ruby-dbus-openplacos 0.6.0

data/lib/dbus/auth.rb

@@ -0,0 +1,258 @@
+# This file is part of the ruby-dbus project
+# Copyright (C) 2007 Arnaud Cornet and Paul van Tilburg
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License, version 2.1 as published by the Free Software Foundation.
+# See the file "COPYING" for the exact licensing terms.
+
+$debug = $DEBUG #it's all over the state machine
+
+module DBus
+  # Exception raised when authentication fails somehow.
+  class AuthenticationFailed < Exception
+  end
+
+  # = General class for authentication.
+  class Authenticator
+    # Returns the name of the authenticator.
+    def name
+      self.class.to_s.upcase.sub(/.*::/, "")
+    end
+  end
+
+  # = External authentication class 
+  #
+  # Class for 'external' type authentication.
+  class External < Authenticator
+    # Performs the authentication.
+    def authenticate
+      # Take the user id (eg integer 1000) make a string out of it "1000", take
+      # each character and determin hex value "1" => 0x31, "0" => 0x30. You
+      # obtain for "1000" => 31303030 This is what the server is expecting.
+      # Why? I dunno. How did I come to that conclusion? by looking at rbus
+      # code. I have no idea how he found that out.
+      return Process.uid.to_s.split(//).collect { |a| "%x" % a[0].ord }.join
+    end
+  end
+  
+  # = Authentication class using SHA1 crypto algorithm 
+  #
+  # Class for 'CookieSHA1' type authentication.
+  # Implements the AUTH DBUS_COOKIE_SHA1 mechanism.
+  class DBusCookieSHA1 < Authenticator
+        
+    #the autenticate method (called in stage one of authentification)    
+    def authenticate
+      require 'etc'
+      #number of retries we have for auth
+      @retries = 1
+      return "#{hex_encode(Etc.getlogin)}" #server expects it to be binary
+    end
+
+    #returns the modules name
+    def name
+      return 'DBUS_COOKIE_SHA1'
+    end
+    
+    #handles the interesting crypto stuff, check the rbus-project for more info: http://rbus.rubyforge.org/
+    def data(hexdata)
+      require 'digest/sha1'
+      data = hex_decode(hexdata)
+      # name of cookie file, id of cookie in file, servers random challenge  
+      context, id, s_challenge = data.split(' ')
+      # Random client challenge        
+      c_challenge = Array.new(s_challenge.length/2).map{|obj|obj=rand(255).to_s}.join
+      # Search cookie file for id
+      path = File.join(ENV['HOME'], '.dbus-keyrings', context)
+      puts "DEBUG: path: #{path.inspect}" if $debug
+      File.foreach(path) do |line|
+        if line.index(id) == 0
+          # Right line of file, read cookie
+          cookie = line.split(' ')[2].chomp
+          puts "DEBUG: cookie: #{cookie.inspect}" if $debug
+          # Concatenate and encrypt
+          to_encrypt = [s_challenge, c_challenge, cookie].join(':')
+          sha = Digest::SHA1.hexdigest(to_encrypt)
+          #the almighty tcp server wants everything hex encoded
+          hex_response = hex_encode("#{c_challenge} #{sha}")
+          # Return response
+          response = [:AuthOk, hex_response]
+          return response
+        end
+      end
+      #a little rescue magic
+      unless @retries <= 0
+        puts "ERROR: Could not auth, will now exit." 
+        puts "ERROR: Unable to locate cookie, retry in 1 second."
+        @retries -= 1
+        sleep 1
+        data(hexdata)
+      end
+    end  
+    
+    # encode plain to hex
+    def hex_encode(plain)
+      return nil if plain.nil?
+      plain.to_s.unpack('H*')[0]
+    end
+    
+    # decode hex to plain
+    def hex_decode(encoded)
+      encoded.scan(/[[:xdigit:]]{2}/).map{|h|h.hex.chr}.join
+    end  
+  end #DBusCookieSHA1 class ends here
+
+  # Note: this following stuff is tested with External authenticator only!
+
+  # = Authentication client class.
+  #
+  # Class tha performs the actional authentication.
+  class Client
+    # Create a new authentication client.
+    def initialize(socket)
+      @socket = socket
+      @state = nil
+      @auth_list = [External,DBusCookieSHA1]
+    end
+
+    # Start the authentication process.
+    def authenticate
+      @socket.write(0.chr)
+      next_authenticator
+      @state = :Starting
+      while @state != :Authenticated
+        r = next_state
+        return r if not r
+      end
+      true
+    end
+
+    ##########
+    private
+    ##########
+
+    # Send an authentication method _meth_ with arguments _args_ to the
+    # server.
+    def send(meth, *args)
+      o = ([meth] + args).join(" ")
+      @socket.write(o + "\r\n")
+    end
+
+    # Try authentication using the next authenticator.
+    def next_authenticator
+      begin
+        raise AuthException if @auth_list.size == 0
+        @authenticator = @auth_list.shift.new
+        auth_msg = ["AUTH", @authenticator.name, @authenticator.authenticate]
+        puts "DEBUG: auth_msg: #{auth_msg.inspect}" if $debug
+        send(auth_msg)
+      rescue AuthException
+        @socket.close
+        raise
+      end
+    end
+
+    # Read data (a buffer) from the bus until CR LF is encountered.
+    # Return the buffer without the CR LF characters.
+    def next_msg
+      data,crlf = "","\r\n"
+      left = 1024 #1024 byte, no idea if it's ever getting bigger
+      while left > 0
+        buf = @socket.read( left > 1 ? 1 : left )
+        break if buf.nil?
+        left -= buf.size
+        data += buf
+        break if data.include? crlf #crlf means line finished, the TCP socket keeps on listening, so we break 
+      end
+      readline = data.chomp.split(" ")
+      puts "DEBUG: readline: #{readline.inspect}" if $debug
+      return readline
+    end
+
+=begin
+    # Read data (a buffer) from the bus until CR LF is encountered.
+    # Return the buffer without the CR LF characters.
+    def next_msg
+      @socket.readline.chomp.split(" ")
+    end
+=end
+
+    # Try to reach the next state based on the current state.
+    def next_state
+      msg = next_msg
+      if @state == :Starting
+        puts "DEBUG: :Starting msg: #{msg[0].inspect}" if $debug
+        case msg[0]
+        when "OK"
+          @state = :WaitingForOk    
+        when "CONTINUE"
+          @state = :WaitingForData
+        when "REJECTED" #needed by tcp, unix-path/abstract doesn't get here
+          @state = :WaitingForData
+        end
+      end
+      puts "DEBUG: state: #{@state}" if $debug
+      case @state
+      when :WaitingForData
+        puts "DEBUG: :WaitingForData msg: #{msg[0].inspect}" if $debug
+        case msg[0]
+        when "DATA"
+          chall = msg[1]
+          resp, chall = @authenticator.data(chall)
+          puts "DEBUG: :WaitingForData/DATA resp: #{resp.inspect}" if $debug
+          case resp
+          when :AuthContinue
+            send("DATA", chall)
+            @state = :WaitingForData
+          when :AuthOk
+            send("DATA", chall)
+            @state = :WaitingForOk
+          when :AuthError
+            send("ERROR")
+            @state = :WaitingForData
+          end
+        when "REJECTED"
+          next_authenticator
+          @state = :WaitingForData
+        when "ERROR"
+          send("CANCEL")
+          @state = :WaitingForReject
+        when "OK"
+          send("BEGIN")
+          @state = :Authenticated
+        else
+          send("ERROR")
+          @state = :WaitingForData
+        end
+      when :WaitingForOk
+        puts "DEBUG: :WaitingForOk msg: #{msg[0].inspect}" if $debug
+        case msg[0]
+        when "OK"
+          send("BEGIN")
+          @state = :Authenticated
+        when "REJECT"
+          next_authenticator
+          @state = :WaitingForData
+        when "DATA", "ERROR"
+          send("CANCEL")
+          @state = :WaitingForReject
+        else
+          send("ERROR")
+          @state = :WaitingForOk
+        end
+      when :WaitingForReject
+        puts "DEBUG: :WaitingForReject msg: #{msg[0].inspect}" if $debug
+        case msg[0]
+        when "REJECT"
+          next_authenticator
+          @state = :WaitingForOk
+        else
+          @socket.close
+          return false
+        end
+      end
+      return true
+    end # def next_state
+  end # class Client
+end # module D-Bus