From: Ralf Habacker <ralf.habacker@freenet.de>
Date: Wed, 1 Feb 2017 21:11:40 +0000 (+0100)
Subject: Do not mention disallowed auth mechanisms in REJECTED message
X-Git-Tag: dbus-1.11.10~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7d2d823707a2199cebe6c67ba18bbc535bf359be;p=thirdparty%2Fdbus.git

Do not mention disallowed auth mechanisms in REJECTED message

Previously, all implemented mechanisms were included, even if the
sysadmin had configured them not to be allowed.

Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99621
---

diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 9a1de97e7..37d8d4c96 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -1485,9 +1485,14 @@ send_rejected (DBusAuth *auth)
                             "REJECTED"))
     goto nomem;
 
-  i = 0;
-  while (all_mechanisms[i].mechanism != NULL)
+  for (i = 0; all_mechanisms[i].mechanism != NULL; i++)
     {
+      /* skip mechanisms that aren't allowed */
+      if (auth->allowed_mechs != NULL &&
+          !_dbus_string_array_contains ((const char**)auth->allowed_mechs,
+                                        all_mechanisms[i].mechanism))
+        continue;
+
       if (!_dbus_string_append (&command,
                                 " "))
         goto nomem;
@@ -1495,8 +1500,6 @@ send_rejected (DBusAuth *auth)
       if (!_dbus_string_append (&command,
                                 all_mechanisms[i].mechanism))
         goto nomem;
-      
-      ++i;
     }
   
   if (!_dbus_string_append (&command, "\r\n"))