1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2009 Red Hat, Inc.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: David Zeuthen <davidz@redhat.com>
26 #include <glib/gi18n.h>
27 #include <gobject/gvaluecollector.h>
29 #include "gcredentials.h"
33 #include <sys/types.h>
38 * SECTION:gcredentials
39 * @short_description: An object containing credentials
42 * The #GCredentials type is used for storing information that can be
43 * used for identifying, authenticating and authorizing processes.
45 * Most UNIX and UNIX-like operating systems support a secure exchange
46 * of credentials over a Unix Domain Socket, see
47 * #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
48 * g_unix_connection_receive_credentials() for details.
51 struct _GCredentialsPrivate
59 G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT);
62 g_credentials_finalize (GObject *object)
64 GCredentials *credentials = G_CREDENTIALS (object);
66 g_free (credentials->priv->windows_user);
68 if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL)
69 G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object);
74 g_credentials_class_init (GCredentialsClass *klass)
76 GObjectClass *gobject_class;
78 g_type_class_add_private (klass, sizeof (GCredentialsPrivate));
80 gobject_class = G_OBJECT_CLASS (klass);
81 gobject_class->finalize = g_credentials_finalize;
85 g_credentials_init (GCredentials *credentials)
87 credentials->priv = G_TYPE_INSTANCE_GET_PRIVATE (credentials, G_TYPE_CREDENTIALS, GCredentialsPrivate);
89 credentials->priv->unix_user = -1;
90 credentials->priv->unix_group = -1;
91 credentials->priv->unix_process = -1;
92 credentials->priv->windows_user = NULL;
95 /* ---------------------------------------------------------------------------------------------------- */
100 * Creates a new empty credentials object.
102 * Returns: A #GCredentials. Free with g_object_unref().
105 g_credentials_new (void)
107 return g_object_new (G_TYPE_CREDENTIALS, NULL);
110 /* ---------------------------------------------------------------------------------------------------- */
113 static GCredentials *
114 g_credentials_new_for_unix_process (void)
116 GCredentials *credentials;
117 credentials = g_credentials_new ();
118 credentials->priv->unix_user = getuid ();
119 credentials->priv->unix_group = getgid ();
120 credentials->priv->unix_process = getpid ();
125 /* ---------------------------------------------------------------------------------------------------- */
128 * g_credentials_new_for_process:
130 * Gets the credentials for the current process. Note that the exact
131 * set of credentials in the returned object vary according to
134 * Returns: A #GCredentials. Free with g_object_unref().
137 g_credentials_new_for_process (void)
140 return g_credentials_new_for_unix_process ();
142 return g_credentials_new_for_win32_process ();
144 #warning Please implement g_credentials_new_for_process() for your OS. For now g_credentials_new_for_process() will return empty credentials.
145 return g_credentials_new ();
149 /* ---------------------------------------------------------------------------------------------------- */
152 * g_credentials_new_for_string:
153 * @str: A string returned from g_credentials_to_string().
154 * @error: Return location for error.
156 * Constructs a #GCredentials instance from @str.
158 * Returns: A #GCredentials or %NULL if @error is set. The return
159 * object must be freed with g_object_unref().
162 g_credentials_new_for_string (const gchar *str,
165 GCredentials *credentials;
169 g_return_val_if_fail (str != NULL, NULL);
170 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
173 credentials = g_credentials_new ();
175 if (!g_str_has_prefix (str, "GCredentials:"))
178 tokens = g_strsplit (str + sizeof "GCredentials:" - 1, ",", 0);
179 for (n = 0; tokens[n] != NULL; n++)
181 const gchar *token = tokens[n];
182 if (g_str_has_prefix (token, "unix-user:"))
183 g_credentials_set_unix_user (credentials, atoi (token + sizeof ("unix-user:") - 1));
184 else if (g_str_has_prefix (token, "unix-group:"))
185 g_credentials_set_unix_group (credentials, atoi (token + sizeof ("unix-group:") - 1));
186 else if (g_str_has_prefix (token, "unix-process:"))
187 g_credentials_set_unix_process (credentials, atoi (token + sizeof ("unix-process:") - 1));
188 else if (g_str_has_prefix (token, "windows-user:"))
189 g_credentials_set_windows_user (credentials, token + sizeof ("windows-user:"));
200 _("The string `%s' is not a valid credentials string"),
202 g_object_unref (credentials);
208 * g_credentials_to_string:
209 * @credentials: A #GCredentials object.
211 * Serializes @credentials to a string that can be used with
212 * g_credentials_new_for_string().
214 * Returns: A string that should be freed with g_free().
217 g_credentials_to_string (GCredentials *credentials)
221 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
223 ret = g_string_new ("GCredentials:");
224 if (credentials->priv->unix_user != -1)
225 g_string_append_printf (ret, "unix-user=%" G_GINT64_FORMAT ",", credentials->priv->unix_user);
226 if (credentials->priv->unix_group != -1)
227 g_string_append_printf (ret, "unix-group=%" G_GINT64_FORMAT ",", credentials->priv->unix_group);
228 if (credentials->priv->unix_process != -1)
229 g_string_append_printf (ret, "unix-process=%" G_GINT64_FORMAT ",", credentials->priv->unix_process);
230 if (credentials->priv->windows_user != NULL)
231 g_string_append_printf (ret, "windows-user=%s,", credentials->priv->windows_user);
232 if (ret->str[ret->len - 1] == ',')
233 ret->str[ret->len - 1] = '\0';
235 return g_string_free (ret, FALSE);
238 /* ---------------------------------------------------------------------------------------------------- */
241 * g_credentials_has_unix_user:
242 * @credentials: A #GCredentials.
244 * Checks if @credentials has a UNIX user credential.
246 * Returns: %TRUE if @credentials has this type of credential, %FALSE otherwise.
249 g_credentials_has_unix_user (GCredentials *credentials)
251 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
252 return credentials->priv->unix_user != -1;
256 * g_credentials_get_unix_user:
257 * @credentials: A #GCredentials.
259 * Gets the UNIX user identifier from @credentials.
261 * Returns: The identifier or -1 if unset.
264 g_credentials_get_unix_user (GCredentials *credentials)
266 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
267 return credentials->priv->unix_user;
271 * g_credentials_set_unix_user:
272 * @credentials: A #GCredentials.
273 * @user_id: A UNIX user identifier (typically type #uid_t) or -1 to unset it.
275 * Sets the UNIX user identifier.
278 g_credentials_set_unix_user (GCredentials *credentials,
281 g_return_if_fail (G_IS_CREDENTIALS (credentials));
282 credentials->priv->unix_user = user_id;
285 /* ---------------------------------------------------------------------------------------------------- */
288 * g_credentials_has_unix_group:
289 * @credentials: A #GCredentials.
291 * Checks if @credentials has a UNIX group credential.
293 * Returns: %TRUE if @credentials has this type of credential, %FALSE otherwise.
296 g_credentials_has_unix_group (GCredentials *credentials)
298 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
299 return credentials->priv->unix_group != -1;
303 * g_credentials_get_unix_group:
304 * @credentials: A #GCredentials.
306 * Gets the UNIX group identifier from @credentials.
308 * Returns: The identifier or -1 if unset.
311 g_credentials_get_unix_group (GCredentials *credentials)
313 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
314 return credentials->priv->unix_group;
318 * g_credentials_set_unix_group:
319 * @credentials: A #GCredentials.
320 * @group_id: A UNIX group identifier (typically type #gid_t) or -1 to unset.
322 * Sets the UNIX group identifier.
325 g_credentials_set_unix_group (GCredentials *credentials,
328 g_return_if_fail (G_IS_CREDENTIALS (credentials));
329 credentials->priv->unix_group = group_id;
332 /* ---------------------------------------------------------------------------------------------------- */
335 * g_credentials_has_unix_process:
336 * @credentials: A #GCredentials.
338 * Checks if @credentials has a UNIX process credential.
340 * Returns: %TRUE if @credentials has this type of credential, %FALSE otherwise.
343 g_credentials_has_unix_process (GCredentials *credentials)
345 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
346 return credentials->priv->unix_process != -1;
350 * g_credentials_get_unix_process:
351 * @credentials: A #GCredentials.
353 * Gets the UNIX process identifier from @credentials.
355 * Returns: The identifier or -1 if unset.
358 g_credentials_get_unix_process (GCredentials *credentials)
360 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
361 return credentials->priv->unix_process;
365 * g_credentials_set_unix_process:
366 * @credentials: A #GCredentials.
367 * @process_id: A UNIX process identifier (typically type #pid_t/#GPid) or -1 to unset.
369 * Sets the UNIX process identifier.
372 g_credentials_set_unix_process (GCredentials *credentials,
375 g_return_if_fail (G_IS_CREDENTIALS (credentials));
376 credentials->priv->unix_process = process_id;
379 /* ---------------------------------------------------------------------------------------------------- */
382 * g_credentials_has_windows_user:
383 * @credentials: A #GCredentials.
385 * Checks if @credentials has a Windows user SID (Security Identifier).
387 * Returns: %TRUE if @credentials has this type of credential, %FALSE otherwise.
390 g_credentials_has_windows_user (GCredentials *credentials)
392 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
393 return credentials->priv->windows_user != NULL;
397 * g_credentials_get_windows_user:
398 * @credentials: A #GCredentials.
400 * Gets the Windows User SID from @credentials.
402 * Returns: A string or %NULL if unset. Do not free, the string is owned by @credentials.
405 g_credentials_get_windows_user (GCredentials *credentials)
407 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
408 return credentials->priv->windows_user;
412 * g_credentials_set_windows_user:
413 * @credentials: A #GCredentials.
414 * @user_sid: The Windows User SID or %NULL to unset.
416 * Sets the Windows User SID.
419 g_credentials_set_windows_user (GCredentials *credentials,
420 const gchar *user_sid)
422 g_return_if_fail (G_IS_CREDENTIALS (credentials));
423 g_free (credentials->priv->windows_user);
424 credentials->priv->windows_user = g_strdup (user_sid);
427 /* ---------------------------------------------------------------------------------------------------- */