1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* bus.c message bus context object
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
25 #include "activation.h"
26 #include "connection.h"
30 #include "config-parser.h"
33 #include "dir-watch.h"
34 #include <dbus/dbus-list.h>
35 #include <dbus/dbus-hash.h>
36 #include <dbus/dbus-internals.h>
50 BusConnections *connections;
51 BusActivation *activation;
52 BusRegistry *registry;
54 BusMatchmaker *matchmaker;
56 unsigned int fork : 1;
57 unsigned int syslog : 1;
58 unsigned int keep_umask : 1;
59 unsigned int allow_anonymous : 1;
62 static dbus_int32_t server_data_slot = -1;
69 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
72 server_get_context (DBusServer *server)
77 if (!dbus_server_allocate_data_slot (&server_data_slot))
80 bd = BUS_SERVER_DATA (server);
83 dbus_server_free_data_slot (&server_data_slot);
87 context = bd->context;
89 dbus_server_free_data_slot (&server_data_slot);
95 server_watch_callback (DBusWatch *watch,
96 unsigned int condition,
99 /* FIXME this can be done in dbus-mainloop.c
100 * if the code in activation.c for the babysitter
101 * watch handler is fixed.
104 return dbus_watch_handle (watch, condition);
108 add_server_watch (DBusWatch *watch,
111 DBusServer *server = data;
114 context = server_get_context (server);
116 return _dbus_loop_add_watch (context->loop,
117 watch, server_watch_callback, server,
122 remove_server_watch (DBusWatch *watch,
125 DBusServer *server = data;
128 context = server_get_context (server);
130 _dbus_loop_remove_watch (context->loop,
131 watch, server_watch_callback, server);
136 server_timeout_callback (DBusTimeout *timeout,
139 /* can return FALSE on OOM but we just let it fire again later */
140 dbus_timeout_handle (timeout);
144 add_server_timeout (DBusTimeout *timeout,
147 DBusServer *server = data;
150 context = server_get_context (server);
152 return _dbus_loop_add_timeout (context->loop,
153 timeout, server_timeout_callback, server, NULL);
157 remove_server_timeout (DBusTimeout *timeout,
160 DBusServer *server = data;
163 context = server_get_context (server);
165 _dbus_loop_remove_timeout (context->loop,
166 timeout, server_timeout_callback, server);
170 new_connection_callback (DBusServer *server,
171 DBusConnection *new_connection,
174 BusContext *context = data;
176 if (!bus_connections_setup_connection (context->connections, new_connection))
178 _dbus_verbose ("No memory to setup new connection\n");
180 /* if we don't do this, it will get unref'd without
181 * being disconnected... kind of strange really
182 * that we have to do this, people won't get it right
185 dbus_connection_close (new_connection);
188 dbus_connection_set_max_received_size (new_connection,
189 context->limits.max_incoming_bytes);
191 dbus_connection_set_max_message_size (new_connection,
192 context->limits.max_message_size);
194 dbus_connection_set_max_received_unix_fds (new_connection,
195 context->limits.max_incoming_unix_fds);
197 dbus_connection_set_max_message_unix_fds (new_connection,
198 context->limits.max_message_unix_fds);
200 dbus_connection_set_allow_anonymous (new_connection,
201 context->allow_anonymous);
203 /* on OOM, we won't have ref'd the connection so it will die. */
207 free_server_data (void *data)
209 BusServerData *bd = data;
215 setup_server (BusContext *context,
217 char **auth_mechanisms,
222 bd = dbus_new0 (BusServerData, 1);
223 if (bd == NULL || !dbus_server_set_data (server,
225 bd, free_server_data))
232 bd->context = context;
234 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
240 dbus_server_set_new_connection_function (server,
241 new_connection_callback,
244 if (!dbus_server_set_watch_functions (server,
255 if (!dbus_server_set_timeout_functions (server,
257 remove_server_timeout,
268 /* This code only gets executed the first time the
269 * config files are parsed. It is not executed
270 * when config files are reloaded.
273 process_config_first_time_only (BusContext *context,
274 BusConfigParser *parser,
278 DBusList **addresses;
279 const char *user, *pidfile;
280 char **auth_mechanisms;
281 DBusList **auth_mechanisms_list;
285 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
288 auth_mechanisms = NULL;
290 /* Check for an existing pid file. Of course this is a race;
291 * we'd have to use fcntl() locks on the pid file to
292 * avoid that. But we want to check for the pid file
293 * before overwriting any existing sockets, etc.
295 pidfile = bus_config_parser_get_pidfile (parser);
301 _dbus_string_init_const (&u, pidfile);
303 if (_dbus_stat (&u, &stbuf, NULL))
305 dbus_set_error (error, DBUS_ERROR_FAILED,
306 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
312 /* keep around the pid filename so we can delete it later */
313 context->pidfile = _dbus_strdup (pidfile);
315 /* Build an array of auth mechanisms */
317 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
318 len = _dbus_list_get_length (auth_mechanisms_list);
324 auth_mechanisms = dbus_new0 (char*, len + 1);
325 if (auth_mechanisms == NULL)
332 link = _dbus_list_get_first_link (auth_mechanisms_list);
335 auth_mechanisms[i] = _dbus_strdup (link->data);
336 if (auth_mechanisms[i] == NULL)
341 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
346 auth_mechanisms = NULL;
349 /* Listen on our addresses */
351 addresses = bus_config_parser_get_addresses (parser);
353 link = _dbus_list_get_first_link (addresses);
358 server = dbus_server_listen (link->data, error);
361 _DBUS_ASSERT_ERROR_IS_SET (error);
364 else if (!setup_server (context, server, auth_mechanisms, error))
366 _DBUS_ASSERT_ERROR_IS_SET (error);
370 if (!_dbus_list_append (&context->servers, server))
376 link = _dbus_list_get_next_link (addresses, link);
379 /* note that type may be NULL */
380 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
381 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
387 user = bus_config_parser_get_user (parser);
390 context->user = _dbus_strdup (user);
391 if (context->user == NULL)
398 context->fork = bus_config_parser_get_fork (parser);
399 context->syslog = bus_config_parser_get_syslog (parser);
400 context->keep_umask = bus_config_parser_get_keep_umask (parser);
401 context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
403 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
407 dbus_free_string_array (auth_mechanisms);
411 /* This code gets executed every time the config files
412 * are parsed: both during BusContext construction
413 * and on reloads. This function is slightly screwy
414 * since it can do a "half reload" in out-of-memory
415 * situations. Realistically, unlikely to ever matter.
418 process_config_every_time (BusContext *context,
419 BusConfigParser *parser,
420 dbus_bool_t is_reload,
423 DBusString full_address;
426 BusActivation *new_activation;
428 const char *servicehelper;
433 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
438 if (!_dbus_string_init (&full_address))
444 /* get our limits and timeout lengths */
445 bus_config_parser_get_limits (parser, &context->limits);
448 bus_policy_unref (context->policy);
449 context->policy = bus_config_parser_steal_policy (parser);
450 _dbus_assert (context->policy != NULL);
452 /* We have to build the address backward, so that
453 * <listen> later in the config file have priority
455 link = _dbus_list_get_last_link (&context->servers);
458 addr = dbus_server_get_address (link->data);
465 if (_dbus_string_get_length (&full_address) > 0)
467 if (!_dbus_string_append (&full_address, ";"))
474 if (!_dbus_string_append (&full_address, addr))
483 link = _dbus_list_get_prev_link (&context->servers, link);
487 dbus_free (context->address);
489 if (!_dbus_string_copy_data (&full_address, &context->address))
495 /* get the service directories */
496 dirs = bus_config_parser_get_service_dirs (parser);
498 /* and the service helper */
499 servicehelper = bus_config_parser_get_servicehelper (parser);
501 s = _dbus_strdup(servicehelper);
502 if (s == NULL && servicehelper != NULL)
509 dbus_free(context->servicehelper);
510 context->servicehelper = s;
513 /* Create activation subsystem */
514 if (context->activation)
516 if (!bus_activation_reload (context->activation, &full_address, dirs, error))
521 context->activation = bus_activation_new (context, &full_address, dirs, error);
524 if (context->activation == NULL)
526 _DBUS_ASSERT_ERROR_IS_SET (error);
530 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
534 _dbus_string_free (&full_address);
543 list_concat_new (DBusList **a,
551 link = _dbus_list_get_first_link (a);
552 for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link))
554 if (!_dbus_list_append (result, link->data))
557 for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link))
559 if (!_dbus_list_append (result, link->data))
565 _dbus_list_clear (result);
570 process_config_postinit (BusContext *context,
571 BusConfigParser *parser,
574 DBusHashTable *service_context_table;
575 DBusList *watched_dirs = NULL;
577 service_context_table = bus_config_parser_steal_service_context_table (parser);
578 if (!bus_registry_set_service_context_table (context->registry,
579 service_context_table))
585 _dbus_hash_table_unref (service_context_table);
587 /* We need to monitor both the configuration directories and directories
588 * containing .service files.
590 if (!list_concat_new (bus_config_parser_get_conf_dirs (parser),
591 bus_config_parser_get_service_dirs (parser),
598 bus_set_watched_dirs (context, &watched_dirs);
600 _dbus_list_clear (&watched_dirs);
606 bus_context_new (const DBusString *config_file,
607 ForceForkSetting force_fork,
608 DBusPipe *print_addr_pipe,
609 DBusPipe *print_pid_pipe,
613 BusConfigParser *parser;
615 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
620 if (!dbus_server_allocate_data_slot (&server_data_slot))
626 context = dbus_new0 (BusContext, 1);
632 context->refcount = 1;
634 _dbus_generate_uuid (&context->uuid);
636 if (!_dbus_string_copy_data (config_file, &context->config_file))
642 context->loop = _dbus_loop_new ();
643 if (context->loop == NULL)
649 context->registry = bus_registry_new (context);
650 if (context->registry == NULL)
656 parser = bus_config_load (config_file, TRUE, NULL, error);
659 _DBUS_ASSERT_ERROR_IS_SET (error);
663 if (!process_config_first_time_only (context, parser, error))
665 _DBUS_ASSERT_ERROR_IS_SET (error);
668 if (!process_config_every_time (context, parser, FALSE, error))
670 _DBUS_ASSERT_ERROR_IS_SET (error);
674 /* we need another ref of the server data slot for the context
677 if (!dbus_server_allocate_data_slot (&server_data_slot))
678 _dbus_assert_not_reached ("second ref of server data slot failed");
680 /* Note that we don't know whether the print_addr_pipe is
681 * one of the sockets we're using to listen on, or some
682 * other random thing. But I think the answer is "don't do
685 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
688 const char *a = bus_context_get_address (context);
691 _dbus_assert (a != NULL);
692 if (!_dbus_string_init (&addr))
698 if (!_dbus_string_append (&addr, a) ||
699 !_dbus_string_append (&addr, "\n"))
701 _dbus_string_free (&addr);
706 bytes = _dbus_string_get_length (&addr);
707 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
709 /* pipe write returns an error on failure but not short write */
710 if (error != NULL && !dbus_error_is_set (error))
712 dbus_set_error (error, DBUS_ERROR_FAILED,
713 "Printing message bus address: did not write all bytes\n");
715 _dbus_string_free (&addr);
719 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
720 _dbus_pipe_close (print_addr_pipe, NULL);
722 _dbus_string_free (&addr);
725 context->connections = bus_connections_new (context);
726 if (context->connections == NULL)
732 context->matchmaker = bus_matchmaker_new ();
733 if (context->matchmaker == NULL)
739 /* check user before we fork */
740 if (context->user != NULL)
742 if (!_dbus_verify_daemon_user (context->user))
744 dbus_set_error (error, DBUS_ERROR_FAILED,
745 "Could not get UID and GID for username \"%s\"",
751 /* Now become a daemon if appropriate and write out pid file in any case */
755 if (context->pidfile)
756 _dbus_string_init_const (&u, context->pidfile);
758 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
760 _dbus_verbose ("Forking and becoming daemon\n");
762 if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
765 context->keep_umask))
767 _DBUS_ASSERT_ERROR_IS_SET (error);
773 _dbus_verbose ("Fork not requested\n");
775 /* Need to write PID file and to PID pipe for ourselves,
776 * not for the child process. This is a no-op if the pidfile
777 * is NULL and print_pid_pipe is NULL.
779 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
784 _DBUS_ASSERT_ERROR_IS_SET (error);
790 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
791 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
792 _dbus_pipe_close (print_pid_pipe, NULL);
794 if (!bus_selinux_full_init ())
796 _dbus_warn ("SELinux initialization failed\n");
799 if (!process_config_postinit (context, parser, error))
801 _DBUS_ASSERT_ERROR_IS_SET (error);
807 bus_config_parser_unref (parser);
811 /* Here we change our credentials if required,
812 * as soon as we've set up our sockets and pidfile
814 if (context->user != NULL)
816 if (!_dbus_change_to_daemon_user (context->user, error))
818 _DBUS_ASSERT_ERROR_IS_SET (error);
823 /* FIXME - why not just put this in full_init() below? */
824 bus_selinux_audit_init ();
828 dbus_server_free_data_slot (&server_data_slot);
834 bus_config_parser_unref (parser);
836 bus_context_unref (context);
838 if (server_data_slot >= 0)
839 dbus_server_free_data_slot (&server_data_slot);
845 bus_context_get_id (BusContext *context,
848 return _dbus_uuid_encode (&context->uuid, uuid);
852 bus_context_reload_config (BusContext *context,
855 BusConfigParser *parser;
856 DBusString config_file;
859 /* Flush the user database cache */
860 _dbus_flush_caches ();
863 _dbus_string_init_const (&config_file, context->config_file);
864 parser = bus_config_load (&config_file, TRUE, NULL, error);
867 _DBUS_ASSERT_ERROR_IS_SET (error);
871 if (!process_config_every_time (context, parser, TRUE, error))
873 _DBUS_ASSERT_ERROR_IS_SET (error);
876 if (!process_config_postinit (context, parser, error))
878 _DBUS_ASSERT_ERROR_IS_SET (error);
883 bus_context_log_info (context, "Reloaded configuration");
886 bus_context_log_info (context, "Unable to reload configuration: %s", error->message);
888 bus_config_parser_unref (parser);
893 shutdown_server (BusContext *context,
896 if (server == NULL ||
897 !dbus_server_get_is_connected (server))
900 if (!dbus_server_set_watch_functions (server,
904 _dbus_assert_not_reached ("setting watch functions to NULL failed");
906 if (!dbus_server_set_timeout_functions (server,
910 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
912 dbus_server_disconnect (server);
916 bus_context_shutdown (BusContext *context)
920 link = _dbus_list_get_first_link (&context->servers);
923 shutdown_server (context, link->data);
925 link = _dbus_list_get_next_link (&context->servers, link);
930 bus_context_ref (BusContext *context)
932 _dbus_assert (context->refcount > 0);
933 context->refcount += 1;
939 bus_context_unref (BusContext *context)
941 _dbus_assert (context->refcount > 0);
942 context->refcount -= 1;
944 if (context->refcount == 0)
948 _dbus_verbose ("Finalizing bus context %p\n", context);
950 bus_context_shutdown (context);
952 if (context->connections)
954 bus_connections_unref (context->connections);
955 context->connections = NULL;
958 if (context->registry)
960 bus_registry_unref (context->registry);
961 context->registry = NULL;
964 if (context->activation)
966 bus_activation_unref (context->activation);
967 context->activation = NULL;
970 link = _dbus_list_get_first_link (&context->servers);
973 dbus_server_unref (link->data);
975 link = _dbus_list_get_next_link (&context->servers, link);
977 _dbus_list_clear (&context->servers);
981 bus_policy_unref (context->policy);
982 context->policy = NULL;
987 _dbus_loop_unref (context->loop);
988 context->loop = NULL;
991 if (context->matchmaker)
993 bus_matchmaker_unref (context->matchmaker);
994 context->matchmaker = NULL;
997 dbus_free (context->config_file);
998 dbus_free (context->type);
999 dbus_free (context->address);
1000 dbus_free (context->user);
1001 dbus_free (context->servicehelper);
1003 if (context->pidfile)
1006 _dbus_string_init_const (&u, context->pidfile);
1008 /* Deliberately ignore errors here, since there's not much
1009 * we can do about it, and we're exiting anyways.
1011 _dbus_delete_file (&u, NULL);
1013 dbus_free (context->pidfile);
1015 dbus_free (context);
1017 dbus_server_free_data_slot (&server_data_slot);
1021 /* type may be NULL */
1023 bus_context_get_type (BusContext *context)
1025 return context->type;
1029 bus_context_get_address (BusContext *context)
1031 return context->address;
1035 bus_context_get_servicehelper (BusContext *context)
1037 return context->servicehelper;
1041 bus_context_get_registry (BusContext *context)
1043 return context->registry;
1047 bus_context_get_connections (BusContext *context)
1049 return context->connections;
1053 bus_context_get_activation (BusContext *context)
1055 return context->activation;
1059 bus_context_get_matchmaker (BusContext *context)
1061 return context->matchmaker;
1065 bus_context_get_loop (BusContext *context)
1067 return context->loop;
1071 bus_context_allow_unix_user (BusContext *context,
1074 return bus_policy_allow_unix_user (context->policy,
1078 /* For now this is never actually called because the default
1079 * DBusConnection behavior of 'same user that owns the bus can connect'
1080 * is all it would do.
1083 bus_context_allow_windows_user (BusContext *context,
1084 const char *windows_sid)
1086 return bus_policy_allow_windows_user (context->policy,
1091 bus_context_get_policy (BusContext *context)
1093 return context->policy;
1097 bus_context_create_client_policy (BusContext *context,
1098 DBusConnection *connection,
1101 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
1102 return bus_policy_create_client_policy (context->policy, connection,
1107 bus_context_get_activation_timeout (BusContext *context)
1110 return context->limits.activation_timeout;
1114 bus_context_get_auth_timeout (BusContext *context)
1116 return context->limits.auth_timeout;
1120 bus_context_get_max_completed_connections (BusContext *context)
1122 return context->limits.max_completed_connections;
1126 bus_context_get_max_incomplete_connections (BusContext *context)
1128 return context->limits.max_incomplete_connections;
1132 bus_context_get_max_connections_per_user (BusContext *context)
1134 return context->limits.max_connections_per_user;
1138 bus_context_get_max_pending_activations (BusContext *context)
1140 return context->limits.max_pending_activations;
1144 bus_context_get_max_services_per_connection (BusContext *context)
1146 return context->limits.max_services_per_connection;
1150 bus_context_get_max_match_rules_per_connection (BusContext *context)
1152 return context->limits.max_match_rules_per_connection;
1156 bus_context_get_max_replies_per_connection (BusContext *context)
1158 return context->limits.max_replies_per_connection;
1162 bus_context_get_reply_timeout (BusContext *context)
1164 return context->limits.reply_timeout;
1168 bus_context_log_info (BusContext *context, const char *msg, ...)
1172 va_start (args, msg);
1174 if (context->syslog)
1175 _dbus_log_info (msg, args);
1181 bus_context_log_security (BusContext *context, const char *msg, ...)
1185 va_start (args, msg);
1187 if (context->syslog)
1188 _dbus_log_security (msg, args);
1194 * addressed_recipient is the recipient specified in the message.
1196 * proposed_recipient is the recipient we're considering sending
1197 * to right this second, and may be an eavesdropper.
1199 * sender is the sender of the message.
1201 * NULL for proposed_recipient or sender definitely means the bus driver.
1203 * NULL for addressed_recipient may mean the bus driver, or may mean
1204 * no destination was specified in the message (e.g. a signal).
1207 bus_context_check_security_policy (BusContext *context,
1208 BusTransaction *transaction,
1209 DBusConnection *sender,
1210 DBusConnection *addressed_recipient,
1211 DBusConnection *proposed_recipient,
1212 DBusMessage *message,
1216 BusClientPolicy *sender_policy;
1217 BusClientPolicy *recipient_policy;
1218 dbus_int32_t toggles;
1221 dbus_bool_t requested_reply;
1222 const char *sender_name;
1223 const char *sender_loginfo;
1224 const char *proposed_recipient_loginfo;
1226 type = dbus_message_get_type (message);
1227 dest = dbus_message_get_destination (message);
1229 /* dispatch.c was supposed to ensure these invariants */
1230 _dbus_assert (dest != NULL ||
1231 type == DBUS_MESSAGE_TYPE_SIGNAL ||
1232 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1233 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
1234 addressed_recipient != NULL ||
1235 strcmp (dest, DBUS_SERVICE_DBUS) == 0);
1237 /* Used in logging below */
1240 sender_name = bus_connection_get_name (sender);
1241 sender_loginfo = bus_connection_get_loginfo (sender);
1246 sender_loginfo = "(bus)";
1249 if (proposed_recipient != NULL)
1250 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
1252 proposed_recipient_loginfo = "bus";
1256 case DBUS_MESSAGE_TYPE_METHOD_CALL:
1257 case DBUS_MESSAGE_TYPE_SIGNAL:
1258 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
1259 case DBUS_MESSAGE_TYPE_ERROR:
1263 _dbus_verbose ("security check disallowing message of unknown type %d\n",
1266 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1267 "Message bus will not accept messages of unknown type\n");
1272 requested_reply = FALSE;
1276 /* First verify the SELinux access controls. If allowed then
1277 * go on with the standard checks.
1279 if (!bus_selinux_allows_send (sender, proposed_recipient,
1280 dbus_message_type_to_string (dbus_message_get_type (message)),
1281 dbus_message_get_interface (message),
1282 dbus_message_get_member (message),
1283 dbus_message_get_error_name (message),
1284 dest ? dest : DBUS_SERVICE_DBUS, error))
1286 if (error != NULL && !dbus_error_is_set (error))
1288 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1289 "An SELinux policy prevents this sender "
1290 "from sending this message to this recipient "
1291 "(rejected message had sender \"%s\" interface \"%s\" "
1292 "member \"%s\" error name \"%s\" destination \"%s\")",
1293 sender_name ? sender_name : "(unset)",
1294 dbus_message_get_interface (message) ?
1295 dbus_message_get_interface (message) : "(unset)",
1296 dbus_message_get_member (message) ?
1297 dbus_message_get_member (message) : "(unset)",
1298 dbus_message_get_error_name (message) ?
1299 dbus_message_get_error_name (message) : "(unset)",
1300 dest ? dest : DBUS_SERVICE_DBUS);
1301 _dbus_verbose ("SELinux security check denying send to service\n");
1307 if (bus_connection_is_active (sender))
1309 sender_policy = bus_connection_get_policy (sender);
1310 _dbus_assert (sender_policy != NULL);
1312 /* Fill in requested_reply variable with TRUE if this is a
1313 * reply and the reply was pending.
1315 if (dbus_message_get_reply_serial (message) != 0)
1317 if (proposed_recipient != NULL /* not to the bus driver */ &&
1318 addressed_recipient == proposed_recipient /* not eavesdropping */)
1322 dbus_error_init (&error2);
1323 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
1325 sender, addressed_recipient, message,
1327 if (dbus_error_is_set (&error2))
1329 dbus_move_error (&error2, error);
1337 /* Policy for inactive connections is that they can only send
1338 * the hello message to the bus driver
1340 if (proposed_recipient == NULL &&
1341 dbus_message_is_method_call (message,
1342 DBUS_INTERFACE_DBUS,
1345 _dbus_verbose ("security check allowing %s message\n",
1351 _dbus_verbose ("security check disallowing non-%s message\n",
1354 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1355 "Client tried to send a message other than %s without being registered",
1364 sender_policy = NULL;
1366 /* If the sender is the bus driver, we assume any reply was a
1367 * requested reply as bus driver won't send bogus ones
1369 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1370 dbus_message_get_reply_serial (message) != 0)
1371 requested_reply = TRUE;
1374 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1375 (sender == NULL && sender_policy == NULL));
1377 if (proposed_recipient != NULL)
1379 /* only the bus driver can send to an inactive recipient (as it
1380 * owns no services, so other apps can't address it). Inactive
1381 * recipients can receive any message.
1383 if (bus_connection_is_active (proposed_recipient))
1385 recipient_policy = bus_connection_get_policy (proposed_recipient);
1386 _dbus_assert (recipient_policy != NULL);
1388 else if (sender == NULL)
1390 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1391 recipient_policy = NULL;
1395 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1396 recipient_policy = NULL;
1400 recipient_policy = NULL;
1402 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1403 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1404 (proposed_recipient == NULL && recipient_policy == NULL));
1407 if (sender_policy &&
1408 !bus_client_policy_check_can_send (sender_policy,
1412 message, &toggles, &log))
1414 const char *msg = "Rejected send message, %d matched rules; "
1415 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
1417 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1419 dbus_message_type_to_string (dbus_message_get_type (message)),
1420 sender_name ? sender_name : "(unset)",
1422 dbus_message_get_interface (message) ?
1423 dbus_message_get_interface (message) : "(unset)",
1424 dbus_message_get_member (message) ?
1425 dbus_message_get_member (message) : "(unset)",
1426 dbus_message_get_error_name (message) ?
1427 dbus_message_get_error_name (message) : "(unset)",
1429 dest ? dest : DBUS_SERVICE_DBUS,
1430 proposed_recipient_loginfo);
1431 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1432 if (addressed_recipient == proposed_recipient)
1433 bus_context_log_security (context, msg,
1435 dbus_message_type_to_string (dbus_message_get_type (message)),
1436 sender_name ? sender_name : "(unset)",
1438 dbus_message_get_interface (message) ?
1439 dbus_message_get_interface (message) : "(unset)",
1440 dbus_message_get_member (message) ?
1441 dbus_message_get_member (message) : "(unset)",
1442 dbus_message_get_error_name (message) ?
1443 dbus_message_get_error_name (message) : "(unset)",
1445 dest ? dest : DBUS_SERVICE_DBUS,
1446 proposed_recipient_loginfo);
1447 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1452 bus_context_log_security (context,
1453 "Would reject message, %d matched rules; "
1454 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))",
1456 dbus_message_type_to_string (dbus_message_get_type (message)),
1457 sender_name ? sender_name : "(unset)",
1459 dbus_message_get_interface (message) ?
1460 dbus_message_get_interface (message) : "(unset)",
1461 dbus_message_get_member (message) ?
1462 dbus_message_get_member (message) : "(unset)",
1463 dbus_message_get_error_name (message) ?
1464 dbus_message_get_error_name (message) : "(unset)",
1466 dest ? dest : DBUS_SERVICE_DBUS,
1467 proposed_recipient_loginfo);
1469 if (recipient_policy &&
1470 !bus_client_policy_check_can_receive (recipient_policy,
1474 addressed_recipient, proposed_recipient,
1477 const char *msg = "Rejected receive message, %d matched rules; "
1478 "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))";
1480 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1482 dbus_message_type_to_string (dbus_message_get_type (message)),
1483 sender_name ? sender_name : "(unset)",
1485 dbus_message_get_interface (message) ?
1486 dbus_message_get_interface (message) : "(unset)",
1487 dbus_message_get_member (message) ?
1488 dbus_message_get_member (message) : "(unset)",
1489 dbus_message_get_error_name (message) ?
1490 dbus_message_get_error_name (message) : "(unset)",
1491 dbus_message_get_reply_serial (message),
1493 dest ? dest : DBUS_SERVICE_DBUS,
1494 proposed_recipient_loginfo);
1495 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1496 if (addressed_recipient == proposed_recipient)
1497 bus_context_log_security (context, msg,
1499 dbus_message_type_to_string (dbus_message_get_type (message)),
1500 sender_name ? sender_name : "(unset)",
1502 dbus_message_get_interface (message) ?
1503 dbus_message_get_interface (message) : "(unset)",
1504 dbus_message_get_member (message) ?
1505 dbus_message_get_member (message) : "(unset)",
1506 dbus_message_get_error_name (message) ?
1507 dbus_message_get_error_name (message) : "(unset)",
1508 dbus_message_get_reply_serial (message),
1510 dest ? dest : DBUS_SERVICE_DBUS,
1511 proposed_recipient_loginfo);
1512 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1516 /* See if limits on size have been exceeded */
1517 if (proposed_recipient &&
1518 ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) ||
1519 (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds)))
1521 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
1522 "The destination service \"%s\" has a full message queue",
1523 dest ? dest : (proposed_recipient ?
1524 bus_connection_get_name (proposed_recipient) :
1525 DBUS_SERVICE_DBUS));
1526 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1530 /* Record that we will allow a reply here in the future (don't
1531 * bother if the recipient is the bus or this is an eavesdropping
1532 * connection). Only the addressed recipient may reply.
1534 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
1536 addressed_recipient &&
1537 addressed_recipient == proposed_recipient && /* not eavesdropping */
1538 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1540 sender, addressed_recipient,
1543 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1547 _dbus_verbose ("security policy allowing message\n");