Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
dbus-1-x11.11671
fix-CVE-2019-12749.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-CVE-2019-12749.patch of Package dbus-1-x11.11671
From 47b1a4c41004bf494b87370987b222c934b19016 Mon Sep 17 00:00:00 2001 From: Simon McVittie <smcv@collabora.com> Date: Thu, 30 May 2019 12:53:03 +0100 Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server owner The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership of a shared home directory by having the server write a secret "cookie" into a .dbus-keyrings subdirectory of the desired identity's home directory with 0700 permissions, and having the client prove that it can read the cookie. This never actually worked for non-malicious clients in the case where server uid != client uid (unless the server and client both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional Unix uid 0) because an unprivileged server would fail to write out the cookie, and an unprivileged client would be unable to read the resulting file owned by the server. Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings is owned by the uid of the server (a side-effect of a check added to harden our use of XDG_RUNTIME_DIR), further ruling out successful use by a non-malicious client with a uid differing from the server's. Joe Vennix of Apple Information Security discovered that the implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link attack: a malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations. In the worst case this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. This is mitigated by the fact that by default, the well-known system dbus-daemon (since 2003) and the well-known session dbus-daemon (in stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1 at an early stage, before manipulating cookies. As a result, this vulnerability only applies to: * system or session dbus-daemons with non-standard configuration * third-party dbus-daemon invocations such as at-spi2-core (although in practice at-spi2-core also only accepts EXTERNAL by default) * third-party uses of DBusServer such as the one in Upstart Avoiding symlink attacks in a portable way is difficult, because APIs like openat() and Linux /proc/self/fd are not universally available. However, because DBUS_COOKIE_SHA1 already doesn't work in practice for a non-matching uid, we can solve this vulnerability in an easier way without regressions, by rejecting it early (before looking at ~/.dbus-keyrings) whenever the requested identity doesn't match the identity of the process hosting the DBusServer. Signed-off-by: Simon McVittie <smcv@collabora.com> Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269 Closes: CVE-2019-12749 --- dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) Index: dbus-1.8.22/dbus/dbus-auth.c =================================================================== --- dbus-1.8.22.orig/dbus/dbus-auth.c +++ dbus-1.8.22/dbus/dbus-auth.c @@ -4,7 +4,7 @@ * Copyright (C) 2002, 2003, 2004 Red Hat Inc. * * Licensed under the Academic Free License version 2.1 - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -14,7 +14,7 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA @@ -50,7 +50,7 @@ * * @todo the cookie keyring needs to be cached globally not just * per-auth (which raises threadsafety issues too) - * + * * @todo grep FIXME in dbus-auth.c */ @@ -157,7 +157,7 @@ struct DBusAuth DBusString incoming; /**< Incoming data buffer */ DBusString outgoing; /**< Outgoing data buffer */ - + const DBusAuthStateData *state; /**< Current protocol state */ const DBusAuthMechanismHandler *mech; /**< Current auth mechanism */ @@ -165,14 +165,14 @@ struct DBusAuth DBusString identity; /**< Current identity we're authorizing * as. */ - + DBusCredentials *credentials; /**< Credentials read from socket */ DBusCredentials *authorized_identity; /**< Credentials that are authorized */ DBusCredentials *desired_identity; /**< Identity client has requested */ - + DBusString context; /**< Cookie scope */ DBusKeyring *keyring; /**< Keyring for cookie mechanism. */ int cookie_id; /**< ID of cookie to use */ @@ -181,7 +181,7 @@ struct DBusAuth char **allowed_mechs; /**< Mechanisms we're allowed to use, * or #NULL if we can use any */ - + unsigned int needed_memory : 1; /**< We needed memory to continue since last * successful getting something done */ @@ -203,7 +203,7 @@ typedef struct DBusList *mechs_to_try; /**< Mechanisms we got from the server that we're going to try using */ DBusString guid_from_server; /**< GUID received from server */ - + } DBusAuthClient; /** @@ -217,7 +217,7 @@ typedef struct int max_failures; /**< Number of times we reject before disconnect */ DBusString guid; /**< Our globally unique ID in hex encoding */ - + } DBusAuthServer; static void goto_state (DBusAuth *auth, @@ -238,7 +238,7 @@ static dbus_bool_t send_agree_unix_fd /** * Client states */ - + static dbus_bool_t handle_server_state_waiting_for_auth (DBusAuth *auth, DBusAuthCommand command, const DBusString *args); @@ -248,7 +248,7 @@ static dbus_bool_t handle_server_state_w static dbus_bool_t handle_server_state_waiting_for_begin (DBusAuth *auth, DBusAuthCommand command, const DBusString *args); - + static const DBusAuthStateData server_state_waiting_for_auth = { "WaitingForAuth", handle_server_state_waiting_for_auth }; @@ -258,11 +258,11 @@ static const DBusAuthStateData server_st static const DBusAuthStateData server_state_waiting_for_begin = { "WaitingForBegin", handle_server_state_waiting_for_begin }; - + /** * Client states */ - + static dbus_bool_t handle_client_state_waiting_for_data (DBusAuth *auth, DBusAuthCommand command, const DBusString *args); @@ -338,16 +338,16 @@ static DBusAuth* _dbus_auth_new (int size) { DBusAuth *auth; - + auth = dbus_malloc0 (size); if (auth == NULL) return NULL; - + auth->refcount = 1; - + auth->keyring = NULL; auth->cookie_id = -1; - + /* note that we don't use the max string length feature, * because you can't use that feature if you're going to * try to recover from out-of-memory (it creates @@ -355,13 +355,13 @@ _dbus_auth_new (int size) * more space in the string). But we do handle * overlong buffers in _dbus_auth_do_work(). */ - + if (!_dbus_string_init (&auth->incoming)) goto enomem_0; if (!_dbus_string_init (&auth->outgoing)) goto enomem_1; - + if (!_dbus_string_init (&auth->identity)) goto enomem_2; @@ -378,7 +378,7 @@ _dbus_auth_new (int size) auth->credentials = _dbus_credentials_new (); if (auth->credentials == NULL) goto enomem_6; - + auth->authorized_identity = _dbus_credentials_new (); if (auth->authorized_identity == NULL) goto enomem_7; @@ -386,7 +386,7 @@ _dbus_auth_new (int size) auth->desired_identity = _dbus_credentials_new (); if (auth->desired_identity == NULL) goto enomem_8; - + return auth; #if 0 @@ -423,17 +423,17 @@ shutdown_mech (DBusAuth *auth) _dbus_credentials_clear (auth->authorized_identity); _dbus_credentials_clear (auth->desired_identity); - + if (auth->mech != NULL) { _dbus_verbose ("%s: Shutting down mechanism %s\n", DBUS_AUTH_NAME (auth), auth->mech->mechanism); - + if (DBUS_AUTH_IS_CLIENT (auth)) (* auth->mech->client_shutdown_func) (auth); else (* auth->mech->server_shutdown_func) (auth); - + auth->mech = NULL; } } @@ -456,11 +456,11 @@ sha1_compute_hash (DBusAuth *aut DBusString cookie; DBusString to_hash; dbus_bool_t retval; - + _dbus_assert (auth->keyring != NULL); retval = FALSE; - + if (!_dbus_string_init (&cookie)) return FALSE; @@ -476,14 +476,14 @@ sha1_compute_hash (DBusAuth *aut if (!_dbus_string_init (&to_hash)) goto out_0; - + if (!_dbus_string_copy (server_challenge, 0, &to_hash, _dbus_string_get_length (&to_hash))) goto out_1; if (!_dbus_string_append (&to_hash, ":")) goto out_1; - + if (!_dbus_string_copy (client_challenge, 0, &to_hash, _dbus_string_get_length (&to_hash))) goto out_1; @@ -497,7 +497,7 @@ sha1_compute_hash (DBusAuth *aut if (!_dbus_sha_compute (&to_hash, hash)) goto out_1; - + retval = TRUE; out_1: @@ -526,11 +526,11 @@ sha1_handle_first_client_response (DBusA DBusString tmp2; dbus_bool_t retval; DBusError error; - + DBusCredentials *myself = NULL; retval = FALSE; _dbus_string_set_length (&auth->challenge, 0); - + if (_dbus_string_get_length (data) > 0) { if (_dbus_string_get_length (&auth->identity) > 0) @@ -547,14 +547,14 @@ sha1_handle_first_client_response (DBusA return FALSE; } } - + if (!_dbus_credentials_add_from_user (auth->desired_identity, data)) { _dbus_verbose ("%s: Did not get a valid username from client\n", DBUS_AUTH_NAME (auth)); return send_rejected (auth); } - + if (!_dbus_string_init (&tmp)) return FALSE; @@ -564,6 +564,34 @@ sha1_handle_first_client_response (DBusA return FALSE; } + myself = _dbus_credentials_new_from_current_process (); + + if (myself == NULL) + goto out; + + if (!_dbus_credentials_same_user (myself, auth->desired_identity)) + { + /* + * DBUS_COOKIE_SHA1 is not suitable for authenticating that the + * client is anyone other than the user owning the process + * containing the DBusServer: we probably aren't allowed to write + * to other users' home directories. Even if we can (for example + * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we + * must not, because the other user controls their home directory, + * and could carry out symlink attacks to make us read from or + * write to unintended locations. It's difficult to avoid symlink + * attacks in a portable way, so we just don't try. This isn't a + * regression, because DBUS_COOKIE_SHA1 never worked for other + * users anyway. + */ + _dbus_verbose ("%s: client tried to authenticate as \"%s\", " + "but that doesn't match this process", + DBUS_AUTH_NAME (auth), + _dbus_string_get_const_data (data)); + retval = send_rejected (auth); + goto out; + } + /* we cache the keyring for speed, so here we drop it if it's the * wrong one. FIXME caching the keyring here is useless since we use * a different DBusAuth for every connection. @@ -575,7 +603,7 @@ sha1_handle_first_client_response (DBusA _dbus_keyring_unref (auth->keyring); auth->keyring = NULL; } - + if (auth->keyring == NULL) { dbus_error_init (&error); @@ -638,31 +666,34 @@ sha1_handle_first_client_response (DBusA goto out; if (!_dbus_string_append (&tmp2, " ")) - goto out; - + goto out; + if (!_dbus_generate_random_bytes (&tmp, N_CHALLENGE_BYTES)) goto out; _dbus_string_set_length (&auth->challenge, 0); if (!_dbus_string_hex_encode (&tmp, 0, &auth->challenge, 0)) goto out; - + if (!_dbus_string_hex_encode (&tmp, 0, &tmp2, _dbus_string_get_length (&tmp2))) goto out; if (!send_data (auth, &tmp2)) goto out; - + goto_state (auth, &server_state_waiting_for_data); retval = TRUE; - + out: _dbus_string_zero (&tmp); _dbus_string_free (&tmp); _dbus_string_zero (&tmp2); _dbus_string_free (&tmp2); + if (myself != NULL) + _dbus_credentials_unref (myself); + return retval; } @@ -680,28 +711,28 @@ sha1_handle_second_client_response (DBus DBusString client_hash; dbus_bool_t retval; DBusString correct_hash; - + retval = FALSE; - + if (!_dbus_string_find_blank (data, 0, &i)) { _dbus_verbose ("%s: no space separator in client response\n", DBUS_AUTH_NAME (auth)); return send_rejected (auth); } - + if (!_dbus_string_init (&client_challenge)) goto out_0; if (!_dbus_string_init (&client_hash)) - goto out_1; + goto out_1; if (!_dbus_string_copy_len (data, 0, i, &client_challenge, 0)) goto out_2; _dbus_string_skip_blank (data, i, &i); - + if (!_dbus_string_copy_len (data, i, _dbus_string_get_length (data) - i, &client_hash, @@ -722,7 +753,7 @@ sha1_handle_second_client_response (DBus goto out_2; if (!sha1_compute_hash (auth, auth->cookie_id, - &auth->challenge, + &auth->challenge, &client_challenge, &correct_hash)) goto out_3; @@ -734,7 +765,7 @@ sha1_handle_second_client_response (DBus retval = TRUE; goto out_3; } - + if (!_dbus_string_equal (&client_hash, &correct_hash)) { if (send_rejected (auth)) @@ -752,15 +783,15 @@ sha1_handle_second_client_response (DBus DBUS_CREDENTIAL_UNIX_PROCESS_ID, auth->credentials)) goto out_3; - + if (!send_ok (auth)) goto out_3; _dbus_verbose ("%s: authenticated client using DBUS_COOKIE_SHA1\n", DBUS_AUTH_NAME (auth)); - + retval = TRUE; - + out_3: _dbus_string_zero (&correct_hash); _dbus_string_free (&correct_hash); @@ -786,7 +817,7 @@ handle_server_data_cookie_sha1_mech (DBu static void handle_server_shutdown_cookie_sha1_mech (DBusAuth *auth) { - auth->cookie_id = -1; + auth->cookie_id = -1; _dbus_string_set_length (&auth->challenge, 0); } @@ -801,7 +832,7 @@ handle_client_initial_response_cookie_sh if (!_dbus_string_init (&username)) return FALSE; - + if (!_dbus_append_user_from_current_process (&username)) goto out_0; @@ -811,10 +842,10 @@ handle_client_initial_response_cookie_sh goto out_0; retval = TRUE; - + out_0: _dbus_string_free (&username); - + return retval; } @@ -835,9 +866,9 @@ handle_client_data_cookie_sha1_mech (DBu DBusString tmp; int i, j; long val; - - retval = FALSE; - + + retval = FALSE; + if (!_dbus_string_find_blank (data, 0, &i)) { if (send_error (auth, @@ -852,7 +883,7 @@ handle_client_data_cookie_sha1_mech (DBu if (!_dbus_string_copy_len (data, 0, i, &context, 0)) goto out_1; - + _dbus_string_skip_blank (data, i, &i); if (!_dbus_string_find_blank (data, i, &j)) { @@ -864,10 +895,10 @@ handle_client_data_cookie_sha1_mech (DBu if (!_dbus_string_init (&cookie_id_str)) goto out_1; - + if (!_dbus_string_copy_len (data, i, j - i, &cookie_id_str, 0)) - goto out_2; + goto out_2; if (!_dbus_string_init (&server_challenge)) goto out_2; @@ -924,10 +955,10 @@ handle_client_data_cookie_sha1_mech (DBu _dbus_verbose ("%s: Error loading keyring: %s\n", DBUS_AUTH_NAME (auth), error.message); - + if (send_error (auth, "Could not load cookie file")) retval = TRUE; /* retval is only about mem */ - + dbus_error_free (&error); goto out_3; } @@ -937,12 +968,12 @@ handle_client_data_cookie_sha1_mech (DBu _dbus_assert (!dbus_error_is_set (&error)); } } - + _dbus_assert (auth->keyring != NULL); - + if (!_dbus_string_init (&tmp)) goto out_3; - + if (!_dbus_generate_random_bytes (&tmp, N_CHALLENGE_BYTES)) goto out_4; @@ -954,7 +985,7 @@ handle_client_data_cookie_sha1_mech (DBu if (!_dbus_string_init (&correct_hash)) goto out_5; - + if (!sha1_compute_hash (auth, val, &server_challenge, &client_challenge, @@ -968,9 +999,9 @@ handle_client_data_cookie_sha1_mech (DBu retval = TRUE; goto out_6; } - + _dbus_string_set_length (&tmp, 0); - + if (!_dbus_string_copy (&client_challenge, 0, &tmp, _dbus_string_get_length (&tmp))) goto out_6; @@ -1008,7 +1039,7 @@ handle_client_data_cookie_sha1_mech (DBu static void handle_client_shutdown_cookie_sha1_mech (DBusAuth *auth) { - auth->cookie_id = -1; + auth->cookie_id = -1; _dbus_string_set_length (&auth->challenge, 0); } @@ -1026,7 +1057,7 @@ handle_server_data_external_mech (DBusAu DBUS_AUTH_NAME (auth)); return send_rejected (auth); } - + if (_dbus_string_get_length (data) > 0) { if (_dbus_string_get_length (&auth->identity) > 0) @@ -1061,7 +1092,7 @@ handle_server_data_external_mech (DBusAu } _dbus_credentials_clear (auth->desired_identity); - + /* If auth->identity is still empty here, then client * responded with an empty string after we poked it for * an initial response. This means to try to auth the @@ -1093,7 +1124,7 @@ handle_server_data_external_mech (DBusAu _dbus_string_get_const_data (&auth->identity)); return send_rejected (auth); } - + if (_dbus_credentials_are_superset (auth->credentials, auth->desired_identity)) { @@ -1115,7 +1146,7 @@ handle_server_data_external_mech (DBusAu DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID, auth->credentials)) return FALSE; - + if (!send_ok (auth)) return FALSE; @@ -1161,19 +1192,19 @@ handle_client_initial_response_external_ goto failed; _dbus_string_free (&plaintext); - + return TRUE; failed: _dbus_string_free (&plaintext); - return FALSE; + return FALSE; } static dbus_bool_t handle_client_data_external_mech (DBusAuth *auth, const DBusString *data) { - + return TRUE; } @@ -1190,7 +1221,7 @@ handle_client_shutdown_external_mech (DB static dbus_bool_t handle_server_data_anonymous_mech (DBusAuth *auth, const DBusString *data) -{ +{ if (_dbus_string_get_length (data) > 0) { /* Client is allowed to send "trace" data, the only defined @@ -1204,7 +1235,7 @@ handle_server_data_anonymous_mech (DBusA DBUS_AUTH_NAME (auth)); return send_rejected (auth); } - + _dbus_verbose ("%s: ANONYMOUS client sent trace string: '%s'\n", DBUS_AUTH_NAME (auth), _dbus_string_get_const_data (data)); @@ -1219,7 +1250,7 @@ handle_server_data_anonymous_mech (DBusA DBUS_CREDENTIAL_UNIX_PROCESS_ID, auth->credentials)) return FALSE; - + /* Anonymous is always allowed */ if (!send_ok (auth)) return FALSE; @@ -1233,7 +1264,7 @@ handle_server_data_anonymous_mech (DBusA static void handle_server_shutdown_anonymous_mech (DBusAuth *auth) { - + } static dbus_bool_t @@ -1261,26 +1292,26 @@ handle_client_initial_response_anonymous goto failed; _dbus_string_free (&plaintext); - + return TRUE; failed: _dbus_string_free (&plaintext); - return FALSE; + return FALSE; } static dbus_bool_t handle_client_data_anonymous_mech (DBusAuth *auth, const DBusString *data) { - + return TRUE; } static void handle_client_shutdown_anonymous_mech (DBusAuth *auth) { - + } /* Put mechanisms here in order of preference. @@ -1292,7 +1323,7 @@ handle_client_shutdown_anonymous_mech (D * * We might ideally add a mechanism to chain to Cyrus SASL so we can * use its mechanisms as well. - * + * */ static const DBusAuthMechanismHandler all_mechanisms[] = { @@ -1319,7 +1350,7 @@ all_mechanisms[] = { handle_client_initial_response_anonymous_mech, handle_client_data_anonymous_mech, NULL, NULL, - handle_client_shutdown_anonymous_mech }, + handle_client_shutdown_anonymous_mech }, { NULL, NULL } }; @@ -1328,23 +1359,23 @@ find_mech (const DBusString *name, char **allowed_mechs) { int i; - + if (allowed_mechs != NULL && !_dbus_string_array_contains ((const char**) allowed_mechs, _dbus_string_get_const_data (name))) return NULL; - + i = 0; while (all_mechanisms[i].mechanism != NULL) - { + { if (_dbus_string_equal_c_str (name, all_mechanisms[i].mechanism)) return &all_mechanisms[i]; - + ++i; } - + return NULL; } @@ -1355,14 +1386,14 @@ send_auth (DBusAuth *auth, const DBusAut if (!_dbus_string_init (&auth_command)) return FALSE; - + if (!_dbus_string_append (&auth_command, "AUTH ")) { _dbus_string_free (&auth_command); return FALSE; - } - + } + if (!_dbus_string_append (&auth_command, mech->mechanism)) { @@ -1377,14 +1408,14 @@ send_auth (DBusAuth *auth, const DBusAut _dbus_string_free (&auth_command); return FALSE; } - + if (!(* mech->client_initial_response_func) (auth, &auth_command)) { _dbus_string_free (&auth_command); return FALSE; } } - + if (!_dbus_string_append (&auth_command, "\r\n")) { @@ -1402,7 +1433,7 @@ send_auth (DBusAuth *auth, const DBusAut _dbus_string_free (&auth_command); shutdown_mech (auth); - auth->mech = mech; + auth->mech = mech; goto_state (auth, &client_state_waiting_for_data); return TRUE; @@ -1443,10 +1474,10 @@ send_rejected (DBusAuth *auth) DBusString command; DBusAuthServer *server_auth; int i; - + if (!_dbus_string_init (&command)) return FALSE; - + if (!_dbus_string_append (&command, "REJECTED")) goto nomem; @@ -1461,10 +1492,10 @@ send_rejected (DBusAuth *auth) if (!_dbus_string_append (&command, all_mechanisms[i].mechanism)) goto nomem; - + ++i; } - + if (!_dbus_string_append (&command, "\r\n")) goto nomem; @@ -1473,7 +1504,7 @@ send_rejected (DBusAuth *auth) goto nomem; shutdown_mech (auth); - + _dbus_assert (DBUS_AUTH_IS_SERVER (auth)); server_auth = DBUS_AUTH_SERVER (auth); server_auth->failures += 1; @@ -1484,7 +1515,7 @@ send_rejected (DBusAuth *auth) goto_state (auth, &server_state_waiting_for_auth); _dbus_string_free (&command); - + return TRUE; nomem: @@ -1505,7 +1536,7 @@ send_ok (DBusAuth *auth) int orig_len; orig_len = _dbus_string_get_length (&auth->outgoing); - + if (_dbus_string_append (&auth->outgoing, "OK ") && _dbus_string_copy (& DBUS_AUTH_SERVER (auth)->guid, 0, @@ -1540,12 +1571,12 @@ process_ok(DBusAuth *auth, const DBusString *args_from_ok) { int end_of_hex; - + /* "args_from_ok" should be the GUID, whitespace already pulled off the front */ _dbus_assert (_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0); /* We decode the hex string to binary, using guid_from_server as scratch... */ - + end_of_hex = 0; if (!_dbus_string_hex_decode (args_from_ok, 0, &end_of_hex, & DBUS_AUTH_CLIENT (auth)->guid_from_server, 0)) @@ -1553,7 +1584,7 @@ process_ok(DBusAuth *auth, /* now clear out the scratch */ _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0); - + if (end_of_hex != _dbus_string_get_length (args_from_ok) || end_of_hex == 0) { @@ -1623,7 +1654,7 @@ process_data (DBusAuth *auth DBUS_AUTH_NAME (auth), _dbus_string_get_const_data (&decoded)); #endif - + if (!(* data_func) (auth, &decoded)) { _dbus_string_free (&decoded); @@ -1677,7 +1708,7 @@ handle_auth (DBusAuth *auth, const DBusS int i; DBusString mech; DBusString hex_response; - + _dbus_string_find_blank (args, 0, &i); if (!_dbus_string_init (&mech)) @@ -1688,21 +1719,21 @@ handle_auth (DBusAuth *auth, const DBusS _dbus_string_free (&mech); return FALSE; } - + if (!_dbus_string_copy_len (args, 0, i, &mech, 0)) goto failed; _dbus_string_skip_blank (args, i, &i); if (!_dbus_string_copy (args, i, &hex_response, 0)) goto failed; - + auth->mech = find_mech (&mech, auth->allowed_mechs); if (auth->mech != NULL) { _dbus_verbose ("%s: Trying mechanism %s\n", DBUS_AUTH_NAME (auth), auth->mech->mechanism); - + if (!process_data (auth, &hex_response, auth->mech->server_data_func)) goto failed; @@ -1713,16 +1744,16 @@ handle_auth (DBusAuth *auth, const DBusS _dbus_verbose ("%s: Unsupported mechanism %s\n", DBUS_AUTH_NAME (auth), _dbus_string_get_const_data (&mech)); - + if (!send_rejected (auth)) goto failed; } - _dbus_string_free (&mech); + _dbus_string_free (&mech); _dbus_string_free (&hex_response); return TRUE; - + failed: auth->mech = NULL; _dbus_string_free (&mech); @@ -1843,12 +1874,12 @@ get_word (const DBusString *str, _dbus_string_skip_blank (str, *start, start); _dbus_string_find_blank (str, *start, &i); - + if (i > *start) { if (!_dbus_string_copy_len (str, *start, i - *start, word, 0)) return FALSE; - + *start = i; } @@ -1864,18 +1895,18 @@ record_mechanisms (DBusAuth *aut if (auth->already_got_mechanisms) return TRUE; - + len = _dbus_string_get_length (args); - + next = 0; while (next < len) { DBusString m; const DBusAuthMechanismHandler *mech; - + if (!_dbus_string_init (&m)) goto nomem; - + if (!get_word (args, &next, &m)) { _dbus_string_free (&m); @@ -1899,7 +1930,7 @@ record_mechanisms (DBusAuth *aut { _dbus_verbose ("%s: Adding mechanism %s to list we will try\n", DBUS_AUTH_NAME (auth), mech->mechanism); - + if (!_dbus_list_append (& DBUS_AUTH_CLIENT (auth)->mechs_to_try, (void*) mech)) { @@ -1922,14 +1953,14 @@ record_mechanisms (DBusAuth *aut _dbus_string_free (&m); } - + auth->already_got_mechanisms = TRUE; - + return TRUE; nomem: _dbus_list_clear (& DBUS_AUTH_CLIENT (auth)->mechs_to_try); - + return FALSE; } @@ -1946,7 +1977,7 @@ process_rejected (DBusAuth *auth, const if (!record_mechanisms (auth, args)) return FALSE; } - + if (DBUS_AUTH_CLIENT (auth)->mechs_to_try != NULL) { mech = client->mechs_to_try->data; @@ -1967,7 +1998,7 @@ process_rejected (DBusAuth *auth, const DBUS_AUTH_NAME (auth)); goto_state (auth, &common_state_need_disconnect); } - + return TRUE; } @@ -1978,7 +2009,7 @@ handle_client_state_waiting_for_data (DB const DBusString *args) { _dbus_assert (auth->mech != NULL); - + switch (command) { case DBUS_AUTH_COMMAND_DATA: @@ -2041,7 +2072,7 @@ handle_client_state_waiting_for_reject ( { case DBUS_AUTH_COMMAND_REJECTED: return process_rejected (auth, args); - + case DBUS_AUTH_COMMAND_AUTH: case DBUS_AUTH_COMMAND_CANCEL: case DBUS_AUTH_COMMAND_DATA: @@ -2148,13 +2179,13 @@ process_command (DBusAuth *auth) dbus_bool_t retval; /* _dbus_verbose ("%s: trying process_command()\n"); */ - + retval = FALSE; - + eol = 0; if (!_dbus_string_find (&auth->incoming, 0, "\r\n", &eol)) return FALSE; - + if (!_dbus_string_init (&line)) { auth->needed_memory = TRUE; @@ -2167,7 +2198,7 @@ process_command (DBusAuth *auth) auth->needed_memory = TRUE; return FALSE; } - + if (!_dbus_string_copy_len (&auth->incoming, 0, eol, &line, 0)) goto out; @@ -2181,41 +2212,41 @@ process_command (DBusAuth *auth) else goto next_command; } - + _dbus_verbose ("%s: got command \"%s\"\n", DBUS_AUTH_NAME (auth), _dbus_string_get_const_data (&line)); - + _dbus_string_find_blank (&line, 0, &i); _dbus_string_skip_blank (&line, i, &j); if (j > i) _dbus_string_delete (&line, i, j - i); - + if (!_dbus_string_move (&line, i, &args, 0)) goto out; /* FIXME 1.0 we should probably validate that only the allowed * chars are in the command name */ - + command = lookup_command_from_name (&line); if (!(* auth->state->handler) (auth, command, &args)) goto out; next_command: - + /* We've succeeded in processing the whole command so drop it out * of the incoming buffer and return TRUE to try another command. */ _dbus_string_delete (&auth->incoming, 0, eol); - + /* kill the \r\n */ _dbus_string_delete (&auth->incoming, 0, 2); retval = TRUE; - + out: _dbus_string_free (&args); _dbus_string_free (&line); @@ -2224,7 +2255,7 @@ process_command (DBusAuth *auth) auth->needed_memory = TRUE; else auth->needed_memory = FALSE; - + return retval; } @@ -2265,20 +2296,20 @@ _dbus_auth_server_new (const DBusString _dbus_string_free (&guid_copy); return NULL; } - + auth->side = auth_side_server; auth->state = &server_state_waiting_for_auth; server_auth = DBUS_AUTH_SERVER (auth); server_auth->guid = guid_copy; - + /* perhaps this should be per-mechanism with a lower * max */ server_auth->failures = 0; server_auth->max_failures = 6; - + return auth; } @@ -2317,7 +2348,7 @@ _dbus_auth_client_new (void) _dbus_auth_unref (auth); return NULL; } - + return auth; } @@ -2331,9 +2362,9 @@ DBusAuth * _dbus_auth_ref (DBusAuth *auth) { _dbus_assert (auth != NULL); - + auth->refcount += 1; - + return auth; } @@ -2379,7 +2410,7 @@ _dbus_auth_unref (DBusAuth *auth) _dbus_credentials_unref (auth->credentials); _dbus_credentials_unref (auth->authorized_identity); _dbus_credentials_unref (auth->desired_identity); - + dbus_free (auth); } } @@ -2406,7 +2437,7 @@ _dbus_auth_set_mechanisms (DBusAuth * } else copy = NULL; - + dbus_free_string_array (auth->allowed_mechs); auth->allowed_mechs = copy; @@ -2439,7 +2470,7 @@ _dbus_auth_do_work (DBusAuth *auth) { if (DBUS_AUTH_IN_END_STATE (auth)) break; - + if (_dbus_string_get_length (&auth->incoming) > MAX_BUFFER || _dbus_string_get_length (&auth->outgoing) > MAX_BUFFER) { @@ -2479,7 +2510,7 @@ _dbus_auth_get_bytes_to_send (DBusAuth _dbus_assert (str != NULL); *str = NULL; - + if (_dbus_string_get_length (&auth->outgoing) == 0) return FALSE; @@ -2504,7 +2535,7 @@ _dbus_auth_bytes_sent (DBusAuth *auth, DBUS_AUTH_NAME (auth), bytes_sent, _dbus_string_get_const_data (&auth->outgoing)); - + _dbus_string_delete (&auth->outgoing, 0, bytes_sent); } @@ -2522,7 +2553,7 @@ _dbus_auth_get_buffer (DBusAuth *aut { _dbus_assert (auth != NULL); _dbus_assert (!auth->buffer_outstanding); - + *buffer = &auth->incoming; auth->buffer_outstanding = TRUE; @@ -2592,7 +2623,7 @@ _dbus_auth_needs_encoding (DBusAuth *aut { if (auth->state != &common_state_authenticated) return FALSE; - + if (auth->mech != NULL) { if (DBUS_AUTH_IS_CLIENT (auth)) @@ -2620,10 +2651,10 @@ _dbus_auth_encode_data (DBusAuth DBusString *encoded) { _dbus_assert (plaintext != encoded); - + if (auth->state != &common_state_authenticated) return FALSE; - + if (_dbus_auth_needs_encoding (auth)) { if (DBUS_AUTH_IS_CLIENT (auth)) @@ -2651,7 +2682,7 @@ _dbus_auth_needs_decoding (DBusAuth *aut { if (auth->state != &common_state_authenticated) return FALSE; - + if (auth->mech != NULL) { if (DBUS_AUTH_IS_CLIENT (auth)) @@ -2683,10 +2714,10 @@ _dbus_auth_decode_data (DBusAuth DBusString *plaintext) { _dbus_assert (plaintext != encoded); - + if (auth->state != &common_state_authenticated) return FALSE; - + if (_dbus_auth_needs_decoding (auth)) { if (DBUS_AUTH_IS_CLIENT (auth)) @@ -2755,7 +2786,7 @@ const char* _dbus_auth_get_guid_from_server (DBusAuth *auth) { _dbus_assert (DBUS_AUTH_IS_CLIENT (auth)); - + if (auth->state == &common_state_authenticated) return _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server); else
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor