Skip to content

auth: Do not send UID with external auth#346

Merged
guelfey merged 1 commit intogodbus:masterfrom
idleroamer:authext
May 22, 2023
Merged

auth: Do not send UID with external auth#346
guelfey merged 1 commit intogodbus:masterfrom
idleroamer:authext

Conversation

@idleroamer
Copy link
Contributor

@idleroamer idleroamer commented Dec 4, 2022

Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server
on another user-namespace refrain from sending UID with authentication message

#345

@idleroamer idleroamer force-pushed the authext branch 3 times, most recently from ded90ae to a0a35c0 Compare December 4, 2022 19:56
@guelfey
Copy link
Member

guelfey commented Dec 17, 2022

Thanks. I agree that this is probably better as a default behavior, but wouldn't want to break the API for this (although probably there are not many users that use AuthExternal directly). Could you add this as a separate Auth implementation (which is then used in Conn.Auth as the new default first method)?

guelfey
guelfey reviewed Dec 17, 2022
View reviewed changes
Copy link
Member

@guelfey guelfey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also please check out the linter error

@idleroamer idleroamer force-pushed the authext branch 4 times, most recently from e026873 to b3bac88 Compare January 2, 2023 19:41
@idleroamer
Copy link
Contributor Author

idleroamer commented Jan 2, 2023

Somehow I tested with older godbus version, this already fixed in master as part of
#264

nevertheless I added a test-case, can't hurt

@idleroamer idleroamer force-pushed the authext branch 4 times, most recently from 4d45f30 to f95a472 Compare January 2, 2023 19:49
@guelfey
Copy link
Member

guelfey commented Apr 9, 2023

Thanks - could you scope the test to only be compiled on Linux? It doesn't work on FreeBSD for obvious reasons and thus would break the build there

@idleroamer idleroamer force-pushed the authext branch 5 times, most recently from c3e67b9 to b8baec9 Compare May 13, 2023 14:56
@idleroamer
Copy link
Contributor Author

idleroamer commented May 13, 2023

@guelfey Thanks for the review, test is conditionalized

guelfey
guelfey reviewed May 21, 2023
View reviewed changes
conn_linux_test.go Outdated
@@ -0,0 +1,96 @@
//go:build !freebsd
Copy link
Member

@guelfey guelfey May 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a using a Linux-only syscall - we also have other non-Linux platforms besides FreeBSD that are supported (e.g. Darwin), please adjust accordingly

Copy link
Contributor Author

@idleroamer idleroamer May 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, adjusted accordingly, please recheck.

Copy link
Member

@guelfey guelfey May 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can just add linux as a build tag 😄 but I only now just noticed that you already put this in a file with a _linux suffix, which implicitly adds the corresponding build tag, so just removing the comments should be fine

Copy link
Contributor Author

@idleroamer idleroamer May 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the input, speaking using sledgehammer to crack a nut :)

@idleroamer idleroamer force-pushed the authext branch 3 times, most recently from 5e9aa2a to 8513e01 Compare May 22, 2023 06:11
@guelfey
auth: Test UID not send with external auth
2092b54 
Due to mismatch between UID in a user-namespace
and out-of-band credential acquired by server
on another user-namespace refrain from sending UID
with external authentication by default
to keep compatibility still fallback to sending UID
if it fails

godbus#345
@guelfey
Copy link
Member

guelfey commented May 22, 2023

Thanks!

@guelfey guelfey merged commit 7623695 into godbus:master May 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guelfey guelfey guelfey left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@idleroamer @guelfey