* dbus/dbus-auth.c (client_try_next_mechanism): Remove logic to

	filter against auth->allowed_mechs; we only add allowed mechs in
	record_mechanisms().

 	* dbus/dbus-auth-script.c (_dbus_auth_script_run): Add an
	ALLOWED_MECHS to auth-script format so we can set the list of
	allowed mechanisms.

 	* data/auth/client-out-of-mechanisms.auth-script: New test to
	check client disconnects when it is out of mechanisms to try.

 	* dbus/dbus-auth.c (process_command): Remove check for lines
	longer that 1 MB; we only buffer up maximum 16 kB.

 	* dbus/dbus-transport.c, dbus/dbus-transport-unix.c,
	dbus/dbus-auth-script.c, dbus/dbus-auth.c, dbus/dbus-auth.h:
	Remove auth state AUTHENTICATED_WITH_UNUSED_BYTES, instead always
	assume there might be unused bytes.

 	* dbus/dbus-auth.c (_dbus_auth_do_work): Remove check for
	client-out-of-mechs, it is handled in process_reject(). Move check
	for max failures to send_rejected(), as it's a server-only thing.

1 files changed, 10 insertions, 53 deletions

diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 7e6d3d86..57616673 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -1274,6 +1274,9 @@ send_rejected (DBusAuth *auth)
   server_auth = DBUS_AUTH_SERVER (auth);
   server_auth->failures += 1;
 
+  if (server_auth->failures >= server_auth->max_failures)
+    auth->need_disconnect = TRUE;
+
   _dbus_string_free (&command);
   
   return TRUE;
@@ -1605,34 +1608,15 @@ client_try_next_mechanism (DBusAuth *auth)
   DBusAuthClient *client;
 
   client = DBUS_AUTH_CLIENT (auth);
-  
-  /* Pop any mechs not in the list of allowed mechanisms */
-  mech = NULL;
-  while (client->mechs_to_try != NULL)
-    {
-      mech = client->mechs_to_try->data;
 
-      if (auth->allowed_mechs != NULL && 
-          !_dbus_string_array_contains ((const char**) auth->allowed_mechs,
-                                        mech->mechanism))
-        {
-          /* don't try this one after all */
-          _dbus_verbose ("%s: Mechanism %s isn't in the list of allowed mechanisms\n",
-                         DBUS_AUTH_NAME (auth), mech->mechanism);
-          mech = NULL;
-          _dbus_list_pop_first (& client->mechs_to_try);
-        }
-      else
-        break; /* we'll try this one */
-    }
-  
-  if (mech == NULL)
-    return FALSE;
+  _dbus_assert (client->mechs_to_try != NULL);
+
+  mech = client->mechs_to_try->data;
 
   if (!send_auth (auth, mech))
     return FALSE;
 
-  _dbus_list_pop_first (& DBUS_AUTH_CLIENT (auth)->mechs_to_try);
+  _dbus_list_pop_first (&client->mechs_to_try);
 
   _dbus_verbose ("%s: Trying mechanism %s\n",
                  DBUS_AUTH_NAME (auth),
@@ -1662,6 +1646,8 @@ process_rejected (DBusAuth         *auth,
   else
     {
       /* Give up */
+      _dbus_verbose ("%s: Disconnecting because we are out of mechanisms to try using\n",
+                     DBUS_AUTH_NAME (auth));
       auth->need_disconnect = TRUE;
     }
   
@@ -1793,15 +1779,6 @@ process_command (DBusAuth *auth)
       return FALSE;
     }
   
-  if (eol > _DBUS_ONE_MEGABYTE)
-    {
-      /* This is a giant line, someone is trying to hose us. */
-      if (!send_error (auth, "Command too long"))
-        goto out;
-      else
-        goto next_command;
-    }
-
   if (!_dbus_string_copy_len (&auth->incoming, 0, eol, &command, 0))
     goto out;
 
@@ -2061,33 +2038,13 @@ _dbus_auth_do_work (DBusAuth *auth)
                          DBUS_AUTH_NAME (auth));
           break;
         }
-
-      if (auth->mech == NULL &&
-          auth->already_got_mechanisms &&
-          DBUS_AUTH_CLIENT (auth)->mechs_to_try == NULL)
-        {
-          auth->need_disconnect = TRUE;
-          _dbus_verbose ("%s: Disconnecting because we are out of mechanisms to try using\n",
-                         DBUS_AUTH_NAME (auth));
-          break;
-        }
     }
   while (process_command (auth));
 
-  if (DBUS_AUTH_IS_SERVER (auth) &&
-      DBUS_AUTH_SERVER (auth)->failures >=
-      DBUS_AUTH_SERVER (auth)->max_failures)
-    auth->need_disconnect = TRUE;
-
   if (auth->need_disconnect)
     return DBUS_AUTH_STATE_NEED_DISCONNECT;
   else if (auth->authenticated)
-    {
-      if (_dbus_string_get_length (&auth->incoming) > 0)
-        return DBUS_AUTH_STATE_AUTHENTICATED_WITH_UNUSED_BYTES;
-      else
-        return DBUS_AUTH_STATE_AUTHENTICATED;
-    }
+    return DBUS_AUTH_STATE_AUTHENTICATED;
   else if (auth->needed_memory)
     return DBUS_AUTH_STATE_WAITING_FOR_MEMORY;
   else if (_dbus_string_get_length (&auth->outgoing) > 0)