Issue hypfvieh#214, hypfvieh#215: fix anonymous and cookie auth

Prototik · Jun 2, 2023 · 87cee57 · 87cee57
1 parent 9602477
commit 87cee57
Showing 1 changed file with 17 additions and 7 deletions.
diff --git a/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java b/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java
@@ -93,15 +93,23 @@ private String findCookie(String _context, String _id) throws IOException {
  }
 
  File f = new File(keyringDir, _context);
+ long currentTime = System.currentTimeMillis() / 1000;
  try (BufferedReader r = new BufferedReader(new InputStreamReader(new FileInputStream(f)))) {
  String s = null;
  String lCookie = null;
 
- TimeMeasure tm = new TimeMeasure();
  while (null != (s = r.readLine())) {
  String[] line = s.split(" ");
- long timestamp = Long.parseLong(line[1]);
- if (line[0].equals(_id) && !(timestamp < 0 || (tm.getElapsedSeconds() + MAX_TIME_TRAVEL_SECONDS) < timestamp || tm.getElapsedSeconds() - EXPIRE_KEYS_TIMEOUT_SECONDS > timestamp)) {
+ if (line.length != 3) {
+ continue;
+ }
+ long timestamp;
+ try {
+ timestamp = Long.parseLong(line[1]);
+ } catch (NumberFormatException _ex) {
+ continue;
+ }
+ if (line[0].equals(_id) && timestamp >= 0 && currentTime >= timestamp - EXPIRE_KEYS_TIMEOUT_SECONDS && currentTime < timestamp + MAX_TIME_TRAVEL_SECONDS) {
  lCookie = line[2];
  break;
  }
@@ -344,6 +352,10 @@ SaslResult doChallenge(int _auth, SASL.Command _c) throws IOException {
  response = stupidlyEncode(buf);
  _c.setResponse(stupidlyEncode(clientchallenge + " " + response));
  return SaslResult.OK;
+ case AUTH_ANON:
+ // Pong back DATA if server wants it for anonymous auth
+ _c.setResponse(_c.getData() == null ? "" : _c.getData());
+ return SaslResult.OK;
  default:
  logger.debug("Not DBUS_COOKIE_SHA1 authtype.");
  return SaslResult.ERROR;
@@ -388,7 +400,7 @@ SaslResult doResponse(int _auth, String _uid, String _kernelUid, SASL.Command _c
  logger.debug("Sending challenge: {} {} {}", context, id, challenge);
 
  _c.setResponse(stupidlyEncode(context + ' ' + id + ' ' + challenge));
- return SaslResult.OK;
+ return SaslResult.CONTINUE;
  default:
  return SaslResult.ERROR;
  }
@@ -525,7 +537,6 @@ public boolean auth(SocketChannel _sock, AbstractTransport _transport) throws IO
  break;
  case OK:
  logger.trace("Authenticated");
- state = SaslAuthState.AUTHENTICATED;
 
  if (saslConfig.isFileDescriptorSupport()) {
  state = SaslAuthState.WAIT_DATA;
@@ -555,7 +566,7 @@ public boolean auth(SocketChannel _sock, AbstractTransport _transport) throws IO
  switch (c.getCommand()) {
  case OK:
  send(_sock, BEGIN);
- state = SaslAuthState.AUTHENTICATED;
+ state = SaslAuthState.FINISHED;
  break;
  case ERROR:
  case DATA:
@@ -797,7 +808,6 @@ enum SaslAuthState {
  WAIT_REJECT,
  WAIT_AUTH,
  WAIT_BEGIN,
- AUTHENTICATED,
  NEGOTIATE_UNIX_FD,
  FINISHED,
  FAILED;