|
|
52b84b |
From badb16c481cf592a1761ad20dd0a84614d2bbd5b Mon Sep 17 00:00:00 2001
|
|
|
52b84b |
From: David Rheinsberg <david.rheinsberg@gmail.com>
|
|
|
52b84b |
Date: Thu, 14 Mar 2019 13:33:28 +0100
|
|
|
52b84b |
Subject: [PATCH] sd-bus: fix SASL reply to empty AUTH
|
|
|
52b84b |
|
|
|
52b84b |
The correct way to reply to "AUTH <protocol>" without any payload is to
|
|
|
52b84b |
send "DATA" rather than "OK". The "DATA" reply triggers the client to
|
|
|
52b84b |
respond with the requested payload.
|
|
|
52b84b |
|
|
|
52b84b |
In fact, adding the data as hex-encoded argument like
|
|
|
52b84b |
"AUTH <protocol> <hex-data>" is an optimization that skips the "DATA"
|
|
|
52b84b |
roundtrip. The standard way to perform an authentication is to send the
|
|
|
52b84b |
"DATA" line.
|
|
|
52b84b |
|
|
|
52b84b |
This commit fixes sd-bus to properly send the "DATA" line. Surprisingly
|
|
|
52b84b |
no existing implementation depends on this, as they all pass the data
|
|
|
52b84b |
directly as argument to "AUTH". This will not work if we want to pass
|
|
|
52b84b |
an empty argument, though.
|
|
|
52b84b |
|
|
|
52b84b |
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
|
|
|
52b84b |
(cherry picked from commit 2010873b4b49b223e0cc07d28205b09c693ef005)
|
|
|
52b84b |
|
|
|
52b84b |
Related: #1838081
|
|
|
52b84b |
---
|
|
|
52b84b |
src/libsystemd/sd-bus/bus-socket.c | 10 ++++++++--
|
|
|
52b84b |
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
52b84b |
|
|
|
52b84b |
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
|
|
|
52b84b |
index 1c8b331b48..e505d43c6b 100644
|
|
|
52b84b |
--- a/src/libsystemd/sd-bus/bus-socket.c
|
|
|
52b84b |
+++ b/src/libsystemd/sd-bus/bus-socket.c
|
|
|
52b84b |
@@ -399,7 +399,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
|
|
|
52b84b |
r = bus_socket_auth_write(b, "REJECTED\r\n");
|
|
|
52b84b |
else {
|
|
|
52b84b |
b->auth = BUS_AUTH_ANONYMOUS;
|
|
|
52b84b |
- r = bus_socket_auth_write_ok(b);
|
|
|
52b84b |
+ if (l <= strlen("AUTH ANONYMOUS"))
|
|
|
52b84b |
+ r = bus_socket_auth_write(b, "DATA\r\n");
|
|
|
52b84b |
+ else
|
|
|
52b84b |
+ r = bus_socket_auth_write_ok(b);
|
|
|
52b84b |
}
|
|
|
52b84b |
|
|
|
52b84b |
} else if (line_begins(line, l, "AUTH EXTERNAL")) {
|
|
|
52b84b |
@@ -413,7 +416,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
|
|
|
52b84b |
r = bus_socket_auth_write(b, "REJECTED\r\n");
|
|
|
52b84b |
else {
|
|
|
52b84b |
b->auth = BUS_AUTH_EXTERNAL;
|
|
|
52b84b |
- r = bus_socket_auth_write_ok(b);
|
|
|
52b84b |
+ if (l <= strlen("AUTH EXTERNAL"))
|
|
|
52b84b |
+ r = bus_socket_auth_write(b, "DATA\r\n");
|
|
|
52b84b |
+ else
|
|
|
52b84b |
+ r = bus_socket_auth_write_ok(b);
|
|
|
52b84b |
}
|
|
|
52b84b |
|
|
|
52b84b |
} else if (line_begins(line, l, "AUTH"))
|