dbus: use challenge-response authentication

2026-01-18 15:20:54 +01:00 · 2026-01-18 15:20:54 +01:00 · 3d7dc1161f
commit 3d7dc1161f
parent 2f4543912b
4 changed files with 9 additions and 19 deletions
--- a/src/dbus.rs
+++ b/src/dbus.rs
@ -98,6 +98,8 @@ pub enum DbusError {
    ReadError(#[source] IoUringError),
    #[error("timeout")]
    IoUringError(#[source] Box<IoUringError>),
+    #[error("Server did not send auth challenge")]
+    NoChallenge,
    #[error("Server did not accept our authentication")]
    Auth,
    #[error("Array length is not a multiple of the element size")]
--- a/src/dbus/auth.rs
+++ b/src/dbus/auth.rs
@ -1,7 +1,7 @@
 use {
    crate::{
        dbus::{DbusError, DbusSocket, incoming::handle_incoming, outgoing::handle_outgoing},
-        utils::{buf::Buf, errorfmt::ErrorFmt, hex},
+        utils::{buf::Buf, errorfmt::ErrorFmt},
    },
    std::{ops::Deref, rc::Rc},
 };
@ -52,16 +52,20 @@ impl Auth {
    }

    async fn handle_auth(&mut self) -> Result<(), DbusError> {
-        let uid = hex::to_hex(&uapi::getuid().to_string());
        let mut out_buf = Buf::new(128);
        {
            let buf = out_buf
-                .write_fmt(format_args!("\0AUTH EXTERNAL {}\r\n", uid))
+                .write_fmt(format_args!("\0AUTH EXTERNAL\r\nDATA\r\n"))
                .unwrap();
            self.write_buf(buf).await?;
        }
        let line = self.readline().await?;
        let (cmd, _) = line_to_cmd(&line);
+        if cmd != "DATA" {
+            return Err(DbusError::NoChallenge);
+        }
+        let line = self.readline().await?;
+        let (cmd, _) = line_to_cmd(&line);
        if cmd != "OK" {
            return Err(DbusError::Auth);
        }
--- a/src/utils.rs
+++ b/src/utils.rs
@ -24,7 +24,6 @@ pub mod free_list;
 pub mod geometric_decay;
 pub mod gfx_api_ext;
 pub mod hash_map_ext;
-pub mod hex;
 pub mod line_logger;
 pub mod linkedlist;
 pub mod log_on_drop;
--- a/src/utils/hex.rs
+++ b/src/utils/hex.rs
@ -1,15 +0,0 @@
-pub fn to_hex(b: &str) -> String {
-    let mut s = String::with_capacity(b.len() * 2);
-    for &b in b.as_bytes() {
-        s.push(nibble_to_hex(b >> 4) as char);
-        s.push(nibble_to_hex(b & 7) as char);
-    }
-    s
-}
-
-fn nibble_to_hex(n: u8) -> u8 {
-    match n {
-        n @ 0..=9 => b'0' + n,
-        n => b'a' + n,
-    }
-}