// Shows a list of credentials that the client has static void show_credentials(void) { #ifdef HAVE_CREDS creds_t creds; creds_value_t value; creds_type_t type; int i; creds = creds_gettask(0); for (i = 0; (type = creds_list(creds, i, &value)) != CREDS_BAD; ++i) { char buf[200]; (void)creds_creds2str(type, value, buf, sizeof(buf)); buf[sizeof(buf)-1] = 0; printf("\t%s\n", buf); } creds_free(creds); #else printf("Security credential information isn't available.\n"); #endif exit(0); }
credentials_t Aegis::credentials_from_creds_t(creds_t aegis_creds) { credentials_t creds ; // uid/gid is set to nobody/nobody by default // using a buffer directly on stack, if not enough -> use heap static const size_t buf_stack_len = 1024 ; char buf_on_stack[buf_stack_len] ; char *buf = buf_on_stack ; size_t len = buf_stack_len ; creds_type_t aegis_type ; creds_value_t aegis_val ; for(int i=0; (aegis_type = creds_list(aegis_creds, i, &aegis_val)) != CREDS_BAD; ++i) { int res1 = creds_creds2str(aegis_type, aegis_val, buf, len) ; bool error1 = res1 < 0 ; bool memory1 = len <= (size_t)res1 ; bool failure1 = error1 || memory1 ; if (failure1 && buf!=buf_on_stack) delete [] buf ; if (error1) { log_error("creds_creds2str() failed (%d returned)", res1) ; return credentials_t() ; // new empty object, being paranoid } if (memory1) // have to re-alloc { len = (size_t)res1 + 1, buf = new char[len] ; int res2 = creds_creds2str(aegis_type, aegis_val, buf, len) ; bool failure2 = res2 < 0 || (len <= (size_t)res2) ; if(failure2) { log_error("creds_creds2str() failed second time (len=%u, returned value=%d)", len, res2) ; delete [] buf ; return credentials_t() ; } } // now 'buf' is containing a proper '\0'-terminated c-string. bool is_token = true ; static const char *id[] = {"UID::", "GID::"} ; // loop over 'uid' and 'gid' static const int prefix_len = 5 ; for (int j=0; j<2; ++j) if (strncmp(buf, id[j], prefix_len)==0) // found! { is_token = false ; const char *shifted = buf + prefix_len ; if(*shifted == '\0') { log_warning("got empty uid/gid credential value in '%s'", buf) ; break ; } (j==0 ? creds.uid : creds.gid) = (string) shifted ; break ; } if(is_token) creds.tokens.insert(buf) ; } if (buf!=buf_on_stack) delete [] buf ; return creds ; }