bus.c revision 3251264ac483680b4a5fe808729f7e3b34f41fd4
1/* -*- mode: C; c-file-style: "gnu" -*- */ 2/* bus.c message bus context object 3 * 4 * Copyright (C) 2003 Red Hat, Inc. 5 * 6 * Licensed under the Academic Free License version 1.2 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24#include "bus.h" 25#include "activation.h" 26#include "connection.h" 27#include "services.h" 28#include "utils.h" 29#include "policy.h" 30#include "config-parser.h" 31#include "signals.h" 32#include <dbus/dbus-list.h> 33#include <dbus/dbus-hash.h> 34#include <dbus/dbus-internals.h> 35 36struct BusContext 37{ 38 int refcount; 39 char *type; 40 char *address; 41 char *pidfile; 42 DBusLoop *loop; 43 DBusList *servers; 44 BusConnections *connections; 45 BusActivation *activation; 46 BusRegistry *registry; 47 BusPolicy *policy; 48 BusMatchmaker *matchmaker; 49 DBusUserDatabase *user_database; 50 BusLimits limits; 51}; 52 53static dbus_int32_t server_data_slot = -1; 54 55typedef struct 56{ 57 BusContext *context; 58} BusServerData; 59 60#define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot)) 61 62static BusContext* 63server_get_context (DBusServer *server) 64{ 65 BusContext *context; 66 BusServerData *bd; 67 68 if (!dbus_server_allocate_data_slot (&server_data_slot)) 69 return NULL; 70 71 bd = BUS_SERVER_DATA (server); 72 if (bd == NULL) 73 { 74 dbus_server_free_data_slot (&server_data_slot); 75 return NULL; 76 } 77 78 context = bd->context; 79 80 dbus_server_free_data_slot (&server_data_slot); 81 82 return context; 83} 84 85static dbus_bool_t 86server_watch_callback (DBusWatch *watch, 87 unsigned int condition, 88 void *data) 89{ 90 /* FIXME this can be done in dbus-mainloop.c 91 * if the code in activation.c for the babysitter 92 * watch handler is fixed. 93 */ 94 95 return dbus_watch_handle (watch, condition); 96} 97 98static dbus_bool_t 99add_server_watch (DBusWatch *watch, 100 void *data) 101{ 102 DBusServer *server = data; 103 BusContext *context; 104 105 context = server_get_context (server); 106 107 return _dbus_loop_add_watch (context->loop, 108 watch, server_watch_callback, server, 109 NULL); 110} 111 112static void 113remove_server_watch (DBusWatch *watch, 114 void *data) 115{ 116 DBusServer *server = data; 117 BusContext *context; 118 119 context = server_get_context (server); 120 121 _dbus_loop_remove_watch (context->loop, 122 watch, server_watch_callback, server); 123} 124 125 126static void 127server_timeout_callback (DBusTimeout *timeout, 128 void *data) 129{ 130 /* can return FALSE on OOM but we just let it fire again later */ 131 dbus_timeout_handle (timeout); 132} 133 134static dbus_bool_t 135add_server_timeout (DBusTimeout *timeout, 136 void *data) 137{ 138 DBusServer *server = data; 139 BusContext *context; 140 141 context = server_get_context (server); 142 143 return _dbus_loop_add_timeout (context->loop, 144 timeout, server_timeout_callback, server, NULL); 145} 146 147static void 148remove_server_timeout (DBusTimeout *timeout, 149 void *data) 150{ 151 DBusServer *server = data; 152 BusContext *context; 153 154 context = server_get_context (server); 155 156 _dbus_loop_remove_timeout (context->loop, 157 timeout, server_timeout_callback, server); 158} 159 160static void 161new_connection_callback (DBusServer *server, 162 DBusConnection *new_connection, 163 void *data) 164{ 165 BusContext *context = data; 166 167 if (!bus_connections_setup_connection (context->connections, new_connection)) 168 { 169 _dbus_verbose ("No memory to setup new connection\n"); 170 171 /* if we don't do this, it will get unref'd without 172 * being disconnected... kind of strange really 173 * that we have to do this, people won't get it right 174 * in general. 175 */ 176 dbus_connection_disconnect (new_connection); 177 } 178 179 dbus_connection_set_max_received_size (new_connection, 180 context->limits.max_incoming_bytes); 181 182 dbus_connection_set_max_message_size (new_connection, 183 context->limits.max_message_size); 184 185 /* on OOM, we won't have ref'd the connection so it will die. */ 186} 187 188static void 189free_server_data (void *data) 190{ 191 BusServerData *bd = data; 192 193 dbus_free (bd); 194} 195 196static dbus_bool_t 197setup_server (BusContext *context, 198 DBusServer *server, 199 char **auth_mechanisms, 200 DBusError *error) 201{ 202 BusServerData *bd; 203 204 bd = dbus_new0 (BusServerData, 1); 205 if (!dbus_server_set_data (server, 206 server_data_slot, 207 bd, free_server_data)) 208 { 209 dbus_free (bd); 210 BUS_SET_OOM (error); 211 return FALSE; 212 } 213 214 bd->context = context; 215 216 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms)) 217 { 218 BUS_SET_OOM (error); 219 return FALSE; 220 } 221 222 dbus_server_set_new_connection_function (server, 223 new_connection_callback, 224 context, NULL); 225 226 if (!dbus_server_set_watch_functions (server, 227 add_server_watch, 228 remove_server_watch, 229 NULL, 230 server, 231 NULL)) 232 { 233 BUS_SET_OOM (error); 234 return FALSE; 235 } 236 237 if (!dbus_server_set_timeout_functions (server, 238 add_server_timeout, 239 remove_server_timeout, 240 NULL, 241 server, NULL)) 242 { 243 BUS_SET_OOM (error); 244 return FALSE; 245 } 246 247 return TRUE; 248} 249 250BusContext* 251bus_context_new (const DBusString *config_file, 252 dbus_bool_t force_fork, 253 int print_addr_fd, 254 int print_pid_fd, 255 DBusError *error) 256{ 257 BusContext *context; 258 DBusList *link; 259 DBusList **addresses; 260 BusConfigParser *parser; 261 DBusString full_address; 262 const char *user, *pidfile; 263 char **auth_mechanisms; 264 DBusList **auth_mechanisms_list; 265 int len; 266 267 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 268 269 if (!_dbus_string_init (&full_address)) 270 { 271 BUS_SET_OOM (error); 272 return NULL; 273 } 274 275 if (!dbus_server_allocate_data_slot (&server_data_slot)) 276 { 277 BUS_SET_OOM (error); 278 _dbus_string_free (&full_address); 279 return NULL; 280 } 281 282 parser = NULL; 283 context = NULL; 284 auth_mechanisms = NULL; 285 286 parser = bus_config_load (config_file, TRUE, error); 287 if (parser == NULL) 288 goto failed; 289 290 /* Check for an existing pid file. Of course this is a race; 291 * we'd have to use fcntl() locks on the pid file to 292 * avoid that. But we want to check for the pid file 293 * before overwriting any existing sockets, etc. 294 */ 295 pidfile = bus_config_parser_get_pidfile (parser); 296 if (pidfile != NULL) 297 { 298 DBusString u; 299 DBusStat stbuf; 300 DBusError tmp_error; 301 302 dbus_error_init (&tmp_error); 303 _dbus_string_init_const (&u, pidfile); 304 305 if (_dbus_stat (&u, &stbuf, &tmp_error)) 306 { 307 dbus_set_error (error, DBUS_ERROR_FAILED, 308 "The pid file \"%s\" exists, if the message bus is not running, remove this file", 309 pidfile); 310 dbus_error_free (&tmp_error); 311 goto failed; 312 } 313 } 314 315 context = dbus_new0 (BusContext, 1); 316 if (context == NULL) 317 { 318 BUS_SET_OOM (error); 319 goto failed; 320 } 321 322 context->refcount = 1; 323 324 /* get our limits and timeout lengths */ 325 bus_config_parser_get_limits (parser, &context->limits); 326 327 /* we need another ref of the server data slot for the context 328 * to own 329 */ 330 if (!dbus_server_allocate_data_slot (&server_data_slot)) 331 _dbus_assert_not_reached ("second ref of server data slot failed"); 332 333 context->user_database = _dbus_user_database_new (); 334 if (context->user_database == NULL) 335 { 336 BUS_SET_OOM (error); 337 goto failed; 338 } 339 340 context->loop = _dbus_loop_new (); 341 if (context->loop == NULL) 342 { 343 BUS_SET_OOM (error); 344 goto failed; 345 } 346 347 /* Build an array of auth mechanisms */ 348 349 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser); 350 len = _dbus_list_get_length (auth_mechanisms_list); 351 352 if (len > 0) 353 { 354 int i; 355 356 auth_mechanisms = dbus_new0 (char*, len + 1); 357 if (auth_mechanisms == NULL) 358 goto failed; 359 360 i = 0; 361 link = _dbus_list_get_first_link (auth_mechanisms_list); 362 while (link != NULL) 363 { 364 auth_mechanisms[i] = _dbus_strdup (link->data); 365 if (auth_mechanisms[i] == NULL) 366 goto failed; 367 link = _dbus_list_get_next_link (auth_mechanisms_list, link); 368 } 369 } 370 else 371 { 372 auth_mechanisms = NULL; 373 } 374 375 /* Listen on our addresses */ 376 377 addresses = bus_config_parser_get_addresses (parser); 378 379 link = _dbus_list_get_first_link (addresses); 380 while (link != NULL) 381 { 382 DBusServer *server; 383 384 server = dbus_server_listen (link->data, error); 385 if (server == NULL) 386 goto failed; 387 else if (!setup_server (context, server, auth_mechanisms, error)) 388 goto failed; 389 390 if (!_dbus_list_append (&context->servers, server)) 391 { 392 BUS_SET_OOM (error); 393 goto failed; 394 } 395 396 link = _dbus_list_get_next_link (addresses, link); 397 } 398 399 /* note that type may be NULL */ 400 context->type = _dbus_strdup (bus_config_parser_get_type (parser)); 401 402 /* We have to build the address backward, so that 403 * <listen> later in the config file have priority 404 */ 405 link = _dbus_list_get_last_link (&context->servers); 406 while (link != NULL) 407 { 408 char *addr; 409 410 addr = dbus_server_get_address (link->data); 411 if (addr == NULL) 412 { 413 BUS_SET_OOM (error); 414 goto failed; 415 } 416 417 if (_dbus_string_get_length (&full_address) > 0) 418 { 419 if (!_dbus_string_append (&full_address, ";")) 420 { 421 BUS_SET_OOM (error); 422 goto failed; 423 } 424 } 425 426 if (!_dbus_string_append (&full_address, addr)) 427 { 428 BUS_SET_OOM (error); 429 goto failed; 430 } 431 432 dbus_free (addr); 433 434 link = _dbus_list_get_prev_link (&context->servers, link); 435 } 436 437 if (!_dbus_string_copy_data (&full_address, &context->address)) 438 { 439 BUS_SET_OOM (error); 440 goto failed; 441 } 442 443 /* Note that we don't know whether the print_addr_fd is 444 * one of the sockets we're using to listen on, or some 445 * other random thing. But I think the answer is "don't do 446 * that then" 447 */ 448 if (print_addr_fd >= 0) 449 { 450 DBusString addr; 451 const char *a = bus_context_get_address (context); 452 int bytes; 453 454 _dbus_assert (a != NULL); 455 if (!_dbus_string_init (&addr)) 456 { 457 BUS_SET_OOM (error); 458 goto failed; 459 } 460 461 if (!_dbus_string_append (&addr, a) || 462 !_dbus_string_append (&addr, "\n")) 463 { 464 _dbus_string_free (&addr); 465 BUS_SET_OOM (error); 466 goto failed; 467 } 468 469 bytes = _dbus_string_get_length (&addr); 470 if (_dbus_write (print_addr_fd, &addr, 0, bytes) != bytes) 471 { 472 dbus_set_error (error, DBUS_ERROR_FAILED, 473 "Printing message bus address: %s\n", 474 _dbus_strerror (errno)); 475 _dbus_string_free (&addr); 476 goto failed; 477 } 478 479 if (print_addr_fd > 2) 480 _dbus_close (print_addr_fd, NULL); 481 482 _dbus_string_free (&addr); 483 } 484 485 /* Create activation subsystem */ 486 487 context->activation = bus_activation_new (context, &full_address, 488 bus_config_parser_get_service_dirs (parser), 489 error); 490 if (context->activation == NULL) 491 { 492 _DBUS_ASSERT_ERROR_IS_SET (error); 493 goto failed; 494 } 495 496 context->connections = bus_connections_new (context); 497 if (context->connections == NULL) 498 { 499 BUS_SET_OOM (error); 500 goto failed; 501 } 502 503 context->registry = bus_registry_new (context); 504 if (context->registry == NULL) 505 { 506 BUS_SET_OOM (error); 507 goto failed; 508 } 509 510 context->matchmaker = bus_matchmaker_new (); 511 if (context->matchmaker == NULL) 512 { 513 BUS_SET_OOM (error); 514 goto failed; 515 } 516 517 context->policy = bus_config_parser_steal_policy (parser); 518 _dbus_assert (context->policy != NULL); 519 520 /* Now become a daemon if appropriate */ 521 if (force_fork || bus_config_parser_get_fork (parser)) 522 { 523 DBusString u; 524 525 if (pidfile) 526 _dbus_string_init_const (&u, pidfile); 527 528 if (!_dbus_become_daemon (pidfile ? &u : NULL, error)) 529 goto failed; 530 } 531 else 532 { 533 /* Need to write PID file for ourselves, not for the child process */ 534 if (pidfile != NULL) 535 { 536 DBusString u; 537 538 _dbus_string_init_const (&u, pidfile); 539 540 if (!_dbus_write_pid_file (&u, _dbus_getpid (), error)) 541 goto failed; 542 } 543 } 544 545 /* keep around the pid filename so we can delete it later */ 546 context->pidfile = _dbus_strdup (pidfile); 547 548 /* Write PID if requested */ 549 if (print_pid_fd >= 0) 550 { 551 DBusString pid; 552 int bytes; 553 554 if (!_dbus_string_init (&pid)) 555 { 556 BUS_SET_OOM (error); 557 goto failed; 558 } 559 560 if (!_dbus_string_append_int (&pid, _dbus_getpid ()) || 561 !_dbus_string_append (&pid, "\n")) 562 { 563 _dbus_string_free (&pid); 564 BUS_SET_OOM (error); 565 goto failed; 566 } 567 568 bytes = _dbus_string_get_length (&pid); 569 if (_dbus_write (print_pid_fd, &pid, 0, bytes) != bytes) 570 { 571 dbus_set_error (error, DBUS_ERROR_FAILED, 572 "Printing message bus PID: %s\n", 573 _dbus_strerror (errno)); 574 _dbus_string_free (&pid); 575 goto failed; 576 } 577 578 if (print_pid_fd > 2) 579 _dbus_close (print_pid_fd, NULL); 580 581 _dbus_string_free (&pid); 582 } 583 584 /* Here we change our credentials if required, 585 * as soon as we've set up our sockets and pidfile 586 */ 587 user = bus_config_parser_get_user (parser); 588 if (user != NULL) 589 { 590 DBusCredentials creds; 591 DBusString u; 592 593 _dbus_string_init_const (&u, user); 594 595 if (!_dbus_credentials_from_username (&u, &creds) || 596 creds.uid < 0 || 597 creds.gid < 0) 598 { 599 dbus_set_error (error, DBUS_ERROR_FAILED, 600 "Could not get UID and GID for username \"%s\"", 601 user); 602 goto failed; 603 } 604 605 if (!_dbus_change_identity (creds.uid, creds.gid, error)) 606 goto failed; 607 } 608 609 bus_config_parser_unref (parser); 610 _dbus_string_free (&full_address); 611 dbus_free_string_array (auth_mechanisms); 612 dbus_server_free_data_slot (&server_data_slot); 613 614 return context; 615 616 failed: 617 if (parser != NULL) 618 bus_config_parser_unref (parser); 619 620 if (context != NULL) 621 bus_context_unref (context); 622 623 _dbus_string_free (&full_address); 624 dbus_free_string_array (auth_mechanisms); 625 626 dbus_server_free_data_slot (&server_data_slot); 627 628 return NULL; 629} 630 631static void 632shutdown_server (BusContext *context, 633 DBusServer *server) 634{ 635 if (server == NULL || 636 !dbus_server_get_is_connected (server)) 637 return; 638 639 if (!dbus_server_set_watch_functions (server, 640 NULL, NULL, NULL, 641 context, 642 NULL)) 643 _dbus_assert_not_reached ("setting watch functions to NULL failed"); 644 645 if (!dbus_server_set_timeout_functions (server, 646 NULL, NULL, NULL, 647 context, 648 NULL)) 649 _dbus_assert_not_reached ("setting timeout functions to NULL failed"); 650 651 dbus_server_disconnect (server); 652} 653 654void 655bus_context_shutdown (BusContext *context) 656{ 657 DBusList *link; 658 659 link = _dbus_list_get_first_link (&context->servers); 660 while (link != NULL) 661 { 662 shutdown_server (context, link->data); 663 664 link = _dbus_list_get_next_link (&context->servers, link); 665 } 666} 667 668void 669bus_context_ref (BusContext *context) 670{ 671 _dbus_assert (context->refcount > 0); 672 context->refcount += 1; 673} 674 675void 676bus_context_unref (BusContext *context) 677{ 678 _dbus_assert (context->refcount > 0); 679 context->refcount -= 1; 680 681 if (context->refcount == 0) 682 { 683 DBusList *link; 684 685 _dbus_verbose ("Finalizing bus context %p\n", context); 686 687 bus_context_shutdown (context); 688 689 if (context->connections) 690 { 691 bus_connections_unref (context->connections); 692 context->connections = NULL; 693 } 694 695 if (context->registry) 696 { 697 bus_registry_unref (context->registry); 698 context->registry = NULL; 699 } 700 701 if (context->activation) 702 { 703 bus_activation_unref (context->activation); 704 context->activation = NULL; 705 } 706 707 link = _dbus_list_get_first_link (&context->servers); 708 while (link != NULL) 709 { 710 dbus_server_unref (link->data); 711 712 link = _dbus_list_get_next_link (&context->servers, link); 713 } 714 _dbus_list_clear (&context->servers); 715 716 if (context->policy) 717 { 718 bus_policy_unref (context->policy); 719 context->policy = NULL; 720 } 721 722 if (context->loop) 723 { 724 _dbus_loop_unref (context->loop); 725 context->loop = NULL; 726 } 727 728 if (context->matchmaker) 729 { 730 bus_matchmaker_unref (context->matchmaker); 731 context->matchmaker = NULL; 732 } 733 734 dbus_free (context->type); 735 dbus_free (context->address); 736 737 if (context->pidfile) 738 { 739 DBusString u; 740 _dbus_string_init_const (&u, context->pidfile); 741 742 /* Deliberately ignore errors here, since there's not much 743 * we can do about it, and we're exiting anyways. 744 */ 745 _dbus_delete_file (&u, NULL); 746 747 dbus_free (context->pidfile); 748 } 749 750 _dbus_user_database_unref (context->user_database); 751 752 dbus_free (context); 753 754 dbus_server_free_data_slot (&server_data_slot); 755 } 756} 757 758/* type may be NULL */ 759const char* 760bus_context_get_type (BusContext *context) 761{ 762 return context->type; 763} 764 765const char* 766bus_context_get_address (BusContext *context) 767{ 768 return context->address; 769} 770 771BusRegistry* 772bus_context_get_registry (BusContext *context) 773{ 774 return context->registry; 775} 776 777BusConnections* 778bus_context_get_connections (BusContext *context) 779{ 780 return context->connections; 781} 782 783BusActivation* 784bus_context_get_activation (BusContext *context) 785{ 786 return context->activation; 787} 788 789BusMatchmaker* 790bus_context_get_matchmaker (BusContext *context) 791{ 792 return context->matchmaker; 793} 794 795DBusLoop* 796bus_context_get_loop (BusContext *context) 797{ 798 return context->loop; 799} 800 801DBusUserDatabase* 802bus_context_get_user_database (BusContext *context) 803{ 804 return context->user_database; 805} 806 807dbus_bool_t 808bus_context_allow_user (BusContext *context, 809 unsigned long uid) 810{ 811 return bus_policy_allow_user (context->policy, 812 context->user_database, 813 uid); 814} 815 816BusClientPolicy* 817bus_context_create_client_policy (BusContext *context, 818 DBusConnection *connection, 819 DBusError *error) 820{ 821 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 822 return bus_policy_create_client_policy (context->policy, connection, 823 error); 824} 825 826int 827bus_context_get_activation_timeout (BusContext *context) 828{ 829 830 return context->limits.activation_timeout; 831} 832 833int 834bus_context_get_auth_timeout (BusContext *context) 835{ 836 return context->limits.auth_timeout; 837} 838 839int 840bus_context_get_max_completed_connections (BusContext *context) 841{ 842 return context->limits.max_completed_connections; 843} 844 845int 846bus_context_get_max_incomplete_connections (BusContext *context) 847{ 848 return context->limits.max_incomplete_connections; 849} 850 851int 852bus_context_get_max_connections_per_user (BusContext *context) 853{ 854 return context->limits.max_connections_per_user; 855} 856 857int 858bus_context_get_max_pending_activations (BusContext *context) 859{ 860 return context->limits.max_pending_activations; 861} 862 863int 864bus_context_get_max_services_per_connection (BusContext *context) 865{ 866 return context->limits.max_services_per_connection; 867} 868 869int 870bus_context_get_max_match_rules_per_connection (BusContext *context) 871{ 872 return context->limits.max_match_rules_per_connection; 873} 874 875int 876bus_context_get_max_replies_per_connection (BusContext *context) 877{ 878 return context->limits.max_replies_per_connection; 879} 880 881int 882bus_context_get_reply_timeout (BusContext *context) 883{ 884 return context->limits.reply_timeout; 885} 886 887/* 888 * addressed_recipient is the recipient specified in the message. 889 * 890 * proposed_recipient is the recipient we're considering sending 891 * to right this second, and may be an eavesdropper. 892 * 893 * sender is the sender of the message. 894 * 895 * NULL for proposed_recipient or sender definitely means the bus driver. 896 * 897 * NULL for addressed_recipient may mean the bus driver, or may mean 898 * no destination was specified in the message (e.g. a signal). 899 */ 900dbus_bool_t 901bus_context_check_security_policy (BusContext *context, 902 BusTransaction *transaction, 903 DBusConnection *sender, 904 DBusConnection *addressed_recipient, 905 DBusConnection *proposed_recipient, 906 DBusMessage *message, 907 DBusError *error) 908{ 909 BusClientPolicy *sender_policy; 910 BusClientPolicy *recipient_policy; 911 int type; 912 dbus_bool_t requested_reply; 913 914 type = dbus_message_get_type (message); 915 916 /* dispatch.c was supposed to ensure these invariants */ 917 _dbus_assert (dbus_message_get_destination (message) != NULL || 918 type == DBUS_MESSAGE_TYPE_SIGNAL); 919 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL || 920 addressed_recipient != NULL || 921 strcmp (dbus_message_get_destination (message), DBUS_SERVICE_ORG_FREEDESKTOP_DBUS) == 0); 922 923 switch (type) 924 { 925 case DBUS_MESSAGE_TYPE_METHOD_CALL: 926 case DBUS_MESSAGE_TYPE_SIGNAL: 927 case DBUS_MESSAGE_TYPE_METHOD_RETURN: 928 case DBUS_MESSAGE_TYPE_ERROR: 929 break; 930 931 default: 932 _dbus_verbose ("security check disallowing message of unknown type %d\n", 933 type); 934 935 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 936 "Message bus will not accept messages of unknown type\n"); 937 938 return FALSE; 939 } 940 941 requested_reply = FALSE; 942 943 if (sender != NULL) 944 { 945 if (bus_connection_is_active (sender)) 946 { 947 sender_policy = bus_connection_get_policy (sender); 948 _dbus_assert (sender_policy != NULL); 949 950 /* Fill in requested_reply variable with TRUE if this is a 951 * reply and the reply was pending. 952 */ 953 if (dbus_message_get_reply_serial (message) != 0) 954 { 955 if (proposed_recipient != NULL /* not to the bus driver */ && 956 addressed_recipient == proposed_recipient /* not eavesdropping */) 957 { 958 DBusError error2; 959 960 dbus_error_init (&error2); 961 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender), 962 transaction, 963 sender, addressed_recipient, message, 964 &error2); 965 if (dbus_error_is_set (&error2)) 966 { 967 dbus_move_error (&error2, error); 968 return FALSE; 969 } 970 } 971 } 972 } 973 else 974 { 975 /* Policy for inactive connections is that they can only send 976 * the hello message to the bus driver 977 */ 978 if (proposed_recipient == NULL && 979 dbus_message_is_method_call (message, 980 DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS, 981 "Hello")) 982 { 983 _dbus_verbose ("security check allowing %s message\n", 984 "Hello"); 985 return TRUE; 986 } 987 else 988 { 989 _dbus_verbose ("security check disallowing non-%s message\n", 990 "Hello"); 991 992 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 993 "Client tried to send a message other than %s without being registered", 994 "Hello"); 995 996 return FALSE; 997 } 998 } 999 } 1000 else 1001 { 1002 sender_policy = NULL; 1003 1004 /* If the sender is the bus driver, we assume any reply was a 1005 * requested reply as bus driver won't send bogus ones 1006 */ 1007 if (addressed_recipient == proposed_recipient /* not eavesdropping */ && 1008 dbus_message_get_reply_serial (message) != 0) 1009 requested_reply = TRUE; 1010 } 1011 1012 _dbus_assert ((sender != NULL && sender_policy != NULL) || 1013 (sender == NULL && sender_policy == NULL)); 1014 1015 if (proposed_recipient != NULL) 1016 { 1017 /* only the bus driver can send to an inactive recipient (as it 1018 * owns no services, so other apps can't address it). Inactive 1019 * recipients can receive any message. 1020 */ 1021 if (bus_connection_is_active (proposed_recipient)) 1022 { 1023 recipient_policy = bus_connection_get_policy (proposed_recipient); 1024 _dbus_assert (recipient_policy != NULL); 1025 } 1026 else if (sender == NULL) 1027 { 1028 _dbus_verbose ("security check using NULL recipient policy for message from bus\n"); 1029 recipient_policy = NULL; 1030 } 1031 else 1032 { 1033 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n"); 1034 recipient_policy = NULL; 1035 } 1036 } 1037 else 1038 recipient_policy = NULL; 1039 1040 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) || 1041 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) || 1042 (proposed_recipient == NULL && recipient_policy == NULL)); 1043 1044 if (sender_policy && 1045 !bus_client_policy_check_can_send (sender_policy, 1046 context->registry, proposed_recipient, 1047 message)) 1048 { 1049 const char *dest = dbus_message_get_destination (message); 1050 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1051 "A security policy in place prevents this sender " 1052 "from sending this message to this recipient, " 1053 "see message bus configuration file (rejected message " 1054 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")", 1055 dbus_message_get_interface (message) ? 1056 dbus_message_get_interface (message) : "(unset)", 1057 dbus_message_get_member (message) ? 1058 dbus_message_get_member (message) : "(unset)", 1059 dbus_message_get_error_name (message) ? 1060 dbus_message_get_error_name (message) : "(unset)", 1061 dest ? dest : DBUS_SERVICE_ORG_FREEDESKTOP_DBUS); 1062 _dbus_verbose ("security policy disallowing message due to sender policy\n"); 1063 return FALSE; 1064 } 1065 1066 if (recipient_policy && 1067 !bus_client_policy_check_can_receive (recipient_policy, 1068 context->registry, 1069 requested_reply, 1070 sender, 1071 addressed_recipient, proposed_recipient, 1072 message)) 1073 { 1074 const char *dest = dbus_message_get_destination (message); 1075 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1076 "A security policy in place prevents this recipient " 1077 "from receiving this message from this sender, " 1078 "see message bus configuration file (rejected message " 1079 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)", 1080 dbus_message_get_interface (message) ? 1081 dbus_message_get_interface (message) : "(unset)", 1082 dbus_message_get_member (message) ? 1083 dbus_message_get_member (message) : "(unset)", 1084 dbus_message_get_error_name (message) ? 1085 dbus_message_get_error_name (message) : "(unset)", 1086 dest ? dest : DBUS_SERVICE_ORG_FREEDESKTOP_DBUS, 1087 dbus_message_get_reply_serial (message), 1088 requested_reply); 1089 _dbus_verbose ("security policy disallowing message due to recipient policy\n"); 1090 return FALSE; 1091 } 1092 1093 /* See if limits on size have been exceeded */ 1094 if (proposed_recipient && 1095 dbus_connection_get_outgoing_size (proposed_recipient) > 1096 context->limits.max_outgoing_bytes) 1097 { 1098 const char *dest = dbus_message_get_destination (message); 1099 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, 1100 "The destination service \"%s\" has a full message queue", 1101 dest ? dest : (proposed_recipient ? 1102 bus_connection_get_name (proposed_recipient) : 1103 DBUS_SERVICE_ORG_FREEDESKTOP_DBUS)); 1104 _dbus_verbose ("security policy disallowing message due to full message queue\n"); 1105 return FALSE; 1106 } 1107 1108 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL) 1109 { 1110 /* Record that we will allow a reply here in the future (don't 1111 * bother if the recipient is the bus). Only the addressed recipient 1112 * may reply. 1113 */ 1114 if (sender && addressed_recipient && 1115 !bus_connections_expect_reply (bus_connection_get_connections (sender), 1116 transaction, 1117 sender, addressed_recipient, 1118 message, error)) 1119 { 1120 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); 1121 return FALSE; 1122 } 1123 } 1124 1125 _dbus_verbose ("security policy allowing message\n"); 1126 return TRUE; 1127} 1128