sd-bus: fix SASL reply to empty AUTH

The correct way to reply to "AUTH <protocol>" without any payload is to send "DATA" rather than "OK". The "DATA" reply triggers the client to respond with the requested payload. In fact, adding the data as hex-encoded argument like "AUTH <protocol> <hex-data>" is an optimization that skips the "DATA" roundtrip. The standard way to perform an authentication is to send the "DATA" line. This commit fixes sd-bus to properly send the "DATA" line. Surprisingly no existing implementation depends on this, as they all pass the data directly as argument to "AUTH". This will not work if we want to pass an empty argument, though. Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com> (cherry picked from commit 2010873b4b49b223e0cc07d28205b09c693ef005) Related: #1838081
author: David Rheinsberg <david.rheinsberg@gmail.com> 2019-03-14 13:33:28 +0100
committer: The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com> 2020-06-08 16:01:18 +0200
commit: badb16c481cf592a1761ad20dd0a84614d2bbd5b (patch)
tree: c2f50bcc85176a2f694d21e0f674265a1de3a0e2
parent: d524f9f9089b71d83e991ed42d25a4616ec575a2 (diff)
download: systemd-badb16c481cf592a1761ad20dd0a84614d2bbd5b.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index 1c8b331b48..e505d43c6b 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -399,7 +399,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
                                 r = bus_socket_auth_write(b, "REJECTED\r\n");
                         else {
                                 b->auth = BUS_AUTH_ANONYMOUS;
-                                r = bus_socket_auth_write_ok(b);
+                                if (l <= strlen("AUTH ANONYMOUS"))
+                                        r = bus_socket_auth_write(b, "DATA\r\n");
+                                else
+                                        r = bus_socket_auth_write_ok(b);
                         }
 
                 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
@@ -413,7 +416,10 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
                                 r = bus_socket_auth_write(b, "REJECTED\r\n");
                         else {
                                 b->auth = BUS_AUTH_EXTERNAL;
-                                r = bus_socket_auth_write_ok(b);
+                                if (l <= strlen("AUTH EXTERNAL"))
+                                        r = bus_socket_auth_write(b, "DATA\r\n");
+                                else
+                                        r = bus_socket_auth_write_ok(b);
                         }
 
                 } else if (line_begins(line, l, "AUTH"))
author	David Rheinsberg <david.rheinsberg@gmail.com>	2019-03-14 13:33:28 +0100
committer	The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com>	2020-06-08 16:01:18 +0200
commit	badb16c481cf592a1761ad20dd0a84614d2bbd5b (patch)
tree	c2f50bcc85176a2f694d21e0f674265a1de3a0e2
parent	d524f9f9089b71d83e991ed42d25a4616ec575a2 (diff)
download	systemd-badb16c481cf592a1761ad20dd0a84614d2bbd5b.tar.gz