Authentication¶
Note
If you use any of Jeepney’s I/O integrations, authentication is built in. You only need these functions if you’re working outside that.
If you are setting up a socket for D-Bus, you will need to do SASL authentication before starting to send and receive D-Bus messages. This text based protocol is completely different to D-Bus itself.
Only a small fraction of SASL is implemented here, primarily what Jeepney’s integration layer uses. If you’re doing something different, you may need to implement other messages yourself.
-
jeepney.auth.
make_auth_external
() → bytes[source]¶ Prepare an AUTH command line with the current effective user ID.
This is the preferred authentication method for typical D-Bus connections over a Unix domain socket.
-
jeepney.auth.
make_auth_anonymous
() → bytes[source]¶ Format an AUTH command line for the ANONYMOUS mechanism
Jeepney’s higher-level wrappers don’t currently use this mechanism, but third-party code may choose to.
See <https://tools.ietf.org/html/rfc4505> for details.
-
jeepney.auth.
BEGIN
¶ Send this just before switching to the D-Bus protocol.
-
class
jeepney.auth.
Authenticator
(enable_fds=False)[source]¶ Process data for the SASL authentication conversation
If enable_fds is True, this includes negotiating support for passing file descriptors.
Changed in version 0.7: This class was renamed from
SASLParser
and substantially changed.-
authenticated
¶ Initially False, changes to True when authentication has succeeded.
-
error
¶ None
, or the raw bytes of an error message if authentication failed.
-
data_to_send
() → Optional[bytes][source]¶ Get a line of data to send to the server
The data returned should be sent before waiting to receive data. Returns empty bytes if waiting for more data from the server, and None if authentication is finished (success or error).
Iterating over the Authenticator object will also yield these lines;
feed()
should be called with received data inside the loop.
-
-
exception
jeepney.auth.
AuthenticationError
(data, msg='Authentication failed')[source]¶ Raised when DBus authentication fails
-
exception
jeepney.auth.
FDNegotiationError
(data)[source]¶ Raised when file descriptor support is requested but not available
Typical flow¶
- Send the data from
Authenticator.data_to_send()
(orfor req_data in authenticator
). - Receive data from the server, pass to
Authenticator.feed()
. - Repeat 1 & 2 until
Authenticator.authenticated
is True, or the for loop exits. - Send
BEGIN
. - Start sending & receiving D-Bus messages.