From ded90ae78a720c7f7a4e49051889be84aeaa2d21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=98=8EMostafa=20Emami?= Date: Sun, 4 Dec 2022 20:48:56 +0100 Subject: [PATCH] auth: Do not send UID with external auth Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID https://github.com/godbus/dbus/issues/345 --- auth.go | 2 +- auth_external.go | 15 ++++----------- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/auth.go b/auth.go index 5fecbd3d..e9a494d8 100644 --- a/auth.go +++ b/auth.go @@ -54,7 +54,7 @@ type Auth interface { func (conn *Conn) Auth(methods []Auth) error { if methods == nil { uid := strconv.Itoa(os.Geteuid()) - methods = []Auth{AuthExternal(uid), AuthCookieSha1(uid, getHomeDir())} + methods = []Auth{AuthExternal(), AuthCookieSha1(uid, getHomeDir())} } in := bufio.NewReader(conn.transport) err := conn.transport.SendNullByte() diff --git a/auth_external.go b/auth_external.go index 7e376d3e..6153b751 100644 --- a/auth_external.go +++ b/auth_external.go @@ -1,24 +1,17 @@ package dbus -import ( - "encoding/hex" -) - -// AuthExternal returns an Auth that authenticates as the given user with the +// AuthExternal returns an Auth that authenticates with the // EXTERNAL mechanism. -func AuthExternal(user string) Auth { - return authExternal{user} +func AuthExternal() Auth { + return authExternal{} } // AuthExternal implements the EXTERNAL authentication mechanism. type authExternal struct { - user string } func (a authExternal) FirstData() ([]byte, []byte, AuthStatus) { - b := make([]byte, 2*len(a.user)) - hex.Encode(b, []byte(a.user)) - return []byte("EXTERNAL"), b, AuthOk + return []byte("EXTERNAL"), []byte, AuthOk } func (a authExternal) HandleData(b []byte) ([]byte, AuthStatus) {