1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* bus.c message bus context object
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
25 #include "activation.h"
26 #include "connection.h"
30 #include "config-parser.h"
33 #include "dir-watch.h"
34 #include <dbus/dbus-list.h>
35 #include <dbus/dbus-hash.h>
36 #include <dbus/dbus-internals.h>
50 BusConnections *connections;
51 BusActivation *activation;
52 BusRegistry *registry;
54 BusMatchmaker *matchmaker;
56 unsigned int fork : 1;
57 unsigned int syslog : 1;
58 unsigned int keep_umask : 1;
59 unsigned int allow_anonymous : 1;
62 static dbus_int32_t server_data_slot = -1;
69 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
72 server_get_context (DBusServer *server)
77 if (!dbus_server_allocate_data_slot (&server_data_slot))
80 bd = BUS_SERVER_DATA (server);
83 dbus_server_free_data_slot (&server_data_slot);
87 context = bd->context;
89 dbus_server_free_data_slot (&server_data_slot);
95 server_watch_callback (DBusWatch *watch,
96 unsigned int condition,
99 /* FIXME this can be done in dbus-mainloop.c
100 * if the code in activation.c for the babysitter
101 * watch handler is fixed.
104 return dbus_watch_handle (watch, condition);
108 add_server_watch (DBusWatch *watch,
111 DBusServer *server = data;
114 context = server_get_context (server);
116 return _dbus_loop_add_watch (context->loop,
117 watch, server_watch_callback, server,
122 remove_server_watch (DBusWatch *watch,
125 DBusServer *server = data;
128 context = server_get_context (server);
130 _dbus_loop_remove_watch (context->loop,
131 watch, server_watch_callback, server);
136 server_timeout_callback (DBusTimeout *timeout,
139 /* can return FALSE on OOM but we just let it fire again later */
140 dbus_timeout_handle (timeout);
144 add_server_timeout (DBusTimeout *timeout,
147 DBusServer *server = data;
150 context = server_get_context (server);
152 return _dbus_loop_add_timeout (context->loop,
153 timeout, server_timeout_callback, server, NULL);
157 remove_server_timeout (DBusTimeout *timeout,
160 DBusServer *server = data;
163 context = server_get_context (server);
165 _dbus_loop_remove_timeout (context->loop,
166 timeout, server_timeout_callback, server);
170 new_connection_callback (DBusServer *server,
171 DBusConnection *new_connection,
174 BusContext *context = data;
176 if (!bus_connections_setup_connection (context->connections, new_connection))
178 _dbus_verbose ("No memory to setup new connection\n");
180 /* if we don't do this, it will get unref'd without
181 * being disconnected... kind of strange really
182 * that we have to do this, people won't get it right
185 dbus_connection_close (new_connection);
188 dbus_connection_set_max_received_size (new_connection,
189 context->limits.max_incoming_bytes);
191 dbus_connection_set_max_message_size (new_connection,
192 context->limits.max_message_size);
194 dbus_connection_set_allow_anonymous (new_connection,
195 context->allow_anonymous);
197 /* on OOM, we won't have ref'd the connection so it will die. */
201 free_server_data (void *data)
203 BusServerData *bd = data;
209 setup_server (BusContext *context,
211 char **auth_mechanisms,
216 bd = dbus_new0 (BusServerData, 1);
217 if (bd == NULL || !dbus_server_set_data (server,
219 bd, free_server_data))
226 bd->context = context;
228 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
234 dbus_server_set_new_connection_function (server,
235 new_connection_callback,
238 if (!dbus_server_set_watch_functions (server,
249 if (!dbus_server_set_timeout_functions (server,
251 remove_server_timeout,
262 /* This code only gets executed the first time the
263 * config files are parsed. It is not executed
264 * when config files are reloaded.
267 process_config_first_time_only (BusContext *context,
268 BusConfigParser *parser,
272 DBusList **addresses;
273 const char *user, *pidfile;
274 char **auth_mechanisms;
275 DBusList **auth_mechanisms_list;
279 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
282 auth_mechanisms = NULL;
284 /* Check for an existing pid file. Of course this is a race;
285 * we'd have to use fcntl() locks on the pid file to
286 * avoid that. But we want to check for the pid file
287 * before overwriting any existing sockets, etc.
289 pidfile = bus_config_parser_get_pidfile (parser);
295 _dbus_string_init_const (&u, pidfile);
297 if (_dbus_stat (&u, &stbuf, NULL))
299 dbus_set_error (error, DBUS_ERROR_FAILED,
300 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
306 /* keep around the pid filename so we can delete it later */
307 context->pidfile = _dbus_strdup (pidfile);
309 /* Build an array of auth mechanisms */
311 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
312 len = _dbus_list_get_length (auth_mechanisms_list);
318 auth_mechanisms = dbus_new0 (char*, len + 1);
319 if (auth_mechanisms == NULL)
326 link = _dbus_list_get_first_link (auth_mechanisms_list);
329 auth_mechanisms[i] = _dbus_strdup (link->data);
330 if (auth_mechanisms[i] == NULL)
335 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
340 auth_mechanisms = NULL;
343 /* Listen on our addresses */
345 addresses = bus_config_parser_get_addresses (parser);
347 link = _dbus_list_get_first_link (addresses);
352 server = dbus_server_listen (link->data, error);
355 _DBUS_ASSERT_ERROR_IS_SET (error);
358 else if (!setup_server (context, server, auth_mechanisms, error))
360 _DBUS_ASSERT_ERROR_IS_SET (error);
364 if (!_dbus_list_append (&context->servers, server))
370 link = _dbus_list_get_next_link (addresses, link);
373 /* note that type may be NULL */
374 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
375 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
381 user = bus_config_parser_get_user (parser);
384 context->user = _dbus_strdup (user);
385 if (context->user == NULL)
392 context->fork = bus_config_parser_get_fork (parser);
393 context->syslog = bus_config_parser_get_syslog (parser);
394 context->keep_umask = bus_config_parser_get_keep_umask (parser);
395 context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
397 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
401 dbus_free_string_array (auth_mechanisms);
405 /* This code gets executed every time the config files
406 * are parsed: both during BusContext construction
407 * and on reloads. This function is slightly screwy
408 * since it can do a "half reload" in out-of-memory
409 * situations. Realistically, unlikely to ever matter.
412 process_config_every_time (BusContext *context,
413 BusConfigParser *parser,
414 dbus_bool_t is_reload,
417 DBusString full_address;
420 BusActivation *new_activation;
422 const char *servicehelper;
427 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
432 if (!_dbus_string_init (&full_address))
438 /* get our limits and timeout lengths */
439 bus_config_parser_get_limits (parser, &context->limits);
441 context->policy = bus_config_parser_steal_policy (parser);
442 _dbus_assert (context->policy != NULL);
444 /* We have to build the address backward, so that
445 * <listen> later in the config file have priority
447 link = _dbus_list_get_last_link (&context->servers);
450 addr = dbus_server_get_address (link->data);
457 if (_dbus_string_get_length (&full_address) > 0)
459 if (!_dbus_string_append (&full_address, ";"))
466 if (!_dbus_string_append (&full_address, addr))
475 link = _dbus_list_get_prev_link (&context->servers, link);
479 dbus_free (context->address);
481 if (!_dbus_string_copy_data (&full_address, &context->address))
487 /* get the service directories */
488 dirs = bus_config_parser_get_service_dirs (parser);
490 /* and the service helper */
491 servicehelper = bus_config_parser_get_servicehelper (parser);
493 s = _dbus_strdup(servicehelper);
494 if (s == NULL && servicehelper != NULL)
501 dbus_free(context->servicehelper);
502 context->servicehelper = s;
505 /* Create activation subsystem */
506 new_activation = bus_activation_new (context, &full_address,
508 if (new_activation == NULL)
510 _DBUS_ASSERT_ERROR_IS_SET (error);
515 bus_activation_unref (context->activation);
517 context->activation = new_activation;
519 /* Drop existing conf-dir watches (if applicable) */
522 bus_drop_all_directory_watches ();
524 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
528 _dbus_string_free (&full_address);
537 process_config_postinit (BusContext *context,
538 BusConfigParser *parser,
541 DBusHashTable *service_context_table;
543 service_context_table = bus_config_parser_steal_service_context_table (parser);
544 if (!bus_registry_set_service_context_table (context->registry,
545 service_context_table))
551 _dbus_hash_table_unref (service_context_table);
553 /* Watch all conf directories */
554 _dbus_list_foreach (bus_config_parser_get_conf_dirs (parser),
555 (DBusForeachFunction) bus_watch_directory,
562 bus_context_new (const DBusString *config_file,
563 ForceForkSetting force_fork,
564 DBusPipe *print_addr_pipe,
565 DBusPipe *print_pid_pipe,
569 BusConfigParser *parser;
571 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
576 if (!dbus_server_allocate_data_slot (&server_data_slot))
582 context = dbus_new0 (BusContext, 1);
588 context->refcount = 1;
590 _dbus_generate_uuid (&context->uuid);
592 if (!_dbus_string_copy_data (config_file, &context->config_file))
598 context->loop = _dbus_loop_new ();
599 if (context->loop == NULL)
605 context->registry = bus_registry_new (context);
606 if (context->registry == NULL)
612 parser = bus_config_load (config_file, TRUE, NULL, error);
615 _DBUS_ASSERT_ERROR_IS_SET (error);
619 if (!process_config_first_time_only (context, parser, error))
621 _DBUS_ASSERT_ERROR_IS_SET (error);
624 if (!process_config_every_time (context, parser, FALSE, error))
626 _DBUS_ASSERT_ERROR_IS_SET (error);
630 /* we need another ref of the server data slot for the context
633 if (!dbus_server_allocate_data_slot (&server_data_slot))
634 _dbus_assert_not_reached ("second ref of server data slot failed");
636 /* Note that we don't know whether the print_addr_pipe is
637 * one of the sockets we're using to listen on, or some
638 * other random thing. But I think the answer is "don't do
641 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
644 const char *a = bus_context_get_address (context);
647 _dbus_assert (a != NULL);
648 if (!_dbus_string_init (&addr))
654 if (!_dbus_string_append (&addr, a) ||
655 !_dbus_string_append (&addr, "\n"))
657 _dbus_string_free (&addr);
662 bytes = _dbus_string_get_length (&addr);
663 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
665 /* pipe write returns an error on failure but not short write */
666 if (error != NULL && !dbus_error_is_set (error))
668 dbus_set_error (error, DBUS_ERROR_FAILED,
669 "Printing message bus address: did not write all bytes\n");
671 _dbus_string_free (&addr);
675 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
676 _dbus_pipe_close (print_addr_pipe, NULL);
678 _dbus_string_free (&addr);
681 context->connections = bus_connections_new (context);
682 if (context->connections == NULL)
688 context->matchmaker = bus_matchmaker_new ();
689 if (context->matchmaker == NULL)
695 /* check user before we fork */
696 if (context->user != NULL)
698 if (!_dbus_verify_daemon_user (context->user))
700 dbus_set_error (error, DBUS_ERROR_FAILED,
701 "Could not get UID and GID for username \"%s\"",
707 /* Now become a daemon if appropriate and write out pid file in any case */
711 if (context->pidfile)
712 _dbus_string_init_const (&u, context->pidfile);
714 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
716 _dbus_verbose ("Forking and becoming daemon\n");
718 if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
721 context->keep_umask))
723 _DBUS_ASSERT_ERROR_IS_SET (error);
729 _dbus_verbose ("Fork not requested\n");
731 /* Need to write PID file and to PID pipe for ourselves,
732 * not for the child process. This is a no-op if the pidfile
733 * is NULL and print_pid_pipe is NULL.
735 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
740 _DBUS_ASSERT_ERROR_IS_SET (error);
746 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
747 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
748 _dbus_pipe_close (print_pid_pipe, NULL);
750 if (!bus_selinux_full_init ())
752 _dbus_warn ("SELinux initialization failed\n");
755 if (!process_config_postinit (context, parser, error))
757 _DBUS_ASSERT_ERROR_IS_SET (error);
763 bus_config_parser_unref (parser);
767 /* Here we change our credentials if required,
768 * as soon as we've set up our sockets and pidfile
770 if (context->user != NULL)
772 if (!_dbus_change_to_daemon_user (context->user, error))
774 _DBUS_ASSERT_ERROR_IS_SET (error);
779 /* FIXME - why not just put this in full_init() below? */
780 bus_selinux_audit_init ();
784 dbus_server_free_data_slot (&server_data_slot);
790 bus_config_parser_unref (parser);
792 bus_context_unref (context);
794 if (server_data_slot >= 0)
795 dbus_server_free_data_slot (&server_data_slot);
801 bus_context_get_id (BusContext *context,
804 return _dbus_uuid_encode (&context->uuid, uuid);
808 bus_context_reload_config (BusContext *context,
811 BusConfigParser *parser;
812 DBusString config_file;
815 /* Flush the user database cache */
816 _dbus_flush_caches ();
819 _dbus_string_init_const (&config_file, context->config_file);
820 parser = bus_config_load (&config_file, TRUE, NULL, error);
823 _DBUS_ASSERT_ERROR_IS_SET (error);
827 if (!process_config_every_time (context, parser, TRUE, error))
829 _DBUS_ASSERT_ERROR_IS_SET (error);
832 if (!process_config_postinit (context, parser, error))
834 _DBUS_ASSERT_ERROR_IS_SET (error);
839 bus_context_log_info (context, "Reloaded configuration");
842 bus_context_log_info (context, "Unable to reload configuration: %s", error->message);
844 bus_config_parser_unref (parser);
849 shutdown_server (BusContext *context,
852 if (server == NULL ||
853 !dbus_server_get_is_connected (server))
856 if (!dbus_server_set_watch_functions (server,
860 _dbus_assert_not_reached ("setting watch functions to NULL failed");
862 if (!dbus_server_set_timeout_functions (server,
866 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
868 dbus_server_disconnect (server);
872 bus_context_shutdown (BusContext *context)
876 link = _dbus_list_get_first_link (&context->servers);
879 shutdown_server (context, link->data);
881 link = _dbus_list_get_next_link (&context->servers, link);
886 bus_context_ref (BusContext *context)
888 _dbus_assert (context->refcount > 0);
889 context->refcount += 1;
895 bus_context_unref (BusContext *context)
897 _dbus_assert (context->refcount > 0);
898 context->refcount -= 1;
900 if (context->refcount == 0)
904 _dbus_verbose ("Finalizing bus context %p\n", context);
906 bus_context_shutdown (context);
908 if (context->connections)
910 bus_connections_unref (context->connections);
911 context->connections = NULL;
914 if (context->registry)
916 bus_registry_unref (context->registry);
917 context->registry = NULL;
920 if (context->activation)
922 bus_activation_unref (context->activation);
923 context->activation = NULL;
926 link = _dbus_list_get_first_link (&context->servers);
929 dbus_server_unref (link->data);
931 link = _dbus_list_get_next_link (&context->servers, link);
933 _dbus_list_clear (&context->servers);
937 bus_policy_unref (context->policy);
938 context->policy = NULL;
943 _dbus_loop_unref (context->loop);
944 context->loop = NULL;
947 if (context->matchmaker)
949 bus_matchmaker_unref (context->matchmaker);
950 context->matchmaker = NULL;
953 dbus_free (context->config_file);
954 dbus_free (context->type);
955 dbus_free (context->address);
956 dbus_free (context->user);
957 dbus_free (context->servicehelper);
959 if (context->pidfile)
962 _dbus_string_init_const (&u, context->pidfile);
964 /* Deliberately ignore errors here, since there's not much
965 * we can do about it, and we're exiting anyways.
967 _dbus_delete_file (&u, NULL);
969 dbus_free (context->pidfile);
973 dbus_server_free_data_slot (&server_data_slot);
977 /* type may be NULL */
979 bus_context_get_type (BusContext *context)
981 return context->type;
985 bus_context_get_address (BusContext *context)
987 return context->address;
991 bus_context_get_servicehelper (BusContext *context)
993 return context->servicehelper;
997 bus_context_get_registry (BusContext *context)
999 return context->registry;
1003 bus_context_get_connections (BusContext *context)
1005 return context->connections;
1009 bus_context_get_activation (BusContext *context)
1011 return context->activation;
1015 bus_context_get_matchmaker (BusContext *context)
1017 return context->matchmaker;
1021 bus_context_get_loop (BusContext *context)
1023 return context->loop;
1027 bus_context_allow_unix_user (BusContext *context,
1030 return bus_policy_allow_unix_user (context->policy,
1034 /* For now this is never actually called because the default
1035 * DBusConnection behavior of 'same user that owns the bus can connect'
1036 * is all it would do.
1039 bus_context_allow_windows_user (BusContext *context,
1040 const char *windows_sid)
1042 return bus_policy_allow_windows_user (context->policy,
1047 bus_context_get_policy (BusContext *context)
1049 return context->policy;
1053 bus_context_create_client_policy (BusContext *context,
1054 DBusConnection *connection,
1057 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
1058 return bus_policy_create_client_policy (context->policy, connection,
1063 bus_context_get_activation_timeout (BusContext *context)
1066 return context->limits.activation_timeout;
1070 bus_context_get_auth_timeout (BusContext *context)
1072 return context->limits.auth_timeout;
1076 bus_context_get_max_completed_connections (BusContext *context)
1078 return context->limits.max_completed_connections;
1082 bus_context_get_max_incomplete_connections (BusContext *context)
1084 return context->limits.max_incomplete_connections;
1088 bus_context_get_max_connections_per_user (BusContext *context)
1090 return context->limits.max_connections_per_user;
1094 bus_context_get_max_pending_activations (BusContext *context)
1096 return context->limits.max_pending_activations;
1100 bus_context_get_max_services_per_connection (BusContext *context)
1102 return context->limits.max_services_per_connection;
1106 bus_context_get_max_match_rules_per_connection (BusContext *context)
1108 return context->limits.max_match_rules_per_connection;
1112 bus_context_get_max_replies_per_connection (BusContext *context)
1114 return context->limits.max_replies_per_connection;
1118 bus_context_get_reply_timeout (BusContext *context)
1120 return context->limits.reply_timeout;
1124 bus_context_log_info (BusContext *context, const char *msg, ...)
1128 va_start (args, msg);
1130 if (context->syslog)
1131 _dbus_log_info (msg, args);
1137 bus_context_log_security (BusContext *context, const char *msg, ...)
1141 va_start (args, msg);
1143 if (context->syslog)
1144 _dbus_log_security (msg, args);
1150 * addressed_recipient is the recipient specified in the message.
1152 * proposed_recipient is the recipient we're considering sending
1153 * to right this second, and may be an eavesdropper.
1155 * sender is the sender of the message.
1157 * NULL for proposed_recipient or sender definitely means the bus driver.
1159 * NULL for addressed_recipient may mean the bus driver, or may mean
1160 * no destination was specified in the message (e.g. a signal).
1163 bus_context_check_security_policy (BusContext *context,
1164 BusTransaction *transaction,
1165 DBusConnection *sender,
1166 DBusConnection *addressed_recipient,
1167 DBusConnection *proposed_recipient,
1168 DBusMessage *message,
1172 BusClientPolicy *sender_policy;
1173 BusClientPolicy *recipient_policy;
1174 dbus_int32_t toggles;
1177 dbus_bool_t requested_reply;
1178 const char *sender_name;
1179 const char *sender_loginfo;
1180 const char *proposed_recipient_loginfo;
1182 type = dbus_message_get_type (message);
1183 dest = dbus_message_get_destination (message);
1185 /* dispatch.c was supposed to ensure these invariants */
1186 _dbus_assert (dest != NULL ||
1187 type == DBUS_MESSAGE_TYPE_SIGNAL ||
1188 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1189 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
1190 addressed_recipient != NULL ||
1191 strcmp (dest, DBUS_SERVICE_DBUS) == 0);
1193 /* Used in logging below */
1196 sender_name = bus_connection_get_name (sender);
1197 sender_loginfo = bus_connection_get_loginfo (sender);
1202 sender_loginfo = "(bus)";
1205 if (proposed_recipient != NULL)
1206 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
1208 proposed_recipient_loginfo = "bus";
1212 case DBUS_MESSAGE_TYPE_METHOD_CALL:
1213 case DBUS_MESSAGE_TYPE_SIGNAL:
1214 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
1215 case DBUS_MESSAGE_TYPE_ERROR:
1219 _dbus_verbose ("security check disallowing message of unknown type %d\n",
1222 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1223 "Message bus will not accept messages of unknown type\n");
1228 requested_reply = FALSE;
1232 /* First verify the SELinux access controls. If allowed then
1233 * go on with the standard checks.
1235 if (!bus_selinux_allows_send (sender, proposed_recipient,
1236 dbus_message_type_to_string (dbus_message_get_type (message)),
1237 dbus_message_get_interface (message),
1238 dbus_message_get_member (message),
1239 dbus_message_get_error_name (message),
1240 dest ? dest : DBUS_SERVICE_DBUS, error))
1242 if (error != NULL && !dbus_error_is_set (error))
1244 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1245 "An SELinux policy prevents this sender "
1246 "from sending this message to this recipient "
1247 "(rejected message had sender \"%s\" interface \"%s\" "
1248 "member \"%s\" error name \"%s\" destination \"%s\")",
1249 sender_name ? sender_name : "(unset)",
1250 dbus_message_get_interface (message) ?
1251 dbus_message_get_interface (message) : "(unset)",
1252 dbus_message_get_member (message) ?
1253 dbus_message_get_member (message) : "(unset)",
1254 dbus_message_get_error_name (message) ?
1255 dbus_message_get_error_name (message) : "(unset)",
1256 dest ? dest : DBUS_SERVICE_DBUS);
1257 _dbus_verbose ("SELinux security check denying send to service\n");
1263 if (bus_connection_is_active (sender))
1265 sender_policy = bus_connection_get_policy (sender);
1266 _dbus_assert (sender_policy != NULL);
1268 /* Fill in requested_reply variable with TRUE if this is a
1269 * reply and the reply was pending.
1271 if (dbus_message_get_reply_serial (message) != 0)
1273 if (proposed_recipient != NULL /* not to the bus driver */ &&
1274 addressed_recipient == proposed_recipient /* not eavesdropping */)
1278 dbus_error_init (&error2);
1279 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
1281 sender, addressed_recipient, message,
1283 if (dbus_error_is_set (&error2))
1285 dbus_move_error (&error2, error);
1293 /* Policy for inactive connections is that they can only send
1294 * the hello message to the bus driver
1296 if (proposed_recipient == NULL &&
1297 dbus_message_is_method_call (message,
1298 DBUS_INTERFACE_DBUS,
1301 _dbus_verbose ("security check allowing %s message\n",
1307 _dbus_verbose ("security check disallowing non-%s message\n",
1310 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1311 "Client tried to send a message other than %s without being registered",
1320 sender_policy = NULL;
1322 /* If the sender is the bus driver, we assume any reply was a
1323 * requested reply as bus driver won't send bogus ones
1325 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1326 dbus_message_get_reply_serial (message) != 0)
1327 requested_reply = TRUE;
1330 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1331 (sender == NULL && sender_policy == NULL));
1333 if (proposed_recipient != NULL)
1335 /* only the bus driver can send to an inactive recipient (as it
1336 * owns no services, so other apps can't address it). Inactive
1337 * recipients can receive any message.
1339 if (bus_connection_is_active (proposed_recipient))
1341 recipient_policy = bus_connection_get_policy (proposed_recipient);
1342 _dbus_assert (recipient_policy != NULL);
1344 else if (sender == NULL)
1346 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1347 recipient_policy = NULL;
1351 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1352 recipient_policy = NULL;
1356 recipient_policy = NULL;
1358 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1359 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1360 (proposed_recipient == NULL && recipient_policy == NULL));
1363 if (sender_policy &&
1364 !bus_client_policy_check_can_send (sender_policy,
1368 message, &toggles, &log))
1370 const char *msg = "Rejected send message, %d matched rules; "
1371 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
1373 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1375 dbus_message_type_to_string (dbus_message_get_type (message)),
1376 sender_name ? sender_name : "(unset)",
1378 dbus_message_get_interface (message) ?
1379 dbus_message_get_interface (message) : "(unset)",
1380 dbus_message_get_member (message) ?
1381 dbus_message_get_member (message) : "(unset)",
1382 dbus_message_get_error_name (message) ?
1383 dbus_message_get_error_name (message) : "(unset)",
1385 dest ? dest : DBUS_SERVICE_DBUS,
1386 proposed_recipient_loginfo);
1387 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1388 if (addressed_recipient == proposed_recipient)
1389 bus_context_log_security (context, msg,
1391 dbus_message_type_to_string (dbus_message_get_type (message)),
1392 sender_name ? sender_name : "(unset)",
1394 dbus_message_get_interface (message) ?
1395 dbus_message_get_interface (message) : "(unset)",
1396 dbus_message_get_member (message) ?
1397 dbus_message_get_member (message) : "(unset)",
1398 dbus_message_get_error_name (message) ?
1399 dbus_message_get_error_name (message) : "(unset)",
1401 dest ? dest : DBUS_SERVICE_DBUS,
1402 proposed_recipient_loginfo);
1403 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1408 bus_context_log_security (context,
1409 "Would reject message, %d matched rules; "
1410 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))",
1412 dbus_message_type_to_string (dbus_message_get_type (message)),
1413 sender_name ? sender_name : "(unset)",
1415 dbus_message_get_interface (message) ?
1416 dbus_message_get_interface (message) : "(unset)",
1417 dbus_message_get_member (message) ?
1418 dbus_message_get_member (message) : "(unset)",
1419 dbus_message_get_error_name (message) ?
1420 dbus_message_get_error_name (message) : "(unset)",
1422 dest ? dest : DBUS_SERVICE_DBUS,
1423 proposed_recipient_loginfo);
1425 if (recipient_policy &&
1426 !bus_client_policy_check_can_receive (recipient_policy,
1430 addressed_recipient, proposed_recipient,
1433 const char *msg = "Rejected receive message, %d matched rules; "
1434 "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))";
1436 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1438 dbus_message_type_to_string (dbus_message_get_type (message)),
1439 sender_name ? sender_name : "(unset)",
1441 dbus_message_get_interface (message) ?
1442 dbus_message_get_interface (message) : "(unset)",
1443 dbus_message_get_member (message) ?
1444 dbus_message_get_member (message) : "(unset)",
1445 dbus_message_get_error_name (message) ?
1446 dbus_message_get_error_name (message) : "(unset)",
1447 dbus_message_get_reply_serial (message),
1449 dest ? dest : DBUS_SERVICE_DBUS,
1450 proposed_recipient_loginfo);
1451 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1452 if (addressed_recipient == proposed_recipient)
1453 bus_context_log_security (context, msg,
1455 dbus_message_type_to_string (dbus_message_get_type (message)),
1456 sender_name ? sender_name : "(unset)",
1458 dbus_message_get_interface (message) ?
1459 dbus_message_get_interface (message) : "(unset)",
1460 dbus_message_get_member (message) ?
1461 dbus_message_get_member (message) : "(unset)",
1462 dbus_message_get_error_name (message) ?
1463 dbus_message_get_error_name (message) : "(unset)",
1464 dbus_message_get_reply_serial (message),
1466 dest ? dest : DBUS_SERVICE_DBUS,
1467 proposed_recipient_loginfo);
1468 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1472 /* See if limits on size have been exceeded */
1473 if (proposed_recipient &&
1474 dbus_connection_get_outgoing_size (proposed_recipient) >
1475 context->limits.max_outgoing_bytes)
1477 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
1478 "The destination service \"%s\" has a full message queue",
1479 dest ? dest : (proposed_recipient ?
1480 bus_connection_get_name (proposed_recipient) :
1481 DBUS_SERVICE_DBUS));
1482 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1486 /* Record that we will allow a reply here in the future (don't
1487 * bother if the recipient is the bus or this is an eavesdropping
1488 * connection). Only the addressed recipient may reply.
1490 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
1492 addressed_recipient &&
1493 addressed_recipient == proposed_recipient && /* not eavesdropping */
1494 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1496 sender, addressed_recipient,
1499 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1503 _dbus_verbose ("security policy allowing message\n");
projects / platform / upstream / dbus.git / blob