Authentication

Note

If you use any of Jeepney’s I/O integrations, authentication is built in. You only need these functions if you’re working outside that.

If you are setting up a socket for D-Bus, you will need to do SASL authentication before starting to send and receive D-Bus messages. This text based protocol is completely different to D-Bus itself.

Only a small fraction of SASL is implemented here, primarily what Jeepney’s integration layer uses. If you’re doing something different, you may need to implement other messages yourself.

jeepney.auth.make_auth_external() → bytes[source]

Prepare an AUTH command line with the current effective user ID.

This is the preferred authentication method for typical D-Bus connections over a Unix domain socket.

jeepney.auth.make_auth_anonymous() → bytes[source]

Format an AUTH command line for the ANONYMOUS mechanism

Jeepney’s higher-level wrappers don’t currently use this mechanism, but third-party code may choose to.

See <https://tools.ietf.org/html/rfc4505> for details.

jeepney.auth.BEGIN

Send this just before switching to the D-Bus protocol.

class jeepney.auth.Authenticator(enable_fds=False)[source]

Process data for the SASL authentication conversation

If enable_fds is True, this includes negotiating support for passing file descriptors.

Changed in version 0.7: This class was renamed from SASLParser and substantially changed.

authenticated

Initially False, changes to True when authentication has succeeded.

error

None, or the raw bytes of an error message if authentication failed.

data_to_send() → Optional[bytes][source]

Get a line of data to send to the server

The data returned should be sent before waiting to receive data. Returns empty bytes if waiting for more data from the server, and None if authentication is finished (success or error).

Iterating over the Authenticator object will also yield these lines; feed() should be called with received data inside the loop.

feed(data: bytes)[source]

Process received data

Raises AuthenticationError if the incoming data is not as expected for successful authentication. The connection should then be abandoned.

exception jeepney.auth.AuthenticationError(data, msg='Authentication failed')[source]

Raised when DBus authentication fails

exception jeepney.auth.FDNegotiationError(data)[source]

Raised when file descriptor support is requested but not available

Typical flow

  1. Send the data from Authenticator.data_to_send() (or for req_data in authenticator).
  2. Receive data from the server, pass to Authenticator.feed().
  3. Repeat 1 & 2 until Authenticator.authenticated is True, or the for loop exits.
  4. Send BEGIN.
  5. Start sending & receiving D-Bus messages.