1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2009 Red Hat, Inc.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: David Zeuthen <davidz@redhat.com>
25 #include <glib/gi18n.h>
27 #include "gdbusauth.h"
28 #include "gdbusauthmechanismanon.h"
29 #include "gdbusauthmechanismexternal.h"
30 #include "gdbusauthmechanismsha1.h"
32 #include "gdbusauthobserver.h"
34 #include "gdbuserror.h"
35 #include "gdbusutils.h"
36 #include "gioenumtypes.h"
37 #include "gcredentials.h"
38 #include "gdbusprivate.h"
41 #include <gio/gunixconnection.h>
42 #include "gunixcredentialsmessage.h"
43 #include <sys/types.h>
44 #include <sys/socket.h>
47 #define DEBUG_ENABLED 1
50 debug_print (const gchar *message, ...)
53 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
60 va_start (var_args, message);
61 s = g_strdup_vprintf (message, var_args);
64 str = g_string_new (NULL);
65 for (n = 0; s[n] != '\0'; n++)
67 if (G_UNLIKELY (s[n] == '\r'))
68 g_string_append (str, "\\r");
69 else if (G_UNLIKELY (s[n] == '\n'))
70 g_string_append (str, "\\n");
72 g_string_append_c (str, s[n]);
74 g_print ("GDBus-debug:Auth: %s\n", str->str);
75 g_string_free (str, TRUE);
88 static void mechanism_free (Mechanism *m);
90 struct _GDBusAuthPrivate
94 /* A list of available Mechanism, sorted according to priority */
95 GList *available_mechanisms;
104 G_DEFINE_TYPE (GDBusAuth, _g_dbus_auth, G_TYPE_OBJECT);
106 /* ---------------------------------------------------------------------------------------------------- */
109 _g_dbus_auth_finalize (GObject *object)
111 GDBusAuth *auth = G_DBUS_AUTH (object);
113 if (auth->priv->stream != NULL)
114 g_object_unref (auth->priv->stream);
115 g_list_foreach (auth->priv->available_mechanisms, (GFunc) mechanism_free, NULL);
116 g_list_free (auth->priv->available_mechanisms);
118 if (G_OBJECT_CLASS (_g_dbus_auth_parent_class)->finalize != NULL)
119 G_OBJECT_CLASS (_g_dbus_auth_parent_class)->finalize (object);
123 _g_dbus_auth_get_property (GObject *object,
128 GDBusAuth *auth = G_DBUS_AUTH (object);
133 g_value_set_object (value, auth->priv->stream);
137 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
143 _g_dbus_auth_set_property (GObject *object,
148 GDBusAuth *auth = G_DBUS_AUTH (object);
153 auth->priv->stream = g_value_dup_object (value);
157 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
163 _g_dbus_auth_class_init (GDBusAuthClass *klass)
165 GObjectClass *gobject_class;
167 g_type_class_add_private (klass, sizeof (GDBusAuthPrivate));
169 gobject_class = G_OBJECT_CLASS (klass);
170 gobject_class->get_property = _g_dbus_auth_get_property;
171 gobject_class->set_property = _g_dbus_auth_set_property;
172 gobject_class->finalize = _g_dbus_auth_finalize;
174 g_object_class_install_property (gobject_class,
176 g_param_spec_object ("stream",
178 _("The underlying GIOStream used for I/O"),
182 G_PARAM_CONSTRUCT_ONLY |
183 G_PARAM_STATIC_NAME |
184 G_PARAM_STATIC_BLURB |
185 G_PARAM_STATIC_NICK));
189 mechanism_free (Mechanism *m)
195 add_mechanism (GDBusAuth *auth,
196 GType mechanism_type)
200 m = g_new0 (Mechanism, 1);
201 m->name = _g_dbus_auth_mechanism_get_name (mechanism_type);
202 m->priority = _g_dbus_auth_mechanism_get_priority (mechanism_type);
203 m->gtype = mechanism_type;
205 auth->priv->available_mechanisms = g_list_prepend (auth->priv->available_mechanisms, m);
209 mech_compare_func (Mechanism *a, Mechanism *b)
212 /* ensure deterministic order */
213 ret = b->priority - a->priority;
215 ret = g_strcmp0 (b->name, a->name);
220 _g_dbus_auth_init (GDBusAuth *auth)
222 auth->priv = G_TYPE_INSTANCE_GET_PRIVATE (auth, G_TYPE_DBUS_AUTH, GDBusAuthPrivate);
224 /* TODO: trawl extension points */
225 add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_ANON);
226 add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_SHA1);
227 add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_EXTERNAL);
229 auth->priv->available_mechanisms = g_list_sort (auth->priv->available_mechanisms,
230 (GCompareFunc) mech_compare_func);
234 find_mech_by_name (GDBusAuth *auth,
242 for (l = auth->priv->available_mechanisms; l != NULL; l = l->next)
244 Mechanism *m = l->data;
245 if (g_strcmp0 (name, m->name) == 0)
257 _g_dbus_auth_new (GIOStream *stream)
259 return g_object_new (G_TYPE_DBUS_AUTH,
264 /* ---------------------------------------------------------------------------------------------------- */
265 /* like g_data_input_stream_read_line() but sets error if there's no content to read */
267 _my_g_data_input_stream_read_line (GDataInputStream *dis,
268 gsize *out_line_length,
269 GCancellable *cancellable,
274 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
276 ret = g_data_input_stream_read_line (dis,
280 if (ret == NULL && error != NULL && *error == NULL)
282 g_set_error_literal (error,
285 _("Unexpected lack of content trying to read a line"));
291 /* This function is to avoid situations like this
293 * BEGIN\r\nl\0\0\1...
295 * e.g. where we read into the first D-Bus message while waiting for
296 * the final line from the client (TODO: file bug against gio for
300 _my_g_input_stream_read_line_safe (GInputStream *i,
301 gsize *out_line_length,
302 GCancellable *cancellable,
308 gboolean last_was_cr;
310 str = g_string_new (NULL);
315 num_read = g_input_stream_read (i,
324 if (error != NULL && *error == NULL)
326 g_set_error_literal (error,
329 _("Unexpected lack of content trying to (safely) read a line"));
334 g_string_append_c (str, (gint) c);
339 g_assert (str->len >= 2);
340 g_string_set_size (str, str->len - 2);
344 last_was_cr = (c == 0x0d);
348 if (out_line_length != NULL)
349 *out_line_length = str->len;
350 return g_string_free (str, FALSE);
353 g_assert (error == NULL || *error != NULL);
354 g_string_free (str, TRUE);
358 /* ---------------------------------------------------------------------------------------------------- */
361 append_nibble (GString *s, gint val)
363 g_string_append_c (s, val >= 10 ? ('a' + val - 10) : ('0' + val));
367 hexdecode (const gchar *str,
376 s = g_string_new (NULL);
378 for (n = 0; str[n] != '\0'; n += 2)
384 upper_nibble = g_ascii_xdigit_value (str[n]);
385 lower_nibble = g_ascii_xdigit_value (str[n + 1]);
386 if (upper_nibble == -1 || lower_nibble == -1)
391 "Error hexdecoding string `%s' around position %d",
395 value = (upper_nibble<<4) | lower_nibble;
396 g_string_append_c (s, value);
399 ret = g_string_free (s, FALSE);
404 g_string_free (s, TRUE);
410 hexencode (const gchar *str)
415 s = g_string_new (NULL);
416 for (n = 0; str[n] != '\0'; n++)
422 val = ((const guchar *) str)[n];
423 upper_nibble = val >> 4;
424 lower_nibble = val & 0x0f;
426 append_nibble (s, upper_nibble);
427 append_nibble (s, lower_nibble);
430 return g_string_free (s, FALSE);
433 /* ---------------------------------------------------------------------------------------------------- */
435 static GDBusAuthMechanism *
436 client_choose_mech_and_send_initial_response (GDBusAuth *auth,
437 GCredentials *credentials_that_were_sent,
438 const gchar* const *supported_auth_mechs,
439 GPtrArray *attempted_auth_mechs,
440 GDataOutputStream *dos,
441 GCancellable *cancellable,
444 GDBusAuthMechanism *mech;
445 GType auth_mech_to_use_gtype;
448 gchar *initial_response;
449 gsize initial_response_len;
456 debug_print ("CLIENT: Trying to choose mechanism");
458 /* find an authentication mechanism to try, if any */
459 auth_mech_to_use_gtype = (GType) 0;
460 for (n = 0; supported_auth_mechs[n] != NULL; n++)
462 gboolean attempted_already;
463 attempted_already = FALSE;
464 for (m = 0; m < attempted_auth_mechs->len; m++)
466 if (g_strcmp0 (supported_auth_mechs[n], attempted_auth_mechs->pdata[m]) == 0)
468 attempted_already = TRUE;
472 if (!attempted_already)
474 auth_mech_to_use_gtype = find_mech_by_name (auth, supported_auth_mechs[n]);
475 if (auth_mech_to_use_gtype != (GType) 0)
480 if (auth_mech_to_use_gtype == (GType) 0)
486 debug_print ("CLIENT: Exhausted all available mechanisms");
488 available = g_strjoinv (", ", (gchar **) supported_auth_mechs);
490 tried_str = g_string_new (NULL);
491 for (n = 0; n < attempted_auth_mechs->len; n++)
494 g_string_append (tried_str, ", ");
495 g_string_append (tried_str, attempted_auth_mechs->pdata[n]);
500 _("Exhausted all available authentication mechanisms (tried: %s) (available: %s)"),
503 g_string_free (tried_str, TRUE);
508 /* OK, decided on a mechanism - let's do this thing */
509 mech = g_object_new (auth_mech_to_use_gtype,
510 "stream", auth->priv->stream,
511 "credentials", credentials_that_were_sent,
513 debug_print ("CLIENT: Trying mechanism `%s'", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
514 g_ptr_array_add (attempted_auth_mechs, (gpointer) _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
516 /* the auth mechanism may not be supported
517 * (for example, EXTERNAL only works if credentials were exchanged)
519 if (!_g_dbus_auth_mechanism_is_supported (mech))
521 debug_print ("CLIENT: Mechanism `%s' says it is not supported", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
522 g_object_unref (mech);
527 initial_response_len = -1;
528 initial_response = _g_dbus_auth_mechanism_client_initiate (mech,
529 &initial_response_len);
531 g_printerr ("using auth mechanism with name `%s' of type `%s' with initial response `%s'\n",
532 _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype),
533 g_type_name (G_TYPE_FROM_INSTANCE (mech)),
536 if (initial_response != NULL)
538 //g_printerr ("initial_response = `%s'\n", initial_response);
539 encoded = hexencode (initial_response);
540 s = g_strdup_printf ("AUTH %s %s\r\n",
541 _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype),
543 g_free (initial_response);
548 s = g_strdup_printf ("AUTH %s\r\n", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype));
550 debug_print ("CLIENT: writing `%s'", s);
551 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
553 g_object_unref (mech);
565 /* ---------------------------------------------------------------------------------------------------- */
569 CLIENT_STATE_WAITING_FOR_DATA,
570 CLIENT_STATE_WAITING_FOR_OK,
571 CLIENT_STATE_WAITING_FOR_REJECT,
572 CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD
576 _g_dbus_auth_run_client (GDBusAuth *auth,
577 GDBusCapabilityFlags offered_capabilities,
578 GDBusCapabilityFlags *out_negotiated_capabilities,
579 GCancellable *cancellable,
583 GDataInputStream *dis;
584 GDataOutputStream *dos;
585 GCredentials *credentials;
589 gchar **supported_auth_mechs;
590 GPtrArray *attempted_auth_mechs;
591 GDBusAuthMechanism *mech;
593 GDBusCapabilityFlags negotiated_capabilities;
595 debug_print ("CLIENT: initiating");
598 supported_auth_mechs = NULL;
599 attempted_auth_mechs = g_ptr_array_new ();
601 negotiated_capabilities = 0;
604 dis = G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (auth->priv->stream)));
605 dos = G_DATA_OUTPUT_STREAM (g_data_output_stream_new (g_io_stream_get_output_stream (auth->priv->stream)));
607 g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
610 if (G_IS_UNIX_CONNECTION (auth->priv->stream) && g_unix_credentials_message_is_supported ())
612 credentials = g_credentials_new_for_process ();
613 if (!g_unix_connection_send_credentials (G_UNIX_CONNECTION (auth->priv->stream),
621 if (!g_data_output_stream_put_byte (dos, '\0', cancellable, error))
625 if (!g_data_output_stream_put_byte (dos, '\0', cancellable, error))
629 if (credentials != NULL)
631 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
633 s = g_credentials_to_string (credentials);
634 debug_print ("CLIENT: sent credentials `%s'", s);
640 debug_print ("CLIENT: didn't send any credentials");
643 /* TODO: to reduce rountrips, try to pick an auth mechanism to start with */
645 /* Get list of supported authentication mechanisms */
647 debug_print ("CLIENT: writing `%s'", s);
648 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
650 state = CLIENT_STATE_WAITING_FOR_REJECT;
656 case CLIENT_STATE_WAITING_FOR_REJECT:
657 debug_print ("CLIENT: WaitingForReject");
658 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
661 debug_print ("CLIENT: WaitingForReject, read '%s'", line);
663 if (!g_str_has_prefix (line, "REJECTED "))
668 "In WaitingForReject: Expected `REJECTED am1 am2 ... amN', got `%s'",
673 if (supported_auth_mechs == NULL)
675 supported_auth_mechs = g_strsplit (line + sizeof ("REJECTED ") - 1, " ", 0);
677 for (n = 0; supported_auth_mechs != NULL && supported_auth_mechs[n] != NULL; n++)
678 g_printerr ("supported_auth_mechs[%d] = `%s'\n", n, supported_auth_mechs[n]);
682 mech = client_choose_mech_and_send_initial_response (auth,
684 (const gchar* const *) supported_auth_mechs,
685 attempted_auth_mechs,
691 if (_g_dbus_auth_mechanism_client_get_state (mech) == G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA)
692 state = CLIENT_STATE_WAITING_FOR_DATA;
694 state = CLIENT_STATE_WAITING_FOR_OK;
697 case CLIENT_STATE_WAITING_FOR_OK:
698 debug_print ("CLIENT: WaitingForOK");
699 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
702 debug_print ("CLIENT: WaitingForOK, read `%s'", line);
703 if (g_str_has_prefix (line, "OK "))
705 if (!g_dbus_is_guid (line + 3))
710 "Invalid OK response `%s'",
715 ret_guid = g_strdup (line + 3);
718 if (offered_capabilities & G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING)
720 s = "NEGOTIATE_UNIX_FD\r\n";
721 debug_print ("CLIENT: writing `%s'", s);
722 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
724 state = CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD;
729 debug_print ("CLIENT: writing `%s'", s);
730 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
732 /* and we're done! */
736 else if (g_str_has_prefix (line, "REJECTED "))
742 /* TODO: handle other valid responses */
746 "In WaitingForOk: unexpected response `%s'",
753 case CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD:
754 debug_print ("CLIENT: WaitingForAgreeUnixFD");
755 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
758 debug_print ("CLIENT: WaitingForAgreeUnixFD, read=`%s'", line);
759 if (g_strcmp0 (line, "AGREE_UNIX_FD") == 0)
761 negotiated_capabilities |= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
763 debug_print ("CLIENT: writing `%s'", s);
764 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
766 /* and we're done! */
769 else if (g_str_has_prefix (line, "ERROR") && (line[5] == 0 || g_ascii_isspace (line[5])))
771 //g_strstrip (line + 5); g_debug ("bah, no unix_fd: `%s'", line + 5);
774 debug_print ("CLIENT: writing `%s'", s);
775 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
777 /* and we're done! */
782 /* TODO: handle other valid responses */
786 "In WaitingForAgreeUnixFd: unexpected response `%s'",
793 case CLIENT_STATE_WAITING_FOR_DATA:
794 debug_print ("CLIENT: WaitingForData");
795 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
798 debug_print ("CLIENT: WaitingForData, read=`%s'", line);
799 if (g_str_has_prefix (line, "DATA "))
803 gsize decoded_data_len;
805 encoded = g_strdup (line + 5);
807 g_strstrip (encoded);
808 decoded_data = hexdecode (encoded, &decoded_data_len, error);
810 if (decoded_data == NULL)
812 g_prefix_error (error, "DATA response is malformed: ");
813 /* invalid encoding, disconnect! */
816 _g_dbus_auth_mechanism_client_data_receive (mech, decoded_data, decoded_data_len);
817 g_free (decoded_data);
819 if (_g_dbus_auth_mechanism_client_get_state (mech) == G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND)
824 data = _g_dbus_auth_mechanism_client_data_send (mech, &data_len);
825 encoded_data = hexencode (data);
826 s = g_strdup_printf ("DATA %s\r\n", encoded_data);
827 g_free (encoded_data);
829 debug_print ("CLIENT: writing `%s'", s);
830 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
837 state = CLIENT_STATE_WAITING_FOR_OK;
844 "In WaitingForData: unexpected response `%s'",
852 g_assert_not_reached ();
856 }; /* main authentication client loop */
860 g_object_unref (mech);
861 g_ptr_array_unref (attempted_auth_mechs);
862 g_strfreev (supported_auth_mechs);
866 /* ensure return value is NULL if error is set */
867 if (error != NULL && *error != NULL)
873 if (ret_guid != NULL)
875 if (out_negotiated_capabilities != NULL)
876 *out_negotiated_capabilities = negotiated_capabilities;
879 if (credentials != NULL)
880 g_object_unref (credentials);
882 debug_print ("CLIENT: Done, authenticated=%d", ret_guid != NULL);
887 /* ---------------------------------------------------------------------------------------------------- */
890 get_auth_mechanisms (GDBusAuth *auth,
891 gboolean allow_anonymous,
894 const gchar *separator)
900 str = g_string_new (prefix);
902 for (l = auth->priv->available_mechanisms; l != NULL; l = l->next)
904 Mechanism *m = l->data;
906 if (!allow_anonymous && g_strcmp0 (m->name, "ANONYMOUS") == 0)
910 g_string_append (str, separator);
911 g_string_append (str, m->name);
915 g_string_append (str, suffix);
916 return g_string_free (str, FALSE);
922 SERVER_STATE_WAITING_FOR_AUTH,
923 SERVER_STATE_WAITING_FOR_DATA,
924 SERVER_STATE_WAITING_FOR_BEGIN
928 _g_dbus_auth_run_server (GDBusAuth *auth,
929 GDBusAuthObserver *observer,
931 gboolean allow_anonymous,
932 GDBusCapabilityFlags offered_capabilities,
933 GDBusCapabilityFlags *out_negotiated_capabilities,
934 GCredentials **out_received_credentials,
935 GCancellable *cancellable,
940 GDataInputStream *dis;
941 GDataOutputStream *dos;
946 GDBusAuthMechanism *mech;
948 GDBusCapabilityFlags negotiated_capabilities;
949 GCredentials *credentials;
951 debug_print ("SERVER: initiating");
957 negotiated_capabilities = 0;
960 if (!g_dbus_is_guid (guid))
965 "The given guid `%s' is not valid",
970 dis = G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (auth->priv->stream)));
971 dos = G_DATA_OUTPUT_STREAM (g_data_output_stream_new (g_io_stream_get_output_stream (auth->priv->stream)));
973 g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
975 /* first read the NUL-byte (TODO: read credentials if using a unix domain socket) */
977 if (G_IS_UNIX_CONNECTION (auth->priv->stream) && g_unix_credentials_message_is_supported ())
980 credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
983 if (credentials == NULL)
985 g_propagate_error (error, local_error);
992 byte = g_data_input_stream_read_byte (dis, cancellable, &local_error);
993 if (local_error != NULL)
995 g_propagate_error (error, local_error);
1001 byte = g_data_input_stream_read_byte (dis, cancellable, &local_error);
1002 if (local_error != NULL)
1004 g_propagate_error (error, local_error);
1008 if (credentials != NULL)
1010 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
1012 s = g_credentials_to_string (credentials);
1013 debug_print ("SERVER: received credentials `%s'", s);
1019 debug_print ("SERVER: didn't receive any credentials");
1022 state = SERVER_STATE_WAITING_FOR_AUTH;
1027 case SERVER_STATE_WAITING_FOR_AUTH:
1028 debug_print ("SERVER: WaitingForAuth");
1029 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
1030 debug_print ("SERVER: WaitingForAuth, read `%s'", line);
1033 if (g_strcmp0 (line, "AUTH") == 0)
1035 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1036 debug_print ("SERVER: writing `%s'", s);
1037 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1045 else if (g_str_has_prefix (line, "AUTH "))
1048 const gchar *encoded;
1049 const gchar *mech_name;
1050 GType auth_mech_to_use_gtype;
1052 tokens = g_strsplit (line, " ", 0);
1055 switch (g_strv_length (tokens))
1058 /* no initial response */
1059 mech_name = tokens[1];
1064 /* initial response */
1065 mech_name = tokens[1];
1066 encoded = tokens[2];
1073 "Unexpected line `%s' while in WaitingForAuth state",
1075 g_strfreev (tokens);
1079 /* TODO: record that the client has attempted to use this mechanism */
1080 //g_debug ("client is trying `%s'", mech_name);
1082 auth_mech_to_use_gtype = find_mech_by_name (auth, mech_name);
1083 if ((auth_mech_to_use_gtype == (GType) 0) ||
1084 (!allow_anonymous && g_strcmp0 (mech_name, "ANONYMOUS") == 0))
1086 /* We don't support this auth mechanism */
1087 g_strfreev (tokens);
1088 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1089 debug_print ("SERVER: writing `%s'", s);
1090 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1097 /* stay in WAITING FOR AUTH */
1098 state = SERVER_STATE_WAITING_FOR_AUTH;
1102 gchar *initial_response;
1103 gsize initial_response_len;
1105 mech = g_object_new (auth_mech_to_use_gtype,
1106 "stream", auth->priv->stream,
1107 "credentials", credentials,
1110 initial_response = NULL;
1111 initial_response_len = 0;
1112 if (encoded != NULL)
1114 initial_response = hexdecode (encoded, &initial_response_len, error);
1115 if (initial_response == NULL)
1117 g_prefix_error (error, "Initial response is malformed: ");
1118 /* invalid encoding, disconnect! */
1119 g_strfreev (tokens);
1124 _g_dbus_auth_mechanism_server_initiate (mech,
1126 initial_response_len);
1127 g_free (initial_response);
1128 g_strfreev (tokens);
1131 switch (_g_dbus_auth_mechanism_server_get_state (mech))
1133 case G_DBUS_AUTH_MECHANISM_STATE_ACCEPTED:
1134 if (observer != NULL &&
1135 g_dbus_auth_observer_deny_authenticated_peer (observer,
1140 g_set_error_literal (error,
1143 _("Cancelled via GDBusAuthObserver::deny-authenticated-peer"));
1148 s = g_strdup_printf ("OK %s\r\n", guid);
1149 debug_print ("SERVER: writing `%s'", s);
1150 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1156 state = SERVER_STATE_WAITING_FOR_BEGIN;
1160 case G_DBUS_AUTH_MECHANISM_STATE_REJECTED:
1161 s = get_auth_mechanisms (auth, allow_anonymous, "REJECTED ", "\r\n", " ");
1162 debug_print ("SERVER: writing `%s'", s);
1163 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1169 state = SERVER_STATE_WAITING_FOR_AUTH;
1172 case G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA:
1173 state = SERVER_STATE_WAITING_FOR_DATA;
1176 case G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND:
1180 gchar *encoded_data;
1181 data = _g_dbus_auth_mechanism_server_data_send (mech, &data_len);
1182 encoded_data = hexencode (data);
1183 s = g_strdup_printf ("DATA %s\r\n", encoded_data);
1184 g_free (encoded_data);
1186 debug_print ("SERVER: writing `%s'", s);
1187 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1199 g_assert_not_reached ();
1209 "Unexpected line `%s' while in WaitingForAuth state",
1216 case SERVER_STATE_WAITING_FOR_DATA:
1217 debug_print ("SERVER: WaitingForData");
1218 line = _my_g_data_input_stream_read_line (dis, &line_length, cancellable, error);
1219 debug_print ("SERVER: WaitingForData, read `%s'", line);
1222 if (g_str_has_prefix (line, "DATA "))
1225 gchar *decoded_data;
1226 gsize decoded_data_len;
1228 encoded = g_strdup (line + 5);
1230 g_strstrip (encoded);
1231 decoded_data = hexdecode (encoded, &decoded_data_len, error);
1233 if (decoded_data == NULL)
1235 g_prefix_error (error, "DATA response is malformed: ");
1236 /* invalid encoding, disconnect! */
1239 _g_dbus_auth_mechanism_server_data_receive (mech, decoded_data, decoded_data_len);
1240 g_free (decoded_data);
1241 /* oh man, this goto-crap is so ugly.. really need to rewrite the state machine */
1249 "Unexpected line `%s' while in WaitingForData state",
1255 case SERVER_STATE_WAITING_FOR_BEGIN:
1256 debug_print ("SERVER: WaitingForBegin");
1257 /* Use extremely slow (but reliable) line reader - this basically
1258 * does a recvfrom() system call per character
1260 * (the problem with using GDataInputStream's read_line is that because of
1261 * buffering it might start reading into the first D-Bus message that
1262 * appears after "BEGIN\r\n"....)
1264 line = _my_g_input_stream_read_line_safe (g_io_stream_get_input_stream (auth->priv->stream),
1268 debug_print ("SERVER: WaitingForBegin, read `%s'", line);
1271 if (g_strcmp0 (line, "BEGIN") == 0)
1278 else if (g_strcmp0 (line, "NEGOTIATE_UNIX_FD") == 0)
1280 if (offered_capabilities & G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING)
1282 negotiated_capabilities |= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
1283 s = "AGREE_UNIX_FD\r\n";
1284 debug_print ("SERVER: writing `%s'", s);
1285 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1290 s = "ERROR \"fd passing not offered\"\r\n";
1291 debug_print ("SERVER: writing `%s'", s);
1292 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1298 g_debug ("Unexpected line `%s' while in WaitingForBegin state", line);
1300 s = "ERROR \"Unknown Command\"\r\n";
1301 debug_print ("SERVER: writing `%s'", s);
1302 if (!g_data_output_stream_put_string (dos, s, cancellable, error))
1308 g_assert_not_reached ();
1314 g_set_error_literal (error,
1317 "Not implemented (server)");
1321 g_object_unref (mech);
1327 /* ensure return value is FALSE if error is set */
1328 if (error != NULL && *error != NULL)
1335 if (out_negotiated_capabilities != NULL)
1336 *out_negotiated_capabilities = negotiated_capabilities;
1337 if (out_received_credentials != NULL)
1338 *out_received_credentials = credentials != NULL ? g_object_ref (credentials) : NULL;
1341 if (credentials != NULL)
1342 g_object_unref (credentials);
1344 debug_print ("SERVER: Done, authenticated=%d", ret);
1349 /* ---------------------------------------------------------------------------------------------------- */