[glib/glib-2-72: 29/39] GDBusServer: Accept empty authorization identity for EXTERNAL mechanism

[Matthias Clasen <matthiasc src gnome org>]

commit 48f1e15a67894c3c08eb4d52490ccd2da6eaf358
Author: Giuseppe Scrivano <giuseppe scrivano org>
Date:   Mon Sep 14 16:28:10 2020 +0200

    GDBusServer: Accept empty authorization identity for EXTERNAL mechanism
    
    RFC 4422 appendix A defines the empty authorization identity to mean
    the identity that the server associated with its authentication
    credentials. In this case, this means whatever uid is in the
    GCredentials object.
    
    In particular, this means that clients in a different Linux user
    namespace can authenticate against our server and will be authorized
    as the version of their uid that is visible in the server's namespace,
    even if the corresponding numeric uid returned by geteuid() in the
    client's namespace was different. systemd's sd-bus has relied on this
    since commit
    https://github.com/systemd/systemd/commit/1ed4723d38cd0d1423c8fe650f90fa86007ddf55.
    
    [Originally part of a larger commit; commit message added by smcv]
    
    Signed-off-by: Simon McVittie <smcv collabora com>
    
    (cherry-picked from commit b51e3ab09e39c590c65a7be6228ecfa48a6189f6)

 gio/gdbusauthmechanismexternal.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)
---
diff --git a/gio/gdbusauthmechanismexternal.c b/gio/gdbusauthmechanismexternal.c
index ea8eb897d9..70aaddc742 100644
--- a/gio/gdbusauthmechanismexternal.c
+++ b/gio/gdbusauthmechanismexternal.c
@@ -199,14 +199,24 @@ data_matches_credentials (const gchar  *data,
   if (credentials == NULL)
     goto out;
 
-  if (data == NULL || data_len == 0)
-    goto out;
-
 #if defined(G_OS_UNIX)
   {
     gint64 alleged_uid;
     gchar *endp;
 
+    /* If we were unable to find out the uid, then nothing
+     * can possibly match it.  */
+    if (g_credentials_get_unix_user (credentials, NULL) == (uid_t) -1)
+      goto out;
+
+    /* An empty authorization identity means we want to be
+     * whatever identity the out-of-band credentials say we have
+     * (RFC 4422 appendix A.1). This effectively matches any uid. */
+    if (data == NULL || data_len == 0)
+      {
+        match = TRUE;
+        goto out;
+      }
     /* on UNIX, this is the uid as a string in base 10 */
     alleged_uid = g_ascii_strtoll (data, &endp, 10);
     if (*endp == '\0')