|
|
2d3b65 |
From ef1035d9d86464ea0b5dde60a7a0e190895fdf5b Mon Sep 17 00:00:00 2001
|
|
|
2d3b65 |
From: Simon McVittie <smcv@collabora.com>
|
|
|
2d3b65 |
Date: Mon, 14 Oct 2019 08:22:24 +0100
|
|
|
2d3b65 |
Subject: [PATCH] gcredentialsprivate: Document the various private macros
|
|
|
2d3b65 |
|
|
|
2d3b65 |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
2d3b65 |
---
|
|
|
2d3b65 |
gio/gcredentialsprivate.h | 59 +++++++++++++++++++++++++++++++++++++++
|
|
|
2d3b65 |
1 file changed, 59 insertions(+)
|
|
|
2d3b65 |
|
|
|
2d3b65 |
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
|
|
2d3b65 |
index 4d1c420a8..06f0aed19 100644
|
|
|
2d3b65 |
--- a/gio/gcredentialsprivate.h
|
|
|
2d3b65 |
+++ b/gio/gcredentialsprivate.h
|
|
|
2d3b65 |
@@ -22,6 +22,65 @@
|
|
|
2d3b65 |
#include "gio/gcredentials.h"
|
|
|
2d3b65 |
#include "gio/gnetworking.h"
|
|
|
2d3b65 |
|
|
|
2d3b65 |
+/*
|
|
|
2d3b65 |
+ * G_CREDENTIALS_SUPPORTED:
|
|
|
2d3b65 |
+ *
|
|
|
2d3b65 |
+ * Defined to 1 if GCredentials works.
|
|
|
2d3b65 |
+ */
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_SUPPORTED
|
|
|
2d3b65 |
+
|
|
|
2d3b65 |
+/*
|
|
|
2d3b65 |
+ * G_CREDENTIALS_USE_LINUX_UCRED, etc.:
|
|
|
2d3b65 |
+ *
|
|
|
2d3b65 |
+ * Defined to 1 if GCredentials uses Linux `struct ucred`, etc.
|
|
|
2d3b65 |
+ */
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_USE_LINUX_UCRED
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
|
2d3b65 |
+
|
|
|
2d3b65 |
+/*
|
|
|
2d3b65 |
+ * G_CREDENTIALS_NATIVE_TYPE:
|
|
|
2d3b65 |
+ *
|
|
|
2d3b65 |
+ * Defined to one of G_CREDENTIALS_TYPE_LINUX_UCRED, etc.
|
|
|
2d3b65 |
+ */
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_NATIVE_TYPE
|
|
|
2d3b65 |
+
|
|
|
2d3b65 |
+/*
|
|
|
2d3b65 |
+ * G_CREDENTIALS_NATIVE_SIZE:
|
|
|
2d3b65 |
+ *
|
|
|
2d3b65 |
+ * Defined to the size of the %G_CREDENTIALS_NATIVE_TYPE
|
|
|
2d3b65 |
+ */
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_NATIVE_SIZE
|
|
|
2d3b65 |
+
|
|
|
2d3b65 |
+/*
|
|
|
2d3b65 |
+ * G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED:
|
|
|
2d3b65 |
+ *
|
|
|
2d3b65 |
+ * Defined to 1 if we have a message-passing API in which credentials
|
|
|
2d3b65 |
+ * are attached to a particular message, such as `SCM_CREDENTIALS` on Linux
|
|
|
2d3b65 |
+ * or `SCM_CREDS` on FreeBSD.
|
|
|
2d3b65 |
+ */
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
|
|
|
2d3b65 |
+
|
|
|
2d3b65 |
+/*
|
|
|
2d3b65 |
+ * G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED:
|
|
|
2d3b65 |
+ *
|
|
|
2d3b65 |
+ * Defined to 1 if we have a `getsockopt()`-style API in which one end of
|
|
|
2d3b65 |
+ * a socket connection can directly query the credentials of the process
|
|
|
2d3b65 |
+ * that initiated the other end, such as `getsockopt SO_PEERCRED` on Linux
|
|
|
2d3b65 |
+ * or `getpeereid()` on multiple operating systems.
|
|
|
2d3b65 |
+ */
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED
|
|
|
2d3b65 |
+
|
|
|
2d3b65 |
+/*
|
|
|
2d3b65 |
+ * G_CREDENTIALS_SPOOFING_SUPPORTED:
|
|
|
2d3b65 |
+ *
|
|
|
2d3b65 |
+ * Defined to 1 if privileged processes can spoof their credentials when
|
|
|
2d3b65 |
+ * using the message-passing API.
|
|
|
2d3b65 |
+ */
|
|
|
2d3b65 |
+#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
|
|
2d3b65 |
+
|
|
|
2d3b65 |
#ifdef __linux__
|
|
|
2d3b65 |
#define G_CREDENTIALS_SUPPORTED 1
|
|
|
2d3b65 |
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
|
|
2d3b65 |
--
|
|
|
2d3b65 |
2.23.0
|
|
|
2d3b65 |
|
|
|
4200aa |
From ee502dbbe89a5976c32eb8863c9a9d274ddb60e1 Mon Sep 17 00:00:00 2001
|
|
|
4200aa |
From: Simon McVittie <smcv@collabora.com>
|
|
|
4200aa |
Date: Mon, 14 Oct 2019 08:47:39 +0100
|
|
|
4200aa |
Subject: [PATCH] GDBus: prefer getsockopt()-style credentials-passing APIs
|
|
|
4200aa |
|
|
|
4200aa |
Conceptually, a D-Bus server is really trying to determine the credentials
|
|
|
4200aa |
of (the process that initiated) a connection, not the credentials that
|
|
|
4200aa |
the process had when it sent a particular message. Ideally, it does
|
|
|
4200aa |
this with a getsockopt()-style API that queries the credentials of the
|
|
|
4200aa |
connection's initiator without requiring any particular cooperation from
|
|
|
4200aa |
that process, avoiding a class of possible failures.
|
|
|
4200aa |
|
|
|
4200aa |
The leading '\0' in the D-Bus protocol is primarily a workaround
|
|
|
4200aa |
for platforms where the message-based credentials-passing API is
|
|
|
4200aa |
strictly better than the getsockopt()-style API (for example, on
|
|
|
4200aa |
FreeBSD, SCM_CREDS includes a process ID but getpeereid() does not),
|
|
|
4200aa |
or where the getsockopt()-style API does not exist at all. As a result
|
|
|
4200aa |
libdbus, the reference implementation of D-Bus, does not implement
|
|
|
4200aa |
Linux SCM_CREDENTIALS at all - it has no reason to do so, because the
|
|
|
4200aa |
SO_PEERCRED socket option is equally informative.
|
|
|
4200aa |
|
|
|
4200aa |
This change makes GDBusServer on Linux more closely match the behaviour
|
|
|
4200aa |
of libdbus.
|
|
|
4200aa |
|
|
|
4200aa |
In particular, GNOME/glib#1831 indicates that when a libdbus client
|
|
|
4200aa |
connects to a GDBus server, recvmsg() sometimes yields a SCM_CREDENTIALS
|
|
|
4200aa |
message with cmsg_data={pid=0, uid=65534, gid=65534}. I think this is
|
|
|
4200aa |
most likely a race condition in the early steps to connect:
|
|
|
4200aa |
|
|
|
4200aa |
client server
|
|
|
4200aa |
connect
|
|
|
4200aa |
accept
|
|
|
4200aa |
send '\0' <- race -> set SO_PASSCRED = 1
|
|
|
4200aa |
receive '\0'
|
|
|
4200aa |
|
|
|
4200aa |
If the server wins the race:
|
|
|
4200aa |
|
|
|
4200aa |
client server
|
|
|
4200aa |
connect
|
|
|
4200aa |
accept
|
|
|
4200aa |
set SO_PASSCRED = 1
|
|
|
4200aa |
send '\0'
|
|
|
4200aa |
receive '\0'
|
|
|
4200aa |
|
|
|
4200aa |
then everything is fine. However, if the client wins the race:
|
|
|
4200aa |
|
|
|
4200aa |
client server
|
|
|
4200aa |
connect
|
|
|
4200aa |
accept
|
|
|
4200aa |
send '\0'
|
|
|
4200aa |
set SO_PASSCRED = 1
|
|
|
4200aa |
receive '\0'
|
|
|
4200aa |
|
|
|
4200aa |
then the kernel does not record credentials for the message containing
|
|
|
4200aa |
'\0' (because SO_PASSCRED was 0 at the time). However, by the time the
|
|
|
4200aa |
server receives the message, the kernel knows that credentials are
|
|
|
4200aa |
desired. I would have expected the kernel to omit the credentials header
|
|
|
4200aa |
in this case, but it seems that instead, it synthesizes a credentials
|
|
|
4200aa |
structure with a dummy process ID 0, a dummy uid derived from
|
|
|
4200aa |
/proc/sys/kernel/overflowuid and a dummy gid derived from
|
|
|
4200aa |
/proc/sys/kernel/overflowgid.
|
|
|
4200aa |
|
|
|
4200aa |
In an unconfigured GDBusServer, hitting this race condition results in
|
|
|
4200aa |
falling back to DBUS_COOKIE_SHA1 authentication, which in practice usually
|
|
|
4200aa |
succeeds in authenticating the peer's uid. However, we encourage AF_UNIX
|
|
|
4200aa |
servers on Unix platforms to allow only EXTERNAL authentication as a
|
|
|
4200aa |
security-hardening measure, because DBUS_COOKIE_SHA1 relies on a series
|
|
|
4200aa |
of assumptions including a cryptographically strong PRNG and a shared
|
|
|
4200aa |
home directory with no write access by others, which are not necessarily
|
|
|
4200aa |
true for all operating systems and users. EXTERNAL authentication will
|
|
|
4200aa |
fail if the server cannot determine the client's credentials.
|
|
|
4200aa |
|
|
|
4200aa |
In particular, this caused a regression when CVE-2019-14822 was fixed
|
|
|
4200aa |
in ibus, which appears to be resolved by this commit. Qt clients
|
|
|
4200aa |
(which use libdbus) intermittently fail to connect to an ibus server
|
|
|
4200aa |
(which uses GDBusServer), because ibus no longer allows DBUS_COOKIE_SHA1
|
|
|
4200aa |
authentication or non-matching uids.
|
|
|
4200aa |
|
|
|
4200aa |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
4200aa |
Closes: https://gitlab.gnome.org/GNOME/glib/issues/1831
|
|
|
4200aa |
---
|
|
|
4200aa |
gio/gcredentialsprivate.h | 18 ++++++++++++++++++
|
|
|
4200aa |
gio/gdbusauth.c | 27 +++++++++++++++++++++++++--
|
|
|
4200aa |
2 files changed, 43 insertions(+), 2 deletions(-)
|
|
|
4200aa |
|
|
|
4200aa |
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
|
|
4200aa |
index 06f0aed19..e9ec09b9f 100644
|
|
|
4200aa |
--- a/gio/gcredentialsprivate.h
|
|
|
4200aa |
+++ b/gio/gcredentialsprivate.h
|
|
|
4200aa |
@@ -81,6 +81,18 @@
|
|
|
4200aa |
*/
|
|
|
4200aa |
#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
|
|
4200aa |
|
|
|
4200aa |
+/*
|
|
|
4200aa |
+ * G_CREDENTIALS_PREFER_MESSAGE_PASSING:
|
|
|
4200aa |
+ *
|
|
|
4200aa |
+ * Defined to 1 if the data structure transferred by the message-passing
|
|
|
4200aa |
+ * API is strictly more informative than the one transferred by the
|
|
|
4200aa |
+ * `getsockopt()`-style API, and hence should be preferred, even for
|
|
|
4200aa |
+ * protocols like D-Bus that are defined in terms of the credentials of
|
|
|
4200aa |
+ * the (process that opened the) socket, as opposed to the credentials
|
|
|
4200aa |
+ * of an individual message.
|
|
|
4200aa |
+ */
|
|
|
4200aa |
+#undef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
|
|
4200aa |
+
|
|
|
4200aa |
#ifdef __linux__
|
|
|
4200aa |
#define G_CREDENTIALS_SUPPORTED 1
|
|
|
4200aa |
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
|
|
4200aa |
@@ -100,6 +112,12 @@
|
|
|
4200aa |
#define G_CREDENTIALS_NATIVE_SIZE (sizeof (struct cmsgcred))
|
|
|
4200aa |
#define G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED 1
|
|
|
4200aa |
#define G_CREDENTIALS_SPOOFING_SUPPORTED 1
|
|
|
4200aa |
+/* GLib doesn't implement it yet, but FreeBSD's getsockopt()-style API
|
|
|
4200aa |
+ * is getpeereid(), which is not as informative as struct cmsgcred -
|
|
|
4200aa |
+ * it does not tell us the PID. As a result, libdbus prefers to use
|
|
|
4200aa |
+ * SCM_CREDS, and if we implement getpeereid() in future, we should
|
|
|
4200aa |
+ * do the same. */
|
|
|
4200aa |
+#define G_CREDENTIALS_PREFER_MESSAGE_PASSING 1
|
|
|
4200aa |
|
|
|
4200aa |
#elif defined(__NetBSD__)
|
|
|
4200aa |
#define G_CREDENTIALS_SUPPORTED 1
|
|
|
4200aa |
diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c
|
|
|
4200aa |
index 752ec23fc..14cc5d70e 100644
|
|
|
4200aa |
--- a/gio/gdbusauth.c
|
|
|
4200aa |
+++ b/gio/gdbusauth.c
|
|
|
4200aa |
@@ -31,6 +31,7 @@
|
|
|
4200aa |
#include "gdbusutils.h"
|
|
|
4200aa |
#include "gioenumtypes.h"
|
|
|
4200aa |
#include "gcredentials.h"
|
|
|
4200aa |
+#include "gcredentialsprivate.h"
|
|
|
4200aa |
#include "gdbusprivate.h"
|
|
|
4200aa |
#include "giostream.h"
|
|
|
4200aa |
#include "gdatainputstream.h"
|
|
|
4200aa |
@@ -969,9 +970,31 @@ _g_dbus_auth_run_server (GDBusAuth *auth,
|
|
|
4200aa |
|
|
|
4200aa |
g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
|
|
|
4200aa |
|
|
|
4200aa |
- /* first read the NUL-byte */
|
|
|
4200aa |
+ /* read the NUL-byte, possibly with credentials attached */
|
|
|
4200aa |
#ifdef G_OS_UNIX
|
|
|
4200aa |
- if (G_IS_UNIX_CONNECTION (auth->priv->stream))
|
|
|
4200aa |
+#ifndef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
|
|
4200aa |
+ if (G_IS_SOCKET_CONNECTION (auth->priv->stream))
|
|
|
4200aa |
+ {
|
|
|
4200aa |
+ GSocket *sock = g_socket_connection_get_socket (G_SOCKET_CONNECTION (auth->priv->stream));
|
|
|
4200aa |
+
|
|
|
4200aa |
+ local_error = NULL;
|
|
|
4200aa |
+ credentials = g_socket_get_credentials (sock, &local_error);
|
|
|
4200aa |
+
|
|
|
4200aa |
+ if (credentials == NULL && !g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED))
|
|
|
4200aa |
+ {
|
|
|
4200aa |
+ g_propagate_error (error, local_error);
|
|
|
4200aa |
+ goto out;
|
|
|
4200aa |
+ }
|
|
|
4200aa |
+ else
|
|
|
4200aa |
+ {
|
|
|
4200aa |
+ /* Clear the error indicator, so we can retry with
|
|
|
4200aa |
+ * g_unix_connection_receive_credentials() if necessary */
|
|
|
4200aa |
+ g_clear_error (&local_error);
|
|
|
4200aa |
+ }
|
|
|
4200aa |
+ }
|
|
|
4200aa |
+#endif
|
|
|
4200aa |
+
|
|
|
4200aa |
+ if (credentials == NULL && G_IS_UNIX_CONNECTION (auth->priv->stream))
|
|
|
4200aa |
{
|
|
|
4200aa |
local_error = NULL;
|
|
|
4200aa |
credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
|
|
|
4200aa |
--
|
|
|
4200aa |
2.23.0
|
|
|
4200aa |
|
|
|
4200aa |
From 1485a97d8051b0aa047987f7b0c0bfe4ba4ce55b Mon Sep 17 00:00:00 2001
|
|
|
4200aa |
From: Simon McVittie <smcv@collabora.com>
|
|
|
4200aa |
Date: Fri, 18 Oct 2019 10:55:09 +0100
|
|
|
4200aa |
Subject: [PATCH] credentials: Invalid Linux struct ucred means "no
|
|
|
4200aa |
information"
|
|
|
4200aa |
|
|
|
4200aa |
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
|
|
|
4200aa |
might expect it to fail with an appropriate error like ENOTSUP or
|
|
|
4200aa |
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
|
|
|
4200aa |
yields a credentials structure with pid 0, uid -1 and gid -1. These
|
|
|
4200aa |
are not real process, user and group IDs that can be allocated to a
|
|
|
4200aa |
real process (pid 0 needs to be reserved to give kill(0) its documented
|
|
|
4200aa |
special semantics, and similarly uid and gid -1 need to be reserved for
|
|
|
4200aa |
setresuid() and setresgid()) so it is not meaningful to signal them to
|
|
|
4200aa |
high-level API users.
|
|
|
4200aa |
|
|
|
4200aa |
An API user with Linux-specific knowledge can still inspect these fields
|
|
|
4200aa |
via g_credentials_get_native() if desired.
|
|
|
4200aa |
|
|
|
4200aa |
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
|
|
|
4200aa |
on a receiving Unix socket, but the sending socket had not enabled
|
|
|
4200aa |
SO_PASSCRED at the time that the message was sent, it is possible
|
|
|
4200aa |
for it to succeed but yield a credentials structure with pid 0, uid
|
|
|
4200aa |
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
|
|
|
4200aa |
if we were to read those pseudo-files, we cannot distinguish between
|
|
|
4200aa |
the overflow IDs and a real process that legitimately has the same IDs
|
|
|
4200aa |
(typically they are set to 'nobody' and 'nogroup', which can be used
|
|
|
4200aa |
by a real process), so we detect this situation by noticing that
|
|
|
4200aa |
pid == 0, and to save syscalls we do not read the overflow IDs from
|
|
|
4200aa |
/proc at all.
|
|
|
4200aa |
|
|
|
4200aa |
This results in a small API change: g_credentials_is_same_user() now
|
|
|
4200aa |
returns FALSE if we compare two credentials structures that are both
|
|
|
4200aa |
invalid. This seems like reasonable, conservative behaviour: if we cannot
|
|
|
4200aa |
prove that they are the same user, we should assume they are not.
|
|
|
4200aa |
|
|
|
4200aa |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
4200aa |
---
|
|
|
4200aa |
gio/gcredentials.c | 42 +++++++++++++++++++++++++++++++++++++++---
|
|
|
4200aa |
1 file changed, 39 insertions(+), 3 deletions(-)
|
|
|
4200aa |
|
|
|
4200aa |
diff --git a/gio/gcredentials.c b/gio/gcredentials.c
|
|
|
4200aa |
index c350e3c88..c4794ded7 100644
|
|
|
4200aa |
--- a/gio/gcredentials.c
|
|
|
4200aa |
+++ b/gio/gcredentials.c
|
|
|
4200aa |
@@ -265,6 +265,35 @@ g_credentials_to_string (GCredentials *credentials)
|
|
|
4200aa |
|
|
|
4200aa |
/* ---------------------------------------------------------------------------------------------------- */
|
|
|
4200aa |
|
|
|
4200aa |
+#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
|
4200aa |
+/*
|
|
|
4200aa |
+ * Check whether @native contains invalid data. If getsockopt SO_PEERCRED
|
|
|
4200aa |
+ * is used on a TCP socket, it succeeds but yields a credentials structure
|
|
|
4200aa |
+ * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
|
|
|
4200aa |
+ * receiving Unix socket when the sending socket did not also enable
|
|
|
4200aa |
+ * SO_PASSCRED, it can succeed but yield a credentials structure with
|
|
|
4200aa |
+ * pid 0, uid /proc/sys/kernel/overflowuid and gid
|
|
|
4200aa |
+ * /proc/sys/kernel/overflowgid.
|
|
|
4200aa |
+ */
|
|
|
4200aa |
+static gboolean
|
|
|
4200aa |
+linux_ucred_check_valid (struct ucred *native,
|
|
|
4200aa |
+ GError **error)
|
|
|
4200aa |
+{
|
|
|
4200aa |
+ if (native->pid == 0
|
|
|
4200aa |
+ || native->uid == -1
|
|
|
4200aa |
+ || native->gid == -1)
|
|
|
4200aa |
+ {
|
|
|
4200aa |
+ g_set_error_literal (error,
|
|
|
4200aa |
+ G_IO_ERROR,
|
|
|
4200aa |
+ G_IO_ERROR_INVALID_DATA,
|
|
|
4200aa |
+ _("GCredentials contains invalid data"));
|
|
|
4200aa |
+ return FALSE;
|
|
|
4200aa |
+ }
|
|
|
4200aa |
+
|
|
|
4200aa |
+ return TRUE;
|
|
|
4200aa |
+}
|
|
|
4200aa |
+#endif
|
|
|
4200aa |
+
|
|
|
4200aa |
/**
|
|
|
4200aa |
* g_credentials_is_same_user:
|
|
|
4200aa |
* @credentials: A #GCredentials.
|
|
|
4200aa |
@@ -294,7 +323,8 @@ g_credentials_is_same_user (GCredentials *credentials,
|
|
|
4200aa |
|
|
|
4200aa |
ret = FALSE;
|
|
|
4200aa |
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
|
4200aa |
- if (credentials->native.uid == other_credentials->native.uid)
|
|
|
4200aa |
+ if (linux_ucred_check_valid (&credentials->native, NULL)
|
|
|
4200aa |
+ && credentials->native.uid == other_credentials->native.uid)
|
|
|
4200aa |
ret = TRUE;
|
|
|
4200aa |
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
|
4200aa |
if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
|
|
|
4200aa |
@@ -453,7 +483,10 @@ g_credentials_get_unix_user (GCredentials *credentials,
|
|
|
4200aa |
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
|
|
4200aa |
|
|
|
4200aa |
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
|
4200aa |
- ret = credentials->native.uid;
|
|
|
4200aa |
+ if (linux_ucred_check_valid (&credentials->native, error))
|
|
|
4200aa |
+ ret = credentials->native.uid;
|
|
|
4200aa |
+ else
|
|
|
4200aa |
+ ret = -1;
|
|
|
4200aa |
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
|
4200aa |
ret = credentials->native.cmcred_euid;
|
|
|
4200aa |
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
4200aa |
@@ -499,7 +532,10 @@ g_credentials_get_unix_pid (GCredentials *credentials,
|
|
|
4200aa |
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
|
|
4200aa |
|
|
|
4200aa |
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
|
4200aa |
- ret = credentials->native.pid;
|
|
|
4200aa |
+ if (linux_ucred_check_valid (&credentials->native, error))
|
|
|
4200aa |
+ ret = credentials->native.pid;
|
|
|
4200aa |
+ else
|
|
|
4200aa |
+ ret = -1;
|
|
|
4200aa |
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
|
4200aa |
ret = credentials->native.cmcred_pid;
|
|
|
4200aa |
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
|
4200aa |
--
|
|
|
4200aa |
2.23.0
|
|
|
4200aa |
|