1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* bus.c message bus context object
3 *
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
5 *
6 * Licensed under the Academic Free License version 2.1
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21 *
22 */
23
24 #include <config.h>
25 #include "bus.h"
26 #include "activation.h"
27 #include "connection.h"
28 #include "services.h"
29 #include "utils.h"
30 #include "policy.h"
31 #include "config-parser.h"
32 #include "signals.h"
33 #include "selinux.h"
34 #include "dir-watch.h"
35 #include <dbus/dbus-list.h>
36 #include <dbus/dbus-hash.h>
37 #include <dbus/dbus-credentials.h>
38 #include <dbus/dbus-internals.h>
39 #ifdef DBUS_CYGWIN
40 #include <signal.h>
41 #endif
42
43 struct BusContext
44 {
45 int refcount;
46 DBusGUID uuid;
47 char *config_file;
48 char *type;
49 char *servicehelper;
50 char *address;
51 #ifdef WANT_PIDFILE
52 char *pidfile;
53 #endif
54 char *user;
55 char *log_prefix;
56 DBusLoop *loop;
57 DBusList *servers;
58 BusConnections *connections;
59 BusActivation *activation;
60 BusRegistry *registry;
61 BusPolicy *policy;
62 BusMatchmaker *matchmaker;
63 BusLimits limits;
64 unsigned int fork : 1;
65 unsigned int syslog : 1;
66 unsigned int keep_umask : 1;
67 unsigned int allow_anonymous : 1;
68 unsigned int systemd_activation : 1;
69 };
70
71 static dbus_int32_t server_data_slot = -1;
72
73 typedef struct
74 {
75 BusContext *context;
76 } BusServerData;
77
78 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
79
80 static BusContext*
server_get_context(DBusServer * server)81 server_get_context (DBusServer *server)
82 {
83 BusContext *context;
84 BusServerData *bd;
85
86 if (!dbus_server_allocate_data_slot (&server_data_slot))
87 return NULL;
88
89 bd = BUS_SERVER_DATA (server);
90 if (bd == NULL)
91 {
92 dbus_server_free_data_slot (&server_data_slot);
93 return NULL;
94 }
95
96 context = bd->context;
97
98 dbus_server_free_data_slot (&server_data_slot);
99
100 return context;
101 }
102
103 static dbus_bool_t
server_watch_callback(DBusWatch * watch,unsigned int condition,void * data)104 server_watch_callback (DBusWatch *watch,
105 unsigned int condition,
106 void *data)
107 {
108 /* FIXME this can be done in dbus-mainloop.c
109 * if the code in activation.c for the babysitter
110 * watch handler is fixed.
111 */
112
113 return dbus_watch_handle (watch, condition);
114 }
115
116 static dbus_bool_t
add_server_watch(DBusWatch * watch,void * data)117 add_server_watch (DBusWatch *watch,
118 void *data)
119 {
120 DBusServer *server = data;
121 BusContext *context;
122
123 context = server_get_context (server);
124
125 return _dbus_loop_add_watch (context->loop,
126 watch, server_watch_callback, server,
127 NULL);
128 }
129
130 static void
remove_server_watch(DBusWatch * watch,void * data)131 remove_server_watch (DBusWatch *watch,
132 void *data)
133 {
134 DBusServer *server = data;
135 BusContext *context;
136
137 context = server_get_context (server);
138
139 _dbus_loop_remove_watch (context->loop,
140 watch, server_watch_callback, server);
141 }
142
143
144 static void
server_timeout_callback(DBusTimeout * timeout,void * data)145 server_timeout_callback (DBusTimeout *timeout,
146 void *data)
147 {
148 /* can return FALSE on OOM but we just let it fire again later */
149 dbus_timeout_handle (timeout);
150 }
151
152 static dbus_bool_t
add_server_timeout(DBusTimeout * timeout,void * data)153 add_server_timeout (DBusTimeout *timeout,
154 void *data)
155 {
156 DBusServer *server = data;
157 BusContext *context;
158
159 context = server_get_context (server);
160
161 return _dbus_loop_add_timeout (context->loop,
162 timeout, server_timeout_callback, server, NULL);
163 }
164
165 static void
remove_server_timeout(DBusTimeout * timeout,void * data)166 remove_server_timeout (DBusTimeout *timeout,
167 void *data)
168 {
169 DBusServer *server = data;
170 BusContext *context;
171
172 context = server_get_context (server);
173
174 _dbus_loop_remove_timeout (context->loop,
175 timeout, server_timeout_callback, server);
176 }
177
178 static void
new_connection_callback(DBusServer * server,DBusConnection * new_connection,void * data)179 new_connection_callback (DBusServer *server,
180 DBusConnection *new_connection,
181 void *data)
182 {
183 BusContext *context = data;
184
185 if (!bus_connections_setup_connection (context->connections, new_connection))
186 {
187 _dbus_verbose ("No memory to setup new connection\n");
188
189 /* if we don't do this, it will get unref'd without
190 * being disconnected... kind of strange really
191 * that we have to do this, people won't get it right
192 * in general.
193 */
194 dbus_connection_close (new_connection);
195 }
196
197 dbus_connection_set_max_received_size (new_connection,
198 context->limits.max_incoming_bytes);
199
200 dbus_connection_set_max_message_size (new_connection,
201 context->limits.max_message_size);
202
203 dbus_connection_set_max_received_unix_fds (new_connection,
204 context->limits.max_incoming_unix_fds);
205
206 dbus_connection_set_max_message_unix_fds (new_connection,
207 context->limits.max_message_unix_fds);
208
209 dbus_connection_set_allow_anonymous (new_connection,
210 context->allow_anonymous);
211
212 /* on OOM, we won't have ref'd the connection so it will die. */
213 }
214
215 static void
free_server_data(void * data)216 free_server_data (void *data)
217 {
218 BusServerData *bd = data;
219
220 dbus_free (bd);
221 }
222
223 static dbus_bool_t
setup_server(BusContext * context,DBusServer * server,char ** auth_mechanisms,DBusError * error)224 setup_server (BusContext *context,
225 DBusServer *server,
226 char **auth_mechanisms,
227 DBusError *error)
228 {
229 BusServerData *bd;
230
231 bd = dbus_new0 (BusServerData, 1);
232 if (bd == NULL || !dbus_server_set_data (server,
233 server_data_slot,
234 bd, free_server_data))
235 {
236 dbus_free (bd);
237 BUS_SET_OOM (error);
238 return FALSE;
239 }
240
241 bd->context = context;
242
243 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
244 {
245 BUS_SET_OOM (error);
246 return FALSE;
247 }
248
249 dbus_server_set_new_connection_function (server,
250 new_connection_callback,
251 context, NULL);
252
253 if (!dbus_server_set_watch_functions (server,
254 add_server_watch,
255 remove_server_watch,
256 NULL,
257 server,
258 NULL))
259 {
260 BUS_SET_OOM (error);
261 return FALSE;
262 }
263
264 if (!dbus_server_set_timeout_functions (server,
265 add_server_timeout,
266 remove_server_timeout,
267 NULL,
268 server, NULL))
269 {
270 BUS_SET_OOM (error);
271 return FALSE;
272 }
273
274 return TRUE;
275 }
276
277 /* This code only gets executed the first time the
278 * config files are parsed. It is not executed
279 * when config files are reloaded.
280 */
281 static dbus_bool_t
process_config_first_time_only(BusContext * context,BusConfigParser * parser,const DBusString * address,dbus_bool_t systemd_activation,DBusError * error)282 process_config_first_time_only (BusContext *context,
283 BusConfigParser *parser,
284 const DBusString *address,
285 dbus_bool_t systemd_activation,
286 DBusError *error)
287 {
288 DBusString log_prefix;
289 DBusList *link;
290 DBusList **addresses;
291 const char *user, *pidfile;
292 char **auth_mechanisms;
293 DBusList **auth_mechanisms_list;
294 int len;
295 dbus_bool_t retval;
296
297 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
298
299 retval = FALSE;
300 auth_mechanisms = NULL;
301
302 context->systemd_activation = systemd_activation;
303
304 #ifdef WANT_PIDFILE
305 /* Check for an existing pid file. Of course this is a race;
306 * we'd have to use fcntl() locks on the pid file to
307 * avoid that. But we want to check for the pid file
308 * before overwriting any existing sockets, etc.
309 */
310 pidfile = bus_config_parser_get_pidfile (parser);
311 if (pidfile != NULL)
312 {
313 DBusString u;
314 DBusStat stbuf;
315
316 _dbus_string_init_const (&u, pidfile);
317
318 if (_dbus_stat (&u, &stbuf, NULL))
319 {
320 #ifdef DBUS_CYGWIN
321 DBusString p;
322 long /* int */ pid;
323
324 _dbus_string_init (&p);
325 _dbus_file_get_contents(&p, &u, NULL);
326 _dbus_string_parse_int(&p, 0, &pid, NULL);
327 _dbus_string_free(&p);
328
329 if ((kill((int)pid, 0))) {
330 dbus_set_error(NULL, DBUS_ERROR_FILE_EXISTS,
331 "pid %ld not running, removing stale pid file\n",
332 pid);
333 _dbus_delete_file(&u, NULL);
334 } else {
335 #endif
336 dbus_set_error (error, DBUS_ERROR_FAILED,
337 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
338 pidfile);
339 goto failed;
340 #ifdef DBUS_CYGWIN
341 }
342 #endif
343 }
344 }
345
346 /* keep around the pid filename so we can delete it later */
347 context->pidfile = _dbus_strdup (pidfile);
348 #endif
349
350 /* note that type may be NULL */
351 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
352 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
353 goto oom;
354
355 user = bus_config_parser_get_user (parser);
356 if (user != NULL)
357 {
358 context->user = _dbus_strdup (user);
359 if (context->user == NULL)
360 goto oom;
361 }
362
363 /* Set up the prefix for syslog messages */
364 if (!_dbus_string_init (&log_prefix))
365 goto oom;
366 if (context->type && !strcmp (context->type, "system"))
367 {
368 if (!_dbus_string_append (&log_prefix, "[system] "))
369 goto oom;
370 }
371 else if (context->type && !strcmp (context->type, "session"))
372 {
373 DBusCredentials *credentials;
374
375 credentials = _dbus_credentials_new_from_current_process ();
376 if (!credentials)
377 goto oom;
378 if (!_dbus_string_append (&log_prefix, "[session "))
379 goto oom;
380 if (!_dbus_credentials_to_string_append (credentials, &log_prefix))
381 goto oom;
382 if (!_dbus_string_append (&log_prefix, "] "))
383 goto oom;
384 _dbus_credentials_unref (credentials);
385 }
386 if (!_dbus_string_steal_data (&log_prefix, &context->log_prefix))
387 goto oom;
388 _dbus_string_free (&log_prefix);
389
390 /* Build an array of auth mechanisms */
391
392 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
393 len = _dbus_list_get_length (auth_mechanisms_list);
394
395 if (len > 0)
396 {
397 int i;
398
399 auth_mechanisms = dbus_new0 (char*, len + 1);
400 if (auth_mechanisms == NULL)
401 goto oom;
402
403 i = 0;
404 link = _dbus_list_get_first_link (auth_mechanisms_list);
405 while (link != NULL)
406 {
407 auth_mechanisms[i] = _dbus_strdup (link->data);
408 if (auth_mechanisms[i] == NULL)
409 goto oom;
410 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
411 }
412 }
413 else
414 {
415 auth_mechanisms = NULL;
416 }
417
418 /* Listen on our addresses */
419
420 if (address)
421 {
422 DBusServer *server;
423
424 server = dbus_server_listen (_dbus_string_get_const_data(address), error);
425 if (server == NULL)
426 {
427 _DBUS_ASSERT_ERROR_IS_SET (error);
428 goto failed;
429 }
430 else if (!setup_server (context, server, auth_mechanisms, error))
431 {
432 _DBUS_ASSERT_ERROR_IS_SET (error);
433 goto failed;
434 }
435
436 if (!_dbus_list_append (&context->servers, server))
437 goto oom;
438 }
439 else
440 {
441 addresses = bus_config_parser_get_addresses (parser);
442
443 link = _dbus_list_get_first_link (addresses);
444 while (link != NULL)
445 {
446 DBusServer *server;
447
448 server = dbus_server_listen (link->data, error);
449 if (server == NULL)
450 {
451 _DBUS_ASSERT_ERROR_IS_SET (error);
452 goto failed;
453 }
454 else if (!setup_server (context, server, auth_mechanisms, error))
455 {
456 _DBUS_ASSERT_ERROR_IS_SET (error);
457 goto failed;
458 }
459
460 if (!_dbus_list_append (&context->servers, server))
461 goto oom;
462
463 link = _dbus_list_get_next_link (addresses, link);
464 }
465 }
466
467 context->fork = bus_config_parser_get_fork (parser);
468 context->syslog = bus_config_parser_get_syslog (parser);
469 context->keep_umask = bus_config_parser_get_keep_umask (parser);
470 context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
471
472 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
473 retval = TRUE;
474
475 failed:
476 dbus_free_string_array (auth_mechanisms);
477 return retval;
478
479 oom:
480 BUS_SET_OOM (error);
481 dbus_free_string_array (auth_mechanisms);
482 return FALSE;
483 }
484
485 /* This code gets executed every time the config files
486 * are parsed: both during BusContext construction
487 * and on reloads. This function is slightly screwy
488 * since it can do a "half reload" in out-of-memory
489 * situations. Realistically, unlikely to ever matter.
490 */
491 static dbus_bool_t
process_config_every_time(BusContext * context,BusConfigParser * parser,dbus_bool_t is_reload,DBusError * error)492 process_config_every_time (BusContext *context,
493 BusConfigParser *parser,
494 dbus_bool_t is_reload,
495 DBusError *error)
496 {
497 DBusString full_address;
498 DBusList *link;
499 DBusList **dirs;
500 BusActivation *new_activation;
501 char *addr;
502 const char *servicehelper;
503 char *s;
504
505 dbus_bool_t retval;
506
507 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
508
509 addr = NULL;
510 retval = FALSE;
511
512 if (!_dbus_string_init (&full_address))
513 {
514 BUS_SET_OOM (error);
515 return FALSE;
516 }
517
518 /* get our limits and timeout lengths */
519 bus_config_parser_get_limits (parser, &context->limits);
520
521 if (context->policy)
522 bus_policy_unref (context->policy);
523 context->policy = bus_config_parser_steal_policy (parser);
524 _dbus_assert (context->policy != NULL);
525
526 /* We have to build the address backward, so that
527 * <listen> later in the config file have priority
528 */
529 link = _dbus_list_get_last_link (&context->servers);
530 while (link != NULL)
531 {
532 addr = dbus_server_get_address (link->data);
533 if (addr == NULL)
534 {
535 BUS_SET_OOM (error);
536 goto failed;
537 }
538
539 if (_dbus_string_get_length (&full_address) > 0)
540 {
541 if (!_dbus_string_append (&full_address, ";"))
542 {
543 BUS_SET_OOM (error);
544 goto failed;
545 }
546 }
547
548 if (!_dbus_string_append (&full_address, addr))
549 {
550 BUS_SET_OOM (error);
551 goto failed;
552 }
553
554 dbus_free (addr);
555 addr = NULL;
556
557 link = _dbus_list_get_prev_link (&context->servers, link);
558 }
559
560 if (is_reload)
561 dbus_free (context->address);
562
563 if (!_dbus_string_copy_data (&full_address, &context->address))
564 {
565 BUS_SET_OOM (error);
566 goto failed;
567 }
568
569 /* get the service directories */
570 dirs = bus_config_parser_get_service_dirs (parser);
571
572 /* and the service helper */
573 servicehelper = bus_config_parser_get_servicehelper (parser);
574
575 s = _dbus_strdup(servicehelper);
576 if (s == NULL && servicehelper != NULL)
577 {
578 BUS_SET_OOM (error);
579 goto failed;
580 }
581 else
582 {
583 dbus_free(context->servicehelper);
584 context->servicehelper = s;
585 }
586
587 /* Create activation subsystem */
588 if (context->activation)
589 {
590 if (!bus_activation_reload (context->activation, &full_address, dirs, error))
591 goto failed;
592 }
593 else
594 {
595 context->activation = bus_activation_new (context, &full_address, dirs, error);
596 }
597
598 if (context->activation == NULL)
599 {
600 _DBUS_ASSERT_ERROR_IS_SET (error);
601 goto failed;
602 }
603
604 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
605 retval = TRUE;
606
607 failed:
608 _dbus_string_free (&full_address);
609
610 if (addr)
611 dbus_free (addr);
612
613 return retval;
614 }
615
616 static dbus_bool_t
list_concat_new(DBusList ** a,DBusList ** b,DBusList ** result)617 list_concat_new (DBusList **a,
618 DBusList **b,
619 DBusList **result)
620 {
621 DBusList *link;
622
623 *result = NULL;
624
625 link = _dbus_list_get_first_link (a);
626 for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link))
627 {
628 if (!_dbus_list_append (result, link->data))
629 goto oom;
630 }
631 for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link))
632 {
633 if (!_dbus_list_append (result, link->data))
634 goto oom;
635 }
636
637 return TRUE;
638 oom:
639 _dbus_list_clear (result);
640 return FALSE;
641 }
642
643 static dbus_bool_t
process_config_postinit(BusContext * context,BusConfigParser * parser,DBusError * error)644 process_config_postinit (BusContext *context,
645 BusConfigParser *parser,
646 DBusError *error)
647 {
648 DBusHashTable *service_context_table;
649 DBusList *watched_dirs = NULL;
650
651 service_context_table = bus_config_parser_steal_service_context_table (parser);
652 if (!bus_registry_set_service_context_table (context->registry,
653 service_context_table))
654 {
655 BUS_SET_OOM (error);
656 return FALSE;
657 }
658
659 _dbus_hash_table_unref (service_context_table);
660
661 /* We need to monitor both the configuration directories and directories
662 * containing .service files.
663 */
664 if (!list_concat_new (bus_config_parser_get_conf_dirs (parser),
665 bus_config_parser_get_service_dirs (parser),
666 &watched_dirs))
667 {
668 BUS_SET_OOM (error);
669 return FALSE;
670 }
671
672 bus_set_watched_dirs (context, &watched_dirs);
673
674 _dbus_list_clear (&watched_dirs);
675
676 return TRUE;
677 }
678
679 BusContext*
bus_context_new(const DBusString * config_file,ForceForkSetting force_fork,DBusPipe * print_addr_pipe,DBusPipe * print_pid_pipe,const DBusString * address,dbus_bool_t systemd_activation,DBusError * error)680 bus_context_new (const DBusString *config_file,
681 ForceForkSetting force_fork,
682 DBusPipe *print_addr_pipe,
683 DBusPipe *print_pid_pipe,
684 const DBusString *address,
685 dbus_bool_t systemd_activation,
686 DBusError *error)
687 {
688 DBusString log_prefix;
689 BusContext *context;
690 BusConfigParser *parser;
691
692 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
693
694 context = NULL;
695 parser = NULL;
696
697 if (!dbus_server_allocate_data_slot (&server_data_slot))
698 {
699 BUS_SET_OOM (error);
700 return NULL;
701 }
702
703 context = dbus_new0 (BusContext, 1);
704 if (context == NULL)
705 {
706 BUS_SET_OOM (error);
707 goto failed;
708 }
709 context->refcount = 1;
710
711 _dbus_generate_uuid (&context->uuid);
712
713 if (!_dbus_string_copy_data (config_file, &context->config_file))
714 {
715 BUS_SET_OOM (error);
716 goto failed;
717 }
718
719 context->loop = _dbus_loop_new ();
720 if (context->loop == NULL)
721 {
722 BUS_SET_OOM (error);
723 goto failed;
724 }
725
726 context->registry = bus_registry_new (context);
727 if (context->registry == NULL)
728 {
729 BUS_SET_OOM (error);
730 goto failed;
731 }
732
733 parser = bus_config_load (config_file, TRUE, NULL, error);
734 if (parser == NULL)
735 {
736 _DBUS_ASSERT_ERROR_IS_SET (error);
737 goto failed;
738 }
739
740 if (!process_config_first_time_only (context, parser, address, systemd_activation, error))
741 {
742 _DBUS_ASSERT_ERROR_IS_SET (error);
743 goto failed;
744 }
745 if (!process_config_every_time (context, parser, FALSE, error))
746 {
747 _DBUS_ASSERT_ERROR_IS_SET (error);
748 goto failed;
749 }
750
751 /* we need another ref of the server data slot for the context
752 * to own
753 */
754 if (!dbus_server_allocate_data_slot (&server_data_slot))
755 _dbus_assert_not_reached ("second ref of server data slot failed");
756
757 /* Note that we don't know whether the print_addr_pipe is
758 * one of the sockets we're using to listen on, or some
759 * other random thing. But I think the answer is "don't do
760 * that then"
761 */
762 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
763 {
764 DBusString addr;
765 const char *a = bus_context_get_address (context);
766 int bytes;
767
768 _dbus_assert (a != NULL);
769 if (!_dbus_string_init (&addr))
770 {
771 BUS_SET_OOM (error);
772 goto failed;
773 }
774
775 if (!_dbus_string_append (&addr, a) ||
776 !_dbus_string_append (&addr, "\n"))
777 {
778 _dbus_string_free (&addr);
779 BUS_SET_OOM (error);
780 goto failed;
781 }
782
783 bytes = _dbus_string_get_length (&addr);
784 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
785 {
786 /* pipe write returns an error on failure but not short write */
787 if (error != NULL && !dbus_error_is_set (error))
788 {
789 dbus_set_error (error, DBUS_ERROR_FAILED,
790 "Printing message bus address: did not write all bytes\n");
791 }
792 _dbus_string_free (&addr);
793 goto failed;
794 }
795
796 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
797 _dbus_pipe_close (print_addr_pipe, NULL);
798
799 _dbus_string_free (&addr);
800 }
801
802 context->connections = bus_connections_new (context);
803 if (context->connections == NULL)
804 {
805 BUS_SET_OOM (error);
806 goto failed;
807 }
808
809 context->matchmaker = bus_matchmaker_new ();
810 if (context->matchmaker == NULL)
811 {
812 BUS_SET_OOM (error);
813 goto failed;
814 }
815
816 /* check user before we fork */
817 if (context->user != NULL)
818 {
819 if (!_dbus_verify_daemon_user (context->user))
820 {
821 dbus_set_error (error, DBUS_ERROR_FAILED,
822 "Could not get UID and GID for username \"%s\"",
823 context->user);
824 goto failed;
825 }
826 }
827
828 /* Now become a daemon if appropriate and write out pid file in any case */
829 {
830 #ifdef WANT_PIDFILE
831 DBusString u;
832
833 if (context->pidfile)
834 _dbus_string_init_const (&u, context->pidfile);
835
836 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
837 {
838 _dbus_verbose ("Forking and becoming daemon\n");
839
840 if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
841 print_pid_pipe,
842 error,
843 context->keep_umask))
844
845 {
846 _DBUS_ASSERT_ERROR_IS_SET (error);
847 goto failed;
848 }
849 }
850 else
851 {
852 _dbus_verbose ("Fork not requested\n");
853
854 /* Need to write PID file and to PID pipe for ourselves,
855 * not for the child process. This is a no-op if the pidfile
856 * is NULL and print_pid_pipe is NULL.
857 */
858 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
859 print_pid_pipe,
860 _dbus_getpid (),
861 error))
862 {
863 _DBUS_ASSERT_ERROR_IS_SET (error);
864 goto failed;
865 }
866 }
867 #else
868 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
869 {
870 if (!_dbus_become_daemon (NULL,
871 0,
872 error,
873 context->keep_umask))
874 {
875 _DBUS_ASSERT_ERROR_IS_SET (error);
876 goto failed;
877 }
878 }
879 #endif
880 }
881
882 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
883 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
884 _dbus_pipe_close (print_pid_pipe, NULL);
885
886 if (!bus_selinux_full_init ())
887 {
888 bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n");
889 }
890
891 if (!process_config_postinit (context, parser, error))
892 {
893 _DBUS_ASSERT_ERROR_IS_SET (error);
894 goto failed;
895 }
896
897 if (parser != NULL)
898 {
899 bus_config_parser_unref (parser);
900 parser = NULL;
901 }
902
903 /* Here we change our credentials if required,
904 * as soon as we've set up our sockets and pidfile
905 */
906 if (context->user != NULL)
907 {
908 if (!_dbus_change_to_daemon_user (context->user, error))
909 {
910 _DBUS_ASSERT_ERROR_IS_SET (error);
911 goto failed;
912 }
913
914 #ifdef HAVE_SELINUX
915 /* FIXME - why not just put this in full_init() below? */
916 bus_selinux_audit_init ();
917 #endif
918 }
919
920 dbus_server_free_data_slot (&server_data_slot);
921
922 return context;
923
924 failed:
925 if (parser != NULL)
926 bus_config_parser_unref (parser);
927 if (context != NULL)
928 bus_context_unref (context);
929
930 if (server_data_slot >= 0)
931 dbus_server_free_data_slot (&server_data_slot);
932
933 return NULL;
934 }
935
936 dbus_bool_t
bus_context_get_id(BusContext * context,DBusString * uuid)937 bus_context_get_id (BusContext *context,
938 DBusString *uuid)
939 {
940 return _dbus_uuid_encode (&context->uuid, uuid);
941 }
942
943 dbus_bool_t
bus_context_reload_config(BusContext * context,DBusError * error)944 bus_context_reload_config (BusContext *context,
945 DBusError *error)
946 {
947 BusConfigParser *parser;
948 DBusString config_file;
949 dbus_bool_t ret;
950
951 /* Flush the user database cache */
952 _dbus_flush_caches ();
953
954 ret = FALSE;
955 _dbus_string_init_const (&config_file, context->config_file);
956 parser = bus_config_load (&config_file, TRUE, NULL, error);
957 if (parser == NULL)
958 {
959 _DBUS_ASSERT_ERROR_IS_SET (error);
960 goto failed;
961 }
962
963 if (!process_config_every_time (context, parser, TRUE, error))
964 {
965 _DBUS_ASSERT_ERROR_IS_SET (error);
966 goto failed;
967 }
968 if (!process_config_postinit (context, parser, error))
969 {
970 _DBUS_ASSERT_ERROR_IS_SET (error);
971 goto failed;
972 }
973 ret = TRUE;
974
975 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Reloaded configuration");
976 failed:
977 if (!ret)
978 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Unable to reload configuration: %s", error->message);
979 if (parser != NULL)
980 bus_config_parser_unref (parser);
981 return ret;
982 }
983
984 static void
shutdown_server(BusContext * context,DBusServer * server)985 shutdown_server (BusContext *context,
986 DBusServer *server)
987 {
988 if (server == NULL ||
989 !dbus_server_get_is_connected (server))
990 return;
991
992 if (!dbus_server_set_watch_functions (server,
993 NULL, NULL, NULL,
994 context,
995 NULL))
996 _dbus_assert_not_reached ("setting watch functions to NULL failed");
997
998 if (!dbus_server_set_timeout_functions (server,
999 NULL, NULL, NULL,
1000 context,
1001 NULL))
1002 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
1003
1004 dbus_server_disconnect (server);
1005 }
1006
1007 void
bus_context_shutdown(BusContext * context)1008 bus_context_shutdown (BusContext *context)
1009 {
1010 DBusList *link;
1011
1012 link = _dbus_list_get_first_link (&context->servers);
1013 while (link != NULL)
1014 {
1015 shutdown_server (context, link->data);
1016
1017 link = _dbus_list_get_next_link (&context->servers, link);
1018 }
1019 }
1020
1021 BusContext *
bus_context_ref(BusContext * context)1022 bus_context_ref (BusContext *context)
1023 {
1024 _dbus_assert (context->refcount > 0);
1025 context->refcount += 1;
1026
1027 return context;
1028 }
1029
1030 void
bus_context_unref(BusContext * context)1031 bus_context_unref (BusContext *context)
1032 {
1033 _dbus_assert (context->refcount > 0);
1034 context->refcount -= 1;
1035
1036 if (context->refcount == 0)
1037 {
1038 DBusList *link;
1039
1040 _dbus_verbose ("Finalizing bus context %p\n", context);
1041
1042 bus_context_shutdown (context);
1043
1044 if (context->connections)
1045 {
1046 bus_connections_unref (context->connections);
1047 context->connections = NULL;
1048 }
1049
1050 if (context->registry)
1051 {
1052 bus_registry_unref (context->registry);
1053 context->registry = NULL;
1054 }
1055
1056 if (context->activation)
1057 {
1058 bus_activation_unref (context->activation);
1059 context->activation = NULL;
1060 }
1061
1062 link = _dbus_list_get_first_link (&context->servers);
1063 while (link != NULL)
1064 {
1065 dbus_server_unref (link->data);
1066
1067 link = _dbus_list_get_next_link (&context->servers, link);
1068 }
1069 _dbus_list_clear (&context->servers);
1070
1071 if (context->policy)
1072 {
1073 bus_policy_unref (context->policy);
1074 context->policy = NULL;
1075 }
1076
1077 if (context->loop)
1078 {
1079 _dbus_loop_unref (context->loop);
1080 context->loop = NULL;
1081 }
1082
1083 if (context->matchmaker)
1084 {
1085 bus_matchmaker_unref (context->matchmaker);
1086 context->matchmaker = NULL;
1087 }
1088
1089 dbus_free (context->config_file);
1090 dbus_free (context->log_prefix);
1091 dbus_free (context->type);
1092 dbus_free (context->address);
1093 dbus_free (context->user);
1094 dbus_free (context->servicehelper);
1095
1096 #ifdef WANT_PIDFILE
1097 if (context->pidfile)
1098 {
1099 DBusString u;
1100 _dbus_string_init_const (&u, context->pidfile);
1101
1102 /* Deliberately ignore errors here, since there's not much
1103 * we can do about it, and we're exiting anyways.
1104 */
1105 _dbus_delete_file (&u, NULL);
1106
1107 dbus_free (context->pidfile);
1108 }
1109 #endif
1110
1111 dbus_free (context);
1112
1113 dbus_server_free_data_slot (&server_data_slot);
1114 }
1115 }
1116
1117 /* type may be NULL */
1118 const char*
bus_context_get_type(BusContext * context)1119 bus_context_get_type (BusContext *context)
1120 {
1121 return context->type;
1122 }
1123
1124 const char*
bus_context_get_address(BusContext * context)1125 bus_context_get_address (BusContext *context)
1126 {
1127 return context->address;
1128 }
1129
1130 const char*
bus_context_get_servicehelper(BusContext * context)1131 bus_context_get_servicehelper (BusContext *context)
1132 {
1133 return context->servicehelper;
1134 }
1135
1136 dbus_bool_t
bus_context_get_systemd_activation(BusContext * context)1137 bus_context_get_systemd_activation (BusContext *context)
1138 {
1139 return context->systemd_activation;
1140 }
1141
1142 BusRegistry*
bus_context_get_registry(BusContext * context)1143 bus_context_get_registry (BusContext *context)
1144 {
1145 return context->registry;
1146 }
1147
1148 BusConnections*
bus_context_get_connections(BusContext * context)1149 bus_context_get_connections (BusContext *context)
1150 {
1151 return context->connections;
1152 }
1153
1154 BusActivation*
bus_context_get_activation(BusContext * context)1155 bus_context_get_activation (BusContext *context)
1156 {
1157 return context->activation;
1158 }
1159
1160 BusMatchmaker*
bus_context_get_matchmaker(BusContext * context)1161 bus_context_get_matchmaker (BusContext *context)
1162 {
1163 return context->matchmaker;
1164 }
1165
1166 DBusLoop*
bus_context_get_loop(BusContext * context)1167 bus_context_get_loop (BusContext *context)
1168 {
1169 return context->loop;
1170 }
1171
1172 dbus_bool_t
bus_context_allow_unix_user(BusContext * context,unsigned long uid)1173 bus_context_allow_unix_user (BusContext *context,
1174 unsigned long uid)
1175 {
1176 return bus_policy_allow_unix_user (context->policy,
1177 uid);
1178 }
1179
1180 /* For now this is never actually called because the default
1181 * DBusConnection behavior of 'same user that owns the bus can connect'
1182 * is all it would do.
1183 */
1184 dbus_bool_t
bus_context_allow_windows_user(BusContext * context,const char * windows_sid)1185 bus_context_allow_windows_user (BusContext *context,
1186 const char *windows_sid)
1187 {
1188 return bus_policy_allow_windows_user (context->policy,
1189 windows_sid);
1190 }
1191
1192 BusPolicy *
bus_context_get_policy(BusContext * context)1193 bus_context_get_policy (BusContext *context)
1194 {
1195 return context->policy;
1196 }
1197
1198 BusClientPolicy*
bus_context_create_client_policy(BusContext * context,DBusConnection * connection,DBusError * error)1199 bus_context_create_client_policy (BusContext *context,
1200 DBusConnection *connection,
1201 DBusError *error)
1202 {
1203 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
1204 return bus_policy_create_client_policy (context->policy, connection,
1205 error);
1206 }
1207
1208 int
bus_context_get_activation_timeout(BusContext * context)1209 bus_context_get_activation_timeout (BusContext *context)
1210 {
1211
1212 return context->limits.activation_timeout;
1213 }
1214
1215 int
bus_context_get_auth_timeout(BusContext * context)1216 bus_context_get_auth_timeout (BusContext *context)
1217 {
1218 return context->limits.auth_timeout;
1219 }
1220
1221 int
bus_context_get_max_completed_connections(BusContext * context)1222 bus_context_get_max_completed_connections (BusContext *context)
1223 {
1224 return context->limits.max_completed_connections;
1225 }
1226
1227 int
bus_context_get_max_incomplete_connections(BusContext * context)1228 bus_context_get_max_incomplete_connections (BusContext *context)
1229 {
1230 return context->limits.max_incomplete_connections;
1231 }
1232
1233 int
bus_context_get_max_connections_per_user(BusContext * context)1234 bus_context_get_max_connections_per_user (BusContext *context)
1235 {
1236 return context->limits.max_connections_per_user;
1237 }
1238
1239 int
bus_context_get_max_pending_activations(BusContext * context)1240 bus_context_get_max_pending_activations (BusContext *context)
1241 {
1242 return context->limits.max_pending_activations;
1243 }
1244
1245 int
bus_context_get_max_services_per_connection(BusContext * context)1246 bus_context_get_max_services_per_connection (BusContext *context)
1247 {
1248 return context->limits.max_services_per_connection;
1249 }
1250
1251 int
bus_context_get_max_match_rules_per_connection(BusContext * context)1252 bus_context_get_max_match_rules_per_connection (BusContext *context)
1253 {
1254 return context->limits.max_match_rules_per_connection;
1255 }
1256
1257 int
bus_context_get_max_replies_per_connection(BusContext * context)1258 bus_context_get_max_replies_per_connection (BusContext *context)
1259 {
1260 return context->limits.max_replies_per_connection;
1261 }
1262
1263 int
bus_context_get_reply_timeout(BusContext * context)1264 bus_context_get_reply_timeout (BusContext *context)
1265 {
1266 return context->limits.reply_timeout;
1267 }
1268
1269 void
1270 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...) _DBUS_GNUC_PRINTF (3, 4);
1271
1272 void
bus_context_log(BusContext * context,DBusSystemLogSeverity severity,const char * msg,...)1273 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...)
1274 {
1275 va_list args;
1276
1277 if (!context->syslog)
1278 return;
1279
1280 va_start (args, msg);
1281
1282 if (context->log_prefix)
1283 {
1284 DBusString full_msg;
1285
1286 if (!_dbus_string_init (&full_msg))
1287 goto out;
1288 if (!_dbus_string_append (&full_msg, context->log_prefix))
1289 goto oom_out;
1290 if (!_dbus_string_append_printf_valist (&full_msg, msg, args))
1291 goto oom_out;
1292
1293 _dbus_system_log (severity, "%s", _dbus_string_get_const_data (&full_msg));
1294 oom_out:
1295 _dbus_string_free (&full_msg);
1296 }
1297 else
1298 _dbus_system_logv (severity, msg, args);
1299
1300 out:
1301 va_end (args);
1302 }
1303
1304 /*
1305 * addressed_recipient is the recipient specified in the message.
1306 *
1307 * proposed_recipient is the recipient we're considering sending
1308 * to right this second, and may be an eavesdropper.
1309 *
1310 * sender is the sender of the message.
1311 *
1312 * NULL for proposed_recipient or sender definitely means the bus driver.
1313 *
1314 * NULL for addressed_recipient may mean the bus driver, or may mean
1315 * no destination was specified in the message (e.g. a signal).
1316 */
1317 dbus_bool_t
bus_context_check_security_policy(BusContext * context,BusTransaction * transaction,DBusConnection * sender,DBusConnection * addressed_recipient,DBusConnection * proposed_recipient,DBusMessage * message,DBusError * error)1318 bus_context_check_security_policy (BusContext *context,
1319 BusTransaction *transaction,
1320 DBusConnection *sender,
1321 DBusConnection *addressed_recipient,
1322 DBusConnection *proposed_recipient,
1323 DBusMessage *message,
1324 DBusError *error)
1325 {
1326 const char *dest;
1327 BusClientPolicy *sender_policy;
1328 BusClientPolicy *recipient_policy;
1329 dbus_int32_t toggles;
1330 dbus_bool_t log;
1331 int type;
1332 dbus_bool_t requested_reply;
1333 const char *sender_name;
1334 const char *sender_loginfo;
1335 const char *proposed_recipient_loginfo;
1336
1337 type = dbus_message_get_type (message);
1338 dest = dbus_message_get_destination (message);
1339
1340 /* dispatch.c was supposed to ensure these invariants */
1341 _dbus_assert (dest != NULL ||
1342 type == DBUS_MESSAGE_TYPE_SIGNAL ||
1343 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1344 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
1345 addressed_recipient != NULL ||
1346 strcmp (dest, DBUS_SERVICE_DBUS) == 0);
1347
1348 /* Used in logging below */
1349 if (sender != NULL)
1350 {
1351 sender_name = bus_connection_get_name (sender);
1352 sender_loginfo = bus_connection_get_loginfo (sender);
1353 }
1354 else
1355 {
1356 sender_name = NULL;
1357 sender_loginfo = "(bus)";
1358 }
1359
1360 if (proposed_recipient != NULL)
1361 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
1362 else
1363 proposed_recipient_loginfo = "bus";
1364
1365 switch (type)
1366 {
1367 case DBUS_MESSAGE_TYPE_METHOD_CALL:
1368 case DBUS_MESSAGE_TYPE_SIGNAL:
1369 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
1370 case DBUS_MESSAGE_TYPE_ERROR:
1371 break;
1372
1373 default:
1374 _dbus_verbose ("security check disallowing message of unknown type %d\n",
1375 type);
1376
1377 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1378 "Message bus will not accept messages of unknown type\n");
1379
1380 return FALSE;
1381 }
1382
1383 requested_reply = FALSE;
1384
1385 if (sender != NULL)
1386 {
1387 /* First verify the SELinux access controls. If allowed then
1388 * go on with the standard checks.
1389 */
1390 if (!bus_selinux_allows_send (sender, proposed_recipient,
1391 dbus_message_type_to_string (dbus_message_get_type (message)),
1392 dbus_message_get_interface (message),
1393 dbus_message_get_member (message),
1394 dbus_message_get_error_name (message),
1395 dest ? dest : DBUS_SERVICE_DBUS, error))
1396 {
1397 if (error != NULL && !dbus_error_is_set (error))
1398 {
1399 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1400 "An SELinux policy prevents this sender "
1401 "from sending this message to this recipient "
1402 "(rejected message had sender \"%s\" interface \"%s\" "
1403 "member \"%s\" error name \"%s\" destination \"%s\")",
1404 sender_name ? sender_name : "(unset)",
1405 dbus_message_get_interface (message) ?
1406 dbus_message_get_interface (message) : "(unset)",
1407 dbus_message_get_member (message) ?
1408 dbus_message_get_member (message) : "(unset)",
1409 dbus_message_get_error_name (message) ?
1410 dbus_message_get_error_name (message) : "(unset)",
1411 dest ? dest : DBUS_SERVICE_DBUS);
1412 _dbus_verbose ("SELinux security check denying send to service\n");
1413 }
1414
1415 return FALSE;
1416 }
1417
1418 if (bus_connection_is_active (sender))
1419 {
1420 sender_policy = bus_connection_get_policy (sender);
1421 _dbus_assert (sender_policy != NULL);
1422
1423 /* Fill in requested_reply variable with TRUE if this is a
1424 * reply and the reply was pending.
1425 */
1426 if (dbus_message_get_reply_serial (message) != 0)
1427 {
1428 if (proposed_recipient != NULL /* not to the bus driver */ &&
1429 addressed_recipient == proposed_recipient /* not eavesdropping */)
1430 {
1431 DBusError error2;
1432
1433 dbus_error_init (&error2);
1434 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
1435 transaction,
1436 sender, addressed_recipient, message,
1437 &error2);
1438 if (dbus_error_is_set (&error2))
1439 {
1440 dbus_move_error (&error2, error);
1441 return FALSE;
1442 }
1443 }
1444 }
1445 }
1446 else
1447 {
1448 /* Policy for inactive connections is that they can only send
1449 * the hello message to the bus driver
1450 */
1451 if (proposed_recipient == NULL &&
1452 dbus_message_is_method_call (message,
1453 DBUS_INTERFACE_DBUS,
1454 "Hello"))
1455 {
1456 _dbus_verbose ("security check allowing %s message\n",
1457 "Hello");
1458 return TRUE;
1459 }
1460 else
1461 {
1462 _dbus_verbose ("security check disallowing non-%s message\n",
1463 "Hello");
1464
1465 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1466 "Client tried to send a message other than %s without being registered",
1467 "Hello");
1468
1469 return FALSE;
1470 }
1471 }
1472 }
1473 else
1474 {
1475 sender_policy = NULL;
1476
1477 /* If the sender is the bus driver, we assume any reply was a
1478 * requested reply as bus driver won't send bogus ones
1479 */
1480 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1481 dbus_message_get_reply_serial (message) != 0)
1482 requested_reply = TRUE;
1483 }
1484
1485 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1486 (sender == NULL && sender_policy == NULL));
1487
1488 if (proposed_recipient != NULL)
1489 {
1490 /* only the bus driver can send to an inactive recipient (as it
1491 * owns no services, so other apps can't address it). Inactive
1492 * recipients can receive any message.
1493 */
1494 if (bus_connection_is_active (proposed_recipient))
1495 {
1496 recipient_policy = bus_connection_get_policy (proposed_recipient);
1497 _dbus_assert (recipient_policy != NULL);
1498 }
1499 else if (sender == NULL)
1500 {
1501 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1502 recipient_policy = NULL;
1503 }
1504 else
1505 {
1506 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1507 recipient_policy = NULL;
1508 }
1509 }
1510 else
1511 recipient_policy = NULL;
1512
1513 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1514 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1515 (proposed_recipient == NULL && recipient_policy == NULL));
1516
1517 log = FALSE;
1518 if (sender_policy &&
1519 !bus_client_policy_check_can_send (sender_policy,
1520 context->registry,
1521 requested_reply,
1522 proposed_recipient,
1523 message, &toggles, &log))
1524 {
1525 const char *msg = "Rejected send message, %d matched rules; "
1526 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
1527
1528 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1529 toggles,
1530 dbus_message_type_to_string (dbus_message_get_type (message)),
1531 sender_name ? sender_name : "(unset)",
1532 sender_loginfo,
1533 dbus_message_get_interface (message) ?
1534 dbus_message_get_interface (message) : "(unset)",
1535 dbus_message_get_member (message) ?
1536 dbus_message_get_member (message) : "(unset)",
1537 dbus_message_get_error_name (message) ?
1538 dbus_message_get_error_name (message) : "(unset)",
1539 requested_reply,
1540 dest ? dest : DBUS_SERVICE_DBUS,
1541 proposed_recipient_loginfo);
1542 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1543 if (addressed_recipient == proposed_recipient)
1544 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg,
1545 toggles,
1546 dbus_message_type_to_string (dbus_message_get_type (message)),
1547 sender_name ? sender_name : "(unset)",
1548 sender_loginfo,
1549 dbus_message_get_interface (message) ?
1550 dbus_message_get_interface (message) : "(unset)",
1551 dbus_message_get_member (message) ?
1552 dbus_message_get_member (message) : "(unset)",
1553 dbus_message_get_error_name (message) ?
1554 dbus_message_get_error_name (message) : "(unset)",
1555 requested_reply,
1556 dest ? dest : DBUS_SERVICE_DBUS,
1557 proposed_recipient_loginfo);
1558 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1559 return FALSE;
1560 }
1561
1562 if (log)
1563 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY,
1564 "Would reject message, %d matched rules; "
1565 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))",
1566 toggles,
1567 dbus_message_type_to_string (dbus_message_get_type (message)),
1568 sender_name ? sender_name : "(unset)",
1569 sender_loginfo,
1570 dbus_message_get_interface (message) ?
1571 dbus_message_get_interface (message) : "(unset)",
1572 dbus_message_get_member (message) ?
1573 dbus_message_get_member (message) : "(unset)",
1574 dbus_message_get_error_name (message) ?
1575 dbus_message_get_error_name (message) : "(unset)",
1576 requested_reply,
1577 dest ? dest : DBUS_SERVICE_DBUS,
1578 proposed_recipient_loginfo);
1579
1580 if (recipient_policy &&
1581 !bus_client_policy_check_can_receive (recipient_policy,
1582 context->registry,
1583 requested_reply,
1584 sender,
1585 addressed_recipient, proposed_recipient,
1586 message, &toggles))
1587 {
1588 const char *msg = "Rejected receive message, %d matched rules; "
1589 "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))";
1590
1591 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
1592 toggles,
1593 dbus_message_type_to_string (dbus_message_get_type (message)),
1594 sender_name ? sender_name : "(unset)",
1595 sender_loginfo,
1596 dbus_message_get_interface (message) ?
1597 dbus_message_get_interface (message) : "(unset)",
1598 dbus_message_get_member (message) ?
1599 dbus_message_get_member (message) : "(unset)",
1600 dbus_message_get_error_name (message) ?
1601 dbus_message_get_error_name (message) : "(unset)",
1602 dbus_message_get_reply_serial (message),
1603 requested_reply,
1604 dest ? dest : DBUS_SERVICE_DBUS,
1605 proposed_recipient_loginfo);
1606 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
1607 if (addressed_recipient == proposed_recipient)
1608 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg,
1609 toggles,
1610 dbus_message_type_to_string (dbus_message_get_type (message)),
1611 sender_name ? sender_name : "(unset)",
1612 sender_loginfo,
1613 dbus_message_get_interface (message) ?
1614 dbus_message_get_interface (message) : "(unset)",
1615 dbus_message_get_member (message) ?
1616 dbus_message_get_member (message) : "(unset)",
1617 dbus_message_get_error_name (message) ?
1618 dbus_message_get_error_name (message) : "(unset)",
1619 dbus_message_get_reply_serial (message),
1620 requested_reply,
1621 dest ? dest : DBUS_SERVICE_DBUS,
1622 proposed_recipient_loginfo);
1623 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1624 return FALSE;
1625 }
1626
1627 /* See if limits on size have been exceeded */
1628 if (proposed_recipient &&
1629 ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) ||
1630 (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds)))
1631 {
1632 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
1633 "The destination service \"%s\" has a full message queue",
1634 dest ? dest : (proposed_recipient ?
1635 bus_connection_get_name (proposed_recipient) :
1636 DBUS_SERVICE_DBUS));
1637 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1638 return FALSE;
1639 }
1640
1641 /* Record that we will allow a reply here in the future (don't
1642 * bother if the recipient is the bus or this is an eavesdropping
1643 * connection). Only the addressed recipient may reply.
1644 */
1645 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
1646 sender &&
1647 addressed_recipient &&
1648 addressed_recipient == proposed_recipient && /* not eavesdropping */
1649 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1650 transaction,
1651 sender, addressed_recipient,
1652 message, error))
1653 {
1654 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1655 return FALSE;
1656 }
1657
1658 _dbus_verbose ("security policy allowing message\n");
1659 return TRUE;
1660 }
1661