26#include "dbus-string.h"
28#include "dbus-internals.h"
29#include "dbus-keyring.h"
31#include "dbus-protocol.h"
32#include "dbus-credentials.h"
120 DBUS_AUTH_COMMAND_AUTH,
121 DBUS_AUTH_COMMAND_CANCEL,
122 DBUS_AUTH_COMMAND_DATA,
123 DBUS_AUTH_COMMAND_BEGIN,
124 DBUS_AUTH_COMMAND_REJECTED,
125 DBUS_AUTH_COMMAND_OK,
126 DBUS_AUTH_COMMAND_ERROR,
127 DBUS_AUTH_COMMAND_UNKNOWN,
128 DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD,
129 DBUS_AUTH_COMMAND_AGREE_UNIX_FD
223static void goto_state (
DBusAuth *auth,
231 const char *message);
253 "WaitingForAuth", handle_server_state_waiting_for_auth
256 "WaitingForData", handle_server_state_waiting_for_data
259 "WaitingForBegin", handle_server_state_waiting_for_begin
283 "WaitingForData", handle_client_state_waiting_for_data
289 "WaitingForOK", handle_client_state_waiting_for_ok
292 "WaitingForReject", handle_client_state_waiting_for_reject
295 "WaitingForAgreeUnixFD", handle_client_state_waiting_for_agree_unix_fd
303 "Authenticated",
NULL
307 "NeedDisconnect",
NULL
310static const char auth_side_client[] =
"client";
311static const char auth_side_server[] =
"server";
316#define DBUS_AUTH_IS_SERVER(auth) ((auth)->side == auth_side_server)
321#define DBUS_AUTH_IS_CLIENT(auth) ((auth)->side == auth_side_client)
326#define DBUS_AUTH_CLIENT(auth) ((DBusAuthClient*)(auth))
331#define DBUS_AUTH_SERVER(auth) ((DBusAuthServer*)(auth))
338#define DBUS_AUTH_NAME(auth) ((auth)->side)
341_dbus_auth_new (
int size)
432 _dbus_verbose (
"%s: Shutting down mechanism %s\n",
474 if (_dbus_string_get_length (&cookie) == 0)
484 &to_hash, _dbus_string_get_length (&to_hash)))
491 &to_hash, _dbus_string_get_length (&to_hash)))
498 &to_hash, _dbus_string_get_length (&to_hash)))
519#define N_CHALLENGE_BYTES (128/8)
522sha1_handle_first_client_response (
DBusAuth *auth,
536 if (_dbus_string_get_length (data) > 0)
538 if (_dbus_string_get_length (&auth->
identity) > 0)
541 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
543 return send_rejected (auth);
554 DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE,
563 _dbus_verbose (
"%s: Did not get a valid username from client: %s\n",
566 return send_rejected (auth);
598 _dbus_verbose (
"%s: client tried to authenticate as \"%s\", "
599 "but that doesn't match this process",
601 _dbus_string_get_const_data (data));
602 retval = send_rejected (auth);
634 _DBUS_ASSERT_ERROR_IS_SET (&error);
635 _dbus_verbose (
"%s: Error loading keyring: %s\n",
637 if (send_rejected (auth))
654 _DBUS_ASSERT_ERROR_IS_SET (&error);
655 _dbus_verbose (
"%s: Could not get a cookie ID to send to client: %s\n",
657 if (send_rejected (auth))
668 &tmp2, _dbus_string_get_length (&tmp2)))
689 _DBUS_ASSERT_ERROR_IS_SET (&error);
690 _dbus_verbose (
"%s: Error generating challenge: %s\n",
692 if (send_rejected (auth))
705 _dbus_string_get_length (&tmp2)))
708 if (!send_data (auth, &tmp2))
711 goto_state (auth, &server_state_waiting_for_data);
719 _dbus_clear_credentials (&myself);
725sha1_handle_second_client_response (
DBusAuth *auth,
743 _dbus_verbose (
"%s: no space separator in client response\n",
745 return send_rejected (auth);
761 _dbus_string_get_length (data) - i,
766 if (_dbus_string_get_length (&client_challenge) == 0 ||
767 _dbus_string_get_length (&client_hash) == 0)
769 _dbus_verbose (
"%s: zero-length client challenge or hash\n",
771 if (send_rejected (auth))
779 if (!sha1_compute_hash (auth, auth->
cookie_id,
786 if (_dbus_string_get_length (&correct_hash) == 0)
788 if (send_rejected (auth))
795 if (send_rejected (auth))
807 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
814 _dbus_verbose (
"%s: authenticated client using DBUS_COOKIE_SHA1\n",
832handle_server_data_cookie_sha1_mech (
DBusAuth *auth,
836 return sha1_handle_first_client_response (auth, data);
838 return sha1_handle_second_client_response (auth, data);
842handle_server_shutdown_cookie_sha1_mech (
DBusAuth *auth)
849handle_client_initial_response_cookie_sha1_mech (
DBusAuth *auth,
865 _dbus_string_get_length (response)))
877handle_client_data_cookie_sha1_mech (
DBusAuth *auth,
897 if (send_error (auth,
898 "Server did not send context/ID/challenge properly"))
913 if (send_error (auth,
914 "Server did not send context/ID/challenge properly"))
931 j = _dbus_string_get_length (data);
934 &server_challenge, 0))
939 if (send_error (auth,
"Server sent invalid cookie context"))
946 if (send_error (auth,
"Could not parse cookie ID as an integer"))
951 if (_dbus_string_get_length (&server_challenge) == 0)
953 if (send_error (auth,
"Empty server challenge string"))
974 _DBUS_ASSERT_ERROR_IS_SET (&error);
976 _dbus_verbose (
"%s: Error loading keyring: %s\n",
979 if (send_error (auth,
"Could not load cookie file"))
1006 _DBUS_ASSERT_ERROR_IS_SET (&error);
1008 _dbus_verbose (
"%s: Failed to generate challenge: %s\n",
1011 if (send_error (auth,
"Failed to generate challenge"))
1028 if (!sha1_compute_hash (auth, val,
1034 if (_dbus_string_get_length (&correct_hash) == 0)
1037 if (send_error (auth,
"Don't have the requested cookie ID"))
1045 _dbus_string_get_length (&tmp)))
1052 _dbus_string_get_length (&tmp)))
1055 if (!send_data (auth, &tmp))
1079handle_client_shutdown_cookie_sha1_mech (
DBusAuth *auth)
1090handle_server_data_external_mech (
DBusAuth *auth,
1095 _dbus_verbose (
"%s: no credentials, mechanism EXTERNAL can't authenticate\n",
1097 return send_rejected (auth);
1100 if (_dbus_string_get_length (data) > 0)
1102 if (_dbus_string_get_length (&auth->
identity) > 0)
1105 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
1107 return send_rejected (auth);
1118 if (_dbus_string_get_length (&auth->
identity) == 0 &&
1121 if (send_data (auth,
NULL))
1123 _dbus_verbose (
"%s: sending empty challenge asking client for auth identity\n",
1126 goto_state (auth, &server_state_waiting_for_data);
1140 if (_dbus_string_get_length (&auth->
identity) == 0)
1154 DBUS_CREDENTIALS_ADD_FLAGS_NONE,
1163 _dbus_verbose (
"%s: could not get credentials from uid string: %s\n",
1166 return send_rejected (auth);
1172 _dbus_verbose (
"%s: desired user %s is no good\n",
1174 _dbus_string_get_const_data (&auth->
identity));
1175 return send_rejected (auth);
1189 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1194 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
1199 DBUS_CREDENTIAL_UNIX_GROUP_IDS,
1204 DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
1208 if (!send_ok (auth))
1211 _dbus_verbose (
"%s: authenticated client based on socket credentials\n",
1218 _dbus_verbose (
"%s: desired identity not found in socket credentials\n",
1220 return send_rejected (auth);
1225handle_server_shutdown_external_mech (
DBusAuth *auth)
1231handle_client_initial_response_external_mech (
DBusAuth *auth,
1249 _dbus_string_get_length (response)))
1262handle_client_data_external_mech (
DBusAuth *auth,
1270handle_client_shutdown_external_mech (
DBusAuth *auth)
1280handle_server_data_anonymous_mech (
DBusAuth *auth,
1283 if (_dbus_string_get_length (data) > 0)
1292 _dbus_verbose (
"%s: Received invalid UTF-8 trace data from ANONYMOUS client\n",
1294 return send_rejected (auth);
1297 _dbus_verbose (
"%s: ANONYMOUS client sent trace string: '%s'\n",
1299 _dbus_string_get_const_data (data));
1308 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1313 if (!send_ok (auth))
1316 _dbus_verbose (
"%s: authenticated client as anonymous\n",
1323handle_server_shutdown_anonymous_mech (
DBusAuth *auth)
1329handle_client_initial_response_anonymous_mech (
DBusAuth *auth,
1344 "libdbus " DBUS_VERSION_STRING))
1349 _dbus_string_get_length (response)))
1362handle_client_data_anonymous_mech (
DBusAuth *auth,
1370handle_client_shutdown_anonymous_mech (
DBusAuth *auth)
1389 handle_server_data_external_mech,
1391 handle_server_shutdown_external_mech,
1392 handle_client_initial_response_external_mech,
1393 handle_client_data_external_mech,
1395 handle_client_shutdown_external_mech },
1396 {
"DBUS_COOKIE_SHA1",
1397 handle_server_data_cookie_sha1_mech,
1399 handle_server_shutdown_cookie_sha1_mech,
1400 handle_client_initial_response_cookie_sha1_mech,
1401 handle_client_data_cookie_sha1_mech,
1403 handle_client_shutdown_cookie_sha1_mech },
1405 handle_server_data_anonymous_mech,
1407 handle_server_shutdown_anonymous_mech,
1408 handle_client_initial_response_anonymous_mech,
1409 handle_client_data_anonymous_mech,
1411 handle_client_shutdown_anonymous_mech },
1417 char **allowed_mechs)
1421 if (allowed_mechs !=
NULL &&
1423 _dbus_string_get_const_data (name)))
1427 while (all_mechanisms[i].mechanism !=
NULL)
1430 all_mechanisms[i].mechanism))
1432 return &all_mechanisms[i];
1486 _dbus_string_get_length (&auth->
outgoing)))
1493 shutdown_mech (auth);
1495 goto_state (auth, &client_state_waiting_for_data);
1505 if (data ==
NULL || _dbus_string_get_length (data) == 0)
1509 old_len = _dbus_string_get_length (&auth->
outgoing);
1514 _dbus_string_get_length (&auth->
outgoing)))
1548 all_mechanisms[i].mechanism))
1556 all_mechanisms[i].mechanism))
1564 _dbus_string_get_length (&auth->
outgoing)))
1567 shutdown_mech (auth);
1574 goto_state (auth, &common_state_need_disconnect);
1576 goto_state (auth, &server_state_waiting_for_auth);
1588send_error (
DBusAuth *auth,
const char *message)
1591 "ERROR \"%s\"\r\n", message);
1599 orig_len = _dbus_string_get_length (&auth->
outgoing);
1605 _dbus_string_get_length (&auth->
outgoing)) &&
1608 goto_state (auth, &server_state_waiting_for_begin);
1626 goto_state (auth, &common_state_authenticated);
1649 if (end_of_hex != _dbus_string_get_length (args_from_ok) ||
1652 _dbus_verbose (
"Bad GUID from server, parsed %d bytes and had %d bytes from server\n",
1653 end_of_hex, _dbus_string_get_length (args_from_ok));
1654 goto_state (auth, &common_state_need_disconnect);
1663 _dbus_verbose (
"Got GUID '%s' from the server\n",
1664 _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server));
1668 if (!send_negotiate_unix_fd (auth))
1677 _dbus_verbose(
"Not negotiating unix fd passing, since not possible\n");
1679 if (!send_begin (auth))
1693 goto_state (auth, &client_state_waiting_for_reject);
1717 if (_dbus_string_get_length (args) != end)
1720 if (!send_error (auth,
"Invalid hex encoding"))
1726#ifdef DBUS_ENABLE_VERBOSE_MODE
1728 _dbus_string_get_length (&decoded)))
1729 _dbus_verbose (
"%s: data: '%s'\n",
1731 _dbus_string_get_const_data (&decoded));
1734 if (!(* data_func) (auth, &decoded))
1745send_negotiate_unix_fd (
DBusAuth *auth)
1748 "NEGOTIATE_UNIX_FD\r\n"))
1751 goto_state (auth, &client_state_waiting_for_agree_unix_fd);
1761 _dbus_verbose(
"Agreed to UNIX FD passing\n");
1764 "AGREE_UNIX_FD\r\n"))
1767 goto_state (auth, &server_state_waiting_for_begin);
1774 if (_dbus_string_get_length (args) == 0)
1777 if (!send_rejected (auth))
1809 _dbus_verbose (
"%s: Trying mechanism %s\n",
1813 if (!process_data (auth, &hex_response,
1820 _dbus_verbose (
"%s: Unsupported mechanism %s\n",
1822 _dbus_string_get_const_data (&mech));
1824 if (!send_rejected (auth))
1842handle_server_state_waiting_for_auth (
DBusAuth *auth,
1848 case DBUS_AUTH_COMMAND_AUTH:
1849 return handle_auth (auth, args);
1851 case DBUS_AUTH_COMMAND_CANCEL:
1852 case DBUS_AUTH_COMMAND_DATA:
1853 return send_error (auth,
"Not currently in an auth conversation");
1855 case DBUS_AUTH_COMMAND_BEGIN:
1856 goto_state (auth, &common_state_need_disconnect);
1859 case DBUS_AUTH_COMMAND_ERROR:
1860 return send_rejected (auth);
1862 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1863 return send_error (auth,
"Need to authenticate first");
1865 case DBUS_AUTH_COMMAND_REJECTED:
1866 case DBUS_AUTH_COMMAND_OK:
1867 case DBUS_AUTH_COMMAND_UNKNOWN:
1868 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1870 return send_error (auth,
"Unknown command");
1875handle_server_state_waiting_for_data (
DBusAuth *auth,
1881 case DBUS_AUTH_COMMAND_AUTH:
1882 return send_error (auth,
"Sent AUTH while another AUTH in progress");
1884 case DBUS_AUTH_COMMAND_CANCEL:
1885 case DBUS_AUTH_COMMAND_ERROR:
1886 return send_rejected (auth);
1888 case DBUS_AUTH_COMMAND_DATA:
1891 case DBUS_AUTH_COMMAND_BEGIN:
1892 goto_state (auth, &common_state_need_disconnect);
1895 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1896 return send_error (auth,
"Need to authenticate first");
1898 case DBUS_AUTH_COMMAND_REJECTED:
1899 case DBUS_AUTH_COMMAND_OK:
1900 case DBUS_AUTH_COMMAND_UNKNOWN:
1901 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1903 return send_error (auth,
"Unknown command");
1908handle_server_state_waiting_for_begin (
DBusAuth *auth,
1914 case DBUS_AUTH_COMMAND_AUTH:
1915 return send_error (auth,
"Sent AUTH while expecting BEGIN");
1917 case DBUS_AUTH_COMMAND_DATA:
1918 return send_error (auth,
"Sent DATA while expecting BEGIN");
1920 case DBUS_AUTH_COMMAND_BEGIN:
1921 goto_state (auth, &common_state_authenticated);
1924 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1926 return send_agree_unix_fd(auth);
1928 return send_error(auth,
"Unix FD passing not supported, not authenticated or otherwise not possible");
1930 case DBUS_AUTH_COMMAND_REJECTED:
1931 case DBUS_AUTH_COMMAND_OK:
1932 case DBUS_AUTH_COMMAND_UNKNOWN:
1933 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1935 return send_error (auth,
"Unknown command");
1937 case DBUS_AUTH_COMMAND_CANCEL:
1938 case DBUS_AUTH_COMMAND_ERROR:
1939 return send_rejected (auth);
1975 len = _dbus_string_get_length (args);
1986 if (!get_word (args, &next, &m))
2005 if (mech != &all_mechanisms[0])
2007 _dbus_verbose (
"%s: Adding mechanism %s to list we will try\n",
2019 _dbus_verbose (
"%s: Already tried mechanism %s; not adding to list we will try\n",
2025 _dbus_verbose (
"%s: Server offered mechanism \"%s\" that we don't know how to use\n",
2027 _dbus_string_get_const_data (&m));
2053 if (!record_mechanisms (auth, args))
2061 if (!send_auth (auth, mech))
2066 _dbus_verbose (
"%s: Trying mechanism %s\n",
2073 _dbus_verbose (
"%s: Disconnecting because we are out of mechanisms to try using\n",
2075 goto_state (auth, &common_state_need_disconnect);
2083handle_client_state_waiting_for_data (
DBusAuth *auth,
2091 case DBUS_AUTH_COMMAND_DATA:
2094 case DBUS_AUTH_COMMAND_REJECTED:
2095 return process_rejected (auth, args);
2097 case DBUS_AUTH_COMMAND_OK:
2098 return process_ok(auth, args);
2100 case DBUS_AUTH_COMMAND_ERROR:
2101 return send_cancel (auth);
2103 case DBUS_AUTH_COMMAND_AUTH:
2104 case DBUS_AUTH_COMMAND_CANCEL:
2105 case DBUS_AUTH_COMMAND_BEGIN:
2106 case DBUS_AUTH_COMMAND_UNKNOWN:
2107 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2108 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2110 return send_error (auth,
"Unknown command");
2115handle_client_state_waiting_for_ok (
DBusAuth *auth,
2121 case DBUS_AUTH_COMMAND_REJECTED:
2122 return process_rejected (auth, args);
2124 case DBUS_AUTH_COMMAND_OK:
2125 return process_ok(auth, args);
2127 case DBUS_AUTH_COMMAND_DATA:
2128 case DBUS_AUTH_COMMAND_ERROR:
2129 return send_cancel (auth);
2131 case DBUS_AUTH_COMMAND_AUTH:
2132 case DBUS_AUTH_COMMAND_CANCEL:
2133 case DBUS_AUTH_COMMAND_BEGIN:
2134 case DBUS_AUTH_COMMAND_UNKNOWN:
2135 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2136 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2138 return send_error (auth,
"Unknown command");
2143handle_client_state_waiting_for_reject (
DBusAuth *auth,
2149 case DBUS_AUTH_COMMAND_REJECTED:
2150 return process_rejected (auth, args);
2152 case DBUS_AUTH_COMMAND_AUTH:
2153 case DBUS_AUTH_COMMAND_CANCEL:
2154 case DBUS_AUTH_COMMAND_DATA:
2155 case DBUS_AUTH_COMMAND_BEGIN:
2156 case DBUS_AUTH_COMMAND_OK:
2157 case DBUS_AUTH_COMMAND_ERROR:
2158 case DBUS_AUTH_COMMAND_UNKNOWN:
2159 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2160 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2162 goto_state (auth, &common_state_need_disconnect);
2168handle_client_state_waiting_for_agree_unix_fd(
DBusAuth *auth,
2174 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2177 _dbus_verbose(
"Successfully negotiated UNIX FD passing\n");
2178 return send_begin (auth);
2180 case DBUS_AUTH_COMMAND_ERROR:
2183 _dbus_verbose(
"Failed to negotiate UNIX FD passing\n");
2184 return send_begin (auth);
2186 case DBUS_AUTH_COMMAND_OK:
2187 case DBUS_AUTH_COMMAND_DATA:
2188 case DBUS_AUTH_COMMAND_REJECTED:
2189 case DBUS_AUTH_COMMAND_AUTH:
2190 case DBUS_AUTH_COMMAND_CANCEL:
2191 case DBUS_AUTH_COMMAND_BEGIN:
2192 case DBUS_AUTH_COMMAND_UNKNOWN:
2193 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2195 return send_error (auth,
"Unknown command");
2208 {
"AUTH", DBUS_AUTH_COMMAND_AUTH },
2209 {
"CANCEL", DBUS_AUTH_COMMAND_CANCEL },
2210 {
"DATA", DBUS_AUTH_COMMAND_DATA },
2211 {
"BEGIN", DBUS_AUTH_COMMAND_BEGIN },
2212 {
"REJECTED", DBUS_AUTH_COMMAND_REJECTED },
2213 {
"OK", DBUS_AUTH_COMMAND_OK },
2214 {
"ERROR", DBUS_AUTH_COMMAND_ERROR },
2215 {
"NEGOTIATE_UNIX_FD", DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD },
2216 {
"AGREE_UNIX_FD", DBUS_AUTH_COMMAND_AGREE_UNIX_FD }
2220lookup_command_from_name (
DBusString *command)
2227 auth_command_names[i].name))
2228 return auth_command_names[i].command;
2231 return DBUS_AUTH_COMMAND_UNKNOWN;
2238 _dbus_verbose (
"%s: going from state %s to state %s\n",
2243 auth->
state = state;
2282 _dbus_string_get_length (&line)))
2284 _dbus_verbose (
"%s: Command contained non-ASCII chars or embedded nul\n",
2286 if (!send_error (auth,
"Command contained non-ASCII"))
2292 _dbus_verbose (
"%s: got command \"%s\"\n",
2294 _dbus_string_get_const_data (&line));
2309 command = lookup_command_from_name (&line);
2376 auth->
side = auth_side_server;
2377 auth->
state = &server_state_waiting_for_auth;
2381 server_auth->
guid = guid_copy;
2417 auth->
side = auth_side_client;
2418 auth->
state = &client_state_need_send_auth;
2422 if (!send_auth (auth, &all_mechanisms[0]))
2461 shutdown_mech (auth);
2504 const char **mechanisms)
2508 if (mechanisms !=
NULL)
2528#define DBUS_AUTH_IN_END_STATE(auth) ((auth)->state->handler == NULL)
2543#define MAX_BUFFER (16 * _DBUS_ONE_KILOBYTE)
2550 if (_dbus_string_get_length (&auth->
incoming) > MAX_BUFFER ||
2551 _dbus_string_get_length (&auth->
outgoing) > MAX_BUFFER)
2553 goto_state (auth, &common_state_need_disconnect);
2554 _dbus_verbose (
"%s: Disconnecting due to excessive data buffered in auth phase\n",
2559 while (process_command (auth));
2562 return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
2563 else if (_dbus_string_get_length (&auth->
outgoing) > 0)
2564 return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
2565 else if (auth->
state == &common_state_need_disconnect)
2566 return DBUS_AUTH_STATE_NEED_DISCONNECT;
2567 else if (auth->
state == &common_state_authenticated)
2568 return DBUS_AUTH_STATE_AUTHENTICATED;
2569 else return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
2590 if (_dbus_string_get_length (&auth->
outgoing) == 0)
2610 _dbus_verbose (
"%s: Sent %d bytes of: %s\n",
2613 _dbus_string_get_const_data (&auth->
outgoing));
2700 if (auth->
state != &common_state_authenticated)
2731 if (auth->
state != &common_state_authenticated)
2744 _dbus_string_get_length (encoded));
2759 if (auth->
state != &common_state_authenticated)
2794 if (auth->
state != &common_state_authenticated)
2807 _dbus_string_get_length (plaintext));
2840 if (auth->
state == &common_state_authenticated)
2866 if (auth->
state == &common_state_authenticated)
2867 return _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server);
2885 &auth->
context, 0, _dbus_string_get_length (context));
2924 return find_mech (name,
NULL) !=
NULL;
dbus_bool_t(* DBusAuthEncodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *encoded)
This function encodes a block of data from the peer.
dbus_bool_t(* DBusAuthDecodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *decoded)
This function decodes a block of data from the peer.
#define DBUS_AUTH_SERVER(auth)
#define DBUS_AUTH_IS_SERVER(auth)
#define DBUS_AUTH_NAME(auth)
The name of the auth ("client" or "server")
#define DBUS_AUTH_CLIENT(auth)
#define DBUS_AUTH_IS_CLIENT(auth)
dbus_bool_t(* DBusAuthStateFunction)(DBusAuth *auth, DBusAuthCommand command, const DBusString *args)
Auth state function, determines the reaction to incoming events for a particular state.
void(* DBusAuthShutdownFunction)(DBusAuth *auth)
This function is called when the mechanism is abandoned.
dbus_bool_t(* DBusInitialResponseFunction)(DBusAuth *auth, DBusString *response)
This function appends an initial client response to the given string.
DBusAuthCommand
Enumeration for the known authentication commands.
dbus_bool_t(* DBusAuthDataFunction)(DBusAuth *auth, const DBusString *data)
This function processes a block of data received from the peer.
#define N_CHALLENGE_BYTES
http://www.ietf.org/rfc/rfc2831.txt suggests at least 64 bits of entropy, we use 128.
DBusAuthState _dbus_auth_do_work(DBusAuth *auth)
Analyzes buffered input and moves the auth conversation forward, returning the new state of the auth ...
dbus_bool_t _dbus_auth_encode_data(DBusAuth *auth, const DBusString *plaintext, DBusString *encoded)
Called post-authentication, encodes a block of bytes for sending to the peer.
dbus_bool_t _dbus_auth_dump_supported_mechanisms(DBusString *buffer)
Return a human-readable string containing all supported auth mechanisms.
dbus_bool_t _dbus_auth_needs_encoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to encode the message stream with _dbus_auth_en...
dbus_bool_t _dbus_auth_set_credentials(DBusAuth *auth, DBusCredentials *credentials)
Sets credentials received via reliable means from the operating system.
dbus_bool_t _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
Queries whether unix fd passing was successfully negotiated.
DBusAuth * _dbus_auth_ref(DBusAuth *auth)
Increments the refcount of an auth object.
dbus_bool_t _dbus_auth_is_supported_mechanism(DBusString *name)
Queries whether the given auth mechanism is supported.
DBusCredentials * _dbus_auth_get_identity(DBusAuth *auth)
Gets the identity we authorized the client as.
dbus_bool_t _dbus_auth_get_bytes_to_send(DBusAuth *auth, const DBusString **str)
Gets bytes that need to be sent to the peer we're conversing with.
dbus_bool_t _dbus_auth_decode_data(DBusAuth *auth, const DBusString *encoded, DBusString *plaintext)
Called post-authentication, decodes a block of bytes received from the peer.
void _dbus_auth_unref(DBusAuth *auth)
Decrements the refcount of an auth object.
void _dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b)
Sets whether unix fd passing is potentially on the transport and hence shall be negotiated.
void _dbus_auth_return_buffer(DBusAuth *auth, DBusString *buffer)
Returns a buffer with new data read into it.
dbus_bool_t _dbus_auth_set_mechanisms(DBusAuth *auth, const char **mechanisms)
Sets an array of authentication mechanism names that we are willing to use.
void _dbus_auth_delete_unused_bytes(DBusAuth *auth)
Gets rid of unused bytes returned by _dbus_auth_get_unused_bytes() after we've gotten them and succes...
const char * _dbus_auth_get_guid_from_server(DBusAuth *auth)
Gets the GUID from the server if we've authenticated; gets NULL otherwise.
void _dbus_auth_get_buffer(DBusAuth *auth, DBusString **buffer)
Get a buffer to be used for reading bytes from the peer we're conversing with.
dbus_bool_t _dbus_auth_needs_decoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to decode the message stream with _dbus_auth_de...
dbus_bool_t _dbus_auth_set_context(DBusAuth *auth, const DBusString *context)
Sets the "authentication context" which scopes cookies with the DBUS_COOKIE_SHA1 auth mechanism for e...
void _dbus_auth_bytes_sent(DBusAuth *auth, int bytes_sent)
Notifies the auth conversation object that the given number of bytes of the outgoing buffer have been...
#define DBUS_AUTH_IN_END_STATE(auth)
DBusAuth * _dbus_auth_client_new(void)
Creates a new auth conversation object for the client side.
DBusAuth * _dbus_auth_server_new(const DBusString *guid)
Creates a new auth conversation object for the server side.
void _dbus_auth_get_unused_bytes(DBusAuth *auth, const DBusString **str)
Returns leftover bytes that were not used as part of the auth conversation.
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_credentials_same_user(DBusCredentials *credentials, DBusCredentials *other_credentials)
Check whether the user-identifying credentials in two credentials objects are identical.
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
DBusCredentials * _dbus_credentials_new_from_current_process(void)
Creates a new object with the most important credentials (user ID and process ID) from the current pr...
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
#define DBUS_ERROR_INIT
Expands to a suitable initializer for a DBusError on the stack.
dbus_bool_t dbus_error_has_name(const DBusError *error, const char *name)
Checks whether the error is set and has the given name.
void dbus_error_free(DBusError *error)
Frees an error that's been set (or just initialized), then reinitializes the error as in dbus_error_i...
dbus_bool_t dbus_error_is_set(const DBusError *error)
Checks whether an error occurred (the error is set).
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
dbus_bool_t _dbus_string_array_contains(const char **array, const char *str)
Checks whether a string array contains the given string.
#define _DBUS_N_ELEMENTS(array)
Computes the number of elements in a fixed-size array using sizeof().
char ** _dbus_dup_string_array(const char **array)
Duplicates a string array.
int _dbus_keyring_get_best_key(DBusKeyring *keyring, DBusError *error)
Gets a recent key to use for authentication.
dbus_bool_t _dbus_keyring_validate_context(const DBusString *context)
Checks whether the context is a valid context.
dbus_bool_t _dbus_keyring_is_for_credentials(DBusKeyring *keyring, DBusCredentials *credentials)
Checks whether the keyring is for the same user as the given credentials.
DBusKeyring * _dbus_keyring_new_for_credentials(DBusCredentials *credentials, const DBusString *context, DBusError *error)
Creates a new keyring that lives in the ~/.dbus-keyrings directory of the user represented by credent...
dbus_bool_t _dbus_keyring_get_hex_key(DBusKeyring *keyring, int key_id, DBusString *hex_key)
Gets the hex-encoded secret key for the given ID.
void _dbus_keyring_unref(DBusKeyring *keyring)
Decrements refcount and finalizes if it reaches zero.
void * _dbus_list_pop_first(DBusList **list)
Removes the first value in the list and returns it.
void _dbus_list_clear(DBusList **list)
Frees all links in the list and sets the list head to NULL.
dbus_bool_t _dbus_list_append(DBusList **list, void *data)
Appends a value to the list.
#define NULL
A null pointer, defined appropriately for C or C++.
#define TRUE
Expands to "1".
#define FALSE
Expands to "0".
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
void * dbus_malloc0(size_t bytes)
Allocates the given number of bytes, as with standard malloc(), but all bytes are initialized to zero...
void dbus_free_string_array(char **str_array)
Frees a NULL-terminated array of strings.
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation.
dbus_bool_t _dbus_sha_compute(const DBusString *data, DBusString *ascii_output)
Computes the ASCII hex-encoded shasum of the given data and appends it to the output string.
dbus_bool_t _dbus_string_set_length(DBusString *str, int length)
Sets the length of a string.
dbus_bool_t _dbus_string_hex_decode(const DBusString *source, int start, int *end_return, DBusString *dest, int insert_at)
Decodes a string from hex encoding.
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString.
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string.
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that's copied to the d...
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_append_int(DBusString *str, long value)
Appends an integer to a DBusString.
void _dbus_string_skip_blank(const DBusString *str, int start, int *end)
Skips blanks from start, storing the first non-blank in *end (blank is space or tab).
dbus_bool_t _dbus_string_find(const DBusString *str, int start, const char *substr, int *found)
Finds the given substring in the string, returning TRUE and filling in the byte index where the subst...
dbus_bool_t _dbus_string_validate_utf8(const DBusString *str, int start, int len)
Checks that the given range of the string is valid UTF-8.
dbus_bool_t _dbus_string_find_blank(const DBusString *str, int start, int *found)
Finds a blank (space or tab) in the string.
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init(), and fills it with the same contents as #_DBUS_STRING_I...
void _dbus_string_delete(DBusString *str, int start, int len)
Deletes a segment of a DBusString with length len starting at start.
dbus_bool_t _dbus_string_equal_c_str(const DBusString *a, const char *c_str)
Checks whether a string is equal to a C string.
void _dbus_string_zero(DBusString *str)
Clears all allocated bytes in the string to zero.
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_parse_int(const DBusString *str, int start, long *value_return, int *end_return)
Parses an integer contained in a DBusString.
dbus_bool_t _dbus_string_validate_ascii(const DBusString *str, int start, int len)
Checks that the given range of the string is valid ASCII with no nul bytes.
dbus_bool_t _dbus_string_hex_encode(const DBusString *source, int start, DBusString *dest, int insert_at)
Encodes a string in hex, the way MD5 and SHA-1 are usually encoded.
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
dbus_bool_t _dbus_string_move(DBusString *source, int start, DBusString *dest, int insert_at)
Moves the end of one string into another string.
dbus_bool_t _dbus_string_equal(const DBusString *a, const DBusString *b)
Tests two DBusString for equality.
dbus_bool_t _dbus_string_copy_len(const DBusString *source, int start, int len, DBusString *dest, int insert_at)
Like _dbus_string_copy(), but can copy a segment from the middle of the source string.
dbus_bool_t _dbus_string_replace_len(const DBusString *source, int start, int len, DBusString *dest, int replace_at, int replace_len)
Replaces a segment of dest string with a segment of source string.
dbus_bool_t _dbus_credentials_add_from_user(DBusCredentials *credentials, const DBusString *username, DBusCredentialsAddFlags flags, DBusError *error)
Adds the credentials corresponding to the given username.
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with.
dbus_bool_t _dbus_append_user_from_current_process(DBusString *str)
Append to the string the identity we would like to have when we authenticate, on UNIX this is the cur...
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
"Subclass" of DBusAuth for client side
DBusList * mechs_to_try
Mechanisms we got from the server that we're going to try using.
DBusAuth base
Parent class.
DBusString guid_from_server
GUID received from server.
Mapping from command name to enum.
DBusAuthCommand command
Corresponding enum.
const char * name
Name of the command.
Virtual table representing a particular auth mechanism.
const char * mechanism
Name of the mechanism.
DBusAuthDataFunction server_data_func
Function on server side for DATA.
DBusAuthDataFunction client_data_func
Function on client side for DATA.
DBusInitialResponseFunction client_initial_response_func
Function on client side to handle initial response.
DBusAuthEncodeFunction server_encode_func
Function on server side to encode.
DBusAuthShutdownFunction server_shutdown_func
Function on server side to shut down.
DBusAuthDecodeFunction client_decode_func
Function on client side for decode.
DBusAuthDecodeFunction server_decode_func
Function on server side to decode.
DBusAuthShutdownFunction client_shutdown_func
Function on client side for shutdown.
DBusAuthEncodeFunction client_encode_func
Function on client side for encode.
"Subclass" of DBusAuth for server side.
int max_failures
Number of times we reject before disconnect.
DBusString guid
Our globally unique ID in hex encoding.
DBusAuth base
Parent class.
int failures
Number of times client has been rejected.
Information about a auth state.
DBusAuthStateFunction handler
State function for this state.
const char * name
Name of the state.
Internal members of DBusAuth.
unsigned int already_got_mechanisms
Client already got mech list.
const DBusAuthMechanismHandler * mech
Current auth mechanism.
char ** allowed_mechs
Mechanisms we're allowed to use, or NULL if we can use any.
unsigned int needed_memory
We needed memory to continue since last successful getting something done.
int cookie_id
ID of cookie to use.
const DBusAuthStateData * state
Current protocol state.
DBusString challenge
Challenge sent to client.
DBusCredentials * desired_identity
Identity client has requested.
unsigned int unix_fd_possible
This side could do unix fd passing.
const char * side
Client or server.
DBusString identity
Current identity we're authorizing as.
DBusString incoming
Incoming data buffer.
int refcount
reference count
unsigned int already_asked_for_initial_response
Already sent a blank challenge to get an initial response.
DBusKeyring * keyring
Keyring for cookie mechanism.
DBusString outgoing
Outgoing data buffer.
DBusCredentials * credentials
Credentials read from socket.
DBusString context
Cookie scope.
unsigned int unix_fd_negotiated
Unix fd was successfully negotiated.
unsigned int buffer_outstanding
Buffer is "checked out" for reading data into.
DBusCredentials * authorized_identity
Credentials that are authorized.
Object representing an exception.
const char * message
public error message field
Internals of DBusKeyring.
void * data
Data stored at this element.
