Anonymous auth method is broken

Schmottlach, Glenn glenn.schmottlach at harman.com
Sat Jan 31 07:38:50 PST 2009 

I encountered a similar problem last November and I have yet to see the problem resolved. I'm not sure if what I was seeing is identical to you, but follow this link for my hack-around:

http://lists.freedesktop.org/pipermail/dbus/2008-November/010637.html

It seems like no one ever tests anonymous authentication over TCP/IP and I suspect this has been broken for quite some time. Perhaps one of the maintainers can verify that this is indeed a problem and come up with a more appropriate fix (or clarify it's usage).




-----Original Message-----
From:	dbus-bounces at lists.freedesktop.org on behalf of Peter Würtz
Sent:	Sat 1/31/2009 7:28 AM
To:	dbus at lists.freedesktop.org
Cc:	
Subject:	Anonymous auth method is broken

(sorry if i sent this message twice but I don't know whether the first
one arrived)

Hi, I've been trying to establish a connection from a remote dbus client
to dbus-daemon listening on a tcp port. I would like to allow any client
in my LAN to connect to the bus, so I put <auth>ANONYMOUS</auth> as sole
auth mechanism in my daemon config.

No client is able to connect to the bus because the authentication is
failing. After downloading dbus-1.2.12 and compiling with debug enabled,
I found this message:
"Client authorized as UID 1000 but our UID is 1000, disconnecting"

Have a look at "auth_via_default_rules" in dbus_transport.c. This is due
to a typo in dbus-transport.c:654 and dbus-transport.c:659. The verbose
message just displays the our_identity UID twice, instead of printing
our_identity and auth_identity. In case of anonymous authentication, the
auth_identity UID is unset (-1).

So why does dbus check the UIDs in case of the anonymous auth method?
The if statement in this routine (dbus-transport.c:631) checks for:

transport->allow_anonymous is True
auth_identity is root
auth_identity matches our_identity

The authentication is not accepted because transport->allow_anonymous is
False. This flag is set by the methods
"_dbus_transport_set_allow_anonymous" and
"dbus_connection_set_allow_anonymous". However, I grep'ed through the
whole source, but nobody ever uses these functions. Consequently the
ANONYMOUS auth method is broken.

I guess it will take some time until problem is fixed and a working
version makes all the way downstream. Is there any other chance to set
up a anonymous-tcp-dbus-daemon on my own? Can I use libdbus to implement
a tiny dbus-daemon application with <10 lines of code and call
"dbus_connection_set_allow_anonymous" myself?


_______________________________________________
dbus mailing list
dbus at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dbus

More information about the dbus mailing list