1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-auth.c Authentication
4 * Copyright (C) 2002, 2003, 2004 Red Hat Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
25 #include "dbus-auth.h"
26 #include "dbus-string.h"
27 #include "dbus-list.h"
28 #include "dbus-internals.h"
29 #include "dbus-keyring.h"
31 #include "dbus-protocol.h"
32 #include "dbus-credentials.h"
33 #include "dbus-authorization.h"
36 * @defgroup DBusAuth Authentication
37 * @ingroup DBusInternals
38 * @brief DBusAuth object
40 * DBusAuth manages the authentication negotiation when a connection
41 * is first established, and also manage any encryption used over a
44 * @todo some SASL profiles require sending the empty string as a
45 * challenge/response, but we don't currently allow that in our
48 * @todo right now sometimes both ends will block waiting for input
49 * from the other end, e.g. if there's an error during
52 * @todo the cookie keyring needs to be cached globally not just
53 * per-auth (which raises threadsafety issues too)
55 * @todo grep FIXME in dbus-auth.c
59 * @defgroup DBusAuthInternals Authentication implementation details
60 * @ingroup DBusInternals
61 * @brief DBusAuth implementation details
63 * Private details of authentication code.
69 * This function appends an initial client response to the given string
71 typedef dbus_bool_t (* DBusInitialResponseFunction) (DBusAuth *auth,
72 DBusString *response);
75 * This function processes a block of data received from the peer.
76 * i.e. handles a DATA command.
78 typedef dbus_bool_t (* DBusAuthDataFunction) (DBusAuth *auth,
79 const DBusString *data);
82 * This function encodes a block of data from the peer.
84 typedef dbus_bool_t (* DBusAuthEncodeFunction) (DBusAuth *auth,
85 const DBusString *data,
89 * This function decodes a block of data from the peer.
91 typedef dbus_bool_t (* DBusAuthDecodeFunction) (DBusAuth *auth,
92 const DBusString *data,
96 * This function is called when the mechanism is abandoned.
98 typedef void (* DBusAuthShutdownFunction) (DBusAuth *auth);
101 * Virtual table representing a particular auth mechanism.
105 const char *mechanism; /**< Name of the mechanism */
106 DBusAuthDataFunction server_data_func; /**< Function on server side for DATA */
107 DBusAuthEncodeFunction server_encode_func; /**< Function on server side to encode */
108 DBusAuthDecodeFunction server_decode_func; /**< Function on server side to decode */
109 DBusAuthShutdownFunction server_shutdown_func; /**< Function on server side to shut down */
110 DBusInitialResponseFunction client_initial_response_func; /**< Function on client side to handle initial response */
111 DBusAuthDataFunction client_data_func; /**< Function on client side for DATA */
112 DBusAuthEncodeFunction client_encode_func; /**< Function on client side for encode */
113 DBusAuthDecodeFunction client_decode_func; /**< Function on client side for decode */
114 DBusAuthShutdownFunction client_shutdown_func; /**< Function on client side for shutdown */
115 } DBusAuthMechanismHandler;
118 * Enumeration for the known authentication commands.
121 DBUS_AUTH_COMMAND_AUTH,
122 DBUS_AUTH_COMMAND_CANCEL,
123 DBUS_AUTH_COMMAND_DATA,
124 DBUS_AUTH_COMMAND_BEGIN,
125 DBUS_AUTH_COMMAND_REJECTED,
126 DBUS_AUTH_COMMAND_OK,
127 DBUS_AUTH_COMMAND_ERROR,
128 DBUS_AUTH_COMMAND_UNKNOWN,
129 DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD,
130 DBUS_AUTH_COMMAND_AGREE_UNIX_FD
134 * Auth state function, determines the reaction to incoming events for
135 * a particular state. Returns whether we had enough memory to
136 * complete the operation.
138 typedef dbus_bool_t (* DBusAuthStateFunction) (DBusAuth *auth,
139 DBusAuthCommand command,
140 const DBusString *args);
143 * Information about a auth state.
147 const char *name; /**< Name of the state */
148 DBusAuthStateFunction handler; /**< State function for this state */
152 * Internal members of DBusAuth.
156 int refcount; /**< reference count */
157 const char *side; /**< Client or server */
159 DBusString incoming; /**< Incoming data buffer */
160 DBusString outgoing; /**< Outgoing data buffer */
162 const DBusAuthStateData *state; /**< Current protocol state */
164 const DBusAuthMechanismHandler *mech; /**< Current auth mechanism */
166 DBusString identity; /**< Current identity we're authorizing
170 DBusCredentials *credentials; /**< Credentials read from socket
173 DBusCredentials *authenticated_identity; /**< Credentials that are authorized */
175 DBusCredentials *desired_identity; /**< Identity client has requested */
177 DBusString context; /**< Cookie scope */
178 DBusKeyring *keyring; /**< Keyring for cookie mechanism. */
179 int cookie_id; /**< ID of cookie to use */
180 DBusString challenge; /**< Challenge sent to client */
182 char **allowed_mechs; /**< Mechanisms we're allowed to use,
183 * or #NULL if we can use any
186 unsigned int needed_memory : 1; /**< We needed memory to continue since last
187 * successful getting something done
189 unsigned int already_got_mechanisms : 1; /**< Client already got mech list */
190 unsigned int already_asked_for_initial_response : 1; /**< Already sent a blank challenge to get an initial response */
191 unsigned int buffer_outstanding : 1; /**< Buffer is "checked out" for reading data into */
193 unsigned int unix_fd_possible : 1; /**< This side could do unix fd passing */
194 unsigned int unix_fd_negotiated : 1; /**< Unix fd was successfully negotiated */
198 * "Subclass" of DBusAuth for client side
202 DBusAuth base; /**< Parent class */
204 DBusList *mechs_to_try; /**< Mechanisms we got from the server that we're going to try using */
206 DBusString guid_from_server; /**< GUID received from server */
211 * "Subclass" of DBusAuth for server side.
215 DBusAuth base; /**< Parent class */
217 DBusAuthorization *authorization; /* DBus Authorization callbacks */
219 int failures; /**< Number of times client has been rejected */
220 int max_failures; /**< Number of times we reject before disconnect */
222 DBusString guid; /**< Our globally unique ID in hex encoding */
226 static void goto_state (DBusAuth *auth,
227 const DBusAuthStateData *new_state);
228 static dbus_bool_t send_auth (DBusAuth *auth,
229 const DBusAuthMechanismHandler *mech);
230 static dbus_bool_t send_data (DBusAuth *auth,
232 static dbus_bool_t send_rejected (DBusAuth *auth);
233 static dbus_bool_t send_error (DBusAuth *auth,
234 const char *message);
235 static dbus_bool_t send_ok (DBusAuth *auth);
236 static dbus_bool_t send_begin (DBusAuth *auth);
237 static dbus_bool_t send_cancel (DBusAuth *auth);
238 static dbus_bool_t send_negotiate_unix_fd (DBusAuth *auth);
239 static dbus_bool_t send_agree_unix_fd (DBusAuth *auth);
245 static dbus_bool_t handle_server_state_waiting_for_auth (DBusAuth *auth,
246 DBusAuthCommand command,
247 const DBusString *args);
248 static dbus_bool_t handle_server_state_waiting_for_data (DBusAuth *auth,
249 DBusAuthCommand command,
250 const DBusString *args);
251 static dbus_bool_t handle_server_state_waiting_for_begin (DBusAuth *auth,
252 DBusAuthCommand command,
253 const DBusString *args);
255 static const DBusAuthStateData server_state_waiting_for_auth = {
256 "WaitingForAuth", handle_server_state_waiting_for_auth
258 static const DBusAuthStateData server_state_waiting_for_data = {
259 "WaitingForData", handle_server_state_waiting_for_data
261 static const DBusAuthStateData server_state_waiting_for_begin = {
262 "WaitingForBegin", handle_server_state_waiting_for_begin
269 static dbus_bool_t handle_client_state_waiting_for_data (DBusAuth *auth,
270 DBusAuthCommand command,
271 const DBusString *args);
272 static dbus_bool_t handle_client_state_waiting_for_ok (DBusAuth *auth,
273 DBusAuthCommand command,
274 const DBusString *args);
275 static dbus_bool_t handle_client_state_waiting_for_reject (DBusAuth *auth,
276 DBusAuthCommand command,
277 const DBusString *args);
278 static dbus_bool_t handle_client_state_waiting_for_agree_unix_fd (DBusAuth *auth,
279 DBusAuthCommand command,
280 const DBusString *args);
282 static const DBusAuthStateData client_state_need_send_auth = {
285 static const DBusAuthStateData client_state_waiting_for_data = {
286 "WaitingForData", handle_client_state_waiting_for_data
288 static const DBusAuthStateData client_state_waiting_for_ok = {
289 "WaitingForOK", handle_client_state_waiting_for_ok
291 static const DBusAuthStateData client_state_waiting_for_reject = {
292 "WaitingForReject", handle_client_state_waiting_for_reject
294 static const DBusAuthStateData client_state_waiting_for_agree_unix_fd = {
295 "WaitingForAgreeUnixFD", handle_client_state_waiting_for_agree_unix_fd
299 * Common terminal states. Terminal states have handler == NULL.
302 static const DBusAuthStateData common_state_authenticated = {
303 "Authenticated", NULL
306 static const DBusAuthStateData common_state_need_disconnect = {
307 "NeedDisconnect", NULL
310 static const char auth_side_client[] = "client";
311 static const char auth_side_server[] = "server";
313 * @param auth the auth conversation
314 * @returns #TRUE if the conversation is the server side
316 #define DBUS_AUTH_IS_SERVER(auth) ((auth)->side == auth_side_server)
318 * @param auth the auth conversation
319 * @returns #TRUE if the conversation is the client side
321 #define DBUS_AUTH_IS_CLIENT(auth) ((auth)->side == auth_side_client)
323 * @param auth the auth conversation
324 * @returns auth cast to DBusAuthClient
326 #define DBUS_AUTH_CLIENT(auth) ((DBusAuthClient*)(auth))
328 * @param auth the auth conversation
329 * @returns auth cast to DBusAuthServer
331 #define DBUS_AUTH_SERVER(auth) ((DBusAuthServer*)(auth))
334 * The name of the auth ("client" or "server")
335 * @param auth the auth conversation
338 #define DBUS_AUTH_NAME(auth) ((auth)->side)
341 _dbus_auth_new (int size)
345 auth = dbus_malloc0 (size);
351 auth->keyring = NULL;
352 auth->cookie_id = -1;
354 /* note that we don't use the max string length feature,
355 * because you can't use that feature if you're going to
356 * try to recover from out-of-memory (it creates
357 * what looks like unrecoverable inability to alloc
358 * more space in the string). But we do handle
359 * overlong buffers in _dbus_auth_do_work().
362 if (!_dbus_string_init (&auth->incoming))
365 if (!_dbus_string_init (&auth->outgoing))
368 if (!_dbus_string_init (&auth->identity))
371 if (!_dbus_string_init (&auth->context))
374 if (!_dbus_string_init (&auth->challenge))
377 /* default context if none is specified */
378 if (!_dbus_string_append (&auth->context, "org_freedesktop_general"))
381 auth->credentials = _dbus_credentials_new ();
382 if (auth->credentials == NULL)
385 auth->authenticated_identity = _dbus_credentials_new ();
386 if (auth->authenticated_identity == NULL)
389 auth->desired_identity = _dbus_credentials_new ();
390 if (auth->desired_identity == NULL)
397 _dbus_credentials_unref (auth->desired_identity);
400 _dbus_credentials_unref (auth->authenticated_identity);
402 _dbus_credentials_unref (auth->credentials);
404 /* last alloc was an append to context, which is freed already below */ ;
406 _dbus_string_free (&auth->challenge);
408 _dbus_string_free (&auth->context);
410 _dbus_string_free (&auth->identity);
412 _dbus_string_free (&auth->outgoing);
414 _dbus_string_free (&auth->incoming);
421 shutdown_mech (DBusAuth *auth)
423 /* Cancel any auth */
424 auth->already_asked_for_initial_response = FALSE;
425 _dbus_string_set_length (&auth->identity, 0);
427 _dbus_credentials_clear (auth->authenticated_identity);
428 _dbus_credentials_clear (auth->desired_identity);
430 if (auth->mech != NULL)
432 _dbus_verbose ("%s: Shutting down mechanism %s\n",
433 DBUS_AUTH_NAME (auth), auth->mech->mechanism);
435 if (DBUS_AUTH_IS_CLIENT (auth))
436 (* auth->mech->client_shutdown_func) (auth);
438 (* auth->mech->server_shutdown_func) (auth);
445 * DBUS_COOKIE_SHA1 mechanism
448 /* Returns TRUE but with an empty string hash if the
449 * cookie_id isn't known. As with all this code
450 * TRUE just means we had enough memory.
453 sha1_compute_hash (DBusAuth *auth,
455 const DBusString *server_challenge,
456 const DBusString *client_challenge,
463 _dbus_assert (auth->keyring != NULL);
467 if (!_dbus_string_init (&cookie))
470 if (!_dbus_keyring_get_hex_key (auth->keyring, cookie_id,
474 if (_dbus_string_get_length (&cookie) == 0)
480 if (!_dbus_string_init (&to_hash))
483 if (!_dbus_string_copy (server_challenge, 0,
484 &to_hash, _dbus_string_get_length (&to_hash)))
487 if (!_dbus_string_append (&to_hash, ":"))
490 if (!_dbus_string_copy (client_challenge, 0,
491 &to_hash, _dbus_string_get_length (&to_hash)))
494 if (!_dbus_string_append (&to_hash, ":"))
497 if (!_dbus_string_copy (&cookie, 0,
498 &to_hash, _dbus_string_get_length (&to_hash)))
501 if (!_dbus_sha_compute (&to_hash, hash))
507 _dbus_string_zero (&to_hash);
508 _dbus_string_free (&to_hash);
510 _dbus_string_zero (&cookie);
511 _dbus_string_free (&cookie);
515 /** http://www.ietf.org/rfc/rfc2831.txt suggests at least 64 bits of
516 * entropy, we use 128. This is the number of bytes in the random
519 #define N_CHALLENGE_BYTES (128/8)
522 sha1_handle_first_client_response (DBusAuth *auth,
523 const DBusString *data)
525 /* We haven't sent a challenge yet, we're expecting a desired
526 * username from the client.
535 _dbus_string_set_length (&auth->challenge, 0);
537 if (_dbus_string_get_length (data) > 0)
539 if (_dbus_string_get_length (&auth->identity) > 0)
541 /* Tried to send two auth identities, wtf */
542 _dbus_verbose ("%s: client tried to send auth identity, but we already have one\n",
543 DBUS_AUTH_NAME (auth));
544 return send_rejected (auth);
548 /* this is our auth identity */
549 if (!_dbus_string_copy (data, 0, &auth->identity, 0))
554 if (!_dbus_credentials_add_from_user (auth->desired_identity, data))
556 _dbus_verbose ("%s: Did not get a valid username from client\n",
557 DBUS_AUTH_NAME (auth));
558 return send_rejected (auth);
561 if (!_dbus_string_init (&tmp))
564 if (!_dbus_string_init (&tmp2))
566 _dbus_string_free (&tmp);
570 /* we cache the keyring for speed, so here we drop it if it's the
571 * wrong one. FIXME caching the keyring here is useless since we use
572 * a different DBusAuth for every connection.
575 !_dbus_keyring_is_for_credentials (auth->keyring,
576 auth->desired_identity))
578 _dbus_keyring_unref (auth->keyring);
579 auth->keyring = NULL;
582 if (auth->keyring == NULL)
584 dbus_error_init (&error);
585 auth->keyring = _dbus_keyring_new_for_credentials (auth->desired_identity,
589 if (auth->keyring == NULL)
591 if (dbus_error_has_name (&error,
592 DBUS_ERROR_NO_MEMORY))
594 dbus_error_free (&error);
599 _DBUS_ASSERT_ERROR_IS_SET (&error);
600 _dbus_verbose ("%s: Error loading keyring: %s\n",
601 DBUS_AUTH_NAME (auth), error.message);
602 if (send_rejected (auth))
603 retval = TRUE; /* retval is only about mem */
604 dbus_error_free (&error);
610 _dbus_assert (!dbus_error_is_set (&error));
614 _dbus_assert (auth->keyring != NULL);
616 dbus_error_init (&error);
617 auth->cookie_id = _dbus_keyring_get_best_key (auth->keyring, &error);
618 if (auth->cookie_id < 0)
620 _DBUS_ASSERT_ERROR_IS_SET (&error);
621 _dbus_verbose ("%s: Could not get a cookie ID to send to client: %s\n",
622 DBUS_AUTH_NAME (auth), error.message);
623 if (send_rejected (auth))
625 dbus_error_free (&error);
630 _dbus_assert (!dbus_error_is_set (&error));
633 if (!_dbus_string_copy (&auth->context, 0,
634 &tmp2, _dbus_string_get_length (&tmp2)))
637 if (!_dbus_string_append (&tmp2, " "))
640 if (!_dbus_string_append_int (&tmp2, auth->cookie_id))
643 if (!_dbus_string_append (&tmp2, " "))
646 if (!_dbus_generate_random_bytes (&tmp, N_CHALLENGE_BYTES))
649 _dbus_string_set_length (&auth->challenge, 0);
650 if (!_dbus_string_hex_encode (&tmp, 0, &auth->challenge, 0))
653 if (!_dbus_string_hex_encode (&tmp, 0, &tmp2,
654 _dbus_string_get_length (&tmp2)))
657 if (!send_data (auth, &tmp2))
660 goto_state (auth, &server_state_waiting_for_data);
664 _dbus_string_zero (&tmp);
665 _dbus_string_free (&tmp);
666 _dbus_string_zero (&tmp2);
667 _dbus_string_free (&tmp2);
673 sha1_handle_second_client_response (DBusAuth *auth,
674 const DBusString *data)
676 /* We are expecting a response which is the hex-encoded client
677 * challenge, space, then SHA-1 hash of the concatenation of our
678 * challenge, ":", client challenge, ":", secret key, all
682 DBusString client_challenge;
683 DBusString client_hash;
685 DBusString correct_hash;
689 if (!_dbus_string_find_blank (data, 0, &i))
691 _dbus_verbose ("%s: no space separator in client response\n",
692 DBUS_AUTH_NAME (auth));
693 return send_rejected (auth);
696 if (!_dbus_string_init (&client_challenge))
699 if (!_dbus_string_init (&client_hash))
702 if (!_dbus_string_copy_len (data, 0, i, &client_challenge,
706 _dbus_string_skip_blank (data, i, &i);
708 if (!_dbus_string_copy_len (data, i,
709 _dbus_string_get_length (data) - i,
714 if (_dbus_string_get_length (&client_challenge) == 0 ||
715 _dbus_string_get_length (&client_hash) == 0)
717 _dbus_verbose ("%s: zero-length client challenge or hash\n",
718 DBUS_AUTH_NAME (auth));
719 if (send_rejected (auth))
724 if (!_dbus_string_init (&correct_hash))
727 if (!sha1_compute_hash (auth, auth->cookie_id,
733 /* if cookie_id was invalid, then we get an empty hash */
734 if (_dbus_string_get_length (&correct_hash) == 0)
736 if (send_rejected (auth))
741 if (!_dbus_string_equal (&client_hash, &correct_hash))
743 if (send_rejected (auth))
748 if (!_dbus_credentials_add_credentials (auth->authenticated_identity,
749 auth->desired_identity))
752 /* Copy process ID from the socket credentials if it's there
754 if (!_dbus_credentials_add_credential (auth->authenticated_identity,
755 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
762 _dbus_verbose ("%s: authenticated client using DBUS_COOKIE_SHA1\n",
763 DBUS_AUTH_NAME (auth));
768 _dbus_string_zero (&correct_hash);
769 _dbus_string_free (&correct_hash);
771 _dbus_string_zero (&client_hash);
772 _dbus_string_free (&client_hash);
774 _dbus_string_free (&client_challenge);
780 handle_server_data_cookie_sha1_mech (DBusAuth *auth,
781 const DBusString *data)
783 if (auth->cookie_id < 0)
784 return sha1_handle_first_client_response (auth, data);
786 return sha1_handle_second_client_response (auth, data);
790 handle_server_shutdown_cookie_sha1_mech (DBusAuth *auth)
792 auth->cookie_id = -1;
793 _dbus_string_set_length (&auth->challenge, 0);
797 handle_client_initial_response_cookie_sha1_mech (DBusAuth *auth,
798 DBusString *response)
805 if (!_dbus_string_init (&username))
808 if (!_dbus_append_user_from_current_process (&username))
811 if (!_dbus_string_hex_encode (&username, 0,
813 _dbus_string_get_length (response)))
819 _dbus_string_free (&username);
825 handle_client_data_cookie_sha1_mech (DBusAuth *auth,
826 const DBusString *data)
828 /* The data we get from the server should be the cookie context
829 * name, the cookie ID, and the server challenge, separated by
830 * spaces. We send back our challenge string and the correct hash.
834 DBusString cookie_id_str;
835 DBusString server_challenge;
836 DBusString client_challenge;
837 DBusString correct_hash;
844 if (!_dbus_string_find_blank (data, 0, &i))
846 if (send_error (auth,
847 "Server did not send context/ID/challenge properly"))
852 if (!_dbus_string_init (&context))
855 if (!_dbus_string_copy_len (data, 0, i,
859 _dbus_string_skip_blank (data, i, &i);
860 if (!_dbus_string_find_blank (data, i, &j))
862 if (send_error (auth,
863 "Server did not send context/ID/challenge properly"))
868 if (!_dbus_string_init (&cookie_id_str))
871 if (!_dbus_string_copy_len (data, i, j - i,
875 if (!_dbus_string_init (&server_challenge))
879 _dbus_string_skip_blank (data, i, &i);
880 j = _dbus_string_get_length (data);
882 if (!_dbus_string_copy_len (data, i, j - i,
883 &server_challenge, 0))
886 if (!_dbus_keyring_validate_context (&context))
888 if (send_error (auth, "Server sent invalid cookie context"))
893 if (!_dbus_string_parse_int (&cookie_id_str, 0, &val, NULL))
895 if (send_error (auth, "Could not parse cookie ID as an integer"))
900 if (_dbus_string_get_length (&server_challenge) == 0)
902 if (send_error (auth, "Empty server challenge string"))
907 if (auth->keyring == NULL)
911 dbus_error_init (&error);
912 auth->keyring = _dbus_keyring_new_for_credentials (NULL,
916 if (auth->keyring == NULL)
918 if (dbus_error_has_name (&error,
919 DBUS_ERROR_NO_MEMORY))
921 dbus_error_free (&error);
926 _DBUS_ASSERT_ERROR_IS_SET (&error);
928 _dbus_verbose ("%s: Error loading keyring: %s\n",
929 DBUS_AUTH_NAME (auth), error.message);
931 if (send_error (auth, "Could not load cookie file"))
932 retval = TRUE; /* retval is only about mem */
934 dbus_error_free (&error);
940 _dbus_assert (!dbus_error_is_set (&error));
944 _dbus_assert (auth->keyring != NULL);
946 if (!_dbus_string_init (&tmp))
949 if (!_dbus_generate_random_bytes (&tmp, N_CHALLENGE_BYTES))
952 if (!_dbus_string_init (&client_challenge))
955 if (!_dbus_string_hex_encode (&tmp, 0, &client_challenge, 0))
958 if (!_dbus_string_init (&correct_hash))
961 if (!sha1_compute_hash (auth, val,
967 if (_dbus_string_get_length (&correct_hash) == 0)
969 /* couldn't find the cookie ID or something */
970 if (send_error (auth, "Don't have the requested cookie ID"))
975 _dbus_string_set_length (&tmp, 0);
977 if (!_dbus_string_copy (&client_challenge, 0, &tmp,
978 _dbus_string_get_length (&tmp)))
981 if (!_dbus_string_append (&tmp, " "))
984 if (!_dbus_string_copy (&correct_hash, 0, &tmp,
985 _dbus_string_get_length (&tmp)))
988 if (!send_data (auth, &tmp))
994 _dbus_string_zero (&correct_hash);
995 _dbus_string_free (&correct_hash);
997 _dbus_string_free (&client_challenge);
999 _dbus_string_zero (&tmp);
1000 _dbus_string_free (&tmp);
1002 _dbus_string_free (&server_challenge);
1004 _dbus_string_free (&cookie_id_str);
1006 _dbus_string_free (&context);
1012 handle_client_shutdown_cookie_sha1_mech (DBusAuth *auth)
1014 auth->cookie_id = -1;
1015 _dbus_string_set_length (&auth->challenge, 0);
1019 * EXTERNAL mechanism
1023 handle_server_data_external_mech (DBusAuth *auth,
1024 const DBusString *data)
1026 if (_dbus_credentials_are_anonymous (auth->credentials))
1028 _dbus_verbose ("%s: no credentials, mechanism EXTERNAL can't authenticate\n",
1029 DBUS_AUTH_NAME (auth));
1030 return send_rejected (auth);
1033 if (_dbus_string_get_length (data) > 0)
1035 if (_dbus_string_get_length (&auth->identity) > 0)
1037 /* Tried to send two auth identities, wtf */
1038 _dbus_verbose ("%s: client tried to send auth identity, but we already have one\n",
1039 DBUS_AUTH_NAME (auth));
1040 return send_rejected (auth);
1044 /* this is our auth identity */
1045 if (!_dbus_string_copy (data, 0, &auth->identity, 0))
1050 /* Poke client for an auth identity, if none given */
1051 if (_dbus_string_get_length (&auth->identity) == 0 &&
1052 !auth->already_asked_for_initial_response)
1054 if (send_data (auth, NULL))
1056 _dbus_verbose ("%s: sending empty challenge asking client for auth identity\n",
1057 DBUS_AUTH_NAME (auth));
1058 auth->already_asked_for_initial_response = TRUE;
1059 goto_state (auth, &server_state_waiting_for_data);
1066 _dbus_credentials_clear (auth->desired_identity);
1068 /* If auth->identity is still empty here, then client
1069 * responded with an empty string after we poked it for
1070 * an initial response. This means to try to auth the
1071 * identity provided in the credentials.
1073 if (_dbus_string_get_length (&auth->identity) == 0)
1075 if (!_dbus_credentials_add_credentials (auth->desired_identity,
1078 return FALSE; /* OOM */
1083 if (!_dbus_credentials_add_from_user (auth->desired_identity,
1086 _dbus_verbose ("%s: could not get credentials from uid string\n",
1087 DBUS_AUTH_NAME (auth));
1088 return send_rejected (auth);
1092 if (_dbus_credentials_are_anonymous (auth->desired_identity))
1094 _dbus_verbose ("%s: desired user %s is no good\n",
1095 DBUS_AUTH_NAME (auth),
1096 _dbus_string_get_const_data (&auth->identity));
1097 return send_rejected (auth);
1100 if (_dbus_credentials_are_superset (auth->credentials,
1101 auth->desired_identity))
1103 /* client has authenticated */
1104 if (!_dbus_credentials_add_credentials (auth->authenticated_identity,
1105 auth->desired_identity))
1108 /* also copy process ID from the socket credentials
1110 if (!_dbus_credentials_add_credential (auth->authenticated_identity,
1111 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1115 /* also copy audit data from the socket credentials
1117 if (!_dbus_credentials_add_credential (auth->authenticated_identity,
1118 DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
1122 /* Do a first authorization of the transport, in order to REJECT
1123 * immediately connection if needed (FDO#39720), transport will
1124 * re-authorize later, but it will close the connection on fail,
1125 * we want to REJECT now if possible */
1126 if (_dbus_authorization_do_authorization (DBUS_AUTH_SERVER (auth)->authorization,
1127 auth->authenticated_identity))
1129 if (!send_ok (auth))
1134 _dbus_verbose ("%s: desired identity does not match server identity: "
1135 "not authorized\n", DBUS_AUTH_NAME (auth));
1136 return send_rejected (auth);
1139 _dbus_verbose ("%s: authenticated and authorized client based on "
1140 "socket credentials\n", DBUS_AUTH_NAME (auth));
1146 _dbus_verbose ("%s: desired identity not found in socket credentials\n",
1147 DBUS_AUTH_NAME (auth));
1148 return send_rejected (auth);
1153 handle_server_shutdown_external_mech (DBusAuth *auth)
1159 handle_client_initial_response_external_mech (DBusAuth *auth,
1160 DBusString *response)
1162 /* We always append our UID as an initial response, so the server
1163 * doesn't have to send back an empty challenge to check whether we
1164 * want to specify an identity. i.e. this avoids a round trip that
1165 * the spec for the EXTERNAL mechanism otherwise requires.
1167 DBusString plaintext;
1169 if (!_dbus_string_init (&plaintext))
1172 if (!_dbus_append_user_from_current_process (&plaintext))
1175 if (!_dbus_string_hex_encode (&plaintext, 0,
1177 _dbus_string_get_length (response)))
1180 _dbus_string_free (&plaintext);
1185 _dbus_string_free (&plaintext);
1190 handle_client_data_external_mech (DBusAuth *auth,
1191 const DBusString *data)
1198 handle_client_shutdown_external_mech (DBusAuth *auth)
1204 * ANONYMOUS mechanism
1208 handle_server_data_anonymous_mech (DBusAuth *auth,
1209 const DBusString *data)
1211 if (_dbus_string_get_length (data) > 0)
1213 /* Client is allowed to send "trace" data, the only defined
1214 * meaning is that if it contains '@' it is an email address,
1215 * and otherwise it is anything else, and it's supposed to be
1218 if (!_dbus_string_validate_utf8 (data, 0, _dbus_string_get_length (data)))
1220 _dbus_verbose ("%s: Received invalid UTF-8 trace data from ANONYMOUS client\n",
1221 DBUS_AUTH_NAME (auth));
1222 return send_rejected (auth);
1225 _dbus_verbose ("%s: ANONYMOUS client sent trace string: '%s'\n",
1226 DBUS_AUTH_NAME (auth),
1227 _dbus_string_get_const_data (data));
1230 /* We want to be anonymous (clear in case some other protocol got midway through I guess) */
1231 _dbus_credentials_clear (auth->desired_identity);
1233 /* Copy process ID from the socket credentials
1235 if (!_dbus_credentials_add_credential (auth->authenticated_identity,
1236 DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1240 /* Anonymous is always allowed */
1241 if (!send_ok (auth))
1244 _dbus_verbose ("%s: authenticated client as anonymous\n",
1245 DBUS_AUTH_NAME (auth));
1251 handle_server_shutdown_anonymous_mech (DBusAuth *auth)
1257 handle_client_initial_response_anonymous_mech (DBusAuth *auth,
1258 DBusString *response)
1260 /* Our initial response is a "trace" string which must be valid UTF-8
1261 * and must be an email address if it contains '@'.
1262 * We just send the dbus implementation info, like a user-agent or
1263 * something, because... why not. There's nothing guaranteed here
1264 * though, we could change it later.
1266 DBusString plaintext;
1268 if (!_dbus_string_init (&plaintext))
1271 if (!_dbus_string_append (&plaintext,
1272 "libdbus " DBUS_VERSION_STRING))
1275 if (!_dbus_string_hex_encode (&plaintext, 0,
1277 _dbus_string_get_length (response)))
1280 _dbus_string_free (&plaintext);
1285 _dbus_string_free (&plaintext);
1290 handle_client_data_anonymous_mech (DBusAuth *auth,
1291 const DBusString *data)
1298 handle_client_shutdown_anonymous_mech (DBusAuth *auth)
1303 /* Put mechanisms here in order of preference.
1304 * Right now we have:
1306 * - EXTERNAL checks socket credentials (or in the future, other info from the OS)
1307 * - DBUS_COOKIE_SHA1 uses a cookie in the home directory, like xauth or ICE
1308 * - ANONYMOUS checks nothing but doesn't auth the person as a user
1310 * We might ideally add a mechanism to chain to Cyrus SASL so we can
1311 * use its mechanisms as well.
1314 static const DBusAuthMechanismHandler
1315 all_mechanisms[] = {
1317 handle_server_data_external_mech,
1319 handle_server_shutdown_external_mech,
1320 handle_client_initial_response_external_mech,
1321 handle_client_data_external_mech,
1323 handle_client_shutdown_external_mech },
1324 { "DBUS_COOKIE_SHA1",
1325 handle_server_data_cookie_sha1_mech,
1327 handle_server_shutdown_cookie_sha1_mech,
1328 handle_client_initial_response_cookie_sha1_mech,
1329 handle_client_data_cookie_sha1_mech,
1331 handle_client_shutdown_cookie_sha1_mech },
1333 handle_server_data_anonymous_mech,
1335 handle_server_shutdown_anonymous_mech,
1336 handle_client_initial_response_anonymous_mech,
1337 handle_client_data_anonymous_mech,
1339 handle_client_shutdown_anonymous_mech },
1343 static const DBusAuthMechanismHandler*
1344 find_mech (const DBusString *name,
1345 char **allowed_mechs)
1349 if (allowed_mechs != NULL &&
1350 !_dbus_string_array_contains ((const char**) allowed_mechs,
1351 _dbus_string_get_const_data (name)))
1355 while (all_mechanisms[i].mechanism != NULL)
1357 if (_dbus_string_equal_c_str (name,
1358 all_mechanisms[i].mechanism))
1360 return &all_mechanisms[i];
1369 send_auth (DBusAuth *auth, const DBusAuthMechanismHandler *mech)
1371 DBusString auth_command;
1373 if (!_dbus_string_init (&auth_command))
1376 if (!_dbus_string_append (&auth_command,
1379 _dbus_string_free (&auth_command);
1383 if (!_dbus_string_append (&auth_command,
1386 _dbus_string_free (&auth_command);
1390 if (mech->client_initial_response_func != NULL)
1392 if (!_dbus_string_append (&auth_command, " "))
1394 _dbus_string_free (&auth_command);
1398 if (!(* mech->client_initial_response_func) (auth, &auth_command))
1400 _dbus_string_free (&auth_command);
1405 if (!_dbus_string_append (&auth_command,
1408 _dbus_string_free (&auth_command);
1412 if (!_dbus_string_copy (&auth_command, 0,
1414 _dbus_string_get_length (&auth->outgoing)))
1416 _dbus_string_free (&auth_command);
1420 _dbus_string_free (&auth_command);
1421 shutdown_mech (auth);
1423 goto_state (auth, &client_state_waiting_for_data);
1429 send_data (DBusAuth *auth, DBusString *data)
1433 if (data == NULL || _dbus_string_get_length (data) == 0)
1434 return _dbus_string_append (&auth->outgoing, "DATA\r\n");
1437 old_len = _dbus_string_get_length (&auth->outgoing);
1438 if (!_dbus_string_append (&auth->outgoing, "DATA "))
1441 if (!_dbus_string_hex_encode (data, 0, &auth->outgoing,
1442 _dbus_string_get_length (&auth->outgoing)))
1445 if (!_dbus_string_append (&auth->outgoing, "\r\n"))
1451 _dbus_string_set_length (&auth->outgoing, old_len);
1458 send_rejected (DBusAuth *auth)
1461 DBusAuthServer *server_auth;
1464 if (!_dbus_string_init (&command))
1467 if (!_dbus_string_append (&command,
1472 while (all_mechanisms[i].mechanism != NULL)
1474 if (!_dbus_string_append (&command,
1478 if (!_dbus_string_append (&command,
1479 all_mechanisms[i].mechanism))
1485 if (!_dbus_string_append (&command, "\r\n"))
1488 if (!_dbus_string_copy (&command, 0, &auth->outgoing,
1489 _dbus_string_get_length (&auth->outgoing)))
1492 shutdown_mech (auth);
1494 _dbus_assert (DBUS_AUTH_IS_SERVER (auth));
1495 server_auth = DBUS_AUTH_SERVER (auth);
1496 server_auth->failures += 1;
1498 if (server_auth->failures >= server_auth->max_failures)
1499 goto_state (auth, &common_state_need_disconnect);
1501 goto_state (auth, &server_state_waiting_for_auth);
1503 _dbus_string_free (&command);
1508 _dbus_string_free (&command);
1513 send_error (DBusAuth *auth, const char *message)
1515 return _dbus_string_append_printf (&auth->outgoing,
1516 "ERROR \"%s\"\r\n", message);
1520 send_ok (DBusAuth *auth)
1524 orig_len = _dbus_string_get_length (&auth->outgoing);
1526 if (_dbus_string_append (&auth->outgoing, "OK ") &&
1527 _dbus_string_copy (& DBUS_AUTH_SERVER (auth)->guid,
1530 _dbus_string_get_length (&auth->outgoing)) &&
1531 _dbus_string_append (&auth->outgoing, "\r\n"))
1533 goto_state (auth, &server_state_waiting_for_begin);
1538 _dbus_string_set_length (&auth->outgoing, orig_len);
1544 send_begin (DBusAuth *auth)
1547 if (!_dbus_string_append (&auth->outgoing,
1551 goto_state (auth, &common_state_authenticated);
1556 process_ok(DBusAuth *auth,
1557 const DBusString *args_from_ok) {
1561 /* "args_from_ok" should be the GUID, whitespace already pulled off the front */
1562 _dbus_assert (_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0);
1564 /* We decode the hex string to binary, using guid_from_server as scratch... */
1567 if (!_dbus_string_hex_decode (args_from_ok, 0, &end_of_hex,
1568 & DBUS_AUTH_CLIENT (auth)->guid_from_server, 0))
1571 /* now clear out the scratch */
1572 _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0);
1574 if (end_of_hex != _dbus_string_get_length (args_from_ok) ||
1577 _dbus_verbose ("Bad GUID from server, parsed %d bytes and had %d bytes from server\n",
1578 end_of_hex, _dbus_string_get_length (args_from_ok));
1579 goto_state (auth, &common_state_need_disconnect);
1583 if (!_dbus_string_copy (args_from_ok, 0, &DBUS_AUTH_CLIENT (auth)->guid_from_server, 0)) {
1584 _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0);
1588 _dbus_verbose ("Got GUID '%s' from the server\n",
1589 _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server));
1591 if (auth->unix_fd_possible)
1592 return send_negotiate_unix_fd(auth);
1594 _dbus_verbose("Not negotiating unix fd passing, since not possible\n");
1595 return send_begin (auth);
1599 send_cancel (DBusAuth *auth)
1601 if (_dbus_string_append (&auth->outgoing, "CANCEL\r\n"))
1603 goto_state (auth, &client_state_waiting_for_reject);
1611 process_data (DBusAuth *auth,
1612 const DBusString *args,
1613 DBusAuthDataFunction data_func)
1618 if (!_dbus_string_init (&decoded))
1621 if (!_dbus_string_hex_decode (args, 0, &end, &decoded, 0))
1623 _dbus_string_free (&decoded);
1627 if (_dbus_string_get_length (args) != end)
1629 _dbus_string_free (&decoded);
1630 if (!send_error (auth, "Invalid hex encoding"))
1636 #ifdef DBUS_ENABLE_VERBOSE_MODE
1637 if (_dbus_string_validate_ascii (&decoded, 0,
1638 _dbus_string_get_length (&decoded)))
1639 _dbus_verbose ("%s: data: '%s'\n",
1640 DBUS_AUTH_NAME (auth),
1641 _dbus_string_get_const_data (&decoded));
1644 if (!(* data_func) (auth, &decoded))
1646 _dbus_string_free (&decoded);
1650 _dbus_string_free (&decoded);
1655 send_negotiate_unix_fd (DBusAuth *auth)
1657 if (!_dbus_string_append (&auth->outgoing,
1658 "NEGOTIATE_UNIX_FD\r\n"))
1661 goto_state (auth, &client_state_waiting_for_agree_unix_fd);
1666 send_agree_unix_fd (DBusAuth *auth)
1668 _dbus_assert(auth->unix_fd_possible);
1670 auth->unix_fd_negotiated = TRUE;
1671 _dbus_verbose("Agreed to UNIX FD passing\n");
1673 if (!_dbus_string_append (&auth->outgoing,
1674 "AGREE_UNIX_FD\r\n"))
1677 goto_state (auth, &server_state_waiting_for_begin);
1682 handle_auth (DBusAuth *auth, const DBusString *args)
1684 if (_dbus_string_get_length (args) == 0)
1686 /* No args to the auth, send mechanisms */
1687 if (!send_rejected (auth))
1696 DBusString hex_response;
1698 _dbus_string_find_blank (args, 0, &i);
1700 if (!_dbus_string_init (&mech))
1703 if (!_dbus_string_init (&hex_response))
1705 _dbus_string_free (&mech);
1709 if (!_dbus_string_copy_len (args, 0, i, &mech, 0))
1712 _dbus_string_skip_blank (args, i, &i);
1713 if (!_dbus_string_copy (args, i, &hex_response, 0))
1716 auth->mech = find_mech (&mech, auth->allowed_mechs);
1717 if (auth->mech != NULL)
1719 _dbus_verbose ("%s: Trying mechanism %s\n",
1720 DBUS_AUTH_NAME (auth),
1721 auth->mech->mechanism);
1723 if (!process_data (auth, &hex_response,
1724 auth->mech->server_data_func))
1729 /* Unsupported mechanism */
1730 _dbus_verbose ("%s: Unsupported mechanism %s\n",
1731 DBUS_AUTH_NAME (auth),
1732 _dbus_string_get_const_data (&mech));
1734 if (!send_rejected (auth))
1738 _dbus_string_free (&mech);
1739 _dbus_string_free (&hex_response);
1745 _dbus_string_free (&mech);
1746 _dbus_string_free (&hex_response);
1752 handle_server_state_waiting_for_auth (DBusAuth *auth,
1753 DBusAuthCommand command,
1754 const DBusString *args)
1758 case DBUS_AUTH_COMMAND_AUTH:
1759 return handle_auth (auth, args);
1761 case DBUS_AUTH_COMMAND_CANCEL:
1762 case DBUS_AUTH_COMMAND_DATA:
1763 return send_error (auth, "Not currently in an auth conversation");
1765 case DBUS_AUTH_COMMAND_BEGIN:
1766 goto_state (auth, &common_state_need_disconnect);
1769 case DBUS_AUTH_COMMAND_ERROR:
1770 return send_rejected (auth);
1772 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1773 return send_error (auth, "Need to authenticate first");
1775 case DBUS_AUTH_COMMAND_REJECTED:
1776 case DBUS_AUTH_COMMAND_OK:
1777 case DBUS_AUTH_COMMAND_UNKNOWN:
1778 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1780 return send_error (auth, "Unknown command");
1785 handle_server_state_waiting_for_data (DBusAuth *auth,
1786 DBusAuthCommand command,
1787 const DBusString *args)
1791 case DBUS_AUTH_COMMAND_AUTH:
1792 return send_error (auth, "Sent AUTH while another AUTH in progress");
1794 case DBUS_AUTH_COMMAND_CANCEL:
1795 case DBUS_AUTH_COMMAND_ERROR:
1796 return send_rejected (auth);
1798 case DBUS_AUTH_COMMAND_DATA:
1799 return process_data (auth, args, auth->mech->server_data_func);
1801 case DBUS_AUTH_COMMAND_BEGIN:
1802 goto_state (auth, &common_state_need_disconnect);
1805 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1806 return send_error (auth, "Need to authenticate first");
1808 case DBUS_AUTH_COMMAND_REJECTED:
1809 case DBUS_AUTH_COMMAND_OK:
1810 case DBUS_AUTH_COMMAND_UNKNOWN:
1811 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1813 return send_error (auth, "Unknown command");
1818 handle_server_state_waiting_for_begin (DBusAuth *auth,
1819 DBusAuthCommand command,
1820 const DBusString *args)
1824 case DBUS_AUTH_COMMAND_AUTH:
1825 return send_error (auth, "Sent AUTH while expecting BEGIN");
1827 case DBUS_AUTH_COMMAND_DATA:
1828 return send_error (auth, "Sent DATA while expecting BEGIN");
1830 case DBUS_AUTH_COMMAND_BEGIN:
1831 goto_state (auth, &common_state_authenticated);
1834 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1835 if (auth->unix_fd_possible)
1836 return send_agree_unix_fd(auth);
1838 return send_error(auth, "Unix FD passing not supported, not authenticated or otherwise not possible");
1840 case DBUS_AUTH_COMMAND_REJECTED:
1841 case DBUS_AUTH_COMMAND_OK:
1842 case DBUS_AUTH_COMMAND_UNKNOWN:
1843 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1845 return send_error (auth, "Unknown command");
1847 case DBUS_AUTH_COMMAND_CANCEL:
1848 case DBUS_AUTH_COMMAND_ERROR:
1849 return send_rejected (auth);
1853 /* return FALSE if no memory, TRUE if all OK */
1855 get_word (const DBusString *str,
1861 _dbus_string_skip_blank (str, *start, start);
1862 _dbus_string_find_blank (str, *start, &i);
1866 if (!_dbus_string_copy_len (str, *start, i - *start, word, 0))
1876 record_mechanisms (DBusAuth *auth,
1877 const DBusString *args)
1882 if (auth->already_got_mechanisms)
1885 len = _dbus_string_get_length (args);
1891 const DBusAuthMechanismHandler *mech;
1893 if (!_dbus_string_init (&m))
1896 if (!get_word (args, &next, &m))
1898 _dbus_string_free (&m);
1902 mech = find_mech (&m, auth->allowed_mechs);
1906 /* FIXME right now we try mechanisms in the order
1907 * the server lists them; should we do them in
1908 * some more deterministic order?
1910 * Probably in all_mechanisms order, our order of
1911 * preference. Of course when the server is us,
1912 * it lists things in that order anyhow.
1915 if (mech != &all_mechanisms[0])
1917 _dbus_verbose ("%s: Adding mechanism %s to list we will try\n",
1918 DBUS_AUTH_NAME (auth), mech->mechanism);
1920 if (!_dbus_list_append (& DBUS_AUTH_CLIENT (auth)->mechs_to_try,
1923 _dbus_string_free (&m);
1929 _dbus_verbose ("%s: Already tried mechanism %s; not adding to list we will try\n",
1930 DBUS_AUTH_NAME (auth), mech->mechanism);
1935 _dbus_verbose ("%s: Server offered mechanism \"%s\" that we don't know how to use\n",
1936 DBUS_AUTH_NAME (auth),
1937 _dbus_string_get_const_data (&m));
1940 _dbus_string_free (&m);
1943 auth->already_got_mechanisms = TRUE;
1948 _dbus_list_clear (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
1954 process_rejected (DBusAuth *auth, const DBusString *args)
1956 const DBusAuthMechanismHandler *mech;
1957 DBusAuthClient *client;
1959 client = DBUS_AUTH_CLIENT (auth);
1961 if (!auth->already_got_mechanisms)
1963 if (!record_mechanisms (auth, args))
1967 if (DBUS_AUTH_CLIENT (auth)->mechs_to_try != NULL)
1969 mech = client->mechs_to_try->data;
1971 if (!send_auth (auth, mech))
1974 _dbus_list_pop_first (&client->mechs_to_try);
1976 _dbus_verbose ("%s: Trying mechanism %s\n",
1977 DBUS_AUTH_NAME (auth),
1983 _dbus_verbose ("%s: Disconnecting because we are out of mechanisms to try using\n",
1984 DBUS_AUTH_NAME (auth));
1985 goto_state (auth, &common_state_need_disconnect);
1993 handle_client_state_waiting_for_data (DBusAuth *auth,
1994 DBusAuthCommand command,
1995 const DBusString *args)
1997 _dbus_assert (auth->mech != NULL);
2001 case DBUS_AUTH_COMMAND_DATA:
2002 return process_data (auth, args, auth->mech->client_data_func);
2004 case DBUS_AUTH_COMMAND_REJECTED:
2005 return process_rejected (auth, args);
2007 case DBUS_AUTH_COMMAND_OK:
2008 return process_ok(auth, args);
2010 case DBUS_AUTH_COMMAND_ERROR:
2011 return send_cancel (auth);
2013 case DBUS_AUTH_COMMAND_AUTH:
2014 case DBUS_AUTH_COMMAND_CANCEL:
2015 case DBUS_AUTH_COMMAND_BEGIN:
2016 case DBUS_AUTH_COMMAND_UNKNOWN:
2017 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2018 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2020 return send_error (auth, "Unknown command");
2025 handle_client_state_waiting_for_ok (DBusAuth *auth,
2026 DBusAuthCommand command,
2027 const DBusString *args)
2031 case DBUS_AUTH_COMMAND_REJECTED:
2032 return process_rejected (auth, args);
2034 case DBUS_AUTH_COMMAND_OK:
2035 return process_ok(auth, args);
2037 case DBUS_AUTH_COMMAND_DATA:
2038 case DBUS_AUTH_COMMAND_ERROR:
2039 return send_cancel (auth);
2041 case DBUS_AUTH_COMMAND_AUTH:
2042 case DBUS_AUTH_COMMAND_CANCEL:
2043 case DBUS_AUTH_COMMAND_BEGIN:
2044 case DBUS_AUTH_COMMAND_UNKNOWN:
2045 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2046 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2048 return send_error (auth, "Unknown command");
2053 handle_client_state_waiting_for_reject (DBusAuth *auth,
2054 DBusAuthCommand command,
2055 const DBusString *args)
2059 case DBUS_AUTH_COMMAND_REJECTED:
2060 return process_rejected (auth, args);
2062 case DBUS_AUTH_COMMAND_AUTH:
2063 case DBUS_AUTH_COMMAND_CANCEL:
2064 case DBUS_AUTH_COMMAND_DATA:
2065 case DBUS_AUTH_COMMAND_BEGIN:
2066 case DBUS_AUTH_COMMAND_OK:
2067 case DBUS_AUTH_COMMAND_ERROR:
2068 case DBUS_AUTH_COMMAND_UNKNOWN:
2069 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2070 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2072 goto_state (auth, &common_state_need_disconnect);
2078 handle_client_state_waiting_for_agree_unix_fd(DBusAuth *auth,
2079 DBusAuthCommand command,
2080 const DBusString *args)
2084 case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2085 _dbus_assert(auth->unix_fd_possible);
2086 auth->unix_fd_negotiated = TRUE;
2087 _dbus_verbose("Successfully negotiated UNIX FD passing\n");
2088 return send_begin (auth);
2090 case DBUS_AUTH_COMMAND_ERROR:
2091 _dbus_assert(auth->unix_fd_possible);
2092 auth->unix_fd_negotiated = FALSE;
2093 _dbus_verbose("Failed to negotiate UNIX FD passing\n");
2094 return send_begin (auth);
2096 case DBUS_AUTH_COMMAND_OK:
2097 case DBUS_AUTH_COMMAND_DATA:
2098 case DBUS_AUTH_COMMAND_REJECTED:
2099 case DBUS_AUTH_COMMAND_AUTH:
2100 case DBUS_AUTH_COMMAND_CANCEL:
2101 case DBUS_AUTH_COMMAND_BEGIN:
2102 case DBUS_AUTH_COMMAND_UNKNOWN:
2103 case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2105 return send_error (auth, "Unknown command");
2110 * Mapping from command name to enum
2113 const char *name; /**< Name of the command */
2114 DBusAuthCommand command; /**< Corresponding enum */
2115 } DBusAuthCommandName;
2117 static const DBusAuthCommandName auth_command_names[] = {
2118 { "AUTH", DBUS_AUTH_COMMAND_AUTH },
2119 { "CANCEL", DBUS_AUTH_COMMAND_CANCEL },
2120 { "DATA", DBUS_AUTH_COMMAND_DATA },
2121 { "BEGIN", DBUS_AUTH_COMMAND_BEGIN },
2122 { "REJECTED", DBUS_AUTH_COMMAND_REJECTED },
2123 { "OK", DBUS_AUTH_COMMAND_OK },
2124 { "ERROR", DBUS_AUTH_COMMAND_ERROR },
2125 { "NEGOTIATE_UNIX_FD", DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD },
2126 { "AGREE_UNIX_FD", DBUS_AUTH_COMMAND_AGREE_UNIX_FD }
2129 static DBusAuthCommand
2130 lookup_command_from_name (DBusString *command)
2134 for (i = 0; i < _DBUS_N_ELEMENTS (auth_command_names); i++)
2136 if (_dbus_string_equal_c_str (command,
2137 auth_command_names[i].name))
2138 return auth_command_names[i].command;
2141 return DBUS_AUTH_COMMAND_UNKNOWN;
2145 goto_state (DBusAuth *auth,
2146 const DBusAuthStateData *state)
2148 _dbus_verbose ("%s: going from state %s to state %s\n",
2149 DBUS_AUTH_NAME (auth),
2153 auth->state = state;
2156 /* returns whether to call it again right away */
2158 process_command (DBusAuth *auth)
2160 DBusAuthCommand command;
2167 /* _dbus_verbose ("%s: trying process_command()\n"); */
2172 if (!_dbus_string_find (&auth->incoming, 0, "\r\n", &eol))
2175 if (!_dbus_string_init (&line))
2177 auth->needed_memory = TRUE;
2181 if (!_dbus_string_init (&args))
2183 _dbus_string_free (&line);
2184 auth->needed_memory = TRUE;
2188 if (!_dbus_string_copy_len (&auth->incoming, 0, eol, &line, 0))
2191 if (!_dbus_string_validate_ascii (&line, 0,
2192 _dbus_string_get_length (&line)))
2194 _dbus_verbose ("%s: Command contained non-ASCII chars or embedded nul\n",
2195 DBUS_AUTH_NAME (auth));
2196 if (!send_error (auth, "Command contained non-ASCII"))
2202 _dbus_verbose ("%s: got command \"%s\"\n",
2203 DBUS_AUTH_NAME (auth),
2204 _dbus_string_get_const_data (&line));
2206 _dbus_string_find_blank (&line, 0, &i);
2207 _dbus_string_skip_blank (&line, i, &j);
2210 _dbus_string_delete (&line, i, j - i);
2212 if (!_dbus_string_move (&line, i, &args, 0))
2215 /* FIXME 1.0 we should probably validate that only the allowed
2216 * chars are in the command name
2219 command = lookup_command_from_name (&line);
2220 if (!(* auth->state->handler) (auth, command, &args))
2225 /* We've succeeded in processing the whole command so drop it out
2226 * of the incoming buffer and return TRUE to try another command.
2229 _dbus_string_delete (&auth->incoming, 0, eol);
2232 _dbus_string_delete (&auth->incoming, 0, 2);
2237 _dbus_string_free (&args);
2238 _dbus_string_free (&line);
2241 auth->needed_memory = TRUE;
2243 auth->needed_memory = FALSE;
2252 * @addtogroup DBusAuth
2257 * Creates a new auth conversation object for the server side.
2258 * See http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol
2259 * for full details on what this object does.
2261 * @returns the new object or #NULL if no memory
2264 _dbus_auth_server_new (const DBusString *guid,
2265 DBusAuthorization *authorization)
2268 DBusAuthServer *server_auth;
2269 DBusString guid_copy;
2271 if (!_dbus_string_init (&guid_copy))
2274 if (!_dbus_string_copy (guid, 0, &guid_copy, 0))
2276 _dbus_string_free (&guid_copy);
2280 auth = _dbus_auth_new (sizeof (DBusAuthServer));
2283 _dbus_string_free (&guid_copy);
2287 auth->side = auth_side_server;
2288 auth->state = &server_state_waiting_for_auth;
2290 server_auth = DBUS_AUTH_SERVER (auth);
2292 server_auth->guid = guid_copy;
2293 server_auth->authorization = _dbus_authorization_ref (authorization);
2295 /* perhaps this should be per-mechanism with a lower
2298 server_auth->failures = 0;
2299 server_auth->max_failures = 6;
2305 * Creates a new auth conversation object for the client side.
2306 * See http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol
2307 * for full details on what this object does.
2309 * @returns the new object or #NULL if no memory
2312 _dbus_auth_client_new (void)
2315 DBusString guid_str;
2317 if (!_dbus_string_init (&guid_str))
2320 auth = _dbus_auth_new (sizeof (DBusAuthClient));
2323 _dbus_string_free (&guid_str);
2327 DBUS_AUTH_CLIENT (auth)->guid_from_server = guid_str;
2329 auth->side = auth_side_client;
2330 auth->state = &client_state_need_send_auth;
2332 /* Start the auth conversation by sending AUTH for our default
2334 if (!send_auth (auth, &all_mechanisms[0]))
2336 _dbus_auth_unref (auth);
2344 * Increments the refcount of an auth object.
2346 * @param auth the auth conversation
2347 * @returns the auth conversation
2350 _dbus_auth_ref (DBusAuth *auth)
2352 _dbus_assert (auth != NULL);
2354 auth->refcount += 1;
2360 * Decrements the refcount of an auth object.
2362 * @param auth the auth conversation
2365 _dbus_auth_unref (DBusAuth *auth)
2367 _dbus_assert (auth != NULL);
2368 _dbus_assert (auth->refcount > 0);
2370 auth->refcount -= 1;
2371 if (auth->refcount == 0)
2373 shutdown_mech (auth);
2375 if (DBUS_AUTH_IS_CLIENT (auth))
2377 _dbus_string_free (& DBUS_AUTH_CLIENT (auth)->guid_from_server);
2378 _dbus_list_clear (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
2382 _dbus_assert (DBUS_AUTH_IS_SERVER (auth));
2384 _dbus_string_free (& DBUS_AUTH_SERVER (auth)->guid);
2385 _dbus_authorization_unref (DBUS_AUTH_SERVER (auth)->authorization);
2389 _dbus_keyring_unref (auth->keyring);
2391 _dbus_string_free (&auth->context);
2392 _dbus_string_free (&auth->challenge);
2393 _dbus_string_free (&auth->identity);
2394 _dbus_string_free (&auth->incoming);
2395 _dbus_string_free (&auth->outgoing);
2397 dbus_free_string_array (auth->allowed_mechs);
2399 _dbus_credentials_unref (auth->credentials);
2400 _dbus_credentials_unref (auth->authenticated_identity);
2401 _dbus_credentials_unref (auth->desired_identity);
2408 * Sets an array of authentication mechanism names
2409 * that we are willing to use.
2411 * @param auth the auth conversation
2412 * @param mechanisms #NULL-terminated array of mechanism names
2413 * @returns #FALSE if no memory
2416 _dbus_auth_set_mechanisms (DBusAuth *auth,
2417 const char **mechanisms)
2421 if (mechanisms != NULL)
2423 copy = _dbus_dup_string_array (mechanisms);
2430 dbus_free_string_array (auth->allowed_mechs);
2432 auth->allowed_mechs = copy;
2438 * @param auth the auth conversation object
2439 * @returns #TRUE if we're in a final state
2441 #define DBUS_AUTH_IN_END_STATE(auth) ((auth)->state->handler == NULL)
2444 * Analyzes buffered input and moves the auth conversation forward,
2445 * returning the new state of the auth conversation.
2447 * @param auth the auth conversation
2448 * @returns the new state
2451 _dbus_auth_do_work (DBusAuth *auth)
2453 auth->needed_memory = FALSE;
2455 /* Max amount we'll buffer up before deciding someone's on crack */
2456 #define MAX_BUFFER (16 * _DBUS_ONE_KILOBYTE)
2460 if (DBUS_AUTH_IN_END_STATE (auth))
2463 if (_dbus_string_get_length (&auth->incoming) > MAX_BUFFER ||
2464 _dbus_string_get_length (&auth->outgoing) > MAX_BUFFER)
2466 goto_state (auth, &common_state_need_disconnect);
2467 _dbus_verbose ("%s: Disconnecting due to excessive data buffered in auth phase\n",
2468 DBUS_AUTH_NAME (auth));
2472 while (process_command (auth));
2474 if (auth->needed_memory)
2475 return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
2476 else if (_dbus_string_get_length (&auth->outgoing) > 0)
2477 return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
2478 else if (auth->state == &common_state_need_disconnect)
2479 return DBUS_AUTH_STATE_NEED_DISCONNECT;
2480 else if (auth->state == &common_state_authenticated)
2481 return DBUS_AUTH_STATE_AUTHENTICATED;
2482 else return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
2486 * Gets bytes that need to be sent to the peer we're conversing with.
2487 * After writing some bytes, _dbus_auth_bytes_sent() must be called
2488 * to notify the auth object that they were written.
2490 * @param auth the auth conversation
2491 * @param str return location for a ref to the buffer to send
2492 * @returns #FALSE if nothing to send
2495 _dbus_auth_get_bytes_to_send (DBusAuth *auth,
2496 const DBusString **str)
2498 _dbus_assert (auth != NULL);
2499 _dbus_assert (str != NULL);
2503 if (_dbus_string_get_length (&auth->outgoing) == 0)
2506 *str = &auth->outgoing;
2512 * Notifies the auth conversation object that
2513 * the given number of bytes of the outgoing buffer
2514 * have been written out.
2516 * @param auth the auth conversation
2517 * @param bytes_sent number of bytes written out
2520 _dbus_auth_bytes_sent (DBusAuth *auth,
2523 _dbus_verbose ("%s: Sent %d bytes of: %s\n",
2524 DBUS_AUTH_NAME (auth),
2526 _dbus_string_get_const_data (&auth->outgoing));
2528 _dbus_string_delete (&auth->outgoing,
2533 * Get a buffer to be used for reading bytes from the peer we're conversing
2534 * with. Bytes should be appended to this buffer.
2536 * @param auth the auth conversation
2537 * @param buffer return location for buffer to append bytes to
2540 _dbus_auth_get_buffer (DBusAuth *auth,
2541 DBusString **buffer)
2543 _dbus_assert (auth != NULL);
2544 _dbus_assert (!auth->buffer_outstanding);
2546 *buffer = &auth->incoming;
2548 auth->buffer_outstanding = TRUE;
2552 * Returns a buffer with new data read into it.
2554 * @param auth the auth conversation
2555 * @param buffer the buffer being returned
2556 * @param bytes_read number of new bytes added
2559 _dbus_auth_return_buffer (DBusAuth *auth,
2563 _dbus_assert (buffer == &auth->incoming);
2564 _dbus_assert (auth->buffer_outstanding);
2566 auth->buffer_outstanding = FALSE;
2570 * Returns leftover bytes that were not used as part of the auth
2571 * conversation. These bytes will be part of the message stream
2572 * instead. This function may not be called until authentication has
2575 * @param auth the auth conversation
2576 * @param str return location for pointer to string of unused bytes
2579 _dbus_auth_get_unused_bytes (DBusAuth *auth,
2580 const DBusString **str)
2582 if (!DBUS_AUTH_IN_END_STATE (auth))
2585 *str = &auth->incoming;
2590 * Gets rid of unused bytes returned by _dbus_auth_get_unused_bytes()
2591 * after we've gotten them and successfully moved them elsewhere.
2593 * @param auth the auth conversation
2596 _dbus_auth_delete_unused_bytes (DBusAuth *auth)
2598 if (!DBUS_AUTH_IN_END_STATE (auth))
2601 _dbus_string_set_length (&auth->incoming, 0);
2605 * Called post-authentication, indicates whether we need to encode
2606 * the message stream with _dbus_auth_encode_data() prior to
2607 * sending it to the peer.
2609 * @param auth the auth conversation
2610 * @returns #TRUE if we need to encode the stream
2613 _dbus_auth_needs_encoding (DBusAuth *auth)
2615 if (auth->state != &common_state_authenticated)
2618 if (auth->mech != NULL)
2620 if (DBUS_AUTH_IS_CLIENT (auth))
2621 return auth->mech->client_encode_func != NULL;
2623 return auth->mech->server_encode_func != NULL;
2630 * Called post-authentication, encodes a block of bytes for sending to
2631 * the peer. If no encoding was negotiated, just copies the bytes
2632 * (you can avoid this by checking _dbus_auth_needs_encoding()).
2634 * @param auth the auth conversation
2635 * @param plaintext the plain text data
2636 * @param encoded initialized string to where encoded data is appended
2637 * @returns #TRUE if we had enough memory and successfully encoded
2640 _dbus_auth_encode_data (DBusAuth *auth,
2641 const DBusString *plaintext,
2642 DBusString *encoded)
2644 _dbus_assert (plaintext != encoded);
2646 if (auth->state != &common_state_authenticated)
2649 if (_dbus_auth_needs_encoding (auth))
2651 if (DBUS_AUTH_IS_CLIENT (auth))
2652 return (* auth->mech->client_encode_func) (auth, plaintext, encoded);
2654 return (* auth->mech->server_encode_func) (auth, plaintext, encoded);
2658 return _dbus_string_copy (plaintext, 0, encoded,
2659 _dbus_string_get_length (encoded));
2664 * Called post-authentication, indicates whether we need to decode
2665 * the message stream with _dbus_auth_decode_data() after
2666 * receiving it from the peer.
2668 * @param auth the auth conversation
2669 * @returns #TRUE if we need to encode the stream
2672 _dbus_auth_needs_decoding (DBusAuth *auth)
2674 if (auth->state != &common_state_authenticated)
2677 if (auth->mech != NULL)
2679 if (DBUS_AUTH_IS_CLIENT (auth))
2680 return auth->mech->client_decode_func != NULL;
2682 return auth->mech->server_decode_func != NULL;
2690 * Called post-authentication, decodes a block of bytes received from
2691 * the peer. If no encoding was negotiated, just copies the bytes (you
2692 * can avoid this by checking _dbus_auth_needs_decoding()).
2694 * @todo 1.0? We need to be able to distinguish "out of memory" error
2695 * from "the data is hosed" error.
2697 * @param auth the auth conversation
2698 * @param encoded the encoded data
2699 * @param plaintext initialized string where decoded data is appended
2700 * @returns #TRUE if we had enough memory and successfully decoded
2703 _dbus_auth_decode_data (DBusAuth *auth,
2704 const DBusString *encoded,
2705 DBusString *plaintext)
2707 _dbus_assert (plaintext != encoded);
2709 if (auth->state != &common_state_authenticated)
2712 if (_dbus_auth_needs_decoding (auth))
2714 if (DBUS_AUTH_IS_CLIENT (auth))
2715 return (* auth->mech->client_decode_func) (auth, encoded, plaintext);
2717 return (* auth->mech->server_decode_func) (auth, encoded, plaintext);
2721 return _dbus_string_copy (encoded, 0, plaintext,
2722 _dbus_string_get_length (plaintext));
2727 * Sets credentials received via reliable means from the operating
2730 * @param auth the auth conversation
2731 * @param credentials the credentials received
2732 * @returns #FALSE on OOM
2735 _dbus_auth_set_credentials (DBusAuth *auth,
2736 DBusCredentials *credentials)
2738 _dbus_credentials_clear (auth->credentials);
2739 return _dbus_credentials_add_credentials (auth->credentials,
2744 * Gets the identity we authorized the client as. Apps may have
2745 * different policies as to what identities they allow.
2747 * Returned credentials are not a copy and should not be modified
2749 * @param auth the auth conversation
2750 * @returns the credentials we've authorized BY REFERENCE do not modify
2753 _dbus_auth_get_identity (DBusAuth *auth)
2755 if (auth->state == &common_state_authenticated)
2757 return auth->authenticated_identity;
2761 /* FIXME instead of this, keep an empty credential around that
2762 * doesn't require allocation or something
2764 /* return empty credentials */
2765 _dbus_assert (_dbus_credentials_are_empty (auth->authenticated_identity));
2766 return auth->authenticated_identity;
2771 * Gets the GUID from the server if we've authenticated; gets
2773 * @param auth the auth object
2774 * @returns the GUID in ASCII hex format
2777 _dbus_auth_get_guid_from_server (DBusAuth *auth)
2779 _dbus_assert (DBUS_AUTH_IS_CLIENT (auth));
2781 if (auth->state == &common_state_authenticated)
2782 return _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server);
2788 * Sets the "authentication context" which scopes cookies
2789 * with the DBUS_COOKIE_SHA1 auth mechanism for example.
2791 * @param auth the auth conversation
2792 * @param context the context
2793 * @returns #FALSE if no memory
2796 _dbus_auth_set_context (DBusAuth *auth,
2797 const DBusString *context)
2799 return _dbus_string_replace_len (context, 0, _dbus_string_get_length (context),
2800 &auth->context, 0, _dbus_string_get_length (context));
2804 * Sets whether unix fd passing is potentially on the transport and
2805 * hence shall be negotiated.
2807 * @param auth the auth conversation
2808 * @param b TRUE when unix fd passing shall be negotiated, otherwise FALSE
2811 _dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b)
2813 auth->unix_fd_possible = b;
2817 * Queries whether unix fd passing was successfully negotiated.
2819 * @param auth the auth conversion
2820 * @returns #TRUE when unix fd passing was negotiated.
2823 _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
2825 return auth->unix_fd_negotiated;
2830 /* tests in dbus-auth-util.c */