From 3d7dc1161fa91073598f9a37c29dae1c900b17e4 Mon Sep 17 00:00:00 2001
From: Julian Orth <ju.orth@gmail.com>
Date: Sun, 18 Jan 2026 15:20:54 +0100
Subject: [PATCH 1/2] dbus: use challenge-response authentication

---
 src/dbus.rs      |  2 ++
 src/dbus/auth.rs | 10 +++++++---
 src/utils.rs     |  1 -
 src/utils/hex.rs | 15 ---------------
 4 files changed, 9 insertions(+), 19 deletions(-)
 delete mode 100644 src/utils/hex.rs

diff --git a/src/dbus.rs b/src/dbus.rs
index 768fc678..e8041e32 100644
--- a/src/dbus.rs
+++ b/src/dbus.rs
@@ -98,6 +98,8 @@ pub enum DbusError {
     ReadError(#[source] IoUringError),
     #[error("timeout")]
     IoUringError(#[source] Box<IoUringError>),
+    #[error("Server did not send auth challenge")]
+    NoChallenge,
     #[error("Server did not accept our authentication")]
     Auth,
     #[error("Array length is not a multiple of the element size")]
diff --git a/src/dbus/auth.rs b/src/dbus/auth.rs
index 48aaecdd..a4685966 100644
--- a/src/dbus/auth.rs
+++ b/src/dbus/auth.rs
@@ -1,7 +1,7 @@
 use {
     crate::{
         dbus::{DbusError, DbusSocket, incoming::handle_incoming, outgoing::handle_outgoing},
-        utils::{buf::Buf, errorfmt::ErrorFmt, hex},
+        utils::{buf::Buf, errorfmt::ErrorFmt},
     },
     std::{ops::Deref, rc::Rc},
 };
@@ -52,16 +52,20 @@ impl Auth {
     }
 
     async fn handle_auth(&mut self) -> Result<(), DbusError> {
-        let uid = hex::to_hex(&uapi::getuid().to_string());
         let mut out_buf = Buf::new(128);
         {
             let buf = out_buf
-                .write_fmt(format_args!("\0AUTH EXTERNAL {}\r\n", uid))
+                .write_fmt(format_args!("\0AUTH EXTERNAL\r\nDATA\r\n"))
                 .unwrap();
             self.write_buf(buf).await?;
         }
         let line = self.readline().await?;
         let (cmd, _) = line_to_cmd(&line);
+        if cmd != "DATA" {
+            return Err(DbusError::NoChallenge);
+        }
+        let line = self.readline().await?;
+        let (cmd, _) = line_to_cmd(&line);
         if cmd != "OK" {
             return Err(DbusError::Auth);
         }
diff --git a/src/utils.rs b/src/utils.rs
index 1ba53964..b8144425 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -24,7 +24,6 @@ pub mod free_list;
 pub mod geometric_decay;
 pub mod gfx_api_ext;
 pub mod hash_map_ext;
-pub mod hex;
 pub mod line_logger;
 pub mod linkedlist;
 pub mod log_on_drop;
diff --git a/src/utils/hex.rs b/src/utils/hex.rs
deleted file mode 100644
index 8b2ade8f..00000000
--- a/src/utils/hex.rs
+++ /dev/null
@@ -1,15 +0,0 @@
-pub fn to_hex(b: &str) -> String {
-    let mut s = String::with_capacity(b.len() * 2);
-    for &b in b.as_bytes() {
-        s.push(nibble_to_hex(b >> 4) as char);
-        s.push(nibble_to_hex(b & 7) as char);
-    }
-    s
-}
-
-fn nibble_to_hex(n: u8) -> u8 {
-    match n {
-        n @ 0..=9 => b'0' + n,
-        n => b'a' + n,
-    }
-}

From d84d4edd902e7ffc66ede1ab8ba7657209f18982 Mon Sep 17 00:00:00 2001
From: Julian Orth <ju.orth@gmail.com>
Date: Sun, 18 Jan 2026 16:01:33 +0100
Subject: [PATCH 2/2] dbus: simplify auth function

---
 src/dbus/auth.rs | 45 ++++++++++++++++++++-------------------------
 src/utils/buf.rs |  1 +
 2 files changed, 21 insertions(+), 25 deletions(-)

diff --git a/src/dbus/auth.rs b/src/dbus/auth.rs
index a4685966..344d2697 100644
--- a/src/dbus/auth.rs
+++ b/src/dbus/auth.rs
@@ -52,38 +52,33 @@ impl Auth {
     }
 
     async fn handle_auth(&mut self) -> Result<(), DbusError> {
-        let mut out_buf = Buf::new(128);
-        {
-            let buf = out_buf
-                .write_fmt(format_args!("\0AUTH EXTERNAL\r\nDATA\r\n"))
-                .unwrap();
-            self.write_buf(buf).await?;
+        // dbus-broker hard codes this initial burst of messages
+        const AUTH: &str = "\
+            \0\
+            AUTH EXTERNAL\r\n\
+            DATA\r\n\
+            NEGOTIATE_UNIX_FD\r\n\
+            BEGIN\r\n\
+        ";
+        let out_buf = Buf::from_slice(AUTH.as_bytes());
+        self.write_buf(out_buf).await?;
+        let mut line;
+        macro_rules! read_cmd {
+            () => {{
+                line = self.readline().await?;
+                let (cmd, _) = line_to_cmd(&line);
+                cmd
+            }};
         }
-        let line = self.readline().await?;
-        let (cmd, _) = line_to_cmd(&line);
-        if cmd != "DATA" {
+        if read_cmd!() != "DATA" {
             return Err(DbusError::NoChallenge);
         }
-        let line = self.readline().await?;
-        let (cmd, _) = line_to_cmd(&line);
-        if cmd != "OK" {
+        if read_cmd!() != "OK" {
             return Err(DbusError::Auth);
         }
-        {
-            let buf = out_buf
-                .write_fmt(format_args!("NEGOTIATE_UNIX_FD\r\n"))
-                .unwrap();
-            self.write_buf(buf).await?;
-        }
-        let line = self.readline().await?;
-        let (cmd, _) = line_to_cmd(&line);
-        if cmd != "AGREE_UNIX_FD" {
+        if read_cmd!() != "AGREE_UNIX_FD" {
             return Err(DbusError::UnixFd);
         }
-        {
-            let buf = out_buf.write_fmt(format_args!("BEGIN\r\n")).unwrap();
-            self.write_buf(buf).await?;
-        }
         Ok(())
     }
 
diff --git a/src/utils/buf.rs b/src/utils/buf.rs
index 293f0f5c..b1d87b9d 100644
--- a/src/utils/buf.rs
+++ b/src/utils/buf.rs
@@ -145,6 +145,7 @@ impl Buf {
         unsafe { self.storage.as_ptr().add(self.range.start as _) }
     }
 
+    #[expect(dead_code)]
     pub fn write_fmt(&mut self, args: Arguments) -> Result<Self, io::Error> {
         let cap = self.len();
         let mut buf = self.deref_mut();