richardphibel / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
4cad4c
From badb16c481cf592a1761ad20dd0a84614d2bbd5b Mon Sep 17 00:00:00 2001
4cad4c
From: David Rheinsberg <david.rheinsberg@gmail.com>
4cad4c
Date: Thu, 14 Mar 2019 13:33:28 +0100
4cad4c
Subject: [PATCH] sd-bus: fix SASL reply to empty AUTH
4cad4c
4cad4c
The correct way to reply to "AUTH <protocol>" without any payload is to
4cad4c
send "DATA" rather than "OK". The "DATA" reply triggers the client to
4cad4c
respond with the requested payload.
4cad4c
4cad4c
In fact, adding the data as hex-encoded argument like
4cad4c
"AUTH <protocol> <hex-data>" is an optimization that skips the "DATA"
4cad4c
roundtrip. The standard way to perform an authentication is to send the
4cad4c
"DATA" line.
4cad4c
4cad4c
This commit fixes sd-bus to properly send the "DATA" line. Surprisingly
4cad4c
no existing implementation depends on this, as they all pass the data
4cad4c
directly as argument to "AUTH". This will not work if we want to pass
4cad4c
an empty argument, though.
4cad4c
4cad4c
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
4cad4c
(cherry picked from commit 2010873b4b49b223e0cc07d28205b09c693ef005)
4cad4c
4cad4c
Related: #1838081
4cad4c
---
4cad4c
 src/libsystemd/sd-bus/bus-socket.c | 10 ++++++++--
4cad4c
 1 file changed, 8 insertions(+), 2 deletions(-)
4cad4c
4cad4c
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
4cad4c
index 1c8b331b48..e505d43c6b 100644
4cad4c
--- a/src/libsystemd/sd-bus/bus-socket.c
4cad4c
+++ b/src/libsystemd/sd-bus/bus-socket.c
4cad4c
@@ -399,7 +399,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
4cad4c
                                 r = bus_socket_auth_write(b, "REJECTED\r\n");
4cad4c
                         else {
4cad4c
                                 b->auth = BUS_AUTH_ANONYMOUS;
4cad4c
-                                r = bus_socket_auth_write_ok(b);
4cad4c
+                                if (l <= strlen("AUTH ANONYMOUS"))
4cad4c
+                                        r = bus_socket_auth_write(b, "DATA\r\n");
4cad4c
+                                else
4cad4c
+                                        r = bus_socket_auth_write_ok(b);
4cad4c
                         }
4cad4c
 
4cad4c
                 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
4cad4c
@@ -413,7 +416,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
4cad4c
                                 r = bus_socket_auth_write(b, "REJECTED\r\n");
4cad4c
                         else {
4cad4c
                                 b->auth = BUS_AUTH_EXTERNAL;
4cad4c
-                                r = bus_socket_auth_write_ok(b);
4cad4c
+                                if (l <= strlen("AUTH EXTERNAL"))
4cad4c
+                                        r = bus_socket_auth_write(b, "DATA\r\n");
4cad4c
+                                else
4cad4c
+                                        r = bus_socket_auth_write_ok(b);
4cad4c
                         }
4cad4c
 
4cad4c
                 } else if (line_begins(line, l, "AUTH"))