Using D-Bus for multiple machines over the internet

Question

I'm writing a server (in C) which serves different machines. I'd like to use D-Bus for remote procedure calls through Internet, but I heard that D-Bus can't be used for many machines, but for one machine. Is that right? Can I use D-Bus for this situation?

Answer 1

The short answer is yes, this is possible; dbus can be used across different machines (but please see the security caveats below).

On your server the dbus-daemon configuration file (you probably want to setup a whole other bus just for your services and not reuse the system or session buses) will need to be configured to accept connections via TCP instead of just via a local socket in /tmp. There are some tricks to setting up the appropriate listen commands in dbus-daemon that are well documented.

Additionally, if you can't modify the local dbus-daemon (or you are forced to use an old, broken version of dbus-daemon distributed with RHEL that won't listen on remote sockets) you can run an application called dbus-daemon-proxy which will listen on a socket and forward connections to the local dbus-daemon.

Either way, on your client machine you will need to set the DBUS_SESSION_BUS_ADDRESS variable to have the IP address and port that dbus-daemon or the proxy server is listening on.

Security Caveats: There is no encryption of data on the wire and the dbus access mechanisms only apply to the local connections, not the TCP connections. To properly secure dbus connections that use the TCP transport mechanism you will have a bit of work in front of you.

Answer 2

Even if you don’t end up using a full D-Bus bus (like the dbus-daemon) for communication between multiple machines, an interesting half-way step is to use the D-Bus wire protocol for serialising messages, and then implementing your own bus arbiter and topology.

This means you don’t have to reinvent a wire protocol (with all the potential parser bugs and exploits that entails), but can retain some flexibility over the high-level system topology and transport; potentially integrating with a separate, existing authentication system, for example.

The easiest way to do this is to use the GDBusMessage or GVariant APIs from GLib, serialising with g_dbus_message_to_blob() or g_variant_get_data(). Do not use libdbus, as it is too low level, and uses outdated API designs which are harder to use correctly from C than more modern APIs like GLib’s. Similarly, do not use dbus-glib, as its design is also awkward and outdated.

Answer 3

I can't tell for sure about dbus-daemon implementation, but from wire protocol point of view following scenarios possible:

1) You want machines A and B exchange messages and they both can connect via tcp to dbus bus daemon on server C. To C they are just 'connections' identified by connection name - either as a result of org.freedesktop.DBus.Hello or org.freedesktop.DBus.RequestName - see 'message bus names'

2) Machine A connect to machine B and uses peer-to-peer (no message bus) mode to exchange messages.