1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2010 Red Hat, Inc.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: David Zeuthen <davidz@redhat.com>
25 #include "gdbusauth.h"
27 #include "gdbusauthmechanismanon.h"
28 #include "gdbusauthmechanismexternal.h"
29 #include "gdbusauthmechanismsha1.h"
30 #include "gdbusauthobserver.h"
32 #include "gdbuserror.h"
33 #include "gdbusutils.h"
34 #include "gioenumtypes.h"
35 #include "gcredentials.h"
36 #include "gdbusprivate.h"
37 #include "giostream.h"
38 #include "gdatainputstream.h"
39 #include "gdataoutputstream.h"
42 #include "gnetworking.h"
43 #include "gunixconnection.h"
44 #include "gunixcredentialsmessage.h"
51 debug_print (const gchar *message, ...)
53 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
60 _g_dbus_debug_print_lock ();
62 va_start (var_args, message);
63 s = g_strdup_vprintf (message, var_args);
66 str = g_string_new (NULL);
67 for (n = 0; s[n] != '\0'; n++)
69 if (G_UNLIKELY (s[n] == '\r'))
70 g_string_append (str, "\\r");
71 else if (G_UNLIKELY (s[n] == '\n'))
72 g_string_append (str, "\\n");
74 g_string_append_c (str, s[n]);
76 g_print ("GDBus-debug:Auth: %s\n", str->str);
77 g_string_free (str, TRUE);
80 _g_dbus_debug_print_unlock ();
91 static void mechanism_free (Mechanism *m);
93 struct _GDBusAuthPrivate
97 /* A list of available Mechanism, sorted according to priority */
98 GList *available_mechanisms;
107 G_DEFINE_TYPE (GDBusAuth, _g_dbus_auth, G_TYPE_OBJECT);
109 /* ---------------------------------------------------------------------------------------------------- */
112 _g_dbus_auth_finalize (GObject *object)
114 GDBusAuth *auth = G_DBUS_AUTH (object);
116 if (auth->priv->stream != NULL)
117 g_object_unref (auth->priv->stream);
118 g_list_free_full (auth->priv->available_mechanisms, (GDestroyNotify) mechanism_free);
120 if (G_OBJECT_CLASS (_g_dbus_auth_parent_class)->finalize != NULL)
121 G_OBJECT_CLASS (_g_dbus_auth_parent_class)->finalize (object);
125 _g_dbus_auth_get_property (GObject *object,
130 GDBusAuth *auth = G_DBUS_AUTH (object);
135 g_value_set_object (value, auth->priv->stream);
139 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
145 _g_dbus_auth_set_property (GObject *object,
150 GDBusAuth *auth = G_DBUS_AUTH (object);
155 auth->priv->stream = g_value_dup_object (value);
159 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
165 _g_dbus_auth_class_init (GDBusAuthClass *klass)
167 GObjectClass *gobject_class;
169 g_type_class_add_private (klass, sizeof (GDBusAuthPrivate));
171 gobject_class = G_OBJECT_CLASS (klass);
172 gobject_class->get_property = _g_dbus_auth_get_property;
173 gobject_class->set_property = _g_dbus_auth_set_property;
174 gobject_class->finalize = _g_dbus_auth_finalize;
176 g_object_class_install_property (gobject_class,
178 g_param_spec_object ("stream",
180 P_("The underlying GIOStream used for I/O"),
184 G_PARAM_CONSTRUCT_ONLY |
185 G_PARAM_STATIC_NAME |
186 G_PARAM_STATIC_BLURB |
187 G_PARAM_STATIC_NICK));
191 mechanism_free (Mechanism *m)
197 add_mechanism (GDBusAuth *auth,
198 GDBusAuthObserver *observer,
199 GType mechanism_type)
203 name = _g_dbus_auth_mechanism_get_name (mechanism_type);
204 if (observer == NULL || g_dbus_auth_observer_allow_mechanism (observer, name))
207 m = g_new0 (Mechanism, 1);
209 m->priority = _g_dbus_auth_mechanism_get_priority (mechanism_type);
210 m->gtype = mechanism_type;
211 auth->priv->available_mechanisms = g_list_prepend (auth->priv->available_mechanisms, m);
216 mech_compare_func (Mechanism *a, Mechanism *b)
219 /* ensure deterministic order */
220 ret = b->priority - a->priority;
222 ret = g_strcmp0 (b->name, a->name);
227 _g_dbus_auth_init (GDBusAuth *auth)
229 auth->priv = G_TYPE_INSTANCE_GET_PRIVATE (auth, G_TYPE_DBUS_AUTH, GDBusAuthPrivate);
234 _g_dbus_auth_add_mechs (GDBusAuth *auth,
235 GDBusAuthObserver *observer)
237 /* TODO: trawl extension points */
238 add_mechanism (auth, observer, G_TYPE_DBUS_AUTH_MECHANISM_ANON);
239 add_mechanism (auth, observer, G_TYPE_DBUS_AUTH_MECHANISM_SHA1);
240 add_mechanism (auth, observer, G_TYPE_DBUS_AUTH_MECHANISM_EXTERNAL);
242 auth->priv->available_mechanisms = g_list_sort (auth->priv->available_mechanisms,
243 (GCompareFunc) mech_compare_func);
247 find_mech_by_name (GDBusAuth *auth,
255 for (l = auth->priv->available_mechanisms; l != NULL; l = l->next)
257 Mechanism *m = l->data;
258 if (g_strcmp0 (name, m->name) == 0)
270 _g_dbus_auth_new (GIOStream *stream)
272 return g_object_new (G_TYPE_DBUS_AUTH,
277 /* ---------------------------------------------------------------------------------------------------- */
278 /* like g_data_input_stream_read_line() but sets error if there's no content to read */
280 _my_g_data_input_stream_read_line (GDataInputStream *dis,
281 gsize *out_line_length,
282 GCancellable *cancellable,
287 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
289 ret = g_data_input_stream_read_line (dis,
293 if (ret == NULL && error != NULL && *error == NULL)
295 g_set_error_literal (error,
298 _("Unexpected lack of content trying to read a line"));
304 /* This function is to avoid situations like this
306 * BEGIN\r\nl\0\0\1...
308 * e.g. where we read into the first D-Bus message while waiting for
309 * the final line from the client (TODO: file bug against gio for
313 _my_g_input_stream_read_line_safe (GInputStream *i,
314 gsize *out_line_length,
315 GCancellable *cancellable,
321 gboolean last_was_cr;
323 str = g_string_new (NULL);
328 num_read = g_input_stream_read (i,
337 if (error != NULL && *error == NULL)
339 g_set_error_literal (error,
342 _("Unexpected lack of content trying to (safely) read a line"));
347 g_string_append_c (str, (gint) c);
352 g_assert (str->len >= 2);
353 g_string_set_size (str, str->len - 2);
357 last_was_cr = (c == 0x0d);
361 if (out_line_length != NULL)
362 *out_line_length = str->len;
363 return g_string_free (str, FALSE);
366 g_assert (error == NULL || *error != NULL);
367 g_string_free (str, TRUE);
371 /* ---------------------------------------------------------------------------------------------------- */
374 append_nibble (GString *s, gint val)
376 g_string_append_c (s, val >= 10 ? ('a' + val - 10) : ('0' + val));
380 hexdecode (const gchar *str,
389 s = g_string_new (NULL);
391 for (n = 0; str[n] != '\0'; n += 2)
397 upper_nibble = g_ascii_xdigit_value (str[n]);
398 lower_nibble = g_ascii_xdigit_value (str[n + 1]);
399 if (upper_nibble == -1 || lower_nibble == -1)
404 "Error hexdecoding string `%s' around position %d",
408 value = (upper_nibble<<4) | lower_nibble;
409 g_string_append_c (s, value);
412 ret = g_string_free (s, FALSE);
417 g_string_free (s, TRUE);
423 hexencode (const gchar *str)
428 s = g_string_new (NULL);
429 for (n = 0; str[n] != '\0'; n++)
435 val = ((const guchar *) str)[n];
436 upper_nibble = val >> 4;
437 lower_nibble = val & 0x0f;
439 append_nibble (s, upper_nibble);
440 append_nibble (s, lower_nibble);
443 return g_string_free (s, FALSE);
446 /* ---------------------------------------------------------------------------------------------------- */
448 static GDBusAuthMechanism *
449 client_choose_mech_and_send_initial_response (GDBusAuth *auth,
450 GCredentials *credentials_that_were_sent,
451 const gchar* const *supported_auth_mechs,
452 GPtrArray *attempted_auth_mechs,
453 GDataOutputStream *dos,
454 GCancellable *cancellable,
457 GDBusAuthMechanism *mech;
458 GType auth_mech_to_use_gtype;
461 gchar *initial_response;
462 gsize initial_response_len;
469 debug_print ("CLIENT: Trying to choose mechanism");
471 /* find an authentication mechanism to try, if any */
472 auth_mech_to_use_gtype = (GType) 0;
473 for (n = 0; supported_auth_mechs[n] != NULL; n++)
475 gboolean attempted_already;
476 attempted_already = FALSE;
477 for (m = 0; m < attempted_auth_mechs->len; m++)
479 if (g_strcmp0 (supported_auth_mechs[n], attempted_auth_mechs->pdata[m]) == 0)
481 attempted_already = TRUE;
485 if (!attempted_already)
487 auth_mech_to_use_gtype = find_mech_by_name (auth, supported_auth_mechs[n]);
488 if (auth_mech_to_use_gtype != (GType) 0)
493 if (auth_mech_to_use_gtype == (GType) 0)
499 debug_print ("CLIENT: Exhausted all available mechanisms");
501 available = g_strjoinv (", ", (gchar **) supported_auth_mechs);
503 tried_str = g_string_new (NULL);
504 for (n = 0; n < attempted_auth_mechs->len; n++)
507 g_string_append (tried_str, ", ");
508 g_string_append (tried_str, attempted_auth_mechs->pdata[n]);
513 _("Exhausted all available authentication mechanisms (tried: %s) (available: %s)"),
516 g_string_free (tried_str, TRUE);
521 /* OK, decided on a mechanism - let's do this thing */
522 mech = g_object_new (auth_mech_to_use_gtype,
523 "stream", auth->priv->stream,
524 "credentials", credentials_that_were_sent,
526 debug_print ("CLIENT: Trying mechanism `%s'", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
527 g_ptr_array_add (attempted_auth_mechs, (gpointer) _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
529 /* the auth mechanism may not be supported
530 * (for example, EXTERNAL only works if credentials were exchanged)
532 if (!_g_dbus_auth_mechanism_is_supported (mech))
534 debug_print ("CLIENT: Mechanism `%s' says it is not supported", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
535 g_object_unref (mech);
540 initial_response_len = -1;
541 initial_response = _g_dbus_auth_mechanism_client_initiate (mech,
542 &initial_response_len);
544 g_printerr ("using auth mechanism with name `%s' of type `%s' with initial response `%s'\n",
545 _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype),
546 g_type_name (G_TYPE_FROM_INSTANCE (mech)),
549 if (initial_response != NULL)
551 //g_printerr ("initial_response = `%s'\n", initial_response);
552 encoded = hexencode (initial_response);
553 s = g_strdup_printf ("AUTH %s %s\r\n",
554 _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype),
556 g_free (initial_response);
561 s = g_strdup_printf ("AUTH %s\r\n", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
563 debug_print ("CLIENT: writing `%s'", s);
564 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
566 g_object_unref (mech);
578 /* ---------------------------------------------------------------------------------------------------- */
582 CLIENT_STATE_WAITING_FOR_DATA,
583 CLIENT_STATE_WAITING_FOR_OK,
584 CLIENT_STATE_WAITING_FOR_REJECT,
585 CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD
589 _g_dbus_auth_run_client (GDBusAuth *auth,
590 GDBusAuthObserver *observer,
591 GDBusCapabilityFlags offered_capabilities,
592 GDBusCapabilityFlags *out_negotiated_capabilities,
593 GCancellable *cancellable,
597 GDataInputStream *dis;
598 GDataOutputStream *dos;
599 GCredentials *credentials;
603 gchar **supported_auth_mechs;
604 GPtrArray *attempted_auth_mechs;
605 GDBusAuthMechanism *mech;
607 GDBusCapabilityFlags negotiated_capabilities;
609 debug_print ("CLIENT: initiating");
611 _g_dbus_auth_add_mechs (auth, observer);
614 supported_auth_mechs = NULL;
615 attempted_auth_mechs = g_ptr_array_new ();
617 negotiated_capabilities = 0;
620 dis = G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (auth->priv->stream)));
621 dos = G_DATA_OUTPUT_STREAM (g_data_output_stream_new (g_io_stream_get_output_stream (auth->priv->stream)));
622 g_filter_input_stream_set_close_base_stream (G_FILTER_INPUT_STREAM (dis), FALSE);
623 g_filter_output_stream_set_close_base_stream (G_FILTER_OUTPUT_STREAM (dos), FALSE);
625 g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
628 if (G_IS_UNIX_CONNECTION (auth->priv->stream))
630 credentials = g_credentials_new ();
631 if (!g_unix_connection_send_credentials (G_UNIX_CONNECTION (auth->priv->stream),
638 if (!g_data_output_stream_put_byte (dos, '\0', cancellable, error))
642 if (!g_data_output_stream_put_byte (dos, '\0', cancellable, error))
646 if (credentials != NULL)
648 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
650 s = g_credentials_to_string (credentials);
651 debug_print ("CLIENT: sent credentials `%s'", s);
657 debug_print ("CLIENT: didn't send any credentials");
660 /* TODO: to reduce roundtrips, try to pick an auth mechanism to start with */
662 /* Get list of supported authentication mechanisms */
664 debug_print ("CLIENT: writing `%s'", s);
665 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
667 state = CLIENT_STATE_WAITING_FOR_REJECT;
673 case CLIENT_STATE_WAITING_FOR_REJECT:
674 debug_print ("CLIENT: WaitingForReject");
675 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
678 debug_print ("CLIENT: WaitingForReject, read '%s'", line);
681 if (!g_str_has_prefix (line, "REJECTED "))
686 "In WaitingForReject: Expected `REJECTED am1 am2 ... amN', got `%s'",
691 if (supported_auth_mechs == NULL)
693 supported_auth_mechs = g_strsplit (line + sizeof ("REJECTED ") - 1, " ", 0);
695 for (n = 0; supported_auth_mechs != NULL && supported_auth_mechs[n] != NULL; n++)
696 g_printerr ("supported_auth_mechs[%d] = `%s'\n", n, supported_auth_mechs[n]);
700 mech = client_choose_mech_and_send_initial_response (auth,
702 (const gchar* const *) supported_auth_mechs,
703 attempted_auth_mechs,
709 if (_g_dbus_auth_mechanism_client_get_state (mech) == G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA)
710 state = CLIENT_STATE_WAITING_FOR_DATA;
712 state = CLIENT_STATE_WAITING_FOR_OK;
715 case CLIENT_STATE_WAITING_FOR_OK:
716 debug_print ("CLIENT: WaitingForOK");
717 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
720 debug_print ("CLIENT: WaitingForOK, read `%s'", line);
721 if (g_str_has_prefix (line, "OK "))
723 if (!g_dbus_is_guid (line + 3))
728 "Invalid OK response `%s'",
733 ret_guid = g_strdup (line + 3);
736 if (offered_capabilities & G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING)
738 s = "NEGOTIATE_UNIX_FD\r\n";
739 debug_print ("CLIENT: writing `%s'", s);
740 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
742 state = CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD;
747 debug_print ("CLIENT: writing `%s'", s);
748 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
750 /* and we're done! */
754 else if (g_str_has_prefix (line, "REJECTED "))
756 goto choose_mechanism;
760 /* TODO: handle other valid responses */
764 "In WaitingForOk: unexpected response `%s'",
771 case CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD:
772 debug_print ("CLIENT: WaitingForAgreeUnixFD");
773 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
776 debug_print ("CLIENT: WaitingForAgreeUnixFD, read=`%s'", line);
777 if (g_strcmp0 (line, "AGREE_UNIX_FD") == 0)
780 negotiated_capabilities |= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
782 debug_print ("CLIENT: writing `%s'", s);
783 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
785 /* and we're done! */
788 else if (g_str_has_prefix (line, "ERROR") && (line[5] == 0 || g_ascii_isspace (line[5])))
790 //g_strstrip (line + 5); g_debug ("bah, no unix_fd: `%s'", line + 5);
793 debug_print ("CLIENT: writing `%s'", s);
794 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
796 /* and we're done! */
801 /* TODO: handle other valid responses */
805 "In WaitingForAgreeUnixFd: unexpected response `%s'",
812 case CLIENT_STATE_WAITING_FOR_DATA:
813 debug_print ("CLIENT: WaitingForData");
814 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
817 debug_print ("CLIENT: WaitingForData, read=`%s'", line);
818 if (g_str_has_prefix (line, "DATA "))
822 gsize decoded_data_len = 0;
824 encoded = g_strdup (line + 5);
826 g_strstrip (encoded);
827 decoded_data = hexdecode (encoded, &decoded_data_len, error);
829 if (decoded_data == NULL)
831 g_prefix_error (error, "DATA response is malformed: ");
832 /* invalid encoding, disconnect! */
835 _g_dbus_auth_mechanism_client_data_receive (mech, decoded_data, decoded_data_len);
836 g_free (decoded_data);
838 if (_g_dbus_auth_mechanism_client_get_state (mech) == G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND)
843 data = _g_dbus_auth_mechanism_client_data_send (mech, &data_len);
844 encoded_data = hexencode (data);
845 s = g_strdup_printf ("DATA %s\r\n", encoded_data);
846 g_free (encoded_data);
848 debug_print ("CLIENT: writing `%s'", s);
849 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
856 state = CLIENT_STATE_WAITING_FOR_OK;
858 else if (g_str_has_prefix (line, "REJECTED "))
860 /* could be the chosen authentication method just doesn't work. Try
863 goto choose_mechanism;
870 "In WaitingForData: unexpected response `%s'",
878 g_assert_not_reached ();
882 }; /* main authentication client loop */
886 g_object_unref (mech);
887 g_ptr_array_unref (attempted_auth_mechs);
888 g_strfreev (supported_auth_mechs);
889 g_object_unref (dis);
890 g_object_unref (dos);
892 /* ensure return value is NULL if error is set */
893 if (error != NULL && *error != NULL)
899 if (ret_guid != NULL)
901 if (out_negotiated_capabilities != NULL)
902 *out_negotiated_capabilities = negotiated_capabilities;
905 if (credentials != NULL)
906 g_object_unref (credentials);
908 debug_print ("CLIENT: Done, authenticated=%d", ret_guid != NULL);
913 /* ---------------------------------------------------------------------------------------------------- */
916 get_auth_mechanisms (GDBusAuth *auth,
917 gboolean allow_anonymous,
920 const gchar *separator)
926 str = g_string_new (prefix);
928 for (l = auth->priv->available_mechanisms; l != NULL; l = l->next)
930 Mechanism *m = l->data;
932 if (!allow_anonymous && g_strcmp0 (m->name, "ANONYMOUS") == 0)
936 g_string_append (str, separator);
937 g_string_append (str, m->name);
941 g_string_append (str, suffix);
942 return g_string_free (str, FALSE);
948 SERVER_STATE_WAITING_FOR_AUTH,
949 SERVER_STATE_WAITING_FOR_DATA,
950 SERVER_STATE_WAITING_FOR_BEGIN
954 _g_dbus_auth_run_server (GDBusAuth *auth,
955 GDBusAuthObserver *observer,
957 gboolean allow_anonymous,
958 GDBusCapabilityFlags offered_capabilities,
959 GDBusCapabilityFlags *out_negotiated_capabilities,
960 GCredentials **out_received_credentials,
961 GCancellable *cancellable,
966 GDataInputStream *dis;
967 GDataOutputStream *dos;
972 GDBusAuthMechanism *mech;
974 GDBusCapabilityFlags negotiated_capabilities;
975 GCredentials *credentials;
977 debug_print ("SERVER: initiating");
979 _g_dbus_auth_add_mechs (auth, observer);
985 negotiated_capabilities = 0;
988 if (!g_dbus_is_guid (guid))
993 "The given guid `%s' is not valid",
998 dis = G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (auth->priv->stream)));
999 dos = G_DATA_OUTPUT_STREAM (g_data_output_stream_new (g_io_stream_get_output_stream (auth->priv->stream)));
1000 g_filter_input_stream_set_close_base_stream (G_FILTER_INPUT_STREAM (dis), FALSE);
1001 g_filter_output_stream_set_close_base_stream (G_FILTER_OUTPUT_STREAM (dos), FALSE);
1003 g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
1005 /* first read the NUL-byte (TODO: read credentials if using a unix domain socket) */
1007 if (G_IS_UNIX_CONNECTION (auth->priv->stream))
1010 credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
1013 if (credentials == NULL && !g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED))
1015 g_propagate_error (error, local_error);
1022 byte = g_data_input_stream_read_byte (dis, cancellable, &local_error);
1023 byte = byte; /* To avoid -Wunused-but-set-variable */
1024 if (local_error != NULL)
1026 g_propagate_error (error, local_error);
1032 byte = g_data_input_stream_read_byte (dis, cancellable, &local_error);
1033 byte = byte; /* To avoid -Wunused-but-set-variable */
1034 if (local_error != NULL)
1036 g_propagate_error (error, local_error);
1040 if (credentials != NULL)
1042 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
1044 s = g_credentials_to_string (credentials);
1045 debug_print ("SERVER: received credentials `%s'", s);
1051 debug_print ("SERVER: didn't receive any credentials");
1054 state = SERVER_STATE_WAITING_FOR_AUTH;
1059 case SERVER_STATE_WAITING_FOR_AUTH:
1060 debug_print ("SERVER: WaitingForAuth");
1061 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
1062 debug_print ("SERVER: WaitingForAuth, read `%s'", line);
1065 if (g_strcmp0 (line, "AUTH") == 0)
1067 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1068 debug_print ("SERVER: writing `%s'", s);
1069 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1077 else if (g_str_has_prefix (line, "AUTH "))
1080 const gchar *encoded;
1081 const gchar *mech_name;
1082 GType auth_mech_to_use_gtype;
1084 tokens = g_strsplit (line, " ", 0);
1087 switch (g_strv_length (tokens))
1090 /* no initial response */
1091 mech_name = tokens[1];
1096 /* initial response */
1097 mech_name = tokens[1];
1098 encoded = tokens[2];
1105 "Unexpected line `%s' while in WaitingForAuth state",
1107 g_strfreev (tokens);
1111 /* TODO: record that the client has attempted to use this mechanism */
1112 //g_debug ("client is trying `%s'", mech_name);
1114 auth_mech_to_use_gtype = find_mech_by_name (auth, mech_name);
1115 if ((auth_mech_to_use_gtype == (GType) 0) ||
1116 (!allow_anonymous && g_strcmp0 (mech_name, "ANONYMOUS") == 0))
1118 /* We don't support this auth mechanism */
1119 g_strfreev (tokens);
1120 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1121 debug_print ("SERVER: writing `%s'", s);
1122 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1129 /* stay in WAITING FOR AUTH */
1130 state = SERVER_STATE_WAITING_FOR_AUTH;
1134 gchar *initial_response;
1135 gsize initial_response_len;
1137 mech = g_object_new (auth_mech_to_use_gtype,
1138 "stream", auth->priv->stream,
1139 "credentials", credentials,
1142 initial_response = NULL;
1143 initial_response_len = 0;
1144 if (encoded != NULL)
1146 initial_response = hexdecode (encoded, &initial_response_len, error);
1147 if (initial_response == NULL)
1149 g_prefix_error (error, "Initial response is malformed: ");
1150 /* invalid encoding, disconnect! */
1151 g_strfreev (tokens);
1156 _g_dbus_auth_mechanism_server_initiate (mech,
1158 initial_response_len);
1159 g_free (initial_response);
1160 g_strfreev (tokens);
1163 switch (_g_dbus_auth_mechanism_server_get_state (mech))
1165 case G_DBUS_AUTH_MECHANISM_STATE_ACCEPTED:
1166 if (observer != NULL &&
1167 !g_dbus_auth_observer_authorize_authenticated_peer (observer,
1172 g_set_error_literal (error,
1175 _("Cancelled via GDBusAuthObserver::authorize-authenticated-peer"));
1180 s = g_strdup_printf ("OK %s\r\n", guid);
1181 debug_print ("SERVER: writing `%s'", s);
1182 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1188 state = SERVER_STATE_WAITING_FOR_BEGIN;
1192 case G_DBUS_AUTH_MECHANISM_STATE_REJECTED:
1193 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1194 debug_print ("SERVER: writing `%s'", s);
1195 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1201 state = SERVER_STATE_WAITING_FOR_AUTH;
1204 case G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA:
1205 state = SERVER_STATE_WAITING_FOR_DATA;
1208 case G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND:
1212 gchar *encoded_data;
1213 data = _g_dbus_auth_mechanism_server_data_send (mech, &data_len);
1214 encoded_data = hexencode (data);
1215 s = g_strdup_printf ("DATA %s\r\n", encoded_data);
1216 g_free (encoded_data);
1218 debug_print ("SERVER: writing `%s'", s);
1219 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1231 g_assert_not_reached ();
1241 "Unexpected line `%s' while in WaitingForAuth state",
1248 case SERVER_STATE_WAITING_FOR_DATA:
1249 debug_print ("SERVER: WaitingForData");
1250 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
1251 debug_print ("SERVER: WaitingForData, read `%s'", line);
1254 if (g_str_has_prefix (line, "DATA "))
1257 gchar *decoded_data;
1258 gsize decoded_data_len = 0;
1260 encoded = g_strdup (line + 5);
1262 g_strstrip (encoded);
1263 decoded_data = hexdecode (encoded, &decoded_data_len, error);
1265 if (decoded_data == NULL)
1267 g_prefix_error (error, "DATA response is malformed: ");
1268 /* invalid encoding, disconnect! */
1271 _g_dbus_auth_mechanism_server_data_receive (mech, decoded_data, decoded_data_len);
1272 g_free (decoded_data);
1273 /* oh man, this goto-crap is so ugly.. really need to rewrite the state machine */
1281 "Unexpected line `%s' while in WaitingForData state",
1287 case SERVER_STATE_WAITING_FOR_BEGIN:
1288 debug_print ("SERVER: WaitingForBegin");
1289 /* Use extremely slow (but reliable) line reader - this basically
1290 * does a recvfrom() system call per character
1292 * (the problem with using GDataInputStream's read_line is that because of
1293 * buffering it might start reading into the first D-Bus message that
1294 * appears after "BEGIN\r\n"....)
1296 line = _my_g_input_stream_read_line_safe (g_io_stream_get_input_stream (auth->priv->stream),
1300 debug_print ("SERVER: WaitingForBegin, read `%s'", line);
1303 if (g_strcmp0 (line, "BEGIN") == 0)
1310 else if (g_strcmp0 (line, "NEGOTIATE_UNIX_FD") == 0)
1313 if (offered_capabilities & G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING)
1315 negotiated_capabilities |= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
1316 s = "AGREE_UNIX_FD\r\n";
1317 debug_print ("SERVER: writing `%s'", s);
1318 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1323 s = "ERROR \"fd passing not offered\"\r\n";
1324 debug_print ("SERVER: writing `%s'", s);
1325 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1331 g_debug ("Unexpected line `%s' while in WaitingForBegin state", line);
1333 s = "ERROR \"Unknown Command\"\r\n";
1334 debug_print ("SERVER: writing `%s'", s);
1335 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1341 g_assert_not_reached ();
1347 g_set_error_literal (error,
1350 "Not implemented (server)");
1354 g_object_unref (mech);
1356 g_object_unref (dis);
1358 g_object_unref (dos);
1360 /* ensure return value is FALSE if error is set */
1361 if (error != NULL && *error != NULL)
1368 if (out_negotiated_capabilities != NULL)
1369 *out_negotiated_capabilities = negotiated_capabilities;
1370 if (out_received_credentials != NULL)
1371 *out_received_credentials = credentials != NULL ? g_object_ref (credentials) : NULL;
1374 if (credentials != NULL)
1375 g_object_unref (credentials);
1377 debug_print ("SERVER: Done, authenticated=%d", ret);
1382 /* ---------------------------------------------------------------------------------------------------- */
projects / platform / upstream / glib.git / blob