Closed brett-smith closed 11 months ago
Are you sure both client & server running under the same user uid? I can see client tries to authenticate with uid of 501, is the server up and running with this uid as well?
Wait, I just read title. In the provided logs no anonymous auth is being used, it uses EXTERNAL auth. In order to force it to be anonymous auth you should use smth like this:
builder.transportConfig().configureSasl().withAuthMode(TransportBuilder.SaslAuthMode.AUTH_ANONYMOUS);
That doesn't seem to have made any difference. I'm not able to get full logs again at the moment, but I'll post back later in the day when I have them.
With version 4.2.1 though (and every version prior to https://github.com/hypfvieh/dbus-java/commit/fe43125e48fd46fd78158028acd42aaebba34ba9), I have never had to set the auth mode on the client side of the connection.
On the broker side, I just did this ..
daemon = new EmbeddedDBusDaemon(listenBusAddress);
daemon.setSaslAuthMode(SaslAuthMode.AUTH_ANONYMOUS);
daemon.startInBackground();
and it just worked.
I mean that code for server side for sure, not for client. But I use DirectConnection directly, without a wrapper of EmbeddedDBusDaemon.
This seems to be an issue with setting up the SaslAuthMode
on both client and server side.
The SaslConfig
object is created multiple times. While the setter will update the first object, this isn't the object passed to the SASL
class.
I investigated this and fixed the builder setup.
Additionally the auth mode was overwritten by the transport. This was implemented to ensure that the default auth mode works for the used transport. There were some checks which were useless (comparing the already changed SaslConfig
with a "new" SaslConfig
) and therefore the auth mode was always reset to "default" (EXTERNAL
when using unix sockets). I fixed that as well.
Please try again with the latest changes. btw. I'm not sure, but usually GitHub-Actions should now deploy to maven central snapshot repo when I update the master branch.
Perfect, that has done the trick. I'm now seeing ANONYMOUS
mentioned in the SASL logs, and all clients regardless get authenticated regardless of user ID.
Thanks once more for your time.
And yes! Maven snapshot repositories are definitely there. I wiped my local repository and rebuilt, and saw that all dbus-java modules were pulled from oss-snapshots. This will be very useful in the future, so thanks for doing that.
I guess this one if fixed for a while - closing it. If still not working, please re-open
It looks like #214 or #215 might have broken anonymous SASL authentication. As far as I can make out, only with the
EmbeddedDBusDaemon
though.We are seeing the following with 4.3.1-SNAPSHOT builds.
The dbus daemon log ...
And the client log ...
Edit: It appears this may not be happening everywhere. I have this reproduced on Mac OS at the moment, but windows seems OK. I can't think why this would be! The one thing I do know is that is has broken somewhere between 4.2.1 and 4.3.1-SNAPSHOT. Will update with further details if i get them.
Edit: Stranger and stranger. It appears to be OK if the broker and the client are both root (perhaps just need to be same user).
Edit: Changed my mind about #214 and #215. I've revert all those commits, and it still happens. So I suspect it may be something earlier. I'll keep bisecting.
Edit: Not got to it yet, despite trrying a number of different SASL related commits.
Edit: Ah ha! Got it. It was commit https://github.com/hypfvieh/dbus-java/commit/fe43125e48fd46fd78158028acd42aaebba34ba9. I'll post back when I understand more what that was all about.
Edit: Well I'm baffled. It's definitely that commit that changed the behavior, but I can't see what is causing it.