28564 – DBUS_COOKIE_SHA1 can't work between machines

Bug 28564 - DBUS_COOKIE_SHA1 can't work between machines

Summary: DBUS_COOKIE_SHA1 can't work between machines

Status:	RESOLVED DUPLICATE of bug 48580

Alias:	None

Product:	dbus
Classification:	Unclassified
Component:	core (show other bugs)
Version:	1.2.x
Hardware:	x86 (IA32) Linux (All)

Importance:	medium normal
Assignee:	Havoc Pennington
QA Contact:	John (J5) Palmieri

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-06-15 15:38 UTC by djch-intel-bugs
Modified:	2013-08-27 16:49 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description djch-intel-bugs 2010-06-15 15:38:04 UTC

I'm trying to run dbus (1.2.24) over tcp between machines that share .dbus-keyrings over NFS, using DBUS_COOKIE_SHA1 authentication. The cookie gets rejected on the server

dropping/ignoring %ld-seconds old key with timestamp %ld as current time is %ld\n

in dbus-keyring.c as being far in the future. 

Looking at dbus-sysdeps-unix.c, _dbus_get_current_time() uses CLOCK_MONOTONIC. On Linux this counts seconds since last reboot, and the data sent from client to server includes a client timestamp. Unsurprisingly the server usually rejects this.

I can see (within a machine) why CLOCK_MONOTONIC is attractive, but either:
- DBUS_COOKIE_SHA1 should be declared as only operational within a single machine
- the authentication protocol (perhaps only) needs to use CLOCK_REALTIME for its timestamps
- the authentication protocol could avoid including CPU time - perhaps use the modification time for a file in the (assumed shared) keyrings directory. (In effect use the shared dir as a shared clock)

I realise my application (networked monitoring/control  of tropical marine fish tanks) is not the core business of dbus :-), but dbus with python bindings makes for nice plug and play design, so I'd like to get it working properly. (anonymous auth will do for now)

Comment 1 Havoc Pennington 2010-06-17 21:45:54 UTC

this was broken by 1c6596eb52fdf196705efe6c06dcd9fe8f836afc

Date:   Sun Dec 13 13:30:09 2009 -0800

    Use monotonic clock for _dbus_get_current_time() if it's available.
    
    _dbus_get_current_time() is used for timeouts, but uses gettimeofday(), whic
    relies on the wall clock time, which can change. If the time is changed forw
    or backwards, the timeouts are no longer valid, so the monotonic clock must 
    
    https://bugs.freedesktop.org/show_bug.cgi?id=25624

I think uuid generation should use wall clock time, in addition to the keyring timestamp.
I'd suggest just having _dbus_get_monotonic_time()/get_timestamp()/something separate from current_time() instead of cramming them into one function. get_monotonic_time() can return current_time() when monotonic is unavailable.

Comment 2 djch-intel-bugs 2010-06-28 13:08:06 UTC

Tried a quick hack - change CLOCK_MONOTONIC to CLOCK_REALTIME in dbus-sysdeps-unix.c (only)

Now works fine between machines using cookie_sha1 and shared keyring. Next step is a proper patch to separate the inter-machine timestamps from the local - I may have removed monotonic where I didn't need to...

Thanks

Comment 3 Simon McVittie 2013-08-27 16:49:24 UTC

This was probably Bug #48580.

*** This bug has been marked as a duplicate of bug 48580 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.