/**
* Merge the given credential found in the second object into the first object,
* overwriting the first object's value for that credential.
*
* Does nothing if the second object does not contain the specified credential.
* i.e., will never delete a credential from the first object.
*
* @param credentials the object
* @param which the credential to overwrite
* @param other_credentials credentials to merge
* @returns #FALSE if no memory
*/
dbus_bool_t
_dbus_credentials_add_credential (DBusCredentials *credentials,
DBusCredentialType which,
DBusCredentials *other_credentials)
{
if (which == DBUS_CREDENTIAL_UNIX_PROCESS_ID &&
other_credentials->pid != DBUS_PID_UNSET)
{
if (!_dbus_credentials_add_pid (credentials, other_credentials->pid))
return FALSE;
}
else if (which == DBUS_CREDENTIAL_UNIX_USER_ID &&
other_credentials->unix_uid != DBUS_UID_UNSET)
{
if (!_dbus_credentials_add_unix_uid (credentials, other_credentials->unix_uid))
return FALSE;
}
else if (which == DBUS_CREDENTIAL_WINDOWS_SID &&
other_credentials->windows_sid != NULL)
{
if (!_dbus_credentials_add_windows_sid (credentials, other_credentials->windows_sid))
return FALSE;
}
else if (which == DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID &&
other_credentials->adt_audit_data != NULL)
{
if (!_dbus_credentials_add_adt_audit_data (credentials, other_credentials->adt_audit_data, other_credentials->adt_audit_data_size))
return FALSE;
}
return TRUE;
}
/**
* Adds the credentials corresponding to the given username.
*
* Used among other purposes to parses a desired identity provided
* from a client in the auth protocol. On UNIX this means parsing a
* UID, on Windows probably parsing an SID string.
*
* @todo this is broken because it treats OOM and parse error
* the same way. Needs a #DBusError.
*
* @param credentials credentials to fill in
* @param username the username
* @returns #TRUE if the username existed and we got some credentials
*/
dbus_bool_t
_dbus_credentials_add_from_user (DBusCredentials *credentials,
const DBusString *username)
{
DBusUserDatabase *db;
const DBusUserInfo *info;
/* FIXME: this can't distinguish ENOMEM from other errors */
if (!_dbus_user_database_lock_system ())
return FALSE;
db = _dbus_user_database_get_system ();
if (db == NULL)
{
_dbus_user_database_unlock_system ();
return FALSE;
}
if (!_dbus_user_database_get_username (db, username,
&info, NULL))
{
_dbus_user_database_unlock_system ();
return FALSE;
}
if (!_dbus_credentials_add_unix_uid(credentials, info->uid))
{
_dbus_user_database_unlock_system ();
return FALSE;
}
_dbus_user_database_unlock_system ();
return TRUE;
}
/**
* Adds the credentials corresponding to the given username.
*
* Used among other purposes to parses a desired identity provided
* from a client in the auth protocol. On UNIX this means parsing a
* UID, on Windows probably parsing an SID string.
*
* @todo this is broken because it treats OOM and parse error
* the same way. Needs a #DBusError.
*
* @param credentials credentials to fill in
* @param username the username
* @returns #TRUE if the username existed and we got some credentials
*/
dbus_bool_t
_dbus_credentials_add_from_user (DBusCredentials *credentials,
const DBusString *username)
{
DBusUserDatabase *db;
const DBusUserInfo *info;
_dbus_user_database_lock_system ();
db = _dbus_user_database_get_system ();
if (db == NULL)
{
_dbus_user_database_unlock_system ();
return FALSE;
}
if (!_dbus_user_database_get_username (db, username,
&info, NULL))
{
_dbus_user_database_unlock_system ();
return FALSE;
}
if (!_dbus_credentials_add_unix_uid(credentials, info->uid))
{
_dbus_user_database_unlock_system ();
return FALSE;
}
_dbus_user_database_unlock_system ();
return TRUE;
}
static void
auth_set_unix_credentials(DBusAuth *auth,
dbus_uid_t uid,
dbus_pid_t pid)
{
DBusCredentials *credentials;
credentials = _dbus_credentials_new ();
if (credentials == NULL)
_dbus_assert_not_reached ("no memory");
if (uid != DBUS_UID_UNSET)
_dbus_credentials_add_unix_uid (credentials, uid);
if (pid != DBUS_PID_UNSET)
_dbus_credentials_add_pid (credentials, pid);
_dbus_auth_set_credentials (auth, credentials);
_dbus_credentials_unref (credentials);
}
static DBusCredentials*
make_credentials(dbus_uid_t unix_uid,
dbus_pid_t pid,
const char *windows_sid)
{
DBusCredentials *credentials;
credentials = _dbus_credentials_new ();
if (unix_uid != DBUS_UID_UNSET)
{
if (!_dbus_credentials_add_unix_uid (credentials, unix_uid))
{
_dbus_credentials_unref (credentials);
return NULL;
}
}
if (pid != DBUS_PID_UNSET)
{
if (!_dbus_credentials_add_pid (credentials, pid))
{
_dbus_credentials_unref (credentials);
return NULL;
}
}
if (windows_sid != NULL)
{
if (!_dbus_credentials_add_windows_sid (credentials, windows_sid))
{
_dbus_credentials_unref (credentials);
return NULL;
}
}
return credentials;
}
