Commit 23832672 authored by Havoc Pennington's avatar Havoc Pennington

2007-06-09 Havoc Pennington <hp@redhat.com>

	* bus/dispatch.c (check_get_connection_unix_process_id): adapt
	since sysdeps-unix.h stuff isn't included anymore

	* bus/bus.c (bus_context_new): use more abstract functions to
	change user, so they can be no-ops on Windows

	* dbus/dbus-credentials.c, dbus/dbus-credentials.h,
	dbus/dbus-credentials-util.c: new files containing a fully opaque
	DBusCredentials data type to replace the old not opaque one.

	* configure.in (DBUS_UNIX): define DBUS_UNIX to match DBUS_WIN on
	windows

	* dbus/dbus-userdb.h: prohibit on Windows, next step is to clean
	up the uses of it in bus/*.c and factor out the parts of
	cookie auth that depend on it
parent b80a8fe6
2007-06-09 Havoc Pennington <hp@redhat.com>
* bus/dispatch.c (check_get_connection_unix_process_id): adapt
since sysdeps-unix.h stuff isn't included anymore
* bus/bus.c (bus_context_new): use more abstract functions to
change user, so they can be no-ops on Windows
* dbus/dbus-credentials.c, dbus/dbus-credentials.h,
dbus/dbus-credentials-util.c: new files containing a fully opaque
DBusCredentials data type to replace the old not opaque one.
* configure.in (DBUS_UNIX): define DBUS_UNIX to match DBUS_WIN on
windows
* dbus/dbus-userdb.h: prohibit on Windows, next step is to clean
up the uses of it in bus/*.c and factor out the parts of
cookie auth that depend on it
2007-06-07 Havoc Pennington <hp@redhat.com>
* dbus/dbus-message.c: improve some docs related to reading values
......
......@@ -533,7 +533,6 @@ bus_context_new (const DBusString *config_file,
{
BusContext *context;
BusConfigParser *parser;
DBusCredentials creds;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
......@@ -660,13 +659,7 @@ bus_context_new (const DBusString *config_file,
/* check user before we fork */
if (context->user != NULL)
{
DBusString u;
_dbus_string_init_const (&u, context->user);
if (!_dbus_credentials_from_username (&u, &creds) ||
creds.uid < 0 ||
creds.gid < 0)
if (!_dbus_verify_daemon_user (context->user))
{
dbus_set_error (error, DBUS_ERROR_FAILED,
"Could not get UID and GID for username \"%s\"",
......@@ -769,7 +762,7 @@ bus_context_new (const DBusString *config_file,
*/
if (context->user != NULL)
{
if (!_dbus_change_identity (creds.uid, creds.gid, error))
if (!_dbus_change_to_daemon_user (context->user, error))
{
_DBUS_ASSERT_ERROR_IS_SET (error);
goto failed;
......
......@@ -399,6 +399,10 @@ bus_dispatch_remove_connection (DBusConnection *connection)
#ifdef DBUS_BUILD_TESTS
#include <stdio.h>
#ifdef DBUS_UNIX
#include <sys/types.h>
#include <unistd.h>
#endif
/* This is used to know whether we need to block in order to finish
* sending a message, or whether the initial dbus_connection_send()
......@@ -1313,7 +1317,7 @@ check_get_connection_unix_process_id (BusContext *context,
* cause then we can test that the pid returned matches
* getppid()
*/
if (pid != (dbus_uint32_t) _dbus_getpid ())
if (pid != (dbus_uint32_t) getpid ())
{
_dbus_assert (dbus_error_is_set (&error));
_dbus_warn ("Result from GetConnectionUnixProcessID is not our own pid\n");
......
......@@ -324,13 +324,9 @@ bus_policy_create_client_policy (BusPolicy *policy,
if (!dbus_connection_get_unix_user (connection, &uid))
{
#ifdef DBUS_WIN_FIXME
_dbus_verbose ("policy.c: dbus_connection_get_unix_user check disabled under windows\n");
#else
dbus_set_error (error, DBUS_ERROR_FAILED,
"No user ID known for connection, cannot determine security policy\n");
goto failed;
#endif
}
if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
......
......@@ -1169,6 +1169,8 @@ fi
AC_DEFINE_UNQUOTED(DBUS_SESSION_SOCKET_DIR, "$DBUS_SESSION_SOCKET_DIR", [Where per-session bus puts its sockets])
AC_SUBST(DBUS_SESSION_SOCKET_DIR)
AC_DEFINE_UNQUOTED(DBUS_UNIX, "1", [Defined on UNIX and Linux systems and not on Windows])
AC_OUTPUT([
Doxyfile
dbus/dbus-arch-deps.h
......
......@@ -41,6 +41,8 @@ DBUS_LIB_SOURCES= \
dbus-bus.c \
dbus-connection.c \
dbus-connection-internal.h \
dbus-credentials.c \
dbus-credentials.h \
dbus-errors.c \
dbus-keyring.c \
dbus-keyring.h \
......@@ -128,6 +130,7 @@ DBUS_SHARED_SOURCES= \
### to be unless they move to DBUS_SHARED_SOURCES later)
DBUS_UTIL_SOURCES= \
dbus-auth-util.c \
dbus-credentials-util.c \
dbus-mainloop.c \
dbus-mainloop.h \
dbus-marshal-byteswap-util.c \
......
......@@ -28,8 +28,8 @@
#include "dbus-auth.h"
#include "dbus-string.h"
#include "dbus-hash.h"
#include "dbus-credentials.h"
#include "dbus-internals.h"
#include "dbus-userdb.h"
/**
* @defgroup DBusAuthScript code for running unit test scripts for DBusAuth
......@@ -209,6 +209,29 @@ split_string (DBusString *str)
return array;
}
static void
auth_set_unix_credentials(DBusAuth *auth,
dbus_uid_t uid,
dbus_pid_t pid)
{
DBusCredentials *credentials;
credentials = _dbus_credentials_new ();
if (credentials == NULL)
{
_dbus_warn ("no memory\n");
return;
}
if (uid != DBUS_UID_UNSET)
_dbus_credentials_add_unix_uid (credentials, uid);
if (pid != DBUS_PID_UNSET)
_dbus_credentials_add_unix_pid (credentials, pid);
_dbus_auth_set_credentials (auth, credentials);
_dbus_credentials_unref (credentials);
}
/**
* Runs an "auth script" which is a script for testing the
* authentication protocol. Scripts send and receive data, and then
......@@ -303,7 +326,7 @@ _dbus_auth_script_run (const DBusString *filename)
else if (_dbus_string_starts_with_c_str (&line,
"CLIENT"))
{
DBusCredentials creds;
DBusCredentials *creds;
if (auth != NULL)
{
......@@ -321,14 +344,31 @@ _dbus_auth_script_run (const DBusString *filename)
/* test ref/unref */
_dbus_auth_ref (auth);
_dbus_auth_unref (auth);
creds = _dbus_credentials_new_from_current_process ();
if (creds == NULL)
{
_dbus_warn ("no memory for credentials\n");
_dbus_auth_unref (auth);
auth = NULL;
goto out;
}
if (!_dbus_auth_set_credentials (auth, creds))
{
_dbus_warn ("no memory for setting credentials\n");
_dbus_auth_unref (auth);
auth = NULL;
_dbus_credentials_unref (creds);
goto out;
}
_dbus_credentials_from_current_process (&creds);
_dbus_auth_set_credentials (auth, &creds);
_dbus_credentials_unref (creds);
}
else if (_dbus_string_starts_with_c_str (&line,
"SERVER"))
{
DBusCredentials creds;
DBusCredentials *creds;
if (auth != NULL)
{
......@@ -346,9 +386,27 @@ _dbus_auth_script_run (const DBusString *filename)
/* test ref/unref */
_dbus_auth_ref (auth);
_dbus_auth_unref (auth);
creds = _dbus_credentials_new_from_current_process ();
if (creds == NULL)
{
_dbus_warn ("no memory for credentials\n");
_dbus_auth_unref (auth);
auth = NULL;
goto out;
}
if (!_dbus_auth_set_credentials (auth, creds))
{
_dbus_warn ("no memory for setting credentials\n");
_dbus_auth_unref (auth);
auth = NULL;
_dbus_credentials_unref (creds);
goto out;
}
_dbus_credentials_from_current_process (&creds);
_dbus_auth_set_credentials (auth, &creds);
_dbus_credentials_unref (creds);
_dbus_auth_set_context (auth, &context);
}
else if (auth == NULL)
......@@ -360,20 +418,17 @@ _dbus_auth_script_run (const DBusString *filename)
else if (_dbus_string_starts_with_c_str (&line,
"NO_CREDENTIALS"))
{
DBusCredentials creds = { -1, -1, -1 };
_dbus_auth_set_credentials (auth, &creds);
auth_set_unix_credentials (auth, DBUS_UID_UNSET, DBUS_PID_UNSET);
}
else if (_dbus_string_starts_with_c_str (&line,
"ROOT_CREDENTIALS"))
{
DBusCredentials creds = { -1, 0, 0 };
_dbus_auth_set_credentials (auth, &creds);
auth_set_unix_credentials (auth, 0, DBUS_PID_UNSET);
}
else if (_dbus_string_starts_with_c_str (&line,
"SILLY_CREDENTIALS"))
{
DBusCredentials creds = { -1, 4312, 1232 };
_dbus_auth_set_credentials (auth, &creds);
auth_set_unix_credentials (auth, 4312, DBUS_PID_UNSET);
}
else if (_dbus_string_starts_with_c_str (&line,
"ALLOWED_MECHS"))
......@@ -432,8 +487,7 @@ _dbus_auth_script_run (const DBusString *filename)
goto out;
}
if (!_dbus_string_append_uint (&username,
_dbus_getuid ()))
if (!_dbus_append_desired_identity (&username))
{
_dbus_warn ("no memory for userid\n");
_dbus_string_free (&username);
......
This diff is collapsed.
......@@ -68,10 +68,9 @@ dbus_bool_t _dbus_auth_needs_decoding (DBusAuth *auth);
dbus_bool_t _dbus_auth_decode_data (DBusAuth *auth,
const DBusString *encoded,
DBusString *plaintext);
void _dbus_auth_set_credentials (DBusAuth *auth,
const DBusCredentials *credentials);
void _dbus_auth_get_identity (DBusAuth *auth,
dbus_bool_t _dbus_auth_set_credentials (DBusAuth *auth,
DBusCredentials *credentials);
DBusCredentials* _dbus_auth_get_identity (DBusAuth *auth);
dbus_bool_t _dbus_auth_set_context (DBusAuth *auth,
const DBusString *context);
const char* _dbus_auth_get_guid_from_server(DBusAuth *auth);
......
/* -*- mode: C; c-file-style: "gnu" -*- */
/* dbus-credentials-util.c Would be in dbus-credentials.c, but only used for tests/bus
*
* Copyright (C) 2007 Red Hat Inc.
*
* Licensed under the Academic Free License version 2.1
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#include "dbus-internals.h"
#include "dbus-test.h"
#include "dbus-credentials.h"
/**
* @addtogroup DBusCredentials
* @{
*/
/** @} */
#ifdef DBUS_BUILD_TESTS
#include "dbus-test.h"
#include <stdio.h>
#include <string.h>
static DBusCredentials*
make_credentials(dbus_uid_t unix_uid,
dbus_pid_t unix_pid,
const char *windows_sid)
{
DBusCredentials *credentials;
credentials = _dbus_credentials_new ();
if (unix_uid != DBUS_UID_UNSET)
{
if (!_dbus_credentials_add_unix_uid (credentials, unix_uid))
{
_dbus_credentials_unref (credentials);
return NULL;
}
}
if (unix_pid != DBUS_PID_UNSET)
{
if (!_dbus_credentials_add_unix_pid (credentials, unix_pid))
{
_dbus_credentials_unref (credentials);
return NULL;
}
}
if (windows_sid != NULL)
{
if (!_dbus_credentials_add_windows_sid (credentials, windows_sid))
{
_dbus_credentials_unref (credentials);
return NULL;
}
}
return credentials;
}
#define SAMPLE_SID "whatever a windows sid looks like"
#define OTHER_SAMPLE_SID "whatever else"
dbus_bool_t
_dbus_credentials_test (const char *test_data_dir)
{
DBusCredentials *creds;
DBusCredentials *creds2;
if (test_data_dir == NULL)
return TRUE;
creds = make_credentials (12, 511, SAMPLE_SID);
if (creds == NULL)
_dbus_assert_not_reached ("oom");
/* test refcounting */
_dbus_credentials_ref (creds);
_dbus_credentials_unref (creds);
_dbus_assert (_dbus_credentials_include (creds, DBUS_CREDENTIAL_UNIX_USER_ID));
_dbus_assert (_dbus_credentials_include (creds, DBUS_CREDENTIAL_UNIX_PROCESS_ID));
_dbus_assert (_dbus_credentials_include (creds, DBUS_CREDENTIAL_WINDOWS_SID));
_dbus_assert (_dbus_credentials_get_unix_uid (creds) == 12);
_dbus_assert (_dbus_credentials_get_unix_pid (creds) == 511);
_dbus_assert (strcmp (_dbus_credentials_get_windows_sid (creds), SAMPLE_SID) == 0);
_dbus_assert (!_dbus_credentials_are_empty (creds));
/* Test copy */
creds2 = _dbus_credentials_copy (creds);
if (creds2 == NULL)
_dbus_assert_not_reached ("oom");
_dbus_assert (_dbus_credentials_include (creds2, DBUS_CREDENTIAL_UNIX_USER_ID));
_dbus_assert (_dbus_credentials_include (creds2, DBUS_CREDENTIAL_UNIX_PROCESS_ID));
_dbus_assert (_dbus_credentials_include (creds2, DBUS_CREDENTIAL_WINDOWS_SID));
_dbus_assert (_dbus_credentials_get_unix_uid (creds2) == 12);
_dbus_assert (_dbus_credentials_get_unix_pid (creds2) == 511);
_dbus_assert (strcmp (_dbus_credentials_get_windows_sid (creds2), SAMPLE_SID) == 0);
_dbus_assert (_dbus_credentials_are_superset (creds, creds2));
_dbus_credentials_unref (creds2);
/* Same user if both unix and windows are the same */
creds2 = make_credentials (12, DBUS_PID_UNSET, SAMPLE_SID);
if (creds2 == NULL)
_dbus_assert_not_reached ("oom");
_dbus_assert (_dbus_credentials_same_user (creds, creds2));
_dbus_credentials_unref (creds2);
/* Not the same user if Windows is missing */
creds2 = make_credentials (12, DBUS_PID_UNSET, NULL);
if (creds2 == NULL)
_dbus_assert_not_reached ("oom");
_dbus_assert (!_dbus_credentials_same_user (creds, creds2));
_dbus_assert (_dbus_credentials_are_superset (creds, creds2));
_dbus_credentials_unref (creds2);
/* Not the same user if Windows is different */
creds2 = make_credentials (12, DBUS_PID_UNSET, OTHER_SAMPLE_SID);
if (creds2 == NULL)
_dbus_assert_not_reached ("oom");
_dbus_assert (!_dbus_credentials_same_user (creds, creds2));
_dbus_assert (!_dbus_credentials_are_superset (creds, creds2));
_dbus_credentials_unref (creds2);
/* Not the same user if Unix is missing */
creds2 = make_credentials (DBUS_UID_UNSET, DBUS_PID_UNSET, SAMPLE_SID);
if (creds2 == NULL)
_dbus_assert_not_reached ("oom");
_dbus_assert (!_dbus_credentials_same_user (creds, creds2));
_dbus_assert (_dbus_credentials_are_superset (creds, creds2));
_dbus_credentials_unref (creds2);
/* Not the same user if Unix is different */
creds2 = make_credentials (15, DBUS_PID_UNSET, SAMPLE_SID);
if (creds2 == NULL)
_dbus_assert_not_reached ("oom");
_dbus_assert (!_dbus_credentials_same_user (creds, creds2));
_dbus_assert (!_dbus_credentials_are_superset (creds, creds2));
_dbus_credentials_unref (creds2);
/* Not the same user if both are missing */
creds2 = make_credentials (DBUS_UID_UNSET, DBUS_PID_UNSET, NULL);
if (creds2 == NULL)
_dbus_assert_not_reached ("oom");
_dbus_assert (!_dbus_credentials_same_user (creds, creds2));
_dbus_assert (_dbus_credentials_are_superset (creds, creds2));
_dbus_credentials_unref (creds2);
/* Clearing credentials works */
_dbus_credentials_clear (creds);
_dbus_assert (!_dbus_credentials_include (creds, DBUS_CREDENTIAL_UNIX_USER_ID));
_dbus_assert (!_dbus_credentials_include (creds, DBUS_CREDENTIAL_UNIX_PROCESS_ID));
_dbus_assert (!_dbus_credentials_include (creds, DBUS_CREDENTIAL_WINDOWS_SID));
_dbus_assert (_dbus_credentials_get_unix_uid (creds) == DBUS_UID_UNSET);
_dbus_assert (_dbus_credentials_get_unix_pid (creds) == DBUS_PID_UNSET);
_dbus_assert (_dbus_credentials_get_windows_sid (creds) == NULL);
_dbus_assert (_dbus_credentials_are_empty (creds));
_dbus_credentials_unref (creds);
return TRUE;
}
#endif /* DBUS_BUILD_TESTS */
This diff is collapsed.
/* -*- mode: C; c-file-style: "gnu" -*- */
/* dbus-credentials.h Credentials provable through authentication
*
* Copyright (C) 2007 Red Hat Inc.
*
* Licensed under the Academic Free License version 2.1
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#ifndef DBUS_CREDENTIALS_H
#define DBUS_CREDENTIALS_H
#include <dbus/dbus-macros.h>
#include <dbus/dbus-errors.h>
#include <dbus/dbus-string.h>
#include <dbus/dbus-sysdeps.h>
DBUS_BEGIN_DECLS
typedef enum {
DBUS_CREDENTIAL_UNIX_PROCESS_ID,
DBUS_CREDENTIAL_UNIX_USER_ID,
DBUS_CREDENTIAL_WINDOWS_SID
} DBusCredentialType;
DBusCredentials* _dbus_credentials_new_from_current_process (void);
DBusCredentials* _dbus_credentials_new (void);
void _dbus_credentials_ref (DBusCredentials *credentials);
void _dbus_credentials_unref (DBusCredentials *credentials);
dbus_bool_t _dbus_credentials_add_unix_pid (DBusCredentials *credentials,
dbus_pid_t pid);
dbus_bool_t _dbus_credentials_add_unix_uid (DBusCredentials *credentials,
dbus_uid_t uid);
dbus_bool_t _dbus_credentials_add_windows_sid (DBusCredentials *credentials,
const char *windows_sid);
dbus_bool_t _dbus_credentials_include (DBusCredentials *credentials,
DBusCredentialType type);
dbus_pid_t _dbus_credentials_get_unix_pid (DBusCredentials *credentials);
dbus_uid_t _dbus_credentials_get_unix_uid (DBusCredentials *credentials);
const char* _dbus_credentials_get_windows_sid (DBusCredentials *credentials);
dbus_bool_t _dbus_credentials_are_superset (DBusCredentials *credentials,
DBusCredentials *possible_subset);
dbus_bool_t _dbus_credentials_are_empty (DBusCredentials *credentials);
dbus_bool_t _dbus_credentials_add_credentials (DBusCredentials *credentials,
DBusCredentials *other_credentials);
/* must silently allow 'which' to not exist */
dbus_bool_t _dbus_credentials_add_credential (DBusCredentials *credentials,
DBusCredentialType which,
DBusCredentials *other_credentials);
void _dbus_credentials_clear (DBusCredentials *credentials);
DBusCredentials* _dbus_credentials_copy (DBusCredentials *credentials);
dbus_bool_t _dbus_credentials_same_user (DBusCredentials *credentials,
DBusCredentials *other_credentials);
DBUS_END_DECLS
#endif /* DBUS_CREDENTIALS_H */
......@@ -271,7 +271,7 @@ _dbus_warn_check_failed(const char *format,
if (!warn_initted)
init_warnings ();
fprintf (stderr, "process %lu: ", _dbus_getpid ());
fprintf (stderr, "process %lu: ", _dbus_pid_for_log ());
va_start (args, format);
vfprintf (stderr, format, args);
......@@ -349,9 +349,9 @@ _dbus_verbose_real (const char *format,
if (need_pid)
{
#if PTHREAD_IN_VERBOSE
fprintf (stderr, "%lu: 0x%lx: ", _dbus_getpid (), pthread_self ());
fprintf (stderr, "%lu: 0x%lx: ", _dbus_pid_for_log (), pthread_self ());
#else
fprintf (stderr, "%lu: ", _dbus_getpid ());
fprintf (stderr, "%lu: ", _dbus_pid_for_log ());
#endif
}
......@@ -813,7 +813,7 @@ _dbus_real_assert (dbus_bool_t condition,
if (_DBUS_UNLIKELY (!condition))
{
_dbus_warn ("%lu: assertion failed \"%s\" file \"%s\" line %d function %s\n",
_dbus_getpid (), condition_text, file, line, func);
_dbus_pid_for_log (), condition_text, file, line, func);
_dbus_abort ();
}
}
......@@ -834,7 +834,7 @@ _dbus_real_assert_not_reached (const char *explanation,
int line)
{
_dbus_warn ("File \"%s\" line %d process %lu should not have been reached: %s\n",
file, line, _dbus_getpid (), explanation);
file, line, _dbus_pid_for_log (), explanation);
_dbus_abort ();
}
#endif /* DBUS_DISABLE_ASSERT */
......
......@@ -22,7 +22,6 @@
*/
#include "dbus-keyring.h"
#include "dbus-userdb.h"
#include "dbus-protocol.h"
#include <dbus/dbus-string.h>
#include <dbus/dbus-list.h>
......
......@@ -986,7 +986,7 @@ node_read_value (TestTypeNode *node,
DBusTypeReader *reader,
int seed)
{
DBusTypeReader restored;
/* DBusTypeReader restored; */
if (!(* node->klass->read_value) (node, reader, seed))
return FALSE;
......
......@@ -22,7 +22,7 @@
*
*/
#include "dbus-spawn.h"
#include "dbus-sysdeps.h"
#include "dbus-sysdeps-unix.h"
#include "dbus-internals.h"
#include "dbus-test.h"
#include "dbus-protocol.h"
......@@ -849,7 +849,7 @@ do_exec (int child_err_report_fd,
#endif
_dbus_verbose_reset ();
_dbus_verbose ("Child process has PID %lu\n",
_dbus_verbose ("Child process has PID " DBUS_PID_FORMAT "\n",
_dbus_getpid ());
if (child_setup)
......
This diff is collapsed.
......@@ -71,6 +71,63 @@ int _dbus_listen_unix_socket (const char *path,
dbus_bool_t abstract,
DBusError *error);
dbus_bool_t _dbus_read_credentials (int client_fd,
DBusCredentials *credentials,
DBusError *error);
dbus_bool_t _dbus_send_credentials (int server_fd,
DBusError *error);
/** Information about a UNIX user */
typedef struct DBusUserInfo DBusUserInfo;
/** Information about a UNIX group */
typedef struct DBusGroupInfo DBusGroupInfo;
/**
* Information about a UNIX user
*/
struct DBusUserInfo