When client and proxy have different user ids, client cannot authenticate itself to the bus. The reason for this is that client sends an auth message with its user id, for example:
AUTH EXTERNAL 31303030\r\n
(this is hex-encoded string "1000"). Proxy passes this message to DBus server vebratim, but the server sees that user id doesn't match proxy's user id and rejects connection.
This can be tested by running a test command like this one:
To fix it, I have changed the code so that the proxy can rewrite user's id in AUTH EXTERNAL line with proxy's user id. This way, clients with different user id are able to connect to the bus.
I also had to refactor code a little for better readability. Now the proxy parses and splits auth messages so if it will be necessary, further processing is possible. When --log option is used, auth messages now are printed which should aid debugging issues.
I also have added a CLI argument to allow whitelisting user ids that are able to connect to the proxy.
I have tested my changes using additional Python script which sends different types of messages, including sending messages byte-by-byte and filling messages with garbage to test that proxy doesn't crash. I used a build compiled with ASAN (address sanitizer) to make sure that there are no issues with invalid pointer usage.
I don't know if I can add this script to repository as it is not an automated but manual test.
I have also verified that there are no memory leaks by using heaptrack and connecting/disconnecting to proxy thousand times.
When client and proxy have different user ids, client cannot authenticate itself to the bus. The reason for this is that client sends an auth message with its user id, for example:
(this is hex-encoded string "1000"). Proxy passes this message to DBus server vebratim, but the server sees that user id doesn't match proxy's user id and rejects connection.
This can be tested by running a test command like this one:
There will be connection error.
To fix it, I have changed the code so that the proxy can rewrite user's id in
AUTH EXTERNALline with proxy's user id. This way, clients with different user id are able to connect to the bus.I also had to refactor code a little for better readability. Now the proxy parses and splits auth messages so if it will be necessary, further processing is possible. When
--logoption is used, auth messages now are printed which should aid debugging issues.I also have added a CLI argument to allow whitelisting user ids that are able to connect to the proxy.
I have tested my changes using additional Python script which sends different types of messages, including sending messages byte-by-byte and filling messages with garbage to test that proxy doesn't crash. I used a build compiled with ASAN (address sanitizer) to make sure that there are no issues with invalid pointer usage.
I don't know if I can add this script to repository as it is not an automated but manual test.
I have also verified that there are no memory leaks by using heaptrack and connecting/disconnecting to proxy thousand times.