bus.c revision d012387afef0ba02185ebe27bc6bb15551912e92
1/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ 2/* bus.c message bus context object 3 * 4 * Copyright (C) 2003, 2004 Red Hat, Inc. 5 * 6 * Licensed under the Academic Free License version 2.1 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24#include "bus.h" 25#include "activation.h" 26#include "connection.h" 27#include "services.h" 28#include "utils.h" 29#include "policy.h" 30#include "config-parser.h" 31#include "signals.h" 32#include "selinux.h" 33#include "dir-watch.h" 34#include <dbus/dbus-list.h> 35#include <dbus/dbus-hash.h> 36#include <dbus/dbus-internals.h> 37 38struct BusContext 39{ 40 int refcount; 41 DBusGUID uuid; 42 char *config_file; 43 char *type; 44 char *address; 45 char *pidfile; 46 char *user; 47 DBusLoop *loop; 48 DBusList *servers; 49 BusConnections *connections; 50 BusActivation *activation; 51 BusRegistry *registry; 52 BusPolicy *policy; 53 BusMatchmaker *matchmaker; 54 BusLimits limits; 55 unsigned int fork : 1; 56}; 57 58static dbus_int32_t server_data_slot = -1; 59 60typedef struct 61{ 62 BusContext *context; 63} BusServerData; 64 65#define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot)) 66 67static BusContext* 68server_get_context (DBusServer *server) 69{ 70 BusContext *context; 71 BusServerData *bd; 72 73 if (!dbus_server_allocate_data_slot (&server_data_slot)) 74 return NULL; 75 76 bd = BUS_SERVER_DATA (server); 77 if (bd == NULL) 78 { 79 dbus_server_free_data_slot (&server_data_slot); 80 return NULL; 81 } 82 83 context = bd->context; 84 85 dbus_server_free_data_slot (&server_data_slot); 86 87 return context; 88} 89 90static dbus_bool_t 91server_watch_callback (DBusWatch *watch, 92 unsigned int condition, 93 void *data) 94{ 95 /* FIXME this can be done in dbus-mainloop.c 96 * if the code in activation.c for the babysitter 97 * watch handler is fixed. 98 */ 99 100 return dbus_watch_handle (watch, condition); 101} 102 103static dbus_bool_t 104add_server_watch (DBusWatch *watch, 105 void *data) 106{ 107 DBusServer *server = data; 108 BusContext *context; 109 110 context = server_get_context (server); 111 112 return _dbus_loop_add_watch (context->loop, 113 watch, server_watch_callback, server, 114 NULL); 115} 116 117static void 118remove_server_watch (DBusWatch *watch, 119 void *data) 120{ 121 DBusServer *server = data; 122 BusContext *context; 123 124 context = server_get_context (server); 125 126 _dbus_loop_remove_watch (context->loop, 127 watch, server_watch_callback, server); 128} 129 130 131static void 132server_timeout_callback (DBusTimeout *timeout, 133 void *data) 134{ 135 /* can return FALSE on OOM but we just let it fire again later */ 136 dbus_timeout_handle (timeout); 137} 138 139static dbus_bool_t 140add_server_timeout (DBusTimeout *timeout, 141 void *data) 142{ 143 DBusServer *server = data; 144 BusContext *context; 145 146 context = server_get_context (server); 147 148 return _dbus_loop_add_timeout (context->loop, 149 timeout, server_timeout_callback, server, NULL); 150} 151 152static void 153remove_server_timeout (DBusTimeout *timeout, 154 void *data) 155{ 156 DBusServer *server = data; 157 BusContext *context; 158 159 context = server_get_context (server); 160 161 _dbus_loop_remove_timeout (context->loop, 162 timeout, server_timeout_callback, server); 163} 164 165static void 166new_connection_callback (DBusServer *server, 167 DBusConnection *new_connection, 168 void *data) 169{ 170 BusContext *context = data; 171 172 if (!bus_connections_setup_connection (context->connections, new_connection)) 173 { 174 _dbus_verbose ("No memory to setup new connection\n"); 175 176 /* if we don't do this, it will get unref'd without 177 * being disconnected... kind of strange really 178 * that we have to do this, people won't get it right 179 * in general. 180 */ 181 dbus_connection_close (new_connection); 182 } 183 184 dbus_connection_set_max_received_size (new_connection, 185 context->limits.max_incoming_bytes); 186 187 dbus_connection_set_max_message_size (new_connection, 188 context->limits.max_message_size); 189 190 /* on OOM, we won't have ref'd the connection so it will die. */ 191} 192 193static void 194free_server_data (void *data) 195{ 196 BusServerData *bd = data; 197 198 dbus_free (bd); 199} 200 201static dbus_bool_t 202setup_server (BusContext *context, 203 DBusServer *server, 204 char **auth_mechanisms, 205 DBusError *error) 206{ 207 BusServerData *bd; 208 209 bd = dbus_new0 (BusServerData, 1); 210 if (!dbus_server_set_data (server, 211 server_data_slot, 212 bd, free_server_data)) 213 { 214 dbus_free (bd); 215 BUS_SET_OOM (error); 216 return FALSE; 217 } 218 219 bd->context = context; 220 221 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms)) 222 { 223 BUS_SET_OOM (error); 224 return FALSE; 225 } 226 227 dbus_server_set_new_connection_function (server, 228 new_connection_callback, 229 context, NULL); 230 231 if (!dbus_server_set_watch_functions (server, 232 add_server_watch, 233 remove_server_watch, 234 NULL, 235 server, 236 NULL)) 237 { 238 BUS_SET_OOM (error); 239 return FALSE; 240 } 241 242 if (!dbus_server_set_timeout_functions (server, 243 add_server_timeout, 244 remove_server_timeout, 245 NULL, 246 server, NULL)) 247 { 248 BUS_SET_OOM (error); 249 return FALSE; 250 } 251 252 return TRUE; 253} 254 255/* This code only gets executed the first time the 256 config files are parsed. It is not executed 257 when config files are reloaded.*/ 258static dbus_bool_t 259process_config_first_time_only (BusContext *context, 260 BusConfigParser *parser, 261 DBusError *error) 262{ 263 DBusList *link; 264 DBusList **addresses; 265 const char *user, *pidfile; 266 char **auth_mechanisms; 267 DBusList **auth_mechanisms_list; 268 int len; 269 dbus_bool_t retval; 270 271 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 272 273 retval = FALSE; 274 auth_mechanisms = NULL; 275 276 /* Check for an existing pid file. Of course this is a race; 277 * we'd have to use fcntl() locks on the pid file to 278 * avoid that. But we want to check for the pid file 279 * before overwriting any existing sockets, etc. 280 */ 281 pidfile = bus_config_parser_get_pidfile (parser); 282 if (pidfile != NULL) 283 { 284 DBusString u; 285 DBusStat stbuf; 286 287 _dbus_string_init_const (&u, pidfile); 288 289 if (_dbus_stat (&u, &stbuf, NULL)) 290 { 291 dbus_set_error (error, DBUS_ERROR_FAILED, 292 "The pid file \"%s\" exists, if the message bus is not running, remove this file", 293 pidfile); 294 goto failed; 295 } 296 } 297 298 /* keep around the pid filename so we can delete it later */ 299 context->pidfile = _dbus_strdup (pidfile); 300 301 /* Build an array of auth mechanisms */ 302 303 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser); 304 len = _dbus_list_get_length (auth_mechanisms_list); 305 306 if (len > 0) 307 { 308 int i; 309 310 auth_mechanisms = dbus_new0 (char*, len + 1); 311 if (auth_mechanisms == NULL) 312 { 313 BUS_SET_OOM (error); 314 goto failed; 315 } 316 317 i = 0; 318 link = _dbus_list_get_first_link (auth_mechanisms_list); 319 while (link != NULL) 320 { 321 auth_mechanisms[i] = _dbus_strdup (link->data); 322 if (auth_mechanisms[i] == NULL) 323 { 324 BUS_SET_OOM (error); 325 goto failed; 326 } 327 link = _dbus_list_get_next_link (auth_mechanisms_list, link); 328 } 329 } 330 else 331 { 332 auth_mechanisms = NULL; 333 } 334 335 /* Listen on our addresses */ 336 337 addresses = bus_config_parser_get_addresses (parser); 338 339 link = _dbus_list_get_first_link (addresses); 340 while (link != NULL) 341 { 342 DBusServer *server; 343 344 server = dbus_server_listen (link->data, error); 345 if (server == NULL) 346 { 347 _DBUS_ASSERT_ERROR_IS_SET (error); 348 goto failed; 349 } 350 else if (!setup_server (context, server, auth_mechanisms, error)) 351 { 352 _DBUS_ASSERT_ERROR_IS_SET (error); 353 goto failed; 354 } 355 356 if (!_dbus_list_append (&context->servers, server)) 357 { 358 BUS_SET_OOM (error); 359 goto failed; 360 } 361 362 link = _dbus_list_get_next_link (addresses, link); 363 } 364 365 /* note that type may be NULL */ 366 context->type = _dbus_strdup (bus_config_parser_get_type (parser)); 367 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL) 368 { 369 BUS_SET_OOM (error); 370 goto failed; 371 } 372 373 user = bus_config_parser_get_user (parser); 374 if (user != NULL) 375 { 376 context->user = _dbus_strdup (user); 377 if (context->user == NULL) 378 { 379 BUS_SET_OOM (error); 380 goto failed; 381 } 382 } 383 384 context->fork = bus_config_parser_get_fork (parser); 385 386 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 387 retval = TRUE; 388 389 failed: 390 dbus_free_string_array (auth_mechanisms); 391 return retval; 392} 393 394/* This code gets executed every time the config files 395 are parsed: both during BusContext construction 396 and on reloads. */ 397static dbus_bool_t 398process_config_every_time (BusContext *context, 399 BusConfigParser *parser, 400 dbus_bool_t is_reload, 401 DBusError *error) 402{ 403 DBusString full_address; 404 DBusList *link; 405 BusActivation *new_activation; 406 char *addr; 407 408 dbus_bool_t retval; 409 410 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 411 412 addr = NULL; 413 retval = FALSE; 414 415 if (!_dbus_string_init (&full_address)) 416 { 417 BUS_SET_OOM (error); 418 return FALSE; 419 } 420 421 /* get our limits and timeout lengths */ 422 bus_config_parser_get_limits (parser, &context->limits); 423 424 context->policy = bus_config_parser_steal_policy (parser); 425 _dbus_assert (context->policy != NULL); 426 427 /* We have to build the address backward, so that 428 * <listen> later in the config file have priority 429 */ 430 link = _dbus_list_get_last_link (&context->servers); 431 while (link != NULL) 432 { 433 addr = dbus_server_get_address (link->data); 434 if (addr == NULL) 435 { 436 BUS_SET_OOM (error); 437 goto failed; 438 } 439 440 if (_dbus_string_get_length (&full_address) > 0) 441 { 442 if (!_dbus_string_append (&full_address, ";")) 443 { 444 BUS_SET_OOM (error); 445 goto failed; 446 } 447 } 448 449 if (!_dbus_string_append (&full_address, addr)) 450 { 451 BUS_SET_OOM (error); 452 goto failed; 453 } 454 455 dbus_free (addr); 456 addr = NULL; 457 458 link = _dbus_list_get_prev_link (&context->servers, link); 459 } 460 461 if (is_reload) 462 dbus_free (context->address); 463 464 if (!_dbus_string_copy_data (&full_address, &context->address)) 465 { 466 BUS_SET_OOM (error); 467 goto failed; 468 } 469 470 /* Create activation subsystem */ 471 new_activation = bus_activation_new (context, &full_address, 472 bus_config_parser_get_service_dirs (parser), 473 error); 474 if (new_activation == NULL) 475 { 476 _DBUS_ASSERT_ERROR_IS_SET (error); 477 goto failed; 478 } 479 480 if (is_reload) 481 bus_activation_unref (context->activation); 482 483 context->activation = new_activation; 484 485 /* Drop existing conf-dir watches (if applicable) */ 486 487 if (is_reload) 488 bus_drop_all_directory_watches (); 489 490 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 491 retval = TRUE; 492 493 failed: 494 _dbus_string_free (&full_address); 495 496 if (addr) 497 dbus_free (addr); 498 499 return retval; 500} 501 502static dbus_bool_t 503process_config_postinit (BusContext *context, 504 BusConfigParser *parser, 505 DBusError *error) 506{ 507 DBusHashTable *service_context_table; 508 509 service_context_table = bus_config_parser_steal_service_context_table (parser); 510 if (!bus_registry_set_service_context_table (context->registry, 511 service_context_table)) 512 { 513 BUS_SET_OOM (error); 514 return FALSE; 515 } 516 517 _dbus_hash_table_unref (service_context_table); 518 519 /* Watch all conf directories */ 520 _dbus_list_foreach (bus_config_parser_get_conf_dirs (parser), 521 (DBusForeachFunction) bus_watch_directory, 522 context); 523 524 return TRUE; 525} 526 527BusContext* 528bus_context_new (const DBusString *config_file, 529 ForceForkSetting force_fork, 530 DBusPipe *print_addr_pipe, 531 DBusPipe *print_pid_pipe, 532 DBusError *error) 533{ 534 BusContext *context; 535 BusConfigParser *parser; 536 537 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 538 539 context = NULL; 540 parser = NULL; 541 542 if (!dbus_server_allocate_data_slot (&server_data_slot)) 543 { 544 BUS_SET_OOM (error); 545 return NULL; 546 } 547 548 context = dbus_new0 (BusContext, 1); 549 if (context == NULL) 550 { 551 BUS_SET_OOM (error); 552 goto failed; 553 } 554 context->refcount = 1; 555 556 _dbus_generate_uuid (&context->uuid); 557 558 if (!_dbus_string_copy_data (config_file, &context->config_file)) 559 { 560 BUS_SET_OOM (error); 561 goto failed; 562 } 563 564 context->loop = _dbus_loop_new (); 565 if (context->loop == NULL) 566 { 567 BUS_SET_OOM (error); 568 goto failed; 569 } 570 571 context->registry = bus_registry_new (context); 572 if (context->registry == NULL) 573 { 574 BUS_SET_OOM (error); 575 goto failed; 576 } 577 578 parser = bus_config_load (config_file, TRUE, NULL, error); 579 if (parser == NULL) 580 { 581 _DBUS_ASSERT_ERROR_IS_SET (error); 582 goto failed; 583 } 584 585 if (!process_config_first_time_only (context, parser, error)) 586 { 587 _DBUS_ASSERT_ERROR_IS_SET (error); 588 goto failed; 589 } 590 if (!process_config_every_time (context, parser, FALSE, error)) 591 { 592 _DBUS_ASSERT_ERROR_IS_SET (error); 593 goto failed; 594 } 595 596 /* we need another ref of the server data slot for the context 597 * to own 598 */ 599 if (!dbus_server_allocate_data_slot (&server_data_slot)) 600 _dbus_assert_not_reached ("second ref of server data slot failed"); 601 602 /* Note that we don't know whether the print_addr_pipe is 603 * one of the sockets we're using to listen on, or some 604 * other random thing. But I think the answer is "don't do 605 * that then" 606 */ 607 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe)) 608 { 609 DBusString addr; 610 const char *a = bus_context_get_address (context); 611 int bytes; 612 613 _dbus_assert (a != NULL); 614 if (!_dbus_string_init (&addr)) 615 { 616 BUS_SET_OOM (error); 617 goto failed; 618 } 619 620 if (!_dbus_string_append (&addr, a) || 621 !_dbus_string_append (&addr, "\n")) 622 { 623 _dbus_string_free (&addr); 624 BUS_SET_OOM (error); 625 goto failed; 626 } 627 628 bytes = _dbus_string_get_length (&addr); 629 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes) 630 { 631 /* pipe write returns an error on failure but not short write */ 632 if (error != NULL && !dbus_error_is_set (error)) 633 { 634 dbus_set_error (error, DBUS_ERROR_FAILED, 635 "Printing message bus address: did not write all bytes\n"); 636 } 637 _dbus_string_free (&addr); 638 goto failed; 639 } 640 641 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe)) 642 _dbus_pipe_close (print_addr_pipe, NULL); 643 644 _dbus_string_free (&addr); 645 } 646 647 context->connections = bus_connections_new (context); 648 if (context->connections == NULL) 649 { 650 BUS_SET_OOM (error); 651 goto failed; 652 } 653 654 context->matchmaker = bus_matchmaker_new (); 655 if (context->matchmaker == NULL) 656 { 657 BUS_SET_OOM (error); 658 goto failed; 659 } 660 661 /* check user before we fork */ 662 if (context->user != NULL) 663 { 664 if (!_dbus_verify_daemon_user (context->user)) 665 { 666 dbus_set_error (error, DBUS_ERROR_FAILED, 667 "Could not get UID and GID for username \"%s\"", 668 context->user); 669 goto failed; 670 } 671 } 672 673 /* Now become a daemon if appropriate */ 674 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS) 675 { 676 DBusString u; 677 678 if (context->pidfile) 679 _dbus_string_init_const (&u, context->pidfile); 680 681 if (!_dbus_become_daemon (context->pidfile ? &u : NULL, 682 print_pid_pipe, 683 error)) 684 { 685 _DBUS_ASSERT_ERROR_IS_SET (error); 686 goto failed; 687 } 688 } 689 else 690 { 691 /* Need to write PID file for ourselves, not for the child process */ 692 if (context->pidfile != NULL) 693 { 694 DBusString u; 695 696 _dbus_string_init_const (&u, context->pidfile); 697 698 if (!_dbus_write_pid_file (&u, _dbus_getpid (), error)) 699 { 700 _DBUS_ASSERT_ERROR_IS_SET (error); 701 goto failed; 702 } 703 } 704 } 705 706 /* Write PID if requested */ 707 if (print_pid_pipe != NULL && _dbus_pipe_is_valid (print_pid_pipe)) 708 { 709 DBusString pid; 710 int bytes; 711 712 if (!_dbus_string_init (&pid)) 713 { 714 BUS_SET_OOM (error); 715 goto failed; 716 } 717 718 if (!_dbus_string_append_int (&pid, _dbus_getpid ()) || 719 !_dbus_string_append (&pid, "\n")) 720 { 721 _dbus_string_free (&pid); 722 BUS_SET_OOM (error); 723 goto failed; 724 } 725 726 bytes = _dbus_string_get_length (&pid); 727 if (_dbus_pipe_write (print_pid_pipe, &pid, 0, bytes, error) != bytes) 728 { 729 /* pipe_write sets error on failure but not short write */ 730 if (error != NULL && !dbus_error_is_set (error)) 731 { 732 dbus_set_error (error, DBUS_ERROR_FAILED, 733 "Printing message bus PID: did not write enough bytes\n"); 734 } 735 _dbus_string_free (&pid); 736 goto failed; 737 } 738 739 if (!_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) 740 _dbus_pipe_close (print_pid_pipe, NULL); 741 742 _dbus_string_free (&pid); 743 } 744 745 if (!process_config_postinit (context, parser, error)) 746 { 747 _DBUS_ASSERT_ERROR_IS_SET (error); 748 goto failed; 749 } 750 751 if (parser != NULL) 752 { 753 bus_config_parser_unref (parser); 754 parser = NULL; 755 } 756 757 /* Here we change our credentials if required, 758 * as soon as we've set up our sockets and pidfile 759 */ 760 if (context->user != NULL) 761 { 762 if (!_dbus_change_to_daemon_user (context->user, error)) 763 { 764 _DBUS_ASSERT_ERROR_IS_SET (error); 765 goto failed; 766 } 767 } 768 769 if (!bus_selinux_full_init ()) 770 { 771 _dbus_warn ("SELinux initialization failed\n"); 772 } 773 774 dbus_server_free_data_slot (&server_data_slot); 775 776 return context; 777 778 failed: 779 if (parser != NULL) 780 bus_config_parser_unref (parser); 781 if (context != NULL) 782 bus_context_unref (context); 783 784 if (server_data_slot >= 0) 785 dbus_server_free_data_slot (&server_data_slot); 786 787 return NULL; 788} 789 790dbus_bool_t 791bus_context_get_id (BusContext *context, 792 DBusString *uuid) 793{ 794 return _dbus_uuid_encode (&context->uuid, uuid); 795} 796 797dbus_bool_t 798bus_context_reload_config (BusContext *context, 799 DBusError *error) 800{ 801 BusConfigParser *parser; 802 DBusString config_file; 803 dbus_bool_t ret; 804 805 /* Flush the user database cache */ 806 _dbus_flush_caches (); 807 808 ret = FALSE; 809 _dbus_string_init_const (&config_file, context->config_file); 810 parser = bus_config_load (&config_file, TRUE, NULL, error); 811 if (parser == NULL) 812 { 813 _DBUS_ASSERT_ERROR_IS_SET (error); 814 goto failed; 815 } 816 817 if (!process_config_every_time (context, parser, TRUE, error)) 818 { 819 _DBUS_ASSERT_ERROR_IS_SET (error); 820 goto failed; 821 } 822 if (!process_config_postinit (context, parser, error)) 823 { 824 _DBUS_ASSERT_ERROR_IS_SET (error); 825 goto failed; 826 } 827 ret = TRUE; 828 829 failed: 830 if (parser != NULL) 831 bus_config_parser_unref (parser); 832 return ret; 833} 834 835static void 836shutdown_server (BusContext *context, 837 DBusServer *server) 838{ 839 if (server == NULL || 840 !dbus_server_get_is_connected (server)) 841 return; 842 843 if (!dbus_server_set_watch_functions (server, 844 NULL, NULL, NULL, 845 context, 846 NULL)) 847 _dbus_assert_not_reached ("setting watch functions to NULL failed"); 848 849 if (!dbus_server_set_timeout_functions (server, 850 NULL, NULL, NULL, 851 context, 852 NULL)) 853 _dbus_assert_not_reached ("setting timeout functions to NULL failed"); 854 855 dbus_server_disconnect (server); 856} 857 858void 859bus_context_shutdown (BusContext *context) 860{ 861 DBusList *link; 862 863 link = _dbus_list_get_first_link (&context->servers); 864 while (link != NULL) 865 { 866 shutdown_server (context, link->data); 867 868 link = _dbus_list_get_next_link (&context->servers, link); 869 } 870} 871 872BusContext * 873bus_context_ref (BusContext *context) 874{ 875 _dbus_assert (context->refcount > 0); 876 context->refcount += 1; 877 878 return context; 879} 880 881void 882bus_context_unref (BusContext *context) 883{ 884 _dbus_assert (context->refcount > 0); 885 context->refcount -= 1; 886 887 if (context->refcount == 0) 888 { 889 DBusList *link; 890 891 _dbus_verbose ("Finalizing bus context %p\n", context); 892 893 bus_context_shutdown (context); 894 895 if (context->connections) 896 { 897 bus_connections_unref (context->connections); 898 context->connections = NULL; 899 } 900 901 if (context->registry) 902 { 903 bus_registry_unref (context->registry); 904 context->registry = NULL; 905 } 906 907 if (context->activation) 908 { 909 bus_activation_unref (context->activation); 910 context->activation = NULL; 911 } 912 913 link = _dbus_list_get_first_link (&context->servers); 914 while (link != NULL) 915 { 916 dbus_server_unref (link->data); 917 918 link = _dbus_list_get_next_link (&context->servers, link); 919 } 920 _dbus_list_clear (&context->servers); 921 922 if (context->policy) 923 { 924 bus_policy_unref (context->policy); 925 context->policy = NULL; 926 } 927 928 if (context->loop) 929 { 930 _dbus_loop_unref (context->loop); 931 context->loop = NULL; 932 } 933 934 if (context->matchmaker) 935 { 936 bus_matchmaker_unref (context->matchmaker); 937 context->matchmaker = NULL; 938 } 939 940 dbus_free (context->config_file); 941 dbus_free (context->type); 942 dbus_free (context->address); 943 dbus_free (context->user); 944 945 if (context->pidfile) 946 { 947 DBusString u; 948 _dbus_string_init_const (&u, context->pidfile); 949 950 /* Deliberately ignore errors here, since there's not much 951 * we can do about it, and we're exiting anyways. 952 */ 953 _dbus_delete_file (&u, NULL); 954 955 dbus_free (context->pidfile); 956 } 957 dbus_free (context); 958 959 dbus_server_free_data_slot (&server_data_slot); 960 } 961} 962 963/* type may be NULL */ 964const char* 965bus_context_get_type (BusContext *context) 966{ 967 return context->type; 968} 969 970const char* 971bus_context_get_address (BusContext *context) 972{ 973 return context->address; 974} 975 976BusRegistry* 977bus_context_get_registry (BusContext *context) 978{ 979 return context->registry; 980} 981 982BusConnections* 983bus_context_get_connections (BusContext *context) 984{ 985 return context->connections; 986} 987 988BusActivation* 989bus_context_get_activation (BusContext *context) 990{ 991 return context->activation; 992} 993 994BusMatchmaker* 995bus_context_get_matchmaker (BusContext *context) 996{ 997 return context->matchmaker; 998} 999 1000DBusLoop* 1001bus_context_get_loop (BusContext *context) 1002{ 1003 return context->loop; 1004} 1005 1006dbus_bool_t 1007bus_context_allow_unix_user (BusContext *context, 1008 unsigned long uid) 1009{ 1010 return bus_policy_allow_unix_user (context->policy, 1011 uid); 1012} 1013 1014/* For now this is never actually called because the default 1015 * DBusConnection behavior of 'same user that owns the bus can connect' 1016 * is all it would do. 1017 */ 1018dbus_bool_t 1019bus_context_allow_windows_user (BusContext *context, 1020 const char *windows_sid) 1021{ 1022 return bus_policy_allow_windows_user (context->policy, 1023 windows_sid); 1024} 1025 1026BusPolicy * 1027bus_context_get_policy (BusContext *context) 1028{ 1029 return context->policy; 1030} 1031 1032BusClientPolicy* 1033bus_context_create_client_policy (BusContext *context, 1034 DBusConnection *connection, 1035 DBusError *error) 1036{ 1037 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 1038 return bus_policy_create_client_policy (context->policy, connection, 1039 error); 1040} 1041 1042int 1043bus_context_get_activation_timeout (BusContext *context) 1044{ 1045 1046 return context->limits.activation_timeout; 1047} 1048 1049int 1050bus_context_get_auth_timeout (BusContext *context) 1051{ 1052 return context->limits.auth_timeout; 1053} 1054 1055int 1056bus_context_get_max_completed_connections (BusContext *context) 1057{ 1058 return context->limits.max_completed_connections; 1059} 1060 1061int 1062bus_context_get_max_incomplete_connections (BusContext *context) 1063{ 1064 return context->limits.max_incomplete_connections; 1065} 1066 1067int 1068bus_context_get_max_connections_per_user (BusContext *context) 1069{ 1070 return context->limits.max_connections_per_user; 1071} 1072 1073int 1074bus_context_get_max_pending_activations (BusContext *context) 1075{ 1076 return context->limits.max_pending_activations; 1077} 1078 1079int 1080bus_context_get_max_services_per_connection (BusContext *context) 1081{ 1082 return context->limits.max_services_per_connection; 1083} 1084 1085int 1086bus_context_get_max_match_rules_per_connection (BusContext *context) 1087{ 1088 return context->limits.max_match_rules_per_connection; 1089} 1090 1091int 1092bus_context_get_max_replies_per_connection (BusContext *context) 1093{ 1094 return context->limits.max_replies_per_connection; 1095} 1096 1097int 1098bus_context_get_reply_timeout (BusContext *context) 1099{ 1100 return context->limits.reply_timeout; 1101} 1102 1103/* 1104 * addressed_recipient is the recipient specified in the message. 1105 * 1106 * proposed_recipient is the recipient we're considering sending 1107 * to right this second, and may be an eavesdropper. 1108 * 1109 * sender is the sender of the message. 1110 * 1111 * NULL for proposed_recipient or sender definitely means the bus driver. 1112 * 1113 * NULL for addressed_recipient may mean the bus driver, or may mean 1114 * no destination was specified in the message (e.g. a signal). 1115 */ 1116dbus_bool_t 1117bus_context_check_security_policy (BusContext *context, 1118 BusTransaction *transaction, 1119 DBusConnection *sender, 1120 DBusConnection *addressed_recipient, 1121 DBusConnection *proposed_recipient, 1122 DBusMessage *message, 1123 DBusError *error) 1124{ 1125 BusClientPolicy *sender_policy; 1126 BusClientPolicy *recipient_policy; 1127 int type; 1128 dbus_bool_t requested_reply; 1129 1130 type = dbus_message_get_type (message); 1131 1132 /* dispatch.c was supposed to ensure these invariants */ 1133 _dbus_assert (dbus_message_get_destination (message) != NULL || 1134 type == DBUS_MESSAGE_TYPE_SIGNAL || 1135 (sender == NULL && !bus_connection_is_active (proposed_recipient))); 1136 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL || 1137 addressed_recipient != NULL || 1138 strcmp (dbus_message_get_destination (message), DBUS_SERVICE_DBUS) == 0); 1139 1140 switch (type) 1141 { 1142 case DBUS_MESSAGE_TYPE_METHOD_CALL: 1143 case DBUS_MESSAGE_TYPE_SIGNAL: 1144 case DBUS_MESSAGE_TYPE_METHOD_RETURN: 1145 case DBUS_MESSAGE_TYPE_ERROR: 1146 break; 1147 1148 default: 1149 _dbus_verbose ("security check disallowing message of unknown type %d\n", 1150 type); 1151 1152 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1153 "Message bus will not accept messages of unknown type\n"); 1154 1155 return FALSE; 1156 } 1157 1158 requested_reply = FALSE; 1159 1160 if (sender != NULL) 1161 { 1162 const char *dest; 1163 1164 dest = dbus_message_get_destination (message); 1165 1166 /* First verify the SELinux access controls. If allowed then 1167 * go on with the standard checks. 1168 */ 1169 if (!bus_selinux_allows_send (sender, proposed_recipient, 1170 dbus_message_type_to_string (dbus_message_get_type (message)), 1171 dbus_message_get_interface (message), 1172 dbus_message_get_member (message), 1173 dbus_message_get_error_name (message), 1174 dest ? dest : DBUS_SERVICE_DBUS, error)) 1175 { 1176 1177 if (dbus_error_is_set (error) && 1178 dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) 1179 { 1180 return FALSE; 1181 } 1182 1183 1184 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1185 "An SELinux policy prevents this sender " 1186 "from sending this message to this recipient " 1187 "(rejected message had interface \"%s\" " 1188 "member \"%s\" error name \"%s\" destination \"%s\")", 1189 dbus_message_get_interface (message) ? 1190 dbus_message_get_interface (message) : "(unset)", 1191 dbus_message_get_member (message) ? 1192 dbus_message_get_member (message) : "(unset)", 1193 dbus_message_get_error_name (message) ? 1194 dbus_message_get_error_name (message) : "(unset)", 1195 dest ? dest : DBUS_SERVICE_DBUS); 1196 _dbus_verbose ("SELinux security check denying send to service\n"); 1197 return FALSE; 1198 } 1199 1200 if (bus_connection_is_active (sender)) 1201 { 1202 sender_policy = bus_connection_get_policy (sender); 1203 _dbus_assert (sender_policy != NULL); 1204 1205 /* Fill in requested_reply variable with TRUE if this is a 1206 * reply and the reply was pending. 1207 */ 1208 if (dbus_message_get_reply_serial (message) != 0) 1209 { 1210 if (proposed_recipient != NULL /* not to the bus driver */ && 1211 addressed_recipient == proposed_recipient /* not eavesdropping */) 1212 { 1213 DBusError error2; 1214 1215 dbus_error_init (&error2); 1216 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender), 1217 transaction, 1218 sender, addressed_recipient, message, 1219 &error2); 1220 if (dbus_error_is_set (&error2)) 1221 { 1222 dbus_move_error (&error2, error); 1223 return FALSE; 1224 } 1225 } 1226 } 1227 } 1228 else 1229 { 1230 /* Policy for inactive connections is that they can only send 1231 * the hello message to the bus driver 1232 */ 1233 if (proposed_recipient == NULL && 1234 dbus_message_is_method_call (message, 1235 DBUS_INTERFACE_DBUS, 1236 "Hello")) 1237 { 1238 _dbus_verbose ("security check allowing %s message\n", 1239 "Hello"); 1240 return TRUE; 1241 } 1242 else 1243 { 1244 _dbus_verbose ("security check disallowing non-%s message\n", 1245 "Hello"); 1246 1247 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1248 "Client tried to send a message other than %s without being registered", 1249 "Hello"); 1250 1251 return FALSE; 1252 } 1253 } 1254 } 1255 else 1256 { 1257 sender_policy = NULL; 1258 1259 /* If the sender is the bus driver, we assume any reply was a 1260 * requested reply as bus driver won't send bogus ones 1261 */ 1262 if (addressed_recipient == proposed_recipient /* not eavesdropping */ && 1263 dbus_message_get_reply_serial (message) != 0) 1264 requested_reply = TRUE; 1265 } 1266 1267 _dbus_assert ((sender != NULL && sender_policy != NULL) || 1268 (sender == NULL && sender_policy == NULL)); 1269 1270 if (proposed_recipient != NULL) 1271 { 1272 /* only the bus driver can send to an inactive recipient (as it 1273 * owns no services, so other apps can't address it). Inactive 1274 * recipients can receive any message. 1275 */ 1276 if (bus_connection_is_active (proposed_recipient)) 1277 { 1278 recipient_policy = bus_connection_get_policy (proposed_recipient); 1279 _dbus_assert (recipient_policy != NULL); 1280 } 1281 else if (sender == NULL) 1282 { 1283 _dbus_verbose ("security check using NULL recipient policy for message from bus\n"); 1284 recipient_policy = NULL; 1285 } 1286 else 1287 { 1288 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n"); 1289 recipient_policy = NULL; 1290 } 1291 } 1292 else 1293 recipient_policy = NULL; 1294 1295 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) || 1296 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) || 1297 (proposed_recipient == NULL && recipient_policy == NULL)); 1298 1299 if (sender_policy && 1300 !bus_client_policy_check_can_send (sender_policy, 1301 context->registry, 1302 requested_reply, 1303 proposed_recipient, 1304 message)) 1305 { 1306 const char *dest; 1307 1308 dest = dbus_message_get_destination (message); 1309 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1310 "A security policy in place prevents this sender " 1311 "from sending this message to this recipient, " 1312 "see message bus configuration file (rejected message " 1313 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")", 1314 dbus_message_get_interface (message) ? 1315 dbus_message_get_interface (message) : "(unset)", 1316 dbus_message_get_member (message) ? 1317 dbus_message_get_member (message) : "(unset)", 1318 dbus_message_get_error_name (message) ? 1319 dbus_message_get_error_name (message) : "(unset)", 1320 dest ? dest : DBUS_SERVICE_DBUS); 1321 _dbus_verbose ("security policy disallowing message due to sender policy\n"); 1322 return FALSE; 1323 } 1324 1325 if (recipient_policy && 1326 !bus_client_policy_check_can_receive (recipient_policy, 1327 context->registry, 1328 requested_reply, 1329 sender, 1330 addressed_recipient, proposed_recipient, 1331 message)) 1332 { 1333 const char *dest; 1334 1335 dest = dbus_message_get_destination (message); 1336 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1337 "A security policy in place prevents this recipient " 1338 "from receiving this message from this sender, " 1339 "see message bus configuration file (rejected message " 1340 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)", 1341 dbus_message_get_interface (message) ? 1342 dbus_message_get_interface (message) : "(unset)", 1343 dbus_message_get_member (message) ? 1344 dbus_message_get_member (message) : "(unset)", 1345 dbus_message_get_error_name (message) ? 1346 dbus_message_get_error_name (message) : "(unset)", 1347 dest ? dest : DBUS_SERVICE_DBUS, 1348 dbus_message_get_reply_serial (message), 1349 requested_reply); 1350 _dbus_verbose ("security policy disallowing message due to recipient policy\n"); 1351 return FALSE; 1352 } 1353 1354 /* See if limits on size have been exceeded */ 1355 if (proposed_recipient && 1356 dbus_connection_get_outgoing_size (proposed_recipient) > 1357 context->limits.max_outgoing_bytes) 1358 { 1359 const char *dest; 1360 1361 dest = dbus_message_get_destination (message); 1362 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, 1363 "The destination service \"%s\" has a full message queue", 1364 dest ? dest : (proposed_recipient ? 1365 bus_connection_get_name (proposed_recipient) : 1366 DBUS_SERVICE_DBUS)); 1367 _dbus_verbose ("security policy disallowing message due to full message queue\n"); 1368 return FALSE; 1369 } 1370 1371 /* Record that we will allow a reply here in the future (don't 1372 * bother if the recipient is the bus or this is an eavesdropping 1373 * connection). Only the addressed recipient may reply. 1374 */ 1375 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL && 1376 sender && 1377 addressed_recipient && 1378 addressed_recipient == proposed_recipient && /* not eavesdropping */ 1379 !bus_connections_expect_reply (bus_connection_get_connections (sender), 1380 transaction, 1381 sender, addressed_recipient, 1382 message, error)) 1383 { 1384 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); 1385 return FALSE; 1386 } 1387 1388 _dbus_verbose ("security policy allowing message\n"); 1389 return TRUE; 1390} 1391