1 <!doctype article PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [
5 <title>D-BUS Specification</title>
6 <releaseinfo>Version 0.7</releaseinfo>
7 <date>26 March 2003</date>
10 <firstname>Havoc</firstname>
11 <surname>Pennington</surname>
13 <orgname>Red Hat, Inc</orgname>
15 <email>hp@pobox.com</email>
20 <firstname>Anders</firstname>
21 <surname>Carlsson</surname>
23 <orgname>CodeFactory AB</orgname>
25 <email>andersca@codefactory.se</email>
30 <firstname>Alexander</firstname>
31 <surname>Larsson</surname>
33 <orgname>Red Hat, Inc</orgname>
35 <email>alexl@redhat.com</email>
42 <sect1 id="introduction">
43 <title>Introduction</title>
45 D-BUS is a system for low-latency, low-overhead, easy to use
46 interprocess communication (IPC). In more detail:
50 D-BUS is <emphasis>low-latency</emphasis> because it is designed
51 to avoid round trips and allow asynchronous operation, much like
57 D-BUS is <emphasis>low-overhead</emphasis> because it uses a
58 binary protocol, and does not have to convert to and from a text
59 format such as XML. Because D-BUS is intended for potentially
60 high-resolution same-machine IPC, not primarily for Internet IPC,
61 this is an interesting optimization.
66 D-BUS is <emphasis>easy to use</emphasis> because it works in terms
67 of <firstterm>messages</firstterm> rather than byte streams, and
68 does not require users to understand any complex concepts such as a
69 new type system or elaborate APIs. Libraries implementing D-BUS
70 may choose to abstract messages as "method calls" (see
71 <xref linkend="message-conventions-method">).
77 The base D-BUS protocol is a peer-to-peer protocol, specified in <xref
78 linkend="message-protocol">. That is, it is a system for one application
79 to talk to a single other application. However, the primary intended
80 application of D-BUS is the D-BUS <firstterm>message bus</firstterm>,
81 specified in <xref linkend="message-bus">. The message bus is a special
82 application that accepts connections from multiple other applications, and
83 forwards messages among them.
86 Things that D-BUS can be used for is for example notification of
87 system changes (notification of when a camera is plugged in to a
88 computer, or a new version of some software has been installed),
89 or desktop interoperablity, for example a file monitoring
90 service or a configuration service.
94 <sect1 id="message-protocol">
95 <title>Message Protocol</title>
97 A <firstterm>message</firstterm> consists of a
98 <firstterm>header</firstterm> and a <firstterm>body</firstterm>. If you
99 think of a message as a package, the header is the address, and the body
100 contains the package contents. The message delivery system uses the header
101 information to figure out where to send the message and how to interpret
102 it; the recipient inteprets the body of the message.
106 The body of the message is made up of zero or more
107 <firstterm>arguments</firstterm>, which are typed
108 values, such as an integer or a byte array.
111 <sect2 id="message-protocol-header-encoding">
112 <title>Header Encoding</title>
114 Following the mandatory fields, there are zero or more named fields (see
115 <xref linkend="message-protocol-header-fields">), and then nul bytes
116 padding the header such that its total length in bytes is a multiple of
120 The header MUST begin with the following mandatory fields in the following
127 <entry>Description</entry>
132 <entry>1 byte</entry>
133 <entry>Endianness flag; ASCII 'l' for little-endian
134 or ASCII 'B' for big-endian.</entry>
137 <entry>1 byte</entry>
138 <entry>Bitwise OR of flags. Unknown flags
139 MUST be ignored. Currently-defined flags are described below.
143 <entry>1 byte</entry>
144 <entry>Major protocol version of the sending application. If
145 the major protocol version of the receiving application does not
146 match, the applications will not be able to communicate and the
147 D-BUS connection MUST be disconnected. The major protocol
148 version for this version of the specification is 0.
152 <entry>1 byte</entry>
153 <entry>A nul byte, reserved for future use.
154 Any value for this byte MUST be accepted.
158 <entry>4 bytes</entry>
159 <entry>An unsigned 32-bit integer in the
160 message's byte order, indicating the total length in bytes of
161 the header including named fields and any alignment padding.
162 MUST be a multiple of 8.
166 <entry>4 bytes</entry>
167 <entry>An unsigned 32-bit integer in the
168 message's byte order, indicating the total length in bytes of
173 <entry>4 bytes</entry>
174 <entry>The message's serial number, an unsigned 32-bit integer in
175 the message's byte order. Applications MUST NOT reuse the same
176 serial number for different messages more often than 32-bit
177 unsigned integer wraparound. Zero is not a valid serial number.
185 Flags that can appear in the second byte of the header:
190 <entry>Hex value</entry>
191 <entry>Description</entry>
197 <entry>This message is an error reply. If the first argument exists and is a string, it is an error message.</entry>
205 <sect2 id="message-protocol-header-fields">
206 <title>Header Fields</title>
208 In addition to the required header information mentioned
209 in <xref linkend="message-protocol-header-encoding">,
210 the header may contain zero or more named
211 header fields. These fields are named to allow
212 future versions of this protocol specification to
213 add new fields; implementations must ignore fields
214 they do not understand. Implementations must not
215 invent their own header fields; only changes to
216 this specification may introduce new header fields.
220 Header field names MUST consist of 4 non-nul bytes. The field name is
221 NOT nul terminated; it occupies exactly 4 bytes. Following the name,
222 the field MUST have a type code, and then a properly-aligned value
224 See <xref linkend="message-protocol-arguments"> for a description
225 of how each type is encoded. If an implementation sees a header
226 field name that it does not understand, it MUST ignore
231 Here are the currently-defined named header fields:
238 <entry>Description</entry>
244 <entry>STRING</entry>
245 <entry>The name of the message, such as org.freedesktop.Peer.Ping</entry>
249 <entry>UINT32</entry>
250 <entry>The serial number of the message this message is a reply
251 to. (The serial number is one of the mandatory header fields,
252 see <xref linkend="message-protocol-header-encoding">.)</entry>
256 <entry>STRING</entry>
257 <entry>The name of the service this message should be routed to.
258 Only used in combination with the message bus, see
259 <xref linkend="message-bus">.</entry>
263 <entry>STRING</entry>
264 <entry>The name of the base service that sent this message.
265 The message bus fills in this field; the field is
266 only meaningful in combination with the message bus.</entry>
274 <sect2 id="message-protocol-header-padding">
275 <title>Header Alignment Padding</title>
277 To allow implementations to keep the header and the body in a single
278 buffer while keeping data types aligned, the total length of the header
279 must be a multiple of 8 bytes. To achieve this, the header MUST be padded
280 with nul bytes to align its total length on an 8-byte boundary.
281 The minimum number of padding bytes MUST be used. Because all possible
282 named fields use at least 8 bytes, implementations can distinguish
283 padding (which must be less than 8 bytes) from additional named fields
284 (which must be at least 8 bytes).
288 <sect2 id="message-protocol-arguments">
289 <title>Message Arguments</title>
291 The message body is made up of arguments. Each argument
292 is a type code, followed by the value of the argument
293 in a type-dependent format.
300 <entry>Type name</entry>
302 <entry>Description</entry>
307 <entry>INVALID</entry>
309 <entry>Not a valid type code (error if it appears in a message)</entry>
313 <entry>Marks an "unset" or "nonexistent" argument</entry>
317 <entry>8-bit unsigned integer</entry>
319 <entry>BOOLEAN</entry>
321 <entry>Boolean value, 0 is FALSE and 1 is TRUE. Everything else is invalid.</entry>
325 <entry>32-bit signed integer</entry>
327 <entry>UINT32</entry>
329 <entry>32-bit unsigned integer</entry>
331 <entry>DOUBLE</entry>
333 <entry>IEEE 754 double</entry>
335 <entry>STRING</entry>
337 <entry>UTF-8 string (<emphasis>must</emphasis> be valid UTF-8). Must be zero terminated. </entry>
341 <entry>A named byte array, used for custom types</entry>
349 <entry>A dictionary of key/value pairs</entry>
356 The types are encoded as follows:
361 <entry>Type name</entry>
362 <entry>Encoding</entry>
367 <entry>INVALID</entry>
368 <entry>Not applicable; cannot be encoded.</entry>
371 <entry>No data is encoded; the type code is followed immediately
372 by the type code of the next argument.</entry>
375 <entry>A byte.</entry>
377 <entry>BOOLEAN</entry>
378 <entry>A byte, with valid values 0 and 1.</entry>
381 <entry>32-bit signed integer in the message's byte order, aligned to 4-byte boundary.</entry>
383 <entry>UINT32</entry>
384 <entry>32-bit unsigned integer in the message's byte order, aligned to 4-byte boundary.</entry>
386 <entry>DOUBLE</entry>
387 <entry>64-bit IEEE 754 double in the message's byte order, aligned to 8-byte boundary.</entry>
389 <entry>STRING</entry>
390 <entry>UINT32 aligned to 4-byte boundary indicating the string's
391 length in bytes excluding its terminating nul, followed by
392 string data of the given length, followed by a terminating nul
397 <entry>A string (encoded as the STRING type above) giving the
398 name of the type followed by an UINT32 aligned to 4-byte boundary
399 indicating the data length in bytes, followed by the data.
403 <entry>A sequence of bytes giving the element type of the array, terminated
404 by a type different from ARRAY (just one byte for one-dimensional arrays, but
405 larger for multi-dimensional arrays), followed by an UINT32 (aligned to 4 bytes)
406 giving the length of the array data in bytes. This is followed by each array entry
407 encoded the way it would normally be encoded, except arrays, which are encoded
408 without the type information, since that is already declared above. Arrays containing
413 <entry>UINT32 giving the length of the dictionary data in bytes.
414 This is followed by a number of keyname/value pairs, where the
415 keyname is encoded as a STRING above, and the value is encoded
416 as a byte with typecode and how that type normally would be encoded
427 <sect1 id="auth-protocol">
428 <title>Authentication Protocol</title>
430 Before the flow of messages begins, two applications must
431 authenticate. A simple plain-text protocol is used for
432 authentication; this protocol is a SASL profile, and maps fairly
433 directly from the SASL specification. The message encoding is
434 NOT used here, only plain text messages.
437 In examples, "C:" and "S:" indicate lines sent by the client and
440 <sect2 id="auth-protocol-overview">
441 <title>Protocol Overview</title>
443 The protocol is a line-based protocol, where each line ends with
444 \r\n. Each line begins with an all-caps ASCII command name containing
445 only the character range [A-Z], a space, then any arguments for the
446 command, then the \r\n ending the line. The protocol is
447 case-sensitive. All bytes must be in the ASCII character set.
449 Commands from the client to the server are as follows:
452 <listitem><para>AUTH [mechanism] [initial-response]</para></listitem>
453 <listitem><para>CANCEL</para></listitem
454 <listitem><para>BEGIN</para></listitem>
455 <listitem><para>DATA <data in base 64 encoding></para></listitem>
456 <listitem><para>ERROR [human-readable error explanation]</para></listitem>
459 From server to client are as follows:
462 <listitem><para>REJECTED <space-separated list of mechanism names></para></listitem>
463 <listitem><para>OK</para></listitem>
464 <listitem><para>DATA <data in base 64 encoding></para></listitem>
465 <listitem><para>ERROR</para></listitem>
469 <sect2 id="auth-nul-byte">
470 <title>Special credentials-passing nul byte</title>
472 Immediately after connecting to the server, the client must send a
473 single nul byte. This byte may be accompanied by credentials
474 information on some operating systems that use sendmsg() with
475 SCM_CREDS or SCM_CREDENTIALS to pass credentials over UNIX domain
476 sockets. However, the nul byte MUST be sent even on other kinds of
477 socket, and even on operating systems that do not require a byte to be
478 sent in order to transmit credentials. The text protocol described in
479 this document begins after the single nul byte. If the first byte
480 received from the client is not a nul byte, the server may disconnect
484 A nul byte in any context other than the initial byte is an error;
485 the protocol is ASCII-only.
488 The credentials sent along with the nul byte may be used with the
489 SASL mechanism EXTERNAL.
492 <sect2 id="auth-command-auth">
493 <title>AUTH command</title>
495 If an AUTH command has no arguments, it is a request to list
496 available mechanisms. The server SHOULD respond with a REJECTED
497 command listing the mechanisms it understands.
500 If an AUTH command specifies a mechanism, and the server supports
501 said mechanism, the server SHOULD begin exchanging SASL
502 challenge-response data with the client using DATA commands.
505 If the server does not support the mechanism given in the AUTH
506 command, it SHOULD send a REJECTED command listing the mechanisms
510 If the [initial-response] argument is provided, it is intended for
511 use with mechanisms that have no initial challenge (or an empty
512 initial challenge), as if it were the argument to an initial DATA
513 command. If the selected mechanism has an initial challenge, the
514 server should reject authentication by sending REJECTED.
517 If authentication succeeds after exchanging DATA commands,
518 an OK command should be sent to the client.
521 The first octet received by the client after the \r\n of the OK
522 command MUST be the first octet of the authenticated/encrypted
523 stream of D-BUS messages.
526 The first octet received by the server after the \r\n of the BEGIN
527 command from the client MUST be the first octet of the
528 authenticated/encrypted stream of D-BUS messages.
531 <sect2 id="auth-command-cancel">
532 <title>CANCEL Command</title>
534 At any time up to sending the BEGIN command, the client may send a
535 CANCEL command. On receiving the CANCEL command, the server MUST
536 send a REJECTED command and abort the current authentication
540 <sect2 id="auth-command-data">
541 <title>DATA Command</title>
543 The DATA command may come from either client or server, and simply
544 contains a base64-encoded block of data to be interpreted
545 according to the SASL mechanism in use.
548 Some SASL mechanisms support sending an "empty string";
549 FIXME we need some way to do this.
552 <sect2 id="auth-command-begin">
553 <title>BEGIN Command</title>
555 The BEGIN command acknowledges that the client has received an
556 OK command from the server, and that the stream of messages
560 The first octet received by the server after the \r\n of the BEGIN
561 command from the client MUST be the first octet of the
562 authenticated/encrypted stream of D-BUS messages.
565 <sect2 id="auth-command-rejected">
566 <title>REJECTED Command</title>
568 The REJECTED command indicates that the current authentication
569 exchange has failed, and further exchange of DATA is inappropriate.
570 The client would normally try another mechanism, or try providing
571 different responses to challenges.
573 Optionally, the REJECTED command has a space-separated list of
574 available auth mechanisms as arguments. If a server ever provides
575 a list of supported mechanisms, it MUST provide the same list
576 each time it sends a REJECTED message. Clients are free to
577 ignore all lists received after the first.
580 <sect2 id="auth-command-ok">
581 <title>OK Command</title>
583 The OK command indicates that the client has been authenticated,
584 and that further communication will be a stream of D-BUS messages
585 (optionally encrypted, as negotiated) rather than this protocol.
588 The first octet received by the client after the \r\n of the OK
589 command MUST be the first octet of the authenticated/encrypted
590 stream of D-BUS messages.
593 The client MUST respond to the OK command by sending a BEGIN
594 command, followed by its stream of messages, or by disconnecting.
595 The server MUST NOT accept additional commands using this protocol
596 after the OK command has been sent.
599 <sect2 id="auth-command-error">
600 <title>ERROR Command</title>
602 The ERROR command indicates that either server or client did not
603 know a command, does not accept the given command in the current
604 context, or did not understand the arguments to the command. This
605 allows the protocol to be extended; a client or server can send a
606 command present or permitted only in new protocol versions, and if
607 an ERROR is received instead of an appropriate response, fall back
608 to using some other technique.
611 If an ERROR is sent, the server or client that sent the
612 error MUST continue as if the command causing the ERROR had never been
613 received. However, the the server or client receiving the error
614 should try something other than whatever caused the error;
615 if only canceling/rejecting the authentication.
618 <sect2 id="auth-examples">
619 <title>Authentication examples</title>
623 <title>Example of successful magic cookie authentication</title>
625 (MAGIC_COOKIE is a made up mechanism)
627 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
633 <title>Example of finding out mechanisms then picking one</title>
636 S: REJECTED KERBEROS_V4 SKEY
637 C: AUTH SKEY bW9yZ2Fu
638 S: DATA OTUgUWE1ODMwOA==
639 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
645 <title>Example of client sends unknown command then falls back to regular auth</title>
649 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
655 <title>Example of server doesn't support initial auth mechanism</title>
657 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
658 S: REJECTED KERBEROS_V4 SKEY
659 C: AUTH SKEY bW9yZ2Fu
660 S: DATA OTUgUWE1ODMwOA==
661 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
667 <title>Example of wrong password or the like followed by successful retry</title>
669 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
670 S: REJECTED KERBEROS_V4 SKEY
671 C: AUTH SKEY bW9yZ2Fu
672 S: DATA OTUgUWE1ODMwOA==
673 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
675 C: AUTH SKEY bW9yZ2Fu
676 S: DATA OTUgUWE1ODMwOA==
677 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
683 <title>Example of skey cancelled and restarted</title>
685 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
686 S: REJECTED KERBEROS_V4 SKEY
687 C: AUTH SKEY bW9yZ2Fu
688 S: DATA OTUgUWE1ODMwOA==
691 C: AUTH SKEY bW9yZ2Fu
692 S: DATA OTUgUWE1ODMwOA==
693 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
700 <sect2 id="auth-mechanisms">
701 <title>Authentication mechanisms</title>
703 This section describes some new authentication mechanisms.
704 D-BUS also allows any standard SASL mechanism of course.
706 <sect3 id="auth-mechanisms-sha">
707 <title>DBUS_COOKIE_SHA1</title>
709 The DBUS_COOKIE_SHA1 mechanism is designed to establish that a client
710 has the ability to read a private file owned by the user being
711 authenticated. If the client can prove that it has access to a secret
712 cookie stored in this file, then the client is authenticated.
713 Thus the security of DBUS_COOKIE_SHA1 depends on a secure home
717 Authentication proceeds as follows:
721 The client sends the username it would like to authenticate
727 The server sends the name of its "cookie context" (see below); a
728 space character; the integer ID of the secret cookie the client
729 must demonstrate knowledge of; a space character; then a
730 hex-encoded randomly-generated challenge string.
735 The client locates the cookie, and generates its own hex-encoded
736 randomly-generated challenge string. The client then
737 concatentates the server's hex-encoded challenge, a ":"
738 character, its own hex-encoded challenge, another ":" character,
739 and the hex-encoded cookie. It computes the SHA-1 hash of this
740 composite string. It sends back to the server the client's
741 hex-encoded challenge string, a space character, and the SHA-1
747 The server generates the same concatenated string used by the
748 client and computes its SHA-1 hash. It compares the hash with
749 the hash received from the client; if the two hashes match, the
750 client is authenticated.
756 Each server has a "cookie context," which is a name that identifies a
757 set of cookies that apply to that server. A sample context might be
758 "org_freedesktop_session_bus". Context names must be valid ASCII,
759 nonzero length, and may not contain the characters slash ("/"),
760 backslash ("\"), space (" "), newline ("\n"), carriage return ("\r"),
761 tab ("\t"), or period ("."). There is a default context,
762 "org_freedesktop_global" that's used by servers that do not specify
766 Cookies are stored in a user's home directory, in the directory
767 <filename>~/.dbus-keyrings/</filename>. This directory must
768 not be readable or writable by other users. If it is,
769 clients and servers must ignore it. The directory
770 contains cookie files named after the cookie context.
773 A cookie file contains one cookie per line. Each line
774 has three space-separated fields:
778 The cookie ID number, which must be a non-negative integer and
779 may not be used twice in the same file.
784 The cookie's creation time, in UNIX seconds-since-the-epoch
790 The cookie itself, a hex-encoded random block of bytes.
796 Only server processes modify the cookie file.
797 They must do so with this procedure:
801 Create a lockfile name by appending ".lock" to the name of the
802 cookie file. The server should attempt to create this file
803 using <literal>O_CREAT | O_EXCL</literal>. If file creation
804 fails, the lock fails. Servers should retry for a reasonable
805 period of time, then they may choose to delete an existing lock
806 to keep users from having to manually delete a stale
807 lock. <footnote><para>Lockfiles are used instead of real file
808 locking <literal>fcntl()</literal> because real locking
809 implementations are still flaky on network
810 filesystems.</para></footnote>
815 Once the lockfile has been created, the server loads the cookie
816 file. It should then delete any cookies that are old (the
817 timeout can be fairly short), or more than a reasonable
818 time in the future (so that cookies never accidentally
819 become permanent, if the clock was set far into the future
820 at some point). If no recent keys remain, the
821 server may generate a new key.
826 The pruned and possibly added-to cookie file
827 must be resaved atomically (using a temporary
828 file which is rename()'d).
833 The lock must be dropped by deleting the lockfile.
839 Clients need not lock the file in order to load it,
840 because servers are required to save the file atomically.
845 <sect1 id="addresses">
846 <title>Server Addresses</title>
848 Server addresses consist of a transport name followed by a colon, and
849 then an optional, comma-separated list of keys and values in the form key=value.
850 [FIXME how do you escape colon, comma, and semicolon in the values of the key=value pairs?]
854 <programlisting>unix:path=/tmp/dbus-test</programlisting>
855 Which is the address to a unix socket with the path /tmp/dbus-test.
858 [FIXME clarify if attempting to connect to each is a requirement
859 or just a suggestion]
860 When connecting to a server, multiple server addresses can be
861 separated by a semi-colon. The library will then try to connect
862 to the first address and if that fails, it'll try to connect to
863 the next one specified, and so forth. For example
864 <programlisting>unix:path=/tmp/dbus-test;unix:path=/tmp/dbus-test2</programlisting>
867 [FIXME we need to specify in detail each transport and its possible arguments]
868 Currently, a transport over local UNIX sockets exists, a debug
869 transport that only works in-process and therefore can be used
870 for for unit testing also exists. It is possible that other
871 transports are added, such as a TCP/IP transport, and a
872 transport that works over X11.
876 <sect1 id="message-conventions">
877 <title>Message Conventions</title>
879 This section documents conventions that are not essential to D-BUS
880 functionality, but should generally be followed in order to simplify
883 <sect2 id="message-conventions-naming">
884 <title>Message Naming</title>
886 Messages are normally named in the form
887 "org.freedesktop.Peer.Ping", which has three
891 <term>Namespace e.g. <literal>org.freedesktop</literal></term>
894 Message names have a Java-style namespace: a reversed domain
895 name. The components of the domain are normally lowercase.
900 <term>Package or object e.g. <literal>Peer</literal></term>
903 The next part of the message name can be thought of as the name
904 of a singleton object, or as the name of a package of related
905 messages. More than one dot-separated component might be used
906 here. (Note that D-BUS does not define any idea of object
907 instances or object references.) The package or object name is
908 capitalized LikeThis.
913 <term>Method or operation e.g. <literal>Ping</literal></term>
916 The final part of the message name is the most specific, and
917 should be a verb indicating an operation to be performed on the
918 object. The method or operation name is capitalized LikeThis.
925 A reply to a message conventionally has the same name as the message
926 being replied to. When following method call conventions (see <xref
927 linkend="message-conventions-method">), this convention is mandatory,
928 because a message with multiple possible replies can't be mapped
929 to method call semantics without special-case code.
932 <sect2 id="message-conventions-method">
933 <title>Method Call Mapping</title>
935 Some implementations of D-BUS may present an API that translates object
936 method calls into D-BUS messages. This document does not specify in
937 detail how such an API should look or work. However, it does specify how
938 message-based protocols should be designed to be friendly to such an
942 Remember that D-BUS does not have object references or object instances.
943 So when one application sends the message
944 <literal>org.freedesktop.Peer.Ping</literal>, it sends it to another
945 application, not to any kind of sub-portion of that application.
946 However, a convenience API used within the recipient application may
947 route all messages that start with
948 <literal>org.freedesktop.Peer</literal> to a particular object instance,
949 and may invoke the <literal>Ping()</literal> method on said instance in
950 order to handle the message. This is a convenience API based on
954 A "method call" consists of a message and, optionally, a reply to that
955 message. The name of the "method" is the last component of the message,
956 for example, <literal>org.freedesktop.Peer.Ping</literal> would map to
957 the method <literal>Ping()</literal> on some object.
960 Arguments to a method may be considered "in" (processed by the
961 recipient of the message), or "out" (returned to the sender of the
962 message in the reply). "inout" arguments are both sent and received,
963 i.e. the caller passes in a value which is modified. An "inout" argument
964 is equivalent to an "in" argument, followed by an "out" argument.
967 Given a method with zero or one return values, followed by zero or more
968 arguments, where each argument may be "in", "out", or "inout", the
969 caller constructs a message by appending each "in" or "inout" argument,
970 in order. "out" arguments are not represented in the caller's message.
973 The recipient constructs a reply by appending first the return value
974 if any, then each "out" or "inout" argument, in order.
975 "in" arguments are not represented in the reply message.
978 The standard reply message MUST have the same name as the message being
979 replied to, and MUST set the "rply" header field to the serial
980 number of the message being replied to.
983 If an error occurs, an error reply may be sent in place of the standard
984 reply. Error replies can be identified by a special header flag, see
985 <xref linkend="message-protocol-header-encoding">. Error replies have a
986 name which reflects the type of error that occurred. Error replies would
987 generally be mapped to exceptions in a programming language. If an
988 error reply has a first argument, and that argument has type STRING,
989 then the argument must be an error message.
992 [FIXME discuss mapping of broadcast messages + matching rules
993 to signals and slots]
998 <sect1 id="standard-messages">
999 <title>Standard Peer-to-Peer Messages</title>
1001 In the following message definitions, "method call notation" is presented
1002 in addition to simply listing the message names and arguments. The special
1003 type name ANY means any type other than NIL, and the special type name
1004 ANY_OR_NIL means any valid type.
1005 [FIXME the messages here are just made up to illustrate the
1006 format for defining them]
1008 <sect2 id="standard-messages-ping">
1009 <title><literal>org.freedesktop.Peer.Ping</literal></title>
1017 On receipt of the message <literal>org.freedesktop.Peer.Ping</literal>,
1018 an application should reply with
1019 <literal>org.freedesktop.Peer.Ping</literal>. Neither the
1020 message nor its reply have any arguments.
1021 [FIXME the messages here are just made up to illustrate the
1022 format for defining them]
1025 <sect2 id="standard-messages-get-props">
1026 <title><literal>org.freedesktop.Props.Get</literal></title>
1030 ANY_OR_NIL Get (in STRING property_name)
1037 <entry>Argument</entry>
1039 <entry>Description</entry>
1045 <entry>STRING</entry>
1046 <entry>Name of the property to get</entry>
1056 <entry>Argument</entry>
1058 <entry>Description</entry>
1064 <entry>ANY_OR_NIL</entry>
1065 <entry>The value of the property. The type depends on the property.</entry>
1073 [FIXME the messages here are just made up to illustrate the
1074 format for defining them]
1079 <sect1 id="message-bus">
1080 <title>Message Bus Specification</title>
1081 <sect2 id="message-bus-overview">
1082 <title>Message Bus Overview</title>
1084 The message bus accepts connections from one or more applications.
1085 Once connected, applications can send and receive messages from
1086 the message bus, as in the peer-to-peer case.
1089 The message bus keeps track of a set of
1090 <firstterm>services</firstterm>. A service is simply a name, such as
1091 <literal>com.yoyodyne.Screensaver</literal>, which can be
1092 <firstterm>owned</firstterm> by one or more of the connected
1093 applications. The message bus itself always owns the special service
1094 <literal>org.freedesktop.DBus</literal>.
1097 Services may have <firstterm>secondary owners</firstterm>. Secondary owners
1098 of a service are kept in a queue; if the primary owner of a service
1099 disconnects, or releases the service, the next secondary owner becomes
1100 the new owner of the service.
1103 Messages may have a <literal>srvc</literal> field (see <xref
1104 linkend="message-protocol-header-fields">). When the message bus
1105 receives a message, if the <literal>srvc</literal> field is absent, the
1106 message is taken to be a standard peer-to-peer message and interpreted
1107 by the message bus itself. For example, sending
1108 an <literal>org.freedesktop.Peer.Ping</literal> message with no
1109 <literal>srvc</literal> will cause the message bus itself to reply
1110 to the ping immediately; the message bus would never make
1111 this message visible to other applications.
1114 If the <literal>srvc</literal> field is present, then it indicates a
1115 request for the message bus to route the message. In the usual case,
1116 messages are routed to the owner of the named service.
1117 Messages may also be <firstterm>broadcast</firstterm>
1118 by sending them to the special service
1119 <literal>org.freedesktop.DBus.Broadcast</literal>. Broadcast messages are
1120 sent to all applications with <firstterm>message matching
1121 rules</firstterm> that match the message.
1124 Continuing the <literal>org.freedesktop.Peer.Ping</literal> example, if
1125 the ping message were sent with a <literal>srvc</literal> name of
1126 <literal>com.yoyodyne.Screensaver</literal>, then the ping would be
1127 forwarded, and the Yoyodyne Corporation screensaver application would be
1128 expected to reply to the ping. If
1129 <literal>org.freedesktop.Peer.Ping</literal> were sent to
1130 <literal>org.freedesktop.DBus.Broadcast</literal>, then multiple applications
1131 might receive the ping, and all would normally reply to it.
1135 <sect2 id="message-bus-services">
1136 <title>Message Bus Services</title>
1138 A service is a name that identifies a certain application. Each
1139 application connected to the message bus has at least one service name
1140 assigned at connection time and returned in response to the
1141 <literal>org.freedesktop.DBus.Hello</literal> message.
1142 This automatically-assigned service name is called
1143 the application's <firstterm>base service</firstterm>.
1144 Base service names are unique and MUST never be reused for two different
1148 Ownership of the base service is a prerequisite for interaction with
1149 the message bus. It logically follows that the base service is always
1150 the first service that an application comes to own, and the last
1151 service that it loses ownership of.
1154 Base service names must begin with the character ':' (ASCII colon
1155 character); service names that are not base service names must not begin
1156 with this character. (The bus must reject any attempt by an application
1157 to manually create a service name beginning with ':'.) This restriction
1158 categorically prevents "spoofing"; messages sent to a base service name
1159 will always go to a single application instance and that instance only.
1162 An application can request additional service names to be associated
1164 <literal>org.freedesktop.DBus.AcquireService</literal>
1165 message. [FIXME what service names are allowed; ASCII or unicode;
1169 [FIXME this needs more detail, and should move the service-related message
1170 descriptions up into this section perhaps]
1171 Service ownership handling can be specified in the flags part
1172 of the <literal>org.freedesktop.DBus.AcquireService</literal>
1173 message. If an application specifies the
1174 DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT flag, then all applications
1175 trying to acquire the service will be put in a queue. When the
1176 primary owner disconnects from the bus or removes ownership
1177 from the service, the next application in the queue will be the
1178 primary owner. If the DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT
1179 flag is not specified, then the primary owner will lose
1180 ownership whenever another application requests ownership of the
1184 When a client disconnects from the bus, all the services that
1185 the clients own are deleted, or in the case of a service that
1186 prohibits replacement, ownership is transferred to the next
1187 client in the queue, if any.
1190 <sect2 id="message-bus-routing">
1191 <title>Message Bus Message Routing</title>
1193 When a message is received by the message bus, the message's
1194 <literal>sndr</literal> header field MUST be set to the base service of
1195 the application which sent the message. If the service already has
1196 a <literal>sndr</literal> field, the pre-existing field is replaced.
1197 This rule means that a replies are always sent to the base service name,
1198 i.e. to the same application that sent the message being replied to.
1201 [FIXME go into detail about broadcast, multicast, unicast, etc.]
1204 <sect2 id="message-bus-activation">
1205 <title>Message Bus Service Activation</title>
1207 <firstterm>Activation</firstterm> means to locate a service
1208 owner for a service that is currently unowned. For now, it
1209 means to launch an executable that will take ownership of
1210 a particular service.
1213 To find an executable corresponding to a particular service, the bus
1214 daemon looks for <firstterm>service description files</firstterm>.
1215 Service description files define a mapping from service names to
1216 executables. Different kinds of message bus will look for these files
1217 in different places, see <xref linkend="message-bus-types">.
1220 [FIXME the file format should be much better specified than
1221 "similar to .desktop entries" esp. since desktop entries are
1222 already badly-specified. ;-)] Service description files have
1223 the ".service" file extension. The message bus will only load
1224 service description files ending with .service; all other
1225 files will be ignored. The file format is similar to that of
1227 url="http://www.freedesktop.org/standards/desktop-entry-spec/desktop-entry-spec.html">desktop
1228 entries</ulink>. All service description files must be in
1229 UTF-8 encoding. To ensure that there will be no name
1230 collisions, service files must be namespaced using the same
1231 mechanism as messages and service names.
1234 <title>Example service description file</title>
1236 # Sample service description file
1238 Name=org.gnome.ConfigurationDatabase
1239 Exec=/usr/libexec/gconfd-2
1244 When an application requests a service to be activated, the
1245 bus daemon tries to find it in the list of activation
1246 entries. It then tries to spawn the executable associated with
1247 it. If this fails, it will report an error. [FIXME what
1248 happens if two .service files offer the same service; what
1249 kind of error is reported, should we have a way for the client
1253 The executable launched will have the environment variable
1254 <literal>DBUS_ACTIVATION_ADDRESS</literal> set to the address of the
1255 message bus so it can connect and register the appropriate services.
1258 The executable being launched may want to know whether the message bus
1259 activating it is one of the well-known message buses (see <xref
1260 linkend="message-bus-types">). To facilitate this, the bus MUST also set
1261 the <literal>DBUS_ACTIVATION_BUS_TYPE</literal> environment variable if it is one
1262 of the well-known buses. The currently-defined values for this variable
1263 are <literal>system</literal> for the systemwide message bus,
1264 and <literal>session</literal> for the per-login-session message
1265 bus. The activated executable must still connect to the address given
1266 in <literal>DBUS_ACTIVATION_ADDRESS</literal>, but may assume that the
1267 resulting connection is to the well-known bus.
1270 [FIXME there should be a timeout somewhere, either specified
1271 in the .service file, by the client, or just a global value
1272 and if the client being activated fails to connect within that
1273 timeout, an error should be sent back.]
1277 <sect2 id="message-bus-types">
1278 <title>Well-known Message Bus Instances</title>
1280 Two standard message bus instances are defined here, along with how
1281 to locate them and where their service files live.
1283 <sect3 id="message-bus-types-login">
1284 <title>Login session message bus</title>
1286 Each time a user logs in, a <firstterm>login session message
1287 bus</firstterm> may be started. All applications in the user's login
1288 session may interact with one another using this message bus.
1291 The address of the login session message bus is given
1292 in the <literal>DBUS_SESSION_BUS_ADDRESS</literal> environment
1293 variable. If that variable is not set, applications may
1294 also try to read the address from the X Window System root
1295 window property <literal>_DBUS_SESSION_BUS_ADDRESS</literal>.
1296 The root window property must have type <literal>STRING</literal>.
1297 The environment variable should have precedence over the
1298 root window property.
1301 [FIXME specify location of .service files, probably using
1302 DESKTOP_DIRS etc. from basedir specification, though login session
1303 bus is not really desktop-specific]
1306 <sect3 id="message-bus-types-system">
1307 <title>System message bus</title>
1309 A computer may have a <firstterm>system message bus</firstterm>,
1310 accessible to all applications on the system. This message bus may be
1311 used to broadcast system events, such as adding new hardware devices,
1312 changes in the printer queue, and so forth.
1315 The address of the login session message bus is given
1316 in the <literal>DBUS_SYSTEM_BUS_ADDRESS</literal> environment
1317 variable. If that variable is not set, applications should try
1318 to connect to the well-known address
1319 <literal>unix:path=/var/run/dbus/system_bus_socket</literal>.
1322 The D-BUS reference implementation actually honors the
1323 <literal>$(localstatedir)</literal> configure option
1324 for this address, on both client and server side.
1329 [FIXME specify location of system bus .service files]
1334 <sect2 id="message-bus-messages">
1335 <title>Message Bus Messages</title>
1337 The special message bus service <literal>org.freedesktop.DBus</literal>
1338 responds to a number of messages, allowing applications to
1339 interact with the message bus.
1342 <sect3 id="bus-messages-hello">
1343 <title><literal>org.freedesktop.DBus.Hello</literal></title>
1354 <entry>Argument</entry>
1356 <entry>Description</entry>
1362 <entry>STRING</entry>
1363 <entry>Name of the service assigned to the application</entry>
1370 Before an application is able to send messages to other
1371 applications it must send the
1372 <literal>org.freedesktop.DBus.Hello</literal> message to the
1373 message bus service. If an application tries to send a
1374 message to another application, or a message to the message
1375 bus service that isn't the
1376 <literal>org.freedesktop.DBus.Hello</literal> message, it
1377 will be disconnected from the bus. If a client wishes to
1378 disconnect from the bus, it just has to disconnect from the
1379 transport used. No de-registration message is necessary.
1382 The reply message contains the name of the application's base service.
1385 <sect3 id="bus-messages-list-services">
1386 <title><literal>org.freedesktop.DBus.ListServices</literal></title>
1390 STRING_ARRAY ListServices ()
1397 <entry>Argument</entry>
1399 <entry>Description</entry>
1405 <entry>STRING_ARRAY</entry>
1406 <entry>Array of strings where each string is the name of a service</entry>
1413 Returns a list of all existing services registered with the message bus.
1416 <sect3 id="bus-messages-service-exists">
1417 <title><literal>org.freedesktop.DBus.ServiceExists</literal></title>
1421 BOOLEAN ServiceExists (in STRING service_name)
1428 <entry>Argument</entry>
1430 <entry>Description</entry>
1436 <entry>STRING</entry>
1437 <entry>Name of the service</entry>
1447 <entry>Argument</entry>
1449 <entry>Description</entry>
1455 <entry>BOOLEAN</entry>
1456 <entry>Return value, true if the service exists</entry>
1463 Checks if a service with a specified name exists.
1467 <sect3 id="bus-messages-acquire-service">
1468 <title><literal>org.freedesktop.DBus.AcquireService</literal></title>
1472 UINT32 AcquireService (in STRING service_name)
1479 <entry>Argument</entry>
1481 <entry>Description</entry>
1487 <entry>STRING</entry>
1488 <entry>Name of the service</entry>
1492 <entry>UINT32</entry>
1493 <entry>Flags</entry>
1503 <entry>Argument</entry>
1505 <entry>Description</entry>
1511 <entry>UINT32</entry>
1512 <entry>Return value</entry>
1519 Tries to become owner of a specific service. The flags
1520 specified can be the following values logically ORed together:
1526 <entry>Identifier</entry>
1527 <entry>Value</entry>
1528 <entry>Description</entry>
1533 <entry>DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT</entry>
1536 If the application succeeds in being the owner of the specified service,
1537 then ownership of the service can't be transferred until the service
1538 disconnects. If this flag is not set, then any application trying to become
1539 the owner of the service will succeed and the previous owner will be
1540 sent a <literal>org.freedesktop.DBus.ServiceLost</literal> message.
1544 <entry>DBUS_SERVICE_FLAGS_REPLACE_EXISTING</entry>
1546 <entry>Try to replace the current owner if there is one. If this flag
1547 is not set the application will only become the owner of the service if
1548 there is no current owner.</entry>
1554 [FIXME if it's one of the following values, why are the values
1555 done as flags instead of just 0, 1, 2, 3, 4]
1556 The return value can be one of the following values:
1562 <entry>Identifier</entry>
1563 <entry>Value</entry>
1564 <entry>Description</entry>
1569 <entry>DBUS_SERVICE_REPLY_PRIMARY_OWNER</entry>
1571 <entry>The application is now the primary owner of the service.</entry>
1574 <entry>DBUS_SERVICE_REPLY_IN_QUEUE</entry>
1576 <entry>The service already has an owner which do not want to give up ownership and therefore the application has been put in a queue.</entry>
1579 <entry>DBUS_SERVICE_REPLY_SERVICE_EXISTS</entry>
1581 <entry>The service does already have a primary owner, and DBUS_SERVICE_FLAG_REPLACE_EXISTING was not specified when trying to acquire the service.</entry>
1584 <entry>DBUS_SERVICE_REPLY_ALREADY_OWNER</entry>
1586 <entry>The application trying to request ownership of the service is already the owner of it.</entry>
1593 <sect3 id="bus-messages-service-acquired">
1594 <title><literal>org.freedesktop.DBus.ServiceAcquired</literal></title>
1598 ServiceAcquired (in STRING service_name)
1605 <entry>Argument</entry>
1607 <entry>Description</entry>
1613 <entry>STRING</entry>
1614 <entry>Name of the service</entry>
1618 <entry>UINT32</entry>
1619 <entry>Flags</entry>
1626 This message is sent to a specific application when it becomes the
1627 primary owner of a service.
1630 <sect3 id="bus-messages-service-lost">
1631 <title><literal>org.freedesktop.DBus.ServiceLost</literal></title>
1635 ServiceLost (in STRING service_name)
1642 <entry>Argument</entry>
1644 <entry>Description</entry>
1650 <entry>STRING</entry>
1651 <entry>Name of the service</entry>
1655 <entry>UINT32</entry>
1656 <entry>Flags</entry>
1663 This message is sent to a specific application when it loses primary
1664 ownership of a service.
1666 [FIXME instead of ServiceLost/ServiceCreated going only to
1667 a specific app, why not just OwnerChanged that covers both
1668 lost and created and changed owner and deleted]
1672 <sect3 id="bus-messages-service-created">
1673 <title><literal>org.freedesktop.DBus.ServiceCreated</literal></title>
1677 ServiceCreated (in STRING service_name)
1684 <entry>Argument</entry>
1686 <entry>Description</entry>
1692 <entry>STRING</entry>
1693 <entry>Name of the service</entry>
1697 <entry>UINT32</entry>
1698 <entry>Flags</entry>
1705 This message is broadcast to all applications when a service has been
1706 successfully registered on the message bus.
1710 <sect3 id="bus-messages-service-deleted">
1711 <title><literal>org.freedesktop.DBus.ServiceDeleted</literal></title>
1715 ServiceDeleted (in STRING service_name)
1722 <entry>Argument</entry>
1724 <entry>Description</entry>
1730 <entry>STRING</entry>
1731 <entry>Name of the service</entry>
1735 <entry>UINT32</entry>
1736 <entry>Flags</entry>
1743 This message is broadcast to all applications when a service has been
1744 deleted from the message bus.
1748 <sect3 id="bus-messages-activate-service">
1749 <title><literal>org.freedesktop.DBus.ActivateService</literal></title>
1753 UINT32 ActivateService (in STRING service_name, in UINT32 flags)
1760 <entry>Argument</entry>
1762 <entry>Description</entry>
1768 <entry>STRING</entry>
1769 <entry>Name of the service to activate</entry>
1773 <entry>UINT32</entry>
1774 <entry>Flags (currently not used)</entry>
1784 <entry>Argument</entry>
1786 <entry>Description</entry>
1792 <entry>UINT32</entry>
1793 <entry>Result code; DBUS_ACTIVATION_REPLY_ACTIVATED if
1794 the service was activated successfully or
1795 DBUS_ACTIVATION_REPLY_ALREADY_ACTIVE if the service is
1796 already active.</entry>
1803 Tries to launch the executable associated with a service. For more information, see <xref linkend="message-bus-activation">.
1805 [FIXME need semantics in much more detail here; for example,
1806 if I activate a service then send it a message, is the message
1807 queued for the new service or is there a race]
1811 <sect3 id="bus-messages-out-of-memory">
1812 <title><literal>org.freedesktop.DBus.Error.NoMemory</literal></title>
1820 Sent by the message bus when it can't process a message due to an out of memory failure.
1824 <sect3 id="bus-messages-service-does-not-exist">
1825 <title><literal>org.freedesktop.DBus.Error.ServiceDoesNotExist</literal></title>
1829 void ServiceDoesNotExist (in STRING error)
1833 Sent by the message bus as a reply to a client that tried to send a message to a service that doesn't exist.
1840 <appendix id="implementation-notes">
1841 <title>Implementation notes</title>
1842 <sect1 id="implementation-notes-subsection">
1850 <glossary><title>Glossary</title>
1852 This glossary defines some of the terms used in this specification.
1855 <glossentry id="term-activation"><glossterm>Activation</glossterm>
1858 The process of creating an owner for a particular service,
1859 typically by launching an executable.
1864 <glossentry id="term-base-service"><glossterm>Base Service</glossterm>
1867 The special service automatically assigned to an application by the
1868 message bus. This service may never change owner, and the service
1869 name will be unique (never reused during the lifetime of the
1875 <glossentry id="term-broadcast"><glossterm>Broadcast</glossterm>
1878 A message sent to the special <literal>org.freedesktop.DBus.Broadcast</literal>
1879 service; the message bus will forward the broadcast message
1880 to all applications that have expressed interest in it.
1885 <glossentry id="term-message"><glossterm>Message</glossterm>
1888 A message is the atomic unit of communication via the D-BUS
1889 protocol. It consists of a <firstterm>header</firstterm> and a
1890 <firstterm>body</firstterm>; the body is made up of
1891 <firstterm>arguments</firstterm>.
1896 <glossentry id="term-message-bus"><glossterm>Message Bus</glossterm>
1899 The message bus is a special application that forwards
1900 or broadcasts messages between a group of applications
1901 connected to the message bus. It also manages
1902 <firstterm>services</firstterm>.
1907 <glossentry id="namespace"><glossterm>Namespace</glossterm>
1910 Used to prevent collisions when defining message and service
1911 names. The convention used is the same as Java uses for
1912 defining classes: a reversed domain name.
1916 <glossentry id="peer-to-peer"><glossterm>Peer-to-peer</glossterm>
1919 An application talking directly to another application, without going through a message bus.
1923 <glossentry id="term-secondary-owner"><glossterm>Secondary service owner</glossterm>
1926 Each service has a primary owner; messages sent to the service name
1927 go to the primary owner. However, certain services also maintain
1928 a queue of secondary owners "waiting in the wings." If
1929 the primary owner releases the service, then the first secondary
1930 owner in the queue automatically becomes the primary owner.
1934 <glossentry id="term-service"><glossterm>Service</glossterm>
1937 A service is simply a named list of applications. For example, the
1938 hypothetical <literal>com.yoyodyne.Screensaver</literal> service might
1939 accept messages that affect a screensaver from Yoyodyne Corporation.
1940 An application is said to <firstterm>own</firstterm> a service if the
1941 message bus has associated the application with the service name.
1942 Services may also have <firstterm>secondary owners</firstterm> (see
1943 <xref linkend="term-secondary-owner">).
1947 <glossentry id="term-service-name"><glossterm>Service name</glossterm>
1950 The name used when referring to a service. If the service is
1951 a base service it has a unique service name, for example
1952 ":1-20", and otherwise it should be namespaced.
1956 <glossentry id="term-service-description-files"><glossterm>Service Description Files</glossterm>
1959 ".service files" tell the bus how to activate a particular service.
1960 See <xref linkend="term-activation">