From 3d4cc463248ae1d77a0fa5f5ed204ed00992ea49 Mon Sep 17 00:00:00 2001
From: Ralf Habacker <ralf.habacker@freenet.de>
Date: Wed, 1 Feb 2017 22:11:40 +0100
Subject: [PATCH] Do not mention disallowed auth mechanisms in REJECTED message

Previously, all implemented mechanisms were included, even if the
sysadmin had configured them not to be allowed.

Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99621
---
 dbus/dbus-auth.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index ea43ce7..7069df2 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -1485,9 +1485,14 @@ send_rejected (DBusAuth *auth)
                             "REJECTED"))
     goto nomem;
 
-  i = 0;
-  while (all_mechanisms[i].mechanism != NULL)
+  for (i = 0; all_mechanisms[i].mechanism != NULL; i++)
     {
+      /* skip mechanisms that aren't allowed */
+      if (auth->allowed_mechs != NULL &&
+          !_dbus_string_array_contains ((const char**)auth->allowed_mechs,
+                                        all_mechanisms[i].mechanism))
+        continue;
+
       if (!_dbus_string_append (&command,
                                 " "))
         goto nomem;
@@ -1495,8 +1500,6 @@ send_rejected (DBusAuth *auth)
       if (!_dbus_string_append (&command,
                                 all_mechanisms[i].mechanism))
         goto nomem;
-      
-      ++i;
     }
   
   if (!_dbus_string_append (&command, "\r\n"))
-- 
2.6.6