You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
211 lines
7.3 KiB
211 lines
7.3 KiB
From ccdb8883c6ff0e72d5e221768af0718e25cbf177 Mon Sep 17 00:00:00 2001
|
|
From: David Rheinsberg <david.rheinsberg@gmail.com>
|
|
Date: Thu, 14 Mar 2019 13:34:13 +0100
|
|
Subject: [PATCH] sd-bus: skip sending formatted UIDs via SASL
|
|
|
|
The dbus external authentication takes as optional argument the UID the
|
|
sender wants to authenticate as. This uid is purely optional. The
|
|
AF_UNIX socket already conveys the same information through the
|
|
auxiliary socket data, so we really don't have to provide that
|
|
information.
|
|
|
|
Unfortunately, there is no way to send empty arguments, since they are
|
|
interpreted as "missing argument", which has a different meaning. The
|
|
SASL negotiation thus changes from:
|
|
|
|
AUTH EXTERNAL <uid>
|
|
NEGOTIATE_UNIX_FD (optional)
|
|
BEGIN
|
|
|
|
to:
|
|
|
|
AUTH EXTERNAL
|
|
DATA
|
|
NEGOTIATE_UNIX_FD (optional)
|
|
BEGIN
|
|
|
|
And thus the replies we expect as a client change from:
|
|
|
|
OK <server-id>
|
|
AGREE_UNIX_FD (optional)
|
|
|
|
to:
|
|
|
|
DATA
|
|
OK <server-id>
|
|
AGREE_UNIX_FD (optional)
|
|
|
|
Since the old sd-bus server implementation used the wrong reply for
|
|
"AUTH" requests that do not carry the arguments inlined, we decided to
|
|
make sd-bus clients accept this as well. Hence, sd-bus now allows
|
|
"OK <server-id>\r\n" replies instead of "DATA\r\n" replies.
|
|
|
|
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
|
|
(cherry picked from commit 1ed4723d38cd0d1423c8fe650f90fa86007ddf55)
|
|
|
|
Resolves: #1838081
|
|
---
|
|
src/libsystemd/sd-bus/bus-socket.c | 106 +++++++++++++++++------------
|
|
1 file changed, 64 insertions(+), 42 deletions(-)
|
|
|
|
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
|
|
index e505d43c6b..8813dd5efd 100644
|
|
--- a/src/libsystemd/sd-bus/bus-socket.c
|
|
+++ b/src/libsystemd/sd-bus/bus-socket.c
|
|
@@ -162,17 +162,25 @@ static int bus_socket_write_auth(sd_bus *b) {
|
|
}
|
|
|
|
static int bus_socket_auth_verify_client(sd_bus *b) {
|
|
- char *e, *f, *start;
|
|
+ char *d, *e, *f, *start;
|
|
sd_id128_t peer;
|
|
unsigned i;
|
|
int r;
|
|
|
|
assert(b);
|
|
|
|
- /* We expect two response lines: "OK" and possibly
|
|
- * "AGREE_UNIX_FD" */
|
|
+ /*
|
|
+ * We expect three response lines:
|
|
+ * "DATA\r\n"
|
|
+ * "OK <server-id>\r\n"
|
|
+ * "AGREE_UNIX_FD\r\n" (optional)
|
|
+ */
|
|
|
|
- e = memmem_safe(b->rbuffer, b->rbuffer_size, "\r\n", 2);
|
|
+ d = memmem_safe(b->rbuffer, b->rbuffer_size, "\r\n", 2);
|
|
+ if (!d)
|
|
+ return 0;
|
|
+
|
|
+ e = memmem(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
|
|
if (!e)
|
|
return 0;
|
|
|
|
@@ -187,13 +195,30 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
|
|
start = e + 2;
|
|
}
|
|
|
|
- /* Nice! We got all the lines we need. First check the OK
|
|
- * line */
|
|
+ /* Nice! We got all the lines we need. First check the DATA line. */
|
|
+
|
|
+ if (d - (char*) b->rbuffer == 4) {
|
|
+ if (memcmp(b->rbuffer, "DATA", 4))
|
|
+ return -EPERM;
|
|
+ } else if (d - (char*) b->rbuffer == 3 + 32) {
|
|
+ /*
|
|
+ * Old versions of the server-side implementation of `sd-bus` replied with "OK <id>" to
|
|
+ * "AUTH" requests from a client, even if the "AUTH" line did not contain inlined
|
|
+ * arguments. Therefore, we also accept "OK <id>" here, even though it is technically the
|
|
+ * wrong reply. We ignore the "<id>" parameter, though, since it has no real value.
|
|
+ */
|
|
+ if (memcmp(b->rbuffer, "OK ", 3))
|
|
+ return -EPERM;
|
|
+ } else {
|
|
+ return -EPERM;
|
|
+ }
|
|
+
|
|
+ /* Now check the OK line. */
|
|
|
|
- if (e - (char*) b->rbuffer != 3 + 32)
|
|
+ if (e - d != 2 + 3 + 32)
|
|
return -EPERM;
|
|
|
|
- if (memcmp(b->rbuffer, "OK ", 3))
|
|
+ if (memcmp(d + 2, "OK ", 3))
|
|
return -EPERM;
|
|
|
|
b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
|
|
@@ -201,8 +226,8 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
|
|
for (i = 0; i < 32; i += 2) {
|
|
int x, y;
|
|
|
|
- x = unhexchar(((char*) b->rbuffer)[3 + i]);
|
|
- y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
|
|
+ x = unhexchar(d[2 + 3 + i]);
|
|
+ y = unhexchar(d[2 + 3 + i + 1]);
|
|
|
|
if (x < 0 || y < 0)
|
|
return -EINVAL;
|
|
@@ -216,7 +241,7 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
|
|
|
|
b->server_id = peer;
|
|
|
|
- /* And possibly check the second line, too */
|
|
+ /* And possibly check the third line, too */
|
|
|
|
if (f)
|
|
b->can_fds =
|
|
@@ -616,42 +641,39 @@ static void bus_get_peercred(sd_bus *b) {
|
|
}
|
|
|
|
static int bus_socket_start_auth_client(sd_bus *b) {
|
|
- size_t l;
|
|
- const char *auth_suffix, *auth_prefix;
|
|
+ static const char sasl_auth_anonymous[] = {
|
|
+ /*
|
|
+ * We use an arbitrary trace-string for the ANONYMOUS authentication. It can be used by the
|
|
+ * message broker to aid debugging of clients. We fully anonymize the connection and use a
|
|
+ * static default.
|
|
+ */
|
|
+ "\0AUTH ANONYMOUS\r\n"
|
|
+ /* HEX a n o n y m o u s */
|
|
+ "DATA 616e6f6e796d6f7573\r\n"
|
|
+ };
|
|
+ static const char sasl_auth_external[] = {
|
|
+ "\0AUTH EXTERNAL\r\n"
|
|
+ "DATA\r\n"
|
|
+ };
|
|
+ static const char sasl_negotiate_unix_fd[] = {
|
|
+ "NEGOTIATE_UNIX_FD\r\n"
|
|
+ };
|
|
+ static const char sasl_begin[] = {
|
|
+ "BEGIN\r\n"
|
|
+ };
|
|
+ size_t i = 0;
|
|
|
|
assert(b);
|
|
|
|
- if (b->anonymous_auth) {
|
|
- auth_prefix = "\0AUTH ANONYMOUS ";
|
|
-
|
|
- /* For ANONYMOUS auth we send some arbitrary "trace" string */
|
|
- l = 9;
|
|
- b->auth_buffer = hexmem("anonymous", l);
|
|
- } else {
|
|
- char text[DECIMAL_STR_MAX(uid_t) + 1];
|
|
-
|
|
- auth_prefix = "\0AUTH EXTERNAL ";
|
|
-
|
|
- xsprintf(text, UID_FMT, geteuid());
|
|
-
|
|
- l = strlen(text);
|
|
- b->auth_buffer = hexmem(text, l);
|
|
- }
|
|
-
|
|
- if (!b->auth_buffer)
|
|
- return -ENOMEM;
|
|
+ if (b->anonymous_auth)
|
|
+ b->auth_iovec[i++] = IOVEC_MAKE((char*) sasl_auth_anonymous, sizeof(sasl_auth_anonymous) - 1);
|
|
+ else
|
|
+ b->auth_iovec[i++] = IOVEC_MAKE((char*) sasl_auth_external, sizeof(sasl_auth_external) - 1);
|
|
|
|
if (b->accept_fd)
|
|
- auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
|
|
- else
|
|
- auth_suffix = "\r\nBEGIN\r\n";
|
|
-
|
|
- b->auth_iovec[0].iov_base = (void*) auth_prefix;
|
|
- b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
|
|
- b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
|
|
- b->auth_iovec[1].iov_len = l * 2;
|
|
- b->auth_iovec[2].iov_base = (void*) auth_suffix;
|
|
- b->auth_iovec[2].iov_len = strlen(auth_suffix);
|
|
+ b->auth_iovec[i++] = IOVEC_MAKE_STRING(sasl_negotiate_unix_fd);
|
|
+
|
|
+ b->auth_iovec[i++] = IOVEC_MAKE_STRING(sasl_begin);
|
|
|
|
return bus_socket_write_auth(b);
|
|
}
|