+2007-06-14 Havoc Pennington <hp@redhat.com>
+
+ * dbus/dbus-auth.c: adapt to keyring changes
+
+ * dbus/dbus-keyring.c: change to avoid using user ID and home
+ directory directly; instead use a
+ keyring-location-from-credentials function in dbus-sysdeps
+
+ * fix to use _dbus_append_user_from_current_process() instead of
+ _dbus_username_from_current_process() or _dbus_append_desired_identity().
+
2007-06-14 Ralf Habacker <ralf.habacker@freenet.de>
* reverted global rename of function _dbus_username_from_current_process.
goto out;
}
- if (!_dbus_append_desired_identity (&username))
+ if (!_dbus_append_user_from_current_process (&username))
{
_dbus_warn ("no memory for userid\n");
_dbus_string_free (&username);
"USERNAME_HEX", &where))
{
DBusString username;
- const DBusString *u;
if (!_dbus_string_init (&username))
{
goto out;
}
- if (!_dbus_username_from_current_process (&u) ||
- !_dbus_string_copy (u, 0, &username,
- _dbus_string_get_length (&username)))
+ if (!_dbus_append_user_from_current_process (&username))
{
_dbus_warn ("no memory for username\n");
_dbus_string_free (&username);
* a different DBusAuth for every connection.
*/
if (auth->keyring &&
- !_dbus_keyring_is_for_user (auth->keyring,
- data))
+ !_dbus_keyring_is_for_credentials (auth->keyring,
+ auth->desired_identity))
{
_dbus_keyring_unref (auth->keyring);
auth->keyring = NULL;
if (auth->keyring == NULL)
{
dbus_error_init (&error);
- auth->keyring = _dbus_keyring_new_homedir (data,
- &auth->context,
- &error);
+ auth->keyring = _dbus_keyring_new_for_credentials (auth->desired_identity,
+ &auth->context,
+ &error);
if (auth->keyring == NULL)
{
handle_client_initial_response_cookie_sha1_mech (DBusAuth *auth,
DBusString *response)
{
- const DBusString *username;
+ DBusString username;
dbus_bool_t retval;
retval = FALSE;
- if (!_dbus_username_from_current_process (&username))
+ if (!_dbus_string_init (&username))
+ return FALSE;
+
+ if (!_dbus_append_user_from_current_process (&username))
goto out_0;
- if (!_dbus_string_hex_encode (username, 0,
+ if (!_dbus_string_hex_encode (&username, 0,
response,
_dbus_string_get_length (response)))
goto out_0;
retval = TRUE;
out_0:
+ _dbus_string_free (&username);
+
return retval;
}
DBusError error;
dbus_error_init (&error);
- auth->keyring = _dbus_keyring_new_homedir (NULL,
- &context,
- &error);
+ auth->keyring = _dbus_keyring_new_for_credentials (NULL,
+ &context,
+ &error);
if (auth->keyring == NULL)
{
}
else
{
- if (!_dbus_credentials_parse_and_add_desired(auth->desired_identity,
+ if (!_dbus_credentials_parse_and_add_user(auth->desired_identity,
&auth->identity))
{
_dbus_verbose ("%s: could not get credentials from uid string\n",
if (!_dbus_string_init (&plaintext))
return FALSE;
- if (!_dbus_append_desired_identity (&plaintext))
+ if (!_dbus_append_user_from_current_process (&plaintext))
goto failed;
if (!_dbus_string_hex_encode (&plaintext, 0,
struct DBusKeyring
{
int refcount; /**< Reference count */
- DBusString username; /**< Username keyring is for */
DBusString directory; /**< Directory the below two items are inside */
DBusString filename; /**< Keyring filename */
DBusString filename_lock; /**< Name of lockfile */
DBusKey *keys; /**< Keys loaded from the file */
int n_keys; /**< Number of keys */
+ DBusCredentials *credentials; /**< Credentials containing user the keyring is for */
};
static DBusKeyring*
if (!_dbus_string_init (&keyring->filename_lock))
goto out_3;
-
- if (!_dbus_string_init (&keyring->username))
- goto out_4;
keyring->refcount = 1;
keyring->keys = NULL;
return keyring;
- out_4:
+ /* out_4: */
_dbus_string_free (&keyring->filename_lock);
out_3:
_dbus_string_free (&keyring->filename);
if (keyring->refcount == 0)
{
- _dbus_string_free (&keyring->username);
+ if (keyring->credentials)
+ _dbus_credentials_unref (keyring->credentials);
+
_dbus_string_free (&keyring->filename);
_dbus_string_free (&keyring->filename_lock);
_dbus_string_free (&keyring->directory);
}
/**
- * Creates a new keyring that lives in the ~/.dbus-keyrings
- * directory of the given user. If the username is #NULL,
- * uses the user owning the current process.
+ * Creates a new keyring that lives in the ~/.dbus-keyrings directory
+ * of the given user credentials. If the credentials are #NULL or
+ * empty, uses those of the current process.
*
* @param username username to get keyring for, or #NULL
* @param context which keyring to get
* @returns the keyring or #NULL on error
*/
DBusKeyring*
-_dbus_keyring_new_homedir (const DBusString *username,
- const DBusString *context,
- DBusError *error)
+_dbus_keyring_new_for_credentials (DBusCredentials *credentials,
+ const DBusString *context,
+ DBusError *error)
{
- DBusString homedir;
+ DBusString ringdir;
DBusKeyring *keyring;
dbus_bool_t error_set;
- DBusString dotdir;
DBusError tmp_error;
-
+ DBusCredentials *our_credentials;
+
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
keyring = NULL;
error_set = FALSE;
+ our_credentials = NULL;
- if (!_dbus_string_init (&homedir))
+ if (!_dbus_string_init (&ringdir))
{
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
return NULL;
}
- _dbus_string_init_const (&dotdir, ".dbus-keyrings");
-
- if (username == NULL)
+ if (credentials != NULL)
{
- const DBusString *const_homedir;
-
- if (!_dbus_username_from_current_process (&username) ||
- !_dbus_homedir_from_current_process (&const_homedir))
- goto failed;
-
- if (!_dbus_string_copy (const_homedir, 0,
- &homedir, 0))
- goto failed;
+ our_credentials = _dbus_credentials_copy (credentials);
}
else
{
- if (!_dbus_homedir_from_username (username, &homedir))
- goto failed;
+ our_credentials = _dbus_credentials_new_from_current_process ();
}
+
+ if (our_credentials == NULL)
+ goto failed;
-#ifdef DBUS_BUILD_TESTS
- {
- const char *override;
-
- override = _dbus_getenv ("DBUS_TEST_HOMEDIR");
- if (override != NULL && *override != '\0')
- {
- _dbus_string_set_length (&homedir, 0);
- if (!_dbus_string_append (&homedir, override))
- goto failed;
-
- _dbus_verbose ("Using fake homedir for testing: %s\n",
- _dbus_string_get_const_data (&homedir));
- }
- else
- {
- static dbus_bool_t already_warned = FALSE;
- if (!already_warned)
- {
- _dbus_warn ("Using your real home directory for testing, set DBUS_TEST_HOMEDIR to avoid\n");
- already_warned = TRUE;
- }
- }
- }
-#endif
+ if (_dbus_credentials_are_anonymous (our_credentials))
+ {
+ if (!_dbus_credentials_add_from_current_process (our_credentials))
+ goto failed;
+ }
- _dbus_assert (username != NULL);
+ if (!_dbus_append_keyring_directory_for_credentials (&ringdir,
+ our_credentials))
+ goto failed;
keyring = _dbus_keyring_new ();
if (keyring == NULL)
goto failed;
+ _dbus_assert (keyring->credentials == NULL);
+ keyring->credentials = our_credentials;
+ our_credentials = NULL; /* so we don't unref it again later */
+
/* should have been validated already, but paranoia check here */
if (!_dbus_keyring_validate_context (context))
{
goto failed;
}
- if (!_dbus_string_copy (username, 0,
- &keyring->username, 0))
- goto failed;
-
- if (!_dbus_string_copy (&homedir, 0,
+ /* Save keyring dir in the keyring object */
+ if (!_dbus_string_copy (&ringdir, 0,
&keyring->directory, 0))
- goto failed;
-
- if (!_dbus_concat_dir_and_file (&keyring->directory,
- &dotdir))
- goto failed;
+ goto failed;
+ /* Create keyring->filename based on keyring dir and context */
if (!_dbus_string_copy (&keyring->directory, 0,
&keyring->filename, 0))
goto failed;
context))
goto failed;
+ /* Create lockfile name */
if (!_dbus_string_copy (&keyring->filename, 0,
&keyring->filename_lock, 0))
goto failed;
if (!_dbus_string_append (&keyring->filename_lock, ".lock"))
goto failed;
+ /* Reload keyring */
dbus_error_init (&tmp_error);
if (!_dbus_keyring_reload (keyring, FALSE, &tmp_error))
{
dbus_error_free (&tmp_error);
}
- _dbus_string_free (&homedir);
+ _dbus_string_free (&ringdir);
return keyring;
dbus_set_error_const (error,
DBUS_ERROR_NO_MEMORY,
NULL);
+ if (our_credentials)
+ _dbus_credentials_unref (our_credentials);
if (keyring)
_dbus_keyring_unref (keyring);
- _dbus_string_free (&homedir);
+ _dbus_string_free (&ringdir);
return NULL;
}
}
/**
- * Checks whether the keyring is for the given username.
+ * Checks whether the keyring is for the same user as the given credentials.
*
* @param keyring the keyring
- * @param username the username to check
+ * @param credentials the credentials to check
*
* @returns #TRUE if the keyring belongs to the given user
*/
dbus_bool_t
-_dbus_keyring_is_for_user (DBusKeyring *keyring,
- const DBusString *username)
+_dbus_keyring_is_for_credentials (DBusKeyring *keyring,
+ DBusCredentials *credentials)
{
- return _dbus_string_equal (&keyring->username,
- username);
+ return _dbus_credentials_same_user (keyring->credentials,
+ credentials);
}
/**
_dbus_string_init_const (&context, "org_freedesktop_dbus_testsuite");
dbus_error_init (&error);
- ring1 = _dbus_keyring_new_homedir (NULL, &context,
- &error);
+ ring1 = _dbus_keyring_new_for_credentials (NULL, &context,
+ &error);
_dbus_assert (ring1);
_dbus_assert (error.name == NULL);
goto failure;
}
- ring2 = _dbus_keyring_new_homedir (NULL, &context, &error);
+ ring2 = _dbus_keyring_new_for_credentials (NULL, &context, &error);
_dbus_assert (ring2);
_dbus_assert (error.name == NULL);
#include <dbus/dbus-macros.h>
#include <dbus/dbus-errors.h>
#include <dbus/dbus-string.h>
+#include <dbus/dbus-credentials.h>
DBUS_BEGIN_DECLS
typedef struct DBusKeyring DBusKeyring;
-DBusKeyring* _dbus_keyring_new_homedir (const DBusString *username,
- const DBusString *context,
- DBusError *error);
-DBusKeyring* _dbus_keyring_ref (DBusKeyring *keyring);
-void _dbus_keyring_unref (DBusKeyring *keyring);
-dbus_bool_t _dbus_keyring_validate_context (const DBusString *context);
-int _dbus_keyring_get_best_key (DBusKeyring *keyring,
- DBusError *error);
-dbus_bool_t _dbus_keyring_is_for_user (DBusKeyring *keyring,
- const DBusString *username);
-dbus_bool_t _dbus_keyring_get_hex_key (DBusKeyring *keyring,
- int key_id,
- DBusString *hex_key);
+DBusKeyring* _dbus_keyring_new_for_credentials (DBusCredentials *credentials,
+ const DBusString *context,
+ DBusError *error);
+DBusKeyring* _dbus_keyring_ref (DBusKeyring *keyring);
+void _dbus_keyring_unref (DBusKeyring *keyring);
+dbus_bool_t _dbus_keyring_validate_context (const DBusString *context);
+int _dbus_keyring_get_best_key (DBusKeyring *keyring,
+ DBusError *error);
+dbus_bool_t _dbus_keyring_is_for_credentials (DBusKeyring *keyring,
+ DBusCredentials *credentials);
+dbus_bool_t _dbus_keyring_get_hex_key (DBusKeyring *keyring,
+ int key_id,
+ DBusString *hex_key);
+
DBUS_END_DECLS
/**
* Parses a desired identity provided from a client in the auth protocol.
- * On UNIX this means parsing a UID.
+ * On UNIX this means parsing a UID, on Windows probably parsing an
+ * SID string.
*
* @todo this is broken because it treats OOM and parse error
* the same way. Needs a #DBusError.
* @returns #TRUE if we successfully parsed something
*/
dbus_bool_t
-_dbus_credentials_parse_and_add_desired (DBusCredentials *credentials,
+_dbus_credentials_parse_and_add_user (DBusCredentials *credentials,
const DBusString *desired_identity)
{
dbus_uid_t uid;
}
/**
- * Append to the string the identity we would like to have when we authenticate,
- * on UNIX this is the current process UID and on Windows something else.
- * No escaping is required, that is done in dbus-auth.c.
+ * Append to the string the identity we would like to have when we
+ * authenticate, on UNIX this is the current process UID and on
+ * Windows something else, probably a Windows SID string. No escaping
+ * is required, that is done in dbus-auth.c. The username here
+ * need not be anything human-readable, it can be the machine-readable
+ * form i.e. a user id.
*
* @param str the string to append to
* @returns #FALSE on no memory
*/
dbus_bool_t
-_dbus_append_desired_identity (DBusString *str)
+_dbus_append_user_from_current_process (DBusString *str)
{
return _dbus_string_append_uint (str,
_dbus_getuid ());
_dbus_user_database_flush_system ();
}
+/**
+ * Appends the directory in which a keyring for the given credentials
+ * should be stored. The credentials should have either a Windows or
+ * UNIX user in them. The directory should be an absolute path.
+ *
+ * On UNIX the directory is ~/.dbus-keyrings while on Windows it should probably
+ * be something else, since the dotfile convention is not normal on Windows.
+ *
+ * @param directory string to append directory to
+ * @param credentials credentials the directory should be for
+ *
+ * @returns #FALSE on no memory
+ */
+dbus_bool_t
+_dbus_append_keyring_directory_for_credentials (DBusString *directory,
+ DBusCredentials *credentials)
+{
+ DBusString homedir;
+ DBusString dotdir;
+ dbus_uid_t uid;
+
+ _dbus_assert (credentials != NULL);
+ _dbus_assert (!_dbus_credentials_are_anonymous (credentials));
+
+ if (!_dbus_string_init (&homedir))
+ return FALSE;
+
+ uid = _dbus_credentials_get_unix_uid (credentials);
+ _dbus_assert (uid != DBUS_UID_UNSET);
+
+ if (!_dbus_homedir_from_uid (uid, &homedir))
+ goto failed;
+
+#ifdef DBUS_BUILD_TESTS
+ {
+ const char *override;
+
+ override = _dbus_getenv ("DBUS_TEST_HOMEDIR");
+ if (override != NULL && *override != '\0')
+ {
+ _dbus_string_set_length (&homedir, 0);
+ if (!_dbus_string_append (&homedir, override))
+ goto failed;
+
+ _dbus_verbose ("Using fake homedir for testing: %s\n",
+ _dbus_string_get_const_data (&homedir));
+ }
+ else
+ {
+ static dbus_bool_t already_warned = FALSE;
+ if (!already_warned)
+ {
+ _dbus_warn ("Using your real home directory for testing, set DBUS_TEST_HOMEDIR to avoid\n");
+ already_warned = TRUE;
+ }
+ }
+ }
+#endif
+
+ _dbus_string_init_const (&dotdir, ".dbus-keyrings");
+ if (!_dbus_concat_dir_and_file (&homedir,
+ &dotdir))
+ goto failed;
+
+ if (!_dbus_string_copy (&homedir, 0,
+ directory, _dbus_string_get_length (directory))) {
+ goto failed;
+ }
+
+ _dbus_string_free (&homedir);
+ return TRUE;
+
+ failed:
+ _dbus_string_free (&homedir);
+ return FALSE;
+}
+
/* tests in dbus-sysdeps-util.c */
dbus_bool_t _dbus_credentials_add_from_username (DBusCredentials *credentials,
const DBusString *username);
dbus_bool_t _dbus_credentials_add_from_current_process (DBusCredentials *credentials);
-dbus_bool_t _dbus_credentials_parse_and_add_desired (DBusCredentials *credentials,
+dbus_bool_t _dbus_credentials_parse_and_add_user (DBusCredentials *credentials,
const DBusString *desired_identity);
+dbus_bool_t _dbus_append_user_from_current_process (DBusString *str);
-dbus_bool_t _dbus_username_from_current_process (const DBusString **username);
-dbus_bool_t _dbus_append_desired_identity (DBusString *str);
-
-dbus_bool_t _dbus_homedir_from_current_process (const DBusString **homedir);
-dbus_bool_t _dbus_homedir_from_username (const DBusString *username,
- DBusString *homedir);
dbus_bool_t _dbus_parse_unix_user_from_config (const DBusString *username,
dbus_uid_t *uid_p);
dbus_bool_t _dbus_parse_unix_group_from_config (const DBusString *groupname,
dbus_bool_t _dbus_unix_user_is_process_owner (dbus_uid_t uid);
dbus_bool_t _dbus_windows_user_is_process_owner (const char *windows_sid);
+dbus_bool_t _dbus_append_keyring_directory_for_credentials (DBusString *directory,
+ DBusCredentials *credentials);
/** Opaque type representing an atomically-modifiable integer
* that can be used from multiple threads.
}
/**
+ * Gets the home directory for the given user.
+ *
+ * @param uid the uid
+ * @param homedir string to append home directory to
+ * @returns #TRUE if user existed and we appended their homedir
+ */
+dbus_bool_t
+_dbus_homedir_from_uid (dbus_uid_t uid,
+ DBusString *homedir)
+{
+ DBusUserDatabase *db;
+ const DBusUserInfo *info;
+ _dbus_user_database_lock_system ();
+
+ db = _dbus_user_database_get_system ();
+ if (db == NULL)
+ {
+ _dbus_user_database_unlock_system ();
+ return FALSE;
+ }
+
+ if (!_dbus_user_database_get_uid (db, uid,
+ &info, NULL))
+ {
+ _dbus_user_database_unlock_system ();
+ return FALSE;
+ }
+
+ if (!_dbus_string_append (homedir, info->homedir))
+ {
+ _dbus_user_database_unlock_system ();
+ return FALSE;
+ }
+
+ _dbus_user_database_unlock_system ();
+ return TRUE;
+}
+
+/**
* Adds the credentials corresponding to the given username.
*
* @param credentials credentials to fill in
dbus_bool_t _dbus_is_a_number (const DBusString *str,
unsigned long *num);
+dbus_bool_t _dbus_username_from_current_process (const DBusString **username);
+dbus_bool_t _dbus_homedir_from_current_process (const DBusString **homedir);
+dbus_bool_t _dbus_homedir_from_username (const DBusString *username,
+ DBusString *homedir);
+
+dbus_bool_t _dbus_homedir_from_uid (dbus_uid_t uid,
+ DBusString *homedir);
DBUS_END_DECLS
projects / platform / upstream / dbus.git / commitdiff