[dbus]How to verify the capability of dbus IPC between machines
Pavel Strashkin
pavel.strashkin at gmail.com
Wed Nov 30 22:08:47 PST 2011
Guys,
Do you remember how auth works for TCP/IP? It should be ANONYMOUS if i
remember, but what's next? There also should be allow_anonymous tag in
configuration file, but it leads to
"org.freedesktop.DBus.Error.AccessDenied: Client tried to send a
message other than Hello without being registered". The same
dbus-send, but with --system, works fine.
2011/11/30 yinxb <yinxiaobiao at gmail.com>:
> Hi
>
> strace the dbus-send and get the following log.
> I seems authentic reject.
>
> ================
> execve("/usr/bin/dbus-send", ["dbus-send",
> "--address=tcp:host=10.239.58.116"..., "--print-reply",
> "--type=method_call", "--dest=org.freedesktop.DBus",
> "/org/freedesktop/DBus", "org.freedesktop.DBus.ListNames"], [/* 45
> vars */]) = 0
> brk(0) = 0x92a7000
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
> mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7715000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=56799, ...}) = 0
> mmap2(NULL, 56799, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7707000
> close(3) = 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
> open("/lib/libdbus-1.so.3", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0M\0\0004\0\0\0"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0644, st_size=239300, ...}) = 0
> mmap2(NULL, 242528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0x297000
> mmap2(0x2d1000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x39) = 0x2d1000
> close(3) = 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
> open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000m\1\0004\0\0\0"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1405508, ...}) = 0
> mmap2(NULL, 1415592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
> 3, 0) = 0x789000
> mprotect(0x8dc000, 4096, PROT_NONE) = 0
> mmap2(0x8dd000, 12288, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x8dd000
> mmap2(0x8e0000, 10664, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8e0000
> close(3) = 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
> open("/lib/tls/i686/cmov/libpthread.so.0", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
> J\0\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=117086, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7706000
> mmap2(NULL, 98792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0x580000
> mmap2(0x595000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0x595000
> mmap2(0x597000, 4584, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x597000
> close(3) = 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
> open("/lib/tls/i686/cmov/librt.so.1", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\30\0\0004\0\0\0"...,
> 512) = 512
> fstat64(3, {st_mode=S_IFREG|0644, st_size=30684, ...}) = 0
> mmap2(NULL, 33364, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0xca6000
> mmap2(0xcad000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xcad000
> close(3) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7705000
> set_thread_area({entry_number:-1 -> 6, base_addr:0xb77056c0,
> limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
> limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> mprotect(0xcad000, 4096, PROT_READ) = 0
> mprotect(0x595000, 4096, PROT_READ) = 0
> mprotect(0x8dd000, 8192, PROT_READ) = 0
> mprotect(0x2d1000, 4096, PROT_READ) = 0
> mprotect(0x804b000, 4096, PROT_READ) = 0
> mprotect(0xfc0000, 4096, PROT_READ) = 0
> munmap(0xb7707000, 56799) = 0
> set_tid_address(0xb7705728) = 26576
> set_robust_list(0xb7705730, 0xc) = 0
> futex(0xbf914e40, FUTEX_WAKE_PRIVATE, 1) = 0
> futex(0xbf914e40, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1,
> NULL, bf914e50) = -1 EAGAIN (Resource temporarily unavailable)
> rt_sigaction(SIGRTMIN, {0x584410, [], SA_SIGINFO}, NULL, 8) = 0
> rt_sigaction(SIGRT_1, {0x5848f0, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
> rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
> getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
> uname({sys="Linux", node="yinxb", ...}) = 0
> brk(0) = 0x92a7000
> brk(0x92c8000) = 0x92c8000
> socket(PF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP) = 3
> socket(PF_NETLINK, SOCK_RAW, 0) = 4
> bind(4, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
> getsockname(4, {sa_family=AF_NETLINK, pid=26576, groups=00000000}, [12]) = 0
> time(NULL) = 1322710952
> sendto(4, "\24\0\0\0\26\0\1\3\250\367\326N\0\0\0\0\0\0\0\0", 20, 0,
> {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
> recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
> groups=00000000},
> msg_iov(1)=[{"0\0\0\0\24\0\2\0\250\367\326N\320g\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
> recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
> groups=00000000},
> msg_iov(1)=[{"@\0\0\0\24\0\2\0\250\367\326N\320g\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
> recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
> groups=00000000},
> msg_iov(1)=[{"\24\0\0\0\3\0\2\0\250\367\326N\320g\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"...,
> 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
> close(4) = 0
> socket(PF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP) = 4
> connect(4, {sa_family=AF_INET, sin_port=htons(12434),
> sin_addr=inet_addr("10.239.58.116")}, 16) = 0
> fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
> fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> geteuid32() = 1000
> getsockname(4, {sa_family=AF_INET, sin_port=htons(46722),
> sin_addr=inet_addr("10.239.58.187")}, [16]) = 0
> poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
> write(4, "\0", 1) = 1
> send(4, "AUTH EXTERNAL 31303030\r\n", 24, MSG_NOSIGNAL) = 24
> poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
> read(4, "REJECTED EXTERNAL DBUS_COOKIE_SH"..., 2048) = 46
> geteuid32() = 1000
> poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
> send(4, "AUTH DBUS_COOKIE_SHA1 31303030\r\n", 32, MSG_NOSIGNAL) = 32
> poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
> read(4, "REJECTED EXTERNAL DBUS_COOKIE_SH"..., 2048) = 46
> poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
> send(4, "AUTH ANONYMOUS 6c696264627573203"..., 43, MSG_NOSIGNAL) = 43
> poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
> read(4, "REJECTED EXTERNAL DBUS_COOKIE_SH"..., 2048) = 46
> close(4) = 0
> clock_gettime(CLOCK_MONOTONIC, {63463, 835342983}) = 0
> write(2, "Error org.freedesktop.DBus.Error"..., 253Error
> org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible
> causes include: the remote application did not send a reply, the
> message bus security policy blocked the reply, the reply timeout
> expired, or the network connection was broken.
> ) = 253
> exit_group(1) = ?
> ================
>
> 在 2011年12月1日 上午11:36,Pavel Strashkin <pavel.strashkin at gmail.com> 写道:
>> I have the latest 1.4.x. The command should be "DBUS_VERBOSE=1
>> dbus-send --address=tcp:host=127.0.0.1,port=12434 --print-reply
>> --type=method_call --dest=org.freedesktop.DBus /org/freedesktop/DBus
>> org.freedesktop.DBus.ListNames". If it doesn't work, try to run it via
>> strace: "strace dbus-send ...".
>>
>> 2011/11/30 yinxb <yinxiaobiao at gmail.com>:
>>> Hi Pavel Strashkin
>>>
>>> I downloaded the dbus-1.5.0.tar.gz from
>>> http://cgit.freedesktop.org/dbus/dbus/
>>> and ./configure --enable-verbose-mode and make & make install.
>>> when execute the commad metioned in your last mail,
>>> I cannot find debug info output.
>>>
>>> Also I tried to find the debug version of dbus,and dpkg the package.
>>> http://packages.ubuntu.com/maverick/dbus-1-dbg
>>> when use dbus-send,it tells me
>>> dbus-send: cannot execute binary file
>>>
>>> Would you please tell me what is the version of dbus & dbus debug.
>>> More,Could you kindly tell me the command works in your host and client
>>> ============
>>> dbus-send --address=... --print-reply
>>> --type=method_call --dest=org.freedesktop.DBus /org/freedesktop/DBus
>>> org.freedesktop.DBus.ListNames
>>> ============
>>>
>>> Thanks very much indeed
>>>
>>> 在 2011年11月30日 上午11:53,Pavel Strashkin <pavel.strashkin at gmail.com> 写道:
>>>> It only means that you can't use --address and --system (--session)
>>>> command line options together. --system and --session is kind of alias
>>>> for --address.
>>>>
>>>> Try the following call: dbus-send --address=... --print-reply
>>>> --type=method_call --dest=org.freedesktop.DBus /org/freedesktop/DBus
>>>> org.freedesktop.DBus.ListNames
>>>>
>>>> Put right address there. Also try the same call on localhost where
>>>> you're listening on 12434 port, use 127.0.0.1 or localhost as a host
>>>> name.
>>>>
>>>> 2011/11/29 yinxb <yinxiaobiao at gmail.com>:
>>>>> It seems the host(remote pc) is listenning the 12434 port.
>>>>>
>>>>> another question,when I execute the following command
>>>>> dbus-send --address=tcp:host=10.239.58.116,port=12434 --system
>>>>> --type=method_call --print-reply --dest=org.gnome.DisplayManager
>>>>> /org/gnome/DisplayManager/Manager
>>>>> org.gnome.DisplayManager.Manager.GetDisplays
>>>>>
>>>>> Get the messages:
>>>>> ----------------------
>>>>> --address" may not be used with "--system" or "--session"
>>>>> ---------------------
>>>>> Does it mean remote dbus cannot call system bus and session bus in host?
>>>>> and then what kind of bus can be used in the remote case?
>>>>>
>>>>> ps:
>>>>> DisplayManager is system bus
>>>>>
>>>>> 在 2011年11月30日 上午10:04,yinxb <yinxiaobiao at gmail.com> 写道:
>>>>>> get the following list in local PC
>>>>>> ----------------------
>>>>>> tcp 0 0 0.0.0.0:2049 0.0.0.0:*
>>>>>> LISTEN -
>>>>>> tcp 0 0 0.0.0.0:59747 0.0.0.0:*
>>>>>> LISTEN -
>>>>>> tcp 0 0 0.0.0.0:40967 0.0.0.0:*
>>>>>> LISTEN 1554/dbus-daemon
>>>>>> tcp 0 0 0.0.0.0:111 0.0.0.0:*
>>>>>> LISTEN 617/portmap
>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:*
>>>>>> LISTEN 586/sshd
>>>>>> tcp 0 0 127.0.0.1:631 0.0.0.0:*
>>>>>> LISTEN 984/cupsd
>>>>>> tcp 0 0 0.0.0.0:59962 0.0.0.0:*
>>>>>> LISTEN 699/rpc.statd
>>>>>> tcp 0 0 0.0.0.0:52732 0.0.0.0:*
>>>>>> LISTEN 927/rpc.mountd
>>>>>> tcp 0 0 0.0.0.0:60317 0.0.0.0:*
>>>>>> LISTEN 1768/dbus-daemon
>>>>>> tcp6 0 0 :::22 :::*
>>>>>> LISTEN 586/sshd
>>>>>> tcp6 0 0 ::1:631 :::*
>>>>>> LISTEN 984/cupsd
>>>>>> --------------------------
>>>>>>
>>>>>> in remotePC
>>>>>> -------------------------
>>>>>> tcp 0 0 0.0.0.0:2049 0.0.0.0:*
>>>>>> LISTEN -
>>>>>> tcp 0 0 0.0.0.0:53097 0.0.0.0:*
>>>>>> LISTEN 770/rpc.statd
>>>>>> tcp 0 0 0.0.0.0:34474 0.0.0.0:*
>>>>>> LISTEN 1125/rpc.mountd
>>>>>> tcp 0 0 0.0.0.0:111 0.0.0.0:*
>>>>>> LISTEN 730/portmap
>>>>>> tcp 0 0 0.0.0.0:12434 0.0.0.0:*
>>>>>> LISTEN 512/dbus-daemon
>>>>>> tcp 0 0 0.0.0.0:33267 0.0.0.0:*
>>>>>> LISTEN -
>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:*
>>>>>> LISTEN 1559/sshd
>>>>>> tcp 0 0 127.0.0.1:631 0.0.0.0:*
>>>>>> LISTEN 1380/cupsd
>>>>>> tcp6 0 0 :::22 :::*
>>>>>> LISTEN 1559/sshd
>>>>>> tcp6 0 0 ::1:631 :::*
>>>>>> LISTEN 1380/cupsd
>>>>>> -------------------------
>>>>>> 2011/11/30, Pavel Strashkin <pavel.strashkin at gmail.com>:
>>>>>>> What about "netstat -nlpt"? Does it show that some process is
>>>>>>> listening on 12434 TCP/IP port?
>>>>>>>
>>>>>>> 2011/11/29 yinxb <yinxiaobiao at gmail.com>:
>>>>>>>> Hi Pavel Strashkin
>>>>>>>>
>>>>>>>> It seems that dbus-monitor did not connect the specified host & port.
>>>>>>>>
>>>>>>>> When execute the command in remotePC or lolcaPC:
>>>>>>>> dbus-monitor --address tcp:host=xx.xxx.xx.116,port=12434
>>>>>>>> only get the register failed message
>>>>>>>> ========
>>>>>>>> Failed to register connection to bus at
>>>>>>>> tcp:host=10.239.58.116,port=12434: Did not receive a reply. Possible
>>>>>>>> causes include: the remote application did not send a reply, the
>>>>>>>> message bus security policy blocked the reply, the reply timeout
>>>>>>>> expired, or the network connection was broken.
>>>>>>>> ========
>>>>>>>> I even turned off the firewall on both remotePC and localPC and
>>>>>>>> still get the same result.
>>>>>>>>
>>>>>>>> 在 2011年11月30日 上午3:34,Pavel Strashkin <pavel.strashkin at gmail.com> 写道:
>>>>>>>>> Does dbus-monitor successfully connect to dbus-daemon on specified host &
>>>>>>>>> port?
>>>>>>>>>
>>>>>>>>> 2011/11/28 yinxb <yinxiaobiao at gmail.com>:
>>>>>>>>>> In addition,dbus-monitor in the remote PC cannot find any info related
>>>>>>>>>> the dbus-send.
>>>>>>>>>>
>>>>>>>>>> 在 2011年11月29日 上午10:38,yinxb <yinxiaobiao at gmail.com> 写道:
>>>>>>>>>>> Hi Thiago Macieira and Pavel
>>>>>>>>>>>
>>>>>>>>>>> Thanks for your reply.
>>>>>>>>>>>
>>>>>>>>>>> As metioned in your mail,I did the following steps:
>>>>>>>>>>> 1.Romote PC:
>>>>>>>>>>> Config /etc/dbus-1/system.conf.
>>>>>>>>>>> Add listen tcp:host=0.0.0.0,port=12434
>>>>>>>>>>>
>>>>>>>>>>> 2.Local PC:
>>>>>>>>>>> dbus-send --address=tcp:host=xx.xxx.xx.116,port=12434 --print-reply
>>>>>>>>>>> --dest=org.gnome.PowerManager
>>>>>>>>>>> /org/ayatana/NotificationItem/gnome_power_manager/Menu
>>>>>>>>>>> org.freedesktop.Dbus.Introspectable.Introspect
>>>>>>>>>>>
>>>>>>>>>>> after that,I got the following message:
>>>>>>>>>>> Error org.freedesktop.DBus.Error.NoReply: Did not receive a reply.
>>>>>>>>>>> Possible causes include: the remote application did not send a reply,
>>>>>>>>>>> the message bus security policy blocked the reply, the reply timeout
>>>>>>>>>>> expired, or the network connection was broken.
>>>>>>>>>>>
>>>>>>>>>>> Can you figure out what is missing or wrong with my steps?
>>>>>>>>>>>
>>>>>>>>>>> ps:
>>>>>>>>>>> telnet can connect the remote PC (xx.xxx.xx.116).
>>>>>>>>>>>
>>>>>>>>>>> 2011/11/29 Thiago Macieira <thiago at kde.org>:
>>>>>>>>>>>> On Monday, 28 de November de 2011 15.59.42, 尹YinXiaobiao wrote:
>>>>>>>>>>>>> Hi all
>>>>>>>>>>>>> I am a newbie at Dbus and this is my first mail in this
>>>>>>>>>>>>> maillist.
>>>>>>>>>>>>> By some investigate and look at the source code,I know that dbus
>>>>>>>>>>>>> is using socket(tcp & unix domain socket) to transfer data.
>>>>>>>>>>>>> So it is possible for communication between two machines(or VM).
>>>>>>>>>>>>
>>>>>>>>>>>> Right, it's possible.
>>>>>>>>>>>>
>>>>>>>>>>>>> Now my question is how to vevify this capability by dbus-send
>>>>>>>>>>>>> command.
>>>>>>>>>>>>> Can anyone give me a hint?
>>>>>>>>>>>>
>>>>>>>>>>>> Just send the message you want to send. You know the address of the
>>>>>>>>>>>> bus server
>>>>>>>>>>>> to connect to, so pass it in the --address= option. You know that
>>>>>>>>>>>> address
>>>>>>>>>>>> because you configured the other machine with it.
>>>>>>>>>>>>
>>>>>>>>>>>>> Someone tell me that dbus do not listen on TCP by default,how to
>>>>>>>>>>>>> enable TCP listen?
>>>>>>>>>>>>
>>>>>>>>>>>> Create your own config file and change the <listen> directive to be on
>>>>>>>>>>>> TCP.
>>>>>>>>>>>>
>>>>>>>>>>>> Remember: D-Bus TCP is unauthenticated an unencrypted. It accepts
>>>>>>>>>>>> connections
>>>>>>>>>>>> from anywhere and trusts it blindly.
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
>>>>>>>>>>>> Software Architect - Intel Open Source Technology Center
>>>>>>>>>>>> PGP/GPG: 0x6EF45358; fingerprint:
>>>>>>>>>>>> E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> dbus mailing list
>>>>>>>>>>>> dbus at lists.freedesktop.org
>>>>>>>>>>>> http://lists.freedesktop.org/mailman/listinfo/dbus
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> dbus mailing list
>>>>>>>>>> dbus at lists.freedesktop.org
>>>>>>>>>> http://lists.freedesktop.org/mailman/listinfo/dbus
>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
More information about the dbus
mailing list