26#include "dbus-string.h"
28#include "dbus-internals.h"
29#include "dbus-keyring.h"
31#include "dbus-protocol.h"
32#include "dbus-credentials.h"
120 DBUS_AUTH_COMMAND_AUTH,
121 DBUS_AUTH_COMMAND_CANCEL,
122 DBUS_AUTH_COMMAND_DATA,
123 DBUS_AUTH_COMMAND_BEGIN,
124 DBUS_AUTH_COMMAND_REJECTED,
125 DBUS_AUTH_COMMAND_OK,
126 DBUS_AUTH_COMMAND_ERROR,
127 DBUS_AUTH_COMMAND_UNKNOWN,
128 DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD,
129 DBUS_AUTH_COMMAND_AGREE_UNIX_FD
223static void goto_state (
DBusAuth *auth,
231 const char *message);
253 "WaitingForAuth", handle_server_state_waiting_for_auth
256 "WaitingForData", handle_server_state_waiting_for_data
259 "WaitingForBegin", handle_server_state_waiting_for_begin
283 "WaitingForData", handle_client_state_waiting_for_data
289 "WaitingForOK", handle_client_state_waiting_for_ok
292 "WaitingForReject", handle_client_state_waiting_for_reject
295 "WaitingForAgreeUnixFD", handle_client_state_waiting_for_agree_unix_fd
303 "Authenticated",
NULL
307 "NeedDisconnect",
NULL
310static const char auth_side_client[] =
"client";
311static const char auth_side_server[] =
"server";
316#define DBUS_AUTH_IS_SERVER(auth) ((auth)->side == auth_side_server)
321#define DBUS_AUTH_IS_CLIENT(auth) ((auth)->side == auth_side_client)
326#define DBUS_AUTH_CLIENT(auth) ((DBusAuthClient*)(auth))
331#define DBUS_AUTH_SERVER(auth) ((DBusAuthServer*)(auth))
338#define DBUS_AUTH_NAME(auth) ((auth)->side)
341_dbus_auth_new (
int size)
432 _dbus_verbose (
"%s: Shutting down mechanism %s\n",
474 if (_dbus_string_get_length (&cookie) == 0)
484 &to_hash, _dbus_string_get_length (&to_hash)))
491 &to_hash, _dbus_string_get_length (&to_hash)))
498 &to_hash, _dbus_string_get_length (&to_hash)))
519#define N_CHALLENGE_BYTES (128/8)
522sha1_handle_first_client_response (
DBusAuth *auth,
536 if (_dbus_string_get_length (data) > 0)
538 if (_dbus_string_get_length (&auth->
identity) > 0)
541 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
543 return send_rejected (auth);
554 DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE,
563 _dbus_verbose (
"%s: Did not get a valid username from client: %s\n",
566 return send_rejected (auth);
598 _dbus_verbose (
"%s: client tried to authenticate as \"%s\", "
599 "but that doesn't match this process",
601 _dbus_string_get_const_data (data));
602 retval = send_rejected (auth);
634 _DBUS_ASSERT_ERROR_IS_SET (&error);
635 _dbus_verbose (
"%s: Error loading keyring: %s\n",
637 if (send_rejected (auth))
654 _DBUS_ASSERT_ERROR_IS_SET (&error);
655 _dbus_verbose (
"%s: Could not get a cookie ID to send to client: %s\n",
657 if (send_rejected (auth))
668 &tmp2, _dbus_string_get_length (&tmp2)))
689 _DBUS_ASSERT_ERROR_IS_SET (&error);
690 _dbus_verbose (
"%s: Error generating challenge: %s\n",
692 if (send_rejected (auth))
705 _dbus_string_get_length (&tmp2)))
708 if (!send_data (auth, &tmp2))
711 goto_state (auth, &server_state_waiting_for_data);
719 _dbus_clear_credentials (&myself);
725sha1_handle_second_client_response (
DBusAuth *auth,
743 _dbus_verbose (
"%s: no space separator in client response\n",
745 return send_rejected (auth);
761 _dbus_string_get_length (data) - i,
766 if (_dbus_string_get_length (&client_challenge) == 0 ||
767 _dbus_string_get_length (&client_hash) == 0)
769 _dbus_verbose (
"%s: zero-length client challenge or hash\n",
771 if (send_rejected (auth))
779 if (!sha1_compute_hash (auth, auth->
cookie_id,
786 if (_dbus_string_get_length (&correct_hash) == 0)
788 if (send_rejected (auth))
795 if (send_rejected (auth))
807 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
814 _dbus_verbose (
"%s: authenticated client using DBUS_COOKIE_SHA1\n",
832handle_server_data_cookie_sha1_mech (
DBusAuth *auth,
836 return sha1_handle_first_client_response (auth, data);
838 return sha1_handle_second_client_response (auth, data);
842handle_server_shutdown_cookie_sha1_mech (
DBusAuth *auth)
849handle_client_initial_response_cookie_sha1_mech (
DBusAuth *auth,
865 _dbus_string_get_length (response)))
877handle_client_data_cookie_sha1_mech (
DBusAuth *auth,
897 if (send_error (auth,
898 "Server did not send context/ID/challenge properly"))
913 if (send_error (auth,
914 "Server did not send context/ID/challenge properly"))
931 j = _dbus_string_get_length (data);
934 &server_challenge, 0))
939 if (send_error (auth,
"Server sent invalid cookie context"))
946 if (send_error (auth,
"Could not parse cookie ID as an integer"))
951 if (_dbus_string_get_length (&server_challenge) == 0)
953 if (send_error (auth,
"Empty server challenge string"))
974 _DBUS_ASSERT_ERROR_IS_SET (&error);
976 _dbus_verbose (
"%s: Error loading keyring: %s\n",
979 if (send_error (auth,
"Could not load cookie file"))
1006 _DBUS_ASSERT_ERROR_IS_SET (&error);
1008 _dbus_verbose (
"%s: Failed to generate challenge: %s\n",
1011 if (send_error (auth,
"Failed to generate challenge"))
1028 if (!sha1_compute_hash (auth, val,
1034 if (_dbus_string_get_length (&correct_hash) == 0)
1037 if (send_error (auth,
"Don't have the requested cookie ID"))
1045 _dbus_string_get_length (&tmp)))
1052 _dbus_string_get_length (&tmp)))
1055 if (!send_data (auth, &tmp))
1079handle_client_shutdown_cookie_sha1_mech (
DBusAuth *auth)
1090handle_server_data_external_mech (
DBusAuth *auth,
1095 _dbus_verbose (
"%s: no credentials, mechanism EXTERNAL can't authenticate\n",
1097 return send_rejected (auth);
1100 if (_dbus_string_get_length (data) > 0)
1102 if (_dbus_string_get_length (&auth->
identity) > 0)
1105 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
1107 return send_rejected (auth);
1118 if (_dbus_string_get_length (&auth->
identity) == 0 &&
1121 if (send_data (auth,
NULL))
1123 _dbus_verbose (
"%s: sending empty challenge asking client for auth identity\n",
1126 goto_state (auth, &server_state_waiting_for_data);
1140 if (_dbus_string_get_length (&auth->
identity) == 0)
1154 DBUS_CREDENTIALS_ADD_FLAGS_NONE,
1163 _dbus_verbose (
"%s: could not get credentials from uid string: %s\n",
1166 return send_rejected (auth);
1172 _dbus_verbose (
"%s: desired user %s is no good\n",
1174 _dbus_string_get_const_data (&auth->
identity));
1175 return send_rejected (auth);
1189 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1194 _dbus_verbose(
"***** add DBUS_CREDENTIAL_UNIX_PARSEC\n");
1196 DBUS_CREDENTIAL_UNIX_PARSEC,
1198 _dbus_verbose(
"_dbus_credentials_add_credential FAILED \n");
1202 _dbus_verbose(
"_dbus_credentials_add_credential OK \n");
1207 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
1212 DBUS_CREDENTIAL_UNIX_GROUP_IDS,
1217 DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
1221 if (!send_ok (auth))
1224 _dbus_verbose (
"%s: authenticated client based on socket credentials\n",
1231 _dbus_verbose (
"%s: desired identity not found in socket credentials\n",
1233 return send_rejected (auth);
1238handle_server_shutdown_external_mech (
DBusAuth *auth)
1244handle_client_initial_response_external_mech (
DBusAuth *auth,
1262 _dbus_string_get_length (response)))
1275handle_client_data_external_mech (
DBusAuth *auth,
1283handle_client_shutdown_external_mech (
DBusAuth *auth)
1293handle_server_data_anonymous_mech (
DBusAuth *auth,
1296 if (_dbus_string_get_length (data) > 0)
1305 _dbus_verbose (
"%s: Received invalid UTF-8 trace data from ANONYMOUS client\n",
1307 return send_rejected (auth);
1310 _dbus_verbose (
"%s: ANONYMOUS client sent trace string: '%s'\n",
1312 _dbus_string_get_const_data (data));
1321 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1326 if (!send_ok (auth))
1329 _dbus_verbose (
"%s: authenticated client as anonymous\n",
1336handle_server_shutdown_anonymous_mech (
DBusAuth *auth)
1342handle_client_initial_response_anonymous_mech (
DBusAuth *auth,
1357 "libdbus " DBUS_VERSION_STRING))
1362 _dbus_string_get_length (response)))
1375handle_client_data_anonymous_mech (
DBusAuth *auth,
1383handle_client_shutdown_anonymous_mech (
DBusAuth *auth)
1402 handle_server_data_external_mech,
1404 handle_server_shutdown_external_mech,
1405 handle_client_initial_response_external_mech,
1406 handle_client_data_external_mech,
1408 handle_client_shutdown_external_mech },
1409 {
"DBUS_COOKIE_SHA1",
1410 handle_server_data_cookie_sha1_mech,
1412 handle_server_shutdown_cookie_sha1_mech,
1413 handle_client_initial_response_cookie_sha1_mech,
1414 handle_client_data_cookie_sha1_mech,
1416 handle_client_shutdown_cookie_sha1_mech },
1418 handle_server_data_anonymous_mech,
1420 handle_server_shutdown_anonymous_mech,
1421 handle_client_initial_response_anonymous_mech,
1422 handle_client_data_anonymous_mech,
1424 handle_client_shutdown_anonymous_mech },
1430 char **allowed_mechs)
1434 if (allowed_mechs !=
NULL &&
1436 _dbus_string_get_const_data (name)))
1440 while (all_mechanisms[i].mechanism !=
NULL)
1443 all_mechanisms[i].mechanism))
1445 return &all_mechanisms[i];
1499 _dbus_string_get_length (&auth->
outgoing)))
1506 shutdown_mech (auth);
1508 goto_state (auth, &client_state_waiting_for_data);
1518 if (data ==
NULL || _dbus_string_get_length (data) == 0)
1522 old_len = _dbus_string_get_length (&auth->
outgoing);
1527 _dbus_string_get_length (&auth->
outgoing)))
1561 all_mechanisms[i].mechanism))
1569 all_mechanisms[i].mechanism))
1577 _dbus_string_get_length (&auth->
outgoing)))
1580 shutdown_mech (auth);
1587 goto_state (auth, &common_state_need_disconnect);
1589 goto_state (auth, &server_state_waiting_for_auth);
1601send_error (
DBusAuth *auth,
const char *message)
1604 "ERROR \"%s\"\r\n", message);
1612 orig_len = _dbus_string_get_length (&auth->
outgoing);
1618 _dbus_string_get_length (&auth->
outgoing)) &&
1621 goto_state (auth, &server_state_waiting_for_begin);
1639 goto_state (auth, &common_state_authenticated);
1662 if (end_of_hex != _dbus_string_get_length (args_from_ok) ||
1665 _dbus_verbose (
"Bad GUID from server, parsed %d bytes and had %d bytes from server\n",
1666 end_of_hex, _dbus_string_get_length (args_from_ok));
1667 goto_state (auth, &common_state_need_disconnect);
1676 _dbus_verbose (
"Got GUID '%s' from the server\n",
1677 _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server));
1681 if (!send_negotiate_unix_fd (auth))
1690 _dbus_verbose(
"Not negotiating unix fd passing, since not possible\n");
1692 if (!send_begin (auth))
1706 goto_state (auth, &client_state_waiting_for_reject);
1730 if (_dbus_string_get_length (args) != end)
1733 if (!send_error (auth,
"Invalid hex encoding"))
1739#ifdef DBUS_ENABLE_VERBOSE_MODE
1741 _dbus_string_get_length (&decoded)))
1742 _dbus_verbose (
"%s: data: '%s'\n",
1744 _dbus_string_get_const_data (&decoded));
1747 if (!(* data_func) (auth, &decoded))
1758send_negotiate_unix_fd (
DBusAuth *auth)
1761 "NEGOTIATE_UNIX_FD\r\n"))
1764 goto_state (auth, &client_state_waiting_for_agree_unix_fd);
1774 _dbus_verbose(
"Agreed to UNIX FD passing\n");
1777 "AGREE_UNIX_FD\r\n"))
1780 goto_state (auth, &server_state_waiting_for_begin);
1787 if (_dbus_string_get_length (args) == 0)
1790 if (!send_rejected (auth))
1822 _dbus_verbose (
"%s: Trying mechanism %s\n",
1826 if (!process_data (auth, &hex_response,
1833 _dbus_verbose (
"%s: Unsupported mechanism %s\n",
1835 _dbus_string_get_const_data (&mech));
1837 if (!send_rejected (auth))
1855handle_server_state_waiting_for_auth (
DBusAuth *auth,
1861 case DBUS_AUTH_COMMAND_AUTH:
1862 return handle_auth (auth, args);
1864 case DBUS_AUTH_COMMAND_CANCEL:
1865 case DBUS_AUTH_COMMAND_DATA:
1866 return send_error (auth,
"Not currently in an auth conversation");
1868 case DBUS_AUTH_COMMAND_BEGIN:
1869 goto_state (auth, &common_state_need_disconnect);
1872 case DBUS_AUTH_COMMAND_ERROR:
1873 return send_rejected (auth);
1875 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1876 return send_error (auth,
"Need to authenticate first");
1878 case DBUS_AUTH_COMMAND_REJECTED:
1879 case DBUS_AUTH_COMMAND_OK:
1880 case DBUS_AUTH_COMMAND_UNKNOWN:
1881 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1883 return send_error (auth,
"Unknown command");
1888handle_server_state_waiting_for_data (
DBusAuth *auth,
1894 case DBUS_AUTH_COMMAND_AUTH:
1895 return send_error (auth,
"Sent AUTH while another AUTH in progress");
1897 case DBUS_AUTH_COMMAND_CANCEL:
1898 case DBUS_AUTH_COMMAND_ERROR:
1899 return send_rejected (auth);
1901 case DBUS_AUTH_COMMAND_DATA:
1904 case DBUS_AUTH_COMMAND_BEGIN:
1905 goto_state (auth, &common_state_need_disconnect);
1908 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1909 return send_error (auth,
"Need to authenticate first");
1911 case DBUS_AUTH_COMMAND_REJECTED:
1912 case DBUS_AUTH_COMMAND_OK:
1913 case DBUS_AUTH_COMMAND_UNKNOWN:
1914 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1916 return send_error (auth,
"Unknown command");
1921handle_server_state_waiting_for_begin (
DBusAuth *auth,
1927 case DBUS_AUTH_COMMAND_AUTH:
1928 return send_error (auth,
"Sent AUTH while expecting BEGIN");
1930 case DBUS_AUTH_COMMAND_DATA:
1931 return send_error (auth,
"Sent DATA while expecting BEGIN");
1933 case DBUS_AUTH_COMMAND_BEGIN:
1934 goto_state (auth, &common_state_authenticated);
1937 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1939 return send_agree_unix_fd(auth);
1941 return send_error(auth,
"Unix FD passing not supported, not authenticated or otherwise not possible");
1943 case DBUS_AUTH_COMMAND_REJECTED:
1944 case DBUS_AUTH_COMMAND_OK:
1945 case DBUS_AUTH_COMMAND_UNKNOWN:
1946 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1948 return send_error (auth,
"Unknown command");
1950 case DBUS_AUTH_COMMAND_CANCEL:
1951 case DBUS_AUTH_COMMAND_ERROR:
1952 return send_rejected (auth);
1988 len = _dbus_string_get_length (args);
1999 if (!get_word (args, &next, &m))
2018 if (mech != &all_mechanisms[0])
2020 _dbus_verbose (
"%s: Adding mechanism %s to list we will try\n",
2032 _dbus_verbose (
"%s: Already tried mechanism %s; not adding to list we will try\n",
2038 _dbus_verbose (
"%s: Server offered mechanism \"%s\" that we don't know how to use\n",
2040 _dbus_string_get_const_data (&m));
2066 if (!record_mechanisms (auth, args))
2074 if (!send_auth (auth, mech))
2079 _dbus_verbose (
"%s: Trying mechanism %s\n",
2086 _dbus_verbose (
"%s: Disconnecting because we are out of mechanisms to try using\n",
2088 goto_state (auth, &common_state_need_disconnect);
2096handle_client_state_waiting_for_data (
DBusAuth *auth,
2104 case DBUS_AUTH_COMMAND_DATA:
2107 case DBUS_AUTH_COMMAND_REJECTED:
2108 return process_rejected (auth, args);
2110 case DBUS_AUTH_COMMAND_OK:
2111 return process_ok(auth, args);
2113 case DBUS_AUTH_COMMAND_ERROR:
2114 return send_cancel (auth);
2116 case DBUS_AUTH_COMMAND_AUTH:
2117 case DBUS_AUTH_COMMAND_CANCEL:
2118 case DBUS_AUTH_COMMAND_BEGIN:
2119 case DBUS_AUTH_COMMAND_UNKNOWN:
2120 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2121 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2123 return send_error (auth,
"Unknown command");
2128handle_client_state_waiting_for_ok (
DBusAuth *auth,
2134 case DBUS_AUTH_COMMAND_REJECTED:
2135 return process_rejected (auth, args);
2137 case DBUS_AUTH_COMMAND_OK:
2138 return process_ok(auth, args);
2140 case DBUS_AUTH_COMMAND_DATA:
2141 case DBUS_AUTH_COMMAND_ERROR:
2142 return send_cancel (auth);
2144 case DBUS_AUTH_COMMAND_AUTH:
2145 case DBUS_AUTH_COMMAND_CANCEL:
2146 case DBUS_AUTH_COMMAND_BEGIN:
2147 case DBUS_AUTH_COMMAND_UNKNOWN:
2148 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2149 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2151 return send_error (auth,
"Unknown command");
2156handle_client_state_waiting_for_reject (
DBusAuth *auth,
2162 case DBUS_AUTH_COMMAND_REJECTED:
2163 return process_rejected (auth, args);
2165 case DBUS_AUTH_COMMAND_AUTH:
2166 case DBUS_AUTH_COMMAND_CANCEL:
2167 case DBUS_AUTH_COMMAND_DATA:
2168 case DBUS_AUTH_COMMAND_BEGIN:
2169 case DBUS_AUTH_COMMAND_OK:
2170 case DBUS_AUTH_COMMAND_ERROR:
2171 case DBUS_AUTH_COMMAND_UNKNOWN:
2172 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2173 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2175 goto_state (auth, &common_state_need_disconnect);
2181handle_client_state_waiting_for_agree_unix_fd(
DBusAuth *auth,
2187 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2190 _dbus_verbose(
"Successfully negotiated UNIX FD passing\n");
2191 return send_begin (auth);
2193 case DBUS_AUTH_COMMAND_ERROR:
2196 _dbus_verbose(
"Failed to negotiate UNIX FD passing\n");
2197 return send_begin (auth);
2199 case DBUS_AUTH_COMMAND_OK:
2200 case DBUS_AUTH_COMMAND_DATA:
2201 case DBUS_AUTH_COMMAND_REJECTED:
2202 case DBUS_AUTH_COMMAND_AUTH:
2203 case DBUS_AUTH_COMMAND_CANCEL:
2204 case DBUS_AUTH_COMMAND_BEGIN:
2205 case DBUS_AUTH_COMMAND_UNKNOWN:
2206 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2208 return send_error (auth,
"Unknown command");
2221 {
"AUTH", DBUS_AUTH_COMMAND_AUTH },
2222 {
"CANCEL", DBUS_AUTH_COMMAND_CANCEL },
2223 {
"DATA", DBUS_AUTH_COMMAND_DATA },
2224 {
"BEGIN", DBUS_AUTH_COMMAND_BEGIN },
2225 {
"REJECTED", DBUS_AUTH_COMMAND_REJECTED },
2226 {
"OK", DBUS_AUTH_COMMAND_OK },
2227 {
"ERROR", DBUS_AUTH_COMMAND_ERROR },
2228 {
"NEGOTIATE_UNIX_FD", DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD },
2229 {
"AGREE_UNIX_FD", DBUS_AUTH_COMMAND_AGREE_UNIX_FD }
2233lookup_command_from_name (
DBusString *command)
2240 auth_command_names[i].name))
2241 return auth_command_names[i].command;
2244 return DBUS_AUTH_COMMAND_UNKNOWN;
2251 _dbus_verbose (
"%s: going from state %s to state %s\n",
2256 auth->
state = state;
2295 _dbus_string_get_length (&line)))
2297 _dbus_verbose (
"%s: Command contained non-ASCII chars or embedded nul\n",
2299 if (!send_error (auth,
"Command contained non-ASCII"))
2305 _dbus_verbose (
"%s: got command \"%s\"\n",
2307 _dbus_string_get_const_data (&line));
2322 command = lookup_command_from_name (&line);
2389 auth->
side = auth_side_server;
2390 auth->
state = &server_state_waiting_for_auth;
2394 server_auth->
guid = guid_copy;
2430 auth->
side = auth_side_client;
2431 auth->
state = &client_state_need_send_auth;
2435 if (!send_auth (auth, &all_mechanisms[0]))
2474 shutdown_mech (auth);
2517 const char **mechanisms)
2521 if (mechanisms !=
NULL)
2541#define DBUS_AUTH_IN_END_STATE(auth) ((auth)->state->handler == NULL)
2556#define MAX_BUFFER (16 * _DBUS_ONE_KILOBYTE)
2563 if (_dbus_string_get_length (&auth->
incoming) > MAX_BUFFER ||
2564 _dbus_string_get_length (&auth->
outgoing) > MAX_BUFFER)
2566 goto_state (auth, &common_state_need_disconnect);
2567 _dbus_verbose (
"%s: Disconnecting due to excessive data buffered in auth phase\n",
2572 while (process_command (auth));
2575 return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
2576 else if (_dbus_string_get_length (&auth->
outgoing) > 0)
2577 return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
2578 else if (auth->
state == &common_state_need_disconnect)
2579 return DBUS_AUTH_STATE_NEED_DISCONNECT;
2580 else if (auth->
state == &common_state_authenticated)
2581 return DBUS_AUTH_STATE_AUTHENTICATED;
2582 else return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
2603 if (_dbus_string_get_length (&auth->
outgoing) == 0)
2623 _dbus_verbose (
"%s: Sent %d bytes of: %s\n",
2626 _dbus_string_get_const_data (&auth->
outgoing));
2713 if (auth->
state != &common_state_authenticated)
2744 if (auth->
state != &common_state_authenticated)
2757 _dbus_string_get_length (encoded));
2772 if (auth->
state != &common_state_authenticated)
2807 if (auth->
state != &common_state_authenticated)
2820 _dbus_string_get_length (plaintext));
2853 if (auth->
state == &common_state_authenticated)
2879 if (auth->
state == &common_state_authenticated)
2880 return _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server);
2898 &auth->
context, 0, _dbus_string_get_length (context));
2937 return find_mech (name,
NULL) !=
NULL;
dbus_bool_t(* DBusAuthEncodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *encoded)
This function encodes a block of data from the peer.
dbus_bool_t(* DBusAuthDecodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *decoded)
This function decodes a block of data from the peer.
#define DBUS_AUTH_SERVER(auth)
#define DBUS_AUTH_IS_SERVER(auth)
#define DBUS_AUTH_NAME(auth)
The name of the auth ("client" or "server")
#define DBUS_AUTH_CLIENT(auth)
#define DBUS_AUTH_IS_CLIENT(auth)
dbus_bool_t(* DBusAuthStateFunction)(DBusAuth *auth, DBusAuthCommand command, const DBusString *args)
Auth state function, determines the reaction to incoming events for a particular state.
void(* DBusAuthShutdownFunction)(DBusAuth *auth)
This function is called when the mechanism is abandoned.
dbus_bool_t(* DBusInitialResponseFunction)(DBusAuth *auth, DBusString *response)
This function appends an initial client response to the given string.
DBusAuthCommand
Enumeration for the known authentication commands.
dbus_bool_t(* DBusAuthDataFunction)(DBusAuth *auth, const DBusString *data)
This function processes a block of data received from the peer.
#define N_CHALLENGE_BYTES
http://www.ietf.org/rfc/rfc2831.txt suggests at least 64 bits of entropy, we use 128.
DBusAuthState _dbus_auth_do_work(DBusAuth *auth)
Analyzes buffered input and moves the auth conversation forward, returning the new state of the auth ...
dbus_bool_t _dbus_auth_encode_data(DBusAuth *auth, const DBusString *plaintext, DBusString *encoded)
Called post-authentication, encodes a block of bytes for sending to the peer.
dbus_bool_t _dbus_auth_dump_supported_mechanisms(DBusString *buffer)
Return a human-readable string containing all supported auth mechanisms.
dbus_bool_t _dbus_auth_needs_encoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to encode the message stream with _dbus_auth_en...
dbus_bool_t _dbus_auth_set_credentials(DBusAuth *auth, DBusCredentials *credentials)
Sets credentials received via reliable means from the operating system.
dbus_bool_t _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
Queries whether unix fd passing was successfully negotiated.
DBusAuth * _dbus_auth_ref(DBusAuth *auth)
Increments the refcount of an auth object.
dbus_bool_t _dbus_auth_is_supported_mechanism(DBusString *name)
Queries whether the given auth mechanism is supported.
DBusCredentials * _dbus_auth_get_identity(DBusAuth *auth)
Gets the identity we authorized the client as.
dbus_bool_t _dbus_auth_get_bytes_to_send(DBusAuth *auth, const DBusString **str)
Gets bytes that need to be sent to the peer we're conversing with.
dbus_bool_t _dbus_auth_decode_data(DBusAuth *auth, const DBusString *encoded, DBusString *plaintext)
Called post-authentication, decodes a block of bytes received from the peer.
void _dbus_auth_unref(DBusAuth *auth)
Decrements the refcount of an auth object.
void _dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b)
Sets whether unix fd passing is potentially on the transport and hence shall be negotiated.
void _dbus_auth_return_buffer(DBusAuth *auth, DBusString *buffer)
Returns a buffer with new data read into it.
dbus_bool_t _dbus_auth_set_mechanisms(DBusAuth *auth, const char **mechanisms)
Sets an array of authentication mechanism names that we are willing to use.
void _dbus_auth_delete_unused_bytes(DBusAuth *auth)
Gets rid of unused bytes returned by _dbus_auth_get_unused_bytes() after we've gotten them and succes...
const char * _dbus_auth_get_guid_from_server(DBusAuth *auth)
Gets the GUID from the server if we've authenticated; gets NULL otherwise.
void _dbus_auth_get_buffer(DBusAuth *auth, DBusString **buffer)
Get a buffer to be used for reading bytes from the peer we're conversing with.
dbus_bool_t _dbus_auth_needs_decoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to decode the message stream with _dbus_auth_de...
dbus_bool_t _dbus_auth_set_context(DBusAuth *auth, const DBusString *context)
Sets the "authentication context" which scopes cookies with the DBUS_COOKIE_SHA1 auth mechanism for e...
void _dbus_auth_bytes_sent(DBusAuth *auth, int bytes_sent)
Notifies the auth conversation object that the given number of bytes of the outgoing buffer have been...
#define DBUS_AUTH_IN_END_STATE(auth)
DBusAuth * _dbus_auth_client_new(void)
Creates a new auth conversation object for the client side.
DBusAuth * _dbus_auth_server_new(const DBusString *guid)
Creates a new auth conversation object for the server side.
void _dbus_auth_get_unused_bytes(DBusAuth *auth, const DBusString **str)
Returns leftover bytes that were not used as part of the auth conversation.
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_credentials_same_user(DBusCredentials *credentials, DBusCredentials *other_credentials)
Check whether the user-identifying credentials in two credentials objects are identical.
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
DBusCredentials * _dbus_credentials_new_from_current_process(void)
Creates a new object with the most important credentials (user ID and process ID) from the current pr...
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
#define DBUS_ERROR_INIT
Expands to a suitable initializer for a DBusError on the stack.
dbus_bool_t dbus_error_has_name(const DBusError *error, const char *name)
Checks whether the error is set and has the given name.
void dbus_error_free(DBusError *error)
Frees an error that's been set (or just initialized), then reinitializes the error as in dbus_error_i...
dbus_bool_t dbus_error_is_set(const DBusError *error)
Checks whether an error occurred (the error is set).
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
dbus_bool_t _dbus_string_array_contains(const char **array, const char *str)
Checks whether a string array contains the given string.
#define _DBUS_N_ELEMENTS(array)
Computes the number of elements in a fixed-size array using sizeof().
char ** _dbus_dup_string_array(const char **array)
Duplicates a string array.
int _dbus_keyring_get_best_key(DBusKeyring *keyring, DBusError *error)
Gets a recent key to use for authentication.
dbus_bool_t _dbus_keyring_validate_context(const DBusString *context)
Checks whether the context is a valid context.
dbus_bool_t _dbus_keyring_is_for_credentials(DBusKeyring *keyring, DBusCredentials *credentials)
Checks whether the keyring is for the same user as the given credentials.
DBusKeyring * _dbus_keyring_new_for_credentials(DBusCredentials *credentials, const DBusString *context, DBusError *error)
Creates a new keyring that lives in the ~/.dbus-keyrings directory of the user represented by credent...
dbus_bool_t _dbus_keyring_get_hex_key(DBusKeyring *keyring, int key_id, DBusString *hex_key)
Gets the hex-encoded secret key for the given ID.
void _dbus_keyring_unref(DBusKeyring *keyring)
Decrements refcount and finalizes if it reaches zero.
void * _dbus_list_pop_first(DBusList **list)
Removes the first value in the list and returns it.
void _dbus_list_clear(DBusList **list)
Frees all links in the list and sets the list head to NULL.
dbus_bool_t _dbus_list_append(DBusList **list, void *data)
Appends a value to the list.
#define NULL
A null pointer, defined appropriately for C or C++.
#define TRUE
Expands to "1".
#define FALSE
Expands to "0".
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
void * dbus_malloc0(size_t bytes)
Allocates the given number of bytes, as with standard malloc(), but all bytes are initialized to zero...
void dbus_free_string_array(char **str_array)
Frees a NULL-terminated array of strings.
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation.
dbus_bool_t _dbus_sha_compute(const DBusString *data, DBusString *ascii_output)
Computes the ASCII hex-encoded shasum of the given data and appends it to the output string.
dbus_bool_t _dbus_string_set_length(DBusString *str, int length)
Sets the length of a string.
dbus_bool_t _dbus_string_hex_decode(const DBusString *source, int start, int *end_return, DBusString *dest, int insert_at)
Decodes a string from hex encoding.
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString.
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string.
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that's copied to the d...
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_append_int(DBusString *str, long value)
Appends an integer to a DBusString.
void _dbus_string_skip_blank(const DBusString *str, int start, int *end)
Skips blanks from start, storing the first non-blank in *end (blank is space or tab).
dbus_bool_t _dbus_string_find(const DBusString *str, int start, const char *substr, int *found)
Finds the given substring in the string, returning TRUE and filling in the byte index where the subst...
dbus_bool_t _dbus_string_validate_utf8(const DBusString *str, int start, int len)
Checks that the given range of the string is valid UTF-8.
dbus_bool_t _dbus_string_find_blank(const DBusString *str, int start, int *found)
Finds a blank (space or tab) in the string.
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init(), and fills it with the same contents as #_DBUS_STRING_I...
void _dbus_string_delete(DBusString *str, int start, int len)
Deletes a segment of a DBusString with length len starting at start.
dbus_bool_t _dbus_string_equal_c_str(const DBusString *a, const char *c_str)
Checks whether a string is equal to a C string.
void _dbus_string_zero(DBusString *str)
Clears all allocated bytes in the string to zero.
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_parse_int(const DBusString *str, int start, long *value_return, int *end_return)
Parses an integer contained in a DBusString.
dbus_bool_t _dbus_string_validate_ascii(const DBusString *str, int start, int len)
Checks that the given range of the string is valid ASCII with no nul bytes.
dbus_bool_t _dbus_string_hex_encode(const DBusString *source, int start, DBusString *dest, int insert_at)
Encodes a string in hex, the way MD5 and SHA-1 are usually encoded.
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
dbus_bool_t _dbus_string_move(DBusString *source, int start, DBusString *dest, int insert_at)
Moves the end of one string into another string.
dbus_bool_t _dbus_string_equal(const DBusString *a, const DBusString *b)
Tests two DBusString for equality.
dbus_bool_t _dbus_string_copy_len(const DBusString *source, int start, int len, DBusString *dest, int insert_at)
Like _dbus_string_copy(), but can copy a segment from the middle of the source string.
dbus_bool_t _dbus_string_replace_len(const DBusString *source, int start, int len, DBusString *dest, int replace_at, int replace_len)
Replaces a segment of dest string with a segment of source string.
dbus_bool_t _dbus_credentials_add_from_user(DBusCredentials *credentials, const DBusString *username, DBusCredentialsAddFlags flags, DBusError *error)
Adds the credentials corresponding to the given username.
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with.
dbus_bool_t _dbus_append_user_from_current_process(DBusString *str)
Append to the string the identity we would like to have when we authenticate, on UNIX this is the cur...
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
"Subclass" of DBusAuth for client side
DBusList * mechs_to_try
Mechanisms we got from the server that we're going to try using.
DBusAuth base
Parent class.
DBusString guid_from_server
GUID received from server.
Mapping from command name to enum.
DBusAuthCommand command
Corresponding enum.
const char * name
Name of the command.
Virtual table representing a particular auth mechanism.
const char * mechanism
Name of the mechanism.
DBusAuthDataFunction server_data_func
Function on server side for DATA.
DBusAuthDataFunction client_data_func
Function on client side for DATA.
DBusInitialResponseFunction client_initial_response_func
Function on client side to handle initial response.
DBusAuthEncodeFunction server_encode_func
Function on server side to encode.
DBusAuthShutdownFunction server_shutdown_func
Function on server side to shut down.
DBusAuthDecodeFunction client_decode_func
Function on client side for decode.
DBusAuthDecodeFunction server_decode_func
Function on server side to decode.
DBusAuthShutdownFunction client_shutdown_func
Function on client side for shutdown.
DBusAuthEncodeFunction client_encode_func
Function on client side for encode.
"Subclass" of DBusAuth for server side.
int max_failures
Number of times we reject before disconnect.
DBusString guid
Our globally unique ID in hex encoding.
DBusAuth base
Parent class.
int failures
Number of times client has been rejected.
Information about a auth state.
DBusAuthStateFunction handler
State function for this state.
const char * name
Name of the state.
Internal members of DBusAuth.
unsigned int already_got_mechanisms
Client already got mech list.
const DBusAuthMechanismHandler * mech
Current auth mechanism.
char ** allowed_mechs
Mechanisms we're allowed to use, or NULL if we can use any.
unsigned int needed_memory
We needed memory to continue since last successful getting something done.
int cookie_id
ID of cookie to use.
const DBusAuthStateData * state
Current protocol state.
DBusString challenge
Challenge sent to client.
DBusCredentials * desired_identity
Identity client has requested.
unsigned int unix_fd_possible
This side could do unix fd passing.
const char * side
Client or server.
DBusString identity
Current identity we're authorizing as.
DBusString incoming
Incoming data buffer.
int refcount
reference count
unsigned int already_asked_for_initial_response
Already sent a blank challenge to get an initial response.
DBusKeyring * keyring
Keyring for cookie mechanism.
DBusString outgoing
Outgoing data buffer.
DBusCredentials * credentials
Credentials read from socket.
DBusString context
Cookie scope.
unsigned int unix_fd_negotiated
Unix fd was successfully negotiated.
unsigned int buffer_outstanding
Buffer is "checked out" for reading data into.
DBusCredentials * authorized_identity
Credentials that are authorized.
Object representing an exception.
const char * message
public error message field
Internals of DBusKeyring.
void * data
Data stored at this element.
