From: Jacek Bukarewicz Date: Wed, 8 Apr 2015 16:27:01 +0000 (+0200) Subject: Cynara helpers for gdbus X-Git-Tag: accepted/tizen/common/20150410.075011~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F94%2F37994%2F4;p=platform%2Fcore%2Fsecurity%2Fcynara.git Cynara helpers for gdbus Change-Id: I3684754bdb0a7b26ea9bfd3b13027f2ef78c6704 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 244e392..aa55db8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -91,6 +91,7 @@ SET(TARGET_CYNARA_COMMON "cynara-commons") SET(TARGET_CYNARA_TESTS "cynara-tests") SET(TARGET_LIB_CREDS_COMMONS "cynara-creds-commons") SET(TARGET_LIB_CREDS_DBUS "cynara-creds-dbus") +SET(TARGET_LIB_CREDS_GDBUS "cynara-creds-gdbus") SET(TARGET_LIB_CREDS_SOCKET "cynara-creds-socket") SET(TARGET_LIB_SESSION "cynara-session") SET(TARGET_LIB_CYNARA_STORAGE "cynara-storage") diff --git a/packaging/cynara.spec b/packaging/cynara.spec index 2b87a55..00cdd64 100644 --- a/packaging/cynara.spec +++ b/packaging/cynara.spec @@ -14,11 +14,12 @@ Source1005: libcynara-agent.manifest Source1006: libcynara-commons.manifest Source1007: libcynara-creds-commons.manifest Source1008: libcynara-creds-dbus.manifest -Source1009: libcynara-creds-socket.manifest -Source1010: libcynara-session.manifest -Source1011: cynara-db-migration.manifest -Source1012: cyad.manifest -Source1013: cynara-db-chsgen.manifest +Source1009: libcynara-creds-gdbus.manifest +Source1010: libcynara-creds-socket.manifest +Source1011: libcynara-session.manifest +Source1012: cynara-db-migration.manifest +Source1013: cyad.manifest +Source1014: cynara-db-chsgen.manifest Requires: default-ac-domains Requires: libcynara-commons = %{version}-%{release} Requires(pre): pwdutils @@ -65,6 +66,7 @@ Requires: libcynara-client = %{version}-%{release} Requires: libcynara-commons = %{version}-%{release} Requires: libcynara-creds-commons = %{version}-%{release} Requires: libcynara-creds-dbus = %{version}-%{release} +Requires: libcynara-creds-gdbus = %{version}-%{release} Requires: libcynara-creds-socket = %{version}-%{release} Requires: libcynara-session = %{version}-%{release} Requires: pkgconfig(dbus-1) @@ -138,6 +140,14 @@ Requires: libcynara-creds-commons = %{version}-%{release} %description -n libcynara-creds-dbus Cynara credentials helpers library for dbus clients +%package -n libcynara-creds-gdbus +Summary: Cynara credentials helpers library for gdbus client +BuildRequires: pkgconfig(gio-2.0) +Requires: libcynara-creds-commons = %{version}-%{release} + +%description -n libcynara-creds-gdbus +Cynara credentials helpers library for gdbus clients + %package -n libcynara-creds-socket Summary: Cynara credentials helpers library for socket clients Requires: libcynara-creds-commons = %{version}-%{release} @@ -182,6 +192,7 @@ cp -a %{SOURCE1010} . cp -a %{SOURCE1011} . cp -a %{SOURCE1012} . cp -a %{SOURCE1013} . +cp -a %{SOURCE1014} . cp -a test/db/db* . %build @@ -297,6 +308,10 @@ fi %postun -n libcynara-creds-dbus -p /sbin/ldconfig +%post -n libcynara-creds-gdbus -p /sbin/ldconfig + +%postun -n libcynara-creds-gdbus -p /sbin/ldconfig + %post -n libcynara-creds-socket -p /sbin/ldconfig %postun -n libcynara-creds-socket -p /sbin/ldconfig @@ -370,6 +385,11 @@ fi %license LICENSE %{_libdir}/libcynara-creds-dbus.so.* +%files -n libcynara-creds-gdbus +%manifest libcynara-creds-gdbus.manifest +%license LICENSE +%{_libdir}/libcynara-creds-gdbus.so.* + %files -n libcynara-creds-socket %manifest libcynara-creds-socket.manifest %license LICENSE diff --git a/packaging/libcynara-creds-gdbus.manifest b/packaging/libcynara-creds-gdbus.manifest new file mode 100644 index 0000000..a76fdba --- /dev/null +++ b/packaging/libcynara-creds-gdbus.manifest @@ -0,0 +1,5 @@ + + + + + diff --git a/pkgconfig/CMakeLists.txt b/pkgconfig/CMakeLists.txt index e37f19a..f07baf2 100644 --- a/pkgconfig/CMakeLists.txt +++ b/pkgconfig/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,7 @@ ADD_SUBDIRECTORY(cynara-admin) ADD_SUBDIRECTORY(cynara-agent) ADD_SUBDIRECTORY(cynara-creds-commons) ADD_SUBDIRECTORY(cynara-creds-dbus) +ADD_SUBDIRECTORY(cynara-creds-gdbus) ADD_SUBDIRECTORY(cynara-creds-socket) ADD_SUBDIRECTORY(cynara-plugin) ADD_SUBDIRECTORY(cynara-session) diff --git a/pkgconfig/cynara-creds-gdbus/CMakeLists.txt b/pkgconfig/cynara-creds-gdbus/CMakeLists.txt new file mode 100644 index 0000000..faa1ae7 --- /dev/null +++ b/pkgconfig/cynara-creds-gdbus/CMakeLists.txt @@ -0,0 +1,27 @@ +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Aleksander Zdyb +# @author Radoslaw Bartosiak +# @author Jacek Bukarewicz +# + +CONFIGURE_FILE(cynara-creds-gdbus.pc.in cynara-creds-gdbus.pc @ONLY) + +INSTALL(FILES + ${CMAKE_BINARY_DIR}/pkgconfig/cynara-creds-gdbus/cynara-creds-gdbus.pc + DESTINATION + ${LIB_INSTALL_DIR}/pkgconfig + ) diff --git a/pkgconfig/cynara-creds-gdbus/cynara-creds-gdbus.pc.in b/pkgconfig/cynara-creds-gdbus/cynara-creds-gdbus.pc.in new file mode 100644 index 0000000..20196fb --- /dev/null +++ b/pkgconfig/cynara-creds-gdbus/cynara-creds-gdbus.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=@LIB_INSTALL_DIR@ +includedir=${prefix}/include + +Name: cynara-creds-gdbus +Description: cynara-creds package for gdbus clients +Version: @CYNARA_VERSION@ +Requires: glib-2.0 +Libs: -L${libdir} -lcynara-creds-gdbus -lcynara-creds-commons -lcynara-commons +Cflags: -I${includedir}/cynara diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 1018e51..99b1c40 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -56,5 +56,6 @@ ADD_SUBDIRECTORY(storage) ADD_SUBDIRECTORY(service) ADD_SUBDIRECTORY(helpers/creds-commons) ADD_SUBDIRECTORY(helpers/creds-dbus) +ADD_SUBDIRECTORY(helpers/creds-gdbus) ADD_SUBDIRECTORY(helpers/creds-socket) ADD_SUBDIRECTORY(helpers/session) diff --git a/src/helpers/creds-gdbus/CMakeLists.txt b/src/helpers/creds-gdbus/CMakeLists.txt new file mode 100644 index 0000000..cf3ec68 --- /dev/null +++ b/src/helpers/creds-gdbus/CMakeLists.txt @@ -0,0 +1,54 @@ +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Aleksander Zdyb +# @author Radoslaw Bartosiak +# @author Lukasz Wojciechowski +# + +SET(LIB_CREDS_GDBUS_VERSION_MAJOR 0) +SET(LIB_CREDS_GDBUS_VERSION ${LIB_CREDS_GDBUS_VERSION_MAJOR}.6.1) + +SET(LIB_CREDS_GDBUS_PATH ${CYNARA_PATH}/helpers/creds-gdbus) + +SET(LIB_CREDS_GDBUS_SOURCES + ${LIB_CREDS_GDBUS_PATH}/creds-gdbus.cpp + ) + +PKG_CHECK_MODULES(LIB_CREDS_GDBUS_DEP + REQUIRED + gio-2.0 + ) + +INCLUDE_DIRECTORIES( + ${CYNARA_PATH}/include + ${LIB_CREDS_GDBUS_PATH} + ${LIB_CREDS_GDBUS_DEP_INCLUDE_DIRS} + ) + +ADD_LIBRARY(${TARGET_LIB_CREDS_GDBUS} SHARED ${LIB_CREDS_GDBUS_SOURCES}) + +SET_TARGET_PROPERTIES( + ${TARGET_LIB_CREDS_GDBUS} + PROPERTIES + SOVERSION ${LIB_CREDS_GDBUS_VERSION_MAJOR} + VERSION ${LIB_CREDS_GDBUS_VERSION} + ) + +TARGET_LINK_LIBRARIES(${TARGET_LIB_CREDS_GDBUS} + ${LIB_CREDS_GDBUS_DEP_LIBRARIES} + ) + +INSTALL(TARGETS ${TARGET_LIB_CREDS_GDBUS} DESTINATION ${LIB_INSTALL_DIR}) diff --git a/src/helpers/creds-gdbus/creds-gdbus.cpp b/src/helpers/creds-gdbus/creds-gdbus.cpp new file mode 100644 index 0000000..80ee63d --- /dev/null +++ b/src/helpers/creds-gdbus/creds-gdbus.cpp @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/** + * @file src/helpers/creds-gdbus/creds-gdbus.cpp + * @author Jacek Bukarewicz + * @version 1.0 + * @brief Implementation of external libcynara-creds-gdbus API + */ + +#include + +#include +#include +#include + +namespace { +int call_dbus_daemon_method_str(GDBusConnection *connection, const gchar *methodName, + const gchar *arg, gchar **result) { + GVariant *reply = g_dbus_connection_call_sync(connection, + "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus", + methodName, g_variant_new("(s)", arg), G_VARIANT_TYPE("(s)"), + G_DBUS_CALL_FLAGS_NONE, -1, NULL, NULL); + + if (reply != NULL) { + g_variant_get(reply, "(s)", result); + g_variant_unref(reply); + return CYNARA_API_SUCCESS; + } else { + return CYNARA_API_UNKNOWN_ERROR; + } +} + +int call_dbus_daemon_method_u32(GDBusConnection *connection, const gchar *methodName, + const gchar *arg, guint32 *result) { + GVariant *reply = g_dbus_connection_call_sync(connection, + "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus", + methodName, g_variant_new("(s)", arg), G_VARIANT_TYPE("(u)"), + G_DBUS_CALL_FLAGS_NONE, -1, NULL, NULL); + + if (reply != NULL) { + g_variant_get(reply, "(u)", result); + g_variant_unref(reply); + return CYNARA_API_SUCCESS; + } else { + return CYNARA_API_UNKNOWN_ERROR; + } +} +} + +CYNARA_API +int cynara_creds_gdbus_get_client(GDBusConnection *connection, const gchar *uniqueName, + enum cynara_client_creds method, gchar **client) { + int ret; + + if (connection == nullptr || uniqueName == nullptr || client == nullptr) + return CYNARA_API_INVALID_PARAM; + + switch (method) { + case cynara_client_creds::CLIENT_METHOD_SMACK: + ret = call_dbus_daemon_method_str(connection, "GetConnectionSmackContext", uniqueName, + client); + break; + case cynara_client_creds::CLIENT_METHOD_PID: + { + guint32 pid; + ret = call_dbus_daemon_method_u32(connection, "GetConnectionUnixProcessID", + uniqueName, &pid); + if (ret == CYNARA_API_SUCCESS) + *client = g_strdup_printf("%u", pid); + break; + } + default: + return CYNARA_API_METHOD_NOT_SUPPORTED; + } + return ret; +} + +CYNARA_API +int cynara_creds_gdbus_get_user(GDBusConnection *connection, const gchar *uniqueName, + enum cynara_user_creds method, gchar **user) { + if (connection == nullptr || uniqueName == nullptr || user == nullptr) + return CYNARA_API_INVALID_PARAM; + + if (method != cynara_user_creds::USER_METHOD_UID) + return CYNARA_API_METHOD_NOT_SUPPORTED; + + guint32 uid; + int ret = call_dbus_daemon_method_u32(connection, "GetConnectionUnixUser", uniqueName, &uid); + if (ret == CYNARA_API_SUCCESS) { + *user = g_strdup_printf("%u", uid); + } + + return ret; +} + +CYNARA_API +int cynara_creds_gdbus_get_pid(GDBusConnection *connection, const char *uniqueName, pid_t *pid) { + if (connection == nullptr || uniqueName == nullptr || pid == nullptr) + return CYNARA_API_INVALID_PARAM; + + guint32 pidU32; + int ret = call_dbus_daemon_method_u32(connection, "GetConnectionUnixProcessID", uniqueName, + &pidU32); + if (ret == CYNARA_API_SUCCESS) { + *pid = static_cast(pidU32); + } + + return ret; +} diff --git a/src/include/CMakeLists.txt b/src/include/CMakeLists.txt index 08f909c..614ae0c 100644 --- a/src/include/CMakeLists.txt +++ b/src/include/CMakeLists.txt @@ -25,6 +25,7 @@ INSTALL(FILES ${CYNARA_PATH}/include/cynara-client-plugin.h ${CYNARA_PATH}/include/cynara-creds-commons.h ${CYNARA_PATH}/include/cynara-creds-dbus.h + ${CYNARA_PATH}/include/cynara-creds-gdbus.h ${CYNARA_PATH}/include/cynara-creds-socket.h ${CYNARA_PATH}/include/cynara-error.h ${CYNARA_PATH}/include/cynara-plugin.h diff --git a/src/include/cynara-creds-gdbus.h b/src/include/cynara-creds-gdbus.h new file mode 100644 index 0000000..c6ce2dd --- /dev/null +++ b/src/include/cynara-creds-gdbus.h @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/** + * @file src/include/cynara-creds-gdbus.h + * @author Jacek Bukarewicz + * @version 1.0 + * @brief This file contains Cynara credentials helper APIs for gdbus clients. + */ + + +#ifndef CYNARA_CREDS_GDBUS_H +#define CYNARA_CREDS_GDBUS_H + +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \par Description: + * Creates a client identification string with given method. Client is a process identified by the + * unique name at the other side of the dbus connection. + * + * \par Purpose: + * Client identification string is required for cynara_check() and cynara_async_check() functions. + * + * \par Typical use case: + * The function is called before the call of one of ...check() functions. + * Returned string is used as client parameter in ...check() function. + * String is released with free() function when it is no longer needed. + * + * \par Method of function operation: + * The function generates client string by calling a method from DBus Interface + * ("org.freedesktop.DBus") which is placed on system bus ("org.freedesktop.DBus"). + * + * \par Sync (or) Async: + * This is a synchronous API. + * + * \par Thread safety: + * This function is NOT thread-safe. If functions from described API are called by multithreaded + * application from different threads, they must be put into mutex protected critical section. + * + * \par Important notes: + * Memory for returned user string should be freed with g_free(). + * Allocated string is returned only, when function succeeds. + * + * \param[in] connection DBus connection to a bus. It manages incomming and outgoing messages + * \param[in] uniqueName DBus identifier of the client + * \param[in] method Method of client identifier creation + * \param[out] client Placeholder for allocated string containing client id + * + * \return CYNARA_API_SUCCESS on success + * CYNARA_API_INVALID_PARAM when client is NULL or uniqueName or client has wrong + * value (i.e NULL or non-existing) + * CYNARA_API_METHOD_NOT_SUPPORTED when requested method is not supported + */ +int cynara_creds_gdbus_get_client(GDBusConnection *connection, const gchar *uniqueName, + enum cynara_client_creds method, gchar **client); + +/** + * \par Description: + * Creates a user identification string with given method. User is an executor of process + * at the other side of socket. + * + * \par Purpose: + * User identification string is required for cynara_check() and cynara_async_check() functions. + * + * \par Typical use case: + * The function is called before the call of one of ...check() functions. + * Returned string is used as user parameter in ...check() function. + * String is released with free() function when it is no longer needed. + * + * \par Method of function operation: + * The function generates user string by calling a method from DBus Interface + * ("org.freedesktop.DBus") which is placed on system bus ("org.freedesktop.DBus"). + * + * \par Sync (or) Async: + * This is a synchronous API. + * + * \par Thread safety: + * This function is NOT thread-safe. If functions from described API are called by multithreaded + * application from different threads, they must be put into mutex protected critical section. + * + * \par Important notes: + * Memory for returned user string should be freed with g_free(). + * Allocated string is returned only, when function succeeds. + * + * \param[in] connection DBus connection to a bus. It manages incomming and outgoing messages + * \param[in] uniqueName DBus identifier of the client invoked by the user + * \param[in] method Method of client identifier creation + * \param[out] user Placeholder for allocated string containing user id + * + * \return CYNARA_API_SUCCESS on success + * CYNARA_API_INVALID_PARAM when user is NULL or connection is not valid DBus connection or + * uniqueName does not represent a process conected to the DBus + * CYNARA_API_METHOD_NOT_SUPPORTED when requested method is not supported + */ +int cynara_creds_gdbus_get_user(GDBusConnection *connection, const gchar *uniqueName, + enum cynara_user_creds method, gchar **user); + +/** + * \par Description: + * Return PID of a process identified by the unique name at the other side of the dbus connection. + * + * \par Purpose: + * PID may be used for client_session creation with cynara_helper_session_from_pid() function + * from libcynara-helper-session library. Client_session is needed for cynara_check() + * and cynara_async_check() functions. + * + * \par Typical use case: + * The function is called before the call of cynara_helper_session_from_pid() function. + * + * \par Method of function operation: + * The function reads PID of the peer by calling a method from DBus Interface + * ("org.freedesktop.DBus") which is placed on system bus ("org.freedesktop.DBus") + * with "GetConnectionUnixProcessID" argument. + * + * \par Sync (or) Async: + * This is a synchronous API. + * + * \par Thread safety: + * This function is NOT thread-safe. If functions from described API are called by multithreaded + * application from different threads, they must be put into mutex protected critical section. + * + * \param[in] connection DBus connection to a bus. It manages incomming and outgoing messages + * \param[in] uniqueName DBus identifier of the client invoked by the user + * \param[out] pid Placeholder for PID returned by function + * + * \return CYNARA_API_SUCCESS on success + * CYNARA_API_INVALID_PARAM when one of parameters is not valid + * CYNARA_API_UNKNOWN_ERROR when function fails because of unknown error + */ +int cynara_creds_gdbus_get_pid(GDBusConnection *connection, const gchar *uniqueName, pid_t *pid); + +#ifdef __cplusplus +} +#endif + +#endif /* CYNARA_CREDS_GDBUS_H */