c2dfb7
From badb16c481cf592a1761ad20dd0a84614d2bbd5b Mon Sep 17 00:00:00 2001
c2dfb7
From: David Rheinsberg <david.rheinsberg@gmail.com>
c2dfb7
Date: Thu, 14 Mar 2019 13:33:28 +0100
c2dfb7
Subject: [PATCH] sd-bus: fix SASL reply to empty AUTH
c2dfb7
c2dfb7
The correct way to reply to "AUTH <protocol>" without any payload is to
c2dfb7
send "DATA" rather than "OK". The "DATA" reply triggers the client to
c2dfb7
respond with the requested payload.
c2dfb7
c2dfb7
In fact, adding the data as hex-encoded argument like
c2dfb7
"AUTH <protocol> <hex-data>" is an optimization that skips the "DATA"
c2dfb7
roundtrip. The standard way to perform an authentication is to send the
c2dfb7
"DATA" line.
c2dfb7
c2dfb7
This commit fixes sd-bus to properly send the "DATA" line. Surprisingly
c2dfb7
no existing implementation depends on this, as they all pass the data
c2dfb7
directly as argument to "AUTH". This will not work if we want to pass
c2dfb7
an empty argument, though.
c2dfb7
c2dfb7
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
c2dfb7
(cherry picked from commit 2010873b4b49b223e0cc07d28205b09c693ef005)
c2dfb7
c2dfb7
Related: #1838081
c2dfb7
---
c2dfb7
 src/libsystemd/sd-bus/bus-socket.c | 10 ++++++++--
c2dfb7
 1 file changed, 8 insertions(+), 2 deletions(-)
c2dfb7
c2dfb7
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
c2dfb7
index 1c8b331b48..e505d43c6b 100644
c2dfb7
--- a/src/libsystemd/sd-bus/bus-socket.c
c2dfb7
+++ b/src/libsystemd/sd-bus/bus-socket.c
c2dfb7
@@ -399,7 +399,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
c2dfb7
                                 r = bus_socket_auth_write(b, "REJECTED\r\n");
c2dfb7
                         else {
c2dfb7
                                 b->auth = BUS_AUTH_ANONYMOUS;
c2dfb7
-                                r = bus_socket_auth_write_ok(b);
c2dfb7
+                                if (l <= strlen("AUTH ANONYMOUS"))
c2dfb7
+                                        r = bus_socket_auth_write(b, "DATA\r\n");
c2dfb7
+                                else
c2dfb7
+                                        r = bus_socket_auth_write_ok(b);
c2dfb7
                         }
c2dfb7
 
c2dfb7
                 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
c2dfb7
@@ -413,7 +416,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
c2dfb7
                                 r = bus_socket_auth_write(b, "REJECTED\r\n");
c2dfb7
                         else {
c2dfb7
                                 b->auth = BUS_AUTH_EXTERNAL;
c2dfb7
-                                r = bus_socket_auth_write_ok(b);
c2dfb7
+                                if (l <= strlen("AUTH EXTERNAL"))
c2dfb7
+                                        r = bus_socket_auth_write(b, "DATA\r\n");
c2dfb7
+                                else
c2dfb7
+                                        r = bus_socket_auth_write_ok(b);
c2dfb7
                         }
c2dfb7
 
c2dfb7
                 } else if (line_begins(line, l, "AUTH"))