diff options
| -rw-r--r-- | bus/session.conf.in | 10 | ||||
| -rw-r--r-- | cmake/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | configure.ac | 7 |
3 files changed, 21 insertions, 0 deletions
diff --git a/bus/session.conf.in b/bus/session.conf.in index cfe9544f..e78c1d33 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -14,6 +14,16 @@ <listen>@DBUS_SESSION_BUS_LISTEN_ADDRESS@</listen> + <!-- On Unix systems, the most secure authentication mechanism is + EXTERNAL, which uses credential-passing over Unix sockets. + + This authentication mechanism is not available on Windows, + is not suitable for use with the tcp: or nonce-tcp: transports, + and will not work on obscure flavours of Unix that do not have + a supported credentials-passing mechanism. On those platforms/transports, + comment out the <auth> element to allow fallback to DBUS_COOKIE_SHA1. --> + @DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL@ + <standard_session_servicedirs /> <policy context="default"> diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt index 3de0606a..20a8334f 100644 --- a/cmake/CMakeLists.txt +++ b/cmake/CMakeLists.txt @@ -452,6 +452,7 @@ if (WIN32) # bus-test expects a non empty string set (DBUS_USER "Administrator") set (DBUS_TEST_USER "guest") + set (DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL "<!--<auth>EXTERNAL</auth>-->") else (WIN32) set (DBUS_SESSION_BUS_LISTEN_ADDRESS "unix:tmpdir=${DBUS_SESSION_SOCKET_DIR}" CACHE STRING "session bus default listening address") set (DBUS_SESSION_BUS_CONNECT_ADDRESS "autolaunch:" CACHE STRING "session bus fallback address for clients") @@ -461,6 +462,9 @@ else (WIN32) set (DBUS_SESSION_CONFIG_FILE ${configdir}/session.conf) set (DBUS_USER "messagebus") set (DBUS_TEST_USER "nobody") + # For best security, assume that all non-Windows platforms can do + # credentials-passing. + set (DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL "<auth>EXTERNAL</auth>") endif (WIN32) set (DBUS_DAEMON_NAME "dbus-daemon" CACHE STRING "The name of the dbus daemon executable") diff --git a/configure.ac b/configure.ac index d1c1a0dc..d1d26b8d 100644 --- a/configure.ac +++ b/configure.ac @@ -134,6 +134,13 @@ if test "$dbus_cygwin" = yes; then AC_DEFINE(DBUS_CYGWIN,1,[Defined if we run on a cygwin API based system]) fi +# For best security, assume that all non-Windows platforms can do +# credentials-passing. +AS_IF([test "$dbus_win" = yes], + [DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL="<!--<auth>EXTERNAL</auth>-->"], + [DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL="<auth>EXTERNAL</auth>"]) +AC_SUBST([DBUS_SESSION_CONF_MAYBE_AUTH_EXTERNAL]) + AM_CONDITIONAL(DBUS_WIN, test "$dbus_win" = yes) AM_CONDITIONAL(DBUS_WINCE, test "$dbus_wince" = yes) AM_CONDITIONAL(DBUS_UNIX, test "$dbus_unix" = yes) |