Created attachment 15743 [details] [review]
Allow anonymous users
Dbus supports an anonymous authentication mechanism, but after succesfully authenticating to the standard dbus daemon, authorization always fails. The attached patch adds a new config tag, <allow_anonymous/>, and the code to allow anonyomous users if this tag is spotted in the config.
The reason I created this, is that I want to use dbus as IPC between processes running on several hosts. And until a proper authentication mechanism for that is written (which is on my TODO list, but this was easier ;)) I will rely on host-based authentication (firewall) and want to use this.
Please consider including this in dbus.
Was tempted to say for this kind of thing "use DBusServer", but on the other hand we give one plenty of rope in the config file as is now.
Author: Dennis Kaarsemaker <email@example.com>
Date: Wed Nov 12 08:51:00 2008 -0500
Bug 15393 - support allow_anonymous config variable
* bus/bus.c: Set allow_anonymous if specified from
* bus/config-parser.c: Parse it.
* bus/config-parser-common.h: Declare it.
Signed-off-by: Colin Walters <firstname.lastname@example.org>
So from the mailing list discussion:
it sounds like this patch doesn't work as intended. I don't have time at the moment to look into it myself; but I would like to reduce the differences between dbus-1.2 (where this patch is not applied) and master.
So, does anyone mind if I revert this patch until we've worked through the issues?
Here's a ton of old discussion for future reference:
I still don't really see where someone has written down evidence they've thought through what happens security-wise with a patch like this.
Also, there's no unit tests. The ordeal around bus policies shows the potential consequences of that.
Created attachment 22457 [details] [review]
Allow anonymous users (dbus 1.2.12)
dbus-daemon allows anonymous users if <allow_anonymous/> is set in the configuration file
After patching the current release (dbus 1.2.12), I successfully connected a client to a remote dbus-daemon via tcp and retrieved the list of services on the bus with ListNames().
After removing <allow_anonymous/> from the daemon config file, the client is denied access as expected.
Quick note on this one; the original patch got applied to master, we need to revert that before evaluating this new one.
Also as Havoc said there's no unit tests.
(In reply to comment #4)
> Created an attachment (id=22457) [details]
> Allow anonymous users (dbus 1.2.12)
> dbus-daemon allows anonymous users if <allow_anonymous/> is set in the
> configuration file
There is only "+" in this last patch and all are in lastest git, right ?
I have tested with lastet git.
Server on win32, ip 192.168.0.182 :
Part of the dbus-daemon configuration file:
Client on linux, ip 192.168.0.32:
DBUS_SESSION_BUS_ADDRESS="tcp:host=192.168.0.182,port=12434" dbus-send --print-reply --dest="org.freedesktop.DBus" /org/freedesktop/DBus/Introspectable org.freedesktop.DBus.Introspectable.Introspect
So I can confirm that this patch is in git and works as expected.
Peter: how does your patch differ from Dennis' patch, and do we still need to apply it?
Dennis: is there anything else to be done here?
I don't think this is a high priority for the core D-Bus maintainers right now - anonymous auth is a rather niche use of D-Bus compared with the system/session bus on mainstream systems - but I'd accept patches.
parser->allow_anonymous = TRUE;
Should be added to merge_included in config-parser.c to allow the flag to be set from an included configuration file.
close it giving that anonymous auth was already supported.