Using DBus Daemon with TCP and ANONYMOUS authorization

Havoc Pennington hp at pobox.com
Tue Nov 18 08:37:18 PST 2008


Hi,

One big picture question, hacking the daemon to allow anonymous
apparently worked a few months ago, but the new patch to add it to the
config file isn't working for you. So a good initial approach could be
to figure out what changed.

On Tue, Nov 18, 2008 at 8:16 AM, Schmottlach, Glenn
<GSchmott at harmanbecker.com> wrote:
> So, this would imply that _dbus_read_credentials_socket() is somehow
> smart enough to know that it's attempting to read credential information
> from a file descriptor associated with a TCP socket vs. a local socket.
> I don't think this can be done because there isn't enough contextual
> information passed into that function to determine the file descriptor
> is from a TCP socket. Assuming the signature of this function should not
> change the best place to do this check seems like it might be in
> exchange_credentials() but I am not sure the DBusTransport structure
> differentiates between the two types of sockets.

I would think some particular errno from the credential-reading system
call might be treated as "successfully read no credentials" rather
than "failed to read credentials", would require some research into
which one.

>> Then the dbus-daemon code should be able to work with a DBusConnection
>> that has no UID set.
>
> I assumed the UID had to be set. I guess another tag could be added to
> the session/system configuration file that specifies a default UID of
> anonymous TCP connections.

Nah, the right fix is that the code should support a missing UID.
Missing UID will happen on Windows also for example, where we'll have
an sid or something instead.

> Well, I've certainly looked into it enough to say that it doesn't
> *appear* to work correctly as implemented. Since I'm a bit of a DBus
> novice, I'd appreciate anyone who could do an independent verification
> (which doesn't appear to be hard to do).

If you post some kind of simple test case you might have better luck
getting a volunteer here.

> My patched approach won't pass
> muster as a final fix if indeed this is a bug. It gets me past my
> immediate hurdle but I suspect someone more familiar with the code might
> be able to suggest an alternative (and more correct) approach. Are there
> any takers to "officially" investigate this issue and roll in a patch?
> Should I log a bug in Bugzilla?

I would say based on dbus history and the way open source usually
works, it's unlikely anyone else will get to this anytime soon, unless
they are trying to use the feature themselves. Just trying to set
accurate expectations. But if you post questions or proposed patches I
will try to answer them.

Havoc


More information about the dbus mailing list