1 <!doctype article PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [
5 <title>D-BUS Protocol Specification</title>
6 <releaseinfo>Version 0.4</releaseinfo>
7 <date>17 February 2003</date>
10 <firstname>Havoc</firstname>
11 <surname>Pennington</surname>
14 <email>hp@pobox.com</email>
19 <firstname>Anders</firstname>
20 <surname>Carlsson</surname>
22 <orgname>CodeFactory AB</orgname>
24 <email>andersca@codefactory.se</email>
31 <sect1 id="introduction">
32 <title>Introduction</title>
34 D-BUS is a system for low-latency, low-overhead, easy to use
35 interprocess communication (IPC). In more detail:
39 D-BUS is <emphasis>low-latency</emphasis> because it is designed
40 to avoid round trips and allow asynchronous operation, much like
46 D-BUS is <emphasis>low-overhead</emphasis> because it uses a
47 binary protocol, and does not have to convert to and from a text
48 format such as XML. Because D-BUS is intended for potentially
49 high-resolution same-machine IPC, not primarily for Internet IPC,
50 this is an interesting optimization.
55 D-BUS is <emphasis>easy to use</emphasis> because it works in terms
56 of <firstterm>messages</firstterm> rather than byte streams, and
57 does not require users to understand any complex concepts such as a
58 new type system or elaborate APIs. Libraries implementing D-BUS
59 may choose to abstract messages as "method calls" (see
60 <xref linkend="message-conventions-method">).
66 The base D-BUS protocol is a peer-to-peer protocol, specified in <xref
67 linkend="message-protocol">. That is, it is a system for one application
68 to talk to a single other application. However, the primary intended
69 application of D-BUS is the D-BUS <firstterm>message bus</firstterm>,
70 specified in <xref linkend="message-bus">. The message bus is a special
71 application that accepts connections from multiple other applications, and
72 forwards messages among them.
76 <sect1 id="message-protocol">
77 <title>Message Protocol</title>
79 A <firstterm>message</firstterm> consists of a
80 <firstterm>header</firstterm> and a <firstterm>body</firstterm>. If you
81 think of a message as a package, the header is the address, and the body
82 contains the package contents. The message delivery system uses the header
83 information to figure out where to send the message and how to interpret
84 it; the recipient inteprets the body of the message.
88 The body of the message is made up of zero or more
89 <firstterm>arguments</firstterm>, which are typed
90 values, such as an integer or a byte array.
93 <sect2 id="message-protocol-header-encoding">
94 <title>Header Encoding</title>
96 Following the mandatory fields, there are zero or more named fields (see
97 <xref linkend="message-protocol-header-fields">), and then nul bytes
98 padding the header such that its total length in bytes is a multiple of
102 The header MUST begin with the following mandatory fields in the following
109 <entry>Description</entry>
114 <entry>1 byte</entry>
115 <entry>Endianness flag; ASCII 'l' for little-endian
116 or ASCII 'B' for big-endian.</entry>
119 <entry>1 byte</entry>
120 <entry>Bitwise OR of flags. Unknown flags
121 MUST be ignored. Currently-defined flags are described below.
125 <entry>1 byte</entry>
126 <entry>Major protocol version of the sending application. If
127 the major protocol version of the receiving application does not
128 match, the applications will not be able to communicate and the
129 D-BUS connection MUST be disconnected. The major protocol
130 version for this version of the specification is 0.
134 <entry>1 byte</entry>
135 <entry>A nul byte, reserved for future use.
136 Any value for this byte MUST be accepted.
140 <entry>4 bytes</entry>
141 <entry>An unsigned 32-bit integer in the
142 message's byte order, indicating the total length in bytes of
143 the header including named fields and any alignment padding.
144 MUST be a multiple of 8.
148 <entry>4 bytes</entry>
149 <entry>An unsigned 32-bit integer in the
150 message's byte order, indicating the total length in bytes of
155 <entry>4 bytes</entry>
156 <entry>The message's serial number, a signed 32-bit integer in
157 the message's byte order. Applications MUST NOT reuse the same
158 serial number for different messages more often than 32-bit
159 integer wraparound. Serial numbers must be greater than
168 Flags that can appear in the second byte of the header:
173 <entry>Hex value</entry>
174 <entry>Description</entry>
180 <entry>This message is an error reply.</entry>
188 <sect2 id="message-protocol-header-fields">
189 <title>Header Fields</title>
191 In addition to the required header information mentioned
192 in <xref linkend="message-protocol-header-encoding">,
193 the header may contain zero or more named
194 header fields. These fields are named to allow
195 future versions of this protocol specification to
196 add new fields; implementations must ignore fields
197 they do not understand. Implementations must not
198 invent their own header fields; only changes to
199 this specification may introduce new header fields.
203 Header field names MUST consist of 4 non-nul bytes. The field name is
204 NOT nul terminated; it occupies exactly 4 bytes. Following the name,
205 the field MUST have a type code, and then a properly-aligned value
207 See <xref linkend="message-protocol-arguments"> for a description
208 of how each type is encoded. If an implementation sees a header
209 field name that it does not understand, it MUST ignore
214 Here are the currently-defined named header fields:
221 <entry>Description</entry>
227 <entry>STRING</entry>
228 <entry>The name of the message, such as org.freedesktop.Peer.Ping</entry>
233 <entry>The serial number of the message this message is a reply
234 to. (The serial number is one of the mandatory header fields,
235 see <xref linkend="message-protocol-header-encoding">.)</entry>
239 <entry>STRING</entry>
240 <entry>The name of the service this message should be routed to.
241 Only used in combination with the message bus, see
242 <xref linkend="message-bus">.</entry>
246 <entry>STRING</entry>
247 <entry>The name of the base service that sent this message.
248 The message bus fills in this field; the field is
249 only meaningful in combination with the message bus.</entry>
257 <sect2 id="message-protocol-header-padding">
258 <title>Header Alignment Padding</title>
260 To allow implementations to keep the header and the body in a single
261 buffer while keeping data types aligned, the total length of the header
262 must be a multiple of 8 bytes. To achieve this, the header MUST be padded
263 with nul bytes to align its total length on an 8-byte boundary.
264 The minimum number of padding bytes MUST be used. Because all possible
265 named fields use at least 8 bytes, implementations can distinguish
266 padding (which must be less than 8 bytes) from additional named fields
267 (which must be at least 8 bytes).
271 <sect2 id="message-protocol-arguments">
272 <title>Message Arguments</title>
274 The message body is made up of arguments. Each argument
275 is a type code, followed by the value of the argument
276 in a type-dependent format.
279 [FIXME perhaps we should add type BYTE with the primary
280 advantage being that it occupies 1 byte vs. 7 for UINT32,
281 or perhaps space savings aren't worth the complexity]
286 <entry>Type name</entry>
288 <entry>Description</entry>
293 <entry>INVALID</entry>
295 <entry>Not a valid type code (error if it appears in a message)</entry>
299 <entry>Marks an "unset" or "nonexistent" argument</entry>
301 <entry>BOOLEAN</entry>
303 <entry>Boolean value, 0 is FALSE and 1 is TRUE. Everything else is invalid.</entry>
307 <entry>32-bit signed integer</entry>
309 <entry>UINT32</entry>
311 <entry>32-bit unsigned integer</entry>
313 <entry>DOUBLE</entry>
315 <entry>IEEE 754 double</entry>
317 <entry>STRING</entry>
319 <entry>UTF-8 string (<emphasis>must</emphasis> be valid UTF-8)</entry>
321 <entry>BOOLEAN_ARRAY</entry>
323 <entry>Array of BOOLEAN</entry>
325 <entry>INT32_ARRAY</entry>
327 <entry>Array of INT32</entry>
329 <entry>UINT32_ARRAY</entry>
331 <entry>Array of UINT32</entry>
333 <entry>DOUBLE_ARRAY</entry>
335 <entry>Array of DOUBLE</entry>
337 <entry>BYTE_ARRAY</entry>
339 <entry>Array of bytes</entry>
341 <entry>STRING_ARRAY</entry>
343 <entry>Array of STRING</entry>
350 The types are encoded as follows:
355 <entry>Type name</entry>
356 <entry>Encoding</entry>
361 <entry>INVALID</entry>
362 <entry>Not applicable; cannot be encoded.</entry>
365 <entry>No data is encoded; the type code is followed immediately
366 by the type code of the next argument.</entry>
369 <entry>32-bit signed integer in the message's byte order, aligned to 4-byte boundary.</entry>
371 <entry>UINT32</entry>
372 <entry>32-bit unsigned integer in the message's byte order, aligned to 4-byte boundary.</entry>
374 <entry>DOUBLE</entry>
375 <entry>64-bit IEEE 754 double in the message's byte order, aligned to 8-byte boundary.</entry>
377 <entry>STRING</entry>
378 <entry>UINT32 aligned to 4-byte boundary indicating the string's
379 length in bytes excluding its terminating nul, followed by
380 string data of the given length, followed by a terminating nul
384 <entry>INT32_ARRAY</entry>
385 <entry>UINT32 giving the number of values in the array,
386 followed by the given number of INT32 values.
389 <entry>UINT32_ARRAY</entry>
390 <entry>UINT32 giving the number of values in the array,
391 followed by the given number of UINT32 values.
394 <entry>DOUBLE_ARRAY</entry>
395 <entry>UINT32 giving the number of values in the array,
396 followed by the given number of DOUBLE values aligned
400 <entry>BYTE_ARRAY</entry>
401 <entry>UINT32 giving the number of values in the array,
402 followed by the given number of one-byte values.
405 <entry>STRING_ARRAY</entry>
406 <entry>UINT32 giving the number of values in the array,
407 followed by the given number of STRING values.
411 <entry>STRING_ARRAY with the keys, followed by the given
412 number of values encoded as type code as a byte followed by the encoded value.
422 <sect1 id="auth-protocol">
423 <title>Authentication Protocol</title>
425 Before the flow of messages begins, two applications
426 must authenticate. A simple text protocol is used
427 for authentication; this protocol is a SASL profile,
428 and maps fairly directly from the SASL specification.
431 In examples, "C:" and "S:" indicate lines sent by the client and
434 <sect2 id="auth-protocol-overview">
435 <title>Protocol Overview</title>
437 The protocol is a line-based protocol, where each line ends with
438 \r\n. Each line begins with an all-caps ASCII command name containing
439 only the character range [A-Z], a space, then any arguments for the
440 command, then the \r\n ending the line. The protocol is
441 case-sensitive. All bytes must be in the ASCII character set.
443 Commands from the client to the server are as follows:
446 <listitem><para>AUTH [mechanism] [initial-response]</para></listitem>
447 <listitem><para>CANCEL</para></listitem
448 <listitem><para>BEGIN</para></listitem>
449 <listitem><para>DATA <data in base 64 encoding></para></listitem>
450 <listitem><para>ERROR [human-readable error explanation]</para></listitem>
453 From server to client are as follows:
456 <listitem><para>REJECTED <space-separated list of mechanism names></para></listitem>
457 <listitem><para>OK</para></listitem>
458 <listitem><para>DATA <data in base 64 encoding></para></listitem>
459 <listitem><para>ERROR</para></listitem>
463 <sect2 id="auth-nul-byte">
464 <title>Special credentials-passing nul byte</title>
466 Immediately after connecting to the server, the client must send a
467 single nul byte. This byte may be accompanied by credentials
468 information on some operating systems that use sendmsg() with
469 SCM_CREDS or SCM_CREDENTIALS to pass credentials over UNIX domain
470 sockets. However, the nul byte MUST be sent even on other kinds of
471 socket, and even on operating systems that do not require a byte to be
472 sent in order to transmit credentials. The text protocol described in
473 this document begins after the single nul byte. If the first byte
474 received from the client is not a nul byte, the server may disconnect
478 A nul byte in any context other than the initial byte is an error;
479 the protocol is ASCII-only.
482 The credentials sent along with the nul byte may be used with the
483 SASL mechanism EXTERNAL.
486 <sect2 id="auth-command-auth">
487 <title>AUTH command</title>
489 If an AUTH command has no arguments, it is a request to list
490 available mechanisms. The server SHOULD respond with a REJECTED
491 command listing the mechanisms it understands.
494 If an AUTH command specifies a mechanism, and the server supports
495 said mechanism, the server SHOULD begin exchanging SASL
496 challenge-response data with the client using DATA commands.
499 If the server does not support the mechanism given in the AUTH
500 command, it SHOULD send a REJECTED command listing the mechanisms
504 If the [initial-response] argument is provided, it is intended for
505 use with mechanisms that have no initial challenge (or an empty
506 initial challenge), as if it were the argument to an initial DATA
507 command. If the selected mechanism has an initial challenge, the
508 server should reject authentication by sending REJECTED.
511 If authentication succeeds after exchanging DATA commands,
512 an OK command should be sent to the client.
515 The first octet received by the client after the \r\n of the OK
516 command MUST be the first octet of the authenticated/encrypted
517 stream of D-BUS messages.
520 The first octet received by the server after the \r\n of the BEGIN
521 command from the client MUST be the first octet of the
522 authenticated/encrypted stream of D-BUS messages.
525 <sect2 id="auth-command-cancel">
526 <title>CANCEL Command</title>
528 At any time up to sending the BEGIN command, the client may send a
529 CANCEL command. On receiving the CANCEL command, the server MUST
530 send a REJECTED command and abort the current authentication
534 <sect2 id="auth-command-data">
535 <title>DATA Command</title>
537 The DATA command may come from either client or server, and simply
538 contains a base64-encoded block of data to be interpreted
539 according to the SASL mechanism in use.
542 Some SASL mechanisms support sending an "empty string";
543 FIXME we need some way to do this.
546 <sect2 id="auth-command-begin">
547 <title>BEGIN Command</title>
549 The BEGIN command acknowledges that the client has received an
550 OK command from the server, and that the stream of messages
554 The first octet received by the server after the \r\n of the BEGIN
555 command from the client MUST be the first octet of the
556 authenticated/encrypted stream of D-BUS messages.
559 <sect2 id="auth-command-rejected">
560 <title>REJECTED Command</title>
562 The REJECTED command indicates that the current authentication
563 exchange has failed, and further exchange of DATA is inappropriate.
564 The client would normally try another mechanism, or try providing
565 different responses to challenges.
567 Optionally, the REJECTED command has a space-separated list of
568 available auth mechanisms as arguments. If a server ever provides
569 a list of supported mechanisms, it MUST provide the same list
570 each time it sends a REJECTED message. Clients are free to
571 ignore all lists received after the first.
574 <sect2 id="auth-command-ok">
575 <title>OK Command</title>
577 The OK command indicates that the client has been authenticated,
578 and that further communication will be a stream of D-BUS messages
579 (optionally encrypted, as negotiated) rather than this protocol.
582 The first octet received by the client after the \r\n of the OK
583 command MUST be the first octet of the authenticated/encrypted
584 stream of D-BUS messages.
587 The client MUST respond to the OK command by sending a BEGIN
588 command, followed by its stream of messages, or by disconnecting.
589 The server MUST NOT accept additional commands using this protocol
590 after the OK command has been sent.
593 <sect2 id="auth-command-error">
594 <title>ERROR Command</title>
596 The ERROR command indicates that either server or client did not
597 know a command, does not accept the given command in the current
598 context, or did not understand the arguments to the command. This
599 allows the protocol to be extended; a client or server can send a
600 command present or permitted only in new protocol versions, and if
601 an ERROR is received instead of an appropriate response, fall back
602 to using some other technique.
604 If an ERROR is sent, the server or client MUST continue as if the
605 command causing the ERROR had never been received.
608 <sect2 id="auth-examples">
609 <title>Authentication examples</title>
613 <title>Example of successful magic cookie authentication</title>
615 (MAGIC_COOKIE is a made up mechanism)
617 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
623 <title>Example of finding out mechanisms then picking one</title>
626 S: REJECTED KERBEROS_V4 SKEY
627 C: AUTH SKEY bW9yZ2Fu
628 S: DATA OTUgUWE1ODMwOA==
629 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
635 <title>Example of client sends unknown command then falls back to regular auth</title>
639 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
645 <title>Example of server doesn't support initial auth mechanism</title>
647 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
648 S: REJECTED KERBEROS_V4 SKEY
649 C: AUTH SKEY bW9yZ2Fu
650 S: DATA OTUgUWE1ODMwOA==
651 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
657 <title>Example of wrong password or the like followed by successful retry</title>
659 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
660 S: REJECTED KERBEROS_V4 SKEY
661 C: AUTH SKEY bW9yZ2Fu
662 S: DATA OTUgUWE1ODMwOA==
663 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
665 C: AUTH SKEY bW9yZ2Fu
666 S: DATA OTUgUWE1ODMwOA==
667 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
673 <title>Example of skey cancelled and restarted</title>
675 C: AUTH MAGIC_COOKIE BsAY3g4gBNo=
676 S: REJECTED KERBEROS_V4 SKEY
677 C: AUTH SKEY bW9yZ2Fu
678 S: DATA OTUgUWE1ODMwOA==
681 C: AUTH SKEY bW9yZ2Fu
682 S: DATA OTUgUWE1ODMwOA==
683 C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
690 <sect2 id="auth-mechanisms">
691 <title>Authentication mechanisms</title>
693 This section describes some new authentication mechanisms.
694 D-BUS also allows any standard SASL mechanism of course.
696 <sect3 id="auth-mechanisms-sha">
697 <title>DBUS_COOKIE_SHA1</title>
699 The DBUS_COOKIE_SHA1 mechanism is designed to establish that a client
700 has the ability to read a private file owned by the user being
701 authenticated. If the client can prove that it has access to a secret
702 cookie stored in this file, then the client is authenticated.
703 Thus the security of DBUS_COOKIE_SHA1 depends on a secure home
707 Authentication proceeds as follows:
711 The client sends the username it would like to authenticate
717 The server sends the name of its "cookie context" (see below); a
718 space character; the integer ID of the secret cookie the client
719 must demonstrate knowledge of; a space character; then a
720 hex-encoded randomly-generated challenge string.
725 The client locates the cookie, and generates its own hex-encoded
726 randomly-generated challenge string. The client then
727 concatentates the server's hex-encoded challenge, a ":"
728 character, its own hex-encoded challenge, another ":" character,
729 and the hex-encoded cookie. It computes the SHA-1 hash of this
730 composite string. It sends back to the server the client's
731 hex-encoded challenge string, a space character, and the SHA-1
737 The server generates the same concatenated string used by the
738 client and computes its SHA-1 hash. It compares the hash with
739 the hash received from the client; if the two hashes match, the
740 client is authenticated.
746 Each server has a "cookie context," which is a name that identifies a
747 set of cookies that apply to that server. A sample context might be
748 "org_freedesktop_session_bus". Context names must be valid ASCII,
749 nonzero length, and may not contain the characters slash ("/"),
750 backslash ("\"), space (" "), newline ("\n"), carriage return ("\r"),
751 tab ("\t"), or period ("."). There is a default context,
752 "org_freedesktop_global" that's used by servers that do not specify
756 Cookies are stored in a user's home directory, in the directory
757 <filename>~/.dbus-keyrings/</filename>. This directory must
758 not be readable or writable by other users. If it is,
759 clients and servers must ignore it. The directory
760 contains cookie files named after the cookie context.
763 A cookie file contains one cookie per line. Each line
764 has three space-separated fields:
768 The cookie ID number, which must be a non-negative integer and
769 may not be used twice in the same file.
774 The cookie's creation time, in UNIX seconds-since-the-epoch
780 The cookie itself, a hex-encoded random block of bytes.
786 Only server processes modify the cookie file.
787 They must do so with this procedure:
791 Create a lockfile name by appending ".lock" to the name of the
792 cookie file. The server should attempt to create this file
793 using <literal>O_CREAT | O_EXCL</literal>. If file creation
794 fails, the lock fails. Servers should retry for a reasonable
795 period of time, then they may choose to delete an existing lock
796 to keep users from having to manually delete a stale
797 lock. <footnote><para>Lockfiles are used instead of real file
798 locking <literal>fcntl()</literal> because real locking
799 implementations are still flaky on network
800 filesystems.</para></footnote>
805 Once the lockfile has been created, the server loads the cookie
806 file. It should then delete any cookies that are old (the
807 timeout can be fairly short), or more than a reasonable
808 time in the future (so that cookies never accidentally
809 become permanent, if the clock was set far into the future
810 at some point). If no recent keys remain, the
811 server may generate a new key.
816 The pruned and possibly added-to cookie file
817 must be resaved atomically (using a temporary
818 file which is rename()'d).
823 The lock must be dropped by deleting the lockfile.
829 Clients need not lock the file in order to load it,
830 because servers are required to save the file atomically.
835 <sect1 id="addresses">
836 <title>Server Addresses</title>
838 Server addresses consist of a transport name followed by a colon, and
839 then an optional, comma-separated list of keys and values in the form key=value.
840 [FIXME how do you escape colon, comma, and semicolon in the values of the key=value pairs?]
844 <programlisting>unix:path=/tmp/dbus-test</programlisting>
845 Which is the address to a unix socket with the path /tmp/dbus-test.
848 [FIXME clarify if attempting to connect to each is a requirement
849 or just a suggestion]
850 When connecting to a server, multiple server addresses can be
851 separated by a semi-colon. The library will then try to connect
852 to the first address and if that fails, it'll try to connect to
853 the next one specified, and so forth. For example
854 <programlisting>unix:path=/tmp/dbus-test;unix:path=/tmp/dbus-test2</programlisting>
857 [FIXME we need to specify in detail each transport and its possible arguments]
858 Currently, a transport over local UNIX sockets exists, a debug
859 transport that only works in-process and therefore can be used
860 for for unit testing also exists. It is possible that other
861 transports are added, such as a TCP/IP transport, and a
862 transport that works over X11.
866 <sect1 id="message-conventions">
867 <title>Message Conventions</title>
869 This section documents conventions that are not essential to D-BUS
870 functionality, but should generally be followed in order to simplify
873 <sect2 id="message-conventions-naming">
874 <title>Message Naming</title>
876 Messages are normally named in the form
877 "org.freedesktop.Peer.Ping", which has three
881 <term>Namespace e.g. <literal>org.freedesktop</literal></term>
884 Message names have a Java-style namespace: a reversed domain
885 name. The components of the domain are normally lowercase.
890 <term>Package or object e.g. <literal>Peer</literal></term>
893 The next part of the message name can be thought of as the name
894 of a singleton object, or as the name of a package of related
895 messages. More than one dot-separated component might be used
896 here. (Note that D-BUS does not define any idea of object
897 instances or object references.) The package or object name is
898 capitalized LikeThis.
903 <term>Method or operation e.g. <literal>Ping</literal></term>
906 The final part of the message name is the most specific, and
907 should be a verb indicating an operation to be performed on the
908 object. The method or operation name is capitalized LikeThis.
915 A reply to a message conventionally has the same name as the message
916 being replied to. When following method call conventions (see <xref
917 linkend="message-conventions-method">), this convention is mandatory,
918 because a message with multiple possible replies can't be mapped
919 to method call semantics without special-case code.
922 <sect2 id="message-conventions-method">
923 <title>Method Call Mapping</title>
925 Some implementations of D-BUS may present an API that translates object
926 method calls into D-BUS messages. This document does not specify in
927 detail how such an API should look or work. However, it does specify how
928 message-based protocols should be designed to be friendly to such an
932 Remember that D-BUS does not have object references or object instances.
933 So when one application sends the message
934 <literal>org.freedesktop.Peer.Ping</literal>, it sends it to another
935 application, not to any kind of sub-portion of that application.
936 However, a convenience API used within the recipient application may
937 route all messages that start with
938 <literal>org.freedesktop.Peer</literal> to a particular object instance,
939 and may invoke the <literal>Ping()</literal> method on said instance in
940 order to handle the message. This is a convenience API based on
944 A "method call" consists of a message and, optionally, a reply to that
945 message. The name of the "method" is the last component of the message,
946 for example, <literal>org.freedesktop.Peer.Ping</literal> would map to
947 the method <literal>Ping()</literal> on some object.
950 Arguments to a method may be considered "in" (processed by the
951 recipient of the message), or "out" (returned to the sender of the
952 message in the reply). "inout" arguments are both sent and received,
953 i.e. the caller passes in a value which is modified. An "inout" argument
954 is equivalent to an "in" argument, followed by an "out" argument.
957 Given a method with zero or one return values, followed by zero or more
958 arguments, where each argument may be "in", "out", or "inout", the
959 caller constructs a message by appending each "in" or "inout" argument,
960 in order. "out" arguments are not represented in the caller's message.
963 The recipient constructs a reply by appending first the return value
964 if any, then each "out" or "inout" argument, in order.
965 "in" arguments are not represented in the reply message.
968 The standard reply message MUST have the same name as the message being
969 replied to, and MUST set the "rply" header field to the serial
970 number of the message being replied to.
973 If an error occurs, an error reply may be sent in place of the
974 standard reply. Error replies can be identified by a special
975 header flag, see <xref linkend="message-protocol-header-encoding">.
976 Error replies have a name which reflects the type of
977 error that occurred. Error replies would generally
978 be mapped to exceptions in a programming language.
981 [FIXME discuss mapping of broadcast messages + matching rules
982 to signals and slots]
987 <sect1 id="standard-messages">
988 <title>Standard Peer-to-Peer Messages</title>
990 In the following message definitions, "method call notation" is presented
991 in addition to simply listing the message names and arguments. The special
992 type name ANY means any type other than NIL, and the special type name
993 ANY_OR_NIL means any valid type.
994 [FIXME the messages here are just made up to illustrate the
995 format for defining them]
997 <sect2 id="standard-messages-ping">
998 <title><literal>org.freedesktop.Peer.Ping</literal></title>
1006 On receipt of the message <literal>org.freedesktop.Peer.Ping</literal>,
1007 an application should reply with
1008 <literal>org.freedesktop.Peer.Ping</literal>. Neither the
1009 message nor its reply have any arguments.
1010 [FIXME the messages here are just made up to illustrate the
1011 format for defining them]
1014 <sect2 id="standard-messages-get-props">
1015 <title><literal>org.freedesktop.Props.Get</literal></title>
1019 ANY_OR_NIL Get (in STRING property_name)
1026 <entry>Argument</entry>
1028 <entry>Description</entry>
1034 <entry>STRING</entry>
1035 <entry>Name of the property to get</entry>
1045 <entry>Argument</entry>
1047 <entry>Description</entry>
1053 <entry>ANY_OR_NIL</entry>
1054 <entry>The value of the property. The type depends on the property.</entry>
1062 [FIXME the messages here are just made up to illustrate the
1063 format for defining them]
1068 <sect1 id="message-bus">
1069 <title>Message Bus Specification</title>
1070 <sect2 id="message-bus-overview">
1071 <title>Message Bus Overview</title>
1073 The message bus accepts connections from one or more applications.
1074 Once connected, applications can send and receive messages from
1075 the message bus, as in the peer-to-peer case.
1078 The message bus keeps track of a set of
1079 <firstterm>services</firstterm>. A service is simply a name, such
1080 as <literal>com.yoyodyne.Screensaver</literal>, which can be
1081 <firstterm>owned</firstterm> by one of the connected applications.
1082 The message bus itself always owns the special service
1083 <literal>org.freedesktop.DBus</literal>.
1086 Messages may have a <literal>srvc</literal> field (see <xref
1087 linkend="message-protocol-header-fields">). When the message bus
1088 receives a message, if the <literal>srvc</literal> field is absent, the
1089 message is taken to be a standard peer-to-peer message and interpreted
1090 by the message bus itself. For example, sending
1091 an <literal>org.freedesktop.Peer.Ping</literal> message with no
1092 <literal>srvc</literal> will cause the message bus itself to reply
1093 to the ping immediately; the message bus would never make
1094 this message visible to other applications.
1097 If the <literal>srvc</literal> field is present, then it indicates a
1098 request for the message bus to route the message. In the usual case,
1099 messages are routed to the owner of the named service.
1100 Messages may also be <firstterm>broadcast</firstterm>
1101 by sending them to the special service
1102 <literal>org.freedesktop.Broadcast</literal>. Broadcast messages are
1103 sent to all applications with <firstterm>message matching
1104 rules</firstterm> that match the message.
1107 Continuing the <literal>org.freedesktop.Peer.Ping</literal> example, if
1108 the ping message were sent with a <literal>srvc</literal> name of
1109 <literal>com.yoyodyne.Screensaver</literal>, then the ping would be
1110 forwarded, and the Yoyodyne Corporation screensaver application would be
1111 expected to reply to the ping. If
1112 <literal>org.freedesktop.Peer.Ping</literal> were sent to
1113 <literal>org.freedesktop.Broadcast</literal>, then multiple applications
1114 might receive the ping, and all would normally reply to it.
1118 <sect2 id="message-bus-services">
1119 <title>Message Bus Services</title>
1121 A service is a name that identifies a certain application. Each
1122 application connected to the message bus has at least one service name
1123 assigned at connection time and returned in response to the
1124 <literal>org.freedesktop.DBus.Hello</literal> message.
1125 This automatically-assigned service name is called
1126 the application's <firstterm>base service</firstterm>.
1127 Base service names are unique and MUST never be reused for two different
1131 [FIXME I think we should define the format of the base service name,
1132 and specify that a regular service name can never be in that
1133 format; this allows us to categorically prevent "spoofing" - for
1134 example perhaps the base service name starts with a certain
1135 character that no real service name can start with]
1138 An application can request additional service names to be associated
1140 <literal>org.freedesktop.DBus.AcquireService</literal>
1141 message. [FIXME what service names are allowed; ASCII or unicode;
1145 [FIXME this needs more detail, and should move the service-related message
1146 descriptions up into this section perhaps]
1147 Service ownership handling can be specified in the flags part
1148 of the <literal>org.freedesktop.DBus.AcquireService</literal>
1149 message. If an application specifies the
1150 DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT flag, then all applications
1151 trying to acquire the service will be put in a queue. When the
1152 primary owner disconnects from the bus or removes ownership
1153 from the service, the next application in the queue will be the
1154 primary owner. If the DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT
1155 flag is not specified, then the primary owner will lose
1156 ownership whenever another application requests ownership of the
1160 When a client disconnects from the bus, all the services that
1161 the clients own are deleted, or in the case of a service that
1162 prohibits replacement, ownership is transferred to the next
1163 client in the queue, if any.
1166 <sect2 id="message-bus-routing">
1167 <title>Message Bus Message Routing</title>
1169 When a message is received by the message bus, the message's
1170 <literal>sndr</literal> header field MUST be set to the base service of
1171 the application which sent the message. If the service already has
1172 a <literal>sndr</literal> field, the pre-existing field is replaced.
1173 This rule means that a replies are always sent to the base service name,
1174 i.e. to the same application that sent the message being replied to.
1177 [FIXME go into detail about broadcast, multicast, unicast, etc.]
1180 <sect2 id="message-bus-activation">
1181 <title>Message Bus Service Activation</title>
1183 <firstterm>Activation</firstterm> means to locate a service
1184 owner for a service that is currently unowned. For now, it
1185 means to launch an executable that will take ownership of
1186 a particular service.
1189 To find an executable corresponding to a particular service, the bus
1190 daemon looks for <firstterm>service description files</firstterm>.
1191 Service description files define a mapping from service names to
1192 executables. Different kinds of message bus will look for these files
1193 in different places, see <xref linkend="message-bus-types">.
1196 [FIXME the file format should be much better specified than
1197 "similar to .desktop entries" esp. since desktop entries are
1198 already badly-specified. ;-)] Service description files have
1199 the ".service" file extension. The message bus will only load
1200 service description files ending with .service; all other
1201 files will be ignored. The file format is similar to that of
1203 url="http://www.freedesktop.org/standards/desktop-entry-spec/desktop-entry-spec.html">desktop
1204 entries</ulink>. All service description files must be in
1205 UTF-8 encoding. To ensure that there will be no name
1206 collisions, service files must be namespaced using the same
1207 mechanism as messages and service names.
1210 <title>Example service description file</title>
1212 # Sample service description file
1214 Name=org.gnome.ConfigurationDatabase
1220 When an application requests a service to be activated, the
1221 bus daemon tries to find it in the list of activation
1222 entries. It then tries to spawn the executable associated with
1223 it. If this fails, it will report an error. [FIXME what
1224 happens if two .service files offer the same service; what
1225 kind of error is reported, should we have a way for the client
1229 The executable launched will have the environment variable
1230 <literal>DBUS_BUS_ADDRESS</literal> set to the address of the
1231 message bus so it can connect and register the appropriate services.
1234 [FIXME there should be a timeout somewhere, either specified
1235 in the .service file, by the client, or just a global value
1236 and if the client being activated fails to connect within that
1237 timeout, an error should be sent back.]
1241 <sect2 id="message-bus-types">
1242 <title>Standard Message Bus Instances</title>
1244 Two standard message bus instances are defined here, along with how
1245 to locate them and where their service files live.
1247 <sect3 id="message-bus-types-login">
1248 <title>Login session message bus</title>
1250 Each time a user logs in, a <firstterm>login session message
1251 bus</firstterm> may be started. All applications in the user's login
1252 session may interact with one another using this message bus. [specify
1253 how to find the address of the login session message bus via
1254 environment variable and/or X property]
1257 [FIXME specify location of .service files, probably using
1258 DESKTOP_DIRS etc. from basedir specification, though login session
1259 bus is not really desktop-specific]
1262 <sect3 id="message-bus-types-system">
1263 <title>System message bus</title>
1265 A computer may have a <firstterm>system message bus</firstterm>,
1266 accessible to all applications on the system. This message bus may be
1267 used to broadcast system events, such as adding new hardware devices.
1268 [specify how to find the address of the system message bus]
1271 [FIXME specify location of system bus .service files]
1276 <sect2 id="message-bus-messages">
1277 <title>Message Bus Messages</title>
1279 The special message bus service <literal>org.freedesktop.DBus</literal>
1280 responds to a number of messages, allowing applications to
1281 interact with the message bus.
1284 <sect3 id="bus-messages-hello">
1285 <title><literal>org.freedesktop.DBus.Hello</literal></title>
1296 <entry>Argument</entry>
1298 <entry>Description</entry>
1304 <entry>STRING</entry>
1305 <entry>Name of the service assigned to the application</entry>
1312 Before an application is able to send messages to other applications it
1313 must send the <literal>org.freedesktop.DBus.Hello</literal>
1314 message to the message bus service. If an application tries to send
1315 a message to another application, or a message to the message bus
1316 service that isn't the
1317 <literal>org.freedesktop.DBus.Hello</literal> message, it will
1318 be disconnected from the bus.
1321 The reply message contains the name of the application's base service.
1324 <sect3 id="bus-messages-list-services">
1325 <title><literal>org.freedesktop.DBus.ListServices</literal></title>
1329 STRING_ARRAY ListServices ()
1336 <entry>Argument</entry>
1338 <entry>Description</entry>
1344 <entry>STRING_ARRAY</entry>
1345 <entry>Array of strings where each string is the name of a service</entry>
1352 Returns a list of all existing services registered with the message bus.
1355 <sect3 id="bus-messages-service-exists">
1356 <title><literal>org.freedesktop.DBus.ServiceExists</literal></title>
1360 UINT32 ServiceExists (in STRING service_name)
1367 <entry>Argument</entry>
1369 <entry>Description</entry>
1375 <entry>STRING</entry>
1376 <entry>Name of the service</entry>
1386 <entry>Argument</entry>
1388 <entry>Description</entry>
1394 <entry>UINT32</entry>
1395 <entry>Return value, 1 if the service exists and 0 otherwise</entry>
1402 Checks if a service with a specified name exists.
1406 <sect3 id="bus-messages-acquire-service">
1407 <title><literal>org.freedesktop.DBus.AcquireService</literal></title>
1411 UINT32 AcquireService (in STRING service_name)
1418 <entry>Argument</entry>
1420 <entry>Description</entry>
1426 <entry>STRING</entry>
1427 <entry>Name of the service</entry>
1431 <entry>UINT32</entry>
1432 <entry>Flags</entry>
1442 <entry>Argument</entry>
1444 <entry>Description</entry>
1450 <entry>UINT32</entry>
1451 <entry>Return value</entry>
1458 Tries to become owner of a specific service. The flags
1459 specified can be the following values logically ORed together:
1465 <entry>Identifier</entry>
1466 <entry>Value</entry>
1467 <entry>Description</entry>
1472 <entry>DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT</entry>
1475 If the application succeeds in being the owner of the specified service,
1476 then ownership of the service can't be transferred until the service
1477 disconnects. If this flag is not set, then any application trying to become
1478 the owner of the service will succeed and the previous owner will be
1479 sent a <literal>org.freedesktop.DBus.ServiceLost</literal> message.
1483 <entry>DBUS_SERVICE_FLAGS_REPLACE_EXISTING</entry>
1485 <entry>Only become the owner of the service if there is no current owner.</entry>
1491 [FIXME if it's one of the following values, why are the values
1492 done as flags instead of just 0, 1, 2, 3, 4]
1493 The return value can be one of the following values:
1499 <entry>Identifier</entry>
1500 <entry>Value</entry>
1501 <entry>Description</entry>
1506 <entry>DBUS_SERVICE_REPLY_PRIMARY_OWNER</entry>
1508 <entry>The application is now the primary owner of the service.</entry>
1511 <entry>DBUS_SERVICE_REPLY_IN_QUEUE</entry>
1513 <entry>The service already has an owner which do not want to give up ownership and therefore the application has been put in a queue.</entry>
1516 <entry>DBUS_SERVICE_REPLY_SERVICE_EXISTS</entry>
1518 <entry>The service does already have a primary owner, and DBUS_SERVICE_FLAG_REPLACE_EXISTING was not specified when trying to acquire the service.</entry>
1521 <entry>DBUS_SERVICE_REPLY_ALREADY_OWNER</entry>
1523 <entry>The application trying to request ownership of the service is already the owner of it.</entry>
1530 <sect3 id="bus-messages-service-acquired">
1531 <title><literal>org.freedesktop.DBus.ServiceAcquired</literal></title>
1535 ServiceAcquired (in STRING service_name)
1542 <entry>Argument</entry>
1544 <entry>Description</entry>
1550 <entry>STRING</entry>
1551 <entry>Name of the service</entry>
1555 <entry>UINT32</entry>
1556 <entry>Flags</entry>
1563 This message is sent to a specific application when it becomes the
1564 primary owner of a service.
1567 <sect3 id="bus-messages-service-lost">
1568 <title><literal>org.freedesktop.DBus.ServiceLost</literal></title>
1572 ServiceLost (in STRING service_name)
1579 <entry>Argument</entry>
1581 <entry>Description</entry>
1587 <entry>STRING</entry>
1588 <entry>Name of the service</entry>
1592 <entry>UINT32</entry>
1593 <entry>Flags</entry>
1600 This message is sent to a specific application when it loses primary
1601 ownership of a service.
1603 [FIXME instead of ServiceLost/ServiceCreated going only to
1604 a specific app, why not just OwnerChanged that covers both
1605 lost and created and changed owner and deleted]
1609 <sect3 id="bus-messages-service-created">
1610 <title><literal>org.freedesktop.DBus.ServiceCreated</literal></title>
1614 ServiceCreated (in STRING service_name)
1621 <entry>Argument</entry>
1623 <entry>Description</entry>
1629 <entry>STRING</entry>
1630 <entry>Name of the service</entry>
1634 <entry>UINT32</entry>
1635 <entry>Flags</entry>
1642 This message is broadcast to all applications when a service has been
1643 successfully registered on the message bus.
1647 <sect3 id="bus-messages-service-deleted">
1648 <title><literal>org.freedesktop.DBus.ServiceDeleted</literal></title>
1652 ServiceDeleted (in STRING service_name)
1659 <entry>Argument</entry>
1661 <entry>Description</entry>
1667 <entry>STRING</entry>
1668 <entry>Name of the service</entry>
1672 <entry>UINT32</entry>
1673 <entry>Flags</entry>
1680 This message is broadcast to all applications when a service has been
1681 deleted from the message bus.
1685 <sect3 id="bus-messages-activate-service">
1686 <title><literal>org.freedesktop.DBus.ActivateService</literal></title>
1690 UINT32 ActivateService (in STRING service_name, in UINT32 flags)
1697 <entry>Argument</entry>
1699 <entry>Description</entry>
1705 <entry>STRING</entry>
1706 <entry>Name of the service to activate</entry>
1710 <entry>UINT32</entry>
1711 <entry>Flags (currently not used)</entry>
1721 <entry>Argument</entry>
1723 <entry>Description</entry>
1729 <entry>UINT32</entry>
1730 <entry>Result code; DBUS_ACTIVATION_REPLY_ACTIVATED if
1731 the service was activated successfutly or
1732 DBUS_ACTIVATION_REPLY_ALREADY_ACTIVE if the service is
1733 already active.</entry>
1740 Tries to launch the executable associated with a service. For more information, see <xref linkend="message-bus-activation">.
1742 [FIXME need semantics in much more detail here; for example,
1743 if I activate a service then send it a message, is the message
1744 queued for the new service or is there a race]
1751 <appendix id="implementation-notes">
1752 <title>Implementation notes</title>
1753 <sect1 id="implementation-notes-subsection">
1761 <glossary><title>Glossary</title>
1763 This glossary defines some of the terms used in this specification.
1766 <glossentry id="term-activation"><glossterm>Activation</glossterm>
1769 The process of creating an owner for a particular service,
1770 typically by launching an executable.
1775 <glossentry id="term-base-service"><glossterm>Base Service</glossterm>
1778 The special service automatically assigned to an application by the
1779 message bus. This service may never change owner, and the service
1780 name will be unique (never reused during the lifetime of the
1786 <glossentry id="term-broadcast"><glossterm>Broadcast</glossterm>
1789 A message sent to the special <literal>org.freedesktop.Broadcast</literal>
1790 service; the message bus will forward the broadcast message
1791 to all applications that have expressed interest in it.
1796 <glossentry id="term-message"><glossterm>Message</glossterm>
1799 A message is the atomic unit of communication via the D-BUS
1800 protocol. It consists of a <firstterm>header</firstterm> and a
1801 <firstterm>body</firstterm>; the body is made up of
1802 <firstterm>arguments</firstterm>.
1807 <glossentry id="term-message-bus"><glossterm>Message Bus</glossterm>
1810 The message bus is a special application that forwards
1811 or broadcasts messages between a group of applications
1812 connected to the message bus. It also manages
1813 <firstterm>services</firstterm>.
1818 <glossentry id="term-service"><glossterm>Service</glossterm>
1821 A service is simply a named application that other
1822 applications can refer to. For example, the
1823 hypothetical <literal>com.yoyodyne.Screensaver</literal>
1824 service might accept messages that affect
1825 a screensaver from Yoyodyne Corporation.
1826 An application is said to <firstterm>own</firstterm>
1827 a service if the message bus has associated the
1828 application with the service name.
1833 <glossentry id="term-service-description-files"><glossterm>Service Description Files</glossterm>
1836 ".service files" tell the bus how to activate a particular service.
1837 See <xref linkend="term-activation">