1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
34 #include "sd-daemon.h"
37 #include "bus-socket.h"
38 #include "bus-internal.h"
39 #include "bus-message.h"
41 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
44 struct iovec *i = iov + *idx;
46 if (i->iov_len > size) {
47 i->iov_base = (uint8_t*) i->iov_base + size;
61 static void append_iovec(sd_bus_message *m, const void *p, size_t sz) {
66 m->iovec[m->n_iovec].iov_base = (void*) p;
67 m->iovec[m->n_iovec].iov_len = sz;
71 static void bus_message_setup_iovec(sd_bus_message *m) {
78 append_iovec(m, m->header, sizeof(*m->header));
81 append_iovec(m, m->fields, ALIGN8(m->header->fields_size));
84 append_iovec(m, m->body, m->header->body_size);
87 bool bus_socket_auth_needs_write(sd_bus *b) {
91 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
94 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
95 struct iovec *j = b->auth_iovec + i;
104 static int bus_socket_write_auth(sd_bus *b) {
108 assert(b->state == BUS_AUTHENTICATING);
110 if (!bus_socket_auth_needs_write(b))
113 if (b->prefer_writev)
114 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
119 mh.msg_iov = b->auth_iovec + b->auth_index;
120 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
122 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
123 if (k < 0 && errno == ENOTSOCK) {
124 b->prefer_writev = true;
125 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
130 return errno == EAGAIN ? 0 : -errno;
132 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
136 static int bus_socket_auth_verify_client(sd_bus *b) {
144 /* We expect two response lines: "OK" and possibly
147 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
151 if (b->negotiate_fds) {
152 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
162 /* Nice! We got all the lines we need. First check the OK
165 if (e - (char*) b->rbuffer != 3 + 32)
168 if (memcmp(b->rbuffer, "OK ", 3))
171 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
173 for (i = 0; i < 32; i += 2) {
176 x = unhexchar(((char*) b->rbuffer)[3 + i]);
177 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
182 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
185 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
186 !sd_id128_equal(b->server_id, peer))
191 /* And possibly check the second line, too */
195 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
196 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
198 b->rbuffer_size -= (start - (char*) b->rbuffer);
199 memmove(b->rbuffer, start, b->rbuffer_size);
201 r = bus_start_running(b);
208 static bool line_equals(const char *s, size_t m, const char *line) {
215 return memcmp(s, line, l) == 0;
218 static bool line_begins(const char *s, size_t m, const char *word) {
225 if (memcmp(s, word, l) != 0)
228 return m == l || (m > l && s[l] == ' ');
231 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
232 _cleanup_free_ char *token = NULL;
234 if (!b->anonymous_auth)
245 token = unhexmem(p, l);
249 if (memchr(token, 0, l/2))
252 return !!utf8_is_valid(token);
255 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
256 _cleanup_free_ char *token = NULL;
260 /* We don't do any real authentication here. Instead, we if
261 * the owner of this bus wanted authentication he should have
262 * checked SO_PEERCRED before even creating the bus object. */
264 if (!b->anonymous_auth && !b->ucred_valid)
276 token = unhexmem(p, l);
280 if (memchr(token, 0, l/2))
283 r = parse_uid(token, &u);
287 /* We ignore the passed value if anonymous authentication is
289 if (!b->anonymous_auth && u != b->ucred.uid)
295 static int bus_socket_auth_write(sd_bus *b, const char *t) {
302 /* We only make use of the first iovec */
303 assert(b->auth_index == 0 || b->auth_index == 1);
306 p = malloc(b->auth_iovec[0].iov_len + l);
310 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
311 memcpy(p + b->auth_iovec[0].iov_len, t, l);
313 b->auth_iovec[0].iov_base = p;
314 b->auth_iovec[0].iov_len += l;
316 free(b->auth_buffer);
322 static int bus_socket_auth_write_ok(sd_bus *b) {
323 char t[3 + 32 + 2 + 1];
327 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
330 return bus_socket_auth_write(b, t);
333 static int bus_socket_auth_verify_server(sd_bus *b) {
337 bool processed = false;
342 if (b->rbuffer_size < 1)
345 /* First char must be a NUL byte */
346 if (*(char*) b->rbuffer != 0)
349 if (b->rbuffer_size < 3)
352 /* Begin with the first line */
353 if (b->auth_rbegin <= 0)
357 /* Check if line is complete */
358 line = (char*) b->rbuffer + b->auth_rbegin;
359 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
365 if (line_begins(line, l, "AUTH ANONYMOUS")) {
367 r = verify_anonymous_token(b, line + 14, l - 14);
371 r = bus_socket_auth_write(b, "REJECTED\r\n");
373 b->auth = BUS_AUTH_ANONYMOUS;
374 r = bus_socket_auth_write_ok(b);
377 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
379 r = verify_external_token(b, line + 13, l - 13);
383 r = bus_socket_auth_write(b, "REJECTED\r\n");
385 b->auth = BUS_AUTH_EXTERNAL;
386 r = bus_socket_auth_write_ok(b);
389 } else if (line_begins(line, l, "AUTH"))
390 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
391 else if (line_equals(line, l, "CANCEL") ||
392 line_begins(line, l, "ERROR")) {
394 b->auth = _BUS_AUTH_INVALID;
395 r = bus_socket_auth_write(b, "REJECTED\r\n");
397 } else if (line_equals(line, l, "BEGIN")) {
399 if (b->auth == _BUS_AUTH_INVALID)
400 r = bus_socket_auth_write(b, "ERROR\r\n");
402 /* We can't leave from the auth phase
403 * before we haven't written
404 * everything queued, so let's check
407 if (bus_socket_auth_needs_write(b))
410 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
411 memmove(b->rbuffer, e + 2, b->rbuffer_size);
412 return bus_start_running(b);
415 } else if (line_begins(line, l, "DATA")) {
417 if (b->auth == _BUS_AUTH_INVALID)
418 r = bus_socket_auth_write(b, "ERROR\r\n");
420 if (b->auth == BUS_AUTH_ANONYMOUS)
421 r = verify_anonymous_token(b, line + 4, l - 4);
423 r = verify_external_token(b, line + 4, l - 4);
428 b->auth = _BUS_AUTH_INVALID;
429 r = bus_socket_auth_write(b, "REJECTED\r\n");
431 r = bus_socket_auth_write_ok(b);
433 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
434 if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
435 r = bus_socket_auth_write(b, "ERROR\r\n");
438 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
441 r = bus_socket_auth_write(b, "ERROR\r\n");
446 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
452 static int bus_socket_auth_verify(sd_bus *b) {
456 return bus_socket_auth_verify_server(b);
458 return bus_socket_auth_verify_client(b);
461 static int bus_socket_read_auth(sd_bus *b) {
469 struct cmsghdr cmsghdr;
470 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
471 CMSG_SPACE(sizeof(struct ucred)) +
472 CMSG_SPACE(NAME_MAX)]; /*selinux label */
474 struct cmsghdr *cmsg;
475 bool handle_cmsg = false;
478 assert(b->state == BUS_AUTHENTICATING);
480 r = bus_socket_auth_verify(b);
484 n = MAX(256u, b->rbuffer_size * 2);
486 if (n > BUS_AUTH_SIZE_MAX)
487 n = BUS_AUTH_SIZE_MAX;
489 if (b->rbuffer_size >= n)
492 p = realloc(b->rbuffer, n);
499 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
500 iov.iov_len = n - b->rbuffer_size;
503 k = readv(b->input_fd, &iov, 1);
508 mh.msg_control = &control;
509 mh.msg_controllen = sizeof(control);
511 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
512 if (k < 0 && errno == ENOTSOCK) {
513 b->prefer_readv = true;
514 k = readv(b->input_fd, &iov, 1);
519 return errno == EAGAIN ? 0 : -errno;
523 b->rbuffer_size += k;
526 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
527 if (cmsg->cmsg_level == SOL_SOCKET &&
528 cmsg->cmsg_type == SCM_RIGHTS) {
531 /* Whut? We received fds during the auth
532 * protocol? Somebody is playing games with
533 * us. Close them all, and fail */
534 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
535 close_many((int*) CMSG_DATA(cmsg), j);
538 } else if (cmsg->cmsg_level == SOL_SOCKET &&
539 cmsg->cmsg_type == SCM_CREDENTIALS &&
540 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
542 /* Ignore bogus data, which we might
543 * get on socketpair() sockets */
544 if (((struct ucred*) CMSG_DATA(cmsg))->pid != 0) {
545 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
546 b->ucred_valid = true;
549 } else if (cmsg->cmsg_level == SOL_SOCKET &&
550 cmsg->cmsg_type == SCM_SECURITY) {
554 l = cmsg->cmsg_len - CMSG_LEN(0);
556 memcpy(&b->label, CMSG_DATA(cmsg), l);
563 r = bus_socket_auth_verify(b);
570 static int bus_socket_setup(sd_bus *b) {
576 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
577 * socket, just in case. */
578 enable = !b->bus_client;
579 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
580 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
582 /* Increase the buffers to a MB */
583 fd_inc_rcvbuf(b->input_fd, 1024*1024);
584 fd_inc_sndbuf(b->output_fd, 1024*1024);
586 /* Get the peer for socketpair() sockets */
587 l = sizeof(b->ucred);
588 if (getsockopt(b->input_fd, SOL_SOCKET, SO_PEERCRED, &b->ucred, &l) >= 0 && l >= sizeof(b->ucred))
589 b->ucred_valid = b->ucred.pid > 0;
594 static int bus_socket_start_auth_client(sd_bus *b) {
596 const char *auth_suffix, *auth_prefix;
600 if (b->anonymous_auth) {
601 auth_prefix = "\0AUTH ANONYMOUS ";
603 /* For ANONYMOUS auth we send some arbitrary "trace" string */
605 b->auth_buffer = hexmem("anonymous", l);
607 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
609 auth_prefix = "\0AUTH EXTERNAL ";
611 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
615 b->auth_buffer = hexmem(text, l);
621 if (b->negotiate_fds)
622 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
624 auth_suffix = "\r\nBEGIN\r\n";
626 b->auth_iovec[0].iov_base = (void*) auth_prefix;
627 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
628 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
629 b->auth_iovec[1].iov_len = l * 2;
630 b->auth_iovec[2].iov_base = (void*) auth_suffix;
631 b->auth_iovec[2].iov_len = strlen(auth_suffix);
633 return bus_socket_write_auth(b);
636 static int bus_socket_start_auth(sd_bus *b) {
639 b->state = BUS_AUTHENTICATING;
640 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
642 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
643 b->negotiate_fds = false;
645 if (b->output_fd != b->input_fd)
646 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
647 b->negotiate_fds = false;
650 return bus_socket_read_auth(b);
652 return bus_socket_start_auth_client(b);
655 int bus_socket_connect(sd_bus *b) {
659 assert(b->input_fd < 0);
660 assert(b->output_fd < 0);
661 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
663 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
667 b->output_fd = b->input_fd;
669 r = bus_socket_setup(b);
673 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
675 if (errno == EINPROGRESS)
681 return bus_socket_start_auth(b);
684 int bus_socket_exec(sd_bus *b) {
689 assert(b->input_fd < 0);
690 assert(b->output_fd < 0);
691 assert(b->exec_path);
693 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
705 reset_all_signal_handlers();
707 close_all_fds(s+1, 1);
709 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
710 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
712 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
713 close_nointr_nofail(s[1]);
715 fd_cloexec(STDIN_FILENO, false);
716 fd_cloexec(STDOUT_FILENO, false);
717 fd_nonblock(STDIN_FILENO, false);
718 fd_nonblock(STDOUT_FILENO, false);
721 execvp(b->exec_path, b->exec_argv);
723 const char *argv[] = { b->exec_path, NULL };
724 execvp(b->exec_path, (char**) argv);
730 close_nointr_nofail(s[1]);
731 b->output_fd = b->input_fd = s[0];
733 return bus_socket_start_auth(b);
736 int bus_socket_take_fd(sd_bus *b) {
740 r = bus_socket_setup(b);
744 return bus_socket_start_auth(b);
747 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
756 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
758 if (*idx >= BUS_MESSAGE_SIZE(m))
761 bus_message_setup_iovec(m);
763 n = m->n_iovec * sizeof(struct iovec);
765 memcpy(iov, m->iovec, n);
768 iovec_advance(iov, &j, *idx);
770 if (bus->prefer_writev)
771 k = writev(bus->output_fd, iov, m->n_iovec);
777 struct cmsghdr *control;
778 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
780 mh.msg_control = control;
781 control->cmsg_level = SOL_SOCKET;
782 control->cmsg_type = SCM_RIGHTS;
783 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
784 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
788 mh.msg_iovlen = m->n_iovec;
790 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
791 if (k < 0 && errno == ENOTSOCK) {
792 bus->prefer_writev = true;
793 k = writev(bus->output_fd, iov, m->n_iovec);
798 return errno == EAGAIN ? 0 : -errno;
804 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
811 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
813 if (bus->rbuffer_size < sizeof(struct bus_header)) {
814 *need = sizeof(struct bus_header) + 8;
816 /* Minimum message size:
820 * Method Call: +2 string headers
821 * Signal: +3 string headers
822 * Method Error: +1 string headers
824 * Method Reply: +1 uint32 headers
826 * A string header is at least 9 bytes
827 * A uint32 header is at least 8 bytes
829 * Hence the minimum message size of a valid message
830 * is header + 8 bytes */
835 a = ((const uint32_t*) bus->rbuffer)[1];
836 b = ((const uint32_t*) bus->rbuffer)[3];
838 e = ((const uint8_t*) bus->rbuffer)[0];
839 if (e == SD_BUS_LITTLE_ENDIAN) {
842 } else if (e == SD_BUS_BIG_ENDIAN) {
848 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
849 if (sum >= BUS_MESSAGE_SIZE_MAX)
852 *need = (size_t) sum;
856 static int bus_socket_make_message(sd_bus *bus, size_t size, sd_bus_message **m) {
863 assert(bus->rbuffer_size >= size);
864 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
866 if (bus->rbuffer_size > size) {
867 b = memdup((const uint8_t*) bus->rbuffer + size,
868 bus->rbuffer_size - size);
874 r = bus_message_from_malloc(bus->rbuffer, size,
875 bus->fds, bus->n_fds,
876 bus->ucred_valid ? &bus->ucred : NULL,
877 bus->label[0] ? bus->label : NULL,
885 bus->rbuffer_size -= size;
894 int bus_socket_read_message(sd_bus *bus, sd_bus_message **m) {
902 struct cmsghdr cmsghdr;
903 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
904 CMSG_SPACE(sizeof(struct ucred)) +
905 CMSG_SPACE(NAME_MAX)]; /*selinux label */
907 struct cmsghdr *cmsg;
908 bool handle_cmsg = false;
912 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
914 r = bus_socket_read_message_need(bus, &need);
918 if (bus->rbuffer_size >= need)
919 return bus_socket_make_message(bus, need, m);
921 b = realloc(bus->rbuffer, need);
928 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
929 iov.iov_len = need - bus->rbuffer_size;
931 if (bus->prefer_readv)
932 k = readv(bus->input_fd, &iov, 1);
937 mh.msg_control = &control;
938 mh.msg_controllen = sizeof(control);
940 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
941 if (k < 0 && errno == ENOTSOCK) {
942 bus->prefer_readv = true;
943 k = readv(bus->input_fd, &iov, 1);
948 return errno == EAGAIN ? 0 : -errno;
952 bus->rbuffer_size += k;
955 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
956 if (cmsg->cmsg_level == SOL_SOCKET &&
957 cmsg->cmsg_type == SCM_RIGHTS) {
960 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
963 /* Whut? We received fds but this
964 * isn't actually enabled? Close them,
967 close_many((int*) CMSG_DATA(cmsg), n);
971 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
973 close_many((int*) CMSG_DATA(cmsg), n);
977 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
980 } else if (cmsg->cmsg_level == SOL_SOCKET &&
981 cmsg->cmsg_type == SCM_CREDENTIALS &&
982 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
984 /* Ignore bogus data, which we might
985 * get on socketpair() sockets */
986 if (((struct ucred*) CMSG_DATA(cmsg))->pid != 0) {
987 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
988 bus->ucred_valid = true;
991 } else if (cmsg->cmsg_level == SOL_SOCKET &&
992 cmsg->cmsg_type == SCM_SECURITY) {
995 l = cmsg->cmsg_len - CMSG_LEN(0);
997 memcpy(&bus->label, CMSG_DATA(cmsg), l);
1004 r = bus_socket_read_message_need(bus, &need);
1008 if (bus->rbuffer_size >= need)
1009 return bus_socket_make_message(bus, need, m);
1014 int bus_socket_process_opening(sd_bus *b) {
1016 socklen_t slen = sizeof(error);
1023 assert(b->state == BUS_OPENING);
1029 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
1032 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
1034 b->last_connect_error = errno;
1035 else if (error != 0)
1036 b->last_connect_error = error;
1037 else if (p.revents & (POLLERR|POLLHUP))
1038 b->last_connect_error = ECONNREFUSED;
1040 return bus_socket_start_auth(b);
1042 return bus_next_address(b);
1045 int bus_socket_process_authenticating(sd_bus *b) {
1049 assert(b->state == BUS_AUTHENTICATING);
1051 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1054 r = bus_socket_write_auth(b);
1058 return bus_socket_read_auth(b);