Anonymous auth method is broken
Peter Würtz
wuertz at uni-mainz.de
Sat Jan 31 04:28:54 PST 2009
(sorry if i sent this message twice but I don't know whether the first
one arrived)
Hi, I've been trying to establish a connection from a remote dbus client
to dbus-daemon listening on a tcp port. I would like to allow any client
in my LAN to connect to the bus, so I put <auth>ANONYMOUS</auth> as sole
auth mechanism in my daemon config.
No client is able to connect to the bus because the authentication is
failing. After downloading dbus-1.2.12 and compiling with debug enabled,
I found this message:
"Client authorized as UID 1000 but our UID is 1000, disconnecting"
Have a look at "auth_via_default_rules" in dbus_transport.c. This is due
to a typo in dbus-transport.c:654 and dbus-transport.c:659. The verbose
message just displays the our_identity UID twice, instead of printing
our_identity and auth_identity. In case of anonymous authentication, the
auth_identity UID is unset (-1).
So why does dbus check the UIDs in case of the anonymous auth method?
The if statement in this routine (dbus-transport.c:631) checks for:
transport->allow_anonymous is True
auth_identity is root
auth_identity matches our_identity
The authentication is not accepted because transport->allow_anonymous is
False. This flag is set by the methods
"_dbus_transport_set_allow_anonymous" and
"dbus_connection_set_allow_anonymous". However, I grep'ed through the
whole source, but nobody ever uses these functions. Consequently the
ANONYMOUS auth method is broken.
I guess it will take some time until problem is fixed and a working
version makes all the way downstream. Is there any other chance to set
up a anonymous-tcp-dbus-daemon on my own? Can I use libdbus to implement
a tiny dbus-daemon application with <10 lines of code and call
"dbus_connection_set_allow_anonymous" myself?
More information about the dbus
mailing list