1 /* -*- mode: C; c-file-style: "gnu" -*- */
2 /* bus.c message bus context object
3 *
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
5 *
6 * Licensed under the Academic Free License version 2.1
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24 #include "bus.h"
25 #include "activation.h"
26 #include "connection.h"
27 #include "services.h"
28 #include "utils.h"
29 #include "policy.h"
30 #include "config-parser.h"
31 #include "signals.h"
32 #include "selinux.h"
33 #include "dir-watch.h"
34 #include <dbus/dbus-list.h>
35 #include <dbus/dbus-hash.h>
36 #include <dbus/dbus-internals.h>
37
38 struct BusContext
39 {
40 int refcount;
41 char *config_file;
42 char *type;
43 char *address;
44 #ifdef WANT_PIDFILE
45 char *pidfile;
46 #endif
47 char *user;
48 DBusLoop *loop;
49 DBusList *servers;
50 BusConnections *connections;
51 BusActivation *activation;
52 BusRegistry *registry;
53 BusPolicy *policy;
54 BusMatchmaker *matchmaker;
55 DBusUserDatabase *user_database;
56 BusLimits limits;
57 unsigned int fork : 1;
58 };
59
60 static dbus_int32_t server_data_slot = -1;
61
62 typedef struct
63 {
64 BusContext *context;
65 } BusServerData;
66
67 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
68
69 static BusContext*
server_get_context(DBusServer * server)70 server_get_context (DBusServer *server)
71 {
72 BusContext *context;
73 BusServerData *bd;
74
75 if (!dbus_server_allocate_data_slot (&server_data_slot))
76 return NULL;
77
78 bd = BUS_SERVER_DATA (server);
79 if (bd == NULL)
80 {
81 dbus_server_free_data_slot (&server_data_slot);
82 return NULL;
83 }
84
85 context = bd->context;
86
87 dbus_server_free_data_slot (&server_data_slot);
88
89 return context;
90 }
91
92 static dbus_bool_t
server_watch_callback(DBusWatch * watch,unsigned int condition,void * data)93 server_watch_callback (DBusWatch *watch,
94 unsigned int condition,
95 void *data)
96 {
97 /* FIXME this can be done in dbus-mainloop.c
98 * if the code in activation.c for the babysitter
99 * watch handler is fixed.
100 */
101
102 return dbus_watch_handle (watch, condition);
103 }
104
105 static dbus_bool_t
add_server_watch(DBusWatch * watch,void * data)106 add_server_watch (DBusWatch *watch,
107 void *data)
108 {
109 DBusServer *server = data;
110 BusContext *context;
111
112 context = server_get_context (server);
113
114 return _dbus_loop_add_watch (context->loop,
115 watch, server_watch_callback, server,
116 NULL);
117 }
118
119 static void
remove_server_watch(DBusWatch * watch,void * data)120 remove_server_watch (DBusWatch *watch,
121 void *data)
122 {
123 DBusServer *server = data;
124 BusContext *context;
125
126 context = server_get_context (server);
127
128 _dbus_loop_remove_watch (context->loop,
129 watch, server_watch_callback, server);
130 }
131
132
133 static void
server_timeout_callback(DBusTimeout * timeout,void * data)134 server_timeout_callback (DBusTimeout *timeout,
135 void *data)
136 {
137 /* can return FALSE on OOM but we just let it fire again later */
138 dbus_timeout_handle (timeout);
139 }
140
141 static dbus_bool_t
add_server_timeout(DBusTimeout * timeout,void * data)142 add_server_timeout (DBusTimeout *timeout,
143 void *data)
144 {
145 DBusServer *server = data;
146 BusContext *context;
147
148 context = server_get_context (server);
149
150 return _dbus_loop_add_timeout (context->loop,
151 timeout, server_timeout_callback, server, NULL);
152 }
153
154 static void
remove_server_timeout(DBusTimeout * timeout,void * data)155 remove_server_timeout (DBusTimeout *timeout,
156 void *data)
157 {
158 DBusServer *server = data;
159 BusContext *context;
160
161 context = server_get_context (server);
162
163 _dbus_loop_remove_timeout (context->loop,
164 timeout, server_timeout_callback, server);
165 }
166
167 static void
new_connection_callback(DBusServer * server,DBusConnection * new_connection,void * data)168 new_connection_callback (DBusServer *server,
169 DBusConnection *new_connection,
170 void *data)
171 {
172 BusContext *context = data;
173
174 if (!bus_connections_setup_connection (context->connections, new_connection))
175 {
176 _dbus_verbose ("No memory to setup new connection\n");
177
178 /* if we don't do this, it will get unref'd without
179 * being disconnected... kind of strange really
180 * that we have to do this, people won't get it right
181 * in general.
182 */
183 dbus_connection_close (new_connection);
184 }
185
186 dbus_connection_set_max_received_size (new_connection,
187 context->limits.max_incoming_bytes);
188
189 dbus_connection_set_max_message_size (new_connection,
190 context->limits.max_message_size);
191
192 /* on OOM, we won't have ref'd the connection so it will die. */
193 }
194
195 static void
free_server_data(void * data)196 free_server_data (void *data)
197 {
198 BusServerData *bd = data;
199
200 dbus_free (bd);
201 }
202
203 static dbus_bool_t
setup_server(BusContext * context,DBusServer * server,char ** auth_mechanisms,DBusError * error)204 setup_server (BusContext *context,
205 DBusServer *server,
206 char **auth_mechanisms,
207 DBusError *error)
208 {
209 BusServerData *bd;
210
211 bd = dbus_new0 (BusServerData, 1);
212 if (!dbus_server_set_data (server,
213 server_data_slot,
214 bd, free_server_data))
215 {
216 dbus_free (bd);
217 BUS_SET_OOM (error);
218 return FALSE;
219 }
220
221 bd->context = context;
222
223 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
224 {
225 BUS_SET_OOM (error);
226 return FALSE;
227 }
228
229 dbus_server_set_new_connection_function (server,
230 new_connection_callback,
231 context, NULL);
232
233 if (!dbus_server_set_watch_functions (server,
234 add_server_watch,
235 remove_server_watch,
236 NULL,
237 server,
238 NULL))
239 {
240 BUS_SET_OOM (error);
241 return FALSE;
242 }
243
244 if (!dbus_server_set_timeout_functions (server,
245 add_server_timeout,
246 remove_server_timeout,
247 NULL,
248 server, NULL))
249 {
250 BUS_SET_OOM (error);
251 return FALSE;
252 }
253
254 return TRUE;
255 }
256
257 /* This code only gets executed the first time the
258 config files are parsed. It is not executed
259 when config files are reloaded.*/
260 static dbus_bool_t
process_config_first_time_only(BusContext * context,BusConfigParser * parser,DBusError * error)261 process_config_first_time_only (BusContext *context,
262 BusConfigParser *parser,
263 DBusError *error)
264 {
265 DBusList *link;
266 DBusList **addresses;
267 const char *user, *pidfile;
268 char **auth_mechanisms;
269 DBusList **auth_mechanisms_list;
270 int len;
271 dbus_bool_t retval;
272
273 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
274
275 retval = FALSE;
276 auth_mechanisms = NULL;
277
278 #ifdef WANT_PIDFILE
279 /* Check for an existing pid file. Of course this is a race;
280 * we'd have to use fcntl() locks on the pid file to
281 * avoid that. But we want to check for the pid file
282 * before overwriting any existing sockets, etc.
283 */
284 pidfile = bus_config_parser_get_pidfile (parser);
285 if (pidfile != NULL)
286 {
287 DBusString u;
288 DBusStat stbuf;
289
290 _dbus_string_init_const (&u, pidfile);
291
292 if (_dbus_stat (&u, &stbuf, NULL))
293 {
294 dbus_set_error (error, DBUS_ERROR_FAILED,
295 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
296 pidfile);
297 goto failed;
298 }
299 }
300
301 /* keep around the pid filename so we can delete it later */
302 context->pidfile = _dbus_strdup (pidfile);
303 #endif
304
305 /* Build an array of auth mechanisms */
306
307 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
308 len = _dbus_list_get_length (auth_mechanisms_list);
309
310 if (len > 0)
311 {
312 int i;
313
314 auth_mechanisms = dbus_new0 (char*, len + 1);
315 if (auth_mechanisms == NULL)
316 {
317 BUS_SET_OOM (error);
318 goto failed;
319 }
320
321 i = 0;
322 link = _dbus_list_get_first_link (auth_mechanisms_list);
323 while (link != NULL)
324 {
325 auth_mechanisms[i] = _dbus_strdup (link->data);
326 if (auth_mechanisms[i] == NULL)
327 {
328 BUS_SET_OOM (error);
329 goto failed;
330 }
331 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
332 }
333 }
334 else
335 {
336 auth_mechanisms = NULL;
337 }
338
339 /* Listen on our addresses */
340
341 addresses = bus_config_parser_get_addresses (parser);
342
343 link = _dbus_list_get_first_link (addresses);
344 while (link != NULL)
345 {
346 DBusServer *server;
347
348 server = dbus_server_listen (link->data, error);
349 if (server == NULL)
350 {
351 _DBUS_ASSERT_ERROR_IS_SET (error);
352 goto failed;
353 }
354 else if (!setup_server (context, server, auth_mechanisms, error))
355 {
356 _DBUS_ASSERT_ERROR_IS_SET (error);
357 goto failed;
358 }
359
360 if (!_dbus_list_append (&context->servers, server))
361 {
362 BUS_SET_OOM (error);
363 goto failed;
364 }
365
366 link = _dbus_list_get_next_link (addresses, link);
367 }
368
369 /* note that type may be NULL */
370 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
371 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
372 {
373 BUS_SET_OOM (error);
374 goto failed;
375 }
376
377 user = bus_config_parser_get_user (parser);
378 if (user != NULL)
379 {
380 context->user = _dbus_strdup (user);
381 if (context->user == NULL)
382 {
383 BUS_SET_OOM (error);
384 goto failed;
385 }
386 }
387
388 context->fork = bus_config_parser_get_fork (parser);
389
390 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
391 retval = TRUE;
392
393 failed:
394 dbus_free_string_array (auth_mechanisms);
395 return retval;
396 }
397
398 /* This code gets executed every time the config files
399 are parsed: both during BusContext construction
400 and on reloads. */
401 static dbus_bool_t
process_config_every_time(BusContext * context,BusConfigParser * parser,dbus_bool_t is_reload,DBusError * error)402 process_config_every_time (BusContext *context,
403 BusConfigParser *parser,
404 dbus_bool_t is_reload,
405 DBusError *error)
406 {
407 DBusString full_address;
408 DBusList *link;
409 char *addr;
410
411 dbus_bool_t retval;
412
413 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
414
415 addr = NULL;
416 retval = FALSE;
417
418 if (!_dbus_string_init (&full_address))
419 {
420 BUS_SET_OOM (error);
421 return FALSE;
422 }
423
424 /* get our limits and timeout lengths */
425 bus_config_parser_get_limits (parser, &context->limits);
426
427 context->policy = bus_config_parser_steal_policy (parser);
428 _dbus_assert (context->policy != NULL);
429
430 /* We have to build the address backward, so that
431 * <listen> later in the config file have priority
432 */
433 link = _dbus_list_get_last_link (&context->servers);
434 while (link != NULL)
435 {
436 addr = dbus_server_get_address (link->data);
437 if (addr == NULL)
438 {
439 BUS_SET_OOM (error);
440 goto failed;
441 }
442
443 if (_dbus_string_get_length (&full_address) > 0)
444 {
445 if (!_dbus_string_append (&full_address, ";"))
446 {
447 BUS_SET_OOM (error);
448 goto failed;
449 }
450 }
451
452 if (!_dbus_string_append (&full_address, addr))
453 {
454 BUS_SET_OOM (error);
455 goto failed;
456 }
457
458 dbus_free (addr);
459 addr = NULL;
460
461 link = _dbus_list_get_prev_link (&context->servers, link);
462 }
463
464 if (is_reload)
465 dbus_free (context->address);
466
467 if (!_dbus_string_copy_data (&full_address, &context->address))
468 {
469 BUS_SET_OOM (error);
470 goto failed;
471 }
472
473 /* Create activation subsystem */
474
475 if (is_reload)
476 bus_activation_unref (context->activation);
477
478 context->activation = bus_activation_new (context, &full_address,
479 bus_config_parser_get_service_dirs (parser),
480 error);
481 if (context->activation == NULL)
482 {
483 _DBUS_ASSERT_ERROR_IS_SET (error);
484 goto failed;
485 }
486
487 /* Drop existing conf-dir watches (if applicable) */
488
489 if (is_reload)
490 bus_drop_all_directory_watches ();
491
492 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
493 retval = TRUE;
494
495 failed:
496 _dbus_string_free (&full_address);
497
498 if (addr)
499 dbus_free (addr);
500
501 return retval;
502 }
503
504 static dbus_bool_t
process_config_postinit(BusContext * context,BusConfigParser * parser,DBusError * error)505 process_config_postinit (BusContext *context,
506 BusConfigParser *parser,
507 DBusError *error)
508 {
509 DBusHashTable *service_context_table;
510
511 service_context_table = bus_config_parser_steal_service_context_table (parser);
512 if (!bus_registry_set_service_context_table (context->registry,
513 service_context_table))
514 {
515 BUS_SET_OOM (error);
516 return FALSE;
517 }
518
519 _dbus_hash_table_unref (service_context_table);
520
521 /* Watch all conf directories */
522 _dbus_list_foreach (bus_config_parser_get_conf_dirs (parser),
523 (DBusForeachFunction) bus_watch_directory,
524 context);
525
526 return TRUE;
527 }
528
529 BusContext*
bus_context_new(const DBusString * config_file,ForceForkSetting force_fork,int print_addr_fd,int print_pid_fd,DBusError * error)530 bus_context_new (const DBusString *config_file,
531 ForceForkSetting force_fork,
532 int print_addr_fd,
533 int print_pid_fd,
534 DBusError *error)
535 {
536 BusContext *context;
537 BusConfigParser *parser;
538 DBusCredentials creds;
539
540 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
541
542 context = NULL;
543 parser = NULL;
544
545 if (!dbus_server_allocate_data_slot (&server_data_slot))
546 {
547 BUS_SET_OOM (error);
548 return NULL;
549 }
550
551 context = dbus_new0 (BusContext, 1);
552 if (context == NULL)
553 {
554 BUS_SET_OOM (error);
555 goto failed;
556 }
557 context->refcount = 1;
558
559 if (!_dbus_string_copy_data (config_file, &context->config_file))
560 {
561 BUS_SET_OOM (error);
562 goto failed;
563 }
564
565 context->loop = _dbus_loop_new ();
566 if (context->loop == NULL)
567 {
568 BUS_SET_OOM (error);
569 goto failed;
570 }
571
572 context->registry = bus_registry_new (context);
573 if (context->registry == NULL)
574 {
575 BUS_SET_OOM (error);
576 goto failed;
577 }
578
579 parser = bus_config_load (config_file, TRUE, NULL, error);
580 if (parser == NULL)
581 {
582 _DBUS_ASSERT_ERROR_IS_SET (error);
583 goto failed;
584 }
585
586 if (!process_config_first_time_only (context, parser, error))
587 {
588 _DBUS_ASSERT_ERROR_IS_SET (error);
589 goto failed;
590 }
591 if (!process_config_every_time (context, parser, FALSE, error))
592 {
593 _DBUS_ASSERT_ERROR_IS_SET (error);
594 goto failed;
595 }
596
597 /* we need another ref of the server data slot for the context
598 * to own
599 */
600 if (!dbus_server_allocate_data_slot (&server_data_slot))
601 _dbus_assert_not_reached ("second ref of server data slot failed");
602
603 context->user_database = _dbus_user_database_new ();
604 if (context->user_database == NULL)
605 {
606 BUS_SET_OOM (error);
607 goto failed;
608 }
609
610 /* Note that we don't know whether the print_addr_fd is
611 * one of the sockets we're using to listen on, or some
612 * other random thing. But I think the answer is "don't do
613 * that then"
614 */
615 if (print_addr_fd >= 0)
616 {
617 DBusString addr;
618 const char *a = bus_context_get_address (context);
619 int bytes;
620
621 _dbus_assert (a != NULL);
622 if (!_dbus_string_init (&addr))
623 {
624 BUS_SET_OOM (error);
625 goto failed;
626 }
627
628 if (!_dbus_string_append (&addr, a) ||
629 !_dbus_string_append (&addr, "\n"))
630 {
631 _dbus_string_free (&addr);
632 BUS_SET_OOM (error);
633 goto failed;
634 }
635
636 bytes = _dbus_string_get_length (&addr);
637 if (_dbus_write_socket (print_addr_fd, &addr, 0, bytes) != bytes)
638 {
639 dbus_set_error (error, DBUS_ERROR_FAILED,
640 "Printing message bus address: %s\n",
641 _dbus_strerror (errno));
642 _dbus_string_free (&addr);
643 goto failed;
644 }
645
646 if (print_addr_fd > 2)
647 _dbus_close_socket (print_addr_fd, NULL);
648
649 _dbus_string_free (&addr);
650 }
651
652 context->connections = bus_connections_new (context);
653 if (context->connections == NULL)
654 {
655 BUS_SET_OOM (error);
656 goto failed;
657 }
658
659 context->matchmaker = bus_matchmaker_new ();
660 if (context->matchmaker == NULL)
661 {
662 BUS_SET_OOM (error);
663 goto failed;
664 }
665
666 /* check user before we fork */
667 if (context->user != NULL)
668 {
669 DBusString u;
670
671 _dbus_string_init_const (&u, context->user);
672
673 if (!_dbus_credentials_from_username (&u, &creds) ||
674 creds.uid < 0 ||
675 creds.gid < 0)
676 {
677 dbus_set_error (error, DBUS_ERROR_FAILED,
678 "Could not get UID and GID for username \"%s\"",
679 context->user);
680 goto failed;
681 }
682 }
683
684 /* Now become a daemon if appropriate */
685 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
686 {
687 DBusString u;
688 #ifdef WANT_PIDFILE
689 if (context->pidfile)
690 _dbus_string_init_const (&u, context->pidfile);
691
692 if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
693 print_pid_fd,
694 error))
695 # else
696 if (!_dbus_become_daemon (NULL,
697 0,
698 error))
699 #endif
700 {
701 _DBUS_ASSERT_ERROR_IS_SET (error);
702 goto failed;
703 }
704 }
705 #ifdef WANT_PIDFILE
706 else
707 {
708 /* Need to write PID file for ourselves, not for the child process */
709 if (context->pidfile != NULL)
710 {
711 DBusString u;
712
713 _dbus_string_init_const (&u, context->pidfile);
714
715 if (!_dbus_write_pid_file (&u, _dbus_getpid (), error))
716 {
717 _DBUS_ASSERT_ERROR_IS_SET (error);
718 goto failed;
719 }
720 }
721 }
722 #endif
723
724 /* Write PID if requested */
725 if (print_pid_fd >= 0)
726 {
727 DBusString pid;
728 int bytes;
729
730 if (!_dbus_string_init (&pid))
731 {
732 BUS_SET_OOM (error);
733 goto failed;
734 }
735
736 if (!_dbus_string_append_int (&pid, _dbus_getpid ()) ||
737 !_dbus_string_append (&pid, "\n"))
738 {
739 _dbus_string_free (&pid);
740 BUS_SET_OOM (error);
741 goto failed;
742 }
743
744 bytes = _dbus_string_get_length (&pid);
745 if (_dbus_write_socket (print_pid_fd, &pid, 0, bytes) != bytes)
746 {
747 dbus_set_error (error, DBUS_ERROR_FAILED,
748 "Printing message bus PID: %s\n",
749 _dbus_strerror (errno));
750 _dbus_string_free (&pid);
751 goto failed;
752 }
753
754 if (print_pid_fd > 2)
755 _dbus_close_socket (print_pid_fd, NULL);
756
757 _dbus_string_free (&pid);
758 }
759
760 if (!bus_selinux_full_init ())
761 {
762 _dbus_warn ("SELinux initialization failed\n");
763 }
764
765 if (!process_config_postinit (context, parser, error))
766 {
767 _DBUS_ASSERT_ERROR_IS_SET (error);
768 goto failed;
769 }
770
771 if (parser != NULL)
772 {
773 bus_config_parser_unref (parser);
774 parser = NULL;
775 }
776
777 /* Here we change our credentials if required,
778 * as soon as we've set up our sockets and pidfile
779 */
780 if (context->user != NULL)
781 {
782 if (!_dbus_change_identity (creds.uid, creds.gid, error))
783 {
784 _DBUS_ASSERT_ERROR_IS_SET (error);
785 goto failed;
786 }
787 }
788
789 dbus_server_free_data_slot (&server_data_slot);
790
791 return context;
792
793 failed:
794 if (parser != NULL)
795 bus_config_parser_unref (parser);
796 if (context != NULL)
797 bus_context_unref (context);
798
799 if (server_data_slot >= 0)
800 dbus_server_free_data_slot (&server_data_slot);
801
802 return NULL;
803 }
804
805 dbus_bool_t
bus_context_reload_config(BusContext * context,DBusError * error)806 bus_context_reload_config (BusContext *context,
807 DBusError *error)
808 {
809 BusConfigParser *parser;
810 DBusString config_file;
811 dbus_bool_t ret;
812
813 /* Flush the user database cache */
814 _dbus_user_database_flush(context->user_database);
815
816 ret = FALSE;
817 _dbus_string_init_const (&config_file, context->config_file);
818 parser = bus_config_load (&config_file, TRUE, NULL, error);
819 if (parser == NULL)
820 {
821 _DBUS_ASSERT_ERROR_IS_SET (error);
822 goto failed;
823 }
824
825 if (!process_config_every_time (context, parser, TRUE, error))
826 {
827 _DBUS_ASSERT_ERROR_IS_SET (error);
828 goto failed;
829 }
830 if (!process_config_postinit (context, parser, error))
831 {
832 _DBUS_ASSERT_ERROR_IS_SET (error);
833 goto failed;
834 }
835 ret = TRUE;
836
837 failed:
838 if (parser != NULL)
839 bus_config_parser_unref (parser);
840 return ret;
841 }
842
843 static void
shutdown_server(BusContext * context,DBusServer * server)844 shutdown_server (BusContext *context,
845 DBusServer *server)
846 {
847 if (server == NULL ||
848 !dbus_server_get_is_connected (server))
849 return;
850
851 if (!dbus_server_set_watch_functions (server,
852 NULL, NULL, NULL,
853 context,
854 NULL))
855 _dbus_assert_not_reached ("setting watch functions to NULL failed");
856
857 if (!dbus_server_set_timeout_functions (server,
858 NULL, NULL, NULL,
859 context,
860 NULL))
861 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
862
863 dbus_server_disconnect (server);
864 }
865
866 void
bus_context_shutdown(BusContext * context)867 bus_context_shutdown (BusContext *context)
868 {
869 DBusList *link;
870
871 link = _dbus_list_get_first_link (&context->servers);
872 while (link != NULL)
873 {
874 shutdown_server (context, link->data);
875
876 link = _dbus_list_get_next_link (&context->servers, link);
877 }
878 }
879
880 BusContext *
bus_context_ref(BusContext * context)881 bus_context_ref (BusContext *context)
882 {
883 _dbus_assert (context->refcount > 0);
884 context->refcount += 1;
885
886 return context;
887 }
888
889 void
bus_context_unref(BusContext * context)890 bus_context_unref (BusContext *context)
891 {
892 _dbus_assert (context->refcount > 0);
893 context->refcount -= 1;
894
895 if (context->refcount == 0)
896 {
897 DBusList *link;
898
899 _dbus_verbose ("Finalizing bus context %p\n", context);
900
901 bus_context_shutdown (context);
902
903 if (context->connections)
904 {
905 bus_connections_unref (context->connections);
906 context->connections = NULL;
907 }
908
909 if (context->registry)
910 {
911 bus_registry_unref (context->registry);
912 context->registry = NULL;
913 }
914
915 if (context->activation)
916 {
917 bus_activation_unref (context->activation);
918 context->activation = NULL;
919 }
920
921 link = _dbus_list_get_first_link (&context->servers);
922 while (link != NULL)
923 {
924 dbus_server_unref (link->data);
925
926 link = _dbus_list_get_next_link (&context->servers, link);
927 }
928 _dbus_list_clear (&context->servers);
929
930 if (context->policy)
931 {
932 bus_policy_unref (context->policy);
933 context->policy = NULL;
934 }
935
936 if (context->loop)
937 {
938 _dbus_loop_unref (context->loop);
939 context->loop = NULL;
940 }
941
942 if (context->matchmaker)
943 {
944 bus_matchmaker_unref (context->matchmaker);
945 context->matchmaker = NULL;
946 }
947
948 dbus_free (context->config_file);
949 dbus_free (context->type);
950 dbus_free (context->address);
951 dbus_free (context->user);
952
953 #ifdef WANT_PIDFILE
954 if (context->pidfile)
955 {
956 DBusString u;
957 _dbus_string_init_const (&u, context->pidfile);
958
959 /* Deliberately ignore errors here, since there's not much
960 * we can do about it, and we're exiting anyways.
961 */
962 _dbus_delete_file (&u, NULL);
963
964 dbus_free (context->pidfile);
965 }
966 #endif
967
968 if (context->user_database != NULL)
969 _dbus_user_database_unref (context->user_database);
970
971 dbus_free (context);
972
973 dbus_server_free_data_slot (&server_data_slot);
974 }
975 }
976
977 /* type may be NULL */
978 const char*
bus_context_get_type(BusContext * context)979 bus_context_get_type (BusContext *context)
980 {
981 return context->type;
982 }
983
984 const char*
bus_context_get_address(BusContext * context)985 bus_context_get_address (BusContext *context)
986 {
987 return context->address;
988 }
989
990 BusRegistry*
bus_context_get_registry(BusContext * context)991 bus_context_get_registry (BusContext *context)
992 {
993 return context->registry;
994 }
995
996 BusConnections*
bus_context_get_connections(BusContext * context)997 bus_context_get_connections (BusContext *context)
998 {
999 return context->connections;
1000 }
1001
1002 BusActivation*
bus_context_get_activation(BusContext * context)1003 bus_context_get_activation (BusContext *context)
1004 {
1005 return context->activation;
1006 }
1007
1008 BusMatchmaker*
bus_context_get_matchmaker(BusContext * context)1009 bus_context_get_matchmaker (BusContext *context)
1010 {
1011 return context->matchmaker;
1012 }
1013
1014 DBusLoop*
bus_context_get_loop(BusContext * context)1015 bus_context_get_loop (BusContext *context)
1016 {
1017 return context->loop;
1018 }
1019
1020 DBusUserDatabase*
bus_context_get_user_database(BusContext * context)1021 bus_context_get_user_database (BusContext *context)
1022 {
1023 return context->user_database;
1024 }
1025
1026 dbus_bool_t
bus_context_allow_user(BusContext * context,unsigned long uid)1027 bus_context_allow_user (BusContext *context,
1028 unsigned long uid)
1029 {
1030 return bus_policy_allow_user (context->policy,
1031 context->user_database,
1032 uid);
1033 }
1034
1035 BusPolicy *
bus_context_get_policy(BusContext * context)1036 bus_context_get_policy (BusContext *context)
1037 {
1038 return context->policy;
1039 }
1040
1041 BusClientPolicy*
bus_context_create_client_policy(BusContext * context,DBusConnection * connection,DBusError * error)1042 bus_context_create_client_policy (BusContext *context,
1043 DBusConnection *connection,
1044 DBusError *error)
1045 {
1046 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
1047 return bus_policy_create_client_policy (context->policy, connection,
1048 error);
1049 }
1050
1051 int
bus_context_get_activation_timeout(BusContext * context)1052 bus_context_get_activation_timeout (BusContext *context)
1053 {
1054
1055 return context->limits.activation_timeout;
1056 }
1057
1058 int
bus_context_get_auth_timeout(BusContext * context)1059 bus_context_get_auth_timeout (BusContext *context)
1060 {
1061 return context->limits.auth_timeout;
1062 }
1063
1064 int
bus_context_get_max_completed_connections(BusContext * context)1065 bus_context_get_max_completed_connections (BusContext *context)
1066 {
1067 return context->limits.max_completed_connections;
1068 }
1069
1070 int
bus_context_get_max_incomplete_connections(BusContext * context)1071 bus_context_get_max_incomplete_connections (BusContext *context)
1072 {
1073 return context->limits.max_incomplete_connections;
1074 }
1075
1076 int
bus_context_get_max_connections_per_user(BusContext * context)1077 bus_context_get_max_connections_per_user (BusContext *context)
1078 {
1079 return context->limits.max_connections_per_user;
1080 }
1081
1082 int
bus_context_get_max_pending_activations(BusContext * context)1083 bus_context_get_max_pending_activations (BusContext *context)
1084 {
1085 return context->limits.max_pending_activations;
1086 }
1087
1088 int
bus_context_get_max_services_per_connection(BusContext * context)1089 bus_context_get_max_services_per_connection (BusContext *context)
1090 {
1091 return context->limits.max_services_per_connection;
1092 }
1093
1094 int
bus_context_get_max_match_rules_per_connection(BusContext * context)1095 bus_context_get_max_match_rules_per_connection (BusContext *context)
1096 {
1097 return context->limits.max_match_rules_per_connection;
1098 }
1099
1100 int
bus_context_get_max_replies_per_connection(BusContext * context)1101 bus_context_get_max_replies_per_connection (BusContext *context)
1102 {
1103 return context->limits.max_replies_per_connection;
1104 }
1105
1106 int
bus_context_get_reply_timeout(BusContext * context)1107 bus_context_get_reply_timeout (BusContext *context)
1108 {
1109 return context->limits.reply_timeout;
1110 }
1111
1112 /*
1113 * addressed_recipient is the recipient specified in the message.
1114 *
1115 * proposed_recipient is the recipient we're considering sending
1116 * to right this second, and may be an eavesdropper.
1117 *
1118 * sender is the sender of the message.
1119 *
1120 * NULL for proposed_recipient or sender definitely means the bus driver.
1121 *
1122 * NULL for addressed_recipient may mean the bus driver, or may mean
1123 * no destination was specified in the message (e.g. a signal).
1124 */
1125 dbus_bool_t
bus_context_check_security_policy(BusContext * context,BusTransaction * transaction,DBusConnection * sender,DBusConnection * addressed_recipient,DBusConnection * proposed_recipient,DBusMessage * message,DBusError * error)1126 bus_context_check_security_policy (BusContext *context,
1127 BusTransaction *transaction,
1128 DBusConnection *sender,
1129 DBusConnection *addressed_recipient,
1130 DBusConnection *proposed_recipient,
1131 DBusMessage *message,
1132 DBusError *error)
1133 {
1134 BusClientPolicy *sender_policy;
1135 BusClientPolicy *recipient_policy;
1136 int type;
1137 dbus_bool_t requested_reply;
1138
1139 type = dbus_message_get_type (message);
1140
1141 /* dispatch.c was supposed to ensure these invariants */
1142 _dbus_assert (dbus_message_get_destination (message) != NULL ||
1143 type == DBUS_MESSAGE_TYPE_SIGNAL ||
1144 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1145 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
1146 addressed_recipient != NULL ||
1147 strcmp (dbus_message_get_destination (message), DBUS_SERVICE_DBUS) == 0);
1148
1149 switch (type)
1150 {
1151 case DBUS_MESSAGE_TYPE_METHOD_CALL:
1152 case DBUS_MESSAGE_TYPE_SIGNAL:
1153 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
1154 case DBUS_MESSAGE_TYPE_ERROR:
1155 break;
1156
1157 default:
1158 _dbus_verbose ("security check disallowing message of unknown type %d\n",
1159 type);
1160
1161 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1162 "Message bus will not accept messages of unknown type\n");
1163
1164 return FALSE;
1165 }
1166
1167 requested_reply = FALSE;
1168
1169 if (sender != NULL)
1170 {
1171 const char *dest;
1172
1173 dest = dbus_message_get_destination (message);
1174
1175 /* First verify the SELinux access controls. If allowed then
1176 * go on with the standard checks.
1177 */
1178 if (!bus_selinux_allows_send (sender, proposed_recipient,
1179 dbus_message_type_to_string (dbus_message_get_type (message)),
1180 dbus_message_get_interface (message),
1181 dbus_message_get_member (message),
1182 dbus_message_get_error_name (message),
1183 dest ? dest : DBUS_SERVICE_DBUS, error))
1184 {
1185
1186 if (dbus_error_is_set (error) &&
1187 dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
1188 {
1189 return FALSE;
1190 }
1191
1192
1193 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1194 "An SELinux policy prevents this sender "
1195 "from sending this message to this recipient "
1196 "(rejected message had interface \"%s\" "
1197 "member \"%s\" error name \"%s\" destination \"%s\")",
1198 dbus_message_get_interface (message) ?
1199 dbus_message_get_interface (message) : "(unset)",
1200 dbus_message_get_member (message) ?
1201 dbus_message_get_member (message) : "(unset)",
1202 dbus_message_get_error_name (message) ?
1203 dbus_message_get_error_name (message) : "(unset)",
1204 dest ? dest : DBUS_SERVICE_DBUS);
1205 _dbus_verbose ("SELinux security check denying send to service\n");
1206 return FALSE;
1207 }
1208
1209 if (bus_connection_is_active (sender))
1210 {
1211 sender_policy = bus_connection_get_policy (sender);
1212 _dbus_assert (sender_policy != NULL);
1213
1214 /* Fill in requested_reply variable with TRUE if this is a
1215 * reply and the reply was pending.
1216 */
1217 if (dbus_message_get_reply_serial (message) != 0)
1218 {
1219 if (proposed_recipient != NULL /* not to the bus driver */ &&
1220 addressed_recipient == proposed_recipient /* not eavesdropping */)
1221 {
1222 DBusError error2;
1223
1224 dbus_error_init (&error2);
1225 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
1226 transaction,
1227 sender, addressed_recipient, message,
1228 &error2);
1229 if (dbus_error_is_set (&error2))
1230 {
1231 dbus_move_error (&error2, error);
1232 return FALSE;
1233 }
1234 }
1235 }
1236 }
1237 else
1238 {
1239 /* Policy for inactive connections is that they can only send
1240 * the hello message to the bus driver
1241 */
1242 if (proposed_recipient == NULL &&
1243 dbus_message_is_method_call (message,
1244 DBUS_INTERFACE_DBUS,
1245 "Hello"))
1246 {
1247 _dbus_verbose ("security check allowing %s message\n",
1248 "Hello");
1249 return TRUE;
1250 }
1251 else
1252 {
1253 _dbus_verbose ("security check disallowing non-%s message\n",
1254 "Hello");
1255
1256 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1257 "Client tried to send a message other than %s without being registered",
1258 "Hello");
1259
1260 return FALSE;
1261 }
1262 }
1263 }
1264 else
1265 {
1266 sender_policy = NULL;
1267
1268 /* If the sender is the bus driver, we assume any reply was a
1269 * requested reply as bus driver won't send bogus ones
1270 */
1271 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1272 dbus_message_get_reply_serial (message) != 0)
1273 requested_reply = TRUE;
1274 }
1275
1276 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1277 (sender == NULL && sender_policy == NULL));
1278
1279 if (proposed_recipient != NULL)
1280 {
1281 /* only the bus driver can send to an inactive recipient (as it
1282 * owns no services, so other apps can't address it). Inactive
1283 * recipients can receive any message.
1284 */
1285 if (bus_connection_is_active (proposed_recipient))
1286 {
1287 recipient_policy = bus_connection_get_policy (proposed_recipient);
1288 _dbus_assert (recipient_policy != NULL);
1289 }
1290 else if (sender == NULL)
1291 {
1292 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1293 recipient_policy = NULL;
1294 }
1295 else
1296 {
1297 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1298 recipient_policy = NULL;
1299 }
1300 }
1301 else
1302 recipient_policy = NULL;
1303
1304 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1305 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1306 (proposed_recipient == NULL && recipient_policy == NULL));
1307
1308 if (sender_policy &&
1309 !bus_client_policy_check_can_send (sender_policy,
1310 context->registry,
1311 requested_reply,
1312 proposed_recipient,
1313 message))
1314 {
1315 const char *dest;
1316
1317 dest = dbus_message_get_destination (message);
1318 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1319 "A security policy in place prevents this sender "
1320 "from sending this message to this recipient, "
1321 "see message bus configuration file (rejected message "
1322 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")",
1323 dbus_message_get_interface (message) ?
1324 dbus_message_get_interface (message) : "(unset)",
1325 dbus_message_get_member (message) ?
1326 dbus_message_get_member (message) : "(unset)",
1327 dbus_message_get_error_name (message) ?
1328 dbus_message_get_error_name (message) : "(unset)",
1329 dest ? dest : DBUS_SERVICE_DBUS);
1330 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1331 return FALSE;
1332 }
1333
1334 if (recipient_policy &&
1335 !bus_client_policy_check_can_receive (recipient_policy,
1336 context->registry,
1337 requested_reply,
1338 sender,
1339 addressed_recipient, proposed_recipient,
1340 message))
1341 {
1342 const char *dest;
1343
1344 dest = dbus_message_get_destination (message);
1345 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1346 "A security policy in place prevents this recipient "
1347 "from receiving this message from this sender, "
1348 "see message bus configuration file (rejected message "
1349 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)",
1350 dbus_message_get_interface (message) ?
1351 dbus_message_get_interface (message) : "(unset)",
1352 dbus_message_get_member (message) ?
1353 dbus_message_get_member (message) : "(unset)",
1354 dbus_message_get_error_name (message) ?
1355 dbus_message_get_error_name (message) : "(unset)",
1356 dest ? dest : DBUS_SERVICE_DBUS,
1357 dbus_message_get_reply_serial (message),
1358 requested_reply);
1359 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1360 return FALSE;
1361 }
1362
1363 /* See if limits on size have been exceeded */
1364 if (proposed_recipient &&
1365 dbus_connection_get_outgoing_size (proposed_recipient) >
1366 context->limits.max_outgoing_bytes)
1367 {
1368 const char *dest;
1369
1370 dest = dbus_message_get_destination (message);
1371 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
1372 "The destination service \"%s\" has a full message queue",
1373 dest ? dest : (proposed_recipient ?
1374 bus_connection_get_name (proposed_recipient) :
1375 DBUS_SERVICE_DBUS));
1376 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1377 return FALSE;
1378 }
1379
1380 /* Record that we will allow a reply here in the future (don't
1381 * bother if the recipient is the bus or this is an eavesdropping
1382 * connection). Only the addressed recipient may reply.
1383 */
1384 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
1385 sender &&
1386 addressed_recipient &&
1387 addressed_recipient == proposed_recipient && /* not eavesdropping */
1388 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1389 transaction,
1390 sender, addressed_recipient,
1391 message, error))
1392 {
1393 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1394 return FALSE;
1395 }
1396
1397 _dbus_verbose ("security policy allowing message\n");
1398 return TRUE;
1399 }
1400