Allow connecting from clients with different user id #14
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…or better readability, allow whitelisting connecting user ids, improved README
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When client and proxy have different user ids, client cannot authenticate itself to the bus. The reason for this is that client sends an auth message with its user id, for example:
(this is hex-encoded string "1000"). Proxy passes this message to DBus server vebratim, but the server sees that user id doesn't match proxy's user id and rejects connection.
This can be tested by running a test command like this one:
There will be connection error.
To fix it, I have changed the code so that the proxy can rewrite user's id in
AUTH EXTERNALline with proxy's user id. This way, clients with different user id are able to connect to the bus.I also had to refactor code a little for better readability. Now the proxy parses and splits auth messages so if it will be necessary, further processing is possible. When
--logoption is used, auth messages now are printed which should aid debugging issues.I also have added a CLI argument to allow whitelisting user ids that are able to connect to the proxy.
I have tested my changes using additional Python script which sends different types of messages, including sending messages byte-by-byte and filling messages with garbage to test that proxy doesn't crash. I used a build compiled with ASAN (address sanitizer) to make sure that there are no issues with invalid pointer usage.
I don't know if I can add this script to repository as it is not an automated but manual test.
I have also verified that there are no memory leaks by using heaptrack and connecting/disconnecting to proxy thousand times.