DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
indirectly dependent on high-quality pseudo-random numbers
whereas EXTERNAL authentication (credentials-passing)
is mediated by the kernel and cannot be faked.
On Windows, EXTERNAL authentication is not available,
so we continue to use the hard-coded default (all
authentication mechanisms are tried).
Users of tcp: or nonce-tcp: on Unix will have to comment
this out, but they would have had to use a special
configuration anyway (to set the listening address),
and the tcp: and nonce-tcp: transports are inherently
insecure unless special steps are taken to have them
restricted to a VPN or SSH tunnelling.
Users of obscure Unix platforms (those that trigger
the warning "Socket credentials not supported on this Unix OS"
when compiling dbus-sysdeps-unix.c) might also have to
comment this out, or preferably provide a tested patch
to enable credentials-passing on that OS.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
<listen>@DBUS_SESSION_BUS_LISTEN_ADDRESS@</listen>
+ <!-- On Unix systems, the most secure authentication mechanism is
+ EXTERNAL, which uses credential-passing over Unix sockets.
+
+ This authentication mechanism is not available on Windows,
+ is not suitable for use with the tcp: or nonce-tcp: transports,
+ and will not work on obscure flavours of Unix that do not have
+ a supported credentials-passing mechanism. On those platforms/transports,
+ comment out the <auth> element to allow fallback to DBUS_COOKIE_SHA1. -->
+ @DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL@
+
<standard_session_servicedirs />
<policy context="default">
# bus-test expects a non empty string
set (DBUS_USER "Administrator")
set (DBUS_TEST_USER "guest")
+ set (DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL "<!--<auth>EXTERNAL</auth>-->")
else (WIN32)
set (DBUS_SESSION_BUS_LISTEN_ADDRESS "unix:tmpdir=${DBUS_SESSION_SOCKET_DIR}" CACHE STRING "session bus default listening address")
set (DBUS_SESSION_BUS_CONNECT_ADDRESS "autolaunch:" CACHE STRING "session bus fallback address for clients")
set (DBUS_SESSION_CONFIG_FILE ${configdir}/session.conf)
set (DBUS_USER "messagebus")
set (DBUS_TEST_USER "nobody")
+ # For best security, assume that all non-Windows platforms can do
+ # credentials-passing.
+ set (DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL "<auth>EXTERNAL</auth>")
endif (WIN32)
set (DBUS_DAEMON_NAME "dbus-daemon" CACHE STRING "The name of the dbus daemon executable")
AC_DEFINE(DBUS_CYGWIN,1,[Defined if we run on a cygwin API based system])
fi
+# For best security, assume that all non-Windows platforms can do
+# credentials-passing.
+AS_IF([test "$dbus_win" = yes],
+ [DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL="<!--<auth>EXTERNAL</auth>-->"],
+ [DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL="<auth>EXTERNAL</auth>"])
+AC_SUBST([DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL])
+
AM_CONDITIONAL(DBUS_WIN, test "$dbus_win" = yes)
AM_CONDITIONAL(DBUS_WINCE, test "$dbus_wince" = yes)
AM_CONDITIONAL(DBUS_UNIX, test "$dbus_unix" = yes)