Main Page   Modules   Data Structures   File List   Data Fields   Related Pages  

dbus-keyring.c

00001 /* -*- mode: C; c-file-style: "gnu" -*- */
00002 /* dbus-keyring.c Store secret cookies in your homedir
00003  *
00004  * Copyright (C) 2003  Red Hat Inc.
00005  *
00006  * Licensed under the Academic Free License version 1.2
00007  * 
00008  * This program is free software; you can redistribute it and/or modify
00009  * it under the terms of the GNU General Public License as published by
00010  * the Free Software Foundation; either version 2 of the License, or
00011  * (at your option) any later version.
00012  *
00013  * This program is distributed in the hope that it will be useful,
00014  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00015  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00016  * GNU General Public License for more details.
00017  * 
00018  * You should have received a copy of the GNU General Public License
00019  * along with this program; if not, write to the Free Software
00020  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00021  *
00022  */
00023 
00024 #include "dbus-keyring.h"
00025 #include "dbus-userdb.h"
00026 #include <dbus/dbus-string.h>
00027 #include <dbus/dbus-list.h>
00028 #include <dbus/dbus-sysdeps.h>
00029 
00066 #define NEW_KEY_TIMEOUT_SECONDS     (60*5)
00067 
00072 #define EXPIRE_KEYS_TIMEOUT_SECONDS (NEW_KEY_TIMEOUT_SECONDS + (60*2))
00073 
00076 #define MAX_TIME_TRAVEL_SECONDS (60*5)
00077 
00082 #ifdef DBUS_BUILD_TESTS
00083 #define MAX_KEYS_IN_FILE 10
00084 #else
00085 #define MAX_KEYS_IN_FILE 256
00086 #endif
00087 
00088 typedef struct
00089 {
00090   dbus_int32_t id; 
00092   long creation_time; 
00097   DBusString secret; 
00099 } DBusKey;
00100 
00107 struct DBusKeyring
00108 {
00109   int refcount;             
00110   DBusString username;      
00111   DBusString directory;     
00112   DBusString filename;      
00113   DBusString filename_lock; 
00114   DBusKey *keys; 
00115   int n_keys;    
00116 };
00117 
00118 static DBusKeyring*
00119 _dbus_keyring_new (void)
00120 {
00121   DBusKeyring *keyring;
00122 
00123   keyring = dbus_new0 (DBusKeyring, 1);
00124   if (keyring == NULL)
00125     goto out_0;
00126   
00127   if (!_dbus_string_init (&keyring->directory))
00128     goto out_1;
00129 
00130   if (!_dbus_string_init (&keyring->filename))
00131     goto out_2;
00132 
00133   if (!_dbus_string_init (&keyring->filename_lock))
00134     goto out_3;
00135 
00136   if (!_dbus_string_init (&keyring->username))
00137     goto out_4;
00138   
00139   keyring->refcount = 1;
00140   keyring->keys = NULL;
00141   keyring->n_keys = 0;
00142 
00143   return keyring;
00144 
00145  out_4:
00146   _dbus_string_free (&keyring->filename_lock);
00147  out_3:
00148   _dbus_string_free (&keyring->filename);
00149  out_2:
00150   _dbus_string_free (&keyring->directory);
00151  out_1:
00152   dbus_free (keyring);
00153  out_0:
00154   return NULL;
00155 }
00156 
00157 static void
00158 free_keys (DBusKey *keys,
00159            int      n_keys)
00160 {
00161   int i;
00162 
00163   /* should be safe for args NULL, 0 */
00164   
00165   i = 0;
00166   while (i < n_keys)
00167     {
00168       _dbus_string_free (&keys[i].secret);
00169       ++i;
00170     }
00171 
00172   dbus_free (keys);
00173 }
00174 
00175 /* Our locking scheme is highly unreliable.  However, there is
00176  * unfortunately no reliable locking scheme in user home directories;
00177  * between bugs in Linux NFS, people using Tru64 or other total crap
00178  * NFS, AFS, random-file-system-of-the-week, and so forth, fcntl() in
00179  * homedirs simply generates tons of bug reports. This has been
00180  * learned through hard experience with GConf, unfortunately.
00181  *
00182  * This bad hack might work better for the kind of lock we have here,
00183  * which we don't expect to hold for any length of time.  Crashing
00184  * while we hold it should be unlikely, and timing out such that we
00185  * delete a stale lock should also be unlikely except when the
00186  * filesystem is running really slowly.  Stuff might break in corner
00187  * cases but as long as it's not a security-level breakage it should
00188  * be OK.
00189  */
00190 
00192 #define MAX_LOCK_TIMEOUTS 32
00193 
00194 #define LOCK_TIMEOUT_MILLISECONDS 250
00195 
00196 static dbus_bool_t
00197 _dbus_keyring_lock (DBusKeyring *keyring)
00198 {
00199   int n_timeouts;
00200   
00201   n_timeouts = 0;
00202   while (n_timeouts < MAX_LOCK_TIMEOUTS)
00203     {
00204       DBusError error;
00205 
00206       dbus_error_init (&error);
00207       if (_dbus_create_file_exclusively (&keyring->filename_lock,
00208                                          &error))
00209         break;
00210 
00211       _dbus_verbose ("Did not get lock file, sleeping %d milliseconds (%s)\n",
00212                      LOCK_TIMEOUT_MILLISECONDS, error.message);
00213       dbus_error_free (&error);
00214 
00215       _dbus_sleep_milliseconds (LOCK_TIMEOUT_MILLISECONDS);
00216       
00217       ++n_timeouts;
00218     }
00219 
00220   if (n_timeouts == MAX_LOCK_TIMEOUTS)
00221     {
00222       DBusError error;
00223       
00224       _dbus_verbose ("Lock file timed out %d times, assuming stale\n",
00225                      n_timeouts);
00226 
00227       dbus_error_init (&error);
00228 
00229       if (!_dbus_delete_file (&keyring->filename_lock, &error))
00230         {
00231           _dbus_verbose ("Couldn't delete old lock file: %s\n",
00232                          error.message);
00233           dbus_error_free (&error);
00234           return FALSE;
00235         }
00236 
00237       if (!_dbus_create_file_exclusively (&keyring->filename_lock,
00238                                           &error))
00239         {
00240           _dbus_verbose ("Couldn't create lock file after deleting stale one: %s\n",
00241                          error.message);
00242           dbus_error_free (&error);
00243           return FALSE;
00244         }
00245     }
00246   
00247   return TRUE;
00248 }
00249 
00250 static void
00251 _dbus_keyring_unlock (DBusKeyring *keyring)
00252 {
00253   DBusError error;
00254   dbus_error_init (&error);
00255   if (!_dbus_delete_file (&keyring->filename_lock, &error))
00256     {
00257       _dbus_warn ("Failed to delete lock file: %s\n",
00258                   error.message);
00259       dbus_error_free (&error);
00260     }
00261 }
00262 
00263 static DBusKey*
00264 find_key_by_id (DBusKey *keys,
00265                 int      n_keys,
00266                 int      id)
00267 {
00268   int i;
00269 
00270   i = 0;
00271   while (i < n_keys)
00272     {
00273       if (keys[i].id == id)
00274         return &keys[i];
00275       
00276       ++i;
00277     }
00278 
00279   return NULL;
00280 }
00281 
00282 static dbus_bool_t
00283 add_new_key (DBusKey  **keys_p,
00284              int       *n_keys_p,
00285              DBusError *error)
00286 {
00287   DBusKey *new;
00288   DBusString bytes;
00289   int id;
00290   unsigned long timestamp;
00291   const unsigned char *s;
00292   dbus_bool_t retval;
00293   DBusKey *keys;
00294   int n_keys;
00295 
00296   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
00297   
00298   if (!_dbus_string_init (&bytes))
00299     {
00300       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00301       return FALSE;
00302     }
00303 
00304   keys = *keys_p;
00305   n_keys = *n_keys_p;
00306   retval = FALSE;
00307       
00308   /* Generate an integer ID and then the actual key. */
00309  retry:
00310       
00311   if (!_dbus_generate_random_bytes (&bytes, 4))
00312     {
00313       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00314       goto out;
00315     }
00316 
00317   s = (const unsigned char*) _dbus_string_get_const_data (&bytes);
00318       
00319   id = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
00320   if (id < 0)
00321     id = - id;
00322   _dbus_assert (id >= 0);
00323 
00324   if (find_key_by_id (keys, n_keys, id) != NULL)
00325     {
00326       _dbus_string_set_length (&bytes, 0);
00327       _dbus_verbose ("Key ID %d already existed, trying another one\n",
00328                      id);
00329       goto retry;
00330     }
00331 
00332   _dbus_verbose ("Creating key with ID %d\n", id);
00333       
00334 #define KEY_LENGTH_BYTES 24
00335   _dbus_string_set_length (&bytes, 0);
00336   if (!_dbus_generate_random_bytes (&bytes, KEY_LENGTH_BYTES))
00337     {
00338       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00339       goto out;
00340     }
00341 
00342   new = dbus_realloc (keys, sizeof (DBusKey) * (n_keys + 1));
00343   if (new == NULL)
00344     {
00345       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00346       goto out;
00347     }
00348 
00349   keys = new;
00350   *keys_p = keys; /* otherwise *keys_p ends up invalid */
00351   n_keys += 1;
00352 
00353   if (!_dbus_string_init (&keys[n_keys-1].secret))
00354     {
00355       n_keys -= 1; /* we don't want to free the one we didn't init */
00356       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00357       goto out;
00358     }
00359 
00360   _dbus_get_current_time (&timestamp, NULL);
00361       
00362   keys[n_keys-1].id = id;
00363   keys[n_keys-1].creation_time = timestamp;
00364   if (!_dbus_string_move (&bytes, 0,
00365                           &keys[n_keys-1].secret,
00366                           0))
00367     {
00368       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00369       _dbus_string_free (&keys[n_keys-1].secret);
00370       n_keys -= 1;
00371       goto out;
00372     }
00373   
00374   retval = TRUE;
00375   
00376  out:
00377   *n_keys_p = n_keys;
00378   
00379   _dbus_string_free (&bytes);
00380   return retval;
00381 }
00382 
00397 static dbus_bool_t
00398 _dbus_keyring_reload (DBusKeyring *keyring,
00399                       dbus_bool_t  add_new,
00400                       DBusError   *error)
00401 {
00402   DBusString contents;
00403   DBusString line;
00404   dbus_bool_t retval;
00405   dbus_bool_t have_lock;
00406   DBusKey *keys;
00407   int n_keys;
00408   int i;
00409   long now;
00410   DBusError tmp_error;
00411 
00412   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
00413   
00414   if (!_dbus_string_init (&contents))
00415     {
00416       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00417       return FALSE;
00418     }
00419 
00420   if (!_dbus_string_init (&line))
00421     {
00422       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00423       _dbus_string_free (&contents);
00424       return FALSE;
00425     }
00426 
00427   keys = NULL;
00428   n_keys = 0;
00429   retval = FALSE;
00430   have_lock = FALSE;
00431 
00432   _dbus_get_current_time (&now, NULL);
00433   
00434   if (add_new)
00435     {
00436       if (!_dbus_keyring_lock (keyring))
00437         {
00438           dbus_set_error (error, DBUS_ERROR_FAILED,
00439                           "Could not lock keyring file to add to it");
00440           goto out;
00441         }
00442 
00443       have_lock = TRUE;
00444     }
00445 
00446   dbus_error_init (&tmp_error);
00447   if (!_dbus_file_get_contents (&contents, 
00448                                 &keyring->filename,
00449                                 &tmp_error))
00450     {
00451       _dbus_verbose ("Failed to load keyring file: %s\n",
00452                      tmp_error.message);
00453       /* continue with empty keyring file, so we recreate it */
00454       dbus_error_free (&tmp_error);
00455     }
00456 
00457   if (!_dbus_string_validate_ascii (&contents, 0,
00458                                     _dbus_string_get_length (&contents)))
00459     {
00460       _dbus_warn ("Secret keyring file contains non-ASCII! Ignoring existing contents\n");
00461       _dbus_string_set_length (&contents, 0);
00462     }
00463 
00464   /* FIXME this is badly inefficient for large keyring files
00465    * (not that large keyring files exist outside of test suites)
00466    */
00467   while (_dbus_string_pop_line (&contents, &line))
00468     {
00469       int next;
00470       long val;
00471       int id;
00472       long timestamp;
00473       int len;
00474       DBusKey *new;
00475 
00476       /* Don't load more than the max. */
00477       if (n_keys >= (add_new ? MAX_KEYS_IN_FILE : MAX_KEYS_IN_FILE - 1))
00478         break;
00479       
00480       next = 0;
00481       if (!_dbus_string_parse_int (&line, 0, &val, &next))
00482         {
00483           _dbus_verbose ("could not parse secret key ID at start of line\n");
00484           continue;
00485         }
00486 
00487       if (val > _DBUS_INT_MAX || val < 0)
00488         {
00489           _dbus_verbose ("invalid secret key ID at start of line\n");
00490           continue;
00491         }
00492       
00493       id = val;
00494 
00495       _dbus_string_skip_blank (&line, next, &next);
00496       
00497       if (!_dbus_string_parse_int (&line, next, &timestamp, &next))
00498         {
00499           _dbus_verbose ("could not parse secret key timestamp\n");
00500           continue;
00501         }
00502 
00503       if (timestamp < 0 ||
00504           (now + MAX_TIME_TRAVEL_SECONDS) < timestamp ||
00505           (now - EXPIRE_KEYS_TIMEOUT_SECONDS) > timestamp)
00506         {
00507           _dbus_verbose ("dropping/ignoring %ld-seconds old key with timestamp %ld as current time is %ld\n",
00508                          now - timestamp, timestamp, now);
00509           continue;
00510         }
00511       
00512       _dbus_string_skip_blank (&line, next, &next);
00513 
00514       len = _dbus_string_get_length (&line);
00515 
00516       if ((len - next) == 0)
00517         {
00518           _dbus_verbose ("no secret key after ID and timestamp\n");
00519           continue;
00520         }
00521       
00522       /* We have all three parts */
00523       new = dbus_realloc (keys, sizeof (DBusKey) * (n_keys + 1));
00524       if (new == NULL)
00525         {
00526           dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00527           goto out;
00528         }
00529 
00530       keys = new;
00531       n_keys += 1;
00532 
00533       if (!_dbus_string_init (&keys[n_keys-1].secret))
00534         {
00535           n_keys -= 1; /* we don't want to free the one we didn't init */
00536           dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00537           goto out;
00538         }
00539       
00540       keys[n_keys-1].id = id;
00541       keys[n_keys-1].creation_time = timestamp;
00542       if (!_dbus_string_hex_decode (&line, next,
00543                                     &keys[n_keys-1].secret,
00544                                     0))
00545         {
00546           dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00547           goto out;
00548         }
00549     }
00550 
00551   _dbus_verbose ("Successfully loaded %d existing keys\n",
00552                  n_keys);
00553 
00554   if (add_new)
00555     {
00556       if (!add_new_key (&keys, &n_keys, error))
00557         {
00558           _dbus_verbose ("Failed to generate new key: %s\n",
00559                          error ? "(unknown)" : error->message);
00560           goto out;
00561         }
00562 
00563       _dbus_string_set_length (&contents, 0);
00564 
00565       i = 0;
00566       while (i < n_keys)
00567         {
00568           if (!_dbus_string_append_int (&contents,
00569                                         keys[i].id))
00570             goto nomem;
00571 
00572           if (!_dbus_string_append_byte (&contents, ' '))
00573             goto nomem;
00574 
00575           if (!_dbus_string_append_int (&contents,
00576                                         keys[i].creation_time))
00577             goto nomem;
00578 
00579           if (!_dbus_string_append_byte (&contents, ' '))
00580             goto nomem;
00581 
00582           if (!_dbus_string_hex_encode (&keys[i].secret, 0,
00583                                         &contents,
00584                                         _dbus_string_get_length (&contents)))
00585             goto nomem;
00586 
00587           if (!_dbus_string_append_byte (&contents, '\n'))
00588             goto nomem;          
00589           
00590           ++i;
00591           continue;
00592 
00593         nomem:
00594           dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00595           goto out;
00596         }
00597       
00598       if (!_dbus_string_save_to_file (&contents, &keyring->filename,
00599                                       error))
00600         goto out;
00601     }
00602 
00603   if (keyring->keys)
00604     free_keys (keyring->keys, keyring->n_keys);
00605   keyring->keys = keys;
00606   keyring->n_keys = n_keys;
00607   keys = NULL;
00608   n_keys = 0;
00609   
00610   retval = TRUE;  
00611   
00612  out:
00613   if (have_lock)
00614     _dbus_keyring_unlock (keyring);
00615   
00616   if (! ((retval == TRUE && (error == NULL || error->name == NULL)) ||
00617          (retval == FALSE && (error == NULL || error->name != NULL))))
00618     {
00619       if (error && error->name)
00620         _dbus_verbose ("error is %s: %s\n", error->name, error->message);
00621       _dbus_warn ("returning %d but error pointer %p name %s\n",
00622                   retval, error, error->name ? error->name : "(none)");
00623       _dbus_assert_not_reached ("didn't handle errors properly");
00624     }
00625   
00626   if (keys != NULL)
00627     {
00628       i = 0;
00629       while (i < n_keys)
00630         {
00631           _dbus_string_zero (&keys[i].secret);
00632           _dbus_string_free (&keys[i].secret);
00633           ++i;
00634         }
00635 
00636       dbus_free (keys);
00637     }
00638   
00639   _dbus_string_free (&contents);
00640   _dbus_string_free (&line);
00641 
00642   return retval;
00643 }
00644  /* end of internals */
00646 
00658 void
00659 _dbus_keyring_ref (DBusKeyring *keyring)
00660 {
00661   keyring->refcount += 1;
00662 }
00663 
00670 void
00671 _dbus_keyring_unref (DBusKeyring *keyring)
00672 {
00673   keyring->refcount -= 1;
00674 
00675   if (keyring->refcount == 0)
00676     {
00677       _dbus_string_free (&keyring->username);
00678       _dbus_string_free (&keyring->filename);
00679       _dbus_string_free (&keyring->filename_lock);
00680       _dbus_string_free (&keyring->directory);
00681       free_keys (keyring->keys, keyring->n_keys);
00682       dbus_free (keyring);      
00683     }
00684 }
00685 
00696 DBusKeyring*
00697 _dbus_keyring_new_homedir (const DBusString *username,
00698                            const DBusString *context,
00699                            DBusError        *error)
00700 {
00701   DBusString homedir;
00702   DBusKeyring *keyring;
00703   dbus_bool_t error_set;
00704   DBusString dotdir;
00705   DBusError tmp_error;
00706 
00707   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
00708   
00709   keyring = NULL;
00710   error_set = FALSE;
00711   
00712   if (!_dbus_string_init (&homedir))
00713     {
00714       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
00715       return FALSE;
00716     }
00717 
00718   _dbus_string_init_const (&dotdir, ".dbus-keyrings");
00719   
00720   if (username == NULL)
00721     {
00722       const DBusString *const_homedir;
00723 
00724       if (!_dbus_username_from_current_process (&username) ||
00725           !_dbus_homedir_from_current_process (&const_homedir))
00726         goto failed;
00727 
00728       if (!_dbus_string_copy (const_homedir, 0,
00729                               &homedir, 0))
00730         goto failed;
00731     }
00732   else
00733     {
00734       if (!_dbus_homedir_from_username (username, &homedir))
00735         goto failed;
00736     }
00737 
00738 #ifdef DBUS_BUILD_TESTS
00739  {
00740    const char *override;
00741 
00742    override = _dbus_getenv ("DBUS_TEST_HOMEDIR");
00743    if (override != NULL && *override != '\0')
00744      {
00745        _dbus_string_set_length (&homedir, 0);
00746        if (!_dbus_string_append (&homedir, override))
00747          _dbus_assert_not_reached ("no memory");
00748 
00749        _dbus_verbose ("Using fake homedir for testing: %s\n",
00750                       _dbus_string_get_const_data (&homedir));
00751      }
00752    else
00753      {
00754        static dbus_bool_t already_warned = FALSE;
00755        if (!already_warned)
00756          {
00757            _dbus_warn ("Using your real home directory for testing, set DBUS_TEST_HOMEDIR to avoid\n");
00758            already_warned = TRUE;
00759          }
00760      }
00761  }
00762 #endif
00763   
00764   _dbus_assert (username != NULL);    
00765   
00766   keyring = _dbus_keyring_new ();
00767   if (keyring == NULL)
00768     goto failed;
00769 
00770   /* should have been validated already, but paranoia check here */
00771   if (!_dbus_keyring_validate_context (context))
00772     {
00773       error_set = TRUE;
00774       dbus_set_error_const (error,
00775                             DBUS_ERROR_FAILED,
00776                             "Invalid context in keyring creation");
00777       goto failed;
00778     }
00779 
00780   if (!_dbus_string_copy (username, 0,
00781                           &keyring->username, 0))
00782     goto failed;
00783   
00784   if (!_dbus_string_copy (&homedir, 0,
00785                           &keyring->directory, 0))
00786     goto failed;
00787   
00788   if (!_dbus_concat_dir_and_file (&keyring->directory,
00789                                   &dotdir))
00790     goto failed;
00791 
00792   if (!_dbus_string_copy (&keyring->directory, 0,
00793                           &keyring->filename, 0))
00794     goto failed;
00795 
00796   if (!_dbus_concat_dir_and_file (&keyring->filename,
00797                                   context))
00798     goto failed;
00799 
00800   if (!_dbus_string_copy (&keyring->filename, 0,
00801                           &keyring->filename_lock, 0))
00802     goto failed;
00803 
00804   if (!_dbus_string_append (&keyring->filename_lock, ".lock"))
00805     goto failed;
00806 
00807   dbus_error_init (&tmp_error);
00808   if (!_dbus_keyring_reload (keyring, FALSE, &tmp_error))
00809     {
00810       _dbus_verbose ("didn't load an existing keyring: %s\n",
00811                      tmp_error.message);
00812       dbus_error_free (&tmp_error);
00813     }
00814   
00815   /* We don't fail fatally if we can't create the directory,
00816    * but the keyring will probably always be empty
00817    * unless someone else manages to create it
00818    */
00819   dbus_error_init (&tmp_error);
00820   if (!_dbus_create_directory (&keyring->directory,
00821                                &tmp_error))
00822     {
00823       _dbus_verbose ("Creating keyring directory: %s\n",
00824                      tmp_error.message);
00825       dbus_error_free (&tmp_error);
00826     }
00827 
00828   _dbus_string_free (&homedir);
00829   
00830   return keyring;
00831   
00832  failed:
00833   if (!error_set)
00834     dbus_set_error_const (error,
00835                           DBUS_ERROR_NO_MEMORY,
00836                           NULL);
00837   if (keyring)
00838     _dbus_keyring_unref (keyring);
00839   _dbus_string_free (&homedir);
00840   return FALSE;
00841 
00842 }
00843 
00856 dbus_bool_t
00857 _dbus_keyring_validate_context (const DBusString *context)
00858 {
00859   if (_dbus_string_get_length (context) == 0)
00860     {
00861       _dbus_verbose ("context is zero-length\n");
00862       return FALSE;
00863     }
00864 
00865   if (!_dbus_string_validate_ascii (context, 0,
00866                                     _dbus_string_get_length (context)))
00867     {
00868       _dbus_verbose ("context not valid ascii\n");
00869       return FALSE;
00870     }
00871   
00872   /* no directory separators */  
00873   if (_dbus_string_find (context, 0, "/", NULL))
00874     {
00875       _dbus_verbose ("context contains a slash\n");
00876       return FALSE;
00877     }
00878 
00879   if (_dbus_string_find (context, 0, "\\", NULL))
00880     {
00881       _dbus_verbose ("context contains a backslash\n");
00882       return FALSE;
00883     }
00884 
00885   /* prevent attempts to use dotfiles or ".." or ".lock"
00886    * all of which might allow some kind of attack
00887    */
00888   if (_dbus_string_find (context, 0, ".", NULL))
00889     {
00890       _dbus_verbose ("context contains a dot\n");
00891       return FALSE;
00892     }
00893 
00894   /* no spaces/tabs, those are used for separators in the protocol */
00895   if (_dbus_string_find_blank (context, 0, NULL))
00896     {
00897       _dbus_verbose ("context contains a blank\n");
00898       return FALSE;
00899     }
00900 
00901   if (_dbus_string_find (context, 0, "\n", NULL))
00902     {
00903       _dbus_verbose ("context contains a newline\n");
00904       return FALSE;
00905     }
00906 
00907   if (_dbus_string_find (context, 0, "\r", NULL))
00908     {
00909       _dbus_verbose ("context contains a carriage return\n");
00910       return FALSE;
00911     }
00912   
00913   return TRUE;
00914 }
00915 
00916 static DBusKey*
00917 find_recent_key (DBusKeyring *keyring)
00918 {
00919   int i;
00920   long tv_sec, tv_usec;
00921 
00922   _dbus_get_current_time (&tv_sec, &tv_usec);
00923   
00924   i = 0;
00925   while (i < keyring->n_keys)
00926     {
00927       DBusKey *key = &keyring->keys[i];
00928 
00929       _dbus_verbose ("Key %d is %ld seconds old\n",
00930                      i, tv_sec - key->creation_time);
00931       
00932       if ((tv_sec - NEW_KEY_TIMEOUT_SECONDS) < key->creation_time)
00933         return key;
00934       
00935       ++i;
00936     }
00937 
00938   return NULL;
00939 }
00940 
00952 int
00953 _dbus_keyring_get_best_key (DBusKeyring  *keyring,
00954                             DBusError    *error)
00955 {
00956   DBusKey *key;
00957 
00958   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
00959   
00960   key = find_recent_key (keyring);
00961   if (key)
00962     return key->id;
00963 
00964   /* All our keys are too old, or we've never loaded the
00965    * keyring. Create a new one.
00966    */
00967   if (!_dbus_keyring_reload (keyring, TRUE,
00968                              error))
00969     return -1;
00970 
00971   key = find_recent_key (keyring);
00972   if (key)
00973     return key->id;
00974   else
00975     {
00976       dbus_set_error_const (error,
00977                             DBUS_ERROR_FAILED,
00978                             "No recent-enough key found in keyring, and unable to create a new key");
00979       return -1;
00980     }
00981 }
00982 
00991 dbus_bool_t
00992 _dbus_keyring_is_for_user (DBusKeyring       *keyring,
00993                            const DBusString  *username)
00994 {
00995   return _dbus_string_equal (&keyring->username,
00996                              username);
00997 }
00998 
01010 dbus_bool_t
01011 _dbus_keyring_get_hex_key (DBusKeyring       *keyring,
01012                            int                key_id,
01013                            DBusString        *hex_key)
01014 {
01015   DBusKey *key;
01016 
01017   key = find_key_by_id (keyring->keys,
01018                         keyring->n_keys,
01019                         key_id);
01020   if (key == NULL)
01021     return TRUE; /* had enough memory, so TRUE */
01022 
01023   return _dbus_string_hex_encode (&key->secret, 0,
01024                                   hex_key,
01025                                   _dbus_string_get_length (hex_key));
01026 }
01027  /* end of exposed API */
01029 
01030 #ifdef DBUS_BUILD_TESTS
01031 #include "dbus-test.h"
01032 #include <stdio.h>
01033 
01034 dbus_bool_t
01035 _dbus_keyring_test (void)
01036 {
01037   DBusString context;
01038   DBusKeyring *ring1;
01039   DBusKeyring *ring2;
01040   int id;
01041   DBusError error;
01042   int i;
01043 
01044   ring1 = NULL;
01045   ring2 = NULL;
01046   
01047   /* Context validation */
01048   
01049   _dbus_string_init_const (&context, "foo");
01050   _dbus_assert (_dbus_keyring_validate_context (&context));
01051   _dbus_string_init_const (&context, "org_freedesktop_blah");
01052   _dbus_assert (_dbus_keyring_validate_context (&context));
01053   
01054   _dbus_string_init_const (&context, "");
01055   _dbus_assert (!_dbus_keyring_validate_context (&context));
01056   _dbus_string_init_const (&context, ".foo");
01057   _dbus_assert (!_dbus_keyring_validate_context (&context));
01058   _dbus_string_init_const (&context, "bar.foo");
01059   _dbus_assert (!_dbus_keyring_validate_context (&context));
01060   _dbus_string_init_const (&context, "bar/foo");
01061   _dbus_assert (!_dbus_keyring_validate_context (&context));
01062   _dbus_string_init_const (&context, "bar\\foo");
01063   _dbus_assert (!_dbus_keyring_validate_context (&context));
01064   _dbus_string_init_const (&context, "foo\xfa\xf0");
01065   _dbus_assert (!_dbus_keyring_validate_context (&context));
01066   _dbus_string_init_const (&context, "foo\x80");
01067   _dbus_assert (!_dbus_keyring_validate_context (&context));
01068   _dbus_string_init_const (&context, "foo\x7f");
01069   _dbus_assert (_dbus_keyring_validate_context (&context));
01070   _dbus_string_init_const (&context, "foo bar");
01071   _dbus_assert (!_dbus_keyring_validate_context (&context));
01072   
01073   if (!_dbus_string_init (&context))
01074     _dbus_assert_not_reached ("no memory");
01075   if (!_dbus_string_append_byte (&context, '\0'))
01076     _dbus_assert_not_reached ("no memory");
01077   _dbus_assert (!_dbus_keyring_validate_context (&context));
01078   _dbus_string_free (&context);
01079 
01080   /* Now verify that if we create a key in keyring 1,
01081    * it is properly loaded in keyring 2
01082    */
01083 
01084   _dbus_string_init_const (&context, "org_freedesktop_dbus_testsuite");
01085   dbus_error_init (&error);
01086   ring1 = _dbus_keyring_new_homedir (NULL, &context,
01087                                      &error);
01088   _dbus_assert (ring1);
01089   _dbus_assert (error.name == NULL);
01090 
01091   id = _dbus_keyring_get_best_key (ring1, &error);
01092   if (id < 0)
01093     {
01094       fprintf (stderr, "Could not load keyring: %s\n", error.message);
01095       dbus_error_free (&error);
01096       goto failure;
01097     }
01098 
01099   ring2 = _dbus_keyring_new_homedir (NULL, &context, &error);
01100   _dbus_assert (ring2);
01101   _dbus_assert (error.name == NULL);
01102   
01103   if (ring1->n_keys != ring2->n_keys)
01104     {
01105       fprintf (stderr, "Different number of keys in keyrings\n");
01106       goto failure;
01107     }
01108 
01109   /* We guarantee we load and save keeping keys in a fixed
01110    * order
01111    */
01112   i = 0;
01113   while (i < ring1->n_keys)
01114     {
01115       if (ring1->keys[i].id != ring2->keys[i].id)
01116         {
01117           fprintf (stderr, "Keyring 1 has first key ID %d and keyring 2 has %d\n",
01118                    ring1->keys[i].id, ring2->keys[i].id);
01119           goto failure;
01120         }      
01121 
01122       if (ring1->keys[i].creation_time != ring2->keys[i].creation_time)
01123         {
01124           fprintf (stderr, "Keyring 1 has first key time %ld and keyring 2 has %ld\n",
01125                    ring1->keys[i].creation_time, ring2->keys[i].creation_time);
01126           goto failure;
01127         }
01128 
01129       if (!_dbus_string_equal (&ring1->keys[i].secret,
01130                                &ring2->keys[i].secret))
01131         {
01132           fprintf (stderr, "Keyrings 1 and 2 have different secrets for same ID/timestamp\n");
01133           goto failure;
01134         }
01135       
01136       ++i;
01137     }
01138 
01139   printf (" %d keys in test\n", ring1->n_keys);
01140 
01141   /* Test ref/unref */
01142   _dbus_keyring_ref (ring1);
01143   _dbus_keyring_ref (ring2);
01144   _dbus_keyring_unref (ring1);
01145   _dbus_keyring_unref (ring2);
01146 
01147 
01148   /* really unref */
01149   _dbus_keyring_unref (ring1);
01150   _dbus_keyring_unref (ring2);
01151   
01152   return TRUE;
01153 
01154  failure:
01155   if (ring1)
01156     _dbus_keyring_unref (ring1);
01157   if (ring2)
01158     _dbus_keyring_unref (ring2);
01159 
01160   return FALSE;
01161 }
01162 
01163 #endif /* DBUS_BUILD_TESTS */
01164      

Generated on Wed Oct 22 14:05:02 2003 for D-BUS by doxygen1.3-rc3