1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* bus.c message bus context object
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
26 #include "activation.h"
27 #include "connection.h"
31 #include "config-parser.h"
34 #include "dir-watch.h"
35 #include <dbus/dbus-list.h>
36 #include <dbus/dbus-hash.h>
37 #include <dbus/dbus-credentials.h>
38 #include <dbus/dbus-internals.h>
56 BusConnections *connections;
57 BusActivation *activation;
58 BusRegistry *registry;
60 BusMatchmaker *matchmaker;
62 unsigned int fork : 1;
63 unsigned int syslog : 1;
64 unsigned int keep_umask : 1;
65 unsigned int allow_anonymous : 1;
66 unsigned int systemd_activation : 1;
69 static dbus_int32_t server_data_slot = -1;
76 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
79 server_get_context (DBusServer *server)
84 if (!dbus_server_allocate_data_slot (&server_data_slot))
87 bd = BUS_SERVER_DATA (server);
90 dbus_server_free_data_slot (&server_data_slot);
94 context = bd->context;
96 dbus_server_free_data_slot (&server_data_slot);
102 server_watch_callback (DBusWatch *watch,
103 unsigned int condition,
106 /* FIXME this can be done in dbus-mainloop.c
107 * if the code in activation.c for the babysitter
108 * watch handler is fixed.
111 return dbus_watch_handle (watch, condition);
115 add_server_watch (DBusWatch *watch,
118 DBusServer *server = data;
121 context = server_get_context (server);
123 return _dbus_loop_add_watch (context->loop,
124 watch, server_watch_callback, server,
129 remove_server_watch (DBusWatch *watch,
132 DBusServer *server = data;
135 context = server_get_context (server);
137 _dbus_loop_remove_watch (context->loop,
138 watch, server_watch_callback, server);
143 server_timeout_callback (DBusTimeout *timeout,
146 /* can return FALSE on OOM but we just let it fire again later */
147 dbus_timeout_handle (timeout);
151 add_server_timeout (DBusTimeout *timeout,
154 DBusServer *server = data;
157 context = server_get_context (server);
159 return _dbus_loop_add_timeout (context->loop,
160 timeout, server_timeout_callback, server, NULL);
164 remove_server_timeout (DBusTimeout *timeout,
167 DBusServer *server = data;
170 context = server_get_context (server);
172 _dbus_loop_remove_timeout (context->loop,
173 timeout, server_timeout_callback, server);
177 new_connection_callback (DBusServer *server,
178 DBusConnection *new_connection,
181 BusContext *context = data;
183 if (!bus_connections_setup_connection (context->connections, new_connection))
185 _dbus_verbose ("No memory to setup new connection\n");
187 /* if we don't do this, it will get unref'd without
188 * being disconnected... kind of strange really
189 * that we have to do this, people won't get it right
192 dbus_connection_close (new_connection);
195 dbus_connection_set_max_received_size (new_connection,
196 context->limits.max_incoming_bytes);
198 dbus_connection_set_max_message_size (new_connection,
199 context->limits.max_message_size);
201 dbus_connection_set_max_received_unix_fds (new_connection,
202 context->limits.max_incoming_unix_fds);
204 dbus_connection_set_max_message_unix_fds (new_connection,
205 context->limits.max_message_unix_fds);
207 dbus_connection_set_allow_anonymous (new_connection,
208 context->allow_anonymous);
210 /* on OOM, we won't have ref'd the connection so it will die. */
214 free_server_data (void *data)
216 BusServerData *bd = data;
222 setup_server (BusContext *context,
224 char **auth_mechanisms,
229 bd = dbus_new0 (BusServerData, 1);
230 if (bd == NULL || !dbus_server_set_data (server,
232 bd, free_server_data))
239 bd->context = context;
241 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
247 dbus_server_set_new_connection_function (server,
248 new_connection_callback,
251 if (!dbus_server_set_watch_functions (server,
262 if (!dbus_server_set_timeout_functions (server,
264 remove_server_timeout,
275 /* This code only gets executed the first time the
276 * config files are parsed. It is not executed
277 * when config files are reloaded.
280 process_config_first_time_only (BusContext *context,
281 BusConfigParser *parser,
282 const DBusString *address,
283 dbus_bool_t systemd_activation,
286 DBusString log_prefix;
288 DBusList **addresses;
289 const char *user, *pidfile;
290 char **auth_mechanisms;
291 DBusList **auth_mechanisms_list;
295 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
298 auth_mechanisms = NULL;
300 _dbus_init_system_log ();
302 context->systemd_activation = systemd_activation;
304 /* Check for an existing pid file. Of course this is a race;
305 * we'd have to use fcntl() locks on the pid file to
306 * avoid that. But we want to check for the pid file
307 * before overwriting any existing sockets, etc.
309 pidfile = bus_config_parser_get_pidfile (parser);
315 _dbus_string_init_const (&u, pidfile);
317 if (_dbus_stat (&u, &stbuf, NULL))
323 _dbus_string_init (&p);
324 _dbus_file_get_contents(&p, &u, NULL);
325 _dbus_string_parse_int(&p, 0, &pid, NULL);
326 _dbus_string_free(&p);
328 if ((kill((int)pid, 0))) {
329 dbus_set_error(NULL, DBUS_ERROR_FILE_EXISTS,
330 "pid %ld not running, removing stale pid file\n",
332 _dbus_delete_file(&u, NULL);
335 dbus_set_error (error, DBUS_ERROR_FAILED,
336 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
345 /* keep around the pid filename so we can delete it later */
346 context->pidfile = _dbus_strdup (pidfile);
348 /* note that type may be NULL */
349 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
350 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
353 user = bus_config_parser_get_user (parser);
356 context->user = _dbus_strdup (user);
357 if (context->user == NULL)
361 /* Set up the prefix for syslog messages */
362 if (!_dbus_string_init (&log_prefix))
364 if (context->type && !strcmp (context->type, "system"))
366 if (!_dbus_string_append (&log_prefix, "[system] "))
369 else if (context->type && !strcmp (context->type, "session"))
371 DBusCredentials *credentials;
373 credentials = _dbus_credentials_new_from_current_process ();
376 if (!_dbus_string_append (&log_prefix, "[session "))
378 _dbus_credentials_unref (credentials);
381 if (!_dbus_credentials_to_string_append (credentials, &log_prefix))
383 _dbus_credentials_unref (credentials);
386 if (!_dbus_string_append (&log_prefix, "] "))
388 _dbus_credentials_unref (credentials);
391 _dbus_credentials_unref (credentials);
393 if (!_dbus_string_steal_data (&log_prefix, &context->log_prefix))
395 _dbus_string_free (&log_prefix);
397 /* Build an array of auth mechanisms */
399 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
400 len = _dbus_list_get_length (auth_mechanisms_list);
406 auth_mechanisms = dbus_new0 (char*, len + 1);
407 if (auth_mechanisms == NULL)
411 link = _dbus_list_get_first_link (auth_mechanisms_list);
414 auth_mechanisms[i] = _dbus_strdup (link->data);
415 if (auth_mechanisms[i] == NULL)
417 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
422 auth_mechanisms = NULL;
425 /* Listen on our addresses */
431 server = dbus_server_listen (_dbus_string_get_const_data(address), error);
434 _DBUS_ASSERT_ERROR_IS_SET (error);
437 else if (!setup_server (context, server, auth_mechanisms, error))
439 _DBUS_ASSERT_ERROR_IS_SET (error);
443 if (!_dbus_list_append (&context->servers, server))
448 addresses = bus_config_parser_get_addresses (parser);
450 link = _dbus_list_get_first_link (addresses);
455 server = dbus_server_listen (link->data, error);
458 _DBUS_ASSERT_ERROR_IS_SET (error);
461 else if (!setup_server (context, server, auth_mechanisms, error))
463 _DBUS_ASSERT_ERROR_IS_SET (error);
467 if (!_dbus_list_append (&context->servers, server))
470 link = _dbus_list_get_next_link (addresses, link);
474 context->fork = bus_config_parser_get_fork (parser);
475 context->syslog = bus_config_parser_get_syslog (parser);
476 context->keep_umask = bus_config_parser_get_keep_umask (parser);
477 context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
479 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
483 dbus_free_string_array (auth_mechanisms);
488 dbus_free_string_array (auth_mechanisms);
492 /* This code gets executed every time the config files
493 * are parsed: both during BusContext construction
494 * and on reloads. This function is slightly screwy
495 * since it can do a "half reload" in out-of-memory
496 * situations. Realistically, unlikely to ever matter.
499 process_config_every_time (BusContext *context,
500 BusConfigParser *parser,
501 dbus_bool_t is_reload,
504 DBusString full_address;
507 BusActivation *new_activation;
509 const char *servicehelper;
514 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
519 if (!_dbus_string_init (&full_address))
525 /* get our limits and timeout lengths */
526 bus_config_parser_get_limits (parser, &context->limits);
529 bus_policy_unref (context->policy);
530 context->policy = bus_config_parser_steal_policy (parser);
531 _dbus_assert (context->policy != NULL);
533 /* We have to build the address backward, so that
534 * <listen> later in the config file have priority
536 link = _dbus_list_get_last_link (&context->servers);
539 addr = dbus_server_get_address (link->data);
546 if (_dbus_string_get_length (&full_address) > 0)
548 if (!_dbus_string_append (&full_address, ";"))
555 if (!_dbus_string_append (&full_address, addr))
564 link = _dbus_list_get_prev_link (&context->servers, link);
568 dbus_free (context->address);
570 if (!_dbus_string_copy_data (&full_address, &context->address))
576 /* get the service directories */
577 dirs = bus_config_parser_get_service_dirs (parser);
579 /* and the service helper */
580 servicehelper = bus_config_parser_get_servicehelper (parser);
582 s = _dbus_strdup(servicehelper);
583 if (s == NULL && servicehelper != NULL)
590 dbus_free(context->servicehelper);
591 context->servicehelper = s;
594 /* Create activation subsystem */
595 if (context->activation)
597 if (!bus_activation_reload (context->activation, &full_address, dirs, error))
602 context->activation = bus_activation_new (context, &full_address, dirs, error);
605 if (context->activation == NULL)
607 _DBUS_ASSERT_ERROR_IS_SET (error);
611 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
615 _dbus_string_free (&full_address);
624 list_concat_new (DBusList **a,
632 for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link))
634 if (!_dbus_list_append (result, link->data))
637 for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link))
639 if (!_dbus_list_append (result, link->data))
645 _dbus_list_clear (result);
650 raise_file_descriptor_limit (BusContext *context)
653 /* I just picked this out of thin air; we need some extra
654 * descriptors for things like any internal pipes we create,
655 * inotify, connections to SELinux, etc.
657 unsigned int arbitrary_extra_fds = 32;
660 limit = context->limits.max_completed_connections +
661 context->limits.max_incomplete_connections
662 + arbitrary_extra_fds;
664 _dbus_request_file_descriptor_limit (limit);
668 process_config_postinit (BusContext *context,
669 BusConfigParser *parser,
672 DBusHashTable *service_context_table;
673 DBusList *watched_dirs = NULL;
675 raise_file_descriptor_limit (context);
677 service_context_table = bus_config_parser_steal_service_context_table (parser);
678 if (!bus_registry_set_service_context_table (context->registry,
679 service_context_table))
685 _dbus_hash_table_unref (service_context_table);
687 /* We need to monitor both the configuration directories and directories
688 * containing .service files.
690 if (!list_concat_new (bus_config_parser_get_conf_dirs (parser),
691 bus_config_parser_get_service_dirs (parser),
698 bus_set_watched_dirs (context, &watched_dirs);
700 _dbus_list_clear (&watched_dirs);
706 bus_context_new (const DBusString *config_file,
707 ForceForkSetting force_fork,
708 DBusPipe *print_addr_pipe,
709 DBusPipe *print_pid_pipe,
710 const DBusString *address,
711 dbus_bool_t systemd_activation,
714 DBusString log_prefix;
716 BusConfigParser *parser;
718 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
723 if (!dbus_server_allocate_data_slot (&server_data_slot))
729 context = dbus_new0 (BusContext, 1);
735 context->refcount = 1;
737 _dbus_generate_uuid (&context->uuid);
739 if (!_dbus_string_copy_data (config_file, &context->config_file))
745 context->loop = _dbus_loop_new ();
746 if (context->loop == NULL)
752 context->registry = bus_registry_new (context);
753 if (context->registry == NULL)
759 parser = bus_config_load (config_file, TRUE, NULL, error);
762 _DBUS_ASSERT_ERROR_IS_SET (error);
766 if (!process_config_first_time_only (context, parser, address, systemd_activation, error))
768 _DBUS_ASSERT_ERROR_IS_SET (error);
771 if (!process_config_every_time (context, parser, FALSE, error))
773 _DBUS_ASSERT_ERROR_IS_SET (error);
777 /* we need another ref of the server data slot for the context
780 if (!dbus_server_allocate_data_slot (&server_data_slot))
781 _dbus_assert_not_reached ("second ref of server data slot failed");
783 /* Note that we don't know whether the print_addr_pipe is
784 * one of the sockets we're using to listen on, or some
785 * other random thing. But I think the answer is "don't do
788 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
791 const char *a = bus_context_get_address (context);
794 _dbus_assert (a != NULL);
795 if (!_dbus_string_init (&addr))
801 if (!_dbus_string_append (&addr, a) ||
802 !_dbus_string_append (&addr, "\n"))
804 _dbus_string_free (&addr);
809 bytes = _dbus_string_get_length (&addr);
810 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
812 /* pipe write returns an error on failure but not short write */
813 if (error != NULL && !dbus_error_is_set (error))
815 dbus_set_error (error, DBUS_ERROR_FAILED,
816 "Printing message bus address: did not write all bytes\n");
818 _dbus_string_free (&addr);
822 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
823 _dbus_pipe_close (print_addr_pipe, NULL);
825 _dbus_string_free (&addr);
828 context->connections = bus_connections_new (context);
829 if (context->connections == NULL)
835 context->matchmaker = bus_matchmaker_new ();
836 if (context->matchmaker == NULL)
842 /* check user before we fork */
843 if (context->user != NULL)
845 if (!_dbus_verify_daemon_user (context->user))
847 dbus_set_error (error, DBUS_ERROR_FAILED,
848 "Could not get UID and GID for username \"%s\"",
854 /* Now become a daemon if appropriate and write out pid file in any case */
858 if (context->pidfile)
859 _dbus_string_init_const (&u, context->pidfile);
861 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
863 _dbus_verbose ("Forking and becoming daemon\n");
865 if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
868 context->keep_umask))
870 _DBUS_ASSERT_ERROR_IS_SET (error);
876 _dbus_verbose ("Fork not requested\n");
878 /* Need to write PID file and to PID pipe for ourselves,
879 * not for the child process. This is a no-op if the pidfile
880 * is NULL and print_pid_pipe is NULL.
882 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
887 _DBUS_ASSERT_ERROR_IS_SET (error);
893 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
894 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
895 _dbus_pipe_close (print_pid_pipe, NULL);
897 if (!bus_selinux_full_init ())
899 bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n");
902 if (!process_config_postinit (context, parser, error))
904 _DBUS_ASSERT_ERROR_IS_SET (error);
910 bus_config_parser_unref (parser);
914 /* Here we change our credentials if required,
915 * as soon as we've set up our sockets and pidfile
917 if (context->user != NULL)
919 if (!_dbus_change_to_daemon_user (context->user, error))
921 _DBUS_ASSERT_ERROR_IS_SET (error);
926 /* FIXME - why not just put this in full_init() below? */
927 bus_selinux_audit_init ();
931 dbus_server_free_data_slot (&server_data_slot);
937 bus_config_parser_unref (parser);
939 bus_context_unref (context);
941 if (server_data_slot >= 0)
942 dbus_server_free_data_slot (&server_data_slot);
948 bus_context_get_id (BusContext *context,
951 return _dbus_uuid_encode (&context->uuid, uuid);
955 bus_context_reload_config (BusContext *context,
958 BusConfigParser *parser;
959 DBusString config_file;
962 /* Flush the user database cache */
963 _dbus_flush_caches ();
966 _dbus_string_init_const (&config_file, context->config_file);
967 parser = bus_config_load (&config_file, TRUE, NULL, error);
970 _DBUS_ASSERT_ERROR_IS_SET (error);
974 if (!process_config_every_time (context, parser, TRUE, error))
976 _DBUS_ASSERT_ERROR_IS_SET (error);
979 if (!process_config_postinit (context, parser, error))
981 _DBUS_ASSERT_ERROR_IS_SET (error);
986 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Reloaded configuration");
989 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Unable to reload configuration: %s", error->message);
991 bus_config_parser_unref (parser);
996 shutdown_server (BusContext *context,
999 if (server == NULL ||
1000 !dbus_server_get_is_connected (server))
1003 if (!dbus_server_set_watch_functions (server,
1007 _dbus_assert_not_reached ("setting watch functions to NULL failed");
1009 if (!dbus_server_set_timeout_functions (server,
1013 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
1015 dbus_server_disconnect (server);
1019 bus_context_shutdown (BusContext *context)
1023 link = _dbus_list_get_first_link (&context->servers);
1024 while (link != NULL)
1026 shutdown_server (context, link->data);
1028 link = _dbus_list_get_next_link (&context->servers, link);
1033 bus_context_ref (BusContext *context)
1035 _dbus_assert (context->refcount > 0);
1036 context->refcount += 1;
1042 bus_context_unref (BusContext *context)
1044 _dbus_assert (context->refcount > 0);
1045 context->refcount -= 1;
1047 if (context->refcount == 0)
1051 _dbus_verbose ("Finalizing bus context %p\n", context);
1053 bus_context_shutdown (context);
1055 if (context->connections)
1057 bus_connections_unref (context->connections);
1058 context->connections = NULL;
1061 if (context->registry)
1063 bus_registry_unref (context->registry);
1064 context->registry = NULL;
1067 if (context->activation)
1069 bus_activation_unref (context->activation);
1070 context->activation = NULL;
1073 link = _dbus_list_get_first_link (&context->servers);
1074 while (link != NULL)
1076 dbus_server_unref (link->data);
1078 link = _dbus_list_get_next_link (&context->servers, link);
1080 _dbus_list_clear (&context->servers);
1082 if (context->policy)
1084 bus_policy_unref (context->policy);
1085 context->policy = NULL;
1090 _dbus_loop_unref (context->loop);
1091 context->loop = NULL;
1094 if (context->matchmaker)
1096 bus_matchmaker_unref (context->matchmaker);
1097 context->matchmaker = NULL;
1100 dbus_free (context->config_file);
1101 dbus_free (context->log_prefix);
1102 dbus_free (context->type);
1103 dbus_free (context->address);
1104 dbus_free (context->user);
1105 dbus_free (context->servicehelper);
1107 if (context->pidfile)
1110 _dbus_string_init_const (&u, context->pidfile);
1112 /* Deliberately ignore errors here, since there's not much
1113 * we can do about it, and we're exiting anyways.
1115 _dbus_delete_file (&u, NULL);
1117 dbus_free (context->pidfile);
1119 dbus_free (context);
1121 dbus_server_free_data_slot (&server_data_slot);
1125 /* type may be NULL */
1127 bus_context_get_type (BusContext *context)
1129 return context->type;
1133 bus_context_get_address (BusContext *context)
1135 return context->address;
1139 bus_context_get_servicehelper (BusContext *context)
1141 return context->servicehelper;
1145 bus_context_get_systemd_activation (BusContext *context)
1147 return context->systemd_activation;
1151 bus_context_get_registry (BusContext *context)
1153 return context->registry;
1157 bus_context_get_connections (BusContext *context)
1159 return context->connections;
1163 bus_context_get_activation (BusContext *context)
1165 return context->activation;
1169 bus_context_get_matchmaker (BusContext *context)
1171 return context->matchmaker;
1175 bus_context_get_loop (BusContext *context)
1177 return context->loop;
1181 bus_context_allow_unix_user (BusContext *context,
1184 return bus_policy_allow_unix_user (context->policy,
1188 /* For now this is never actually called because the default
1189 * DBusConnection behavior of 'same user that owns the bus can connect'
1190 * is all it would do.
1193 bus_context_allow_windows_user (BusContext *context,
1194 const char *windows_sid)
1196 return bus_policy_allow_windows_user (context->policy,
1201 bus_context_get_policy (BusContext *context)
1203 return context->policy;
1207 bus_context_create_client_policy (BusContext *context,
1208 DBusConnection *connection,
1211 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
1212 return bus_policy_create_client_policy (context->policy, connection,
1217 bus_context_get_activation_timeout (BusContext *context)
1220 return context->limits.activation_timeout;
1224 bus_context_get_auth_timeout (BusContext *context)
1226 return context->limits.auth_timeout;
1230 bus_context_get_max_completed_connections (BusContext *context)
1232 return context->limits.max_completed_connections;
1236 bus_context_get_max_incomplete_connections (BusContext *context)
1238 return context->limits.max_incomplete_connections;
1242 bus_context_get_max_connections_per_user (BusContext *context)
1244 return context->limits.max_connections_per_user;
1248 bus_context_get_max_pending_activations (BusContext *context)
1250 return context->limits.max_pending_activations;
1254 bus_context_get_max_services_per_connection (BusContext *context)
1256 return context->limits.max_services_per_connection;
1260 bus_context_get_max_match_rules_per_connection (BusContext *context)
1262 return context->limits.max_match_rules_per_connection;
1266 bus_context_get_max_replies_per_connection (BusContext *context)
1268 return context->limits.max_replies_per_connection;
1272 bus_context_get_reply_timeout (BusContext *context)
1274 return context->limits.reply_timeout;
1278 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...) _DBUS_GNUC_PRINTF (3, 4);
1281 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...)
1285 if (!context->syslog)
1288 va_start (args, msg);
1290 if (context->log_prefix)
1292 DBusString full_msg;
1294 if (!_dbus_string_init (&full_msg))
1296 if (!_dbus_string_append (&full_msg, context->log_prefix))
1298 if (!_dbus_string_append_printf_valist (&full_msg, msg, args))
1301 _dbus_system_log (severity, "%s", _dbus_string_get_const_data (&full_msg));
1303 _dbus_string_free (&full_msg);
1306 _dbus_system_logv (severity, msg, args);
1312 static inline const char *
1313 nonnull (const char *maybe_null,
1314 const char *if_null)
1316 return (maybe_null ? maybe_null : if_null);
1320 * Log something about a message, usually that it was rejected.
1323 complain_about_message (BusContext *context,
1324 const char *error_name,
1325 const char *complaint,
1327 DBusMessage *message,
1328 DBusConnection *sender,
1329 DBusConnection *proposed_recipient,
1330 dbus_bool_t requested_reply,
1334 DBusError stack_error = DBUS_ERROR_INIT;
1335 const char *sender_name;
1336 const char *sender_loginfo;
1337 const char *proposed_recipient_loginfo;
1339 if (error == NULL && !(context->syslog && log))
1344 sender_name = bus_connection_get_name (sender);
1345 sender_loginfo = bus_connection_get_loginfo (sender);
1349 sender_name = "(unset)";
1350 sender_loginfo = "(bus)";
1353 if (proposed_recipient != NULL)
1354 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
1356 proposed_recipient_loginfo = "bus";
1358 dbus_set_error (&stack_error, error_name,
1359 "%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) "
1360 "interface=\"%s\" member=\"%s\" error name=\"%s\" "
1361 "requested_reply=\"%d\" destination=\"%s\" (%s)",
1364 dbus_message_type_to_string (dbus_message_get_type (message)),
1367 nonnull (dbus_message_get_interface (message), "(unset)"),
1368 nonnull (dbus_message_get_member (message), "(unset)"),
1369 nonnull (dbus_message_get_error_name (message), "(unset)"),
1371 nonnull (dbus_message_get_destination (message), DBUS_SERVICE_DBUS),
1372 proposed_recipient_loginfo);
1374 /* If we hit OOM while setting the error, this will syslog "out of memory"
1375 * which is itself an indication that something is seriously wrong */
1377 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, "%s",
1378 stack_error.message);
1380 dbus_move_error (&stack_error, error);
1384 * addressed_recipient is the recipient specified in the message.
1386 * proposed_recipient is the recipient we're considering sending
1387 * to right this second, and may be an eavesdropper.
1389 * sender is the sender of the message.
1391 * NULL for proposed_recipient or sender definitely means the bus driver.
1393 * NULL for addressed_recipient may mean the bus driver, or may mean
1394 * no destination was specified in the message (e.g. a signal).
1397 bus_context_check_security_policy (BusContext *context,
1398 BusTransaction *transaction,
1399 DBusConnection *sender,
1400 DBusConnection *addressed_recipient,
1401 DBusConnection *proposed_recipient,
1402 DBusMessage *message,
1406 BusClientPolicy *sender_policy;
1407 BusClientPolicy *recipient_policy;
1408 dbus_int32_t toggles;
1411 dbus_bool_t requested_reply;
1412 const char *sender_name;
1413 const char *sender_loginfo;
1414 const char *proposed_recipient_loginfo;
1416 type = dbus_message_get_type (message);
1417 dest = dbus_message_get_destination (message);
1419 /* dispatch.c was supposed to ensure these invariants */
1420 _dbus_assert (dest != NULL ||
1421 type == DBUS_MESSAGE_TYPE_SIGNAL ||
1422 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1423 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
1424 addressed_recipient != NULL ||
1425 strcmp (dest, DBUS_SERVICE_DBUS) == 0);
1429 case DBUS_MESSAGE_TYPE_METHOD_CALL:
1430 case DBUS_MESSAGE_TYPE_SIGNAL:
1431 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
1432 case DBUS_MESSAGE_TYPE_ERROR:
1436 _dbus_verbose ("security check disallowing message of unknown type %d\n",
1439 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1440 "Message bus will not accept messages of unknown type\n");
1445 requested_reply = FALSE;
1449 /* First verify the SELinux access controls. If allowed then
1450 * go on with the standard checks.
1452 if (!bus_selinux_allows_send (sender, proposed_recipient,
1453 dbus_message_type_to_string (dbus_message_get_type (message)),
1454 dbus_message_get_interface (message),
1455 dbus_message_get_member (message),
1456 dbus_message_get_error_name (message),
1457 dest ? dest : DBUS_SERVICE_DBUS, error))
1459 if (error != NULL && !dbus_error_is_set (error))
1461 /* don't syslog this, just set the error: avc_has_perm should
1462 * have already written to either the audit log or syslog */
1463 complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
1464 "An SELinux policy prevents this sender from sending this "
1465 "message to this recipient",
1466 0, message, sender, proposed_recipient, FALSE, FALSE, error);
1467 _dbus_verbose ("SELinux security check denying send to service\n");
1473 if (bus_connection_is_active (sender))
1475 sender_policy = bus_connection_get_policy (sender);
1476 _dbus_assert (sender_policy != NULL);
1478 /* Fill in requested_reply variable with TRUE if this is a
1479 * reply and the reply was pending.
1481 if (dbus_message_get_reply_serial (message) != 0)
1483 if (proposed_recipient != NULL /* not to the bus driver */ &&
1484 addressed_recipient == proposed_recipient /* not eavesdropping */)
1488 dbus_error_init (&error2);
1489 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
1491 sender, addressed_recipient, message,
1493 if (dbus_error_is_set (&error2))
1495 dbus_move_error (&error2, error);
1503 /* Policy for inactive connections is that they can only send
1504 * the hello message to the bus driver
1506 if (proposed_recipient == NULL &&
1507 dbus_message_is_method_call (message,
1508 DBUS_INTERFACE_DBUS,
1511 _dbus_verbose ("security check allowing %s message\n",
1517 _dbus_verbose ("security check disallowing non-%s message\n",
1520 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1521 "Client tried to send a message other than %s without being registered",
1530 sender_policy = NULL;
1532 /* If the sender is the bus driver, we assume any reply was a
1533 * requested reply as bus driver won't send bogus ones
1535 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1536 dbus_message_get_reply_serial (message) != 0)
1537 requested_reply = TRUE;
1540 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1541 (sender == NULL && sender_policy == NULL));
1543 if (proposed_recipient != NULL)
1545 /* only the bus driver can send to an inactive recipient (as it
1546 * owns no services, so other apps can't address it). Inactive
1547 * recipients can receive any message.
1549 if (bus_connection_is_active (proposed_recipient))
1551 recipient_policy = bus_connection_get_policy (proposed_recipient);
1552 _dbus_assert (recipient_policy != NULL);
1554 else if (sender == NULL)
1556 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1557 recipient_policy = NULL;
1561 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1562 recipient_policy = NULL;
1566 recipient_policy = NULL;
1568 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1569 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1570 (proposed_recipient == NULL && recipient_policy == NULL));
1573 if (sender_policy &&
1574 !bus_client_policy_check_can_send (sender_policy,
1578 message, &toggles, &log))
1580 const char *msg = "Rejected send message, %d matched rules; "
1581 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
1583 complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
1584 "Rejected send message", toggles,
1585 message, sender, proposed_recipient, requested_reply,
1586 (addressed_recipient == proposed_recipient), error);
1587 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1593 /* We want to drop this message, and are only not doing so for backwards
1595 complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
1596 "Would reject message", toggles,
1597 message, sender, proposed_recipient, requested_reply,
1601 if (recipient_policy &&
1602 !bus_client_policy_check_can_receive (recipient_policy,
1606 addressed_recipient, proposed_recipient,
1609 complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
1610 "Rejected receive message", toggles,
1611 message, sender, proposed_recipient, requested_reply,
1612 (addressed_recipient == proposed_recipient), NULL);
1613 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1617 /* See if limits on size have been exceeded */
1618 if (proposed_recipient &&
1619 ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) ||
1620 (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds)))
1622 complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED,
1623 "Rejected: destination has a full message queue",
1624 0, message, sender, proposed_recipient, requested_reply, TRUE,
1626 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1630 /* Record that we will allow a reply here in the future (don't
1631 * bother if the recipient is the bus or this is an eavesdropping
1632 * connection). Only the addressed recipient may reply.
1634 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
1636 addressed_recipient &&
1637 addressed_recipient == proposed_recipient && /* not eavesdropping */
1638 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1640 sender, addressed_recipient,
1643 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1647 _dbus_verbose ("security policy allowing message\n");