D-Bus 1.15.0
dbus-nonce.c
1/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2/* dbus-nonce.c Nonce handling functions used by nonce-tcp (internal to D-Bus implementation)
3 *
4 * Copyright (C) 2009 Klaralvdalens Datakonsult AB, a KDAB Group company, info@kdab.net
5 *
6 * Licensed under the Academic Free License version 2.1
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24#include <config.h>
25// major sections of this file are modified code from libassuan, (C) FSF
26#include "dbus-nonce.h"
27#include "dbus-internals.h"
28#include "dbus-protocol.h"
29#include "dbus-sysdeps.h"
30
31#include <stdio.h>
32
34{
35 DBusString path;
36 DBusString dir;
37};
38
39static dbus_bool_t
40do_check_nonce (DBusSocket fd, const DBusString *nonce, DBusError *error)
41{
42 DBusString buffer;
43 DBusString p;
44 size_t nleft;
45 dbus_bool_t result;
46 int n;
47
48 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
49
50 nleft = 16;
51
52 /* This is a trick to make it safe to call _dbus_string_free on these
53 * strings during error unwinding, even if allocating memory for them
54 * fails. A constant DBusString is considered to be valid to "free",
55 * even though there is nothing to free (of course the free operation
56 * is trivial, because it does not own its own buffer); but
57 * unlike a mutable DBusString, initializing a constant DBusString
58 * cannot fail.
59 *
60 * We must successfully re-initialize the strings to be mutable before
61 * writing to them, of course.
62 */
63 _dbus_string_init_const (&buffer, "");
65
66 if ( !_dbus_string_init (&buffer)
67 || !_dbus_string_init (&p) ) {
70 _dbus_string_free (&buffer);
71 return FALSE;
72 }
73
74 while (nleft)
75 {
76 int saved_errno;
77
78 n = _dbus_read_socket (fd, &p, nleft);
79 saved_errno = _dbus_save_socket_errno ();
80
81 if (n == -1 && _dbus_get_is_errno_eintr (saved_errno))
82 ;
83 else if (n == -1 && _dbus_get_is_errno_eagain_or_ewouldblock (saved_errno))
85 else if (n==-1)
86 {
87 dbus_set_error (error, DBUS_ERROR_IO_ERROR, "Could not read nonce from socket (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
89 _dbus_string_free (&buffer);
90 return FALSE;
91 }
92 else if (!n)
93 {
95 _dbus_string_free (&buffer);
96 dbus_set_error (error, DBUS_ERROR_IO_ERROR, "Could not read nonce from socket (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
97 return FALSE;
98 }
99 else
100 {
101 if (!_dbus_string_append_len (&buffer, _dbus_string_get_const_data (&p), n))
102 {
105 _dbus_string_free (&buffer);
106 return FALSE;
107 }
108 nleft -= n;
109 }
110 }
111
112 result = _dbus_string_equal_len (&buffer, nonce, 16);
113 if (!result)
114 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Nonces do not match, access denied (fd=%" DBUS_SOCKET_FORMAT ")", _dbus_socket_printable (fd));
115
117 _dbus_string_free (&buffer);
118
119 return result;
120}
121
131_dbus_read_nonce (const DBusString *fname, DBusString *nonce, DBusError* error)
132{
133 FILE *fp;
134 char buffer[17];
135 size_t nread;
136
137 buffer[sizeof buffer - 1] = '\0';
138
139 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
140
141 _dbus_verbose ("reading nonce from file: %s\n", _dbus_string_get_const_data (fname));
142
143
144 fp = fopen (_dbus_string_get_const_data (fname), "rb");
145 if (!fp)
146 {
147 dbus_set_error (error,
149 "Failed to open %s for read: %s",
150 _dbus_string_get_const_data (fname),
152 return FALSE;
153 }
154
155 nread = fread (buffer, 1, sizeof buffer - 1, fp);
156 fclose (fp);
157 if (!nread)
158 {
159 dbus_set_error (error, DBUS_ERROR_FILE_NOT_FOUND, "Could not read nonce from file %s", _dbus_string_get_const_data (fname));
160 return FALSE;
161 }
162
163 if (!_dbus_string_append_len (nonce, buffer, sizeof buffer - 1 ))
164 {
166 return FALSE;
167 }
168 return TRUE;
169}
170
172_dbus_accept_with_noncefile (DBusSocket listen_fd, const DBusNonceFile *noncefile)
173{
174 DBusSocket fd = _dbus_socket_get_invalid ();
175 DBusString nonce;
176
177 _dbus_assert (noncefile != NULL);
178
179 /* Make it valid to "free" this even if _dbus_string_init() runs
180 * out of memory: see comment in do_check_nonce() */
181 _dbus_string_init_const (&nonce, "");
182
183 if (!_dbus_string_init (&nonce))
184 goto out;
185
186 //PENDING(kdab): set better errors
187 if (_dbus_read_nonce (_dbus_noncefile_get_path(noncefile), &nonce, NULL) != TRUE)
188 goto out;
189
190 fd = _dbus_accept (listen_fd);
191
192 if (!_dbus_socket_is_valid (fd))
193 goto out;
194
195 if (do_check_nonce(fd, &nonce, NULL) != TRUE) {
196 _dbus_verbose ("nonce check failed. Closing socket.\n");
198 goto out;
199 }
200
201out:
202 _dbus_string_free (&nonce);
203 return fd;
204}
205
206static dbus_bool_t
207generate_and_write_nonce (const DBusString *filename, DBusError *error)
208{
209 DBusString nonce;
210 dbus_bool_t ret;
211
212 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
213
214 if (!_dbus_string_init (&nonce))
215 {
217 return FALSE;
218 }
219
220 if (!_dbus_generate_random_bytes (&nonce, 16, error))
221 {
222 _dbus_string_free (&nonce);
223 return FALSE;
224 }
225
226 ret = _dbus_string_save_to_file (&nonce, filename, FALSE, error);
227
228 _dbus_string_free (&nonce);
229
230 return ret;
231}
232
243_dbus_send_nonce (DBusSocket fd,
244 const DBusString *noncefile,
245 DBusError *error)
246{
247 dbus_bool_t read_result;
248 int send_result;
249 DBusString nonce;
250
251 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
252
253 if (_dbus_string_get_length (noncefile) == 0)
254 return FALSE;
255
256 if (!_dbus_string_init (&nonce))
257 {
259 return FALSE;
260 }
261
262 read_result = _dbus_read_nonce (noncefile, &nonce, error);
263 if (!read_result)
264 {
265 _DBUS_ASSERT_ERROR_IS_SET (error);
266 _dbus_string_free (&nonce);
267 return FALSE;
268 }
269 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
270
271 send_result = _dbus_write_socket (fd, &nonce, 0, _dbus_string_get_length (&nonce));
272
273 _dbus_string_free (&nonce);
274
275 if (send_result == -1)
276 {
277 dbus_set_error (error,
279 "Failed to send nonce (fd=%" DBUS_SOCKET_FORMAT "): %s",
280 _dbus_socket_printable (fd),
282 return FALSE;
283 }
284
285 return TRUE;
286}
287
288static dbus_bool_t
289do_noncefile_create (DBusNonceFile **noncefile_out,
290 DBusError *error,
291 dbus_bool_t use_subdir)
292{
293 DBusNonceFile *noncefile = NULL;
294 DBusString randomStr;
295 const char *tmp;
296
297 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
298
299 _dbus_assert (noncefile_out != NULL);
300 _dbus_assert (*noncefile_out == NULL);
301
302 noncefile = dbus_new0 (DBusNonceFile, 1);
303 if (noncefile == NULL)
304 {
306 return FALSE;
307 }
308
309 /* Make it valid to "free" these even if _dbus_string_init() runs
310 * out of memory: see comment in do_check_nonce() */
311 _dbus_string_init_const (&randomStr, "");
312 _dbus_string_init_const (&noncefile->dir, "");
313 _dbus_string_init_const (&noncefile->path, "");
314
315 if (!_dbus_string_init (&randomStr))
316 {
318 goto on_error;
319 }
320
321 if (!_dbus_generate_random_ascii (&randomStr, 8, error))
322 {
323 goto on_error;
324 }
325
326 tmp = _dbus_get_tmpdir ();
327
328 if (!_dbus_string_init (&noncefile->dir)
329 || tmp == NULL
330 || !_dbus_string_append (&noncefile->dir, tmp))
331 {
333 goto on_error;
334 }
335 if (use_subdir)
336 {
337 if (!_dbus_string_append (&noncefile->dir, "/dbus_nonce-")
338 || !_dbus_string_append (&noncefile->dir, _dbus_string_get_const_data (&randomStr)) )
339 {
341 goto on_error;
342 }
343 if (!_dbus_string_init (&noncefile->path)
344 || !_dbus_string_copy (&noncefile->dir, 0, &noncefile->path, 0)
345 || !_dbus_string_append (&noncefile->path, "/nonce"))
346 {
348 goto on_error;
349 }
350 if (!_dbus_create_directory (&noncefile->dir, error))
351 {
352 _DBUS_ASSERT_ERROR_IS_SET (error);
353 goto on_error;
354 }
355 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
356
357 }
358 else
359 {
360 if (!_dbus_string_init (&noncefile->path)
361 || !_dbus_string_copy (&noncefile->dir, 0, &noncefile->path, 0)
362 || !_dbus_string_append (&noncefile->path, "/dbus_nonce-")
363 || !_dbus_string_append (&noncefile->path, _dbus_string_get_const_data (&randomStr)))
364 {
366 goto on_error;
367 }
368
369 }
370
371 if (!generate_and_write_nonce (&noncefile->path, error))
372 {
373 _DBUS_ASSERT_ERROR_IS_SET (error);
374 if (use_subdir)
375 _dbus_delete_directory (&noncefile->dir, NULL); //we ignore possible errors deleting the dir and return the write error instead
376 goto on_error;
377 }
378 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
379
380 *noncefile_out = noncefile;
381 _dbus_string_free (&randomStr);
382
383 return TRUE;
384 on_error:
385 if (use_subdir && _dbus_string_get_length (&noncefile->dir) != 0)
386 _dbus_delete_directory (&noncefile->dir, NULL);
387 _dbus_string_free (&noncefile->dir);
388 _dbus_string_free (&noncefile->path);
389 dbus_free (noncefile);
390 _dbus_string_free (&randomStr);
391 return FALSE;
392}
393
394#ifdef DBUS_WIN
403_dbus_noncefile_create (DBusNonceFile **noncefile_out,
404 DBusError *error)
405{
406 return do_noncefile_create (noncefile_out, error, /*use_subdir=*/FALSE);
407}
408
420_dbus_noncefile_delete (DBusNonceFile **noncefile_location,
421 DBusError *error)
422{
423 DBusNonceFile *noncefile;
424
425 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
426 _dbus_assert (noncefile_location != NULL);
427
428 noncefile = *noncefile_location;
429 *noncefile_location = NULL;
430
431 if (noncefile == NULL)
432 {
433 /* Nothing to do */
434 return TRUE;
435 }
436
437 _dbus_delete_file (&noncefile->path, error);
438 _dbus_string_free (&noncefile->dir);
439 _dbus_string_free (&noncefile->path);
440 dbus_free (noncefile);
441 return TRUE;
442}
443
444#else
454_dbus_noncefile_create (DBusNonceFile **noncefile_out,
455 DBusError *error)
456{
457 return do_noncefile_create (noncefile_out, error, /*use_subdir=*/TRUE);
458}
459
471_dbus_noncefile_delete (DBusNonceFile **noncefile_location,
472 DBusError *error)
473{
474 DBusNonceFile *noncefile;
475
476 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
477 _dbus_assert (noncefile_location != NULL);
478
479 noncefile = *noncefile_location;
480 *noncefile_location = NULL;
481
482 if (noncefile == NULL)
483 {
484 /* Nothing to do */
485 return TRUE;
486 }
487
488 _dbus_delete_directory (&noncefile->dir, error);
489 _dbus_string_free (&noncefile->dir);
490 _dbus_string_free (&noncefile->path);
491 dbus_free (noncefile);
492 return TRUE;
493}
494#endif
495
496
503const DBusString*
504_dbus_noncefile_get_path (const DBusNonceFile *noncefile)
505{
506 _dbus_assert (noncefile);
507 return &noncefile->path;
508}
509
521_dbus_noncefile_check_nonce (DBusSocket fd,
522 const DBusNonceFile *noncefile,
523 DBusError* error)
524{
525 return do_check_nonce (fd, _dbus_noncefile_get_path (noncefile), error);
526}
527
528
void dbus_set_error(DBusError *error, const char *name, const char *format,...)
Assigns an error name and message to a DBusError.
Definition: dbus-errors.c:354
dbus_bool_t _dbus_delete_file(const DBusString *filename, DBusError *error)
Deletes the given file.
dbus_bool_t _dbus_string_save_to_file(const DBusString *str, const DBusString *filename, dbus_bool_t world_readable, DBusError *error)
Writes a string out to a file.
#define _dbus_assert(condition)
Aborts with an error message if the condition is false.
dbus_bool_t _dbus_generate_random_ascii(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of random bytes, where the bytes are chosen from the alphanumeric ASCII su...
Definition: dbus-sysdeps.c:559
const char * _dbus_error_from_system_errno(void)
Converts the current system errno value into a DBusError name.
Definition: dbus-sysdeps.c:691
const char * _dbus_strerror_from_errno(void)
Get error message from errno.
Definition: dbus-sysdeps.c:758
dbus_bool_t _dbus_get_is_errno_eintr(int e)
See if errno is EINTR.
Definition: dbus-sysdeps.c:724
#define NULL
A null pointer, defined appropriately for C or C++.
#define TRUE
Expands to "1".
#define FALSE
Expands to "0".
void dbus_free(void *memory)
Frees a block of memory previously allocated by dbus_malloc() or dbus_malloc0().
Definition: dbus-memory.c:692
#define dbus_new0(type, count)
Safe macro for using dbus_malloc0().
Definition: dbus-memory.h:58
#define DBUS_ERROR_IO_ERROR
Something went wrong reading or writing to a socket, for example.
#define DBUS_ERROR_ACCESS_DENIED
Security restrictions don't allow doing what you're trying to do.
#define DBUS_ERROR_NO_MEMORY
There was not enough memory to complete an operation.
#define DBUS_ERROR_FILE_NOT_FOUND
Missing file.
dbus_bool_t _dbus_string_append(DBusString *str, const char *buffer)
Appends a nul-terminated C-style string to a DBusString.
Definition: dbus-string.c:978
dbus_bool_t _dbus_string_init(DBusString *str)
Initializes a string.
Definition: dbus-string.c:180
void _dbus_string_init_const(DBusString *str, const char *value)
Initializes a constant string.
Definition: dbus-string.c:195
dbus_bool_t _dbus_string_copy(const DBusString *source, int start, DBusString *dest, int insert_at)
Like _dbus_string_move(), but does not delete the section of the source string that's copied to the d...
Definition: dbus-string.c:1343
dbus_bool_t _dbus_string_append_len(DBusString *str, const char *buffer, int len)
Appends block of bytes with the given length to a DBusString.
Definition: dbus-string.c:1168
void _dbus_string_free(DBusString *str)
Frees a string created by _dbus_string_init(), and fills it with the same contents as #_DBUS_STRING_I...
Definition: dbus-string.c:276
dbus_bool_t _dbus_string_equal_len(const DBusString *a, const DBusString *b, int len)
Tests two DBusString for equality up to the given length.
Definition: dbus-string.c:2116
dbus_bool_t _dbus_get_is_errno_eagain_or_ewouldblock(int e)
See if errno is EAGAIN or EWOULDBLOCK (this has to be done differently for Winsock so is abstracted)
int _dbus_read_socket(DBusSocket fd, DBusString *buffer, int count)
Like _dbus_read(), but only works on sockets so is available on Windows.
int _dbus_write_socket(DBusSocket fd, const DBusString *buffer, int start, int len)
Like _dbus_write(), but only supports sockets and is thus available on Windows.
void _dbus_sleep_milliseconds(int milliseconds)
Sleeps the given number of milliseconds.
dbus_bool_t _dbus_close_socket(DBusSocket *fd, DBusError *error)
Closes a socket and invalidates it.
dbus_bool_t _dbus_generate_random_bytes(DBusString *str, int n_bytes, DBusError *error)
Generates the given number of securely random bytes, using the best mechanism we can come up with.
dbus_bool_t _dbus_delete_directory(const DBusString *filename, DBusError *error)
Removes a directory; Directory must be empty.
DBusSocket _dbus_accept(DBusSocket listen_fd)
Accepts a connection on a listening socket.
const char * _dbus_get_tmpdir(void)
Gets the temporary files directory by inspecting the environment variables TMPDIR,...
dbus_bool_t _dbus_create_directory(const DBusString *filename, DBusError *error)
Creates a directory.
dbus_uint32_t dbus_bool_t
A boolean, valid values are TRUE and FALSE.
Definition: dbus-types.h:35
Object representing an exception.
Definition: dbus-errors.h:49
Socket interface.
Definition: dbus-sysdeps.h:179