Anonymous auth method is broken

Peter Würtz wuertz at uni-mainz.de
Sat Jan 31 04:28:54 PST 2009


(sorry if i sent this message twice but I don't know whether the first
one arrived)

Hi, I've been trying to establish a connection from a remote dbus client
to dbus-daemon listening on a tcp port. I would like to allow any client
in my LAN to connect to the bus, so I put <auth>ANONYMOUS</auth> as sole
auth mechanism in my daemon config.

No client is able to connect to the bus because the authentication is
failing. After downloading dbus-1.2.12 and compiling with debug enabled,
I found this message:
"Client authorized as UID 1000 but our UID is 1000, disconnecting"

Have a look at "auth_via_default_rules" in dbus_transport.c. This is due
to a typo in dbus-transport.c:654 and dbus-transport.c:659. The verbose
message just displays the our_identity UID twice, instead of printing
our_identity and auth_identity. In case of anonymous authentication, the
auth_identity UID is unset (-1).

So why does dbus check the UIDs in case of the anonymous auth method?
The if statement in this routine (dbus-transport.c:631) checks for:

transport->allow_anonymous is True
auth_identity is root
auth_identity matches our_identity

The authentication is not accepted because transport->allow_anonymous is
False. This flag is set by the methods
"_dbus_transport_set_allow_anonymous" and
"dbus_connection_set_allow_anonymous". However, I grep'ed through the
whole source, but nobody ever uses these functions. Consequently the
ANONYMOUS auth method is broken.

I guess it will take some time until problem is fixed and a working
version makes all the way downstream. Is there any other chance to set
up a anonymous-tcp-dbus-daemon on my own? Can I use libdbus to implement
a tiny dbus-daemon application with <10 lines of code and call
"dbus_connection_set_allow_anonymous" myself?




More information about the dbus mailing list