1 <?xml version="1.0" standalone="no" ?>
2 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"
8 <title>D-Bus Specification</title>
9 <releaseinfo>Version 0.32</releaseinfo>
10 <date>(not yet released)</date>
13 <firstname>Havoc</firstname>
14 <surname>Pennington</surname>
16 <orgname>Red Hat, Inc.</orgname>
18 <email>hp@pobox.com</email>
23 <firstname>Anders</firstname>
24 <surname>Carlsson</surname>
26 <orgname>CodeFactory AB</orgname>
28 <email>andersca@codefactory.se</email>
33 <firstname>Alexander</firstname>
34 <surname>Larsson</surname>
36 <orgname>Red Hat, Inc.</orgname>
38 <email>alexl@redhat.com</email>
43 <firstname>Sven</firstname>
44 <surname>Herzberg</surname>
46 <orgname>Imendio AB</orgname>
48 <email>sven@imendio.com</email>
53 <firstname>Simon</firstname>
54 <surname>McVittie</surname>
56 <orgname>Collabora Ltd.</orgname>
58 <email>smcv@collabora.com</email>
63 <firstname>David</firstname>
64 <surname>Zeuthen</surname>
67 <email>zeuthen@gmail.com</email>
74 <revnumber>latest</revnumber>
75 <date>(not yet released)</date>
76 <authorinitials>n/a</authorinitials>
78 See <ulink url='http://cgit.freedesktop.org/dbus/dbus/log/doc/dbus-specification.xml'>commit log</ulink>
82 <revnumber>0.31</revnumber>
83 <date>2017-06-29</date>
84 <authorinitials>smcv, TG</authorinitials>
87 <listitem><simpara>Don't require implementation-specific search
88 paths to be lowest priority</simpara></listitem>
89 <listitem><simpara>Correct regex syntax for optionally-escaped
90 bytes in addresses so it includes hyphen-minus, forward slash
91 and underscore as intended</simpara></listitem>
92 <listitem><simpara>Describe all message bus methods in the same
93 section</simpara></listitem>
94 <listitem><simpara>Clarify the correct object path for method calls
95 to the message bus</simpara></listitem>
96 <listitem><simpara>Document that the message bus implements
97 Introspectable, Peer and Properties</simpara></listitem>
98 <listitem><simpara>Add new Features and Interfaces properties for
99 message bus feature-discovery</simpara></listitem>
100 <listitem><simpara>Add unix:dir=..., which resembles
101 unix:tmpdir=... but never uses abstract
102 sockets</simpara></listitem>
103 <listitem><simpara>Don't require eavesdrop='true' to be accepted
104 from connections not sufficiently privileged to use it
105 successfully</simpara></listitem>
106 <listitem><simpara>Formally deprecate eavesdropping in favour of
107 BecomeMonitor</simpara></listitem>
112 <revnumber>0.30</revnumber>
113 <date>2016-11-28</date>
114 <authorinitials>smcv, PW</authorinitials>
116 Define the jargon terms service activation and auto-starting more
117 clearly. Document the SystemdService key in service files.
118 Document how AppArmor interacts with service activation, and the
119 new AssumedAppArmorLabel key in service files (dbus-daemon 1.11.8).
120 Clarify intended behaviour of Properties.GetAll.
121 Use versioned interface and bus names in most examples.
125 <revnumber>0.29</revnumber>
126 <date>2016-10-10</date>
127 <authorinitials>PW</authorinitials>
129 Introspection arguments may contain annotations; recommend against
130 using the object path '/'
134 <revnumber>0.28</revnumber>
135 <date>2016-08-15</date>
136 <authorinitials>PW</authorinitials>
137 <revremark>Clarify serialization</revremark>
140 <revnumber>0.27</revnumber>
141 <date>2015-12-02</date>
142 <authorinitials>LU</authorinitials>
143 <revremark>Services should not send unwanted replies</revremark>
146 <revnumber>0.26</revnumber>
147 <date>2015-02-19</date>
148 <authorinitials>smcv, rh</authorinitials>
150 GetConnectionCredentials can return LinuxSecurityLabel or
151 WindowsSID; add privileged BecomeMonitor method
155 <revnumber>0.25</revnumber>
156 <date>2014-11-10</date>
157 <authorinitials>smcv, lennart</authorinitials>
159 ALLOW_INTERACTIVE_AUTHORIZATION flag, EmitsChangedSignal=const
163 <revnumber>0.24</revnumber>
164 <date>2014-10-01</date>
165 <authorinitials>SMcV</authorinitials>
167 non-method-calls never expect a reply even without NO_REPLY_EXPECTED;
168 document how to quote match rules
172 <revnumber>0.23</revnumber>
173 <date>2014-01-06</date>
174 <authorinitials>SMcV, CY</authorinitials>
176 method call messages with no INTERFACE may be considered an error;
177 document tcp:bind=... and nonce-tcp:bind=...; define listenable
178 and connectable addresses
182 <revnumber>0.22</revnumber>
183 <date>2013-10-09</date>
184 <authorinitials></authorinitials>
185 <revremark>add GetConnectionCredentials, document
186 GetAtdAuditSessionData, document GetConnectionSELinuxSecurityContext,
187 document and correct .service file syntax and naming
191 <revnumber>0.21</revnumber>
192 <date>2013-04-25</date>
193 <authorinitials>smcv</authorinitials>
194 <revremark>allow Unicode noncharacters in UTF-8 (Unicode
195 Corrigendum #9)</revremark>
198 <revnumber>0.20</revnumber>
199 <date>22 February 2013</date>
200 <authorinitials>smcv, walters</authorinitials>
201 <revremark>reorganise for clarity, remove false claims about
202 basic types, mention /o/fd/DBus</revremark>
205 <revnumber>0.19</revnumber>
206 <date>20 February 2012</date>
207 <authorinitials>smcv/lp</authorinitials>
208 <revremark>formally define unique connection names and well-known
209 bus names; document best practices for interface, bus, member and
210 error names, and object paths; document the search path for session
211 and system services on Unix; document the systemd transport</revremark>
214 <revnumber>0.18</revnumber>
215 <date>29 July 2011</date>
216 <authorinitials>smcv</authorinitials>
217 <revremark>define eavesdropping, unicast, broadcast; add eavesdrop
218 match keyword; promote type system to a top-level section</revremark>
221 <revnumber>0.17</revnumber>
222 <date>1 June 2011</date>
223 <authorinitials>smcv/davidz</authorinitials>
224 <revremark>define ObjectManager; reserve extra pseudo-type-codes used
225 by GVariant</revremark>
228 <revnumber>0.16</revnumber>
229 <date>11 April 2011</date>
230 <authorinitials></authorinitials>
231 <revremark>add path_namespace, arg0namespace; argNpath matches object
235 <revnumber>0.15</revnumber>
236 <date>3 November 2010</date>
237 <authorinitials></authorinitials>
238 <revremark></revremark>
241 <revnumber>0.14</revnumber>
242 <date>12 May 2010</date>
243 <authorinitials></authorinitials>
244 <revremark></revremark>
247 <revnumber>0.13</revnumber>
248 <date>23 Dezember 2009</date>
249 <authorinitials></authorinitials>
250 <revremark></revremark>
253 <revnumber>0.12</revnumber>
254 <date>7 November, 2006</date>
255 <authorinitials></authorinitials>
256 <revremark></revremark>
259 <revnumber>0.11</revnumber>
260 <date>6 February 2005</date>
261 <authorinitials></authorinitials>
262 <revremark></revremark>
265 <revnumber>0.10</revnumber>
266 <date>28 January 2005</date>
267 <authorinitials></authorinitials>
268 <revremark></revremark>
271 <revnumber>0.9</revnumber>
272 <date>7 Januar 2005</date>
273 <authorinitials></authorinitials>
274 <revremark></revremark>
277 <revnumber>0.8</revnumber>
278 <date>06 September 2003</date>
279 <authorinitials></authorinitials>
280 <revremark>First released document.</revremark>
285 <sect1 id="introduction">
286 <title>Introduction</title>
288 D-Bus is a system for low-overhead, easy to use
289 interprocess communication (IPC). In more detail:
293 D-Bus is <emphasis>low-overhead</emphasis> because it uses a
294 binary protocol, and does not have to convert to and from a text
295 format such as XML. Because D-Bus is intended for potentially
296 high-resolution same-machine IPC, not primarily for Internet IPC,
297 this is an interesting optimization. D-Bus is also designed to
298 avoid round trips and allow asynchronous operation, much like
304 D-Bus is <emphasis>easy to use</emphasis> because it works in terms
305 of <firstterm>messages</firstterm> rather than byte streams, and
306 automatically handles a lot of the hard IPC issues. Also, the D-Bus
307 library is designed to be wrapped in a way that lets developers use
308 their framework's existing object/type system, rather than learning
309 a new one specifically for IPC.
316 The base D-Bus protocol is a one-to-one (peer-to-peer or client-server)
317 protocol, specified in <xref linkend="message-protocol"/>. That is, it is
318 a system for one application to talk to a single other
319 application. However, the primary intended application of the protocol is the
320 D-Bus <firstterm>message bus</firstterm>, specified in <xref
321 linkend="message-bus"/>. The message bus is a special application that
322 accepts connections from multiple other applications, and forwards
327 Uses of D-Bus include notification of system changes (notification of when
328 a camera is plugged in to a computer, or a new version of some software
329 has been installed), or desktop interoperability, for example a file
330 monitoring service or a configuration service.
334 D-Bus is designed for two specific use cases:
338 A "system bus" for notifications from the system to user sessions,
339 and to allow the system to request input from user sessions.
344 A "session bus" used to implement desktop environments such as
349 D-Bus is not intended to be a generic IPC system for any possible
350 application, and intentionally omits many features found in other
351 IPC systems for this reason.
355 At the same time, the bus daemons offer a number of features not found in
356 other IPC systems, such as single-owner "bus names" (similar to X
357 selections), on-demand startup of services, and security policies.
358 In many ways, these features are the primary motivation for developing
359 D-Bus; other systems would have sufficed if IPC were the only goal.
363 D-Bus may turn out to be useful in unanticipated applications, but future
364 versions of this spec and the reference implementation probably will not
365 incorporate features that interfere with the core use cases.
369 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
370 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
371 document are to be interpreted as described in RFC 2119. However, the
372 document could use a serious audit to be sure it makes sense to do
373 so. Also, they are not capitalized.
376 <sect2 id="stability">
377 <title>Protocol and Specification Stability</title>
379 The D-Bus protocol is frozen (only compatible extensions are allowed) as
380 of November 8, 2006. However, this specification could still use a fair
381 bit of work to make interoperable reimplementation possible without
382 reference to the D-Bus reference implementation. Thus, this
383 specification is not marked 1.0. To mark it 1.0, we'd like to see
384 someone invest significant effort in clarifying the specification
385 language, and growing the specification to cover more aspects of the
386 reference implementation's behavior.
389 Until this work is complete, any attempt to reimplement D-Bus will
390 probably require looking at the reference implementation and/or asking
391 questions on the D-Bus mailing list about intended behavior.
392 Questions on the list are very welcome.
395 Nonetheless, this document should be a useful starting point and is
396 to our knowledge accurate, though incomplete.
402 <sect1 id="type-system">
403 <title>Type System</title>
406 D-Bus has a type system, in which values of various types can be
407 serialized into a sequence of bytes referred to as the
408 <firstterm>wire format</firstterm> in a standard way.
409 Converting a value from some other representation into the wire
410 format is called <firstterm>marshaling</firstterm> and converting
411 it back from the wire format is <firstterm>unmarshaling</firstterm>.
415 The D-Bus protocol does not include type tags in the marshaled data; a
416 block of marshaled values must have a known <firstterm>type
417 signature</firstterm>. The type signature is made up of zero or more
418 <firstterm id="term-single-complete-type">single complete
419 types</firstterm>, each made up of one or more
420 <firstterm>type codes</firstterm>.
424 A type code is an ASCII character representing the
425 type of a value. Because ASCII characters are used, the type signature
426 will always form a valid ASCII string. A simple string compare
427 determines whether two type signatures are equivalent.
431 A single complete type is a sequence of type codes that fully describes
432 one type: either a basic type, or a single fully-described container type.
433 A single complete type is a basic type code, a variant type code,
434 an array with its element type, or a struct with its fields (all of which
435 are defined below). So the following signatures are not single complete
446 And the following signatures contain multiple complete types:
456 Note however that a single complete type may <emphasis>contain</emphasis>
457 multiple other single complete types, by containing a struct or dict
461 <sect2 id="basic-types">
462 <title>Basic types</title>
465 The simplest type codes are the <firstterm id="term-basic-type">basic
466 types</firstterm>, which are the types whose structure is entirely
467 defined by their 1-character type code. Basic types consist of
468 fixed types and string-like types.
472 The <firstterm id="term-fixed-type">fixed types</firstterm>
473 are basic types whose values have a fixed length, namely BYTE,
474 BOOLEAN, DOUBLE, UNIX_FD, and signed or unsigned integers of length
479 As a simple example, the type code for 32-bit integer (<literal>INT32</literal>) is
480 the ASCII character 'i'. So the signature for a block of values
481 containing a single <literal>INT32</literal> would be:
485 A block of values containing two <literal>INT32</literal> would have this signature:
492 The characteristics of the fixed types are listed in this table.
498 <entry>Conventional name</entry>
499 <entry>ASCII type-code</entry>
500 <entry>Encoding</entry>
505 <entry><literal>BYTE</literal></entry>
506 <entry><literal>y</literal> (121)</entry>
507 <entry>Unsigned 8-bit integer</entry>
510 <entry><literal>BOOLEAN</literal></entry>
511 <entry><literal>b</literal> (98)</entry>
512 <entry>Boolean value: 0 is false, 1 is true, any other value
513 allowed by the marshalling format is invalid</entry>
516 <entry><literal>INT16</literal></entry>
517 <entry><literal>n</literal> (110)</entry>
518 <entry>Signed (two's complement) 16-bit integer</entry>
521 <entry><literal>UINT16</literal></entry>
522 <entry><literal>q</literal> (113)</entry>
523 <entry>Unsigned 16-bit integer</entry>
526 <entry><literal>INT32</literal></entry>
527 <entry><literal>i</literal> (105)</entry>
528 <entry>Signed (two's complement) 32-bit integer</entry>
531 <entry><literal>UINT32</literal></entry>
532 <entry><literal>u</literal> (117)</entry>
533 <entry>Unsigned 32-bit integer</entry>
536 <entry><literal>INT64</literal></entry>
537 <entry><literal>x</literal> (120)</entry>
538 <entry>Signed (two's complement) 64-bit integer
539 (mnemonic: x and t are the first characters in "sixty" not
540 already used for something more common)</entry>
543 <entry><literal>UINT64</literal></entry>
544 <entry><literal>t</literal> (116)</entry>
545 <entry>Unsigned 64-bit integer</entry>
548 <entry><literal>DOUBLE</literal></entry>
549 <entry><literal>d</literal> (100)</entry>
550 <entry>IEEE 754 double-precision floating point</entry>
553 <entry><literal>UNIX_FD</literal></entry>
554 <entry><literal>h</literal> (104)</entry>
555 <entry>Unsigned 32-bit integer representing an index into an
556 out-of-band array of file descriptors, transferred via some
557 platform-specific mechanism (mnemonic: h for handle)</entry>
565 The <firstterm id="term-string-like-type">string-like types</firstterm>
566 are basic types with a variable length. The value of any string-like
567 type is conceptually 0 or more Unicode codepoints encoded in UTF-8,
568 none of which may be U+0000. The UTF-8 text must be validated
569 strictly: in particular, it must not contain overlong sequences
570 or codepoints above U+10FFFF.
574 Since D-Bus Specification version 0.21, in accordance with Unicode
575 Corrigendum #9, the "noncharacters" U+FDD0..U+FDEF, U+nFFFE and
576 U+nFFFF are allowed in UTF-8 strings (but note that older versions of
577 D-Bus rejected these noncharacters).
581 The marshalling formats for the string-like types all end with a
582 single zero (NUL) byte, but that byte is not considered to be part of
587 The characteristics of the string-like types are listed in this table.
593 <entry>Conventional name</entry>
594 <entry>ASCII type-code</entry>
595 <entry>Validity constraints</entry>
600 <entry><literal>STRING</literal></entry>
601 <entry><literal>s</literal> (115)</entry>
602 <entry>No extra constraints</entry>
605 <entry><literal>OBJECT_PATH</literal></entry>
606 <entry><literal>o</literal> (111)</entry>
608 <link linkend="message-protocol-marshaling-object-path">a
609 syntactically valid object path</link></entry>
612 <entry><literal>SIGNATURE</literal></entry>
613 <entry><literal>g</literal> (103)</entry>
615 <firstterm linkend="term-single-complete-type">single
616 complete types</firstterm></entry>
623 <sect3 id="message-protocol-marshaling-object-path">
624 <title>Valid Object Paths</title>
627 An object path is a name used to refer to an object instance.
628 Conceptually, each participant in a D-Bus message exchange may have
629 any number of object instances (think of C++ or Java objects) and each
630 such instance will have a path. Like a filesystem, the object
631 instances in an application form a hierarchical tree.
635 Object paths are often namespaced by starting with a reversed
636 domain name and containing an interface version number, in the
638 <link linkend="message-protocol-names-interface">interface
640 <link linkend="message-protocol-names-bus">well-known
642 This makes it possible to implement more than one service, or
643 more than one version of a service, in the same process,
644 even if the services share a connection but cannot otherwise
645 co-operate (for instance, if they are implemented by different
650 Using an object path of <literal>/</literal> is allowed, but
651 recommended against, as it makes versioning of interfaces hard. Any
652 signals emitted from a D-Bus object have the service’s unique bus name
653 associated with them, rather than its well-known name. This means that
654 receipients of the signals must rely entirely on the signal name and
655 object path to work out which interface the signal originated from.
659 For instance, if the owner of <literal>example.com</literal> is
660 developing a D-Bus API for a music player, they might use the
661 hierarchy of object paths that start with
662 <literal>/com/example/MusicPlayer1</literal> for its objects.
666 The following rules define a valid object path. Implementations must
667 not send or accept messages with invalid object paths.
671 The path may be of any length.
676 The path must begin with an ASCII '/' (integer 47) character,
677 and must consist of elements separated by slash characters.
682 Each element must only contain the ASCII characters
688 No element may be the empty string.
693 Multiple '/' characters cannot occur in sequence.
698 A trailing '/' character is not allowed unless the
699 path is the root path (a single '/' character).
707 <sect3 id="message-protocol-marshaling-signature">
708 <title>Valid Signatures</title>
710 An implementation must not send or accept invalid signatures.
711 Valid signatures will conform to the following rules:
715 The signature is a list of single complete types.
716 Arrays must have element types, and structs must
717 have both open and close parentheses.
722 Only type codes, open and close parentheses, and open and
723 close curly brackets are allowed in the signature. The
724 <literal>STRUCT</literal> type code
725 is not allowed in signatures, because parentheses
726 are used instead. Similarly, the
727 <literal>DICT_ENTRY</literal> type code is not allowed in
728 signatures, because curly brackets are used instead.
733 The maximum depth of container type nesting is 32 array type
734 codes and 32 open parentheses. This implies that the maximum
735 total depth of recursion is 64, for an "array of array of array
736 of ... struct of struct of struct of ..." where there are 32
742 The maximum length of a signature is 255.
749 When signatures appear in messages, the marshalling format
750 guarantees that they will be followed by a nul byte (which can
751 be interpreted as either C-style string termination or the INVALID
752 type-code), but this is not conceptually part of the signature.
758 <sect2 id="container-types">
759 <title>Container types</title>
762 In addition to basic types, there are four <firstterm>container</firstterm>
763 types: <literal>STRUCT</literal>, <literal>ARRAY</literal>, <literal>VARIANT</literal>,
764 and <literal>DICT_ENTRY</literal>.
768 <literal>STRUCT</literal> has a type code, ASCII character 'r', but this type
769 code does not appear in signatures. Instead, ASCII characters
770 '(' and ')' are used to mark the beginning and end of the struct.
771 So for example, a struct containing two integers would have this
776 Structs can be nested, so for example a struct containing
777 an integer and another struct:
781 The value block storing that struct would contain three integers; the
782 type signature allows you to distinguish "(i(ii))" from "((ii)i)" or
787 The <literal>STRUCT</literal> type code 'r' is not currently used in the D-Bus protocol,
788 but is useful in code that implements the protocol. This type code
789 is specified to allow such code to interoperate in non-protocol contexts.
793 Empty structures are not allowed; there must be at least one
794 type code between the parentheses.
798 <literal>ARRAY</literal> has ASCII character 'a' as type code. The array type code must be
799 followed by a <firstterm>single complete type</firstterm>. The single
800 complete type following the array is the type of each array element. So
801 the simple example is:
805 which is an array of 32-bit integers. But an array can be of any type,
806 such as this array-of-struct-with-two-int32-fields:
810 Or this array of array of integer:
817 <literal>VARIANT</literal> has ASCII character 'v' as its type code. A marshaled value of
818 type <literal>VARIANT</literal> will have the signature of a single complete type as part
819 of the <emphasis>value</emphasis>. This signature will be followed by a
820 marshaled value of that type.
824 Unlike a message signature, the variant signature can
825 contain only a single complete type. So "i", "ai"
826 or "(ii)" is OK, but "ii" is not. Use of variants may not
827 cause a total message depth to be larger than 64, including
828 other container types such as structures.
832 A <literal>DICT_ENTRY</literal> works exactly like a struct, but rather
833 than parentheses it uses curly braces, and it has more restrictions.
834 The restrictions are: it occurs only as an array element type; it has
835 exactly two single complete types inside the curly braces; the first
836 single complete type (the "key") must be a basic type rather than a
837 container type. Implementations must not accept dict entries outside of
838 arrays, must not accept dict entries with zero, one, or more than two
839 fields, and must not accept dict entries with non-basic-typed keys. A
840 dict entry is always a key-value pair.
844 The first field in the <literal>DICT_ENTRY</literal> is always the key.
845 A message is considered corrupt if the same key occurs twice in the same
846 array of <literal>DICT_ENTRY</literal>. However, for performance reasons
847 implementations are not required to reject dicts with duplicate keys.
851 In most languages, an array of dict entry would be represented as a
852 map, hash table, or dict object.
857 <title>Summary of types</title>
860 The following table summarizes the D-Bus types.
865 <entry>Category</entry>
866 <entry>Conventional Name</entry>
868 <entry>Description</entry>
873 <entry>reserved</entry>
874 <entry><literal>INVALID</literal></entry>
875 <entry>0 (ASCII NUL)</entry>
876 <entry>Not a valid type code, used to terminate signatures</entry>
878 <entry>fixed, basic</entry>
879 <entry><literal>BYTE</literal></entry>
880 <entry>121 (ASCII 'y')</entry>
881 <entry>8-bit unsigned integer</entry>
883 <entry>fixed, basic</entry>
884 <entry><literal>BOOLEAN</literal></entry>
885 <entry>98 (ASCII 'b')</entry>
886 <entry>Boolean value, 0 is <literal>FALSE</literal> and 1 is <literal>TRUE</literal>. Everything else is invalid.</entry>
888 <entry>fixed, basic</entry>
889 <entry><literal>INT16</literal></entry>
890 <entry>110 (ASCII 'n')</entry>
891 <entry>16-bit signed integer</entry>
893 <entry>fixed, basic</entry>
894 <entry><literal>UINT16</literal></entry>
895 <entry>113 (ASCII 'q')</entry>
896 <entry>16-bit unsigned integer</entry>
898 <entry>fixed, basic</entry>
899 <entry><literal>INT32</literal></entry>
900 <entry>105 (ASCII 'i')</entry>
901 <entry>32-bit signed integer</entry>
903 <entry>fixed, basic</entry>
904 <entry><literal>UINT32</literal></entry>
905 <entry>117 (ASCII 'u')</entry>
906 <entry>32-bit unsigned integer</entry>
908 <entry>fixed, basic</entry>
909 <entry><literal>INT64</literal></entry>
910 <entry>120 (ASCII 'x')</entry>
911 <entry>64-bit signed integer</entry>
913 <entry>fixed, basic</entry>
914 <entry><literal>UINT64</literal></entry>
915 <entry>116 (ASCII 't')</entry>
916 <entry>64-bit unsigned integer</entry>
918 <entry>fixed, basic</entry>
919 <entry><literal>DOUBLE</literal></entry>
920 <entry>100 (ASCII 'd')</entry>
921 <entry>IEEE 754 double</entry>
923 <entry>string-like, basic</entry>
924 <entry><literal>STRING</literal></entry>
925 <entry>115 (ASCII 's')</entry>
926 <entry>UTF-8 string (<emphasis>must</emphasis> be valid UTF-8). Must be nul terminated and contain no other nul bytes.</entry>
928 <entry>string-like, basic</entry>
929 <entry><literal>OBJECT_PATH</literal></entry>
930 <entry>111 (ASCII 'o')</entry>
931 <entry>Name of an object instance</entry>
933 <entry>string-like, basic</entry>
934 <entry><literal>SIGNATURE</literal></entry>
935 <entry>103 (ASCII 'g')</entry>
936 <entry>A type signature</entry>
938 <entry>container</entry>
939 <entry><literal>ARRAY</literal></entry>
940 <entry>97 (ASCII 'a')</entry>
943 <entry>container</entry>
944 <entry><literal>STRUCT</literal></entry>
945 <entry>114 (ASCII 'r'), 40 (ASCII '('), 41 (ASCII ')')</entry>
946 <entry>Struct; type code 114 'r' is reserved for use in
947 bindings and implementations to represent the general
948 concept of a struct, and must not appear in signatures
949 used on D-Bus.</entry>
951 <entry>container</entry>
952 <entry><literal>VARIANT</literal></entry>
953 <entry>118 (ASCII 'v') </entry>
954 <entry>Variant type (the type of the value is part of the value itself)</entry>
956 <entry>container</entry>
957 <entry><literal>DICT_ENTRY</literal></entry>
958 <entry>101 (ASCII 'e'), 123 (ASCII '{'), 125 (ASCII '}') </entry>
959 <entry>Entry in a dict or map (array of key-value pairs).
960 Type code 101 'e' is reserved for use in bindings and
961 implementations to represent the general concept of a
962 dict or dict-entry, and must not appear in signatures
963 used on D-Bus.</entry>
965 <entry>fixed, basic</entry>
966 <entry><literal>UNIX_FD</literal></entry>
967 <entry>104 (ASCII 'h')</entry>
968 <entry>Unix file descriptor</entry>
971 <entry>reserved</entry>
972 <entry>(reserved)</entry>
973 <entry>109 (ASCII 'm')</entry>
974 <entry>Reserved for <ulink
975 url="https://bugs.freedesktop.org/show_bug.cgi?id=27857">a
976 'maybe' type compatible with the one in GVariant</ulink>,
977 and must not appear in signatures used on D-Bus until
978 specified here</entry>
981 <entry>reserved</entry>
982 <entry>(reserved)</entry>
983 <entry>42 (ASCII '*')</entry>
984 <entry>Reserved for use in bindings/implementations to
985 represent any <firstterm>single complete type</firstterm>,
986 and must not appear in signatures used on D-Bus.</entry>
989 <entry>reserved</entry>
990 <entry>(reserved)</entry>
991 <entry>63 (ASCII '?')</entry>
992 <entry>Reserved for use in bindings/implementations to
993 represent any <firstterm>basic type</firstterm>, and must
994 not appear in signatures used on D-Bus.</entry>
997 <entry>reserved</entry>
998 <entry>(reserved)</entry>
999 <entry>64 (ASCII '@'), 38 (ASCII '&'),
1000 94 (ASCII '^')</entry>
1001 <entry>Reserved for internal use by bindings/implementations,
1002 and must not appear in signatures used on D-Bus.
1003 GVariant uses these type-codes to encode calling
1004 conventions.</entry>
1014 <sect1 id="message-protocol-marshaling">
1015 <title>Marshaling (Wire Format)</title>
1018 D-Bus defines a marshalling format for its type system, which is
1019 used in D-Bus messages. This is not the only possible marshalling
1020 format for the type system: for instance, GVariant (part of GLib)
1021 re-uses the D-Bus type system but implements an alternative marshalling
1026 <title>Byte order and alignment</title>
1029 Given a type signature, a block of bytes can be converted into typed
1030 values. This section describes the format of the block of bytes. Byte
1031 order and alignment issues are handled uniformly for all D-Bus types.
1035 A block of bytes has an associated byte order. The byte order
1036 has to be discovered in some way; for D-Bus messages, the
1037 byte order is part of the message header as described in
1038 <xref linkend="message-protocol-messages"/>. For now, assume
1039 that the byte order is known to be either little endian or big
1044 Each value in a block of bytes is aligned "naturally," for example
1045 4-byte values are aligned to a 4-byte boundary, and 8-byte values to an
1046 8-byte boundary. Boundaries are calculated globally, with respect to
1047 the first byte in the message. To properly align a value,
1048 <firstterm>alignment padding</firstterm> may be necessary before the
1049 value. The alignment padding must always
1050 be the minimum required padding to properly align the following value;
1051 and it must always be made up of nul bytes. The alignment padding must
1052 not be left uninitialized (it can't contain garbage), and more padding
1053 than required must not be used.
1057 As an exception to natural alignment, <literal>STRUCT</literal> and
1058 <literal>DICT_ENTRY</literal> values are always aligned to an 8-byte
1059 boundary, regardless of the alignments of their contents.
1064 <title>Marshalling basic types</title>
1067 To marshal and unmarshal fixed types, you simply read one value
1068 from the data block corresponding to each type code in the signature.
1069 All signed integer values are encoded in two's complement, DOUBLE
1070 values are IEEE 754 double-precision floating-point, and BOOLEAN
1071 values are encoded in 32 bits (of which only the least significant
1076 The string-like types (STRING, OBJECT_PATH and SIGNATURE) are all
1078 fixed-length unsigned integer <varname>n</varname> giving the
1079 length of the variable part, followed by <varname>n</varname>
1080 nonzero bytes of UTF-8 text, followed by a single zero (nul) byte
1081 which is not considered to be part of the text. The alignment
1082 of the string-like type is the same as the alignment of
1083 <varname>n</varname>: any padding required for <varname>n</varname>
1084 appears immediately before <varname>n</varname> itself. There is never
1085 any alignment padding between <varname>n</varname> and the string text,
1086 or between the string text and the trailing nul. The alignment padding
1087 for the next value in the message (if there is one) starts after the
1092 For the STRING and OBJECT_PATH types, <varname>n</varname> is
1093 encoded in 4 bytes (a <literal>UINT32</literal>), leading to 4-byte
1094 alignment. For the SIGNATURE type, <varname>n</varname> is encoded as a
1095 single byte (a <literal>UINT8</literal>). As a result, alignment
1096 padding is never required before a SIGNATURE.
1100 For example, if the current position is a multiple of 8 bytes from the
1101 beginning of a little-endian message, strings ‘foo’, ‘+’ and ‘bar’
1102 would be serialized in sequence as follows:
1105 <lineannotation>no padding required, we are already at a multiple of 4</lineannotation>
1106 0x03 0x00 0x00 0x00 <lineannotation>length of ‘foo’ = 3</lineannotation>
1107 0x66 0x6f 0x6f <lineannotation>‘foo’</lineannotation>
1108 0x00 <lineannotation>trailing nul</lineannotation>
1110 <lineannotation>no padding required, we are already at a multiple of 4</lineannotation>
1111 0x01 0x00 0x00 0x00 <lineannotation>length of ‘+’ = 1</lineannotation>
1112 0x2b <lineannotation>‘+’</lineannotation>
1113 0x00 <lineannotation>trailing nul</lineannotation>
1115 0x00 0x00 <lineannotation>2 bytes of padding to reach next multiple of 4</lineannotation>
1116 0x03 0x00 0x00 0x00 <lineannotation>length of ‘bar’ = 1</lineannotation>
1117 0x62 0x61 0x72 <lineannotation>‘bar’</lineannotation>
1118 0x00 <lineannotation>trailing nul</lineannotation>
1124 <title>Marshalling containers</title>
1127 Arrays are marshalled as a <literal>UINT32</literal>
1128 <varname>n</varname> giving the length of the array data in bytes,
1129 followed by alignment padding to the alignment boundary of the array
1130 element type, followed by the <varname>n</varname> bytes of the
1131 array elements marshalled in sequence. <varname>n</varname> does not
1132 include the padding after the length, or any padding after the
1133 last element. i.e. <varname>n</varname> should be divisible by the
1134 number of elements in the array.
1138 For instance, if the current position in the message is a multiple
1139 of 8 bytes and the byte-order is big-endian, an array containing only
1140 the 64-bit integer 5 would be marshalled as:
1143 00 00 00 08 <lineannotation><varname>n</varname> = 8 bytes of data</lineannotation>
1144 00 00 00 00 <lineannotation>padding to 8-byte boundary</lineannotation>
1145 00 00 00 00 00 00 00 05 <lineannotation>first element = 5</lineannotation>
1150 Arrays have a maximum length defined to be 2 to the 26th power or
1151 67108864 (64 MiB). Implementations must not send or accept arrays
1152 exceeding this length.
1156 Structs and dict entries are marshalled in the same way as their
1157 contents, but their alignment is always to an 8-byte boundary,
1158 even if their contents would normally be less strictly aligned.
1162 Variants are marshalled as the <literal>SIGNATURE</literal> of
1163 the contents (which must be a single complete type), followed by a
1164 marshalled value with the type given by that signature. The
1165 variant has the same 1-byte alignment as the signature, which means
1166 that alignment padding before a variant is never needed.
1167 Use of variants must not cause a total message depth to be larger
1168 than 64, including other container types such as structures.
1169 (See <link linkend="message-protocol-marshaling-signature">Valid
1175 <title>Summary of D-Bus marshalling</title>
1178 Given all this, the types are marshaled on the wire as follows:
1183 <entry>Conventional Name</entry>
1184 <entry>Encoding</entry>
1185 <entry>Alignment</entry>
1190 <entry><literal>INVALID</literal></entry>
1191 <entry>Not applicable; cannot be marshaled.</entry>
1194 <entry><literal>BYTE</literal></entry>
1195 <entry>A single 8-bit byte.</entry>
1198 <entry><literal>BOOLEAN</literal></entry>
1199 <entry>As for <literal>UINT32</literal>, but only 0 and 1 are valid values.</entry>
1202 <entry><literal>INT16</literal></entry>
1203 <entry>16-bit signed integer in the message's byte order.</entry>
1206 <entry><literal>UINT16</literal></entry>
1207 <entry>16-bit unsigned integer in the message's byte order.</entry>
1210 <entry><literal>INT32</literal></entry>
1211 <entry>32-bit signed integer in the message's byte order.</entry>
1214 <entry><literal>UINT32</literal></entry>
1215 <entry>32-bit unsigned integer in the message's byte order.</entry>
1218 <entry><literal>INT64</literal></entry>
1219 <entry>64-bit signed integer in the message's byte order.</entry>
1222 <entry><literal>UINT64</literal></entry>
1223 <entry>64-bit unsigned integer in the message's byte order.</entry>
1226 <entry><literal>DOUBLE</literal></entry>
1227 <entry>64-bit IEEE 754 double in the message's byte order.</entry>
1230 <entry><literal>STRING</literal></entry>
1231 <entry>A <literal>UINT32</literal> indicating the string's
1232 length in bytes excluding its terminating nul, followed by
1233 non-nul string data of the given length, followed by a terminating nul
1240 <entry><literal>OBJECT_PATH</literal></entry>
1241 <entry>Exactly the same as <literal>STRING</literal> except the
1242 content must be a valid object path (see above).
1248 <entry><literal>SIGNATURE</literal></entry>
1249 <entry>The same as <literal>STRING</literal> except the length is a single
1250 byte (thus signatures have a maximum length of 255)
1251 and the content must be a valid signature (see above).
1257 <entry><literal>ARRAY</literal></entry>
1259 A <literal>UINT32</literal> giving the length of the array data in bytes, followed by
1260 alignment padding to the alignment boundary of the array element type,
1261 followed by each array element.
1267 <entry><literal>STRUCT</literal></entry>
1269 A struct must start on an 8-byte boundary regardless of the
1270 type of the struct fields. The struct value consists of each
1271 field marshaled in sequence starting from that 8-byte
1278 <entry><literal>VARIANT</literal></entry>
1280 The marshaled <literal>SIGNATURE</literal> of a single
1281 complete type, followed by a marshaled value with the type
1282 given in the signature.
1285 1 (alignment of the signature)
1288 <entry><literal>DICT_ENTRY</literal></entry>
1290 Identical to STRUCT.
1296 <entry><literal>UNIX_FD</literal></entry>
1297 <entry>32-bit unsigned integer in the message's byte
1298 order. The actual file descriptors need to be
1299 transferred out-of-band via some platform specific
1300 mechanism. On the wire, values of this type store the index to the
1301 file descriptor in the array of file descriptors that
1302 accompany the message.</entry>
1314 <sect1 id="message-protocol">
1315 <title>Message Protocol</title>
1318 A <firstterm>message</firstterm> consists of a
1319 <firstterm>header</firstterm> and a <firstterm>body</firstterm>. If you
1320 think of a message as a package, the header is the address, and the body
1321 contains the package contents. The message delivery system uses the header
1322 information to figure out where to send the message and how to interpret
1323 it; the recipient interprets the body of the message.
1327 The body of the message is made up of zero or more
1328 <firstterm>arguments</firstterm>, which are typed values, such as an
1329 integer or a byte array.
1333 Both header and body use the D-Bus <link linkend="type-system">type
1334 system</link> and format for serializing data.
1337 <sect2 id="message-protocol-messages">
1338 <title>Message Format</title>
1341 A message consists of a header and a body. The header is a block of
1342 values with a fixed signature and meaning. The body is a separate block
1343 of values, with a signature specified in the header.
1347 The length of the header must be a multiple of 8, allowing the body to
1348 begin on an 8-byte boundary when storing the entire message in a single
1349 buffer. If the header does not naturally end on an 8-byte boundary
1350 up to 7 bytes of nul-initialized alignment padding must be added.
1354 The message body need not end on an 8-byte boundary.
1358 The maximum length of a message, including header, header alignment padding,
1359 and body is 2 to the 27th power or 134217728 (128 MiB).
1360 Implementations must not send or accept messages exceeding this size.
1364 The signature of the header is:
1368 Written out more readably, this is:
1370 BYTE, BYTE, BYTE, BYTE, UINT32, UINT32, ARRAY of STRUCT of (BYTE,VARIANT)
1375 These values have the following meanings:
1380 <entry>Value</entry>
1381 <entry>Description</entry>
1386 <entry>1st <literal>BYTE</literal></entry>
1387 <entry>Endianness flag; ASCII 'l' for little-endian
1388 or ASCII 'B' for big-endian. Both header and body are
1389 in this endianness.</entry>
1392 <entry>2nd <literal>BYTE</literal></entry>
1393 <entry><firstterm>Message type</firstterm>. Unknown types must be ignored.
1394 Currently-defined types are described below.
1398 <entry>3rd <literal>BYTE</literal></entry>
1399 <entry>Bitwise OR of flags. Unknown flags
1400 must be ignored. Currently-defined flags are described below.
1404 <entry>4th <literal>BYTE</literal></entry>
1405 <entry>Major protocol version of the sending application. If
1406 the major protocol version of the receiving application does not
1407 match, the applications will not be able to communicate and the
1408 D-Bus connection must be disconnected. The major protocol
1409 version for this version of the specification is 1.
1413 <entry>1st <literal>UINT32</literal></entry>
1414 <entry>Length in bytes of the message body, starting
1415 from the end of the header. The header ends after
1416 its alignment padding to an 8-boundary.
1420 <entry>2nd <literal>UINT32</literal></entry>
1421 <entry>The serial of this message, used as a cookie
1422 by the sender to identify the reply corresponding
1423 to this request. This must not be zero.
1427 <entry><literal>ARRAY</literal> of <literal>STRUCT</literal> of (<literal>BYTE</literal>,<literal>VARIANT</literal>)</entry>
1428 <entry>An array of zero or more <firstterm>header
1429 fields</firstterm> where the byte is the field code, and the
1430 variant is the field value. The message type determines
1431 which fields are required.
1439 <firstterm>Message types</firstterm> that can appear in the second byte
1445 <entry>Conventional name</entry>
1446 <entry>Decimal value</entry>
1447 <entry>Description</entry>
1452 <entry><literal>INVALID</literal></entry>
1454 <entry>This is an invalid type.</entry>
1457 <entry><literal>METHOD_CALL</literal></entry>
1459 <entry>Method call. This message type may prompt a
1463 <entry><literal>METHOD_RETURN</literal></entry>
1465 <entry>Method reply with returned data.</entry>
1468 <entry><literal>ERROR</literal></entry>
1470 <entry>Error reply. If the first argument exists and is a
1471 string, it is an error message.</entry>
1474 <entry><literal>SIGNAL</literal></entry>
1476 <entry>Signal emission.</entry>
1483 Flags that can appear in the third byte of the header:
1488 <entry>Conventional name</entry>
1489 <entry>Hex value</entry>
1490 <entry>Description</entry>
1495 <entry><literal>NO_REPLY_EXPECTED</literal></entry>
1499 This message does not expect method return replies or
1500 error replies, even if it is of a type that can
1501 have a reply; the reply should be omitted.
1504 Note that METHOD_CALL is the only message type currently
1505 defined in this specification that can expect a reply,
1506 so the presence or absence of this flag in the other
1507 three message types that are currently
1508 documented is meaningless: replies to those message
1509 types should not be sent, whether this flag is present
1515 <entry><literal>NO_AUTO_START</literal></entry>
1517 <entry>The bus must not launch an owner
1518 for the destination name in response to this message.
1522 <entry><literal>ALLOW_INTERACTIVE_AUTHORIZATION</literal></entry>
1526 This flag may be set on a method call message to
1527 inform the receiving side that the caller is prepared
1528 to wait for interactive authorization, which might
1529 take a considerable time to complete. For instance,
1530 if this flag is set, it would be appropriate to
1531 query the user for passwords or confirmation via
1532 Polkit or a similar framework.
1535 This flag is only useful when
1536 unprivileged code calls a more privileged method call,
1537 and an authorization framework is deployed that allows
1538 possibly interactive authorization. If no such framework
1539 is deployed it has no effect. This flag should not
1540 be set by default by client implementations. If it is
1541 set, the caller should also set a suitably long timeout
1542 on the method call to make sure the user interaction
1543 may complete. This flag is only valid for method call
1544 messages, and shall be ignored otherwise.
1547 Interaction that takes place as a part of the
1548 effect of the method being called is outside the scope
1549 of this flag, even if it could also be characterized
1550 as authentication or authorization. For instance, in
1551 a method call that directs a network management service
1552 to attempt to connect to a virtual private network,
1553 this flag should control how the network management
1554 service makes the decision "is this user allowed to
1555 change system network configuration?", but it should
1556 not affect how or whether the network management
1557 service interacts with the user to obtain the credentials
1558 that are required for access to the VPN.
1561 If a this flag is not set on a method call, and a
1562 service determines that the requested operation is
1563 not allowed without interactive authorization, but
1564 could be allowed after successful interactive
1565 authorization, it may return the
1566 <literal>org.freedesktop.DBus.Error.InteractiveAuthorizationRequired</literal>
1570 The absence of this flag does not guarantee that
1571 interactive authorization will not be applied, since
1572 existing services that pre-date this flag might
1573 already use interactive authorization. However,
1574 existing D-Bus APIs that will use interactive
1575 authorization should document that the call may take
1576 longer than usual, and new D-Bus APIs should avoid
1577 interactive authorization in the absence of this flag.
1586 <sect3 id="message-protocol-header-fields">
1587 <title>Header Fields</title>
1590 The array at the end of the header contains <firstterm>header
1591 fields</firstterm>, where each field is a 1-byte field code followed
1592 by a field value. A header must contain the required header fields for
1593 its message type, and zero or more of any optional header
1594 fields. Future versions of this protocol specification may add new
1595 fields. Implementations must ignore fields they do not
1596 understand. Implementations must not invent their own header fields;
1597 only changes to this specification may introduce new header fields.
1601 Again, if an implementation sees a header field code that it does not
1602 expect, it must ignore that field, as it will be part of a new
1603 (but compatible) version of this specification. This also applies
1604 to known header fields appearing in unexpected messages, for
1605 example: if a signal has a reply serial it must be ignored
1606 even though it has no meaning as of this version of the spec.
1610 However, implementations must not send or accept known header fields
1611 with the wrong type stored in the field value. So for example a
1612 message with an <literal>INTERFACE</literal> field of type
1613 <literal>UINT32</literal> would be considered corrupt.
1617 Here are the currently-defined header fields:
1622 <entry>Conventional Name</entry>
1623 <entry>Decimal Code</entry>
1625 <entry>Required In</entry>
1626 <entry>Description</entry>
1631 <entry><literal>INVALID</literal></entry>
1634 <entry>not allowed</entry>
1635 <entry>Not a valid field name (error if it appears in a message)</entry>
1638 <entry><literal>PATH</literal></entry>
1640 <entry><literal>OBJECT_PATH</literal></entry>
1641 <entry><literal>METHOD_CALL</literal>, <literal>SIGNAL</literal></entry>
1642 <entry>The object to send a call to,
1643 or the object a signal is emitted from.
1645 <literal>/org/freedesktop/DBus/Local</literal> is reserved;
1646 implementations should not send messages with this path,
1647 and the reference implementation of the bus daemon will
1648 disconnect any application that attempts to do so.
1652 <entry><literal>INTERFACE</literal></entry>
1654 <entry><literal>STRING</literal></entry>
1655 <entry><literal>SIGNAL</literal></entry>
1657 The interface to invoke a method call on, or
1658 that a signal is emitted from. Optional for
1659 method calls, required for signals.
1660 The special interface
1661 <literal>org.freedesktop.DBus.Local</literal> is reserved;
1662 implementations should not send messages with this
1663 interface, and the reference implementation of the bus
1664 daemon will disconnect any application that attempts to
1669 <entry><literal>MEMBER</literal></entry>
1671 <entry><literal>STRING</literal></entry>
1672 <entry><literal>METHOD_CALL</literal>, <literal>SIGNAL</literal></entry>
1673 <entry>The member, either the method name or signal name.</entry>
1676 <entry><literal>ERROR_NAME</literal></entry>
1678 <entry><literal>STRING</literal></entry>
1679 <entry><literal>ERROR</literal></entry>
1680 <entry>The name of the error that occurred, for errors</entry>
1683 <entry><literal>REPLY_SERIAL</literal></entry>
1685 <entry><literal>UINT32</literal></entry>
1686 <entry><literal>ERROR</literal>, <literal>METHOD_RETURN</literal></entry>
1687 <entry>The serial number of the message this message is a reply
1688 to. (The serial number is the second <literal>UINT32</literal> in the header.)</entry>
1691 <entry><literal>DESTINATION</literal></entry>
1693 <entry><literal>STRING</literal></entry>
1694 <entry>optional</entry>
1695 <entry>The name of the connection this message is intended for.
1696 Only used in combination with the message bus, see
1697 <xref linkend="message-bus"/>.</entry>
1700 <entry><literal>SENDER</literal></entry>
1702 <entry><literal>STRING</literal></entry>
1703 <entry>optional</entry>
1704 <entry>Unique name of the sending connection.
1705 The message bus fills in this field so it is reliable; the field is
1706 only meaningful in combination with the message bus.</entry>
1709 <entry><literal>SIGNATURE</literal></entry>
1711 <entry><literal>SIGNATURE</literal></entry>
1712 <entry>optional</entry>
1713 <entry>The signature of the message body.
1714 If omitted, it is assumed to be the
1715 empty signature "" (i.e. the body must be 0-length).</entry>
1718 <entry><literal>UNIX_FDS</literal></entry>
1720 <entry><literal>UINT32</literal></entry>
1721 <entry>optional</entry>
1722 <entry>The number of Unix file descriptors that
1723 accompany the message. If omitted, it is assumed
1724 that no Unix file descriptors accompany the
1725 message. The actual file descriptors need to be
1726 transferred via platform specific mechanism
1727 out-of-band. They must be sent at the same time as
1728 part of the message itself. They may not be sent
1729 before the first byte of the message itself is
1730 transferred or after the last byte of the message
1740 <sect2 id="message-protocol-names">
1741 <title>Valid Names</title>
1743 The various names in D-Bus messages have some restrictions.
1746 There is a <firstterm>maximum name length</firstterm>
1747 of 255 which applies to bus names, interfaces, and members.
1749 <sect3 id="message-protocol-names-interface">
1750 <title>Interface names</title>
1752 Interfaces have names with type <literal>STRING</literal>, meaning that
1753 they must be valid UTF-8. However, there are also some
1754 additional restrictions that apply to interface names
1757 <listitem><para>Interface names are composed of 1 or more elements separated by
1758 a period ('.') character. All elements must contain at least
1762 <listitem><para>Each element must only contain the ASCII characters
1763 "[A-Z][a-z][0-9]_" and must not begin with a digit.
1767 <listitem><para>Interface names must contain at least one '.' (period)
1768 character (and thus at least two elements).
1771 <listitem><para>Interface names must not begin with a '.' (period) character.</para></listitem>
1772 <listitem><para>Interface names must not exceed the maximum name length.</para></listitem>
1777 Interface names should start with the reversed DNS domain name of
1778 the author of the interface (in lower-case), like interface names
1779 in Java. It is conventional for the rest of the interface name
1780 to consist of words run together, with initial capital letters
1781 on all words ("CamelCase"). Several levels of hierarchy can be used.
1782 It is also a good idea to include the major version of the interface
1783 in the name, and increment it if incompatible changes are made;
1784 this way, a single object can implement several versions of an
1785 interface in parallel, if necessary.
1789 For instance, if the owner of <literal>example.com</literal> is
1790 developing a D-Bus API for a music player, they might define
1791 interfaces called <literal>com.example.MusicPlayer1</literal>,
1792 <literal>com.example.MusicPlayer1.Track</literal> and
1793 <literal>com.example.MusicPlayer1.Seekable</literal>.
1797 D-Bus does not distinguish between the concepts that would be
1798 called classes and interfaces in Java: either can be identified on
1799 D-Bus by an interface name.
1802 <sect3 id="message-protocol-names-bus">
1803 <title>Bus names</title>
1805 Connections have one or more bus names associated with them.
1806 A connection has exactly one bus name that is a <firstterm>unique
1807 connection name</firstterm>. The unique connection name remains
1808 with the connection for its entire lifetime.
1809 A bus name is of type <literal>STRING</literal>,
1810 meaning that it must be valid UTF-8. However, there are also
1811 some additional restrictions that apply to bus names
1814 <listitem><para>Bus names that start with a colon (':')
1815 character are unique connection names. Other bus names
1816 are called <firstterm>well-known bus names</firstterm>.
1819 <listitem><para>Bus names are composed of 1 or more elements separated by
1820 a period ('.') character. All elements must contain at least
1824 <listitem><para>Each element must only contain the ASCII characters
1825 "[A-Z][a-z][0-9]_-". Only elements that are part of a unique
1826 connection name may begin with a digit, elements in
1827 other bus names must not begin with a digit.
1831 <listitem><para>Bus names must contain at least one '.' (period)
1832 character (and thus at least two elements).
1835 <listitem><para>Bus names must not begin with a '.' (period) character.</para></listitem>
1836 <listitem><para>Bus names must not exceed the maximum name length.</para></listitem>
1840 Note that the hyphen ('-') character is allowed in bus names but
1841 not in interface names.
1845 Like <link linkend="message-protocol-names-interface">interface
1846 names</link>, well-known bus names should start with the
1847 reversed DNS domain name of the author of the interface (in
1848 lower-case), and it is conventional for the rest of the well-known
1849 bus name to consist of words run together, with initial
1850 capital letters. As with interface names, including a version
1851 number in well-known bus names is a good idea; it's possible to
1852 have the well-known bus name for more than one version
1853 simultaneously if backwards compatibility is required.
1857 If a well-known bus name implies the presence of a "main" interface,
1858 that "main" interface is often given the same name as
1859 the well-known bus name, and situated at the corresponding object
1860 path. For instance, if the owner of <literal>example.com</literal>
1861 is developing a D-Bus API for a music player, they might define
1862 that any application that takes the well-known name
1863 <literal>com.example.MusicPlayer1</literal> should have an object
1864 at the object path <literal>/com/example/MusicPlayer1</literal>
1865 which implements the interface
1866 <literal>com.example.MusicPlayer1</literal>.
1869 <sect3 id="message-protocol-names-member">
1870 <title>Member names</title>
1872 Member (i.e. method or signal) names:
1874 <listitem><para>Must only contain the ASCII characters
1875 "[A-Z][a-z][0-9]_" and may not begin with a
1876 digit.</para></listitem>
1877 <listitem><para>Must not contain the '.' (period) character.</para></listitem>
1878 <listitem><para>Must not exceed the maximum name length.</para></listitem>
1879 <listitem><para>Must be at least 1 byte in length.</para></listitem>
1884 It is conventional for member names on D-Bus to consist of
1885 capitalized words with no punctuation ("camel-case").
1886 Method names should usually be verbs, such as
1887 <literal>GetItems</literal>, and signal names should usually be
1888 a description of an event, such as <literal>ItemsChanged</literal>.
1891 <sect3 id="message-protocol-names-error">
1892 <title>Error names</title>
1894 Error names have the same restrictions as interface names.
1898 Error names have the same naming conventions as interface
1899 names, and often contain <literal>.Error.</literal>; for instance,
1900 the owner of <literal>example.com</literal> might define the
1901 errors <literal>com.example.MusicPlayer1.Error.FileNotFound</literal>
1902 and <literal>com.example.MusicPlayer1.Error.OutOfMemory</literal>.
1903 The errors defined by D-Bus itself, such as
1904 <literal>org.freedesktop.DBus.Error.Failed</literal>, follow a
1910 <sect2 id="message-protocol-types">
1911 <title>Message Types</title>
1913 Each of the message types (<literal>METHOD_CALL</literal>, <literal>METHOD_RETURN</literal>, <literal>ERROR</literal>, and
1914 <literal>SIGNAL</literal>) has its own expected usage conventions and header fields.
1915 This section describes these conventions.
1917 <sect3 id="message-protocol-types-method">
1918 <title>Method Calls</title>
1920 Some messages invoke an operation on a remote object. These are
1921 called method call messages and have the type tag <literal>METHOD_CALL</literal>. Such
1922 messages map naturally to methods on objects in a typical program.
1925 A method call message is required to have a <literal>MEMBER</literal> header field
1926 indicating the name of the method. Optionally, the message has an
1927 <literal>INTERFACE</literal> field giving the interface the method is a part of.
1928 Including the <literal>INTERFACE</literal> in all method call
1929 messages is strongly recommended.
1932 In the absence of an <literal>INTERFACE</literal> field, if two
1933 or more interfaces on the same object have a method with the same
1934 name, it is undefined which of those methods will be invoked.
1935 Implementations may choose to either return an error, or deliver the
1936 message as though it had an arbitrary one of those interfaces.
1939 In some situations (such as the well-known system bus), messages
1940 are filtered through an access-control list external to the
1941 remote object implementation. If that filter rejects certain
1942 messages by matching their interface, or accepts only messages
1943 to specific interfaces, it must also reject messages that have no
1944 <literal>INTERFACE</literal>: otherwise, malicious
1945 applications could use this to bypass the filter.
1948 Method call messages also include a <literal>PATH</literal> field
1949 indicating the object to invoke the method on. If the call is passing
1950 through a message bus, the message will also have a
1951 <literal>DESTINATION</literal> field giving the name of the connection
1952 to receive the message.
1955 When an application handles a method call message, it is required to
1956 return a reply. The reply is identified by a <literal>REPLY_SERIAL</literal> header field
1957 indicating the serial number of the <literal>METHOD_CALL</literal> being replied to. The
1958 reply can have one of two types; either <literal>METHOD_RETURN</literal> or <literal>ERROR</literal>.
1961 If the reply has type <literal>METHOD_RETURN</literal>, the arguments to the reply message
1962 are the return value(s) or "out parameters" of the method call.
1963 If the reply has type <literal>ERROR</literal>, then an "exception" has been thrown,
1964 and the call fails; no return value will be provided. It makes
1965 no sense to send multiple replies to the same method call.
1968 Even if a method call has no return values, a <literal>METHOD_RETURN</literal>
1969 reply is required, so the caller will know the method
1970 was successfully processed.
1973 The <literal>METHOD_RETURN</literal> or <literal>ERROR</literal> reply message must have the <literal>REPLY_SERIAL</literal>
1977 If a <literal>METHOD_CALL</literal> message has the flag <literal>NO_REPLY_EXPECTED</literal>,
1978 then the application receiving the method should not send the reply message (regardless of
1979 whether the reply would have been <literal>METHOD_RETURN</literal> or <literal>ERROR</literal>).
1982 Unless a message has the flag <literal>NO_AUTO_START</literal>, if the
1983 destination name does not exist then a program to own the destination
1984 name will be started (activated) before the message is delivered. See
1985 <xref linkend="message-bus-starting-services"/>.
1987 will be held until the new program is successfully started or has
1988 failed to start; in case of failure, an error will be returned. This
1989 flag is only relevant in the context of a message bus, it is ignored
1990 during one-to-one communication with no intermediate bus.
1992 <sect4 id="message-protocol-types-method-apis">
1993 <title>Mapping method calls to native APIs</title>
1995 APIs for D-Bus may map method calls to a method call in a specific
1996 programming language, such as C++, or may map a method call written
1997 in an IDL to a D-Bus message.
2000 In APIs of this nature, arguments to a method are often termed "in"
2001 (which implies sent in the <literal>METHOD_CALL</literal>), or "out" (which implies
2002 returned in the <literal>METHOD_RETURN</literal>). Some APIs such as CORBA also have
2003 "inout" arguments, which are both sent and received, i.e. the caller
2004 passes in a value which is modified. Mapped to D-Bus, an "inout"
2005 argument is equivalent to an "in" argument, followed by an "out"
2006 argument. You can't pass things "by reference" over the wire, so
2007 "inout" is purely an illusion of the in-process API.
2010 Given a method with zero or one return values, followed by zero or more
2011 arguments, where each argument may be "in", "out", or "inout", the
2012 caller constructs a message by appending each "in" or "inout" argument,
2013 in order. "out" arguments are not represented in the caller's message.
2016 The recipient constructs a reply by appending first the return value
2017 if any, then each "out" or "inout" argument, in order.
2018 "in" arguments are not represented in the reply message.
2021 Error replies are normally mapped to exceptions in languages that have
2025 In converting from native APIs to D-Bus, it is perhaps nice to
2026 map D-Bus naming conventions ("FooBar") to native conventions
2027 such as "fooBar" or "foo_bar" automatically. This is OK
2028 as long as you can say that the native API is one that
2029 was specifically written for D-Bus. It makes the most sense
2030 when writing object implementations that will be exported
2031 over the bus. Object proxies used to invoke remote D-Bus
2032 objects probably need the ability to call any D-Bus method,
2033 and thus a magic name mapping like this could be a problem.
2036 This specification doesn't require anything of native API bindings;
2037 the preceding is only a suggested convention for consistency
2043 <sect3 id="message-protocol-types-signal">
2044 <title>Signal Emission</title>
2046 Unlike method calls, signal emissions have no replies.
2047 A signal emission is simply a single message of type <literal>SIGNAL</literal>.
2048 It must have three header fields: <literal>PATH</literal> giving the object
2049 the signal was emitted from, plus <literal>INTERFACE</literal> and <literal>MEMBER</literal> giving
2050 the fully-qualified name of the signal. The <literal>INTERFACE</literal> header is required
2051 for signals, though it is optional for method calls.
2055 <sect3 id="message-protocol-types-errors">
2056 <title>Errors</title>
2058 Messages of type <literal>ERROR</literal> are most commonly replies
2059 to a <literal>METHOD_CALL</literal>, but may be returned in reply
2060 to any kind of message. The message bus for example
2061 will return an <literal>ERROR</literal> in reply to a signal emission if
2062 the bus does not have enough memory to send the signal.
2065 An <literal>ERROR</literal> may have any arguments, but if the first
2066 argument is a <literal>STRING</literal>, it must be an error message.
2067 The error message may be logged or shown to the user
2072 <sect3 id="message-protocol-types-notation">
2073 <title>Notation in this document</title>
2075 This document uses a simple pseudo-IDL to describe particular method
2076 calls and signals. Here is an example of a method call:
2078 org.freedesktop.DBus.StartServiceByName (in STRING name, in UINT32 flags,
2079 out UINT32 resultcode)
2081 This means <literal>INTERFACE</literal> = org.freedesktop.DBus, <literal>MEMBER</literal> = StartServiceByName,
2082 <literal>METHOD_CALL</literal> arguments are <literal>STRING</literal> and <literal>UINT32</literal>, <literal>METHOD_RETURN</literal> argument
2083 is <literal>UINT32</literal>. Remember that the <literal>MEMBER</literal> field can't contain any '.' (period)
2084 characters so it's known that the last part of the name in
2085 the "IDL" is the member name.
2088 In C++ that might end up looking like this:
2090 unsigned int org::freedesktop::DBus::StartServiceByName (const char *name,
2091 unsigned int flags);
2093 or equally valid, the return value could be done as an argument:
2095 void org::freedesktop::DBus::StartServiceByName (const char *name,
2097 unsigned int *resultcode);
2099 It's really up to the API designer how they want to make
2100 this look. You could design an API where the namespace wasn't used
2101 in C++, using STL or Qt, using varargs, or whatever you wanted.
2104 Signals are written as follows:
2106 org.freedesktop.DBus.NameLost (STRING name)
2108 Signals don't specify "in" vs. "out" because only
2109 a single direction is possible.
2112 It isn't especially encouraged to use this lame pseudo-IDL in actual
2113 API implementations; you might use the native notation for the
2114 language you're using, or you might use COM or CORBA IDL, for example.
2119 <sect2 id="message-protocol-handling-invalid">
2120 <title>Invalid Protocol and Spec Extensions</title>
2123 For security reasons, the D-Bus protocol should be strictly parsed and
2124 validated, with the exception of defined extension points. Any invalid
2125 protocol or spec violations should result in immediately dropping the
2126 connection without notice to the other end. Exceptions should be
2127 carefully considered, e.g. an exception may be warranted for a
2128 well-understood idiosyncrasy of a widely-deployed implementation. In
2129 cases where the other end of a connection is 100% trusted and known to
2130 be friendly, skipping validation for performance reasons could also make
2131 sense in certain cases.
2135 Generally speaking violations of the "must" requirements in this spec
2136 should be considered possible attempts to exploit security, and violations
2137 of the "should" suggestions should be considered legitimate (though perhaps
2138 they should generate an error in some cases).
2142 The following extension points are built in to D-Bus on purpose and must
2143 not be treated as invalid protocol. The extension points are intended
2144 for use by future versions of this spec, they are not intended for third
2145 parties. At the moment, the only way a third party could extend D-Bus
2146 without breaking interoperability would be to introduce a way to negotiate new
2147 feature support as part of the auth protocol, using EXTENSION_-prefixed
2148 commands. There is not yet a standard way to negotiate features.
2152 In the authentication protocol (see <xref linkend="auth-protocol"/>) unknown
2153 commands result in an ERROR rather than a disconnect. This enables
2154 future extensions to the protocol. Commands starting with EXTENSION_ are
2155 reserved for third parties.
2160 The authentication protocol supports pluggable auth mechanisms.
2165 The address format (see <xref linkend="addresses"/>) supports new
2171 Messages with an unknown type (something other than
2172 <literal>METHOD_CALL</literal>, <literal>METHOD_RETURN</literal>,
2173 <literal>ERROR</literal>, <literal>SIGNAL</literal>) are ignored.
2174 Unknown-type messages must still be well-formed in the same way
2175 as the known messages, however. They still have the normal
2181 Header fields with an unknown or unexpected field code must be ignored,
2182 though again they must still be well-formed.
2187 New standard interfaces (with new methods and signals) can of course be added.
2197 <sect1 id="auth-protocol">
2198 <title>Authentication Protocol</title>
2200 Before the flow of messages begins, two applications must
2201 authenticate. A simple plain-text protocol is used for
2202 authentication; this protocol is a SASL profile, and maps fairly
2203 directly from the SASL specification. The message encoding is
2204 NOT used here, only plain text messages.
2207 In examples, "C:" and "S:" indicate lines sent by the client and
2208 server respectively.
2210 <sect2 id="auth-protocol-overview">
2211 <title>Protocol Overview</title>
2213 The protocol is a line-based protocol, where each line ends with
2214 \r\n. Each line begins with an all-caps ASCII command name containing
2215 only the character range [A-Z_], a space, then any arguments for the
2216 command, then the \r\n ending the line. The protocol is
2217 case-sensitive. All bytes must be in the ASCII character set.
2219 Commands from the client to the server are as follows:
2222 <listitem><para>AUTH [mechanism] [initial-response]</para></listitem>
2223 <listitem><para>CANCEL</para></listitem>
2224 <listitem><para>BEGIN</para></listitem>
2225 <listitem><para>DATA <data in hex encoding></para></listitem>
2226 <listitem><para>ERROR [human-readable error explanation]</para></listitem>
2227 <listitem><para>NEGOTIATE_UNIX_FD</para></listitem>
2230 From server to client are as follows:
2233 <listitem><para>REJECTED <space-separated list of mechanism names></para></listitem>
2234 <listitem><para>OK <GUID in hex></para></listitem>
2235 <listitem><para>DATA <data in hex encoding></para></listitem>
2236 <listitem><para>ERROR</para></listitem>
2237 <listitem><para>AGREE_UNIX_FD</para></listitem>
2241 Unofficial extensions to the command set must begin with the letters
2242 "EXTENSION_", to avoid conflicts with future official commands.
2243 For example, "EXTENSION_COM_MYDOMAIN_DO_STUFF".
2246 <sect2 id="auth-nul-byte">
2247 <title>Special credentials-passing nul byte</title>
2249 Immediately after connecting to the server, the client must send a
2250 single nul byte. This byte may be accompanied by credentials
2251 information on some operating systems that use sendmsg() with
2252 SCM_CREDS or SCM_CREDENTIALS to pass credentials over UNIX domain
2253 sockets. However, the nul byte must be sent even on other kinds of
2254 socket, and even on operating systems that do not require a byte to be
2255 sent in order to transmit credentials. The text protocol described in
2256 this document begins after the single nul byte. If the first byte
2257 received from the client is not a nul byte, the server may disconnect
2261 A nul byte in any context other than the initial byte is an error;
2262 the protocol is ASCII-only.
2265 The credentials sent along with the nul byte may be used with the
2266 SASL mechanism EXTERNAL.
2269 <sect2 id="auth-command-auth">
2270 <title>AUTH command</title>
2272 If an AUTH command has no arguments, it is a request to list
2273 available mechanisms. The server must respond with a REJECTED
2274 command listing the mechanisms it understands, or with an error.
2277 If an AUTH command specifies a mechanism, and the server supports
2278 said mechanism, the server should begin exchanging SASL
2279 challenge-response data with the client using DATA commands.
2282 If the server does not support the mechanism given in the AUTH
2283 command, it must send either a REJECTED command listing the mechanisms
2284 it does support, or an error.
2287 If the [initial-response] argument is provided, it is intended for use
2288 with mechanisms that have no initial challenge (or an empty initial
2289 challenge), as if it were the argument to an initial DATA command. If
2290 the selected mechanism has an initial challenge and [initial-response]
2291 was provided, the server should reject authentication by sending
2295 If authentication succeeds after exchanging DATA commands,
2296 an OK command must be sent to the client.
2299 The first octet received by the server after the \r\n of the BEGIN
2300 command from the client must be the first octet of the
2301 authenticated/encrypted stream of D-Bus messages.
2304 If BEGIN is received by the server, the first octet received
2305 by the client after the \r\n of the OK command must be the
2306 first octet of the authenticated/encrypted stream of D-Bus
2310 <sect2 id="auth-command-cancel">
2311 <title>CANCEL Command</title>
2313 At any time up to sending the BEGIN command, the client may send a
2314 CANCEL command. On receiving the CANCEL command, the server must
2315 send a REJECTED command and abort the current authentication
2319 <sect2 id="auth-command-data">
2320 <title>DATA Command</title>
2322 The DATA command may come from either client or server, and simply
2323 contains a hex-encoded block of data to be interpreted
2324 according to the SASL mechanism in use.
2327 Some SASL mechanisms support sending an "empty string";
2328 FIXME we need some way to do this.
2331 <sect2 id="auth-command-begin">
2332 <title>BEGIN Command</title>
2334 The BEGIN command acknowledges that the client has received an
2335 OK command from the server, and that the stream of messages
2339 The first octet received by the server after the \r\n of the BEGIN
2340 command from the client must be the first octet of the
2341 authenticated/encrypted stream of D-Bus messages.
2344 <sect2 id="auth-command-rejected">
2345 <title>REJECTED Command</title>
2347 The REJECTED command indicates that the current authentication
2348 exchange has failed, and further exchange of DATA is inappropriate.
2349 The client would normally try another mechanism, or try providing
2350 different responses to challenges.
2352 Optionally, the REJECTED command has a space-separated list of
2353 available auth mechanisms as arguments. If a server ever provides
2354 a list of supported mechanisms, it must provide the same list
2355 each time it sends a REJECTED message. Clients are free to
2356 ignore all lists received after the first.
2359 <sect2 id="auth-command-ok">
2360 <title>OK Command</title>
2362 The OK command indicates that the client has been
2363 authenticated. The client may now proceed with negotiating
2364 Unix file descriptor passing. To do that it shall send
2365 NEGOTIATE_UNIX_FD to the server.
2368 Otherwise, the client must respond to the OK command by
2369 sending a BEGIN command, followed by its stream of messages,
2370 or by disconnecting. The server must not accept additional
2371 commands using this protocol after the BEGIN command has been
2372 received. Further communication will be a stream of D-Bus
2373 messages (optionally encrypted, as negotiated) rather than
2377 If a client sends BEGIN the first octet received by the client
2378 after the \r\n of the OK command must be the first octet of
2379 the authenticated/encrypted stream of D-Bus messages.
2382 The OK command has one argument, which is the GUID of the server.
2383 See <xref linkend="addresses"/> for more on server GUIDs.
2386 <sect2 id="auth-command-error">
2387 <title>ERROR Command</title>
2389 The ERROR command indicates that either server or client did not
2390 know a command, does not accept the given command in the current
2391 context, or did not understand the arguments to the command. This
2392 allows the protocol to be extended; a client or server can send a
2393 command present or permitted only in new protocol versions, and if
2394 an ERROR is received instead of an appropriate response, fall back
2395 to using some other technique.
2398 If an ERROR is sent, the server or client that sent the
2399 error must continue as if the command causing the ERROR had never been
2400 received. However, the the server or client receiving the error
2401 should try something other than whatever caused the error;
2402 if only canceling/rejecting the authentication.
2405 If the D-Bus protocol changes incompatibly at some future time,
2406 applications implementing the new protocol would probably be able to
2407 check for support of the new protocol by sending a new command and
2408 receiving an ERROR from applications that don't understand it. Thus the
2409 ERROR feature of the auth protocol is an escape hatch that lets us
2410 negotiate extensions or changes to the D-Bus protocol in the future.
2413 <sect2 id="auth-command-negotiate-unix-fd">
2414 <title>NEGOTIATE_UNIX_FD Command</title>
2416 The NEGOTIATE_UNIX_FD command indicates that the client
2417 supports Unix file descriptor passing. This command may only
2418 be sent after the connection is authenticated, i.e. after OK
2419 was received by the client. This command may only be sent on
2420 transports that support Unix file descriptor passing.
2423 On receiving NEGOTIATE_UNIX_FD the server must respond with
2424 either AGREE_UNIX_FD or ERROR. It shall respond the former if
2425 the transport chosen supports Unix file descriptor passing and
2426 the server supports this feature. It shall respond the latter
2427 if the transport does not support Unix file descriptor
2428 passing, the server does not support this feature, or the
2429 server decides not to enable file descriptor passing due to
2430 security or other reasons.
2433 <sect2 id="auth-command-agree-unix-fd">
2434 <title>AGREE_UNIX_FD Command</title>
2436 The AGREE_UNIX_FD command indicates that the server supports
2437 Unix file descriptor passing. This command may only be sent
2438 after the connection is authenticated, and the client sent
2439 NEGOTIATE_UNIX_FD to enable Unix file descriptor passing. This
2440 command may only be sent on transports that support Unix file
2444 On receiving AGREE_UNIX_FD the client must respond with BEGIN,
2445 followed by its stream of messages, or by disconnecting. The
2446 server must not accept additional commands using this protocol
2447 after the BEGIN command has been received. Further
2448 communication will be a stream of D-Bus messages (optionally
2449 encrypted, as negotiated) rather than this protocol.
2452 <sect2 id="auth-command-future">
2453 <title>Future Extensions</title>
2455 Future extensions to the authentication and negotiation
2456 protocol are possible. For that new commands may be
2457 introduced. If a client or server receives an unknown command
2458 it shall respond with ERROR and not consider this fatal. New
2459 commands may be introduced both before, and after
2460 authentication, i.e. both before and after the OK command.
2463 <sect2 id="auth-examples">
2464 <title>Authentication examples</title>
2468 <title>Example of successful magic cookie authentication</title>
2470 (MAGIC_COOKIE is a made up mechanism)
2472 C: AUTH MAGIC_COOKIE 3138363935333137393635383634
2478 <title>Example of finding out mechanisms then picking one</title>
2481 S: REJECTED KERBEROS_V4 SKEY
2482 C: AUTH SKEY 7ab83f32ee
2483 S: DATA 8799cabb2ea93e
2484 C: DATA 8ac876e8f68ee9809bfa876e6f9876g8fa8e76e98f
2490 <title>Example of client sends unknown command then falls back to regular auth</title>
2494 C: AUTH MAGIC_COOKIE 3736343435313230333039
2500 <title>Example of server doesn't support initial auth mechanism</title>
2502 C: AUTH MAGIC_COOKIE 3736343435313230333039
2503 S: REJECTED KERBEROS_V4 SKEY
2504 C: AUTH SKEY 7ab83f32ee
2505 S: DATA 8799cabb2ea93e
2506 C: DATA 8ac876e8f68ee9809bfa876e6f9876g8fa8e76e98f
2512 <title>Example of wrong password or the like followed by successful retry</title>
2514 C: AUTH MAGIC_COOKIE 3736343435313230333039
2515 S: REJECTED KERBEROS_V4 SKEY
2516 C: AUTH SKEY 7ab83f32ee
2517 S: DATA 8799cabb2ea93e
2518 C: DATA 8ac876e8f68ee9809bfa876e6f9876g8fa8e76e98f
2520 C: AUTH SKEY 7ab83f32ee
2521 S: DATA 8799cabb2ea93e
2522 C: DATA 8ac876e8f68ee9809bfa876e6f9876g8fa8e76e98f
2528 <title>Example of skey cancelled and restarted</title>
2530 C: AUTH MAGIC_COOKIE 3736343435313230333039
2531 S: REJECTED KERBEROS_V4 SKEY
2532 C: AUTH SKEY 7ab83f32ee
2533 S: DATA 8799cabb2ea93e
2536 C: AUTH SKEY 7ab83f32ee
2537 S: DATA 8799cabb2ea93e
2538 C: DATA 8ac876e8f68ee9809bfa876e6f9876g8fa8e76e98f
2544 <title>Example of successful magic cookie authentication with successful negotiation of Unix FD passing</title>
2546 (MAGIC_COOKIE is a made up mechanism)
2548 C: AUTH MAGIC_COOKIE 3138363935333137393635383634
2550 C: NEGOTIATE_UNIX_FD
2556 <title>Example of successful magic cookie authentication with unsuccessful negotiation of Unix FD passing</title>
2558 (MAGIC_COOKIE is a made up mechanism)
2560 C: AUTH MAGIC_COOKIE 3138363935333137393635383634
2562 C: NEGOTIATE_UNIX_FD
2569 <sect2 id="auth-states">
2570 <title>Authentication state diagrams</title>
2573 This section documents the auth protocol in terms of
2574 a state machine for the client and the server. This is
2575 probably the most robust way to implement the protocol.
2578 <sect3 id="auth-states-client">
2579 <title>Client states</title>
2582 To more precisely describe the interaction between the
2583 protocol state machine and the authentication mechanisms the
2584 following notation is used: MECH(CHALL) means that the
2585 server challenge CHALL was fed to the mechanism MECH, which
2591 CONTINUE(RESP) means continue the auth conversation
2592 and send RESP as the response to the server;
2598 OK(RESP) means that after sending RESP to the server
2599 the client side of the auth conversation is finished
2600 and the server should return "OK";
2606 ERROR means that CHALL was invalid and could not be
2612 Both RESP and CHALL may be empty.
2616 The Client starts by getting an initial response from the
2617 default mechanism and sends AUTH MECH RESP, or AUTH MECH if
2618 the mechanism did not provide an initial response. If the
2619 mechanism returns CONTINUE, the client starts in state
2620 <emphasis>WaitingForData</emphasis>, if the mechanism
2621 returns OK the client starts in state
2622 <emphasis>WaitingForOK</emphasis>.
2626 The client should keep track of available mechanisms and
2627 which it mechanisms it has already attempted. This list is
2628 used to decide which AUTH command to send. When the list is
2629 exhausted, the client should give up and close the
2634 <title><emphasis>WaitingForData</emphasis></title>
2642 MECH(CHALL) returns CONTINUE(RESP) → send
2644 <emphasis>WaitingForData</emphasis>
2648 MECH(CHALL) returns OK(RESP) → send DATA
2649 RESP, goto <emphasis>WaitingForOK</emphasis>
2653 MECH(CHALL) returns ERROR → send ERROR
2654 [msg], goto <emphasis>WaitingForData</emphasis>
2662 Receive REJECTED [mechs] →
2663 send AUTH [next mech], goto
2664 WaitingForData or <emphasis>WaitingForOK</emphasis>
2669 Receive ERROR → send
2671 <emphasis>WaitingForReject</emphasis>
2676 Receive OK → send
2677 BEGIN, terminate auth
2678 conversation, authenticated
2683 Receive anything else → send
2685 <emphasis>WaitingForData</emphasis>
2693 <title><emphasis>WaitingForOK</emphasis></title>
2698 Receive OK → send BEGIN, terminate auth
2699 conversation, <emphasis>authenticated</emphasis>
2704 Receive REJECTED [mechs] → send AUTH [next mech],
2705 goto <emphasis>WaitingForData</emphasis> or
2706 <emphasis>WaitingForOK</emphasis>
2712 Receive DATA → send CANCEL, goto
2713 <emphasis>WaitingForReject</emphasis>
2719 Receive ERROR → send CANCEL, goto
2720 <emphasis>WaitingForReject</emphasis>
2726 Receive anything else → send ERROR, goto
2727 <emphasis>WaitingForOK</emphasis>
2735 <title><emphasis>WaitingForReject</emphasis></title>
2740 Receive REJECTED [mechs] → send AUTH [next mech],
2741 goto <emphasis>WaitingForData</emphasis> or
2742 <emphasis>WaitingForOK</emphasis>
2748 Receive anything else → terminate auth
2749 conversation, disconnect
2758 <sect3 id="auth-states-server">
2759 <title>Server states</title>
2762 For the server MECH(RESP) means that the client response
2763 RESP was fed to the the mechanism MECH, which returns one of
2768 CONTINUE(CHALL) means continue the auth conversation and
2769 send CHALL as the challenge to the client;
2775 OK means that the client has been successfully
2782 REJECTED means that the client failed to authenticate or
2783 there was an error in RESP.
2788 The server starts out in state
2789 <emphasis>WaitingForAuth</emphasis>. If the client is
2790 rejected too many times the server must disconnect the
2795 <title><emphasis>WaitingForAuth</emphasis></title>
2801 Receive AUTH → send REJECTED [mechs], goto
2802 <emphasis>WaitingForAuth</emphasis>
2808 Receive AUTH MECH RESP
2812 MECH not valid mechanism → send REJECTED
2814 <emphasis>WaitingForAuth</emphasis>
2818 MECH(RESP) returns CONTINUE(CHALL) → send
2820 <emphasis>WaitingForData</emphasis>
2824 MECH(RESP) returns OK → send OK, goto
2825 <emphasis>WaitingForBegin</emphasis>
2829 MECH(RESP) returns REJECTED → send REJECTED
2831 <emphasis>WaitingForAuth</emphasis>
2839 Receive BEGIN → terminate
2840 auth conversation, disconnect
2846 Receive ERROR → send REJECTED [mechs], goto
2847 <emphasis>WaitingForAuth</emphasis>
2853 Receive anything else → send
2855 <emphasis>WaitingForAuth</emphasis>
2864 <title><emphasis>WaitingForData</emphasis></title>
2872 MECH(RESP) returns CONTINUE(CHALL) → send
2874 <emphasis>WaitingForData</emphasis>
2878 MECH(RESP) returns OK → send OK, goto
2879 <emphasis>WaitingForBegin</emphasis>
2883 MECH(RESP) returns REJECTED → send REJECTED
2885 <emphasis>WaitingForAuth</emphasis>
2893 Receive BEGIN → terminate auth conversation,
2900 Receive CANCEL → send REJECTED [mechs], goto
2901 <emphasis>WaitingForAuth</emphasis>
2907 Receive ERROR → send REJECTED [mechs], goto
2908 <emphasis>WaitingForAuth</emphasis>
2914 Receive anything else → send ERROR, goto
2915 <emphasis>WaitingForData</emphasis>
2923 <title><emphasis>WaitingForBegin</emphasis></title>
2928 Receive BEGIN → terminate auth conversation,
2929 client authenticated
2935 Receive CANCEL → send REJECTED [mechs], goto
2936 <emphasis>WaitingForAuth</emphasis>
2942 Receive ERROR → send REJECTED [mechs], goto
2943 <emphasis>WaitingForAuth</emphasis>
2949 Receive anything else → send ERROR, goto
2950 <emphasis>WaitingForBegin</emphasis>
2960 <sect2 id="auth-mechanisms">
2961 <title>Authentication mechanisms</title>
2963 This section describes some new authentication mechanisms.
2964 D-Bus also allows any standard SASL mechanism of course.
2966 <sect3 id="auth-mechanisms-sha">
2967 <title>DBUS_COOKIE_SHA1</title>
2969 The DBUS_COOKIE_SHA1 mechanism is designed to establish that a client
2970 has the ability to read a private file owned by the user being
2971 authenticated. If the client can prove that it has access to a secret
2972 cookie stored in this file, then the client is authenticated.
2973 Thus the security of DBUS_COOKIE_SHA1 depends on a secure home
2977 Throughout this description, "hex encoding" must output the digits
2978 from a to f in lower-case; the digits A to F must not be used
2979 in the DBUS_COOKIE_SHA1 mechanism.
2982 Authentication proceeds as follows:
2986 The client sends the username it would like to authenticate
2992 The server sends the name of its "cookie context" (see below); a
2993 space character; the integer ID of the secret cookie the client
2994 must demonstrate knowledge of; a space character; then a
2995 randomly-generated challenge string, all of this hex-encoded into
3001 The client locates the cookie and generates its own
3002 randomly-generated challenge string. The client then concatenates
3003 the server's decoded challenge, a ":" character, its own challenge,
3004 another ":" character, and the cookie. It computes the SHA-1 hash
3005 of this composite string as a hex digest. It concatenates the
3006 client's challenge string, a space character, and the SHA-1 hex
3007 digest, hex-encodes the result and sends it back to the server.
3012 The server generates the same concatenated string used by the
3013 client and computes its SHA-1 hash. It compares the hash with
3014 the hash received from the client; if the two hashes match, the
3015 client is authenticated.
3021 Each server has a "cookie context," which is a name that identifies a
3022 set of cookies that apply to that server. A sample context might be
3023 "org_freedesktop_session_bus". Context names must be valid ASCII,
3024 nonzero length, and may not contain the characters slash ("/"),
3025 backslash ("\"), space (" "), newline ("\n"), carriage return ("\r"),
3026 tab ("\t"), or period ("."). There is a default context,
3027 "org_freedesktop_general" that's used by servers that do not specify
3031 Cookies are stored in a user's home directory, in the directory
3032 <filename>~/.dbus-keyrings/</filename>. This directory must
3033 not be readable or writable by other users. If it is,
3034 clients and servers must ignore it. The directory
3035 contains cookie files named after the cookie context.
3038 A cookie file contains one cookie per line. Each line
3039 has three space-separated fields:
3043 The cookie ID number, which must be a non-negative integer and
3044 may not be used twice in the same file.
3049 The cookie's creation time, in UNIX seconds-since-the-epoch
3055 The cookie itself, a hex-encoded random block of bytes. The cookie
3056 may be of any length, though obviously security increases
3057 as the length increases.
3063 Only server processes modify the cookie file.
3064 They must do so with this procedure:
3068 Create a lockfile name by appending ".lock" to the name of the
3069 cookie file. The server should attempt to create this file
3070 using <literal>O_CREAT | O_EXCL</literal>. If file creation
3071 fails, the lock fails. Servers should retry for a reasonable
3072 period of time, then they may choose to delete an existing lock
3073 to keep users from having to manually delete a stale
3074 lock. <footnote><para>Lockfiles are used instead of real file
3075 locking <literal>fcntl()</literal> because real locking
3076 implementations are still flaky on network
3077 filesystems.</para></footnote>
3082 Once the lockfile has been created, the server loads the cookie
3083 file. It should then delete any cookies that are old (the
3084 timeout can be fairly short), or more than a reasonable
3085 time in the future (so that cookies never accidentally
3086 become permanent, if the clock was set far into the future
3087 at some point). If no recent keys remain, the
3088 server may generate a new key.
3093 The pruned and possibly added-to cookie file
3094 must be resaved atomically (using a temporary
3095 file which is rename()'d).
3100 The lock must be dropped by deleting the lockfile.
3106 Clients need not lock the file in order to load it,
3107 because servers are required to save the file atomically.
3112 <sect1 id="addresses">
3113 <title>Server Addresses</title>
3115 Server addresses consist of a transport name followed by a colon, and
3116 then an optional, comma-separated list of keys and values in the form key=value.
3117 Each value is escaped.
3121 <programlisting>unix:path=/tmp/dbus-test</programlisting>
3122 Which is the address to a unix socket with the path /tmp/dbus-test.
3125 Value escaping is similar to URI escaping but simpler.
3129 The set of optionally-escaped bytes is:
3130 <literal>[-0-9A-Za-z_/.\]</literal>. To escape, each
3131 <emphasis>byte</emphasis> (note, not character) which is not in the
3132 set of optionally-escaped bytes must be replaced with an ASCII
3133 percent (<literal>%</literal>) and the value of the byte in hex.
3134 The hex value must always be two digits, even if the first digit is
3135 zero. The optionally-escaped bytes may be escaped if desired.
3140 To unescape, append each byte in the value; if a byte is an ASCII
3141 percent (<literal>%</literal>) character then append the following
3142 hex value instead. It is an error if a <literal>%</literal> byte
3143 does not have two hex digits following. It is an error if a
3144 non-optionally-escaped byte is seen unescaped.
3148 The set of optionally-escaped bytes is intended to preserve address
3149 readability and convenience.
3153 A server may specify a key-value pair with the key <literal>guid</literal>
3154 and the value a hex-encoded 16-byte sequence. <xref linkend="uuids"/>
3155 describes the format of the <literal>guid</literal> field. If present,
3156 this UUID may be used to distinguish one server address from another. A
3157 server should use a different UUID for each address it listens on. For
3158 example, if a message bus daemon offers both UNIX domain socket and TCP
3159 connections, but treats clients the same regardless of how they connect,
3160 those two connections are equivalent post-connection but should have
3161 distinct UUIDs to distinguish the kinds of connection.
3165 The intent of the address UUID feature is to allow a client to avoid
3166 opening multiple identical connections to the same server, by allowing the
3167 client to check whether an address corresponds to an already-existing
3168 connection. Comparing two addresses is insufficient, because addresses
3169 can be recycled by distinct servers, and equivalent addresses may look
3170 different if simply compared as strings (for example, the host in a TCP
3171 address can be given as an IP address or as a hostname).
3175 Note that the address key is <literal>guid</literal> even though the
3176 rest of the API and documentation says "UUID," for historical reasons.
3180 [FIXME clarify if attempting to connect to each is a requirement
3181 or just a suggestion]
3182 When connecting to a server, multiple server addresses can be
3183 separated by a semi-colon. The library will then try to connect
3184 to the first address and if that fails, it'll try to connect to
3185 the next one specified, and so forth. For example
3186 <programlisting>unix:path=/tmp/dbus-test;unix:path=/tmp/dbus-test2</programlisting>
3190 Some addresses are <firstterm>connectable</firstterm>. A connectable
3191 address is one containing enough information for a client to connect
3192 to it. For instance, <literal>tcp:host=127.0.0.1,port=4242</literal>
3193 is a connectable address. It is not necessarily possible to listen
3194 on every connectable address: for instance, it is not possible to
3195 listen on a <literal>unixexec:</literal> address.
3199 Some addresses are <firstterm>listenable</firstterm>. A listenable
3200 address is one containing enough information for a server to listen on
3201 it, producing a connectable address (which may differ from the
3202 original address). Many listenable addresses are not connectable:
3203 for instance, <literal>tcp:host=127.0.0.1</literal>
3204 is listenable, but not connectable (because it does not specify
3209 Listening on an address that is not connectable will result in a
3210 connectable address that is not the same as the listenable address.
3211 For instance, listening on <literal>tcp:host=127.0.0.1</literal>
3212 might result in the connectable address
3213 <literal>tcp:host=127.0.0.1,port=30958</literal>,
3214 listening on <literal>unix:tmpdir=/tmp</literal>
3215 might result in the connectable address
3216 <literal>unix:abstract=/tmp/dbus-U8OSdmf7</literal>, or
3217 listening on <literal>unix:runtime=yes</literal>
3218 might result in the connectable address
3219 <literal>unix:path=/run/user/1234/bus</literal>.
3223 <sect1 id="transports">
3224 <title>Transports</title>
3226 [FIXME we need to specify in detail each transport and its possible arguments]
3228 Current transports include: unix domain sockets (including
3229 abstract namespace on linux), launchd, systemd, TCP/IP, an executed subprocess and a debug/testing transport
3230 using in-process pipes. Future possible transports include one that
3231 tunnels over X11 protocol.
3234 <sect2 id="transports-unix-domain-sockets">
3235 <title>Unix Domain Sockets</title>
3237 Unix domain sockets can be either paths in the file system or on Linux
3238 kernels, they can be abstract which are similar to paths but
3239 do not show up in the file system.
3243 When a socket is opened by the D-Bus library it truncates the path
3244 name right before the first trailing Nul byte. This is true for both
3245 normal paths and abstract paths. Note that this is a departure from
3246 previous versions of D-Bus that would create sockets with a fixed
3247 length path name. Names which were shorter than the fixed length
3248 would be padded by Nul bytes.
3251 Unix domain sockets are not available on Windows.
3254 Unix addresses that specify <literal>path</literal> or
3255 <literal>abstract</literal> are both listenable and connectable.
3256 Unix addresses that specify <literal>tmpdir</literal>
3257 or <literal>dir</literal> are only
3258 listenable: the corresponding connectable address will specify
3259 either <literal>path</literal> or <literal>abstract</literal>.
3260 Similarly, Unix addresses that specify <literal>runtime</literal>
3261 are only listenable, and the corresponding connectable address
3262 will specify <literal>path</literal>.
3264 <sect3 id="transports-unix-domain-sockets-addresses">
3265 <title>Server Address Format</title>
3267 Unix domain socket addresses are identified by the "unix:" prefix
3268 and support the following key/value pairs:
3275 <entry>Values</entry>
3276 <entry>Description</entry>
3282 <entry>(path)</entry>
3284 Path of the unix domain socket.
3289 <entry>(path)</entry>
3291 Directory in which a socket file with a random file name
3292 starting with 'dbus-' will be created by the server. This key
3293 can only be used in server addresses, not in client addresses;
3294 the resulting client address will have the "path" key instead.
3299 <entry>tmpdir</entry>
3300 <entry>(path)</entry>
3302 The same as "dir", except that on platforms with
3303 abstract sockets, the server may attempt to create an
3304 abstract socket whose name starts with this directory instead
3305 of a path-based socket. This key can only be used in server
3306 addresses, not in client addresses; the resulting client address
3307 will have the "abstract" or "path" key instead.
3311 <entry>abstract</entry>
3312 <entry>(string)</entry>
3314 Unique string in the abstract namespace, often syntactically
3315 resembling a path but unconnected to the filesystem namespace.
3316 This key is only supported on platforms with abstract Unix
3317 sockets, of which Linux is the only known example.
3321 <entry>runtime</entry>
3322 <entry><literal>yes</literal></entry>
3323 <entry>If given, This key can only be used in server addresses, not in client addresses. If set, its value must be <literal>yes</literal>. This is typically used in an address string like <literal>unix:runtime=yes;unix:tmpdir=/tmp</literal> so that there can be a fallback if <literal>XDG_RUNTIME_DIR</literal> is not set.</entry>
3329 Exactly one of the keys <literal>path</literal>,
3330 <literal>abstract</literal>, <literal>runtime</literal>,
3331 <literal>dir</literal> or <literal>tmpdir</literal> must be provided.
3335 <sect2 id="transports-launchd">
3336 <title>launchd</title>
3338 launchd is an open-source server management system that replaces init, inetd
3339 and cron on Apple Mac OS X versions 10.4 and above. It provides a common session
3340 bus address for each user and deprecates the X11-enabled D-Bus launcher on OSX.
3344 launchd allocates a socket and provides it with the unix path through the
3345 DBUS_LAUNCHD_SESSION_BUS_SOCKET variable in launchd's environment. Every process
3346 spawned by launchd (or dbus-daemon, if it was started by launchd) can access
3347 it through its environment.
3348 Other processes can query for the launchd socket by executing:
3349 $ launchctl getenv DBUS_LAUNCHD_SESSION_BUS_SOCKET
3350 This is normally done by the D-Bus client library so doesn't have to be done
3354 launchd is not available on Microsoft Windows.
3357 launchd addresses are listenable and connectable.
3359 <sect3 id="transports-launchd-addresses">
3360 <title>Server Address Format</title>
3362 launchd addresses are identified by the "launchd:" prefix
3363 and support the following key/value pairs:
3370 <entry>Values</entry>
3371 <entry>Description</entry>
3377 <entry>(environment variable)</entry>
3378 <entry>path of the unix domain socket for the launchd created dbus-daemon.</entry>
3384 The <literal>env</literal> key is required.
3388 <sect2 id="transports-systemd">
3389 <title>systemd</title>
3391 systemd is an open-source server management system that
3392 replaces init and inetd on newer Linux systems. It supports
3393 socket activation. The D-Bus systemd transport is used to acquire
3394 socket activation file descriptors from systemd and use them
3395 as D-Bus transport when the current process is spawned by
3396 socket activation from it.
3399 The systemd transport accepts only one or more Unix domain or
3400 TCP streams sockets passed in via socket activation.
3403 The systemd transport is not available on non-Linux operating systems.
3406 The systemd transport defines no parameter keys.
3409 systemd addresses are listenable, but not connectable. The
3410 corresponding connectable address is the <literal>unix</literal>
3411 or <literal>tcp</literal> address of the socket.
3414 <sect2 id="transports-tcp-sockets">
3415 <title>TCP Sockets</title>
3417 The tcp transport provides TCP/IP based connections between clients
3418 located on the same or different hosts.
3421 Using tcp transport without any additional secure authentification mechanismus
3422 over a network is unsecure.
3425 On Windows and most Unix platforms, the TCP stack is unable to transfer
3426 credentials over a TCP connection, so the EXTERNAL authentication
3427 mechanism does not work for this transport.
3430 All <literal>tcp</literal> addresses are listenable.
3431 <literal>tcp</literal> addresses in which both
3432 <literal>host</literal> and <literal>port</literal> are
3433 specified, and <literal>port</literal> is non-zero,
3434 are also connectable.
3436 <sect3 id="transports-tcp-sockets-addresses">
3437 <title>Server Address Format</title>
3439 TCP/IP socket addresses are identified by the "tcp:" prefix
3440 and support the following key/value pairs:
3447 <entry>Values</entry>
3448 <entry>Description</entry>
3454 <entry>(string)</entry>
3455 <entry>DNS name or IP address</entry>
3459 <entry>(string)</entry>
3460 <entry>Used in a listenable address to configure the interface
3461 on which the server will listen: either the IP address of one of
3462 the local machine's interfaces (most commonly <literal>127.0.0.1
3463 </literal>), or a DNS name that resolves to one of those IP
3464 addresses, or '*' to listen on all interfaces simultaneously.
3465 If not specified, the default is the same value as "host".
3470 <entry>(number)</entry>
3471 <entry>The tcp port the server will open. A zero value let the server
3472 choose a free port provided from the underlaying operating system.
3473 libdbus is able to retrieve the real used port from the server.
3477 <entry>family</entry>
3478 <entry>(string)</entry>
3479 <entry>If set, provide the type of socket family either "ipv4" or "ipv6". If unset, the family is unspecified.</entry>
3486 <sect2 id="transports-nonce-tcp-sockets">
3487 <title>Nonce-secured TCP Sockets</title>
3489 The nonce-tcp transport provides a secured TCP transport, using a
3490 simple authentication mechanism to ensure that only clients with read
3491 access to a certain location in the filesystem can connect to the server.
3492 The server writes a secret, the nonce, to a file and an incoming client
3493 connection is only accepted if the client sends the nonce right after
3494 the connect. The nonce mechanism requires no setup and is orthogonal to
3495 the higher-level authentication mechanisms described in the
3496 Authentication section.
3500 On start, the server generates a random 16 byte nonce and writes it
3501 to a file in the user's temporary directory. The nonce file location
3502 is published as part of the server's D-Bus address using the
3503 "noncefile" key-value pair.
3505 After an accept, the server reads 16 bytes from the socket. If the
3506 read bytes do not match the nonce stored in the nonce file, the
3507 server MUST immediately drop the connection.
3508 If the nonce match the received byte sequence, the client is accepted
3509 and the transport behaves like an unsecured tcp transport.
3512 After a successful connect to the server socket, the client MUST read
3513 the nonce from the file published by the server via the noncefile=
3514 key-value pair and send it over the socket. After that, the
3515 transport behaves like an unsecured tcp transport.
3518 All nonce-tcp addresses are listenable. nonce-tcp addresses in which
3519 <literal>host</literal>, <literal>port</literal> and
3520 <literal>noncefile</literal> are all specified,
3521 and <literal>port</literal> is nonzero, are also connectable.
3523 <sect3 id="transports-nonce-tcp-sockets-addresses">
3524 <title>Server Address Format</title>
3526 Nonce TCP/IP socket addresses uses the "nonce-tcp:" prefix
3527 and support the following key/value pairs:
3534 <entry>Values</entry>
3535 <entry>Description</entry>
3541 <entry>(string)</entry>
3542 <entry>DNS name or IP address</entry>
3546 <entry>(string)</entry>
3547 <entry>The same as for tcp: addresses
3552 <entry>(number)</entry>
3553 <entry>The tcp port the server will open. A zero value let the server
3554 choose a free port provided from the underlaying operating system.
3555 libdbus is able to retrieve the real used port from the server.
3559 <entry>family</entry>
3560 <entry>(string)</entry>
3561 <entry>If set, provide the type of socket family either "ipv4" or "ipv6". If unset, the family is unspecified.</entry>
3564 <entry>noncefile</entry>
3565 <entry>(path)</entry>
3566 <entry>File location containing the secret.
3567 This is only meaningful in connectable addresses:
3568 a listening D-Bus server that offers this transport
3569 will always create a new nonce file.</entry>
3576 <sect2 id="transports-exec">
3577 <title>Executed Subprocesses on Unix</title>
3579 This transport forks off a process and connects its standard
3580 input and standard output with an anonymous Unix domain
3581 socket. This socket is then used for communication by the
3582 transport. This transport may be used to use out-of-process
3583 forwarder programs as basis for the D-Bus protocol.
3586 The forked process will inherit the standard error output and
3587 process group from the parent process.
3590 Executed subprocesses are not available on Windows.
3593 <literal>unixexec</literal> addresses are connectable, but are not
3596 <sect3 id="transports-exec-addresses">
3597 <title>Server Address Format</title>
3599 Executed subprocess addresses are identified by the "unixexec:" prefix
3600 and support the following key/value pairs:
3607 <entry>Values</entry>
3608 <entry>Description</entry>
3614 <entry>(path)</entry>
3615 <entry>Path of the binary to execute, either an absolute
3616 path or a binary name that is searched for in the default
3617 search path of the OS. This corresponds to the first
3618 argument of execlp(). This key is mandatory.</entry>
3621 <entry>argv0</entry>
3622 <entry>(string)</entry>
3623 <entry>The program name to use when executing the
3624 binary. If omitted the same value as specified for path=
3625 will be used. This corresponds to the second argument of
3629 <entry>argv1, argv2, ...</entry>
3630 <entry>(string)</entry>
3631 <entry>Arguments to pass to the binary. This corresponds
3632 to the third and later arguments of execlp(). If a
3633 specific argvX is not specified no further argvY for Y > X
3634 are taken into account.</entry>
3642 <sect1 id="meta-transports">
3643 <title>Meta Transports</title>
3645 Meta transports are a kind of transport with special enhancements or
3646 behavior. Currently available meta transports include: autolaunch
3649 <sect2 id="meta-transports-autolaunch">
3650 <title>Autolaunch</title>
3651 <para>The autolaunch transport provides a way for dbus clients to autodetect
3652 a running dbus session bus and to autolaunch a session bus if not present.
3655 On Unix, <literal>autolaunch</literal> addresses are connectable,
3659 On Windows, <literal>autolaunch</literal> addresses are both
3660 connectable and listenable.
3663 <sect3 id="meta-transports-autolaunch-addresses">
3664 <title>Server Address Format</title>
3666 Autolaunch addresses uses the "autolaunch:" prefix and support the
3667 following key/value pairs:
3674 <entry>Values</entry>
3675 <entry>Description</entry>
3680 <entry>scope</entry>
3681 <entry>(string)</entry>
3682 <entry>scope of autolaunch (Windows only)
3686 "*install-path" - limit session bus to dbus installation path.
3687 The dbus installation path is determined from the location of
3688 the shared dbus library. If the library is located in a 'bin'
3689 subdirectory the installation root is the directory above,
3690 otherwise the directory where the library lives is taken as
3693 <install-root>/bin/[lib]dbus-1.dll
3694 <install-root>/[lib]dbus-1.dll
3700 "*user" - limit session bus to the recent user.
3705 other values - specify dedicated session bus like "release",
3717 <sect3 id="meta-transports-autolaunch-windows-implementation">
3718 <title>Windows implementation</title>
3720 On start, the server opens a platform specific transport, creates a mutex
3721 and a shared memory section containing the related session bus address.
3722 This mutex will be inspected by the dbus client library to detect a
3723 running dbus session bus. The access to the mutex and the shared memory
3724 section are protected by global locks.
3727 In the recent implementation the autolaunch transport uses a tcp transport
3728 on localhost with a port choosen from the operating system. This detail may
3729 change in the future.
3732 Disclaimer: The recent implementation is in an early state and may not
3733 work in all cirumstances and/or may have security issues. Because of this
3734 the implementation is not documentated yet.
3741 <title>UUIDs</title>
3743 A working D-Bus implementation uses universally-unique IDs in two places.
3744 First, each server address has a UUID identifying the address,
3745 as described in <xref linkend="addresses"/>. Second, each operating
3746 system kernel instance running a D-Bus client or server has a UUID
3747 identifying that kernel, retrieved by invoking the method
3748 org.freedesktop.DBus.Peer.GetMachineId() (see <xref
3749 linkend="standard-interfaces-peer"/>).
3752 The term "UUID" in this document is intended literally, i.e. an
3753 identifier that is universally unique. It is not intended to refer to
3754 RFC4122, and in fact the D-Bus UUID is not compatible with that RFC.
3757 The UUID must contain 128 bits of data and be hex-encoded. The
3758 hex-encoded string may not contain hyphens or other non-hex-digit
3759 characters, and it must be exactly 32 characters long. To generate a
3760 UUID, the current reference implementation concatenates 96 bits of random
3761 data followed by the 32-bit time in seconds since the UNIX epoch (in big
3765 It would also be acceptable and probably better to simply generate 128
3766 bits of random data, as long as the random number generator is of high
3767 quality. The timestamp could conceivably help if the random bits are not
3768 very random. With a quality random number generator, collisions are
3769 extremely unlikely even with only 96 bits, so it's somewhat academic.
3772 Implementations should, however, stick to random data for the first 96 bits
3777 <sect1 id="standard-interfaces">
3778 <title>Standard Interfaces</title>
3780 See <xref linkend="message-protocol-types-notation"/> for details on
3781 the notation used in this section. There are some standard interfaces
3782 that may be useful across various D-Bus applications.
3784 <sect2 id="standard-interfaces-peer">
3785 <title><literal>org.freedesktop.DBus.Peer</literal></title>
3787 The <literal>org.freedesktop.DBus.Peer</literal> interface
3790 org.freedesktop.DBus.Peer.Ping ()
3791 org.freedesktop.DBus.Peer.GetMachineId (out STRING machine_uuid)
3795 On receipt of the <literal>METHOD_CALL</literal> message
3796 <literal>org.freedesktop.DBus.Peer.Ping</literal>, an application should do
3797 nothing other than reply with a <literal>METHOD_RETURN</literal> as
3798 usual. It does not matter which object path a ping is sent to. The
3799 reference implementation handles this method automatically.
3802 On receipt of the <literal>METHOD_CALL</literal> message
3803 <literal>org.freedesktop.DBus.Peer.GetMachineId</literal>, an application should
3804 reply with a <literal>METHOD_RETURN</literal> containing a hex-encoded
3805 UUID representing the identity of the machine the process is running on.
3806 This UUID must be the same for all processes on a single system at least
3807 until that system next reboots. It should be the same across reboots
3808 if possible, but this is not always possible to implement and is not
3810 It does not matter which object path a GetMachineId is sent to. The
3811 reference implementation handles this method automatically.
3814 The UUID is intended to be per-instance-of-the-operating-system, so may represent
3815 a virtual machine running on a hypervisor, rather than a physical machine.
3816 Basically if two processes see the same UUID, they should also see the same
3817 shared memory, UNIX domain sockets, process IDs, and other features that require
3818 a running OS kernel in common between the processes.
3821 The UUID is often used where other programs might use a hostname. Hostnames
3822 can change without rebooting, however, or just be "localhost" - so the UUID
3826 <xref linkend="uuids"/> explains the format of the UUID.
3830 <sect2 id="standard-interfaces-introspectable">
3831 <title><literal>org.freedesktop.DBus.Introspectable</literal></title>
3833 This interface has one method:
3835 org.freedesktop.DBus.Introspectable.Introspect (out STRING xml_data)
3839 Objects instances may implement
3840 <literal>Introspect</literal> which returns an XML description of
3841 the object, including its interfaces (with signals and methods), objects
3842 below it in the object path tree, and its properties.
3845 <xref linkend="introspection-format"/> describes the format of this XML string.
3848 <sect2 id="standard-interfaces-properties">
3849 <title><literal>org.freedesktop.DBus.Properties</literal></title>
3851 Many native APIs will have a concept of object <firstterm>properties</firstterm>
3852 or <firstterm>attributes</firstterm>. These can be exposed via the
3853 <literal>org.freedesktop.DBus.Properties</literal> interface.
3857 org.freedesktop.DBus.Properties.Get (in STRING interface_name,
3858 in STRING property_name,
3860 org.freedesktop.DBus.Properties.Set (in STRING interface_name,
3861 in STRING property_name,
3863 org.freedesktop.DBus.Properties.GetAll (in STRING interface_name,
3864 out DICT<STRING,VARIANT> props);
3868 It is conventional to give D-Bus properties names consisting of
3869 capitalized words without punctuation ("CamelCase"), like
3870 <link linkend="message-protocol-names-member">member names</link>.
3871 For instance, the GObject property
3872 <literal>connection-status</literal> or the Qt property
3873 <literal>connectionStatus</literal> could be represented on D-Bus
3874 as <literal>ConnectionStatus</literal>.
3877 Strictly speaking, D-Bus property names are not required to follow
3878 the same naming restrictions as member names, but D-Bus property
3879 names that would not be valid member names (in particular,
3880 GObject-style dash-separated property names) can cause interoperability
3881 problems and should be avoided.
3884 The available properties and whether they are writable can be determined
3885 by calling <literal>org.freedesktop.DBus.Introspectable.Introspect</literal>,
3886 see <xref linkend="standard-interfaces-introspectable"/>.
3889 An empty string may be provided for the interface name; in this case,
3890 if there are multiple properties on an object with the same name,
3891 the results are undefined (picking one by according to an arbitrary
3892 deterministic rule, or returning an error, are the reasonable
3896 If <literal>org.freedesktop.DBus.Properties.GetAll</literal> is called
3897 with a valid interface name which contains no properties, an empty array
3898 should be returned. If it is called with a valid interface name for
3899 which some properties are not accessible to the caller (for example, due
3900 to per-property access control implemented in the service), those
3901 properties should be silently omitted from the result array.
3902 If <literal>org.freedesktop.DBus.Properties.Get</literal> is called for
3903 any such properties, an appropriate access control error should be
3907 If one or more properties change on an object, the
3908 <literal>org.freedesktop.DBus.Properties.PropertiesChanged</literal>
3909 signal may be emitted (this signal was added in 0.14):
3913 org.freedesktop.DBus.Properties.PropertiesChanged (STRING interface_name,
3914 DICT<STRING,VARIANT> changed_properties,
3915 ARRAY<STRING> invalidated_properties);
3919 where <literal>changed_properties</literal> is a dictionary
3920 containing the changed properties with the new values and
3921 <literal>invalidated_properties</literal> is an array of
3922 properties that changed but the value is not conveyed.
3925 Whether the <literal>PropertiesChanged</literal> signal is
3926 supported can be determined by calling
3927 <literal>org.freedesktop.DBus.Introspectable.Introspect</literal>. Note
3928 that the signal may be supported for an object but it may
3929 differ how whether and how it is used on a per-property basis
3930 (for e.g. performance or security reasons). Each property (or
3931 the parent interface) must be annotated with the
3932 <literal>org.freedesktop.DBus.Property.EmitsChangedSignal</literal>
3933 annotation to convey this (usually the default value
3934 <literal>true</literal> is sufficient meaning that the
3935 annotation does not need to be used). See <xref
3936 linkend="introspection-format"/> for details on this
3941 <sect2 id="standard-interfaces-objectmanager">
3942 <title><literal>org.freedesktop.DBus.ObjectManager</literal></title>
3944 An API can optionally make use of this interface for one or
3945 more sub-trees of objects. The root of each sub-tree implements
3946 this interface so other applications can get all objects,
3947 interfaces and properties in a single method call. It is
3948 appropriate to use this interface if users of the tree of
3949 objects are expected to be interested in all interfaces of all
3950 objects in the tree; a more granular API should be used if
3951 users of the objects are expected to be interested in a small
3952 subset of the objects, a small subset of their interfaces, or
3956 The method that applications can use to get all objects and
3957 properties is <literal>GetManagedObjects</literal>:
3961 org.freedesktop.DBus.ObjectManager.GetManagedObjects (out DICT<OBJPATH,DICT<STRING,DICT<STRING,VARIANT>>> objpath_interfaces_and_properties);
3965 The return value of this method is a dict whose keys are
3966 object paths. All returned object paths are children of the
3967 object path implementing this interface, i.e. their object
3968 paths start with the ObjectManager's object path plus '/'.
3971 Each value is a dict whose keys are interfaces names. Each
3972 value in this inner dict is the same dict that would be
3973 returned by the <link
3974 linkend="standard-interfaces-properties">org.freedesktop.DBus.Properties.GetAll()</link>
3975 method for that combination of object path and interface. If
3976 an interface has no properties, the empty dict is returned.
3979 Changes are emitted using the following two signals:
3983 org.freedesktop.DBus.ObjectManager.InterfacesAdded (OBJPATH object_path,
3984 DICT<STRING,DICT<STRING,VARIANT>> interfaces_and_properties);
3985 org.freedesktop.DBus.ObjectManager.InterfacesRemoved (OBJPATH object_path,
3986 ARRAY<STRING> interfaces);
3990 The <literal>InterfacesAdded</literal> signal is emitted when
3991 either a new object is added or when an existing object gains
3992 one or more interfaces. The
3993 <literal>InterfacesRemoved</literal> signal is emitted
3994 whenever an object is removed or it loses one or more
3995 interfaces. The second parameter of the
3996 <literal>InterfacesAdded</literal> signal contains a dict with
3997 the interfaces and properties (if any) that have been added to
3998 the given object path. Similarly, the second parameter of the
3999 <literal>InterfacesRemoved</literal> signal contains an array
4000 of the interfaces that were removed. Note that changes on
4001 properties on existing interfaces are not reported using this
4002 interface - an application should also monitor the existing <link
4003 linkend="standard-interfaces-properties">PropertiesChanged</link>
4004 signal on each object.
4007 Applications SHOULD NOT export objects that are children of an
4008 object (directly or otherwise) implementing this interface but
4009 which are not returned in the reply from the
4010 <literal>GetManagedObjects()</literal> method of this
4011 interface on the given object.
4014 The intent of the <literal>ObjectManager</literal> interface
4015 is to make it easy to write a robust client
4016 implementation. The trivial client implementation only needs
4017 to make two method calls:
4021 org.freedesktop.DBus.AddMatch (bus_proxy,
4022 "type='signal',name='org.example.App2',path_namespace='/org/example/App2'");
4023 objects = org.freedesktop.DBus.ObjectManager.GetManagedObjects (app_proxy);
4027 on the message bus and the remote application's
4028 <literal>ObjectManager</literal>, respectively. Whenever a new
4029 remote object is created (or an existing object gains a new
4030 interface), the <literal>InterfacesAdded</literal> signal is
4031 emitted, and since this signal contains all properties for the
4032 interfaces, no calls to the
4033 <literal>org.freedesktop.Properties</literal> interface on the
4034 remote object are needed. Additionally, since the initial
4035 <literal>AddMatch()</literal> rule already includes signal
4036 messages from the newly created child object, no new
4037 <literal>AddMatch()</literal> call is needed.
4042 The <literal>org.freedesktop.DBus.ObjectManager</literal>
4043 interface was added in version 0.17 of the D-Bus
4050 <sect1 id="introspection-format">
4051 <title>Introspection Data Format</title>
4053 As described in <xref linkend="standard-interfaces-introspectable"/>,
4054 objects may be introspected at runtime, returning an XML string
4055 that describes the object. The same XML format may be used in
4056 other contexts as well, for example as an "IDL" for generating
4057 static language bindings.
4060 Here is an example of introspection data:
4062 <!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
4063 "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
4064 <node name="/com/example/sample_object0">
4065 <interface name="com.example.SampleInterface0">
4066 <method name="Frobate">
4067 <arg name="foo" type="i" direction="in"/>
4068 <arg name="bar" type="s" direction="out"/>
4069 <arg name="baz" type="a{us}" direction="out"/>
4070 <annotation name="org.freedesktop.DBus.Deprecated" value="true"/>
4072 <method name="Bazify">
4073 <arg name="bar" type="(iiu)" direction="in"/>
4074 <arg name="bar" type="v" direction="out"/>
4076 <method name="Mogrify">
4077 <arg name="bar" type="(iiav)" direction="in"/>
4079 <signal name="Changed">
4080 <arg name="new_value" type="b"/>
4082 <property name="Bar" type="y" access="readwrite"/>
4084 <node name="child_of_sample_object"/>
4085 <node name="another_child_of_sample_object"/>
4090 A more formal DTD and spec needs writing, but here are some quick notes.
4094 Only the root <node> element can omit the node name, as it's
4095 known to be the object that was introspected. If the root
4096 <node> does have a name attribute, it must be an absolute
4097 object path. If child <node> have object paths, they must be
4103 If a child <node> has any sub-elements, then they
4104 must represent a complete introspection of the child.
4105 If a child <node> is empty, then it may or may
4106 not have sub-elements; the child must be introspected
4107 in order to find out. The intent is that if an object
4108 knows that its children are "fast" to introspect
4109 it can go ahead and return their information, but
4110 otherwise it can omit it.
4115 The direction element on <arg> may be omitted,
4116 in which case it defaults to "in" for method calls
4117 and "out" for signals. Signals only allow "out"
4118 so while direction may be specified, it's pointless.
4123 The possible directions are "in" and "out",
4124 unlike CORBA there is no "inout"
4129 The possible property access flags are
4130 "readwrite", "read", and "write"
4135 Multiple interfaces can of course be listed for
4141 The "name" attribute on arguments is optional.
4147 Method, interface, property, signal, and argument elements may have
4148 "annotations", which are generic key/value pairs of metadata.
4149 They are similar conceptually to Java's annotations and C# attributes.
4150 Well-known annotations:
4157 <entry>Values (separated by ,)</entry>
4158 <entry>Description</entry>
4163 <entry>org.freedesktop.DBus.Deprecated</entry>
4164 <entry>true,false</entry>
4165 <entry>Whether or not the entity is deprecated; defaults to false</entry>
4168 <entry>org.freedesktop.DBus.GLib.CSymbol</entry>
4169 <entry>(string)</entry>
4170 <entry>The C symbol; may be used for methods and interfaces</entry>
4173 <entry>org.freedesktop.DBus.Method.NoReply</entry>
4174 <entry>true,false</entry>
4175 <entry>If set, don't expect a reply to the method call; defaults to false.</entry>
4178 <entry>org.freedesktop.DBus.Property.EmitsChangedSignal</entry>
4179 <entry>true,invalidates,const,false</entry>
4182 If set to <literal>false</literal>, the
4183 <literal>org.freedesktop.DBus.Properties.PropertiesChanged</literal>
4185 linkend="standard-interfaces-properties"/> is not
4186 guaranteed to be emitted if the property changes.
4189 If set to <literal>const</literal> the property never
4190 changes value during the lifetime of the object it
4191 belongs to, and hence the signal is never emitted for
4195 If set to <literal>invalidates</literal> the signal
4196 is emitted but the value is not included in the
4200 If set to <literal>true</literal> the signal is
4201 emitted with the value included.
4204 The value for the annotation defaults to
4205 <literal>true</literal> if the enclosing interface
4206 element does not specify the annotation. Otherwise it
4207 defaults to the value specified in the enclosing
4211 This annotation is intended to be used by code
4212 generators to implement client-side caching of
4213 property values. For all properties for which the
4214 annotation is set to <literal>const</literal>,
4215 <literal>invalidates</literal> or
4216 <literal>true</literal> the client may
4217 unconditionally cache the values as the properties
4218 don't change or notifications are generated for them
4227 <sect1 id="message-bus">
4228 <title>Message Bus Specification</title>
4229 <sect2 id="message-bus-overview">
4230 <title>Message Bus Overview</title>
4232 The message bus accepts connections from one or more applications.
4233 Once connected, applications can exchange messages with other
4234 applications that are also connected to the bus.
4237 In order to route messages among connections, the message bus keeps a
4238 mapping from names to connections. Each connection has one
4239 unique-for-the-lifetime-of-the-bus name automatically assigned.
4240 Applications may request additional names for a connection. Additional
4241 names are usually "well-known names" such as
4242 "com.example.TextEditor1". When a name is bound to a connection,
4243 that connection is said to <firstterm>own</firstterm> the name.
4246 The bus itself owns a special name,
4247 <literal>org.freedesktop.DBus</literal>, with an object
4248 located at <literal>/org/freedesktop/DBus</literal> that
4249 implements the <literal>org.freedesktop.DBus</literal>
4250 interface. This service allows applications to make
4251 administrative requests of the bus itself. For example,
4252 applications can ask the bus to assign a name to a connection.
4255 Each name may have <firstterm>queued owners</firstterm>. When an
4256 application requests a name for a connection and the name is already in
4257 use, the bus will optionally add the connection to a queue waiting for
4258 the name. If the current owner of the name disconnects or releases
4259 the name, the next connection in the queue will become the new owner.
4263 This feature causes the right thing to happen if you start two text
4264 editors for example; the first one may request "com.example.TextEditor1",
4265 and the second will be queued as a possible owner of that name. When
4266 the first exits, the second will take over.
4270 Applications may send <firstterm>unicast messages</firstterm> to
4271 a specific recipient or to the message bus itself, or
4272 <firstterm>broadcast messages</firstterm> to all interested recipients.
4273 See <xref linkend="message-bus-routing"/> for details.
4277 <sect2 id="message-bus-names">
4278 <title>Message Bus Names</title>
4280 Each connection has at least one name, assigned at connection time and
4281 returned in response to the
4282 <literal>org.freedesktop.DBus.Hello</literal> method call. This
4283 automatically-assigned name is called the connection's <firstterm>unique
4284 name</firstterm>. Unique names are never reused for two different
4285 connections to the same bus.
4288 Ownership of a unique name is a prerequisite for interaction with
4289 the message bus. It logically follows that the unique name is always
4290 the first name that an application comes to own, and the last
4291 one that it loses ownership of.
4294 Unique connection names must begin with the character ':' (ASCII colon
4295 character); bus names that are not unique names must not begin
4296 with this character. (The bus must reject any attempt by an application
4297 to manually request a name beginning with ':'.) This restriction
4298 categorically prevents "spoofing"; messages sent to a unique name
4299 will always go to the expected connection.
4302 When a connection is closed, all the names that it owns are deleted (or
4303 transferred to the next connection in the queue if any).
4306 A connection can request additional names to be associated with it using
4307 the <literal>org.freedesktop.DBus.RequestName</literal> message. <xref
4308 linkend="message-protocol-names-bus"/> describes the format of a valid
4309 name. These names can be released again using the
4310 <literal>org.freedesktop.DBus.ReleaseName</literal> message.
4314 <sect2 id="message-bus-routing">
4315 <title>Message Bus Message Routing</title>
4318 Messages may have a <literal>DESTINATION</literal> field (see <xref
4319 linkend="message-protocol-header-fields"/>), resulting in a
4320 <firstterm>unicast message</firstterm>. If the
4321 <literal>DESTINATION</literal> field is present, it specifies a message
4322 recipient by name. Method calls and replies normally specify this field.
4323 The message bus must send messages (of any type) with the
4324 <literal>DESTINATION</literal> field set to the specified recipient,
4325 regardless of whether the recipient has set up a match rule matching
4330 When the message bus receives a signal, if the
4331 <literal>DESTINATION</literal> field is absent, it is considered to
4332 be a <firstterm>broadcast signal</firstterm>, and is sent to all
4333 applications with <firstterm>message matching rules</firstterm> that
4334 match the message. Most signal messages are broadcasts, and
4335 no other message types currently defined in this specification
4340 Unicast signal messages (those with a <literal>DESTINATION</literal>
4341 field) are not commonly used, but they are treated like any unicast
4342 message: they are delivered to the specified receipient,
4343 regardless of its match rules. One use for unicast signals is to
4344 avoid a race condition in which a signal is emitted before the intended
4345 recipient can call <xref linkend="bus-messages-add-match"/> to
4346 receive that signal: if the signal is sent directly to that recipient
4347 using a unicast message, it does not need to add a match rule at all,
4348 and there is no race condition. Another use for unicast signals,
4349 on message buses whose security policy prevents eavesdropping, is to
4350 send sensitive information which should only be visible to one
4355 When the message bus receives a method call, if the
4356 <literal>DESTINATION</literal> field is absent, the call is taken to be
4357 a standard one-to-one message and interpreted by the message bus
4358 itself. For example, sending an
4359 <literal>org.freedesktop.DBus.Peer.Ping</literal> message with no
4360 <literal>DESTINATION</literal> will cause the message bus itself to
4361 reply to the ping immediately; the message bus will not make this
4362 message visible to other applications.
4366 Continuing the <literal>org.freedesktop.DBus.Peer.Ping</literal> example, if
4367 the ping message were sent with a <literal>DESTINATION</literal> name of
4368 <literal>com.yoyodyne.Screensaver</literal>, then the ping would be
4369 forwarded, and the Yoyodyne Corporation screensaver application would be
4370 expected to reply to the ping.
4374 Message bus implementations may impose a security policy which
4375 prevents certain messages from being sent or received.
4376 When a method call message cannot be sent or received due to a security
4377 policy, the message bus should send an error reply, unless the
4378 original message had the <literal>NO_REPLY</literal> flag.
4381 <sect3 id="message-bus-routing-eavesdropping">
4382 <title>Eavesdropping</title>
4384 Receiving a unicast message whose <literal>DESTINATION</literal>
4385 indicates a different recipient is called
4386 <firstterm>eavesdropping</firstterm>. On a message bus which acts as
4387 a security boundary (like the standard system bus), the security
4388 policy should usually prevent eavesdropping, since unicast messages
4389 are normally kept private and may contain security-sensitive
4394 Eavesdropping interacts poorly with buses with non-trivial
4395 access control restrictions, and is deprecated. The
4396 <literal>BecomeMonitor</literal> method (see
4397 <xref linkend="bus-messages-become-monitor"/>) provides
4398 a preferable way to monitor buses.
4402 Eavesdropping is mainly useful for debugging tools, such as
4403 the <literal>dbus-monitor</literal> tool in the reference
4404 implementation of D-Bus. Tools which eavesdrop on the message bus
4405 should be careful to avoid sending a reply or error in response to
4406 messages intended for a different client.
4410 Clients may attempt to eavesdrop by adding match rules
4411 (see <xref linkend="message-bus-routing-match-rules"/>) containing
4412 the <literal>eavesdrop='true'</literal> match. For
4413 compatibility with older message bus implementations, if adding such
4414 a match rule results in an error reply, the client may fall back to
4415 adding the same rule with the <literal>eavesdrop</literal> match
4420 <sect3 id="message-bus-routing-match-rules">
4421 <title>Match Rules</title>
4423 An important part of the message bus routing protocol is match
4424 rules. Match rules describe the messages that should be sent to a
4425 client, based on the contents of the message. Broadcast signals
4426 are only sent to clients which have a suitable match rule: this
4427 avoids waking up client processes to deal with signals that are
4428 not relevant to that client.
4431 Messages that list a client as their <literal>DESTINATION</literal>
4432 do not need to match the client's match rules, and are sent to that
4433 client regardless. As a result, match rules are mainly used to
4434 receive a subset of broadcast signals.
4437 Match rules can also be used for eavesdropping
4438 (see <xref linkend="message-bus-routing-eavesdropping"/>),
4439 if the security policy of the message bus allows it, but this
4440 usage is deprecated in favour of the <literal>BecomeMonitor</literal>
4441 method (see <xref linkend="bus-messages-become-monitor"/>).
4444 Match rules are added using the AddMatch bus method
4445 (see <xref linkend="bus-messages-add-match"/>). Rules are
4446 specified as a string of comma separated key/value pairs.
4447 Excluding a key from the rule indicates a wildcard match.
4448 For instance excluding the the member from a match rule but
4449 adding a sender would let all messages from that sender through.
4450 An example of a complete rule would be
4451 "type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='Foo',path='/bar/foo',destination=':452345.34',arg2='bar'"
4454 Within single quotes (ASCII apostrophe, U+0027), a backslash
4455 (U+005C) represents itself, and an apostrophe ends the quoted
4456 section. Outside single quotes, \' (backslash, apostrophe)
4457 represents an apostrophe, and any backslash not followed by
4458 an apostrophe represents itself. For instance, the match rules
4459 <literal>arg0=''\''',arg1='\',arg2=',',arg3='\\'</literal> and
4460 <literal>arg0=\',arg1=\,arg2=',',arg3=\\</literal>
4461 both match messages where the arguments are a 1-character string
4462 containing an apostrophe, a 1-character string containing a
4463 backslash, a 1-character string containing a comma, and a
4464 2-character string containing two backslashes<footnote>
4466 This idiosyncratic quoting style is based on the rules for
4467 escaping items to appear inside single-quoted strings
4468 in POSIX <literal>/bin/sh</literal>, but please
4469 note that backslashes that are not inside single quotes have
4470 different behaviour. This syntax does not offer any way to
4471 represent an apostrophe inside single quotes (it is necessary
4472 to leave the single-quoted section, backslash-escape the
4473 apostrophe and re-enter single quotes), or to represent a
4474 comma outside single quotes (it is necessary to wrap it in
4475 a single-quoted section).
4480 The following table describes the keys that can be used to create
4487 <entry>Possible Values</entry>
4488 <entry>Description</entry>
4493 <entry><literal>type</literal></entry>
4494 <entry>'signal', 'method_call', 'method_return', 'error'</entry>
4495 <entry>Match on the message type. An example of a type match is type='signal'</entry>
4498 <entry><literal>sender</literal></entry>
4499 <entry>A bus or unique name (see <xref linkend="term-bus-name"/>
4500 and <xref linkend="term-unique-name"/> respectively)
4502 <entry>Match messages sent by a particular sender. An example of a sender match
4503 is sender='org.freedesktop.Hal'</entry>
4506 <entry><literal>interface</literal></entry>
4507 <entry>An interface name (see <xref linkend="message-protocol-names-interface"/>)</entry>
4508 <entry>Match messages sent over or to a particular interface. An example of an
4509 interface match is interface='org.freedesktop.Hal.Manager'.
4510 If a message omits the interface header, it must not match any rule
4511 that specifies this key.</entry>
4514 <entry><literal>member</literal></entry>
4515 <entry>Any valid method or signal name</entry>
4516 <entry>Matches messages which have the give method or signal name. An example of
4517 a member match is member='NameOwnerChanged'</entry>
4520 <entry><literal>path</literal></entry>
4521 <entry>An object path (see <xref linkend="message-protocol-marshaling-object-path"/>)</entry>
4522 <entry>Matches messages which are sent from or to the given object. An example of a
4523 path match is path='/org/freedesktop/Hal/Manager'</entry>
4526 <entry><literal>path_namespace</literal></entry>
4527 <entry>An object path</entry>
4530 Matches messages which are sent from or to an
4531 object for which the object path is either the
4532 given value, or that value followed by one or
4533 more path components.
4538 <literal>path_namespace='/com/example/foo'</literal>
4539 would match signals sent by
4540 <literal>/com/example/foo</literal>
4542 <literal>/com/example/foo/bar</literal>,
4544 <literal>/com/example/foobar</literal>.
4548 Using both <literal>path</literal> and
4549 <literal>path_namespace</literal> in the same match
4550 rule is not allowed.
4555 This match key was added in version 0.16 of the
4556 D-Bus specification and implemented by the bus
4557 daemon in dbus 1.5.0 and later.
4563 <entry><literal>destination</literal></entry>
4564 <entry>A unique name (see <xref linkend="term-unique-name"/>)</entry>
4565 <entry>Matches messages which are being sent to the given unique name. An
4566 example of a destination match is destination=':1.0'</entry>
4569 <entry><literal>arg[0, 1, 2, 3, ...]</literal></entry>
4570 <entry>Any string</entry>
4571 <entry>Arg matches are special and are used for further restricting the
4572 match based on the arguments in the body of a message. Only arguments of type
4573 STRING can be matched in this way. An example of an argument match
4574 would be arg3='Foo'. Only argument indexes from 0 to 63 should be
4578 <entry><literal>arg[0, 1, 2, 3, ...]path</literal></entry>
4579 <entry>Any string</entry>
4581 <para>Argument path matches provide a specialised form of wildcard matching for
4582 path-like namespaces. They can match arguments whose type is either STRING or
4583 OBJECT_PATH. As with normal argument matches,
4584 if the argument is exactly equal to the string given in the match
4585 rule then the rule is satisfied. Additionally, there is also a
4586 match when either the string given in the match rule or the
4587 appropriate message argument ends with '/' and is a prefix of the
4588 other. An example argument path match is arg0path='/aa/bb/'. This
4589 would match messages with first arguments of '/', '/aa/',
4590 '/aa/bb/', '/aa/bb/cc/' and '/aa/bb/cc'. It would not match
4591 messages with first arguments of '/aa/b', '/aa' or even '/aa/bb'.</para>
4593 <para>This is intended for monitoring “directories” in file system-like
4594 hierarchies, as used in the <citetitle>dconf</citetitle> configuration
4595 system. An application interested in all nodes in a particular hierarchy would
4596 monitor <literal>arg0path='/ca/example/foo/'</literal>. Then the service could
4597 emit a signal with zeroth argument <literal>"/ca/example/foo/bar"</literal> to
4598 represent a modification to the “bar” property, or a signal with zeroth
4599 argument <literal>"/ca/example/"</literal> to represent atomic modification of
4600 many properties within that directory, and the interested application would be
4601 notified in both cases.</para>
4604 This match key was added in version 0.12 of the
4605 D-Bus specification, implemented for STRING
4606 arguments by the bus daemon in dbus 1.2.0 and later,
4607 and implemented for OBJECT_PATH arguments in dbus 1.5.0
4614 <entry><literal>arg0namespace</literal></entry>
4615 <entry>Like a bus name, except that the string is not
4616 required to contain a '.' (period)</entry>
4618 <para>Match messages whose first argument is of type STRING, and is a bus name
4619 or interface name within the specified namespace. This is primarily intended
4620 for watching name owner changes for a group of related bus names, rather than
4621 for a single name or all name changes.</para>
4623 <para>Because every valid interface name is also a valid
4624 bus name, this can also be used for messages whose
4625 first argument is an interface name.</para>
4627 <para>For example, the match rule
4628 <literal>member='NameOwnerChanged',arg0namespace='com.example.backend1'</literal>
4629 matches name owner changes for bus names such as
4630 <literal>com.example.backend1.foo</literal>,
4631 <literal>com.example.backend1.foo.bar</literal>, and
4632 <literal>com.example.backend1</literal> itself.</para>
4634 <para>See also <xref linkend='bus-messages-name-owner-changed'/>.</para>
4637 This match key was added in version 0.16 of the
4638 D-Bus specification and implemented by the bus
4639 daemon in dbus 1.5.0 and later.
4645 <entry><literal>eavesdrop</literal></entry>
4646 <entry><literal>'true'</literal>, <literal>'false'</literal></entry>
4649 Since D-Bus 1.5.6, match rules do not
4650 match messages which have a <literal>DESTINATION</literal>
4651 field unless the match rule specifically
4653 (see <xref linkend="message-bus-routing-eavesdropping"/>)
4654 by specifying <literal>eavesdrop='true'</literal>
4655 in the match rule. <literal>eavesdrop='false'</literal>
4656 restores the default behaviour. Messages are
4657 delivered to their <literal>DESTINATION</literal>
4658 regardless of match rules, so this match does not
4659 affect normal delivery of unicast messages.
4660 In older versions of D-Bus, this match was not allowed
4661 in match rules, and all match rules behaved as if
4662 <literal>eavesdrop='true'</literal> had been used.
4665 Use of <literal>eavesdrop='true'</literal> is
4666 deprecated. Monitors should prefer to use the
4667 <literal>BecomeMonitor</literal> method (see
4668 <xref linkend="bus-messages-become-monitor"/>),
4669 which was introduced in version 0.26 of the D-Bus
4670 specification and version 1.9.10 of the reference
4674 Message bus implementations may restrict match rules
4675 with <literal>eavesdrop='true'</literal> so that they
4676 can only be added by privileged connections.
4680 This match key was added in version 0.18 of the
4681 D-Bus specification and implemented by the bus
4682 daemon in dbus 1.5.6 and later.
4693 <sect2 id="message-bus-starting-services">
4694 <title>Message Bus Starting Services (Activation)</title>
4696 The message bus can start applications on behalf of other applications.
4697 This is referred to as <firstterm>service activation</firstterm> or
4698 <firstterm>activation</firstterm>.
4699 An application that can be started in this way is called a
4700 <firstterm>service</firstterm> or an
4701 <firstterm>activatable service</firstterm>.
4705 <firstterm>Starting a service</firstterm> should be read as synonymous
4706 with service activation.
4710 In D-Bus, service activation is normally done by
4711 <firstterm>auto-starting</firstterm>.
4712 In auto-starting, applications send a
4713 message to a particular well-known name, such as
4714 <literal>com.example.TextEditor1</literal>, without specifying the
4715 <literal>NO_AUTO_START</literal> flag in the message header.
4716 If no application on the bus owns the requested name, but the bus
4717 daemon does know how to start an activatable service for that name,
4718 then the bus daemon will start that service, wait for it to request
4719 that name, and deliver the message to it.
4723 It is also possible for applications to send an explicit request to
4724 start a service: this is another form of activation, distinct from
4726 <xref linkend="bus-messages-start-service-by-name"/> for details.
4730 In either case, this implies a contract documented along with the name
4731 <literal>com.example.TextEditor1</literal> for which object
4732 the owner of that name will provide, and what interfaces those
4737 To find an executable corresponding to a particular name, the bus daemon
4738 looks for <firstterm>service description files</firstterm>. Service
4739 description files define a mapping from names to executables. Different
4740 kinds of message bus will look for these files in different places, see
4741 <xref linkend="message-bus-types"/>.
4744 Service description files have the ".service" file
4745 extension. The message bus will only load service description files
4746 ending with .service; all other files will be ignored. The file format
4747 is similar to that of <ulink
4748 url="http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html">desktop
4749 entries</ulink>. All service description files must be in UTF-8
4750 encoding. To ensure that there will be no name collisions, service files
4751 must be namespaced using the same mechanism as messages and service
4756 On the well-known system bus, the name of a service description file
4757 must be its well-known name plus <literal>.service</literal>,
4759 <literal>com.example.ConfigurationDatabase1.service</literal>.
4763 On the well-known session bus, services should follow the same
4764 service description file naming convention as on the system bus,
4765 but for backwards compatibility they are not required to do so.
4769 [FIXME the file format should be much better specified than "similar to
4770 .desktop entries" esp. since desktop entries are already
4771 badly-specified. ;-)]
4772 These sections from the specification apply to service files as well:
4775 <listitem><para>General syntax</para></listitem>
4776 <listitem><para>Comment format</para></listitem>
4779 Service description files must contain a
4780 <literal>D-BUS Service</literal> group with at least the keys
4781 <literal>Name</literal> (the well-known name of the service)
4782 and <literal>Exec</literal> (the command to be executed).
4785 <title>Example service description file</title>
4787 # Sample service description file
4789 Name=com.example.ConfigurationDatabase1
4790 Exec=/usr/bin/sample-configd
4796 Additionally, service description files for the well-known system
4797 bus on Unix must contain a <literal>User</literal> key, whose value
4798 is the name of a user account (e.g. <literal>root</literal>).
4799 The system service will be run as that user.
4803 When an application asks to start a service by name, the bus daemon tries to
4804 find a service that will own that name. It then tries to spawn the
4805 executable associated with it. If this fails, it will report an
4810 On the well-known system bus, it is not possible for two .service files
4811 in the same directory to offer the same service, because they are
4812 constrained to have names that match the service name.
4816 On the well-known session bus, if two .service files in the same
4817 directory offer the same service name, the result is undefined.
4818 Distributors should avoid this situation, for instance by naming
4819 session services' .service files according to their service name.
4823 If two .service files in different directories offer the same
4824 service name, the one in the higher-priority directory is used:
4825 for instance, on the system bus, .service files in
4826 /usr/local/share/dbus-1/system-services take precedence over those
4827 in /usr/share/dbus-1/system-services.
4830 The executable launched will have the environment variable
4831 <literal>DBUS_STARTER_ADDRESS</literal> set to the address of the
4832 message bus so it can connect and request the appropriate names.
4835 The executable being launched may want to know whether the message bus
4836 starting it is one of the well-known message buses (see <xref
4837 linkend="message-bus-types"/>). To facilitate this, the bus must also set
4838 the <literal>DBUS_STARTER_BUS_TYPE</literal> environment variable if it is one
4839 of the well-known buses. The currently-defined values for this variable
4840 are <literal>system</literal> for the systemwide message bus,
4841 and <literal>session</literal> for the per-login-session message
4842 bus. The new executable must still connect to the address given
4843 in <literal>DBUS_STARTER_ADDRESS</literal>, but may assume that the
4844 resulting connection is to the well-known bus.
4847 [FIXME there should be a timeout somewhere, either specified
4848 in the .service file, by the client, or just a global value
4849 and if the client being activated fails to connect within that
4850 timeout, an error should be sent back.]
4853 <sect3 id="message-bus-starting-services-scope">
4854 <title>Message Bus Service Scope</title>
4856 The "scope" of a service is its "per-", such as per-session,
4857 per-machine, per-home-directory, or per-display. The reference
4858 implementation doesn't yet support starting services in a different
4859 scope from the message bus itself. So e.g. if you start a service
4860 on the session bus its scope is per-session.
4863 We could add an optional scope to a bus name. For example, for
4864 per-(display,session pair), we could have a unique ID for each display
4865 generated automatically at login and set on screen 0 by executing a
4866 special "set display ID" binary. The ID would be stored in a
4867 <literal>_DBUS_DISPLAY_ID</literal> property and would be a string of
4868 random bytes. This ID would then be used to scope names.
4869 Starting/locating a service could be done by ID-name pair rather than
4873 Contrast this with a per-display scope. To achieve that, we would
4874 want a single bus spanning all sessions using a given display.
4875 So we might set a <literal>_DBUS_DISPLAY_BUS_ADDRESS</literal>
4876 property on screen 0 of the display, pointing to this bus.
4880 <sect3 id="message-bus-starting-services-systemd">
4881 <title>systemd Activation</title>
4884 Service description files may contain a
4885 <literal>SystemdService</literal> key. Its value is the name of a
4887 url="https://www.freedesktop.org/wiki/Software/systemd/">systemd</ulink>
4888 service, for example
4889 <literal>dbus-com.example.MyDaemon.service</literal>.
4893 If this key is present, the bus daemon may carry out activation for
4894 this D-Bus service by sending a request to systemd asking it to
4895 start the systemd service whose name is the value of
4896 <literal>SystemdService</literal>. For example, the reference
4897 <literal>dbus-daemon</literal> has a
4898 <literal>--systemd-activation</literal> option that enables this
4899 feature, and that option is given when it is started by systemd.
4903 On the well-known system bus, it is a common practice to set
4904 <literal>SystemdService</literal> to <literal>dbus-</literal>,
4905 followed by the well-known bus name, followed by
4906 <literal>.service</literal>, then register that name as an alias
4907 for the real systemd service. This allows D-Bus activation of a
4908 service to be enabled or disabled independently of whether the
4909 service is started by systemd during boot.
4913 <sect3 id="message-bus-starting-services-apparmor">
4914 <title>Mediating Activation with AppArmor</title>
4918 <ulink url="http://wiki.apparmor.net/index.php/Documentation">AppArmor documentation</ulink>
4919 for general information on AppArmor, and how it mediates D-Bus
4920 messages when used in conjunction with a kernel and
4921 <literal>dbus-daemon</literal> that support this.
4925 In recent versions of the reference <literal>dbus-daemon</literal>,
4926 AppArmor policy rules of type <literal>dbus send</literal>
4927 are also used to control auto-starting: if a message is sent to
4928 the well-known name of an activatable service, the
4929 <literal>dbus-daemon</literal> will attempt to determine whether
4930 it would deliver the message to that service
4931 <emphasis>before</emphasis>auto-starting it, by making some
4932 assumptions about the resulting process's credentials.
4936 If it does proceed with auto-starting, when the service appears, the
4937 <literal>dbus-daemon</literal> repeats the policy check (with
4938 the service's true credentials, which might not be identical)
4939 before delivering the message. In practice, this second check will
4940 usually be more strict than the first; the first check would only
4941 be more strict if there are "blacklist"-style rules like
4942 <literal>deny dbus send peer=(label=/usr/bin/protected)</literal>
4943 that match on the peer's specific credentials, but AppArmor is
4944 normally used in a "whitelist" style where this does not apply.
4948 To support this process, service description files may contain a
4949 <literal>AssumedAppArmorLabel</literal> key. Its value is the name
4950 of an AppArmor label, for example
4951 <literal>/usr/sbin/mydaemon</literal>.
4952 If present, AppArmor mediation of messages that auto-start a
4953 service will decide whether to allow auto-starting to occur based
4954 on the assumption that the activated service will be confined
4955 under the specified label; in particular, rules of the form
4956 <literal>dbus send peer=(label=/usr/sbin/mydaemon)</literal> or
4957 <literal>deny dbus send peer=(label=/usr/sbin/mydaemon)</literal>
4958 will match it, allowing or denying as appropriate
4959 (even if there is in fact no profile of that name loaded).
4963 Otherwise, AppArmor mediation of messages that auto-start a
4964 service will decide whether to allow auto-starting to occur
4965 without specifying any particular label. In particular, any rule of
4966 the form <literal>dbus send peer=(label=X)</literal> or
4967 <literal>deny dbus send peer=(label=X)</literal>
4968 (for any value of X, including the special label
4969 <literal>unconfined</literal>) will not influence whether the
4970 auto-start is allowed.
4974 Rules of type <literal>dbus receive</literal> are not checked
4975 when deciding whether to allow auto-starting; they are only checked
4976 against the service's profile after the service has started, when
4977 deciding whether to deliver the message that caused the auto-starting
4982 Explicit activation via
4983 <xref linkend="bus-messages-start-service-by-name"/> is not currently
4984 affected by this mediation: if a confined process is to be prevented
4985 from starting arbitrary services, then it must not be allowed to call
4991 <sect2 id="message-bus-types">
4992 <title>Well-known Message Bus Instances</title>
4994 Two standard message bus instances are defined here, along with how
4995 to locate them and where their service files live.
4997 <sect3 id="message-bus-types-login">
4998 <title>Login session message bus</title>
5000 Each time a user logs in, a <firstterm>login session message
5001 bus</firstterm> may be started. All applications in the user's login
5002 session may interact with one another using this message bus.
5005 The address of the login session message bus is given
5006 in the <literal>DBUS_SESSION_BUS_ADDRESS</literal> environment
5007 variable. If that variable is not set, applications may
5008 also try to read the address from the X Window System root
5009 window property <literal>_DBUS_SESSION_BUS_ADDRESS</literal>.
5010 The root window property must have type <literal>STRING</literal>.
5011 The environment variable should have precedence over the
5012 root window property.
5014 <para>The address of the login session message bus is given in the
5015 <literal>DBUS_SESSION_BUS_ADDRESS</literal> environment variable. If
5016 DBUS_SESSION_BUS_ADDRESS is not set, or if it's set to the string
5017 "autolaunch:", the system should use platform-specific methods of
5018 locating a running D-Bus session server, or starting one if a running
5019 instance cannot be found. Note that this mechanism is not recommended
5020 for attempting to determine if a daemon is running. It is inherently
5021 racy to attempt to make this determination, since the bus daemon may
5022 be started just before or just after the determination is made.
5023 Therefore, it is recommended that applications do not try to make this
5024 determination for their functionality purposes, and instead they
5025 should attempt to start the server.</para>
5027 <sect4 id="message-bus-types-login-x-windows">
5028 <title>X Windowing System</title>
5030 For the X Windowing System, the application must locate the
5031 window owner of the selection represented by the atom formed by
5035 <para>the literal string "_DBUS_SESSION_BUS_SELECTION_"</para>
5039 <para>the current user's username</para>
5043 <para>the literal character '_' (underscore)</para>
5047 <para>the machine's ID</para>
5053 The following properties are defined for the window that owns
5055 <informaltable frame="all">
5064 <para>meaning</para>
5070 <para>_DBUS_SESSION_BUS_ADDRESS</para>
5074 <para>the actual address of the server socket</para>
5080 <para>_DBUS_SESSION_BUS_PID</para>
5084 <para>the PID of the server process</para>
5093 At least the _DBUS_SESSION_BUS_ADDRESS property MUST be
5094 present in this window.
5098 If the X selection cannot be located or if reading the
5099 properties from the window fails, the implementation MUST conclude
5100 that there is no D-Bus server running and proceed to start a new
5101 server. (See below on concurrency issues)
5105 Failure to connect to the D-Bus server address thus obtained
5106 MUST be treated as a fatal connection error and should be reported
5111 As an alternative, an implementation MAY find the information
5112 in the following file located in the current user's home directory,
5113 in subdirectory .dbus/session-bus/:
5116 <para>the machine's ID</para>
5120 <para>the literal character '-' (dash)</para>
5124 <para>the X display without the screen number, with the
5125 following prefixes removed, if present: ":", "localhost:"
5126 ."localhost.localdomain:". That is, a display of
5127 "localhost:10.0" produces just the number "10"</para>
5133 The contents of this file NAME=value assignment pairs and
5134 lines starting with # are comments (no comments are allowed
5135 otherwise). The following variable names are defined:
5142 <para>Variable</para>
5146 <para>meaning</para>
5152 <para>DBUS_SESSION_BUS_ADDRESS</para>
5156 <para>the actual address of the server socket</para>
5162 <para>DBUS_SESSION_BUS_PID</para>
5166 <para>the PID of the server process</para>
5172 <para>DBUS_SESSION_BUS_WINDOWID</para>
5176 <para>the window ID</para>
5185 At least the DBUS_SESSION_BUS_ADDRESS variable MUST be present
5190 Failure to open this file MUST be interpreted as absence of a
5191 running server. Therefore, the implementation MUST proceed to
5192 attempting to launch a new bus server if the file cannot be
5197 However, success in opening this file MUST NOT lead to the
5198 conclusion that the server is running. Thus, a failure to connect to
5199 the bus address obtained by the alternative method MUST NOT be
5200 considered a fatal error. If the connection cannot be established,
5201 the implementation MUST proceed to check the X selection settings or
5202 to start the server on its own.
5206 If the implementation concludes that the D-Bus server is not
5207 running it MUST attempt to start a new server and it MUST also
5208 ensure that the daemon started as an effect of the "autolaunch"
5209 mechanism provides the lookup mechanisms described above, so
5210 subsequent calls can locate the newly started server. The
5211 implementation MUST also ensure that if two or more concurrent
5212 initiations happen, only one server remains running and all other
5213 initiations are able to obtain the address of this server and
5214 connect to it. In other words, the implementation MUST ensure that
5215 the X selection is not present when it attempts to set it, without
5216 allowing another process to set the selection between the
5217 verification and the setting (e.g., by using XGrabServer /
5222 <title>Finding session services</title>
5224 On Unix systems, the session bus should search for .service files
5225 in <literal>$XDG_DATA_DIRS/dbus-1/services</literal> as defined
5227 <ulink url="http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG Base Directory Specification</ulink>.
5228 Implementations may also search additional locations,
5229 with a higher or lower priority than the XDG directories.
5232 As described in the XDG Base Directory Specification, software
5233 packages should install their session .service files to their
5234 configured <literal>${datadir}/dbus-1/services</literal>,
5235 where <literal>${datadir}</literal> is as defined by the GNU
5236 coding standards. System administrators or users can arrange
5237 for these service files to be read by setting XDG_DATA_DIRS or by
5238 symlinking them into the default locations.
5242 <sect3 id="message-bus-types-system">
5243 <title>System message bus</title>
5245 A computer may have a <firstterm>system message bus</firstterm>,
5246 accessible to all applications on the system. This message bus may be
5247 used to broadcast system events, such as adding new hardware devices,
5248 changes in the printer queue, and so forth.
5251 The address of the system message bus is given
5252 in the <literal>DBUS_SYSTEM_BUS_ADDRESS</literal> environment
5253 variable. If that variable is not set, applications should try
5254 to connect to the well-known address
5255 <literal>unix:path=/var/run/dbus/system_bus_socket</literal>.
5258 The D-Bus reference implementation actually honors the
5259 <literal>$(localstatedir)</literal> configure option
5260 for this address, on both client and server side.
5265 On Unix systems, the system bus should default to searching
5266 for .service files in
5267 <literal>/usr/local/share/dbus-1/system-services</literal>,
5268 <literal>/usr/share/dbus-1/system-services</literal> and
5269 <literal>/lib/dbus-1/system-services</literal>, with that order
5270 of precedence. It may also search other implementation-specific
5271 locations, but should not vary these locations based on environment
5275 The system bus is security-sensitive and is typically executed
5276 by an init system with a clean environment. Its launch helper
5277 process is particularly security-sensitive, and specifically
5278 clears its own environment.
5283 Software packages should install their system .service
5284 files to their configured
5285 <literal>${datadir}/dbus-1/system-services</literal>,
5286 where <literal>${datadir}</literal> is as defined by the GNU
5287 coding standards. System administrators can arrange
5288 for these service files to be read by editing the system bus'
5289 configuration file or by symlinking them into the default
5295 <sect2 id="message-bus-messages">
5296 <title>Message Bus Messages</title>
5298 The special message bus name <literal>org.freedesktop.DBus</literal>
5299 responds to a number of additional messages at the object path
5300 <literal>/org/freedesktop/DBus</literal>.
5301 That object path is also used when emitting the
5302 <xref linkend='bus-messages-name-owner-changed'/> signal.
5306 For historical reasons, some of the methods in the
5307 <literal>org.freedesktop.DBus</literal> interface are available
5308 on multiple object paths. Message bus implementations should
5309 accept method calls that were added before specification version
5310 0.26 on any object path. Message bus implementations should
5311 not accept newer method calls on unexpected object paths,
5312 and as a security hardening measure, older method calls
5313 that are security-sensitive may be rejected with the error
5314 <literal>org.freedesktop.DBus.Error.AccessDenied</literal> when
5315 called on an unexpected object path. Client software should send
5316 all method calls to <literal>/org/freedesktop/DBus</literal>
5317 instead of relying on this.
5321 In addition to the method calls listed below, the message bus
5322 should implement the standard Introspectable, Properties and Peer
5323 interfaces (see <xref linkend="standard-interfaces"/>).
5324 Support for the Properties and Peer interfaces was added in version
5325 1.11.x of the reference implementation of the message bus.
5328 <sect3 id="bus-messages-hello">
5329 <title><literal>org.freedesktop.DBus.Hello</literal></title>
5340 <entry>Argument</entry>
5342 <entry>Description</entry>
5348 <entry>STRING</entry>
5349 <entry>Unique name assigned to the connection</entry>
5356 Before an application is able to send messages to other applications
5357 it must send the <literal>org.freedesktop.DBus.Hello</literal> message
5358 to the message bus to obtain a unique name. If an application without
5359 a unique name tries to send a message to another application, or a
5360 message to the message bus itself that isn't the
5361 <literal>org.freedesktop.DBus.Hello</literal> message, it will be
5362 disconnected from the bus.
5365 There is no corresponding "disconnect" request; if a client wishes to
5366 disconnect from the bus, it simply closes the socket (or other
5367 communication channel).
5371 <sect3 id="bus-messages-request-name">
5372 <title><literal>org.freedesktop.DBus.RequestName</literal></title>
5376 UINT32 RequestName (in STRING name, in UINT32 flags)
5383 <entry>Argument</entry>
5385 <entry>Description</entry>
5391 <entry>STRING</entry>
5392 <entry>Name to request</entry>
5396 <entry>UINT32</entry>
5397 <entry>Flags</entry>
5407 <entry>Argument</entry>
5409 <entry>Description</entry>
5415 <entry>UINT32</entry>
5416 <entry>Return value</entry>
5423 Ask the message bus to assign the given name to the method caller. Each
5424 name maintains a queue of possible owners, where the head of the queue is
5425 the primary or current owner of the name. Each potential owner in the
5426 queue maintains the DBUS_NAME_FLAG_ALLOW_REPLACEMENT and
5427 DBUS_NAME_FLAG_DO_NOT_QUEUE settings from its latest RequestName call.
5428 When RequestName is invoked the following occurs:
5432 If the method caller is currently the primary owner of the name,
5433 the DBUS_NAME_FLAG_ALLOW_REPLACEMENT and DBUS_NAME_FLAG_DO_NOT_QUEUE
5434 values are updated with the values from the new RequestName call,
5435 and nothing further happens.
5441 If the current primary owner (head of the queue) has
5442 DBUS_NAME_FLAG_ALLOW_REPLACEMENT set, and the RequestName
5443 invocation has the DBUS_NAME_FLAG_REPLACE_EXISTING flag, then
5444 the caller of RequestName replaces the current primary owner at
5445 the head of the queue and the current primary owner moves to the
5446 second position in the queue. If the caller of RequestName was
5447 in the queue previously its flags are updated with the values from
5448 the new RequestName in addition to moving it to the head of the queue.
5454 If replacement is not possible, and the method caller is
5455 currently in the queue but not the primary owner, its flags are
5456 updated with the values from the new RequestName call.
5462 If replacement is not possible, and the method caller is
5463 currently not in the queue, the method caller is appended to the
5470 If any connection in the queue has DBUS_NAME_FLAG_DO_NOT_QUEUE
5471 set and is not the primary owner, it is removed from the
5472 queue. This can apply to the previous primary owner (if it
5473 was replaced) or the method caller (if it updated the
5474 DBUS_NAME_FLAG_DO_NOT_QUEUE flag while still stuck in the
5475 queue, or if it was just added to the queue with that flag set).
5481 Note that DBUS_NAME_FLAG_REPLACE_EXISTING results in "jumping the
5482 queue," even if another application already in the queue had specified
5483 DBUS_NAME_FLAG_REPLACE_EXISTING. This comes up if a primary owner
5484 that does not allow replacement goes away, and the next primary owner
5485 does allow replacement. In this case, queued items that specified
5486 DBUS_NAME_FLAG_REPLACE_EXISTING <emphasis>do not</emphasis>
5487 automatically replace the new primary owner. In other words,
5488 DBUS_NAME_FLAG_REPLACE_EXISTING is not saved, it is only used at the
5489 time RequestName is called. This is deliberate to avoid an infinite loop
5490 anytime two applications are both DBUS_NAME_FLAG_ALLOW_REPLACEMENT
5491 and DBUS_NAME_FLAG_REPLACE_EXISTING.
5494 The flags argument contains any of the following values logically ORed
5501 <entry>Conventional Name</entry>
5502 <entry>Value</entry>
5503 <entry>Description</entry>
5508 <entry>DBUS_NAME_FLAG_ALLOW_REPLACEMENT</entry>
5512 If an application A specifies this flag and succeeds in
5513 becoming the owner of the name, and another application B
5514 later calls RequestName with the
5515 DBUS_NAME_FLAG_REPLACE_EXISTING flag, then application A
5516 will lose ownership and receive a
5517 <literal>org.freedesktop.DBus.NameLost</literal> signal, and
5518 application B will become the new owner. If DBUS_NAME_FLAG_ALLOW_REPLACEMENT
5519 is not specified by application A, or DBUS_NAME_FLAG_REPLACE_EXISTING
5520 is not specified by application B, then application B will not replace
5521 application A as the owner.
5526 <entry>DBUS_NAME_FLAG_REPLACE_EXISTING</entry>
5530 Try to replace the current owner if there is one. If this
5531 flag is not set the application will only become the owner of
5532 the name if there is no current owner. If this flag is set,
5533 the application will replace the current owner if
5534 the current owner specified DBUS_NAME_FLAG_ALLOW_REPLACEMENT.
5539 <entry>DBUS_NAME_FLAG_DO_NOT_QUEUE</entry>
5543 Without this flag, if an application requests a name that is
5544 already owned, the application will be placed in a queue to
5545 own the name when the current owner gives it up. If this
5546 flag is given, the application will not be placed in the
5547 queue, the request for the name will simply fail. This flag
5548 also affects behavior when an application is replaced as
5549 name owner; by default the application moves back into the
5550 waiting queue, unless this flag was provided when the application
5551 became the name owner.
5559 The return code can be one of the following values:
5565 <entry>Conventional Name</entry>
5566 <entry>Value</entry>
5567 <entry>Description</entry>
5572 <entry>DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER</entry>
5573 <entry>1</entry> <entry>The caller is now the primary owner of
5574 the name, replacing any previous owner. Either the name had no
5575 owner before, or the caller specified
5576 DBUS_NAME_FLAG_REPLACE_EXISTING and the current owner specified
5577 DBUS_NAME_FLAG_ALLOW_REPLACEMENT.</entry>
5580 <entry>DBUS_REQUEST_NAME_REPLY_IN_QUEUE</entry>
5583 <entry>The name already had an owner,
5584 DBUS_NAME_FLAG_DO_NOT_QUEUE was not specified, and either
5585 the current owner did not specify
5586 DBUS_NAME_FLAG_ALLOW_REPLACEMENT or the requesting
5587 application did not specify DBUS_NAME_FLAG_REPLACE_EXISTING.
5591 <entry>DBUS_REQUEST_NAME_REPLY_EXISTS</entry> <entry>3</entry>
5592 <entry>The name already has an owner,
5593 DBUS_NAME_FLAG_DO_NOT_QUEUE was specified, and either
5594 DBUS_NAME_FLAG_ALLOW_REPLACEMENT was not specified by the
5595 current owner, or DBUS_NAME_FLAG_REPLACE_EXISTING was not
5596 specified by the requesting application.</entry>
5599 <entry>DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER</entry>
5601 <entry>The application trying to request ownership of a name is already the owner of it.</entry>
5609 <sect3 id="bus-messages-release-name">
5610 <title><literal>org.freedesktop.DBus.ReleaseName</literal></title>
5614 UINT32 ReleaseName (in STRING name)
5621 <entry>Argument</entry>
5623 <entry>Description</entry>
5629 <entry>STRING</entry>
5630 <entry>Name to release</entry>
5640 <entry>Argument</entry>
5642 <entry>Description</entry>
5648 <entry>UINT32</entry>
5649 <entry>Return value</entry>
5656 Ask the message bus to release the method caller's claim to the given
5657 name. If the caller is the primary owner, a new primary owner will be
5658 selected from the queue if any other owners are waiting. If the
5659 caller is waiting in the queue for the name, the caller will removed
5660 from the queue and will not be made an owner of the name if it later
5661 becomes available. If there are no other owners in the queue for the
5662 name, it will be removed from the bus entirely.
5664 The return code can be one of the following values:
5670 <entry>Conventional Name</entry>
5671 <entry>Value</entry>
5672 <entry>Description</entry>
5677 <entry>DBUS_RELEASE_NAME_REPLY_RELEASED</entry>
5678 <entry>1</entry> <entry>The caller has released his claim on
5679 the given name. Either the caller was the primary owner of
5680 the name, and the name is now unused or taken by somebody
5681 waiting in the queue for the name, or the caller was waiting
5682 in the queue for the name and has now been removed from the
5686 <entry>DBUS_RELEASE_NAME_REPLY_NON_EXISTENT</entry>
5688 <entry>The given name does not exist on this bus.</entry>
5691 <entry>DBUS_RELEASE_NAME_REPLY_NOT_OWNER</entry>
5693 <entry>The caller was not the primary owner of this name,
5694 and was also not waiting in the queue to own this name.</entry>
5702 <sect3 id="bus-messages-list-queued-owners">
5703 <title><literal>org.freedesktop.DBus.ListQueuedOwners</literal></title>
5707 ARRAY of STRING ListQueuedOwners (in STRING name)
5714 <entry>Argument</entry>
5716 <entry>Description</entry>
5722 <entry>STRING</entry>
5723 <entry>The well-known bus name to query, such as
5724 <literal>com.example.cappuccino</literal></entry>
5734 <entry>Argument</entry>
5736 <entry>Description</entry>
5742 <entry>ARRAY of STRING</entry>
5743 <entry>The unique bus names of connections currently queued
5744 for the name</entry>
5751 List the connections currently queued for a bus name (see
5752 <xref linkend="term-queued-owner"/>).
5756 <sect3 id="bus-messages-list-names">
5757 <title><literal>org.freedesktop.DBus.ListNames</literal></title>
5761 ARRAY of STRING ListNames ()
5768 <entry>Argument</entry>
5770 <entry>Description</entry>
5776 <entry>ARRAY of STRING</entry>
5777 <entry>Array of strings where each string is a bus name</entry>
5784 Returns a list of all currently-owned names on the bus.
5787 <sect3 id="bus-messages-list-activatable-names">
5788 <title><literal>org.freedesktop.DBus.ListActivatableNames</literal></title>
5792 ARRAY of STRING ListActivatableNames ()
5799 <entry>Argument</entry>
5801 <entry>Description</entry>
5807 <entry>ARRAY of STRING</entry>
5808 <entry>Array of strings where each string is a bus name</entry>
5815 Returns a list of all names that can be activated on the bus.
5818 <sect3 id="bus-messages-name-exists">
5819 <title><literal>org.freedesktop.DBus.NameHasOwner</literal></title>
5823 BOOLEAN NameHasOwner (in STRING name)
5830 <entry>Argument</entry>
5832 <entry>Description</entry>
5838 <entry>STRING</entry>
5839 <entry>Name to check</entry>
5849 <entry>Argument</entry>
5851 <entry>Description</entry>
5857 <entry>BOOLEAN</entry>
5858 <entry>Return value, true if the name exists</entry>
5865 Checks if the specified name exists (currently has an owner).
5869 <sect3 id="bus-messages-name-owner-changed">
5870 <title><literal>org.freedesktop.DBus.NameOwnerChanged</literal></title>
5874 NameOwnerChanged (STRING name, STRING old_owner, STRING new_owner)
5881 <entry>Argument</entry>
5883 <entry>Description</entry>
5889 <entry>STRING</entry>
5890 <entry>Name with a new owner</entry>
5894 <entry>STRING</entry>
5895 <entry>Old owner or empty string if none</entry>
5899 <entry>STRING</entry>
5900 <entry>New owner or empty string if none</entry>
5907 This signal indicates that the owner of a name has changed.
5908 It's also the signal to use to detect the appearance of
5909 new names on the bus.
5912 <sect3 id="bus-messages-name-lost">
5913 <title><literal>org.freedesktop.DBus.NameLost</literal></title>
5917 NameLost (STRING name)
5924 <entry>Argument</entry>
5926 <entry>Description</entry>
5932 <entry>STRING</entry>
5933 <entry>Name which was lost</entry>
5940 This signal is sent to a specific application when it loses
5941 ownership of a name.
5945 <sect3 id="bus-messages-name-acquired">
5946 <title><literal>org.freedesktop.DBus.NameAcquired</literal></title>
5950 NameAcquired (STRING name)
5957 <entry>Argument</entry>
5959 <entry>Description</entry>
5965 <entry>STRING</entry>
5966 <entry>Name which was acquired</entry>
5973 This signal is sent to a specific application when it gains
5974 ownership of a name.
5978 <sect3 id="bus-messages-start-service-by-name">
5979 <title><literal>org.freedesktop.DBus.StartServiceByName</literal></title>
5983 UINT32 StartServiceByName (in STRING name, in UINT32 flags)
5990 <entry>Argument</entry>
5992 <entry>Description</entry>
5998 <entry>STRING</entry>
5999 <entry>Name of the service to start</entry>
6003 <entry>UINT32</entry>
6004 <entry>Flags (currently not used)</entry>
6014 <entry>Argument</entry>
6016 <entry>Description</entry>
6022 <entry>UINT32</entry>
6023 <entry>Return value</entry>
6028 Tries to launch the executable associated with a name (service
6029 activation), as an explicit request. This is an alternative to
6030 relying on auto-starting. For more information on how services
6031 are activated and the difference between auto-starting and explicit
6033 <xref linkend="message-bus-starting-services"/>.
6036 It is often preferable to carry out auto-starting
6037 instead of calling this method. This is because calling this method
6039 <ulink url="https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use">time-of-check/time-of-use</ulink>
6040 issue: if a caller asks the message bus to start a service so that
6041 the same caller can make follow-up method calls to that service,
6042 the fact that the message bus was able to start the required
6043 service is no guarantee that it will not have crashed or otherwise
6044 exited by the time the caller makes those follow-up method calls.
6045 As a result, calling this method does not remove the need for
6046 the caller to handle errors from method calls. Given that fact,
6047 it is usually simpler to rely on auto-starting, in which the
6048 required service starts as a side-effect of the first method call.
6051 The return value can be one of the following values:
6056 <entry>Identifier</entry>
6057 <entry>Value</entry>
6058 <entry>Description</entry>
6063 <entry>DBUS_START_REPLY_SUCCESS</entry>
6065 <entry>The service was successfully started.</entry>
6068 <entry>DBUS_START_REPLY_ALREADY_RUNNING</entry>
6070 <entry>A connection already owns the given name.</entry>
6079 <sect3 id="bus-messages-update-activation-environment">
6080 <title><literal>org.freedesktop.DBus.UpdateActivationEnvironment</literal></title>
6084 UpdateActivationEnvironment (in ARRAY of DICT<STRING,STRING> environment)
6091 <entry>Argument</entry>
6093 <entry>Description</entry>
6099 <entry>ARRAY of DICT<STRING,STRING></entry>
6100 <entry>Environment to add or update</entry>
6105 Normally, session bus activated services inherit the environment of the bus daemon. This method adds to or modifies that environment when activating services.
6108 Some bus instances, such as the standard system bus, may disable access to this method for some or all callers.
6111 Note, both the environment variable names and values must be valid UTF-8. There's no way to update the activation environment with data that is invalid UTF-8.
6116 <sect3 id="bus-messages-get-name-owner">
6117 <title><literal>org.freedesktop.DBus.GetNameOwner</literal></title>
6121 STRING GetNameOwner (in STRING name)
6128 <entry>Argument</entry>
6130 <entry>Description</entry>
6136 <entry>STRING</entry>
6137 <entry>Name to get the owner of</entry>
6147 <entry>Argument</entry>
6149 <entry>Description</entry>
6155 <entry>STRING</entry>
6156 <entry>Return value, a unique connection name</entry>
6161 Returns the unique connection name of the primary owner of the name
6162 given. If the requested name doesn't have an owner, returns a
6163 <literal>org.freedesktop.DBus.Error.NameHasNoOwner</literal> error.
6167 <sect3 id="bus-messages-get-connection-unix-user">
6168 <title><literal>org.freedesktop.DBus.GetConnectionUnixUser</literal></title>
6172 UINT32 GetConnectionUnixUser (in STRING bus_name)
6179 <entry>Argument</entry>
6181 <entry>Description</entry>
6187 <entry>STRING</entry>
6188 <entry>Unique or well-known bus name of the connection to
6189 query, such as <literal>:12.34</literal> or
6190 <literal>com.example.tea</literal></entry>
6200 <entry>Argument</entry>
6202 <entry>Description</entry>
6208 <entry>UINT32</entry>
6209 <entry>Unix user ID</entry>
6214 Returns the Unix user ID of the process connected to the server. If
6215 unable to determine it (for instance, because the process is not on the
6216 same machine as the bus daemon), an error is returned.
6220 <sect3 id="bus-messages-get-connection-unix-process-id">
6221 <title><literal>org.freedesktop.DBus.GetConnectionUnixProcessID</literal></title>
6225 UINT32 GetConnectionUnixProcessID (in STRING bus_name)
6232 <entry>Argument</entry>
6234 <entry>Description</entry>
6240 <entry>STRING</entry>
6241 <entry>Unique or well-known bus name of the connection to
6242 query, such as <literal>:12.34</literal> or
6243 <literal>com.example.tea</literal></entry>
6253 <entry>Argument</entry>
6255 <entry>Description</entry>
6261 <entry>UINT32</entry>
6262 <entry>Unix process id</entry>
6267 Returns the Unix process ID of the process connected to the server. If
6268 unable to determine it (for instance, because the process is not on the
6269 same machine as the bus daemon), an error is returned.
6273 <sect3 id="bus-messages-get-connection-credentials">
6274 <title><literal>org.freedesktop.DBus.GetConnectionCredentials</literal></title>
6278 DICT<STRING,VARIANT> GetConnectionCredentials (in STRING bus_name)
6285 <entry>Argument</entry>
6287 <entry>Description</entry>
6293 <entry>STRING</entry>
6294 <entry>Unique or well-known bus name of the connection to
6295 query, such as <literal>:12.34</literal> or
6296 <literal>com.example.tea</literal></entry>
6306 <entry>Argument</entry>
6308 <entry>Description</entry>
6314 <entry>DICT<STRING,VARIANT></entry>
6315 <entry>Credentials</entry>
6323 Returns as many credentials as possible for the process connected to
6324 the server. If unable to determine certain credentials (for instance,
6325 because the process is not on the same machine as the bus daemon,
6326 or because this version of the bus daemon does not support a
6327 particular security framework), or if the values of those credentials
6328 cannot be represented as documented here, then those credentials
6333 Keys in the returned dictionary not containing "." are defined
6334 by this specification. Bus daemon implementors supporting
6335 credentials frameworks not mentioned in this document should either
6336 contribute patches to this specification, or use keys containing
6337 "." and starting with a reversed domain name.
6343 <entry>Value type</entry>
6344 <entry>Value</entry>
6349 <entry>UnixUserID</entry>
6350 <entry>UINT32</entry>
6351 <entry>The numeric Unix user ID, as defined by POSIX</entry>
6354 <entry>ProcessID</entry>
6355 <entry>UINT32</entry>
6356 <entry>The numeric process ID, on platforms that have
6357 this concept. On Unix, this is the process ID defined by
6361 <entry>WindowsSID</entry>
6362 <entry>STRING</entry>
6363 <entry>The Windows security identifier in its string form,
6364 e.g. "S-1-5-21-3623811015-3361044348-30300820-1013" for
6365 a domain or local computer user or "S-1-5-18" for the
6366 LOCAL_SYSTEM user</entry>
6370 <entry>LinuxSecurityLabel</entry>
6371 <entry>ARRAY of BYTE</entry>
6373 <para>On Linux systems, the security label that would result
6374 from the SO_PEERSEC getsockopt call. The array contains
6375 the non-zero bytes of the security label in an unspecified
6376 ASCII-compatible encoding<footnote>
6377 <para>It could be ASCII or UTF-8, but could also be
6378 ISO Latin-1 or any other encoding.</para>
6379 </footnote>, followed by a single zero byte.</para>
6381 For example, the SELinux context
6382 <literal>system_u:system_r:init_t:s0</literal>
6383 (a string of length 27) would be encoded as 28 bytes
6384 ending with ':', 's', '0', '\x00'.<footnote>
6385 <para>Note that this is not the same as the older
6386 GetConnectionSELinuxContext method, which does
6387 not append the zero byte. Always appending the
6388 zero byte allows callers to read the string
6389 from the message payload without copying.</para>
6393 On SELinux systems this is the SELinux context, as output
6394 by <literal>ps -Z</literal> or <literal>ls -Z</literal>.
6395 Typical values might include
6396 <literal>system_u:system_r:init_t:s0</literal>,
6397 <literal>unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023</literal>,
6399 <literal>unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023</literal>.
6402 On Smack systems, this is the Smack label.
6403 Typical values might include
6404 <literal>_</literal>, <literal>*</literal>,
6405 <literal>User</literal>, <literal>System</literal>
6406 or <literal>System::Shared</literal>.
6409 On AppArmor systems, this is the AppArmor context,
6410 a composite string encoding the AppArmor label (one or more
6411 profiles) and the enforcement mode.
6412 Typical values might include <literal>unconfined</literal>,
6413 <literal>/usr/bin/firefox (enforce)</literal> or
6414 <literal>user1 (complain)</literal>.
6424 This method was added in D-Bus 1.7 to reduce the round-trips
6425 required to list a process's credentials. In older versions, calling
6426 this method will fail: applications should recover by using the
6427 separate methods such as
6428 <xref linkend="bus-messages-get-connection-unix-user"/>
6433 <sect3 id="bus-messages-get-adt-audit-session-data">
6434 <title><literal>org.freedesktop.DBus.GetAdtAuditSessionData</literal></title>
6438 ARRAY of BYTE GetAdtAuditSessionData (in STRING bus_name)
6445 <entry>Argument</entry>
6447 <entry>Description</entry>
6453 <entry>STRING</entry>
6454 <entry>Unique or well-known bus name of the connection to
6455 query, such as <literal>:12.34</literal> or
6456 <literal>com.example.tea</literal></entry>
6466 <entry>Argument</entry>
6468 <entry>Description</entry>
6474 <entry>ARRAY of BYTE</entry>
6475 <entry>auditing data as returned by
6476 adt_export_session_data()</entry>
6481 Returns auditing data used by Solaris ADT, in an unspecified
6482 binary format. If you know what this means, please contribute
6483 documentation via the D-Bus bug tracking system.
6484 This method is on the core DBus interface for historical reasons;
6485 the same information should be made available via
6486 <xref linkend="bus-messages-get-connection-credentials"/>
6491 <sect3 id="bus-messages-get-connection-selinux-security-context">
6492 <title><literal>org.freedesktop.DBus.GetConnectionSELinuxSecurityContext</literal></title>
6496 ARRAY of BYTE GetConnectionSELinuxSecurityContext (in STRING bus_name)
6503 <entry>Argument</entry>
6505 <entry>Description</entry>
6511 <entry>STRING</entry>
6512 <entry>Unique or well-known bus name of the connection to
6513 query, such as <literal>:12.34</literal> or
6514 <literal>com.example.tea</literal></entry>
6524 <entry>Argument</entry>
6526 <entry>Description</entry>
6532 <entry>ARRAY of BYTE</entry>
6533 <entry>some sort of string of bytes, not necessarily UTF-8,
6534 not including '\0'</entry>
6539 Returns the security context used by SELinux, in an unspecified
6540 format. If you know what this means, please contribute
6541 documentation via the D-Bus bug tracking system.
6542 This method is on the core DBus interface for historical reasons;
6543 the same information should be made available via
6544 <xref linkend="bus-messages-get-connection-credentials"/>
6550 <sect3 id="bus-messages-add-match">
6551 <title><literal>org.freedesktop.DBus.AddMatch</literal></title>
6555 AddMatch (in STRING rule)
6562 <entry>Argument</entry>
6564 <entry>Description</entry>
6570 <entry>STRING</entry>
6571 <entry>Match rule to add to the connection</entry>
6576 Adds a match rule to match messages going through the message bus (see <xref linkend='message-bus-routing-match-rules'/>).
6577 If the bus does not have enough resources the <literal>org.freedesktop.DBus.Error.OOM</literal>
6581 <sect3 id="bus-messages-remove-match">
6582 <title><literal>org.freedesktop.DBus.RemoveMatch</literal></title>
6586 RemoveMatch (in STRING rule)
6593 <entry>Argument</entry>
6595 <entry>Description</entry>
6601 <entry>STRING</entry>
6602 <entry>Match rule to remove from the connection</entry>
6607 Removes the first rule that matches (see <xref linkend='message-bus-routing-match-rules'/>).
6608 If the rule is not found the <literal>org.freedesktop.DBus.Error.MatchRuleNotFound</literal>
6613 <sect3 id="bus-messages-get-id">
6614 <title><literal>org.freedesktop.DBus.GetId</literal></title>
6618 GetId (out STRING id)
6625 <entry>Argument</entry>
6627 <entry>Description</entry>
6633 <entry>STRING</entry>
6634 <entry>Unique ID identifying the bus daemon</entry>
6639 Gets the unique ID of the bus. The unique ID here is shared among all addresses the
6640 bus daemon is listening on (TCP, UNIX domain socket, etc.) and its format is described in
6641 <xref linkend="uuids"/>. Each address the bus is listening on also has its own unique
6642 ID, as described in <xref linkend="addresses"/>. The per-bus and per-address IDs are not related.
6643 There is also a per-machine ID, described in <xref linkend="standard-interfaces-peer"/> and returned
6644 by org.freedesktop.DBus.Peer.GetMachineId().
6645 For a desktop session bus, the bus ID can be used as a way to uniquely identify a user's session.
6649 <sect3 id="bus-messages-become-monitor">
6650 <title><literal>org.freedesktop.DBus.Monitoring.BecomeMonitor</literal></title>
6654 BecomeMonitor (in ARRAY of STRING rule, in UINT32 flags)
6661 <entry>Argument</entry>
6663 <entry>Description</entry>
6669 <entry>ARRAY of STRING</entry>
6670 <entry>Match rules to add to the connection</entry>
6674 <entry>UINT32</entry>
6675 <entry>Not used, must be 0</entry>
6683 Converts the connection into a <emphasis>monitor
6684 connection</emphasis> which can be used as a debugging/monitoring
6685 tool. Only a user who is privileged on this
6686 bus (by some implementation-specific definition) may create
6687 monitor connections<footnote>
6689 In the reference implementation,
6690 the default configuration is that each user (identified by
6691 numeric user ID) may monitor their own session bus,
6692 and the root user (user ID zero) may monitor the
6699 Monitor connections lose all their bus names, including the unique
6700 connection name, and all their match rules. Sending messages on a
6701 monitor connection is not allowed: applications should use a private
6702 connection for monitoring.
6706 Monitor connections may receive all messages, even messages that
6707 should only have gone to some other connection ("eavesdropping").
6708 The first argument is a list of match rules, which replace any
6709 match rules that were previously active for this connection.
6710 These match rules are always treated as if they contained the
6711 special <literal>eavesdrop='true'</literal> member.
6715 As a special case, an empty list of match rules (which would
6716 otherwise match nothing, making the monitor useless) is treated
6717 as a shorthand for matching all messages.
6721 The second argument might be used for flags to influence the
6722 behaviour of the monitor connection in future D-Bus versions.
6726 Message bus implementations should attempt to minimize the
6727 side-effects of monitoring — in particular, unlike ordinary
6728 eavesdropping, monitoring the system bus does not require the
6729 access control rules to be relaxed, which would change the set
6730 of messages that can be delivered to their (non-monitor)
6731 destinations. However, it is unavoidable that monitoring
6732 will increase the message bus's resource consumption. In
6733 edge cases where there was barely enough time or memory without
6734 monitoring, this might result in message deliveries failing
6735 when they would otherwise have succeeded.
6741 <sect2 id="message-bus-properties">
6742 <title>Message Bus Properties</title>
6744 The special message bus name <literal>org.freedesktop.DBus</literal>
6745 exports several properties (see
6746 <xref linkend="standard-interfaces-properties"/>) on the object path
6747 <literal>/org/freedesktop/DBus</literal>.
6750 <sect3 id="message-bus-properties-features">
6751 <title><literal>org.freedesktop.DBus.Features</literal></title>
6755 Read-only constant ARRAY of STRING Features
6757 This property lists abstract “features” provided by the message
6758 bus, and can be used by clients to detect the capabilities
6759 of the message bus with which they are communicating.
6760 This property was added in version 1.11.x of the reference
6761 implementation of the message bus.
6765 Items in the returned array not containing “.” are defined
6766 by this specification. Bus daemon implementors wishing to advertise
6767 features not mentioned in this document should either contribute
6768 patches to this specification, or use keys containing “.” and
6769 starting with their own reversed domain name, for example
6770 <literal>com.example.MyBus.SubliminalMessages</literal>.
6774 The features currently defined in this specification are as follows:
6778 <term><literal>AppArmor</literal></term>
6781 This message bus filters messages via the
6782 <ulink url="http://wiki.apparmor.net/">AppArmor</ulink>
6783 security framework. This feature should only be
6784 advertised if AppArmor mediation is enabled and
6785 active at runtime; merely compiling in support
6786 for AppArmor should not result in this feature being
6787 advertised on message bus instances where it is disabled by
6788 message bus or operating system configuration.
6794 <term><literal>SELinux</literal></term>
6797 This message bus filters messages via the
6798 <ulink url="https://selinuxproject.org/">SELinux</ulink>
6799 security framework. Similar to <literal>apparmor</literal>,
6800 this feature should only be advertised if SELinux mediation
6801 is enabled and active at runtime (if SELinux is placed in
6802 permissive mode, that is still considered to be active).
6808 <term><literal>SystemdActivation</literal></term>
6811 When asked to activate a service that has the
6812 <literal>SystemdService</literal> field in its
6813 <filename>.service</filename> file, this message bus will
6814 carry out systemd activation (for details see
6815 <xref linkend="message-bus-starting-services-systemd"/>).
6824 <sect3 id="message-bus-properties-interfaces">
6825 <title><literal>org.freedesktop.DBus.Interfaces</literal></title>
6829 Read-only constant ARRAY of STRING Interfaces
6831 This property lists interfaces provided by the
6832 <literal>/org/freedesktop/DBus</literal> object,
6833 and can be used by clients to detect the capabilities
6834 of the message bus with which they are communicating.
6835 Unlike the standard Introspectable interface, querying this
6836 property does not require parsing XML.
6837 This property was added in version 1.11.x of the reference
6838 implementation of the message bus.
6842 The standard <literal>org.freedesktop.DBus</literal> and
6843 <literal>org.freedesktop.DBus.Properties</literal> interfaces
6844 are not included in the value of this property, because their
6845 presence can be inferred from the fact that a method call on
6846 <literal>org.freedesktop.DBus.Properties</literal> asking for
6847 properties of <literal>org.freedesktop.DBus</literal> was
6848 successful. The standard <literal>org.freedesktop.DBus.Peer</literal>
6849 and <literal>org.freedesktop.DBus.Introspectable</literal>
6850 interfaces are not included in the value of this property either,
6851 because they do not indicate features of the message bus
6859 <appendix id="implementation-notes">
6860 <title>Implementation notes</title>
6861 <sect1 id="implementation-notes-subsection">
6869 <glossary><title>Glossary</title>
6871 This glossary defines some of the terms used in this specification.
6874 <glossentry id="term-bus-name"><glossterm>Bus Name</glossterm>
6877 The message bus maintains an association between names and
6878 connections. (Normally, there's one connection per application.) A
6879 bus name is simply an identifier used to locate connections. For
6880 example, the hypothetical <literal>com.yoyodyne.Screensaver</literal>
6881 name might be used to send a message to a screensaver from Yoyodyne
6882 Corporation. An application is said to <firstterm>own</firstterm> a
6883 name if the message bus has associated the application's connection
6884 with the name. Names may also have <firstterm>queued
6885 owners</firstterm> (see <xref linkend="term-queued-owner"/>).
6886 The bus assigns a unique name to each connection,
6887 see <xref linkend="term-unique-name"/>. Other names
6888 can be thought of as "well-known names" and are
6889 used to find applications that offer specific functionality.
6893 See <xref linkend="message-protocol-names-bus"/> for details of
6894 the syntax and naming conventions for bus names.
6899 <glossentry id="term-message"><glossterm>Message</glossterm>
6902 A message is the atomic unit of communication via the D-Bus
6903 protocol. It consists of a <firstterm>header</firstterm> and a
6904 <firstterm>body</firstterm>; the body is made up of
6905 <firstterm>arguments</firstterm>.
6910 <glossentry id="term-message-bus"><glossterm>Message Bus</glossterm>
6913 The message bus is a special application that forwards
6914 or routes messages between a group of applications
6915 connected to the message bus. It also manages
6916 <firstterm>names</firstterm> used for routing
6922 <glossentry id="term-name"><glossterm>Name</glossterm>
6925 See <xref linkend="term-bus-name"/>. "Name" may
6926 also be used to refer to some of the other names
6927 in D-Bus, such as interface names.
6932 <glossentry id="namespace"><glossterm>Namespace</glossterm>
6935 Used to prevent collisions when defining new interfaces, bus names
6936 etc. The convention used is the same one Java uses for defining
6937 classes: a reversed domain name.
6938 See <xref linkend="message-protocol-names-bus"/>,
6939 <xref linkend="message-protocol-names-interface"/>,
6940 <xref linkend="message-protocol-names-error"/>,
6941 <xref linkend="message-protocol-marshaling-object-path"/>.
6946 <glossentry id="term-object"><glossterm>Object</glossterm>
6949 Each application contains <firstterm>objects</firstterm>, which have
6950 <firstterm>interfaces</firstterm> and
6951 <firstterm>methods</firstterm>. Objects are referred to by a name,
6952 called a <firstterm>path</firstterm>.
6957 <glossentry id="one-to-one"><glossterm>One-to-One</glossterm>
6960 An application talking directly to another application, without going
6961 through a message bus. One-to-one connections may be "peer to peer" or
6962 "client to server." The D-Bus protocol has no concept of client
6963 vs. server after a connection has authenticated; the flow of messages
6964 is symmetrical (full duplex).
6969 <glossentry id="term-path"><glossterm>Path</glossterm>
6972 Object references (object names) in D-Bus are organized into a
6973 filesystem-style hierarchy, so each object is named by a path. As in
6974 LDAP, there's no difference between "files" and "directories"; a path
6975 can refer to an object, while still having child objects below it.
6980 <glossentry id="term-queued-owner"><glossterm>Queued Name Owner</glossterm>
6983 Each bus name has a primary owner; messages sent to the name go to the
6984 primary owner. However, certain names also maintain a queue of
6985 secondary owners "waiting in the wings." If the primary owner releases
6986 the name, then the first secondary owner in the queue automatically
6987 becomes the new owner of the name.
6992 <glossentry id="term-service"><glossterm>Service</glossterm>
6995 A service is an executable that can be launched by the bus daemon.
6996 Services normally guarantee some particular features, for example they
6997 may guarantee that they will request a specific name such as
6998 "com.example.Screensaver1", have a singleton object
6999 "/com/example/Screensaver1", and that object will implement the
7000 interface "com.example.Screensaver1.Control".
7005 <glossentry id="term-service-description-files"><glossterm>Service Description Files</glossterm>
7008 ".service files" tell the bus about service applications that can be
7009 launched (see <xref linkend="term-service"/>). Most importantly they
7010 provide a mapping from bus names to services that will request those
7011 names when they start up.
7016 <glossentry id="term-unique-name"><glossterm>Unique Connection Name</glossterm>
7019 The special name automatically assigned to each connection by the
7020 message bus. This name will never change owner, and will be unique
7021 (never reused during the lifetime of the message bus).
7022 It will begin with a ':' character.
projects / platform / upstream / dbus.git / blob