Skip to content

DStape/dbus-hello-world-daemon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TACACS+ D-Bus Daemon

Aim

Initial aim was to implement a simple dbus application (written as a daemon) that exposes one interface allowing other dbus applications to invoke some methods. This has been achieved, please switch to branches dbus_connection_pop_message and register-function-handler for more information.

Next aim is to expose new methods via one interface that makes the daemon connect with a TACACS+ server and perform AAA. So far, username/password authentication has been implemented.

Package requirements

libdbus-1-3, libdbus-1-dev and libtac. The former two should be available in your distribution's official repos. libtac can be cloned from https://github.com/jeroennijhof/pam_tacplus. Follow the steps there for building and installing, although the typical "autoreconf -i ; ./configure ; make ; make install" pattern should suffice.

TACACS+ server

apt-get install tacacs+ The TACACS+ configuration exists in /etc/tacacs+/tac_plus.conf. Configuration details are not mentioned here, however the defaults should be enough to get you started. There are many docs and tutorials online, however the following is recommended: https://networklessons.com/linux/how-to-install-tacacs-on-linux-centos/.

For the sake of simplicity, leave the default configuration to use /etc/passwd as the database.

Building the TACACS+ D-Bus daemon

Simply run 'make'.

Starting the TACACS+ D-Bus daemon

Simply run ./dbus_helloworld_service. Use the busctl utility to verify that the daemon is up and running and can be reached via the well-known name of "com.example.HelloWorld".

API

At the moment, there is one interface: "com.example.HelloWorld". This exposes four methods: Connect, Authenticate, Disconnect and Stop.

com.example.HelloWorld.Connect

Instructs the daemon to connect to the TACACS+ server. At the moment, the location is hard-coded to localhost:49 (TACACS default port, as per RFC-1492).

com.example.HelloWorld.Authenticate

If a connection has been established, the daemon will send an authentication request with the currently hard-coded values of user="testuser", password="testpassword". (To add a new user, simply run 'sudo adduser testuser' and follow the prompt. When you're done, 'sudo deluser testuser'.).

#com.example.HelloWorld.Disconnect This will terminate the connection with the TACACS+ server, if it has been established.

#com.example.HelloWorld.Stop The daemon will terminate its connection with the TACACS+ server and will exit.

Client

You can write your own client or use the dbus-send tool. W.r.t. the latter, to invoke the Connect method, run: "dbus-send --system --dest=com.example.HelloWorld --type=method_call /com/example/HelloWorld com.example.HelloWorld.Connect".

How do I know it's working?

tail -f /var/log/messages | grep helloworld_dbus_daemon

Gotchas

TODO, add example conf You will more than likely need to edit the dbus-service configuration file. This can be found @ /et c/dbus-1/system.d/dbus_service.conf. More info can be found at http://dbus.freedesktop.org/doc/dbus-daemon.1.html.

By default, the TACACS+ server will respond to requests with an encrypted payload. For debugging purposes, this obviously isn't very helpful, unless you give wireshark the key and tell it to do the decryption. To tell the server to not encrypt its packets, simply comment out the line with "key = xxx".

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published