/* dbus-auth.c Authentication
*
* Copyright (C) 2002, 2003, 2004 Red Hat Inc.
+ * Copyright (C) 2013 Samsung Electronics
*
* Licensed under the Academic Free License version 2.1
*
#include "dbus-sha.h"
#include "dbus-protocol.h"
#include "dbus-credentials.h"
-#include "dbus-authorization.h"
/**
* @defgroup DBusAuth Authentication
DBusCredentials *credentials; /**< Credentials read from socket
*/
- DBusCredentials *authenticated_identity; /**< Credentials that are authorized */
+ DBusCredentials *authorized_identity; /**< Credentials that are authorized */
DBusCredentials *desired_identity; /**< Identity client has requested */
{
DBusAuth base; /**< Parent class */
- DBusAuthorization *authorization; /* DBus Authorization callbacks */
-
int failures; /**< Number of times client has been rejected */
int max_failures; /**< Number of times we reject before disconnect */
if (auth->credentials == NULL)
goto enomem_6;
- auth->authenticated_identity = _dbus_credentials_new ();
- if (auth->authenticated_identity == NULL)
+ auth->authorized_identity = _dbus_credentials_new ();
+ if (auth->authorized_identity == NULL)
goto enomem_7;
auth->desired_identity = _dbus_credentials_new ();
_dbus_credentials_unref (auth->desired_identity);
#endif
enomem_8:
- _dbus_credentials_unref (auth->authenticated_identity);
+ _dbus_credentials_unref (auth->authorized_identity);
enomem_7:
_dbus_credentials_unref (auth->credentials);
enomem_6:
auth->already_asked_for_initial_response = FALSE;
_dbus_string_set_length (&auth->identity, 0);
- _dbus_credentials_clear (auth->authenticated_identity);
+ _dbus_credentials_clear (auth->authorized_identity);
_dbus_credentials_clear (auth->desired_identity);
if (auth->mech != NULL)
goto out_3;
}
- if (!_dbus_credentials_add_credentials (auth->authenticated_identity,
+ if (!_dbus_credentials_add_credentials (auth->authorized_identity,
auth->desired_identity))
goto out_3;
/* Copy process ID from the socket credentials if it's there
*/
- if (!_dbus_credentials_add_credential (auth->authenticated_identity,
+ if (!_dbus_credentials_add_credential (auth->authorized_identity,
DBUS_CREDENTIAL_UNIX_PROCESS_ID,
auth->credentials))
goto out_3;
auth->desired_identity))
{
/* client has authenticated */
- if (!_dbus_credentials_add_credentials (auth->authenticated_identity,
+ if (!_dbus_credentials_add_credentials (auth->authorized_identity,
auth->desired_identity))
return FALSE;
/* also copy process ID from the socket credentials
*/
- if (!_dbus_credentials_add_credential (auth->authenticated_identity,
+ if (!_dbus_credentials_add_credential (auth->authorized_identity,
DBUS_CREDENTIAL_UNIX_PROCESS_ID,
auth->credentials))
return FALSE;
/* also copy audit data from the socket credentials
*/
- if (!_dbus_credentials_add_credential (auth->authenticated_identity,
+ if (!_dbus_credentials_add_credential (auth->authorized_identity,
DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
auth->credentials))
return FALSE;
+
+ if (!send_ok (auth))
+ return FALSE;
- /* Do a first authorization of the transport, in order to REJECT
- * immediately connection if needed (FDO#39720), transport will
- * re-authorize later, but it will close the connection on fail,
- * we want to REJECT now if possible */
- if (_dbus_authorization_do_authorization (DBUS_AUTH_SERVER (auth)->authorization,
- auth->authorized_identity))
- {
- if (!send_ok (auth))
- return FALSE;
- }
- else
- {
- _dbus_verbose ("%s: desired identity does not match server identity: "
- "not authorized\n", DBUS_AUTH_NAME (auth));
- return send_rejected (auth);
- }
-
- _dbus_verbose ("%s: authenticated and authorized client based on "
- "socket credentials\n", DBUS_AUTH_NAME (auth));
+ _dbus_verbose ("%s: authenticated client based on socket credentials\n",
+ DBUS_AUTH_NAME (auth));
return TRUE;
}
/* Copy process ID from the socket credentials
*/
- if (!_dbus_credentials_add_credential (auth->authenticated_identity,
+ if (!_dbus_credentials_add_credential (auth->authorized_identity,
DBUS_CREDENTIAL_UNIX_PROCESS_ID,
auth->credentials))
return FALSE;
* @returns the new object or #NULL if no memory
*/
DBusAuth*
-_dbus_auth_server_new (const DBusString *guid,
- DBusAuthorization *authorization)
+_dbus_auth_server_new (const DBusString *guid)
{
DBusAuth *auth;
DBusAuthServer *server_auth;
server_auth = DBUS_AUTH_SERVER (auth);
server_auth->guid = guid_copy;
- server_auth->authorization = _dbus_authorization_ref (authorization);
-
+
/* perhaps this should be per-mechanism with a lower
* max
*/
return auth;
}
+#ifdef ENABLE_KDBUS_TRANSPORT
+/**
+ * Creates a new auth conversation object for the client side of kdbus.
+ * In fact it only initialize structures and sets authenticated state
+ * because of different authentication-like mechanism in kdbus - policies
+ * TODO Probably to be checked and modified when kdbus will be documented
+ *
+ * @returns the new object or #NULL if no memory
+ */
+DBusAuth*
+_dbus_auth_client_new_kdbus (void)
+{
+ DBusAuth *auth;
+ DBusString guid_str;
+
+ if (!_dbus_string_init (&guid_str))
+ return NULL;
+
+ auth = _dbus_auth_new (sizeof (DBusAuthClient));
+ if (auth == NULL)
+ {
+ _dbus_string_free (&guid_str);
+ return NULL;
+ }
+
+ DBUS_AUTH_CLIENT (auth)->guid_from_server = guid_str;
+
+ auth->side = auth_side_client;
+ auth->state = &common_state_authenticated;
+ auth->unix_fd_negotiated = TRUE;
+
+ /* Start the auth conversation by sending AUTH for our default
+ * mechanism */
+/* if (!send_auth (auth, &all_mechanisms[0]))
+ {
+ _dbus_auth_unref (auth);
+ return NULL;
+ }*/
+
+ return auth;
+}
+#endif
+
/**
* Increments the refcount of an auth object.
*
_dbus_assert (DBUS_AUTH_IS_SERVER (auth));
_dbus_string_free (& DBUS_AUTH_SERVER (auth)->guid);
- _dbus_authorization_unref (DBUS_AUTH_SERVER (auth)->authorization);
}
if (auth->keyring)
dbus_free_string_array (auth->allowed_mechs);
_dbus_credentials_unref (auth->credentials);
- _dbus_credentials_unref (auth->authenticated_identity);
+ _dbus_credentials_unref (auth->authorized_identity);
_dbus_credentials_unref (auth->desired_identity);
dbus_free (auth);
{
if (auth->state == &common_state_authenticated)
{
- return auth->authenticated_identity;
+ return auth->authorized_identity;
}
else
{
* doesn't require allocation or something
*/
/* return empty credentials */
- _dbus_assert (_dbus_credentials_are_empty (auth->authenticated_identity));
- return auth->authenticated_identity;
+ _dbus_assert (_dbus_credentials_are_empty (auth->authorized_identity));
+ return auth->authorized_identity;
}
}