SASL pipelining discards FDs
Submitted by David Herrmann
Assigned to D-Bus Maintainers
We use pipelining for SASL exchanges from clients. Meaning, we send all the SASL commands concatenated without waiting for responses from the server. Moreover, we don't block on SASL at all, so any Hello() or other D-Bus message can be pipelined as well.
This turned out to work pretty well and fast. It improves responsiveness for short-lived applications considerably, since no connection-roundtrip is needed, but everything can be dispatched with a single sendmmsg(2) call.
However, as it turns out, dbus-daemon does not correctly attribute FDs to their respective bytes. If we send the SASL commands, followed by a D-Bus Message with UNIX_FDS>0, dbus-daemon considers those FDs part of the SASL exchange and disconnects the client. The expected behavior would be for dbus-daemon to dispatch FDs only together with the skbuff that transmitted the FDs.
sd-bus suffers from the same issue, and I filed a report there as well:
It contains a test-case that shows the problematic behavior. Same test applies to libdbus1.
Version: git master