1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* bus.c message bus context object
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
25 #include "activation.h"
26 #include "connection.h"
30 #include "config-parser.h"
33 #include "dir-watch.h"
34 #include <dbus/dbus-list.h>
35 #include <dbus/dbus-hash.h>
36 #include <dbus/dbus-credentials.h>
37 #include <dbus/dbus-internals.h>
52 BusConnections *connections;
53 BusActivation *activation;
54 BusRegistry *registry;
56 BusMatchmaker *matchmaker;
58 unsigned int fork : 1;
59 unsigned int syslog : 1;
60 unsigned int keep_umask : 1;
63 static dbus_int32_t server_data_slot = -1;
70 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
73 server_get_context (DBusServer *server)
78 if (!dbus_server_allocate_data_slot (&server_data_slot))
81 bd = BUS_SERVER_DATA (server);
84 dbus_server_free_data_slot (&server_data_slot);
88 context = bd->context;
90 dbus_server_free_data_slot (&server_data_slot);
96 server_watch_callback (DBusWatch *watch,
97 unsigned int condition,
100 /* FIXME this can be done in dbus-mainloop.c
101 * if the code in activation.c for the babysitter
102 * watch handler is fixed.
105 return dbus_watch_handle (watch, condition);
109 add_server_watch (DBusWatch *watch,
112 DBusServer *server = data;
115 context = server_get_context (server);
117 return _dbus_loop_add_watch (context->loop,
118 watch, server_watch_callback, server,
123 remove_server_watch (DBusWatch *watch,
126 DBusServer *server = data;
129 context = server_get_context (server);
131 _dbus_loop_remove_watch (context->loop,
132 watch, server_watch_callback, server);
137 server_timeout_callback (DBusTimeout *timeout,
140 /* can return FALSE on OOM but we just let it fire again later */
141 dbus_timeout_handle (timeout);
145 add_server_timeout (DBusTimeout *timeout,
148 DBusServer *server = data;
151 context = server_get_context (server);
153 return _dbus_loop_add_timeout (context->loop,
154 timeout, server_timeout_callback, server, NULL);
158 remove_server_timeout (DBusTimeout *timeout,
161 DBusServer *server = data;
164 context = server_get_context (server);
166 _dbus_loop_remove_timeout (context->loop,
167 timeout, server_timeout_callback, server);
171 new_connection_callback (DBusServer *server,
172 DBusConnection *new_connection,
175 BusContext *context = data;
177 if (!bus_connections_setup_connection (context->connections, new_connection))
179 _dbus_verbose ("No memory to setup new connection\n");
181 /* if we don't do this, it will get unref'd without
182 * being disconnected... kind of strange really
183 * that we have to do this, people won't get it right
186 dbus_connection_close (new_connection);
189 dbus_connection_set_max_received_size (new_connection,
190 context->limits.max_incoming_bytes);
192 dbus_connection_set_max_message_size (new_connection,
193 context->limits.max_message_size);
195 /* on OOM, we won't have ref'd the connection so it will die. */
199 free_server_data (void *data)
201 BusServerData *bd = data;
207 setup_server (BusContext *context,
209 char **auth_mechanisms,
214 bd = dbus_new0 (BusServerData, 1);
215 if (bd == NULL || !dbus_server_set_data (server,
217 bd, free_server_data))
224 bd->context = context;
226 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
232 dbus_server_set_new_connection_function (server,
233 new_connection_callback,
236 if (!dbus_server_set_watch_functions (server,
247 if (!dbus_server_set_timeout_functions (server,
249 remove_server_timeout,
260 /* This code only gets executed the first time the
261 * config files are parsed. It is not executed
262 * when config files are reloaded.
265 process_config_first_time_only (BusContext *context,
266 BusConfigParser *parser,
269 DBusString log_prefix;
271 DBusList **addresses;
272 const char *user, *pidfile;
273 char **auth_mechanisms;
274 DBusList **auth_mechanisms_list;
278 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
281 auth_mechanisms = NULL;
283 /* Check for an existing pid file. Of course this is a race;
284 * we'd have to use fcntl() locks on the pid file to
285 * avoid that. But we want to check for the pid file
286 * before overwriting any existing sockets, etc.
288 pidfile = bus_config_parser_get_pidfile (parser);
294 _dbus_string_init_const (&u, pidfile);
296 if (_dbus_stat (&u, &stbuf, NULL))
298 dbus_set_error (error, DBUS_ERROR_FAILED,
299 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
305 /* keep around the pid filename so we can delete it later */
306 context->pidfile = _dbus_strdup (pidfile);
308 /* note that type may be NULL */
309 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
310 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
313 user = bus_config_parser_get_user (parser);
316 context->user = _dbus_strdup (user);
317 if (context->user == NULL)
321 /* Set up the prefix for syslog messages */
322 if (!_dbus_string_init (&log_prefix))
324 if (context->type && !strcmp (context->type, "system"))
326 if (!_dbus_string_append (&log_prefix, "[system] "))
329 else if (context->type && !strcmp (context->type, "session"))
331 DBusCredentials *credentials;
333 credentials = _dbus_credentials_new_from_current_process ();
336 if (!_dbus_string_append (&log_prefix, "[session "))
338 if (!_dbus_credentials_to_string_append (credentials, &log_prefix))
340 if (!_dbus_string_append (&log_prefix, "] "))
342 _dbus_credentials_unref (credentials);
344 if (!_dbus_string_steal_data (&log_prefix, &context->log_prefix))
346 _dbus_string_free (&log_prefix);
348 /* Build an array of auth mechanisms */
350 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
351 len = _dbus_list_get_length (auth_mechanisms_list);
357 auth_mechanisms = dbus_new0 (char*, len + 1);
358 if (auth_mechanisms == NULL)
362 link = _dbus_list_get_first_link (auth_mechanisms_list);
365 auth_mechanisms[i] = _dbus_strdup (link->data);
366 if (auth_mechanisms[i] == NULL)
368 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
373 auth_mechanisms = NULL;
376 /* Listen on our addresses */
378 addresses = bus_config_parser_get_addresses (parser);
380 link = _dbus_list_get_first_link (addresses);
385 server = dbus_server_listen (link->data, error);
388 _DBUS_ASSERT_ERROR_IS_SET (error);
391 else if (!setup_server (context, server, auth_mechanisms, error))
393 _DBUS_ASSERT_ERROR_IS_SET (error);
397 if (!_dbus_list_append (&context->servers, server))
400 link = _dbus_list_get_next_link (addresses, link);
403 context->fork = bus_config_parser_get_fork (parser);
404 context->syslog = bus_config_parser_get_syslog (parser);
405 context->keep_umask = bus_config_parser_get_keep_umask (parser);
407 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
411 dbus_free_string_array (auth_mechanisms);
416 dbus_free_string_array (auth_mechanisms);
420 /* This code gets executed every time the config files
421 * are parsed: both during BusContext construction
422 * and on reloads. This function is slightly screwy
423 * since it can do a "half reload" in out-of-memory
424 * situations. Realistically, unlikely to ever matter.
427 process_config_every_time (BusContext *context,
428 BusConfigParser *parser,
429 dbus_bool_t is_reload,
432 DBusString full_address;
435 BusActivation *new_activation;
437 const char *servicehelper;
442 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
447 if (!_dbus_string_init (&full_address))
453 /* get our limits and timeout lengths */
454 bus_config_parser_get_limits (parser, &context->limits);
457 bus_policy_unref (context->policy);
458 context->policy = bus_config_parser_steal_policy (parser);
459 _dbus_assert (context->policy != NULL);
461 /* We have to build the address backward, so that
462 * <listen> later in the config file have priority
464 link = _dbus_list_get_last_link (&context->servers);
467 addr = dbus_server_get_address (link->data);
474 if (_dbus_string_get_length (&full_address) > 0)
476 if (!_dbus_string_append (&full_address, ";"))
483 if (!_dbus_string_append (&full_address, addr))
492 link = _dbus_list_get_prev_link (&context->servers, link);
496 dbus_free (context->address);
498 if (!_dbus_string_copy_data (&full_address, &context->address))
504 /* get the service directories */
505 dirs = bus_config_parser_get_service_dirs (parser);
507 /* and the service helper */
508 servicehelper = bus_config_parser_get_servicehelper (parser);
510 s = _dbus_strdup(servicehelper);
511 if (s == NULL && servicehelper != NULL)
518 dbus_free(context->servicehelper);
519 context->servicehelper = s;
522 /* Create activation subsystem */
523 if (context->activation)
525 if (!bus_activation_reload (context->activation, &full_address, dirs, error))
530 context->activation = bus_activation_new (context, &full_address, dirs, error);
533 if (context->activation == NULL)
535 _DBUS_ASSERT_ERROR_IS_SET (error);
539 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
543 _dbus_string_free (&full_address);
552 list_concat_new (DBusList **a,
560 link = _dbus_list_get_first_link (a);
561 for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link))
563 if (!_dbus_list_append (result, link->data))
566 for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link))
568 if (!_dbus_list_append (result, link->data))
574 _dbus_list_clear (result);
579 process_config_postinit (BusContext *context,
580 BusConfigParser *parser,
583 DBusHashTable *service_context_table;
584 DBusList *watched_dirs = NULL;
586 service_context_table = bus_config_parser_steal_service_context_table (parser);
587 if (!bus_registry_set_service_context_table (context->registry,
588 service_context_table))
594 _dbus_hash_table_unref (service_context_table);
596 /* We need to monitor both the configuration directories and directories
597 * containing .service files.
599 if (!list_concat_new (bus_config_parser_get_conf_dirs (parser),
600 bus_config_parser_get_service_dirs (parser),
607 bus_set_watched_dirs (context, &watched_dirs);
609 _dbus_list_clear (&watched_dirs);
615 bus_context_new (const DBusString *config_file,
616 ForceForkSetting force_fork,
617 DBusPipe *print_addr_pipe,
618 DBusPipe *print_pid_pipe,
621 DBusString log_prefix;
623 BusConfigParser *parser;
625 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
630 if (!dbus_server_allocate_data_slot (&server_data_slot))
636 context = dbus_new0 (BusContext, 1);
642 context->refcount = 1;
644 _dbus_generate_uuid (&context->uuid);
646 if (!_dbus_string_copy_data (config_file, &context->config_file))
652 context->loop = _dbus_loop_new ();
653 if (context->loop == NULL)
659 context->registry = bus_registry_new (context);
660 if (context->registry == NULL)
666 parser = bus_config_load (config_file, TRUE, NULL, error);
669 _DBUS_ASSERT_ERROR_IS_SET (error);
673 if (!process_config_first_time_only (context, parser, error))
675 _DBUS_ASSERT_ERROR_IS_SET (error);
678 if (!process_config_every_time (context, parser, FALSE, error))
680 _DBUS_ASSERT_ERROR_IS_SET (error);
684 /* we need another ref of the server data slot for the context
687 if (!dbus_server_allocate_data_slot (&server_data_slot))
688 _dbus_assert_not_reached ("second ref of server data slot failed");
690 /* Note that we don't know whether the print_addr_pipe is
691 * one of the sockets we're using to listen on, or some
692 * other random thing. But I think the answer is "don't do
695 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
698 const char *a = bus_context_get_address (context);
701 _dbus_assert (a != NULL);
702 if (!_dbus_string_init (&addr))
708 if (!_dbus_string_append (&addr, a) ||
709 !_dbus_string_append (&addr, "\n"))
711 _dbus_string_free (&addr);
716 bytes = _dbus_string_get_length (&addr);
717 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
719 /* pipe write returns an error on failure but not short write */
720 if (error != NULL && !dbus_error_is_set (error))
722 dbus_set_error (error, DBUS_ERROR_FAILED,
723 "Printing message bus address: did not write all bytes\n");
725 _dbus_string_free (&addr);
729 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
730 _dbus_pipe_close (print_addr_pipe, NULL);
732 _dbus_string_free (&addr);
735 context->connections = bus_connections_new (context);
736 if (context->connections == NULL)
742 context->matchmaker = bus_matchmaker_new ();
743 if (context->matchmaker == NULL)
749 /* check user before we fork */
750 if (context->user != NULL)
752 if (!_dbus_verify_daemon_user (context->user))
754 dbus_set_error (error, DBUS_ERROR_FAILED,
755 "Could not get UID and GID for username \"%s\"",
761 /* Now become a daemon if appropriate and write out pid file in any case */
765 if (context->pidfile)
766 _dbus_string_init_const (&u, context->pidfile);
768 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
770 _dbus_verbose ("Forking and becoming daemon\n");
772 if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
775 context->keep_umask))
777 _DBUS_ASSERT_ERROR_IS_SET (error);
783 _dbus_verbose ("Fork not requested\n");
785 /* Need to write PID file and to PID pipe for ourselves,
786 * not for the child process. This is a no-op if the pidfile
787 * is NULL and print_pid_pipe is NULL.
789 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
794 _DBUS_ASSERT_ERROR_IS_SET (error);
800 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
801 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
802 _dbus_pipe_close (print_pid_pipe, NULL);
804 if (!bus_selinux_full_init ())
806 bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n");
809 if (!process_config_postinit (context, parser, error))
811 _DBUS_ASSERT_ERROR_IS_SET (error);
817 bus_config_parser_unref (parser);
821 /* Here we change our credentials if required,
822 * as soon as we've set up our sockets and pidfile
824 if (context->user != NULL)
826 if (!_dbus_change_to_daemon_user (context->user, error))
828 _DBUS_ASSERT_ERROR_IS_SET (error);
833 /* FIXME - why not just put this in full_init() below? */
834 bus_selinux_audit_init ();
838 dbus_server_free_data_slot (&server_data_slot);
844 bus_config_parser_unref (parser);
846 bus_context_unref (context);
848 if (server_data_slot >= 0)
849 dbus_server_free_data_slot (&server_data_slot);
855 bus_context_get_id (BusContext *context,
858 return _dbus_uuid_encode (&context->uuid, uuid);
862 bus_context_reload_config (BusContext *context,
865 BusConfigParser *parser;
866 DBusString config_file;
869 /* Flush the user database cache */
870 _dbus_flush_caches ();
873 _dbus_string_init_const (&config_file, context->config_file);
874 parser = bus_config_load (&config_file, TRUE, NULL, error);
877 _DBUS_ASSERT_ERROR_IS_SET (error);
881 if (!process_config_every_time (context, parser, TRUE, error))
883 _DBUS_ASSERT_ERROR_IS_SET (error);
886 if (!process_config_postinit (context, parser, error))
888 _DBUS_ASSERT_ERROR_IS_SET (error);
893 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Reloaded configuration");
896 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Unable to reload configuration: %s", error->message);
898 bus_config_parser_unref (parser);
903 shutdown_server (BusContext *context,
906 if (server == NULL ||
907 !dbus_server_get_is_connected (server))
910 if (!dbus_server_set_watch_functions (server,
914 _dbus_assert_not_reached ("setting watch functions to NULL failed");
916 if (!dbus_server_set_timeout_functions (server,
920 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
922 dbus_server_disconnect (server);
926 bus_context_shutdown (BusContext *context)
930 link = _dbus_list_get_first_link (&context->servers);
933 shutdown_server (context, link->data);
935 link = _dbus_list_get_next_link (&context->servers, link);
940 bus_context_ref (BusContext *context)
942 _dbus_assert (context->refcount > 0);
943 context->refcount += 1;
949 bus_context_unref (BusContext *context)
951 _dbus_assert (context->refcount > 0);
952 context->refcount -= 1;
954 if (context->refcount == 0)
958 _dbus_verbose ("Finalizing bus context %p\n", context);
960 bus_context_shutdown (context);
962 if (context->connections)
964 bus_connections_unref (context->connections);
965 context->connections = NULL;
968 if (context->registry)
970 bus_registry_unref (context->registry);
971 context->registry = NULL;
974 if (context->activation)
976 bus_activation_unref (context->activation);
977 context->activation = NULL;
980 link = _dbus_list_get_first_link (&context->servers);
983 dbus_server_unref (link->data);
985 link = _dbus_list_get_next_link (&context->servers, link);
987 _dbus_list_clear (&context->servers);
991 bus_policy_unref (context->policy);
992 context->policy = NULL;
997 _dbus_loop_unref (context->loop);
998 context->loop = NULL;
1001 if (context->matchmaker)
1003 bus_matchmaker_unref (context->matchmaker);
1004 context->matchmaker = NULL;
1007 dbus_free (context->config_file);
1008 dbus_free (context->log_prefix);
1009 dbus_free (context->type);
1010 dbus_free (context->address);
1011 dbus_free (context->user);
1012 dbus_free (context->servicehelper);
1014 if (context->pidfile)
1017 _dbus_string_init_const (&u, context->pidfile);
1019 /* Deliberately ignore errors here, since there's not much
1020 * we can do about it, and we're exiting anyways.
1022 _dbus_delete_file (&u, NULL);
1024 dbus_free (context->pidfile);
1026 dbus_free (context);
1028 dbus_server_free_data_slot (&server_data_slot);
1032 /* type may be NULL */
1034 bus_context_get_type (BusContext *context)
1036 return context->type;
1040 bus_context_get_address (BusContext *context)
1042 return context->address;
1046 bus_context_get_servicehelper (BusContext *context)
1048 return context->servicehelper;
1052 bus_context_get_registry (BusContext *context)
1054 return context->registry;
1058 bus_context_get_connections (BusContext *context)
1060 return context->connections;
1064 bus_context_get_activation (BusContext *context)
1066 return context->activation;
1070 bus_context_get_matchmaker (BusContext *context)
1072 return context->matchmaker;
1076 bus_context_get_loop (BusContext *context)
1078 return context->loop;
1082 bus_context_allow_unix_user (BusContext *context,
1085 return bus_policy_allow_unix_user (context->policy,
1089 /* For now this is never actually called because the default
1090 * DBusConnection behavior of 'same user that owns the bus can connect'
1091 * is all it would do.
1094 bus_context_allow_windows_user (BusContext *context,
1095 const char *windows_sid)
1097 return bus_policy_allow_windows_user (context->policy,
1102 bus_context_get_policy (BusContext *context)
1104 return context->policy;
1108 bus_context_create_client_policy (BusContext *context,
1109 DBusConnection *connection,
1112 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
1113 return bus_policy_create_client_policy (context->policy, connection,
1118 bus_context_get_activation_timeout (BusContext *context)
1121 return context->limits.activation_timeout;
1125 bus_context_get_auth_timeout (BusContext *context)
1127 return context->limits.auth_timeout;
1131 bus_context_get_max_completed_connections (BusContext *context)
1133 return context->limits.max_completed_connections;
1137 bus_context_get_max_incomplete_connections (BusContext *context)
1139 return context->limits.max_incomplete_connections;
1143 bus_context_get_max_connections_per_user (BusContext *context)
1145 return context->limits.max_connections_per_user;
1149 bus_context_get_max_pending_activations (BusContext *context)
1151 return context->limits.max_pending_activations;
1155 bus_context_get_max_services_per_connection (BusContext *context)
1157 return context->limits.max_services_per_connection;
1161 bus_context_get_max_match_rules_per_connection (BusContext *context)
1163 return context->limits.max_match_rules_per_connection;
1167 bus_context_get_max_replies_per_connection (BusContext *context)
1169 return context->limits.max_replies_per_connection;
1173 bus_context_get_reply_timeout (BusContext *context)
1175 return context->limits.reply_timeout;
1179 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...) _DBUS_GNUC_PRINTF (3, 4);
1182 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...)
1186 if (!context->syslog)
1189 va_start (args, msg);
1191 if (context->log_prefix)
1193 DBusString full_msg;
1195 if (!_dbus_string_init (&full_msg))
1197 if (!_dbus_string_append (&full_msg, context->log_prefix))
1199 if (!_dbus_string_append_printf_valist (&full_msg, msg, args))
1202 _dbus_system_log (severity, "%s", _dbus_string_get_const_data (&full_msg));
1204 _dbus_string_free (&full_msg);
1207 _dbus_system_logv (severity, msg, args);
1214 * addressed_recipient is the recipient specified in the message.
1216 * proposed_recipient is the recipient we're considering sending
1217 * to right this second, and may be an eavesdropper.
1219 * sender is the sender of the message.
1221 * NULL for proposed_recipient or sender definitely means the bus driver.
1223 * NULL for addressed_recipient may mean the bus driver, or may mean
1224 * no destination was specified in the message (e.g. a signal).
1227 bus_context_check_security_policy (BusContext *context,
1228 BusTransaction *transaction,
1229 DBusConnection *sender,
1230 DBusConnection *addressed_recipient,
1231 DBusConnection *proposed_recipient,
1232 DBusMessage *message,
1236 BusClientPolicy *sender_policy;
1237 BusClientPolicy *recipient_policy;
1238 dbus_int32_t toggles;
1241 dbus_bool_t requested_reply;
1242 const char *sender_name;
1243 const char *sender_loginfo;
1244 const char *proposed_recipient_loginfo;
1246 type = dbus_message_get_type (message);
1247 dest = dbus_message_get_destination (message);
1249 /* dispatch.c was supposed to ensure these invariants */
1250 _dbus_assert (dest != NULL ||
1251 type == DBUS_MESSAGE_TYPE_SIGNAL ||
1252 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1253 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
1254 addressed_recipient != NULL ||
1255 strcmp (dest, DBUS_SERVICE_DBUS) == 0);
1257 /* Used in logging below */
1260 sender_name = bus_connection_get_name (sender);
1261 sender_loginfo = bus_connection_get_loginfo (sender);
1266 sender_loginfo = "(bus)";
1269 if (proposed_recipient != NULL)
1270 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
1272 proposed_recipient_loginfo = "bus";
1276 case DBUS_MESSAGE_TYPE_METHOD_CALL:
1277 case DBUS_MESSAGE_TYPE_SIGNAL:
1278 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
1279 case DBUS_MESSAGE_TYPE_ERROR:
1283 _dbus_verbose ("security check disallowing message of unknown type %d\n",
1286 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1287 "Message bus will not accept messages of unknown type\n");
1292 requested_reply = FALSE;
1296 /* First verify the SELinux access controls. If allowed then
1297 * go on with the standard checks.
1299 if (!bus_selinux_allows_send (sender, proposed_recipient,
1300 dbus_message_type_to_string (dbus_message_get_type (message)),
1301 dbus_message_get_interface (message),
1302 dbus_message_get_member (message),
1303 dbus_message_get_error_name (message),
1304 dest ? dest : DBUS_SERVICE_DBUS, error))
1306 if (error != NULL && !dbus_error_is_set (error))
1308 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1309 "An SELinux policy prevents this sender "
1310 "from sending this message to this recipient "
1311 "(rejected message had sender \"%s\" interface \"%s\" "
1312 "member \"%s\" error name \"%s\" destination \"%s\")",
1313 sender_name ? sender_name : "(unset)",
1314 dbus_message_get_interface (message) ?
1315 dbus_message_get_interface (message) : "(unset)",
1316 dbus_message_get_member (message) ?
1317 dbus_message_get_member (message) : "(unset)",
1318 dbus_message_get_error_name (message) ?
1319 dbus_message_get_error_name (message) : "(unset)",
1320 dest ? dest : DBUS_SERVICE_DBUS);
1321 _dbus_verbose ("SELinux security check denying send to service\n");
1327 if (bus_connection_is_active (sender))
1329 sender_policy = bus_connection_get_policy (sender);
1330 _dbus_assert (sender_policy != NULL);
1332 /* Fill in requested_reply variable with TRUE if this is a
1333 * reply and the reply was pending.
1335 if (dbus_message_get_reply_serial (message) != 0)
1337 if (proposed_recipient != NULL /* not to the bus driver */ &&
1338 addressed_recipient == proposed_recipient /* not eavesdropping */)
1342 dbus_error_init (&error2);
1343 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
1345 sender, addressed_recipient, message,
1347 if (dbus_error_is_set (&error2))
1349 dbus_move_error (&error2, error);
1357 /* Policy for inactive connections is that they can only send
1358 * the hello message to the bus driver
1360 if (proposed_recipient == NULL &&
1361 dbus_message_is_method_call (message,
1362 DBUS_INTERFACE_DBUS,
1365 _dbus_verbose ("security check allowing %s message\n",
1371 _dbus_verbose ("security check disallowing non-%s message\n",
1374 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1375 "Client tried to send a message other than %s without being registered",
1384 sender_policy = NULL;
1386 /* If the sender is the bus driver, we assume any reply was a
1387 * requested reply as bus driver won't send bogus ones
1389 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1390 dbus_message_get_reply_serial (message) != 0)
1391 requested_reply = TRUE;
1394 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1395 (sender == NULL && sender_policy == NULL));
1397 if (proposed_recipient != NULL)
1399 /* only the bus driver can send to an inactive recipient (as it
1400 * owns no services, so other apps can't address it). Inactive
1401 * recipients can receive any message.
1403 if (bus_connection_is_active (proposed_recipient))
1405 recipient_policy = bus_connection_get_policy (proposed_recipient);
1406 _dbus_assert (recipient_policy != NULL);
1408 else if (sender == NULL)
1410 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1411 recipient_policy = NULL;
1415 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1416 recipient_policy = NULL;
1420 recipient_policy = NULL;
1422 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1423 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1424 (proposed_recipient == NULL && recipient_policy == NULL));
1427 if (sender_policy &&
1428 !bus_client_policy_check_can_send (sender_policy,
1432 message, &toggles, &log))
1434 const char *msg = "Rejected send message, %d matched rules; "
1435 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
1437 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1439 dbus_message_type_to_string (dbus_message_get_type (message)),
1440 sender_name ? sender_name : "(unset)",
1442 dbus_message_get_interface (message) ?
1443 dbus_message_get_interface (message) : "(unset)",
1444 dbus_message_get_member (message) ?
1445 dbus_message_get_member (message) : "(unset)",
1446 dbus_message_get_error_name (message) ?
1447 dbus_message_get_error_name (message) : "(unset)",
1449 dest ? dest : DBUS_SERVICE_DBUS,
1450 proposed_recipient_loginfo);
1451 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1452 if (addressed_recipient == proposed_recipient)
1453 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg,
1455 dbus_message_type_to_string (dbus_message_get_type (message)),
1456 sender_name ? sender_name : "(unset)",
1458 dbus_message_get_interface (message) ?
1459 dbus_message_get_interface (message) : "(unset)",
1460 dbus_message_get_member (message) ?
1461 dbus_message_get_member (message) : "(unset)",
1462 dbus_message_get_error_name (message) ?
1463 dbus_message_get_error_name (message) : "(unset)",
1465 dest ? dest : DBUS_SERVICE_DBUS,
1466 proposed_recipient_loginfo);
1467 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1472 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY,
1473 "Would reject message, %d matched rules; "
1474 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))",
1476 dbus_message_type_to_string (dbus_message_get_type (message)),
1477 sender_name ? sender_name : "(unset)",
1479 dbus_message_get_interface (message) ?
1480 dbus_message_get_interface (message) : "(unset)",
1481 dbus_message_get_member (message) ?
1482 dbus_message_get_member (message) : "(unset)",
1483 dbus_message_get_error_name (message) ?
1484 dbus_message_get_error_name (message) : "(unset)",
1486 dest ? dest : DBUS_SERVICE_DBUS,
1487 proposed_recipient_loginfo);
1489 if (recipient_policy &&
1490 !bus_client_policy_check_can_receive (recipient_policy,
1494 addressed_recipient, proposed_recipient,
1497 const char *msg = "Rejected receive message, %d matched rules; "
1498 "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))";
1500 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1502 dbus_message_type_to_string (dbus_message_get_type (message)),
1503 sender_name ? sender_name : "(unset)",
1505 dbus_message_get_interface (message) ?
1506 dbus_message_get_interface (message) : "(unset)",
1507 dbus_message_get_member (message) ?
1508 dbus_message_get_member (message) : "(unset)",
1509 dbus_message_get_error_name (message) ?
1510 dbus_message_get_error_name (message) : "(unset)",
1511 dbus_message_get_reply_serial (message),
1513 dest ? dest : DBUS_SERVICE_DBUS,
1514 proposed_recipient_loginfo);
1515 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1516 if (addressed_recipient == proposed_recipient)
1517 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg,
1519 dbus_message_type_to_string (dbus_message_get_type (message)),
1520 sender_name ? sender_name : "(unset)",
1522 dbus_message_get_interface (message) ?
1523 dbus_message_get_interface (message) : "(unset)",
1524 dbus_message_get_member (message) ?
1525 dbus_message_get_member (message) : "(unset)",
1526 dbus_message_get_error_name (message) ?
1527 dbus_message_get_error_name (message) : "(unset)",
1528 dbus_message_get_reply_serial (message),
1530 dest ? dest : DBUS_SERVICE_DBUS,
1531 proposed_recipient_loginfo);
1532 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1536 /* See if limits on size have been exceeded */
1537 if (proposed_recipient &&
1538 dbus_connection_get_outgoing_size (proposed_recipient) >
1539 context->limits.max_outgoing_bytes)
1541 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
1542 "The destination service \"%s\" has a full message queue",
1543 dest ? dest : (proposed_recipient ?
1544 bus_connection_get_name (proposed_recipient) :
1545 DBUS_SERVICE_DBUS));
1546 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1550 /* Record that we will allow a reply here in the future (don't
1551 * bother if the recipient is the bus or this is an eavesdropping
1552 * connection). Only the addressed recipient may reply.
1554 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
1556 addressed_recipient &&
1557 addressed_recipient == proposed_recipient && /* not eavesdropping */
1558 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1560 sender, addressed_recipient,
1563 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1567 _dbus_verbose ("security policy allowing message\n");