creds_t Aegis::credentials_to_creds_t(const credentials_t &creds) { creds_t aegis_creds = creds_init() ; bool ok = true ; for(set<string>::const_iterator it=creds.tokens.begin(); it!=creds.tokens.end() && ok; ++it) ok = Aegis::add_string_to_creds_t(aegis_creds, *it, false) ; ok = ok && Aegis::add_string_to_creds_t(aegis_creds, (string)"UID::" + creds.uid, false) ; ok = ok && Aegis::add_string_to_creds_t(aegis_creds, (string)"GID::" + creds.gid, false) ; if (!ok) creds_free(aegis_creds), aegis_creds = creds_init() ; return aegis_creds ; }
// Shows a list of credentials that the client has static void show_credentials(void) { #ifdef HAVE_CREDS creds_t creds; creds_value_t value; creds_type_t type; int i; creds = creds_gettask(0); for (i = 0; (type = creds_list(creds, i, &value)) != CREDS_BAD; ++i) { char buf[200]; (void)creds_creds2str(type, value, buf, sizeof(buf)); buf[sizeof(buf)-1] = 0; printf("\t%s\n", buf); } creds_free(creds); #else printf("Security credential information isn't available.\n"); #endif exit(0); }
credentials_t Aegis::credentials_from_dbus_connection(const QDBusMessage &message) { // We are doing this in a kinda insecure way. Two steps: // 1. Ask dbus daemon, what is the pid of the client. // --- race race race --- (please someone file a bug about it) --- race race race --- // 2. Ask aegis kernel extension, what are the credentials of given pid. QString sender = message.service() ; /* "returns "sender" on inbound messages and "service" on outbound messages which saves one QString object and confuses at least me ..." -- so true ! */ // 1. Ask DBus daemon, what is the PID of the 'sender': uint32_t owner_id = get_name_owner_from_dbus_sync(Maemo::Timed::bus(), sender) ; if (owner_id == ~0u) { log_warning("can't get owner (pid) of the caller, already terminated?") ; return credentials_t() ; } pid_t pid = owner_id ; // 2. Getting aegis credentials from the kernel, by pid creds_t aegis_creds = creds_gettask(pid) ; // Don't check result, as NULL is a valid set of aegis credentials credentials_t creds = Aegis::credentials_from_creds_t(aegis_creds) ; creds_free(aegis_creds) ; return creds ; }