Do not mention disallowed auth mechanisms in REJECTED message

Previously, all implemented mechanisms were included, even if the sysadmin had configured them not to be allowed. Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99621
2026-01-08 16:20:33 +01:00 · 2017-02-01 22:11:40 +01:00 · 2017-02-01 22:11:40 +01:00 · 7d2d823707
commit 7d2d823707
parent b16eb872fb
1 changed files with 7 additions and 4 deletions
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@ -1485,9 +1485,14 @@ send_rejected (DBusAuth *auth)
                            "REJECTED"))
    goto nomem;

-  i = 0;
-  while (all_mechanisms[i].mechanism != NULL)
+  for (i = 0; all_mechanisms[i].mechanism != NULL; i++)
    {
+      /* skip mechanisms that aren't allowed */
+      if (auth->allowed_mechs != NULL &&
+          !_dbus_string_array_contains ((const char**)auth->allowed_mechs,
+                                        all_mechanisms[i].mechanism))
+        continue;
+
      if (!_dbus_string_append (&command,
                                " "))
        goto nomem;
@ -1495,8 +1500,6 @@ send_rejected (DBusAuth *auth)
      if (!_dbus_string_append (&command,
                                all_mechanisms[i].mechanism))
        goto nomem;
-      
-      ++i;
    }
  
  if (!_dbus_string_append (&command, "\r\n"))