1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-credentials.c Credentials provable through authentication
4 * Copyright (C) 2007 Red Hat Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include "dbus-credentials.h"
26 #include "dbus-internals.h"
29 * @defgroup DBusCredentials Credentials provable through authentication
30 * @ingroup DBusInternals
31 * @brief DBusCredentials object
33 * Credentials are what you have to prove you have in order to
34 * authenticate. The main credentials right now are a unix user
35 * account, a Windows user account, or a UNIX process ID.
39 * @defgroup DBusCredentialsInternals Credentials implementation details
40 * @ingroup DBusInternals
41 * @brief DBusCredentials implementation details
43 * Private details of credentials code.
48 struct DBusCredentials
{
54 dbus_int32_t adt_audit_data_size
;
60 * @addtogroup DBusCredentials
65 * Creates a new credentials object.
67 * @returns the new object or #NULL if no memory
70 _dbus_credentials_new (void)
72 DBusCredentials
*creds
;
74 creds
= dbus_new (DBusCredentials
, 1);
79 creds
->unix_uid
= DBUS_UID_UNSET
;
80 creds
->unix_pid
= DBUS_PID_UNSET
;
81 creds
->windows_sid
= NULL
;
82 creds
->adt_audit_data
= NULL
;
83 creds
->adt_audit_data_size
= 0;
89 * Creates a new object with credentials (user ID and process ID) from the current process.
90 * @returns the new object or #NULL if no memory
93 _dbus_credentials_new_from_current_process (void)
95 DBusCredentials
*creds
;
97 creds
= _dbus_credentials_new ();
101 if (!_dbus_credentials_add_from_current_process (creds
))
103 _dbus_credentials_unref (creds
);
111 * Increment refcount on credentials.
113 * @param credentials the object
116 _dbus_credentials_ref (DBusCredentials
*credentials
)
118 _dbus_assert (credentials
->refcount
> 0);
119 credentials
->refcount
+= 1;
123 * Decrement refcount on credentials.
125 * @param credentials the object
128 _dbus_credentials_unref (DBusCredentials
*credentials
)
130 _dbus_assert (credentials
->refcount
> 0);
132 credentials
->refcount
-= 1;
133 if (credentials
->refcount
== 0)
135 dbus_free (credentials
->windows_sid
);
136 dbus_free (credentials
->adt_audit_data
);
137 dbus_free (credentials
);
142 * Add a UNIX process ID to the credentials.
144 * @param credentials the object
145 * @param pid the process ID
146 * @returns #FALSE if no memory
149 _dbus_credentials_add_unix_pid (DBusCredentials
*credentials
,
152 credentials
->unix_pid
= pid
;
157 * Add a UNIX user ID to the credentials.
159 * @param credentials the object
160 * @param uid the user ID
161 * @returns #FALSE if no memory
164 _dbus_credentials_add_unix_uid(DBusCredentials
*credentials
,
167 credentials
->unix_uid
= uid
;
173 * Add a Windows user SID to the credentials.
175 * @param credentials the object
176 * @param windows_sid the user SID
177 * @returns #FALSE if no memory
180 _dbus_credentials_add_windows_sid (DBusCredentials
*credentials
,
181 const char *windows_sid
)
185 copy
= _dbus_strdup (windows_sid
);
189 dbus_free (credentials
->windows_sid
);
190 credentials
->windows_sid
= copy
;
196 * Add ADT audit data to the credentials.
198 * @param credentials the object
199 * @param audit_data the audit data
200 * @param size the length of audit data
201 * @returns #FALSE if no memory
204 _dbus_credentials_add_adt_audit_data (DBusCredentials
*credentials
,
209 copy
= _dbus_memdup (audit_data
, size
);
213 dbus_free (credentials
->adt_audit_data
);
214 credentials
->adt_audit_data
= copy
;
215 credentials
->adt_audit_data_size
= size
;
221 * Checks whether the given credential is present.
223 * @param credentials the object
224 * @param type the credential to check for
225 * @returns #TRUE if the credential is present
228 _dbus_credentials_include (DBusCredentials
*credentials
,
229 DBusCredentialType type
)
233 case DBUS_CREDENTIAL_UNIX_PROCESS_ID
:
234 return credentials
->unix_pid
!= DBUS_PID_UNSET
;
235 case DBUS_CREDENTIAL_UNIX_USER_ID
:
236 return credentials
->unix_uid
!= DBUS_UID_UNSET
;
237 case DBUS_CREDENTIAL_WINDOWS_SID
:
238 return credentials
->windows_sid
!= NULL
;
239 case DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID
:
240 return credentials
->adt_audit_data
!= NULL
;
243 _dbus_assert_not_reached ("Unknown credential enum value");
248 * Gets the UNIX process ID in the credentials, or #DBUS_PID_UNSET if
249 * the credentials object doesn't contain a process ID.
251 * @param credentials the object
252 * @returns UNIX process ID
255 _dbus_credentials_get_unix_pid (DBusCredentials
*credentials
)
257 return credentials
->unix_pid
;
261 * Gets the UNIX user ID in the credentials, or #DBUS_UID_UNSET if
262 * the credentials object doesn't contain a user ID.
264 * @param credentials the object
265 * @returns UNIX user ID
268 _dbus_credentials_get_unix_uid (DBusCredentials
*credentials
)
270 return credentials
->unix_uid
;
274 * Gets the Windows user SID in the credentials, or #NULL if
275 * the credentials object doesn't contain a Windows user SID.
277 * @param credentials the object
278 * @returns Windows user SID
281 _dbus_credentials_get_windows_sid (DBusCredentials
*credentials
)
283 return credentials
->windows_sid
;
287 * Gets the ADT audit data in the credentials, or #NULL if
288 * the credentials object doesn't contain ADT audit data.
290 * @param credentials the object
291 * @returns Solaris ADT audit data
294 _dbus_credentials_get_adt_audit_data (DBusCredentials
*credentials
)
296 return credentials
->adt_audit_data
;
300 * Gets the ADT audit data size in the credentials, or 0 if
301 * the credentials object doesn't contain ADT audit data.
303 * @param credentials the object
304 * @returns Solaris ADT audit data size
307 _dbus_credentials_get_adt_audit_data_size (DBusCredentials
*credentials
)
309 return credentials
->adt_audit_data_size
;
313 * Checks whether the first credentials object contains
314 * all the credentials found in the second credentials object.
316 * @param credentials the object
317 * @param possible_subset see if credentials in here are also in the first arg
318 * @returns #TRUE if second arg is contained in first
321 _dbus_credentials_are_superset (DBusCredentials
*credentials
,
322 DBusCredentials
*possible_subset
)
325 (possible_subset
->unix_pid
== DBUS_PID_UNSET
||
326 possible_subset
->unix_pid
== credentials
->unix_pid
) &&
327 (possible_subset
->unix_uid
== DBUS_UID_UNSET
||
328 possible_subset
->unix_uid
== credentials
->unix_uid
) &&
329 (possible_subset
->windows_sid
== NULL
||
330 (credentials
->windows_sid
&& strcmp (possible_subset
->windows_sid
,
331 credentials
->windows_sid
) == 0)) &&
332 (possible_subset
->adt_audit_data
== NULL
||
333 (credentials
->adt_audit_data
&& memcmp (possible_subset
->adt_audit_data
,
334 credentials
->adt_audit_data
,
335 credentials
->adt_audit_data_size
) == 0));
339 * Checks whether a credentials object contains anything.
341 * @param credentials the object
342 * @returns #TRUE if there are no credentials in the object
345 _dbus_credentials_are_empty (DBusCredentials
*credentials
)
348 credentials
->unix_pid
== DBUS_PID_UNSET
&&
349 credentials
->unix_uid
== DBUS_UID_UNSET
&&
350 credentials
->windows_sid
== NULL
&&
351 credentials
->adt_audit_data
== NULL
;
355 * Checks whether a credentials object contains a user identity.
357 * @param credentials the object
358 * @returns #TRUE if there are no user identities in the object
361 _dbus_credentials_are_anonymous (DBusCredentials
*credentials
)
364 credentials
->unix_uid
== DBUS_UID_UNSET
&&
365 credentials
->windows_sid
== NULL
;
369 * Merge all credentials found in the second object into the first object,
370 * overwriting the first object if there are any overlaps.
372 * @param credentials the object
373 * @param other_credentials credentials to merge
374 * @returns #FALSE if no memory
377 _dbus_credentials_add_credentials (DBusCredentials
*credentials
,
378 DBusCredentials
*other_credentials
)
381 _dbus_credentials_add_credential (credentials
,
382 DBUS_CREDENTIAL_UNIX_PROCESS_ID
,
383 other_credentials
) &&
384 _dbus_credentials_add_credential (credentials
,
385 DBUS_CREDENTIAL_UNIX_USER_ID
,
386 other_credentials
) &&
387 _dbus_credentials_add_credential (credentials
,
388 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID
,
389 other_credentials
) &&
390 _dbus_credentials_add_credential (credentials
,
391 DBUS_CREDENTIAL_WINDOWS_SID
,
396 * Merge the given credential found in the second object into the first object,
397 * overwriting the first object's value for that credential.
399 * Does nothing if the second object does not contain the specified credential.
400 * i.e., will never delete a credential from the first object.
402 * @param credentials the object
403 * @param which the credential to overwrite
404 * @param other_credentials credentials to merge
405 * @returns #FALSE if no memory
408 _dbus_credentials_add_credential (DBusCredentials
*credentials
,
409 DBusCredentialType which
,
410 DBusCredentials
*other_credentials
)
412 if (which
== DBUS_CREDENTIAL_UNIX_PROCESS_ID
&&
413 other_credentials
->unix_pid
!= DBUS_PID_UNSET
)
415 if (!_dbus_credentials_add_unix_pid (credentials
, other_credentials
->unix_pid
))
418 else if (which
== DBUS_CREDENTIAL_UNIX_USER_ID
&&
419 other_credentials
->unix_uid
!= DBUS_UID_UNSET
)
421 if (!_dbus_credentials_add_unix_uid (credentials
, other_credentials
->unix_uid
))
424 else if (which
== DBUS_CREDENTIAL_WINDOWS_SID
&&
425 other_credentials
->windows_sid
!= NULL
)
427 if (!_dbus_credentials_add_windows_sid (credentials
, other_credentials
->windows_sid
))
430 else if (which
== DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID
&&
431 other_credentials
->adt_audit_data
!= NULL
)
433 if (!_dbus_credentials_add_adt_audit_data (credentials
, other_credentials
->adt_audit_data
, other_credentials
->adt_audit_data_size
))
441 * Clear all credentials in the object.
443 * @param credentials the object
446 _dbus_credentials_clear (DBusCredentials
*credentials
)
448 credentials
->unix_pid
= DBUS_PID_UNSET
;
449 credentials
->unix_uid
= DBUS_UID_UNSET
;
450 dbus_free (credentials
->windows_sid
);
451 credentials
->windows_sid
= NULL
;
452 dbus_free (credentials
->adt_audit_data
);
453 credentials
->adt_audit_data
= NULL
;
454 credentials
->adt_audit_data_size
= 0;
458 * Copy a credentials object.
460 * @param credentials the object
461 * @returns the copy or #NULL
464 _dbus_credentials_copy (DBusCredentials
*credentials
)
466 DBusCredentials
*copy
;
468 copy
= _dbus_credentials_new ();
472 if (!_dbus_credentials_add_credentials (copy
, credentials
))
474 _dbus_credentials_unref (copy
);
482 * Check whether the user-identifying credentials in two credentials
483 * objects are identical. Credentials that are not related to the
484 * user are ignored, but any kind of user ID credentials must be the
485 * same (UNIX user ID, Windows user SID, etc.) and present in both
486 * objects for the function to return #TRUE.
488 * @param credentials the object
489 * @param other_credentials credentials to compare
490 * @returns #TRUE if the two credentials refer to the same user
493 _dbus_credentials_same_user (DBusCredentials
*credentials
,
494 DBusCredentials
*other_credentials
)
496 /* both windows and unix user must be the same (though pretty much
497 * in all conceivable cases, one will be unset)
499 return credentials
->unix_uid
== other_credentials
->unix_uid
&&
500 ((!(credentials
->windows_sid
|| other_credentials
->windows_sid
)) ||
501 (credentials
->windows_sid
&& other_credentials
->windows_sid
&&
502 strcmp (credentials
->windows_sid
, other_credentials
->windows_sid
) == 0));
507 /* tests in dbus-credentials-util.c */