1 /* GDBus - GLib D-Bus Library
3 * Copyright (C) 2008-2010 Red Hat, Inc.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: David Zeuthen <davidz@redhat.com>
25 #include "gdbusauth.h"
27 #include "gdbusauthmechanismanon.h"
28 #include "gdbusauthmechanismexternal.h"
29 #include "gdbusauthmechanismsha1.h"
30 #include "gdbusauthobserver.h"
32 #include "gdbuserror.h"
33 #include "gdbusutils.h"
34 #include "gioenumtypes.h"
35 #include "gcredentials.h"
36 #include "gdbusprivate.h"
37 #include "giostream.h"
38 #include "gdatainputstream.h"
39 #include "gdataoutputstream.h"
42 #include <sys/types.h>
43 #include <sys/socket.h>
44 #include "gunixconnection.h"
45 #include "gunixcredentialsmessage.h"
51 debug_print (const gchar
*message
, ...)
53 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
60 _g_dbus_debug_print_lock ();
62 va_start (var_args
, message
);
63 s
= g_strdup_vprintf (message
, var_args
);
66 str
= g_string_new (NULL
);
67 for (n
= 0; s
[n
] != '\0'; n
++)
69 if (G_UNLIKELY (s
[n
] == '\r'))
70 g_string_append (str
, "\\r");
71 else if (G_UNLIKELY (s
[n
] == '\n'))
72 g_string_append (str
, "\\n");
74 g_string_append_c (str
, s
[n
]);
76 g_print ("GDBus-debug:Auth: %s\n", str
->str
);
77 g_string_free (str
, TRUE
);
80 _g_dbus_debug_print_unlock ();
91 static void mechanism_free (Mechanism
*m
);
93 struct _GDBusAuthPrivate
97 /* A list of available Mechanism, sorted according to priority */
98 GList
*available_mechanisms
;
107 G_DEFINE_TYPE (GDBusAuth
, _g_dbus_auth
, G_TYPE_OBJECT
);
109 /* ---------------------------------------------------------------------------------------------------- */
112 _g_dbus_auth_finalize (GObject
*object
)
114 GDBusAuth
*auth
= G_DBUS_AUTH (object
);
116 if (auth
->priv
->stream
!= NULL
)
117 g_object_unref (auth
->priv
->stream
);
118 g_list_foreach (auth
->priv
->available_mechanisms
, (GFunc
) mechanism_free
, NULL
);
119 g_list_free (auth
->priv
->available_mechanisms
);
121 if (G_OBJECT_CLASS (_g_dbus_auth_parent_class
)->finalize
!= NULL
)
122 G_OBJECT_CLASS (_g_dbus_auth_parent_class
)->finalize (object
);
126 _g_dbus_auth_get_property (GObject
*object
,
131 GDBusAuth
*auth
= G_DBUS_AUTH (object
);
136 g_value_set_object (value
, auth
->priv
->stream
);
140 G_OBJECT_WARN_INVALID_PROPERTY_ID (object
, prop_id
, pspec
);
146 _g_dbus_auth_set_property (GObject
*object
,
151 GDBusAuth
*auth
= G_DBUS_AUTH (object
);
156 auth
->priv
->stream
= g_value_dup_object (value
);
160 G_OBJECT_WARN_INVALID_PROPERTY_ID (object
, prop_id
, pspec
);
166 _g_dbus_auth_class_init (GDBusAuthClass
*klass
)
168 GObjectClass
*gobject_class
;
170 g_type_class_add_private (klass
, sizeof (GDBusAuthPrivate
));
172 gobject_class
= G_OBJECT_CLASS (klass
);
173 gobject_class
->get_property
= _g_dbus_auth_get_property
;
174 gobject_class
->set_property
= _g_dbus_auth_set_property
;
175 gobject_class
->finalize
= _g_dbus_auth_finalize
;
177 g_object_class_install_property (gobject_class
,
179 g_param_spec_object ("stream",
181 P_("The underlying GIOStream used for I/O"),
185 G_PARAM_CONSTRUCT_ONLY
|
186 G_PARAM_STATIC_NAME
|
187 G_PARAM_STATIC_BLURB
|
188 G_PARAM_STATIC_NICK
));
192 mechanism_free (Mechanism
*m
)
198 add_mechanism (GDBusAuth
*auth
,
199 GType mechanism_type
)
203 m
= g_new0 (Mechanism
, 1);
204 m
->name
= _g_dbus_auth_mechanism_get_name (mechanism_type
);
205 m
->priority
= _g_dbus_auth_mechanism_get_priority (mechanism_type
);
206 m
->gtype
= mechanism_type
;
208 auth
->priv
->available_mechanisms
= g_list_prepend (auth
->priv
->available_mechanisms
, m
);
212 mech_compare_func (Mechanism
*a
, Mechanism
*b
)
215 /* ensure deterministic order */
216 ret
= b
->priority
- a
->priority
;
218 ret
= g_strcmp0 (b
->name
, a
->name
);
223 _g_dbus_auth_init (GDBusAuth
*auth
)
225 auth
->priv
= G_TYPE_INSTANCE_GET_PRIVATE (auth
, G_TYPE_DBUS_AUTH
, GDBusAuthPrivate
);
227 /* TODO: trawl extension points */
228 add_mechanism (auth
, G_TYPE_DBUS_AUTH_MECHANISM_ANON
);
229 add_mechanism (auth
, G_TYPE_DBUS_AUTH_MECHANISM_SHA1
);
230 add_mechanism (auth
, G_TYPE_DBUS_AUTH_MECHANISM_EXTERNAL
);
232 auth
->priv
->available_mechanisms
= g_list_sort (auth
->priv
->available_mechanisms
,
233 (GCompareFunc
) mech_compare_func
);
237 find_mech_by_name (GDBusAuth
*auth
,
245 for (l
= auth
->priv
->available_mechanisms
; l
!= NULL
; l
= l
->next
)
247 Mechanism
*m
= l
->data
;
248 if (g_strcmp0 (name
, m
->name
) == 0)
260 _g_dbus_auth_new (GIOStream
*stream
)
262 return g_object_new (G_TYPE_DBUS_AUTH
,
267 /* ---------------------------------------------------------------------------------------------------- */
268 /* like g_data_input_stream_read_line() but sets error if there's no content to read */
270 _my_g_data_input_stream_read_line (GDataInputStream
*dis
,
271 gsize
*out_line_length
,
272 GCancellable
*cancellable
,
277 g_return_val_if_fail (error
== NULL
|| *error
== NULL
, NULL
);
279 ret
= g_data_input_stream_read_line (dis
,
283 if (ret
== NULL
&& error
!= NULL
&& *error
== NULL
)
285 g_set_error_literal (error
,
288 _("Unexpected lack of content trying to read a line"));
294 /* This function is to avoid situations like this
296 * BEGIN\r\nl\0\0\1...
298 * e.g. where we read into the first D-Bus message while waiting for
299 * the final line from the client (TODO: file bug against gio for
303 _my_g_input_stream_read_line_safe (GInputStream
*i
,
304 gsize
*out_line_length
,
305 GCancellable
*cancellable
,
311 gboolean last_was_cr
;
313 str
= g_string_new (NULL
);
318 num_read
= g_input_stream_read (i
,
327 if (error
!= NULL
&& *error
== NULL
)
329 g_set_error_literal (error
,
332 _("Unexpected lack of content trying to (safely) read a line"));
337 g_string_append_c (str
, (gint
) c
);
342 g_assert (str
->len
>= 2);
343 g_string_set_size (str
, str
->len
- 2);
347 last_was_cr
= (c
== 0x0d);
351 if (out_line_length
!= NULL
)
352 *out_line_length
= str
->len
;
353 return g_string_free (str
, FALSE
);
356 g_assert (error
== NULL
|| *error
!= NULL
);
357 g_string_free (str
, TRUE
);
361 /* ---------------------------------------------------------------------------------------------------- */
364 append_nibble (GString
*s
, gint val
)
366 g_string_append_c (s
, val
>= 10 ? ('a' + val
- 10) : ('0' + val
));
370 hexdecode (const gchar
*str
,
379 s
= g_string_new (NULL
);
381 for (n
= 0; str
[n
] != '\0'; n
+= 2)
387 upper_nibble
= g_ascii_xdigit_value (str
[n
]);
388 lower_nibble
= g_ascii_xdigit_value (str
[n
+ 1]);
389 if (upper_nibble
== -1 || lower_nibble
== -1)
394 "Error hexdecoding string `%s' around position %d",
398 value
= (upper_nibble
<<4) | lower_nibble
;
399 g_string_append_c (s
, value
);
402 ret
= g_string_free (s
, FALSE
);
407 g_string_free (s
, TRUE
);
413 hexencode (const gchar
*str
)
418 s
= g_string_new (NULL
);
419 for (n
= 0; str
[n
] != '\0'; n
++)
425 val
= ((const guchar
*) str
)[n
];
426 upper_nibble
= val
>> 4;
427 lower_nibble
= val
& 0x0f;
429 append_nibble (s
, upper_nibble
);
430 append_nibble (s
, lower_nibble
);
433 return g_string_free (s
, FALSE
);
436 /* ---------------------------------------------------------------------------------------------------- */
438 static GDBusAuthMechanism
*
439 client_choose_mech_and_send_initial_response (GDBusAuth
*auth
,
440 GCredentials
*credentials_that_were_sent
,
441 const gchar
* const *supported_auth_mechs
,
442 GPtrArray
*attempted_auth_mechs
,
443 GDataOutputStream
*dos
,
444 GCancellable
*cancellable
,
447 GDBusAuthMechanism
*mech
;
448 GType auth_mech_to_use_gtype
;
451 gchar
*initial_response
;
452 gsize initial_response_len
;
459 debug_print ("CLIENT: Trying to choose mechanism");
461 /* find an authentication mechanism to try, if any */
462 auth_mech_to_use_gtype
= (GType
) 0;
463 for (n
= 0; supported_auth_mechs
[n
] != NULL
; n
++)
465 gboolean attempted_already
;
466 attempted_already
= FALSE
;
467 for (m
= 0; m
< attempted_auth_mechs
->len
; m
++)
469 if (g_strcmp0 (supported_auth_mechs
[n
], attempted_auth_mechs
->pdata
[m
]) == 0)
471 attempted_already
= TRUE
;
475 if (!attempted_already
)
477 auth_mech_to_use_gtype
= find_mech_by_name (auth
, supported_auth_mechs
[n
]);
478 if (auth_mech_to_use_gtype
!= (GType
) 0)
483 if (auth_mech_to_use_gtype
== (GType
) 0)
489 debug_print ("CLIENT: Exhausted all available mechanisms");
491 available
= g_strjoinv (", ", (gchar
**) supported_auth_mechs
);
493 tried_str
= g_string_new (NULL
);
494 for (n
= 0; n
< attempted_auth_mechs
->len
; n
++)
497 g_string_append (tried_str
, ", ");
498 g_string_append (tried_str
, attempted_auth_mechs
->pdata
[n
]);
503 _("Exhausted all available authentication mechanisms (tried: %s) (available: %s)"),
506 g_string_free (tried_str
, TRUE
);
511 /* OK, decided on a mechanism - let's do this thing */
512 mech
= g_object_new (auth_mech_to_use_gtype
,
513 "stream", auth
->priv
->stream
,
514 "credentials", credentials_that_were_sent
,
516 debug_print ("CLIENT: Trying mechanism `%s'", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype
));
517 g_ptr_array_add (attempted_auth_mechs
, (gpointer
) _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype
));
519 /* the auth mechanism may not be supported
520 * (for example, EXTERNAL only works if credentials were exchanged)
522 if (!_g_dbus_auth_mechanism_is_supported (mech
))
524 debug_print ("CLIENT: Mechanism `%s' says it is not supported", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype
));
525 g_object_unref (mech
);
530 initial_response_len
= -1;
531 initial_response
= _g_dbus_auth_mechanism_client_initiate (mech
,
532 &initial_response_len
);
534 g_printerr ("using auth mechanism with name `%s' of type `%s' with initial response `%s'\n",
535 _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype
),
536 g_type_name (G_TYPE_FROM_INSTANCE (mech
)),
539 if (initial_response
!= NULL
)
541 //g_printerr ("initial_response = `%s'\n", initial_response);
542 encoded
= hexencode (initial_response
);
543 s
= g_strdup_printf ("AUTH %s %s\r\n",
544 _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype
),
546 g_free (initial_response
);
551 s
= g_strdup_printf ("AUTH %s\r\n", _g_dbus_auth_mechanism_get_name (auth_mech_to_use_gtype
));
553 debug_print ("CLIENT: writing `%s'", s
);
554 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
556 g_object_unref (mech
);
568 /* ---------------------------------------------------------------------------------------------------- */
572 CLIENT_STATE_WAITING_FOR_DATA
,
573 CLIENT_STATE_WAITING_FOR_OK
,
574 CLIENT_STATE_WAITING_FOR_REJECT
,
575 CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD
579 _g_dbus_auth_run_client (GDBusAuth
*auth
,
580 GDBusCapabilityFlags offered_capabilities
,
581 GDBusCapabilityFlags
*out_negotiated_capabilities
,
582 GCancellable
*cancellable
,
586 GDataInputStream
*dis
;
587 GDataOutputStream
*dos
;
588 GCredentials
*credentials
;
592 gchar
**supported_auth_mechs
;
593 GPtrArray
*attempted_auth_mechs
;
594 GDBusAuthMechanism
*mech
;
596 GDBusCapabilityFlags negotiated_capabilities
;
598 debug_print ("CLIENT: initiating");
601 supported_auth_mechs
= NULL
;
602 attempted_auth_mechs
= g_ptr_array_new ();
604 negotiated_capabilities
= 0;
607 dis
= G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (auth
->priv
->stream
)));
608 dos
= G_DATA_OUTPUT_STREAM (g_data_output_stream_new (g_io_stream_get_output_stream (auth
->priv
->stream
)));
609 g_filter_input_stream_set_close_base_stream (G_FILTER_INPUT_STREAM (dis
), FALSE
);
610 g_filter_output_stream_set_close_base_stream (G_FILTER_OUTPUT_STREAM (dos
), FALSE
);
612 g_data_input_stream_set_newline_type (dis
, G_DATA_STREAM_NEWLINE_TYPE_CR_LF
);
615 if (G_IS_UNIX_CONNECTION (auth
->priv
->stream
) && g_unix_credentials_message_is_supported ())
617 credentials
= g_credentials_new ();
618 if (!g_unix_connection_send_credentials (G_UNIX_CONNECTION (auth
->priv
->stream
),
625 if (!g_data_output_stream_put_byte (dos
, '\0', cancellable
, error
))
629 if (!g_data_output_stream_put_byte (dos
, '\0', cancellable
, error
))
633 if (credentials
!= NULL
)
635 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
637 s
= g_credentials_to_string (credentials
);
638 debug_print ("CLIENT: sent credentials `%s'", s
);
644 debug_print ("CLIENT: didn't send any credentials");
647 /* TODO: to reduce roundtrips, try to pick an auth mechanism to start with */
649 /* Get list of supported authentication mechanisms */
651 debug_print ("CLIENT: writing `%s'", s
);
652 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
654 state
= CLIENT_STATE_WAITING_FOR_REJECT
;
660 case CLIENT_STATE_WAITING_FOR_REJECT
:
661 debug_print ("CLIENT: WaitingForReject");
662 line
= _my_g_data_input_stream_read_line (dis
, &line_length
, cancellable
, error
);
665 debug_print ("CLIENT: WaitingForReject, read '%s'", line
);
667 if (!g_str_has_prefix (line
, "REJECTED "))
672 "In WaitingForReject: Expected `REJECTED am1 am2 ... amN', got `%s'",
677 if (supported_auth_mechs
== NULL
)
679 supported_auth_mechs
= g_strsplit (line
+ sizeof ("REJECTED ") - 1, " ", 0);
681 for (n
= 0; supported_auth_mechs
!= NULL
&& supported_auth_mechs
[n
] != NULL
; n
++)
682 g_printerr ("supported_auth_mechs[%d] = `%s'\n", n
, supported_auth_mechs
[n
]);
686 mech
= client_choose_mech_and_send_initial_response (auth
,
688 (const gchar
* const *) supported_auth_mechs
,
689 attempted_auth_mechs
,
695 if (_g_dbus_auth_mechanism_client_get_state (mech
) == G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA
)
696 state
= CLIENT_STATE_WAITING_FOR_DATA
;
698 state
= CLIENT_STATE_WAITING_FOR_OK
;
701 case CLIENT_STATE_WAITING_FOR_OK
:
702 debug_print ("CLIENT: WaitingForOK");
703 line
= _my_g_data_input_stream_read_line (dis
, &line_length
, cancellable
, error
);
706 debug_print ("CLIENT: WaitingForOK, read `%s'", line
);
707 if (g_str_has_prefix (line
, "OK "))
709 if (!g_dbus_is_guid (line
+ 3))
714 "Invalid OK response `%s'",
719 ret_guid
= g_strdup (line
+ 3);
722 if (offered_capabilities
& G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING
)
724 s
= "NEGOTIATE_UNIX_FD\r\n";
725 debug_print ("CLIENT: writing `%s'", s
);
726 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
728 state
= CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD
;
733 debug_print ("CLIENT: writing `%s'", s
);
734 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
736 /* and we're done! */
740 else if (g_str_has_prefix (line
, "REJECTED "))
746 /* TODO: handle other valid responses */
750 "In WaitingForOk: unexpected response `%s'",
757 case CLIENT_STATE_WAITING_FOR_AGREE_UNIX_FD
:
758 debug_print ("CLIENT: WaitingForAgreeUnixFD");
759 line
= _my_g_data_input_stream_read_line (dis
, &line_length
, cancellable
, error
);
762 debug_print ("CLIENT: WaitingForAgreeUnixFD, read=`%s'", line
);
763 if (g_strcmp0 (line
, "AGREE_UNIX_FD") == 0)
765 negotiated_capabilities
|= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING
;
767 debug_print ("CLIENT: writing `%s'", s
);
768 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
770 /* and we're done! */
773 else if (g_str_has_prefix (line
, "ERROR") && (line
[5] == 0 || g_ascii_isspace (line
[5])))
775 //g_strstrip (line + 5); g_debug ("bah, no unix_fd: `%s'", line + 5);
778 debug_print ("CLIENT: writing `%s'", s
);
779 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
781 /* and we're done! */
786 /* TODO: handle other valid responses */
790 "In WaitingForAgreeUnixFd: unexpected response `%s'",
797 case CLIENT_STATE_WAITING_FOR_DATA
:
798 debug_print ("CLIENT: WaitingForData");
799 line
= _my_g_data_input_stream_read_line (dis
, &line_length
, cancellable
, error
);
802 debug_print ("CLIENT: WaitingForData, read=`%s'", line
);
803 if (g_str_has_prefix (line
, "DATA "))
807 gsize decoded_data_len
;
809 encoded
= g_strdup (line
+ 5);
811 g_strstrip (encoded
);
812 decoded_data
= hexdecode (encoded
, &decoded_data_len
, error
);
814 if (decoded_data
== NULL
)
816 g_prefix_error (error
, "DATA response is malformed: ");
817 /* invalid encoding, disconnect! */
820 _g_dbus_auth_mechanism_client_data_receive (mech
, decoded_data
, decoded_data_len
);
821 g_free (decoded_data
);
823 if (_g_dbus_auth_mechanism_client_get_state (mech
) == G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND
)
828 data
= _g_dbus_auth_mechanism_client_data_send (mech
, &data_len
);
829 encoded_data
= hexencode (data
);
830 s
= g_strdup_printf ("DATA %s\r\n", encoded_data
);
831 g_free (encoded_data
);
833 debug_print ("CLIENT: writing `%s'", s
);
834 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
841 state
= CLIENT_STATE_WAITING_FOR_OK
;
848 "In WaitingForData: unexpected response `%s'",
856 g_assert_not_reached ();
860 }; /* main authentication client loop */
864 g_object_unref (mech
);
865 g_ptr_array_unref (attempted_auth_mechs
);
866 g_strfreev (supported_auth_mechs
);
867 g_object_unref (dis
);
868 g_object_unref (dos
);
870 /* ensure return value is NULL if error is set */
871 if (error
!= NULL
&& *error
!= NULL
)
877 if (ret_guid
!= NULL
)
879 if (out_negotiated_capabilities
!= NULL
)
880 *out_negotiated_capabilities
= negotiated_capabilities
;
883 if (credentials
!= NULL
)
884 g_object_unref (credentials
);
886 debug_print ("CLIENT: Done, authenticated=%d", ret_guid
!= NULL
);
891 /* ---------------------------------------------------------------------------------------------------- */
894 get_auth_mechanisms (GDBusAuth
*auth
,
895 gboolean allow_anonymous
,
898 const gchar
*separator
)
904 str
= g_string_new (prefix
);
906 for (l
= auth
->priv
->available_mechanisms
; l
!= NULL
; l
= l
->next
)
908 Mechanism
*m
= l
->data
;
910 if (!allow_anonymous
&& g_strcmp0 (m
->name
, "ANONYMOUS") == 0)
914 g_string_append (str
, separator
);
915 g_string_append (str
, m
->name
);
919 g_string_append (str
, suffix
);
920 return g_string_free (str
, FALSE
);
926 SERVER_STATE_WAITING_FOR_AUTH
,
927 SERVER_STATE_WAITING_FOR_DATA
,
928 SERVER_STATE_WAITING_FOR_BEGIN
932 _g_dbus_auth_run_server (GDBusAuth
*auth
,
933 GDBusAuthObserver
*observer
,
935 gboolean allow_anonymous
,
936 GDBusCapabilityFlags offered_capabilities
,
937 GDBusCapabilityFlags
*out_negotiated_capabilities
,
938 GCredentials
**out_received_credentials
,
939 GCancellable
*cancellable
,
944 GDataInputStream
*dis
;
945 GDataOutputStream
*dos
;
950 GDBusAuthMechanism
*mech
;
952 GDBusCapabilityFlags negotiated_capabilities
;
953 GCredentials
*credentials
;
955 debug_print ("SERVER: initiating");
961 negotiated_capabilities
= 0;
964 if (!g_dbus_is_guid (guid
))
969 "The given guid `%s' is not valid",
974 dis
= G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (auth
->priv
->stream
)));
975 dos
= G_DATA_OUTPUT_STREAM (g_data_output_stream_new (g_io_stream_get_output_stream (auth
->priv
->stream
)));
976 g_filter_input_stream_set_close_base_stream (G_FILTER_INPUT_STREAM (dis
), FALSE
);
977 g_filter_output_stream_set_close_base_stream (G_FILTER_OUTPUT_STREAM (dos
), FALSE
);
979 g_data_input_stream_set_newline_type (dis
, G_DATA_STREAM_NEWLINE_TYPE_CR_LF
);
981 /* first read the NUL-byte (TODO: read credentials if using a unix domain socket) */
983 if (G_IS_UNIX_CONNECTION (auth
->priv
->stream
) && g_unix_credentials_message_is_supported ())
986 credentials
= g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth
->priv
->stream
),
989 if (credentials
== NULL
)
991 g_propagate_error (error
, local_error
);
998 byte
= g_data_input_stream_read_byte (dis
, cancellable
, &local_error
);
999 if (local_error
!= NULL
)
1001 g_propagate_error (error
, local_error
);
1007 byte
= g_data_input_stream_read_byte (dis
, cancellable
, &local_error
);
1008 if (local_error
!= NULL
)
1010 g_propagate_error (error
, local_error
);
1014 if (credentials
!= NULL
)
1016 if (G_UNLIKELY (_g_dbus_debug_authentication ()))
1018 s
= g_credentials_to_string (credentials
);
1019 debug_print ("SERVER: received credentials `%s'", s
);
1025 debug_print ("SERVER: didn't receive any credentials");
1028 state
= SERVER_STATE_WAITING_FOR_AUTH
;
1033 case SERVER_STATE_WAITING_FOR_AUTH
:
1034 debug_print ("SERVER: WaitingForAuth");
1035 line
= _my_g_data_input_stream_read_line (dis
, &line_length
, cancellable
, error
);
1036 debug_print ("SERVER: WaitingForAuth, read `%s'", line
);
1039 if (g_strcmp0 (line
, "AUTH") == 0)
1041 s
= get_auth_mechanisms (auth
, allow_anonymous
, "REJECTED ", "\r\n", " ");
1042 debug_print ("SERVER: writing `%s'", s
);
1043 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
1051 else if (g_str_has_prefix (line
, "AUTH "))
1054 const gchar
*encoded
;
1055 const gchar
*mech_name
;
1056 GType auth_mech_to_use_gtype
;
1058 tokens
= g_strsplit (line
, " ", 0);
1061 switch (g_strv_length (tokens
))
1064 /* no initial response */
1065 mech_name
= tokens
[1];
1070 /* initial response */
1071 mech_name
= tokens
[1];
1072 encoded
= tokens
[2];
1079 "Unexpected line `%s' while in WaitingForAuth state",
1081 g_strfreev (tokens
);
1085 /* TODO: record that the client has attempted to use this mechanism */
1086 //g_debug ("client is trying `%s'", mech_name);
1088 auth_mech_to_use_gtype
= find_mech_by_name (auth
, mech_name
);
1089 if ((auth_mech_to_use_gtype
== (GType
) 0) ||
1090 (!allow_anonymous
&& g_strcmp0 (mech_name
, "ANONYMOUS") == 0))
1092 /* We don't support this auth mechanism */
1093 g_strfreev (tokens
);
1094 s
= get_auth_mechanisms (auth
, allow_anonymous
, "REJECTED ", "\r\n", " ");
1095 debug_print ("SERVER: writing `%s'", s
);
1096 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
1103 /* stay in WAITING FOR AUTH */
1104 state
= SERVER_STATE_WAITING_FOR_AUTH
;
1108 gchar
*initial_response
;
1109 gsize initial_response_len
;
1111 mech
= g_object_new (auth_mech_to_use_gtype
,
1112 "stream", auth
->priv
->stream
,
1113 "credentials", credentials
,
1116 initial_response
= NULL
;
1117 initial_response_len
= 0;
1118 if (encoded
!= NULL
)
1120 initial_response
= hexdecode (encoded
, &initial_response_len
, error
);
1121 if (initial_response
== NULL
)
1123 g_prefix_error (error
, "Initial response is malformed: ");
1124 /* invalid encoding, disconnect! */
1125 g_strfreev (tokens
);
1130 _g_dbus_auth_mechanism_server_initiate (mech
,
1132 initial_response_len
);
1133 g_free (initial_response
);
1134 g_strfreev (tokens
);
1137 switch (_g_dbus_auth_mechanism_server_get_state (mech
))
1139 case G_DBUS_AUTH_MECHANISM_STATE_ACCEPTED
:
1140 if (observer
!= NULL
&&
1141 !g_dbus_auth_observer_authorize_authenticated_peer (observer
,
1146 g_set_error_literal (error
,
1149 _("Cancelled via GDBusAuthObserver::authorize-authenticated-peer"));
1154 s
= g_strdup_printf ("OK %s\r\n", guid
);
1155 debug_print ("SERVER: writing `%s'", s
);
1156 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
1162 state
= SERVER_STATE_WAITING_FOR_BEGIN
;
1166 case G_DBUS_AUTH_MECHANISM_STATE_REJECTED
:
1167 s
= get_auth_mechanisms (auth
, allow_anonymous
, "REJECTED ", "\r\n", " ");
1168 debug_print ("SERVER: writing `%s'", s
);
1169 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
1175 state
= SERVER_STATE_WAITING_FOR_AUTH
;
1178 case G_DBUS_AUTH_MECHANISM_STATE_WAITING_FOR_DATA
:
1179 state
= SERVER_STATE_WAITING_FOR_DATA
;
1182 case G_DBUS_AUTH_MECHANISM_STATE_HAVE_DATA_TO_SEND
:
1186 gchar
*encoded_data
;
1187 data
= _g_dbus_auth_mechanism_server_data_send (mech
, &data_len
);
1188 encoded_data
= hexencode (data
);
1189 s
= g_strdup_printf ("DATA %s\r\n", encoded_data
);
1190 g_free (encoded_data
);
1192 debug_print ("SERVER: writing `%s'", s
);
1193 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
1205 g_assert_not_reached ();
1215 "Unexpected line `%s' while in WaitingForAuth state",
1222 case SERVER_STATE_WAITING_FOR_DATA
:
1223 debug_print ("SERVER: WaitingForData");
1224 line
= _my_g_data_input_stream_read_line (dis
, &line_length
, cancellable
, error
);
1225 debug_print ("SERVER: WaitingForData, read `%s'", line
);
1228 if (g_str_has_prefix (line
, "DATA "))
1231 gchar
*decoded_data
;
1232 gsize decoded_data_len
;
1234 encoded
= g_strdup (line
+ 5);
1236 g_strstrip (encoded
);
1237 decoded_data
= hexdecode (encoded
, &decoded_data_len
, error
);
1239 if (decoded_data
== NULL
)
1241 g_prefix_error (error
, "DATA response is malformed: ");
1242 /* invalid encoding, disconnect! */
1245 _g_dbus_auth_mechanism_server_data_receive (mech
, decoded_data
, decoded_data_len
);
1246 g_free (decoded_data
);
1247 /* oh man, this goto-crap is so ugly.. really need to rewrite the state machine */
1255 "Unexpected line `%s' while in WaitingForData state",
1261 case SERVER_STATE_WAITING_FOR_BEGIN
:
1262 debug_print ("SERVER: WaitingForBegin");
1263 /* Use extremely slow (but reliable) line reader - this basically
1264 * does a recvfrom() system call per character
1266 * (the problem with using GDataInputStream's read_line is that because of
1267 * buffering it might start reading into the first D-Bus message that
1268 * appears after "BEGIN\r\n"....)
1270 line
= _my_g_input_stream_read_line_safe (g_io_stream_get_input_stream (auth
->priv
->stream
),
1274 debug_print ("SERVER: WaitingForBegin, read `%s'", line
);
1277 if (g_strcmp0 (line
, "BEGIN") == 0)
1284 else if (g_strcmp0 (line
, "NEGOTIATE_UNIX_FD") == 0)
1287 if (offered_capabilities
& G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING
)
1289 negotiated_capabilities
|= G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING
;
1290 s
= "AGREE_UNIX_FD\r\n";
1291 debug_print ("SERVER: writing `%s'", s
);
1292 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
1297 s
= "ERROR \"fd passing not offered\"\r\n";
1298 debug_print ("SERVER: writing `%s'", s
);
1299 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
1305 g_debug ("Unexpected line `%s' while in WaitingForBegin state", line
);
1307 s
= "ERROR \"Unknown Command\"\r\n";
1308 debug_print ("SERVER: writing `%s'", s
);
1309 if (!g_data_output_stream_put_string (dos
, s
, cancellable
, error
))
1315 g_assert_not_reached ();
1321 g_set_error_literal (error
,
1324 "Not implemented (server)");
1328 g_object_unref (mech
);
1330 g_object_unref (dis
);
1332 g_object_unref (dos
);
1334 /* ensure return value is FALSE if error is set */
1335 if (error
!= NULL
&& *error
!= NULL
)
1342 if (out_negotiated_capabilities
!= NULL
)
1343 *out_negotiated_capabilities
= negotiated_capabilities
;
1344 if (out_received_credentials
!= NULL
)
1345 *out_received_credentials
= credentials
!= NULL
? g_object_ref (credentials
) : NULL
;
1348 if (credentials
!= NULL
)
1349 g_object_unref (credentials
);
1351 debug_print ("SERVER: Done, authenticated=%d", ret
);
1356 /* ---------------------------------------------------------------------------------------------------- */