Skip to content

Commit

Permalink
Merge branch 'Prototik-fix-auth'
Browse files Browse the repository at this point in the history
  • Loading branch information
hypfvieh committed Jun 3, 2023
2 parents 9602477 + a8714ec commit e5d0481
Showing 1 changed file with 17 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -93,15 +93,23 @@ private String findCookie(String _context, String _id) throws IOException {
}

File f = new File(keyringDir, _context);
long currentTime = System.currentTimeMillis() / 1000;
try (BufferedReader r = new BufferedReader(new InputStreamReader(new FileInputStream(f)))) {
String s = null;
String lCookie = null;

TimeMeasure tm = new TimeMeasure();
while (null != (s = r.readLine())) {
String[] line = s.split(" ");
long timestamp = Long.parseLong(line[1]);
if (line[0].equals(_id) && !(timestamp < 0 || (tm.getElapsedSeconds() + MAX_TIME_TRAVEL_SECONDS) < timestamp || tm.getElapsedSeconds() - EXPIRE_KEYS_TIMEOUT_SECONDS > timestamp)) {
if (line.length != 3) {
continue;
}
long timestamp;
try {
timestamp = Long.parseLong(line[1]);
} catch (NumberFormatException _ex) {
continue;
}
if (line[0].equals(_id) && timestamp >= 0 && currentTime >= timestamp - MAX_TIME_TRAVEL_SECONDS && currentTime < timestamp + EXPIRE_KEYS_TIMEOUT_SECONDS) {
lCookie = line[2];
break;
}
Expand Down Expand Up @@ -344,6 +352,10 @@ SaslResult doChallenge(int _auth, SASL.Command _c) throws IOException {
response = stupidlyEncode(buf);
_c.setResponse(stupidlyEncode(clientchallenge + " " + response));
return SaslResult.OK;
case AUTH_ANON:
// Pong back DATA if server wants it for anonymous auth
_c.setResponse(_c.getData() == null ? "" : _c.getData());
return SaslResult.OK;
default:
logger.debug("Not DBUS_COOKIE_SHA1 authtype.");
return SaslResult.ERROR;
Expand Down Expand Up @@ -388,7 +400,7 @@ SaslResult doResponse(int _auth, String _uid, String _kernelUid, SASL.Command _c
logger.debug("Sending challenge: {} {} {}", context, id, challenge);

_c.setResponse(stupidlyEncode(context + ' ' + id + ' ' + challenge));
return SaslResult.OK;
return SaslResult.CONTINUE;
default:
return SaslResult.ERROR;
}
Expand Down Expand Up @@ -525,7 +537,6 @@ public boolean auth(SocketChannel _sock, AbstractTransport _transport) throws IO
break;
case OK:
logger.trace("Authenticated");
state = SaslAuthState.AUTHENTICATED;

if (saslConfig.isFileDescriptorSupport()) {
state = SaslAuthState.WAIT_DATA;
Expand Down Expand Up @@ -555,7 +566,7 @@ public boolean auth(SocketChannel _sock, AbstractTransport _transport) throws IO
switch (c.getCommand()) {
case OK:
send(_sock, BEGIN);
state = SaslAuthState.AUTHENTICATED;
state = SaslAuthState.FINISHED;
break;
case ERROR:
case DATA:
Expand Down Expand Up @@ -797,7 +808,6 @@ enum SaslAuthState {
WAIT_REJECT,
WAIT_AUTH,
WAIT_BEGIN,
AUTHENTICATED,
NEGOTIATE_UNIX_FD,
FINISHED,
FAILED;
Expand Down

0 comments on commit e5d0481

Please sign in to comment.