From 4a7406c32a5283b310c40bee4a0c8f69b0c2eaa9 Mon Sep 17 00:00:00 2001 From: David M Date: Thu, 19 Feb 2026 20:25:55 +0100 Subject: [PATCH 1/3] Issue 298: Use UID when acting in Server mode - UID will now be used if possible - in native-unixsocket implementation there is no way of obtaining the UID (nothing reliable), therefore the native-implementation will still ignore authentication --- .../freedesktop/dbus/connections/SASL.java | 26 +++++++------------ .../transports/AbstractTransport.java | 3 +++ .../transport/jre/NativeUnixSocketHelper.java | 24 ++++++++--------- 3 files changed, 25 insertions(+), 28 deletions(-) diff --git a/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java b/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java index a12e7c2c5..f564b62bd 100644 --- a/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java +++ b/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java @@ -598,24 +598,18 @@ public boolean auth(SocketChannel _sock, AbstractTransport _transport) throws IO case SERVER: switch (state) { case INITIAL_STATE: - ByteBuffer buf = ByteBuffer.allocate(1); - if (_sock != null) { - _sock.read(buf); // 0 + try { + int kuid = -1; + if (_transport instanceof AbstractUnixTransport aut) { + kuid = aut.getUid(_sock); + } + if (kuid >= 0) { + kernelUid = stupidlyEncode("" + kuid); + } state = SaslAuthState.WAIT_AUTH; - } else { - try { - int kuid = -1; - if (_transport instanceof AbstractUnixTransport aut) { - kuid = aut.getUid(null); - } - if (kuid >= 0) { - kernelUid = stupidlyEncode("" + kuid); - } - state = SaslAuthState.WAIT_AUTH; - } catch (SocketException _ex) { - state = SaslAuthState.FAILED; - } + } catch (SocketException _ex) { + state = SaslAuthState.FAILED; } break; case WAIT_AUTH: diff --git a/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/transports/AbstractTransport.java b/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/transports/AbstractTransport.java index 8d73b810d..c43a78896 100644 --- a/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/transports/AbstractTransport.java +++ b/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/transports/AbstractTransport.java @@ -249,6 +249,9 @@ public void setPreConnectCallback(Consumer _run) { * @throws IOException on any error */ private void authenticate(SocketChannel _sock) throws IOException { + if (_sock == null) { + throw new IOException("SocketChannel instance required"); + } SASL sasl = new SASL(config.getSaslConfig()); try { if (!sasl.auth(_sock, this)) { diff --git a/dbus-java-transport-native-unixsocket/src/main/java/org/freedesktop/dbus/transport/jre/NativeUnixSocketHelper.java b/dbus-java-transport-native-unixsocket/src/main/java/org/freedesktop/dbus/transport/jre/NativeUnixSocketHelper.java index e91ecda0b..7d60378c1 100644 --- a/dbus-java-transport-native-unixsocket/src/main/java/org/freedesktop/dbus/transport/jre/NativeUnixSocketHelper.java +++ b/dbus-java-transport-native-unixsocket/src/main/java/org/freedesktop/dbus/transport/jre/NativeUnixSocketHelper.java @@ -1,11 +1,7 @@ package org.freedesktop.dbus.transport.jre; -import jdk.net.ExtendedSocketOptions; -import jdk.net.UnixDomainPrincipal; - import java.io.IOException; import java.nio.channels.SocketChannel; -import java.nio.file.attribute.UserPrincipal; public final class NativeUnixSocketHelper { @@ -20,14 +16,18 @@ private NativeUnixSocketHelper() {} * @throws IOException when socket channel fails to read SO_PEERCRED option */ public static int getUid(SocketChannel _sock) throws IOException { - if (_sock == null) { - return -1; - } - - UnixDomainPrincipal creds = _sock.getOption(ExtendedSocketOptions.SO_PEERCRED); - UserPrincipal user = creds.user(); - - return Integer.parseInt(user.getName()); + // gathering the UID of SO_PEERCRED is currently not possible using pure Java. + // The code below will only provide the username, not the UID. + // This does not comply with the DBus-Spec which wants UID. + return -1; +// if (_sock == null) { +// return -1; +// } +// +// UnixDomainPrincipal creds = _sock.getOption(ExtendedSocketOptions.SO_PEERCRED); +// UserPrincipal user = creds.user(); +// +// return Integer.parseInt(user.getName()); } } From 4b4ae41840b592deb68af4da4fe5be8d7afe194b Mon Sep 17 00:00:00 2001 From: David M Date: Thu, 19 Feb 2026 21:19:12 +0100 Subject: [PATCH 2/3] Issue 298: Found a way to get the UID using the hashCode --- .../transport/jre/NativeUnixSocketHelper.java | 39 ++++++++++++------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/dbus-java-transport-native-unixsocket/src/main/java/org/freedesktop/dbus/transport/jre/NativeUnixSocketHelper.java b/dbus-java-transport-native-unixsocket/src/main/java/org/freedesktop/dbus/transport/jre/NativeUnixSocketHelper.java index 7d60378c1..ec92cf364 100644 --- a/dbus-java-transport-native-unixsocket/src/main/java/org/freedesktop/dbus/transport/jre/NativeUnixSocketHelper.java +++ b/dbus-java-transport-native-unixsocket/src/main/java/org/freedesktop/dbus/transport/jre/NativeUnixSocketHelper.java @@ -1,7 +1,11 @@ package org.freedesktop.dbus.transport.jre; +import jdk.net.ExtendedSocketOptions; +import jdk.net.UnixDomainPrincipal; + import java.io.IOException; import java.nio.channels.SocketChannel; +import java.nio.file.attribute.UserPrincipal; public final class NativeUnixSocketHelper { @@ -9,25 +13,34 @@ private NativeUnixSocketHelper() {} /** * Get the UID of peer credentials. + *

+ * Gathering the UID of SO_PEERCRED directly is not obvious when it comes to JDK native unix sockets.
+ * based on the implementation in {@code sun.nio.fs.UnixUserPrincipals.User},
+ * calling {@code hashCode()} on the {@link UserPrincipal} will give you either the UID or the hashCode of the name. + *

+ * This method ensures that a proper UID is returned and not the hashCode of the name. + * If there is no UID, -1 is returned. + *

* * @param _sock socket to read from - * @return UID, -1 if given {@link SocketChannel} was null + * @return UID, -1 if given {@link SocketChannel} was {@code null} or UID could not be determined * * @throws IOException when socket channel fails to read SO_PEERCRED option */ public static int getUid(SocketChannel _sock) throws IOException { - // gathering the UID of SO_PEERCRED is currently not possible using pure Java. - // The code below will only provide the username, not the UID. - // This does not comply with the DBus-Spec which wants UID. - return -1; -// if (_sock == null) { -// return -1; -// } -// -// UnixDomainPrincipal creds = _sock.getOption(ExtendedSocketOptions.SO_PEERCRED); -// UserPrincipal user = creds.user(); -// -// return Integer.parseInt(user.getName()); + if (_sock == null) { + return -1; + } + + UnixDomainPrincipal creds = _sock.getOption(ExtendedSocketOptions.SO_PEERCRED); + UserPrincipal user = creds.user(); + + int uid = -1; + if (user != null && user.hashCode() != user.getName().hashCode()) { + uid = user.hashCode(); + } + + return uid; } } From b5fc8c2d529bf633653f2d0d607b74054b844822 Mon Sep 17 00:00:00 2001 From: David M Date: Fri, 20 Feb 2026 18:42:34 +0100 Subject: [PATCH 3/3] updated readme --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1bfbb3fe1..9819456be 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ The library will remain open source and MIT licensed and can still be used, fork - **Minimum Java version: 21** - **Removed** all methods, members and classes marked as deprecated - Update JUnit to Version 6 - - Remove `throws IOException` from `AbstractConnectionBase.close()` (Issue #287) + - Remove `throws IOException` from `AbstractConnectionBase.close()` ([#287](https://github.com/hypfvieh/dbus-java/issues/287)) - Support usage of `Struct`s as return value (as alternative to `Tuple` with generics) (based on discussion in #285) - Updated dependencies and plugins - Added support to use `Struct` datatypes as return values instead of `Tuple`# @@ -87,6 +87,8 @@ The library will remain open source and MIT licensed and can still be used, fork - This can be enabled using the `DBusConnectionBuilder`, example: `DBusConnection sessionConnection = DBusConnectionBuilder.forSystemBus().receivingThreadConfig().withAllVirtualThreads(true).connectionConfig().build()` - Virtual-Threads can be enabled/disabled for each of the different executor services used in `ReceivingService`: `SIGNAL`, `ERROR`, `METHODCALL`, `METHODRETURN` - default remains native threads on all executors + - Fixed possible NullPointerException in SASL auth ([#294](https://github.com/hypfvieh/dbus-java/issues/294)) + - Fixed SASL authentication issue when running in server mode in combination with unix sockets ([#298](https://github.com/hypfvieh/dbus-java/issues/298)) ##### Changes in 5.2.0 (2025-12-21): - removed properties from dbus-java.version which causes issues with reproducable builds ([PR#279](https://github.com/hypfvieh/dbus-java/issues/279))