1/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2/* dbus-auth.c Authentication
3 *
4 * Copyright (C) 2002, 2003, 2004 Red Hat Inc.
5 *
6 * Licensed under the Academic Free License version 2.1
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
21 *
22 */
23
24#include <config.h>
25#include "dbus-auth.h"
26#include "dbus-string.h"
27#include "dbus-list.h"
28#include "dbus-internals.h"
29#include "dbus-keyring.h"
30#include "dbus-sha.h"
31#include "dbus-protocol.h"
32#include "dbus-credentials.h"
33
34/**
35 * @defgroup DBusAuth Authentication
36 * @ingroup  DBusInternals
37 * @brief DBusAuth object
38 *
39 * DBusAuth manages the authentication negotiation when a connection
40 * is first established, and also manage any encryption used over a
41 * connection.
42 *
43 * @todo some SASL profiles require sending the empty string as a
44 * challenge/response, but we don't currently allow that in our
45 * protocol.
46 *
47 * @todo right now sometimes both ends will block waiting for input
48 * from the other end, e.g. if there's an error during
49 * DBUS_COOKIE_SHA1.
50 *
51 * @todo the cookie keyring needs to be cached globally not just
52 * per-auth (which raises threadsafety issues too)
53 *
54 * @todo grep FIXME in dbus-auth.c
55 */
56
57/**
58 * @defgroup DBusAuthInternals Authentication implementation details
59 * @ingroup  DBusInternals
60 * @brief DBusAuth implementation details
61 *
62 * Private details of authentication code.
63 *
64 * @{
65 */
66
67/**
68 * This function appends an initial client response to the given string
69 */
70typedef dbus_bool_t (* DBusInitialResponseFunction)  (DBusAuth         *auth,
71                                                      DBusString       *response);
72
73/**
74 * This function processes a block of data received from the peer.
75 * i.e. handles a DATA command.
76 */
77typedef dbus_bool_t (* DBusAuthDataFunction)     (DBusAuth         *auth,
78                                                  const DBusString *data);
79
80/**
81 * This function encodes a block of data from the peer.
82 */
83typedef dbus_bool_t (* DBusAuthEncodeFunction)   (DBusAuth         *auth,
84                                                  const DBusString *data,
85                                                  DBusString       *encoded);
86
87/**
88 * This function decodes a block of data from the peer.
89 */
90typedef dbus_bool_t (* DBusAuthDecodeFunction)   (DBusAuth         *auth,
91                                                  const DBusString *data,
92                                                  DBusString       *decoded);
93
94/**
95 * This function is called when the mechanism is abandoned.
96 */
97typedef void        (* DBusAuthShutdownFunction) (DBusAuth       *auth);
98
99/**
100 * Virtual table representing a particular auth mechanism.
101 */
102typedef struct
103{
104  const char *mechanism; /**< Name of the mechanism */
105  DBusAuthDataFunction server_data_func; /**< Function on server side for DATA */
106  DBusAuthEncodeFunction server_encode_func; /**< Function on server side to encode */
107  DBusAuthDecodeFunction server_decode_func; /**< Function on server side to decode */
108  DBusAuthShutdownFunction server_shutdown_func; /**< Function on server side to shut down */
109  DBusInitialResponseFunction client_initial_response_func; /**< Function on client side to handle initial response */
110  DBusAuthDataFunction client_data_func; /**< Function on client side for DATA */
111  DBusAuthEncodeFunction client_encode_func; /**< Function on client side for encode */
112  DBusAuthDecodeFunction client_decode_func; /**< Function on client side for decode */
113  DBusAuthShutdownFunction client_shutdown_func; /**< Function on client side for shutdown */
114} DBusAuthMechanismHandler;
115
116/**
117 * Enumeration for the known authentication commands.
118 */
119typedef enum {
120  DBUS_AUTH_COMMAND_AUTH,
121  DBUS_AUTH_COMMAND_CANCEL,
122  DBUS_AUTH_COMMAND_DATA,
123  DBUS_AUTH_COMMAND_BEGIN,
124  DBUS_AUTH_COMMAND_REJECTED,
125  DBUS_AUTH_COMMAND_OK,
126  DBUS_AUTH_COMMAND_ERROR,
127  DBUS_AUTH_COMMAND_UNKNOWN,
128  DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD,
129  DBUS_AUTH_COMMAND_AGREE_UNIX_FD
130} DBusAuthCommand;
131
132/**
133 * Auth state function, determines the reaction to incoming events for
134 * a particular state. Returns whether we had enough memory to
135 * complete the operation.
136 */
137typedef dbus_bool_t (* DBusAuthStateFunction) (DBusAuth         *auth,
138                                               DBusAuthCommand   command,
139                                               const DBusString *args);
140
141/**
142 * Information about a auth state.
143 */
144typedef struct
145{
146  const char *name;               /**< Name of the state */
147  DBusAuthStateFunction handler;  /**< State function for this state */
148} DBusAuthStateData;
149
150/**
151 * Internal members of DBusAuth.
152 */
153struct DBusAuth
154{
155  int refcount;           /**< reference count */
156  const char *side;       /**< Client or server */
157
158  DBusString incoming;    /**< Incoming data buffer */
159  DBusString outgoing;    /**< Outgoing data buffer */
160
161  const DBusAuthStateData *state;         /**< Current protocol state */
162
163  const DBusAuthMechanismHandler *mech;   /**< Current auth mechanism */
164
165  DBusString identity;                   /**< Current identity we're authorizing
166                                          *   as.
167                                          */
168
169  DBusCredentials *credentials;          /**< Credentials read from socket
170                                          */
171
172  DBusCredentials *authorized_identity; /**< Credentials that are authorized */
173
174  DBusCredentials *desired_identity;    /**< Identity client has requested */
175
176  DBusString context;               /**< Cookie scope */
177  DBusKeyring *keyring;             /**< Keyring for cookie mechanism. */
178  int cookie_id;                    /**< ID of cookie to use */
179  DBusString challenge;             /**< Challenge sent to client */
180
181  char **allowed_mechs;             /**< Mechanisms we're allowed to use,
182                                     * or #NULL if we can use any
183                                     */
184
185  unsigned int needed_memory : 1;   /**< We needed memory to continue since last
186                                     * successful getting something done
187                                     */
188  unsigned int already_got_mechanisms : 1;       /**< Client already got mech list */
189  unsigned int already_asked_for_initial_response : 1; /**< Already sent a blank challenge to get an initial response */
190  unsigned int buffer_outstanding : 1; /**< Buffer is "checked out" for reading data into */
191
192  unsigned int unix_fd_possible : 1;  /**< This side could do unix fd passing */
193  unsigned int unix_fd_negotiated : 1; /**< Unix fd was successfully negotiated */
194};
195
196/**
197 * "Subclass" of DBusAuth for client side
198 */
199typedef struct
200{
201  DBusAuth base;    /**< Parent class */
202
203  DBusList *mechs_to_try; /**< Mechanisms we got from the server that we're going to try using */
204
205  DBusString guid_from_server; /**< GUID received from server */
206
207} DBusAuthClient;
208
209/**
210 * "Subclass" of DBusAuth for server side.
211 */
212typedef struct
213{
214  DBusAuth base;    /**< Parent class */
215
216  int failures;     /**< Number of times client has been rejected */
217  int max_failures; /**< Number of times we reject before disconnect */
218
219  DBusString guid;  /**< Our globally unique ID in hex encoding */
220
221} DBusAuthServer;
222
223static void        goto_state                (DBusAuth                       *auth,
224                                              const DBusAuthStateData        *new_state);
225static dbus_bool_t send_auth                 (DBusAuth *auth,
226                                              const DBusAuthMechanismHandler *mech);
227static dbus_bool_t send_data                 (DBusAuth *auth,
228                                              DBusString *data);
229static dbus_bool_t send_rejected             (DBusAuth *auth);
230static dbus_bool_t send_error                (DBusAuth *auth,
231                                              const char *message);
232static dbus_bool_t send_ok                   (DBusAuth *auth);
233static dbus_bool_t send_begin                (DBusAuth *auth);
234static dbus_bool_t send_cancel               (DBusAuth *auth);
235static dbus_bool_t send_negotiate_unix_fd    (DBusAuth *auth);
236static dbus_bool_t send_agree_unix_fd        (DBusAuth *auth);
237
238/**
239 * Client states
240 */
241
242static dbus_bool_t handle_server_state_waiting_for_auth  (DBusAuth         *auth,
243                                                          DBusAuthCommand   command,
244                                                          const DBusString *args);
245static dbus_bool_t handle_server_state_waiting_for_data  (DBusAuth         *auth,
246                                                          DBusAuthCommand   command,
247                                                          const DBusString *args);
248static dbus_bool_t handle_server_state_waiting_for_begin (DBusAuth         *auth,
249                                                          DBusAuthCommand   command,
250                                                          const DBusString *args);
251
252static const DBusAuthStateData server_state_waiting_for_auth = {
253  "WaitingForAuth", handle_server_state_waiting_for_auth
254};
255static const DBusAuthStateData server_state_waiting_for_data = {
256  "WaitingForData", handle_server_state_waiting_for_data
257};
258static const DBusAuthStateData server_state_waiting_for_begin = {
259  "WaitingForBegin", handle_server_state_waiting_for_begin
260};
261
262/**
263 * Client states
264 */
265
266static dbus_bool_t handle_client_state_waiting_for_data   (DBusAuth         *auth,
267                                                           DBusAuthCommand   command,
268                                                           const DBusString *args);
269static dbus_bool_t handle_client_state_waiting_for_ok     (DBusAuth         *auth,
270                                                           DBusAuthCommand   command,
271                                                           const DBusString *args);
272static dbus_bool_t handle_client_state_waiting_for_reject (DBusAuth         *auth,
273                                                           DBusAuthCommand   command,
274                                                           const DBusString *args);
275static dbus_bool_t handle_client_state_waiting_for_agree_unix_fd (DBusAuth         *auth,
276                                                           DBusAuthCommand   command,
277                                                           const DBusString *args);
278
279static const DBusAuthStateData client_state_need_send_auth = {
280  "NeedSendAuth", NULL
281};
282static const DBusAuthStateData client_state_waiting_for_data = {
283  "WaitingForData", handle_client_state_waiting_for_data
284};
285static const DBusAuthStateData client_state_waiting_for_ok = {
286  "WaitingForOK", handle_client_state_waiting_for_ok
287};
288static const DBusAuthStateData client_state_waiting_for_reject = {
289  "WaitingForReject", handle_client_state_waiting_for_reject
290};
291static const DBusAuthStateData client_state_waiting_for_agree_unix_fd = {
292  "WaitingForAgreeUnixFD", handle_client_state_waiting_for_agree_unix_fd
293};
294
295/**
296 * Common terminal states.  Terminal states have handler == NULL.
297 */
298
299static const DBusAuthStateData common_state_authenticated = {
300  "Authenticated",  NULL
301};
302
303static const DBusAuthStateData common_state_need_disconnect = {
304  "NeedDisconnect",  NULL
305};
306
307static const char auth_side_client[] = "client";
308static const char auth_side_server[] = "server";
309/**
310 * @param auth the auth conversation
311 * @returns #TRUE if the conversation is the server side
312 */
313#define DBUS_AUTH_IS_SERVER(auth) ((auth)->side == auth_side_server)
314/**
315 * @param auth the auth conversation
316 * @returns #TRUE if the conversation is the client side
317 */
318#define DBUS_AUTH_IS_CLIENT(auth) ((auth)->side == auth_side_client)
319/**
320 * @param auth the auth conversation
321 * @returns auth cast to DBusAuthClient
322 */
323#define DBUS_AUTH_CLIENT(auth)    ((DBusAuthClient*)(auth))
324/**
325 * @param auth the auth conversation
326 * @returns auth cast to DBusAuthServer
327 */
328#define DBUS_AUTH_SERVER(auth)    ((DBusAuthServer*)(auth))
329
330/**
331 * The name of the auth ("client" or "server")
332 * @param auth the auth conversation
333 * @returns a string
334 */
335#define DBUS_AUTH_NAME(auth)      ((auth)->side)
336
337static DBusAuth*
338_dbus_auth_new (int size)
339{
340  DBusAuth *auth;
341
342  auth = dbus_malloc0 (size);
343  if (auth == NULL)
344    return NULL;
345
346  auth->refcount = 1;
347
348  auth->keyring = NULL;
349  auth->cookie_id = -1;
350
351  /* note that we don't use the max string length feature,
352   * because you can't use that feature if you're going to
353   * try to recover from out-of-memory (it creates
354   * what looks like unrecoverable inability to alloc
355   * more space in the string). But we do handle
356   * overlong buffers in _dbus_auth_do_work().
357   */
358
359  if (!_dbus_string_init (&auth->incoming))
360    goto enomem_0;
361
362  if (!_dbus_string_init (&auth->outgoing))
363    goto enomem_1;
364
365  if (!_dbus_string_init (&auth->identity))
366    goto enomem_2;
367
368  if (!_dbus_string_init (&auth->context))
369    goto enomem_3;
370
371  if (!_dbus_string_init (&auth->challenge))
372    goto enomem_4;
373
374  /* default context if none is specified */
375  if (!_dbus_string_append (&auth->context, "org_freedesktop_general"))
376    goto enomem_5;
377
378  auth->credentials = _dbus_credentials_new ();
379  if (auth->credentials == NULL)
380    goto enomem_6;
381
382  auth->authorized_identity = _dbus_credentials_new ();
383  if (auth->authorized_identity == NULL)
384    goto enomem_7;
385
386  auth->desired_identity = _dbus_credentials_new ();
387  if (auth->desired_identity == NULL)
388    goto enomem_8;
389
390  return auth;
391
392#if 0
393 enomem_9:
394  _dbus_credentials_unref (auth->desired_identity);
395#endif
396 enomem_8:
397  _dbus_credentials_unref (auth->authorized_identity);
398 enomem_7:
399  _dbus_credentials_unref (auth->credentials);
400 enomem_6:
401 /* last alloc was an append to context, which is freed already below */ ;
402 enomem_5:
403  _dbus_string_free (&auth->challenge);
404 enomem_4:
405  _dbus_string_free (&auth->context);
406 enomem_3:
407  _dbus_string_free (&auth->identity);
408 enomem_2:
409  _dbus_string_free (&auth->outgoing);
410 enomem_1:
411  _dbus_string_free (&auth->incoming);
412 enomem_0:
413  dbus_free (auth);
414  return NULL;
415}
416
417static void
418shutdown_mech (DBusAuth *auth)
419{
420  /* Cancel any auth */
421  auth->already_asked_for_initial_response = FALSE;
422  _dbus_string_set_length (&auth->identity, 0);
423
424  _dbus_credentials_clear (auth->authorized_identity);
425  _dbus_credentials_clear (auth->desired_identity);
426
427  if (auth->mech != NULL)
428    {
429      _dbus_verbose ("%s: Shutting down mechanism %s\n",
430                     DBUS_AUTH_NAME (auth), auth->mech->mechanism);
431
432      if (DBUS_AUTH_IS_CLIENT (auth))
433        (* auth->mech->client_shutdown_func) (auth);
434      else
435        (* auth->mech->server_shutdown_func) (auth);
436
437      auth->mech = NULL;
438    }
439}
440
441/*
442 * DBUS_COOKIE_SHA1 mechanism
443 */
444
445/* Returns TRUE but with an empty string hash if the
446 * cookie_id isn't known. As with all this code
447 * TRUE just means we had enough memory.
448 */
449static dbus_bool_t
450sha1_compute_hash (DBusAuth         *auth,
451                   int               cookie_id,
452                   const DBusString *server_challenge,
453                   const DBusString *client_challenge,
454                   DBusString       *hash)
455{
456  DBusString cookie;
457  DBusString to_hash;
458  dbus_bool_t retval;
459
460  _dbus_assert (auth->keyring != NULL);
461
462  retval = FALSE;
463
464  if (!_dbus_string_init (&cookie))
465    return FALSE;
466
467  if (!_dbus_keyring_get_hex_key (auth->keyring, cookie_id,
468                                  &cookie))
469    goto out_0;
470
471  if (_dbus_string_get_length (&cookie) == 0)
472    {
473      retval = TRUE;
474      goto out_0;
475    }
476
477  if (!_dbus_string_init (&to_hash))
478    goto out_0;
479
480  if (!_dbus_string_copy (server_challenge, 0,
481                          &to_hash, _dbus_string_get_length (&to_hash)))
482    goto out_1;
483
484  if (!_dbus_string_append (&to_hash, ":"))
485    goto out_1;
486
487  if (!_dbus_string_copy (client_challenge, 0,
488                          &to_hash, _dbus_string_get_length (&to_hash)))
489    goto out_1;
490
491  if (!_dbus_string_append (&to_hash, ":"))
492    goto out_1;
493
494  if (!_dbus_string_copy (&cookie, 0,
495                          &to_hash, _dbus_string_get_length (&to_hash)))
496    goto out_1;
497
498  if (!_dbus_sha_compute (&to_hash, hash))
499    goto out_1;
500
501  retval = TRUE;
502
503 out_1:
504  _dbus_string_zero (&to_hash);
505  _dbus_string_free (&to_hash);
506 out_0:
507  _dbus_string_zero (&cookie);
508  _dbus_string_free (&cookie);
509  return retval;
510}
511
512/** http://www.ietf.org/rfc/rfc2831.txt suggests at least 64 bits of
513 * entropy, we use 128. This is the number of bytes in the random
514 * challenge.
515 */
516#define N_CHALLENGE_BYTES (128/8)
517
518static dbus_bool_t
519sha1_handle_first_client_response (DBusAuth         *auth,
520                                   const DBusString *data)
521{
522  /* We haven't sent a challenge yet, we're expecting a desired
523   * username from the client.
524   */
525  DBusString tmp;
526  DBusString tmp2;
527  dbus_bool_t retval;
528  DBusError error;
529
530  retval = FALSE;
531
532  _dbus_string_set_length (&auth->challenge, 0);
533
534  if (_dbus_string_get_length (data) > 0)
535    {
536      if (_dbus_string_get_length (&auth->identity) > 0)
537        {
538          /* Tried to send two auth identities, wtf */
539          _dbus_verbose ("%s: client tried to send auth identity, but we already have one\n",
540                         DBUS_AUTH_NAME (auth));
541          return send_rejected (auth);
542        }
543      else
544        {
545          /* this is our auth identity */
546          if (!_dbus_string_copy (data, 0, &auth->identity, 0))
547            return FALSE;
548        }
549    }
550
551  if (!_dbus_credentials_add_from_user (auth->desired_identity, data))
552    {
553      _dbus_verbose ("%s: Did not get a valid username from client\n",
554                     DBUS_AUTH_NAME (auth));
555      return send_rejected (auth);
556    }
557
558  if (!_dbus_string_init (&tmp))
559    return FALSE;
560
561  if (!_dbus_string_init (&tmp2))
562    {
563      _dbus_string_free (&tmp);
564      return FALSE;
565    }
566
567  /* we cache the keyring for speed, so here we drop it if it's the
568   * wrong one. FIXME caching the keyring here is useless since we use
569   * a different DBusAuth for every connection.
570   */
571  if (auth->keyring &&
572      !_dbus_keyring_is_for_credentials (auth->keyring,
573                                         auth->desired_identity))
574    {
575      _dbus_keyring_unref (auth->keyring);
576      auth->keyring = NULL;
577    }
578
579  if (auth->keyring == NULL)
580    {
581      dbus_error_init (&error);
582      auth->keyring = _dbus_keyring_new_for_credentials (auth->desired_identity,
583                                                         &auth->context,
584                                                         &error);
585
586      if (auth->keyring == NULL)
587        {
588          if (dbus_error_has_name (&error,
589                                   DBUS_ERROR_NO_MEMORY))
590            {
591              dbus_error_free (&error);
592              goto out;
593            }
594          else
595            {
596              _DBUS_ASSERT_ERROR_IS_SET (&error);
597              _dbus_verbose ("%s: Error loading keyring: %s\n",
598                             DBUS_AUTH_NAME (auth), error.message);
599              if (send_rejected (auth))
600                retval = TRUE; /* retval is only about mem */
601              dbus_error_free (&error);
602              goto out;
603            }
604        }
605      else
606        {
607          _dbus_assert (!dbus_error_is_set (&error));
608        }
609    }
610
611  _dbus_assert (auth->keyring != NULL);
612
613  dbus_error_init (&error);
614  auth->cookie_id = _dbus_keyring_get_best_key (auth->keyring, &error);
615  if (auth->cookie_id < 0)
616    {
617      _DBUS_ASSERT_ERROR_IS_SET (&error);
618      _dbus_verbose ("%s: Could not get a cookie ID to send to client: %s\n",
619                     DBUS_AUTH_NAME (auth), error.message);
620      if (send_rejected (auth))
621        retval = TRUE;
622      dbus_error_free (&error);
623      goto out;
624    }
625  else
626    {
627      _dbus_assert (!dbus_error_is_set (&error));
628    }
629
630  if (!_dbus_string_copy (&auth->context, 0,
631                          &tmp2, _dbus_string_get_length (&tmp2)))
632    goto out;
633
634  if (!_dbus_string_append (&tmp2, " "))
635    goto out;
636
637  if (!_dbus_string_append_int (&tmp2, auth->cookie_id))
638    goto out;
639
640  if (!_dbus_string_append (&tmp2, " "))
641    goto out;
642
643  if (!_dbus_generate_random_bytes (&tmp, N_CHALLENGE_BYTES))
644    goto out;
645
646  _dbus_string_set_length (&auth->challenge, 0);
647  if (!_dbus_string_hex_encode (&tmp, 0, &auth->challenge, 0))
648    goto out;
649
650  if (!_dbus_string_hex_encode (&tmp, 0, &tmp2,
651                                _dbus_string_get_length (&tmp2)))
652    goto out;
653
654  if (!send_data (auth, &tmp2))
655    goto out;
656
657  goto_state (auth, &server_state_waiting_for_data);
658  retval = TRUE;
659
660 out:
661  _dbus_string_zero (&tmp);
662  _dbus_string_free (&tmp);
663  _dbus_string_zero (&tmp2);
664  _dbus_string_free (&tmp2);
665
666  return retval;
667}
668
669static dbus_bool_t
670sha1_handle_second_client_response (DBusAuth         *auth,
671                                    const DBusString *data)
672{
673  /* We are expecting a response which is the hex-encoded client
674   * challenge, space, then SHA-1 hash of the concatenation of our
675   * challenge, ":", client challenge, ":", secret key, all
676   * hex-encoded.
677   */
678  int i;
679  DBusString client_challenge;
680  DBusString client_hash;
681  dbus_bool_t retval;
682  DBusString correct_hash;
683
684  retval = FALSE;
685
686  if (!_dbus_string_find_blank (data, 0, &i))
687    {
688      _dbus_verbose ("%s: no space separator in client response\n",
689                     DBUS_AUTH_NAME (auth));
690      return send_rejected (auth);
691    }
692
693  if (!_dbus_string_init (&client_challenge))
694    goto out_0;
695
696  if (!_dbus_string_init (&client_hash))
697    goto out_1;
698
699  if (!_dbus_string_copy_len (data, 0, i, &client_challenge,
700                              0))
701    goto out_2;
702
703  _dbus_string_skip_blank (data, i, &i);
704
705  if (!_dbus_string_copy_len (data, i,
706                              _dbus_string_get_length (data) - i,
707                              &client_hash,
708                              0))
709    goto out_2;
710
711  if (_dbus_string_get_length (&client_challenge) == 0 ||
712      _dbus_string_get_length (&client_hash) == 0)
713    {
714      _dbus_verbose ("%s: zero-length client challenge or hash\n",
715                     DBUS_AUTH_NAME (auth));
716      if (send_rejected (auth))
717        retval = TRUE;
718      goto out_2;
719    }
720
721  if (!_dbus_string_init (&correct_hash))
722    goto out_2;
723
724  if (!sha1_compute_hash (auth, auth->cookie_id,
725                          &auth->challenge,
726                          &client_challenge,
727                          &correct_hash))
728    goto out_3;
729
730  /* if cookie_id was invalid, then we get an empty hash */
731  if (_dbus_string_get_length (&correct_hash) == 0)
732    {
733      if (send_rejected (auth))
734        retval = TRUE;
735      goto out_3;
736    }
737
738  if (!_dbus_string_equal (&client_hash, &correct_hash))
739    {
740      if (send_rejected (auth))
741        retval = TRUE;
742      goto out_3;
743    }
744
745  if (!_dbus_credentials_add_credentials (auth->authorized_identity,
746                                          auth->desired_identity))
747    goto out_3;
748
749  /* Copy process ID from the socket credentials if it's there
750   */
751  if (!_dbus_credentials_add_credential (auth->authorized_identity,
752                                         DBUS_CREDENTIAL_UNIX_PROCESS_ID,
753                                         auth->credentials))
754    goto out_3;
755
756  if (!send_ok (auth))
757    goto out_3;
758
759  _dbus_verbose ("%s: authenticated client using DBUS_COOKIE_SHA1\n",
760                 DBUS_AUTH_NAME (auth));
761
762  retval = TRUE;
763
764 out_3:
765  _dbus_string_zero (&correct_hash);
766  _dbus_string_free (&correct_hash);
767 out_2:
768  _dbus_string_zero (&client_hash);
769  _dbus_string_free (&client_hash);
770 out_1:
771  _dbus_string_free (&client_challenge);
772 out_0:
773  return retval;
774}
775
776static dbus_bool_t
777handle_server_data_cookie_sha1_mech (DBusAuth         *auth,
778                                     const DBusString *data)
779{
780  if (auth->cookie_id < 0)
781    return sha1_handle_first_client_response (auth, data);
782  else
783    return sha1_handle_second_client_response (auth, data);
784}
785
786static void
787handle_server_shutdown_cookie_sha1_mech (DBusAuth *auth)
788{
789  auth->cookie_id = -1;
790  _dbus_string_set_length (&auth->challenge, 0);
791}
792
793static dbus_bool_t
794handle_client_initial_response_cookie_sha1_mech (DBusAuth   *auth,
795                                                 DBusString *response)
796{
797  DBusString username;
798  dbus_bool_t retval;
799
800  retval = FALSE;
801
802  if (!_dbus_string_init (&username))
803    return FALSE;
804
805  if (!_dbus_append_user_from_current_process (&username))
806    goto out_0;
807
808  if (!_dbus_string_hex_encode (&username, 0,
809				response,
810				_dbus_string_get_length (response)))
811    goto out_0;
812
813  retval = TRUE;
814
815 out_0:
816  _dbus_string_free (&username);
817
818  return retval;
819}
820
821static dbus_bool_t
822handle_client_data_cookie_sha1_mech (DBusAuth         *auth,
823                                     const DBusString *data)
824{
825  /* The data we get from the server should be the cookie context
826   * name, the cookie ID, and the server challenge, separated by
827   * spaces. We send back our challenge string and the correct hash.
828   */
829  dbus_bool_t retval;
830  DBusString context;
831  DBusString cookie_id_str;
832  DBusString server_challenge;
833  DBusString client_challenge;
834  DBusString correct_hash;
835  DBusString tmp;
836  int i, j;
837  long val;
838
839  retval = FALSE;
840
841  if (!_dbus_string_find_blank (data, 0, &i))
842    {
843      if (send_error (auth,
844                      "Server did not send context/ID/challenge properly"))
845        retval = TRUE;
846      goto out_0;
847    }
848
849  if (!_dbus_string_init (&context))
850    goto out_0;
851
852  if (!_dbus_string_copy_len (data, 0, i,
853                              &context, 0))
854    goto out_1;
855
856  _dbus_string_skip_blank (data, i, &i);
857  if (!_dbus_string_find_blank (data, i, &j))
858    {
859      if (send_error (auth,
860                      "Server did not send context/ID/challenge properly"))
861        retval = TRUE;
862      goto out_1;
863    }
864
865  if (!_dbus_string_init (&cookie_id_str))
866    goto out_1;
867
868  if (!_dbus_string_copy_len (data, i, j - i,
869                              &cookie_id_str, 0))
870    goto out_2;
871
872  if (!_dbus_string_init (&server_challenge))
873    goto out_2;
874
875  i = j;
876  _dbus_string_skip_blank (data, i, &i);
877  j = _dbus_string_get_length (data);
878
879  if (!_dbus_string_copy_len (data, i, j - i,
880                              &server_challenge, 0))
881    goto out_3;
882
883  if (!_dbus_keyring_validate_context (&context))
884    {
885      if (send_error (auth, "Server sent invalid cookie context"))
886        retval = TRUE;
887      goto out_3;
888    }
889
890  if (!_dbus_string_parse_int (&cookie_id_str, 0, &val, NULL))
891    {
892      if (send_error (auth, "Could not parse cookie ID as an integer"))
893        retval = TRUE;
894      goto out_3;
895    }
896
897  if (_dbus_string_get_length (&server_challenge) == 0)
898    {
899      if (send_error (auth, "Empty server challenge string"))
900        retval = TRUE;
901      goto out_3;
902    }
903
904  if (auth->keyring == NULL)
905    {
906      DBusError error;
907
908      dbus_error_init (&error);
909      auth->keyring = _dbus_keyring_new_for_credentials (NULL,
910                                                         &context,
911                                                         &error);
912
913      if (auth->keyring == NULL)
914        {
915          if (dbus_error_has_name (&error,
916                                   DBUS_ERROR_NO_MEMORY))
917            {
918              dbus_error_free (&error);
919              goto out_3;
920            }
921          else
922            {
923              _DBUS_ASSERT_ERROR_IS_SET (&error);
924
925              _dbus_verbose ("%s: Error loading keyring: %s\n",
926                             DBUS_AUTH_NAME (auth), error.message);
927
928              if (send_error (auth, "Could not load cookie file"))
929                retval = TRUE; /* retval is only about mem */
930
931              dbus_error_free (&error);
932              goto out_3;
933            }
934        }
935      else
936        {
937          _dbus_assert (!dbus_error_is_set (&error));
938        }
939    }
940
941  _dbus_assert (auth->keyring != NULL);
942
943  if (!_dbus_string_init (&tmp))
944    goto out_3;
945
946  if (!_dbus_generate_random_bytes (&tmp, N_CHALLENGE_BYTES))
947    goto out_4;
948
949  if (!_dbus_string_init (&client_challenge))
950    goto out_4;
951
952  if (!_dbus_string_hex_encode (&tmp, 0, &client_challenge, 0))
953    goto out_5;
954
955  if (!_dbus_string_init (&correct_hash))
956    goto out_5;
957
958  if (!sha1_compute_hash (auth, val,
959                          &server_challenge,
960                          &client_challenge,
961                          &correct_hash))
962    goto out_6;
963
964  if (_dbus_string_get_length (&correct_hash) == 0)
965    {
966      /* couldn't find the cookie ID or something */
967      if (send_error (auth, "Don't have the requested cookie ID"))
968        retval = TRUE;
969      goto out_6;
970    }
971
972  _dbus_string_set_length (&tmp, 0);
973
974  if (!_dbus_string_copy (&client_challenge, 0, &tmp,
975                          _dbus_string_get_length (&tmp)))
976    goto out_6;
977
978  if (!_dbus_string_append (&tmp, " "))
979    goto out_6;
980
981  if (!_dbus_string_copy (&correct_hash, 0, &tmp,
982                          _dbus_string_get_length (&tmp)))
983    goto out_6;
984
985  if (!send_data (auth, &tmp))
986    goto out_6;
987
988  retval = TRUE;
989
990 out_6:
991  _dbus_string_zero (&correct_hash);
992  _dbus_string_free (&correct_hash);
993 out_5:
994  _dbus_string_free (&client_challenge);
995 out_4:
996  _dbus_string_zero (&tmp);
997  _dbus_string_free (&tmp);
998 out_3:
999  _dbus_string_free (&server_challenge);
1000 out_2:
1001  _dbus_string_free (&cookie_id_str);
1002 out_1:
1003  _dbus_string_free (&context);
1004 out_0:
1005  return retval;
1006}
1007
1008static void
1009handle_client_shutdown_cookie_sha1_mech (DBusAuth *auth)
1010{
1011  auth->cookie_id = -1;
1012  _dbus_string_set_length (&auth->challenge, 0);
1013}
1014
1015/*
1016 * EXTERNAL mechanism
1017 */
1018
1019static dbus_bool_t
1020handle_server_data_external_mech (DBusAuth         *auth,
1021                                  const DBusString *data)
1022{
1023  if (_dbus_credentials_are_anonymous (auth->credentials))
1024    {
1025      _dbus_verbose ("%s: no credentials, mechanism EXTERNAL can't authenticate\n",
1026                     DBUS_AUTH_NAME (auth));
1027      return send_rejected (auth);
1028    }
1029
1030  if (_dbus_string_get_length (data) > 0)
1031    {
1032      if (_dbus_string_get_length (&auth->identity) > 0)
1033        {
1034          /* Tried to send two auth identities, wtf */
1035          _dbus_verbose ("%s: client tried to send auth identity, but we already have one\n",
1036                         DBUS_AUTH_NAME (auth));
1037          return send_rejected (auth);
1038        }
1039      else
1040        {
1041          /* this is our auth identity */
1042          if (!_dbus_string_copy (data, 0, &auth->identity, 0))
1043            return FALSE;
1044        }
1045    }
1046
1047  /* Poke client for an auth identity, if none given */
1048  if (_dbus_string_get_length (&auth->identity) == 0 &&
1049      !auth->already_asked_for_initial_response)
1050    {
1051      if (send_data (auth, NULL))
1052        {
1053          _dbus_verbose ("%s: sending empty challenge asking client for auth identity\n",
1054                         DBUS_AUTH_NAME (auth));
1055          auth->already_asked_for_initial_response = TRUE;
1056          goto_state (auth, &server_state_waiting_for_data);
1057          return TRUE;
1058        }
1059      else
1060        return FALSE;
1061    }
1062
1063  _dbus_credentials_clear (auth->desired_identity);
1064
1065  /* If auth->identity is still empty here, then client
1066   * responded with an empty string after we poked it for
1067   * an initial response. This means to try to auth the
1068   * identity provided in the credentials.
1069   */
1070  if (_dbus_string_get_length (&auth->identity) == 0)
1071    {
1072      if (!_dbus_credentials_add_credentials (auth->desired_identity,
1073                                              auth->credentials))
1074        {
1075          return FALSE; /* OOM */
1076        }
1077    }
1078  else
1079    {
1080      if (!_dbus_credentials_add_from_user (auth->desired_identity,
1081                                            &auth->identity))
1082        {
1083          _dbus_verbose ("%s: could not get credentials from uid string\n",
1084                         DBUS_AUTH_NAME (auth));
1085          return send_rejected (auth);
1086        }
1087    }
1088
1089  if (_dbus_credentials_are_anonymous (auth->desired_identity))
1090    {
1091      _dbus_verbose ("%s: desired user %s is no good\n",
1092                     DBUS_AUTH_NAME (auth),
1093                     _dbus_string_get_const_data (&auth->identity));
1094      return send_rejected (auth);
1095    }
1096
1097  if (_dbus_credentials_are_superset (auth->credentials,
1098                                      auth->desired_identity))
1099    {
1100      /* client has authenticated */
1101      if (!_dbus_credentials_add_credentials (auth->authorized_identity,
1102                                              auth->desired_identity))
1103        return FALSE;
1104
1105      /* also copy process ID from the socket credentials
1106       */
1107      if (!_dbus_credentials_add_credential (auth->authorized_identity,
1108                                             DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1109                                             auth->credentials))
1110        return FALSE;
1111
1112      /* also copy audit data from the socket credentials
1113       */
1114      if (!_dbus_credentials_add_credential (auth->authorized_identity,
1115                                             DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
1116                                             auth->credentials))
1117        return FALSE;
1118
1119      if (!send_ok (auth))
1120        return FALSE;
1121
1122      _dbus_verbose ("%s: authenticated client based on socket credentials\n",
1123                     DBUS_AUTH_NAME (auth));
1124
1125      return TRUE;
1126    }
1127  else
1128    {
1129      _dbus_verbose ("%s: desired identity not found in socket credentials\n",
1130                     DBUS_AUTH_NAME (auth));
1131      return send_rejected (auth);
1132    }
1133}
1134
1135static void
1136handle_server_shutdown_external_mech (DBusAuth *auth)
1137{
1138
1139}
1140
1141static dbus_bool_t
1142handle_client_initial_response_external_mech (DBusAuth         *auth,
1143                                              DBusString       *response)
1144{
1145  /* We always append our UID as an initial response, so the server
1146   * doesn't have to send back an empty challenge to check whether we
1147   * want to specify an identity. i.e. this avoids a round trip that
1148   * the spec for the EXTERNAL mechanism otherwise requires.
1149   */
1150  DBusString plaintext;
1151
1152  if (!_dbus_string_init (&plaintext))
1153    return FALSE;
1154
1155  if (!_dbus_append_user_from_current_process (&plaintext))
1156    goto failed;
1157
1158  if (!_dbus_string_hex_encode (&plaintext, 0,
1159				response,
1160				_dbus_string_get_length (response)))
1161    goto failed;
1162
1163  _dbus_string_free (&plaintext);
1164
1165  return TRUE;
1166
1167 failed:
1168  _dbus_string_free (&plaintext);
1169  return FALSE;
1170}
1171
1172static dbus_bool_t
1173handle_client_data_external_mech (DBusAuth         *auth,
1174                                  const DBusString *data)
1175{
1176
1177  return TRUE;
1178}
1179
1180static void
1181handle_client_shutdown_external_mech (DBusAuth *auth)
1182{
1183
1184}
1185
1186/*
1187 * ANONYMOUS mechanism
1188 */
1189
1190static dbus_bool_t
1191handle_server_data_anonymous_mech (DBusAuth         *auth,
1192                                   const DBusString *data)
1193{
1194  if (_dbus_string_get_length (data) > 0)
1195    {
1196      /* Client is allowed to send "trace" data, the only defined
1197       * meaning is that if it contains '@' it is an email address,
1198       * and otherwise it is anything else, and it's supposed to be
1199       * UTF-8
1200       */
1201      if (!_dbus_string_validate_utf8 (data, 0, _dbus_string_get_length (data)))
1202        {
1203          _dbus_verbose ("%s: Received invalid UTF-8 trace data from ANONYMOUS client\n",
1204                         DBUS_AUTH_NAME (auth));
1205          return send_rejected (auth);
1206        }
1207
1208      _dbus_verbose ("%s: ANONYMOUS client sent trace string: '%s'\n",
1209                     DBUS_AUTH_NAME (auth),
1210                     _dbus_string_get_const_data (data));
1211    }
1212
1213  /* We want to be anonymous (clear in case some other protocol got midway through I guess) */
1214  _dbus_credentials_clear (auth->desired_identity);
1215
1216  /* Copy process ID from the socket credentials
1217   */
1218  if (!_dbus_credentials_add_credential (auth->authorized_identity,
1219                                         DBUS_CREDENTIAL_UNIX_PROCESS_ID,
1220                                         auth->credentials))
1221    return FALSE;
1222
1223  /* Anonymous is always allowed */
1224  if (!send_ok (auth))
1225    return FALSE;
1226
1227  _dbus_verbose ("%s: authenticated client as anonymous\n",
1228                 DBUS_AUTH_NAME (auth));
1229
1230  return TRUE;
1231}
1232
1233static void
1234handle_server_shutdown_anonymous_mech (DBusAuth *auth)
1235{
1236
1237}
1238
1239static dbus_bool_t
1240handle_client_initial_response_anonymous_mech (DBusAuth         *auth,
1241                                               DBusString       *response)
1242{
1243  /* Our initial response is a "trace" string which must be valid UTF-8
1244   * and must be an email address if it contains '@'.
1245   * We just send the dbus implementation info, like a user-agent or
1246   * something, because... why not. There's nothing guaranteed here
1247   * though, we could change it later.
1248   */
1249  DBusString plaintext;
1250
1251  if (!_dbus_string_init (&plaintext))
1252    return FALSE;
1253
1254  if (!_dbus_string_append (&plaintext,
1255                            "libdbus " DBUS_VERSION_STRING))
1256    goto failed;
1257
1258  if (!_dbus_string_hex_encode (&plaintext, 0,
1259				response,
1260				_dbus_string_get_length (response)))
1261    goto failed;
1262
1263  _dbus_string_free (&plaintext);
1264
1265  return TRUE;
1266
1267 failed:
1268  _dbus_string_free (&plaintext);
1269  return FALSE;
1270}
1271
1272static dbus_bool_t
1273handle_client_data_anonymous_mech (DBusAuth         *auth,
1274                                  const DBusString *data)
1275{
1276
1277  return TRUE;
1278}
1279
1280static void
1281handle_client_shutdown_anonymous_mech (DBusAuth *auth)
1282{
1283
1284}
1285
1286/* Put mechanisms here in order of preference.
1287 * Right now we have:
1288 *
1289 * - EXTERNAL checks socket credentials (or in the future, other info from the OS)
1290 * - DBUS_COOKIE_SHA1 uses a cookie in the home directory, like xauth or ICE
1291 * - ANONYMOUS checks nothing but doesn't auth the person as a user
1292 *
1293 * We might ideally add a mechanism to chain to Cyrus SASL so we can
1294 * use its mechanisms as well.
1295 *
1296 */
1297static const DBusAuthMechanismHandler
1298all_mechanisms[] = {
1299  { "EXTERNAL",
1300    handle_server_data_external_mech,
1301    NULL, NULL,
1302    handle_server_shutdown_external_mech,
1303    handle_client_initial_response_external_mech,
1304    handle_client_data_external_mech,
1305    NULL, NULL,
1306    handle_client_shutdown_external_mech },
1307  { "DBUS_COOKIE_SHA1",
1308    handle_server_data_cookie_sha1_mech,
1309    NULL, NULL,
1310    handle_server_shutdown_cookie_sha1_mech,
1311    handle_client_initial_response_cookie_sha1_mech,
1312    handle_client_data_cookie_sha1_mech,
1313    NULL, NULL,
1314    handle_client_shutdown_cookie_sha1_mech },
1315  { "ANONYMOUS",
1316    handle_server_data_anonymous_mech,
1317    NULL, NULL,
1318    handle_server_shutdown_anonymous_mech,
1319    handle_client_initial_response_anonymous_mech,
1320    handle_client_data_anonymous_mech,
1321    NULL, NULL,
1322    handle_client_shutdown_anonymous_mech },
1323  { NULL, NULL }
1324};
1325
1326static const DBusAuthMechanismHandler*
1327find_mech (const DBusString  *name,
1328           char             **allowed_mechs)
1329{
1330  int i;
1331
1332  if (allowed_mechs != NULL &&
1333      !_dbus_string_array_contains ((const char**) allowed_mechs,
1334                                    _dbus_string_get_const_data (name)))
1335    return NULL;
1336
1337  i = 0;
1338  while (all_mechanisms[i].mechanism != NULL)
1339    {
1340      if (_dbus_string_equal_c_str (name,
1341                                    all_mechanisms[i].mechanism))
1342
1343        return &all_mechanisms[i];
1344
1345      ++i;
1346    }
1347
1348  return NULL;
1349}
1350
1351static dbus_bool_t
1352send_auth (DBusAuth *auth, const DBusAuthMechanismHandler *mech)
1353{
1354  DBusString auth_command;
1355
1356  if (!_dbus_string_init (&auth_command))
1357    return FALSE;
1358
1359  if (!_dbus_string_append (&auth_command,
1360                            "AUTH "))
1361    {
1362      _dbus_string_free (&auth_command);
1363      return FALSE;
1364    }
1365
1366  if (!_dbus_string_append (&auth_command,
1367                            mech->mechanism))
1368    {
1369      _dbus_string_free (&auth_command);
1370      return FALSE;
1371    }
1372
1373  if (mech->client_initial_response_func != NULL)
1374    {
1375      if (!_dbus_string_append (&auth_command, " "))
1376        {
1377          _dbus_string_free (&auth_command);
1378          return FALSE;
1379        }
1380
1381      if (!(* mech->client_initial_response_func) (auth, &auth_command))
1382        {
1383          _dbus_string_free (&auth_command);
1384          return FALSE;
1385        }
1386    }
1387
1388  if (!_dbus_string_append (&auth_command,
1389                            "\r\n"))
1390    {
1391      _dbus_string_free (&auth_command);
1392      return FALSE;
1393    }
1394
1395  if (!_dbus_string_copy (&auth_command, 0,
1396                          &auth->outgoing,
1397                          _dbus_string_get_length (&auth->outgoing)))
1398    {
1399      _dbus_string_free (&auth_command);
1400      return FALSE;
1401    }
1402
1403  _dbus_string_free (&auth_command);
1404  shutdown_mech (auth);
1405  auth->mech = mech;
1406  goto_state (auth, &client_state_waiting_for_data);
1407
1408  return TRUE;
1409}
1410
1411static dbus_bool_t
1412send_data (DBusAuth *auth, DBusString *data)
1413{
1414  int old_len;
1415
1416  if (data == NULL || _dbus_string_get_length (data) == 0)
1417    return _dbus_string_append (&auth->outgoing, "DATA\r\n");
1418  else
1419    {
1420      old_len = _dbus_string_get_length (&auth->outgoing);
1421      if (!_dbus_string_append (&auth->outgoing, "DATA "))
1422        goto out;
1423
1424      if (!_dbus_string_hex_encode (data, 0, &auth->outgoing,
1425                                    _dbus_string_get_length (&auth->outgoing)))
1426        goto out;
1427
1428      if (!_dbus_string_append (&auth->outgoing, "\r\n"))
1429        goto out;
1430
1431      return TRUE;
1432
1433    out:
1434      _dbus_string_set_length (&auth->outgoing, old_len);
1435
1436      return FALSE;
1437    }
1438}
1439
1440static dbus_bool_t
1441send_rejected (DBusAuth *auth)
1442{
1443  DBusString command;
1444  DBusAuthServer *server_auth;
1445  int i;
1446
1447  if (!_dbus_string_init (&command))
1448    return FALSE;
1449
1450  if (!_dbus_string_append (&command,
1451                            "REJECTED"))
1452    goto nomem;
1453
1454  i = 0;
1455  while (all_mechanisms[i].mechanism != NULL)
1456    {
1457      if (!_dbus_string_append (&command,
1458                                " "))
1459        goto nomem;
1460
1461      if (!_dbus_string_append (&command,
1462                                all_mechanisms[i].mechanism))
1463        goto nomem;
1464
1465      ++i;
1466    }
1467
1468  if (!_dbus_string_append (&command, "\r\n"))
1469    goto nomem;
1470
1471  if (!_dbus_string_copy (&command, 0, &auth->outgoing,
1472                          _dbus_string_get_length (&auth->outgoing)))
1473    goto nomem;
1474
1475  shutdown_mech (auth);
1476
1477  _dbus_assert (DBUS_AUTH_IS_SERVER (auth));
1478  server_auth = DBUS_AUTH_SERVER (auth);
1479  server_auth->failures += 1;
1480
1481  if (server_auth->failures >= server_auth->max_failures)
1482    goto_state (auth, &common_state_need_disconnect);
1483  else
1484    goto_state (auth, &server_state_waiting_for_auth);
1485
1486  _dbus_string_free (&command);
1487
1488  return TRUE;
1489
1490 nomem:
1491  _dbus_string_free (&command);
1492  return FALSE;
1493}
1494
1495static dbus_bool_t
1496send_error (DBusAuth *auth, const char *message)
1497{
1498  return _dbus_string_append_printf (&auth->outgoing,
1499                                     "ERROR \"%s\"\r\n", message);
1500}
1501
1502static dbus_bool_t
1503send_ok (DBusAuth *auth)
1504{
1505  int orig_len;
1506
1507  orig_len = _dbus_string_get_length (&auth->outgoing);
1508
1509  if (_dbus_string_append (&auth->outgoing, "OK ") &&
1510      _dbus_string_copy (& DBUS_AUTH_SERVER (auth)->guid,
1511                         0,
1512                         &auth->outgoing,
1513                         _dbus_string_get_length (&auth->outgoing)) &&
1514      _dbus_string_append (&auth->outgoing, "\r\n"))
1515    {
1516      goto_state (auth, &server_state_waiting_for_begin);
1517      return TRUE;
1518    }
1519  else
1520    {
1521      _dbus_string_set_length (&auth->outgoing, orig_len);
1522      return FALSE;
1523    }
1524}
1525
1526static dbus_bool_t
1527send_begin (DBusAuth         *auth)
1528{
1529
1530  if (!_dbus_string_append (&auth->outgoing,
1531                            "BEGIN\r\n"))
1532    return FALSE;
1533
1534  goto_state (auth, &common_state_authenticated);
1535  return TRUE;
1536}
1537
1538static dbus_bool_t
1539process_ok(DBusAuth *auth,
1540          const DBusString *args_from_ok) {
1541
1542  int end_of_hex;
1543
1544  /* "args_from_ok" should be the GUID, whitespace already pulled off the front */
1545  _dbus_assert (_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0);
1546
1547  /* We decode the hex string to binary, using guid_from_server as scratch... */
1548
1549  end_of_hex = 0;
1550  if (!_dbus_string_hex_decode (args_from_ok, 0, &end_of_hex,
1551                                & DBUS_AUTH_CLIENT (auth)->guid_from_server, 0))
1552    return FALSE;
1553
1554  /* now clear out the scratch */
1555  _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0);
1556
1557  if (end_of_hex != _dbus_string_get_length (args_from_ok) ||
1558      end_of_hex == 0)
1559    {
1560      _dbus_verbose ("Bad GUID from server, parsed %d bytes and had %d bytes from server\n",
1561                     end_of_hex, _dbus_string_get_length (args_from_ok));
1562      goto_state (auth, &common_state_need_disconnect);
1563      return TRUE;
1564    }
1565
1566  if (!_dbus_string_copy (args_from_ok, 0, &DBUS_AUTH_CLIENT (auth)->guid_from_server, 0)) {
1567      _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0);
1568      return FALSE;
1569  }
1570
1571  _dbus_verbose ("Got GUID '%s' from the server\n",
1572                 _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server));
1573
1574  if (auth->unix_fd_possible)
1575    return send_negotiate_unix_fd(auth);
1576
1577  _dbus_verbose("Not negotiating unix fd passing, since not possible\n");
1578  return send_begin (auth);
1579}
1580
1581static dbus_bool_t
1582send_cancel (DBusAuth *auth)
1583{
1584  if (_dbus_string_append (&auth->outgoing, "CANCEL\r\n"))
1585    {
1586      goto_state (auth, &client_state_waiting_for_reject);
1587      return TRUE;
1588    }
1589  else
1590    return FALSE;
1591}
1592
1593static dbus_bool_t
1594process_data (DBusAuth             *auth,
1595              const DBusString     *args,
1596              DBusAuthDataFunction  data_func)
1597{
1598  int end;
1599  DBusString decoded;
1600
1601  if (!_dbus_string_init (&decoded))
1602    return FALSE;
1603
1604  if (!_dbus_string_hex_decode (args, 0, &end, &decoded, 0))
1605    {
1606      _dbus_string_free (&decoded);
1607      return FALSE;
1608    }
1609
1610  if (_dbus_string_get_length (args) != end)
1611    {
1612      _dbus_string_free (&decoded);
1613      if (!send_error (auth, "Invalid hex encoding"))
1614        return FALSE;
1615
1616      return TRUE;
1617    }
1618
1619#ifdef DBUS_ENABLE_VERBOSE_MODE
1620  if (_dbus_string_validate_ascii (&decoded, 0,
1621                                   _dbus_string_get_length (&decoded)))
1622    _dbus_verbose ("%s: data: '%s'\n",
1623                   DBUS_AUTH_NAME (auth),
1624                   _dbus_string_get_const_data (&decoded));
1625#endif
1626
1627  if (!(* data_func) (auth, &decoded))
1628    {
1629      _dbus_string_free (&decoded);
1630      return FALSE;
1631    }
1632
1633  _dbus_string_free (&decoded);
1634  return TRUE;
1635}
1636
1637static dbus_bool_t
1638send_negotiate_unix_fd (DBusAuth *auth)
1639{
1640  if (!_dbus_string_append (&auth->outgoing,
1641                            "NEGOTIATE_UNIX_FD\r\n"))
1642    return FALSE;
1643
1644  goto_state (auth, &client_state_waiting_for_agree_unix_fd);
1645  return TRUE;
1646}
1647
1648static dbus_bool_t
1649send_agree_unix_fd (DBusAuth *auth)
1650{
1651  _dbus_assert(auth->unix_fd_possible);
1652
1653  auth->unix_fd_negotiated = TRUE;
1654  _dbus_verbose("Agreed to UNIX FD passing\n");
1655
1656  if (!_dbus_string_append (&auth->outgoing,
1657                            "AGREE_UNIX_FD\r\n"))
1658    return FALSE;
1659
1660  goto_state (auth, &server_state_waiting_for_begin);
1661  return TRUE;
1662}
1663
1664static dbus_bool_t
1665handle_auth (DBusAuth *auth, const DBusString *args)
1666{
1667  if (_dbus_string_get_length (args) == 0)
1668    {
1669      /* No args to the auth, send mechanisms */
1670      if (!send_rejected (auth))
1671        return FALSE;
1672
1673      return TRUE;
1674    }
1675  else
1676    {
1677      int i;
1678      DBusString mech;
1679      DBusString hex_response;
1680
1681      _dbus_string_find_blank (args, 0, &i);
1682
1683      if (!_dbus_string_init (&mech))
1684        return FALSE;
1685
1686      if (!_dbus_string_init (&hex_response))
1687        {
1688          _dbus_string_free (&mech);
1689          return FALSE;
1690        }
1691
1692      if (!_dbus_string_copy_len (args, 0, i, &mech, 0))
1693        goto failed;
1694
1695      _dbus_string_skip_blank (args, i, &i);
1696      if (!_dbus_string_copy (args, i, &hex_response, 0))
1697        goto failed;
1698
1699      auth->mech = find_mech (&mech, auth->allowed_mechs);
1700      if (auth->mech != NULL)
1701        {
1702          _dbus_verbose ("%s: Trying mechanism %s\n",
1703                         DBUS_AUTH_NAME (auth),
1704                         auth->mech->mechanism);
1705
1706          if (!process_data (auth, &hex_response,
1707                             auth->mech->server_data_func))
1708            goto failed;
1709        }
1710      else
1711        {
1712          /* Unsupported mechanism */
1713          _dbus_verbose ("%s: Unsupported mechanism %s\n",
1714                         DBUS_AUTH_NAME (auth),
1715                         _dbus_string_get_const_data (&mech));
1716
1717          if (!send_rejected (auth))
1718            goto failed;
1719        }
1720
1721      _dbus_string_free (&mech);
1722      _dbus_string_free (&hex_response);
1723
1724      return TRUE;
1725
1726    failed:
1727      auth->mech = NULL;
1728      _dbus_string_free (&mech);
1729      _dbus_string_free (&hex_response);
1730      return FALSE;
1731    }
1732}
1733
1734static dbus_bool_t
1735handle_server_state_waiting_for_auth  (DBusAuth         *auth,
1736                                       DBusAuthCommand   command,
1737                                       const DBusString *args)
1738{
1739  switch (command)
1740    {
1741    case DBUS_AUTH_COMMAND_AUTH:
1742      return handle_auth (auth, args);
1743
1744    case DBUS_AUTH_COMMAND_CANCEL:
1745    case DBUS_AUTH_COMMAND_DATA:
1746      return send_error (auth, "Not currently in an auth conversation");
1747
1748    case DBUS_AUTH_COMMAND_BEGIN:
1749      goto_state (auth, &common_state_need_disconnect);
1750      return TRUE;
1751
1752    case DBUS_AUTH_COMMAND_ERROR:
1753      return send_rejected (auth);
1754
1755    case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1756      return send_error (auth, "Need to authenticate first");
1757
1758    case DBUS_AUTH_COMMAND_REJECTED:
1759    case DBUS_AUTH_COMMAND_OK:
1760    case DBUS_AUTH_COMMAND_UNKNOWN:
1761    case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1762    default:
1763      return send_error (auth, "Unknown command");
1764    }
1765}
1766
1767static dbus_bool_t
1768handle_server_state_waiting_for_data  (DBusAuth         *auth,
1769                                       DBusAuthCommand   command,
1770                                       const DBusString *args)
1771{
1772  switch (command)
1773    {
1774    case DBUS_AUTH_COMMAND_AUTH:
1775      return send_error (auth, "Sent AUTH while another AUTH in progress");
1776
1777    case DBUS_AUTH_COMMAND_CANCEL:
1778    case DBUS_AUTH_COMMAND_ERROR:
1779      return send_rejected (auth);
1780
1781    case DBUS_AUTH_COMMAND_DATA:
1782      return process_data (auth, args, auth->mech->server_data_func);
1783
1784    case DBUS_AUTH_COMMAND_BEGIN:
1785      goto_state (auth, &common_state_need_disconnect);
1786      return TRUE;
1787
1788    case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1789      return send_error (auth, "Need to authenticate first");
1790
1791    case DBUS_AUTH_COMMAND_REJECTED:
1792    case DBUS_AUTH_COMMAND_OK:
1793    case DBUS_AUTH_COMMAND_UNKNOWN:
1794    case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1795    default:
1796      return send_error (auth, "Unknown command");
1797    }
1798}
1799
1800static dbus_bool_t
1801handle_server_state_waiting_for_begin (DBusAuth         *auth,
1802                                       DBusAuthCommand   command,
1803                                       const DBusString *args)
1804{
1805  switch (command)
1806    {
1807    case DBUS_AUTH_COMMAND_AUTH:
1808      return send_error (auth, "Sent AUTH while expecting BEGIN");
1809
1810    case DBUS_AUTH_COMMAND_DATA:
1811      return send_error (auth, "Sent DATA while expecting BEGIN");
1812
1813    case DBUS_AUTH_COMMAND_BEGIN:
1814      goto_state (auth, &common_state_authenticated);
1815      return TRUE;
1816
1817    case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
1818      if (auth->unix_fd_possible)
1819        return send_agree_unix_fd(auth);
1820      else
1821        return send_error(auth, "Unix FD passing not supported, not authenticated or otherwise not possible");
1822
1823    case DBUS_AUTH_COMMAND_REJECTED:
1824    case DBUS_AUTH_COMMAND_OK:
1825    case DBUS_AUTH_COMMAND_UNKNOWN:
1826    case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
1827    default:
1828      return send_error (auth, "Unknown command");
1829
1830    case DBUS_AUTH_COMMAND_CANCEL:
1831    case DBUS_AUTH_COMMAND_ERROR:
1832      return send_rejected (auth);
1833    }
1834}
1835
1836/* return FALSE if no memory, TRUE if all OK */
1837static dbus_bool_t
1838get_word (const DBusString *str,
1839          int              *start,
1840          DBusString       *word)
1841{
1842  int i;
1843
1844  _dbus_string_skip_blank (str, *start, start);
1845  _dbus_string_find_blank (str, *start, &i);
1846
1847  if (i > *start)
1848    {
1849      if (!_dbus_string_copy_len (str, *start, i - *start, word, 0))
1850        return FALSE;
1851
1852      *start = i;
1853    }
1854
1855  return TRUE;
1856}
1857
1858static dbus_bool_t
1859record_mechanisms (DBusAuth         *auth,
1860                   const DBusString *args)
1861{
1862  int next;
1863  int len;
1864
1865  if (auth->already_got_mechanisms)
1866    return TRUE;
1867
1868  len = _dbus_string_get_length (args);
1869
1870  next = 0;
1871  while (next < len)
1872    {
1873      DBusString m;
1874      const DBusAuthMechanismHandler *mech;
1875
1876      if (!_dbus_string_init (&m))
1877        goto nomem;
1878
1879      if (!get_word (args, &next, &m))
1880        {
1881          _dbus_string_free (&m);
1882          goto nomem;
1883        }
1884
1885      mech = find_mech (&m, auth->allowed_mechs);
1886
1887      if (mech != NULL)
1888        {
1889          /* FIXME right now we try mechanisms in the order
1890           * the server lists them; should we do them in
1891           * some more deterministic order?
1892           *
1893           * Probably in all_mechanisms order, our order of
1894           * preference. Of course when the server is us,
1895           * it lists things in that order anyhow.
1896           */
1897
1898          if (mech != &all_mechanisms[0])
1899            {
1900              _dbus_verbose ("%s: Adding mechanism %s to list we will try\n",
1901                             DBUS_AUTH_NAME (auth), mech->mechanism);
1902
1903              if (!_dbus_list_append (& DBUS_AUTH_CLIENT (auth)->mechs_to_try,
1904                                      (void*) mech))
1905                {
1906                  _dbus_string_free (&m);
1907                  goto nomem;
1908                }
1909            }
1910          else
1911            {
1912              _dbus_verbose ("%s: Already tried mechanism %s; not adding to list we will try\n",
1913                             DBUS_AUTH_NAME (auth), mech->mechanism);
1914            }
1915        }
1916      else
1917        {
1918          _dbus_verbose ("%s: Server offered mechanism \"%s\" that we don't know how to use\n",
1919                         DBUS_AUTH_NAME (auth),
1920                         _dbus_string_get_const_data (&m));
1921        }
1922
1923      _dbus_string_free (&m);
1924    }
1925
1926  auth->already_got_mechanisms = TRUE;
1927
1928  return TRUE;
1929
1930 nomem:
1931  _dbus_list_clear (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
1932
1933  return FALSE;
1934}
1935
1936static dbus_bool_t
1937process_rejected (DBusAuth *auth, const DBusString *args)
1938{
1939  const DBusAuthMechanismHandler *mech;
1940  DBusAuthClient *client;
1941
1942  client = DBUS_AUTH_CLIENT (auth);
1943
1944  if (!auth->already_got_mechanisms)
1945    {
1946      if (!record_mechanisms (auth, args))
1947        return FALSE;
1948    }
1949
1950  if (DBUS_AUTH_CLIENT (auth)->mechs_to_try != NULL)
1951    {
1952      mech = client->mechs_to_try->data;
1953
1954      if (!send_auth (auth, mech))
1955        return FALSE;
1956
1957      _dbus_list_pop_first (&client->mechs_to_try);
1958
1959      _dbus_verbose ("%s: Trying mechanism %s\n",
1960                     DBUS_AUTH_NAME (auth),
1961                     mech->mechanism);
1962    }
1963  else
1964    {
1965      /* Give up */
1966      _dbus_verbose ("%s: Disconnecting because we are out of mechanisms to try using\n",
1967                     DBUS_AUTH_NAME (auth));
1968      goto_state (auth, &common_state_need_disconnect);
1969    }
1970
1971  return TRUE;
1972}
1973
1974
1975static dbus_bool_t
1976handle_client_state_waiting_for_data (DBusAuth         *auth,
1977                                      DBusAuthCommand   command,
1978                                      const DBusString *args)
1979{
1980  _dbus_assert (auth->mech != NULL);
1981
1982  switch (command)
1983    {
1984    case DBUS_AUTH_COMMAND_DATA:
1985      return process_data (auth, args, auth->mech->client_data_func);
1986
1987    case DBUS_AUTH_COMMAND_REJECTED:
1988      return process_rejected (auth, args);
1989
1990    case DBUS_AUTH_COMMAND_OK:
1991      return process_ok(auth, args);
1992
1993    case DBUS_AUTH_COMMAND_ERROR:
1994      return send_cancel (auth);
1995
1996    case DBUS_AUTH_COMMAND_AUTH:
1997    case DBUS_AUTH_COMMAND_CANCEL:
1998    case DBUS_AUTH_COMMAND_BEGIN:
1999    case DBUS_AUTH_COMMAND_UNKNOWN:
2000    case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2001    case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2002    default:
2003      return send_error (auth, "Unknown command");
2004    }
2005}
2006
2007static dbus_bool_t
2008handle_client_state_waiting_for_ok (DBusAuth         *auth,
2009                                    DBusAuthCommand   command,
2010                                    const DBusString *args)
2011{
2012  switch (command)
2013    {
2014    case DBUS_AUTH_COMMAND_REJECTED:
2015      return process_rejected (auth, args);
2016
2017    case DBUS_AUTH_COMMAND_OK:
2018      return process_ok(auth, args);
2019
2020    case DBUS_AUTH_COMMAND_DATA:
2021    case DBUS_AUTH_COMMAND_ERROR:
2022      return send_cancel (auth);
2023
2024    case DBUS_AUTH_COMMAND_AUTH:
2025    case DBUS_AUTH_COMMAND_CANCEL:
2026    case DBUS_AUTH_COMMAND_BEGIN:
2027    case DBUS_AUTH_COMMAND_UNKNOWN:
2028    case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2029    case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2030    default:
2031      return send_error (auth, "Unknown command");
2032    }
2033}
2034
2035static dbus_bool_t
2036handle_client_state_waiting_for_reject (DBusAuth         *auth,
2037                                        DBusAuthCommand   command,
2038                                        const DBusString *args)
2039{
2040  switch (command)
2041    {
2042    case DBUS_AUTH_COMMAND_REJECTED:
2043      return process_rejected (auth, args);
2044
2045    case DBUS_AUTH_COMMAND_AUTH:
2046    case DBUS_AUTH_COMMAND_CANCEL:
2047    case DBUS_AUTH_COMMAND_DATA:
2048    case DBUS_AUTH_COMMAND_BEGIN:
2049    case DBUS_AUTH_COMMAND_OK:
2050    case DBUS_AUTH_COMMAND_ERROR:
2051    case DBUS_AUTH_COMMAND_UNKNOWN:
2052    case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2053    case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2054    default:
2055      goto_state (auth, &common_state_need_disconnect);
2056      return TRUE;
2057    }
2058}
2059
2060static dbus_bool_t
2061handle_client_state_waiting_for_agree_unix_fd(DBusAuth         *auth,
2062                                              DBusAuthCommand   command,
2063                                              const DBusString *args)
2064{
2065  switch (command)
2066    {
2067    case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
2068      _dbus_assert(auth->unix_fd_possible);
2069      auth->unix_fd_negotiated = TRUE;
2070      _dbus_verbose("Successfully negotiated UNIX FD passing\n");
2071      return send_begin (auth);
2072
2073    case DBUS_AUTH_COMMAND_ERROR:
2074      _dbus_assert(auth->unix_fd_possible);
2075      auth->unix_fd_negotiated = FALSE;
2076      _dbus_verbose("Failed to negotiate UNIX FD passing\n");
2077      return send_begin (auth);
2078
2079    case DBUS_AUTH_COMMAND_OK:
2080    case DBUS_AUTH_COMMAND_DATA:
2081    case DBUS_AUTH_COMMAND_REJECTED:
2082    case DBUS_AUTH_COMMAND_AUTH:
2083    case DBUS_AUTH_COMMAND_CANCEL:
2084    case DBUS_AUTH_COMMAND_BEGIN:
2085    case DBUS_AUTH_COMMAND_UNKNOWN:
2086    case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
2087    default:
2088      return send_error (auth, "Unknown command");
2089    }
2090}
2091
2092/**
2093 * Mapping from command name to enum
2094 */
2095typedef struct {
2096  const char *name;        /**< Name of the command */
2097  DBusAuthCommand command; /**< Corresponding enum */
2098} DBusAuthCommandName;
2099
2100static const DBusAuthCommandName auth_command_names[] = {
2101  { "AUTH",              DBUS_AUTH_COMMAND_AUTH },
2102  { "CANCEL",            DBUS_AUTH_COMMAND_CANCEL },
2103  { "DATA",              DBUS_AUTH_COMMAND_DATA },
2104  { "BEGIN",             DBUS_AUTH_COMMAND_BEGIN },
2105  { "REJECTED",          DBUS_AUTH_COMMAND_REJECTED },
2106  { "OK",                DBUS_AUTH_COMMAND_OK },
2107  { "ERROR",             DBUS_AUTH_COMMAND_ERROR },
2108  { "NEGOTIATE_UNIX_FD", DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD },
2109  { "AGREE_UNIX_FD",     DBUS_AUTH_COMMAND_AGREE_UNIX_FD }
2110};
2111
2112static DBusAuthCommand
2113lookup_command_from_name (DBusString *command)
2114{
2115  int i;
2116
2117  for (i = 0; i < _DBUS_N_ELEMENTS (auth_command_names); i++)
2118    {
2119      if (_dbus_string_equal_c_str (command,
2120                                    auth_command_names[i].name))
2121        return auth_command_names[i].command;
2122    }
2123
2124  return DBUS_AUTH_COMMAND_UNKNOWN;
2125}
2126
2127static void
2128goto_state (DBusAuth *auth,
2129            const DBusAuthStateData *state)
2130{
2131  _dbus_verbose ("%s: going from state %s to state %s\n",
2132                 DBUS_AUTH_NAME (auth),
2133                 auth->state->name,
2134                 state->name);
2135
2136  auth->state = state;
2137}
2138
2139/* returns whether to call it again right away */
2140static dbus_bool_t
2141process_command (DBusAuth *auth)
2142{
2143  DBusAuthCommand command;
2144  DBusString line;
2145  DBusString args;
2146  int eol;
2147  int i, j;
2148  dbus_bool_t retval;
2149
2150  /* _dbus_verbose ("%s:   trying process_command()\n"); */
2151
2152  retval = FALSE;
2153
2154  eol = 0;
2155  if (!_dbus_string_find (&auth->incoming, 0, "\r\n", &eol))
2156    return FALSE;
2157
2158  if (!_dbus_string_init (&line))
2159    {
2160      auth->needed_memory = TRUE;
2161      return FALSE;
2162    }
2163
2164  if (!_dbus_string_init (&args))
2165    {
2166      _dbus_string_free (&line);
2167      auth->needed_memory = TRUE;
2168      return FALSE;
2169    }
2170
2171  if (!_dbus_string_copy_len (&auth->incoming, 0, eol, &line, 0))
2172    goto out;
2173
2174  if (!_dbus_string_validate_ascii (&line, 0,
2175                                    _dbus_string_get_length (&line)))
2176    {
2177      _dbus_verbose ("%s: Command contained non-ASCII chars or embedded nul\n",
2178                     DBUS_AUTH_NAME (auth));
2179      if (!send_error (auth, "Command contained non-ASCII"))
2180        goto out;
2181      else
2182        goto next_command;
2183    }
2184
2185  _dbus_verbose ("%s: got command \"%s\"\n",
2186                 DBUS_AUTH_NAME (auth),
2187                 _dbus_string_get_const_data (&line));
2188
2189  _dbus_string_find_blank (&line, 0, &i);
2190  _dbus_string_skip_blank (&line, i, &j);
2191
2192  if (j > i)
2193    _dbus_string_delete (&line, i, j - i);
2194
2195  if (!_dbus_string_move (&line, i, &args, 0))
2196    goto out;
2197
2198  /* FIXME 1.0 we should probably validate that only the allowed
2199   * chars are in the command name
2200   */
2201
2202  command = lookup_command_from_name (&line);
2203  if (!(* auth->state->handler) (auth, command, &args))
2204    goto out;
2205
2206 next_command:
2207
2208  /* We've succeeded in processing the whole command so drop it out
2209   * of the incoming buffer and return TRUE to try another command.
2210   */
2211
2212  _dbus_string_delete (&auth->incoming, 0, eol);
2213
2214  /* kill the \r\n */
2215  _dbus_string_delete (&auth->incoming, 0, 2);
2216
2217  retval = TRUE;
2218
2219 out:
2220  _dbus_string_free (&args);
2221  _dbus_string_free (&line);
2222
2223  if (!retval)
2224    auth->needed_memory = TRUE;
2225  else
2226    auth->needed_memory = FALSE;
2227
2228  return retval;
2229}
2230
2231
2232/** @} */
2233
2234/**
2235 * @addtogroup DBusAuth
2236 * @{
2237 */
2238
2239/**
2240 * Creates a new auth conversation object for the server side.
2241 * See doc/dbus-sasl-profile.txt for full details on what
2242 * this object does.
2243 *
2244 * @returns the new object or #NULL if no memory
2245 */
2246DBusAuth*
2247_dbus_auth_server_new (const DBusString *guid)
2248{
2249  DBusAuth *auth;
2250  DBusAuthServer *server_auth;
2251  DBusString guid_copy;
2252
2253  if (!_dbus_string_init (&guid_copy))
2254    return NULL;
2255
2256  if (!_dbus_string_copy (guid, 0, &guid_copy, 0))
2257    {
2258      _dbus_string_free (&guid_copy);
2259      return NULL;
2260    }
2261
2262  auth = _dbus_auth_new (sizeof (DBusAuthServer));
2263  if (auth == NULL)
2264    {
2265      _dbus_string_free (&guid_copy);
2266      return NULL;
2267    }
2268
2269  auth->side = auth_side_server;
2270  auth->state = &server_state_waiting_for_auth;
2271
2272  server_auth = DBUS_AUTH_SERVER (auth);
2273
2274  server_auth->guid = guid_copy;
2275
2276  /* perhaps this should be per-mechanism with a lower
2277   * max
2278   */
2279  server_auth->failures = 0;
2280  server_auth->max_failures = 6;
2281
2282  return auth;
2283}
2284
2285/**
2286 * Creates a new auth conversation object for the client side.
2287 * See doc/dbus-sasl-profile.txt for full details on what
2288 * this object does.
2289 *
2290 * @returns the new object or #NULL if no memory
2291 */
2292DBusAuth*
2293_dbus_auth_client_new (void)
2294{
2295  DBusAuth *auth;
2296  DBusString guid_str;
2297
2298  if (!_dbus_string_init (&guid_str))
2299    return NULL;
2300
2301  auth = _dbus_auth_new (sizeof (DBusAuthClient));
2302  if (auth == NULL)
2303    {
2304      _dbus_string_free (&guid_str);
2305      return NULL;
2306    }
2307
2308  DBUS_AUTH_CLIENT (auth)->guid_from_server = guid_str;
2309
2310  auth->side = auth_side_client;
2311  auth->state = &client_state_need_send_auth;
2312
2313  /* Start the auth conversation by sending AUTH for our default
2314   * mechanism */
2315  if (!send_auth (auth, &all_mechanisms[0]))
2316    {
2317      _dbus_auth_unref (auth);
2318      return NULL;
2319    }
2320
2321  return auth;
2322}
2323
2324/**
2325 * Increments the refcount of an auth object.
2326 *
2327 * @param auth the auth conversation
2328 * @returns the auth conversation
2329 */
2330DBusAuth *
2331_dbus_auth_ref (DBusAuth *auth)
2332{
2333  _dbus_assert (auth != NULL);
2334
2335  auth->refcount += 1;
2336
2337  return auth;
2338}
2339
2340/**
2341 * Decrements the refcount of an auth object.
2342 *
2343 * @param auth the auth conversation
2344 */
2345void
2346_dbus_auth_unref (DBusAuth *auth)
2347{
2348  _dbus_assert (auth != NULL);
2349  _dbus_assert (auth->refcount > 0);
2350
2351  auth->refcount -= 1;
2352  if (auth->refcount == 0)
2353    {
2354      shutdown_mech (auth);
2355
2356      if (DBUS_AUTH_IS_CLIENT (auth))
2357        {
2358          _dbus_string_free (& DBUS_AUTH_CLIENT (auth)->guid_from_server);
2359          _dbus_list_clear (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
2360        }
2361      else
2362        {
2363          _dbus_assert (DBUS_AUTH_IS_SERVER (auth));
2364
2365          _dbus_string_free (& DBUS_AUTH_SERVER (auth)->guid);
2366        }
2367
2368      if (auth->keyring)
2369        _dbus_keyring_unref (auth->keyring);
2370
2371      _dbus_string_free (&auth->context);
2372      _dbus_string_free (&auth->challenge);
2373      _dbus_string_free (&auth->identity);
2374      _dbus_string_free (&auth->incoming);
2375      _dbus_string_free (&auth->outgoing);
2376
2377      dbus_free_string_array (auth->allowed_mechs);
2378
2379      _dbus_credentials_unref (auth->credentials);
2380      _dbus_credentials_unref (auth->authorized_identity);
2381      _dbus_credentials_unref (auth->desired_identity);
2382
2383      dbus_free (auth);
2384    }
2385}
2386
2387/**
2388 * Sets an array of authentication mechanism names
2389 * that we are willing to use.
2390 *
2391 * @param auth the auth conversation
2392 * @param mechanisms #NULL-terminated array of mechanism names
2393 * @returns #FALSE if no memory
2394 */
2395dbus_bool_t
2396_dbus_auth_set_mechanisms (DBusAuth    *auth,
2397                           const char **mechanisms)
2398{
2399  char **copy;
2400
2401  if (mechanisms != NULL)
2402    {
2403      copy = _dbus_dup_string_array (mechanisms);
2404      if (copy == NULL)
2405        return FALSE;
2406    }
2407  else
2408    copy = NULL;
2409
2410  dbus_free_string_array (auth->allowed_mechs);
2411
2412  auth->allowed_mechs = copy;
2413
2414  return TRUE;
2415}
2416
2417/**
2418 * @param auth the auth conversation object
2419 * @returns #TRUE if we're in a final state
2420 */
2421#define DBUS_AUTH_IN_END_STATE(auth) ((auth)->state->handler == NULL)
2422
2423/**
2424 * Analyzes buffered input and moves the auth conversation forward,
2425 * returning the new state of the auth conversation.
2426 *
2427 * @param auth the auth conversation
2428 * @returns the new state
2429 */
2430DBusAuthState
2431_dbus_auth_do_work (DBusAuth *auth)
2432{
2433  auth->needed_memory = FALSE;
2434
2435  /* Max amount we'll buffer up before deciding someone's on crack */
2436#define MAX_BUFFER (16 * _DBUS_ONE_KILOBYTE)
2437
2438  do
2439    {
2440      if (DBUS_AUTH_IN_END_STATE (auth))
2441        break;
2442
2443      if (_dbus_string_get_length (&auth->incoming) > MAX_BUFFER ||
2444          _dbus_string_get_length (&auth->outgoing) > MAX_BUFFER)
2445        {
2446          goto_state (auth, &common_state_need_disconnect);
2447          _dbus_verbose ("%s: Disconnecting due to excessive data buffered in auth phase\n",
2448                         DBUS_AUTH_NAME (auth));
2449          break;
2450        }
2451    }
2452  while (process_command (auth));
2453
2454  if (auth->needed_memory)
2455    return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
2456  else if (_dbus_string_get_length (&auth->outgoing) > 0)
2457    return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
2458  else if (auth->state == &common_state_need_disconnect)
2459    return DBUS_AUTH_STATE_NEED_DISCONNECT;
2460  else if (auth->state == &common_state_authenticated)
2461    return DBUS_AUTH_STATE_AUTHENTICATED;
2462  else return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
2463}
2464
2465/**
2466 * Gets bytes that need to be sent to the peer we're conversing with.
2467 * After writing some bytes, _dbus_auth_bytes_sent() must be called
2468 * to notify the auth object that they were written.
2469 *
2470 * @param auth the auth conversation
2471 * @param str return location for a ref to the buffer to send
2472 * @returns #FALSE if nothing to send
2473 */
2474dbus_bool_t
2475_dbus_auth_get_bytes_to_send (DBusAuth          *auth,
2476                              const DBusString **str)
2477{
2478  _dbus_assert (auth != NULL);
2479  _dbus_assert (str != NULL);
2480
2481  *str = NULL;
2482
2483  if (_dbus_string_get_length (&auth->outgoing) == 0)
2484    return FALSE;
2485
2486  *str = &auth->outgoing;
2487
2488  return TRUE;
2489}
2490
2491/**
2492 * Notifies the auth conversation object that
2493 * the given number of bytes of the outgoing buffer
2494 * have been written out.
2495 *
2496 * @param auth the auth conversation
2497 * @param bytes_sent number of bytes written out
2498 */
2499void
2500_dbus_auth_bytes_sent (DBusAuth *auth,
2501                       int       bytes_sent)
2502{
2503  _dbus_verbose ("%s: Sent %d bytes of: %s\n",
2504                 DBUS_AUTH_NAME (auth),
2505                 bytes_sent,
2506                 _dbus_string_get_const_data (&auth->outgoing));
2507
2508  _dbus_string_delete (&auth->outgoing,
2509                       0, bytes_sent);
2510}
2511
2512/**
2513 * Get a buffer to be used for reading bytes from the peer we're conversing
2514 * with. Bytes should be appended to this buffer.
2515 *
2516 * @param auth the auth conversation
2517 * @param buffer return location for buffer to append bytes to
2518 */
2519void
2520_dbus_auth_get_buffer (DBusAuth     *auth,
2521                       DBusString **buffer)
2522{
2523  _dbus_assert (auth != NULL);
2524  _dbus_assert (!auth->buffer_outstanding);
2525
2526  *buffer = &auth->incoming;
2527
2528  auth->buffer_outstanding = TRUE;
2529}
2530
2531/**
2532 * Returns a buffer with new data read into it.
2533 *
2534 * @param auth the auth conversation
2535 * @param buffer the buffer being returned
2536 * @param bytes_read number of new bytes added
2537 */
2538void
2539_dbus_auth_return_buffer (DBusAuth               *auth,
2540                          DBusString             *buffer,
2541                          int                     bytes_read)
2542{
2543  _dbus_assert (buffer == &auth->incoming);
2544  _dbus_assert (auth->buffer_outstanding);
2545
2546  auth->buffer_outstanding = FALSE;
2547}
2548
2549/**
2550 * Returns leftover bytes that were not used as part of the auth
2551 * conversation.  These bytes will be part of the message stream
2552 * instead. This function may not be called until authentication has
2553 * succeeded.
2554 *
2555 * @param auth the auth conversation
2556 * @param str return location for pointer to string of unused bytes
2557 */
2558void
2559_dbus_auth_get_unused_bytes (DBusAuth           *auth,
2560                             const DBusString **str)
2561{
2562  if (!DBUS_AUTH_IN_END_STATE (auth))
2563    return;
2564
2565  *str = &auth->incoming;
2566}
2567
2568
2569/**
2570 * Gets rid of unused bytes returned by _dbus_auth_get_unused_bytes()
2571 * after we've gotten them and successfully moved them elsewhere.
2572 *
2573 * @param auth the auth conversation
2574 */
2575void
2576_dbus_auth_delete_unused_bytes (DBusAuth *auth)
2577{
2578  if (!DBUS_AUTH_IN_END_STATE (auth))
2579    return;
2580
2581  _dbus_string_set_length (&auth->incoming, 0);
2582}
2583
2584/**
2585 * Called post-authentication, indicates whether we need to encode
2586 * the message stream with _dbus_auth_encode_data() prior to
2587 * sending it to the peer.
2588 *
2589 * @param auth the auth conversation
2590 * @returns #TRUE if we need to encode the stream
2591 */
2592dbus_bool_t
2593_dbus_auth_needs_encoding (DBusAuth *auth)
2594{
2595  if (auth->state != &common_state_authenticated)
2596    return FALSE;
2597
2598  if (auth->mech != NULL)
2599    {
2600      if (DBUS_AUTH_IS_CLIENT (auth))
2601        return auth->mech->client_encode_func != NULL;
2602      else
2603        return auth->mech->server_encode_func != NULL;
2604    }
2605  else
2606    return FALSE;
2607}
2608
2609/**
2610 * Called post-authentication, encodes a block of bytes for sending to
2611 * the peer. If no encoding was negotiated, just copies the bytes
2612 * (you can avoid this by checking _dbus_auth_needs_encoding()).
2613 *
2614 * @param auth the auth conversation
2615 * @param plaintext the plain text data
2616 * @param encoded initialized string to where encoded data is appended
2617 * @returns #TRUE if we had enough memory and successfully encoded
2618 */
2619dbus_bool_t
2620_dbus_auth_encode_data (DBusAuth         *auth,
2621                        const DBusString *plaintext,
2622                        DBusString       *encoded)
2623{
2624  _dbus_assert (plaintext != encoded);
2625
2626  if (auth->state != &common_state_authenticated)
2627    return FALSE;
2628
2629  if (_dbus_auth_needs_encoding (auth))
2630    {
2631      if (DBUS_AUTH_IS_CLIENT (auth))
2632        return (* auth->mech->client_encode_func) (auth, plaintext, encoded);
2633      else
2634        return (* auth->mech->server_encode_func) (auth, plaintext, encoded);
2635    }
2636  else
2637    {
2638      return _dbus_string_copy (plaintext, 0, encoded,
2639                                _dbus_string_get_length (encoded));
2640    }
2641}
2642
2643/**
2644 * Called post-authentication, indicates whether we need to decode
2645 * the message stream with _dbus_auth_decode_data() after
2646 * receiving it from the peer.
2647 *
2648 * @param auth the auth conversation
2649 * @returns #TRUE if we need to encode the stream
2650 */
2651dbus_bool_t
2652_dbus_auth_needs_decoding (DBusAuth *auth)
2653{
2654  if (auth->state != &common_state_authenticated)
2655    return FALSE;
2656
2657  if (auth->mech != NULL)
2658    {
2659      if (DBUS_AUTH_IS_CLIENT (auth))
2660        return auth->mech->client_decode_func != NULL;
2661      else
2662        return auth->mech->server_decode_func != NULL;
2663    }
2664  else
2665    return FALSE;
2666}
2667
2668
2669/**
2670 * Called post-authentication, decodes a block of bytes received from
2671 * the peer. If no encoding was negotiated, just copies the bytes (you
2672 * can avoid this by checking _dbus_auth_needs_decoding()).
2673 *
2674 * @todo 1.0? We need to be able to distinguish "out of memory" error
2675 * from "the data is hosed" error.
2676 *
2677 * @param auth the auth conversation
2678 * @param encoded the encoded data
2679 * @param plaintext initialized string where decoded data is appended
2680 * @returns #TRUE if we had enough memory and successfully decoded
2681 */
2682dbus_bool_t
2683_dbus_auth_decode_data (DBusAuth         *auth,
2684                        const DBusString *encoded,
2685                        DBusString       *plaintext)
2686{
2687  _dbus_assert (plaintext != encoded);
2688
2689  if (auth->state != &common_state_authenticated)
2690    return FALSE;
2691
2692  if (_dbus_auth_needs_decoding (auth))
2693    {
2694      if (DBUS_AUTH_IS_CLIENT (auth))
2695        return (* auth->mech->client_decode_func) (auth, encoded, plaintext);
2696      else
2697        return (* auth->mech->server_decode_func) (auth, encoded, plaintext);
2698    }
2699  else
2700    {
2701      return _dbus_string_copy (encoded, 0, plaintext,
2702                                _dbus_string_get_length (plaintext));
2703    }
2704}
2705
2706/**
2707 * Sets credentials received via reliable means from the operating
2708 * system.
2709 *
2710 * @param auth the auth conversation
2711 * @param credentials the credentials received
2712 * @returns #FALSE on OOM
2713 */
2714dbus_bool_t
2715_dbus_auth_set_credentials (DBusAuth               *auth,
2716                            DBusCredentials        *credentials)
2717{
2718  _dbus_credentials_clear (auth->credentials);
2719  return _dbus_credentials_add_credentials (auth->credentials,
2720                                            credentials);
2721}
2722
2723/**
2724 * Gets the identity we authorized the client as.  Apps may have
2725 * different policies as to what identities they allow.
2726 *
2727 * Returned credentials are not a copy and should not be modified
2728 *
2729 * @param auth the auth conversation
2730 * @returns the credentials we've authorized BY REFERENCE do not modify
2731 */
2732DBusCredentials*
2733_dbus_auth_get_identity (DBusAuth               *auth)
2734{
2735  if (auth->state == &common_state_authenticated)
2736    {
2737      return auth->authorized_identity;
2738    }
2739  else
2740    {
2741      /* FIXME instead of this, keep an empty credential around that
2742       * doesn't require allocation or something
2743       */
2744      /* return empty credentials */
2745      _dbus_assert (_dbus_credentials_are_empty (auth->authorized_identity));
2746      return auth->authorized_identity;
2747    }
2748}
2749
2750/**
2751 * Gets the GUID from the server if we've authenticated; gets
2752 * #NULL otherwise.
2753 * @param auth the auth object
2754 * @returns the GUID in ASCII hex format
2755 */
2756const char*
2757_dbus_auth_get_guid_from_server (DBusAuth *auth)
2758{
2759  _dbus_assert (DBUS_AUTH_IS_CLIENT (auth));
2760
2761  if (auth->state == &common_state_authenticated)
2762    return _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server);
2763  else
2764    return NULL;
2765}
2766
2767/**
2768 * Sets the "authentication context" which scopes cookies
2769 * with the DBUS_COOKIE_SHA1 auth mechanism for example.
2770 *
2771 * @param auth the auth conversation
2772 * @param context the context
2773 * @returns #FALSE if no memory
2774 */
2775dbus_bool_t
2776_dbus_auth_set_context (DBusAuth               *auth,
2777                        const DBusString       *context)
2778{
2779  return _dbus_string_replace_len (context, 0, _dbus_string_get_length (context),
2780                                   &auth->context, 0, _dbus_string_get_length (context));
2781}
2782
2783/**
2784 * Sets whether unix fd passing is potentially on the transport and
2785 * hence shall be negotiated.
2786 *
2787 * @param auth the auth conversation
2788 * @param b TRUE when unix fd passing shall be negotiated, otherwise FALSE
2789 */
2790void
2791_dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b)
2792{
2793  auth->unix_fd_possible = b;
2794}
2795
2796/**
2797 * Queries whether unix fd passing was successfully negotiated.
2798 *
2799 * @param auth the auth conversion
2800 * @returns #TRUE when unix fd passing was negotiated.
2801 */
2802dbus_bool_t
2803_dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
2804{
2805  return auth->unix_fd_negotiated;
2806}
2807
2808/** @} */
2809
2810/* tests in dbus-auth-util.c */
2811