25 #include "dbus-auth.h" 26 #include "dbus-string.h" 27 #include "dbus-list.h" 28 #include "dbus-internals.h" 29 #include "dbus-keyring.h" 31 #include "dbus-protocol.h" 32 #include "dbus-credentials.h" 120 DBUS_AUTH_COMMAND_AUTH,
121 DBUS_AUTH_COMMAND_CANCEL,
122 DBUS_AUTH_COMMAND_DATA,
123 DBUS_AUTH_COMMAND_BEGIN,
124 DBUS_AUTH_COMMAND_REJECTED,
125 DBUS_AUTH_COMMAND_OK,
126 DBUS_AUTH_COMMAND_ERROR,
127 DBUS_AUTH_COMMAND_UNKNOWN,
128 DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD,
129 DBUS_AUTH_COMMAND_AGREE_UNIX_FD
223 static void goto_state (
DBusAuth *auth,
231 const char *message);
253 "WaitingForAuth", handle_server_state_waiting_for_auth
256 "WaitingForData", handle_server_state_waiting_for_data
259 "WaitingForBegin", handle_server_state_waiting_for_begin
283 "WaitingForData", handle_client_state_waiting_for_data
289 "WaitingForOK", handle_client_state_waiting_for_ok
292 "WaitingForReject", handle_client_state_waiting_for_reject
295 "WaitingForAgreeUnixFD", handle_client_state_waiting_for_agree_unix_fd
303 "Authenticated",
NULL 307 "NeedDisconnect",
NULL 310 static const char auth_side_client[] =
"client";
311 static const char auth_side_server[] =
"server";
316 #define DBUS_AUTH_IS_SERVER(auth) ((auth)->side == auth_side_server) 321 #define DBUS_AUTH_IS_CLIENT(auth) ((auth)->side == auth_side_client) 326 #define DBUS_AUTH_CLIENT(auth) ((DBusAuthClient*)(auth)) 331 #define DBUS_AUTH_SERVER(auth) ((DBusAuthServer*)(auth)) 338 #define DBUS_AUTH_NAME(auth) ((auth)->side) 341 _dbus_auth_new (
int size)
432 _dbus_verbose (
"%s: Shutting down mechanism %s\n",
474 if (_dbus_string_get_length (&cookie) == 0)
484 &to_hash, _dbus_string_get_length (&to_hash)))
491 &to_hash, _dbus_string_get_length (&to_hash)))
498 &to_hash, _dbus_string_get_length (&to_hash)))
519 #define N_CHALLENGE_BYTES (128/8) 522 sha1_handle_first_client_response (
DBusAuth *auth,
535 if (_dbus_string_get_length (data) > 0)
537 if (_dbus_string_get_length (&auth->
identity) > 0)
540 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
542 return send_rejected (auth);
554 _dbus_verbose (
"%s: Did not get a valid username from client\n",
556 return send_rejected (auth);
596 _DBUS_ASSERT_ERROR_IS_SET (&error);
597 _dbus_verbose (
"%s: Error loading keyring: %s\n",
599 if (send_rejected (auth))
616 _DBUS_ASSERT_ERROR_IS_SET (&error);
617 _dbus_verbose (
"%s: Could not get a cookie ID to send to client: %s\n",
619 if (send_rejected (auth))
630 &tmp2, _dbus_string_get_length (&tmp2)))
651 _DBUS_ASSERT_ERROR_IS_SET (&error);
652 _dbus_verbose (
"%s: Error generating challenge: %s\n",
654 if (send_rejected (auth))
667 _dbus_string_get_length (&tmp2)))
670 if (!send_data (auth, &tmp2))
673 goto_state (auth, &server_state_waiting_for_data);
686 sha1_handle_second_client_response (
DBusAuth *auth,
704 _dbus_verbose (
"%s: no space separator in client response\n",
706 return send_rejected (auth);
722 _dbus_string_get_length (data) - i,
727 if (_dbus_string_get_length (&client_challenge) == 0 ||
728 _dbus_string_get_length (&client_hash) == 0)
730 _dbus_verbose (
"%s: zero-length client challenge or hash\n",
732 if (send_rejected (auth))
740 if (!sha1_compute_hash (auth, auth->
cookie_id,
747 if (_dbus_string_get_length (&correct_hash) == 0)
749 if (send_rejected (auth))
756 if (send_rejected (auth))
768 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
775 _dbus_verbose (
"%s: authenticated client using DBUS_COOKIE_SHA1\n",
793 handle_server_data_cookie_sha1_mech (
DBusAuth *auth,
797 return sha1_handle_first_client_response (auth, data);
799 return sha1_handle_second_client_response (auth, data);
803 handle_server_shutdown_cookie_sha1_mech (
DBusAuth *auth)
810 handle_client_initial_response_cookie_sha1_mech (
DBusAuth *auth,
826 _dbus_string_get_length (response)))
838 handle_client_data_cookie_sha1_mech (
DBusAuth *auth,
858 if (send_error (auth,
859 "Server did not send context/ID/challenge properly"))
874 if (send_error (auth,
875 "Server did not send context/ID/challenge properly"))
892 j = _dbus_string_get_length (data);
895 &server_challenge, 0))
900 if (send_error (auth,
"Server sent invalid cookie context"))
907 if (send_error (auth,
"Could not parse cookie ID as an integer"))
912 if (_dbus_string_get_length (&server_challenge) == 0)
914 if (send_error (auth,
"Empty server challenge string"))
935 _DBUS_ASSERT_ERROR_IS_SET (&error);
937 _dbus_verbose (
"%s: Error loading keyring: %s\n",
940 if (send_error (auth,
"Could not load cookie file"))
967 _DBUS_ASSERT_ERROR_IS_SET (&error);
969 _dbus_verbose (
"%s: Failed to generate challenge: %s\n",
972 if (send_error (auth,
"Failed to generate challenge"))
989 if (!sha1_compute_hash (auth, val,
995 if (_dbus_string_get_length (&correct_hash) == 0)
998 if (send_error (auth,
"Don't have the requested cookie ID"))
1006 _dbus_string_get_length (&tmp)))
1013 _dbus_string_get_length (&tmp)))
1016 if (!send_data (auth, &tmp))
1040 handle_client_shutdown_cookie_sha1_mech (
DBusAuth *auth)
1051 handle_server_data_external_mech (
DBusAuth *auth,
1056 _dbus_verbose (
"%s: no credentials, mechanism EXTERNAL can't authenticate\n",
1058 return send_rejected (auth);
1061 if (_dbus_string_get_length (data) > 0)
1063 if (_dbus_string_get_length (&auth->
identity) > 0)
1066 _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
1068 return send_rejected (auth);
1079 if (_dbus_string_get_length (&auth->
identity) == 0 &&
1082 if (send_data (auth,
NULL))
1084 _dbus_verbose (
"%s: sending empty challenge asking client for auth identity\n",
1087 goto_state (auth, &server_state_waiting_for_data);
1101 if (_dbus_string_get_length (&auth->
identity) == 0)
1114 _dbus_verbose (
"%s: could not get credentials from uid string\n",
1116 return send_rejected (auth);
1122 _dbus_verbose (
"%s: desired user %s is no good\n",
1124 _dbus_string_get_const_data (&auth->
identity));
1125 return send_rejected (auth);
1139 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1144 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
1149 DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
1153 if (!send_ok (auth))
1156 _dbus_verbose (
"%s: authenticated client based on socket credentials\n",
1163 _dbus_verbose (
"%s: desired identity not found in socket credentials\n",
1165 return send_rejected (auth);
1170 handle_server_shutdown_external_mech (
DBusAuth *auth)
1176 handle_client_initial_response_external_mech (
DBusAuth *auth,
1194 _dbus_string_get_length (response)))
1207 handle_client_data_external_mech (
DBusAuth *auth,
1215 handle_client_shutdown_external_mech (
DBusAuth *auth)
1225 handle_server_data_anonymous_mech (
DBusAuth *auth,
1228 if (_dbus_string_get_length (data) > 0)
1237 _dbus_verbose (
"%s: Received invalid UTF-8 trace data from ANONYMOUS client\n",
1239 return send_rejected (auth);
1242 _dbus_verbose (
"%s: ANONYMOUS client sent trace string: '%s'\n",
1244 _dbus_string_get_const_data (data));
1253 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1258 if (!send_ok (auth))
1261 _dbus_verbose (
"%s: authenticated client as anonymous\n",
1268 handle_server_shutdown_anonymous_mech (
DBusAuth *auth)
1274 handle_client_initial_response_anonymous_mech (
DBusAuth *auth,
1294 _dbus_string_get_length (response)))
1307 handle_client_data_anonymous_mech (
DBusAuth *auth,
1315 handle_client_shutdown_anonymous_mech (
DBusAuth *auth)
1332 all_mechanisms[] = {
1334 handle_server_data_external_mech,
1336 handle_server_shutdown_external_mech,
1337 handle_client_initial_response_external_mech,
1338 handle_client_data_external_mech,
1340 handle_client_shutdown_external_mech },
1341 {
"DBUS_COOKIE_SHA1",
1342 handle_server_data_cookie_sha1_mech,
1344 handle_server_shutdown_cookie_sha1_mech,
1345 handle_client_initial_response_cookie_sha1_mech,
1346 handle_client_data_cookie_sha1_mech,
1348 handle_client_shutdown_cookie_sha1_mech },
1350 handle_server_data_anonymous_mech,
1352 handle_server_shutdown_anonymous_mech,
1353 handle_client_initial_response_anonymous_mech,
1354 handle_client_data_anonymous_mech,
1356 handle_client_shutdown_anonymous_mech },
1362 char **allowed_mechs)
1366 if (allowed_mechs !=
NULL &&
1368 _dbus_string_get_const_data (name)))
1372 while (all_mechanisms[i].mechanism !=
NULL)
1375 all_mechanisms[i].mechanism))
1377 return &all_mechanisms[i];
1431 _dbus_string_get_length (&auth->
outgoing)))
1438 shutdown_mech (auth);
1440 goto_state (auth, &client_state_waiting_for_data);
1450 if (data ==
NULL || _dbus_string_get_length (data) == 0)
1454 old_len = _dbus_string_get_length (&auth->
outgoing);
1459 _dbus_string_get_length (&auth->
outgoing)))
1493 all_mechanisms[i].mechanism))
1501 all_mechanisms[i].mechanism))
1509 _dbus_string_get_length (&auth->
outgoing)))
1512 shutdown_mech (auth);
1519 goto_state (auth, &common_state_need_disconnect);
1521 goto_state (auth, &server_state_waiting_for_auth);
1533 send_error (
DBusAuth *auth,
const char *message)
1536 "ERROR \"%s\"\r\n", message);
1544 orig_len = _dbus_string_get_length (&auth->
outgoing);
1550 _dbus_string_get_length (&auth->
outgoing)) &&
1553 goto_state (auth, &server_state_waiting_for_begin);
1571 goto_state (auth, &common_state_authenticated);
1594 if (end_of_hex != _dbus_string_get_length (args_from_ok) ||
1597 _dbus_verbose (
"Bad GUID from server, parsed %d bytes and had %d bytes from server\n",
1598 end_of_hex, _dbus_string_get_length (args_from_ok));
1599 goto_state (auth, &common_state_need_disconnect);
1608 _dbus_verbose (
"Got GUID '%s' from the server\n",
1609 _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server));
1612 return send_negotiate_unix_fd(auth);
1614 _dbus_verbose(
"Not negotiating unix fd passing, since not possible\n");
1615 return send_begin (auth);
1623 goto_state (auth, &client_state_waiting_for_reject);
1647 if (_dbus_string_get_length (args) != end)
1650 if (!send_error (auth,
"Invalid hex encoding"))
1656 #ifdef DBUS_ENABLE_VERBOSE_MODE 1658 _dbus_string_get_length (&decoded)))
1659 _dbus_verbose (
"%s: data: '%s'\n",
1661 _dbus_string_get_const_data (&decoded));
1664 if (!(* data_func) (auth, &decoded))
1675 send_negotiate_unix_fd (
DBusAuth *auth)
1678 "NEGOTIATE_UNIX_FD\r\n"))
1681 goto_state (auth, &client_state_waiting_for_agree_unix_fd);
1686 send_agree_unix_fd (
DBusAuth *auth)
1691 _dbus_verbose(
"Agreed to UNIX FD passing\n");
1694 "AGREE_UNIX_FD\r\n"))
1697 goto_state (auth, &server_state_waiting_for_begin);
1704 if (_dbus_string_get_length (args) == 0)
1707 if (!send_rejected (auth))
1739 _dbus_verbose (
"%s: Trying mechanism %s\n",
1743 if (!process_data (auth, &hex_response,
1750 _dbus_verbose (
"%s: Unsupported mechanism %s\n",
1752 _dbus_string_get_const_data (&mech));
1754 if (!send_rejected (auth))
1772 handle_server_state_waiting_for_auth (
DBusAuth *auth,
1778 case DBUS_AUTH_COMMAND_AUTH:
1779 return handle_auth (auth, args);
1781 case DBUS_AUTH_COMMAND_CANCEL:
1782 case DBUS_AUTH_COMMAND_DATA:
1783 return send_error (auth,
"Not currently in an auth conversation");
1785 case DBUS_AUTH_COMMAND_BEGIN:
1786 goto_state (auth, &common_state_need_disconnect);
1789 case DBUS_AUTH_COMMAND_ERROR:
1790 return send_rejected (auth);
1792 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1793 return send_error (auth,
"Need to authenticate first");
1795 case DBUS_AUTH_COMMAND_REJECTED:
1796 case DBUS_AUTH_COMMAND_OK:
1797 case DBUS_AUTH_COMMAND_UNKNOWN:
1798 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1800 return send_error (auth,
"Unknown command");
1805 handle_server_state_waiting_for_data (
DBusAuth *auth,
1811 case DBUS_AUTH_COMMAND_AUTH:
1812 return send_error (auth,
"Sent AUTH while another AUTH in progress");
1814 case DBUS_AUTH_COMMAND_CANCEL:
1815 case DBUS_AUTH_COMMAND_ERROR:
1816 return send_rejected (auth);
1818 case DBUS_AUTH_COMMAND_DATA:
1821 case DBUS_AUTH_COMMAND_BEGIN:
1822 goto_state (auth, &common_state_need_disconnect);
1825 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1826 return send_error (auth,
"Need to authenticate first");
1828 case DBUS_AUTH_COMMAND_REJECTED:
1829 case DBUS_AUTH_COMMAND_OK:
1830 case DBUS_AUTH_COMMAND_UNKNOWN:
1831 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1833 return send_error (auth,
"Unknown command");
1838 handle_server_state_waiting_for_begin (
DBusAuth *auth,
1844 case DBUS_AUTH_COMMAND_AUTH:
1845 return send_error (auth,
"Sent AUTH while expecting BEGIN");
1847 case DBUS_AUTH_COMMAND_DATA:
1848 return send_error (auth,
"Sent DATA while expecting BEGIN");
1850 case DBUS_AUTH_COMMAND_BEGIN:
1851 goto_state (auth, &common_state_authenticated);
1854 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1856 return send_agree_unix_fd(auth);
1858 return send_error(auth,
"Unix FD passing not supported, not authenticated or otherwise not possible");
1860 case DBUS_AUTH_COMMAND_REJECTED:
1861 case DBUS_AUTH_COMMAND_OK:
1862 case DBUS_AUTH_COMMAND_UNKNOWN:
1863 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1865 return send_error (auth,
"Unknown command");
1867 case DBUS_AUTH_COMMAND_CANCEL:
1868 case DBUS_AUTH_COMMAND_ERROR:
1869 return send_rejected (auth);
1905 len = _dbus_string_get_length (args);
1916 if (!get_word (args, &next, &m))
1935 if (mech != &all_mechanisms[0])
1937 _dbus_verbose (
"%s: Adding mechanism %s to list we will try\n",
1949 _dbus_verbose (
"%s: Already tried mechanism %s; not adding to list we will try\n",
1955 _dbus_verbose (
"%s: Server offered mechanism \"%s\" that we don't know how to use\n",
1957 _dbus_string_get_const_data (&m));
1983 if (!record_mechanisms (auth, args))
1991 if (!send_auth (auth, mech))
1996 _dbus_verbose (
"%s: Trying mechanism %s\n",
2003 _dbus_verbose (
"%s: Disconnecting because we are out of mechanisms to try using\n",
2005 goto_state (auth, &common_state_need_disconnect);
2013 handle_client_state_waiting_for_data (
DBusAuth *auth,
2021 case DBUS_AUTH_COMMAND_DATA:
2024 case DBUS_AUTH_COMMAND_REJECTED:
2025 return process_rejected (auth, args);
2027 case DBUS_AUTH_COMMAND_OK:
2028 return process_ok(auth, args);
2030 case DBUS_AUTH_COMMAND_ERROR:
2031 return send_cancel (auth);
2033 case DBUS_AUTH_COMMAND_AUTH:
2034 case DBUS_AUTH_COMMAND_CANCEL:
2035 case DBUS_AUTH_COMMAND_BEGIN:
2036 case DBUS_AUTH_COMMAND_UNKNOWN:
2037 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2038 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2040 return send_error (auth,
"Unknown command");
2045 handle_client_state_waiting_for_ok (
DBusAuth *auth,
2051 case DBUS_AUTH_COMMAND_REJECTED:
2052 return process_rejected (auth, args);
2054 case DBUS_AUTH_COMMAND_OK:
2055 return process_ok(auth, args);
2057 case DBUS_AUTH_COMMAND_DATA:
2058 case DBUS_AUTH_COMMAND_ERROR:
2059 return send_cancel (auth);
2061 case DBUS_AUTH_COMMAND_AUTH:
2062 case DBUS_AUTH_COMMAND_CANCEL:
2063 case DBUS_AUTH_COMMAND_BEGIN:
2064 case DBUS_AUTH_COMMAND_UNKNOWN:
2065 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2066 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2068 return send_error (auth,
"Unknown command");
2073 handle_client_state_waiting_for_reject (
DBusAuth *auth,
2079 case DBUS_AUTH_COMMAND_REJECTED:
2080 return process_rejected (auth, args);
2082 case DBUS_AUTH_COMMAND_AUTH:
2083 case DBUS_AUTH_COMMAND_CANCEL:
2084 case DBUS_AUTH_COMMAND_DATA:
2085 case DBUS_AUTH_COMMAND_BEGIN:
2086 case DBUS_AUTH_COMMAND_OK:
2087 case DBUS_AUTH_COMMAND_ERROR:
2088 case DBUS_AUTH_COMMAND_UNKNOWN:
2089 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2090 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2092 goto_state (auth, &common_state_need_disconnect);
2098 handle_client_state_waiting_for_agree_unix_fd(
DBusAuth *auth,
2104 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2107 _dbus_verbose(
"Successfully negotiated UNIX FD passing\n");
2108 return send_begin (auth);
2110 case DBUS_AUTH_COMMAND_ERROR:
2113 _dbus_verbose(
"Failed to negotiate UNIX FD passing\n");
2114 return send_begin (auth);
2116 case DBUS_AUTH_COMMAND_OK:
2117 case DBUS_AUTH_COMMAND_DATA:
2118 case DBUS_AUTH_COMMAND_REJECTED:
2119 case DBUS_AUTH_COMMAND_AUTH:
2120 case DBUS_AUTH_COMMAND_CANCEL:
2121 case DBUS_AUTH_COMMAND_BEGIN:
2122 case DBUS_AUTH_COMMAND_UNKNOWN:
2123 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2125 return send_error (auth,
"Unknown command");
2138 {
"AUTH", DBUS_AUTH_COMMAND_AUTH },
2139 {
"CANCEL", DBUS_AUTH_COMMAND_CANCEL },
2140 {
"DATA", DBUS_AUTH_COMMAND_DATA },
2141 {
"BEGIN", DBUS_AUTH_COMMAND_BEGIN },
2142 {
"REJECTED", DBUS_AUTH_COMMAND_REJECTED },
2143 {
"OK", DBUS_AUTH_COMMAND_OK },
2144 {
"ERROR", DBUS_AUTH_COMMAND_ERROR },
2145 {
"NEGOTIATE_UNIX_FD", DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD },
2146 {
"AGREE_UNIX_FD", DBUS_AUTH_COMMAND_AGREE_UNIX_FD }
2150 lookup_command_from_name (
DBusString *command)
2157 auth_command_names[i].name))
2158 return auth_command_names[i].command;
2161 return DBUS_AUTH_COMMAND_UNKNOWN;
2168 _dbus_verbose (
"%s: going from state %s to state %s\n",
2173 auth->
state = state;
2212 _dbus_string_get_length (&line)))
2214 _dbus_verbose (
"%s: Command contained non-ASCII chars or embedded nul\n",
2216 if (!send_error (auth,
"Command contained non-ASCII"))
2222 _dbus_verbose (
"%s: got command \"%s\"\n",
2224 _dbus_string_get_const_data (&line));
2239 command = lookup_command_from_name (&line);
2306 auth->
side = auth_side_server;
2307 auth->
state = &server_state_waiting_for_auth;
2311 server_auth->
guid = guid_copy;
2347 auth->
side = auth_side_client;
2348 auth->
state = &client_state_need_send_auth;
2352 if (!send_auth (auth, &all_mechanisms[0]))
2391 shutdown_mech (auth);
2434 const char **mechanisms)
2438 if (mechanisms !=
NULL)
2458 #define DBUS_AUTH_IN_END_STATE(auth) ((auth)->state->handler == NULL) 2473 #define MAX_BUFFER (16 * _DBUS_ONE_KILOBYTE) 2480 if (_dbus_string_get_length (&auth->
incoming) > MAX_BUFFER ||
2481 _dbus_string_get_length (&auth->
outgoing) > MAX_BUFFER)
2483 goto_state (auth, &common_state_need_disconnect);
2484 _dbus_verbose (
"%s: Disconnecting due to excessive data buffered in auth phase\n",
2489 while (process_command (auth));
2492 return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
2493 else if (_dbus_string_get_length (&auth->
outgoing) > 0)
2494 return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
2495 else if (auth->
state == &common_state_need_disconnect)
2496 return DBUS_AUTH_STATE_NEED_DISCONNECT;
2497 else if (auth->
state == &common_state_authenticated)
2498 return DBUS_AUTH_STATE_AUTHENTICATED;
2499 else return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
2520 if (_dbus_string_get_length (&auth->
outgoing) == 0)
2540 _dbus_verbose (
"%s: Sent %d bytes of: %s\n",
2543 _dbus_string_get_const_data (&auth->
outgoing));
2630 if (auth->
state != &common_state_authenticated)
2661 if (auth->
state != &common_state_authenticated)
2674 _dbus_string_get_length (encoded));
2689 if (auth->
state != &common_state_authenticated)
2724 if (auth->
state != &common_state_authenticated)
2737 _dbus_string_get_length (plaintext));
2770 if (auth->
state == &common_state_authenticated)
2796 if (auth->
state == &common_state_authenticated)
2797 return _dbus_string_get_const_data (&
DBUS_AUTH_CLIENT (auth)->guid_from_server);
2815 &auth->
context, 0, _dbus_string_get_length (context));
2854 return find_mech (name,
NULL) !=
NULL;
dbus_bool_t dbus_error_has_name(const DBusError *error, const char *name)
Checks whether the error is set and has the given name.
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString.
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_parse_int(const DBusString *str, int start, long *value_return, int *end_return)
Parses an integer contained in a DBusString.
const char * message
public error message field
void _dbus_auth_delete_unused_bytes(DBusAuth *auth)
Gets rid of unused bytes returned by _dbus_auth_get_unused_bytes() after we've gotten them and succes...
#define NULL
A null pointer, defined appropriately for C or C++.
dbus_bool_t _dbus_auth_dump_supported_mechanisms(DBusString *buffer)
Return a human-readable string containing all supported auth mechanisms.
void _dbus_auth_get_unused_bytes(DBusAuth *auth, const DBusString **str)
Returns leftover bytes that were not used as part of the auth conversation.
void _dbus_keyring_unref(DBusKeyring *keyring)
Decrements refcount and finalizes if it reaches zero.
dbus_bool_t _dbus_string_equal(const DBusString *a, const DBusString *b)
Tests two DBusString for equality.
DBusAuthDecodeFunction client_decode_func
Function on client side for decode.
DBusAuthEncodeFunction server_encode_func
Function on server side to encode.
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
DBusAuthCommand
Enumeration for the known authentication commands.
dbus_bool_t _dbus_auth_needs_decoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to decode the message stream with _dbus_auth_de...
dbus_bool_t _dbus_string_hex_encode(const DBusString *source, int start, DBusString *dest, int insert_at)
Encodes a string in hex, the way MD5 and SHA-1 are usually encoded.
unsigned int buffer_outstanding
Buffer is "checked out" for reading data into.
DBusList * mechs_to_try
Mechanisms we got from the server that we're going to try using.
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_append_int(DBusString *str, long value)
Appends an integer to a DBusString.
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_auth_encode_data(DBusAuth *auth, const DBusString *plaintext, DBusString *encoded)
Called post-authentication, encodes a block of bytes for sending to the peer.
Internals of DBusKeyring.
dbus_bool_t _dbus_auth_set_context(DBusAuth *auth, const DBusString *context)
Sets the "authentication context" which scopes cookies with the DBUS_COOKIE_SHA1 auth mechanism for e...
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
#define DBUS_ERROR_INIT
Expands to a suitable initializer for a DBusError on the stack.
void * data
Data stored at this element.
void _dbus_auth_return_buffer(DBusAuth *auth, DBusString *buffer)
Returns a buffer with new data read into it.
DBusAuthState _dbus_auth_do_work(DBusAuth *auth)
Analyzes buffered input and moves the auth conversation forward, returning the new state of the auth ...
void dbus_error_free(DBusError *error)
Frees an error that's been set (or just initialized), then reinitializes the error as in dbus_error_i...
const char * mechanism
Name of the mechanism.
unsigned int unix_fd_negotiated
Unix fd was successfully negotiated.
dbus_bool_t _dbus_keyring_get_hex_key(DBusKeyring *keyring, int key_id, DBusString *hex_key)
Gets the hex-encoded secret key for the given ID.
dbus_bool_t _dbus_auth_set_mechanisms(DBusAuth *auth, const char **mechanisms)
Sets an array of authentication mechanism names that we are willing to use.
dbus_bool_t _dbus_auth_is_supported_mechanism(DBusString *name)
Queries whether the given auth mechanism is supported.
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string.
DBusAuthShutdownFunction server_shutdown_func
Function on server side to shut down.
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that's copied to the d...
DBusKeyring * keyring
Keyring for cookie mechanism.
DBusString context
Cookie scope.
dbus_bool_t(* DBusAuthDataFunction)(DBusAuth *auth, const DBusString *data)
This function processes a block of data received from the peer.
dbus_bool_t _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
Queries whether unix fd passing was successfully negotiated.
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object.
dbus_bool_t _dbus_string_find(const DBusString *str, int start, const char *substr, int *found)
Finds the given substring in the string, returning TRUE and filling in the byte index where the subst...
DBusString guid
Our globally unique ID in hex encoding.
const char * side
Client or server.
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
DBusString guid_from_server
GUID received from server.
DBusCredentials * _dbus_auth_get_identity(DBusAuth *auth)
Gets the identity we authorized the client as.
void _dbus_auth_get_buffer(DBusAuth *auth, DBusString **buffer)
Get a buffer to be used for reading bytes from the peer we're conversing with.
DBusString challenge
Challenge sent to client.
#define DBUS_VERSION_STRING
The COMPILE TIME version of libdbus, as a string "X.Y.Z".
dbus_bool_t _dbus_auth_decode_data(DBusAuth *auth, const DBusString *encoded, DBusString *plaintext)
Called post-authentication, decodes a block of bytes received from the peer.
DBusCredentials * authorized_identity
Credentials that are authorized.
DBusAuthDecodeFunction server_decode_func
Function on server side to decode.
dbus_bool_t _dbus_string_move(DBusString *source, int start, DBusString *dest, int insert_at)
Moves the end of one string into another string.
dbus_bool_t _dbus_append_user_from_current_process(DBusString *str)
Append to the string the identity we would like to have when we authenticate, on UNIX this is the cur...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity.
dbus_bool_t _dbus_string_equal_c_str(const DBusString *a, const char *c_str)
Checks whether a string is equal to a C string.
void _dbus_auth_bytes_sent(DBusAuth *auth, int bytes_sent)
Notifies the auth conversation object that the given number of bytes of the outgoing buffer have been...
Internal members of DBusAuth.
DBusInitialResponseFunction client_initial_response_func
Function on client side to handle initial response.
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
"Subclass" of DBusAuth for server side.
DBusAuthStateFunction handler
State function for this state.
DBusAuthDataFunction client_data_func
Function on client side for DATA.
const DBusAuthStateData * state
Current protocol state.
dbus_bool_t _dbus_string_replace_len(const DBusString *source, int start, int len, DBusString *dest, int replace_at, int replace_len)
Replaces a segment of dest string with a segment of source string.
"Subclass" of DBusAuth for client side
DBusCredentials * desired_identity
Identity client has requested.
void _dbus_string_skip_blank(const DBusString *str, int start, int *end)
Skips blanks from start, storing the first non-blank in *end (blank is space or tab).
DBusAuth * _dbus_auth_server_new(const DBusString *guid)
Creates a new auth conversation object for the server side.
unsigned int needed_memory
We needed memory to continue since last successful getting something done.
#define DBUS_AUTH_NAME(auth)
The name of the auth ("client" or "server")
DBusAuth * _dbus_auth_ref(DBusAuth *auth)
Increments the refcount of an auth object.
unsigned int already_asked_for_initial_response
Already sent a blank challenge to get an initial response.
void _dbus_string_delete(DBusString *str, int start, int len)
Deletes a segment of a DBusString with length len starting at start.
DBusString identity
Current identity we're authorizing as.
dbus_bool_t(* DBusInitialResponseFunction)(DBusAuth *auth, DBusString *response)
This function appends an initial client response to the given string.
dbus_bool_t _dbus_list_append(DBusList **list, void *data)
Appends a value to the list.
unsigned int already_got_mechanisms
Client already got mech list.
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString.
void _dbus_string_zero(DBusString *str)
Clears all allocated bytes in the string to zero.
int cookie_id
ID of cookie to use.
Information about a auth state.
Object representing an exception.
dbus_bool_t(* DBusAuthStateFunction)(DBusAuth *auth, DBusAuthCommand command, const DBusString *args)
Auth state function, determines the reaction to incoming events for a particular state.
int _dbus_keyring_get_best_key(DBusKeyring *keyring, DBusError *error)
Gets a recent key to use for authentication.
dbus_bool_t _dbus_string_validate_utf8(const DBusString *str, int start, int len)
Checks that the given range of the string is valid UTF-8.
DBusAuth base
Parent class.
DBusAuthShutdownFunction client_shutdown_func
Function on client side for shutdown.
void * _dbus_list_pop_first(DBusList **list)
Removes the first value in the list and returns it.
int refcount
reference count
const char * _dbus_auth_get_guid_from_server(DBusAuth *auth)
Gets the GUID from the server if we've authenticated; gets NULL otherwise.
#define _DBUS_N_ELEMENTS(array)
Computes the number of elements in a fixed-size array using sizeof().
char ** allowed_mechs
Mechanisms we're allowed to use, or NULL if we can use any.
const char * name
Name of the command.
dbus_bool_t(* DBusAuthDecodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *decoded)
This function decodes a block of data from the peer.
#define DBUS_AUTH_CLIENT(auth)
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init().
char ** _dbus_dup_string_array(const char **array)
Duplicates a string array.
#define TRUE
Expands to "1".
int failures
Number of times client has been rejected.
#define DBUS_AUTH_IS_SERVER(auth)
void(* DBusAuthShutdownFunction)(DBusAuth *auth)
This function is called when the mechanism is abandoned.
#define N_CHALLENGE_BYTES
http://www.ietf.org/rfc/rfc2831.txt suggests at least 64 bits of entropy, we use 128.
dbus_bool_t _dbus_string_find_blank(const DBusString *str, int start, int *found)
Finds a blank (space or tab) in the string.
DBusString incoming
Incoming data buffer.
dbus_bool_t _dbus_auth_set_credentials(DBusAuth *auth, DBusCredentials *credentials)
Sets credentials received via reliable means from the operating system.
dbus_bool_t _dbus_keyring_is_for_credentials(DBusKeyring *keyring, DBusCredentials *credentials)
Checks whether the keyring is for the same user as the given credentials.
void _dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b)
Sets whether unix fd passing is potentially on the transport and hence shall be negotiated.
const char * name
Name of the state.
DBusAuthEncodeFunction client_encode_func
Function on client side for encode.
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object.
DBusKeyring * _dbus_keyring_new_for_credentials(DBusCredentials *credentials, const DBusString *context, DBusError *error)
Creates a new keyring that lives in the ~/.dbus-keyrings directory of the user represented by credent...
DBusAuthDataFunction server_data_func
Function on server side for DATA.
dbus_bool_t(* DBusAuthEncodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *encoded)
This function encodes a block of data from the peer.
dbus_bool_t _dbus_string_hex_decode(const DBusString *source, int start, int *end_return, DBusString *dest, int insert_at)
Decodes a string from hex encoding.
void dbus_free_string_array(char **str_array)
Frees a NULL-terminated array of strings.
dbus_bool_t _dbus_string_array_contains(const char **array, const char *str)
Checks whether a string array contains the given string.
int max_failures
Number of times we reject before disconnect.
void _dbus_auth_unref(DBusAuth *auth)
Decrements the refcount of an auth object.
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with...
dbus_bool_t _dbus_auth_get_bytes_to_send(DBusAuth *auth, const DBusString **str)
Gets bytes that need to be sent to the peer we're conversing with.
Mapping from command name to enum.
Virtual table representing a particular auth mechanism.
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation.
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials.
#define FALSE
Expands to "0".
const DBusAuthMechanismHandler * mech
Current auth mechanism.
#define DBUS_AUTH_SERVER(auth)
unsigned int unix_fd_possible
This side could do unix fd passing.
dbus_bool_t _dbus_sha_compute(const DBusString *data, DBusString *ascii_output)
Computes the ASCII hex-encoded shasum of the given data and appends it to the output string...
dbus_bool_t _dbus_string_set_length(DBusString *str, int length)
Sets the length of a string.
dbus_bool_t _dbus_string_copy_len(const DBusString *source, int start, int len, DBusString *dest, int insert_at)
Like _dbus_string_copy(), but can copy a segment from the middle of the source string.
void * dbus_malloc0(size_t bytes)
Allocates the given number of bytes, as with standard malloc(), but all bytes are initialized to zero...
dbus_bool_t _dbus_auth_needs_encoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to encode the message stream with _dbus_auth_en...
DBusCredentials * credentials
Credentials read from socket.
DBusAuth * _dbus_auth_client_new(void)
Creates a new auth conversation object for the client side.
dbus_bool_t _dbus_string_validate_ascii(const DBusString *str, int start, int len)
Checks that the given range of the string is valid ASCII with no nul bytes.
DBusAuth base
Parent class.
dbus_bool_t _dbus_keyring_validate_context(const DBusString *context)
Checks whether the context is a valid context.
#define DBUS_AUTH_IN_END_STATE(auth)
dbus_bool_t dbus_error_is_set(const DBusError *error)
Checks whether an error occurred (the error is set).
DBusString outgoing
Outgoing data buffer.
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything.
#define DBUS_AUTH_IS_CLIENT(auth)
DBusAuthCommand command
Corresponding enum.
void _dbus_list_clear(DBusList **list)
Frees all links in the list and sets the list head to NULL.
dbus_bool_t _dbus_credentials_add_from_user(DBusCredentials *credentials, const DBusString *username)
Adds the credentials corresponding to the given username.