1/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ 2/* bus.c message bus context object 3 * 4 * Copyright (C) 2003, 2004 Red Hat, Inc. 5 * 6 * Licensed under the Academic Free License version 2.1 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 21 * 22 */ 23 24#include <config.h> 25#include "bus.h" 26#include "activation.h" 27#include "connection.h" 28#include "services.h" 29#include "utils.h" 30#include "policy.h" 31#include "config-parser.h" 32#include "signals.h" 33#include "selinux.h" 34#include "dir-watch.h" 35#include <dbus/dbus-list.h> 36#include <dbus/dbus-hash.h> 37#include <dbus/dbus-credentials.h> 38#include <dbus/dbus-internals.h> 39#ifdef DBUS_CYGWIN 40#include <signal.h> 41#endif 42 43struct BusContext 44{ 45 int refcount; 46 DBusGUID uuid; 47 char *config_file; 48 char *type; 49 char *servicehelper; 50 char *address; 51#ifdef WANT_PIDFILE 52 char *pidfile; 53#endif 54 char *user; 55 char *log_prefix; 56 DBusLoop *loop; 57 DBusList *servers; 58 BusConnections *connections; 59 BusActivation *activation; 60 BusRegistry *registry; 61 BusPolicy *policy; 62 BusMatchmaker *matchmaker; 63 BusLimits limits; 64 unsigned int fork : 1; 65 unsigned int syslog : 1; 66 unsigned int keep_umask : 1; 67 unsigned int allow_anonymous : 1; 68 unsigned int systemd_activation : 1; 69}; 70 71static dbus_int32_t server_data_slot = -1; 72 73typedef struct 74{ 75 BusContext *context; 76} BusServerData; 77 78#define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot)) 79 80static BusContext* 81server_get_context (DBusServer *server) 82{ 83 BusContext *context; 84 BusServerData *bd; 85 86 if (!dbus_server_allocate_data_slot (&server_data_slot)) 87 return NULL; 88 89 bd = BUS_SERVER_DATA (server); 90 if (bd == NULL) 91 { 92 dbus_server_free_data_slot (&server_data_slot); 93 return NULL; 94 } 95 96 context = bd->context; 97 98 dbus_server_free_data_slot (&server_data_slot); 99 100 return context; 101} 102 103static dbus_bool_t 104server_watch_callback (DBusWatch *watch, 105 unsigned int condition, 106 void *data) 107{ 108 /* FIXME this can be done in dbus-mainloop.c 109 * if the code in activation.c for the babysitter 110 * watch handler is fixed. 111 */ 112 113 return dbus_watch_handle (watch, condition); 114} 115 116static dbus_bool_t 117add_server_watch (DBusWatch *watch, 118 void *data) 119{ 120 DBusServer *server = data; 121 BusContext *context; 122 123 context = server_get_context (server); 124 125 return _dbus_loop_add_watch (context->loop, 126 watch, server_watch_callback, server, 127 NULL); 128} 129 130static void 131remove_server_watch (DBusWatch *watch, 132 void *data) 133{ 134 DBusServer *server = data; 135 BusContext *context; 136 137 context = server_get_context (server); 138 139 _dbus_loop_remove_watch (context->loop, 140 watch, server_watch_callback, server); 141} 142 143 144static void 145server_timeout_callback (DBusTimeout *timeout, 146 void *data) 147{ 148 /* can return FALSE on OOM but we just let it fire again later */ 149 dbus_timeout_handle (timeout); 150} 151 152static dbus_bool_t 153add_server_timeout (DBusTimeout *timeout, 154 void *data) 155{ 156 DBusServer *server = data; 157 BusContext *context; 158 159 context = server_get_context (server); 160 161 return _dbus_loop_add_timeout (context->loop, 162 timeout, server_timeout_callback, server, NULL); 163} 164 165static void 166remove_server_timeout (DBusTimeout *timeout, 167 void *data) 168{ 169 DBusServer *server = data; 170 BusContext *context; 171 172 context = server_get_context (server); 173 174 _dbus_loop_remove_timeout (context->loop, 175 timeout, server_timeout_callback, server); 176} 177 178static void 179new_connection_callback (DBusServer *server, 180 DBusConnection *new_connection, 181 void *data) 182{ 183 BusContext *context = data; 184 185 if (!bus_connections_setup_connection (context->connections, new_connection)) 186 { 187 _dbus_verbose ("No memory to setup new connection\n"); 188 189 /* if we don't do this, it will get unref'd without 190 * being disconnected... kind of strange really 191 * that we have to do this, people won't get it right 192 * in general. 193 */ 194 dbus_connection_close (new_connection); 195 } 196 197 dbus_connection_set_max_received_size (new_connection, 198 context->limits.max_incoming_bytes); 199 200 dbus_connection_set_max_message_size (new_connection, 201 context->limits.max_message_size); 202 203 dbus_connection_set_max_received_unix_fds (new_connection, 204 context->limits.max_incoming_unix_fds); 205 206 dbus_connection_set_max_message_unix_fds (new_connection, 207 context->limits.max_message_unix_fds); 208 209 dbus_connection_set_allow_anonymous (new_connection, 210 context->allow_anonymous); 211 212 /* on OOM, we won't have ref'd the connection so it will die. */ 213} 214 215static void 216free_server_data (void *data) 217{ 218 BusServerData *bd = data; 219 220 dbus_free (bd); 221} 222 223static dbus_bool_t 224setup_server (BusContext *context, 225 DBusServer *server, 226 char **auth_mechanisms, 227 DBusError *error) 228{ 229 BusServerData *bd; 230 231 bd = dbus_new0 (BusServerData, 1); 232 if (bd == NULL || !dbus_server_set_data (server, 233 server_data_slot, 234 bd, free_server_data)) 235 { 236 dbus_free (bd); 237 BUS_SET_OOM (error); 238 return FALSE; 239 } 240 241 bd->context = context; 242 243 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms)) 244 { 245 BUS_SET_OOM (error); 246 return FALSE; 247 } 248 249 dbus_server_set_new_connection_function (server, 250 new_connection_callback, 251 context, NULL); 252 253 if (!dbus_server_set_watch_functions (server, 254 add_server_watch, 255 remove_server_watch, 256 NULL, 257 server, 258 NULL)) 259 { 260 BUS_SET_OOM (error); 261 return FALSE; 262 } 263 264 if (!dbus_server_set_timeout_functions (server, 265 add_server_timeout, 266 remove_server_timeout, 267 NULL, 268 server, NULL)) 269 { 270 BUS_SET_OOM (error); 271 return FALSE; 272 } 273 274 return TRUE; 275} 276 277/* This code only gets executed the first time the 278 * config files are parsed. It is not executed 279 * when config files are reloaded. 280 */ 281static dbus_bool_t 282process_config_first_time_only (BusContext *context, 283 BusConfigParser *parser, 284 const DBusString *address, 285 dbus_bool_t systemd_activation, 286 DBusError *error) 287{ 288 DBusString log_prefix; 289 DBusList *link; 290 DBusList **addresses; 291 const char *user, *pidfile; 292 char **auth_mechanisms; 293 DBusList **auth_mechanisms_list; 294 int len; 295 dbus_bool_t retval; 296 297 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 298 299 retval = FALSE; 300 auth_mechanisms = NULL; 301 302 context->systemd_activation = systemd_activation; 303 304#ifdef WANT_PIDFILE 305 /* Check for an existing pid file. Of course this is a race; 306 * we'd have to use fcntl() locks on the pid file to 307 * avoid that. But we want to check for the pid file 308 * before overwriting any existing sockets, etc. 309 */ 310 pidfile = bus_config_parser_get_pidfile (parser); 311 if (pidfile != NULL) 312 { 313 DBusString u; 314 DBusStat stbuf; 315 316 _dbus_string_init_const (&u, pidfile); 317 318 if (_dbus_stat (&u, &stbuf, NULL)) 319 { 320#ifdef DBUS_CYGWIN 321 DBusString p; 322 long /* int */ pid; 323 324 _dbus_string_init (&p); 325 _dbus_file_get_contents(&p, &u, NULL); 326 _dbus_string_parse_int(&p, 0, &pid, NULL); 327 _dbus_string_free(&p); 328 329 if ((kill((int)pid, 0))) { 330 dbus_set_error(NULL, DBUS_ERROR_FILE_EXISTS, 331 "pid %ld not running, removing stale pid file\n", 332 pid); 333 _dbus_delete_file(&u, NULL); 334 } else { 335#endif 336 dbus_set_error (error, DBUS_ERROR_FAILED, 337 "The pid file \"%s\" exists, if the message bus is not running, remove this file", 338 pidfile); 339 goto failed; 340#ifdef DBUS_CYGWIN 341 } 342#endif 343 } 344 } 345 346 /* keep around the pid filename so we can delete it later */ 347 context->pidfile = _dbus_strdup (pidfile); 348#endif 349 350 /* note that type may be NULL */ 351 context->type = _dbus_strdup (bus_config_parser_get_type (parser)); 352 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL) 353 goto oom; 354 355 user = bus_config_parser_get_user (parser); 356 if (user != NULL) 357 { 358 context->user = _dbus_strdup (user); 359 if (context->user == NULL) 360 goto oom; 361 } 362 363 /* Set up the prefix for syslog messages */ 364 if (!_dbus_string_init (&log_prefix)) 365 goto oom; 366 if (context->type && !strcmp (context->type, "system")) 367 { 368 if (!_dbus_string_append (&log_prefix, "[system] ")) 369 goto oom; 370 } 371 else if (context->type && !strcmp (context->type, "session")) 372 { 373 DBusCredentials *credentials; 374 375 credentials = _dbus_credentials_new_from_current_process (); 376 if (!credentials) 377 goto oom; 378 if (!_dbus_string_append (&log_prefix, "[session ")) 379 goto oom; 380 if (!_dbus_credentials_to_string_append (credentials, &log_prefix)) 381 goto oom; 382 if (!_dbus_string_append (&log_prefix, "] ")) 383 goto oom; 384 _dbus_credentials_unref (credentials); 385 } 386 if (!_dbus_string_steal_data (&log_prefix, &context->log_prefix)) 387 goto oom; 388 _dbus_string_free (&log_prefix); 389 390 /* Build an array of auth mechanisms */ 391 392 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser); 393 len = _dbus_list_get_length (auth_mechanisms_list); 394 395 if (len > 0) 396 { 397 int i; 398 399 auth_mechanisms = dbus_new0 (char*, len + 1); 400 if (auth_mechanisms == NULL) 401 goto oom; 402 403 i = 0; 404 link = _dbus_list_get_first_link (auth_mechanisms_list); 405 while (link != NULL) 406 { 407 auth_mechanisms[i] = _dbus_strdup (link->data); 408 if (auth_mechanisms[i] == NULL) 409 goto oom; 410 link = _dbus_list_get_next_link (auth_mechanisms_list, link); 411 } 412 } 413 else 414 { 415 auth_mechanisms = NULL; 416 } 417 418 /* Listen on our addresses */ 419 420 if (address) 421 { 422 DBusServer *server; 423 424 server = dbus_server_listen (_dbus_string_get_const_data(address), error); 425 if (server == NULL) 426 { 427 _DBUS_ASSERT_ERROR_IS_SET (error); 428 goto failed; 429 } 430 else if (!setup_server (context, server, auth_mechanisms, error)) 431 { 432 _DBUS_ASSERT_ERROR_IS_SET (error); 433 goto failed; 434 } 435 436 if (!_dbus_list_append (&context->servers, server)) 437 goto oom; 438 } 439 else 440 { 441 addresses = bus_config_parser_get_addresses (parser); 442 443 link = _dbus_list_get_first_link (addresses); 444 while (link != NULL) 445 { 446 DBusServer *server; 447 448 server = dbus_server_listen (link->data, error); 449 if (server == NULL) 450 { 451 _DBUS_ASSERT_ERROR_IS_SET (error); 452 goto failed; 453 } 454 else if (!setup_server (context, server, auth_mechanisms, error)) 455 { 456 _DBUS_ASSERT_ERROR_IS_SET (error); 457 goto failed; 458 } 459 460 if (!_dbus_list_append (&context->servers, server)) 461 goto oom; 462 463 link = _dbus_list_get_next_link (addresses, link); 464 } 465 } 466 467 context->fork = bus_config_parser_get_fork (parser); 468 context->syslog = bus_config_parser_get_syslog (parser); 469 context->keep_umask = bus_config_parser_get_keep_umask (parser); 470 context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser); 471 472 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 473 retval = TRUE; 474 475 failed: 476 dbus_free_string_array (auth_mechanisms); 477 return retval; 478 479 oom: 480 BUS_SET_OOM (error); 481 dbus_free_string_array (auth_mechanisms); 482 return FALSE; 483} 484 485/* This code gets executed every time the config files 486 * are parsed: both during BusContext construction 487 * and on reloads. This function is slightly screwy 488 * since it can do a "half reload" in out-of-memory 489 * situations. Realistically, unlikely to ever matter. 490 */ 491static dbus_bool_t 492process_config_every_time (BusContext *context, 493 BusConfigParser *parser, 494 dbus_bool_t is_reload, 495 DBusError *error) 496{ 497 DBusString full_address; 498 DBusList *link; 499 DBusList **dirs; 500 BusActivation *new_activation; 501 char *addr; 502 const char *servicehelper; 503 char *s; 504 505 dbus_bool_t retval; 506 507 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 508 509 addr = NULL; 510 retval = FALSE; 511 512 if (!_dbus_string_init (&full_address)) 513 { 514 BUS_SET_OOM (error); 515 return FALSE; 516 } 517 518 /* get our limits and timeout lengths */ 519 bus_config_parser_get_limits (parser, &context->limits); 520 521 if (context->policy) 522 bus_policy_unref (context->policy); 523 context->policy = bus_config_parser_steal_policy (parser); 524 _dbus_assert (context->policy != NULL); 525 526 /* We have to build the address backward, so that 527 * <listen> later in the config file have priority 528 */ 529 link = _dbus_list_get_last_link (&context->servers); 530 while (link != NULL) 531 { 532 addr = dbus_server_get_address (link->data); 533 if (addr == NULL) 534 { 535 BUS_SET_OOM (error); 536 goto failed; 537 } 538 539 if (_dbus_string_get_length (&full_address) > 0) 540 { 541 if (!_dbus_string_append (&full_address, ";")) 542 { 543 BUS_SET_OOM (error); 544 goto failed; 545 } 546 } 547 548 if (!_dbus_string_append (&full_address, addr)) 549 { 550 BUS_SET_OOM (error); 551 goto failed; 552 } 553 554 dbus_free (addr); 555 addr = NULL; 556 557 link = _dbus_list_get_prev_link (&context->servers, link); 558 } 559 560 if (is_reload) 561 dbus_free (context->address); 562 563 if (!_dbus_string_copy_data (&full_address, &context->address)) 564 { 565 BUS_SET_OOM (error); 566 goto failed; 567 } 568 569 /* get the service directories */ 570 dirs = bus_config_parser_get_service_dirs (parser); 571 572 /* and the service helper */ 573 servicehelper = bus_config_parser_get_servicehelper (parser); 574 575 s = _dbus_strdup(servicehelper); 576 if (s == NULL && servicehelper != NULL) 577 { 578 BUS_SET_OOM (error); 579 goto failed; 580 } 581 else 582 { 583 dbus_free(context->servicehelper); 584 context->servicehelper = s; 585 } 586 587 /* Create activation subsystem */ 588 if (context->activation) 589 { 590 if (!bus_activation_reload (context->activation, &full_address, dirs, error)) 591 goto failed; 592 } 593 else 594 { 595 context->activation = bus_activation_new (context, &full_address, dirs, error); 596 } 597 598 if (context->activation == NULL) 599 { 600 _DBUS_ASSERT_ERROR_IS_SET (error); 601 goto failed; 602 } 603 604 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 605 retval = TRUE; 606 607 failed: 608 _dbus_string_free (&full_address); 609 610 if (addr) 611 dbus_free (addr); 612 613 return retval; 614} 615 616static dbus_bool_t 617list_concat_new (DBusList **a, 618 DBusList **b, 619 DBusList **result) 620{ 621 DBusList *link; 622 623 *result = NULL; 624 625 link = _dbus_list_get_first_link (a); 626 for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link)) 627 { 628 if (!_dbus_list_append (result, link->data)) 629 goto oom; 630 } 631 for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link)) 632 { 633 if (!_dbus_list_append (result, link->data)) 634 goto oom; 635 } 636 637 return TRUE; 638oom: 639 _dbus_list_clear (result); 640 return FALSE; 641} 642 643static dbus_bool_t 644process_config_postinit (BusContext *context, 645 BusConfigParser *parser, 646 DBusError *error) 647{ 648 DBusHashTable *service_context_table; 649 DBusList *watched_dirs = NULL; 650 651 service_context_table = bus_config_parser_steal_service_context_table (parser); 652 if (!bus_registry_set_service_context_table (context->registry, 653 service_context_table)) 654 { 655 BUS_SET_OOM (error); 656 return FALSE; 657 } 658 659 _dbus_hash_table_unref (service_context_table); 660 661 /* We need to monitor both the configuration directories and directories 662 * containing .service files. 663 */ 664 if (!list_concat_new (bus_config_parser_get_conf_dirs (parser), 665 bus_config_parser_get_service_dirs (parser), 666 &watched_dirs)) 667 { 668 BUS_SET_OOM (error); 669 return FALSE; 670 } 671 672 bus_set_watched_dirs (context, &watched_dirs); 673 674 _dbus_list_clear (&watched_dirs); 675 676 return TRUE; 677} 678 679BusContext* 680bus_context_new (const DBusString *config_file, 681 ForceForkSetting force_fork, 682 DBusPipe *print_addr_pipe, 683 DBusPipe *print_pid_pipe, 684 const DBusString *address, 685 dbus_bool_t systemd_activation, 686 DBusError *error) 687{ 688 DBusString log_prefix; 689 BusContext *context; 690 BusConfigParser *parser; 691 692 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 693 694 context = NULL; 695 parser = NULL; 696 697 if (!dbus_server_allocate_data_slot (&server_data_slot)) 698 { 699 BUS_SET_OOM (error); 700 return NULL; 701 } 702 703 context = dbus_new0 (BusContext, 1); 704 if (context == NULL) 705 { 706 BUS_SET_OOM (error); 707 goto failed; 708 } 709 context->refcount = 1; 710 711 _dbus_generate_uuid (&context->uuid); 712 713 if (!_dbus_string_copy_data (config_file, &context->config_file)) 714 { 715 BUS_SET_OOM (error); 716 goto failed; 717 } 718 719 context->loop = _dbus_loop_new (); 720 if (context->loop == NULL) 721 { 722 BUS_SET_OOM (error); 723 goto failed; 724 } 725 726 context->registry = bus_registry_new (context); 727 if (context->registry == NULL) 728 { 729 BUS_SET_OOM (error); 730 goto failed; 731 } 732 733 parser = bus_config_load (config_file, TRUE, NULL, error); 734 if (parser == NULL) 735 { 736 _DBUS_ASSERT_ERROR_IS_SET (error); 737 goto failed; 738 } 739 740 if (!process_config_first_time_only (context, parser, address, systemd_activation, error)) 741 { 742 _DBUS_ASSERT_ERROR_IS_SET (error); 743 goto failed; 744 } 745 if (!process_config_every_time (context, parser, FALSE, error)) 746 { 747 _DBUS_ASSERT_ERROR_IS_SET (error); 748 goto failed; 749 } 750 751 /* we need another ref of the server data slot for the context 752 * to own 753 */ 754 if (!dbus_server_allocate_data_slot (&server_data_slot)) 755 _dbus_assert_not_reached ("second ref of server data slot failed"); 756 757 /* Note that we don't know whether the print_addr_pipe is 758 * one of the sockets we're using to listen on, or some 759 * other random thing. But I think the answer is "don't do 760 * that then" 761 */ 762 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe)) 763 { 764 DBusString addr; 765 const char *a = bus_context_get_address (context); 766 int bytes; 767 768 _dbus_assert (a != NULL); 769 if (!_dbus_string_init (&addr)) 770 { 771 BUS_SET_OOM (error); 772 goto failed; 773 } 774 775 if (!_dbus_string_append (&addr, a) || 776 !_dbus_string_append (&addr, "\n")) 777 { 778 _dbus_string_free (&addr); 779 BUS_SET_OOM (error); 780 goto failed; 781 } 782 783 bytes = _dbus_string_get_length (&addr); 784 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes) 785 { 786 /* pipe write returns an error on failure but not short write */ 787 if (error != NULL && !dbus_error_is_set (error)) 788 { 789 dbus_set_error (error, DBUS_ERROR_FAILED, 790 "Printing message bus address: did not write all bytes\n"); 791 } 792 _dbus_string_free (&addr); 793 goto failed; 794 } 795 796 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe)) 797 _dbus_pipe_close (print_addr_pipe, NULL); 798 799 _dbus_string_free (&addr); 800 } 801 802 context->connections = bus_connections_new (context); 803 if (context->connections == NULL) 804 { 805 BUS_SET_OOM (error); 806 goto failed; 807 } 808 809 context->matchmaker = bus_matchmaker_new (); 810 if (context->matchmaker == NULL) 811 { 812 BUS_SET_OOM (error); 813 goto failed; 814 } 815 816 /* check user before we fork */ 817 if (context->user != NULL) 818 { 819 if (!_dbus_verify_daemon_user (context->user)) 820 { 821 dbus_set_error (error, DBUS_ERROR_FAILED, 822 "Could not get UID and GID for username \"%s\"", 823 context->user); 824 goto failed; 825 } 826 } 827 828 /* Now become a daemon if appropriate and write out pid file in any case */ 829 { 830#ifdef WANT_PIDFILE 831 DBusString u; 832 833 if (context->pidfile) 834 _dbus_string_init_const (&u, context->pidfile); 835 836 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS) 837 { 838 _dbus_verbose ("Forking and becoming daemon\n"); 839 840 if (!_dbus_become_daemon (context->pidfile ? &u : NULL, 841 print_pid_pipe, 842 error, 843 context->keep_umask)) 844 845 { 846 _DBUS_ASSERT_ERROR_IS_SET (error); 847 goto failed; 848 } 849 } 850 else 851 { 852 _dbus_verbose ("Fork not requested\n"); 853 854 /* Need to write PID file and to PID pipe for ourselves, 855 * not for the child process. This is a no-op if the pidfile 856 * is NULL and print_pid_pipe is NULL. 857 */ 858 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL, 859 print_pid_pipe, 860 _dbus_getpid (), 861 error)) 862 { 863 _DBUS_ASSERT_ERROR_IS_SET (error); 864 goto failed; 865 } 866 } 867#else 868 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS) 869 { 870 if (!_dbus_become_daemon (NULL, 871 0, 872 error, 873 context->keep_umask)) 874 { 875 _DBUS_ASSERT_ERROR_IS_SET (error); 876 goto failed; 877 } 878 } 879#endif 880 } 881 882 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) && 883 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) 884 _dbus_pipe_close (print_pid_pipe, NULL); 885 886 if (!bus_selinux_full_init ()) 887 { 888 bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n"); 889 } 890 891 if (!process_config_postinit (context, parser, error)) 892 { 893 _DBUS_ASSERT_ERROR_IS_SET (error); 894 goto failed; 895 } 896 897 if (parser != NULL) 898 { 899 bus_config_parser_unref (parser); 900 parser = NULL; 901 } 902 903 /* Here we change our credentials if required, 904 * as soon as we've set up our sockets and pidfile 905 */ 906 if (context->user != NULL) 907 { 908 if (!_dbus_change_to_daemon_user (context->user, error)) 909 { 910 _DBUS_ASSERT_ERROR_IS_SET (error); 911 goto failed; 912 } 913 914#ifdef HAVE_SELINUX 915 /* FIXME - why not just put this in full_init() below? */ 916 bus_selinux_audit_init (); 917#endif 918 } 919 920 dbus_server_free_data_slot (&server_data_slot); 921 922 return context; 923 924 failed: 925 if (parser != NULL) 926 bus_config_parser_unref (parser); 927 if (context != NULL) 928 bus_context_unref (context); 929 930 if (server_data_slot >= 0) 931 dbus_server_free_data_slot (&server_data_slot); 932 933 return NULL; 934} 935 936dbus_bool_t 937bus_context_get_id (BusContext *context, 938 DBusString *uuid) 939{ 940 return _dbus_uuid_encode (&context->uuid, uuid); 941} 942 943dbus_bool_t 944bus_context_reload_config (BusContext *context, 945 DBusError *error) 946{ 947 BusConfigParser *parser; 948 DBusString config_file; 949 dbus_bool_t ret; 950 951 /* Flush the user database cache */ 952 _dbus_flush_caches (); 953 954 ret = FALSE; 955 _dbus_string_init_const (&config_file, context->config_file); 956 parser = bus_config_load (&config_file, TRUE, NULL, error); 957 if (parser == NULL) 958 { 959 _DBUS_ASSERT_ERROR_IS_SET (error); 960 goto failed; 961 } 962 963 if (!process_config_every_time (context, parser, TRUE, error)) 964 { 965 _DBUS_ASSERT_ERROR_IS_SET (error); 966 goto failed; 967 } 968 if (!process_config_postinit (context, parser, error)) 969 { 970 _DBUS_ASSERT_ERROR_IS_SET (error); 971 goto failed; 972 } 973 ret = TRUE; 974 975 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Reloaded configuration"); 976 failed: 977 if (!ret) 978 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Unable to reload configuration: %s", error->message); 979 if (parser != NULL) 980 bus_config_parser_unref (parser); 981 return ret; 982} 983 984static void 985shutdown_server (BusContext *context, 986 DBusServer *server) 987{ 988 if (server == NULL || 989 !dbus_server_get_is_connected (server)) 990 return; 991 992 if (!dbus_server_set_watch_functions (server, 993 NULL, NULL, NULL, 994 context, 995 NULL)) 996 _dbus_assert_not_reached ("setting watch functions to NULL failed"); 997 998 if (!dbus_server_set_timeout_functions (server, 999 NULL, NULL, NULL, 1000 context, 1001 NULL)) 1002 _dbus_assert_not_reached ("setting timeout functions to NULL failed"); 1003 1004 dbus_server_disconnect (server); 1005} 1006 1007void 1008bus_context_shutdown (BusContext *context) 1009{ 1010 DBusList *link; 1011 1012 link = _dbus_list_get_first_link (&context->servers); 1013 while (link != NULL) 1014 { 1015 shutdown_server (context, link->data); 1016 1017 link = _dbus_list_get_next_link (&context->servers, link); 1018 } 1019} 1020 1021BusContext * 1022bus_context_ref (BusContext *context) 1023{ 1024 _dbus_assert (context->refcount > 0); 1025 context->refcount += 1; 1026 1027 return context; 1028} 1029 1030void 1031bus_context_unref (BusContext *context) 1032{ 1033 _dbus_assert (context->refcount > 0); 1034 context->refcount -= 1; 1035 1036 if (context->refcount == 0) 1037 { 1038 DBusList *link; 1039 1040 _dbus_verbose ("Finalizing bus context %p\n", context); 1041 1042 bus_context_shutdown (context); 1043 1044 if (context->connections) 1045 { 1046 bus_connections_unref (context->connections); 1047 context->connections = NULL; 1048 } 1049 1050 if (context->registry) 1051 { 1052 bus_registry_unref (context->registry); 1053 context->registry = NULL; 1054 } 1055 1056 if (context->activation) 1057 { 1058 bus_activation_unref (context->activation); 1059 context->activation = NULL; 1060 } 1061 1062 link = _dbus_list_get_first_link (&context->servers); 1063 while (link != NULL) 1064 { 1065 dbus_server_unref (link->data); 1066 1067 link = _dbus_list_get_next_link (&context->servers, link); 1068 } 1069 _dbus_list_clear (&context->servers); 1070 1071 if (context->policy) 1072 { 1073 bus_policy_unref (context->policy); 1074 context->policy = NULL; 1075 } 1076 1077 if (context->loop) 1078 { 1079 _dbus_loop_unref (context->loop); 1080 context->loop = NULL; 1081 } 1082 1083 if (context->matchmaker) 1084 { 1085 bus_matchmaker_unref (context->matchmaker); 1086 context->matchmaker = NULL; 1087 } 1088 1089 dbus_free (context->config_file); 1090 dbus_free (context->log_prefix); 1091 dbus_free (context->type); 1092 dbus_free (context->address); 1093 dbus_free (context->user); 1094 dbus_free (context->servicehelper); 1095 1096#ifdef WANT_PIDFILE 1097 if (context->pidfile) 1098 { 1099 DBusString u; 1100 _dbus_string_init_const (&u, context->pidfile); 1101 1102 /* Deliberately ignore errors here, since there's not much 1103 * we can do about it, and we're exiting anyways. 1104 */ 1105 _dbus_delete_file (&u, NULL); 1106 1107 dbus_free (context->pidfile); 1108 } 1109#endif 1110 1111 dbus_free (context); 1112 1113 dbus_server_free_data_slot (&server_data_slot); 1114 } 1115} 1116 1117/* type may be NULL */ 1118const char* 1119bus_context_get_type (BusContext *context) 1120{ 1121 return context->type; 1122} 1123 1124const char* 1125bus_context_get_address (BusContext *context) 1126{ 1127 return context->address; 1128} 1129 1130const char* 1131bus_context_get_servicehelper (BusContext *context) 1132{ 1133 return context->servicehelper; 1134} 1135 1136dbus_bool_t 1137bus_context_get_systemd_activation (BusContext *context) 1138{ 1139 return context->systemd_activation; 1140} 1141 1142BusRegistry* 1143bus_context_get_registry (BusContext *context) 1144{ 1145 return context->registry; 1146} 1147 1148BusConnections* 1149bus_context_get_connections (BusContext *context) 1150{ 1151 return context->connections; 1152} 1153 1154BusActivation* 1155bus_context_get_activation (BusContext *context) 1156{ 1157 return context->activation; 1158} 1159 1160BusMatchmaker* 1161bus_context_get_matchmaker (BusContext *context) 1162{ 1163 return context->matchmaker; 1164} 1165 1166DBusLoop* 1167bus_context_get_loop (BusContext *context) 1168{ 1169 return context->loop; 1170} 1171 1172dbus_bool_t 1173bus_context_allow_unix_user (BusContext *context, 1174 unsigned long uid) 1175{ 1176 return bus_policy_allow_unix_user (context->policy, 1177 uid); 1178} 1179 1180/* For now this is never actually called because the default 1181 * DBusConnection behavior of 'same user that owns the bus can connect' 1182 * is all it would do. 1183 */ 1184dbus_bool_t 1185bus_context_allow_windows_user (BusContext *context, 1186 const char *windows_sid) 1187{ 1188 return bus_policy_allow_windows_user (context->policy, 1189 windows_sid); 1190} 1191 1192BusPolicy * 1193bus_context_get_policy (BusContext *context) 1194{ 1195 return context->policy; 1196} 1197 1198BusClientPolicy* 1199bus_context_create_client_policy (BusContext *context, 1200 DBusConnection *connection, 1201 DBusError *error) 1202{ 1203 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 1204 return bus_policy_create_client_policy (context->policy, connection, 1205 error); 1206} 1207 1208int 1209bus_context_get_activation_timeout (BusContext *context) 1210{ 1211 1212 return context->limits.activation_timeout; 1213} 1214 1215int 1216bus_context_get_auth_timeout (BusContext *context) 1217{ 1218 return context->limits.auth_timeout; 1219} 1220 1221int 1222bus_context_get_max_completed_connections (BusContext *context) 1223{ 1224 return context->limits.max_completed_connections; 1225} 1226 1227int 1228bus_context_get_max_incomplete_connections (BusContext *context) 1229{ 1230 return context->limits.max_incomplete_connections; 1231} 1232 1233int 1234bus_context_get_max_connections_per_user (BusContext *context) 1235{ 1236 return context->limits.max_connections_per_user; 1237} 1238 1239int 1240bus_context_get_max_pending_activations (BusContext *context) 1241{ 1242 return context->limits.max_pending_activations; 1243} 1244 1245int 1246bus_context_get_max_services_per_connection (BusContext *context) 1247{ 1248 return context->limits.max_services_per_connection; 1249} 1250 1251int 1252bus_context_get_max_match_rules_per_connection (BusContext *context) 1253{ 1254 return context->limits.max_match_rules_per_connection; 1255} 1256 1257int 1258bus_context_get_max_replies_per_connection (BusContext *context) 1259{ 1260 return context->limits.max_replies_per_connection; 1261} 1262 1263int 1264bus_context_get_reply_timeout (BusContext *context) 1265{ 1266 return context->limits.reply_timeout; 1267} 1268 1269void 1270bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...) _DBUS_GNUC_PRINTF (3, 4); 1271 1272void 1273bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...) 1274{ 1275 va_list args; 1276 1277 if (!context->syslog) 1278 return; 1279 1280 va_start (args, msg); 1281 1282 if (context->log_prefix) 1283 { 1284 DBusString full_msg; 1285 1286 if (!_dbus_string_init (&full_msg)) 1287 goto out; 1288 if (!_dbus_string_append (&full_msg, context->log_prefix)) 1289 goto oom_out; 1290 if (!_dbus_string_append_printf_valist (&full_msg, msg, args)) 1291 goto oom_out; 1292 1293 _dbus_system_log (severity, "%s", _dbus_string_get_const_data (&full_msg)); 1294 oom_out: 1295 _dbus_string_free (&full_msg); 1296 } 1297 else 1298 _dbus_system_logv (severity, msg, args); 1299 1300out: 1301 va_end (args); 1302} 1303 1304/* 1305 * addressed_recipient is the recipient specified in the message. 1306 * 1307 * proposed_recipient is the recipient we're considering sending 1308 * to right this second, and may be an eavesdropper. 1309 * 1310 * sender is the sender of the message. 1311 * 1312 * NULL for proposed_recipient or sender definitely means the bus driver. 1313 * 1314 * NULL for addressed_recipient may mean the bus driver, or may mean 1315 * no destination was specified in the message (e.g. a signal). 1316 */ 1317dbus_bool_t 1318bus_context_check_security_policy (BusContext *context, 1319 BusTransaction *transaction, 1320 DBusConnection *sender, 1321 DBusConnection *addressed_recipient, 1322 DBusConnection *proposed_recipient, 1323 DBusMessage *message, 1324 DBusError *error) 1325{ 1326 const char *dest; 1327 BusClientPolicy *sender_policy; 1328 BusClientPolicy *recipient_policy; 1329 dbus_int32_t toggles; 1330 dbus_bool_t log; 1331 int type; 1332 dbus_bool_t requested_reply; 1333 const char *sender_name; 1334 const char *sender_loginfo; 1335 const char *proposed_recipient_loginfo; 1336 1337 type = dbus_message_get_type (message); 1338 dest = dbus_message_get_destination (message); 1339 1340 /* dispatch.c was supposed to ensure these invariants */ 1341 _dbus_assert (dest != NULL || 1342 type == DBUS_MESSAGE_TYPE_SIGNAL || 1343 (sender == NULL && !bus_connection_is_active (proposed_recipient))); 1344 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL || 1345 addressed_recipient != NULL || 1346 strcmp (dest, DBUS_SERVICE_DBUS) == 0); 1347 1348 /* Used in logging below */ 1349 if (sender != NULL) 1350 { 1351 sender_name = bus_connection_get_name (sender); 1352 sender_loginfo = bus_connection_get_loginfo (sender); 1353 } 1354 else 1355 { 1356 sender_name = NULL; 1357 sender_loginfo = "(bus)"; 1358 } 1359 1360 if (proposed_recipient != NULL) 1361 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient); 1362 else 1363 proposed_recipient_loginfo = "bus"; 1364 1365 switch (type) 1366 { 1367 case DBUS_MESSAGE_TYPE_METHOD_CALL: 1368 case DBUS_MESSAGE_TYPE_SIGNAL: 1369 case DBUS_MESSAGE_TYPE_METHOD_RETURN: 1370 case DBUS_MESSAGE_TYPE_ERROR: 1371 break; 1372 1373 default: 1374 _dbus_verbose ("security check disallowing message of unknown type %d\n", 1375 type); 1376 1377 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1378 "Message bus will not accept messages of unknown type\n"); 1379 1380 return FALSE; 1381 } 1382 1383 requested_reply = FALSE; 1384 1385 if (sender != NULL) 1386 { 1387 /* First verify the SELinux access controls. If allowed then 1388 * go on with the standard checks. 1389 */ 1390 if (!bus_selinux_allows_send (sender, proposed_recipient, 1391 dbus_message_type_to_string (dbus_message_get_type (message)), 1392 dbus_message_get_interface (message), 1393 dbus_message_get_member (message), 1394 dbus_message_get_error_name (message), 1395 dest ? dest : DBUS_SERVICE_DBUS, error)) 1396 { 1397 if (error != NULL && !dbus_error_is_set (error)) 1398 { 1399 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1400 "An SELinux policy prevents this sender " 1401 "from sending this message to this recipient " 1402 "(rejected message had sender \"%s\" interface \"%s\" " 1403 "member \"%s\" error name \"%s\" destination \"%s\")", 1404 sender_name ? sender_name : "(unset)", 1405 dbus_message_get_interface (message) ? 1406 dbus_message_get_interface (message) : "(unset)", 1407 dbus_message_get_member (message) ? 1408 dbus_message_get_member (message) : "(unset)", 1409 dbus_message_get_error_name (message) ? 1410 dbus_message_get_error_name (message) : "(unset)", 1411 dest ? dest : DBUS_SERVICE_DBUS); 1412 _dbus_verbose ("SELinux security check denying send to service\n"); 1413 } 1414 1415 return FALSE; 1416 } 1417 1418 if (bus_connection_is_active (sender)) 1419 { 1420 sender_policy = bus_connection_get_policy (sender); 1421 _dbus_assert (sender_policy != NULL); 1422 1423 /* Fill in requested_reply variable with TRUE if this is a 1424 * reply and the reply was pending. 1425 */ 1426 if (dbus_message_get_reply_serial (message) != 0) 1427 { 1428 if (proposed_recipient != NULL /* not to the bus driver */ && 1429 addressed_recipient == proposed_recipient /* not eavesdropping */) 1430 { 1431 DBusError error2; 1432 1433 dbus_error_init (&error2); 1434 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender), 1435 transaction, 1436 sender, addressed_recipient, message, 1437 &error2); 1438 if (dbus_error_is_set (&error2)) 1439 { 1440 dbus_move_error (&error2, error); 1441 return FALSE; 1442 } 1443 } 1444 } 1445 } 1446 else 1447 { 1448 /* Policy for inactive connections is that they can only send 1449 * the hello message to the bus driver 1450 */ 1451 if (proposed_recipient == NULL && 1452 dbus_message_is_method_call (message, 1453 DBUS_INTERFACE_DBUS, 1454 "Hello")) 1455 { 1456 _dbus_verbose ("security check allowing %s message\n", 1457 "Hello"); 1458 return TRUE; 1459 } 1460 else 1461 { 1462 _dbus_verbose ("security check disallowing non-%s message\n", 1463 "Hello"); 1464 1465 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1466 "Client tried to send a message other than %s without being registered", 1467 "Hello"); 1468 1469 return FALSE; 1470 } 1471 } 1472 } 1473 else 1474 { 1475 sender_policy = NULL; 1476 1477 /* If the sender is the bus driver, we assume any reply was a 1478 * requested reply as bus driver won't send bogus ones 1479 */ 1480 if (addressed_recipient == proposed_recipient /* not eavesdropping */ && 1481 dbus_message_get_reply_serial (message) != 0) 1482 requested_reply = TRUE; 1483 } 1484 1485 _dbus_assert ((sender != NULL && sender_policy != NULL) || 1486 (sender == NULL && sender_policy == NULL)); 1487 1488 if (proposed_recipient != NULL) 1489 { 1490 /* only the bus driver can send to an inactive recipient (as it 1491 * owns no services, so other apps can't address it). Inactive 1492 * recipients can receive any message. 1493 */ 1494 if (bus_connection_is_active (proposed_recipient)) 1495 { 1496 recipient_policy = bus_connection_get_policy (proposed_recipient); 1497 _dbus_assert (recipient_policy != NULL); 1498 } 1499 else if (sender == NULL) 1500 { 1501 _dbus_verbose ("security check using NULL recipient policy for message from bus\n"); 1502 recipient_policy = NULL; 1503 } 1504 else 1505 { 1506 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n"); 1507 recipient_policy = NULL; 1508 } 1509 } 1510 else 1511 recipient_policy = NULL; 1512 1513 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) || 1514 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) || 1515 (proposed_recipient == NULL && recipient_policy == NULL)); 1516 1517 log = FALSE; 1518 if (sender_policy && 1519 !bus_client_policy_check_can_send (sender_policy, 1520 context->registry, 1521 requested_reply, 1522 proposed_recipient, 1523 message, &toggles, &log)) 1524 { 1525 const char *msg = "Rejected send message, %d matched rules; " 1526 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))"; 1527 1528 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg, 1529 toggles, 1530 dbus_message_type_to_string (dbus_message_get_type (message)), 1531 sender_name ? sender_name : "(unset)", 1532 sender_loginfo, 1533 dbus_message_get_interface (message) ? 1534 dbus_message_get_interface (message) : "(unset)", 1535 dbus_message_get_member (message) ? 1536 dbus_message_get_member (message) : "(unset)", 1537 dbus_message_get_error_name (message) ? 1538 dbus_message_get_error_name (message) : "(unset)", 1539 requested_reply, 1540 dest ? dest : DBUS_SERVICE_DBUS, 1541 proposed_recipient_loginfo); 1542 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ 1543 if (addressed_recipient == proposed_recipient) 1544 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg, 1545 toggles, 1546 dbus_message_type_to_string (dbus_message_get_type (message)), 1547 sender_name ? sender_name : "(unset)", 1548 sender_loginfo, 1549 dbus_message_get_interface (message) ? 1550 dbus_message_get_interface (message) : "(unset)", 1551 dbus_message_get_member (message) ? 1552 dbus_message_get_member (message) : "(unset)", 1553 dbus_message_get_error_name (message) ? 1554 dbus_message_get_error_name (message) : "(unset)", 1555 requested_reply, 1556 dest ? dest : DBUS_SERVICE_DBUS, 1557 proposed_recipient_loginfo); 1558 _dbus_verbose ("security policy disallowing message due to sender policy\n"); 1559 return FALSE; 1560 } 1561 1562 if (log) 1563 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, 1564 "Would reject message, %d matched rules; " 1565 "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))", 1566 toggles, 1567 dbus_message_type_to_string (dbus_message_get_type (message)), 1568 sender_name ? sender_name : "(unset)", 1569 sender_loginfo, 1570 dbus_message_get_interface (message) ? 1571 dbus_message_get_interface (message) : "(unset)", 1572 dbus_message_get_member (message) ? 1573 dbus_message_get_member (message) : "(unset)", 1574 dbus_message_get_error_name (message) ? 1575 dbus_message_get_error_name (message) : "(unset)", 1576 requested_reply, 1577 dest ? dest : DBUS_SERVICE_DBUS, 1578 proposed_recipient_loginfo); 1579 1580 if (recipient_policy && 1581 !bus_client_policy_check_can_receive (recipient_policy, 1582 context->registry, 1583 requested_reply, 1584 sender, 1585 addressed_recipient, proposed_recipient, 1586 message, &toggles)) 1587 { 1588 const char *msg = "Rejected receive message, %d matched rules; " 1589 "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))"; 1590 1591 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg, 1592 toggles, 1593 dbus_message_type_to_string (dbus_message_get_type (message)), 1594 sender_name ? sender_name : "(unset)", 1595 sender_loginfo, 1596 dbus_message_get_interface (message) ? 1597 dbus_message_get_interface (message) : "(unset)", 1598 dbus_message_get_member (message) ? 1599 dbus_message_get_member (message) : "(unset)", 1600 dbus_message_get_error_name (message) ? 1601 dbus_message_get_error_name (message) : "(unset)", 1602 dbus_message_get_reply_serial (message), 1603 requested_reply, 1604 dest ? dest : DBUS_SERVICE_DBUS, 1605 proposed_recipient_loginfo); 1606 /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ 1607 if (addressed_recipient == proposed_recipient) 1608 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, msg, 1609 toggles, 1610 dbus_message_type_to_string (dbus_message_get_type (message)), 1611 sender_name ? sender_name : "(unset)", 1612 sender_loginfo, 1613 dbus_message_get_interface (message) ? 1614 dbus_message_get_interface (message) : "(unset)", 1615 dbus_message_get_member (message) ? 1616 dbus_message_get_member (message) : "(unset)", 1617 dbus_message_get_error_name (message) ? 1618 dbus_message_get_error_name (message) : "(unset)", 1619 dbus_message_get_reply_serial (message), 1620 requested_reply, 1621 dest ? dest : DBUS_SERVICE_DBUS, 1622 proposed_recipient_loginfo); 1623 _dbus_verbose ("security policy disallowing message due to recipient policy\n"); 1624 return FALSE; 1625 } 1626 1627 /* See if limits on size have been exceeded */ 1628 if (proposed_recipient && 1629 ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) || 1630 (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds))) 1631 { 1632 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, 1633 "The destination service \"%s\" has a full message queue", 1634 dest ? dest : (proposed_recipient ? 1635 bus_connection_get_name (proposed_recipient) : 1636 DBUS_SERVICE_DBUS)); 1637 _dbus_verbose ("security policy disallowing message due to full message queue\n"); 1638 return FALSE; 1639 } 1640 1641 /* Record that we will allow a reply here in the future (don't 1642 * bother if the recipient is the bus or this is an eavesdropping 1643 * connection). Only the addressed recipient may reply. 1644 */ 1645 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL && 1646 sender && 1647 addressed_recipient && 1648 addressed_recipient == proposed_recipient && /* not eavesdropping */ 1649 !bus_connections_expect_reply (bus_connection_get_connections (sender), 1650 transaction, 1651 sender, addressed_recipient, 1652 message, error)) 1653 { 1654 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); 1655 return FALSE; 1656 } 1657 1658 _dbus_verbose ("security policy allowing message\n"); 1659 return TRUE; 1660} 1661