25 #include "dbus-keyring.h"
26 #include "dbus-protocol.h"
27 #include <dbus/dbus-string.h>
28 #include <dbus/dbus-list.h>
29 #include <dbus/dbus-sysdeps.h>
67 #define NEW_KEY_TIMEOUT_SECONDS (60*5)
73 #define EXPIRE_KEYS_TIMEOUT_SECONDS (NEW_KEY_TIMEOUT_SECONDS + (60*2))
77 #define MAX_TIME_TRAVEL_SECONDS (60*5)
83 #ifdef DBUS_ENABLE_EMBEDDED_TESTS
84 #define MAX_KEYS_IN_FILE 10
86 #define MAX_KEYS_IN_FILE 256
123 _dbus_keyring_new (
void)
191 #define MAX_LOCK_TIMEOUTS 32
193 #define LOCK_TIMEOUT_MILLISECONDS 250
209 _dbus_verbose (
"Did not get lock file, sleeping %d milliseconds (%s)\n",
222 _dbus_verbose (
"Lock file timed out %d times, assuming stale\n",
227 _dbus_verbose (
"Couldn't delete old lock file: %s\n",
236 _dbus_verbose (
"Couldn't create lock file after deleting stale one: %s\n",
253 _dbus_warn (
"Failed to delete lock file: %s\n",
269 if (keys[i].
id ==
id)
287 const unsigned char *s;
292 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
310 s = (
const unsigned char*) _dbus_string_get_const_data (&bytes);
312 id = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
317 if (find_key_by_id (keys, n_keys,
id) !=
NULL)
320 _dbus_verbose (
"Key ID %d already existed, trying another one\n",
325 _dbus_verbose (
"Creating key with ID %d\n",
id);
327 #define KEY_LENGTH_BYTES 24
354 keys[n_keys-1].
id = id;
357 &keys[n_keys-1].secret,
404 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
431 if (!_dbus_keyring_lock (keyring))
434 "Could not lock keyring file to add to it");
446 _dbus_verbose (
"Failed to load keyring file: %s\n",
453 _dbus_string_get_length (&contents)))
455 _dbus_warn (
"Secret keyring file contains non-ASCII! Ignoring existing contents\n");
479 _dbus_verbose (
"could not parse secret key ID at start of line\n");
485 _dbus_verbose (
"invalid secret key ID at start of line\n");
495 _dbus_verbose (
"could not parse secret key timestamp\n");
503 _dbus_verbose (
"dropping/ignoring %ld-seconds old key with timestamp %ld as current time is %ld\n",
504 now - timestamp, timestamp, now);
510 len = _dbus_string_get_length (&line);
512 if ((len - next) == 0)
514 _dbus_verbose (
"no secret key after ID and timestamp\n");
536 keys[n_keys-1].
id = id;
539 &keys[n_keys-1].secret, 0))
545 if (_dbus_string_get_length (&line) != end)
547 _dbus_verbose (
"invalid hex encoding in keyring file\n");
554 _dbus_verbose (
"Successfully loaded %d existing keys\n",
559 if (!add_new_key (&keys, &n_keys, error))
561 _dbus_verbose (
"Failed to generate new key: %s\n",
562 error ? error->
message :
"(unknown)");
579 keys[i].creation_time))
587 _dbus_string_get_length (&contents)))
608 keyring->
keys = keys;
617 _dbus_keyring_unlock (keyring);
622 if (error && error->
name)
623 _dbus_verbose (
"error is %s: %s\n", error->
name, error->
message);
624 _dbus_warn (
"returning %d but error pointer %p name %s\n",
625 retval, error, error->
name ? error->
name :
"(none)");
715 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
720 "Unable to create DBus keyring when setuid");
726 our_credentials =
NULL;
734 if (credentials !=
NULL)
743 if (our_credentials ==
NULL)
756 keyring = _dbus_keyring_new ();
762 our_credentials =
NULL;
770 "Invalid context in keyring creation");
798 if (!_dbus_keyring_reload (keyring,
FALSE, &tmp_error))
800 _dbus_verbose (
"didn't load an existing keyring: %s\n",
813 _dbus_verbose (
"Creating keyring directory: %s\n",
851 if (_dbus_string_get_length (context) == 0)
853 _dbus_verbose (
"context is zero-length\n");
858 _dbus_string_get_length (context)))
860 _dbus_verbose (
"context not valid ascii\n");
867 _dbus_verbose (
"context contains a slash\n");
873 _dbus_verbose (
"context contains a backslash\n");
882 _dbus_verbose (
"context contains a dot\n");
889 _dbus_verbose (
"context contains a blank\n");
895 _dbus_verbose (
"context contains a newline\n");
901 _dbus_verbose (
"context contains a carriage return\n");
912 long tv_sec, tv_usec;
917 while (i < keyring->n_keys)
921 _dbus_verbose (
"Key %d is %ld seconds old\n",
950 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
952 key = find_recent_key (keyring);
959 if (!_dbus_keyring_reload (keyring,
TRUE,
963 key = find_recent_key (keyring);
970 "No recent-enough key found in keyring, and unable to create a new key");
1009 key = find_key_by_id (keyring->
keys,
1017 _dbus_string_get_length (hex_key));
1022 #ifdef DBUS_ENABLE_EMBEDDED_TESTS
1023 #include "dbus-test.h"
1027 _dbus_keyring_test (
void)
1086 fprintf (stderr,
"Could not load keyring: %s\n", error.
message);
1097 fprintf (stderr,
"Different number of keys in keyrings\n");
1105 while (i < ring1->n_keys)
1109 fprintf (stderr,
"Keyring 1 has first key ID %d and keyring 2 has %d\n",
1116 fprintf (stderr,
"Keyring 1 has first key time %ld and keyring 2 has %ld\n",
1124 fprintf (stderr,
"Keyrings 1 and 2 have different secrets for same ID/timestamp\n");
1131 printf (
" %d keys in test\n", ring1->
n_keys);
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString.
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_parse_int(const DBusString *str, int start, long *value_return, int *end_return)
Parses an integer contained in a DBusString.
dbus_int32_t id
identifier used to refer to the key
int refcount
Reference count.
const char * message
public error message field
#define NULL
A null pointer, defined appropriately for C or C++.
dbus_bool_t _dbus_check_dir_is_private_to_user(DBusString *dir, DBusError *error)
Checks to make sure the given directory is private to the user.
void _dbus_keyring_unref(DBusKeyring *keyring)
Decrements refcount and finalizes if it reaches zero.
#define MAX_KEYS_IN_FILE
Maximum number of keys in the keyring before we just ignore the rest.
dbus_bool_t _dbus_string_equal(const DBusString *a, const DBusString *b)
Tests two DBusString for equality.
DBusCredentials * _dbus_credentials_copy(DBusCredentials *credentials)
Copy a credentials object.
dbus_bool_t _dbus_create_file_exclusively(const DBusString *filename, DBusError *error)
Creates the given file, failing if the file already exists.
void * dbus_realloc(void *memory, size_t bytes)
Resizes a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
dbus_bool_t _dbus_ensure_directory(const DBusString *filename, DBusError *error)
Creates a directory; succeeds if the directory is created or already existed.
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
#define EXPIRE_KEYS_TIMEOUT_SECONDS
The time after which we drop a key from the secrets file.
dbus_bool_t _dbus_string_save_to_file(const DBusString *str, const DBusString *filename, dbus_bool_t world_readable, DBusError *error)
Writes a string out to a file.
dbus_bool_t _dbus_string_hex_encode(const DBusString *source, int start, DBusString *dest, int insert_at)
Encodes a string in hex, the way MD5 and SHA-1 are usually encoded.
#define DBUS_ERROR_NOT_SUPPORTED
Requested operation isn't supported (like ENOSYS on UNIX).
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_append_int(DBusString *str, long value)
Appends an integer to a DBusString.
Internals of DBusKeyring.
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
#define DBUS_ERROR_INIT
Expands to a suitable initializer for a DBusError on the stack.
dbus_bool_t _dbus_check_setuid(void)
NOTE: If you modify this function, please also consider making the corresponding change in GLib...
void dbus_error_free(DBusError *error)
Frees an error that's been set (or just initialized), then reinitializes the error as in dbus_error_i...
dbus_bool_t _dbus_file_get_contents(DBusString *str, const DBusString *filename, DBusError *error)
Appends the contents of the given file to the string, returning error code.
dbus_bool_t _dbus_keyring_get_hex_key(DBusKeyring *keyring, int key_id, DBusString *hex_key)
Gets the hex-encoded secret key for the given ID.
dbus_bool_t _dbus_concat_dir_and_file(DBusString *dir, const DBusString *next_component)
Appends the given filename to the given directory.
int n_keys
Number of keys.
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string.
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that's copied to the d...
dbus_bool_t _dbus_string_find(const DBusString *str, int start, const char *substr, int *found)
Finds the given substring in the string, returning TRUE and filling in the byte index where the subst...
dbus_bool_t _dbus_delete_file(const DBusString *filename, DBusError *error)
Deletes the given file.
DBusCredentials * credentials
Credentials containing user the keyring is for.
dbus_bool_t _dbus_string_move(DBusString *source, int start, DBusString *dest, int insert_at)
Moves the end of one string into another string.
#define dbus_new0(type, count)
Safe macro for using dbus_malloc0().
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
#define LOCK_TIMEOUT_MILLISECONDS
Length of each timeout while waiting for a lock.
DBusString filename
Keyring filename.
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
void _dbus_string_init_const(DBusString *str, const char *value)
Initializes a constant string.
void _dbus_string_skip_blank(const DBusString *str, int start, int *end)
Skips blanks from start, storing the first non-blank in *end (blank is space or tab).
long creation_time
when the key was generated, as unix timestamp.
DBusCredentials * _dbus_credentials_new_from_current_process(void)
Creates a new object with credentials (user ID and process ID) from the current process.
dbus_bool_t _dbus_string_pop_line(DBusString *source, DBusString *dest)
Assigns a newline-terminated or \r\n-terminated line from the front of the string to the given dest s...
void _dbus_warn(const char *format,...)
Prints a warning message to stderr.
dbus_bool_t _dbus_append_keyring_directory_for_credentials(DBusString *directory, DBusCredentials *credentials)
Appends the directory in which a keyring for the given credentials should be stored.
void _dbus_string_zero(DBusString *str)
Clears all allocated bytes in the string to zero.
Object representing an exception.
int _dbus_keyring_get_best_key(DBusKeyring *keyring, DBusError *error)
Gets a recent key to use for authentication.
void dbus_set_error(DBusError *error, const char *name, const char *format,...)
Assigns an error name and message to a DBusError.
DBusKey * keys
Keys loaded from the file.
#define NEW_KEY_TIMEOUT_SECONDS
The maximum age of a key before we create a new key to use in challenges.
dbus_bool_t _dbus_string_append_byte(DBusString *str, unsigned char byte)
Appends a single byte to the string, returning FALSE if not enough memory.
DBusString directory
Directory the below two items are inside.
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init().
dbus_bool_t _dbus_credentials_add_from_current_process(DBusCredentials *credentials)
Adds the credentials of the current process to the passed-in credentials object.
#define TRUE
Expands to "1".
#define _dbus_assert_not_reached(explanation)
Aborts with an error message if called.
#define DBUS_ERROR_FAILED
A generic error; "something went wrong" - see the error message for more.
const char * name
public error name field
#define MAX_LOCK_TIMEOUTS
Maximum number of timeouts waiting for lock before we decide it's stale.
DBusString filename_lock
Name of lockfile.
dbus_bool_t _dbus_string_find_blank(const DBusString *str, int start, int *found)
Finds a blank (space or tab) in the string.
dbus_bool_t _dbus_keyring_is_for_credentials(DBusKeyring *keyring, DBusCredentials *credentials)
Checks whether the keyring is for the same user as the given credentials.
DBusKeyring * _dbus_keyring_new_for_credentials(DBusCredentials *credentials, const DBusString *context, DBusError *error)
Creates a new keyring that lives in the ~/.dbus-keyrings directory of the user represented by credent...
void dbus_error_init(DBusError *error)
Initializes a DBusError structure.
dbus_bool_t _dbus_string_hex_decode(const DBusString *source, int start, int *end_return, DBusString *dest, int insert_at)
Decodes a string from hex encoding.
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with...
#define MAX_TIME_TRAVEL_SECONDS
The maximum amount of time a key can be in the future.
DBusString secret
the actual key
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation.
#define _DBUS_INT32_MAX
Maximum value of type "int32".
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
#define FALSE
Expands to "0".
dbus_bool_t _dbus_credentials_same_user(DBusCredentials *credentials, DBusCredentials *other_credentials)
Check whether the user-identifying credentials in two credentials objects are identical.
void dbus_set_error_const(DBusError *error, const char *name, const char *message)
Assigns an error name and message to a DBusError.
dbus_bool_t _dbus_string_set_length(DBusString *str, int length)
Sets the length of a string.
void _dbus_sleep_milliseconds(int milliseconds)
Sleeps the given number of milliseconds.
dbus_bool_t _dbus_string_validate_ascii(const DBusString *str, int start, int len)
Checks that the given range of the string is valid ASCII with no nul bytes.
dbus_bool_t _dbus_keyring_validate_context(const DBusString *context)
Checks whether the context is a valid context.
void _dbus_get_real_time(long *tv_sec, long *tv_usec)
Get current time, as in gettimeofday().
DBusKeyring * _dbus_keyring_ref(DBusKeyring *keyring)
Increments reference count of the keyring.
A single key from the cookie file.