| blob | f21ecb276fc46c3840cfca8a63268156a0a66109 |
1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-credentials.c Credentials provable through authentication
3 *
4 * Copyright (C) 2007 Red Hat Inc.
5 *
6 * Licensed under the Academic Free License version 2.1
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23 #include <config.h>
24 #include <string.h>
28 /**
29 * @defgroup DBusCredentials Credentials provable through authentication
30 * @ingroup DBusInternals
31 * @brief DBusCredentials object
32 *
33 * Credentials are what you have to prove you have in order to
34 * authenticate. The main credentials right now are a unix user
35 * account, a Windows user account, or a UNIX process ID.
36 */
38 /**
39 * @defgroup DBusCredentialsInternals Credentials implementation details
40 * @ingroup DBusInternals
41 * @brief DBusCredentials implementation details
42 *
43 * Private details of credentials code.
44 *
45 * @{
46 */
50 dbus_uid_t unix_uid;
51 dbus_pid_t unix_pid;
54 dbus_int32_t adt_audit_data_size;
55 };
57 /** @} */
59 /**
60 * @addtogroup DBusCredentials
61 * @{
62 */
64 /**
65 * Creates a new credentials object.
66 *
67 * @returns the new object or #NULL if no memory
68 */
69 DBusCredentials*
71 {
86 }
88 /**
89 * Creates a new object with credentials (user ID and process ID) from the current process.
90 * @returns the new object or #NULL if no memory
91 */
92 DBusCredentials*
94 {
102 {
105 }
108 }
110 /**
111 * Increment refcount on credentials.
112 *
113 * @param credentials the object
114 */
115 void
117 {
120 }
122 /**
123 * Decrement refcount on credentials.
124 *
125 * @param credentials the object
126 */
127 void
129 {
134 {
138 }
139 }
141 /**
142 * Add a UNIX process ID to the credentials.
143 *
144 * @param credentials the object
145 * @param pid the process ID
146 * @returns #FALSE if no memory
147 */
148 dbus_bool_t
150 dbus_pid_t pid)
151 {
154 }
156 /**
157 * Add a UNIX user ID to the credentials.
158 *
159 * @param credentials the object
160 * @param uid the user ID
161 * @returns #FALSE if no memory
162 */
163 dbus_bool_t
165 dbus_uid_t uid)
166 {
170 }
172 /**
173 * Add a Windows user SID to the credentials.
174 *
175 * @param credentials the object
176 * @param windows_sid the user SID
177 * @returns #FALSE if no memory
178 */
179 dbus_bool_t
182 {
193 }
195 /**
196 * Add ADT audit data to the credentials.
197 *
198 * @param credentials the object
199 * @param audit_data the audit data
200 * @param size the length of audit data
201 * @returns #FALSE if no memory
202 */
203 dbus_bool_t
206 dbus_int32_t size)
207 {
218 }
220 /**
221 * Checks whether the given credential is present.
222 *
223 * @param credentials the object
224 * @param type the credential to check for
225 * @returns #TRUE if the credential is present
226 */
227 dbus_bool_t
229 DBusCredentialType type)
230 {
232 {
241 }
245 }
247 /**
248 * Gets the UNIX process ID in the credentials, or #DBUS_PID_UNSET if
249 * the credentials object doesn't contain a process ID.
250 *
251 * @param credentials the object
252 * @returns UNIX process ID
253 */
254 dbus_pid_t
256 {
258 }
260 /**
261 * Gets the UNIX user ID in the credentials, or #DBUS_UID_UNSET if
262 * the credentials object doesn't contain a user ID.
263 *
264 * @param credentials the object
265 * @returns UNIX user ID
266 */
267 dbus_uid_t
269 {
271 }
273 /**
274 * Gets the Windows user SID in the credentials, or #NULL if
275 * the credentials object doesn't contain a Windows user SID.
276 *
277 * @param credentials the object
278 * @returns Windows user SID
279 */
282 {
284 }
286 /**
287 * Gets the ADT audit data in the credentials, or #NULL if
288 * the credentials object doesn't contain ADT audit data.
289 *
290 * @param credentials the object
291 * @returns Solaris ADT audit data
292 */
295 {
297 }
299 /**
300 * Gets the ADT audit data size in the credentials, or 0 if
301 * the credentials object doesn't contain ADT audit data.
302 *
303 * @param credentials the object
304 * @returns Solaris ADT audit data size
305 */
306 dbus_int32_t
308 {
310 }
312 /**
313 * Checks whether the first credentials object contains
314 * all the credentials found in the second credentials object.
315 *
316 * @param credentials the object
317 * @param possible_subset see if credentials in here are also in the first arg
318 * @returns #TRUE if second arg is contained in first
319 */
320 dbus_bool_t
323 {
324 return
336 }
338 /**
339 * Checks whether a credentials object contains anything.
340 *
341 * @param credentials the object
342 * @returns #TRUE if there are no credentials in the object
343 */
344 dbus_bool_t
346 {
347 return
352 }
354 /**
355 * Checks whether a credentials object contains a user identity.
356 *
357 * @param credentials the object
358 * @returns #TRUE if there are no user identities in the object
359 */
360 dbus_bool_t
362 {
363 return
366 }
368 /**
369 * Merge all credentials found in the second object into the first object,
370 * overwriting the first object if there are any overlaps.
371 *
372 * @param credentials the object
373 * @param other_credentials credentials to merge
374 * @returns #FALSE if no memory
375 */
376 dbus_bool_t
379 {
380 return
382 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
383 other_credentials) &&
385 DBUS_CREDENTIAL_UNIX_USER_ID,
386 other_credentials) &&
388 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
389 other_credentials) &&
391 DBUS_CREDENTIAL_WINDOWS_SID,
392 other_credentials);
393 }
395 /**
396 * Merge the given credential found in the second object into the first object,
397 * overwriting the first object's value for that credential.
398 *
399 * Does nothing if the second object does not contain the specified credential.
400 * i.e., will never delete a credential from the first object.
401 *
402 * @param credentials the object
403 * @param which the credential to overwrite
404 * @param other_credentials credentials to merge
405 * @returns #FALSE if no memory
406 */
407 dbus_bool_t
409 DBusCredentialType which,
411 {
414 {
417 }
420 {
423 }
426 {
429 }
432 {
433 if (!_dbus_credentials_add_adt_audit_data (credentials, other_credentials->adt_audit_data, other_credentials->adt_audit_data_size))
435 }
438 }
440 /**
441 * Clear all credentials in the object.
442 *
443 * @param credentials the object
444 */
445 void
447 {
455 }
457 /**
458 * Copy a credentials object.
459 *
460 * @param credentials the object
461 * @returns the copy or #NULL
462 */
463 DBusCredentials*
465 {
473 {
476 }
479 }
481 /**
482 * Check whether the user-identifying credentials in two credentials
483 * objects are identical. Credentials that are not related to the
484 * user are ignored, but any kind of user ID credentials must be the
485 * same (UNIX user ID, Windows user SID, etc.) and present in both
486 * objects for the function to return #TRUE.
487 *
488 * @param credentials the object
489 * @param other_credentials credentials to compare
490 * @returns #TRUE if the two credentials refer to the same user
491 */
492 dbus_bool_t
495 {
496 /* both windows and unix user must be the same (though pretty much
497 * in all conceivable cases, one will be unset)
498 */
503 }
505 /** @} */
507 /* tests in dbus-credentials-util.c */