auth: Do not send UID with external auth

Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID godbus#345
idleroamer · Dec 4, 2022 · ded90ae · ded90ae
1 parent a852926
commit ded90ae
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 12 deletions.
diff --git a/auth.go b/auth.go
@@ -54,7 +54,7 @@ type Auth interface {
 func (conn *Conn) Auth(methods []Auth) error {
 	if methods == nil {
 		uid := strconv.Itoa(os.Geteuid())
-		methods = []Auth{AuthExternal(uid), AuthCookieSha1(uid, getHomeDir())}
+		methods = []Auth{AuthExternal(), AuthCookieSha1(uid, getHomeDir())}
 	}
 	in := bufio.NewReader(conn.transport)
 	err := conn.transport.SendNullByte()

diff --git a/auth_external.go b/auth_external.go
@@ -1,24 +1,17 @@
 package dbus
 
-import (
-	"encoding/hex"
-)
-
-// AuthExternal returns an Auth that authenticates as the given user with the
+// AuthExternal returns an Auth that authenticates with the
 // EXTERNAL mechanism.
-func AuthExternal(user string) Auth {
-	return authExternal{user}
+func AuthExternal() Auth {
+	return authExternal{}
 }
 
 // AuthExternal implements the EXTERNAL authentication mechanism.
 type authExternal struct {
-	user string
 }
 
 func (a authExternal) FirstData() ([]byte, []byte, AuthStatus) {
-	b := make([]byte, 2*len(a.user))
-	hex.Encode(b, []byte(a.user))
-	return []byte("EXTERNAL"), b, AuthOk
+	return []byte("EXTERNAL"), []byte, AuthOk
 }
 
 func (a authExternal) HandleData(b []byte) ([]byte, AuthStatus) {