[glib/wip/smcv/apple-xucred] gio: add gcredential support for macOS
- From: Simon McVittie <smcv src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/wip/smcv/apple-xucred] gio: add gcredential support for macOS
- Date: Fri, 13 Mar 2020 12:37:26 +0000 (UTC)
commit e2c99b6118609eaab2643432e3a65164e45bdb68
Author: Dr. Michael Lauer <mickey vanille-media de>
Date: Sun Feb 18 15:26:54 2018 +0100
gio: add gcredential support for macOS
[smcv: Apply my review feedback from
<https://bugzilla.gnome.org/show_bug.cgi?id=668866>]
Co-authored-by: Simon McVittie <smcv collabora com>
Resolves: https://gitlab.gnome.org/GNOME/glib/issues/507
gio/gcredentials.c | 51 +++++++++++++++++++++++++++++++++++++++++++
gio/gcredentialsprivate.h | 11 ++++++++++
gio/gioenums.h | 4 +++-
gio/gsocket.c | 36 +++++++++++++++++++++++++++++-
gio/gunixcredentialsmessage.c | 1 +
gio/tests/credentials.c | 8 +++++++
gio/tests/gdbus-server-auth.c | 5 +++++
7 files changed, 114 insertions(+), 2 deletions(-)
---
diff --git a/gio/gcredentials.c b/gio/gcredentials.c
index c4794ded7..80b04414d 100644
--- a/gio/gcredentials.c
+++ b/gio/gcredentials.c
@@ -55,6 +55,10 @@
* unix(7) man page for details. This corresponds to
* %G_CREDENTIALS_TYPE_LINUX_UCRED.
*
+ * On Apple operating systems (including iOS, tvOS, and macOS),
+ * the native credential type is a struct xucred.
+ * This corresponds to %G_CREDENTIALS_TYPE_APPLE_XUCRED.
+ *
* On FreeBSD, Debian GNU/kFreeBSD, and GNU/Hurd, the native
* credential type is a struct cmsgcred. This corresponds
* to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED.
@@ -85,6 +89,8 @@ struct _GCredentials
#if G_CREDENTIALS_USE_LINUX_UCRED
struct ucred native;
+#elif G_CREDENTIALS_USE_APPLE_XUCRED
+ struct xucred native;
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
struct cmsgcred native;
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
@@ -148,6 +154,16 @@ g_credentials_init (GCredentials *credentials)
credentials->native.pid = getpid ();
credentials->native.uid = geteuid ();
credentials->native.gid = getegid ();
+#elif G_CREDENTIALS_USE_APPLE_XUCRED
+ gsize i;
+
+ credentials->native.cr_version = XUCRED_VERSION;
+ credentials->native.cr_uid = geteuid ();
+ credentials->native.cr_ngroups = 1;
+ credentials->native.cr_groups[0] = getegid ();
+
+ for (i = 1; i < NGROUPS; i++)
+ credentials->native.cr_groups[i] = -1;
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
memset (&credentials->native, 0, sizeof (struct cmsgcred));
credentials->native.cmcred_pid = getpid ();
@@ -202,6 +218,9 @@ gchar *
g_credentials_to_string (GCredentials *credentials)
{
GString *ret;
+#if G_CREDENTIALS_USE_APPLE_XUCRED
+ __typeof__(credentials->native.cr_ngroups) i;
+#endif
g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
@@ -216,6 +235,15 @@ g_credentials_to_string (GCredentials *credentials)
g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
if (ret->str[ret->len - 1] == ',')
ret->str[ret->len - 1] = '\0';
+#elif G_CREDENTIALS_USE_APPLE_XUCRED
+ g_string_append (ret, "apple-xucred:");
+ g_string_append_printf (ret, "version=%u,", credentials->native.cr_version);
+ if (credentials->native.cr_uid != -1)
+ g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_uid);
+ for (i = 0; i < credentials->native.cr_ngroups; i++)
+ g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_ngroups[i]);
+ if (ret->str[ret->len - 1] == ',')
+ ret->str[ret->len - 1] = '\0';
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
g_string_append (ret, "freebsd-cmsgcred:");
if (credentials->native.cmcred_pid != -1)
@@ -326,6 +354,10 @@ g_credentials_is_same_user (GCredentials *credentials,
if (linux_ucred_check_valid (&credentials->native, NULL)
&& credentials->native.uid == other_credentials->native.uid)
ret = TRUE;
+#elif G_CREDENTIALS_USE_APPLE_XUCRED
+ if (credentials->native.cr_version == other_credentials->native.cr_version &&
+ credentials->native.cr_uid == other_credentials->native.cr_uid)
+ ret = TRUE;
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
ret = TRUE;
@@ -487,6 +519,21 @@ g_credentials_get_unix_user (GCredentials *credentials,
ret = credentials->native.uid;
else
ret = -1;
+#elif G_CREDENTIALS_USE_APPLE_XUCRED
+ if (credentials->native.cr_version == XUCRED_VERSION)
+ {
+ ret = credentials->native.cr_uid;
+ }
+ else
+ {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
+ /* No point in translating the part in parentheses... */
+ "%s (struct xucred cr_version %u != %u)",
+ _("There is no GCredentials support for your platform"),
+ credentials->native.cr_version,
+ XUCRED_VERSION);
+ ret = -1;
+ }
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
ret = credentials->native.cmcred_euid;
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
@@ -545,6 +592,7 @@ g_credentials_get_unix_pid (GCredentials *credentials,
#elif G_CREDENTIALS_USE_SOLARIS_UCRED
ret = ucred_getpid (credentials->native);
#else
+ /* this case includes G_CREDENTIALS_USE_APPLE_XUCRED */
ret = -1;
g_set_error_literal (error,
G_IO_ERROR,
@@ -587,6 +635,9 @@ g_credentials_set_unix_user (GCredentials *credentials,
#if G_CREDENTIALS_USE_LINUX_UCRED
credentials->native.uid = uid;
ret = TRUE;
+#elif G_CREDENTIALS_USE_APPLE_XUCRED
+ credentials->native.cr_uid = uid;
+ ret = TRUE;
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
credentials->native.cmcred_euid = uid;
ret = TRUE;
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
index e9ec09b9f..7ae4a7c5b 100644
--- a/gio/gcredentialsprivate.h
+++ b/gio/gcredentialsprivate.h
@@ -39,6 +39,7 @@
#undef G_CREDENTIALS_USE_NETBSD_UNPCBID
#undef G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
#undef G_CREDENTIALS_USE_SOLARIS_UCRED
+#undef G_CREDENTIALS_USE_APPLE_XUCRED
/*
* G_CREDENTIALS_NATIVE_TYPE:
@@ -144,6 +145,16 @@
#define G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED 1
#define G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED 1
+#elif defined(__APPLE__)
+#include <sys/ucred.h>
+#define G_CREDENTIALS_SUPPORTED 1
+#define G_CREDENTIALS_USE_APPLE_XUCRED 1
+#define G_CREDENTIALS_NATIVE_TYPE G_CREDENTIALS_TYPE_APPLE_XUCRED
+#define G_CREDENTIALS_NATIVE_SIZE (sizeof (struct xucred))
+#undef G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
+#define G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED 1
+#undef G_CREDENTIALS_SPOOFING_SUPPORTED /* or is it? we don't know */
+
#endif
#endif /* __G_CREDENTIALS_PRIVATE_H__ */
diff --git a/gio/gioenums.h b/gio/gioenums.h
index 6154d430b..7b35cdf38 100644
--- a/gio/gioenums.h
+++ b/gio/gioenums.h
@@ -1428,6 +1428,7 @@ typedef enum
* @G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED: The native credentials type is a struct sockpeercred. Added in
2.30.
* @G_CREDENTIALS_TYPE_SOLARIS_UCRED: The native credentials type is a ucred_t. Added in 2.40.
* @G_CREDENTIALS_TYPE_NETBSD_UNPCBID: The native credentials type is a struct unpcbid.
+ * @G_CREDENTIALS_TYPE_APPLE_XUCRED: The native credentials type is a struct xucred. Added in ???.
*
* Enumeration describing different kinds of native credential types.
*
@@ -1440,7 +1441,8 @@ typedef enum
G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED,
G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED,
G_CREDENTIALS_TYPE_SOLARIS_UCRED,
- G_CREDENTIALS_TYPE_NETBSD_UNPCBID
+ G_CREDENTIALS_TYPE_NETBSD_UNPCBID,
+ G_CREDENTIALS_TYPE_APPLE_XUCRED,
} GCredentialsType;
/**
diff --git a/gio/gsocket.c b/gio/gsocket.c
index 2a15bdd22..d3565d8c8 100644
--- a/gio/gsocket.c
+++ b/gio/gsocket.c
@@ -5951,6 +5951,41 @@ g_socket_get_credentials (GSocket *socket,
native_creds_buf);
}
}
+#elif G_CREDENTIALS_USE_APPLE_XUCRED
+ {
+ struct xucred cred;
+ socklen_t optlen = sizeof (cred);
+
+ if (getsockopt (socket->priv->fd,
+ 0,
+ LOCAL_PEERCRED,
+ &cred,
+ &optlen) == 0)
+ {
+ if (cred.cr_version == XUCRED_VERSION)
+ {
+ ret = g_credentials_new ();
+ g_credentials_set_native (ret,
+ G_CREDENTIALS_NATIVE_TYPE,
+ &cred);
+ }
+ else
+ {
+ g_set_error (error,
+ G_IO_ERROR,
+ G_IO_ERROR_NOT_SUPPORTED,
+ /* No point in translating this! */
+ "struct xucred cr_version %u != %u",
+ cred.cr_version, XUCRED_VERSION);
+ /* Reuse a translatable string we already have */
+ g_prefix_error (error,
+ _("Unable to read socket credentials: %s"),
+ "");
+
+ return NULL;
+ }
+ }
+ }
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
{
struct unpcbid cred;
@@ -6137,4 +6172,3 @@ g_socket_set_option (GSocket *socket,
#endif
return FALSE;
}
-
diff --git a/gio/gunixcredentialsmessage.c b/gio/gunixcredentialsmessage.c
index 02d59c858..9e5c7d32e 100644
--- a/gio/gunixcredentialsmessage.c
+++ b/gio/gunixcredentialsmessage.c
@@ -96,6 +96,7 @@ g_unix_credentials_message_get_msg_type (GSocketControlMessage *message)
#elif G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
#error "G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED is set but there is no msg_type defined for this
platform"
#else
+ /* includes G_CREDENTIALS_USE_APPLE_XUCRED */
return 0;
#endif
}
diff --git a/gio/tests/credentials.c b/gio/tests/credentials.c
index 6d7609964..80ba7be76 100644
--- a/gio/tests/credentials.c
+++ b/gio/tests/credentials.c
@@ -92,6 +92,14 @@ test_basic (void)
g_assert_cmpuint (native->uid, ==, geteuid ());
g_assert_cmpuint (native->pid, ==, getpid ());
}
+#if G_CREDENTIALS_USE_APPLE_XUCRED
+ {
+ struct ucred *native = g_credentials_get_native (creds,
+ G_CREDENTIALS_TYPE_APPLE_XUCRED);
+
+ g_assert_cmpuint (native->cr_version, ==, XUCRED_VERSION);
+ g_assert_cmpuint (native->cr_uid, ==, geteuid ());
+ }
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
{
struct cmsgcred *native = g_credentials_get_native (creds,
diff --git a/gio/tests/gdbus-server-auth.c b/gio/tests/gdbus-server-auth.c
index d8b361fc6..0b9e53a73 100644
--- a/gio/tests/gdbus-server-auth.c
+++ b/gio/tests/gdbus-server-auth.c
@@ -243,6 +243,11 @@ assert_expected_uid_pid (InteropFlags flags,
* on Linux. */
g_assert_cmpint (uid, ==, getuid ());
g_assert_cmpint (pid, ==, getpid ());
+#elif defined(__APPLE__)
+ /* We know (or at least suspect) that both GDBus and libdbus support
+ * passing the uid only on macOS. */
+ g_assert_cmpint (uid, ==, getuid ());
+ /* No pid here */
#else
g_test_message ("Please open a merge request to add appropriate "
"assertions for your platform");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
