1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2010 Red Hat, Inc.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: David Zeuthen <davidz@redhat.com>
28 #include <gobject/gvaluecollector.h>
30 #include "gcredentials.h"
31 #include "gnetworking.h"
37 * SECTION:gcredentials
38 * @short_description: An object containing credentials
41 * The #GCredentials type is a reference-counted wrapper for native
42 * credentials. This information is typically used for identifying,
43 * authenticating and authorizing other processes.
45 * Some operating systems supports looking up the credentials of the
46 * remote peer of a communication endpoint - see e.g.
47 * g_socket_get_credentials().
49 * Some operating systems supports securely sending and receiving
50 * credentials over a Unix Domain Socket, see
51 * #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
52 * g_unix_connection_receive_credentials() for details.
54 * On Linux, the native credential type is a <type>struct ucred</type>
56 * <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>
57 * man page for details. This corresponds to
58 * %G_CREDENTIALS_TYPE_LINUX_UCRED.
60 * On FreeBSD, the native credential type is a <type>struct cmsgcred</type>.
61 * This corresponds to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED.
63 * On OpenBSD, the native credential type is a <type>struct sockpeercred</type>.
64 * This corresponds to %G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED.
70 * The #GCredentials structure contains only private data and
71 * should only be accessed using the provided API.
78 GObject parent_instance;
82 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
83 struct cmsgcred native;
84 #elif defined(__OpenBSD__)
85 struct sockpeercred native;
88 #warning Please add GCredentials support for your OS
96 * Class structure for #GCredentials.
100 struct _GCredentialsClass
103 GObjectClass parent_class;
106 G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT);
109 g_credentials_finalize (GObject *object)
111 G_GNUC_UNUSED GCredentials *credentials = G_CREDENTIALS (object);
113 if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL)
114 G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object);
119 g_credentials_class_init (GCredentialsClass *klass)
121 GObjectClass *gobject_class;
123 gobject_class = G_OBJECT_CLASS (klass);
124 gobject_class->finalize = g_credentials_finalize;
128 g_credentials_init (GCredentials *credentials)
131 credentials->native.pid = getpid ();
132 credentials->native.uid = geteuid ();
133 credentials->native.gid = getegid ();
134 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
135 memset (&credentials->native, 0, sizeof (struct cmsgcred));
136 credentials->native.cmcred_pid = getpid ();
137 credentials->native.cmcred_euid = geteuid ();
138 credentials->native.cmcred_gid = getegid ();
139 #elif defined(__OpenBSD__)
140 credentials->native.pid = getpid ();
141 credentials->native.uid = geteuid ();
142 credentials->native.gid = getegid ();
146 /* ---------------------------------------------------------------------------------------------------- */
151 * Creates a new #GCredentials object with credentials matching the
152 * the current process.
154 * Returns: A #GCredentials. Free with g_object_unref().
159 g_credentials_new (void)
161 return g_object_new (G_TYPE_CREDENTIALS, NULL);
164 /* ---------------------------------------------------------------------------------------------------- */
167 * g_credentials_to_string:
168 * @credentials: A #GCredentials object.
170 * Creates a human-readable textual representation of @credentials
171 * that can be used in logging and debug messages. The format of the
172 * returned string may change in future GLib release.
174 * Returns: A string that should be freed with g_free().
179 g_credentials_to_string (GCredentials *credentials)
183 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
185 ret = g_string_new ("GCredentials:");
187 g_string_append (ret, "linux-ucred:");
188 if (credentials->native.pid != -1)
189 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
190 if (credentials->native.uid != -1)
191 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
192 if (credentials->native.gid != -1)
193 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
194 if (ret->str[ret->len - 1] == ',')
195 ret->str[ret->len - 1] = '\0';
196 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
197 g_string_append (ret, "freebsd-cmsgcred:");
198 if (credentials->native.cmcred_pid != -1)
199 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_pid);
200 if (credentials->native.cmcred_euid != -1)
201 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_euid);
202 if (credentials->native.cmcred_gid != -1)
203 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_gid);
204 #elif defined(__OpenBSD__)
205 g_string_append (ret, "openbsd-sockpeercred:");
206 if (credentials->native.pid != -1)
207 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
208 if (credentials->native.uid != -1)
209 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
210 if (credentials->native.gid != -1)
211 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
212 if (ret->str[ret->len - 1] == ',')
213 ret->str[ret->len - 1] = '\0';
215 g_string_append (ret, "unknown");
218 return g_string_free (ret, FALSE);
221 /* ---------------------------------------------------------------------------------------------------- */
224 * g_credentials_is_same_user:
225 * @credentials: A #GCredentials.
226 * @other_credentials: A #GCredentials.
227 * @error: Return location for error or %NULL.
229 * Checks if @credentials and @other_credentials is the same user.
231 * This operation can fail if #GCredentials is not supported on the
234 * Returns: %TRUE if @credentials and @other_credentials has the same
235 * user, %FALSE otherwise or if @error is set.
240 g_credentials_is_same_user (GCredentials *credentials,
241 GCredentials *other_credentials,
246 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
247 g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials), FALSE);
248 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
252 if (credentials->native.uid == other_credentials->native.uid)
254 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
255 if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
257 #elif defined(__OpenBSD__)
258 if (credentials->native.uid == other_credentials->native.uid)
261 g_set_error_literal (error,
263 G_IO_ERROR_NOT_SUPPORTED,
264 _("GCredentials is not implemented on this OS"));
271 * g_credentials_get_native: (skip)
272 * @credentials: A #GCredentials.
273 * @native_type: The type of native credentials to get.
275 * Gets a pointer to native credentials of type @native_type from
278 * It is a programming error (which will cause an warning to be
279 * logged) to use this method if there is no #GCredentials support for
280 * the OS or if @native_type isn't supported by the OS.
282 * Returns: The pointer to native credentials or %NULL if the
283 * operation there is no #GCredentials support for the OS or if
284 * @native_type isn't supported by the OS. Do not free the returned
285 * data, it is owned by @credentials.
290 g_credentials_get_native (GCredentials *credentials,
291 GCredentialsType native_type)
295 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
300 if (native_type != G_CREDENTIALS_TYPE_LINUX_UCRED)
302 g_warning ("g_credentials_get_native: Trying to get credentials of type %d but only "
303 "G_CREDENTIALS_TYPE_LINUX_UCRED is supported.",
308 ret = &credentials->native;
310 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
311 if (native_type != G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED)
313 g_warning ("g_credentials_get_native: Trying to get credentials of type %d but only "
314 "G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED is supported.",
319 ret = &credentials->native;
321 #elif defined(__OpenBSD__)
322 if (native_type != G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED)
324 g_warning ("g_credentials_get_native: Trying to get credentials of type %d but only "
325 "G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED is supported.",
330 ret = &credentials->native;
333 g_warning ("g_credentials_get_native: Trying to get credentials but GLib has no support "
334 "for the native credentials type. Please add support.");
341 * g_credentials_set_native:
342 * @credentials: A #GCredentials.
343 * @native_type: The type of native credentials to set.
344 * @native: A pointer to native credentials.
346 * Copies the native credentials of type @native_type from @native
349 * It is a programming error (which will cause an warning to be
350 * logged) to use this method if there is no #GCredentials support for
351 * the OS or if @native_type isn't supported by the OS.
356 g_credentials_set_native (GCredentials *credentials,
357 GCredentialsType native_type,
361 if (native_type != G_CREDENTIALS_TYPE_LINUX_UCRED)
363 g_warning ("g_credentials_set_native: Trying to set credentials of type %d "
364 "but only G_CREDENTIALS_TYPE_LINUX_UCRED is supported.",
369 memcpy (&credentials->native, native, sizeof (struct ucred));
371 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
372 if (native_type != G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED)
374 g_warning ("g_credentials_set_native: Trying to set credentials of type %d "
375 "but only G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED is supported.",
380 memcpy (&credentials->native, native, sizeof (struct cmsgcred));
382 #elif defined(__OpenBSD__)
383 if (native_type != G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED)
385 g_warning ("g_credentials_set_native: Trying to set credentials of type %d "
386 "but only G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED is supported.",
391 memcpy (&credentials->native, native, sizeof (struct sockpeercred));
394 g_warning ("g_credentials_set_native: Trying to set credentials but GLib has no support "
395 "for the native credentials type. Please add support.");
399 /* ---------------------------------------------------------------------------------------------------- */
403 * g_credentials_get_unix_user:
404 * @credentials: A #GCredentials
405 * @error: Return location for error or %NULL.
407 * Tries to get the UNIX user identifier from @credentials. This
408 * method is only available on UNIX platforms.
410 * This operation can fail if #GCredentials is not supported on the
411 * OS or if the native credentials type does not contain information
412 * about the UNIX user.
414 * Returns: The UNIX user identifier or -1 if @error is set.
419 g_credentials_get_unix_user (GCredentials *credentials,
424 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
425 g_return_val_if_fail (error == NULL || *error == NULL, -1);
428 ret = credentials->native.uid;
429 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
430 ret = credentials->native.cmcred_euid;
431 #elif defined(__OpenBSD__)
432 ret = credentials->native.uid;
435 g_set_error_literal (error,
437 G_IO_ERROR_NOT_SUPPORTED,
438 _("There is no GCredentials support for your platform"));
445 * g_credentials_get_unix_pid:
446 * @credentials: A #GCredentials
447 * @error: Return location for error or %NULL.
449 * Tries to get the UNIX process identifier from @credentials. This
450 * method is only available on UNIX platforms.
452 * This operation can fail if #GCredentials is not supported on the
453 * OS or if the native credentials type does not contain information
454 * about the UNIX process ID.
456 * Returns: The UNIX process ID, or -1 if @error is set.
461 g_credentials_get_unix_pid (GCredentials *credentials,
466 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
467 g_return_val_if_fail (error == NULL || *error == NULL, -1);
470 ret = credentials->native.pid;
471 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
472 ret = credentials->native.cmcred_pid;
473 #elif defined(__OpenBSD__)
474 ret = credentials->native.pid;
477 g_set_error_literal (error,
479 G_IO_ERROR_NOT_SUPPORTED,
480 _("GCredentials does not contain a process ID on this OS"));
487 * g_credentials_set_unix_user:
488 * @credentials: A #GCredentials.
489 * @uid: The UNIX user identifier to set.
490 * @error: Return location for error or %NULL.
492 * Tries to set the UNIX user identifier on @credentials. This method
493 * is only available on UNIX platforms.
495 * This operation can fail if #GCredentials is not supported on the
496 * OS or if the native credentials type does not contain information
497 * about the UNIX user.
499 * Returns: %TRUE if @uid was set, %FALSE if error is set.
504 g_credentials_set_unix_user (GCredentials *credentials,
510 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
511 g_return_val_if_fail (uid != -1, FALSE);
512 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
516 credentials->native.uid = uid;
518 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
519 credentials->native.cmcred_euid = uid;
521 #elif defined(__OpenBSD__)
522 credentials->native.uid = uid;
525 g_set_error_literal (error,
527 G_IO_ERROR_NOT_SUPPORTED,
528 _("GCredentials is not implemented on this OS"));
534 #endif /* G_OS_UNIX */