D-Bus
1.10.12
|
00001 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ 00002 /* dbus-keyring.c Store secret cookies in your homedir 00003 * 00004 * Copyright (C) 2003, 2004 Red Hat Inc. 00005 * 00006 * Licensed under the Academic Free License version 2.1 00007 * 00008 * This program is free software; you can redistribute it and/or modify 00009 * it under the terms of the GNU General Public License as published by 00010 * the Free Software Foundation; either version 2 of the License, or 00011 * (at your option) any later version. 00012 * 00013 * This program is distributed in the hope that it will be useful, 00014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00016 * GNU General Public License for more details. 00017 * 00018 * You should have received a copy of the GNU General Public License 00019 * along with this program; if not, write to the Free Software 00020 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 00021 * 00022 */ 00023 00024 #include <config.h> 00025 #include "dbus-keyring.h" 00026 #include "dbus-protocol.h" 00027 #include <dbus/dbus-string.h> 00028 #include <dbus/dbus-list.h> 00029 #include <dbus/dbus-sysdeps.h> 00030 00067 #define NEW_KEY_TIMEOUT_SECONDS (60*5) 00068 00073 #define EXPIRE_KEYS_TIMEOUT_SECONDS (NEW_KEY_TIMEOUT_SECONDS + (60*2)) 00074 00077 #define MAX_TIME_TRAVEL_SECONDS (60*5) 00078 00083 #ifdef DBUS_ENABLE_EMBEDDED_TESTS 00084 #define MAX_KEYS_IN_FILE 10 00085 #else 00086 #define MAX_KEYS_IN_FILE 256 00087 #endif 00088 00092 typedef struct 00093 { 00094 dbus_int32_t id; 00096 long creation_time; 00101 DBusString secret; 00103 } DBusKey; 00104 00111 struct DBusKeyring 00112 { 00113 int refcount; 00114 DBusString directory; 00115 DBusString filename; 00116 DBusString filename_lock; 00117 DBusKey *keys; 00118 int n_keys; 00119 DBusCredentials *credentials; 00120 }; 00121 00122 static DBusKeyring* 00123 _dbus_keyring_new (void) 00124 { 00125 DBusKeyring *keyring; 00126 00127 keyring = dbus_new0 (DBusKeyring, 1); 00128 if (keyring == NULL) 00129 goto out_0; 00130 00131 if (!_dbus_string_init (&keyring->directory)) 00132 goto out_1; 00133 00134 if (!_dbus_string_init (&keyring->filename)) 00135 goto out_2; 00136 00137 if (!_dbus_string_init (&keyring->filename_lock)) 00138 goto out_3; 00139 00140 keyring->refcount = 1; 00141 keyring->keys = NULL; 00142 keyring->n_keys = 0; 00143 00144 return keyring; 00145 00146 out_3: 00147 _dbus_string_free (&keyring->filename); 00148 out_2: 00149 _dbus_string_free (&keyring->directory); 00150 out_1: 00151 dbus_free (keyring); 00152 out_0: 00153 return NULL; 00154 } 00155 00156 static void 00157 free_keys (DBusKey *keys, 00158 int n_keys) 00159 { 00160 int i; 00161 00162 /* should be safe for args NULL, 0 */ 00163 00164 i = 0; 00165 while (i < n_keys) 00166 { 00167 _dbus_string_free (&keys[i].secret); 00168 ++i; 00169 } 00170 00171 dbus_free (keys); 00172 } 00173 00174 /* Our locking scheme is highly unreliable. However, there is 00175 * unfortunately no reliable locking scheme in user home directories; 00176 * between bugs in Linux NFS, people using Tru64 or other total crap 00177 * NFS, AFS, random-file-system-of-the-week, and so forth, fcntl() in 00178 * homedirs simply generates tons of bug reports. This has been 00179 * learned through hard experience with GConf, unfortunately. 00180 * 00181 * This bad hack might work better for the kind of lock we have here, 00182 * which we don't expect to hold for any length of time. Crashing 00183 * while we hold it should be unlikely, and timing out such that we 00184 * delete a stale lock should also be unlikely except when the 00185 * filesystem is running really slowly. Stuff might break in corner 00186 * cases but as long as it's not a security-level breakage it should 00187 * be OK. 00188 */ 00189 00191 #define MAX_LOCK_TIMEOUTS 32 00192 00193 #define LOCK_TIMEOUT_MILLISECONDS 250 00194 00195 static dbus_bool_t 00196 _dbus_keyring_lock (DBusKeyring *keyring) 00197 { 00198 int n_timeouts; 00199 00200 n_timeouts = 0; 00201 while (n_timeouts < MAX_LOCK_TIMEOUTS) 00202 { 00203 DBusError error = DBUS_ERROR_INIT; 00204 00205 if (_dbus_create_file_exclusively (&keyring->filename_lock, 00206 &error)) 00207 break; 00208 00209 _dbus_verbose ("Did not get lock file, sleeping %d milliseconds (%s)\n", 00210 LOCK_TIMEOUT_MILLISECONDS, error.message); 00211 dbus_error_free (&error); 00212 00213 _dbus_sleep_milliseconds (LOCK_TIMEOUT_MILLISECONDS); 00214 00215 ++n_timeouts; 00216 } 00217 00218 if (n_timeouts == MAX_LOCK_TIMEOUTS) 00219 { 00220 DBusError error = DBUS_ERROR_INIT; 00221 00222 _dbus_verbose ("Lock file timed out %d times, assuming stale\n", 00223 n_timeouts); 00224 00225 if (!_dbus_delete_file (&keyring->filename_lock, &error)) 00226 { 00227 _dbus_verbose ("Couldn't delete old lock file: %s\n", 00228 error.message); 00229 dbus_error_free (&error); 00230 return FALSE; 00231 } 00232 00233 if (!_dbus_create_file_exclusively (&keyring->filename_lock, 00234 &error)) 00235 { 00236 _dbus_verbose ("Couldn't create lock file after deleting stale one: %s\n", 00237 error.message); 00238 dbus_error_free (&error); 00239 return FALSE; 00240 } 00241 } 00242 00243 return TRUE; 00244 } 00245 00246 static void 00247 _dbus_keyring_unlock (DBusKeyring *keyring) 00248 { 00249 DBusError error = DBUS_ERROR_INIT; 00250 00251 if (!_dbus_delete_file (&keyring->filename_lock, &error)) 00252 { 00253 _dbus_warn ("Failed to delete lock file: %s\n", 00254 error.message); 00255 dbus_error_free (&error); 00256 } 00257 } 00258 00259 static DBusKey* 00260 find_key_by_id (DBusKey *keys, 00261 int n_keys, 00262 int id) 00263 { 00264 int i; 00265 00266 i = 0; 00267 while (i < n_keys) 00268 { 00269 if (keys[i].id == id) 00270 return &keys[i]; 00271 00272 ++i; 00273 } 00274 00275 return NULL; 00276 } 00277 00278 static dbus_bool_t 00279 add_new_key (DBusKey **keys_p, 00280 int *n_keys_p, 00281 DBusError *error) 00282 { 00283 DBusKey *new; 00284 DBusString bytes; 00285 int id; 00286 long timestamp; 00287 const unsigned char *s; 00288 dbus_bool_t retval; 00289 DBusKey *keys; 00290 int n_keys; 00291 00292 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 00293 00294 if (!_dbus_string_init (&bytes)) 00295 { 00296 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00297 return FALSE; 00298 } 00299 00300 keys = *keys_p; 00301 n_keys = *n_keys_p; 00302 retval = FALSE; 00303 00304 /* Generate an integer ID and then the actual key. */ 00305 retry: 00306 00307 if (!_dbus_generate_random_bytes (&bytes, 4, error)) 00308 goto out; 00309 00310 s = (const unsigned char*) _dbus_string_get_const_data (&bytes); 00311 00312 id = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24); 00313 if (id < 0) 00314 id = - id; 00315 _dbus_assert (id >= 0); 00316 00317 if (find_key_by_id (keys, n_keys, id) != NULL) 00318 { 00319 _dbus_string_set_length (&bytes, 0); 00320 _dbus_verbose ("Key ID %d already existed, trying another one\n", 00321 id); 00322 goto retry; 00323 } 00324 00325 _dbus_verbose ("Creating key with ID %d\n", id); 00326 00327 #define KEY_LENGTH_BYTES 24 00328 _dbus_string_set_length (&bytes, 0); 00329 if (!_dbus_generate_random_bytes (&bytes, KEY_LENGTH_BYTES, error)) 00330 { 00331 goto out; 00332 } 00333 00334 new = dbus_realloc (keys, sizeof (DBusKey) * (n_keys + 1)); 00335 if (new == NULL) 00336 { 00337 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00338 goto out; 00339 } 00340 00341 keys = new; 00342 *keys_p = keys; /* otherwise *keys_p ends up invalid */ 00343 n_keys += 1; 00344 00345 if (!_dbus_string_init (&keys[n_keys-1].secret)) 00346 { 00347 n_keys -= 1; /* we don't want to free the one we didn't init */ 00348 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00349 goto out; 00350 } 00351 00352 _dbus_get_real_time (×tamp, NULL); 00353 00354 keys[n_keys-1].id = id; 00355 keys[n_keys-1].creation_time = timestamp; 00356 if (!_dbus_string_move (&bytes, 0, 00357 &keys[n_keys-1].secret, 00358 0)) 00359 { 00360 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00361 _dbus_string_free (&keys[n_keys-1].secret); 00362 n_keys -= 1; 00363 goto out; 00364 } 00365 00366 retval = TRUE; 00367 00368 out: 00369 *n_keys_p = n_keys; 00370 00371 _dbus_string_free (&bytes); 00372 return retval; 00373 } 00374 00389 static dbus_bool_t 00390 _dbus_keyring_reload (DBusKeyring *keyring, 00391 dbus_bool_t add_new, 00392 DBusError *error) 00393 { 00394 DBusString contents; 00395 DBusString line; 00396 dbus_bool_t retval; 00397 dbus_bool_t have_lock; 00398 DBusKey *keys; 00399 int n_keys; 00400 int i; 00401 long now; 00402 DBusError tmp_error; 00403 00404 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 00405 00406 if (!_dbus_check_dir_is_private_to_user (&keyring->directory, error)) 00407 return FALSE; 00408 00409 if (!_dbus_string_init (&contents)) 00410 { 00411 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00412 return FALSE; 00413 } 00414 00415 if (!_dbus_string_init (&line)) 00416 { 00417 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00418 _dbus_string_free (&contents); 00419 return FALSE; 00420 } 00421 00422 keys = NULL; 00423 n_keys = 0; 00424 retval = FALSE; 00425 have_lock = FALSE; 00426 00427 _dbus_get_real_time (&now, NULL); 00428 00429 if (add_new) 00430 { 00431 if (!_dbus_keyring_lock (keyring)) 00432 { 00433 dbus_set_error (error, DBUS_ERROR_FAILED, 00434 "Could not lock keyring file to add to it"); 00435 goto out; 00436 } 00437 00438 have_lock = TRUE; 00439 } 00440 00441 dbus_error_init (&tmp_error); 00442 if (!_dbus_file_get_contents (&contents, 00443 &keyring->filename, 00444 &tmp_error)) 00445 { 00446 _dbus_verbose ("Failed to load keyring file: %s\n", 00447 tmp_error.message); 00448 /* continue with empty keyring file, so we recreate it */ 00449 dbus_error_free (&tmp_error); 00450 } 00451 00452 if (!_dbus_string_validate_ascii (&contents, 0, 00453 _dbus_string_get_length (&contents))) 00454 { 00455 _dbus_warn ("Secret keyring file contains non-ASCII! Ignoring existing contents\n"); 00456 _dbus_string_set_length (&contents, 0); 00457 } 00458 00459 /* FIXME this is badly inefficient for large keyring files 00460 * (not that large keyring files exist outside of test suites) 00461 */ 00462 while (_dbus_string_pop_line (&contents, &line)) 00463 { 00464 int next; 00465 long val; 00466 int id; 00467 long timestamp; 00468 int len; 00469 int end; 00470 DBusKey *new; 00471 00472 /* Don't load more than the max. */ 00473 if (n_keys >= (add_new ? MAX_KEYS_IN_FILE - 1 : MAX_KEYS_IN_FILE)) 00474 break; 00475 00476 next = 0; 00477 if (!_dbus_string_parse_int (&line, 0, &val, &next)) 00478 { 00479 _dbus_verbose ("could not parse secret key ID at start of line\n"); 00480 continue; 00481 } 00482 00483 if (val > _DBUS_INT32_MAX || val < 0) 00484 { 00485 _dbus_verbose ("invalid secret key ID at start of line\n"); 00486 continue; 00487 } 00488 00489 id = val; 00490 00491 _dbus_string_skip_blank (&line, next, &next); 00492 00493 if (!_dbus_string_parse_int (&line, next, ×tamp, &next)) 00494 { 00495 _dbus_verbose ("could not parse secret key timestamp\n"); 00496 continue; 00497 } 00498 00499 if (timestamp < 0 || 00500 (now + MAX_TIME_TRAVEL_SECONDS) < timestamp || 00501 (now - EXPIRE_KEYS_TIMEOUT_SECONDS) > timestamp) 00502 { 00503 _dbus_verbose ("dropping/ignoring %ld-seconds old key with timestamp %ld as current time is %ld\n", 00504 now - timestamp, timestamp, now); 00505 continue; 00506 } 00507 00508 _dbus_string_skip_blank (&line, next, &next); 00509 00510 len = _dbus_string_get_length (&line); 00511 00512 if ((len - next) == 0) 00513 { 00514 _dbus_verbose ("no secret key after ID and timestamp\n"); 00515 continue; 00516 } 00517 00518 /* We have all three parts */ 00519 new = dbus_realloc (keys, sizeof (DBusKey) * (n_keys + 1)); 00520 if (new == NULL) 00521 { 00522 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00523 goto out; 00524 } 00525 00526 keys = new; 00527 n_keys += 1; 00528 00529 if (!_dbus_string_init (&keys[n_keys-1].secret)) 00530 { 00531 n_keys -= 1; /* we don't want to free the one we didn't init */ 00532 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00533 goto out; 00534 } 00535 00536 keys[n_keys-1].id = id; 00537 keys[n_keys-1].creation_time = timestamp; 00538 if (!_dbus_string_hex_decode (&line, next, &end, 00539 &keys[n_keys-1].secret, 0)) 00540 { 00541 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00542 goto out; 00543 } 00544 00545 if (_dbus_string_get_length (&line) != end) 00546 { 00547 _dbus_verbose ("invalid hex encoding in keyring file\n"); 00548 _dbus_string_free (&keys[n_keys - 1].secret); 00549 n_keys -= 1; 00550 continue; 00551 } 00552 } 00553 00554 _dbus_verbose ("Successfully loaded %d existing keys\n", 00555 n_keys); 00556 00557 if (add_new) 00558 { 00559 if (!add_new_key (&keys, &n_keys, error)) 00560 { 00561 _dbus_verbose ("Failed to generate new key: %s\n", 00562 error ? error->message : "(unknown)"); 00563 goto out; 00564 } 00565 00566 _dbus_string_set_length (&contents, 0); 00567 00568 i = 0; 00569 while (i < n_keys) 00570 { 00571 if (!_dbus_string_append_int (&contents, 00572 keys[i].id)) 00573 goto nomem; 00574 00575 if (!_dbus_string_append_byte (&contents, ' ')) 00576 goto nomem; 00577 00578 if (!_dbus_string_append_int (&contents, 00579 keys[i].creation_time)) 00580 goto nomem; 00581 00582 if (!_dbus_string_append_byte (&contents, ' ')) 00583 goto nomem; 00584 00585 if (!_dbus_string_hex_encode (&keys[i].secret, 0, 00586 &contents, 00587 _dbus_string_get_length (&contents))) 00588 goto nomem; 00589 00590 if (!_dbus_string_append_byte (&contents, '\n')) 00591 goto nomem; 00592 00593 ++i; 00594 continue; 00595 00596 nomem: 00597 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00598 goto out; 00599 } 00600 00601 if (!_dbus_string_save_to_file (&contents, &keyring->filename, 00602 FALSE, error)) 00603 goto out; 00604 } 00605 00606 if (keyring->keys) 00607 free_keys (keyring->keys, keyring->n_keys); 00608 keyring->keys = keys; 00609 keyring->n_keys = n_keys; 00610 keys = NULL; 00611 n_keys = 0; 00612 00613 retval = TRUE; 00614 00615 out: 00616 if (have_lock) 00617 _dbus_keyring_unlock (keyring); 00618 00619 if (! ((retval == TRUE && (error == NULL || error->name == NULL)) || 00620 (retval == FALSE && (error == NULL || error->name != NULL)))) 00621 { 00622 if (error && error->name) 00623 _dbus_verbose ("error is %s: %s\n", error->name, error->message); 00624 _dbus_warn ("returning %d but error pointer %p name %s\n", 00625 retval, error, error->name ? error->name : "(none)"); 00626 _dbus_assert_not_reached ("didn't handle errors properly"); 00627 } 00628 00629 if (keys != NULL) 00630 { 00631 i = 0; 00632 while (i < n_keys) 00633 { 00634 _dbus_string_zero (&keys[i].secret); 00635 _dbus_string_free (&keys[i].secret); 00636 ++i; 00637 } 00638 00639 dbus_free (keys); 00640 } 00641 00642 _dbus_string_free (&contents); 00643 _dbus_string_free (&line); 00644 00645 return retval; 00646 } 00647 /* end of internals */ 00649 00662 DBusKeyring * 00663 _dbus_keyring_ref (DBusKeyring *keyring) 00664 { 00665 keyring->refcount += 1; 00666 00667 return keyring; 00668 } 00669 00676 void 00677 _dbus_keyring_unref (DBusKeyring *keyring) 00678 { 00679 keyring->refcount -= 1; 00680 00681 if (keyring->refcount == 0) 00682 { 00683 if (keyring->credentials) 00684 _dbus_credentials_unref (keyring->credentials); 00685 00686 _dbus_string_free (&keyring->filename); 00687 _dbus_string_free (&keyring->filename_lock); 00688 _dbus_string_free (&keyring->directory); 00689 free_keys (keyring->keys, keyring->n_keys); 00690 dbus_free (keyring); 00691 } 00692 } 00693 00704 DBusKeyring* 00705 _dbus_keyring_new_for_credentials (DBusCredentials *credentials, 00706 const DBusString *context, 00707 DBusError *error) 00708 { 00709 DBusString ringdir; 00710 DBusKeyring *keyring; 00711 dbus_bool_t error_set; 00712 DBusError tmp_error; 00713 DBusCredentials *our_credentials; 00714 00715 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 00716 00717 if (_dbus_check_setuid ()) 00718 { 00719 dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, 00720 "Unable to create DBus keyring when setuid"); 00721 return NULL; 00722 } 00723 00724 keyring = NULL; 00725 error_set = FALSE; 00726 our_credentials = NULL; 00727 00728 if (!_dbus_string_init (&ringdir)) 00729 { 00730 dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); 00731 return NULL; 00732 } 00733 00734 if (credentials != NULL) 00735 { 00736 our_credentials = _dbus_credentials_copy (credentials); 00737 } 00738 else 00739 { 00740 our_credentials = _dbus_credentials_new_from_current_process (); 00741 } 00742 00743 if (our_credentials == NULL) 00744 goto failed; 00745 00746 if (_dbus_credentials_are_anonymous (our_credentials)) 00747 { 00748 if (!_dbus_credentials_add_from_current_process (our_credentials)) 00749 goto failed; 00750 } 00751 00752 if (!_dbus_append_keyring_directory_for_credentials (&ringdir, 00753 our_credentials)) 00754 goto failed; 00755 00756 keyring = _dbus_keyring_new (); 00757 if (keyring == NULL) 00758 goto failed; 00759 00760 _dbus_assert (keyring->credentials == NULL); 00761 keyring->credentials = our_credentials; 00762 our_credentials = NULL; /* so we don't unref it again later */ 00763 00764 /* should have been validated already, but paranoia check here */ 00765 if (!_dbus_keyring_validate_context (context)) 00766 { 00767 error_set = TRUE; 00768 dbus_set_error_const (error, 00769 DBUS_ERROR_FAILED, 00770 "Invalid context in keyring creation"); 00771 goto failed; 00772 } 00773 00774 /* Save keyring dir in the keyring object */ 00775 if (!_dbus_string_copy (&ringdir, 0, 00776 &keyring->directory, 0)) 00777 goto failed; 00778 00779 /* Create keyring->filename based on keyring dir and context */ 00780 if (!_dbus_string_copy (&keyring->directory, 0, 00781 &keyring->filename, 0)) 00782 goto failed; 00783 00784 if (!_dbus_concat_dir_and_file (&keyring->filename, 00785 context)) 00786 goto failed; 00787 00788 /* Create lockfile name */ 00789 if (!_dbus_string_copy (&keyring->filename, 0, 00790 &keyring->filename_lock, 0)) 00791 goto failed; 00792 00793 if (!_dbus_string_append (&keyring->filename_lock, ".lock")) 00794 goto failed; 00795 00796 /* Reload keyring */ 00797 dbus_error_init (&tmp_error); 00798 if (!_dbus_keyring_reload (keyring, FALSE, &tmp_error)) 00799 { 00800 _dbus_verbose ("didn't load an existing keyring: %s\n", 00801 tmp_error.message); 00802 dbus_error_free (&tmp_error); 00803 } 00804 00805 /* We don't fail fatally if we can't create the directory, 00806 * but the keyring will probably always be empty 00807 * unless someone else manages to create it 00808 */ 00809 dbus_error_init (&tmp_error); 00810 if (!_dbus_create_directory (&keyring->directory, 00811 &tmp_error)) 00812 { 00813 _dbus_verbose ("Creating keyring directory: %s\n", 00814 tmp_error.message); 00815 dbus_error_free (&tmp_error); 00816 } 00817 00818 _dbus_string_free (&ringdir); 00819 00820 return keyring; 00821 00822 failed: 00823 if (!error_set) 00824 dbus_set_error_const (error, 00825 DBUS_ERROR_NO_MEMORY, 00826 NULL); 00827 if (our_credentials) 00828 _dbus_credentials_unref (our_credentials); 00829 if (keyring) 00830 _dbus_keyring_unref (keyring); 00831 _dbus_string_free (&ringdir); 00832 return NULL; 00833 00834 } 00835 00848 dbus_bool_t 00849 _dbus_keyring_validate_context (const DBusString *context) 00850 { 00851 if (_dbus_string_get_length (context) == 0) 00852 { 00853 _dbus_verbose ("context is zero-length\n"); 00854 return FALSE; 00855 } 00856 00857 if (!_dbus_string_validate_ascii (context, 0, 00858 _dbus_string_get_length (context))) 00859 { 00860 _dbus_verbose ("context not valid ascii\n"); 00861 return FALSE; 00862 } 00863 00864 /* no directory separators */ 00865 if (_dbus_string_find (context, 0, "/", NULL)) 00866 { 00867 _dbus_verbose ("context contains a slash\n"); 00868 return FALSE; 00869 } 00870 00871 if (_dbus_string_find (context, 0, "\\", NULL)) 00872 { 00873 _dbus_verbose ("context contains a backslash\n"); 00874 return FALSE; 00875 } 00876 00877 /* prevent attempts to use dotfiles or ".." or ".lock" 00878 * all of which might allow some kind of attack 00879 */ 00880 if (_dbus_string_find (context, 0, ".", NULL)) 00881 { 00882 _dbus_verbose ("context contains a dot\n"); 00883 return FALSE; 00884 } 00885 00886 /* no spaces/tabs, those are used for separators in the protocol */ 00887 if (_dbus_string_find_blank (context, 0, NULL)) 00888 { 00889 _dbus_verbose ("context contains a blank\n"); 00890 return FALSE; 00891 } 00892 00893 if (_dbus_string_find (context, 0, "\n", NULL)) 00894 { 00895 _dbus_verbose ("context contains a newline\n"); 00896 return FALSE; 00897 } 00898 00899 if (_dbus_string_find (context, 0, "\r", NULL)) 00900 { 00901 _dbus_verbose ("context contains a carriage return\n"); 00902 return FALSE; 00903 } 00904 00905 return TRUE; 00906 } 00907 00908 static DBusKey* 00909 find_recent_key (DBusKeyring *keyring) 00910 { 00911 int i; 00912 long tv_sec, tv_usec; 00913 00914 _dbus_get_real_time (&tv_sec, &tv_usec); 00915 00916 i = 0; 00917 while (i < keyring->n_keys) 00918 { 00919 DBusKey *key = &keyring->keys[i]; 00920 00921 _dbus_verbose ("Key %d is %ld seconds old\n", 00922 i, tv_sec - key->creation_time); 00923 00924 if ((tv_sec - NEW_KEY_TIMEOUT_SECONDS) < key->creation_time) 00925 return key; 00926 00927 ++i; 00928 } 00929 00930 return NULL; 00931 } 00932 00944 int 00945 _dbus_keyring_get_best_key (DBusKeyring *keyring, 00946 DBusError *error) 00947 { 00948 DBusKey *key; 00949 00950 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 00951 00952 key = find_recent_key (keyring); 00953 if (key) 00954 return key->id; 00955 00956 /* All our keys are too old, or we've never loaded the 00957 * keyring. Create a new one. 00958 */ 00959 if (!_dbus_keyring_reload (keyring, TRUE, 00960 error)) 00961 return -1; 00962 00963 key = find_recent_key (keyring); 00964 if (key) 00965 return key->id; 00966 else 00967 { 00968 dbus_set_error_const (error, 00969 DBUS_ERROR_FAILED, 00970 "No recent-enough key found in keyring, and unable to create a new key"); 00971 return -1; 00972 } 00973 } 00974 00983 dbus_bool_t 00984 _dbus_keyring_is_for_credentials (DBusKeyring *keyring, 00985 DBusCredentials *credentials) 00986 { 00987 return _dbus_credentials_same_user (keyring->credentials, 00988 credentials); 00989 } 00990 01002 dbus_bool_t 01003 _dbus_keyring_get_hex_key (DBusKeyring *keyring, 01004 int key_id, 01005 DBusString *hex_key) 01006 { 01007 DBusKey *key; 01008 01009 key = find_key_by_id (keyring->keys, 01010 keyring->n_keys, 01011 key_id); 01012 if (key == NULL) 01013 return TRUE; /* had enough memory, so TRUE */ 01014 01015 return _dbus_string_hex_encode (&key->secret, 0, 01016 hex_key, 01017 _dbus_string_get_length (hex_key)); 01018 } 01019 /* end of exposed API */ 01021 01022 #ifdef DBUS_ENABLE_EMBEDDED_TESTS 01023 #include "dbus-test.h" 01024 #include <stdio.h> 01025 01026 dbus_bool_t 01027 _dbus_keyring_test (void) 01028 { 01029 DBusString context; 01030 DBusKeyring *ring1; 01031 DBusKeyring *ring2; 01032 int id; 01033 DBusError error; 01034 int i; 01035 01036 ring1 = NULL; 01037 ring2 = NULL; 01038 01039 /* Context validation */ 01040 01041 _dbus_string_init_const (&context, "foo"); 01042 _dbus_assert (_dbus_keyring_validate_context (&context)); 01043 _dbus_string_init_const (&context, "org_freedesktop_blah"); 01044 _dbus_assert (_dbus_keyring_validate_context (&context)); 01045 01046 _dbus_string_init_const (&context, ""); 01047 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01048 _dbus_string_init_const (&context, ".foo"); 01049 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01050 _dbus_string_init_const (&context, "bar.foo"); 01051 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01052 _dbus_string_init_const (&context, "bar/foo"); 01053 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01054 _dbus_string_init_const (&context, "bar\\foo"); 01055 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01056 _dbus_string_init_const (&context, "foo\xfa\xf0"); 01057 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01058 _dbus_string_init_const (&context, "foo\x80"); 01059 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01060 _dbus_string_init_const (&context, "foo\x7f"); 01061 _dbus_assert (_dbus_keyring_validate_context (&context)); 01062 _dbus_string_init_const (&context, "foo bar"); 01063 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01064 01065 if (!_dbus_string_init (&context)) 01066 _dbus_assert_not_reached ("no memory"); 01067 if (!_dbus_string_append_byte (&context, '\0')) 01068 _dbus_assert_not_reached ("no memory"); 01069 _dbus_assert (!_dbus_keyring_validate_context (&context)); 01070 _dbus_string_free (&context); 01071 01072 /* Now verify that if we create a key in keyring 1, 01073 * it is properly loaded in keyring 2 01074 */ 01075 01076 _dbus_string_init_const (&context, "org_freedesktop_dbus_testsuite"); 01077 dbus_error_init (&error); 01078 ring1 = _dbus_keyring_new_for_credentials (NULL, &context, 01079 &error); 01080 _dbus_assert (ring1 != NULL); 01081 _dbus_assert (error.name == NULL); 01082 01083 id = _dbus_keyring_get_best_key (ring1, &error); 01084 if (id < 0) 01085 { 01086 fprintf (stderr, "Could not load keyring: %s\n", error.message); 01087 dbus_error_free (&error); 01088 goto failure; 01089 } 01090 01091 ring2 = _dbus_keyring_new_for_credentials (NULL, &context, &error); 01092 _dbus_assert (ring2 != NULL); 01093 _dbus_assert (error.name == NULL); 01094 01095 if (ring1->n_keys != ring2->n_keys) 01096 { 01097 fprintf (stderr, "Different number of keys in keyrings\n"); 01098 goto failure; 01099 } 01100 01101 /* We guarantee we load and save keeping keys in a fixed 01102 * order 01103 */ 01104 i = 0; 01105 while (i < ring1->n_keys) 01106 { 01107 if (ring1->keys[i].id != ring2->keys[i].id) 01108 { 01109 fprintf (stderr, "Keyring 1 has first key ID %d and keyring 2 has %d\n", 01110 ring1->keys[i].id, ring2->keys[i].id); 01111 goto failure; 01112 } 01113 01114 if (ring1->keys[i].creation_time != ring2->keys[i].creation_time) 01115 { 01116 fprintf (stderr, "Keyring 1 has first key time %ld and keyring 2 has %ld\n", 01117 ring1->keys[i].creation_time, ring2->keys[i].creation_time); 01118 goto failure; 01119 } 01120 01121 if (!_dbus_string_equal (&ring1->keys[i].secret, 01122 &ring2->keys[i].secret)) 01123 { 01124 fprintf (stderr, "Keyrings 1 and 2 have different secrets for same ID/timestamp\n"); 01125 goto failure; 01126 } 01127 01128 ++i; 01129 } 01130 01131 printf (" %d keys in test\n", ring1->n_keys); 01132 01133 /* Test ref/unref */ 01134 _dbus_keyring_ref (ring1); 01135 _dbus_keyring_ref (ring2); 01136 _dbus_keyring_unref (ring1); 01137 _dbus_keyring_unref (ring2); 01138 01139 01140 /* really unref */ 01141 _dbus_keyring_unref (ring1); 01142 _dbus_keyring_unref (ring2); 01143 01144 return TRUE; 01145 01146 failure: 01147 if (ring1) 01148 _dbus_keyring_unref (ring1); 01149 if (ring2) 01150 _dbus_keyring_unref (ring2); 01151 01152 return FALSE; 01153 } 01154 01155 #endif /* DBUS_ENABLE_EMBEDDED_TESTS */ 01156