gdbus - caller authentication

David Sommerseth dbus at lists.topphemmelig.net
Wed Aug 30 22:11:05 UTC 2017 

On 29/08/17 11:17, Simon McVittie wrote:
> On Mon, 21 Aug 2017 at 18:20:51 +0200, David Sommerseth wrote:
>> Currently I use g_bus_get_sync() to get access to the system bus and
>> when I call g_dbus_connection_get_peer_credentials () from the service
>> side, it returns NULL.  So I believe something needs to be flagged
>> correctly to provide that information.
> 
[...snip...]
> 
> To get the credentials of another connection to the same dbus-daemon,
> call the org.freedesktop.DBus.GetConnectionCredentials() method or a
> higher-level API that wraps it. The *sender* of a D-Bus method call
> message is a suitable parameter to pass to GetConnectionCredentials.

Ahhh!  Thank you!  I haven't spotted this in the introspection, so I
didn't know that one existed.  This makes a lot of sense.  I'll dig into
this.

>> I have also started to wonder if this should be handled by polkit as
>> well, but I haven't fully grasped the concept of how that could be done.
>>  Part of it would be the policies, which I don't quite understand how it
>> could check if the method caller to the D-Bus server could be matched
>> against a stored value inside the configuration manager.  So then some
>> of the authentication would need to be passed on from polkit to the
>> configuration manager.
> 
> When using polkit, I think the typical pattern would be to compare
> the sender's credentials with credentials that you previously stored
> (the "owner" of that VPN configuration), and ask polkit about a
> different *action*. For example, if your project's domain name is
> OpenVPN.example.com, you might define actions
> com.example.OpenVPN.create-configuration (which might be allowed for
> everyone by default), com.example.OpenVPN.modify-same-user-configuration
> (which might be allowed for everyone by default), and
> com.example.OpenVPN.modify-other-user-configuration (which might only
> be allowed for root-equivalent users, *admins* in polkit terminology,
> by default). UDisks2/storaged do similar things when they distinguish
> between removable disks attached to the same seat where the requesting
> user is logged-in, and removable disks attached to a different seat.

Right!  I begin to understand the polkit role even better now.  This
makes a lot of sense to implement in OpenVPN too, but I'll make things
work somewhat with the policy hard-coded in the first round.

But to have a policy which can be modified by a sys-admin at runtime
makes perfect sense to me.  It actually means we can provide several
pre-installed VPN configuration profiles on systems, have a "tag" on
them and tie these "tags" to specific users or user groups.  The
enterprise users can appreciate such features.


Thanks again for pointing me into the right direction!  You help is
invaluable for my project.  And I'm looking forward to make my work
public in not too far future; once most lacking features and bugs have
been ironed out :)


-- 
kind regards,

David Sommerseth

More information about the dbus mailing list