25 #include "dbus-auth.h"
26 #include "dbus-string.h"
27 #include "dbus-list.h"
28 #include "dbus-internals.h"
29 #include "dbus-keyring.h"
31 #include "dbus-protocol.h"
32 #include "dbus-credentials.h"
120 DBUS_AUTH_COMMAND_AUTH,
121 DBUS_AUTH_COMMAND_CANCEL,
122 DBUS_AUTH_COMMAND_DATA,
123 DBUS_AUTH_COMMAND_BEGIN,
124 DBUS_AUTH_COMMAND_REJECTED,
125 DBUS_AUTH_COMMAND_OK,
126 DBUS_AUTH_COMMAND_ERROR,
127 DBUS_AUTH_COMMAND_UNKNOWN,
128 DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD,
129 DBUS_AUTH_COMMAND_AGREE_UNIX_FD
223 static void goto_state (
DBusAuth *auth,
231 const char *message);
253 "WaitingForAuth", handle_server_state_waiting_for_auth
256 "WaitingForData", handle_server_state_waiting_for_data
259 "WaitingForBegin", handle_server_state_waiting_for_begin
283 "WaitingForData", handle_client_state_waiting_for_data
289 "WaitingForOK", handle_client_state_waiting_for_ok
292 "WaitingForReject", handle_client_state_waiting_for_reject
295 "WaitingForAgreeUnixFD", handle_client_state_waiting_for_agree_unix_fd
303 "Authenticated",
NULL
307 "NeedDisconnect",
NULL
310 static const char auth_side_client[] =
"client";
311 static const char auth_side_server[] =
"server";
316 #define DBUS_AUTH_IS_SERVER(auth) ((auth)->side == auth_side_server)
321 #define DBUS_AUTH_IS_CLIENT(auth) ((auth)->side == auth_side_client)
326 #define DBUS_AUTH_CLIENT(auth) ((DBusAuthClient*)(auth))
331 #define DBUS_AUTH_SERVER(auth) ((DBusAuthServer*)(auth))
338 #define DBUS_AUTH_NAME(auth) ((auth)->side)
341 _dbus_auth_new (
int size)
432 _dbus_verbose (
"%s: Shutting down mechanism %s\n",
474 if (_dbus_string_get_length (&cookie) == 0)
484 &to_hash, _dbus_string_get_length (&to_hash)))
491 &to_hash, _dbus_string_get_length (&to_hash)))
498 &to_hash, _dbus_string_get_length (&to_hash)))
519 #define N_CHALLENGE_BYTES (128/8)
522 sha1_handle_first_client_response (
DBusAuth *auth,
535 if (_dbus_string_get_length (data) > 0)
537 if (_dbus_string_get_length (&auth->
identity) > 0)
540 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
542 return send_rejected (auth);
554 _dbus_verbose (
"%s: Did not get a valid username from client\n",
556 return send_rejected (auth);
596 _DBUS_ASSERT_ERROR_IS_SET (&error);
597 _dbus_verbose (
"%s: Error loading keyring: %s\n",
599 if (send_rejected (auth))
616 _DBUS_ASSERT_ERROR_IS_SET (&error);
617 _dbus_verbose (
"%s: Could not get a cookie ID to send to client: %s\n",
619 if (send_rejected (auth))
630 &tmp2, _dbus_string_get_length (&tmp2)))
651 _DBUS_ASSERT_ERROR_IS_SET (&error);
652 _dbus_verbose (
"%s: Error generating challenge: %s\n",
654 if (send_rejected (auth))
667 _dbus_string_get_length (&tmp2)))
670 if (!send_data (auth, &tmp2))
673 goto_state (auth, &server_state_waiting_for_data);
686 sha1_handle_second_client_response (
DBusAuth *auth,
704 _dbus_verbose (
"%s: no space separator in client response\n",
706 return send_rejected (auth);
722 _dbus_string_get_length (data) - i,
727 if (_dbus_string_get_length (&client_challenge) == 0 ||
728 _dbus_string_get_length (&client_hash) == 0)
730 _dbus_verbose (
"%s: zero-length client challenge or hash\n",
732 if (send_rejected (auth))
740 if (!sha1_compute_hash (auth, auth->
cookie_id,
747 if (_dbus_string_get_length (&correct_hash) == 0)
749 if (send_rejected (auth))
756 if (send_rejected (auth))
768 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
775 _dbus_verbose (
"%s: authenticated client using DBUS_COOKIE_SHA1\n",
793 handle_server_data_cookie_sha1_mech (
DBusAuth *auth,
797 return sha1_handle_first_client_response (auth, data);
799 return sha1_handle_second_client_response (auth, data);
803 handle_server_shutdown_cookie_sha1_mech (
DBusAuth *auth)
810 handle_client_initial_response_cookie_sha1_mech (
DBusAuth *auth,
826 _dbus_string_get_length (response)))
838 handle_client_data_cookie_sha1_mech (
DBusAuth *auth,
858 if (send_error (auth,
859 "Server did not send context/ID/challenge properly"))
874 if (send_error (auth,
875 "Server did not send context/ID/challenge properly"))
892 j = _dbus_string_get_length (data);
895 &server_challenge, 0))
900 if (send_error (auth,
"Server sent invalid cookie context"))
907 if (send_error (auth,
"Could not parse cookie ID as an integer"))
912 if (_dbus_string_get_length (&server_challenge) == 0)
914 if (send_error (auth,
"Empty server challenge string"))
935 _DBUS_ASSERT_ERROR_IS_SET (&error);
937 _dbus_verbose (
"%s: Error loading keyring: %s\n",
940 if (send_error (auth,
"Could not load cookie file"))
967 _DBUS_ASSERT_ERROR_IS_SET (&error);
969 _dbus_verbose (
"%s: Failed to generate challenge: %s\n",
972 if (send_error (auth,
"Failed to generate challenge"))
989 if (!sha1_compute_hash (auth, val,
995 if (_dbus_string_get_length (&correct_hash) == 0)
998 if (send_error (auth,
"Don't have the requested cookie ID"))
1006 _dbus_string_get_length (&tmp)))
1013 _dbus_string_get_length (&tmp)))
1016 if (!send_data (auth, &tmp))
1040 handle_client_shutdown_cookie_sha1_mech (
DBusAuth *auth)
1051 handle_server_data_external_mech (
DBusAuth *auth,
1056 _dbus_verbose (
"%s: no credentials, mechanism EXTERNAL can't authenticate\n",
1058 return send_rejected (auth);
1061 if (_dbus_string_get_length (data) > 0)
1063 if (_dbus_string_get_length (&auth->
identity) > 0)
1066 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
1068 return send_rejected (auth);
1079 if (_dbus_string_get_length (&auth->
identity) == 0 &&
1082 if (send_data (auth,
NULL))
1084 _dbus_verbose (
"%s: sending empty challenge asking client for auth identity\n",
1087 goto_state (auth, &server_state_waiting_for_data);
1101 if (_dbus_string_get_length (&auth->
identity) == 0)
1114 _dbus_verbose (
"%s: could not get credentials from uid string\n",
1116 return send_rejected (auth);
1122 _dbus_verbose (
"%s: desired user %s is no good\n",
1124 _dbus_string_get_const_data (&auth->
identity));
1125 return send_rejected (auth);
1139 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1144 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
1149 DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
1153 if (!send_ok (auth))
1156 _dbus_verbose (
"%s: authenticated client based on socket credentials\n",
1163 _dbus_verbose (
"%s: desired identity not found in socket credentials\n",
1165 return send_rejected (auth);
1170 handle_server_shutdown_external_mech (
DBusAuth *auth)
1176 handle_client_initial_response_external_mech (
DBusAuth *auth,
1194 _dbus_string_get_length (response)))
1207 handle_client_data_external_mech (
DBusAuth *auth,
1215 handle_client_shutdown_external_mech (
DBusAuth *auth)
1225 handle_server_data_anonymous_mech (
DBusAuth *auth,
1228 if (_dbus_string_get_length (data) > 0)
1237 _dbus_verbose (
"%s: Received invalid UTF-8 trace data from ANONYMOUS client\n",
1239 return send_rejected (auth);
1242 _dbus_verbose (
"%s: ANONYMOUS client sent trace string: '%s'\n",
1244 _dbus_string_get_const_data (data));
1253 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1258 if (!send_ok (auth))
1261 _dbus_verbose (
"%s: authenticated client as anonymous\n",
1268 handle_server_shutdown_anonymous_mech (
DBusAuth *auth)
1274 handle_client_initial_response_anonymous_mech (
DBusAuth *auth,
1289 "libdbus " DBUS_VERSION_STRING))
1294 _dbus_string_get_length (response)))
1307 handle_client_data_anonymous_mech (
DBusAuth *auth,
1315 handle_client_shutdown_anonymous_mech (
DBusAuth *auth)
1332 all_mechanisms[] = {
1334 handle_server_data_external_mech,
1336 handle_server_shutdown_external_mech,
1337 handle_client_initial_response_external_mech,
1338 handle_client_data_external_mech,
1340 handle_client_shutdown_external_mech },
1341 {
"DBUS_COOKIE_SHA1",
1342 handle_server_data_cookie_sha1_mech,
1344 handle_server_shutdown_cookie_sha1_mech,
1345 handle_client_initial_response_cookie_sha1_mech,
1346 handle_client_data_cookie_sha1_mech,
1348 handle_client_shutdown_cookie_sha1_mech },
1350 handle_server_data_anonymous_mech,
1352 handle_server_shutdown_anonymous_mech,
1353 handle_client_initial_response_anonymous_mech,
1354 handle_client_data_anonymous_mech,
1356 handle_client_shutdown_anonymous_mech },
1362 char **allowed_mechs)
1366 if (allowed_mechs !=
NULL &&
1368 _dbus_string_get_const_data (name)))
1372 while (all_mechanisms[i].mechanism !=
NULL)
1375 all_mechanisms[i].mechanism))
1377 return &all_mechanisms[i];
1431 _dbus_string_get_length (&auth->
outgoing)))
1438 shutdown_mech (auth);
1440 goto_state (auth, &client_state_waiting_for_data);
1450 if (data ==
NULL || _dbus_string_get_length (data) == 0)
1454 old_len = _dbus_string_get_length (&auth->
outgoing);
1459 _dbus_string_get_length (&auth->
outgoing)))
1489 while (all_mechanisms[i].mechanism !=
NULL)
1496 all_mechanisms[i].mechanism))
1506 _dbus_string_get_length (&auth->
outgoing)))
1509 shutdown_mech (auth);
1516 goto_state (auth, &common_state_need_disconnect);
1518 goto_state (auth, &server_state_waiting_for_auth);
1530 send_error (
DBusAuth *auth,
const char *message)
1533 "ERROR \"%s\"\r\n", message);
1541 orig_len = _dbus_string_get_length (&auth->
outgoing);
1547 _dbus_string_get_length (&auth->
outgoing)) &&
1550 goto_state (auth, &server_state_waiting_for_begin);
1568 goto_state (auth, &common_state_authenticated);
1591 if (end_of_hex != _dbus_string_get_length (args_from_ok) ||
1594 _dbus_verbose (
"Bad GUID from server, parsed %d bytes and had %d bytes from server\n",
1595 end_of_hex, _dbus_string_get_length (args_from_ok));
1596 goto_state (auth, &common_state_need_disconnect);
1605 _dbus_verbose (
"Got GUID '%s' from the server\n",
1606 _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server));
1610 if (!send_negotiate_unix_fd (auth))
1619 _dbus_verbose(
"Not negotiating unix fd passing, since not possible\n");
1620 return send_begin (auth);
1628 goto_state (auth, &client_state_waiting_for_reject);
1652 if (_dbus_string_get_length (args) != end)
1655 if (!send_error (auth,
"Invalid hex encoding"))
1661 #ifdef DBUS_ENABLE_VERBOSE_MODE
1663 _dbus_string_get_length (&decoded)))
1664 _dbus_verbose (
"%s: data: '%s'\n",
1666 _dbus_string_get_const_data (&decoded));
1669 if (!(* data_func) (auth, &decoded))
1680 send_negotiate_unix_fd (
DBusAuth *auth)
1683 "NEGOTIATE_UNIX_FD\r\n"))
1686 goto_state (auth, &client_state_waiting_for_agree_unix_fd);
1691 send_agree_unix_fd (
DBusAuth *auth)
1696 _dbus_verbose(
"Agreed to UNIX FD passing\n");
1699 "AGREE_UNIX_FD\r\n"))
1702 goto_state (auth, &server_state_waiting_for_begin);
1709 if (_dbus_string_get_length (args) == 0)
1712 if (!send_rejected (auth))
1744 _dbus_verbose (
"%s: Trying mechanism %s\n",
1748 if (!process_data (auth, &hex_response,
1755 _dbus_verbose (
"%s: Unsupported mechanism %s\n",
1757 _dbus_string_get_const_data (&mech));
1759 if (!send_rejected (auth))
1777 handle_server_state_waiting_for_auth (
DBusAuth *auth,
1783 case DBUS_AUTH_COMMAND_AUTH:
1784 return handle_auth (auth, args);
1786 case DBUS_AUTH_COMMAND_CANCEL:
1787 case DBUS_AUTH_COMMAND_DATA:
1788 return send_error (auth,
"Not currently in an auth conversation");
1790 case DBUS_AUTH_COMMAND_BEGIN:
1791 goto_state (auth, &common_state_need_disconnect);
1794 case DBUS_AUTH_COMMAND_ERROR:
1795 return send_rejected (auth);
1797 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1798 return send_error (auth,
"Need to authenticate first");
1800 case DBUS_AUTH_COMMAND_REJECTED:
1801 case DBUS_AUTH_COMMAND_OK:
1802 case DBUS_AUTH_COMMAND_UNKNOWN:
1803 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1805 return send_error (auth,
"Unknown command");
1810 handle_server_state_waiting_for_data (
DBusAuth *auth,
1816 case DBUS_AUTH_COMMAND_AUTH:
1817 return send_error (auth,
"Sent AUTH while another AUTH in progress");
1819 case DBUS_AUTH_COMMAND_CANCEL:
1820 case DBUS_AUTH_COMMAND_ERROR:
1821 return send_rejected (auth);
1823 case DBUS_AUTH_COMMAND_DATA:
1826 case DBUS_AUTH_COMMAND_BEGIN:
1827 goto_state (auth, &common_state_need_disconnect);
1830 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1831 return send_error (auth,
"Need to authenticate first");
1833 case DBUS_AUTH_COMMAND_REJECTED:
1834 case DBUS_AUTH_COMMAND_OK:
1835 case DBUS_AUTH_COMMAND_UNKNOWN:
1836 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1838 return send_error (auth,
"Unknown command");
1843 handle_server_state_waiting_for_begin (
DBusAuth *auth,
1849 case DBUS_AUTH_COMMAND_AUTH:
1850 return send_error (auth,
"Sent AUTH while expecting BEGIN");
1852 case DBUS_AUTH_COMMAND_DATA:
1853 return send_error (auth,
"Sent DATA while expecting BEGIN");
1855 case DBUS_AUTH_COMMAND_BEGIN:
1856 goto_state (auth, &common_state_authenticated);
1859 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1861 return send_agree_unix_fd(auth);
1863 return send_error(auth,
"Unix FD passing not supported, not authenticated or otherwise not possible");
1865 case DBUS_AUTH_COMMAND_REJECTED:
1866 case DBUS_AUTH_COMMAND_OK:
1867 case DBUS_AUTH_COMMAND_UNKNOWN:
1868 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1870 return send_error (auth,
"Unknown command");
1872 case DBUS_AUTH_COMMAND_CANCEL:
1873 case DBUS_AUTH_COMMAND_ERROR:
1874 return send_rejected (auth);
1910 len = _dbus_string_get_length (args);
1921 if (!get_word (args, &next, &m))
1940 if (mech != &all_mechanisms[0])
1942 _dbus_verbose (
"%s: Adding mechanism %s to list we will try\n",
1954 _dbus_verbose (
"%s: Already tried mechanism %s; not adding to list we will try\n",
1960 _dbus_verbose (
"%s: Server offered mechanism \"%s\" that we don't know how to use\n",
1962 _dbus_string_get_const_data (&m));
1988 if (!record_mechanisms (auth, args))
1996 if (!send_auth (auth, mech))
2001 _dbus_verbose (
"%s: Trying mechanism %s\n",
2008 _dbus_verbose (
"%s: Disconnecting because we are out of mechanisms to try using\n",
2010 goto_state (auth, &common_state_need_disconnect);
2018 handle_client_state_waiting_for_data (
DBusAuth *auth,
2026 case DBUS_AUTH_COMMAND_DATA:
2029 case DBUS_AUTH_COMMAND_REJECTED:
2030 return process_rejected (auth, args);
2032 case DBUS_AUTH_COMMAND_OK:
2033 return process_ok(auth, args);
2035 case DBUS_AUTH_COMMAND_ERROR:
2036 return send_cancel (auth);
2038 case DBUS_AUTH_COMMAND_AUTH:
2039 case DBUS_AUTH_COMMAND_CANCEL:
2040 case DBUS_AUTH_COMMAND_BEGIN:
2041 case DBUS_AUTH_COMMAND_UNKNOWN:
2042 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2043 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2045 return send_error (auth,
"Unknown command");
2050 handle_client_state_waiting_for_ok (
DBusAuth *auth,
2056 case DBUS_AUTH_COMMAND_REJECTED:
2057 return process_rejected (auth, args);
2059 case DBUS_AUTH_COMMAND_OK:
2060 return process_ok(auth, args);
2062 case DBUS_AUTH_COMMAND_DATA:
2063 case DBUS_AUTH_COMMAND_ERROR:
2064 return send_cancel (auth);
2066 case DBUS_AUTH_COMMAND_AUTH:
2067 case DBUS_AUTH_COMMAND_CANCEL:
2068 case DBUS_AUTH_COMMAND_BEGIN:
2069 case DBUS_AUTH_COMMAND_UNKNOWN:
2070 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2071 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2073 return send_error (auth,
"Unknown command");
2078 handle_client_state_waiting_for_reject (
DBusAuth *auth,
2084 case DBUS_AUTH_COMMAND_REJECTED:
2085 return process_rejected (auth, args);
2087 case DBUS_AUTH_COMMAND_AUTH:
2088 case DBUS_AUTH_COMMAND_CANCEL:
2089 case DBUS_AUTH_COMMAND_DATA:
2090 case DBUS_AUTH_COMMAND_BEGIN:
2091 case DBUS_AUTH_COMMAND_OK:
2092 case DBUS_AUTH_COMMAND_ERROR:
2093 case DBUS_AUTH_COMMAND_UNKNOWN:
2094 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2095 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2097 goto_state (auth, &common_state_need_disconnect);
2103 handle_client_state_waiting_for_agree_unix_fd(
DBusAuth *auth,
2109 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2112 _dbus_verbose(
"Successfully negotiated UNIX FD passing\n");
2113 return send_begin (auth);
2115 case DBUS_AUTH_COMMAND_ERROR:
2118 _dbus_verbose(
"Failed to negotiate UNIX FD passing\n");
2119 return send_begin (auth);
2121 case DBUS_AUTH_COMMAND_OK:
2122 case DBUS_AUTH_COMMAND_DATA:
2123 case DBUS_AUTH_COMMAND_REJECTED:
2124 case DBUS_AUTH_COMMAND_AUTH:
2125 case DBUS_AUTH_COMMAND_CANCEL:
2126 case DBUS_AUTH_COMMAND_BEGIN:
2127 case DBUS_AUTH_COMMAND_UNKNOWN:
2128 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2130 return send_error (auth,
"Unknown command");
2143 {
"AUTH", DBUS_AUTH_COMMAND_AUTH },
2144 {
"CANCEL", DBUS_AUTH_COMMAND_CANCEL },
2145 {
"DATA", DBUS_AUTH_COMMAND_DATA },
2146 {
"BEGIN", DBUS_AUTH_COMMAND_BEGIN },
2147 {
"REJECTED", DBUS_AUTH_COMMAND_REJECTED },
2148 {
"OK", DBUS_AUTH_COMMAND_OK },
2149 {
"ERROR", DBUS_AUTH_COMMAND_ERROR },
2150 {
"NEGOTIATE_UNIX_FD", DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD },
2151 {
"AGREE_UNIX_FD", DBUS_AUTH_COMMAND_AGREE_UNIX_FD }
2155 lookup_command_from_name (
DBusString *command)
2162 auth_command_names[i].name))
2163 return auth_command_names[i].command;
2166 return DBUS_AUTH_COMMAND_UNKNOWN;
2173 _dbus_verbose (
"%s: going from state %s to state %s\n",
2178 auth->
state = state;
2217 _dbus_string_get_length (&line)))
2219 _dbus_verbose (
"%s: Command contained non-ASCII chars or embedded nul\n",
2221 if (!send_error (auth,
"Command contained non-ASCII"))
2227 _dbus_verbose (
"%s: got command \"%s\"\n",
2229 _dbus_string_get_const_data (&line));
2244 command = lookup_command_from_name (&line);
2311 auth->
side = auth_side_server;
2312 auth->
state = &server_state_waiting_for_auth;
2316 server_auth->
guid = guid_copy;
2352 auth->
side = auth_side_client;
2353 auth->
state = &client_state_need_send_auth;
2357 if (!send_auth (auth, &all_mechanisms[0]))
2396 shutdown_mech (auth);
2439 const char **mechanisms)
2443 if (mechanisms !=
NULL)
2463 #define DBUS_AUTH_IN_END_STATE(auth) ((auth)->state->handler == NULL)
2478 #define MAX_BUFFER (16 * _DBUS_ONE_KILOBYTE)
2485 if (_dbus_string_get_length (&auth->
incoming) > MAX_BUFFER ||
2486 _dbus_string_get_length (&auth->
outgoing) > MAX_BUFFER)
2488 goto_state (auth, &common_state_need_disconnect);
2489 _dbus_verbose (
"%s: Disconnecting due to excessive data buffered in auth phase\n",
2494 while (process_command (auth));
2497 return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
2498 else if (_dbus_string_get_length (&auth->
outgoing) > 0)
2499 return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
2500 else if (auth->
state == &common_state_need_disconnect)
2501 return DBUS_AUTH_STATE_NEED_DISCONNECT;
2502 else if (auth->
state == &common_state_authenticated)
2503 return DBUS_AUTH_STATE_AUTHENTICATED;
2504 else return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
2525 if (_dbus_string_get_length (&auth->
outgoing) == 0)
2545 _dbus_verbose (
"%s: Sent %d bytes of: %s\n",
2548 _dbus_string_get_const_data (&auth->
outgoing));
2635 if (auth->
state != &common_state_authenticated)
2666 if (auth->
state != &common_state_authenticated)
2679 _dbus_string_get_length (encoded));
2694 if (auth->
state != &common_state_authenticated)
2729 if (auth->
state != &common_state_authenticated)
2742 _dbus_string_get_length (plaintext));
2775 if (auth->
state == &common_state_authenticated)
2801 if (auth->
state == &common_state_authenticated)
2802 return _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server);
2820 &auth->
context, 0, _dbus_string_get_length (context));
dbus_bool_t dbus_error_has_name(const DBusError *error, const char *name)
Checks whether the error is set and has the given name.
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString.
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_parse_int(const DBusString *str, int start, long *value_return, int *end_return)
Parses an integer contained in a DBusString.
const char * message
public error message field
void _dbus_auth_delete_unused_bytes(DBusAuth *auth)
Gets rid of unused bytes returned by _dbus_auth_get_unused_bytes() after we've gotten them and succes...
#define NULL
A null pointer, defined appropriately for C or C++.
void _dbus_auth_get_unused_bytes(DBusAuth *auth, const DBusString **str)
Returns leftover bytes that were not used as part of the auth conversation.
void _dbus_keyring_unref(DBusKeyring *keyring)
Decrements refcount and finalizes if it reaches zero.
dbus_bool_t _dbus_string_equal(const DBusString *a, const DBusString *b)
Tests two DBusString for equality.
DBusAuthDecodeFunction client_decode_func
Function on client side for decode.
DBusAuthEncodeFunction server_encode_func
Function on server side to encode.
dbus_bool_t(* DBusAuthDecodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *decoded)
This function decodes a block of data from the peer.
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
DBusAuthCommand
Enumeration for the known authentication commands.
dbus_bool_t _dbus_auth_needs_decoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to decode the message stream with _dbus_auth_de...
dbus_bool_t _dbus_string_hex_encode(const DBusString *source, int start, DBusString *dest, int insert_at)
Encodes a string in hex, the way MD5 and SHA-1 are usually encoded.
unsigned int buffer_outstanding
Buffer is "checked out" for reading data into.
DBusList * mechs_to_try
Mechanisms we got from the server that we're going to try using.
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_append_int(DBusString *str, long value)
Appends an integer to a DBusString.
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_auth_encode_data(DBusAuth *auth, const DBusString *plaintext, DBusString *encoded)
Called post-authentication, encodes a block of bytes for sending to the peer.
Internals of DBusKeyring.
dbus_bool_t(* DBusAuthEncodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *encoded)
This function encodes a block of data from the peer.
dbus_bool_t _dbus_auth_set_context(DBusAuth *auth, const DBusString *context)
Sets the "authentication context" which scopes cookies with the DBUS_COOKIE_SHA1 auth mechanism for e...
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
#define DBUS_ERROR_INIT
Expands to a suitable initializer for a DBusError on the stack.
void * data
Data stored at this element.
void _dbus_auth_return_buffer(DBusAuth *auth, DBusString *buffer)
Returns a buffer with new data read into it.
DBusAuthState _dbus_auth_do_work(DBusAuth *auth)
Analyzes buffered input and moves the auth conversation forward, returning the new state of the auth ...
void dbus_error_free(DBusError *error)
Frees an error that's been set (or just initialized), then reinitializes the error as in dbus_error_i...
const char * mechanism
Name of the mechanism.
unsigned int unix_fd_negotiated
Unix fd was successfully negotiated.
dbus_bool_t _dbus_keyring_get_hex_key(DBusKeyring *keyring, int key_id, DBusString *hex_key)
Gets the hex-encoded secret key for the given ID.
dbus_bool_t _dbus_auth_set_mechanisms(DBusAuth *auth, const char **mechanisms)
Sets an array of authentication mechanism names that we are willing to use.
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string.
DBusAuthShutdownFunction server_shutdown_func
Function on server side to shut down.
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that's copied to the d...
DBusKeyring * keyring
Keyring for cookie mechanism.
DBusString context
Cookie scope.
dbus_bool_t _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
Queries whether unix fd passing was successfully negotiated.
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
dbus_bool_t _dbus_string_find(const DBusString *str, int start, const char *substr, int *found)
Finds the given substring in the string, returning TRUE and filling in the byte index where the subst...
DBusString guid
Our globally unique ID in hex encoding.
const char * side
Client or server.
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
DBusString guid_from_server
GUID received from server.
DBusCredentials * _dbus_auth_get_identity(DBusAuth *auth)
Gets the identity we authorized the client as.
void _dbus_auth_get_buffer(DBusAuth *auth, DBusString **buffer)
Get a buffer to be used for reading bytes from the peer we're conversing with.
DBusString challenge
Challenge sent to client.
dbus_bool_t _dbus_auth_decode_data(DBusAuth *auth, const DBusString *encoded, DBusString *plaintext)
Called post-authentication, decodes a block of bytes received from the peer.
DBusCredentials * authorized_identity
Credentials that are authorized.
DBusAuthDecodeFunction server_decode_func
Function on server side to decode.
dbus_bool_t _dbus_string_move(DBusString *source, int start, DBusString *dest, int insert_at)
Moves the end of one string into another string.
dbus_bool_t _dbus_append_user_from_current_process(DBusString *str)
Append to the string the identity we would like to have when we authenticate, on UNIX this is the cur...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
dbus_bool_t _dbus_string_equal_c_str(const DBusString *a, const char *c_str)
Checks whether a string is equal to a C string.
void _dbus_auth_bytes_sent(DBusAuth *auth, int bytes_sent)
Notifies the auth conversation object that the given number of bytes of the outgoing buffer have been...
Internal members of DBusAuth.
DBusInitialResponseFunction client_initial_response_func
Function on client side to handle initial response.
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
"Subclass" of DBusAuth for server side.
DBusAuthStateFunction handler
State function for this state.
DBusAuthDataFunction client_data_func
Function on client side for DATA.
const DBusAuthStateData * state
Current protocol state.
dbus_bool_t _dbus_string_replace_len(const DBusString *source, int start, int len, DBusString *dest, int replace_at, int replace_len)
Replaces a segment of dest string with a segment of source string.
"Subclass" of DBusAuth for client side
DBusCredentials * desired_identity
Identity client has requested.
void _dbus_string_skip_blank(const DBusString *str, int start, int *end)
Skips blanks from start, storing the first non-blank in *end (blank is space or tab).
DBusAuth * _dbus_auth_server_new(const DBusString *guid)
Creates a new auth conversation object for the server side.
unsigned int needed_memory
We needed memory to continue since last successful getting something done.
#define DBUS_AUTH_NAME(auth)
The name of the auth ("client" or "server")
DBusAuth * _dbus_auth_ref(DBusAuth *auth)
Increments the refcount of an auth object.
unsigned int already_asked_for_initial_response
Already sent a blank challenge to get an initial response.
void _dbus_string_delete(DBusString *str, int start, int len)
Deletes a segment of a DBusString with length len starting at start.
DBusString identity
Current identity we're authorizing as.
dbus_bool_t _dbus_list_append(DBusList **list, void *data)
Appends a value to the list.
unsigned int already_got_mechanisms
Client already got mech list.
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
void _dbus_string_zero(DBusString *str)
Clears all allocated bytes in the string to zero.
int cookie_id
ID of cookie to use.
Information about a auth state.
Object representing an exception.
int _dbus_keyring_get_best_key(DBusKeyring *keyring, DBusError *error)
Gets a recent key to use for authentication.
dbus_bool_t(* DBusAuthStateFunction)(DBusAuth *auth, DBusAuthCommand command, const DBusString *args)
Auth state function, determines the reaction to incoming events for a particular state.
dbus_bool_t _dbus_string_validate_utf8(const DBusString *str, int start, int len)
Checks that the given range of the string is valid UTF-8.
DBusAuth base
Parent class.
DBusAuthShutdownFunction client_shutdown_func
Function on client side for shutdown.
void * _dbus_list_pop_first(DBusList **list)
Removes the first value in the list and returns it.
int refcount
reference count
const char * _dbus_auth_get_guid_from_server(DBusAuth *auth)
Gets the GUID from the server if we've authenticated; gets NULL otherwise.
#define _DBUS_N_ELEMENTS(array)
Computes the number of elements in a fixed-size array using sizeof().
char ** allowed_mechs
Mechanisms we're allowed to use, or NULL if we can use any.
const char * name
Name of the command.
#define DBUS_AUTH_CLIENT(auth)
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init().
char ** _dbus_dup_string_array(const char **array)
Duplicates a string array.
#define TRUE
Expands to "1".
int failures
Number of times client has been rejected.
#define DBUS_AUTH_IS_SERVER(auth)
#define N_CHALLENGE_BYTES
http://www.ietf.org/rfc/rfc2831.txt suggests at least 64 bits of entropy, we use 128.
dbus_bool_t _dbus_string_find_blank(const DBusString *str, int start, int *found)
Finds a blank (space or tab) in the string.
DBusString incoming
Incoming data buffer.
dbus_bool_t _dbus_auth_set_credentials(DBusAuth *auth, DBusCredentials *credentials)
Sets credentials received via reliable means from the operating system.
dbus_bool_t _dbus_keyring_is_for_credentials(DBusKeyring *keyring, DBusCredentials *credentials)
Checks whether the keyring is for the same user as the given credentials.
void _dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b)
Sets whether unix fd passing is potentially on the transport and hence shall be negotiated.
const char * name
Name of the state.
dbus_bool_t(* DBusAuthDataFunction)(DBusAuth *auth, const DBusString *data)
This function processes a block of data received from the peer.
DBusAuthEncodeFunction client_encode_func
Function on client side for encode.
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
DBusKeyring * _dbus_keyring_new_for_credentials(DBusCredentials *credentials, const DBusString *context, DBusError *error)
Creates a new keyring that lives in the ~/.dbus-keyrings directory of the user represented by credent...
DBusAuthDataFunction server_data_func
Function on server side for DATA.
dbus_bool_t _dbus_string_hex_decode(const DBusString *source, int start, int *end_return, DBusString *dest, int insert_at)
Decodes a string from hex encoding.
void dbus_free_string_array(char **str_array)
Frees a NULL-terminated array of strings.
dbus_bool_t _dbus_string_array_contains(const char **array, const char *str)
Checks whether a string array contains the given string.
int max_failures
Number of times we reject before disconnect.
void _dbus_auth_unref(DBusAuth *auth)
Decrements the refcount of an auth object.
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with...
dbus_bool_t _dbus_auth_get_bytes_to_send(DBusAuth *auth, const DBusString **str)
Gets bytes that need to be sent to the peer we're conversing with.
Mapping from command name to enum.
Virtual table representing a particular auth mechanism.
void(* DBusAuthShutdownFunction)(DBusAuth *auth)
This function is called when the mechanism is abandoned.
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation.
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
#define FALSE
Expands to "0".
const DBusAuthMechanismHandler * mech
Current auth mechanism.
#define DBUS_AUTH_SERVER(auth)
unsigned int unix_fd_possible
This side could do unix fd passing.
dbus_bool_t _dbus_sha_compute(const DBusString *data, DBusString *ascii_output)
Computes the ASCII hex-encoded shasum of the given data and appends it to the output string...
dbus_bool_t _dbus_string_set_length(DBusString *str, int length)
Sets the length of a string.
dbus_bool_t _dbus_string_copy_len(const DBusString *source, int start, int len, DBusString *dest, int insert_at)
Like _dbus_string_copy(), but can copy a segment from the middle of the source string.
void * dbus_malloc0(size_t bytes)
Allocates the given number of bytes, as with standard malloc(), but all bytes are initialized to zero...
dbus_bool_t _dbus_auth_needs_encoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to encode the message stream with _dbus_auth_en...
DBusCredentials * credentials
Credentials read from socket.
DBusAuth * _dbus_auth_client_new(void)
Creates a new auth conversation object for the client side.
dbus_bool_t _dbus_string_validate_ascii(const DBusString *str, int start, int len)
Checks that the given range of the string is valid ASCII with no nul bytes.
DBusAuth base
Parent class.
dbus_bool_t(* DBusInitialResponseFunction)(DBusAuth *auth, DBusString *response)
This function appends an initial client response to the given string.
dbus_bool_t _dbus_keyring_validate_context(const DBusString *context)
Checks whether the context is a valid context.
#define DBUS_AUTH_IN_END_STATE(auth)
dbus_bool_t dbus_error_is_set(const DBusError *error)
Checks whether an error occurred (the error is set).
DBusString outgoing
Outgoing data buffer.
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
#define DBUS_AUTH_IS_CLIENT(auth)
DBusAuthCommand command
Corresponding enum.
void _dbus_list_clear(DBusList **list)
Frees all links in the list and sets the list head to NULL.
dbus_bool_t _dbus_credentials_add_from_user(DBusCredentials *credentials, const DBusString *username)
Adds the credentials corresponding to the given username.