bus.c revision b93476ce07acce83ff3b396616bb8a0eaf719916
1/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ 2/* bus.c message bus context object 3 * 4 * Copyright (C) 2003, 2004 Red Hat, Inc. 5 * 6 * Licensed under the Academic Free License version 2.1 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 21 * 22 */ 23 24#include "bus.h" 25#include "activation.h" 26#include "connection.h" 27#include "services.h" 28#include "utils.h" 29#include "policy.h" 30#include "config-parser.h" 31#include "signals.h" 32#include "selinux.h" 33#include "dir-watch.h" 34#include <dbus/dbus-list.h> 35#include <dbus/dbus-hash.h> 36#include <dbus/dbus-internals.h> 37 38struct BusContext 39{ 40 int refcount; 41 DBusGUID uuid; 42 char *config_file; 43 char *type; 44 char *servicehelper; 45 char *address; 46 char *pidfile; 47 char *user; 48 DBusLoop *loop; 49 DBusList *servers; 50 BusConnections *connections; 51 BusActivation *activation; 52 BusRegistry *registry; 53 BusPolicy *policy; 54 BusMatchmaker *matchmaker; 55 BusLimits limits; 56 unsigned int fork : 1; 57 unsigned int syslog : 1; 58 unsigned int keep_umask : 1; 59}; 60 61static dbus_int32_t server_data_slot = -1; 62 63typedef struct 64{ 65 BusContext *context; 66} BusServerData; 67 68#define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot)) 69 70static BusContext* 71server_get_context (DBusServer *server) 72{ 73 BusContext *context; 74 BusServerData *bd; 75 76 if (!dbus_server_allocate_data_slot (&server_data_slot)) 77 return NULL; 78 79 bd = BUS_SERVER_DATA (server); 80 if (bd == NULL) 81 { 82 dbus_server_free_data_slot (&server_data_slot); 83 return NULL; 84 } 85 86 context = bd->context; 87 88 dbus_server_free_data_slot (&server_data_slot); 89 90 return context; 91} 92 93static dbus_bool_t 94server_watch_callback (DBusWatch *watch, 95 unsigned int condition, 96 void *data) 97{ 98 /* FIXME this can be done in dbus-mainloop.c 99 * if the code in activation.c for the babysitter 100 * watch handler is fixed. 101 */ 102 103 return dbus_watch_handle (watch, condition); 104} 105 106static dbus_bool_t 107add_server_watch (DBusWatch *watch, 108 void *data) 109{ 110 DBusServer *server = data; 111 BusContext *context; 112 113 context = server_get_context (server); 114 115 return _dbus_loop_add_watch (context->loop, 116 watch, server_watch_callback, server, 117 NULL); 118} 119 120static void 121remove_server_watch (DBusWatch *watch, 122 void *data) 123{ 124 DBusServer *server = data; 125 BusContext *context; 126 127 context = server_get_context (server); 128 129 _dbus_loop_remove_watch (context->loop, 130 watch, server_watch_callback, server); 131} 132 133 134static void 135server_timeout_callback (DBusTimeout *timeout, 136 void *data) 137{ 138 /* can return FALSE on OOM but we just let it fire again later */ 139 dbus_timeout_handle (timeout); 140} 141 142static dbus_bool_t 143add_server_timeout (DBusTimeout *timeout, 144 void *data) 145{ 146 DBusServer *server = data; 147 BusContext *context; 148 149 context = server_get_context (server); 150 151 return _dbus_loop_add_timeout (context->loop, 152 timeout, server_timeout_callback, server, NULL); 153} 154 155static void 156remove_server_timeout (DBusTimeout *timeout, 157 void *data) 158{ 159 DBusServer *server = data; 160 BusContext *context; 161 162 context = server_get_context (server); 163 164 _dbus_loop_remove_timeout (context->loop, 165 timeout, server_timeout_callback, server); 166} 167 168static void 169new_connection_callback (DBusServer *server, 170 DBusConnection *new_connection, 171 void *data) 172{ 173 BusContext *context = data; 174 175 if (!bus_connections_setup_connection (context->connections, new_connection)) 176 { 177 _dbus_verbose ("No memory to setup new connection\n"); 178 179 /* if we don't do this, it will get unref'd without 180 * being disconnected... kind of strange really 181 * that we have to do this, people won't get it right 182 * in general. 183 */ 184 dbus_connection_close (new_connection); 185 } 186 187 dbus_connection_set_max_received_size (new_connection, 188 context->limits.max_incoming_bytes); 189 190 dbus_connection_set_max_message_size (new_connection, 191 context->limits.max_message_size); 192 193 /* on OOM, we won't have ref'd the connection so it will die. */ 194} 195 196static void 197free_server_data (void *data) 198{ 199 BusServerData *bd = data; 200 201 dbus_free (bd); 202} 203 204static dbus_bool_t 205setup_server (BusContext *context, 206 DBusServer *server, 207 char **auth_mechanisms, 208 DBusError *error) 209{ 210 BusServerData *bd; 211 212 bd = dbus_new0 (BusServerData, 1); 213 if (bd == NULL || !dbus_server_set_data (server, 214 server_data_slot, 215 bd, free_server_data)) 216 { 217 dbus_free (bd); 218 BUS_SET_OOM (error); 219 return FALSE; 220 } 221 222 bd->context = context; 223 224 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms)) 225 { 226 BUS_SET_OOM (error); 227 return FALSE; 228 } 229 230 dbus_server_set_new_connection_function (server, 231 new_connection_callback, 232 context, NULL); 233 234 if (!dbus_server_set_watch_functions (server, 235 add_server_watch, 236 remove_server_watch, 237 NULL, 238 server, 239 NULL)) 240 { 241 BUS_SET_OOM (error); 242 return FALSE; 243 } 244 245 if (!dbus_server_set_timeout_functions (server, 246 add_server_timeout, 247 remove_server_timeout, 248 NULL, 249 server, NULL)) 250 { 251 BUS_SET_OOM (error); 252 return FALSE; 253 } 254 255 return TRUE; 256} 257 258/* This code only gets executed the first time the 259 * config files are parsed. It is not executed 260 * when config files are reloaded. 261 */ 262static dbus_bool_t 263process_config_first_time_only (BusContext *context, 264 BusConfigParser *parser, 265 DBusError *error) 266{ 267 DBusList *link; 268 DBusList **addresses; 269 const char *user, *pidfile; 270 char **auth_mechanisms; 271 DBusList **auth_mechanisms_list; 272 int len; 273 dbus_bool_t retval; 274 275 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 276 277 retval = FALSE; 278 auth_mechanisms = NULL; 279 280 /* Check for an existing pid file. Of course this is a race; 281 * we'd have to use fcntl() locks on the pid file to 282 * avoid that. But we want to check for the pid file 283 * before overwriting any existing sockets, etc. 284 */ 285 pidfile = bus_config_parser_get_pidfile (parser); 286 if (pidfile != NULL) 287 { 288 DBusString u; 289 DBusStat stbuf; 290 291 _dbus_string_init_const (&u, pidfile); 292 293 if (_dbus_stat (&u, &stbuf, NULL)) 294 { 295 dbus_set_error (error, DBUS_ERROR_FAILED, 296 "The pid file \"%s\" exists, if the message bus is not running, remove this file", 297 pidfile); 298 goto failed; 299 } 300 } 301 302 /* keep around the pid filename so we can delete it later */ 303 context->pidfile = _dbus_strdup (pidfile); 304 305 /* Build an array of auth mechanisms */ 306 307 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser); 308 len = _dbus_list_get_length (auth_mechanisms_list); 309 310 if (len > 0) 311 { 312 int i; 313 314 auth_mechanisms = dbus_new0 (char*, len + 1); 315 if (auth_mechanisms == NULL) 316 { 317 BUS_SET_OOM (error); 318 goto failed; 319 } 320 321 i = 0; 322 link = _dbus_list_get_first_link (auth_mechanisms_list); 323 while (link != NULL) 324 { 325 auth_mechanisms[i] = _dbus_strdup (link->data); 326 if (auth_mechanisms[i] == NULL) 327 { 328 BUS_SET_OOM (error); 329 goto failed; 330 } 331 link = _dbus_list_get_next_link (auth_mechanisms_list, link); 332 } 333 } 334 else 335 { 336 auth_mechanisms = NULL; 337 } 338 339 /* Listen on our addresses */ 340 341 addresses = bus_config_parser_get_addresses (parser); 342 343 link = _dbus_list_get_first_link (addresses); 344 while (link != NULL) 345 { 346 DBusServer *server; 347 348 server = dbus_server_listen (link->data, error); 349 if (server == NULL) 350 { 351 _DBUS_ASSERT_ERROR_IS_SET (error); 352 goto failed; 353 } 354 else if (!setup_server (context, server, auth_mechanisms, error)) 355 { 356 _DBUS_ASSERT_ERROR_IS_SET (error); 357 goto failed; 358 } 359 360 if (!_dbus_list_append (&context->servers, server)) 361 { 362 BUS_SET_OOM (error); 363 goto failed; 364 } 365 366 link = _dbus_list_get_next_link (addresses, link); 367 } 368 369 /* note that type may be NULL */ 370 context->type = _dbus_strdup (bus_config_parser_get_type (parser)); 371 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL) 372 { 373 BUS_SET_OOM (error); 374 goto failed; 375 } 376 377 user = bus_config_parser_get_user (parser); 378 if (user != NULL) 379 { 380 context->user = _dbus_strdup (user); 381 if (context->user == NULL) 382 { 383 BUS_SET_OOM (error); 384 goto failed; 385 } 386 } 387 388 context->fork = bus_config_parser_get_fork (parser); 389 context->syslog = bus_config_parser_get_syslog (parser); 390 context->keep_umask = bus_config_parser_get_keep_umask (parser); 391 392 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 393 retval = TRUE; 394 395 failed: 396 dbus_free_string_array (auth_mechanisms); 397 return retval; 398} 399 400/* This code gets executed every time the config files 401 * are parsed: both during BusContext construction 402 * and on reloads. This function is slightly screwy 403 * since it can do a "half reload" in out-of-memory 404 * situations. Realistically, unlikely to ever matter. 405 */ 406static dbus_bool_t 407process_config_every_time (BusContext *context, 408 BusConfigParser *parser, 409 dbus_bool_t is_reload, 410 DBusError *error) 411{ 412 DBusString full_address; 413 DBusList *link; 414 DBusList **dirs; 415 BusActivation *new_activation; 416 char *addr; 417 const char *servicehelper; 418 char *s; 419 420 dbus_bool_t retval; 421 422 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 423 424 addr = NULL; 425 retval = FALSE; 426 427 if (!_dbus_string_init (&full_address)) 428 { 429 BUS_SET_OOM (error); 430 return FALSE; 431 } 432 433 /* get our limits and timeout lengths */ 434 bus_config_parser_get_limits (parser, &context->limits); 435 436 if (context->policy) 437 bus_policy_unref (context->policy); 438 context->policy = bus_config_parser_steal_policy (parser); 439 _dbus_assert (context->policy != NULL); 440 441 /* We have to build the address backward, so that 442 * <listen> later in the config file have priority 443 */ 444 link = _dbus_list_get_last_link (&context->servers); 445 while (link != NULL) 446 { 447 addr = dbus_server_get_address (link->data); 448 if (addr == NULL) 449 { 450 BUS_SET_OOM (error); 451 goto failed; 452 } 453 454 if (_dbus_string_get_length (&full_address) > 0) 455 { 456 if (!_dbus_string_append (&full_address, ";")) 457 { 458 BUS_SET_OOM (error); 459 goto failed; 460 } 461 } 462 463 if (!_dbus_string_append (&full_address, addr)) 464 { 465 BUS_SET_OOM (error); 466 goto failed; 467 } 468 469 dbus_free (addr); 470 addr = NULL; 471 472 link = _dbus_list_get_prev_link (&context->servers, link); 473 } 474 475 if (is_reload) 476 dbus_free (context->address); 477 478 if (!_dbus_string_copy_data (&full_address, &context->address)) 479 { 480 BUS_SET_OOM (error); 481 goto failed; 482 } 483 484 /* get the service directories */ 485 dirs = bus_config_parser_get_service_dirs (parser); 486 487 /* and the service helper */ 488 servicehelper = bus_config_parser_get_servicehelper (parser); 489 490 s = _dbus_strdup(servicehelper); 491 if (s == NULL && servicehelper != NULL) 492 { 493 BUS_SET_OOM (error); 494 goto failed; 495 } 496 else 497 { 498 dbus_free(context->servicehelper); 499 context->servicehelper = s; 500 } 501 502 /* Create activation subsystem */ 503 if (context->activation) 504 { 505 if (!bus_activation_reload (context->activation, &full_address, dirs, error)) 506 goto failed; 507 } 508 else 509 { 510 context->activation = bus_activation_new (context, &full_address, dirs, error); 511 } 512 513 if (context->activation == NULL) 514 { 515 _DBUS_ASSERT_ERROR_IS_SET (error); 516 goto failed; 517 } 518 519 /* Drop existing conf-dir watches (if applicable) */ 520 521 if (is_reload) 522 bus_drop_all_directory_watches (); 523 524 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 525 retval = TRUE; 526 527 failed: 528 _dbus_string_free (&full_address); 529 530 if (addr) 531 dbus_free (addr); 532 533 return retval; 534} 535 536static dbus_bool_t 537process_config_postinit (BusContext *context, 538 BusConfigParser *parser, 539 DBusError *error) 540{ 541 DBusHashTable *service_context_table; 542 543 service_context_table = bus_config_parser_steal_service_context_table (parser); 544 if (!bus_registry_set_service_context_table (context->registry, 545 service_context_table)) 546 { 547 BUS_SET_OOM (error); 548 return FALSE; 549 } 550 551 _dbus_hash_table_unref (service_context_table); 552 553 /* Watch all conf directories */ 554 _dbus_list_foreach (bus_config_parser_get_conf_dirs (parser), 555 (DBusForeachFunction) bus_watch_directory, 556 context); 557 558 return TRUE; 559} 560 561BusContext* 562bus_context_new (const DBusString *config_file, 563 ForceForkSetting force_fork, 564 DBusPipe *print_addr_pipe, 565 DBusPipe *print_pid_pipe, 566 DBusError *error) 567{ 568 BusContext *context; 569 BusConfigParser *parser; 570 571 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 572 573 context = NULL; 574 parser = NULL; 575 576 if (!dbus_server_allocate_data_slot (&server_data_slot)) 577 { 578 BUS_SET_OOM (error); 579 return NULL; 580 } 581 582 context = dbus_new0 (BusContext, 1); 583 if (context == NULL) 584 { 585 BUS_SET_OOM (error); 586 goto failed; 587 } 588 context->refcount = 1; 589 590 _dbus_generate_uuid (&context->uuid); 591 592 if (!_dbus_string_copy_data (config_file, &context->config_file)) 593 { 594 BUS_SET_OOM (error); 595 goto failed; 596 } 597 598 context->loop = _dbus_loop_new (); 599 if (context->loop == NULL) 600 { 601 BUS_SET_OOM (error); 602 goto failed; 603 } 604 605 context->registry = bus_registry_new (context); 606 if (context->registry == NULL) 607 { 608 BUS_SET_OOM (error); 609 goto failed; 610 } 611 612 parser = bus_config_load (config_file, TRUE, NULL, error); 613 if (parser == NULL) 614 { 615 _DBUS_ASSERT_ERROR_IS_SET (error); 616 goto failed; 617 } 618 619 if (!process_config_first_time_only (context, parser, error)) 620 { 621 _DBUS_ASSERT_ERROR_IS_SET (error); 622 goto failed; 623 } 624 if (!process_config_every_time (context, parser, FALSE, error)) 625 { 626 _DBUS_ASSERT_ERROR_IS_SET (error); 627 goto failed; 628 } 629 630 /* we need another ref of the server data slot for the context 631 * to own 632 */ 633 if (!dbus_server_allocate_data_slot (&server_data_slot)) 634 _dbus_assert_not_reached ("second ref of server data slot failed"); 635 636 /* Note that we don't know whether the print_addr_pipe is 637 * one of the sockets we're using to listen on, or some 638 * other random thing. But I think the answer is "don't do 639 * that then" 640 */ 641 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe)) 642 { 643 DBusString addr; 644 const char *a = bus_context_get_address (context); 645 int bytes; 646 647 _dbus_assert (a != NULL); 648 if (!_dbus_string_init (&addr)) 649 { 650 BUS_SET_OOM (error); 651 goto failed; 652 } 653 654 if (!_dbus_string_append (&addr, a) || 655 !_dbus_string_append (&addr, "\n")) 656 { 657 _dbus_string_free (&addr); 658 BUS_SET_OOM (error); 659 goto failed; 660 } 661 662 bytes = _dbus_string_get_length (&addr); 663 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes) 664 { 665 /* pipe write returns an error on failure but not short write */ 666 if (error != NULL && !dbus_error_is_set (error)) 667 { 668 dbus_set_error (error, DBUS_ERROR_FAILED, 669 "Printing message bus address: did not write all bytes\n"); 670 } 671 _dbus_string_free (&addr); 672 goto failed; 673 } 674 675 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe)) 676 _dbus_pipe_close (print_addr_pipe, NULL); 677 678 _dbus_string_free (&addr); 679 } 680 681 context->connections = bus_connections_new (context); 682 if (context->connections == NULL) 683 { 684 BUS_SET_OOM (error); 685 goto failed; 686 } 687 688 context->matchmaker = bus_matchmaker_new (); 689 if (context->matchmaker == NULL) 690 { 691 BUS_SET_OOM (error); 692 goto failed; 693 } 694 695 /* check user before we fork */ 696 if (context->user != NULL) 697 { 698 if (!_dbus_verify_daemon_user (context->user)) 699 { 700 dbus_set_error (error, DBUS_ERROR_FAILED, 701 "Could not get UID and GID for username \"%s\"", 702 context->user); 703 goto failed; 704 } 705 } 706 707 /* Now become a daemon if appropriate and write out pid file in any case */ 708 { 709 DBusString u; 710 711 if (context->pidfile) 712 _dbus_string_init_const (&u, context->pidfile); 713 714 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS) 715 { 716 _dbus_verbose ("Forking and becoming daemon\n"); 717 718 if (!_dbus_become_daemon (context->pidfile ? &u : NULL, 719 print_pid_pipe, 720 error, 721 context->keep_umask)) 722 { 723 _DBUS_ASSERT_ERROR_IS_SET (error); 724 goto failed; 725 } 726 } 727 else 728 { 729 _dbus_verbose ("Fork not requested\n"); 730 731 /* Need to write PID file and to PID pipe for ourselves, 732 * not for the child process. This is a no-op if the pidfile 733 * is NULL and print_pid_pipe is NULL. 734 */ 735 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL, 736 print_pid_pipe, 737 _dbus_getpid (), 738 error)) 739 { 740 _DBUS_ASSERT_ERROR_IS_SET (error); 741 goto failed; 742 } 743 } 744 } 745 746 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) && 747 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) 748 _dbus_pipe_close (print_pid_pipe, NULL); 749 750 if (!bus_selinux_full_init ()) 751 { 752 _dbus_warn ("SELinux initialization failed\n"); 753 } 754 755 if (!process_config_postinit (context, parser, error)) 756 { 757 _DBUS_ASSERT_ERROR_IS_SET (error); 758 goto failed; 759 } 760 761 if (parser != NULL) 762 { 763 bus_config_parser_unref (parser); 764 parser = NULL; 765 } 766 767 /* Here we change our credentials if required, 768 * as soon as we've set up our sockets and pidfile 769 */ 770 if (context->user != NULL) 771 { 772 if (!_dbus_change_to_daemon_user (context->user, error)) 773 { 774 _DBUS_ASSERT_ERROR_IS_SET (error); 775 goto failed; 776 } 777 778#ifdef HAVE_SELINUX 779 /* FIXME - why not just put this in full_init() below? */ 780 bus_selinux_audit_init (); 781#endif 782 } 783 784 dbus_server_free_data_slot (&server_data_slot); 785 786 return context; 787 788 failed: 789 if (parser != NULL) 790 bus_config_parser_unref (parser); 791 if (context != NULL) 792 bus_context_unref (context); 793 794 if (server_data_slot >= 0) 795 dbus_server_free_data_slot (&server_data_slot); 796 797 return NULL; 798} 799 800dbus_bool_t 801bus_context_get_id (BusContext *context, 802 DBusString *uuid) 803{ 804 return _dbus_uuid_encode (&context->uuid, uuid); 805} 806 807dbus_bool_t 808bus_context_reload_config (BusContext *context, 809 DBusError *error) 810{ 811 BusConfigParser *parser; 812 DBusString config_file; 813 dbus_bool_t ret; 814 815 /* Flush the user database cache */ 816 _dbus_flush_caches (); 817 818 ret = FALSE; 819 _dbus_string_init_const (&config_file, context->config_file); 820 parser = bus_config_load (&config_file, TRUE, NULL, error); 821 if (parser == NULL) 822 { 823 _DBUS_ASSERT_ERROR_IS_SET (error); 824 goto failed; 825 } 826 827 if (!process_config_every_time (context, parser, TRUE, error)) 828 { 829 _DBUS_ASSERT_ERROR_IS_SET (error); 830 goto failed; 831 } 832 if (!process_config_postinit (context, parser, error)) 833 { 834 _DBUS_ASSERT_ERROR_IS_SET (error); 835 goto failed; 836 } 837 ret = TRUE; 838 839 bus_context_log_info (context, "Reloaded configuration"); 840 failed: 841 if (!ret) 842 bus_context_log_info (context, "Unable to reload configuration: %s", error->message); 843 if (parser != NULL) 844 bus_config_parser_unref (parser); 845 return ret; 846} 847 848static void 849shutdown_server (BusContext *context, 850 DBusServer *server) 851{ 852 if (server == NULL || 853 !dbus_server_get_is_connected (server)) 854 return; 855 856 if (!dbus_server_set_watch_functions (server, 857 NULL, NULL, NULL, 858 context, 859 NULL)) 860 _dbus_assert_not_reached ("setting watch functions to NULL failed"); 861 862 if (!dbus_server_set_timeout_functions (server, 863 NULL, NULL, NULL, 864 context, 865 NULL)) 866 _dbus_assert_not_reached ("setting timeout functions to NULL failed"); 867 868 dbus_server_disconnect (server); 869} 870 871void 872bus_context_shutdown (BusContext *context) 873{ 874 DBusList *link; 875 876 link = _dbus_list_get_first_link (&context->servers); 877 while (link != NULL) 878 { 879 shutdown_server (context, link->data); 880 881 link = _dbus_list_get_next_link (&context->servers, link); 882 } 883} 884 885BusContext * 886bus_context_ref (BusContext *context) 887{ 888 _dbus_assert (context->refcount > 0); 889 context->refcount += 1; 890 891 return context; 892} 893 894void 895bus_context_unref (BusContext *context) 896{ 897 _dbus_assert (context->refcount > 0); 898 context->refcount -= 1; 899 900 if (context->refcount == 0) 901 { 902 DBusList *link; 903 904 _dbus_verbose ("Finalizing bus context %p\n", context); 905 906 bus_context_shutdown (context); 907 908 if (context->connections) 909 { 910 bus_connections_unref (context->connections); 911 context->connections = NULL; 912 } 913 914 if (context->registry) 915 { 916 bus_registry_unref (context->registry); 917 context->registry = NULL; 918 } 919 920 if (context->activation) 921 { 922 bus_activation_unref (context->activation); 923 context->activation = NULL; 924 } 925 926 link = _dbus_list_get_first_link (&context->servers); 927 while (link != NULL) 928 { 929 dbus_server_unref (link->data); 930 931 link = _dbus_list_get_next_link (&context->servers, link); 932 } 933 _dbus_list_clear (&context->servers); 934 935 if (context->policy) 936 { 937 bus_policy_unref (context->policy); 938 context->policy = NULL; 939 } 940 941 if (context->loop) 942 { 943 _dbus_loop_unref (context->loop); 944 context->loop = NULL; 945 } 946 947 if (context->matchmaker) 948 { 949 bus_matchmaker_unref (context->matchmaker); 950 context->matchmaker = NULL; 951 } 952 953 dbus_free (context->config_file); 954 dbus_free (context->type); 955 dbus_free (context->address); 956 dbus_free (context->user); 957 dbus_free (context->servicehelper); 958 959 if (context->pidfile) 960 { 961 DBusString u; 962 _dbus_string_init_const (&u, context->pidfile); 963 964 /* Deliberately ignore errors here, since there's not much 965 * we can do about it, and we're exiting anyways. 966 */ 967 _dbus_delete_file (&u, NULL); 968 969 dbus_free (context->pidfile); 970 } 971 dbus_free (context); 972 973 dbus_server_free_data_slot (&server_data_slot); 974 } 975} 976 977/* type may be NULL */ 978const char* 979bus_context_get_type (BusContext *context) 980{ 981 return context->type; 982} 983 984const char* 985bus_context_get_address (BusContext *context) 986{ 987 return context->address; 988} 989 990const char* 991bus_context_get_servicehelper (BusContext *context) 992{ 993 return context->servicehelper; 994} 995 996BusRegistry* 997bus_context_get_registry (BusContext *context) 998{ 999 return context->registry; 1000} 1001 1002BusConnections* 1003bus_context_get_connections (BusContext *context) 1004{ 1005 return context->connections; 1006} 1007 1008BusActivation* 1009bus_context_get_activation (BusContext *context) 1010{ 1011 return context->activation; 1012} 1013 1014BusMatchmaker* 1015bus_context_get_matchmaker (BusContext *context) 1016{ 1017 return context->matchmaker; 1018} 1019 1020DBusLoop* 1021bus_context_get_loop (BusContext *context) 1022{ 1023 return context->loop; 1024} 1025 1026dbus_bool_t 1027bus_context_allow_unix_user (BusContext *context, 1028 unsigned long uid) 1029{ 1030 return bus_policy_allow_unix_user (context->policy, 1031 uid); 1032} 1033 1034/* For now this is never actually called because the default 1035 * DBusConnection behavior of 'same user that owns the bus can connect' 1036 * is all it would do. 1037 */ 1038dbus_bool_t 1039bus_context_allow_windows_user (BusContext *context, 1040 const char *windows_sid) 1041{ 1042 return bus_policy_allow_windows_user (context->policy, 1043 windows_sid); 1044} 1045 1046BusPolicy * 1047bus_context_get_policy (BusContext *context) 1048{ 1049 return context->policy; 1050} 1051 1052BusClientPolicy* 1053bus_context_create_client_policy (BusContext *context, 1054 DBusConnection *connection, 1055 DBusError *error) 1056{ 1057 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 1058 return bus_policy_create_client_policy (context->policy, connection, 1059 error); 1060} 1061 1062int 1063bus_context_get_activation_timeout (BusContext *context) 1064{ 1065 1066 return context->limits.activation_timeout; 1067} 1068 1069int 1070bus_context_get_auth_timeout (BusContext *context) 1071{ 1072 return context->limits.auth_timeout; 1073} 1074 1075int 1076bus_context_get_max_completed_connections (BusContext *context) 1077{ 1078 return context->limits.max_completed_connections; 1079} 1080 1081int 1082bus_context_get_max_incomplete_connections (BusContext *context) 1083{ 1084 return context->limits.max_incomplete_connections; 1085} 1086 1087int 1088bus_context_get_max_connections_per_user (BusContext *context) 1089{ 1090 return context->limits.max_connections_per_user; 1091} 1092 1093int 1094bus_context_get_max_pending_activations (BusContext *context) 1095{ 1096 return context->limits.max_pending_activations; 1097} 1098 1099int 1100bus_context_get_max_services_per_connection (BusContext *context) 1101{ 1102 return context->limits.max_services_per_connection; 1103} 1104 1105int 1106bus_context_get_max_match_rules_per_connection (BusContext *context) 1107{ 1108 return context->limits.max_match_rules_per_connection; 1109} 1110 1111int 1112bus_context_get_max_replies_per_connection (BusContext *context) 1113{ 1114 return context->limits.max_replies_per_connection; 1115} 1116 1117int 1118bus_context_get_reply_timeout (BusContext *context) 1119{ 1120 return context->limits.reply_timeout; 1121} 1122 1123void 1124bus_context_log_info (BusContext *context, const char *msg, ...) 1125{ 1126 va_list args; 1127 1128 va_start (args, msg); 1129 1130 if (context->syslog) 1131 _dbus_log_info (msg, args); 1132 1133 va_end (args); 1134} 1135 1136void 1137bus_context_log_security (BusContext *context, const char *msg, ...) 1138{ 1139 va_list args; 1140 1141 va_start (args, msg); 1142 1143 if (context->syslog) 1144 _dbus_log_security (msg, args); 1145 1146 va_end (args); 1147} 1148 1149/* 1150 * addressed_recipient is the recipient specified in the message. 1151 * 1152 * proposed_recipient is the recipient we're considering sending 1153 * to right this second, and may be an eavesdropper. 1154 * 1155 * sender is the sender of the message. 1156 * 1157 * NULL for proposed_recipient or sender definitely means the bus driver. 1158 * 1159 * NULL for addressed_recipient may mean the bus driver, or may mean 1160 * no destination was specified in the message (e.g. a signal). 1161 */ 1162dbus_bool_t 1163bus_context_check_security_policy (BusContext *context, 1164 BusTransaction *transaction, 1165 DBusConnection *sender, 1166 DBusConnection *addressed_recipient, 1167 DBusConnection *proposed_recipient, 1168 DBusMessage *message, 1169 DBusError *error) 1170{ 1171 const char *dest; 1172 BusClientPolicy *sender_policy; 1173 BusClientPolicy *recipient_policy; 1174 dbus_int32_t toggles; 1175 dbus_bool_t log; 1176 int type; 1177 dbus_bool_t requested_reply; 1178 const char *sender_name; 1179 const char *sender_loginfo; 1180 const char *proposed_recipient_loginfo; 1181 1182 type = dbus_message_get_type (message); 1183 dest = dbus_message_get_destination (message); 1184 1185 /* dispatch.c was supposed to ensure these invariants */ 1186 _dbus_assert (dest != NULL || 1187 type == DBUS_MESSAGE_TYPE_SIGNAL || 1188 (sender == NULL && !bus_connection_is_active (proposed_recipient))); 1189 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL || 1190 addressed_recipient != NULL || 1191 strcmp (dest, DBUS_SERVICE_DBUS) == 0); 1192 1193 /* Used in logging below */ 1194 if (sender != NULL) 1195 { 1196 sender_name = bus_connection_get_name (sender); 1197 sender_loginfo = bus_connection_get_loginfo (sender); 1198 } 1199 else 1200 { 1201 sender_name = NULL; 1202 sender_loginfo = "(bus)"; 1203 } 1204 1205 if (proposed_recipient != NULL) 1206 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient); 1207 else 1208 proposed_recipient_loginfo = "bus"; 1209 1210 switch (type) 1211 { 1212 case DBUS_MESSAGE_TYPE_METHOD_CALL: 1213 case DBUS_MESSAGE_TYPE_SIGNAL: 1214 case DBUS_MESSAGE_TYPE_METHOD_RETURN: 1215 case DBUS_MESSAGE_TYPE_ERROR: 1216 break; 1217 1218 default: 1219 _dbus_verbose ("security check disallowing message of unknown type %d\n", 1220 type); 1221 1222 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1223 "Message bus will not accept messages of unknown type\n"); 1224 1225 return FALSE; 1226 } 1227 1228 requested_reply = FALSE; 1229 1230 if (sender != NULL) 1231 { 1232 /* First verify the SELinux access controls. If allowed then 1233 * go on with the standard checks. 1234 */ 1235 if (!bus_selinux_allows_send (sender, proposed_recipient, 1236 dbus_message_type_to_string (dbus_message_get_type (message)), 1237 dbus_message_get_interface (message), 1238 dbus_message_get_member (message), 1239 dbus_message_get_error_name (message), 1240 dest ? dest : DBUS_SERVICE_DBUS, error)) 1241 { 1242 if (error != NULL && !dbus_error_is_set (error)) 1243 { 1244 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1245 "An SELinux policy prevents this sender " 1246 "from sending this message to this recipient " 1247 "(rejected message had sender \"%s\" interface \"%s\" " 1248 "member \"%s\" error name \"%s\" destination \"%s\")", 1249 sender_name ? sender_name : "(unset)", 1250 dbus_message_get_interface (message) ? 1251 dbus_message_get_interface (message) : "(unset)", 1252 dbus_message_get_member (message) ? 1253 dbus_message_get_member (message) : "(unset)", 1254 dbus_message_get_error_name (message) ? 1255 dbus_message_get_error_name (message) : "(unset)", 1256 dest ? dest : DBUS_SERVICE_DBUS); 1257 _dbus_verbose ("SELinux security check denying send to service\n"); 1258 } 1259 1260 return FALSE; 1261 } 1262 1263 if (bus_connection_is_active (sender)) 1264 { 1265 sender_policy = bus_connection_get_policy (sender); 1266 _dbus_assert (sender_policy != NULL); 1267 1268 /* Fill in requested_reply variable with TRUE if this is a 1269 * reply and the reply was pending. 1270 */ 1271 if (dbus_message_get_reply_serial (message) != 0) 1272 { 1273 if (proposed_recipient != NULL /* not to the bus driver */ && 1274 addressed_recipient == proposed_recipient /* not eavesdropping */) 1275 { 1276 DBusError error2; 1277 1278 dbus_error_init (&error2); 1279 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender), 1280 transaction, 1281 sender, addressed_recipient, message, 1282 &error2); 1283 if (dbus_error_is_set (&error2)) 1284 { 1285 dbus_move_error (&error2, error); 1286 return FALSE; 1287 } 1288 } 1289 } 1290 } 1291 else 1292 { 1293 /* Policy for inactive connections is that they can only send 1294 * the hello message to the bus driver 1295 */ 1296 if (proposed_recipient == NULL && 1297 dbus_message_is_method_call (message, 1298 DBUS_INTERFACE_DBUS, 1299 "Hello")) 1300 { 1301 _dbus_verbose ("security check allowing %s message\n", 1302 "Hello"); 1303 return TRUE; 1304 } 1305 else 1306 { 1307 _dbus_verbose ("security check disallowing non-%s message\n", 1308 "Hello"); 1309 1310 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1311 "Client tried to send a message other than %s without being registered", 1312 "Hello"); 1313 1314 return FALSE; 1315 } 1316 } 1317 } 1318 else 1319 { 1320 sender_policy = NULL; 1321 1322 /* If the sender is the bus driver, we assume any reply was a 1323 * requested reply as bus driver won't send bogus ones 1324 */ 1325 if (addressed_recipient == proposed_recipient /* not eavesdropping */ && 1326 dbus_message_get_reply_serial (message) != 0) 1327 requested_reply = TRUE; 1328 } 1329 1330 _dbus_assert ((sender != NULL && sender_policy != NULL) || 1331 (sender == NULL && sender_policy == NULL)); 1332 1333 if (proposed_recipient != NULL) 1334 { 1335 /* only the bus driver can send to an inactive recipient (as it 1336 * owns no services, so other apps can't address it). Inactive 1337 * recipients can receive any message. 1338 */ 1339 if (bus_connection_is_active (proposed_recipient)) 1340 { 1341 recipient_policy = bus_connection_get_policy (proposed_recipient); 1342 _dbus_assert (recipient_policy != NULL); 1343 } 1344 else if (sender == NULL) 1345 { 1346 _dbus_verbose ("security check using NULL recipient policy for message from bus\n"); 1347 recipient_policy = NULL; 1348 } 1349 else 1350 { 1351 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n"); 1352 recipient_policy = NULL; 1353 } 1354 } 1355 else 1356 recipient_policy = NULL; 1357 1358 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) || 1359 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) || 1360 (proposed_recipient == NULL && recipient_policy == NULL)); 1361 1362 log = FALSE; 1363 if (sender_policy && 1364 !bus_client_policy_check_can_send (sender_policy, 1365 context->registry, 1366 requested_reply, 1367 proposed_recipient, 1368 message, &toggles, &log)) 1369 { 1370 const char *msg = "Rejected send message, %d matched rules; " 1371 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))"; 1372 1373 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg, 1374 toggles, 1375 dbus_message_type_to_string (dbus_message_get_type (message)), 1376 sender_name ? sender_name : "(unset)", 1377 sender_loginfo, 1378 dbus_message_get_interface (message) ? 1379 dbus_message_get_interface (message) : "(unset)", 1380 dbus_message_get_member (message) ? 1381 dbus_message_get_member (message) : "(unset)", 1382 dbus_message_get_error_name (message) ? 1383 dbus_message_get_error_name (message) : "(unset)", 1384 requested_reply, 1385 dest ? dest : DBUS_SERVICE_DBUS, 1386 proposed_recipient_loginfo); 1387 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ 1388 if (addressed_recipient == proposed_recipient) 1389 bus_context_log_security (context, msg, 1390 toggles, 1391 dbus_message_type_to_string (dbus_message_get_type (message)), 1392 sender_name ? sender_name : "(unset)", 1393 sender_loginfo, 1394 dbus_message_get_interface (message) ? 1395 dbus_message_get_interface (message) : "(unset)", 1396 dbus_message_get_member (message) ? 1397 dbus_message_get_member (message) : "(unset)", 1398 dbus_message_get_error_name (message) ? 1399 dbus_message_get_error_name (message) : "(unset)", 1400 requested_reply, 1401 dest ? dest : DBUS_SERVICE_DBUS, 1402 proposed_recipient_loginfo); 1403 _dbus_verbose ("security policy disallowing message due to sender policy\n"); 1404 return FALSE; 1405 } 1406 1407 if (log) 1408 bus_context_log_security (context, 1409 "Would reject message, %d matched rules; " 1410 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))", 1411 toggles, 1412 dbus_message_type_to_string (dbus_message_get_type (message)), 1413 sender_name ? sender_name : "(unset)", 1414 sender_loginfo, 1415 dbus_message_get_interface (message) ? 1416 dbus_message_get_interface (message) : "(unset)", 1417 dbus_message_get_member (message) ? 1418 dbus_message_get_member (message) : "(unset)", 1419 dbus_message_get_error_name (message) ? 1420 dbus_message_get_error_name (message) : "(unset)", 1421 requested_reply, 1422 dest ? dest : DBUS_SERVICE_DBUS, 1423 proposed_recipient_loginfo); 1424 1425 if (recipient_policy && 1426 !bus_client_policy_check_can_receive (recipient_policy, 1427 context->registry, 1428 requested_reply, 1429 sender, 1430 addressed_recipient, proposed_recipient, 1431 message, &toggles)) 1432 { 1433 const char *msg = "Rejected receive message, %d matched rules; " 1434 "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))"; 1435 1436 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg, 1437 toggles, 1438 dbus_message_type_to_string (dbus_message_get_type (message)), 1439 sender_name ? sender_name : "(unset)", 1440 sender_loginfo, 1441 dbus_message_get_interface (message) ? 1442 dbus_message_get_interface (message) : "(unset)", 1443 dbus_message_get_member (message) ? 1444 dbus_message_get_member (message) : "(unset)", 1445 dbus_message_get_error_name (message) ? 1446 dbus_message_get_error_name (message) : "(unset)", 1447 dbus_message_get_reply_serial (message), 1448 requested_reply, 1449 dest ? dest : DBUS_SERVICE_DBUS, 1450 proposed_recipient_loginfo); 1451 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ 1452 if (addressed_recipient == proposed_recipient) 1453 bus_context_log_security (context, msg, 1454 toggles, 1455 dbus_message_type_to_string (dbus_message_get_type (message)), 1456 sender_name ? sender_name : "(unset)", 1457 sender_loginfo, 1458 dbus_message_get_interface (message) ? 1459 dbus_message_get_interface (message) : "(unset)", 1460 dbus_message_get_member (message) ? 1461 dbus_message_get_member (message) : "(unset)", 1462 dbus_message_get_error_name (message) ? 1463 dbus_message_get_error_name (message) : "(unset)", 1464 dbus_message_get_reply_serial (message), 1465 requested_reply, 1466 dest ? dest : DBUS_SERVICE_DBUS, 1467 proposed_recipient_loginfo); 1468 _dbus_verbose ("security policy disallowing message due to recipient policy\n"); 1469 return FALSE; 1470 } 1471 1472 /* See if limits on size have been exceeded */ 1473 if (proposed_recipient && 1474 dbus_connection_get_outgoing_size (proposed_recipient) > 1475 context->limits.max_outgoing_bytes) 1476 { 1477 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, 1478 "The destination service \"%s\" has a full message queue", 1479 dest ? dest : (proposed_recipient ? 1480 bus_connection_get_name (proposed_recipient) : 1481 DBUS_SERVICE_DBUS)); 1482 _dbus_verbose ("security policy disallowing message due to full message queue\n"); 1483 return FALSE; 1484 } 1485 1486 /* Record that we will allow a reply here in the future (don't 1487 * bother if the recipient is the bus or this is an eavesdropping 1488 * connection). Only the addressed recipient may reply. 1489 */ 1490 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL && 1491 sender && 1492 addressed_recipient && 1493 addressed_recipient == proposed_recipient && /* not eavesdropping */ 1494 !bus_connections_expect_reply (bus_connection_get_connections (sender), 1495 transaction, 1496 sender, addressed_recipient, 1497 message, error)) 1498 { 1499 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); 1500 return FALSE; 1501 } 1502 1503 _dbus_verbose ("security policy allowing message\n"); 1504 return TRUE; 1505} 1506