1 /* -*- mode: C; c-file-style: "gnu" -*- */
2 /* dbus-auth.c Authentication
4 * Copyright (C) 2002 Red Hat Inc.
6 * Licensed under the Academic Free License version 1.2
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include "dbus-auth.h"
24 #include "dbus-string.h"
25 #include "dbus-list.h"
26 #include "dbus-internals.h"
28 /* See doc/dbus-sasl-profile.txt */
31 * @defgroup DBusAuth Authentication
32 * @ingroup DBusInternals
33 * @brief DBusAuth object
35 * DBusAuth manages the authentication negotiation when a connection
36 * is first established, and also manage any encryption used over a
39 * The file doc/dbus-sasl-profile.txt documents the network protocol
40 * used for authentication.
44 * @defgroup DBusAuthInternals Authentication implementation details
45 * @ingroup DBusInternals
46 * @brief DBusAuth implementation details
48 * Private details of authentication code.
54 * Processes a command. Returns whether we had enough memory to
55 * complete the operation.
57 typedef dbus_bool_t (* DBusProcessAuthCommandFunction) (DBusAuth *auth,
58 const DBusString *command,
59 const DBusString *args);
64 DBusProcessAuthCommandFunction func;
65 } DBusAuthCommandHandler;
68 * This function processes a block of data received from the peer.
69 * i.e. handles a DATA command.
71 typedef dbus_bool_t (* DBusAuthDataFunction) (DBusAuth *auth,
72 const DBusString *data);
75 * This function encodes a block of data from the peer.
77 typedef dbus_bool_t (* DBusAuthEncodeFunction) (DBusAuth *auth,
78 const DBusString *data,
82 * This function decodes a block of data from the peer.
84 typedef dbus_bool_t (* DBusAuthDecodeFunction) (DBusAuth *auth,
85 const DBusString *data,
89 * This function is called when the mechanism is abandoned.
91 typedef void (* DBusAuthShutdownFunction) (DBusAuth *auth);
95 const char *mechanism;
96 DBusAuthDataFunction server_data_func;
97 DBusAuthEncodeFunction server_encode_func;
98 DBusAuthDecodeFunction server_decode_func;
99 DBusAuthShutdownFunction server_shutdown_func;
100 DBusAuthDataFunction client_data_func;
101 DBusAuthEncodeFunction client_encode_func;
102 DBusAuthDecodeFunction client_decode_func;
103 DBusAuthShutdownFunction client_shutdown_func;
104 } DBusAuthMechanismHandler;
107 * Internal members of DBusAuth.
111 int refcount; /**< reference count */
113 DBusString incoming; /**< Incoming data buffer */
114 DBusString outgoing; /**< Outgoing data buffer */
116 const DBusAuthCommandHandler *handlers; /**< Handlers for commands */
118 const DBusAuthMechanismHandler *mech; /**< Current auth mechanism */
120 unsigned int needed_memory : 1; /**< We needed memory to continue since last
121 * successful getting something done
123 unsigned int need_disconnect : 1; /**< We've given up, time to disconnect */
124 unsigned int authenticated : 1; /**< We are authenticated */
125 unsigned int authenticated_pending_output : 1; /**< Authenticated once we clear outgoing buffer */
126 unsigned int authenticated_pending_begin : 1; /**< Authenticated once we get BEGIN */
127 unsigned int already_got_mechanisms : 1; /**< Client already got mech list */
134 DBusList *mechs_to_try;
144 static dbus_bool_t process_auth (DBusAuth *auth,
145 const DBusString *command,
146 const DBusString *args);
147 static dbus_bool_t process_cancel (DBusAuth *auth,
148 const DBusString *command,
149 const DBusString *args);
150 static dbus_bool_t process_begin (DBusAuth *auth,
151 const DBusString *command,
152 const DBusString *args);
153 static dbus_bool_t process_data_server (DBusAuth *auth,
154 const DBusString *command,
155 const DBusString *args);
156 static dbus_bool_t process_error_server (DBusAuth *auth,
157 const DBusString *command,
158 const DBusString *args);
159 static dbus_bool_t process_mechanisms (DBusAuth *auth,
160 const DBusString *command,
161 const DBusString *args);
162 static dbus_bool_t process_rejected (DBusAuth *auth,
163 const DBusString *command,
164 const DBusString *args);
165 static dbus_bool_t process_ok (DBusAuth *auth,
166 const DBusString *command,
167 const DBusString *args);
168 static dbus_bool_t process_data_client (DBusAuth *auth,
169 const DBusString *command,
170 const DBusString *args);
171 static dbus_bool_t process_error_client (DBusAuth *auth,
172 const DBusString *command,
173 const DBusString *args);
176 static DBusAuthCommandHandler
177 server_handlers[] = {
178 { "AUTH", process_auth },
179 { "CANCEL", process_cancel },
180 { "BEGIN", process_begin },
181 { "DATA", process_data_server },
182 { "ERROR", process_error_server },
186 static DBusAuthCommandHandler
187 client_handlers[] = {
188 { "MECHANISMS", process_mechanisms },
189 { "REJECTED", process_rejected },
190 { "OK", process_ok },
191 { "DATA", process_data_client },
192 { "ERROR", process_error_client },
197 * @param auth the auth conversation
198 * @returns #TRUE if the conversation is the server side
200 #define DBUS_AUTH_IS_SERVER(auth) ((auth)->handlers == server_handlers)
202 * @param auth the auth conversation
203 * @returns #TRUE if the conversation is the client side
205 #define DBUS_AUTH_IS_CLIENT(auth) ((auth)->handlers == client_handlers)
207 * @param auth the auth conversation
208 * @returns auth cast to DBusAuthClient
210 #define DBUS_AUTH_CLIENT(auth) ((DBusAuthClient*)(auth))
212 * @param auth the auth conversation
213 * @returns auth cast to DBusAuthServer
215 #define DBUS_AUTH_SERVER(auth) ((DBusAuthServer*)(auth))
218 _dbus_auth_new (int size)
222 auth = dbus_malloc0 (size);
228 /* note that we don't use the max string length feature,
229 * because you can't use that feature if you're going to
230 * try to recover from out-of-memory (it creates
231 * what looks like unrecoverable inability to alloc
232 * more space in the string). But we do handle
233 * overlong buffers in _dbus_auth_do_work().
236 if (!_dbus_string_init (&auth->incoming, _DBUS_INT_MAX))
242 if (!_dbus_string_init (&auth->outgoing, _DBUS_INT_MAX))
244 _dbus_string_free (&auth->outgoing);
253 get_state (DBusAuth *auth)
255 if (auth->need_disconnect)
256 return DBUS_AUTH_STATE_NEED_DISCONNECT;
257 else if (auth->authenticated)
259 if (_dbus_string_get_length (&auth->incoming) > 0)
260 return DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES;
262 return DBUS_AUTH_STATE_AUTHENTICATED;
264 else if (auth->needed_memory)
265 return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
266 else if (_dbus_string_get_length (&auth->outgoing) > 0)
267 return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
269 return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
273 shutdown_mech (DBusAuth *auth)
275 /* Cancel any auth */
276 auth->authenticated_pending_begin = FALSE;
277 auth->authenticated = FALSE;
279 if (auth->mech != NULL)
281 _dbus_verbose ("Shutting down mechanism %s\n",
282 auth->mech->mechanism);
284 if (DBUS_AUTH_IS_CLIENT (auth))
285 (* auth->mech->client_shutdown_func) (auth);
287 (* auth->mech->server_shutdown_func) (auth);
294 handle_server_data_stupid_test_mech (DBusAuth *auth,
295 const DBusString *data)
297 if (!_dbus_string_append (&auth->outgoing,
301 auth->authenticated_pending_begin = TRUE;
307 handle_server_shutdown_stupid_test_mech (DBusAuth *auth)
313 handle_client_data_stupid_test_mech (DBusAuth *auth,
314 const DBusString *data)
321 handle_client_shutdown_stupid_test_mech (DBusAuth *auth)
326 /* the stupid test mech is a base64-encoded string;
327 * all the inefficiency, none of the security!
330 handle_encode_stupid_test_mech (DBusAuth *auth,
331 const DBusString *plaintext,
334 if (!_dbus_string_base64_encode (plaintext, 0, encoded, 0))
341 handle_decode_stupid_test_mech (DBusAuth *auth,
342 const DBusString *encoded,
343 DBusString *plaintext)
345 if (!_dbus_string_base64_decode (encoded, 0, plaintext, 0))
351 /* Put mechanisms here in order of preference.
352 * What I eventually want to have is:
354 * - a mechanism that checks UNIX domain socket credentials
355 * - a simple magic cookie mechanism like X11 or ICE
356 * - mechanisms that chain to Cyrus SASL, so we can use anything it
357 * offers such as Kerberos, X509, whatever.
360 static const DBusAuthMechanismHandler
362 { "DBUS_STUPID_TEST_MECH",
363 handle_server_data_stupid_test_mech,
364 handle_encode_stupid_test_mech,
365 handle_decode_stupid_test_mech,
366 handle_server_shutdown_stupid_test_mech,
367 handle_client_data_stupid_test_mech,
368 handle_encode_stupid_test_mech,
369 handle_decode_stupid_test_mech,
370 handle_client_shutdown_stupid_test_mech },
374 static const DBusAuthMechanismHandler*
375 find_mech (const DBusString *name)
380 while (all_mechanisms[i].mechanism != NULL)
382 if (_dbus_string_equal_c_str (name,
383 all_mechanisms[i].mechanism))
385 return &all_mechanisms[i];
394 send_mechanisms (DBusAuth *auth)
399 if (!_dbus_string_init (&command, _DBUS_INT_MAX))
402 if (!_dbus_string_append (&command,
407 while (all_mechanisms[i].mechanism != NULL)
409 if (!_dbus_string_append (&command,
413 if (!_dbus_string_append (&command,
414 all_mechanisms[i].mechanism))
420 if (!_dbus_string_append (&command, "\r\n"))
423 if (!_dbus_string_copy (&command, 0, &auth->outgoing,
424 _dbus_string_get_length (&auth->outgoing)))
430 _dbus_string_free (&command);
435 process_auth (DBusAuth *auth,
436 const DBusString *command,
437 const DBusString *args)
441 /* We are already using a mechanism, client is on crack */
442 if (!_dbus_string_append (&auth->outgoing,
443 "ERROR \"Sent AUTH while another AUTH in progress\"\r\n"))
448 else if (_dbus_string_get_length (args) == 0)
450 /* No args to the auth, send mechanisms */
451 if (!send_mechanisms (auth))
460 DBusString base64_response;
461 DBusString decoded_response;
463 _dbus_string_find_blank (args, 0, &i);
465 if (!_dbus_string_init (&mech, _DBUS_INT_MAX))
468 if (!_dbus_string_init (&base64_response, _DBUS_INT_MAX))
470 _dbus_string_free (&mech);
474 if (!_dbus_string_init (&decoded_response, _DBUS_INT_MAX))
476 _dbus_string_free (&mech);
477 _dbus_string_free (&base64_response);
481 if (!_dbus_string_copy_len (args, 0, i, &mech, 0))
484 if (!_dbus_string_copy (args, i, &base64_response, 0))
487 if (!_dbus_string_base64_decode (&base64_response, 0,
488 &decoded_response, 0))
491 auth->mech = find_mech (&mech);
492 if (auth->mech != NULL)
494 _dbus_verbose ("Trying mechanism %s\n",
495 auth->mech->mechanism);
497 if (!(* auth->mech->server_data_func) (auth,
503 /* Unsupported mechanism */
504 if (!send_mechanisms (auth))
512 _dbus_string_free (&mech);
513 _dbus_string_free (&base64_response);
514 _dbus_string_free (&decoded_response);
520 process_cancel (DBusAuth *auth,
521 const DBusString *command,
522 const DBusString *args)
524 shutdown_mech (auth);
530 process_begin (DBusAuth *auth,
531 const DBusString *command,
532 const DBusString *args)
534 if (auth->authenticated_pending_begin)
535 auth->authenticated = TRUE;
538 auth->need_disconnect = TRUE; /* client trying to send data before auth,
541 shutdown_mech (auth);
548 process_data_server (DBusAuth *auth,
549 const DBusString *command,
550 const DBusString *args)
552 if (auth->mech != NULL)
556 if (!_dbus_string_init (&decoded, _DBUS_INT_MAX))
559 if (!_dbus_string_base64_decode (args, 0, &decoded, 0))
561 _dbus_string_free (&decoded);
565 if (!(* auth->mech->server_data_func) (auth, &decoded))
567 _dbus_string_free (&decoded);
571 _dbus_string_free (&decoded);
575 if (!_dbus_string_append (&auth->outgoing,
576 "ERROR \"Not currently in an auth conversation\"\r\n"))
584 process_error_server (DBusAuth *auth,
585 const DBusString *command,
586 const DBusString *args)
592 /* return FALSE if no memory, TRUE if all OK */
594 get_word (const DBusString *str,
600 _dbus_string_skip_blank (str, *start, start);
601 _dbus_string_find_blank (str, *start, &i);
605 if (!_dbus_string_copy_len (str, *start, i, word, 0))
615 process_mechanisms (DBusAuth *auth,
616 const DBusString *command,
617 const DBusString *args)
622 if (auth->already_got_mechanisms)
625 len = _dbus_string_get_length (args);
631 const DBusAuthMechanismHandler *mech;
633 if (!_dbus_string_init (&m, _DBUS_INT_MAX))
636 if (!get_word (args, &next, &m))
639 mech = find_mech (&m);
643 /* FIXME right now we try mechanisms in the order
644 * the server lists them; should we do them in
645 * some more deterministic order?
647 * Probably in all_mechanisms order, our order of
648 * preference. Of course when the server is us,
649 * it lists things in that order anyhow.
652 _dbus_verbose ("Adding mechanism %s to list we will try\n",
655 if (!_dbus_list_append (& DBUS_AUTH_CLIENT (auth)->mechs_to_try,
663 _dbus_string_get_const_data (&m, &s);
664 _dbus_verbose ("Server offered mechanism \"%s\" that we don't know how to use\n",
668 _dbus_string_free (&m);
671 auth->already_got_mechanisms = TRUE;
676 _dbus_list_clear (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
682 process_rejected (DBusAuth *auth,
683 const DBusString *command,
684 const DBusString *args)
686 shutdown_mech (auth);
688 if (!auth->already_got_mechanisms)
690 /* Ask for mechanisms */
691 if (!_dbus_string_append (&auth->outgoing,
695 else if (DBUS_AUTH_CLIENT (auth)->mechs_to_try != NULL)
697 /* Try next mechanism */
698 const DBusAuthMechanismHandler *mech;
699 DBusString auth_command;
701 mech = DBUS_AUTH_CLIENT (auth)->mechs_to_try->data;
703 if (!_dbus_string_init (&auth_command, _DBUS_INT_MAX))
706 if (!_dbus_string_append (&auth_command,
709 _dbus_string_free (&auth_command);
713 if (!_dbus_string_append (&auth->outgoing,
716 _dbus_string_free (&auth_command);
720 if (!_dbus_string_append (&auth->outgoing,
723 _dbus_string_free (&auth_command);
727 if (!_dbus_string_copy (&auth_command, 0,
729 _dbus_string_get_length (&auth->outgoing)))
731 _dbus_string_free (&auth_command);
736 _dbus_list_pop_first (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
738 _dbus_verbose ("Trying mechanism %s\n",
739 auth->mech->mechanism);
744 auth->need_disconnect = TRUE;
751 process_ok (DBusAuth *auth,
752 const DBusString *command,
753 const DBusString *args)
755 if (!_dbus_string_append (&auth->outgoing,
759 auth->authenticated_pending_output = TRUE;
766 process_data_client (DBusAuth *auth,
767 const DBusString *command,
768 const DBusString *args)
770 if (auth->mech != NULL)
774 if (!_dbus_string_init (&decoded, _DBUS_INT_MAX))
777 if (!_dbus_string_base64_decode (args, 0, &decoded, 0))
779 _dbus_string_free (&decoded);
783 if (!(* auth->mech->client_data_func) (auth, &decoded))
785 _dbus_string_free (&decoded);
789 _dbus_string_free (&decoded);
793 if (!_dbus_string_append (&auth->outgoing,
794 "ERROR \"Got DATA when not in an auth exchange\"\r\n"))
802 process_error_client (DBusAuth *auth,
803 const DBusString *command,
804 const DBusString *args)
810 process_unknown (DBusAuth *auth,
811 const DBusString *command,
812 const DBusString *args)
814 if (!_dbus_string_append (&auth->outgoing,
815 "ERROR \"Unknown command\"\r\n"))
821 /* returns whether to call it again right away */
823 process_command (DBusAuth *auth)
834 if (!_dbus_string_find (&auth->incoming, 0, "\r\n", &eol))
837 if (!_dbus_string_init (&command, _DBUS_INT_MAX))
839 auth->needed_memory = TRUE;
843 if (!_dbus_string_init (&args, _DBUS_INT_MAX))
845 auth->needed_memory = TRUE;
849 if (eol > _DBUS_ONE_MEGABYTE)
851 /* This is a giant line, someone is trying to hose us. */
852 if (!_dbus_string_append (&auth->outgoing, "ERROR \"Command too long\"\r\n"))
858 if (!_dbus_string_copy_len (&auth->incoming, 0, eol, &command, 0))
861 if (!_dbus_string_validate_ascii (&command, 0,
862 _dbus_string_get_length (&command)))
864 _dbus_verbose ("Command contained non-ASCII chars or embedded nul\n");
865 if (!_dbus_string_append (&auth->outgoing, "ERROR \"Command contained non-ASCII\"\r\n"))
873 _dbus_string_get_const_data (&command, &q);
874 _dbus_verbose ("got command \"%s\"\n", q);
877 _dbus_string_find_blank (&command, 0, &i);
878 _dbus_string_skip_blank (&command, i, &j);
881 _dbus_string_delete (&command, i, j - i);
883 if (!_dbus_string_move (&command, i, &args, 0))
887 while (auth->handlers[i].command != NULL)
889 if (_dbus_string_equal_c_str (&command,
890 auth->handlers[i].command))
892 _dbus_verbose ("Processing auth command %s\n",
893 auth->handlers[i].command);
895 if (!(* auth->handlers[i].func) (auth, &command, &args))
903 if (auth->handlers[i].command == NULL)
905 if (!process_unknown (auth, &command, &args))
911 /* We've succeeded in processing the whole command so drop it out
912 * of the incoming buffer and return TRUE to try another command.
915 _dbus_string_delete (&auth->incoming, 0, eol);
918 _dbus_string_delete (&auth->incoming, 0, 2);
923 _dbus_string_free (&args);
924 _dbus_string_free (&command);
927 auth->needed_memory = TRUE;
929 auth->needed_memory = FALSE;
938 * @addtogroup DBusAuth
943 * Creates a new auth conversation object for the server side.
944 * See doc/dbus-sasl-profile.txt for full details on what
947 * @returns the new object or #NULL if no memory
950 _dbus_auth_server_new (void)
954 auth = _dbus_auth_new (sizeof (DBusAuthServer));
958 auth->handlers = server_handlers;
964 * Creates a new auth conversation object for the client side.
965 * See doc/dbus-sasl-profile.txt for full details on what
968 * @returns the new object or #NULL if no memory
971 _dbus_auth_client_new (void)
975 auth = _dbus_auth_new (sizeof (DBusAuthClient));
979 auth->handlers = client_handlers;
981 /* Request an auth */
982 if (!_dbus_string_append (&auth->outgoing,
983 "AUTH DBUS_STUPID_TEST_MECH\r\n"))
985 _dbus_auth_unref (auth);
993 * Increments the refcount of an auth object.
995 * @param auth the auth conversation
998 _dbus_auth_ref (DBusAuth *auth)
1000 _dbus_assert (auth != NULL);
1002 auth->refcount += 1;
1006 * Decrements the refcount of an auth object.
1008 * @param auth the auth conversation
1011 _dbus_auth_unref (DBusAuth *auth)
1013 _dbus_assert (auth != NULL);
1014 _dbus_assert (auth->refcount > 0);
1016 auth->refcount -= 1;
1017 if (auth->refcount == 0)
1019 shutdown_mech (auth);
1021 if (DBUS_AUTH_IS_CLIENT (auth))
1023 _dbus_list_clear (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
1026 _dbus_string_free (&auth->incoming);
1027 _dbus_string_free (&auth->outgoing);
1033 * @param auth the auth conversation object
1034 * @returns #TRUE if we're in a final state
1036 #define DBUS_AUTH_IN_END_STATE(auth) ((auth)->need_disconnect || (auth)->authenticated)
1039 * Analyzes buffered input and moves the auth conversation forward,
1040 * returning the new state of the auth conversation.
1042 * @param auth the auth conversation
1043 * @returns the new state
1046 _dbus_auth_do_work (DBusAuth *auth)
1048 if (DBUS_AUTH_IN_END_STATE (auth))
1049 return get_state (auth);
1051 auth->needed_memory = FALSE;
1053 /* Max amount we'll buffer up before deciding someone's on crack */
1054 #define MAX_BUFFER (16 * 1024)
1058 if (_dbus_string_get_length (&auth->incoming) > MAX_BUFFER ||
1059 _dbus_string_get_length (&auth->outgoing) > MAX_BUFFER)
1061 auth->need_disconnect = TRUE;
1062 _dbus_verbose ("Disconnecting due to excessive data buffered in auth phase\n");
1066 if (auth->mech == NULL &&
1067 auth->already_got_mechanisms &&
1068 DBUS_AUTH_CLIENT (auth)->mechs_to_try == NULL)
1070 auth->need_disconnect = TRUE;
1071 _dbus_verbose ("Disconnecting because we are out of mechanisms to try using\n");
1075 while (process_command (auth));
1077 return get_state (auth);
1081 * Gets bytes that need to be sent to the peer we're conversing with.
1082 * After writing some bytes, _dbus_auth_bytes_sent() must be called
1083 * to notify the auth object that they were written.
1085 * @param auth the auth conversation
1086 * @param str return location for a ref to the buffer to send
1087 * @returns #FALSE if nothing to send
1090 _dbus_auth_get_bytes_to_send (DBusAuth *auth,
1091 const DBusString **str)
1093 _dbus_assert (auth != NULL);
1094 _dbus_assert (str != NULL);
1098 if (DBUS_AUTH_IN_END_STATE (auth))
1101 if (_dbus_string_get_length (&auth->outgoing) == 0)
1104 *str = &auth->outgoing;
1110 * Notifies the auth conversation object that
1111 * the given number of bytes of the outgoing buffer
1112 * have been written out.
1114 * @param auth the auth conversation
1115 * @param bytes_sent number of bytes written out
1118 _dbus_auth_bytes_sent (DBusAuth *auth,
1121 _dbus_string_delete (&auth->outgoing,
1124 if (auth->authenticated_pending_output &&
1125 _dbus_string_get_length (&auth->outgoing) == 0)
1126 auth->authenticated = TRUE;
1130 * Stores bytes received from the peer we're conversing with.
1132 * @param auth the auth conversation
1133 * @param str the received bytes.
1134 * @returns #FALSE if not enough memory to store the bytes.
1137 _dbus_auth_bytes_received (DBusAuth *auth,
1138 const DBusString *str)
1140 _dbus_assert (auth != NULL);
1141 _dbus_assert (str != NULL);
1143 if (DBUS_AUTH_IN_END_STATE (auth))
1146 auth->needed_memory = FALSE;
1148 if (!_dbus_string_copy (str, 0,
1150 _dbus_string_get_length (&auth->incoming)))
1152 auth->needed_memory = TRUE;
1156 _dbus_auth_do_work (auth);
1162 * Returns leftover bytes that were not used as part of the auth
1163 * conversation. These bytes will be part of the message stream
1164 * instead. This function may not be called until authentication has
1167 * @param auth the auth conversation
1168 * @param str string to append the unused bytes to
1169 * @returns #FALSE if not enough memory to return the bytes
1172 _dbus_auth_get_unused_bytes (DBusAuth *auth,
1175 if (!DBUS_AUTH_IN_END_STATE (auth))
1178 if (!_dbus_string_move (&auth->incoming,
1180 _dbus_string_get_length (str)))
1187 * Called post-authentication, indicates whether we need to encode
1188 * the message stream with _dbus_auth_encode_data() prior to
1189 * sending it to the peer.
1191 * @param auth the auth conversation
1192 * @returns #TRUE if we need to encode the stream
1195 _dbus_auth_needs_encoding (DBusAuth *auth)
1197 if (!auth->authenticated)
1200 if (auth->mech != NULL)
1202 if (DBUS_AUTH_IS_CLIENT (auth))
1203 return auth->mech->client_encode_func != NULL;
1205 return auth->mech->server_encode_func != NULL;
1212 * Called post-authentication, encodes a block of bytes for sending to
1213 * the peer. If no encoding was negotiated, just copies the bytes
1214 * (you can avoid this by checking _dbus_auth_needs_encoding()).
1216 * @param auth the auth conversation
1217 * @param plaintext the plain text data
1218 * @param encoded initialized string to fill in with encoded data
1219 * @returns #TRUE if we had enough memory and successfully encoded
1222 _dbus_auth_encode_data (DBusAuth *auth,
1223 const DBusString *plaintext,
1224 DBusString *encoded)
1226 if (!auth->authenticated)
1229 if (_dbus_auth_needs_encoding (auth))
1231 if (DBUS_AUTH_IS_CLIENT (auth))
1232 return (* auth->mech->client_encode_func) (auth, plaintext, encoded);
1234 return (* auth->mech->server_encode_func) (auth, plaintext, encoded);
1238 return _dbus_string_copy (plaintext, 0, encoded, 0);
1243 * Called post-authentication, indicates whether we need to decode
1244 * the message stream with _dbus_auth_decode_data() after
1245 * receiving it from the peer.
1247 * @param auth the auth conversation
1248 * @returns #TRUE if we need to encode the stream
1251 _dbus_auth_needs_decoding (DBusAuth *auth)
1253 if (!auth->authenticated)
1256 if (auth->mech != NULL)
1258 if (DBUS_AUTH_IS_CLIENT (auth))
1259 return auth->mech->client_decode_func != NULL;
1261 return auth->mech->server_decode_func != NULL;
1269 * Called post-authentication, decodes a block of bytes received from
1270 * the peer. If no encoding was negotiated, just copies the bytes (you
1271 * can avoid this by checking _dbus_auth_needs_decoding()).
1273 * @param auth the auth conversation
1274 * @param encoded the encoded data
1275 * @param plaintext initialized string to fill in with decoded data
1276 * @returns #TRUE if we had enough memory and successfully decoded
1279 _dbus_auth_decode_data (DBusAuth *auth,
1280 const DBusString *encoded,
1281 DBusString *plaintext)
1283 if (!auth->authenticated)
1286 if (_dbus_auth_needs_decoding (auth))
1288 if (DBUS_AUTH_IS_CLIENT (auth))
1289 return (* auth->mech->client_decode_func) (auth, encoded, plaintext);
1291 return (* auth->mech->server_decode_func) (auth, encoded, plaintext);
1295 return _dbus_string_copy (encoded, 0, plaintext, 0);