25 #include "dbus-auth.h"    26 #include "dbus-string.h"    27 #include "dbus-list.h"    28 #include "dbus-internals.h"    29 #include "dbus-keyring.h"    31 #include "dbus-protocol.h"    32 #include "dbus-credentials.h"   120   DBUS_AUTH_COMMAND_AUTH,
   121   DBUS_AUTH_COMMAND_CANCEL,
   122   DBUS_AUTH_COMMAND_DATA,
   123   DBUS_AUTH_COMMAND_BEGIN,
   124   DBUS_AUTH_COMMAND_REJECTED,
   125   DBUS_AUTH_COMMAND_OK,
   126   DBUS_AUTH_COMMAND_ERROR,
   127   DBUS_AUTH_COMMAND_UNKNOWN,
   128   DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD,
   129   DBUS_AUTH_COMMAND_AGREE_UNIX_FD
   223 static void        goto_state                (
DBusAuth                       *auth,
   231                                               const char *message);
   253   "WaitingForAuth", handle_server_state_waiting_for_auth
   256   "WaitingForData", handle_server_state_waiting_for_data
   259   "WaitingForBegin", handle_server_state_waiting_for_begin
   283   "WaitingForData", handle_client_state_waiting_for_data
   289   "WaitingForOK", handle_client_state_waiting_for_ok
   292   "WaitingForReject", handle_client_state_waiting_for_reject
   295   "WaitingForAgreeUnixFD", handle_client_state_waiting_for_agree_unix_fd
   303   "Authenticated",  
NULL   307   "NeedDisconnect",  
NULL   310 static const char auth_side_client[] = 
"client";
   311 static const char auth_side_server[] = 
"server";
   316 #define DBUS_AUTH_IS_SERVER(auth) ((auth)->side == auth_side_server)   321 #define DBUS_AUTH_IS_CLIENT(auth) ((auth)->side == auth_side_client)   326 #define DBUS_AUTH_CLIENT(auth)    ((DBusAuthClient*)(auth))   331 #define DBUS_AUTH_SERVER(auth)    ((DBusAuthServer*)(auth))   338 #define DBUS_AUTH_NAME(auth)      ((auth)->side)   341 _dbus_auth_new (
int size)
   432       _dbus_verbose (
"%s: Shutting down mechanism %s\n",
   474   if (_dbus_string_get_length (&cookie) == 0)
   484                           &to_hash, _dbus_string_get_length (&to_hash)))
   491                           &to_hash, _dbus_string_get_length (&to_hash)))
   498                           &to_hash, _dbus_string_get_length (&to_hash)))
   519 #define N_CHALLENGE_BYTES (128/8)   522 sha1_handle_first_client_response (
DBusAuth         *auth,
   535   if (_dbus_string_get_length (data) > 0)
   537       if (_dbus_string_get_length (&auth->
identity) > 0)
   540           _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
   542           return send_rejected (auth);
   554       _dbus_verbose (
"%s: Did not get a valid username from client\n",
   556       return send_rejected (auth);
   596               _DBUS_ASSERT_ERROR_IS_SET (&error);
   597               _dbus_verbose (
"%s: Error loading keyring: %s\n",
   599               if (send_rejected (auth))
   616       _DBUS_ASSERT_ERROR_IS_SET (&error);
   617       _dbus_verbose (
"%s: Could not get a cookie ID to send to client: %s\n",
   619       if (send_rejected (auth))
   630                           &tmp2, _dbus_string_get_length (&tmp2)))
   651           _DBUS_ASSERT_ERROR_IS_SET (&error);
   652           _dbus_verbose (
"%s: Error generating challenge: %s\n",
   654           if (send_rejected (auth))
   667                                 _dbus_string_get_length (&tmp2)))
   670   if (!send_data (auth, &tmp2))
   673   goto_state (auth, &server_state_waiting_for_data);
   686 sha1_handle_second_client_response (
DBusAuth         *auth,
   704       _dbus_verbose (
"%s: no space separator in client response\n",
   706       return send_rejected (auth);
   722                               _dbus_string_get_length (data) - i,
   727   if (_dbus_string_get_length (&client_challenge) == 0 ||
   728       _dbus_string_get_length (&client_hash) == 0)
   730       _dbus_verbose (
"%s: zero-length client challenge or hash\n",
   732       if (send_rejected (auth))
   740   if (!sha1_compute_hash (auth, auth->
cookie_id,
   747   if (_dbus_string_get_length (&correct_hash) == 0)
   749       if (send_rejected (auth))
   756       if (send_rejected (auth))
   768                                          DBUS_CREDENTIAL_UNIX_PROCESS_ID,
   775   _dbus_verbose (
"%s: authenticated client using DBUS_COOKIE_SHA1\n",
   793 handle_server_data_cookie_sha1_mech (
DBusAuth         *auth,
   797     return sha1_handle_first_client_response (auth, data);
   799     return sha1_handle_second_client_response (auth, data);
   803 handle_server_shutdown_cookie_sha1_mech (
DBusAuth *auth)
   810 handle_client_initial_response_cookie_sha1_mech (
DBusAuth   *auth,
   826                                 _dbus_string_get_length (response)))
   838 handle_client_data_cookie_sha1_mech (
DBusAuth         *auth,
   858       if (send_error (auth,
   859                       "Server did not send context/ID/challenge properly"))
   874       if (send_error (auth,
   875                       "Server did not send context/ID/challenge properly"))
   892   j = _dbus_string_get_length (data);
   895                               &server_challenge, 0))
   900       if (send_error (auth, 
"Server sent invalid cookie context"))
   907       if (send_error (auth, 
"Could not parse cookie ID as an integer"))
   912   if (_dbus_string_get_length (&server_challenge) == 0)
   914       if (send_error (auth, 
"Empty server challenge string"))
   935               _DBUS_ASSERT_ERROR_IS_SET (&error);
   937               _dbus_verbose (
"%s: Error loading keyring: %s\n",
   940               if (send_error (auth, 
"Could not load cookie file"))
   967           _DBUS_ASSERT_ERROR_IS_SET (&error);
   969           _dbus_verbose (
"%s: Failed to generate challenge: %s\n",
   972           if (send_error (auth, 
"Failed to generate challenge"))
   989   if (!sha1_compute_hash (auth, val,
   995   if (_dbus_string_get_length (&correct_hash) == 0)
   998       if (send_error (auth, 
"Don't have the requested cookie ID"))
  1006                           _dbus_string_get_length (&tmp)))
  1013                           _dbus_string_get_length (&tmp)))
  1016   if (!send_data (auth, &tmp))
  1040 handle_client_shutdown_cookie_sha1_mech (
DBusAuth *auth)
  1051 handle_server_data_external_mech (
DBusAuth         *auth,
  1056       _dbus_verbose (
"%s: no credentials, mechanism EXTERNAL can't authenticate\n",
  1058       return send_rejected (auth);
  1061   if (_dbus_string_get_length (data) > 0)
  1063       if (_dbus_string_get_length (&auth->
identity) > 0)
  1066           _dbus_verbose (
"%s: client tried to send auth identity, but we already have one\n",
  1068           return send_rejected (auth);
  1079   if (_dbus_string_get_length (&auth->
identity) == 0 &&
  1082       if (send_data (auth, 
NULL))
  1084           _dbus_verbose (
"%s: sending empty challenge asking client for auth identity\n",
  1087           goto_state (auth, &server_state_waiting_for_data);
  1101   if (_dbus_string_get_length (&auth->
identity) == 0)
  1114           _dbus_verbose (
"%s: could not get credentials from uid string\n",
  1116           return send_rejected (auth);
  1122       _dbus_verbose (
"%s: desired user %s is no good\n",
  1124                      _dbus_string_get_const_data (&auth->
identity));
  1125       return send_rejected (auth);
  1139                                              DBUS_CREDENTIAL_UNIX_PROCESS_ID,
  1144                                              DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID,
  1149                                              DBUS_CREDENTIAL_LINUX_SECURITY_LABEL,
  1153       if (!send_ok (auth))
  1156       _dbus_verbose (
"%s: authenticated client based on socket credentials\n",
  1163       _dbus_verbose (
"%s: desired identity not found in socket credentials\n",
  1165       return send_rejected (auth);
  1170 handle_server_shutdown_external_mech (
DBusAuth *auth)
  1176 handle_client_initial_response_external_mech (
DBusAuth         *auth,
  1194                                 _dbus_string_get_length (response)))
  1207 handle_client_data_external_mech (
DBusAuth         *auth,
  1215 handle_client_shutdown_external_mech (
DBusAuth *auth)
  1225 handle_server_data_anonymous_mech (
DBusAuth         *auth,
  1228   if (_dbus_string_get_length (data) > 0)
  1237           _dbus_verbose (
"%s: Received invalid UTF-8 trace data from ANONYMOUS client\n",
  1239           return send_rejected (auth);
  1242       _dbus_verbose (
"%s: ANONYMOUS client sent trace string: '%s'\n",
  1244                      _dbus_string_get_const_data (data));
  1253                                          DBUS_CREDENTIAL_UNIX_PROCESS_ID,
  1258   if (!send_ok (auth))
  1261   _dbus_verbose (
"%s: authenticated client as anonymous\n",
  1268 handle_server_shutdown_anonymous_mech (
DBusAuth *auth)
  1274 handle_client_initial_response_anonymous_mech (
DBusAuth         *auth,
  1289                             "libdbus " DBUS_VERSION_STRING))
  1294                                 _dbus_string_get_length (response)))
  1307 handle_client_data_anonymous_mech (
DBusAuth         *auth,
  1315 handle_client_shutdown_anonymous_mech (
DBusAuth *auth)
  1332 all_mechanisms[] = {
  1334     handle_server_data_external_mech,
  1336     handle_server_shutdown_external_mech,
  1337     handle_client_initial_response_external_mech,
  1338     handle_client_data_external_mech,
  1340     handle_client_shutdown_external_mech },
  1341   { 
"DBUS_COOKIE_SHA1",
  1342     handle_server_data_cookie_sha1_mech,
  1344     handle_server_shutdown_cookie_sha1_mech,
  1345     handle_client_initial_response_cookie_sha1_mech,
  1346     handle_client_data_cookie_sha1_mech,
  1348     handle_client_shutdown_cookie_sha1_mech },
  1350     handle_server_data_anonymous_mech,
  1352     handle_server_shutdown_anonymous_mech,
  1353     handle_client_initial_response_anonymous_mech,
  1354     handle_client_data_anonymous_mech,
  1356     handle_client_shutdown_anonymous_mech },  
  1366   if (allowed_mechs != 
NULL &&
  1368                                     _dbus_string_get_const_data (name)))
  1372   while (all_mechanisms[i].mechanism != 
NULL)
  1375                                     all_mechanisms[i].mechanism))
  1377         return &all_mechanisms[i];
  1431                           _dbus_string_get_length (&auth->
outgoing)))
  1438   shutdown_mech (auth);
  1440   goto_state (auth, &client_state_waiting_for_data);
  1450   if (data == 
NULL || _dbus_string_get_length (data) == 0)
  1454       old_len = _dbus_string_get_length (&auth->
outgoing);
  1459                                     _dbus_string_get_length (&auth->
outgoing)))
  1489   while (all_mechanisms[i].mechanism != 
NULL)
  1496                                 all_mechanisms[i].mechanism))
  1506                           _dbus_string_get_length (&auth->
outgoing)))
  1509   shutdown_mech (auth);
  1516     goto_state (auth, &common_state_need_disconnect);
  1518     goto_state (auth, &server_state_waiting_for_auth);
  1530 send_error (
DBusAuth *auth, 
const char *message)
  1533                                      "ERROR \"%s\"\r\n", message);
  1541   orig_len = _dbus_string_get_length (&auth->
outgoing);
  1547                          _dbus_string_get_length (&auth->
outgoing)) &&
  1550       goto_state (auth, &server_state_waiting_for_begin);
  1568   goto_state (auth, &common_state_authenticated);
  1591   if (end_of_hex != _dbus_string_get_length (args_from_ok) ||
  1594       _dbus_verbose (
"Bad GUID from server, parsed %d bytes and had %d bytes from server\n",
  1595                      end_of_hex, _dbus_string_get_length (args_from_ok));
  1596       goto_state (auth, &common_state_need_disconnect);
  1605   _dbus_verbose (
"Got GUID '%s' from the server\n",
  1606                  _dbus_string_get_const_data (& 
DBUS_AUTH_CLIENT (auth)->guid_from_server));
  1609     return send_negotiate_unix_fd(auth);
  1611   _dbus_verbose(
"Not negotiating unix fd passing, since not possible\n");
  1612   return send_begin (auth);
  1620       goto_state (auth, &client_state_waiting_for_reject);
  1644   if (_dbus_string_get_length (args) != end)
  1647       if (!send_error (auth, 
"Invalid hex encoding"))
  1653 #ifdef DBUS_ENABLE_VERBOSE_MODE  1655                                    _dbus_string_get_length (&decoded)))
  1656     _dbus_verbose (
"%s: data: '%s'\n",
  1658                    _dbus_string_get_const_data (&decoded));
  1661   if (!(* data_func) (auth, &decoded))
  1672 send_negotiate_unix_fd (
DBusAuth *auth)
  1675                             "NEGOTIATE_UNIX_FD\r\n"))
  1678   goto_state (auth, &client_state_waiting_for_agree_unix_fd);
  1683 send_agree_unix_fd (
DBusAuth *auth)
  1688   _dbus_verbose(
"Agreed to UNIX FD passing\n");
  1691                             "AGREE_UNIX_FD\r\n"))
  1694   goto_state (auth, &server_state_waiting_for_begin);
  1701   if (_dbus_string_get_length (args) == 0)
  1704       if (!send_rejected (auth))
  1736           _dbus_verbose (
"%s: Trying mechanism %s\n",
  1740           if (!process_data (auth, &hex_response,
  1747           _dbus_verbose (
"%s: Unsupported mechanism %s\n",
  1749                          _dbus_string_get_const_data (&mech));
  1751           if (!send_rejected (auth))
  1769 handle_server_state_waiting_for_auth  (
DBusAuth         *auth,
  1775     case DBUS_AUTH_COMMAND_AUTH:
  1776       return handle_auth (auth, args);
  1778     case DBUS_AUTH_COMMAND_CANCEL:
  1779     case DBUS_AUTH_COMMAND_DATA:
  1780       return send_error (auth, 
"Not currently in an auth conversation");
  1782     case DBUS_AUTH_COMMAND_BEGIN:
  1783       goto_state (auth, &common_state_need_disconnect);
  1786     case DBUS_AUTH_COMMAND_ERROR:
  1787       return send_rejected (auth);
  1789     case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
  1790       return send_error (auth, 
"Need to authenticate first");
  1792     case DBUS_AUTH_COMMAND_REJECTED:
  1793     case DBUS_AUTH_COMMAND_OK:
  1794     case DBUS_AUTH_COMMAND_UNKNOWN:
  1795     case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
  1797       return send_error (auth, 
"Unknown command");
  1802 handle_server_state_waiting_for_data  (
DBusAuth         *auth,
  1808     case DBUS_AUTH_COMMAND_AUTH:
  1809       return send_error (auth, 
"Sent AUTH while another AUTH in progress");
  1811     case DBUS_AUTH_COMMAND_CANCEL:
  1812     case DBUS_AUTH_COMMAND_ERROR:
  1813       return send_rejected (auth);
  1815     case DBUS_AUTH_COMMAND_DATA:
  1818     case DBUS_AUTH_COMMAND_BEGIN:
  1819       goto_state (auth, &common_state_need_disconnect);
  1822     case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
  1823       return send_error (auth, 
"Need to authenticate first");
  1825     case DBUS_AUTH_COMMAND_REJECTED:
  1826     case DBUS_AUTH_COMMAND_OK:
  1827     case DBUS_AUTH_COMMAND_UNKNOWN:
  1828     case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
  1830       return send_error (auth, 
"Unknown command");
  1835 handle_server_state_waiting_for_begin (
DBusAuth         *auth,
  1841     case DBUS_AUTH_COMMAND_AUTH:
  1842       return send_error (auth, 
"Sent AUTH while expecting BEGIN");
  1844     case DBUS_AUTH_COMMAND_DATA:
  1845       return send_error (auth, 
"Sent DATA while expecting BEGIN");
  1847     case DBUS_AUTH_COMMAND_BEGIN:
  1848       goto_state (auth, &common_state_authenticated);
  1851     case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
  1853         return send_agree_unix_fd(auth);
  1855         return send_error(auth, 
"Unix FD passing not supported, not authenticated or otherwise not possible");
  1857     case DBUS_AUTH_COMMAND_REJECTED:
  1858     case DBUS_AUTH_COMMAND_OK:
  1859     case DBUS_AUTH_COMMAND_UNKNOWN:
  1860     case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
  1862       return send_error (auth, 
"Unknown command");
  1864     case DBUS_AUTH_COMMAND_CANCEL:
  1865     case DBUS_AUTH_COMMAND_ERROR:
  1866       return send_rejected (auth);
  1902   len = _dbus_string_get_length (args);
  1913       if (!get_word (args, &next, &m))
  1932           if (mech != &all_mechanisms[0])
  1934               _dbus_verbose (
"%s: Adding mechanism %s to list we will try\n",
  1946               _dbus_verbose (
"%s: Already tried mechanism %s; not adding to list we will try\n",
  1952           _dbus_verbose (
"%s: Server offered mechanism \"%s\" that we don't know how to use\n",
  1954                          _dbus_string_get_const_data (&m));
  1980       if (!record_mechanisms (auth, args))
  1988       if (!send_auth (auth, mech))
  1993       _dbus_verbose (
"%s: Trying mechanism %s\n",
  2000       _dbus_verbose (
"%s: Disconnecting because we are out of mechanisms to try using\n",
  2002       goto_state (auth, &common_state_need_disconnect);
  2010 handle_client_state_waiting_for_data (
DBusAuth         *auth,
  2018     case DBUS_AUTH_COMMAND_DATA:
  2021     case DBUS_AUTH_COMMAND_REJECTED:
  2022       return process_rejected (auth, args);
  2024     case DBUS_AUTH_COMMAND_OK:
  2025       return process_ok(auth, args);
  2027     case DBUS_AUTH_COMMAND_ERROR:
  2028       return send_cancel (auth);
  2030     case DBUS_AUTH_COMMAND_AUTH:
  2031     case DBUS_AUTH_COMMAND_CANCEL:
  2032     case DBUS_AUTH_COMMAND_BEGIN:
  2033     case DBUS_AUTH_COMMAND_UNKNOWN:
  2034     case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
  2035     case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
  2037       return send_error (auth, 
"Unknown command");
  2042 handle_client_state_waiting_for_ok (
DBusAuth         *auth,
  2048     case DBUS_AUTH_COMMAND_REJECTED:
  2049       return process_rejected (auth, args);
  2051     case DBUS_AUTH_COMMAND_OK:
  2052       return process_ok(auth, args);
  2054     case DBUS_AUTH_COMMAND_DATA:
  2055     case DBUS_AUTH_COMMAND_ERROR:
  2056       return send_cancel (auth);
  2058     case DBUS_AUTH_COMMAND_AUTH:
  2059     case DBUS_AUTH_COMMAND_CANCEL:
  2060     case DBUS_AUTH_COMMAND_BEGIN:
  2061     case DBUS_AUTH_COMMAND_UNKNOWN:
  2062     case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
  2063     case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
  2065       return send_error (auth, 
"Unknown command");
  2070 handle_client_state_waiting_for_reject (
DBusAuth         *auth,
  2076     case DBUS_AUTH_COMMAND_REJECTED:
  2077       return process_rejected (auth, args);
  2079     case DBUS_AUTH_COMMAND_AUTH:
  2080     case DBUS_AUTH_COMMAND_CANCEL:
  2081     case DBUS_AUTH_COMMAND_DATA:
  2082     case DBUS_AUTH_COMMAND_BEGIN:
  2083     case DBUS_AUTH_COMMAND_OK:
  2084     case DBUS_AUTH_COMMAND_ERROR:
  2085     case DBUS_AUTH_COMMAND_UNKNOWN:
  2086     case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
  2087     case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
  2089       goto_state (auth, &common_state_need_disconnect);
  2095 handle_client_state_waiting_for_agree_unix_fd(
DBusAuth         *auth,
  2101     case DBUS_AUTH_COMMAND_AGREE_UNIX_FD:
  2104       _dbus_verbose(
"Successfully negotiated UNIX FD passing\n");
  2105       return send_begin (auth);
  2107     case DBUS_AUTH_COMMAND_ERROR:
  2110       _dbus_verbose(
"Failed to negotiate UNIX FD passing\n");
  2111       return send_begin (auth);
  2113     case DBUS_AUTH_COMMAND_OK:
  2114     case DBUS_AUTH_COMMAND_DATA:
  2115     case DBUS_AUTH_COMMAND_REJECTED:
  2116     case DBUS_AUTH_COMMAND_AUTH:
  2117     case DBUS_AUTH_COMMAND_CANCEL:
  2118     case DBUS_AUTH_COMMAND_BEGIN:
  2119     case DBUS_AUTH_COMMAND_UNKNOWN:
  2120     case DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD:
  2122       return send_error (auth, 
"Unknown command");
  2135   { 
"AUTH",              DBUS_AUTH_COMMAND_AUTH },
  2136   { 
"CANCEL",            DBUS_AUTH_COMMAND_CANCEL },
  2137   { 
"DATA",              DBUS_AUTH_COMMAND_DATA },
  2138   { 
"BEGIN",             DBUS_AUTH_COMMAND_BEGIN },
  2139   { 
"REJECTED",          DBUS_AUTH_COMMAND_REJECTED },
  2140   { 
"OK",                DBUS_AUTH_COMMAND_OK },
  2141   { 
"ERROR",             DBUS_AUTH_COMMAND_ERROR },
  2142   { 
"NEGOTIATE_UNIX_FD", DBUS_AUTH_COMMAND_NEGOTIATE_UNIX_FD },
  2143   { 
"AGREE_UNIX_FD",     DBUS_AUTH_COMMAND_AGREE_UNIX_FD }
  2147 lookup_command_from_name (
DBusString *command)
  2154                                     auth_command_names[i].name))
  2155         return auth_command_names[i].command;
  2158   return DBUS_AUTH_COMMAND_UNKNOWN;
  2165   _dbus_verbose (
"%s: going from state %s to state %s\n",
  2209                                     _dbus_string_get_length (&line)))
  2211       _dbus_verbose (
"%s: Command contained non-ASCII chars or embedded nul\n",
  2213       if (!send_error (auth, 
"Command contained non-ASCII"))
  2219   _dbus_verbose (
"%s: got command \"%s\"\n",
  2221                  _dbus_string_get_const_data (&line));
  2236   command = lookup_command_from_name (&line);
  2303   auth->
side = auth_side_server;
  2304   auth->
state = &server_state_waiting_for_auth;
  2308   server_auth->
guid = guid_copy;
  2344   auth->
side = auth_side_client;
  2345   auth->
state = &client_state_need_send_auth;
  2349   if (!send_auth (auth, &all_mechanisms[0]))
  2388       shutdown_mech (auth);
  2431                            const char **mechanisms)
  2435   if (mechanisms != 
NULL)
  2455 #define DBUS_AUTH_IN_END_STATE(auth) ((auth)->state->handler == NULL)  2470 #define MAX_BUFFER (16 * _DBUS_ONE_KILOBYTE)  2477       if (_dbus_string_get_length (&auth->
incoming) > MAX_BUFFER ||
  2478           _dbus_string_get_length (&auth->
outgoing) > MAX_BUFFER)
  2480           goto_state (auth, &common_state_need_disconnect);
  2481           _dbus_verbose (
"%s: Disconnecting due to excessive data buffered in auth phase\n",
  2486   while (process_command (auth));
  2489     return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
  2490   else if (_dbus_string_get_length (&auth->
outgoing) > 0)
  2491     return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
  2492   else if (auth->
state == &common_state_need_disconnect)
  2493     return DBUS_AUTH_STATE_NEED_DISCONNECT;
  2494   else if (auth->
state == &common_state_authenticated)
  2495     return DBUS_AUTH_STATE_AUTHENTICATED;
  2496   else return DBUS_AUTH_STATE_WAITING_FOR_INPUT;
  2517   if (_dbus_string_get_length (&auth->
outgoing) == 0)
  2537   _dbus_verbose (
"%s: Sent %d bytes of: %s\n",
  2540                  _dbus_string_get_const_data (&auth->
outgoing));
  2627   if (auth->
state != &common_state_authenticated)
  2658   if (auth->
state != &common_state_authenticated)
  2671                                 _dbus_string_get_length (encoded));
  2686   if (auth->
state != &common_state_authenticated)
  2721   if (auth->
state != &common_state_authenticated)
  2734                                 _dbus_string_get_length (plaintext));
  2767   if (auth->
state == &common_state_authenticated)
  2793   if (auth->
state == &common_state_authenticated)
  2794     return _dbus_string_get_const_data (& 
DBUS_AUTH_CLIENT (auth)->guid_from_server);
  2812                                    &auth->
context, 0, _dbus_string_get_length (context));
 dbus_bool_t dbus_error_has_name(const DBusError *error, const char *name)
Checks whether the error is set and has the given name. 
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString. 
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_parse_int(const DBusString *str, int start, long *value_return, int *end_return)
Parses an integer contained in a DBusString. 
const char * message
public error message field 
void _dbus_auth_delete_unused_bytes(DBusAuth *auth)
Gets rid of unused bytes returned by _dbus_auth_get_unused_bytes() after we've gotten them and succes...
#define NULL
A null pointer, defined appropriately for C or C++. 
void _dbus_auth_get_unused_bytes(DBusAuth *auth, const DBusString **str)
Returns leftover bytes that were not used as part of the auth conversation. 
void _dbus_keyring_unref(DBusKeyring *keyring)
Decrements refcount and finalizes if it reaches zero. 
dbus_bool_t _dbus_string_equal(const DBusString *a, const DBusString *b)
Tests two DBusString for equality. 
DBusAuthDecodeFunction client_decode_func
Function on client side for decode. 
DBusAuthEncodeFunction server_encode_func
Function on server side to encode. 
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0(). 
dbus_bool_t _dbus_credentials_add_credential(DBusCredentials *credentials, DBusCredentialType which, DBusCredentials *other_credentials)
Merge the given credential found in the second object into the first object, overwriting the first ob...
DBusAuthCommand
Enumeration for the known authentication commands. 
dbus_bool_t _dbus_auth_needs_decoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to decode the message stream with _dbus_auth_de...
dbus_bool_t _dbus_string_hex_encode(const DBusString *source, int start, DBusString *dest, int insert_at)
Encodes a string in hex, the way MD5 and SHA-1 are usually encoded. 
unsigned int buffer_outstanding
Buffer is "checked out" for reading data into. 
DBusList * mechs_to_try
Mechanisms we got from the server that we're going to try using. 
DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_string_append_int(DBusString *str, long value)
Appends an integer to a DBusString. 
dbus_bool_t _dbus_credentials_are_superset(DBusCredentials *credentials, DBusCredentials *possible_subset)
Checks whether the first credentials object contains all the credentials found in the second credenti...
dbus_bool_t _dbus_auth_encode_data(DBusAuth *auth, const DBusString *plaintext, DBusString *encoded)
Called post-authentication, encodes a block of bytes for sending to the peer. 
Internals of DBusKeyring. 
dbus_bool_t _dbus_auth_set_context(DBusAuth *auth, const DBusString *context)
Sets the "authentication context" which scopes cookies with the DBUS_COOKIE_SHA1 auth mechanism for e...
#define _dbus_assert(condition)
Aborts with an error message if the condition is false. 
#define DBUS_ERROR_INIT
Expands to a suitable initializer for a DBusError on the stack. 
void * data
Data stored at this element. 
void _dbus_auth_return_buffer(DBusAuth *auth, DBusString *buffer)
Returns a buffer with new data read into it. 
DBusAuthState _dbus_auth_do_work(DBusAuth *auth)
Analyzes buffered input and moves the auth conversation forward, returning the new state of the auth ...
void dbus_error_free(DBusError *error)
Frees an error that's been set (or just initialized), then reinitializes the error as in dbus_error_i...
const char * mechanism
Name of the mechanism. 
unsigned int unix_fd_negotiated
Unix fd was successfully negotiated. 
dbus_bool_t _dbus_keyring_get_hex_key(DBusKeyring *keyring, int key_id, DBusString *hex_key)
Gets the hex-encoded secret key for the given ID. 
dbus_bool_t _dbus_auth_set_mechanisms(DBusAuth *auth, const char **mechanisms)
Sets an array of authentication mechanism names that we are willing to use. 
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string. 
DBusAuthShutdownFunction server_shutdown_func
Function on server side to shut down. 
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that's copied to the d...
DBusKeyring * keyring
Keyring for cookie mechanism. 
DBusString context
Cookie scope. 
dbus_bool_t(* DBusAuthDataFunction)(DBusAuth *auth, const DBusString *data)
This function processes a block of data received from the peer. 
dbus_bool_t _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
Queries whether unix fd passing was successfully negotiated. 
void _dbus_credentials_clear(DBusCredentials *credentials)
Clear all credentials in the object. 
dbus_bool_t _dbus_string_find(const DBusString *str, int start, const char *substr, int *found)
Finds the given substring in the string, returning TRUE and filling in the byte index where the subst...
DBusString guid
Our globally unique ID in hex encoding. 
const char * side
Client or server. 
dbus_bool_t _dbus_credentials_add_credentials(DBusCredentials *credentials, DBusCredentials *other_credentials)
Merge all credentials found in the second object into the first object, overwriting the first object ...
DBusString guid_from_server
GUID received from server. 
DBusCredentials * _dbus_auth_get_identity(DBusAuth *auth)
Gets the identity we authorized the client as. 
void _dbus_auth_get_buffer(DBusAuth *auth, DBusString **buffer)
Get a buffer to be used for reading bytes from the peer we're conversing with. 
DBusString challenge
Challenge sent to client. 
dbus_bool_t _dbus_auth_decode_data(DBusAuth *auth, const DBusString *encoded, DBusString *plaintext)
Called post-authentication, decodes a block of bytes received from the peer. 
DBusCredentials * authorized_identity
Credentials that are authorized. 
DBusAuthDecodeFunction server_decode_func
Function on server side to decode. 
dbus_bool_t _dbus_string_move(DBusString *source, int start, DBusString *dest, int insert_at)
Moves the end of one string into another string. 
dbus_bool_t _dbus_append_user_from_current_process(DBusString *str)
Append to the string the identity we would like to have when we authenticate, on UNIX this is the cur...
dbus_bool_t _dbus_credentials_are_anonymous(DBusCredentials *credentials)
Checks whether a credentials object contains a user identity. 
dbus_bool_t _dbus_string_equal_c_str(const DBusString *a, const char *c_str)
Checks whether a string is equal to a C string. 
void _dbus_auth_bytes_sent(DBusAuth *auth, int bytes_sent)
Notifies the auth conversation object that the given number of bytes of the outgoing buffer have been...
Internal members of DBusAuth. 
DBusInitialResponseFunction client_initial_response_func
Function on client side to handle initial response. 
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE. 
"Subclass" of DBusAuth for server side. 
DBusAuthStateFunction handler
State function for this state. 
DBusAuthDataFunction client_data_func
Function on client side for DATA. 
const DBusAuthStateData * state
Current protocol state. 
dbus_bool_t _dbus_string_replace_len(const DBusString *source, int start, int len, DBusString *dest, int replace_at, int replace_len)
Replaces a segment of dest string with a segment of source string. 
"Subclass" of DBusAuth for client side 
DBusCredentials * desired_identity
Identity client has requested. 
void _dbus_string_skip_blank(const DBusString *str, int start, int *end)
Skips blanks from start, storing the first non-blank in *end (blank is space or tab). 
DBusAuth * _dbus_auth_server_new(const DBusString *guid)
Creates a new auth conversation object for the server side. 
unsigned int needed_memory
We needed memory to continue since last successful getting something done. 
#define DBUS_AUTH_NAME(auth)
The name of the auth ("client" or "server") 
DBusAuth * _dbus_auth_ref(DBusAuth *auth)
Increments the refcount of an auth object. 
unsigned int already_asked_for_initial_response
Already sent a blank challenge to get an initial response. 
void _dbus_string_delete(DBusString *str, int start, int len)
Deletes a segment of a DBusString with length len starting at start. 
DBusString identity
Current identity we're authorizing as. 
dbus_bool_t(* DBusInitialResponseFunction)(DBusAuth *auth, DBusString *response)
This function appends an initial client response to the given string. 
dbus_bool_t _dbus_list_append(DBusList **list, void *data)
Appends a value to the list. 
unsigned int already_got_mechanisms
Client already got mech list. 
dbus_bool_t _dbus_string_append_printf(DBusString *str, const char *format,...)
Appends a printf-style formatted string to the DBusString. 
void _dbus_string_zero(DBusString *str)
Clears all allocated bytes in the string to zero. 
int cookie_id
ID of cookie to use. 
Information about a auth state. 
Object representing an exception. 
dbus_bool_t(* DBusAuthStateFunction)(DBusAuth *auth, DBusAuthCommand command, const DBusString *args)
Auth state function, determines the reaction to incoming events for a particular state. 
int _dbus_keyring_get_best_key(DBusKeyring *keyring, DBusError *error)
Gets a recent key to use for authentication. 
dbus_bool_t _dbus_string_validate_utf8(const DBusString *str, int start, int len)
Checks that the given range of the string is valid UTF-8. 
DBusAuth base
Parent class. 
DBusAuthShutdownFunction client_shutdown_func
Function on client side for shutdown. 
void * _dbus_list_pop_first(DBusList **list)
Removes the first value in the list and returns it. 
int refcount
reference count 
const char * _dbus_auth_get_guid_from_server(DBusAuth *auth)
Gets the GUID from the server if we've authenticated; gets NULL otherwise. 
#define _DBUS_N_ELEMENTS(array)
Computes the number of elements in a fixed-size array using sizeof(). 
char ** allowed_mechs
Mechanisms we're allowed to use, or NULL if we can use any. 
const char * name
Name of the command. 
dbus_bool_t(* DBusAuthDecodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *decoded)
This function decodes a block of data from the peer. 
#define DBUS_AUTH_CLIENT(auth)
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init(). 
char ** _dbus_dup_string_array(const char **array)
Duplicates a string array. 
#define TRUE
Expands to "1". 
int failures
Number of times client has been rejected. 
#define DBUS_AUTH_IS_SERVER(auth)
void(* DBusAuthShutdownFunction)(DBusAuth *auth)
This function is called when the mechanism is abandoned. 
#define N_CHALLENGE_BYTES
http://www.ietf.org/rfc/rfc2831.txt suggests at least 64 bits of entropy, we use 128. 
dbus_bool_t _dbus_string_find_blank(const DBusString *str, int start, int *found)
Finds a blank (space or tab) in the string. 
DBusString incoming
Incoming data buffer. 
dbus_bool_t _dbus_auth_set_credentials(DBusAuth *auth, DBusCredentials *credentials)
Sets credentials received via reliable means from the operating system. 
dbus_bool_t _dbus_keyring_is_for_credentials(DBusKeyring *keyring, DBusCredentials *credentials)
Checks whether the keyring is for the same user as the given credentials. 
void _dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b)
Sets whether unix fd passing is potentially on the transport and hence shall be negotiated. 
const char * name
Name of the state. 
DBusAuthEncodeFunction client_encode_func
Function on client side for encode. 
DBusCredentials * _dbus_credentials_new(void)
Creates a new credentials object. 
DBusKeyring * _dbus_keyring_new_for_credentials(DBusCredentials *credentials, const DBusString *context, DBusError *error)
Creates a new keyring that lives in the ~/.dbus-keyrings directory of the user represented by credent...
DBusAuthDataFunction server_data_func
Function on server side for DATA. 
dbus_bool_t(* DBusAuthEncodeFunction)(DBusAuth *auth, const DBusString *data, DBusString *encoded)
This function encodes a block of data from the peer. 
dbus_bool_t _dbus_string_hex_decode(const DBusString *source, int start, int *end_return, DBusString *dest, int insert_at)
Decodes a string from hex encoding. 
void dbus_free_string_array(char **str_array)
Frees a NULL-terminated array of strings. 
dbus_bool_t _dbus_string_array_contains(const char **array, const char *str)
Checks whether a string array contains the given string. 
int max_failures
Number of times we reject before disconnect. 
void _dbus_auth_unref(DBusAuth *auth)
Decrements the refcount of an auth object. 
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with...
dbus_bool_t _dbus_auth_get_bytes_to_send(DBusAuth *auth, const DBusString **str)
Gets bytes that need to be sent to the peer we're conversing with. 
Mapping from command name to enum. 
Virtual table representing a particular auth mechanism. 
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation. 
void _dbus_credentials_unref(DBusCredentials *credentials)
Decrement refcount on credentials. 
#define FALSE
Expands to "0". 
const DBusAuthMechanismHandler * mech
Current auth mechanism. 
#define DBUS_AUTH_SERVER(auth)
unsigned int unix_fd_possible
This side could do unix fd passing. 
dbus_bool_t _dbus_sha_compute(const DBusString *data, DBusString *ascii_output)
Computes the ASCII hex-encoded shasum of the given data and appends it to the output string...
dbus_bool_t _dbus_string_set_length(DBusString *str, int length)
Sets the length of a string. 
dbus_bool_t _dbus_string_copy_len(const DBusString *source, int start, int len, DBusString *dest, int insert_at)
Like _dbus_string_copy(), but can copy a segment from the middle of the source string. 
void * dbus_malloc0(size_t bytes)
Allocates the given number of bytes, as with standard malloc(), but all bytes are initialized to zero...
dbus_bool_t _dbus_auth_needs_encoding(DBusAuth *auth)
Called post-authentication, indicates whether we need to encode the message stream with _dbus_auth_en...
DBusCredentials * credentials
Credentials read from socket. 
DBusAuth * _dbus_auth_client_new(void)
Creates a new auth conversation object for the client side. 
dbus_bool_t _dbus_string_validate_ascii(const DBusString *str, int start, int len)
Checks that the given range of the string is valid ASCII with no nul bytes. 
DBusAuth base
Parent class. 
dbus_bool_t _dbus_keyring_validate_context(const DBusString *context)
Checks whether the context is a valid context. 
#define DBUS_AUTH_IN_END_STATE(auth)
dbus_bool_t dbus_error_is_set(const DBusError *error)
Checks whether an error occurred (the error is set). 
DBusString outgoing
Outgoing data buffer. 
dbus_bool_t _dbus_credentials_are_empty(DBusCredentials *credentials)
Checks whether a credentials object contains anything. 
#define DBUS_AUTH_IS_CLIENT(auth)
DBusAuthCommand command
Corresponding enum. 
void _dbus_list_clear(DBusList **list)
Frees all links in the list and sets the list head to NULL. 
dbus_bool_t _dbus_credentials_add_from_user(DBusCredentials *credentials, const DBusString *username)
Adds the credentials corresponding to the given username.