Use AuthAnnonymous() when connecting to DBus over TCP

[someDude12341]

DBus-next defaults to using AuthExternal() when autenticating but this only works when we are working on the same machine.

Tested on Ubuntu 21.10.

[dlech]

This seems like it could be a security hole. What is the use case? It seems like it would be better to run Bleak on the same machine as BlueZ and use some sort of RPC instead.

[someDude12341]

What is the use case?

Convenience during development.

[someDude12341]

This seems like it could be a security hole.

Absolutely, just not in Bleak. For this to be an thing you would first have to edit /etc/dbus-1/system-local.conf and /lib/systemd/system/dbus.socket on the host machine and re-define DBUS_SYSTEM_BUS_ADDRESS on your local machine.

I would argue that if someone make these kind of changes and don't know better than to remain on an isolated LAN then bigger security holes are at stake.

[dlech]

We recently made some similar changes in #1182, so if this is still needed, would like to add a BLEAK_DBUS_AUTH_ANON environment variable check in the new get_dbus_authenticator() function and add a sentence or two to the new docs.

[dlech]

Thanks for updating. I would rather use our own environment variable (e.g. BLEAK_DBUS_AUTH_ANON to opt in to this rather than using heuristics on the value of DBUS_SYSTEM_BUS_ADDRESS. Are there any problems with doing it that way?

Also, could you add a changelog entry?