kossLAN/wry
1
0
Fork 0
forked from wry/wry
Code Pull requests Activity

Merge pull request #724 from mahkoh/jorth/dbus-challenge-response

Browse source 
dbus: use challenge-response authentication
This commit is contained in:
mahkoh 2026-01-18 16:05:43 +01:00 committed by GitHub
commit 6727e8d0d3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 26 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/dbus.rs
View file

@ -98,6 +98,8 @@ pub enum DbusError {
ReadError(#[source] IoUringError), ReadError(#[source] IoUringError),
#[error("timeout")] #[error("timeout")]
IoUringError(#[source] Box<IoUringError>), IoUringError(#[source] Box<IoUringError>),
#[error("Server did not send auth challenge")]
NoChallenge,
#[error("Server did not accept our authentication")] #[error("Server did not accept our authentication")]
Auth, Auth,
#[error("Array length is not a multiple of the element size")] #[error("Array length is not a multiple of the element size")]

47
src/dbus/auth.rs
View file

@ -1,7 +1,7 @@
use { use {
crate::{ crate::{
dbus::{DbusError, DbusSocket, incoming::handle_incoming, outgoing::handle_outgoing}, dbus::{DbusError, DbusSocket, incoming::handle_incoming, outgoing::handle_outgoing},
utils::{buf::Buf, errorfmt::ErrorFmt, hex}, utils::{buf::Buf, errorfmt::ErrorFmt},
}, },
std::{ops::Deref, rc::Rc}, std::{ops::Deref, rc::Rc},
}; };
@ -52,34 +52,33 @@ impl Auth {
} }
async fn handle_auth(&mut self) -> Result<(), DbusError> { async fn handle_auth(&mut self) -> Result<(), DbusError> {
let uid = hex::to_hex(&uapi::getuid().to_string()); // dbus-broker hard codes this initial burst of messages
let mut out_buf = Buf::new(128); const AUTH: &str = "\
{ \0\
let buf = out_buf AUTH EXTERNAL\r\n\
.write_fmt(format_args!("\0AUTH EXTERNAL {}\r\n", uid)) DATA\r\n\
.unwrap(); NEGOTIATE_UNIX_FD\r\n\
self.write_buf(buf).await?; BEGIN\r\n\
";
let out_buf = Buf::from_slice(AUTH.as_bytes());
self.write_buf(out_buf).await?;
let mut line;
macro_rules! read_cmd {
() => {{
line = self.readline().await?;
let (cmd, _) = line_to_cmd(&line);
cmd
}};
} }
let line = self.readline().await?; if read_cmd!() != "DATA" {
let (cmd, _) = line_to_cmd(&line); return Err(DbusError::NoChallenge);
if cmd != "OK" { }
if read_cmd!() != "OK" {
return Err(DbusError::Auth); return Err(DbusError::Auth);
} }
{ if read_cmd!() != "AGREE_UNIX_FD" {
let buf = out_buf
.write_fmt(format_args!("NEGOTIATE_UNIX_FD\r\n"))
.unwrap();
self.write_buf(buf).await?;
}
let line = self.readline().await?;
let (cmd, _) = line_to_cmd(&line);
if cmd != "AGREE_UNIX_FD" {
return Err(DbusError::UnixFd); return Err(DbusError::UnixFd);
} }
{
let buf = out_buf.write_fmt(format_args!("BEGIN\r\n")).unwrap();
self.write_buf(buf).await?;
}
Ok(()) Ok(())
} }

1
src/utils.rs
View file

@ -24,7 +24,6 @@ pub mod free_list;
pub mod geometric_decay; pub mod geometric_decay;
pub mod gfx_api_ext; pub mod gfx_api_ext;
pub mod hash_map_ext; pub mod hash_map_ext;
pub mod hex;
pub mod line_logger; pub mod line_logger;
pub mod linkedlist; pub mod linkedlist;
pub mod log_on_drop; pub mod log_on_drop;

1
src/utils/buf.rs
View file

@ -145,6 +145,7 @@ impl Buf {
unsafe { self.storage.as_ptr().add(self.range.start as _) } unsafe { self.storage.as_ptr().add(self.range.start as _) }
} }
#[expect(dead_code)]
pub fn write_fmt(&mut self, args: Arguments) -> Result<Self, io::Error> { pub fn write_fmt(&mut self, args: Arguments) -> Result<Self, io::Error> {
let cap = self.len(); let cap = self.len();
let mut buf = self.deref_mut(); let mut buf = self.deref_mut();

15
src/utils/hex.rs
View file

@ -1,15 +0,0 @@
pub fn to_hex(b: &str) -> String {
let mut s = String::with_capacity(b.len() * 2);
for &b in b.as_bytes() {
s.push(nibble_to_hex(b >> 4) as char);
s.push(nibble_to_hex(b & 7) as char);
}
s
}
fn nibble_to_hex(n: u8) -> u8 {
match n {
n @ 0..=9 => b'0' + n,
n => b'a' + n,
}
}