1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2010 Red Hat, Inc.
5 * SPDX-License-Identifier: LGPL-2.1-or-later
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General
18 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 * Author: David Zeuthen <davidz@redhat.com>
28 #include <gobject/gvaluecollector.h>
30 #include "gcredentials.h"
31 #include "gcredentialsprivate.h"
32 #include "gnetworking.h"
34 #include "gioenumtypes.h"
39 * SECTION:gcredentials
40 * @short_description: An object containing credentials
43 * The #GCredentials type is a reference-counted wrapper for native
44 * credentials. This information is typically used for identifying,
45 * authenticating and authorizing other processes.
47 * Some operating systems supports looking up the credentials of the
48 * remote peer of a communication endpoint - see e.g.
49 * g_socket_get_credentials().
51 * Some operating systems supports securely sending and receiving
52 * credentials over a Unix Domain Socket, see
53 * #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
54 * g_unix_connection_receive_credentials() for details.
56 * On Linux, the native credential type is a `struct ucred` - see the
57 * unix(7) man page for details. This corresponds to
58 * %G_CREDENTIALS_TYPE_LINUX_UCRED.
60 * On Apple operating systems (including iOS, tvOS, and macOS),
61 * the native credential type is a `struct xucred`.
62 * This corresponds to %G_CREDENTIALS_TYPE_APPLE_XUCRED.
64 * On FreeBSD, Debian GNU/kFreeBSD, and GNU/Hurd, the native
65 * credential type is a `struct cmsgcred`. This corresponds
66 * to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED.
68 * On NetBSD, the native credential type is a `struct unpcbid`.
69 * This corresponds to %G_CREDENTIALS_TYPE_NETBSD_UNPCBID.
71 * On OpenBSD, the native credential type is a `struct sockpeercred`.
72 * This corresponds to %G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED.
74 * On Solaris (including OpenSolaris and its derivatives), the native
75 * credential type is a `ucred_t`. This corresponds to
76 * %G_CREDENTIALS_TYPE_SOLARIS_UCRED.
78 * Since GLib 2.72, on Windows, the native credentials may contain the PID of a
79 * process. This corresponds to %G_CREDENTIALS_TYPE_WIN32_PID.
85 * The #GCredentials structure contains only private data and
86 * should only be accessed using the provided API.
93 GObject parent_instance;
95 #if G_CREDENTIALS_USE_LINUX_UCRED
97 #elif G_CREDENTIALS_USE_APPLE_XUCRED
100 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
101 struct cmsgcred native;
102 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
103 struct unpcbid native;
104 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
105 struct sockpeercred native;
106 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
108 #elif G_CREDENTIALS_USE_WIN32_PID
112 #pragma GCC diagnostic push
113 #pragma GCC diagnostic warning "-Wcpp"
114 #warning Please add GCredentials support for your OS
115 #pragma GCC diagnostic pop
123 * Class structure for #GCredentials.
127 struct _GCredentialsClass
130 GObjectClass parent_class;
133 G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT)
136 g_credentials_finalize (GObject *object)
138 #if G_CREDENTIALS_USE_SOLARIS_UCRED
139 GCredentials *credentials = G_CREDENTIALS (object);
141 ucred_free (credentials->native);
144 if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL)
145 G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object);
150 g_credentials_class_init (GCredentialsClass *klass)
152 GObjectClass *gobject_class;
154 gobject_class = G_OBJECT_CLASS (klass);
155 gobject_class->finalize = g_credentials_finalize;
159 g_credentials_init (GCredentials *credentials)
161 #if G_CREDENTIALS_USE_LINUX_UCRED
162 credentials->native.pid = getpid ();
163 credentials->native.uid = geteuid ();
164 credentials->native.gid = getegid ();
165 #elif G_CREDENTIALS_USE_APPLE_XUCRED
168 credentials->native.cr_version = XUCRED_VERSION;
169 credentials->native.cr_uid = geteuid ();
170 credentials->native.cr_ngroups = 1;
171 credentials->native.cr_groups[0] = getegid ();
173 /* FIXME: In principle this could use getgroups() to fill in the rest
174 * of cr_groups, but then we'd have to handle the case where a process
175 * can have more than NGROUPS groups, if that's even possible. A macOS
176 * user would have to develop and test this.
178 * For now we fill it with -1 (meaning "no data"). */
179 for (i = 1; i < NGROUPS; i++)
180 credentials->native.cr_groups[i] = -1;
182 credentials->pid = -1;
183 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
184 memset (&credentials->native, 0, sizeof (struct cmsgcred));
185 credentials->native.cmcred_pid = getpid ();
186 credentials->native.cmcred_euid = geteuid ();
187 credentials->native.cmcred_gid = getegid ();
188 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
189 credentials->native.unp_pid = getpid ();
190 credentials->native.unp_euid = geteuid ();
191 credentials->native.unp_egid = getegid ();
192 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
193 credentials->native.pid = getpid ();
194 credentials->native.uid = geteuid ();
195 credentials->native.gid = getegid ();
196 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
197 credentials->native = ucred_get (P_MYID);
198 #elif G_CREDENTIALS_USE_WIN32_PID
199 credentials->native = GetCurrentProcessId ();
203 /* ---------------------------------------------------------------------------------------------------- */
208 * Creates a new #GCredentials object with credentials matching the
209 * the current process.
211 * Returns: (transfer full): A #GCredentials. Free with g_object_unref().
216 g_credentials_new (void)
218 return g_object_new (G_TYPE_CREDENTIALS, NULL);
221 /* ---------------------------------------------------------------------------------------------------- */
224 * g_credentials_to_string:
225 * @credentials: A #GCredentials object.
227 * Creates a human-readable textual representation of @credentials
228 * that can be used in logging and debug messages. The format of the
229 * returned string may change in future GLib release.
231 * Returns: (transfer full): A string that should be freed with g_free().
236 g_credentials_to_string (GCredentials *credentials)
239 #if G_CREDENTIALS_USE_APPLE_XUCRED
240 glib_typeof (credentials->native.cr_ngroups) i;
243 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
245 ret = g_string_new ("GCredentials:");
246 #if G_CREDENTIALS_USE_LINUX_UCRED
247 g_string_append (ret, "linux-ucred:");
248 if (credentials->native.pid != (pid_t) -1)
249 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
250 if (credentials->native.uid != (uid_t) -1)
251 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
252 if (credentials->native.gid != (gid_t) -1)
253 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
254 if (ret->str[ret->len - 1] == ',')
255 ret->str[ret->len - 1] = '\0';
256 #elif G_CREDENTIALS_USE_APPLE_XUCRED
257 g_string_append (ret, "apple-xucred:");
258 g_string_append_printf (ret, "version=%u,", credentials->native.cr_version);
259 if (credentials->native.cr_uid != (uid_t) -1)
260 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_uid);
261 for (i = 0; i < credentials->native.cr_ngroups; i++)
262 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_groups[i]);
263 if (ret->str[ret->len - 1] == ',')
264 ret->str[ret->len - 1] = '\0';
265 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
266 g_string_append (ret, "freebsd-cmsgcred:");
267 if (credentials->native.cmcred_pid != (pid_t) -1)
268 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_pid);
269 if (credentials->native.cmcred_euid != (uid_t) -1)
270 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_euid);
271 if (credentials->native.cmcred_gid != (gid_t) -1)
272 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_gid);
273 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
274 g_string_append (ret, "netbsd-unpcbid:");
275 if (credentials->native.unp_pid != (pid_t) -1)
276 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_pid);
277 if (credentials->native.unp_euid != (uid_t) -1)
278 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_euid);
279 if (credentials->native.unp_egid != (gid_t) -1)
280 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_egid);
281 ret->str[ret->len - 1] = '\0';
282 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
283 g_string_append (ret, "openbsd-sockpeercred:");
284 if (credentials->native.pid != (pid_t) -1)
285 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
286 if (credentials->native.uid != (uid_t) -1)
287 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
288 if (credentials->native.gid != (gid_t) -1)
289 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
290 if (ret->str[ret->len - 1] == ',')
291 ret->str[ret->len - 1] = '\0';
292 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
293 g_string_append (ret, "solaris-ucred:");
296 if ((id = ucred_getpid (credentials->native)) != (id_t) -1)
297 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) id);
298 if ((id = ucred_geteuid (credentials->native)) != (id_t) -1)
299 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) id);
300 if ((id = ucred_getegid (credentials->native)) != (id_t) -1)
301 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) id);
302 if (ret->str[ret->len - 1] == ',')
303 ret->str[ret->len - 1] = '\0';
305 #elif G_CREDENTIALS_USE_WIN32_PID
306 g_string_append_printf (ret, "win32-pid:pid=%lu", credentials->native);
308 g_string_append (ret, "unknown");
311 return g_string_free (ret, FALSE);
314 /* ---------------------------------------------------------------------------------------------------- */
316 #if G_CREDENTIALS_USE_LINUX_UCRED
318 * Check whether @native contains invalid data. If getsockopt SO_PEERCRED
319 * is used on a TCP socket, it succeeds but yields a credentials structure
320 * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
321 * receiving Unix socket when the sending socket did not also enable
322 * SO_PASSCRED, it can succeed but yield a credentials structure with
323 * pid 0, uid /proc/sys/kernel/overflowuid and gid
324 * /proc/sys/kernel/overflowgid.
327 linux_ucred_check_valid (struct ucred *native,
331 || native->uid == (uid_t) -1
332 || native->gid == (gid_t) -1)
334 g_set_error_literal (error,
336 G_IO_ERROR_INVALID_DATA,
337 _("GCredentials contains invalid data"));
346 * g_credentials_is_same_user:
347 * @credentials: A #GCredentials.
348 * @other_credentials: A #GCredentials.
349 * @error: Return location for error or %NULL.
351 * Checks if @credentials and @other_credentials is the same user.
353 * This operation can fail if #GCredentials is not supported on the
356 * Returns: %TRUE if @credentials and @other_credentials has the same
357 * user, %FALSE otherwise or if @error is set.
362 g_credentials_is_same_user (GCredentials *credentials,
363 GCredentials *other_credentials,
368 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
369 g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials), FALSE);
370 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
373 #if G_CREDENTIALS_USE_LINUX_UCRED
374 if (linux_ucred_check_valid (&credentials->native, NULL)
375 && credentials->native.uid == other_credentials->native.uid)
377 #elif G_CREDENTIALS_USE_APPLE_XUCRED
378 if (credentials->native.cr_version == other_credentials->native.cr_version &&
379 credentials->native.cr_uid == other_credentials->native.cr_uid)
381 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
382 if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
384 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
385 if (credentials->native.unp_euid == other_credentials->native.unp_euid)
387 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
388 if (credentials->native.uid == other_credentials->native.uid)
390 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
391 if (ucred_geteuid (credentials->native) == ucred_geteuid (other_credentials->native))
394 g_set_error_literal (error,
396 G_IO_ERROR_NOT_SUPPORTED,
397 _("GCredentials is not implemented on this OS"));
404 credentials_native_type_check (GCredentialsType requested_type,
407 GEnumClass *enum_class;
408 GEnumValue *requested;
409 #if G_CREDENTIALS_SUPPORTED
410 GEnumValue *supported;
413 #if G_CREDENTIALS_SUPPORTED
414 if (requested_type == G_CREDENTIALS_NATIVE_TYPE)
418 enum_class = g_type_class_ref (g_credentials_type_get_type ());
419 requested = g_enum_get_value (enum_class, requested_type);
421 #if G_CREDENTIALS_SUPPORTED
422 supported = g_enum_get_value (enum_class, G_CREDENTIALS_NATIVE_TYPE);
423 g_assert (supported);
424 g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
425 "but only %s is supported on this platform.",
427 requested ? requested->value_name : "(unknown)",
428 supported->value_name);
430 g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
431 "but there is no support for GCredentials on this platform.",
433 requested ? requested->value_name : "(unknown)");
436 g_type_class_unref (enum_class);
441 * g_credentials_get_native: (skip)
442 * @credentials: A #GCredentials.
443 * @native_type: The type of native credentials to get.
445 * Gets a pointer to native credentials of type @native_type from
448 * It is a programming error (which will cause a warning to be
449 * logged) to use this method if there is no #GCredentials support for
450 * the OS or if @native_type isn't supported by the OS.
452 * Returns: (transfer none) (nullable): The pointer to native credentials or
453 * %NULL if there is no #GCredentials support for the OS or if @native_type
454 * isn't supported by the OS. Do not free the returned data, it is owned
460 g_credentials_get_native (GCredentials *credentials,
461 GCredentialsType native_type)
463 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
465 if (!credentials_native_type_check (native_type, "get"))
468 #if G_CREDENTIALS_USE_SOLARIS_UCRED
469 return credentials->native;
470 #elif G_CREDENTIALS_SUPPORTED
471 return &credentials->native;
473 g_assert_not_reached ();
478 * g_credentials_set_native:
479 * @credentials: A #GCredentials.
480 * @native_type: The type of native credentials to set.
481 * @native: (not nullable): A pointer to native credentials.
483 * Copies the native credentials of type @native_type from @native
486 * It is a programming error (which will cause a warning to be
487 * logged) to use this method if there is no #GCredentials support for
488 * the OS or if @native_type isn't supported by the OS.
493 g_credentials_set_native (GCredentials *credentials,
494 GCredentialsType native_type,
497 if (!credentials_native_type_check (native_type, "set"))
500 #if G_CREDENTIALS_USE_SOLARIS_UCRED
501 memcpy (credentials->native, native, ucred_size ());
502 #elif G_CREDENTIALS_SUPPORTED
503 memcpy (&credentials->native, native, sizeof (credentials->native));
505 g_assert_not_reached ();
509 /* ---------------------------------------------------------------------------------------------------- */
513 * g_credentials_get_unix_user:
514 * @credentials: A #GCredentials
515 * @error: Return location for error or %NULL.
517 * Tries to get the UNIX user identifier from @credentials. This
518 * method is only available on UNIX platforms.
520 * This operation can fail if #GCredentials is not supported on the
521 * OS or if the native credentials type does not contain information
522 * about the UNIX user.
524 * Returns: The UNIX user identifier or `-1` if @error is set.
529 g_credentials_get_unix_user (GCredentials *credentials,
534 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
535 g_return_val_if_fail (error == NULL || *error == NULL, -1);
537 #if G_CREDENTIALS_USE_LINUX_UCRED
538 if (linux_ucred_check_valid (&credentials->native, error))
539 ret = credentials->native.uid;
542 #elif G_CREDENTIALS_USE_APPLE_XUCRED
543 if (credentials->native.cr_version == XUCRED_VERSION)
545 ret = credentials->native.cr_uid;
549 g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
550 /* No point in translating the part in parentheses... */
551 "%s (struct xucred cr_version %u != %u)",
552 _("There is no GCredentials support for your platform"),
553 credentials->native.cr_version,
557 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
558 ret = credentials->native.cmcred_euid;
559 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
560 ret = credentials->native.unp_euid;
561 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
562 ret = credentials->native.uid;
563 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
564 ret = ucred_geteuid (credentials->native);
567 g_set_error_literal (error,
569 G_IO_ERROR_NOT_SUPPORTED,
570 _("There is no GCredentials support for your platform"));
577 * g_credentials_get_unix_pid:
578 * @credentials: A #GCredentials
579 * @error: Return location for error or %NULL.
581 * Tries to get the UNIX process identifier from @credentials. This
582 * method is only available on UNIX platforms.
584 * This operation can fail if #GCredentials is not supported on the
585 * OS or if the native credentials type does not contain information
586 * about the UNIX process ID.
588 * Returns: The UNIX process ID, or `-1` if @error is set.
593 g_credentials_get_unix_pid (GCredentials *credentials,
598 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
599 g_return_val_if_fail (error == NULL || *error == NULL, -1);
601 #if G_CREDENTIALS_USE_LINUX_UCRED
602 if (linux_ucred_check_valid (&credentials->native, error))
603 ret = credentials->native.pid;
606 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
607 ret = credentials->native.cmcred_pid;
608 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
609 ret = credentials->native.unp_pid;
610 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
611 ret = credentials->native.pid;
612 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
613 ret = ucred_getpid (credentials->native);
614 #elif G_CREDENTIALS_USE_WIN32_PID
615 ret = credentials->native;
618 #if G_CREDENTIALS_USE_APPLE_XUCRED
619 ret = credentials->pid;
625 g_set_error_literal (error,
627 G_IO_ERROR_NOT_SUPPORTED,
628 _("GCredentials does not contain a process ID on this OS"));
635 * g_credentials_set_unix_user:
636 * @credentials: A #GCredentials.
637 * @uid: The UNIX user identifier to set.
638 * @error: Return location for error or %NULL.
640 * Tries to set the UNIX user identifier on @credentials. This method
641 * is only available on UNIX platforms.
643 * This operation can fail if #GCredentials is not supported on the
644 * OS or if the native credentials type does not contain information
645 * about the UNIX user. It can also fail if the OS does not allow the
646 * use of "spoofed" credentials.
648 * Returns: %TRUE if @uid was set, %FALSE if error is set.
653 g_credentials_set_unix_user (GCredentials *credentials,
657 gboolean ret = FALSE;
659 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
660 g_return_val_if_fail (uid != (uid_t) -1, FALSE);
661 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
663 #if G_CREDENTIALS_USE_LINUX_UCRED
664 credentials->native.uid = uid;
666 #elif G_CREDENTIALS_USE_APPLE_XUCRED
667 credentials->native.cr_uid = uid;
669 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
670 credentials->native.cmcred_euid = uid;
672 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
673 credentials->native.unp_euid = uid;
675 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
676 credentials->native.uid = uid;
678 #elif !G_CREDENTIALS_SPOOFING_SUPPORTED
679 g_set_error_literal (error,
681 G_IO_ERROR_PERMISSION_DENIED,
682 _("Credentials spoofing is not possible on this OS"));
685 g_set_error_literal (error,
687 G_IO_ERROR_NOT_SUPPORTED,
688 _("GCredentials is not implemented on this OS"));
697 _g_credentials_set_local_peerid (GCredentials *credentials,
700 g_return_if_fail (G_IS_CREDENTIALS (credentials));
701 g_return_if_fail (pid >= 0);
703 credentials->pid = pid;
705 #endif /* __APPLE__ */
707 #endif /* G_OS_UNIX */