From d28014d28b1a8e3c1960abcec9d5a9d4e184cd6d Mon Sep 17 00:00:00 2001
From: Ralf Habacker <ralf.habacker@freenet.de>
Date: Wed, 6 Mar 2013 20:35:17 +0100
Subject: [PATCH 1/3] Retrieve pid and sid from tcp connection peer and
 provide them through _dbus_read_credentials_socket().

This is performed by a new windows plattform specific function get_peer_pid_from_tcp_handle().
---
 cmake/dbus/CMakeLists.txt |    4 +-
 configure.ac              |    2 +-
 dbus/dbus-sysdeps-win.c   |  119 ++++++++++++++++++++++++++++++++++++++++-----
 3 Dateien geändert, 110 Zeilen hinzugefügt(+), 15 Zeilen entfernt(-)

diff --git a/cmake/dbus/CMakeLists.txt b/cmake/dbus/CMakeLists.txt
index 8a40171..66772c5 100644
--- a/cmake/dbus/CMakeLists.txt
+++ b/cmake/dbus/CMakeLists.txt
@@ -264,7 +264,7 @@ if(WIN32)
     if(WINCE)
         target_link_libraries(dbus-1 ws2)
     else(WINCE)
-        target_link_libraries(dbus-1 ws2_32 advapi32 netapi32)
+        target_link_libraries(dbus-1 ws2_32 advapi32 netapi32 iphlpapi)
     endif(WINCE)
 else(WIN32)
     target_link_libraries(dbus-1 ${CMAKE_THREAD_LIBS_INIT} rt)
@@ -289,7 +289,7 @@ if(WIN32)
     if(WINCE)
         target_link_libraries(dbus-internal ws2)
     else(WINCE)
-        target_link_libraries(dbus-internal ws2_32 advapi32 netapi32)
+        target_link_libraries(dbus-internal ws2_32 advapi32 netapi32 iphlpapi)
     endif(WINCE)
 else(WIN32)
     target_link_libraries(dbus-internal ${CMAKE_THREAD_LIBS_INIT} rt)
diff --git a/configure.ac b/configure.ac
index ee89dcb..e2c7415 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1277,7 +1277,7 @@ if test x$dbus_win = xyes ; then
   if test x$dbus_wince = xyes ; then
     NETWORK_libs="-lws2"
   else
-    NETWORK_libs="-lws2_32"
+    NETWORK_libs="-lws2_32 -liphlpapi"
   fi
 fi
 
diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c
index 5a2fb20..aaa0c2f 100644
--- a/dbus/dbus-sysdeps-win.c
+++ b/dbus/dbus-sysdeps-win.c
@@ -6,7 +6,7 @@
  * Copyright (C) 2005 Novell, Inc.
  * Copyright (C) 2006 Peter Kümmel  <syntheticpp@gmx.net>
  * Copyright (C) 2006 Christian Ehrlicher <ch.ehrlicher@gmx.de>
- * Copyright (C) 2006-2010 Ralf Habacker <ralf.habacker@freenet.de>
+ * Copyright (C) 2006-2013 Ralf Habacker <ralf.habacker@freenet.de>
  *
  * Licensed under the Academic Free License version 2.1
  * 
@@ -103,6 +103,80 @@ _dbus_win_set_errno (int err)
 #endif
 }
 
+/**
+ * @brief return peer process id from tcp handle for localhost connections
+ * @param handle tcp socket descriptor
+ * @return process id or 0 in case it could not be fetched
+ */
+dbus_pid_t get_peer_pid_from_tcp_handle(int handle)
+{
+  struct sockaddr_storage addr;
+  socklen_t len = sizeof (addr);
+  int peer_port;
+
+  dbus_pid_t result;
+  DWORD size;
+  MIB_TCPTABLE2 *tcp_table;
+  int i;
+  int localhost;
+
+  getpeername (handle, (struct sockaddr*)&addr, &len);
+
+  /* deal with both IPv4 and IPv6: */
+  if (addr.ss_family == AF_INET)
+    {
+      struct sockaddr_in *s = (struct sockaddr_in *)&addr;
+      peer_port = ntohs (s->sin_port);
+      localhost = s->sin_addr.s_addr == INADDR_LOOPBACK;
+    }
+  else
+    { /* AF_INET6 */
+      struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr;
+      peer_port = ntohs (s->sin6_port);
+      localhost = memcmp(s->sin6_addr.s6_addr, in6addr_loopback.s6_addr, 16) == 0;
+    }
+
+  if (!localhost)
+    {
+      _dbus_verbose ("could not fetch process id from remote process");
+      return 0;
+    }
+
+  if (peer_port == 0)
+    {
+      _dbus_verbose ("Error not been able to fetch tcp peer port from connection");
+      return 0;
+    }
+
+  if ((result = GetTcpTable2 (NULL, &size, TRUE)) == ERROR_INSUFFICIENT_BUFFER)
+    {
+      tcp_table = (MIB_TCPTABLE2 *) dbus_malloc (size);
+      if (tcp_table == NULL)
+        {
+          _dbus_verbose ("Error allocating memory ");
+          return 0;
+        }
+    }
+
+  if ((result = GetTcpTable2 (tcp_table, &size, TRUE)) != NO_ERROR)
+    {
+      _dbus_verbose ("Error fetching tcp table");
+      dbus_free (tcp_table);
+      return 0;
+    }
+
+  result = 0;
+  for (i = 0; i < (int) tcp_table->dwNumEntries; i++)
+    {
+      MIB_TCPROW2 *p = &tcp_table->table[i];
+      int local_port = ntohs (p->dwLocalPort);
+       if (p->dwState == MIB_TCP_STATE_ESTAB && local_port == peer_port)
+          result = p->dwOwningPid;
+    }
+
+  dbus_free (tcp_table);
+  return result;
+}
 
 /* Convert GetLastError() to a dbus error.  */
 const char*
@@ -738,22 +812,23 @@ _dbus_pid_for_log (void)
   return _dbus_getpid ();
 }
 
-
 #ifndef DBUS_WINCE
 /** Gets our SID
- * @param points to sid buffer, need to be freed with LocalFree()
+ * @param sid points to sid buffer, need to be freed with LocalFree()
+ * @param process_id the process id for which the sid should be returned
  * @returns process sid
  */
 static dbus_bool_t
-_dbus_getsid(char **sid)
+_dbus_getsid(char **sid, dbus_pid_t process_id)
 {
   HANDLE process_token = INVALID_HANDLE_VALUE;
   TOKEN_USER *token_user = NULL;
   DWORD n;
   PSID psid;
   int retval = FALSE;
-  
-  if (!OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &process_token)) 
+  HANDLE process_handle = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, process_id);
+
+  if (!OpenProcessToken (process_handle, TOKEN_QUERY, &process_token))
     {
       _dbus_win_warn_win_error ("OpenProcessToken failed", GetLastError ());
       goto failed;
@@ -781,6 +856,7 @@ _dbus_getsid(char **sid)
   retval = TRUE;
 
 failed:
+  CloseHandle (process_handle);
   if (process_token != INVALID_HANDLE_VALUE)
     CloseHandle (process_token);
 
@@ -1683,7 +1759,10 @@ _dbus_read_credentials_socket  (int              handle,
 {
   int bytes_read = 0;
   DBusString buf;
-  
+  char *sid = NULL;
+  dbus_pid_t pid;
+  int retval = FALSE;
+
   // could fail due too OOM
   if (_dbus_string_init(&buf))
     {
@@ -1695,10 +1774,26 @@ _dbus_read_credentials_socket  (int              handle,
       _dbus_string_free(&buf);
     }
 
-  _dbus_credentials_add_from_current_process (credentials);
-  _dbus_verbose("FIXME: get faked credentials from current process");
+  pid = get_peer_pid_from_tcp_handle (handle);
 
-  return TRUE;
+  if (pid == 0)
+     return FALSE;
+
+  _dbus_credentials_add_unix_pid (credentials, pid);
+
+  if (_dbus_getsid (&sid, pid))
+    {
+      if (!_dbus_credentials_add_windows_sid (credentials,sid))
+          goto out;
+    }
+
+  retval = TRUE;
+
+out:
+  if (sid)
+    LocalFree (sid);
+
+  return retval;
 }
 
 /**
@@ -1792,7 +1887,7 @@ _dbus_credentials_add_from_current_process (DBusCredentials *credentials)
   dbus_bool_t retval = FALSE;
   char *sid = NULL;
 
-  if (!_dbus_getsid(&sid))
+  if (!_dbus_getsid(&sid, _dbus_getpid()))
     goto failed;
 
   if (!_dbus_credentials_add_unix_pid(credentials, _dbus_getpid()))
@@ -1830,7 +1925,7 @@ _dbus_append_user_from_current_process (DBusString *str)
   dbus_bool_t retval = FALSE;
   char *sid = NULL;
 
-  if (!_dbus_getsid(&sid))
+  if (!_dbus_getsid(&sid, _dbus_getpid()))
     return FALSE;
 
   retval = _dbus_string_append (str,sid);
-- 
1.7.10.4