28#include "dbus-string.h"
30#include "dbus-internals.h"
31#include "dbus-keyring.h"
33#include "dbus-protocol.h"
34#include "dbus-credentials.h"
122 DBUS_AUTH_COMMAND_AUTH,
123 DBUS_AUTH_COMMAND_CANCEL,
124 DBUS_AUTH_COMMAND_DATA,
125 DBUS_AUTH_COMMAND_BEGIN,
126 DBUS_AUTH_COMMAND_REJECTED,
127 DBUS_AUTH_COMMAND_OK,
128 DBUS_AUTH_COMMAND_ERROR,
129 DBUS_AUTH_COMMAND_UNKNOWN,
130 DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD,
131 DBUS_AUTH_COMMAND_AGREE_UNIX_FD
225static void goto_state (
DBusAuth *auth,
227static dbus_bool_t send_auth (
DBusAuth *auth,
229static dbus_bool_t send_data (
DBusAuth *auth,
231static dbus_bool_t send_rejected (
DBusAuth *auth);
232static dbus_bool_t send_error (
DBusAuth *auth,
233 const char *message);
234static dbus_bool_t send_ok (
DBusAuth *auth);
235static dbus_bool_t send_begin (
DBusAuth *auth);
236static dbus_bool_t send_cancel (
DBusAuth *auth);
237static dbus_bool_t send_negotiate_unix_fd (
DBusAuth *auth);
238static dbus_bool_t send_agree_unix_fd (
DBusAuth *auth);
244static dbus_bool_t handle_server_state_waiting_for_auth (
DBusAuth *auth,
247static dbus_bool_t handle_server_state_waiting_for_data (
DBusAuth *auth,
250static dbus_bool_t handle_server_state_waiting_for_begin (
DBusAuth *auth,
255 "WaitingForAuth", handle_server_state_waiting_for_auth
258 "WaitingForData", handle_server_state_waiting_for_data
261 "WaitingForBegin", handle_server_state_waiting_for_begin
268static dbus_bool_t handle_client_state_waiting_for_data (
DBusAuth *auth,
271static dbus_bool_t handle_client_state_waiting_for_ok (
DBusAuth *auth,
274static dbus_bool_t handle_client_state_waiting_for_reject (
DBusAuth *auth,
277static dbus_bool_t handle_client_state_waiting_for_agree_unix_fd (
DBusAuth *auth,
285 "WaitingForData", handle_client_state_waiting_for_data
291 "WaitingForOK", handle_client_state_waiting_for_ok
294 "WaitingForReject", handle_client_state_waiting_for_reject
297 "WaitingForAgreeUnixFD", handle_client_state_waiting_for_agree_unix_fd
305 "Authenticated",
NULL
309 "NeedDisconnect",
NULL
312static const char auth_side_client[] =
"client";
313static const char auth_side_server[] =
"server";
318#define DBUS_AUTH_IS_SERVER(auth) ((auth)->side == auth_side_server)
323#define DBUS_AUTH_IS_CLIENT(auth) ((auth)->side == auth_side_client)
328#define DBUS_AUTH_CLIENT(auth) ((DBusAuthClient*)(auth))
333#define DBUS_AUTH_SERVER(auth) ((DBusAuthServer*)(auth))
340#define DBUS_AUTH_NAME(auth) ((auth)->side)
343_dbus_auth_new (
int size)
434 _dbus_verbose (
"%s: Shutting down mechanism %s\n",
476 if (_dbus_string_get_length (&cookie) == 0)
486 &to_hash, _dbus_string_get_length (&to_hash)))
493 &to_hash, _dbus_string_get_length (&to_hash)))
500 &to_hash, _dbus_string_get_length (&to_hash)))
521#define N_CHALLENGE_BYTES (128/8)
524sha1_handle_first_client_response (
DBusAuth *auth,
532 dbus_bool_t retval =
FALSE;
538 if (_dbus_string_get_length (data) > 0)
540 if (_dbus_string_get_length (&auth->
identity) > 0)
543 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
545 return send_rejected (auth);
556 DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE,
565 _dbus_verbose (
"%s: Did not get a valid username from client: %s\n",
568 return send_rejected (auth);
600 _dbus_verbose (
"%s: client tried to authenticate as \"%s\", "
601 "but that doesn't match this process",
603 _dbus_string_get_const_data (data));
604 retval = send_rejected (auth);
636 _DBUS_ASSERT_ERROR_IS_SET (&error);
637 _dbus_verbose (
"%s: Error loading keyring: %s\n",
639 if (send_rejected (auth))
656 _DBUS_ASSERT_ERROR_IS_SET (&error);
657 _dbus_verbose (
"%s: Could not get a cookie ID to send to client: %s\n",
659 if (send_rejected (auth))
670 &tmp2, _dbus_string_get_length (&tmp2)))
685 _DBUS_ASSERT_ERROR_IS_SET (&error);
686 _dbus_verbose (
"%s: Error generating challenge: %s\n",
688 if (send_rejected (auth))
701 _dbus_string_get_length (&tmp2)))
704 if (!send_data (auth, &tmp2))
707 goto_state (auth, &server_state_waiting_for_data);
715 _dbus_clear_credentials (&myself);
721sha1_handle_second_client_response (
DBusAuth *auth,
739 _dbus_verbose (
"%s: no space separator in client response\n",
741 return send_rejected (auth);
757 _dbus_string_get_length (data) - i,
762 if (_dbus_string_get_length (&client_challenge) == 0 ||
763 _dbus_string_get_length (&client_hash) == 0)
765 _dbus_verbose (
"%s: zero-length client challenge or hash\n",
767 if (send_rejected (auth))
775 if (!sha1_compute_hash (auth, auth->
cookie_id,
782 if (_dbus_string_get_length (&correct_hash) == 0)
784 if (send_rejected (auth))
791 if (send_rejected (auth))
803 DBUS_CREDENTIAL_UNIX_PROCESS_FD,
807 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
814 _dbus_verbose (
"%s: authenticated client using DBUS_COOKIE_SHA1\n",
832handle_server_data_cookie_sha1_mech (
DBusAuth *auth,
836 return sha1_handle_first_client_response (auth, data);
838 return sha1_handle_second_client_response (auth, data);
842handle_server_shutdown_cookie_sha1_mech (
DBusAuth *auth)
849handle_client_initial_response_cookie_sha1_mech (
DBusAuth *auth,
865 _dbus_string_get_length (response)))
877handle_client_data_cookie_sha1_mech (
DBusAuth *auth,
884 dbus_bool_t retval =
FALSE;
897 if (send_error (auth,
898 "Server did not send context/ID/challenge properly"))
913 if (send_error (auth,
914 "Server did not send context/ID/challenge properly"))
931 j = _dbus_string_get_length (data);
934 &server_challenge, 0))
939 if (send_error (auth,
"Server sent invalid cookie context"))
946 if (send_error (auth,
"Could not parse cookie ID as an integer"))
951 if (_dbus_string_get_length (&server_challenge) == 0)
953 if (send_error (auth,
"Empty server challenge string"))
974 _DBUS_ASSERT_ERROR_IS_SET (&error);
976 _dbus_verbose (
"%s: Error loading keyring: %s\n",
979 if (send_error (auth,
"Could not load cookie file"))
1006 _DBUS_ASSERT_ERROR_IS_SET (&error);
1008 _dbus_verbose (
"%s: Failed to generate challenge: %s\n",
1011 if (send_error (auth,
"Failed to generate challenge"))
1028 if (!sha1_compute_hash (auth, val,
1034 if (_dbus_string_get_length (&correct_hash) == 0)
1037 if (send_error (auth,
"Don't have the requested cookie ID"))
1045 _dbus_string_get_length (&tmp)))
1052 _dbus_string_get_length (&tmp)))
1055 if (!send_data (auth, &tmp))
1079handle_client_shutdown_cookie_sha1_mech (
DBusAuth *auth)
1090handle_server_data_external_mech (
DBusAuth *auth,
1095 _dbus_verbose (
"%s: no credentials, mechanism EXTERNAL can't authenticate\n",
1097 return send_rejected (auth);
1100 if (_dbus_string_get_length (data) > 0)
1102 if (_dbus_string_get_length (&auth->
identity) > 0)
1105 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
1107 return send_rejected (auth);
1118 if (_dbus_string_get_length (&auth->
identity) == 0 &&
1121 if (send_data (auth,
NULL))
1123 _dbus_verbose (
"%s: sending empty challenge asking client for auth identity\n",
1126 goto_state (auth, &server_state_waiting_for_data);
1140 if (_dbus_string_get_length (&auth->
identity) == 0)
1154 DBUS_CREDENTIALS_ADD_FLAGS_NONE,
1163 _dbus_verbose (
"%s: could not get credentials from uid string: %s\n",
1166 return send_rejected (auth);
1172 _dbus_verbose (
"%s: desired user %s is no good\n",
1174 _dbus_string_get_const_data (&auth->
identity));
1175 return send_rejected (auth);
1189 DBUS_CREDENTIAL_UNIX_PROCESS_FD,
1194 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1199 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
1204 DBUS_CREDENTIAL_UNIX_GROUP_IDS,
1209 DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
1213 if (!send_ok (auth))
1216 _dbus_verbose (
"%s: authenticated client based on socket credentials\n",
1223 _dbus_verbose (
"%s: desired identity not found in socket credentials\n",
1225 return send_rejected (auth);
1230handle_server_shutdown_external_mech (
DBusAuth *auth)
1236handle_client_initial_response_external_mech (
DBusAuth *auth,
1254 _dbus_string_get_length (response)))
1267handle_client_data_external_mech (
DBusAuth *auth,
1275handle_client_shutdown_external_mech (
DBusAuth *auth)
1285handle_server_data_anonymous_mech (
DBusAuth *auth,
1288 if (_dbus_string_get_length (data) > 0)
1297 _dbus_verbose (
"%s: Received invalid UTF-8 trace data from ANONYMOUS client\n",
1299 return send_rejected (auth);
1302 _dbus_verbose (
"%s: ANONYMOUS client sent trace string: '%s'\n",
1304 _dbus_string_get_const_data (data));
1313 DBUS_CREDENTIAL_UNIX_PROCESS_FD,
1318 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1323 if (!send_ok (auth))
1326 _dbus_verbose (
"%s: authenticated client as anonymous\n",
1333handle_server_shutdown_anonymous_mech (
DBusAuth *auth)
1339handle_client_initial_response_anonymous_mech (
DBusAuth *auth,
1359 _dbus_string_get_length (response)))
1372handle_client_data_anonymous_mech (
DBusAuth *auth,
1380handle_client_shutdown_anonymous_mech (
DBusAuth *auth)
1399 handle_server_data_external_mech,
1401 handle_server_shutdown_external_mech,
1402 handle_client_initial_response_external_mech,
1403 handle_client_data_external_mech,
1405 handle_client_shutdown_external_mech },
1406 {
"DBUS_COOKIE_SHA1",
1407 handle_server_data_cookie_sha1_mech,
1409 handle_server_shutdown_cookie_sha1_mech,
1410 handle_client_initial_response_cookie_sha1_mech,
1411 handle_client_data_cookie_sha1_mech,
1413 handle_client_shutdown_cookie_sha1_mech },
1415 handle_server_data_anonymous_mech,
1417 handle_server_shutdown_anonymous_mech,
1418 handle_client_initial_response_anonymous_mech,
1419 handle_client_data_anonymous_mech,
1421 handle_client_shutdown_anonymous_mech },
1427 char **allowed_mechs)
1431 if (allowed_mechs !=
NULL &&
1433 _dbus_string_get_const_data (name)))
1437 while (all_mechanisms[i].mechanism !=
NULL)
1440 all_mechanisms[i].mechanism))
1442 return &all_mechanisms[i];
1496 _dbus_string_get_length (&auth->
outgoing)))
1503 shutdown_mech (auth);
1505 goto_state (auth, &client_state_waiting_for_data);
1515 if (data ==
NULL || _dbus_string_get_length (data) == 0)
1519 old_len = _dbus_string_get_length (&auth->
outgoing);
1524 _dbus_string_get_length (&auth->
outgoing)))
1558 all_mechanisms[i].mechanism))
1566 all_mechanisms[i].mechanism))
1574 _dbus_string_get_length (&auth->
outgoing)))
1577 shutdown_mech (auth);
1584 goto_state (auth, &common_state_need_disconnect);
1586 goto_state (auth, &server_state_waiting_for_auth);
1598send_error (
DBusAuth *auth,
const char *message)
1601 "ERROR \"%s\"\r\n", message);
1609 orig_len = _dbus_string_get_length (&auth->
outgoing);
1615 _dbus_string_get_length (&auth->
outgoing)) &&
1618 goto_state (auth, &server_state_waiting_for_begin);
1636 goto_state (auth, &common_state_authenticated);
1659 if (end_of_hex != _dbus_string_get_length (args_from_ok) ||
1662 _dbus_verbose (
"Bad GUID from server, parsed %d bytes and had %d bytes from server\n",
1663 end_of_hex, _dbus_string_get_length (args_from_ok));
1664 goto_state (auth, &common_state_need_disconnect);
1673 _dbus_verbose (
"Got GUID '%s' from the server\n",
1674 _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server));
1678 if (!send_negotiate_unix_fd (auth))
1687 _dbus_verbose(
"Not negotiating unix fd passing, since not possible\n");
1689 if (!send_begin (auth))
1703 goto_state (auth, &client_state_waiting_for_reject);
1727 if (_dbus_string_get_length (args) != end)
1730 if (!send_error (auth,
"Invalid hex encoding"))
1736#ifdef DBUS_ENABLE_VERBOSE_MODE
1738 _dbus_string_get_length (&decoded)))
1739 _dbus_verbose (
"%s: data: '%s'\n",
1741 _dbus_string_get_const_data (&decoded));
1744 if (!(* data_func) (auth, &decoded))
1755send_negotiate_unix_fd (
DBusAuth *auth)
1758 "NEGOTIATE_UNIX_FD\r\n"))
1761 goto_state (auth, &client_state_waiting_for_agree_unix_fd);
1771 _dbus_verbose(
"Agreed to UNIX FD passing\n");
1774 "AGREE_UNIX_FD\r\n"))
1777 goto_state (auth, &server_state_waiting_for_begin);
1784 if (_dbus_string_get_length (args) == 0)
1787 if (!send_rejected (auth))
1819 _dbus_verbose (
"%s: Trying mechanism %s\n",
1823 if (!process_data (auth, &hex_response,
1830 _dbus_verbose (
"%s: Unsupported mechanism %s\n",
1832 _dbus_string_get_const_data (&mech));
1834 if (!send_rejected (auth))
1852handle_server_state_waiting_for_auth (
DBusAuth *auth,
1858 case DBUS_AUTH_COMMAND_AUTH:
1859 return handle_auth (auth, args);
1861 case DBUS_AUTH_COMMAND_CANCEL:
1862 case DBUS_AUTH_COMMAND_DATA:
1863 return send_error (auth,
"Not currently in an auth conversation");
1865 case DBUS_AUTH_COMMAND_BEGIN:
1866 goto_state (auth, &common_state_need_disconnect);
1869 case DBUS_AUTH_COMMAND_ERROR:
1870 return send_rejected (auth);
1872 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1873 return send_error (auth,
"Need to authenticate first");
1875 case DBUS_AUTH_COMMAND_REJECTED:
1876 case DBUS_AUTH_COMMAND_OK:
1877 case DBUS_AUTH_COMMAND_UNKNOWN:
1878 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1880 return send_error (auth,
"Unknown command");
1885handle_server_state_waiting_for_data (
DBusAuth *auth,
1891 case DBUS_AUTH_COMMAND_AUTH:
1892 return send_error (auth,
"Sent AUTH while another AUTH in progress");
1894 case DBUS_AUTH_COMMAND_CANCEL:
1895 case DBUS_AUTH_COMMAND_ERROR:
1896 return send_rejected (auth);
1898 case DBUS_AUTH_COMMAND_DATA:
1901 case DBUS_AUTH_COMMAND_BEGIN:
1902 goto_state (auth, &common_state_need_disconnect);
1905 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1906 return send_error (auth,
"Need to authenticate first");
1908 case DBUS_AUTH_COMMAND_REJECTED:
1909 case DBUS_AUTH_COMMAND_OK:
1910 case DBUS_AUTH_COMMAND_UNKNOWN:
1911 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1913 return send_error (auth,
"Unknown command");
1918handle_server_state_waiting_for_begin (
DBusAuth *auth,
1924 case DBUS_AUTH_COMMAND_AUTH:
1925 return send_error (auth,
"Sent AUTH while expecting BEGIN");
1927 case DBUS_AUTH_COMMAND_DATA:
1928 return send_error (auth,
"Sent DATA while expecting BEGIN");
1930 case DBUS_AUTH_COMMAND_BEGIN:
1931 goto_state (auth, &common_state_authenticated);
1934 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1936 return send_agree_unix_fd(auth);
1938 return send_error(auth,
"Unix FD passing not supported, not authenticated or otherwise not possible");
1940 case DBUS_AUTH_COMMAND_REJECTED:
1941 case DBUS_AUTH_COMMAND_OK:
1942 case DBUS_AUTH_COMMAND_UNKNOWN:
1943 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1945 return send_error (auth,
"Unknown command");
1947 case DBUS_AUTH_COMMAND_CANCEL:
1948 case DBUS_AUTH_COMMAND_ERROR:
1949 return send_rejected (auth);
1985 len = _dbus_string_get_length (args);
1996 if (!get_word (args, &next, &m))
2015 if (mech != &all_mechanisms[0])
2017 _dbus_verbose (
"%s: Adding mechanism %s to list we will try\n",
2029 _dbus_verbose (
"%s: Already tried mechanism %s; not adding to list we will try\n",
2035 _dbus_verbose (
"%s: Server offered mechanism \"%s\" that we don't know how to use\n",
2037 _dbus_string_get_const_data (&m));
2063 if (!record_mechanisms (auth, args))
2071 if (!send_auth (auth, mech))
2076 _dbus_verbose (
"%s: Trying mechanism %s\n",
2083 _dbus_verbose (
"%s: Disconnecting because we are out of mechanisms to try using\n",
2085 goto_state (auth, &common_state_need_disconnect);
2093handle_client_state_waiting_for_data (
DBusAuth *auth,
2101 case DBUS_AUTH_COMMAND_DATA:
2104 case DBUS_AUTH_COMMAND_REJECTED:
2105 return process_rejected (auth, args);
2107 case DBUS_AUTH_COMMAND_OK:
2108 return process_ok(auth, args);
2110 case DBUS_AUTH_COMMAND_ERROR:
2111 return send_cancel (auth);
2113 case DBUS_AUTH_COMMAND_AUTH:
2114 case DBUS_AUTH_COMMAND_CANCEL:
2115 case DBUS_AUTH_COMMAND_BEGIN:
2116 case DBUS_AUTH_COMMAND_UNKNOWN:
2117 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2118 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2120 return send_error (auth,
"Unknown command");
2125handle_client_state_waiting_for_ok (
DBusAuth *auth,
2131 case DBUS_AUTH_COMMAND_REJECTED:
2132 return process_rejected (auth, args);
2134 case DBUS_AUTH_COMMAND_OK:
2135 return process_ok(auth, args);
2137 case DBUS_AUTH_COMMAND_DATA:
2138 case DBUS_AUTH_COMMAND_ERROR:
2139 return send_cancel (auth);
2141 case DBUS_AUTH_COMMAND_AUTH:
2142 case DBUS_AUTH_COMMAND_CANCEL:
2143 case DBUS_AUTH_COMMAND_BEGIN:
2144 case DBUS_AUTH_COMMAND_UNKNOWN:
2145 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2146 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2148 return send_error (auth,
"Unknown command");
2153handle_client_state_waiting_for_reject (
DBusAuth *auth,
2159 case DBUS_AUTH_COMMAND_REJECTED:
2160 return process_rejected (auth, args);
2162 case DBUS_AUTH_COMMAND_AUTH:
2163 case DBUS_AUTH_COMMAND_CANCEL:
2164 case DBUS_AUTH_COMMAND_DATA:
2165 case DBUS_AUTH_COMMAND_BEGIN:
2166 case DBUS_AUTH_COMMAND_OK:
2167 case DBUS_AUTH_COMMAND_ERROR:
2168 case DBUS_AUTH_COMMAND_UNKNOWN:
2169 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2170 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2172 goto_state (auth, &common_state_need_disconnect);
2178handle_client_state_waiting_for_agree_unix_fd(
DBusAuth *auth,
2184 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2187 _dbus_verbose(
"Successfully negotiated UNIX FD passing\n");
2188 return send_begin (auth);
2190 case DBUS_AUTH_COMMAND_ERROR:
2193 _dbus_verbose(
"Failed to negotiate UNIX FD passing\n");
2194 return send_begin (auth);
2196 case DBUS_AUTH_COMMAND_OK:
2197 case DBUS_AUTH_COMMAND_DATA:
2198 case DBUS_AUTH_COMMAND_REJECTED:
2199 case DBUS_AUTH_COMMAND_AUTH:
2200 case DBUS_AUTH_COMMAND_CANCEL:
2201 case DBUS_AUTH_COMMAND_BEGIN:
2202 case DBUS_AUTH_COMMAND_UNKNOWN:
2203 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2205 return send_error (auth,
"Unknown command");
2218 {
"AUTH", DBUS_AUTH_COMMAND_AUTH },
2219 {
"CANCEL", DBUS_AUTH_COMMAND_CANCEL },
2220 {
"DATA", DBUS_AUTH_COMMAND_DATA },
2221 {
"BEGIN", DBUS_AUTH_COMMAND_BEGIN },
2222 {
"REJECTED", DBUS_AUTH_COMMAND_REJECTED },
2223 {
"OK", DBUS_AUTH_COMMAND_OK },
2224 {
"ERROR", DBUS_AUTH_COMMAND_ERROR },
2225 {
"NEGOTIATE_UNIX_FD", DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD },
2226 {
"AGREE_UNIX_FD", DBUS_AUTH_COMMAND_AGREE_UNIX_FD }
2230lookup_command_from_name (
DBusString *command)
2237 auth_command_names[i].name))
2238 return auth_command_names[i].command;
2241 return DBUS_AUTH_COMMAND_UNKNOWN;
2248 _dbus_verbose (
"%s: going from state %s to state %s\n",
2253 auth->
state = state;
2292 _dbus_string_get_length (&line)))
2294 _dbus_verbose (
"%s: Command contained non-ASCII chars or embedded nul\n",
2296 if (!send_error (auth,
"Command contained non-ASCII"))
2302 _dbus_verbose (
"%s: got command \"%s\"\n",
2304 _dbus_string_get_const_data (&line));
2319 command = lookup_command_from_name (&line);
2386 auth->
side = auth_side_server;
2387 auth->
state = &server_state_waiting_for_auth;
2391 server_auth->
guid = guid_copy;
2427 auth->
side = auth_side_client;
2428 auth->
state = &client_state_need_send_auth;
2432 if (!send_auth (auth, &all_mechanisms[0]))
2471 shutdown_mech (auth);
2514 const char **mechanisms)
2518 if (mechanisms !=
NULL)
2538#define DBUS_AUTH_IN_END_STATE(auth) ((auth)->state->handler == NULL)
2553#define MAX_BUFFER (16 * _DBUS_ONE_KILOBYTE)
2560 if (_dbus_string_get_length (&auth->
incoming) > MAX_BUFFER ||
2561 _dbus_string_get_length (&auth->
outgoing) > MAX_BUFFER)
2563 goto_state (auth, &common_state_need_disconnect);
2564 _dbus_verbose (
"%s: Disconnecting due to excessive data buffered in auth phase\n",
2569 while (process_command (auth));
2572 return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
2573 else if (_dbus_string_get_length (&auth->
outgoing) > 0)
2574 return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
2575 else if (auth->
state == &common_state_need_disconnect)
2576 return DBUS_AUTH_STATE_NEED_DISCONNECT;
2577 else if (auth->
state == &common_state_authenticated)
2578 return DBUS_AUTH_STATE_AUTHENTICATED;
2579 else return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
2600 if (_dbus_string_get_length (&auth->
outgoing) == 0)
2620 _dbus_verbose (
"%s: Sent %d bytes of: %s\n",
2623 _dbus_string_get_const_data (&auth->
outgoing));
2710 if (auth->
state != &common_state_authenticated)
2741 if (auth->
state != &common_state_authenticated)
2754 _dbus_string_get_length (encoded));
2769 if (auth->
state != &common_state_authenticated)
2804 if (auth->
state != &common_state_authenticated)
2817 _dbus_string_get_length (plaintext));
2850 if (auth->
state == &common_state_authenticated)
2876 if (auth->
state == &common_state_authenticated)
2877 return _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server);
2895 &auth->
context, 0, _dbus_string_get_length (context));
2934 return find_mech (name,
NULL) !=
NULL;
dbus_bool_t(* DBusAuthEncodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *encoded)
This function encodes a block of data from the peer.
dbus_bool_t(* DBusAuthDecodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *decoded)
This function decodes a block of data from the peer.
#define DBUS_AUTH_SERVER(auth)
#define DBUS_AUTH_IS_SERVER(auth)
#define DBUS_AUTH_NAME(auth)
The name of the auth ("client" or "server")
#define DBUS_AUTH_CLIENT(auth)
#define DBUS_AUTH_IS_CLIENT(auth)
dbus_bool_t(* DBusAuthStateFunction)(DBusAuth *auth, DBusAuthCommand command, const DBusString *args)
Auth state function, determines the reaction to incoming events for a particular state.
void(* DBusAuthShutdownFunction)(DBusAuth *auth)
This function is called when the mechanism is abandoned.
dbus_bool_t(* DBusInitialResponseFunction)(DBusAuth *auth, DBusString *response)
This function appends an initial client response to the given string.
DBusAuthCommand
Enumeration for the known authentication commands.
dbus_bool_t(* DBusAuthDataFunction)(DBusAuth *auth, const DBusString *data)
This function processes a block of data received from the peer.
#define N_CHALLENGE_BYTES
http://www.ietf.org/rfc/rfc2831.txt suggests at least 64 bits of entropy, we use 128.
DBusAuthState _dbus_auth_do_work(DBusAuth *auth)
Analyzes buffered input and moves the auth conversation forward, returning the new state of the auth ...
dbus_bool_t _dbus_auth_encode_data(DBusAuth *auth, const DBusString *plaintext, DBusString *encoded)
Called post-authentication, encodes a block of bytes for sending to the peer.
dbus_bool_t _dbus_auth_dump_supported_mechanisms(DBusString *buffer)
Return a human-readable string containing all supported auth mechanisms.
dbus_bool_t _dbus_auth_needs_encoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to encode the message stream with _dbus_auth_en...
dbus_bool_t _dbus_auth_set_credentials(DBusAuth *auth, DBusCredentials *credentials)
Sets credentials received via reliable means from the operating system.
dbus_bool_t _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
Queries whether unix fd passing was successfully negotiated.
DBusAuth * _dbus_auth_ref(DBusAuth *auth)
Increments the refcount of an auth object.
dbus_bool_t _dbus_auth_is_supported_mechanism(DBusString *name)
Queries whether the given auth mechanism is supported.
DBusCredentials * _dbus_auth_get_identity(DBusAuth *auth)
Gets the identity we authorized the client as.
dbus_bool_t _dbus_auth_get_bytes_to_send(DBusAuth *auth, const DBusString **str)
Gets bytes that need to be sent to the peer we're conversing with.
dbus_bool_t _dbus_auth_decode_data(DBusAuth *auth, const DBusString *encoded, DBusString *plaintext)
Called post-authentication, decodes a block of bytes received from the peer.
void _dbus_auth_unref(DBusAuth *auth)
Decrements the refcount of an auth object.
void _dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b)
Sets whether unix fd passing is potentially on the transport and hence shall be negotiated.
void _dbus_auth_return_buffer(DBusAuth *auth, DBusString *buffer)
Returns a buffer with new data read into it.
dbus_bool_t _dbus_auth_set_mechanisms(DBusAuth *auth, const char **mechanisms)
Sets an array of authentication mechanism names that we are willing to use.
void _dbus_auth_delete_unused_bytes(DBusAuth *auth)
Gets rid of unused bytes returned by _dbus_auth_get_unused_bytes() after we've gotten them and succes...
const char * _dbus_auth_get_guid_from_server(DBusAuth *auth)
Gets the GUID from the server if we've authenticated; gets NULL otherwise.
void _dbus_auth_get_buffer(DBusAuth *auth, DBusString **buffer)
Get a buffer to be used for reading bytes from the peer we're conversing with.
dbus_bool_t _dbus_auth_needs_decoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to decode the message stream with _dbus_auth_de...
dbus_bool_t _dbus_auth_set_context(DBusAuth *auth, const DBusString *context)
Sets the "authentication context" which scopes cookies with the DBUS_COOKIE_SHA1 auth mechanism for e...
void _dbus_auth_bytes_sent(DBusAuth *auth, int bytes_sent)
Notifies the auth conversation object that the given number of bytes of the outgoing buffer have been...
#define DBUS_AUTH_IN_END_STATE(auth)
DBusAuth * _dbus_auth_client_new(void)
Creates a new auth conversation object for the client side.
DBusAuth * _dbus_auth_server_new(const DBusString *guid)
Creates a new auth conversation object for the server side.
void _dbus_auth_get_unused_bytes(DBusAuth *auth, const DBusString **str)
Returns leftover bytes that were not used as part of the auth conversation.
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_credentials_same_user(DBusCredentials *credentials, DBusCredentials *other_credentials)
Check whether the user-identifying credentials in two credentials objects are identical.
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
DBusCredentials * _dbus_credentials_new_from_current_process(void)
Creates a new object with the most important credentials (user ID and process ID) from the current pr...
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
#define DBUS_ERROR_INIT
Expands to a suitable initializer for a DBusError on the stack.
dbus_bool_t dbus_error_has_name(const DBusError *error, const char *name)
Checks whether the error is set and has the given name.
void dbus_error_free(DBusError *error)
Frees an error that's been set (or just initialized), then reinitializes the error as in dbus_error_i...
dbus_bool_t dbus_error_is_set(const DBusError *error)
Checks whether an error occurred (the error is set).
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
dbus_bool_t _dbus_string_array_contains(const char **array, const char *str)
Checks whether a string array contains the given string.
#define _DBUS_N_ELEMENTS(array)
Computes the number of elements in a fixed-size array using sizeof().
char ** _dbus_dup_string_array(const char **array)
Duplicates a string array.
int _dbus_keyring_get_best_key(DBusKeyring *keyring, DBusError *error)
Gets a recent key to use for authentication.
dbus_bool_t _dbus_keyring_validate_context(const DBusString *context)
Checks whether the context is a valid context.
dbus_bool_t _dbus_keyring_is_for_credentials(DBusKeyring *keyring, DBusCredentials *credentials)
Checks whether the keyring is for the same user as the given credentials.
DBusKeyring * _dbus_keyring_new_for_credentials(DBusCredentials *credentials, const DBusString *context, DBusError *error)
Creates a new keyring that lives in the ~/.dbus-keyrings directory of the user represented by credent...
dbus_bool_t _dbus_keyring_get_hex_key(DBusKeyring *keyring, int key_id, DBusString *hex_key)
Gets the hex-encoded secret key for the given ID.
void _dbus_keyring_unref(DBusKeyring *keyring)
Decrements refcount and finalizes if it reaches zero.
void * _dbus_list_pop_first(DBusList **list)
Removes the first value in the list and returns it.
void _dbus_list_clear(DBusList **list)
Frees all links in the list and sets the list head to NULL.
dbus_bool_t _dbus_list_append(DBusList **list, void *data)
Appends a value to the list.
#define NULL
A null pointer, defined appropriately for C or C++.
#define TRUE
Expands to "1".
#define FALSE
Expands to "0".
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
void * dbus_malloc0(size_t bytes)
Allocates the given number of bytes, as with standard malloc(), but all bytes are initialized to zero...
void dbus_free_string_array(char **str_array)
Frees a NULL-terminated array of strings.
#define DBUS_VERSION_STRING
The COMPILE TIME version of libdbus, as a string "X.Y.Z".
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation.
dbus_bool_t _dbus_sha_compute(const DBusString *data, DBusString *ascii_output)
Computes the ASCII hex-encoded shasum of the given data and appends it to the output string.
dbus_bool_t _dbus_string_set_length(DBusString *str, int length)
Sets the length of a string.
dbus_bool_t _dbus_string_hex_decode(const DBusString *source, int start, int *end_return, DBusString *dest, int insert_at)
Decodes a string from hex encoding.
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString.
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string.
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that's copied to the d...
void _dbus_string_skip_blank(const DBusString *str, int start, int *end)
Skips blanks from start, storing the first non-blank in *end (blank is space or tab).
dbus_bool_t _dbus_string_find(const DBusString *str, int start, const char *substr, int *found)
Finds the given substring in the string, returning TRUE and filling in the byte index where the subst...
dbus_bool_t _dbus_string_validate_utf8(const DBusString *str, int start, int len)
Checks that the given range of the string is valid UTF-8.
dbus_bool_t _dbus_string_find_blank(const DBusString *str, int start, int *found)
Finds a blank (space or tab) in the string.
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init(), and fills it with the same contents as _DBUS_STRING_IN...
void _dbus_string_delete(DBusString *str, int start, int len)
Deletes a segment of a DBusString with length len starting at start.
dbus_bool_t _dbus_string_equal_c_str(const DBusString *a, const char *c_str)
Checks whether a string is equal to a C string.
void _dbus_string_zero(DBusString *str)
Clears all allocated bytes in the string to zero.
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_parse_int(const DBusString *str, int start, long *value_return, int *end_return)
Parses an integer contained in a DBusString.
dbus_bool_t _dbus_string_validate_ascii(const DBusString *str, int start, int len)
Checks that the given range of the string is valid ASCII with no nul bytes.
dbus_bool_t _dbus_string_hex_encode(const DBusString *source, int start, DBusString *dest, int insert_at)
Encodes a string in hex, the way MD5 and SHA-1 are usually encoded.
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
dbus_bool_t _dbus_string_move(DBusString *source, int start, DBusString *dest, int insert_at)
Moves the end of one string into another string.
dbus_bool_t _dbus_string_equal(const DBusString *a, const DBusString *b)
Tests two DBusString for equality.
dbus_bool_t _dbus_string_copy_len(const DBusString *source, int start, int len, DBusString *dest, int insert_at)
Like _dbus_string_copy(), but can copy a segment from the middle of the source string.
dbus_bool_t _dbus_string_replace_len(const DBusString *source, int start, int len, DBusString *dest, int replace_at, int replace_len)
Replaces a segment of dest string with a segment of source string.
dbus_bool_t _dbus_credentials_add_from_user(DBusCredentials *credentials, const DBusString *username, DBusCredentialsAddFlags flags, DBusError *error)
Adds the credentials corresponding to the given username.
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with.
dbus_bool_t _dbus_append_user_from_current_process(DBusString *str)
Append to the string the identity we would like to have when we authenticate, on UNIX this is the cur...
"Subclass" of DBusAuth for client side
DBusList * mechs_to_try
Mechanisms we got from the server that we're going to try using.
DBusAuth base
Parent class.
DBusString guid_from_server
GUID received from server.
Mapping from command name to enum.
DBusAuthCommand command
Corresponding enum.
const char * name
Name of the command.
Virtual table representing a particular auth mechanism.
const char * mechanism
Name of the mechanism.
DBusAuthDataFunction server_data_func
Function on server side for DATA.
DBusAuthDataFunction client_data_func
Function on client side for DATA.
DBusInitialResponseFunction client_initial_response_func
Function on client side to handle initial response.
DBusAuthEncodeFunction server_encode_func
Function on server side to encode.
DBusAuthShutdownFunction server_shutdown_func
Function on server side to shut down.
DBusAuthDecodeFunction client_decode_func
Function on client side for decode.
DBusAuthDecodeFunction server_decode_func
Function on server side to decode.
DBusAuthShutdownFunction client_shutdown_func
Function on client side for shutdown.
DBusAuthEncodeFunction client_encode_func
Function on client side for encode.
"Subclass" of DBusAuth for server side.
int max_failures
Number of times we reject before disconnect.
DBusString guid
Our globally unique ID in hex encoding.
DBusAuth base
Parent class.
int failures
Number of times client has been rejected.
Information about a auth state.
DBusAuthStateFunction handler
State function for this state.
const char * name
Name of the state.
Internal members of DBusAuth.
unsigned int already_got_mechanisms
Client already got mech list.
const DBusAuthMechanismHandler * mech
Current auth mechanism.
char ** allowed_mechs
Mechanisms we're allowed to use, or NULL if we can use any.
unsigned int needed_memory
We needed memory to continue since last successful getting something done.
int cookie_id
ID of cookie to use.
const DBusAuthStateData * state
Current protocol state.
DBusString challenge
Challenge sent to client.
DBusCredentials * desired_identity
Identity client has requested.
unsigned int unix_fd_possible
This side could do unix fd passing.
const char * side
Client or server.
DBusString identity
Current identity we're authorizing as.
DBusString incoming
Incoming data buffer.
int refcount
reference count
unsigned int already_asked_for_initial_response
Already sent a blank challenge to get an initial response.
DBusKeyring * keyring
Keyring for cookie mechanism.
DBusString outgoing
Outgoing data buffer.
DBusCredentials * credentials
Credentials read from socket.
DBusString context
Cookie scope.
unsigned int unix_fd_negotiated
Unix fd was successfully negotiated.
unsigned int buffer_outstanding
Buffer is "checked out" for reading data into.
DBusCredentials * authorized_identity
Credentials that are authorized.
Object representing an exception.
const char * message
public error message field
Internals of DBusKeyring.
void * data
Data stored at this element.