Security and authentification with D-Bus

[Matthew Johnson]

On Wed Apr 28 18:25, Yoann Sculo wrote:
> I am working in an embedded Linux environment with multiple users. Each  
> application has its own user for security manners.
> But I don't deal with graphical environment, this is not *real* users.
> So, I'd like to get my applications talking each others on D-Bus.
> I start my bus session with
>
> dbus-daemon --session --fork --print-address
>
> I set and export the result into DBUS_SESSION_BUS_ADDRESS
> If I use only one user, my applications work fine together.
> But once I change ownerships (and launch them in separate sessions) I  
> get the following error : "Did not receive a reply. Possible causes  
> include: the remote application did not send a reply, the message bus  
> security policy blocked the reply, the reply timeout expired, or the  
> network connection was broken."

Yes, as has been mentioned only one user is allowed to talk to the session bus
- the uid which the bus is running as. You probably don't want a session bus,
but a system bus. You may start your own system bus in addition to the normal
one - it's just a setting in the config file you use which determines things
like whether multiple users can connect.

Once you have the applications connecting as different users it is very easy to
determine which user a particular connection belongs to. When you receive a
method call, or are about to make one, you can call a method on the bus-daemon
itself (org.freedesktop.DBus.GetConnectionUnixUser) which will take the name of
the connection in question and give you the UID.

Matt

-- 
www.matthew.ath.cx
D-Bus Java
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20100428/6ad5f719/attachment.pgp>