fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2025-12-27 22:00:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

2003-01-30 Havoc Pennington <hp@pobox.com>

Browse source 
* dbus/dbus-auth.c: rework to use only REJECTED, no
	MECHANISMS

	* doc/dbus-sasl-profile.txt: drop MECHANISMS and just
	use REJECTED, suggested by Mark McLoughlin
This commit is contained in:
Havoc Pennington 2003-01-31 01:31:00 +00:00
parent 6fc53eb130
commit af4ef42fa5
3 changed files with 47 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
ChangeLog
View file

@ -1,3 +1,11 @@
2003-01-30 Havoc Pennington <hp@pobox.com>
* dbus/dbus-auth.c: rework to use only REJECTED, no
MECHANISMS
* doc/dbus-sasl-profile.txt: drop MECHANISMS and just
use REJECTED, suggested by Mark McLoughlin
2003-01-30 Havoc Pennington <hp@pobox.com>
* dbus/dbus-server.c (dbus_server_listen): @todo about how we need

55
dbus/dbus-auth.c
View file

@ -1,7 +1,7 @@
/* -*- mode: C; c-file-style: "gnu" -*- */
/* dbus-auth.c Authentication
*
* Copyright (C) 2002 Red Hat Inc.
* Copyright (C) 2002, 2003 Red Hat Inc.
*
* Licensed under the Academic Free License version 1.2
*
@ -172,9 +172,6 @@ static dbus_bool_t process_data_server (DBusAuth *auth,
static dbus_bool_t process_error_server (DBusAuth *auth,
const DBusString *command,
const DBusString *args);
static dbus_bool_t process_mechanisms (DBusAuth *auth,
const DBusString *command,
const DBusString *args);
static dbus_bool_t process_rejected (DBusAuth *auth,
const DBusString *command,
const DBusString *args);
@ -190,7 +187,7 @@ static dbus_bool_t process_error_client (DBusAuth *auth,
static dbus_bool_t client_try_next_mechanism (DBusAuth *auth);
static dbus_bool_t send_rejected (DBusAuth *auth);
static DBusAuthCommandHandler
server_handlers[] = {
@ -200,11 +197,10 @@ server_handlers[] = {
{ "DATA", process_data_server },
{ "ERROR", process_error_server },
{ NULL, NULL }
};
};
static DBusAuthCommandHandler
client_handlers[] = {
{ "MECHANISMS", process_mechanisms },
{ "REJECTED", process_rejected },
{ "OK", process_ok },
{ "DATA", process_data_client },
@ -390,20 +386,6 @@ handle_decode_stupid_test_mech (DBusAuth *auth,
return TRUE;
}
static dbus_bool_t
do_rejection (DBusAuth *auth)
{
if (_dbus_string_append (&auth->outgoing,
"REJECTED\r\n"))
{
shutdown_mech (auth);
_dbus_verbose ("rejected client auth\n");
return TRUE;
}
else
return FALSE;
}
static dbus_bool_t
handle_server_data_external_mech (DBusAuth *auth,
const DBusString *data)
@ -413,7 +395,7 @@ handle_server_data_external_mech (DBusAuth *auth,
if (auth->credentials.uid < 0)
{
_dbus_verbose ("no credentials, mechanism EXTERNAL can't authenticate\n");
return do_rejection (auth);
return send_rejected (auth);
}
if (_dbus_string_get_length (data) > 0)
@ -421,7 +403,7 @@ handle_server_data_external_mech (DBusAuth *auth,
if (_dbus_string_get_length (&auth->identity) > 0)
{
/* Tried to send two auth identities, wtf */
return do_rejection (auth);
return send_rejected (auth);
}
else
{
@ -463,13 +445,13 @@ handle_server_data_external_mech (DBusAuth *auth,
{
if (!_dbus_credentials_from_uid_string (&auth->identity,
&desired_identity))
return do_rejection (auth);
return send_rejected (auth);
}
if (desired_identity.uid < 0)
{
_dbus_verbose ("desired UID %d is no good\n", desired_identity.uid);
return do_rejection (auth);
return send_rejected (auth);
}
if (_dbus_credentials_match (&auth->credentials,
@ -492,7 +474,7 @@ handle_server_data_external_mech (DBusAuth *auth,
}
else
{
return do_rejection (auth);
return send_rejected (auth);
}
}
@ -600,7 +582,7 @@ find_mech (const DBusString *name)
}
static dbus_bool_t
send_mechanisms (DBusAuth *auth)
send_rejected (DBusAuth *auth)
{
DBusString command;
int i;
@ -609,7 +591,7 @@ send_mechanisms (DBusAuth *auth)
return FALSE;
if (!_dbus_string_append (&command,
"MECHANISMS"))
"REJECTED"))
goto nomem;
i = 0;
@ -657,7 +639,7 @@ process_auth (DBusAuth *auth,
else if (_dbus_string_get_length (args) == 0)
{
/* No args to the auth, send mechanisms */
if (!send_mechanisms (auth))
if (!send_rejected (auth))
return FALSE;
return TRUE;
@ -711,7 +693,7 @@ process_auth (DBusAuth *auth,
else
{
/* Unsupported mechanism */
if (!send_mechanisms (auth))
if (!send_rejected (auth))
return FALSE;
}
@ -826,9 +808,9 @@ get_word (const DBusString *str,
}
static dbus_bool_t
process_mechanisms (DBusAuth *auth,
const DBusString *command,
const DBusString *args)
record_mechanisms (DBusAuth *auth,
const DBusString *command,
const DBusString *args)
{
int next;
int len;
@ -968,12 +950,11 @@ process_rejected (DBusAuth *auth,
if (!auth->already_got_mechanisms)
{
/* Ask for mechanisms */
if (!_dbus_string_append (&auth->outgoing,
"AUTH\r\n"))
if (!record_mechanisms (auth, command, args))
return FALSE;
}
else if (DBUS_AUTH_CLIENT (auth)->mechs_to_try != NULL)
if (DBUS_AUTH_CLIENT (auth)->mechs_to_try != NULL)
{
client_try_next_mechanism (auth);
}

50
doc/dbus-sasl-profile.txt
View file

@ -42,9 +42,7 @@ Commands from the client to the server are as follows:
From server to client are as follows:
MECHANISMS <space-separated list of mechanism names>
REJECTED
REJECTED <space-separated list of mechanism names>
OK
@ -52,7 +50,6 @@ From server to client are as follows:
ERROR
Special credentials-passing nul byte
===
@ -76,26 +73,23 @@ SASL mechanism EXTERNAL.
AUTH Command
===
If an AUTH command has no arguments, it is a request to list
available mechanisms. The server SHOULD respond with a MECHANISMS
command listing the mechanisms it understands.
If an AUTH command has no arguments, it is a request to list
available mechanisms. The server SHOULD respond with a REJECTED
command listing the mechanisms it understands.
If an AUTH command specifies a mechanism, and the server supports
said mechanism, the server SHOULD begin exchanging SASL
challenge-response data with the client using DATA commands.
If the server does not support the mechanism given in the AUTH
command, it SHOULD send a MECHANISMS command listing the mechanisms
it does support. A MECHANISMS command implies that any
authentication in progress was rejected, as if REJECTED were also
sent. A server MAY send a REJECTED command instead of a MECHANISMS
command, though this is unhelpful.
command, it SHOULD send a REJECTED command listing the mechanisms
it does support.
If the [initial-response] argument is provided, it is intended for
use with mechanisms that have no initial challenge (or an empty
initial challenge), as if it were the argument to an initial DATA
command. If the selected mechanism has an initial challenge, the
server should reject authentication (send MECHANISMS or REJECTED).
server should reject authentication by sending REJECTED.
If authentication succeeds after exchanging DATA commands,
an OK command should be sent to the client.
@ -111,10 +105,10 @@ AUTH Command
CANCEL Command
===
At any time up to sending the BEGIN command, the client may
send a CANCEL command. On receiving the CANCEL command, the
server MUST send a REJECTED or MECHANISMS command and abort the
current authentication exchange.
At any time up to sending the BEGIN command, the client may send a
CANCEL command. On receiving the CANCEL command, the server MUST
send a REJECTED command and abort the current authentication
exchange.
DATA Command
===
@ -134,14 +128,6 @@ BEGIN Command
command from the client MUST be the first octet of the
authenticated/encrypted stream of D-BUS messages.
MECHANISMS Command
===
The MECHANISMS command has a space-separated list of
available auth mechanisms as arguments. The MECHANISMS command
implies REJECTED if an authentication exchange is in progress;
the current exchange MUST be considered rejected.
REJECTED Command
===
@ -150,6 +136,12 @@ REJECTED Command
The client would normally try another mechanism, or try providing
different responses to challenges.
Optionally, the REJECTED command has a space-separated list of
available auth mechanisms as arguments. If a server ever provides
a list of supported mechanisms, it MUST provide the same list
each time it sends a REJECTED message. Clients are free to
ignore all lists received after the first.
OK Command
===
@ -193,7 +185,7 @@ Example of finding out mechanisms then picking one
===
C: AUTH
S: MECHANISMS KERBEROS_V4 SKEY
S: REJECTED KERBEROS_V4 SKEY
C: AUTH SKEY bW9yZ2Fu
S: DATA OTUgUWE1ODMwOA==
C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
@ -213,7 +205,7 @@ Example of server doesn't support initial auth mechanism
===
C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
S: MECHANISMS KERBEROS_V4 SKEY
S: REJECTED KERBEROS_V4 SKEY
C: AUTH SKEY bW9yZ2Fu
S: DATA OTUgUWE1ODMwOA==
C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
@ -224,7 +216,7 @@ Example of wrong password or the like followed by successful retry
===
C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
S: MECHANISMS KERBEROS_V4 SKEY
S: REJECTED KERBEROS_V4 SKEY
C: AUTH SKEY bW9yZ2Fu
S: DATA OTUgUWE1ODMwOA==
C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
@ -239,7 +231,7 @@ Example of skey canceled and restarted
===
C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
S: MECHANISMS KERBEROS_V4 SKEY
S: REJECTED KERBEROS_V4 SKEY
C: AUTH SKEY bW9yZ2Fu
S: DATA OTUgUWE1ODMwOA==
C: CANCEL