not possible on this OS"));
543 g_set_error_literal (error
,
545 G_IO_ERROR_NOT_SUPPORTED
,
546 _("GCredentials is not implemented on this OS"));
553 #endif /* G_OS_UNIX */