1 /* -*- mode: C; c-file-style: "gnu" -*- */
2 /* bus.c message bus context object
4 * Copyright (C) 2003 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.0
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include "activation.h"
26 #include "connection.h"
30 #include "config-parser.h"
32 #include <dbus/dbus-list.h>
33 #include <dbus/dbus-hash.h>
34 #include <dbus/dbus-internals.h>
44 BusConnections *connections;
45 BusActivation *activation;
46 BusRegistry *registry;
48 BusMatchmaker *matchmaker;
49 DBusUserDatabase *user_database;
53 static dbus_int32_t server_data_slot = -1;
60 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
63 server_get_context (DBusServer *server)
68 if (!dbus_server_allocate_data_slot (&server_data_slot))
71 bd = BUS_SERVER_DATA (server);
74 dbus_server_free_data_slot (&server_data_slot);
78 context = bd->context;
80 dbus_server_free_data_slot (&server_data_slot);
86 server_watch_callback (DBusWatch *watch,
87 unsigned int condition,
90 /* FIXME this can be done in dbus-mainloop.c
91 * if the code in activation.c for the babysitter
92 * watch handler is fixed.
95 return dbus_watch_handle (watch, condition);
99 add_server_watch (DBusWatch *watch,
102 DBusServer *server = data;
105 context = server_get_context (server);
107 return _dbus_loop_add_watch (context->loop,
108 watch, server_watch_callback, server,
113 remove_server_watch (DBusWatch *watch,
116 DBusServer *server = data;
119 context = server_get_context (server);
121 _dbus_loop_remove_watch (context->loop,
122 watch, server_watch_callback, server);
127 server_timeout_callback (DBusTimeout *timeout,
130 /* can return FALSE on OOM but we just let it fire again later */
131 dbus_timeout_handle (timeout);
135 add_server_timeout (DBusTimeout *timeout,
138 DBusServer *server = data;
141 context = server_get_context (server);
143 return _dbus_loop_add_timeout (context->loop,
144 timeout, server_timeout_callback, server, NULL);
148 remove_server_timeout (DBusTimeout *timeout,
151 DBusServer *server = data;
154 context = server_get_context (server);
156 _dbus_loop_remove_timeout (context->loop,
157 timeout, server_timeout_callback, server);
161 new_connection_callback (DBusServer *server,
162 DBusConnection *new_connection,
165 BusContext *context = data;
167 if (!bus_connections_setup_connection (context->connections, new_connection))
169 _dbus_verbose ("No memory to setup new connection\n");
171 /* if we don't do this, it will get unref'd without
172 * being disconnected... kind of strange really
173 * that we have to do this, people won't get it right
176 dbus_connection_disconnect (new_connection);
179 dbus_connection_set_max_received_size (new_connection,
180 context->limits.max_incoming_bytes);
182 dbus_connection_set_max_message_size (new_connection,
183 context->limits.max_message_size);
185 /* on OOM, we won't have ref'd the connection so it will die. */
189 free_server_data (void *data)
191 BusServerData *bd = data;
197 setup_server (BusContext *context,
199 char **auth_mechanisms,
204 bd = dbus_new0 (BusServerData, 1);
205 if (!dbus_server_set_data (server,
207 bd, free_server_data))
214 bd->context = context;
216 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
222 dbus_server_set_new_connection_function (server,
223 new_connection_callback,
226 if (!dbus_server_set_watch_functions (server,
237 if (!dbus_server_set_timeout_functions (server,
239 remove_server_timeout,
251 bus_context_new (const DBusString *config_file,
252 dbus_bool_t force_fork,
259 DBusList **addresses;
260 BusConfigParser *parser;
261 DBusString full_address;
262 const char *user, *pidfile;
263 char **auth_mechanisms;
264 DBusList **auth_mechanisms_list;
267 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
269 if (!_dbus_string_init (&full_address))
275 if (!dbus_server_allocate_data_slot (&server_data_slot))
278 _dbus_string_free (&full_address);
284 auth_mechanisms = NULL;
286 parser = bus_config_load (config_file, TRUE, error);
290 /* Check for an existing pid file. Of course this is a race;
291 * we'd have to use fcntl() locks on the pid file to
292 * avoid that. But we want to check for the pid file
293 * before overwriting any existing sockets, etc.
295 pidfile = bus_config_parser_get_pidfile (parser);
302 dbus_error_init (&tmp_error);
303 _dbus_string_init_const (&u, pidfile);
305 if (_dbus_stat (&u, &stbuf, &tmp_error))
307 dbus_set_error (error, DBUS_ERROR_FAILED,
308 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
310 dbus_error_free (&tmp_error);
315 context = dbus_new0 (BusContext, 1);
322 context->refcount = 1;
324 /* get our limits and timeout lengths */
325 bus_config_parser_get_limits (parser, &context->limits);
327 /* we need another ref of the server data slot for the context
330 if (!dbus_server_allocate_data_slot (&server_data_slot))
331 _dbus_assert_not_reached ("second ref of server data slot failed");
333 context->user_database = _dbus_user_database_new ();
334 if (context->user_database == NULL)
340 context->loop = _dbus_loop_new ();
341 if (context->loop == NULL)
347 /* Build an array of auth mechanisms */
349 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
350 len = _dbus_list_get_length (auth_mechanisms_list);
356 auth_mechanisms = dbus_new0 (char*, len + 1);
357 if (auth_mechanisms == NULL)
361 link = _dbus_list_get_first_link (auth_mechanisms_list);
364 auth_mechanisms[i] = _dbus_strdup (link->data);
365 if (auth_mechanisms[i] == NULL)
367 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
372 auth_mechanisms = NULL;
375 /* Listen on our addresses */
377 addresses = bus_config_parser_get_addresses (parser);
379 link = _dbus_list_get_first_link (addresses);
384 server = dbus_server_listen (link->data, error);
387 else if (!setup_server (context, server, auth_mechanisms, error))
390 if (!_dbus_list_append (&context->servers, server))
396 link = _dbus_list_get_next_link (addresses, link);
399 /* note that type may be NULL */
400 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
401 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
407 /* We have to build the address backward, so that
408 * <listen> later in the config file have priority
410 link = _dbus_list_get_last_link (&context->servers);
415 addr = dbus_server_get_address (link->data);
422 if (_dbus_string_get_length (&full_address) > 0)
424 if (!_dbus_string_append (&full_address, ";"))
431 if (!_dbus_string_append (&full_address, addr))
439 link = _dbus_list_get_prev_link (&context->servers, link);
442 if (!_dbus_string_copy_data (&full_address, &context->address))
448 /* Note that we don't know whether the print_addr_fd is
449 * one of the sockets we're using to listen on, or some
450 * other random thing. But I think the answer is "don't do
453 if (print_addr_fd >= 0)
456 const char *a = bus_context_get_address (context);
459 _dbus_assert (a != NULL);
460 if (!_dbus_string_init (&addr))
466 if (!_dbus_string_append (&addr, a) ||
467 !_dbus_string_append (&addr, "\n"))
469 _dbus_string_free (&addr);
474 bytes = _dbus_string_get_length (&addr);
475 if (_dbus_write (print_addr_fd, &addr, 0, bytes) != bytes)
477 dbus_set_error (error, DBUS_ERROR_FAILED,
478 "Printing message bus address: %s\n",
479 _dbus_strerror (errno));
480 _dbus_string_free (&addr);
484 if (print_addr_fd > 2)
485 _dbus_close (print_addr_fd, NULL);
487 _dbus_string_free (&addr);
490 /* Create activation subsystem */
492 context->activation = bus_activation_new (context, &full_address,
493 bus_config_parser_get_service_dirs (parser),
495 if (context->activation == NULL)
497 _DBUS_ASSERT_ERROR_IS_SET (error);
501 context->connections = bus_connections_new (context);
502 if (context->connections == NULL)
508 context->registry = bus_registry_new (context);
509 if (context->registry == NULL)
515 context->matchmaker = bus_matchmaker_new ();
516 if (context->matchmaker == NULL)
522 context->policy = bus_config_parser_steal_policy (parser);
523 _dbus_assert (context->policy != NULL);
525 /* Now become a daemon if appropriate */
526 if (force_fork || bus_config_parser_get_fork (parser))
531 _dbus_string_init_const (&u, pidfile);
533 if (!_dbus_become_daemon (pidfile ? &u : NULL, error))
538 /* Need to write PID file for ourselves, not for the child process */
543 _dbus_string_init_const (&u, pidfile);
545 if (!_dbus_write_pid_file (&u, _dbus_getpid (), error))
550 /* keep around the pid filename so we can delete it later */
551 context->pidfile = _dbus_strdup (pidfile);
553 /* Write PID if requested */
554 if (print_pid_fd >= 0)
559 if (!_dbus_string_init (&pid))
565 if (!_dbus_string_append_int (&pid, _dbus_getpid ()) ||
566 !_dbus_string_append (&pid, "\n"))
568 _dbus_string_free (&pid);
573 bytes = _dbus_string_get_length (&pid);
574 if (_dbus_write (print_pid_fd, &pid, 0, bytes) != bytes)
576 dbus_set_error (error, DBUS_ERROR_FAILED,
577 "Printing message bus PID: %s\n",
578 _dbus_strerror (errno));
579 _dbus_string_free (&pid);
583 if (print_pid_fd > 2)
584 _dbus_close (print_pid_fd, NULL);
586 _dbus_string_free (&pid);
589 /* Here we change our credentials if required,
590 * as soon as we've set up our sockets and pidfile
592 user = bus_config_parser_get_user (parser);
595 DBusCredentials creds;
598 _dbus_string_init_const (&u, user);
600 if (!_dbus_credentials_from_username (&u, &creds) ||
604 dbus_set_error (error, DBUS_ERROR_FAILED,
605 "Could not get UID and GID for username \"%s\"",
610 if (!_dbus_change_identity (creds.uid, creds.gid, error))
614 bus_config_parser_unref (parser);
615 _dbus_string_free (&full_address);
616 dbus_free_string_array (auth_mechanisms);
617 dbus_server_free_data_slot (&server_data_slot);
623 bus_config_parser_unref (parser);
626 bus_context_unref (context);
628 _dbus_string_free (&full_address);
629 dbus_free_string_array (auth_mechanisms);
631 dbus_server_free_data_slot (&server_data_slot);
637 shutdown_server (BusContext *context,
640 if (server == NULL ||
641 !dbus_server_get_is_connected (server))
644 if (!dbus_server_set_watch_functions (server,
648 _dbus_assert_not_reached ("setting watch functions to NULL failed");
650 if (!dbus_server_set_timeout_functions (server,
654 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
656 dbus_server_disconnect (server);
660 bus_context_shutdown (BusContext *context)
664 link = _dbus_list_get_first_link (&context->servers);
667 shutdown_server (context, link->data);
669 link = _dbus_list_get_next_link (&context->servers, link);
674 bus_context_ref (BusContext *context)
676 _dbus_assert (context->refcount > 0);
677 context->refcount += 1;
683 bus_context_unref (BusContext *context)
685 _dbus_assert (context->refcount > 0);
686 context->refcount -= 1;
688 if (context->refcount == 0)
692 _dbus_verbose ("Finalizing bus context %p\n", context);
694 bus_context_shutdown (context);
696 if (context->connections)
698 bus_connections_unref (context->connections);
699 context->connections = NULL;
702 if (context->registry)
704 bus_registry_unref (context->registry);
705 context->registry = NULL;
708 if (context->activation)
710 bus_activation_unref (context->activation);
711 context->activation = NULL;
714 link = _dbus_list_get_first_link (&context->servers);
717 dbus_server_unref (link->data);
719 link = _dbus_list_get_next_link (&context->servers, link);
721 _dbus_list_clear (&context->servers);
725 bus_policy_unref (context->policy);
726 context->policy = NULL;
731 _dbus_loop_unref (context->loop);
732 context->loop = NULL;
735 if (context->matchmaker)
737 bus_matchmaker_unref (context->matchmaker);
738 context->matchmaker = NULL;
741 dbus_free (context->type);
742 dbus_free (context->address);
744 if (context->pidfile)
747 _dbus_string_init_const (&u, context->pidfile);
749 /* Deliberately ignore errors here, since there's not much
750 * we can do about it, and we're exiting anyways.
752 _dbus_delete_file (&u, NULL);
754 dbus_free (context->pidfile);
757 _dbus_user_database_unref (context->user_database);
761 dbus_server_free_data_slot (&server_data_slot);
765 /* type may be NULL */
767 bus_context_get_type (BusContext *context)
769 return context->type;
773 bus_context_get_address (BusContext *context)
775 return context->address;
779 bus_context_get_registry (BusContext *context)
781 return context->registry;
785 bus_context_get_connections (BusContext *context)
787 return context->connections;
791 bus_context_get_activation (BusContext *context)
793 return context->activation;
797 bus_context_get_matchmaker (BusContext *context)
799 return context->matchmaker;
803 bus_context_get_loop (BusContext *context)
805 return context->loop;
809 bus_context_get_user_database (BusContext *context)
811 return context->user_database;
815 bus_context_allow_user (BusContext *context,
818 return bus_policy_allow_user (context->policy,
819 context->user_database,
824 bus_context_create_client_policy (BusContext *context,
825 DBusConnection *connection,
828 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
829 return bus_policy_create_client_policy (context->policy, connection,
834 bus_context_get_activation_timeout (BusContext *context)
837 return context->limits.activation_timeout;
841 bus_context_get_auth_timeout (BusContext *context)
843 return context->limits.auth_timeout;
847 bus_context_get_max_completed_connections (BusContext *context)
849 return context->limits.max_completed_connections;
853 bus_context_get_max_incomplete_connections (BusContext *context)
855 return context->limits.max_incomplete_connections;
859 bus_context_get_max_connections_per_user (BusContext *context)
861 return context->limits.max_connections_per_user;
865 bus_context_get_max_pending_activations (BusContext *context)
867 return context->limits.max_pending_activations;
871 bus_context_get_max_services_per_connection (BusContext *context)
873 return context->limits.max_services_per_connection;
877 bus_context_get_max_match_rules_per_connection (BusContext *context)
879 return context->limits.max_match_rules_per_connection;
883 bus_context_get_max_replies_per_connection (BusContext *context)
885 return context->limits.max_replies_per_connection;
889 bus_context_get_reply_timeout (BusContext *context)
891 return context->limits.reply_timeout;
895 * addressed_recipient is the recipient specified in the message.
897 * proposed_recipient is the recipient we're considering sending
898 * to right this second, and may be an eavesdropper.
900 * sender is the sender of the message.
902 * NULL for proposed_recipient or sender definitely means the bus driver.
904 * NULL for addressed_recipient may mean the bus driver, or may mean
905 * no destination was specified in the message (e.g. a signal).
908 bus_context_check_security_policy (BusContext *context,
909 BusTransaction *transaction,
910 DBusConnection *sender,
911 DBusConnection *addressed_recipient,
912 DBusConnection *proposed_recipient,
913 DBusMessage *message,
916 BusClientPolicy *sender_policy;
917 BusClientPolicy *recipient_policy;
919 dbus_bool_t requested_reply;
921 type = dbus_message_get_type (message);
923 /* dispatch.c was supposed to ensure these invariants */
924 _dbus_assert (dbus_message_get_destination (message) != NULL ||
925 type == DBUS_MESSAGE_TYPE_SIGNAL ||
926 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
927 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
928 addressed_recipient != NULL ||
929 strcmp (dbus_message_get_destination (message), DBUS_SERVICE_ORG_FREEDESKTOP_DBUS) == 0);
933 case DBUS_MESSAGE_TYPE_METHOD_CALL:
934 case DBUS_MESSAGE_TYPE_SIGNAL:
935 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
936 case DBUS_MESSAGE_TYPE_ERROR:
940 _dbus_verbose ("security check disallowing message of unknown type %d\n",
943 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
944 "Message bus will not accept messages of unknown type\n");
949 requested_reply = FALSE;
953 if (bus_connection_is_active (sender))
955 sender_policy = bus_connection_get_policy (sender);
956 _dbus_assert (sender_policy != NULL);
958 /* Fill in requested_reply variable with TRUE if this is a
959 * reply and the reply was pending.
961 if (dbus_message_get_reply_serial (message) != 0)
963 if (proposed_recipient != NULL /* not to the bus driver */ &&
964 addressed_recipient == proposed_recipient /* not eavesdropping */)
968 dbus_error_init (&error2);
969 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
971 sender, addressed_recipient, message,
973 if (dbus_error_is_set (&error2))
975 dbus_move_error (&error2, error);
983 /* Policy for inactive connections is that they can only send
984 * the hello message to the bus driver
986 if (proposed_recipient == NULL &&
987 dbus_message_is_method_call (message,
988 DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS,
991 _dbus_verbose ("security check allowing %s message\n",
997 _dbus_verbose ("security check disallowing non-%s message\n",
1000 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1001 "Client tried to send a message other than %s without being registered",
1010 sender_policy = NULL;
1012 /* If the sender is the bus driver, we assume any reply was a
1013 * requested reply as bus driver won't send bogus ones
1015 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1016 dbus_message_get_reply_serial (message) != 0)
1017 requested_reply = TRUE;
1020 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1021 (sender == NULL && sender_policy == NULL));
1023 if (proposed_recipient != NULL)
1025 /* only the bus driver can send to an inactive recipient (as it
1026 * owns no services, so other apps can't address it). Inactive
1027 * recipients can receive any message.
1029 if (bus_connection_is_active (proposed_recipient))
1031 recipient_policy = bus_connection_get_policy (proposed_recipient);
1032 _dbus_assert (recipient_policy != NULL);
1034 else if (sender == NULL)
1036 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1037 recipient_policy = NULL;
1041 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1042 recipient_policy = NULL;
1046 recipient_policy = NULL;
1048 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1049 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1050 (proposed_recipient == NULL && recipient_policy == NULL));
1052 if (sender_policy &&
1053 !bus_client_policy_check_can_send (sender_policy,
1054 context->registry, proposed_recipient,
1057 const char *dest = dbus_message_get_destination (message);
1058 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1059 "A security policy in place prevents this sender "
1060 "from sending this message to this recipient, "
1061 "see message bus configuration file (rejected message "
1062 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")",
1063 dbus_message_get_interface (message) ?
1064 dbus_message_get_interface (message) : "(unset)",
1065 dbus_message_get_member (message) ?
1066 dbus_message_get_member (message) : "(unset)",
1067 dbus_message_get_error_name (message) ?
1068 dbus_message_get_error_name (message) : "(unset)",
1069 dest ? dest : DBUS_SERVICE_ORG_FREEDESKTOP_DBUS);
1070 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1074 if (recipient_policy &&
1075 !bus_client_policy_check_can_receive (recipient_policy,
1079 addressed_recipient, proposed_recipient,
1082 const char *dest = dbus_message_get_destination (message);
1083 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1084 "A security policy in place prevents this recipient "
1085 "from receiving this message from this sender, "
1086 "see message bus configuration file (rejected message "
1087 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)",
1088 dbus_message_get_interface (message) ?
1089 dbus_message_get_interface (message) : "(unset)",
1090 dbus_message_get_member (message) ?
1091 dbus_message_get_member (message) : "(unset)",
1092 dbus_message_get_error_name (message) ?
1093 dbus_message_get_error_name (message) : "(unset)",
1094 dest ? dest : DBUS_SERVICE_ORG_FREEDESKTOP_DBUS,
1095 dbus_message_get_reply_serial (message),
1097 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1101 /* See if limits on size have been exceeded */
1102 if (proposed_recipient &&
1103 dbus_connection_get_outgoing_size (proposed_recipient) >
1104 context->limits.max_outgoing_bytes)
1106 const char *dest = dbus_message_get_destination (message);
1107 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
1108 "The destination service \"%s\" has a full message queue",
1109 dest ? dest : (proposed_recipient ?
1110 bus_connection_get_name (proposed_recipient) :
1111 DBUS_SERVICE_ORG_FREEDESKTOP_DBUS));
1112 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1116 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL)
1118 /* Record that we will allow a reply here in the future (don't
1119 * bother if the recipient is the bus). Only the addressed recipient
1122 if (sender && addressed_recipient &&
1123 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1125 sender, addressed_recipient,
1128 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1133 _dbus_verbose ("security policy allowing message\n");
projects / platform / upstream / dbus.git / blob