1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-credentials.c Credentials provable through authentication
4 * Copyright (C) 2007 Red Hat Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include "dbus-credentials.h"
26 #include "dbus-internals.h"
29 * @defgroup DBusCredentials Credentials provable through authentication
30 * @ingroup DBusInternals
31 * @brief DBusCredentials object
33 * Credentials are what you have to prove you have in order to
34 * authenticate. The main credentials right now are a unix user
35 * account, a Windows user account, or a UNIX process ID.
39 * @defgroup DBusCredentialsInternals Credentials implementation details
40 * @ingroup DBusInternals
41 * @brief DBusCredentials implementation details
43 * Private details of credentials code.
48 struct DBusCredentials {
58 * @addtogroup DBusCredentials
63 * Creates a new credentials object.
65 * @returns the new object or #NULL if no memory
68 _dbus_credentials_new (void)
70 DBusCredentials *creds;
72 creds = dbus_new (DBusCredentials, 1);
77 creds->unix_uid = DBUS_UID_UNSET;
78 creds->unix_pid = DBUS_PID_UNSET;
79 creds->windows_sid = NULL;
85 * Creates a new object with credentials (user ID and process ID) from the current process.
86 * @returns the new object or #NULL if no memory
89 _dbus_credentials_new_from_current_process (void)
91 DBusCredentials *creds;
93 creds = _dbus_credentials_new ();
97 if (!_dbus_credentials_add_from_current_process (creds))
99 _dbus_credentials_unref (creds);
107 * Increment refcount on credentials.
109 * @param credentials the object
112 _dbus_credentials_ref (DBusCredentials *credentials)
114 _dbus_assert (credentials->refcount > 0);
115 credentials->refcount += 1;
119 * Decrement refcount on credentials.
121 * @param credentials the object
124 _dbus_credentials_unref (DBusCredentials *credentials)
126 _dbus_assert (credentials->refcount > 0);
128 credentials->refcount -= 1;
129 if (credentials->refcount == 0)
131 dbus_free (credentials->windows_sid);
132 dbus_free (credentials);
137 * Add a UNIX process ID to the credentials.
139 * @param credentials the object
140 * @param pid the process ID
141 * @returns #FALSE if no memory
144 _dbus_credentials_add_unix_pid (DBusCredentials *credentials,
147 credentials->unix_pid = pid;
152 * Add a UNIX user ID to the credentials.
154 * @param credentials the object
155 * @param uid the user ID
156 * @returns #FALSE if no memory
159 _dbus_credentials_add_unix_uid(DBusCredentials *credentials,
162 credentials->unix_uid = uid;
168 * Add a Windows user SID to the credentials.
170 * @param credentials the object
171 * @param windows_sid the user SID
172 * @returns #FALSE if no memory
175 _dbus_credentials_add_windows_sid (DBusCredentials *credentials,
176 const char *windows_sid)
180 copy = _dbus_strdup (windows_sid);
184 dbus_free (credentials->windows_sid);
185 credentials->windows_sid = copy;
191 * Checks whether the given credential is present.
193 * @param credentials the object
194 * @param type the credential to check for
195 * @returns #TRUE if the credential is present
198 _dbus_credentials_include (DBusCredentials *credentials,
199 DBusCredentialType type)
203 case DBUS_CREDENTIAL_UNIX_PROCESS_ID:
204 return credentials->unix_pid != DBUS_PID_UNSET;
205 case DBUS_CREDENTIAL_UNIX_USER_ID:
206 return credentials->unix_uid != DBUS_UID_UNSET;
207 case DBUS_CREDENTIAL_WINDOWS_SID:
208 return credentials->windows_sid != NULL;
211 _dbus_assert_not_reached ("Unknown credential enum value");
216 * Gets the UNIX process ID in the credentials, or #DBUS_PID_UNSET if
217 * the credentials object doesn't contain a process ID.
219 * @param credentials the object
220 * @returns UNIX process ID
223 _dbus_credentials_get_unix_pid (DBusCredentials *credentials)
225 return credentials->unix_pid;
229 * Gets the UNIX user ID in the credentials, or #DBUS_UID_UNSET if
230 * the credentials object doesn't contain a user ID.
232 * @param credentials the object
233 * @returns UNIX user ID
236 _dbus_credentials_get_unix_uid (DBusCredentials *credentials)
238 return credentials->unix_uid;
242 * Gets the Windows user SID in the credentials, or #NULL if
243 * the credentials object doesn't contain a Windows user SID.
245 * @param credentials the object
246 * @returns Windows user SID
249 _dbus_credentials_get_windows_sid (DBusCredentials *credentials)
251 return credentials->windows_sid;
255 * Checks whether the first credentials object contains
256 * all the credentials found in the second credentials object.
258 * @param credentials the object
259 * @param possible_subset see if credentials in here are also in the first arg
260 * @returns #TRUE if second arg is contained in first
263 _dbus_credentials_are_superset (DBusCredentials *credentials,
264 DBusCredentials *possible_subset)
267 (possible_subset->unix_pid == DBUS_PID_UNSET ||
268 possible_subset->unix_pid == credentials->unix_pid) &&
269 (possible_subset->unix_uid == DBUS_UID_UNSET ||
270 possible_subset->unix_uid == credentials->unix_uid) &&
271 (possible_subset->windows_sid == NULL ||
272 (credentials->windows_sid && strcmp (possible_subset->windows_sid,
273 credentials->windows_sid) == 0));
277 * Checks whether a credentials object contains anything.
279 * @param credentials the object
280 * @returns #TRUE if there are no credentials in the object
283 _dbus_credentials_are_empty (DBusCredentials *credentials)
286 credentials->unix_pid == DBUS_PID_UNSET &&
287 credentials->unix_uid == DBUS_UID_UNSET &&
288 credentials->windows_sid == NULL;
292 * Checks whether a credentials object contains a user identity.
294 * @param credentials the object
295 * @returns #TRUE if there are no user identities in the object
298 _dbus_credentials_are_anonymous (DBusCredentials *credentials)
301 credentials->unix_uid == DBUS_UID_UNSET &&
302 credentials->windows_sid == NULL;
306 * Merge all credentials found in the second object into the first object,
307 * overwriting the first object if there are any overlaps.
309 * @param credentials the object
310 * @param other_credentials credentials to merge
311 * @returns #FALSE if no memory
314 _dbus_credentials_add_credentials (DBusCredentials *credentials,
315 DBusCredentials *other_credentials)
318 _dbus_credentials_add_credential (credentials,
319 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
320 other_credentials) &&
321 _dbus_credentials_add_credential (credentials,
322 DBUS_CREDENTIAL_UNIX_USER_ID,
323 other_credentials) &&
324 _dbus_credentials_add_credential (credentials,
325 DBUS_CREDENTIAL_WINDOWS_SID,
330 * Merge the given credential found in the second object into the first object,
331 * overwriting the first object's value for that credential.
333 * Does nothing if the second object does not contain the specified credential.
334 * i.e., will never delete a credential from the first object.
336 * @param credentials the object
337 * @param which the credential to overwrite
338 * @param other_credentials credentials to merge
339 * @returns #FALSE if no memory
342 _dbus_credentials_add_credential (DBusCredentials *credentials,
343 DBusCredentialType which,
344 DBusCredentials *other_credentials)
346 if (which == DBUS_CREDENTIAL_UNIX_PROCESS_ID &&
347 other_credentials->unix_pid != DBUS_PID_UNSET)
349 if (!_dbus_credentials_add_unix_pid (credentials, other_credentials->unix_pid))
352 else if (which == DBUS_CREDENTIAL_UNIX_USER_ID &&
353 other_credentials->unix_uid != DBUS_UID_UNSET)
355 if (!_dbus_credentials_add_unix_uid (credentials, other_credentials->unix_uid))
358 else if (which == DBUS_CREDENTIAL_WINDOWS_SID &&
359 other_credentials->windows_sid != NULL)
361 if (!_dbus_credentials_add_windows_sid (credentials, other_credentials->windows_sid))
369 * Clear all credentials in the object.
371 * @param credentials the object
374 _dbus_credentials_clear (DBusCredentials *credentials)
376 credentials->unix_pid = DBUS_PID_UNSET;
377 credentials->unix_uid = DBUS_UID_UNSET;
378 dbus_free (credentials->windows_sid);
379 credentials->windows_sid = NULL;
383 * Copy a credentials object.
385 * @param credentials the object
386 * @returns the copy or #NULL
389 _dbus_credentials_copy (DBusCredentials *credentials)
391 DBusCredentials *copy;
393 copy = _dbus_credentials_new ();
397 if (!_dbus_credentials_add_credentials (copy, credentials))
399 _dbus_credentials_unref (copy);
407 * Check whether the user-identifying credentials in two credentials
408 * objects are identical. Credentials that are not related to the
409 * user are ignored, but any kind of user ID credentials must be the
410 * same (UNIX user ID, Windows user SID, etc.) and present in both
411 * objects for the function to return #TRUE.
413 * @param credentials the object
414 * @param other_credentials credentials to compare
415 * @returns #TRUE if the two credentials refer to the same user
418 _dbus_credentials_same_user (DBusCredentials *credentials,
419 DBusCredentials *other_credentials)
421 /* both windows and unix user must be the same (though pretty much
422 * in all conceivable cases, one will be unset)
424 return credentials->unix_uid == other_credentials->unix_uid &&
425 ((!(credentials->windows_sid || other_credentials->windows_sid)) ||
426 (credentials->windows_sid && other_credentials->windows_sid &&
427 strcmp (credentials->windows_sid, other_credentials->windows_sid) == 0));
432 /* tests in dbus-credentials-util.c */