From c614e5b4b12c771422da809014904fccccd442c8 Mon Sep 17 00:00:00 2001
From: Kristian Høgsberg <krh@redhat.com>
Date: Mon, 17 May 2004 23:34:55 +0000
Subject:  	* dbus/dbus-auth.c (client_try_next_mechanism): Remove logic
 to 	filter against auth->allowed_mechs; we only add allowed mechs in 
 record_mechanisms().

 	* dbus/dbus-auth-script.c (_dbus_auth_script_run): Add an
	ALLOWED_MECHS to auth-script format so we can set the list of
	allowed mechanisms.

 	* data/auth/client-out-of-mechanisms.auth-script: New test to
	check client disconnects when it is out of mechanisms to try.

 	* dbus/dbus-auth.c (process_command): Remove check for lines
	longer that 1 MB; we only buffer up maximum 16 kB.

 	* dbus/dbus-transport.c, dbus/dbus-transport-unix.c,
	dbus/dbus-auth-script.c, dbus/dbus-auth.c, dbus/dbus-auth.h:
	Remove auth state AUTHENTICATED_WITH_UNUSED_BYTES, instead always
	assume there might be unused bytes.

 	* dbus/dbus-auth.c (_dbus_auth_do_work): Remove check for
	client-out-of-mechs, it is handled in process_reject(). Move check
	for max failures to send_rejected(), as it's a server-only thing.
---
 ChangeLog                                          | 23 +++++++
 dbus/dbus-auth-script.c                            | 70 +++++++++++++++++++---
 dbus/dbus-auth.c                                   | 63 ++++---------------
 dbus/dbus-transport-unix.c                         |  7 ---
 dbus/dbus-transport.c                              |  4 --
 .../data/auth/client-out-of-mechanisms.auth-script |  7 +++
 6 files changed, 103 insertions(+), 71 deletions(-)
 create mode 100644 test/data/auth/client-out-of-mechanisms.auth-script

diff --git a/ChangeLog b/ChangeLog
index 67d35d15..37e4fd77 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,28 @@
 2004-05-18  Kristian Høgsberg  <krh@redhat.com>
 
+ 	* dbus/dbus-auth.c (client_try_next_mechanism): Remove logic to
+	filter against auth->allowed_mechs; we only add allowed mechs in
+	record_mechanisms().
+ 
+ 	* dbus/dbus-auth-script.c (_dbus_auth_script_run): Add an
+	ALLOWED_MECHS to auth-script format so we can set the list of
+	allowed mechanisms.
+ 
+ 	* data/auth/client-out-of-mechanisms.auth-script: New test to
+	check client disconnects when it is out of mechanisms to try.
+ 
+ 	* dbus/dbus-auth.c (process_command): Remove check for lines
+	longer that 1 MB; we only buffer up maximum 16 kB.
+ 
+ 	* dbus/dbus-transport.c, dbus/dbus-transport-unix.c,
+	dbus/dbus-auth-script.c, dbus/dbus-auth.c, dbus/dbus-auth.h:
+	Remove auth state AUTHENTICATED_WITH_UNUSED_BYTES, instead always
+	assume there might be unused bytes.
+ 
+ 	* dbus/dbus-auth.c (_dbus_auth_do_work): Remove check for
+	client-out-of-mechs, it is handled in process_reject(). Move check
+	for max failures to send_rejected(), as it's a server-only thing.
+
 	* dbus/dbus-auth.c: Factor out protocol reply code into functions
 	send_auth(), send_data(), send_rejected(), send_error(),
 	send_ok(), send_begin() and send_cancel().
diff --git a/dbus/dbus-auth-script.c b/dbus/dbus-auth-script.c
index 0c6426db..acb1e32b 100644
--- a/dbus/dbus-auth-script.c
+++ b/dbus/dbus-auth-script.c
@@ -141,8 +141,6 @@ auth_state_from_string (const DBusString *str)
     return DBUS_AUTH_STATE_HAVE_BYTES_TO_SEND;
   else if (_dbus_string_starts_with_c_str (str, "NEED_DISCONNECT"))
     return DBUS_AUTH_STATE_NEED_DISCONNECT;
-  else if (_dbus_string_starts_with_c_str (str, "AUTHENTICATED_WITH_UNUSED_BYTES"))
-    return DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES;
   else if (_dbus_string_starts_with_c_str (str, "AUTHENTICATED"))
     return DBUS_AUTH_STATE_AUTHENTICATED;
   else
@@ -162,8 +160,6 @@ auth_state_to_string (DBusAuthState state)
       return "HAVE_BYTES_TO_SEND";
     case DBUS_AUTH_STATE_NEED_DISCONNECT:
       return "NEED_DISCONNECT";
-    case DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES:
-      return "AUTHENTICATED_WITH_UNUSED_BYTES";
     case DBUS_AUTH_STATE_AUTHENTICATED:
       return "AUTHENTICATED";
     }
@@ -171,6 +167,49 @@ auth_state_to_string (DBusAuthState state)
   return "unknown";
 }
 
+static char **
+split_string (DBusString *str)
+{
+  int i, j, k, count, end;
+  char **array;
+
+  end = _dbus_string_get_length (str);
+
+  i = 0;
+  _dbus_string_skip_blank (str, i, &i);
+  for (count = 0; i < end; count++)
+    {
+      _dbus_string_find_blank (str, i, &i);
+      _dbus_string_skip_blank (str, i, &i);
+    }
+
+  array = dbus_new0 (char *, count + 1);
+  if (array == NULL)
+    return NULL;
+
+  i = 0;
+  _dbus_string_skip_blank (str, i, &i);
+  for (k = 0; k < count; k++)
+    {
+      _dbus_string_find_blank (str, i, &j);
+
+      array[k] = dbus_malloc (j - i + 1);
+      if (array[k] == NULL)
+        {
+          dbus_free_string_array (array);
+          return NULL;
+        }
+      memcpy (array[k],
+              _dbus_string_get_const_data_len (str, i, j - i), j - i);
+      array[k][j - i] = '\0';
+
+      _dbus_string_skip_blank (str, j, &i);
+    }
+  array[k] = NULL;
+
+  return array;
+}
+
 /**
  * Runs an "auth script" which is a script for testing the
  * authentication protocol. Scripts send and receive data, and then
@@ -335,6 +374,16 @@ _dbus_auth_script_run (const DBusString *filename)
           DBusCredentials creds = { -1, 4312, 1232 };
           _dbus_auth_set_credentials (auth, &creds);          
         }
+      else if (_dbus_string_starts_with_c_str (&line,
+                                               "ALLOWED_MECHS"))
+        {
+          char **mechs;
+
+          _dbus_string_delete_first_word (&line);
+          mechs = split_string (&line);
+          _dbus_auth_set_mechanisms (auth, (const char **) mechs);
+          dbus_free_string_array (mechs);
+        }
       else if (_dbus_string_starts_with_c_str (&line,
                                                "SEND"))
         {
@@ -605,10 +654,17 @@ _dbus_auth_script_run (const DBusString *filename)
     }
 
   if (auth != NULL &&
-      state == DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES)
+      state == DBUS_AUTH_STATE_AUTHENTICATED)
     {
-      _dbus_warn ("did not expect unused bytes (scripts must specify explicitly if they are expected)\n");
-      goto out;
+      const DBusString *unused;
+
+      _dbus_auth_get_unused_bytes (auth, &unused);
+
+      if (_dbus_string_get_length (unused) > 0)
+        {
+          _dbus_warn ("did not expect unused bytes (scripts must specify explicitly if they are expected)\n");
+          goto out;
+        }
     }
 
   if (_dbus_string_get_length (&from_auth) > 0)
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 7e6d3d86..57616673 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -1274,6 +1274,9 @@ send_rejected (DBusAuth *auth)
   server_auth = DBUS_AUTH_SERVER (auth);
   server_auth->failures += 1;
 
+  if (server_auth->failures >= server_auth->max_failures)
+    auth->need_disconnect = TRUE;
+
   _dbus_string_free (&command);
   
   return TRUE;
@@ -1605,34 +1608,15 @@ client_try_next_mechanism (DBusAuth *auth)
   DBusAuthClient *client;
 
   client = DBUS_AUTH_CLIENT (auth);
-  
-  /* Pop any mechs not in the list of allowed mechanisms */
-  mech = NULL;
-  while (client->mechs_to_try != NULL)
-    {
-      mech = client->mechs_to_try->data;
 
-      if (auth->allowed_mechs != NULL && 
-          !_dbus_string_array_contains ((const char**) auth->allowed_mechs,
-                                        mech->mechanism))
-        {
-          /* don't try this one after all */
-          _dbus_verbose ("%s: Mechanism %s isn't in the list of allowed mechanisms\n",
-                         DBUS_AUTH_NAME (auth), mech->mechanism);
-          mech = NULL;
-          _dbus_list_pop_first (& client->mechs_to_try);
-        }
-      else
-        break; /* we'll try this one */
-    }
-  
-  if (mech == NULL)
-    return FALSE;
+  _dbus_assert (client->mechs_to_try != NULL);
+
+  mech = client->mechs_to_try->data;
 
   if (!send_auth (auth, mech))
     return FALSE;
 
-  _dbus_list_pop_first (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
+  _dbus_list_pop_first (&client->mechs_to_try);
 
   _dbus_verbose ("%s: Trying mechanism %s\n",
                  DBUS_AUTH_NAME (auth),
@@ -1662,6 +1646,8 @@ process_rejected (DBusAuth         *auth,
   else
     {
       /* Give up */
+      _dbus_verbose ("%s: Disconnecting because we are out of mechanisms to try using\n",
+                     DBUS_AUTH_NAME (auth));
       auth->need_disconnect = TRUE;
     }
   
@@ -1793,15 +1779,6 @@ process_command (DBusAuth *auth)
       return FALSE;
     }
   
-  if (eol > _DBUS_ONE_MEGABYTE)
-    {
-      /* This is a giant line, someone is trying to hose us. */
-      if (!send_error (auth, "Command too long"))
-        goto out;
-      else
-        goto next_command;
-    }
-
   if (!_dbus_string_copy_len (&auth->incoming, 0, eol, &command, 0))
     goto out;
 
@@ -2061,33 +2038,13 @@ _dbus_auth_do_work (DBusAuth *auth)
                          DBUS_AUTH_NAME (auth));
           break;
         }
-
-      if (auth->mech == NULL &&
-          auth->already_got_mechanisms &&
-          DBUS_AUTH_CLIENT (auth)->mechs_to_try == NULL)
-        {
-          auth->need_disconnect = TRUE;
-          _dbus_verbose ("%s: Disconnecting because we are out of mechanisms to try using\n",
-                         DBUS_AUTH_NAME (auth));
-          break;
-        }
     }
   while (process_command (auth));
 
-  if (DBUS_AUTH_IS_SERVER (auth) &&
-      DBUS_AUTH_SERVER (auth)->failures >=
-      DBUS_AUTH_SERVER (auth)->max_failures)
-    auth->need_disconnect = TRUE;
-
   if (auth->need_disconnect)
     return DBUS_AUTH_STATE_NEED_DISCONNECT;
   else if (auth->authenticated)
-    {
-      if (_dbus_string_get_length (&auth->incoming) > 0)
-        return DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES;
-      else
-        return DBUS_AUTH_STATE_AUTHENTICATED;
-    }
+    return DBUS_AUTH_STATE_AUTHENTICATED;
   else if (auth->needed_memory)
     return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
   else if (_dbus_string_get_length (&auth->outgoing) > 0)
diff --git a/dbus/dbus-transport-unix.c b/dbus/dbus-transport-unix.c
index 0934746c..0c6e9cd4 100644
--- a/dbus/dbus-transport-unix.c
+++ b/dbus/dbus-transport-unix.c
@@ -373,13 +373,6 @@ do_authentication (DBusTransport *transport,
           do_io_error (transport);
           break;
       
-        case DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES:
-          _dbus_verbose (" %s auth state: auth with unused bytes\n",
-                         TRANSPORT_SIDE (transport));
-          /* We'll recover the unused bytes in dbus-transport.c */
-          goto out;
-          break;
-          
         case DBUS_AUTH_STATE_AUTHENTICATED:
           _dbus_verbose (" %s auth state: authenticated\n",
                          TRANSPORT_SIDE (transport));
diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c
index a439a6e3..371ecbfb 100644
--- a/dbus/dbus-transport.c
+++ b/dbus/dbus-transport.c
@@ -464,7 +464,6 @@ _dbus_transport_get_is_authenticated (DBusTransport *transport)
           switch (_dbus_auth_do_work (transport->auth))
             {
             case DBUS_AUTH_STATE_AUTHENTICATED:
-            case DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES:
               /* leave as maybe_authenticated */
               break;
             default:
@@ -674,9 +673,6 @@ _dbus_transport_do_iteration (DBusTransport  *transport,
 static dbus_bool_t
 recover_unused_bytes (DBusTransport *transport)
 {
-  if (_dbus_auth_do_work (transport->auth) != DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES)
-    return TRUE;
-  
   if (_dbus_auth_needs_decoding (transport->auth))
     {
       DBusString plaintext;
diff --git a/test/data/auth/client-out-of-mechanisms.auth-script b/test/data/auth/client-out-of-mechanisms.auth-script
new file mode 100644
index 00000000..ce6d3ad4
--- /dev/null
+++ b/test/data/auth/client-out-of-mechanisms.auth-script
@@ -0,0 +1,7 @@
+## this tests that tests that the client disconnects when it's out of
+## known mechanisms
+
+CLIENT
+EXPECT_COMMAND AUTH
+SEND 'REJECTED BONGO_MD5'
+EXPECT_STATE NEED_DISCONNECT
-- 
cgit