1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* bus.c message bus context object
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
6 * Licensed under the Academic Free License version 2.1
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
26 #include "activation.h"
27 #include "connection.h"
31 #include "config-parser.h"
34 #include "dir-watch.h"
35 #include <dbus/dbus-list.h>
36 #include <dbus/dbus-hash.h>
37 #include <dbus/dbus-credentials.h>
38 #include <dbus/dbus-internals.h>
54 BusConnections *connections;
55 BusActivation *activation;
56 BusRegistry *registry;
58 BusMatchmaker *matchmaker;
60 unsigned int fork : 1;
61 unsigned int syslog : 1;
62 unsigned int keep_umask : 1;
63 unsigned int allow_anonymous : 1;
64 unsigned int systemd_activation : 1;
67 static dbus_int32_t server_data_slot = -1;
74 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
77 server_get_context (DBusServer *server)
82 if (!dbus_server_allocate_data_slot (&server_data_slot))
85 bd = BUS_SERVER_DATA (server);
88 dbus_server_free_data_slot (&server_data_slot);
92 context = bd->context;
94 dbus_server_free_data_slot (&server_data_slot);
100 server_watch_callback (DBusWatch *watch,
101 unsigned int condition,
104 /* FIXME this can be done in dbus-mainloop.c
105 * if the code in activation.c for the babysitter
106 * watch handler is fixed.
109 return dbus_watch_handle (watch, condition);
113 add_server_watch (DBusWatch *watch,
116 DBusServer *server = data;
119 context = server_get_context (server);
121 return _dbus_loop_add_watch (context->loop,
122 watch, server_watch_callback, server,
127 remove_server_watch (DBusWatch *watch,
130 DBusServer *server = data;
133 context = server_get_context (server);
135 _dbus_loop_remove_watch (context->loop,
136 watch, server_watch_callback, server);
141 server_timeout_callback (DBusTimeout *timeout,
144 /* can return FALSE on OOM but we just let it fire again later */
145 dbus_timeout_handle (timeout);
149 add_server_timeout (DBusTimeout *timeout,
152 DBusServer *server = data;
155 context = server_get_context (server);
157 return _dbus_loop_add_timeout (context->loop,
158 timeout, server_timeout_callback, server, NULL);
162 remove_server_timeout (DBusTimeout *timeout,
165 DBusServer *server = data;
168 context = server_get_context (server);
170 _dbus_loop_remove_timeout (context->loop,
171 timeout, server_timeout_callback, server);
175 new_connection_callback (DBusServer *server,
176 DBusConnection *new_connection,
179 BusContext *context = data;
181 if (!bus_connections_setup_connection (context->connections, new_connection))
183 _dbus_verbose ("No memory to setup new connection\n");
185 /* if we don't do this, it will get unref'd without
186 * being disconnected... kind of strange really
187 * that we have to do this, people won't get it right
190 dbus_connection_close (new_connection);
193 dbus_connection_set_max_received_size (new_connection,
194 context->limits.max_incoming_bytes);
196 dbus_connection_set_max_message_size (new_connection,
197 context->limits.max_message_size);
199 dbus_connection_set_max_received_unix_fds (new_connection,
200 context->limits.max_incoming_unix_fds);
202 dbus_connection_set_max_message_unix_fds (new_connection,
203 context->limits.max_message_unix_fds);
205 dbus_connection_set_allow_anonymous (new_connection,
206 context->allow_anonymous);
208 /* on OOM, we won't have ref'd the connection so it will die. */
212 free_server_data (void *data)
214 BusServerData *bd = data;
220 setup_server (BusContext *context,
222 char **auth_mechanisms,
227 bd = dbus_new0 (BusServerData, 1);
228 if (bd == NULL || !dbus_server_set_data (server,
230 bd, free_server_data))
237 bd->context = context;
239 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
245 dbus_server_set_new_connection_function (server,
246 new_connection_callback,
249 if (!dbus_server_set_watch_functions (server,
260 if (!dbus_server_set_timeout_functions (server,
262 remove_server_timeout,
273 /* This code only gets executed the first time the
274 * config files are parsed. It is not executed
275 * when config files are reloaded.
278 process_config_first_time_only (BusContext *context,
279 BusConfigParser *parser,
280 const DBusString *address,
281 dbus_bool_t systemd_activation,
284 DBusString log_prefix;
286 DBusList **addresses;
287 const char *user, *pidfile;
288 char **auth_mechanisms;
289 DBusList **auth_mechanisms_list;
293 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
296 auth_mechanisms = NULL;
298 context->systemd_activation = systemd_activation;
300 /* Check for an existing pid file. Of course this is a race;
301 * we'd have to use fcntl() locks on the pid file to
302 * avoid that. But we want to check for the pid file
303 * before overwriting any existing sockets, etc.
305 pidfile = bus_config_parser_get_pidfile (parser);
311 _dbus_string_init_const (&u, pidfile);
313 if (_dbus_stat (&u, &stbuf, NULL))
319 _dbus_string_init (&p);
320 _dbus_file_get_contents(&p, &u, NULL);
321 _dbus_string_parse_int(&p, 0, &pid, NULL);
322 _dbus_string_free(&p);
324 if ((kill((int)pid, 0))) {
325 dbus_set_error(NULL, DBUS_ERROR_FILE_EXISTS,
326 "pid %ld not running, removing stale pid file\n",
328 _dbus_delete_file(&u, NULL);
331 dbus_set_error (error, DBUS_ERROR_FAILED,
332 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
341 /* keep around the pid filename so we can delete it later */
342 context->pidfile = _dbus_strdup (pidfile);
344 /* note that type may be NULL */
345 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
346 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
349 user = bus_config_parser_get_user (parser);
352 context->user = _dbus_strdup (user);
353 if (context->user == NULL)
357 /* Set up the prefix for syslog messages */
358 if (!_dbus_string_init (&log_prefix))
360 if (context->type && !strcmp (context->type, "system"))
362 if (!_dbus_string_append (&log_prefix, "[system] "))
365 else if (context->type && !strcmp (context->type, "session"))
367 DBusCredentials *credentials;
369 credentials = _dbus_credentials_new_from_current_process ();
372 if (!_dbus_string_append (&log_prefix, "[session "))
374 if (!_dbus_credentials_to_string_append (credentials, &log_prefix))
376 if (!_dbus_string_append (&log_prefix, "] "))
378 _dbus_credentials_unref (credentials);
380 if (!_dbus_string_steal_data (&log_prefix, &context->log_prefix))
382 _dbus_string_free (&log_prefix);
384 /* Build an array of auth mechanisms */
386 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
387 len = _dbus_list_get_length (auth_mechanisms_list);
393 auth_mechanisms = dbus_new0 (char*, len + 1);
394 if (auth_mechanisms == NULL)
398 link = _dbus_list_get_first_link (auth_mechanisms_list);
401 auth_mechanisms[i] = _dbus_strdup (link->data);
402 if (auth_mechanisms[i] == NULL)
404 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
409 auth_mechanisms = NULL;
412 /* Listen on our addresses */
418 server = dbus_server_listen (_dbus_string_get_const_data(address), error);
421 _DBUS_ASSERT_ERROR_IS_SET (error);
424 else if (!setup_server (context, server, auth_mechanisms, error))
426 _DBUS_ASSERT_ERROR_IS_SET (error);
430 if (!_dbus_list_append (&context->servers, server))
435 addresses = bus_config_parser_get_addresses (parser);
437 link = _dbus_list_get_first_link (addresses);
442 server = dbus_server_listen (link->data, error);
445 _DBUS_ASSERT_ERROR_IS_SET (error);
448 else if (!setup_server (context, server, auth_mechanisms, error))
450 _DBUS_ASSERT_ERROR_IS_SET (error);
454 if (!_dbus_list_append (&context->servers, server))
457 link = _dbus_list_get_next_link (addresses, link);
461 context->fork = bus_config_parser_get_fork (parser);
462 context->syslog = bus_config_parser_get_syslog (parser);
463 context->keep_umask = bus_config_parser_get_keep_umask (parser);
464 context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
466 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
470 dbus_free_string_array (auth_mechanisms);
475 dbus_free_string_array (auth_mechanisms);
479 /* This code gets executed every time the config files
480 * are parsed: both during BusContext construction
481 * and on reloads. This function is slightly screwy
482 * since it can do a "half reload" in out-of-memory
483 * situations. Realistically, unlikely to ever matter.
486 process_config_every_time (BusContext *context,
487 BusConfigParser *parser,
488 dbus_bool_t is_reload,
491 DBusString full_address;
494 BusActivation *new_activation;
496 const char *servicehelper;
501 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
506 if (!_dbus_string_init (&full_address))
512 /* get our limits and timeout lengths */
513 bus_config_parser_get_limits (parser, &context->limits);
516 bus_policy_unref (context->policy);
517 context->policy = bus_config_parser_steal_policy (parser);
518 _dbus_assert (context->policy != NULL);
520 /* We have to build the address backward, so that
521 * <listen> later in the config file have priority
523 link = _dbus_list_get_last_link (&context->servers);
526 addr = dbus_server_get_address (link->data);
533 if (_dbus_string_get_length (&full_address) > 0)
535 if (!_dbus_string_append (&full_address, ";"))
542 if (!_dbus_string_append (&full_address, addr))
551 link = _dbus_list_get_prev_link (&context->servers, link);
555 dbus_free (context->address);
557 if (!_dbus_string_copy_data (&full_address, &context->address))
563 /* get the service directories */
564 dirs = bus_config_parser_get_service_dirs (parser);
566 /* and the service helper */
567 servicehelper = bus_config_parser_get_servicehelper (parser);
569 s = _dbus_strdup(servicehelper);
570 if (s == NULL && servicehelper != NULL)
577 dbus_free(context->servicehelper);
578 context->servicehelper = s;
581 /* Create activation subsystem */
582 if (context->activation)
584 if (!bus_activation_reload (context->activation, &full_address, dirs, error))
589 context->activation = bus_activation_new (context, &full_address, dirs, error);
592 if (context->activation == NULL)
594 _DBUS_ASSERT_ERROR_IS_SET (error);
598 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
602 _dbus_string_free (&full_address);
611 list_concat_new (DBusList **a,
619 link = _dbus_list_get_first_link (a);
620 for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link))
622 if (!_dbus_list_append (result, link->data))
625 for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link))
627 if (!_dbus_list_append (result, link->data))
633 _dbus_list_clear (result);
638 process_config_postinit (BusContext *context,
639 BusConfigParser *parser,
642 DBusHashTable *service_context_table;
643 DBusList *watched_dirs = NULL;
645 service_context_table = bus_config_parser_steal_service_context_table (parser);
646 if (!bus_registry_set_service_context_table (context->registry,
647 service_context_table))
653 _dbus_hash_table_unref (service_context_table);
655 /* We need to monitor both the configuration directories and directories
656 * containing .service files.
658 if (!list_concat_new (bus_config_parser_get_conf_dirs (parser),
659 bus_config_parser_get_service_dirs (parser),
666 bus_set_watched_dirs (context, &watched_dirs);
668 _dbus_list_clear (&watched_dirs);
674 bus_context_new (const DBusString *config_file,
675 ForceForkSetting force_fork,
676 DBusPipe *print_addr_pipe,
677 DBusPipe *print_pid_pipe,
678 const DBusString *address,
679 dbus_bool_t systemd_activation,
682 DBusString log_prefix;
684 BusConfigParser *parser;
686 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
691 if (!dbus_server_allocate_data_slot (&server_data_slot))
697 context = dbus_new0 (BusContext, 1);
703 context->refcount = 1;
705 _dbus_generate_uuid (&context->uuid);
707 if (!_dbus_string_copy_data (config_file, &context->config_file))
713 context->loop = _dbus_loop_new ();
714 if (context->loop == NULL)
720 context->registry = bus_registry_new (context);
721 if (context->registry == NULL)
727 parser = bus_config_load (config_file, TRUE, NULL, error);
730 _DBUS_ASSERT_ERROR_IS_SET (error);
734 if (!process_config_first_time_only (context, parser, address, systemd_activation, error))
736 _DBUS_ASSERT_ERROR_IS_SET (error);
739 if (!process_config_every_time (context, parser, FALSE, error))
741 _DBUS_ASSERT_ERROR_IS_SET (error);
745 /* we need another ref of the server data slot for the context
748 if (!dbus_server_allocate_data_slot (&server_data_slot))
749 _dbus_assert_not_reached ("second ref of server data slot failed");
751 /* Note that we don't know whether the print_addr_pipe is
752 * one of the sockets we're using to listen on, or some
753 * other random thing. But I think the answer is "don't do
756 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
759 const char *a = bus_context_get_address (context);
762 _dbus_assert (a != NULL);
763 if (!_dbus_string_init (&addr))
769 if (!_dbus_string_append (&addr, a) ||
770 !_dbus_string_append (&addr, "\n"))
772 _dbus_string_free (&addr);
777 bytes = _dbus_string_get_length (&addr);
778 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
780 /* pipe write returns an error on failure but not short write */
781 if (error != NULL && !dbus_error_is_set (error))
783 dbus_set_error (error, DBUS_ERROR_FAILED,
784 "Printing message bus address: did not write all bytes\n");
786 _dbus_string_free (&addr);
790 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
791 _dbus_pipe_close (print_addr_pipe, NULL);
793 _dbus_string_free (&addr);
796 context->connections = bus_connections_new (context);
797 if (context->connections == NULL)
803 context->matchmaker = bus_matchmaker_new ();
804 if (context->matchmaker == NULL)
810 /* check user before we fork */
811 if (context->user != NULL)
813 if (!_dbus_verify_daemon_user (context->user))
815 dbus_set_error (error, DBUS_ERROR_FAILED,
816 "Could not get UID and GID for username \"%s\"",
822 /* Now become a daemon if appropriate and write out pid file in any case */
826 if (context->pidfile)
827 _dbus_string_init_const (&u, context->pidfile);
829 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
831 _dbus_verbose ("Forking and becoming daemon\n");
833 if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
836 context->keep_umask))
838 _DBUS_ASSERT_ERROR_IS_SET (error);
844 _dbus_verbose ("Fork not requested\n");
846 /* Need to write PID file and to PID pipe for ourselves,
847 * not for the child process. This is a no-op if the pidfile
848 * is NULL and print_pid_pipe is NULL.
850 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
855 _DBUS_ASSERT_ERROR_IS_SET (error);
861 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
862 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
863 _dbus_pipe_close (print_pid_pipe, NULL);
865 if (!bus_selinux_full_init ())
867 bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n");
870 if (!process_config_postinit (context, parser, error))
872 _DBUS_ASSERT_ERROR_IS_SET (error);
878 bus_config_parser_unref (parser);
882 /* Here we change our credentials if required,
883 * as soon as we've set up our sockets and pidfile
885 if (context->user != NULL)
887 if (!_dbus_change_to_daemon_user (context->user, error))
889 _DBUS_ASSERT_ERROR_IS_SET (error);
894 /* FIXME - why not just put this in full_init() below? */
895 bus_selinux_audit_init ();
899 dbus_server_free_data_slot (&server_data_slot);
905 bus_config_parser_unref (parser);
907 bus_context_unref (context);
909 if (server_data_slot >= 0)
910 dbus_server_free_data_slot (&server_data_slot);
916 bus_context_get_id (BusContext *context,
919 return _dbus_uuid_encode (&context->uuid, uuid);
923 bus_context_reload_config (BusContext *context,
926 BusConfigParser *parser;
927 DBusString config_file;
930 /* Flush the user database cache */
931 _dbus_flush_caches ();
934 _dbus_string_init_const (&config_file, context->config_file);
935 parser = bus_config_load (&config_file, TRUE, NULL, error);
938 _DBUS_ASSERT_ERROR_IS_SET (error);
942 if (!process_config_every_time (context, parser, TRUE, error))
944 _DBUS_ASSERT_ERROR_IS_SET (error);
947 if (!process_config_postinit (context, parser, error))
949 _DBUS_ASSERT_ERROR_IS_SET (error);
954 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Reloaded configuration");
957 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Unable to reload configuration: %s", error->message);
959 bus_config_parser_unref (parser);
964 shutdown_server (BusContext *context,
967 if (server == NULL ||
968 !dbus_server_get_is_connected (server))
971 if (!dbus_server_set_watch_functions (server,
975 _dbus_assert_not_reached ("setting watch functions to NULL failed");
977 if (!dbus_server_set_timeout_functions (server,
981 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
983 dbus_server_disconnect (server);
987 bus_context_shutdown (BusContext *context)
991 link = _dbus_list_get_first_link (&context->servers);
994 shutdown_server (context, link->data);
996 link = _dbus_list_get_next_link (&context->servers, link);
1001 bus_context_ref (BusContext *context)
1003 _dbus_assert (context->refcount > 0);
1004 context->refcount += 1;
1010 bus_context_unref (BusContext *context)
1012 _dbus_assert (context->refcount > 0);
1013 context->refcount -= 1;
1015 if (context->refcount == 0)
1019 _dbus_verbose ("Finalizing bus context %p\n", context);
1021 bus_context_shutdown (context);
1023 if (context->connections)
1025 bus_connections_unref (context->connections);
1026 context->connections = NULL;
1029 if (context->registry)
1031 bus_registry_unref (context->registry);
1032 context->registry = NULL;
1035 if (context->activation)
1037 bus_activation_unref (context->activation);
1038 context->activation = NULL;
1041 link = _dbus_list_get_first_link (&context->servers);
1042 while (link != NULL)
1044 dbus_server_unref (link->data);
1046 link = _dbus_list_get_next_link (&context->servers, link);
1048 _dbus_list_clear (&context->servers);
1050 if (context->policy)
1052 bus_policy_unref (context->policy);
1053 context->policy = NULL;
1058 _dbus_loop_unref (context->loop);
1059 context->loop = NULL;
1062 if (context->matchmaker)
1064 bus_matchmaker_unref (context->matchmaker);
1065 context->matchmaker = NULL;
1068 dbus_free (context->config_file);
1069 dbus_free (context->log_prefix);
1070 dbus_free (context->type);
1071 dbus_free (context->address);
1072 dbus_free (context->user);
1073 dbus_free (context->servicehelper);
1075 if (context->pidfile)
1078 _dbus_string_init_const (&u, context->pidfile);
1080 /* Deliberately ignore errors here, since there's not much
1081 * we can do about it, and we're exiting anyways.
1083 _dbus_delete_file (&u, NULL);
1085 dbus_free (context->pidfile);
1087 dbus_free (context);
1089 dbus_server_free_data_slot (&server_data_slot);
1093 /* type may be NULL */
1095 bus_context_get_type (BusContext *context)
1097 return context->type;
1101 bus_context_get_address (BusContext *context)
1103 return context->address;
1107 bus_context_get_servicehelper (BusContext *context)
1109 return context->servicehelper;
1113 bus_context_get_systemd_activation (BusContext *context)
1115 return context->systemd_activation;
1119 bus_context_get_registry (BusContext *context)
1121 return context->registry;
1125 bus_context_get_connections (BusContext *context)
1127 return context->connections;
1131 bus_context_get_activation (BusContext *context)
1133 return context->activation;
1137 bus_context_get_matchmaker (BusContext *context)
1139 return context->matchmaker;
1143 bus_context_get_loop (BusContext *context)
1145 return context->loop;
1149 bus_context_allow_unix_user (BusContext *context,
1152 return bus_policy_allow_unix_user (context->policy,
1156 /* For now this is never actually called because the default
1157 * DBusConnection behavior of 'same user that owns the bus can connect'
1158 * is all it would do.
1161 bus_context_allow_windows_user (BusContext *context,
1162 const char *windows_sid)
1164 return bus_policy_allow_windows_user (context->policy,
1169 bus_context_get_policy (BusContext *context)
1171 return context->policy;
1175 bus_context_create_client_policy (BusContext *context,
1176 DBusConnection *connection,
1179 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
1180 return bus_policy_create_client_policy (context->policy, connection,
1185 bus_context_get_activation_timeout (BusContext *context)
1188 return context->limits.activation_timeout;
1192 bus_context_get_auth_timeout (BusContext *context)
1194 return context->limits.auth_timeout;
1198 bus_context_get_max_completed_connections (BusContext *context)
1200 return context->limits.max_completed_connections;
1204 bus_context_get_max_incomplete_connections (BusContext *context)
1206 return context->limits.max_incomplete_connections;
1210 bus_context_get_max_connections_per_user (BusContext *context)
1212 return context->limits.max_connections_per_user;
1216 bus_context_get_max_pending_activations (BusContext *context)
1218 return context->limits.max_pending_activations;
1222 bus_context_get_max_services_per_connection (BusContext *context)
1224 return context->limits.max_services_per_connection;
1228 bus_context_get_max_match_rules_per_connection (BusContext *context)
1230 return context->limits.max_match_rules_per_connection;
1234 bus_context_get_max_replies_per_connection (BusContext *context)
1236 return context->limits.max_replies_per_connection;
1240 bus_context_get_reply_timeout (BusContext *context)
1242 return context->limits.reply_timeout;
1246 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...) _DBUS_GNUC_PRINTF (3, 4);
1249 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...)
1253 if (!context->syslog)
1256 va_start (args, msg);
1258 if (context->log_prefix)
1260 DBusString full_msg;
1262 if (!_dbus_string_init (&full_msg))
1264 if (!_dbus_string_append (&full_msg, context->log_prefix))
1266 if (!_dbus_string_append_printf_valist (&full_msg, msg, args))
1269 _dbus_system_log (severity, "%s", _dbus_string_get_const_data (&full_msg));
1271 _dbus_string_free (&full_msg);
1274 _dbus_system_logv (severity, msg, args);
1281 * addressed_recipient is the recipient specified in the message.
1283 * proposed_recipient is the recipient we're considering sending
1284 * to right this second, and may be an eavesdropper.
1286 * sender is the sender of the message.
1288 * NULL for proposed_recipient or sender definitely means the bus driver.
1290 * NULL for addressed_recipient may mean the bus driver, or may mean
1291 * no destination was specified in the message (e.g. a signal).
1294 bus_context_check_security_policy (BusContext *context,
1295 BusTransaction *transaction,
1296 DBusConnection *sender,
1297 DBusConnection *addressed_recipient,
1298 DBusConnection *proposed_recipient,
1299 DBusMessage *message,
1303 BusClientPolicy *sender_policy;
1304 BusClientPolicy *recipient_policy;
1305 dbus_int32_t toggles;
1308 dbus_bool_t requested_reply;
1309 const char *sender_name;
1310 const char *sender_loginfo;
1311 const char *proposed_recipient_loginfo;
1313 type = dbus_message_get_type (message);
1314 dest = dbus_message_get_destination (message);
1316 /* dispatch.c was supposed to ensure these invariants */
1317 _dbus_assert (dest != NULL ||
1318 type == DBUS_MESSAGE_TYPE_SIGNAL ||
1319 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1320 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
1321 addressed_recipient != NULL ||
1322 strcmp (dest, DBUS_SERVICE_DBUS) == 0);
1324 /* Used in logging below */
1327 sender_name = bus_connection_get_name (sender);
1328 sender_loginfo = bus_connection_get_loginfo (sender);
1333 sender_loginfo = "(bus)";
1336 if (proposed_recipient != NULL)
1337 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
1339 proposed_recipient_loginfo = "bus";
1343 case DBUS_MESSAGE_TYPE_METHOD_CALL:
1344 case DBUS_MESSAGE_TYPE_SIGNAL:
1345 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
1346 case DBUS_MESSAGE_TYPE_ERROR:
1350 _dbus_verbose ("security check disallowing message of unknown type %d\n",
1353 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1354 "Message bus will not accept messages of unknown type\n");
1359 requested_reply = FALSE;
1363 /* First verify the SELinux access controls. If allowed then
1364 * go on with the standard checks.
1366 if (!bus_selinux_allows_send (sender, proposed_recipient,
1367 dbus_message_type_to_string (dbus_message_get_type (message)),
1368 dbus_message_get_interface (message),
1369 dbus_message_get_member (message),
1370 dbus_message_get_error_name (message),
1371 dest ? dest : DBUS_SERVICE_DBUS, error))
1373 if (error != NULL && !dbus_error_is_set (error))
1375 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1376 "An SELinux policy prevents this sender "
1377 "from sending this message to this recipient "
1378 "(rejected message had sender \"%s\" interface \"%s\" "
1379 "member \"%s\" error name \"%s\" destination \"%s\")",
1380 sender_name ? sender_name : "(unset)",
1381 dbus_message_get_interface (message) ?
1382 dbus_message_get_interface (message) : "(unset)",
1383 dbus_message_get_member (message) ?
1384 dbus_message_get_member (message) : "(unset)",
1385 dbus_message_get_error_name (message) ?
1386 dbus_message_get_error_name (message) : "(unset)",
1387 dest ? dest : DBUS_SERVICE_DBUS);
1388 _dbus_verbose ("SELinux security check denying send to service\n");
1394 if (bus_connection_is_active (sender))
1396 sender_policy = bus_connection_get_policy (sender);
1397 _dbus_assert (sender_policy != NULL);
1399 /* Fill in requested_reply variable with TRUE if this is a
1400 * reply and the reply was pending.
1402 if (dbus_message_get_reply_serial (message) != 0)
1404 if (proposed_recipient != NULL /* not to the bus driver */ &&
1405 addressed_recipient == proposed_recipient /* not eavesdropping */)
1409 dbus_error_init (&error2);
1410 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
1412 sender, addressed_recipient, message,
1414 if (dbus_error_is_set (&error2))
1416 dbus_move_error (&error2, error);
1424 /* Policy for inactive connections is that they can only send
1425 * the hello message to the bus driver
1427 if (proposed_recipient == NULL &&
1428 dbus_message_is_method_call (message,
1429 DBUS_INTERFACE_DBUS,
1432 _dbus_verbose ("security check allowing %s message\n",
1438 _dbus_verbose ("security check disallowing non-%s message\n",
1441 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1442 "Client tried to send a message other than %s without being registered",
1451 sender_policy = NULL;
1453 /* If the sender is the bus driver, we assume any reply was a
1454 * requested reply as bus driver won't send bogus ones
1456 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1457 dbus_message_get_reply_serial (message) != 0)
1458 requested_reply = TRUE;
1461 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1462 (sender == NULL && sender_policy == NULL));
1464 if (proposed_recipient != NULL)
1466 /* only the bus driver can send to an inactive recipient (as it
1467 * owns no services, so other apps can't address it). Inactive
1468 * recipients can receive any message.
1470 if (bus_connection_is_active (proposed_recipient))
1472 recipient_policy = bus_connection_get_policy (proposed_recipient);
1473 _dbus_assert (recipient_policy != NULL);
1475 else if (sender == NULL)
1477 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1478 recipient_policy = NULL;
1482 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1483 recipient_policy = NULL;
1487 recipient_policy = NULL;
1489 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1490 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1491 (proposed_recipient == NULL && recipient_policy == NULL));
1494 if (sender_policy &&
1495 !bus_client_policy_check_can_send (sender_policy,
1499 message, &toggles, &log))
1501 const char *msg = "Rejected send message, %d matched rules; "
1502 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
1504 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1506 dbus_message_type_to_string (dbus_message_get_type (message)),
1507 sender_name ? sender_name : "(unset)",
1509 dbus_message_get_interface (message) ?
1510 dbus_message_get_interface (message) : "(unset)",
1511 dbus_message_get_member (message) ?
1512 dbus_message_get_member (message) : "(unset)",
1513 dbus_message_get_error_name (message) ?
1514 dbus_message_get_error_name (message) : "(unset)",
1516 dest ? dest : DBUS_SERVICE_DBUS,
1517 proposed_recipient_loginfo);
1518 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1519 if (addressed_recipient == proposed_recipient)
1520 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg,
1522 dbus_message_type_to_string (dbus_message_get_type (message)),
1523 sender_name ? sender_name : "(unset)",
1525 dbus_message_get_interface (message) ?
1526 dbus_message_get_interface (message) : "(unset)",
1527 dbus_message_get_member (message) ?
1528 dbus_message_get_member (message) : "(unset)",
1529 dbus_message_get_error_name (message) ?
1530 dbus_message_get_error_name (message) : "(unset)",
1532 dest ? dest : DBUS_SERVICE_DBUS,
1533 proposed_recipient_loginfo);
1534 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1539 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY,
1540 "Would reject message, %d matched rules; "
1541 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))",
1543 dbus_message_type_to_string (dbus_message_get_type (message)),
1544 sender_name ? sender_name : "(unset)",
1546 dbus_message_get_interface (message) ?
1547 dbus_message_get_interface (message) : "(unset)",
1548 dbus_message_get_member (message) ?
1549 dbus_message_get_member (message) : "(unset)",
1550 dbus_message_get_error_name (message) ?
1551 dbus_message_get_error_name (message) : "(unset)",
1553 dest ? dest : DBUS_SERVICE_DBUS,
1554 proposed_recipient_loginfo);
1556 if (recipient_policy &&
1557 !bus_client_policy_check_can_receive (recipient_policy,
1561 addressed_recipient, proposed_recipient,
1564 const char *msg = "Rejected receive message, %d matched rules; "
1565 "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))";
1567 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1569 dbus_message_type_to_string (dbus_message_get_type (message)),
1570 sender_name ? sender_name : "(unset)",
1572 dbus_message_get_interface (message) ?
1573 dbus_message_get_interface (message) : "(unset)",
1574 dbus_message_get_member (message) ?
1575 dbus_message_get_member (message) : "(unset)",
1576 dbus_message_get_error_name (message) ?
1577 dbus_message_get_error_name (message) : "(unset)",
1578 dbus_message_get_reply_serial (message),
1580 dest ? dest : DBUS_SERVICE_DBUS,
1581 proposed_recipient_loginfo);
1582 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1583 if (addressed_recipient == proposed_recipient)
1584 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg,
1586 dbus_message_type_to_string (dbus_message_get_type (message)),
1587 sender_name ? sender_name : "(unset)",
1589 dbus_message_get_interface (message) ?
1590 dbus_message_get_interface (message) : "(unset)",
1591 dbus_message_get_member (message) ?
1592 dbus_message_get_member (message) : "(unset)",
1593 dbus_message_get_error_name (message) ?
1594 dbus_message_get_error_name (message) : "(unset)",
1595 dbus_message_get_reply_serial (message),
1597 dest ? dest : DBUS_SERVICE_DBUS,
1598 proposed_recipient_loginfo);
1599 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1603 /* See if limits on size have been exceeded */
1604 if (proposed_recipient &&
1605 ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) ||
1606 (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds)))
1608 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
1609 "The destination service \"%s\" has a full message queue",
1610 dest ? dest : (proposed_recipient ?
1611 bus_connection_get_name (proposed_recipient) :
1612 DBUS_SERVICE_DBUS));
1613 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1617 /* Record that we will allow a reply here in the future (don't
1618 * bother if the recipient is the bus or this is an eavesdropping
1619 * connection). Only the addressed recipient may reply.
1621 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
1623 addressed_recipient &&
1624 addressed_recipient == proposed_recipient && /* not eavesdropping */
1625 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1627 sender, addressed_recipient,
1630 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1634 _dbus_verbose ("security policy allowing message\n");