*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
+#include <config.h>
#include "bus.h"
#include "activation.h"
#include "connection.h"
#include "dir-watch.h"
#include <dbus/dbus-list.h>
#include <dbus/dbus-hash.h>
+#include <dbus/dbus-credentials.h>
#include <dbus/dbus-internals.h>
struct BusContext
char *address;
char *pidfile;
char *user;
+ char *log_prefix;
DBusLoop *loop;
DBusList *servers;
BusConnections *connections;
BusMatchmaker *matchmaker;
BusLimits limits;
unsigned int fork : 1;
+ unsigned int syslog : 1;
+ unsigned int keep_umask : 1;
+ unsigned int allow_anonymous : 1;
};
static dbus_int32_t server_data_slot = -1;
dbus_connection_set_max_message_size (new_connection,
context->limits.max_message_size);
+
+ dbus_connection_set_max_received_unix_fds (new_connection,
+ context->limits.max_incoming_unix_fds);
+
+ dbus_connection_set_max_message_unix_fds (new_connection,
+ context->limits.max_message_unix_fds);
+ dbus_connection_set_allow_anonymous (new_connection,
+ context->allow_anonymous);
+
/* on OOM, we won't have ref'd the connection so it will die. */
}
BusServerData *bd;
bd = dbus_new0 (BusServerData, 1);
- if (!dbus_server_set_data (server,
- server_data_slot,
- bd, free_server_data))
+ if (bd == NULL || !dbus_server_set_data (server,
+ server_data_slot,
+ bd, free_server_data))
{
dbus_free (bd);
BUS_SET_OOM (error);
BusConfigParser *parser,
DBusError *error)
{
+ DBusString log_prefix;
DBusList *link;
DBusList **addresses;
const char *user, *pidfile;
DBusStat stbuf;
_dbus_string_init_const (&u, pidfile);
-
+
if (_dbus_stat (&u, &stbuf, NULL))
- {
- dbus_set_error (error, DBUS_ERROR_FAILED,
- "The pid file \"%s\" exists, if the message bus is not running, remove this file",
- pidfile);
- goto failed;
- }
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "The pid file \"%s\" exists, if the message bus is not running, remove this file",
+ pidfile);
+ goto failed;
+ }
}
-
+
/* keep around the pid filename so we can delete it later */
context->pidfile = _dbus_strdup (pidfile);
+ /* note that type may be NULL */
+ context->type = _dbus_strdup (bus_config_parser_get_type (parser));
+ if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
+ goto oom;
+
+ user = bus_config_parser_get_user (parser);
+ if (user != NULL)
+ {
+ context->user = _dbus_strdup (user);
+ if (context->user == NULL)
+ goto oom;
+ }
+
+ /* Set up the prefix for syslog messages */
+ if (!_dbus_string_init (&log_prefix))
+ goto oom;
+ if (context->type && !strcmp (context->type, "system"))
+ {
+ if (!_dbus_string_append (&log_prefix, "[system] "))
+ goto oom;
+ }
+ else if (context->type && !strcmp (context->type, "session"))
+ {
+ DBusCredentials *credentials;
+
+ credentials = _dbus_credentials_new_from_current_process ();
+ if (!credentials)
+ goto oom;
+ if (!_dbus_string_append (&log_prefix, "[session "))
+ goto oom;
+ if (!_dbus_credentials_to_string_append (credentials, &log_prefix))
+ goto oom;
+ if (!_dbus_string_append (&log_prefix, "] "))
+ goto oom;
+ _dbus_credentials_unref (credentials);
+ }
+ if (!_dbus_string_steal_data (&log_prefix, &context->log_prefix))
+ goto oom;
+ _dbus_string_free (&log_prefix);
+
/* Build an array of auth mechanisms */
-
+
auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
len = _dbus_list_get_length (auth_mechanisms_list);
auth_mechanisms = dbus_new0 (char*, len + 1);
if (auth_mechanisms == NULL)
- {
- BUS_SET_OOM (error);
- goto failed;
- }
-
+ goto oom;
+
i = 0;
link = _dbus_list_get_first_link (auth_mechanisms_list);
while (link != NULL)
{
auth_mechanisms[i] = _dbus_strdup (link->data);
if (auth_mechanisms[i] == NULL)
- {
- BUS_SET_OOM (error);
- goto failed;
- }
+ goto oom;
link = _dbus_list_get_next_link (auth_mechanisms_list, link);
}
}
}
if (!_dbus_list_append (&context->servers, server))
- {
- BUS_SET_OOM (error);
- goto failed;
- }
-
- link = _dbus_list_get_next_link (addresses, link);
- }
+ goto oom;
- /* note that type may be NULL */
- context->type = _dbus_strdup (bus_config_parser_get_type (parser));
- if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
- {
- BUS_SET_OOM (error);
- goto failed;
- }
-
- user = bus_config_parser_get_user (parser);
- if (user != NULL)
- {
- context->user = _dbus_strdup (user);
- if (context->user == NULL)
- {
- BUS_SET_OOM (error);
- goto failed;
- }
+ link = _dbus_list_get_next_link (addresses, link);
}
context->fork = bus_config_parser_get_fork (parser);
-
+ context->syslog = bus_config_parser_get_syslog (parser);
+ context->keep_umask = bus_config_parser_get_keep_umask (parser);
+ context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
+
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
retval = TRUE;
failed:
dbus_free_string_array (auth_mechanisms);
return retval;
+
+ oom:
+ BUS_SET_OOM (error);
+ dbus_free_string_array (auth_mechanisms);
+ return FALSE;
}
/* This code gets executed every time the config files
/* get our limits and timeout lengths */
bus_config_parser_get_limits (parser, &context->limits);
+ if (context->policy)
+ bus_policy_unref (context->policy);
context->policy = bus_config_parser_steal_policy (parser);
_dbus_assert (context->policy != NULL);
dbus_free(context->servicehelper);
context->servicehelper = s;
}
-
+
/* Create activation subsystem */
- new_activation = bus_activation_new (context, &full_address,
- dirs, error);
- if (new_activation == NULL)
+ if (context->activation)
+ {
+ if (!bus_activation_reload (context->activation, &full_address, dirs, error))
+ goto failed;
+ }
+ else
+ {
+ context->activation = bus_activation_new (context, &full_address, dirs, error);
+ }
+
+ if (context->activation == NULL)
{
_DBUS_ASSERT_ERROR_IS_SET (error);
goto failed;
}
- if (is_reload)
- bus_activation_unref (context->activation);
-
- context->activation = new_activation;
-
- /* Drop existing conf-dir watches (if applicable) */
-
- if (is_reload)
- bus_drop_all_directory_watches ();
-
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
retval = TRUE;
}
static dbus_bool_t
+list_concat_new (DBusList **a,
+ DBusList **b,
+ DBusList **result)
+{
+ DBusList *link;
+
+ *result = NULL;
+
+ link = _dbus_list_get_first_link (a);
+ for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link))
+ {
+ if (!_dbus_list_append (result, link->data))
+ goto oom;
+ }
+ for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link))
+ {
+ if (!_dbus_list_append (result, link->data))
+ goto oom;
+ }
+
+ return TRUE;
+oom:
+ _dbus_list_clear (result);
+ return FALSE;
+}
+
+static dbus_bool_t
process_config_postinit (BusContext *context,
BusConfigParser *parser,
DBusError *error)
{
DBusHashTable *service_context_table;
+ DBusList *watched_dirs = NULL;
service_context_table = bus_config_parser_steal_service_context_table (parser);
if (!bus_registry_set_service_context_table (context->registry,
_dbus_hash_table_unref (service_context_table);
- /* Watch all conf directories */
- _dbus_list_foreach (bus_config_parser_get_conf_dirs (parser),
- (DBusForeachFunction) bus_watch_directory,
- context);
+ /* We need to monitor both the configuration directories and directories
+ * containing .service files.
+ */
+ if (!list_concat_new (bus_config_parser_get_conf_dirs (parser),
+ bus_config_parser_get_service_dirs (parser),
+ &watched_dirs))
+ {
+ BUS_SET_OOM (error);
+ return FALSE;
+ }
+
+ bus_set_watched_dirs (context, &watched_dirs);
+
+ _dbus_list_clear (&watched_dirs);
return TRUE;
}
DBusPipe *print_pid_pipe,
DBusError *error)
{
+ DBusString log_prefix;
BusContext *context;
BusConfigParser *parser;
context->refcount = 1;
_dbus_generate_uuid (&context->uuid);
-
+
if (!_dbus_string_copy_data (config_file, &context->config_file))
{
BUS_SET_OOM (error);
if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
print_pid_pipe,
- error))
+ error,
+ context->keep_umask))
{
_DBUS_ASSERT_ERROR_IS_SET (error);
goto failed;
if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
!_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
_dbus_pipe_close (print_pid_pipe, NULL);
-
+
+ if (!bus_selinux_full_init ())
+ {
+ bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n");
+ }
+
if (!process_config_postinit (context, parser, error))
{
_DBUS_ASSERT_ERROR_IS_SET (error);
#endif
}
- if (!bus_selinux_full_init ())
- {
- _dbus_warn ("SELinux initialization failed\n");
- }
-
dbus_server_free_data_slot (&server_data_slot);
return context;
}
ret = TRUE;
- failed:
+ bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Reloaded configuration");
+ failed:
+ if (!ret)
+ bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Unable to reload configuration: %s", error->message);
if (parser != NULL)
bus_config_parser_unref (parser);
return ret;
bus_matchmaker_unref (context->matchmaker);
context->matchmaker = NULL;
}
-
+
dbus_free (context->config_file);
+ dbus_free (context->log_prefix);
dbus_free (context->type);
dbus_free (context->address);
dbus_free (context->user);
return context->limits.reply_timeout;
}
+void
+bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...)
+{
+ va_list args;
+
+ if (!context->syslog)
+ return;
+
+ va_start (args, msg);
+
+ if (context->log_prefix)
+ {
+ DBusString full_msg;
+
+ if (!_dbus_string_init (&full_msg))
+ goto out;
+ if (!_dbus_string_append (&full_msg, context->log_prefix))
+ goto oom_out;
+ if (!_dbus_string_append_printf_valist (&full_msg, msg, args))
+ goto oom_out;
+
+ _dbus_system_log (severity, "%s", full_msg);
+ oom_out:
+ _dbus_string_free (&full_msg);
+ }
+ else
+ _dbus_system_logv (severity, msg, args);
+
+out:
+ va_end (args);
+}
+
/*
* addressed_recipient is the recipient specified in the message.
*
DBusMessage *message,
DBusError *error)
{
+ const char *dest;
BusClientPolicy *sender_policy;
BusClientPolicy *recipient_policy;
+ dbus_int32_t toggles;
+ dbus_bool_t log;
int type;
dbus_bool_t requested_reply;
+ const char *sender_name;
+ const char *sender_loginfo;
+ const char *proposed_recipient_loginfo;
type = dbus_message_get_type (message);
+ dest = dbus_message_get_destination (message);
/* dispatch.c was supposed to ensure these invariants */
- _dbus_assert (dbus_message_get_destination (message) != NULL ||
+ _dbus_assert (dest != NULL ||
type == DBUS_MESSAGE_TYPE_SIGNAL ||
(sender == NULL && !bus_connection_is_active (proposed_recipient)));
_dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
addressed_recipient != NULL ||
- strcmp (dbus_message_get_destination (message), DBUS_SERVICE_DBUS) == 0);
+ strcmp (dest, DBUS_SERVICE_DBUS) == 0);
+
+ /* Used in logging below */
+ if (sender != NULL)
+ {
+ sender_name = bus_connection_get_name (sender);
+ sender_loginfo = bus_connection_get_loginfo (sender);
+ }
+ else
+ {
+ sender_name = NULL;
+ sender_loginfo = "(bus)";
+ }
+
+ if (proposed_recipient != NULL)
+ proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
+ else
+ proposed_recipient_loginfo = "bus";
switch (type)
{
if (sender != NULL)
{
- const char *dest;
-
- dest = dbus_message_get_destination (message);
-
/* First verify the SELinux access controls. If allowed then
* go on with the standard checks.
*/
dbus_message_get_error_name (message),
dest ? dest : DBUS_SERVICE_DBUS, error))
{
+ if (error != NULL && !dbus_error_is_set (error))
+ {
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+ "An SELinux policy prevents this sender "
+ "from sending this message to this recipient "
+ "(rejected message had sender \"%s\" interface \"%s\" "
+ "member \"%s\" error name \"%s\" destination \"%s\")",
+ sender_name ? sender_name : "(unset)",
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dest ? dest : DBUS_SERVICE_DBUS);
+ _dbus_verbose ("SELinux security check denying send to service\n");
+ }
- if (dbus_error_is_set (error) &&
- dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
- {
- return FALSE;
- }
-
-
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "An SELinux policy prevents this sender "
- "from sending this message to this recipient "
- "(rejected message had interface \"%s\" "
- "member \"%s\" error name \"%s\" destination \"%s\")",
- dbus_message_get_interface (message) ?
- dbus_message_get_interface (message) : "(unset)",
- dbus_message_get_member (message) ?
- dbus_message_get_member (message) : "(unset)",
- dbus_message_get_error_name (message) ?
- dbus_message_get_error_name (message) : "(unset)",
- dest ? dest : DBUS_SERVICE_DBUS);
- _dbus_verbose ("SELinux security check denying send to service\n");
return FALSE;
}
(proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
(proposed_recipient == NULL && recipient_policy == NULL));
+ log = FALSE;
if (sender_policy &&
!bus_client_policy_check_can_send (sender_policy,
context->registry,
requested_reply,
proposed_recipient,
- message))
+ message, &toggles, &log))
{
- const char *dest;
-
- dest = dbus_message_get_destination (message);
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "A security policy in place prevents this sender "
- "from sending this message to this recipient, "
- "see message bus configuration file (rejected message "
- "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")",
+ const char *msg = "Rejected send message, %d matched rules; "
+ "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
+
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
dbus_message_get_member (message) : "(unset)",
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
- dest ? dest : DBUS_SERVICE_DBUS);
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
+ /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
+ if (addressed_recipient == proposed_recipient)
+ bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg,
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
_dbus_verbose ("security policy disallowing message due to sender policy\n");
return FALSE;
}
+ if (log)
+ bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY,
+ "Would reject message, %d matched rules; "
+ "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))",
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
+
if (recipient_policy &&
!bus_client_policy_check_can_receive (recipient_policy,
context->registry,
requested_reply,
sender,
addressed_recipient, proposed_recipient,
- message))
+ message, &toggles))
{
- const char *dest;
-
- dest = dbus_message_get_destination (message);
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "A security policy in place prevents this recipient "
- "from receiving this message from this sender, "
- "see message bus configuration file (rejected message "
- "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)",
+ const char *msg = "Rejected receive message, %d matched rules; "
+ "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))";
+
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
dbus_message_get_member (message) : "(unset)",
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
- dest ? dest : DBUS_SERVICE_DBUS,
dbus_message_get_reply_serial (message),
- requested_reply);
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
+ /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
+ if (addressed_recipient == proposed_recipient)
+ bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg,
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dbus_message_get_reply_serial (message),
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
_dbus_verbose ("security policy disallowing message due to recipient policy\n");
return FALSE;
}
/* See if limits on size have been exceeded */
if (proposed_recipient &&
- dbus_connection_get_outgoing_size (proposed_recipient) >
- context->limits.max_outgoing_bytes)
+ ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) ||
+ (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds)))
{
- const char *dest;
-
- dest = dbus_message_get_destination (message);
dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
"The destination service \"%s\" has a full message queue",
dest ? dest : (proposed_recipient ?