1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2010 Red Hat, Inc.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: David Zeuthen <davidz@redhat.com>
25 #include "gdbusauth.h"
27 #include "gdbusauthmechanismanon.h"
28 #include "gdbusauthmechanismexternal.h"
29 #include "gdbusauthmechanismsha1.h"
30 #include "gdbusauthobserver.h"
32 #include "gdbuserror.h"
33 #include "gdbusutils.h"
34 #include "gioenumtypes.h"
35 #include "gcredentials.h"
36 #include "gdbusprivate.h"
37 #include "giostream.h"
38 #include "gdatainputstream.h"
39 #include "gdataoutputstream.h"
42 #include <sys/types.h>
43 #include <sys/socket.h>
44 #include "gunixconnection.h"
45 #include "gunixcredentialsmessage.h"
51 #define DEBUG_ENABLED 0
54 debug_print (const gchar *message, ...)
57 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
64 va_start (var_args, message);
65 s = g_strdup_vprintf (message, var_args);
68 str = g_string_new (NULL);
69 for (n = 0; s[n] != '\0'; n++)
71 if (G_UNLIKELY (s[n] == '\r'))
72 g_string_append (str, "\\r");
73 else if (G_UNLIKELY (s[n] == '\n'))
74 g_string_append (str, "\\n");
76 g_string_append_c (str, s[n]);
78 g_print ("GDBus-debug:Auth: %s\n", str->str);
79 g_string_free (str, TRUE);
92 static void mechanism_free (Mechanism *m);
94 struct _GDBusAuthPrivate
98 /* A list of available Mechanism, sorted according to priority */
99 GList *available_mechanisms;
108 G_DEFINE_TYPE (GDBusAuth, _g_dbus_auth, G_TYPE_OBJECT);
110 /* ---------------------------------------------------------------------------------------------------- */
113 _g_dbus_auth_finalize (GObject *object)
115 GDBusAuth *auth = G_DBUS_AUTH (object);
117 if (auth->priv->stream != NULL)
118 g_object_unref (auth->priv->stream);
119 g_list_foreach (auth->priv->available_mechanisms, (GFunc) mechanism_free, NULL);
120 g_list_free (auth->priv->available_mechanisms);
122 if (G_OBJECT_CLASS (_g_dbus_auth_parent_class)->finalize != NULL)
123 G_OBJECT_CLASS (_g_dbus_auth_parent_class)->finalize (object);
127 _g_dbus_auth_get_property (GObject *object,
132 GDBusAuth *auth = G_DBUS_AUTH (object);
137 g_value_set_object (value, auth->priv->stream);
141 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
147 _g_dbus_auth_set_property (GObject *object,
152 GDBusAuth *auth = G_DBUS_AUTH (object);
157 auth->priv->stream = g_value_dup_object (value);
161 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
167 _g_dbus_auth_class_init (GDBusAuthClass *klass)
169 GObjectClass *gobject_class;
171 g_type_class_add_private (klass, sizeof (GDBusAuthPrivate));
173 gobject_class = G_OBJECT_CLASS (klass);
174 gobject_class->get_property = _g_dbus_auth_get_property;
175 gobject_class->set_property = _g_dbus_auth_set_property;
176 gobject_class->finalize = _g_dbus_auth_finalize;
178 g_object_class_install_property (gobject_class,
180 g_param_spec_object ("stream",
182 P_("The underlying GIOStream used for I/O"),
186 G_PARAM_CONSTRUCT_ONLY |
187 G_PARAM_STATIC_NAME |
188 G_PARAM_STATIC_BLURB |
189 G_PARAM_STATIC_NICK));
193 mechanism_free (Mechanism *m)
199 add_mechanism (GDBusAuth *auth,
200 GType mechanism_type)
204 m = g_new0 (Mechanism, 1);
205 m->name = _g_dbus_auth_mechanism_get_name (mechanism_type);
206 m->priority = _g_dbus_auth_mechanism_get_priority (mechanism_type);
207 m->gtype = mechanism_type;
209 auth->priv->available_mechanisms = g_list_prepend (auth->priv->available_mechanisms, m);
213 mech_compare_func (Mechanism *a, Mechanism *b)
216 /* ensure deterministic order */
217 ret = b->priority - a->priority;
219 ret = g_strcmp0 (b->name, a->name);
224 _g_dbus_auth_init (GDBusAuth *auth)
226 auth->priv = G_TYPE_INSTANCE_GET_PRIVATE (auth, G_TYPE_DBUS_AUTH, GDBusAuthPrivate);
228 /* TODO: trawl extension points */
229 add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_ANON);
230 add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_SHA1);
231 add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_EXTERNAL);
233 auth->priv->available_mechanisms = g_list_sort (auth->priv->available_mechanisms,
234 (GCompareFunc) mech_compare_func);
238 find_mech_by_name (GDBusAuth *auth,
246 for (l = auth->priv->available_mechanisms; l != NULL; l = l->next)
248 Mechanism *m = l->data;
249 if (g_strcmp0 (name, m->name) == 0)
261 _g_dbus_auth_new (GIOStream *stream)
263 return g_object_new (G_TYPE_DBUS_AUTH,
268 /* ---------------------------------------------------------------------------------------------------- */
269 /* like g_data_input_stream_read_line() but sets error if there's no content to read */
271 _my_g_data_input_stream_read_line (GDataInputStream *dis,
272 gsize *out_line_length,
273 GCancellable *cancellable,
278 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
280 ret = g_data_input_stream_read_line (dis,
284 if (ret == NULL && error != NULL && *error == NULL)
286 g_set_error_literal (error,
289 _("Unexpected lack of content trying to read a line"));
295 /* This function is to avoid situations like this
297 * BEGIN\r\nl\0\0\1...
299 * e.g. where we read into the first D-Bus message while waiting for
300 * the final line from the client (TODO: file bug against gio for
304 _my_g_input_stream_read_line_safe (GInputStream *i,
305 gsize *out_line_length,
306 GCancellable *cancellable,
312 gboolean last_was_cr;
314 str = g_string_new (NULL);
319 num_read = g_input_stream_read (i,
328 if (error != NULL && *error == NULL)
330 g_set_error_literal (error,
333 _("Unexpected lack of content trying to (safely) read a line"));
338 g_string_append_c (str, (gint) c);
343 g_assert (str->len >= 2);
344 g_string_set_size (str, str->len - 2);
348 last_was_cr = (c == 0x0d);
352 if (out_line_length != NULL)
353 *out_line_length = str->len;
354 return g_string_free (str, FALSE);
357 g_assert (error == NULL || *error != NULL);
358 g_string_free (str, TRUE);
362 /* ---------------------------------------------------------------------------------------------------- */
365 append_nibble (GString *s, gint val)
367 g_string_append_c (s, val >= 10 ? ('a' + val - 10) : ('0' + val));
371 hexdecode (const gchar *str,
380 s = g_string_new (NULL);
382 for (n = 0; str[n] != '\0'; n += 2)
388 upper_nibble = g_ascii_xdigit_value (str[n]);
389 lower_nibble = g_ascii_xdigit_value (str[n + 1]);
390 if (upper_nibble == -1 || lower_nibble == -1)
395 "Error hexdecoding string `%s' around position %d",
399 value = (upper_nibble<<4) | lower_nibble;
400 g_string_append_c (s, value);
403 ret = g_string_free (s, FALSE);
408 g_string_free (s, TRUE);
414 hexencode (const gchar *str)
419 s = g_string_new (NULL);
420 for (n = 0; str[n] != '\0'; n++)
426 val = ((const guchar *) str)[n];
427 upper_nibble = val >> 4;
428 lower_nibble = val & 0x0f;
430 append_nibble (s, upper_nibble);
431 append_nibble (s, lower_nibble);
434 return g_string_free (s, FALSE);
437 /* ---------------------------------------------------------------------------------------------------- */
439 static GDBusAuthMechanism *
440 client_choose_mech_and_send_initial_response (GDBusAuth *auth,
441 GCredentials *credentials_that_were_sent,
442 const gchar* const *supported_auth_mechs,
443 GPtrArray *attempted_auth_mechs,
444 GDataOutputStream *dos,
445 GCancellable *cancellable,
448 GDBusAuthMechanism *mech;
449 GType auth_mech_to_use_gtype;
452 gchar *initial_response;
453 gsize initial_response_len;
460 debug_print ("CLIENT: Trying to choose mechanism");
462 /* find an authentication mechanism to try, if any */
463 auth_mech_to_use_gtype = (GType) 0;
464 for (n = 0; supported_auth_mechs[n] != NULL; n++)
466 gboolean attempted_already;
467 attempted_already = FALSE;
468 for (m = 0; m < attempted_auth_mechs->len; m++)
470 if (g_strcmp0 (supported_auth_mechs[n], attempted_auth_mechs->pdata[m]) == 0)
472 attempted_already = TRUE;
476 if (!attempted_already)
478 auth_mech_to_use_gtype = find_mech_by_name (auth, supported_auth_mechs[n]);
479 if (auth_mech_to_use_gtype != (GType) 0)
484 if (auth_mech_to_use_gtype == (GType) 0)
490 debug_print ("CLIENT: Exhausted all available mechanisms");
492 available = g_strjoinv (", ", (gchar **) supported_auth_mechs);
494 tried_str = g_string_new (NULL);
495 for (n = 0; n < attempted_auth_mechs->len; n++)
498 g_string_append (tried_str, ", ");
499 g_string_append (tried_str, attempted_auth_mechs->pdata[n]);
504 _("Exhausted all available authentication mechanisms (tried: %s) (available: %s)"),
507 g_string_free (tried_str, TRUE);
512 /* OK, decided on a mechanism - let's do this thing */
513 mech = g_object_new (auth_mech_to_use_gtype,
514 "stream", auth->priv->stream,
515 "credentials", credentials_that_were_sent,
517 debug_print ("CLIENT: Trying mechanism `%s'", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
518 g_ptr_array_add (attempted_auth_mechs, (gpointer) _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
520 /* the auth mechanism may not be supported
521 * (for example, EXTERNAL only works if credentials were exchanged)
523 if (!_g_dbus_auth_mechanism_is_supported (mech))
525 debug_print ("CLIENT: Mechanism `%s' says it is not supported", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
526 g_object_unref (mech);
531 initial_response_len = -1;
532 initial_response = _g_dbus_auth_mechanism_client_initiate (mech,
533 &initial_response_len);
535 g_printerr ("using auth mechanism with name `%s' of type `%s' with initial response `%s'\n",
536 _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype),
537 g_type_name (G_TYPE_FROM_INSTANCE (mech)),
540 if (initial_response != NULL)
542 //g_printerr ("initial_response = `%s'\n", initial_response);
543 encoded = hexencode (initial_response);
544 s = g_strdup_printf ("AUTH %s %s\r\n",
545 _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype),
547 g_free (initial_response);
552 s = g_strdup_printf ("AUTH %s\r\n", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
554 debug_print ("CLIENT: writing `%s'", s);
555 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
557 g_object_unref (mech);
569 /* ---------------------------------------------------------------------------------------------------- */
573 CLIENT_STATE_WAITING_FOR_DATA,
574 CLIENT_STATE_WAITING_FOR_OK,
575 CLIENT_STATE_WAITING_FOR_REJECT,
576 CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD
580 _g_dbus_auth_run_client (GDBusAuth *auth,
581 GDBusCapabilityFlags offered_capabilities,
582 GDBusCapabilityFlags *out_negotiated_capabilities,
583 GCancellable *cancellable,
587 GDataInputStream *dis;
588 GDataOutputStream *dos;
589 GCredentials *credentials;
593 gchar **supported_auth_mechs;
594 GPtrArray *attempted_auth_mechs;
595 GDBusAuthMechanism *mech;
597 GDBusCapabilityFlags negotiated_capabilities;
599 debug_print ("CLIENT: initiating");
602 supported_auth_mechs = NULL;
603 attempted_auth_mechs = g_ptr_array_new ();
605 negotiated_capabilities = 0;
608 dis = G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (auth->priv->stream)));
609 dos = G_DATA_OUTPUT_STREAM (g_data_output_stream_new (g_io_stream_get_output_stream (auth->priv->stream)));
610 g_filter_input_stream_set_close_base_stream (G_FILTER_INPUT_STREAM (dis), FALSE);
611 g_filter_output_stream_set_close_base_stream (G_FILTER_OUTPUT_STREAM (dos), FALSE);
613 g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
616 if (G_IS_UNIX_CONNECTION (auth->priv->stream) && g_unix_credentials_message_is_supported ())
618 credentials = g_credentials_new ();
619 if (!g_unix_connection_send_credentials (G_UNIX_CONNECTION (auth->priv->stream),
626 if (!g_data_output_stream_put_byte (dos, '\0', cancellable, error))
630 if (!g_data_output_stream_put_byte (dos, '\0', cancellable, error))
634 if (credentials != NULL)
636 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
638 s = g_credentials_to_string (credentials);
639 debug_print ("CLIENT: sent credentials `%s'", s);
645 debug_print ("CLIENT: didn't send any credentials");
648 /* TODO: to reduce roundtrips, try to pick an auth mechanism to start with */
650 /* Get list of supported authentication mechanisms */
652 debug_print ("CLIENT: writing `%s'", s);
653 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
655 state = CLIENT_STATE_WAITING_FOR_REJECT;
661 case CLIENT_STATE_WAITING_FOR_REJECT:
662 debug_print ("CLIENT: WaitingForReject");
663 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
666 debug_print ("CLIENT: WaitingForReject, read '%s'", line);
668 if (!g_str_has_prefix (line, "REJECTED "))
673 "In WaitingForReject: Expected `REJECTED am1 am2 ... amN', got `%s'",
678 if (supported_auth_mechs == NULL)
680 supported_auth_mechs = g_strsplit (line + sizeof ("REJECTED ") - 1, " ", 0);
682 for (n = 0; supported_auth_mechs != NULL && supported_auth_mechs[n] != NULL; n++)
683 g_printerr ("supported_auth_mechs[%d] = `%s'\n", n, supported_auth_mechs[n]);
687 mech = client_choose_mech_and_send_initial_response (auth,
689 (const gchar* const *) supported_auth_mechs,
690 attempted_auth_mechs,
696 if (_g_dbus_auth_mechanism_client_get_state (mech) == G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA)
697 state = CLIENT_STATE_WAITING_FOR_DATA;
699 state = CLIENT_STATE_WAITING_FOR_OK;
702 case CLIENT_STATE_WAITING_FOR_OK:
703 debug_print ("CLIENT: WaitingForOK");
704 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
707 debug_print ("CLIENT: WaitingForOK, read `%s'", line);
708 if (g_str_has_prefix (line, "OK "))
710 if (!g_dbus_is_guid (line + 3))
715 "Invalid OK response `%s'",
720 ret_guid = g_strdup (line + 3);
723 if (offered_capabilities & G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING)
725 s = "NEGOTIATE_UNIX_FD\r\n";
726 debug_print ("CLIENT: writing `%s'", s);
727 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
729 state = CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD;
734 debug_print ("CLIENT: writing `%s'", s);
735 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
737 /* and we're done! */
741 else if (g_str_has_prefix (line, "REJECTED "))
747 /* TODO: handle other valid responses */
751 "In WaitingForOk: unexpected response `%s'",
758 case CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD:
759 debug_print ("CLIENT: WaitingForAgreeUnixFD");
760 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
763 debug_print ("CLIENT: WaitingForAgreeUnixFD, read=`%s'", line);
764 if (g_strcmp0 (line, "AGREE_UNIX_FD") == 0)
766 negotiated_capabilities |= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
768 debug_print ("CLIENT: writing `%s'", s);
769 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
771 /* and we're done! */
774 else if (g_str_has_prefix (line, "ERROR") && (line[5] == 0 || g_ascii_isspace (line[5])))
776 //g_strstrip (line + 5); g_debug ("bah, no unix_fd: `%s'", line + 5);
779 debug_print ("CLIENT: writing `%s'", s);
780 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
782 /* and we're done! */
787 /* TODO: handle other valid responses */
791 "In WaitingForAgreeUnixFd: unexpected response `%s'",
798 case CLIENT_STATE_WAITING_FOR_DATA:
799 debug_print ("CLIENT: WaitingForData");
800 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
803 debug_print ("CLIENT: WaitingForData, read=`%s'", line);
804 if (g_str_has_prefix (line, "DATA "))
808 gsize decoded_data_len;
810 encoded = g_strdup (line + 5);
812 g_strstrip (encoded);
813 decoded_data = hexdecode (encoded, &decoded_data_len, error);
815 if (decoded_data == NULL)
817 g_prefix_error (error, "DATA response is malformed: ");
818 /* invalid encoding, disconnect! */
821 _g_dbus_auth_mechanism_client_data_receive (mech, decoded_data, decoded_data_len);
822 g_free (decoded_data);
824 if (_g_dbus_auth_mechanism_client_get_state (mech) == G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND)
829 data = _g_dbus_auth_mechanism_client_data_send (mech, &data_len);
830 encoded_data = hexencode (data);
831 s = g_strdup_printf ("DATA %s\r\n", encoded_data);
832 g_free (encoded_data);
834 debug_print ("CLIENT: writing `%s'", s);
835 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
842 state = CLIENT_STATE_WAITING_FOR_OK;
849 "In WaitingForData: unexpected response `%s'",
857 g_assert_not_reached ();
861 }; /* main authentication client loop */
865 g_object_unref (mech);
866 g_ptr_array_unref (attempted_auth_mechs);
867 g_strfreev (supported_auth_mechs);
868 g_object_unref (dis);
869 g_object_unref (dos);
871 /* ensure return value is NULL if error is set */
872 if (error != NULL && *error != NULL)
878 if (ret_guid != NULL)
880 if (out_negotiated_capabilities != NULL)
881 *out_negotiated_capabilities = negotiated_capabilities;
884 if (credentials != NULL)
885 g_object_unref (credentials);
887 debug_print ("CLIENT: Done, authenticated=%d", ret_guid != NULL);
892 /* ---------------------------------------------------------------------------------------------------- */
895 get_auth_mechanisms (GDBusAuth *auth,
896 gboolean allow_anonymous,
899 const gchar *separator)
905 str = g_string_new (prefix);
907 for (l = auth->priv->available_mechanisms; l != NULL; l = l->next)
909 Mechanism *m = l->data;
911 if (!allow_anonymous && g_strcmp0 (m->name, "ANONYMOUS") == 0)
915 g_string_append (str, separator);
916 g_string_append (str, m->name);
920 g_string_append (str, suffix);
921 return g_string_free (str, FALSE);
927 SERVER_STATE_WAITING_FOR_AUTH,
928 SERVER_STATE_WAITING_FOR_DATA,
929 SERVER_STATE_WAITING_FOR_BEGIN
933 _g_dbus_auth_run_server (GDBusAuth *auth,
934 GDBusAuthObserver *observer,
936 gboolean allow_anonymous,
937 GDBusCapabilityFlags offered_capabilities,
938 GDBusCapabilityFlags *out_negotiated_capabilities,
939 GCredentials **out_received_credentials,
940 GCancellable *cancellable,
945 GDataInputStream *dis;
946 GDataOutputStream *dos;
951 GDBusAuthMechanism *mech;
953 GDBusCapabilityFlags negotiated_capabilities;
954 GCredentials *credentials;
956 debug_print ("SERVER: initiating");
962 negotiated_capabilities = 0;
965 if (!g_dbus_is_guid (guid))
970 "The given guid `%s' is not valid",
975 dis = G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (auth->priv->stream)));
976 dos = G_DATA_OUTPUT_STREAM (g_data_output_stream_new (g_io_stream_get_output_stream (auth->priv->stream)));
977 g_filter_input_stream_set_close_base_stream (G_FILTER_INPUT_STREAM (dis), FALSE);
978 g_filter_output_stream_set_close_base_stream (G_FILTER_OUTPUT_STREAM (dos), FALSE);
980 g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
982 /* first read the NUL-byte (TODO: read credentials if using a unix domain socket) */
984 if (G_IS_UNIX_CONNECTION (auth->priv->stream) && g_unix_credentials_message_is_supported ())
987 credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
990 if (credentials == NULL)
992 g_propagate_error (error, local_error);
999 byte = g_data_input_stream_read_byte (dis, cancellable, &local_error);
1000 if (local_error != NULL)
1002 g_propagate_error (error, local_error);
1008 byte = g_data_input_stream_read_byte (dis, cancellable, &local_error);
1009 if (local_error != NULL)
1011 g_propagate_error (error, local_error);
1015 if (credentials != NULL)
1017 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
1019 s = g_credentials_to_string (credentials);
1020 debug_print ("SERVER: received credentials `%s'", s);
1026 debug_print ("SERVER: didn't receive any credentials");
1029 state = SERVER_STATE_WAITING_FOR_AUTH;
1034 case SERVER_STATE_WAITING_FOR_AUTH:
1035 debug_print ("SERVER: WaitingForAuth");
1036 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
1037 debug_print ("SERVER: WaitingForAuth, read `%s'", line);
1040 if (g_strcmp0 (line, "AUTH") == 0)
1042 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1043 debug_print ("SERVER: writing `%s'", s);
1044 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1052 else if (g_str_has_prefix (line, "AUTH "))
1055 const gchar *encoded;
1056 const gchar *mech_name;
1057 GType auth_mech_to_use_gtype;
1059 tokens = g_strsplit (line, " ", 0);
1062 switch (g_strv_length (tokens))
1065 /* no initial response */
1066 mech_name = tokens[1];
1071 /* initial response */
1072 mech_name = tokens[1];
1073 encoded = tokens[2];
1080 "Unexpected line `%s' while in WaitingForAuth state",
1082 g_strfreev (tokens);
1086 /* TODO: record that the client has attempted to use this mechanism */
1087 //g_debug ("client is trying `%s'", mech_name);
1089 auth_mech_to_use_gtype = find_mech_by_name (auth, mech_name);
1090 if ((auth_mech_to_use_gtype == (GType) 0) ||
1091 (!allow_anonymous && g_strcmp0 (mech_name, "ANONYMOUS") == 0))
1093 /* We don't support this auth mechanism */
1094 g_strfreev (tokens);
1095 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1096 debug_print ("SERVER: writing `%s'", s);
1097 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1104 /* stay in WAITING FOR AUTH */
1105 state = SERVER_STATE_WAITING_FOR_AUTH;
1109 gchar *initial_response;
1110 gsize initial_response_len;
1112 mech = g_object_new (auth_mech_to_use_gtype,
1113 "stream", auth->priv->stream,
1114 "credentials", credentials,
1117 initial_response = NULL;
1118 initial_response_len = 0;
1119 if (encoded != NULL)
1121 initial_response = hexdecode (encoded, &initial_response_len, error);
1122 if (initial_response == NULL)
1124 g_prefix_error (error, "Initial response is malformed: ");
1125 /* invalid encoding, disconnect! */
1126 g_strfreev (tokens);
1131 _g_dbus_auth_mechanism_server_initiate (mech,
1133 initial_response_len);
1134 g_free (initial_response);
1135 g_strfreev (tokens);
1138 switch (_g_dbus_auth_mechanism_server_get_state (mech))
1140 case G_DBUS_AUTH_MECHANISM_STATE_ACCEPTED:
1141 if (observer != NULL &&
1142 !g_dbus_auth_observer_authorize_authenticated_peer (observer,
1147 g_set_error_literal (error,
1150 _("Cancelled via GDBusAuthObserver::authorize-authenticated-peer"));
1155 s = g_strdup_printf ("OK %s\r\n", guid);
1156 debug_print ("SERVER: writing `%s'", s);
1157 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1163 state = SERVER_STATE_WAITING_FOR_BEGIN;
1167 case G_DBUS_AUTH_MECHANISM_STATE_REJECTED:
1168 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1169 debug_print ("SERVER: writing `%s'", s);
1170 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1176 state = SERVER_STATE_WAITING_FOR_AUTH;
1179 case G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA:
1180 state = SERVER_STATE_WAITING_FOR_DATA;
1183 case G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND:
1187 gchar *encoded_data;
1188 data = _g_dbus_auth_mechanism_server_data_send (mech, &data_len);
1189 encoded_data = hexencode (data);
1190 s = g_strdup_printf ("DATA %s\r\n", encoded_data);
1191 g_free (encoded_data);
1193 debug_print ("SERVER: writing `%s'", s);
1194 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1206 g_assert_not_reached ();
1216 "Unexpected line `%s' while in WaitingForAuth state",
1223 case SERVER_STATE_WAITING_FOR_DATA:
1224 debug_print ("SERVER: WaitingForData");
1225 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
1226 debug_print ("SERVER: WaitingForData, read `%s'", line);
1229 if (g_str_has_prefix (line, "DATA "))
1232 gchar *decoded_data;
1233 gsize decoded_data_len;
1235 encoded = g_strdup (line + 5);
1237 g_strstrip (encoded);
1238 decoded_data = hexdecode (encoded, &decoded_data_len, error);
1240 if (decoded_data == NULL)
1242 g_prefix_error (error, "DATA response is malformed: ");
1243 /* invalid encoding, disconnect! */
1246 _g_dbus_auth_mechanism_server_data_receive (mech, decoded_data, decoded_data_len);
1247 g_free (decoded_data);
1248 /* oh man, this goto-crap is so ugly.. really need to rewrite the state machine */
1256 "Unexpected line `%s' while in WaitingForData state",
1262 case SERVER_STATE_WAITING_FOR_BEGIN:
1263 debug_print ("SERVER: WaitingForBegin");
1264 /* Use extremely slow (but reliable) line reader - this basically
1265 * does a recvfrom() system call per character
1267 * (the problem with using GDataInputStream's read_line is that because of
1268 * buffering it might start reading into the first D-Bus message that
1269 * appears after "BEGIN\r\n"....)
1271 line = _my_g_input_stream_read_line_safe (g_io_stream_get_input_stream (auth->priv->stream),
1275 debug_print ("SERVER: WaitingForBegin, read `%s'", line);
1278 if (g_strcmp0 (line, "BEGIN") == 0)
1285 else if (g_strcmp0 (line, "NEGOTIATE_UNIX_FD") == 0)
1288 if (offered_capabilities & G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING)
1290 negotiated_capabilities |= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
1291 s = "AGREE_UNIX_FD\r\n";
1292 debug_print ("SERVER: writing `%s'", s);
1293 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1298 s = "ERROR \"fd passing not offered\"\r\n";
1299 debug_print ("SERVER: writing `%s'", s);
1300 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1306 g_debug ("Unexpected line `%s' while in WaitingForBegin state", line);
1308 s = "ERROR \"Unknown Command\"\r\n";
1309 debug_print ("SERVER: writing `%s'", s);
1310 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1316 g_assert_not_reached ();
1322 g_set_error_literal (error,
1325 "Not implemented (server)");
1329 g_object_unref (mech);
1331 g_object_unref (dis);
1333 g_object_unref (dos);
1335 /* ensure return value is FALSE if error is set */
1336 if (error != NULL && *error != NULL)
1343 if (out_negotiated_capabilities != NULL)
1344 *out_negotiated_capabilities = negotiated_capabilities;
1345 if (out_received_credentials != NULL)
1346 *out_received_credentials = credentials != NULL ? g_object_ref (credentials) : NULL;
1349 if (credentials != NULL)
1350 g_object_unref (credentials);
1352 debug_print ("SERVER: Done, authenticated=%d", ret);
1357 /* ---------------------------------------------------------------------------------------------------- */
1359 #define __G_DBUS_AUTH_C__
1360 #include "gioaliasdef.c"
projects / platform / upstream / glib.git / blob