<div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px">I'm working on an embedded system where we actually use information from the /proc file system. In most cases all that is relevant to D-Bus are numbers (UIDs and GIDs) and the rest is only for humans. This is valid at least for the external authentication and probably doesn't apply to policies where using numerical UIDs and GIDs would be really inconvenient (although it's supported).<br>
</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">I was able to strip all *nix user authentication in D-Bus to use only information from /proc (based on PID) and to bits which genuinely need full user information. The reason for that is that the system has a requirement to assign UIDs and GIDs dynamically without modifying /etc/passwd & friends. The other reason is that the libc implementation we are constrained to (certain version of uClibc) doesn't support alternative methods of user authentication (e. g. NSS [1]) nor D-Bus supports PAM authentication.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">The patch is available on GitHub [2]. Although it has a number of project specific changes I believe it could be synthesized into something more generic if there's any interest in this approach.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">[1] <a href="http://linux.die.net/man/5/nss" target="_blank">http://linux.die.net/man/5/nss</a></div>
<div style="font-family:arial,sans-serif;font-size:13px">[2] <a href="https://github.com/kkonopko/dbus/commit/7af563d558808fc91d181b5bf9fe24543a44df4c" target="_blank">https://github.com/kkonopko/dbus/commit/7af563d558808fc91d181b5bf9fe24543a44df4c</a></div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Cheers,</div><div style="font-family:arial,sans-serif;font-size:13px">Kris</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">2013/2/25 Tom Gundersen <span dir="ltr"><<a href="mailto:teg@jklm.no" target="_blank">teg@jklm.no</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Mon, Feb 25, 2013 at 8:08 PM, Simon McVittie<br>
<<a href="mailto:simon.mcvittie@collabora.co.uk">simon.mcvittie@collabora.co.uk</a>> wrote:<br>
> On 25/02/13 18:58, Tom Gundersen wrote:<br>
>>> D-Bus is C89: no C++-style comments, please.<br>
>><br>
>> Ok. If I resubmit should I also fix the comments ~10 lines above?<br>
><br>
> Only if your patch changes that line anyway; but I'd also accept<br>
> separate patches that replace // comments with /* */ ones and do nothing<br>
> else (open a bug, priority=lowest).<br>
<br>
</div>Ok.<br>
<div class="im"><br>
>> I wanted to use something like _dbus_info, but<br>
>> couldn't find it. Do you have a function for low-priority logging?<br>
><br>
> _dbus_verbose(), I suppose (which doesn't usually do anything in<br>
> distributions' libdbus, but it's possible to do a debug build where it<br>
> actually matters).<br>
><br>
> Because libdbus doesn't depend on something with a logging framework<br>
> (e.g. GLib), our only logging interface is to write to stderr (and<br>
> possibly abort(), if it's serious enough). If it's not important enough<br>
> to spam stderr, then it's not important enough to mention at all.<br>
<br>
</div>That explains it. Thanks!<br>
<br>
Cheers,<br>
<br>
Tom<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
dbus mailing list<br>
<a href="mailto:dbus@lists.freedesktop.org">dbus@lists.freedesktop.org</a><br>
<a href="http://lists.freedesktop.org/mailman/listinfo/dbus" target="_blank">http://lists.freedesktop.org/mailman/listinfo/dbus</a><br>
</div></div></blockquote></div><br></div>