// Shows a list of credentials that the client has
static void show_credentials(void)
{
#ifdef HAVE_CREDS
creds_t creds;
creds_value_t value;
creds_type_t type;
int i;
creds = creds_gettask(0);
for (i = 0; (type = creds_list(creds, i, &value)) != CREDS_BAD; ++i) {
char buf[200];
(void)creds_creds2str(type, value, buf, sizeof(buf));
buf[sizeof(buf)-1] = 0;
printf("\t%s\n", buf);
}
creds_free(creds);
#else
printf("Security credential information isn't available.\n");
#endif
exit(0);
}
credentials_t Aegis::credentials_from_dbus_connection(const QDBusMessage &message)
{
// We are doing this in a kinda insecure way. Two steps:
// 1. Ask dbus daemon, what is the pid of the client.
// --- race race race --- (please someone file a bug about it) --- race race race ---
// 2. Ask aegis kernel extension, what are the credentials of given pid.
QString sender = message.service() ;
/* "returns "sender" on inbound messages
and "service" on outbound messages
which saves one QString object and
confuses at least me ..." -- so true ! */
// 1. Ask DBus daemon, what is the PID of the 'sender':
uint32_t owner_id = get_name_owner_from_dbus_sync(Maemo::Timed::bus(), sender) ;
if (owner_id == ~0u)
{
log_warning("can't get owner (pid) of the caller, already terminated?") ;
return credentials_t() ;
}
pid_t pid = owner_id ;
// 2. Getting aegis credentials from the kernel, by pid
creds_t aegis_creds = creds_gettask(pid) ;
// Don't check result, as NULL is a valid set of aegis credentials
credentials_t creds = Aegis::credentials_from_creds_t(aegis_creds) ;
creds_free(aegis_creds) ;
return creds ;
}
