problems, questions, confusions :)

Mirko Vogt lists at nanl.de
Thu Nov 26 09:02:21 PST 2009


Hey all,

while working a bit with dbus some questions, confusions and problems
raised - mostly related to authentication.

I'm using dbus over TCP and the connection is getting established
successfully.

According specification:
"If an AUTH command specifies a mechanism, and the server supports said
mechanism, the server should begin exchanging SASL challenge-response
data with the client using DATA commands. 
If the server does not support the mechanism given in the AUTH command,
it must send either a REJECTED command listing the mechanisms it does
support, or an error."

I understand it that way: When the (by the client) mentioned
AUTH-mechanism is not supported by the server, the server should answer
with REJECTED and a list of supported mechanisms.

This assuming I wonder how this (a sniffed traffic-snippet) is possible
according spec:

===
.AUTH EXTERNAL 31303030 
REJECTED EXTERNAL DBUS_COOKIE_SHA1 ANONYMOUS 
AUTH DBUS_COOKIE_SHA1 31303030 
REJECTED EXTERNAL DBUS_COOKIE_SHA1 ANONYMOUS 
AUTH ANONYMOUS 6c69626462757320312e322e3136 
OK 2b3698cd06d10724e8ca3f134b0e70bd 
BEGIN
===

1) To me it seems mentioned supported mechanism by the server are
getting rejected which does not make sense to me. Can anybody explain
that behaviour to me?

2) the server is always offering all AUTH-mechanisms, it doesn't matter
which mechanisms are enabled in my session.conf. Is this wanted?

3) Regarding above traffic-snippet: it seems to me the anonymous-auth
succeeded - however after the BEGIN statement no more traffic is
exchanged and the dbus-client gets the message: "Did not receive a
reply. Possible causes include: the remote application did not send a
reply, the message bus security policy blocked the reply, the reply
timeout expired, or the network connection was broken."

When using the DBUS_COOKIE_SHA1-mechanism instead of ANONYMOUS (client
server is on the same host) everything is fine:
===
.AUTH EXTERNAL 31303030 
REJECTED EXTERNAL DBUS_COOKIE_SHA1 ANONYMOUS 
AUTH DBUS_COOKIE_SHA1 31303030 
DATA
6f72675f667265656465736b746f705f67656e6572616c2031333432383030323336203931306365623066613763363835373632343337343463346631383239393037 
DATA
34656566613639643964363537636631313462313632643061343764653933632034666137663033373935346438366266363665336430343363616266303131376466643561353461 
OK 67f25fa854702f3b23bc1b364b0e713a 
BEGIN 
l...........n.....o...../org/freedesktop/DBus.....s.....org.freedesktop.DBus [..]
===

What I'm doing wrong when using the ANONYMOUS-mechanism?

Thanks a lot in advance!

Greets

mirko



-- 
This email address is used for mailinglist purposes only.
Non-mailinglist emails will be dropped automatically.
If you want to get in contact with me personally, please mail to:
mirko.vogt <at> nanl <dot> de



More information about the dbus mailing list