ryantimwilson / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone
52b84b
From badb16c481cf592a1761ad20dd0a84614d2bbd5b Mon Sep 17 00:00:00 2001
52b84b
From: David Rheinsberg <david.rheinsberg@gmail.com>
52b84b
Date: Thu, 14 Mar 2019 13:33:28 +0100
52b84b
Subject: [PATCH] sd-bus: fix SASL reply to empty AUTH
52b84b
52b84b
The correct way to reply to "AUTH <protocol>" without any payload is to
52b84b
send "DATA" rather than "OK". The "DATA" reply triggers the client to
52b84b
respond with the requested payload.
52b84b
52b84b
In fact, adding the data as hex-encoded argument like
52b84b
"AUTH <protocol> <hex-data>" is an optimization that skips the "DATA"
52b84b
roundtrip. The standard way to perform an authentication is to send the
52b84b
"DATA" line.
52b84b
52b84b
This commit fixes sd-bus to properly send the "DATA" line. Surprisingly
52b84b
no existing implementation depends on this, as they all pass the data
52b84b
directly as argument to "AUTH". This will not work if we want to pass
52b84b
an empty argument, though.
52b84b
52b84b
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
52b84b
(cherry picked from commit 2010873b4b49b223e0cc07d28205b09c693ef005)
52b84b
52b84b
Related: #1838081
52b84b
---
52b84b
 src/libsystemd/sd-bus/bus-socket.c | 10 ++++++++--
52b84b
 1 file changed, 8 insertions(+), 2 deletions(-)
52b84b
52b84b
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
52b84b
index 1c8b331b48..e505d43c6b 100644
52b84b
--- a/src/libsystemd/sd-bus/bus-socket.c
52b84b
+++ b/src/libsystemd/sd-bus/bus-socket.c
52b84b
@@ -399,7 +399,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
52b84b
                                 r = bus_socket_auth_write(b, "REJECTED\r\n");
52b84b
                         else {
52b84b
                                 b->auth = BUS_AUTH_ANONYMOUS;
52b84b
-                                r = bus_socket_auth_write_ok(b);
52b84b
+                                if (l <= strlen("AUTH ANONYMOUS"))
52b84b
+                                        r = bus_socket_auth_write(b, "DATA\r\n");
52b84b
+                                else
52b84b
+                                        r = bus_socket_auth_write_ok(b);
52b84b
                         }
52b84b
 
52b84b
                 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
52b84b
@@ -413,7 +416,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
52b84b
                                 r = bus_socket_auth_write(b, "REJECTED\r\n");
52b84b
                         else {
52b84b
                                 b->auth = BUS_AUTH_EXTERNAL;
52b84b
-                                r = bus_socket_auth_write_ok(b);
52b84b
+                                if (l <= strlen("AUTH EXTERNAL"))
52b84b
+                                        r = bus_socket_auth_write(b, "DATA\r\n");
52b84b
+                                else
52b84b
+                                        r = bus_socket_auth_write_ok(b);
52b84b
                         }
52b84b
 
52b84b
                 } else if (line_begins(line, l, "AUTH"))