[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freedesktop-dbus
Subject:    Re: where is dbus 1.2 ?
From:       Gavrie Philipson <gavrie () gmail ! com>
Date:       2008-02-19 9:20:58
Message-ID: loom.20080219T091338-847 () post ! gmane ! org
[Download RAW message or body]

Havoc Pennington <hp@...> writes:

> Not right now. What I mean by "thought through" is for example, I don't 
> know why you would want a bus daemon that allowed anonymous access. So 
> step one in thinking it through is to describe (on this list) some of 
> the use-cases. Then we could talk about how to add the feature (which 
> would presumably be pretty simple, just have the bus daemon call 
> set_allow_anonymous() if ANONYMOUS is one of the auth mechanisms, or 
> something).
> 
> If the feature appears useful and we talk about how to add it, the 
> remaining step would be for a volunteer to write a patch (which should 
> be a very simple patch).
> 
> For the system and session bus, I don't know why ANONYMOUS would be 
> useful - so I am guessing you are using the bus daemon for some other 
> custom purpose, with a custom config file?

Havoc,

A specific use case for ANONYMOUS access to the D-Bus daemon is when debugging a
remote or embedded system. For example, I am working on an embedded Linux system
that makes use of D-Bus as an IPC mechanism between several processes. The
standard D-Bus daemon is being used.

Since we'd like to use graphical tools such as D-Feet to interactively develop
and debug the D-Bus interfaces of the product, we're using a TCP connection from
the developer's workstation to the D-Bus daemon on the embedded system, with the
ANONYMOUS authentication mechanism. Of course this is with a custom, permissive
system.conf file that is used only for development systems.

To get this to work, I added this trivial patch to the D-Bus daemon:

diff -ruN dbus-1.1.4/dbus/dbus-server-socket.c
dbus-1.1.4-local/dbus/dbus-server-socket.c
--- dbus-1.1.4/dbus/dbus-server-socket.c
+++ dbus-1.1.4-local/dbus/dbus-server-socket.c
@@ -123,6 +123,9 @@
       SERVER_UNLOCK (server);
       return FALSE;
     }
+
+  /* Allow anonymous connections */
+  dbus_connection_set_allow_anonymous(connection, TRUE);

   /* See if someone wants to handle this new connection, self-referencing
    * for paranoia.

Would this be safe enough to leave in production code? According to the
description of the dbus_connection_set_allow_anonymous function in the code, it
applies only when ANONYMOUS is listed among the authentication mechanisms, which
is not the case on production systems.

-- Gavrie

_______________________________________________
dbus mailing list
dbus@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dbus
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic