static dbus_bool_t
do_check_nonce (int fd, const DBusString *nonce, DBusError *error)
{
DBusString buffer;
DBusString p;
size_t nleft;
dbus_bool_t result;
int n;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
nleft = 16;
if ( !_dbus_string_init (&buffer)
|| !_dbus_string_init (&p) ) {
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
_dbus_string_free (&p);
_dbus_string_free (&buffer);
return FALSE;
}
while (nleft)
{
n = _dbus_read_socket (fd, &p, nleft);
if (n == -1 && _dbus_get_is_errno_eintr())
;
else if (n == -1 && _dbus_get_is_errno_eagain_or_ewouldblock())
_dbus_sleep_milliseconds (100);
else if (n==-1)
{
dbus_set_error (error, DBUS_ERROR_IO_ERROR, "Could not read nonce from socket (fd=%d)", fd );
_dbus_string_free (&p);
_dbus_string_free (&buffer);
return FALSE;
}
else if (!n)
{
_dbus_string_free (&p);
_dbus_string_free (&buffer);
dbus_set_error (error, DBUS_ERROR_IO_ERROR, "Could not read nonce from socket (fd=%d)", fd );
return FALSE;
}
else
{
_dbus_string_append_len(&buffer, _dbus_string_get_const_data (&p), n);
nleft -= n;
}
}
result = _dbus_string_equal_len (&buffer, nonce, 16);
if (!result)
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Nonces do not match, access denied (fd=%d)", fd );
_dbus_string_free (&p);
_dbus_string_free (&buffer);
return result;
}
static dbus_bool_t
same_first_word (const DBusString *a,
const DBusString *b)
{
int first_a_blank, first_b_blank;
_dbus_string_find_blank (a, 0, &first_a_blank);
_dbus_string_find_blank (b, 0, &first_b_blank);
if (first_a_blank != first_b_blank)
return FALSE;
return _dbus_string_equal_len (a, b, first_a_blank);
}
static dbus_bool_t
do_check_nonce (DBusSocket fd, const DBusString *nonce, DBusError *error)
{
DBusString buffer;
DBusString p;
size_t nleft;
dbus_bool_t result;
int n;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
nleft = 16;
/* This is a trick to make it safe to call _dbus_string_free on these
* strings during error unwinding, even if allocating memory for them
* fails. A constant DBusString is considered to be valid to "free",
* even though there is nothing to free (of course the free operation
* is trivial, because it does not own its own buffer); but
* unlike a mutable DBusString, initializing a constant DBusString
* cannot fail.
*
* We must successfully re-initialize the strings to be mutable before
* writing to them, of course.
*/
_dbus_string_init_const (&buffer, "");
_dbus_string_init_const (&p, "");
if ( !_dbus_string_init (&buffer)
|| !_dbus_string_init (&p) ) {
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
_dbus_string_free (&p);
_dbus_string_free (&buffer);
return FALSE;
}
while (nleft)
{
int saved_errno;
n = _dbus_read_socket (fd, &p, nleft);
saved_errno = _dbus_save_socket_errno ();
if (n == -1 && _dbus_get_is_errno_eintr (saved_errno))
;
else if (n == -1 && _dbus_get_is_errno_eagain_or_ewouldblock (saved_errno))
_dbus_sleep_milliseconds (100);
else if (n==-1)
{
dbus_set_error (error, DBUS_ERROR_IO_ERROR, "Could not read nonce from socket (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
_dbus_string_free (&p);
_dbus_string_free (&buffer);
return FALSE;
}
else if (!n)
{
_dbus_string_free (&p);
_dbus_string_free (&buffer);
dbus_set_error (error, DBUS_ERROR_IO_ERROR, "Could not read nonce from socket (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
return FALSE;
}
else
{
if (!_dbus_string_append_len (&buffer, _dbus_string_get_const_data (&p), n))
{
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
_dbus_string_free (&p);
_dbus_string_free (&buffer);
return FALSE;
}
nleft -= n;
}
}
result = _dbus_string_equal_len (&buffer, nonce, 16);
if (!result)
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Nonces do not match, access denied (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
_dbus_string_free (&p);
_dbus_string_free (&buffer);
return result;
}
/**
* Runs an "auth script" which is a script for testing the
* authentication protocol. Scripts send and receive data, and then
* include assertions about the state of both ends of the connection
* after processing the data. A script succeeds if these assertions
* hold.
*
* @param filename the file containing the script to run
* @returns #TRUE if the script succeeds, #FALSE otherwise
*/
dbus_bool_t
_dbus_auth_script_run (const DBusString *filename)
{
DBusString file;
DBusError error = DBUS_ERROR_INIT;
DBusString line;
dbus_bool_t retval;
int line_no;
DBusAuth *auth;
DBusString from_auth;
DBusAuthState state;
DBusString context;
DBusString guid;
retval = FALSE;
auth = NULL;
_dbus_string_init_const (&guid, "5fa01f4202cd837709a3274ca0df9d00");
_dbus_string_init_const (&context, "org_freedesktop_test");
if (!_dbus_string_init (&file))
return FALSE;
if (!_dbus_string_init (&line))
{
_dbus_string_free (&file);
return FALSE;
}
if (!_dbus_string_init (&from_auth))
{
_dbus_string_free (&file);
_dbus_string_free (&line);
return FALSE;
}
if (!_dbus_file_get_contents (&file, filename, &error)) {
_dbus_warn ("Getting contents of %s failed: %s\n",
_dbus_string_get_const_data (filename), error.message);
dbus_error_free (&error);
goto out;
}
state = DBUS_AUTH_STATE_NEED_DISCONNECT;
line_no = 0;
next_iteration:
while (_dbus_string_pop_line (&file, &line))
{
line_no += 1;
/* _dbus_warn ("%s\n", _dbus_string_get_const_data (&line)); */
_dbus_string_delete_leading_blanks (&line);
if (auth != NULL)
{
while ((state = _dbus_auth_do_work (auth)) ==
DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND)
{
const DBusString *tmp;
if (_dbus_auth_get_bytes_to_send (auth, &tmp))
{
int count = _dbus_string_get_length (tmp);
if (_dbus_string_copy (tmp, 0, &from_auth,
_dbus_string_get_length (&from_auth)))
_dbus_auth_bytes_sent (auth, count);
}
}
}
if (_dbus_string_get_length (&line) == 0)
{
/* empty line */
goto next_iteration;
}
else if (_dbus_string_starts_with_c_str (&line,
"#"))
{
/* Ignore this comment */
goto next_iteration;
}
#ifdef DBUS_WIN
else if (_dbus_string_starts_with_c_str (&line,
"WIN_ONLY"))
{
/* Ignore this line */
goto next_iteration;
}
else if (_dbus_string_starts_with_c_str (&line,
"UNIX_ONLY"))
{
/* skip this file */
_dbus_warn ("skipping unix only auth script\n");
retval = TRUE;
goto out;
}
#endif
#ifdef DBUS_UNIX
else if (_dbus_string_starts_with_c_str (&line,
"UNIX_ONLY"))
{
/* Ignore this line */
goto next_iteration;
}
else if (_dbus_string_starts_with_c_str (&line,
"WIN_ONLY"))
{
/* skip this file */
_dbus_warn ("skipping windows only auth script\n");
retval = TRUE;
goto out;
}
#endif
else if (_dbus_string_starts_with_c_str (&line,
"CLIENT"))
{
DBusCredentials *creds;
if (auth != NULL)
{
_dbus_warn ("already created a DBusAuth (CLIENT or SERVER given twice)\n");
goto out;
}
auth = _dbus_auth_client_new ();
if (auth == NULL)
{
_dbus_warn ("no memory to create DBusAuth\n");
goto out;
}
/* test ref/unref */
_dbus_auth_ref (auth);
_dbus_auth_unref (auth);
creds = _dbus_credentials_new_from_current_process ();
if (creds == NULL)
{
_dbus_warn ("no memory for credentials\n");
_dbus_auth_unref (auth);
auth = NULL;
goto out;
}
if (!_dbus_auth_set_credentials (auth, creds))
{
_dbus_warn ("no memory for setting credentials\n");
_dbus_auth_unref (auth);
auth = NULL;
_dbus_credentials_unref (creds);
goto out;
}
_dbus_credentials_unref (creds);
}
else if (_dbus_string_starts_with_c_str (&line,
"SERVER"))
{
DBusCredentials *creds;
if (auth != NULL)
{
_dbus_warn ("already created a DBusAuth (CLIENT or SERVER given twice)\n");
goto out;
}
auth = _dbus_auth_server_new (&guid);
if (auth == NULL)
{
_dbus_warn ("no memory to create DBusAuth\n");
goto out;
}
/* test ref/unref */
_dbus_auth_ref (auth);
_dbus_auth_unref (auth);
creds = _dbus_credentials_new_from_current_process ();
if (creds == NULL)
{
_dbus_warn ("no memory for credentials\n");
_dbus_auth_unref (auth);
auth = NULL;
goto out;
}
if (!_dbus_auth_set_credentials (auth, creds))
{
_dbus_warn ("no memory for setting credentials\n");
_dbus_auth_unref (auth);
auth = NULL;
_dbus_credentials_unref (creds);
goto out;
}
_dbus_credentials_unref (creds);
_dbus_auth_set_context (auth, &context);
}
else if (auth == NULL)
{
_dbus_warn ("must specify CLIENT or SERVER\n");
goto out;
}
else if (_dbus_string_starts_with_c_str (&line,
"NO_CREDENTIALS"))
{
auth_set_unix_credentials (auth, DBUS_UID_UNSET, DBUS_PID_UNSET);
}
else if (_dbus_string_starts_with_c_str (&line,
"ROOT_CREDENTIALS"))
{
auth_set_unix_credentials (auth, 0, DBUS_PID_UNSET);
}
else if (_dbus_string_starts_with_c_str (&line,
"SILLY_CREDENTIALS"))
{
auth_set_unix_credentials (auth, 4312, DBUS_PID_UNSET);
}
else if (_dbus_string_starts_with_c_str (&line,
"ALLOWED_MECHS"))
{
char **mechs;
_dbus_string_delete_first_word (&line);
mechs = split_string (&line);
_dbus_auth_set_mechanisms (auth, (const char **) mechs);
dbus_free_string_array (mechs);
}
else if (_dbus_string_starts_with_c_str (&line,
"SEND"))
{
DBusString to_send;
_dbus_string_delete_first_word (&line);
if (!_dbus_string_init (&to_send))
{
_dbus_warn ("no memory to allocate string\n");
goto out;
}
if (!append_quoted_string (&to_send, &line))
{
_dbus_warn ("failed to append quoted string line %d\n",
line_no);
_dbus_string_free (&to_send);
goto out;
}
_dbus_verbose ("Sending '%s'\n", _dbus_string_get_const_data (&to_send));
if (!_dbus_string_append (&to_send, "\r\n"))
{
_dbus_warn ("failed to append \r\n from line %d\n",
line_no);
_dbus_string_free (&to_send);
goto out;
}
/* Replace USERID_HEX with our username in hex */
{
int where;
if (_dbus_string_find (&to_send, 0,
"USERID_HEX", &where))
{
DBusString username;
if (!_dbus_string_init (&username))
{
_dbus_warn ("no memory for userid\n");
_dbus_string_free (&to_send);
goto out;
}
if (!_dbus_append_user_from_current_process (&username))
{
_dbus_warn ("no memory for userid\n");
_dbus_string_free (&username);
_dbus_string_free (&to_send);
goto out;
}
_dbus_string_delete (&to_send, where, (int) strlen ("USERID_HEX"));
if (!_dbus_string_hex_encode (&username, 0,
&to_send, where))
{
_dbus_warn ("no memory to subst USERID_HEX\n");
_dbus_string_free (&username);
_dbus_string_free (&to_send);
goto out;
}
_dbus_string_free (&username);
}
else if (_dbus_string_find (&to_send, 0,
"USERNAME_HEX", &where))
{
DBusString username;
if (!_dbus_string_init (&username))
{
_dbus_warn ("no memory for username\n");
_dbus_string_free (&to_send);
goto out;
}
if (!_dbus_append_user_from_current_process (&username))
{
_dbus_warn ("no memory for username\n");
_dbus_string_free (&username);
_dbus_string_free (&to_send);
goto out;
}
_dbus_string_delete (&to_send, where, (int) strlen ("USERNAME_HEX"));
if (!_dbus_string_hex_encode (&username, 0,
&to_send, where))
{
_dbus_warn ("no memory to subst USERNAME_HEX\n");
_dbus_string_free (&username);
_dbus_string_free (&to_send);
goto out;
}
_dbus_string_free (&username);
}
}
{
DBusString *buffer;
_dbus_auth_get_buffer (auth, &buffer);
if (!_dbus_string_copy (&to_send, 0,
buffer, _dbus_string_get_length (buffer)))
{
_dbus_warn ("not enough memory to call bytes_received, or can't add bytes to auth object already in end state\n");
_dbus_string_free (&to_send);
_dbus_auth_return_buffer (auth, buffer);
goto out;
}
_dbus_auth_return_buffer (auth, buffer);
}
_dbus_string_free (&to_send);
}
else if (_dbus_string_starts_with_c_str (&line,
"EXPECT_STATE"))
{
DBusAuthState expected;
_dbus_string_delete_first_word (&line);
expected = auth_state_from_string (&line);
if (expected < 0)
{
_dbus_warn ("bad auth state given to EXPECT_STATE\n");
goto parse_failed;
}
if (expected != state)
{
_dbus_warn ("expected auth state %s but got %s on line %d\n",
auth_state_to_string (expected),
auth_state_to_string (state),
line_no);
goto out;
}
}
else if (_dbus_string_starts_with_c_str (&line,
"EXPECT_COMMAND"))
{
DBusString received;
_dbus_string_delete_first_word (&line);
if (!_dbus_string_init (&received))
{
_dbus_warn ("no mem to allocate string received\n");
goto out;
}
if (!_dbus_string_pop_line (&from_auth, &received))
{
_dbus_warn ("no line popped from the DBusAuth being tested, expected command %s on line %d\n",
_dbus_string_get_const_data (&line), line_no);
_dbus_string_free (&received);
goto out;
}
if (!same_first_word (&received, &line))
{
_dbus_warn ("line %d expected command '%s' and got '%s'\n",
line_no,
_dbus_string_get_const_data (&line),
_dbus_string_get_const_data (&received));
_dbus_string_free (&received);
goto out;
}
_dbus_string_free (&received);
}
else if (_dbus_string_starts_with_c_str (&line,
"EXPECT_UNUSED"))
{
DBusString expected;
const DBusString *unused;
_dbus_string_delete_first_word (&line);
if (!_dbus_string_init (&expected))
{
_dbus_warn ("no mem to allocate string expected\n");
goto out;
}
if (!append_quoted_string (&expected, &line))
{
_dbus_warn ("failed to append quoted string line %d\n",
line_no);
_dbus_string_free (&expected);
goto out;
}
_dbus_auth_get_unused_bytes (auth, &unused);
if (_dbus_string_equal (&expected, unused))
{
_dbus_auth_delete_unused_bytes (auth);
_dbus_string_free (&expected);
}
else
{
_dbus_warn ("Expected unused bytes '%s' and have '%s'\n",
_dbus_string_get_const_data (&expected),
_dbus_string_get_const_data (unused));
_dbus_string_free (&expected);
goto out;
}
}
else if (_dbus_string_starts_with_c_str (&line,
"EXPECT_HAVE_NO_CREDENTIALS"))
{
DBusCredentials *authorized_identity;
authorized_identity = _dbus_auth_get_identity (auth);
if (!_dbus_credentials_are_anonymous (authorized_identity))
{
_dbus_warn ("Expected anonymous login or failed login, but some credentials were authorized\n");
goto out;
}
}
else if (_dbus_string_starts_with_c_str (&line,
"EXPECT_HAVE_SOME_CREDENTIALS"))
{
DBusCredentials *authorized_identity;
authorized_identity = _dbus_auth_get_identity (auth);
if (_dbus_credentials_are_anonymous (authorized_identity))
{
_dbus_warn ("Expected to have some credentials, but we don't\n");
goto out;
}
}
else if (_dbus_string_starts_with_c_str (&line,
"EXPECT"))
{
DBusString expected;
_dbus_string_delete_first_word (&line);
if (!_dbus_string_init (&expected))
{
_dbus_warn ("no mem to allocate string expected\n");
goto out;
}
if (!append_quoted_string (&expected, &line))
{
_dbus_warn ("failed to append quoted string line %d\n",
line_no);
_dbus_string_free (&expected);
goto out;
}
if (_dbus_string_equal_len (&expected, &from_auth,
_dbus_string_get_length (&expected)))
{
_dbus_string_delete (&from_auth, 0,
_dbus_string_get_length (&expected));
_dbus_string_free (&expected);
}
else
{
_dbus_warn ("Expected exact string '%s' and have '%s'\n",
_dbus_string_get_const_data (&expected),
_dbus_string_get_const_data (&from_auth));
_dbus_string_free (&expected);
goto out;
}
}
else
goto parse_failed;
goto next_iteration; /* skip parse_failed */
parse_failed:
{
_dbus_warn ("couldn't process line %d \"%s\"\n",
line_no, _dbus_string_get_const_data (&line));
goto out;
}
}
if (auth == NULL)
{
_dbus_warn ("Auth script is bogus, did not even have CLIENT or SERVER\n");
goto out;
}
else if (state == DBUS_AUTH_STATE_AUTHENTICATED)
{
const DBusString *unused;
_dbus_auth_get_unused_bytes (auth, &unused);
if (_dbus_string_get_length (unused) > 0)
{
_dbus_warn ("did not expect unused bytes (scripts must specify explicitly if they are expected)\n");
goto out;
}
}
if (_dbus_string_get_length (&from_auth) > 0)
{
_dbus_warn ("script did not have EXPECT_ statements for all the data received from the DBusAuth\n");
_dbus_warn ("Leftover data: %s\n", _dbus_string_get_const_data (&from_auth));
goto out;
}
retval = TRUE;
out:
if (auth)
_dbus_auth_unref (auth);
_dbus_string_free (&file);
_dbus_string_free (&line);
_dbus_string_free (&from_auth);
return retval;
}
