user auth patches
Havoc Pennington
hp at redhat.com
Thu Jun 14 10:45:16 PDT 2007
Hi,
Ralf Habacker wrote:
> DBusUserInfo and DBUSGroupInfo are used in several functions in
> dbus-sysdeps-win.c and dbus-sysdeps-win-util.c.
Right, but you should be able to delete all the code that uses them once
we sort out the below items.
> but there are still many functions unresolved for example
> _DBUS_DEFINE_GLOBAL_LOCK(system_users)
This is simplest to just move to -sysdeps so it's present on both
platforms, I think we did something similar before with another one of
the locks.
> _dbus_homedir_from_username (username, &homedir)
> which are defined in dbus-userdb.c and referenced by dbus\dbus-keyring.c
Basically the detail that the keyring lives in a user homedir needs to
be factored out of dbus-keyring.c, so we need a dbus-sysdeps.h thing
like _dbus_get_keyring_location(DBusCredentials *desired_identity)
I will sort this out.
Alternatively you could implement these on Windows but would not need to
mess with dbus_uid_t in order to do so (just use a windows sid for
"username") - however I think it will be slightly cleaner to rearrange
the code a bit more so I will do that.
> F:\daten\windbus\cvs-commit-3\dbus\dbus-auth-script.c(525):
> if (!_dbus_username_from_current_process (&u) ||
> F:\daten\windbus\cvs-commit-3\dbus\dbus-auth.c(788): if
> (!_dbus_username_from_current_process (&username))
> F:\daten\windbus\cvs-commit-3\dbus\dbus-keyring.c(741): if
> (!_dbus_username_from_current_process (&username) ||
>
The new _dbus_append_desired_identity() should replace these three I
believe.
> dbus-transport-socket.c _dbus_read_credentials_socket" in Funktion
> "_exchange_credentials".
> dbus-transport-socket.c _dbus_send_credentials_socket" in Funktion
> "_exchange_credentials".
These will just need to be implemented on Windows; if you always want to
use COOKIE_SHA1 on windows and not EXTERNAL, then you can make them
no-ops and it will work fine.
>> Basically at this point there should be no abstraction of users or
>> groups. The public API has a string "sid" for Windows users, and a uid
>> for UNIX users, and the two are never treated interchangeably.
>>
> But if those function are limited to a specific platform, why should
> they defined on a platform on where they would never be used.
The functions are not limited to a platform. Conceptually the API has
the same specification on all platforms. That is, on either platform you
can call dbus_connection_get_unix_user() or
dbus_connection_get_windows_user(). It's even conceivable that by making
the Windows port NIS-aware or Kerberos-enabled or something, it could
authenticate a UNIX user logging on to the Windows bus.
The functions of course give different answers on different platforms.
If the client did not auth as a unix user, as will be the norm on
Windows, then get_unix_user() will return false. But it will also return
false if the client is on UNIX but logged in anonymously, for example.
As I've pointed out a couple of times, adding a DBusUser object does not
change anything. The DBusUser object will just have methods
user.get_unix_uid() and user.get_windows_sid(). So you would do
connection.get_user().get_unix_uid(), while today you do
connection.get_unix_user(). It is exactly the same.
The only way to avoid this is to be a "framework" like Qt, where if you
have a QUser or something, you can expect the *app* will only want the
QUser, and won't want to convert to another representation. We do not
have that expectation. Instead, we would expect apps to do something like:
QUser user;
if (connection.get_unix_user(&uid))
user = new QUnixUser(uid);
else if (connection.get_windows_user(&windows_sid))
user = new QWindowsUser(windows_sid);
D-Bus bindings such as the Qt bindings are welcome to do this.
Writing the following is not in any way better:
QUser user;
if (connection.get_user().get_unix_user(&uid))
user = new QUnixUser(uid);
else if (connection.get_user().get_windows_user(&windows_sid))
user = new QWindowsUser(windows_sid);
So that is why having DBusUser is pointless. Also, if we don't have
DBusUser we get two advantages:
- we can delete all the stuff in dbus-sysdeps-win.c that needlessly
emulates UNIX, and move the abstractions up to a higher level.
- we can be clear about which functionality is UNIX-specific,
and avoid accidentally implementing things that don't make
sense on Windows in the Windows port. UNIX emulation leads
to code that builds but makes no sense to have.
Say we have had an API like:
uid = current_process_uid()
homedir = homedir_from_uid(uid)
keyring_location = homedir + /.dbus-keyring
But the cross-platform API can just be:
keyring_location = get_keyring_location()
And then you can choose a location that makes sense on Windows, without
trying to emulate a bunch of stuff about uids and home directories.
Note the huge difference from something like Qt: we can just add a
function like get_keyring_location(), we don't need a fully generic
platform abstraction, just a purpose-built one.
> Would it not be lesser work and more readable to simply comment out the
> related code on a not supported platform, which is done by many multiple
> platform projects like Qt and KDE also in the core code ?
I don't think it would be either easier or more readable.
>> The one case where we pass around "windows user OR unix user" is the
>> DBusCredentials object, which explicitly can contain either.
> Which still requires a dbus_uid_t on windows. I will take a deeper look
> into that stuff.
It requires a dbus_uid_t (which is just an integer), but it doesn't
require Windows to have any way to create a dbus_uid_t (i.e. it will
always be DBUS_UID_UNSET on Windows)
Havoc
More information about the dbus
mailing list