D-Bus  1.13.7
dbus-nonce.c
1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-nonce.c Nonce handling functions used by nonce-tcp (internal to D-Bus implementation)
3  *
4  * Copyright (C) 2009 Klaralvdalens Datakonsult AB, a KDAB Group company, info@kdab.net
5  *
6  * Licensed under the Academic Free License version 2.1
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21  *
22  */
23 
24 #include <config.h>
25 // major sections of this file are modified code from libassuan, (C) FSF
26 #include "dbus-nonce.h"
27 #include "dbus-internals.h"
28 #include "dbus-protocol.h"
29 #include "dbus-sysdeps.h"
30 
31 #include <stdio.h>
32 
34 {
35  DBusString path;
36  DBusString dir;
37 };
38 
39 static dbus_bool_t
40 do_check_nonce (DBusSocket fd, const DBusString *nonce, DBusError *error)
41 {
42  DBusString buffer;
43  DBusString p;
44  size_t nleft;
45  dbus_bool_t result;
46  int n;
47 
48  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
49 
50  nleft = 16;
51 
52  /* This is a trick to make it safe to call _dbus_string_free on these
53  * strings during error unwinding, even if allocating memory for them
54  * fails. A constant DBusString is considered to be valid to "free",
55  * even though there is nothing to free (of course the free operation
56  * is trivial, because it does not own its own buffer); but
57  * unlike a mutable DBusString, initializing a constant DBusString
58  * cannot fail.
59  *
60  * We must successfully re-initialize the strings to be mutable before
61  * writing to them, of course.
62  */
63  _dbus_string_init_const (&buffer, "");
64  _dbus_string_init_const (&p, "");
65 
66  if ( !_dbus_string_init (&buffer)
67  || !_dbus_string_init (&p) ) {
69  _dbus_string_free (&p);
70  _dbus_string_free (&buffer);
71  return FALSE;
72  }
73 
74  while (nleft)
75  {
76  int saved_errno;
77 
78  n = _dbus_read_socket (fd, &p, nleft);
79  saved_errno = _dbus_save_socket_errno ();
80 
81  if (n == -1 && _dbus_get_is_errno_eintr (saved_errno))
82  ;
83  else if (n == -1 && _dbus_get_is_errno_eagain_or_ewouldblock (saved_errno))
85  else if (n==-1)
86  {
87  dbus_set_error (error, DBUS_ERROR_IO_ERROR, "Could not read nonce from socket (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
88  _dbus_string_free (&p);
89  _dbus_string_free (&buffer);
90  return FALSE;
91  }
92  else if (!n)
93  {
94  _dbus_string_free (&p);
95  _dbus_string_free (&buffer);
96  dbus_set_error (error, DBUS_ERROR_IO_ERROR, "Could not read nonce from socket (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
97  return FALSE;
98  }
99  else
100  {
101  if (!_dbus_string_append_len (&buffer, _dbus_string_get_const_data (&p), n))
102  {
104  _dbus_string_free (&p);
105  _dbus_string_free (&buffer);
106  return FALSE;
107  }
108  nleft -= n;
109  }
110  }
111 
112  result = _dbus_string_equal_len (&buffer, nonce, 16);
113  if (!result)
114  dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Nonces do not match, access denied (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
115 
116  _dbus_string_free (&p);
117  _dbus_string_free (&buffer);
118 
119  return result;
120 }
121 
131 _dbus_read_nonce (const DBusString *fname, DBusString *nonce, DBusError* error)
132 {
133  FILE *fp;
134  char buffer[17];
135  size_t nread;
136 
137  buffer[sizeof buffer - 1] = '\0';
138 
139  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
140 
141  _dbus_verbose ("reading nonce from file: %s\n", _dbus_string_get_const_data (fname));
142 
143 
144  fp = fopen (_dbus_string_get_const_data (fname), "rb");
145  if (!fp)
146  {
147  dbus_set_error (error,
149  "Failed to open %s for read: %s",
150  _dbus_string_get_const_data (fname),
152  return FALSE;
153  }
154 
155  nread = fread (buffer, 1, sizeof buffer - 1, fp);
156  fclose (fp);
157  if (!nread)
158  {
159  dbus_set_error (error, DBUS_ERROR_FILE_NOT_FOUND, "Could not read nonce from file %s", _dbus_string_get_const_data (fname));
160  return FALSE;
161  }
162 
163  if (!_dbus_string_append_len (nonce, buffer, sizeof buffer - 1 ))
164  {
166  return FALSE;
167  }
168  return TRUE;
169 }
170 
172 _dbus_accept_with_noncefile (DBusSocket listen_fd, const DBusNonceFile *noncefile)
173 {
174  DBusSocket fd = _dbus_socket_get_invalid ();
175  DBusString nonce;
176 
177  _dbus_assert (noncefile != NULL);
178 
179  /* Make it valid to "free" this even if _dbus_string_init() runs
180  * out of memory: see comment in do_check_nonce() */
181  _dbus_string_init_const (&nonce, "");
182 
183  if (!_dbus_string_init (&nonce))
184  goto out;
185 
186  //PENDING(kdab): set better errors
187  if (_dbus_read_nonce (_dbus_noncefile_get_path(noncefile), &nonce, NULL) != TRUE)
188  goto out;
189 
190  fd = _dbus_accept (listen_fd);
191 
192  if (!_dbus_socket_is_valid (fd))
193  goto out;
194 
195  if (do_check_nonce(fd, &nonce, NULL) != TRUE) {
196  _dbus_verbose ("nonce check failed. Closing socket.\n");
198  _dbus_socket_invalidate (&fd);
199  goto out;
200  }
201 
202 out:
203  _dbus_string_free (&nonce);
204  return fd;
205 }
206 
207 static dbus_bool_t
208 generate_and_write_nonce (const DBusString *filename, DBusError *error)
209 {
210  DBusString nonce;
211  dbus_bool_t ret;
212 
213  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
214 
215  if (!_dbus_string_init (&nonce))
216  {
218  return FALSE;
219  }
220 
221  if (!_dbus_generate_random_bytes (&nonce, 16, error))
222  {
223  _dbus_string_free (&nonce);
224  return FALSE;
225  }
226 
227  ret = _dbus_string_save_to_file (&nonce, filename, FALSE, error);
228 
229  _dbus_string_free (&nonce);
230 
231  return ret;
232 }
233 
244 _dbus_send_nonce (DBusSocket fd,
245  const DBusString *noncefile,
246  DBusError *error)
247 {
248  dbus_bool_t read_result;
249  int send_result;
250  DBusString nonce;
251 
252  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
253 
254  if (_dbus_string_get_length (noncefile) == 0)
255  return FALSE;
256 
257  if (!_dbus_string_init (&nonce))
258  {
260  return FALSE;
261  }
262 
263  read_result = _dbus_read_nonce (noncefile, &nonce, error);
264  if (!read_result)
265  {
266  _DBUS_ASSERT_ERROR_IS_SET (error);
267  _dbus_string_free (&nonce);
268  return FALSE;
269  }
270  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
271 
272  send_result = _dbus_write_socket (fd, &nonce, 0, _dbus_string_get_length (&nonce));
273 
274  _dbus_string_free (&nonce);
275 
276  if (send_result == -1)
277  {
278  dbus_set_error (error,
280  "Failed to send nonce (fd=%" DBUS_SOCKET_FORMAT "): %s",
281  _dbus_socket_printable (fd),
283  return FALSE;
284  }
285 
286  return TRUE;
287 }
288 
289 static dbus_bool_t
290 do_noncefile_create (DBusNonceFile **noncefile_out,
291  DBusError *error,
292  dbus_bool_t use_subdir)
293 {
294  DBusNonceFile *noncefile = NULL;
295  DBusString randomStr;
296  const char *tmp;
297 
298  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
299 
300  _dbus_assert (noncefile_out != NULL);
301  _dbus_assert (*noncefile_out == NULL);
302 
303  noncefile = dbus_new0 (DBusNonceFile, 1);
304  if (noncefile == NULL)
305  {
307  return FALSE;
308  }
309 
310  /* Make it valid to "free" these even if _dbus_string_init() runs
311  * out of memory: see comment in do_check_nonce() */
312  _dbus_string_init_const (&randomStr, "");
313  _dbus_string_init_const (&noncefile->dir, "");
314  _dbus_string_init_const (&noncefile->path, "");
315 
316  if (!_dbus_string_init (&randomStr))
317  {
319  goto on_error;
320  }
321 
322  if (!_dbus_generate_random_ascii (&randomStr, 8, error))
323  {
324  goto on_error;
325  }
326 
327  tmp = _dbus_get_tmpdir ();
328 
329  if (!_dbus_string_init (&noncefile->dir)
330  || tmp == NULL
331  || !_dbus_string_append (&noncefile->dir, tmp))
332  {
334  goto on_error;
335  }
336  if (use_subdir)
337  {
338  if (!_dbus_string_append (&noncefile->dir, "/dbus_nonce-")
339  || !_dbus_string_append (&noncefile->dir, _dbus_string_get_const_data (&randomStr)) )
340  {
342  goto on_error;
343  }
344  if (!_dbus_string_init (&noncefile->path)
345  || !_dbus_string_copy (&noncefile->dir, 0, &noncefile->path, 0)
346  || !_dbus_string_append (&noncefile->path, "/nonce"))
347  {
349  goto on_error;
350  }
351  if (!_dbus_create_directory (&noncefile->dir, error))
352  {
353  _DBUS_ASSERT_ERROR_IS_SET (error);
354  goto on_error;
355  }
356  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
357 
358  }
359  else
360  {
361  if (!_dbus_string_init (&noncefile->path)
362  || !_dbus_string_copy (&noncefile->dir, 0, &noncefile->path, 0)
363  || !_dbus_string_append (&noncefile->path, "/dbus_nonce-")
364  || !_dbus_string_append (&noncefile->path, _dbus_string_get_const_data (&randomStr)))
365  {
367  goto on_error;
368  }
369 
370  }
371 
372  if (!generate_and_write_nonce (&noncefile->path, error))
373  {
374  _DBUS_ASSERT_ERROR_IS_SET (error);
375  if (use_subdir)
376  _dbus_delete_directory (&noncefile->dir, NULL); //we ignore possible errors deleting the dir and return the write error instead
377  goto on_error;
378  }
379  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
380 
381  *noncefile_out = noncefile;
382  _dbus_string_free (&randomStr);
383 
384  return TRUE;
385  on_error:
386  if (use_subdir && _dbus_string_get_length (&noncefile->dir) != 0)
387  _dbus_delete_directory (&noncefile->dir, NULL);
388  _dbus_string_free (&noncefile->dir);
389  _dbus_string_free (&noncefile->path);
390  dbus_free (noncefile);
391  _dbus_string_free (&randomStr);
392  return FALSE;
393 }
394 
395 #ifdef DBUS_WIN
396 
404 _dbus_noncefile_create (DBusNonceFile **noncefile_out,
405  DBusError *error)
406 {
407  return do_noncefile_create (noncefile_out, error, /*use_subdir=*/FALSE);
408 }
409 
421 _dbus_noncefile_delete (DBusNonceFile **noncefile_location,
422  DBusError *error)
423 {
424  DBusNonceFile *noncefile;
425 
426  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
427  _dbus_assert (noncefile_location != NULL);
428 
429  noncefile = *noncefile_location;
430  *noncefile_location = NULL;
431 
432  if (noncefile == NULL)
433  {
434  /* Nothing to do */
435  return TRUE;
436  }
437 
438  _dbus_delete_file (&noncefile->path, error);
439  _dbus_string_free (&noncefile->dir);
440  _dbus_string_free (&noncefile->path);
441  dbus_free (noncefile);
442  return TRUE;
443 }
444 
445 #else
446 
455 _dbus_noncefile_create (DBusNonceFile **noncefile_out,
456  DBusError *error)
457 {
458  return do_noncefile_create (noncefile_out, error, /*use_subdir=*/TRUE);
459 }
460 
472 _dbus_noncefile_delete (DBusNonceFile **noncefile_location,
473  DBusError *error)
474 {
475  DBusNonceFile *noncefile;
476 
477  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
478  _dbus_assert (noncefile_location != NULL);
479 
480  noncefile = *noncefile_location;
481  *noncefile_location = NULL;
482 
483  if (noncefile == NULL)
484  {
485  /* Nothing to do */
486  return TRUE;
487  }
488 
489  _dbus_delete_directory (&noncefile->dir, error);
490  _dbus_string_free (&noncefile->dir);
491  _dbus_string_free (&noncefile->path);
492  dbus_free (noncefile);
493  return TRUE;
494 }
495 #endif
496 
497 
504 const DBusString*
505 _dbus_noncefile_get_path (const DBusNonceFile *noncefile)
506 {
507  _dbus_assert (noncefile);
508  return &noncefile->path;
509 }
510 
522 _dbus_noncefile_check_nonce (DBusSocket fd,
523  const DBusNonceFile *noncefile,
524  DBusError* error)
525 {
526  return do_check_nonce (fd, _dbus_noncefile_get_path (noncefile), error);
527 }
528 
529 
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString.
Definition: dbus-string.c:952
#define DBUS_ERROR_FILE_NOT_FOUND
Missing file.
#define NULL
A null pointer, defined appropriately for C or C++.
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
Definition: dbus-memory.c:703
dbus_bool_t _dbus_string_save_to_file(const DBusString *str, const DBusString *filename, dbus_bool_t world_readable, DBusError *error)
Writes a string out to a file.
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
int _dbus_read_socket(DBusSocket fd, DBusString *buffer, int count)
Like _dbus_read(), but only works on sockets so is available on Windows.
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string.
Definition: dbus-string.c:175
#define DBUS_ERROR_IO_ERROR
Something went wrong reading or writing to a socket, for example.
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that&#39;s copied to the d...
Definition: dbus-string.c:1300
dbus_bool_t _dbus_close_socket(DBusSocket fd, DBusError *error)
Closes a socket.
dbus_bool_t _dbus_delete_file(const DBusString *filename, DBusError *error)
Deletes the given file.
Socket interface.
Definition: dbus-sysdeps.h:178
#define dbus_new0(type, count)
Safe macro for using dbus_malloc0().
Definition: dbus-memory.h:58
dbus_bool_t _dbus_get_is_errno_eagain_or_ewouldblock(int e)
See if errno is EAGAIN or EWOULDBLOCK (this has to be done differently for Winsock so is abstracted) ...
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
Definition: dbus-types.h:35
void _dbus_string_init_const(DBusString *str, const char *value)
Initializes a constant string.
Definition: dbus-string.c:190
dbus_bool_t _dbus_generate_random_ascii(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of random bytes, where the bytes are chosen from the alphanumeric ASCII su...
Definition: dbus-sysdeps.c:559
DBusSocket _dbus_accept(DBusSocket listen_fd)
Accepts a connection on a listening socket.
dbus_bool_t _dbus_create_directory(const DBusString *filename, DBusError *error)
Creates a directory.
dbus_bool_t _dbus_delete_directory(const DBusString *filename, DBusError *error)
Removes a directory; Directory must be empty.
dbus_bool_t _dbus_get_is_errno_eintr(int e)
See if errno is EINTR.
Definition: dbus-sysdeps.c:724
Object representing an exception.
Definition: dbus-errors.h:48
void dbus_set_error(DBusError *error, const char *name, const char *format,...)
Assigns an error name and message to a DBusError.
Definition: dbus-errors.c:354
dbus_bool_t _dbus_string_equal_len(const DBusString *a, const DBusString *b, int len)
Tests two DBusString for equality up to the given length.
Definition: dbus-string.c:2073
const char * _dbus_get_tmpdir(void)
Gets the temporary files directory by inspecting the environment variables TMPDIR, TMP, and TEMP in that order.
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init(), and fills it with the same contents as #_DBUS_STRING_I...
Definition: dbus-string.c:264
#define TRUE
Expands to "1".
const char * _dbus_strerror_from_errno(void)
Get error message from errno.
Definition: dbus-sysdeps.c:758
const char * _dbus_error_from_system_errno(void)
Converts the current system errno value into a DBusError name.
Definition: dbus-sysdeps.c:691
#define DBUS_ERROR_ACCESS_DENIED
Security restrictions don&#39;t allow doing what you&#39;re trying to do.
dbus_bool_t _dbus_string_append_len(DBusString *str, const char *buffer, int len)
Appends block of bytes with the given length to a DBusString.
Definition: dbus-string.c:1154
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with...
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation.
#define FALSE
Expands to "0".
int _dbus_write_socket(DBusSocket fd, const DBusString *buffer, int start, int len)
Like _dbus_write(), but only supports sockets and is thus available on Windows.
void _dbus_sleep_milliseconds(int milliseconds)
Sleeps the given number of milliseconds.