Reworking the DBus auth conversation
jediry01 at yahoo.com
Wed May 5 09:29:23 PDT 2010
You might remember me from ~ a year ago, when I was asking a few questions related to integrating Cyrus SASL2 into DBus in order to enable remote (i.e., over TCP/IP) authentication via username/password or whatever other SASL plugin. Well, I managed to get this mostly working quite some time ago, and then got busy. Recently, I decided to drag this thing out of stasis and get it cleaned up and contributed. Patch will be forthcoming sometime soon.
As part of tidying up, I jumped forward from v1.2.3 to v1.3.0. One thing that caught my attention during the merge was the addition to dbus-auth.h/c of some stuff for negotiating something about passing unix file descriptors. This caused me to take a second look at the architecture for setting up the DBus connection, and I noticed a few things that seem wrong:
-- DBusTransport owns the DBusAuth, and delegates its portion of the connection negotiation conversation to the DBusAuth. This is why DBusAuth has fields for storing stuff related to file descriptors (which are really a "transport" feature). IMO, the DBusAuth and DBusTransport ought to be siblings, underneath the DBusConnection, and each of them should get to participate in the connection setup. Then, there's no need to stuff auth-related stuff into DBusTransport, and vice versa. This seems like something that I know enough to fix.
-- DBusAuth doesn't distinguish between "authenticated" and "authorized". I haven't yet found any bugs in the code related to this, but it seems like a bug waiting to happen. "Authenticated" should mean "I know who you are", whereas "authorized" should mean "I permit you to acccess the bus". Thus, it's perfectly reasonable and meaningful to say "the client successfully authenticated (i.e., the username/password match) but authorization was denied (i.e., because of some policy)". I'm inclined to fix this as well.
Does that sound reasonable?
Also, what's the process for submitting patches? I saw on the website that Bugzilla is where the patch should be submitted, but there wasn't a lot of detail on the procedure. Do I open a new bug saying "DBus auth code uses confusing terminology" and then atttach the patch to it?
Finally, when I do submit the patch(es) how would y'all prefer that I do so? It seems to me that it would be best to do it in several patches, rather than in one big one, since that will make it easier to review each one. Do y'all agree?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dbus