sl@0: /* -*- mode: C; c-file-style: "gnu" -*- */ sl@0: /* bus.c message bus context object sl@0: * sl@0: * Copyright (C) 2003, 2004 Red Hat, Inc. sl@0: * Portion Copyright © 2008 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. sl@0: * Licensed under the Academic Free License version 2.1 sl@0: * sl@0: * This program is free software; you can redistribute it and/or modify sl@0: * it under the terms of the GNU General Public License as published by sl@0: * the Free Software Foundation; either version 2 of the License, or sl@0: * (at your option) any later version. sl@0: * sl@0: * This program is distributed in the hope that it will be useful, sl@0: * but WITHOUT ANY WARRANTY; without even the implied warranty of sl@0: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the sl@0: * GNU General Public License for more details. sl@0: * sl@0: * You should have received a copy of the GNU General Public License sl@0: * along with this program; if not, write to the Free Software sl@0: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA sl@0: * sl@0: */ sl@0: sl@0: #include "bus.h" sl@0: #include "activation.h" sl@0: #include "connection.h" sl@0: #include "services.h" sl@0: #include "utils.h" sl@0: #include "policy.h" sl@0: #include "config-parser.h" sl@0: #include "signals.h" sl@0: #include "selinux.h" sl@0: #include "dir-watch.h" sl@0: #ifndef __SYMBIAN32__ sl@0: #include sl@0: #include sl@0: #include sl@0: #else sl@0: #include "dbus-list.h" sl@0: #include "dbus-hash.h" sl@0: #include "dbus-internals.h" sl@0: #endif sl@0: sl@0: struct BusContext sl@0: { sl@0: int refcount; sl@0: char *config_file; sl@0: char *type; sl@0: char *address; sl@0: char *pidfile; sl@0: char *user; sl@0: DBusLoop *loop; sl@0: DBusList *servers; sl@0: BusConnections *connections; sl@0: BusActivation *activation; sl@0: BusRegistry *registry; sl@0: BusPolicy *policy; sl@0: BusMatchmaker *matchmaker; sl@0: DBusUserDatabase *user_database; sl@0: BusLimits limits; sl@0: unsigned int fork : 1; sl@0: }; sl@0: sl@0: static dbus_int32_t server_data_slot = -1; sl@0: sl@0: typedef struct sl@0: { sl@0: BusContext *context; sl@0: } BusServerData; sl@0: sl@0: #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot)) sl@0: sl@0: static BusContext* sl@0: server_get_context (DBusServer *server) sl@0: { sl@0: BusContext *context; sl@0: BusServerData *bd; sl@0: sl@0: if (!dbus_server_allocate_data_slot (&server_data_slot)) sl@0: return NULL; sl@0: sl@0: bd = BUS_SERVER_DATA (server); sl@0: if (bd == NULL) sl@0: { sl@0: dbus_server_free_data_slot (&server_data_slot); sl@0: return NULL; sl@0: } sl@0: sl@0: context = bd->context; sl@0: sl@0: dbus_server_free_data_slot (&server_data_slot); sl@0: sl@0: return context; sl@0: } sl@0: sl@0: static dbus_bool_t sl@0: server_watch_callback (DBusWatch *watch, sl@0: unsigned int condition, sl@0: void *data) sl@0: { sl@0: /* FIXME this can be done in dbus-mainloop.c sl@0: * if the code in activation.c for the babysitter sl@0: * watch handler is fixed. sl@0: */ sl@0: sl@0: return dbus_watch_handle (watch, condition); sl@0: } sl@0: sl@0: static dbus_bool_t sl@0: add_server_watch (DBusWatch *watch, sl@0: void *data) sl@0: { sl@0: DBusServer *server = data; sl@0: BusContext *context; sl@0: sl@0: context = server_get_context (server); sl@0: sl@0: return _dbus_loop_add_watch (context->loop, sl@0: watch, server_watch_callback, server, sl@0: NULL); sl@0: } sl@0: sl@0: static void sl@0: remove_server_watch (DBusWatch *watch, sl@0: void *data) sl@0: { sl@0: DBusServer *server = data; sl@0: BusContext *context; sl@0: sl@0: context = server_get_context (server); sl@0: sl@0: _dbus_loop_remove_watch (context->loop, sl@0: watch, server_watch_callback, server); sl@0: } sl@0: sl@0: sl@0: static void sl@0: server_timeout_callback (DBusTimeout *timeout, sl@0: void *data) sl@0: { sl@0: /* can return FALSE on OOM but we just let it fire again later */ sl@0: dbus_timeout_handle (timeout); sl@0: } sl@0: sl@0: static dbus_bool_t sl@0: add_server_timeout (DBusTimeout *timeout, sl@0: void *data) sl@0: { sl@0: DBusServer *server = data; sl@0: BusContext *context; sl@0: sl@0: context = server_get_context (server); sl@0: sl@0: return _dbus_loop_add_timeout (context->loop, sl@0: timeout, server_timeout_callback, server, NULL); sl@0: } sl@0: sl@0: static void sl@0: remove_server_timeout (DBusTimeout *timeout, sl@0: void *data) sl@0: { sl@0: DBusServer *server = data; sl@0: BusContext *context; sl@0: sl@0: context = server_get_context (server); sl@0: sl@0: _dbus_loop_remove_timeout (context->loop, sl@0: timeout, server_timeout_callback, server); sl@0: } sl@0: sl@0: static void sl@0: new_connection_callback (DBusServer *server, sl@0: DBusConnection *new_connection, sl@0: void *data) sl@0: { sl@0: BusContext *context = data; sl@0: sl@0: if (!bus_connections_setup_connection (context->connections, new_connection)) sl@0: { sl@0: _dbus_verbose ("No memory to setup new connection\n"); sl@0: sl@0: /* if we don't do this, it will get unref'd without sl@0: * being disconnected... kind of strange really sl@0: * that we have to do this, people won't get it right sl@0: * in general. sl@0: */ sl@0: dbus_connection_close (new_connection); sl@0: } sl@0: sl@0: dbus_connection_set_max_received_size (new_connection, sl@0: context->limits.max_incoming_bytes); sl@0: sl@0: dbus_connection_set_max_message_size (new_connection, sl@0: context->limits.max_message_size); sl@0: sl@0: /* on OOM, we won't have ref'd the connection so it will die. */ sl@0: } sl@0: sl@0: static void sl@0: free_server_data (void *data) sl@0: { sl@0: BusServerData *bd = data; sl@0: sl@0: dbus_free (bd); sl@0: } sl@0: sl@0: static dbus_bool_t sl@0: setup_server (BusContext *context, sl@0: DBusServer *server, sl@0: char **auth_mechanisms, sl@0: DBusError *error) sl@0: { sl@0: BusServerData *bd; sl@0: sl@0: bd = dbus_new0 (BusServerData, 1); sl@0: if (!dbus_server_set_data (server, sl@0: server_data_slot, sl@0: bd, free_server_data)) sl@0: { sl@0: dbus_free (bd); sl@0: BUS_SET_OOM (error); sl@0: return FALSE; sl@0: } sl@0: sl@0: bd->context = context; sl@0: sl@0: if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: return FALSE; sl@0: } sl@0: sl@0: dbus_server_set_new_connection_function (server, sl@0: new_connection_callback, sl@0: context, NULL); sl@0: sl@0: if (!dbus_server_set_watch_functions (server, sl@0: add_server_watch, sl@0: remove_server_watch, sl@0: NULL, sl@0: server, sl@0: NULL)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: return FALSE; sl@0: } sl@0: sl@0: if (!dbus_server_set_timeout_functions (server, sl@0: add_server_timeout, sl@0: remove_server_timeout, sl@0: NULL, sl@0: server, NULL)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: return FALSE; sl@0: } sl@0: sl@0: return TRUE; sl@0: } sl@0: sl@0: /* This code only gets executed the first time the sl@0: config files are parsed. It is not executed sl@0: when config files are reloaded.*/ sl@0: static dbus_bool_t sl@0: process_config_first_time_only (BusContext *context, sl@0: BusConfigParser *parser, sl@0: DBusError *error) sl@0: { sl@0: DBusList *link; sl@0: DBusList **addresses; sl@0: const char *user, *pidfile; sl@0: char **auth_mechanisms; sl@0: DBusList **auth_mechanisms_list; sl@0: int len; sl@0: dbus_bool_t retval; sl@0: sl@0: _DBUS_ASSERT_ERROR_IS_CLEAR (error); sl@0: sl@0: retval = FALSE; sl@0: auth_mechanisms = NULL; sl@0: sl@0: /* Check for an existing pid file. Of course this is a race; sl@0: * we'd have to use fcntl() locks on the pid file to sl@0: * avoid that. But we want to check for the pid file sl@0: * before overwriting any existing sockets, etc. sl@0: */ sl@0: pidfile = bus_config_parser_get_pidfile (parser); sl@0: if (pidfile != NULL) sl@0: { sl@0: DBusString u; sl@0: DBusStat stbuf; sl@0: sl@0: _dbus_string_init_const (&u, pidfile); sl@0: sl@0: if (_dbus_stat (&u, &stbuf, NULL)) sl@0: { sl@0: dbus_set_error (error, DBUS_ERROR_FAILED, sl@0: "The pid file \"%s\" exists, if the message bus is not running, remove this file", sl@0: pidfile); sl@0: goto failed; sl@0: } sl@0: } sl@0: sl@0: /* keep around the pid filename so we can delete it later */ sl@0: context->pidfile = _dbus_strdup (pidfile); sl@0: sl@0: /* Build an array of auth mechanisms */ sl@0: sl@0: auth_mechanisms_list = bus_config_parser_get_mechanisms (parser); sl@0: len = _dbus_list_get_length (auth_mechanisms_list); sl@0: sl@0: if (len > 0) sl@0: { sl@0: int i; sl@0: sl@0: auth_mechanisms = dbus_new0 (char*, len + 1); sl@0: if (auth_mechanisms == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: i = 0; sl@0: link = _dbus_list_get_first_link (auth_mechanisms_list); sl@0: while (link != NULL) sl@0: { sl@0: auth_mechanisms[i] = _dbus_strdup (link->data); sl@0: if (auth_mechanisms[i] == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: link = _dbus_list_get_next_link (auth_mechanisms_list, link); sl@0: } sl@0: } sl@0: else sl@0: { sl@0: auth_mechanisms = NULL; sl@0: } sl@0: sl@0: /* Listen on our addresses */ sl@0: sl@0: addresses = bus_config_parser_get_addresses (parser); sl@0: sl@0: link = _dbus_list_get_first_link (addresses); sl@0: while (link != NULL) sl@0: { sl@0: DBusServer *server; sl@0: sl@0: server = dbus_server_listen (link->data, error); sl@0: if (server == NULL) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: else if (!setup_server (context, server, auth_mechanisms, error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: sl@0: if (!_dbus_list_append (&context->servers, server)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: link = _dbus_list_get_next_link (addresses, link); sl@0: } sl@0: sl@0: /* note that type may be NULL */ sl@0: context->type = _dbus_strdup (bus_config_parser_get_type (parser)); sl@0: if (bus_config_parser_get_type (parser) != NULL && context->type == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: user = bus_config_parser_get_user (parser); sl@0: if (user != NULL) sl@0: { sl@0: context->user = _dbus_strdup (user); sl@0: if (context->user == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: } sl@0: sl@0: context->fork = bus_config_parser_get_fork (parser); sl@0: sl@0: _DBUS_ASSERT_ERROR_IS_CLEAR (error); sl@0: retval = TRUE; sl@0: sl@0: failed: sl@0: dbus_free_string_array (auth_mechanisms); sl@0: return retval; sl@0: } sl@0: sl@0: /* This code gets executed every time the config files sl@0: are parsed: both during BusContext construction sl@0: and on reloads. */ sl@0: static dbus_bool_t sl@0: process_config_every_time (BusContext *context, sl@0: BusConfigParser *parser, sl@0: dbus_bool_t is_reload, sl@0: DBusError *error) sl@0: { sl@0: DBusString full_address; sl@0: DBusList *link; sl@0: char *addr; sl@0: sl@0: dbus_bool_t retval; sl@0: sl@0: _DBUS_ASSERT_ERROR_IS_CLEAR (error); sl@0: sl@0: addr = NULL; sl@0: retval = FALSE; sl@0: sl@0: if (!_dbus_string_init (&full_address)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: return FALSE; sl@0: } sl@0: sl@0: /* get our limits and timeout lengths */ sl@0: bus_config_parser_get_limits (parser, &context->limits); sl@0: sl@0: context->policy = bus_config_parser_steal_policy (parser); sl@0: _dbus_assert (context->policy != NULL); sl@0: sl@0: /* We have to build the address backward, so that sl@0: * later in the config file have priority sl@0: */ sl@0: link = _dbus_list_get_last_link (&context->servers); sl@0: while (link != NULL) sl@0: { sl@0: addr = dbus_server_get_address (link->data); sl@0: if (addr == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: if (_dbus_string_get_length (&full_address) > 0) sl@0: { sl@0: if (!_dbus_string_append (&full_address, ";")) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: } sl@0: sl@0: if (!_dbus_string_append (&full_address, addr)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: dbus_free (addr); sl@0: addr = NULL; sl@0: sl@0: link = _dbus_list_get_prev_link (&context->servers, link); sl@0: } sl@0: sl@0: if (is_reload) sl@0: dbus_free (context->address); sl@0: sl@0: if (!_dbus_string_copy_data (&full_address, &context->address)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: /* Create activation subsystem */ sl@0: sl@0: if (is_reload) sl@0: bus_activation_unref (context->activation); sl@0: sl@0: context->activation = bus_activation_new (context, &full_address, sl@0: bus_config_parser_get_service_dirs (parser), sl@0: error); sl@0: if (context->activation == NULL) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: sl@0: /* Drop existing conf-dir watches (if applicable) */ sl@0: sl@0: if (is_reload) sl@0: bus_drop_all_directory_watches (); sl@0: sl@0: _DBUS_ASSERT_ERROR_IS_CLEAR (error); sl@0: retval = TRUE; sl@0: sl@0: failed: sl@0: _dbus_string_free (&full_address); sl@0: sl@0: if (addr) sl@0: dbus_free (addr); sl@0: sl@0: return retval; sl@0: } sl@0: sl@0: static dbus_bool_t sl@0: process_config_postinit (BusContext *context, sl@0: BusConfigParser *parser, sl@0: DBusError *error) sl@0: { sl@0: DBusHashTable *service_context_table; sl@0: sl@0: service_context_table = bus_config_parser_steal_service_context_table (parser); sl@0: if (!bus_registry_set_service_context_table (context->registry, sl@0: service_context_table)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: return FALSE; sl@0: } sl@0: sl@0: _dbus_hash_table_unref (service_context_table); sl@0: sl@0: /* Watch all conf directories */ sl@0: _dbus_list_foreach (bus_config_parser_get_conf_dirs (parser), sl@0: (DBusForeachFunction) bus_watch_directory, sl@0: context); sl@0: sl@0: return TRUE; sl@0: } sl@0: sl@0: BusContext* sl@0: bus_context_new (const DBusString *config_file, sl@0: ForceForkSetting force_fork, sl@0: int print_addr_fd, sl@0: int print_pid_fd, sl@0: DBusError *error) sl@0: { sl@0: BusContext *context; sl@0: BusConfigParser *parser; sl@0: DBusCredentials creds; sl@0: sl@0: _DBUS_ASSERT_ERROR_IS_CLEAR (error); sl@0: sl@0: context = NULL; sl@0: parser = NULL; sl@0: sl@0: if (!dbus_server_allocate_data_slot (&server_data_slot)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: return NULL; sl@0: } sl@0: sl@0: context = dbus_new0 (BusContext, 1); sl@0: if (context == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: context->refcount = 1; sl@0: sl@0: if (!_dbus_string_copy_data (config_file, &context->config_file)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: context->loop = _dbus_loop_new (); sl@0: if (context->loop == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: context->registry = bus_registry_new (context); sl@0: if (context->registry == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: parser = bus_config_load (config_file, TRUE, NULL, error); sl@0: if (parser == NULL) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: sl@0: if (!process_config_first_time_only (context, parser, error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: if (!process_config_every_time (context, parser, FALSE, error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: sl@0: /* we need another ref of the server data slot for the context sl@0: * to own sl@0: */ sl@0: if (!dbus_server_allocate_data_slot (&server_data_slot)) sl@0: _dbus_assert_not_reached ("second ref of server data slot failed"); sl@0: sl@0: context->user_database = _dbus_user_database_new (); sl@0: if (context->user_database == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: /* Note that we don't know whether the print_addr_fd is sl@0: * one of the sockets we're using to listen on, or some sl@0: * other random thing. But I think the answer is "don't do sl@0: * that then" sl@0: */ sl@0: if (print_addr_fd >= 0) sl@0: { sl@0: DBusString addr; sl@0: const char *a = bus_context_get_address (context); sl@0: int bytes; sl@0: sl@0: _dbus_assert (a != NULL); sl@0: if (!_dbus_string_init (&addr)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: sl@0: sl@0: #ifndef __SYMBIAN32__ sl@0: if (!_dbus_string_append (&addr, a) || sl@0: !_dbus_string_append (&addr, "\n")) sl@0: #else sl@0: if (!_dbus_string_append (&addr, a) ) sl@0: sl@0: #endif sl@0: { sl@0: _dbus_string_free (&addr); sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: sl@0: bytes = _dbus_string_get_length (&addr); sl@0: if (_dbus_write_socket (print_addr_fd, &addr, 0, bytes) != bytes) sl@0: { sl@0: dbus_set_error (error, DBUS_ERROR_FAILED, sl@0: "Printing message bus address: %s\n", sl@0: _dbus_strerror (errno)); sl@0: _dbus_string_free (&addr); sl@0: goto failed; sl@0: } sl@0: sl@0: if (print_addr_fd > 2) sl@0: _dbus_close_socket (print_addr_fd, NULL); sl@0: sl@0: _dbus_string_free (&addr); sl@0: } sl@0: sl@0: context->connections = bus_connections_new (context); sl@0: if (context->connections == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: context->matchmaker = bus_matchmaker_new (); sl@0: if (context->matchmaker == NULL) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: /* check user before we fork */ sl@0: if (context->user != NULL) sl@0: { sl@0: DBusString u; sl@0: sl@0: _dbus_string_init_const (&u, context->user); sl@0: sl@0: if (!_dbus_credentials_from_username (&u, &creds) || sl@0: creds.uid < 0 || sl@0: creds.gid < 0) sl@0: { sl@0: dbus_set_error (error, DBUS_ERROR_FAILED, sl@0: "Could not get UID and GID for username \"%s\"", sl@0: context->user); sl@0: goto failed; sl@0: } sl@0: } sl@0: sl@0: /* Now become a daemon if appropriate */ sl@0: if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS) sl@0: { sl@0: DBusString u; sl@0: sl@0: if (context->pidfile) sl@0: _dbus_string_init_const (&u, context->pidfile); sl@0: sl@0: if (!_dbus_become_daemon (context->pidfile ? &u : NULL, sl@0: print_pid_fd, sl@0: error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: } sl@0: else sl@0: { sl@0: /* Need to write PID file for ourselves, not for the child process */ sl@0: if (context->pidfile != NULL) sl@0: { sl@0: DBusString u; sl@0: sl@0: _dbus_string_init_const (&u, context->pidfile); sl@0: sl@0: if (!_dbus_write_pid_file (&u, _dbus_getpid (), error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: } sl@0: } sl@0: sl@0: /* Write PID if requested */ sl@0: if (print_pid_fd >= 0) sl@0: { sl@0: DBusString pid; sl@0: int bytes; sl@0: sl@0: if (!_dbus_string_init (&pid)) sl@0: { sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: if (!_dbus_string_append_int (&pid, _dbus_getpid ()) || sl@0: !_dbus_string_append (&pid, "\n")) sl@0: { sl@0: _dbus_string_free (&pid); sl@0: BUS_SET_OOM (error); sl@0: goto failed; sl@0: } sl@0: sl@0: bytes = _dbus_string_get_length (&pid); sl@0: if (_dbus_write_socket (print_pid_fd, &pid, 0, bytes) != bytes) sl@0: { sl@0: dbus_set_error (error, DBUS_ERROR_FAILED, sl@0: "Printing message bus PID: %s\n", sl@0: _dbus_strerror (errno)); sl@0: _dbus_string_free (&pid); sl@0: goto failed; sl@0: } sl@0: sl@0: if (print_pid_fd > 2) sl@0: _dbus_close_socket (print_pid_fd, NULL); sl@0: sl@0: _dbus_string_free (&pid); sl@0: } sl@0: sl@0: if (!bus_selinux_full_init ()) sl@0: { sl@0: _dbus_warn ("SELinux initialization failed\n"); sl@0: } sl@0: sl@0: if (!process_config_postinit (context, parser, error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: sl@0: if (parser != NULL) sl@0: { sl@0: bus_config_parser_unref (parser); sl@0: parser = NULL; sl@0: } sl@0: sl@0: /* Here we change our credentials if required, sl@0: * as soon as we've set up our sockets and pidfile sl@0: */ sl@0: if (context->user != NULL) sl@0: { sl@0: if (!_dbus_change_identity (creds.uid, creds.gid, error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: } sl@0: sl@0: dbus_server_free_data_slot (&server_data_slot); sl@0: sl@0: return context; sl@0: sl@0: failed: sl@0: if (parser != NULL) sl@0: bus_config_parser_unref (parser); sl@0: if (context != NULL) sl@0: bus_context_unref (context); sl@0: sl@0: if (server_data_slot >= 0) sl@0: dbus_server_free_data_slot (&server_data_slot); sl@0: sl@0: return NULL; sl@0: } sl@0: sl@0: dbus_bool_t sl@0: bus_context_reload_config (BusContext *context, sl@0: DBusError *error) sl@0: { sl@0: BusConfigParser *parser; sl@0: DBusString config_file; sl@0: dbus_bool_t ret; sl@0: sl@0: /* Flush the user database cache */ sl@0: _dbus_user_database_flush(context->user_database); sl@0: sl@0: ret = FALSE; sl@0: _dbus_string_init_const (&config_file, context->config_file); sl@0: parser = bus_config_load (&config_file, TRUE, NULL, error); sl@0: if (parser == NULL) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: sl@0: if (!process_config_every_time (context, parser, TRUE, error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: if (!process_config_postinit (context, parser, error)) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_SET (error); sl@0: goto failed; sl@0: } sl@0: ret = TRUE; sl@0: sl@0: failed: sl@0: if (parser != NULL) sl@0: bus_config_parser_unref (parser); sl@0: return ret; sl@0: } sl@0: sl@0: static void sl@0: shutdown_server (BusContext *context, sl@0: DBusServer *server) sl@0: { sl@0: if (server == NULL || sl@0: !dbus_server_get_is_connected (server)) sl@0: return; sl@0: sl@0: if (!dbus_server_set_watch_functions (server, sl@0: NULL, NULL, NULL, sl@0: context, sl@0: NULL)) sl@0: _dbus_assert_not_reached ("setting watch functions to NULL failed"); sl@0: sl@0: if (!dbus_server_set_timeout_functions (server, sl@0: NULL, NULL, NULL, sl@0: context, sl@0: NULL)) sl@0: _dbus_assert_not_reached ("setting timeout functions to NULL failed"); sl@0: sl@0: dbus_server_disconnect (server); sl@0: } sl@0: sl@0: void sl@0: bus_context_shutdown (BusContext *context) sl@0: { sl@0: DBusList *link; sl@0: sl@0: link = _dbus_list_get_first_link (&context->servers); sl@0: while (link != NULL) sl@0: { sl@0: shutdown_server (context, link->data); sl@0: sl@0: link = _dbus_list_get_next_link (&context->servers, link); sl@0: } sl@0: } sl@0: sl@0: BusContext * sl@0: bus_context_ref (BusContext *context) sl@0: { sl@0: _dbus_assert (context->refcount > 0); sl@0: context->refcount += 1; sl@0: sl@0: return context; sl@0: } sl@0: sl@0: void sl@0: bus_context_unref (BusContext *context) sl@0: { sl@0: _dbus_assert (context->refcount > 0); sl@0: context->refcount -= 1; sl@0: sl@0: if (context->refcount == 0) sl@0: { sl@0: DBusList *link; sl@0: sl@0: _dbus_verbose ("Finalizing bus context %p\n", context); sl@0: sl@0: bus_context_shutdown (context); sl@0: sl@0: if (context->connections) sl@0: { sl@0: bus_connections_unref (context->connections); sl@0: context->connections = NULL; sl@0: } sl@0: sl@0: if (context->registry) sl@0: { sl@0: bus_registry_unref (context->registry); sl@0: context->registry = NULL; sl@0: } sl@0: sl@0: if (context->activation) sl@0: { sl@0: bus_activation_unref (context->activation); sl@0: context->activation = NULL; sl@0: } sl@0: sl@0: link = _dbus_list_get_first_link (&context->servers); sl@0: while (link != NULL) sl@0: { sl@0: dbus_server_unref (link->data); sl@0: sl@0: link = _dbus_list_get_next_link (&context->servers, link); sl@0: } sl@0: _dbus_list_clear (&context->servers); sl@0: sl@0: if (context->policy) sl@0: { sl@0: bus_policy_unref (context->policy); sl@0: context->policy = NULL; sl@0: } sl@0: sl@0: if (context->loop) sl@0: { sl@0: _dbus_loop_unref (context->loop); sl@0: context->loop = NULL; sl@0: } sl@0: sl@0: if (context->matchmaker) sl@0: { sl@0: bus_matchmaker_unref (context->matchmaker); sl@0: context->matchmaker = NULL; sl@0: } sl@0: sl@0: dbus_free (context->config_file); sl@0: dbus_free (context->type); sl@0: dbus_free (context->address); sl@0: dbus_free (context->user); sl@0: sl@0: if (context->pidfile) sl@0: { sl@0: DBusString u; sl@0: _dbus_string_init_const (&u, context->pidfile); sl@0: sl@0: /* Deliberately ignore errors here, since there's not much sl@0: * we can do about it, and we're exiting anyways. sl@0: */ sl@0: _dbus_delete_file (&u, NULL); sl@0: sl@0: dbus_free (context->pidfile); sl@0: } sl@0: sl@0: if (context->user_database != NULL) sl@0: _dbus_user_database_unref (context->user_database); sl@0: sl@0: dbus_free (context); sl@0: sl@0: dbus_server_free_data_slot (&server_data_slot); sl@0: } sl@0: } sl@0: sl@0: /* type may be NULL */ sl@0: const char* sl@0: bus_context_get_type (BusContext *context) sl@0: { sl@0: return context->type; sl@0: } sl@0: sl@0: const char* sl@0: bus_context_get_address (BusContext *context) sl@0: { sl@0: return context->address; sl@0: } sl@0: sl@0: BusRegistry* sl@0: bus_context_get_registry (BusContext *context) sl@0: { sl@0: return context->registry; sl@0: } sl@0: sl@0: BusConnections* sl@0: bus_context_get_connections (BusContext *context) sl@0: { sl@0: return context->connections; sl@0: } sl@0: sl@0: BusActivation* sl@0: bus_context_get_activation (BusContext *context) sl@0: { sl@0: return context->activation; sl@0: } sl@0: sl@0: BusMatchmaker* sl@0: bus_context_get_matchmaker (BusContext *context) sl@0: { sl@0: return context->matchmaker; sl@0: } sl@0: sl@0: DBusLoop* sl@0: bus_context_get_loop (BusContext *context) sl@0: { sl@0: return context->loop; sl@0: } sl@0: sl@0: DBusUserDatabase* sl@0: bus_context_get_user_database (BusContext *context) sl@0: { sl@0: return context->user_database; sl@0: } sl@0: sl@0: dbus_bool_t sl@0: bus_context_allow_user (BusContext *context, sl@0: unsigned long uid) sl@0: { sl@0: return bus_policy_allow_user (context->policy, sl@0: context->user_database, sl@0: uid); sl@0: } sl@0: sl@0: BusPolicy * sl@0: bus_context_get_policy (BusContext *context) sl@0: { sl@0: return context->policy; sl@0: } sl@0: sl@0: BusClientPolicy* sl@0: bus_context_create_client_policy (BusContext *context, sl@0: DBusConnection *connection, sl@0: DBusError *error) sl@0: { sl@0: _DBUS_ASSERT_ERROR_IS_CLEAR (error); sl@0: return bus_policy_create_client_policy (context->policy, connection, sl@0: error); sl@0: } sl@0: sl@0: int sl@0: bus_context_get_activation_timeout (BusContext *context) sl@0: { sl@0: sl@0: return context->limits.activation_timeout; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_auth_timeout (BusContext *context) sl@0: { sl@0: return context->limits.auth_timeout; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_max_completed_connections (BusContext *context) sl@0: { sl@0: return context->limits.max_completed_connections; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_max_incomplete_connections (BusContext *context) sl@0: { sl@0: return context->limits.max_incomplete_connections; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_max_connections_per_user (BusContext *context) sl@0: { sl@0: return context->limits.max_connections_per_user; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_max_pending_activations (BusContext *context) sl@0: { sl@0: return context->limits.max_pending_activations; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_max_services_per_connection (BusContext *context) sl@0: { sl@0: return context->limits.max_services_per_connection; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_max_match_rules_per_connection (BusContext *context) sl@0: { sl@0: return context->limits.max_match_rules_per_connection; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_max_replies_per_connection (BusContext *context) sl@0: { sl@0: return context->limits.max_replies_per_connection; sl@0: } sl@0: sl@0: int sl@0: bus_context_get_reply_timeout (BusContext *context) sl@0: { sl@0: return context->limits.reply_timeout; sl@0: } sl@0: sl@0: /* sl@0: * addressed_recipient is the recipient specified in the message. sl@0: * sl@0: * proposed_recipient is the recipient we're considering sending sl@0: * to right this second, and may be an eavesdropper. sl@0: * sl@0: * sender is the sender of the message. sl@0: * sl@0: * NULL for proposed_recipient or sender definitely means the bus driver. sl@0: * sl@0: * NULL for addressed_recipient may mean the bus driver, or may mean sl@0: * no destination was specified in the message (e.g. a signal). sl@0: */ sl@0: dbus_bool_t sl@0: bus_context_check_security_policy (BusContext *context, sl@0: BusTransaction *transaction, sl@0: DBusConnection *sender, sl@0: DBusConnection *addressed_recipient, sl@0: DBusConnection *proposed_recipient, sl@0: DBusMessage *message, sl@0: DBusError *error) sl@0: { sl@0: BusClientPolicy *sender_policy; sl@0: BusClientPolicy *recipient_policy; sl@0: int type; sl@0: dbus_bool_t requested_reply; sl@0: sl@0: type = dbus_message_get_type (message); sl@0: sl@0: /* dispatch.c was supposed to ensure these invariants */ sl@0: _dbus_assert (dbus_message_get_destination (message) != NULL || sl@0: type == DBUS_MESSAGE_TYPE_SIGNAL || sl@0: (sender == NULL && !bus_connection_is_active (proposed_recipient))); sl@0: _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL || sl@0: addressed_recipient != NULL || sl@0: strcmp (dbus_message_get_destination (message), DBUS_SERVICE_DBUS) == 0); sl@0: sl@0: switch (type) sl@0: { sl@0: case DBUS_MESSAGE_TYPE_METHOD_CALL: sl@0: case DBUS_MESSAGE_TYPE_SIGNAL: sl@0: case DBUS_MESSAGE_TYPE_METHOD_RETURN: sl@0: case DBUS_MESSAGE_TYPE_ERROR: sl@0: break; sl@0: sl@0: default: sl@0: _dbus_verbose ("security check disallowing message of unknown type %d\n", sl@0: type); sl@0: sl@0: dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, sl@0: "Message bus will not accept messages of unknown type\n"); sl@0: sl@0: return FALSE; sl@0: } sl@0: sl@0: requested_reply = FALSE; sl@0: sl@0: if (sender != NULL) sl@0: { sl@0: const char *dest; sl@0: sl@0: dest = dbus_message_get_destination (message); sl@0: sl@0: /* First verify the SELinux access controls. If allowed then sl@0: * go on with the standard checks. sl@0: */ sl@0: if (!bus_selinux_allows_send (sender, proposed_recipient, sl@0: dbus_message_type_to_string (dbus_message_get_type (message)), sl@0: dbus_message_get_interface (message), sl@0: dbus_message_get_member (message), sl@0: dbus_message_get_error_name (message), sl@0: dest ? dest : DBUS_SERVICE_DBUS, error)) sl@0: { sl@0: sl@0: if (dbus_error_is_set (error) && sl@0: dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) sl@0: { sl@0: return FALSE; sl@0: } sl@0: sl@0: sl@0: dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, sl@0: "An SELinux policy prevents this sender " sl@0: "from sending this message to this recipient " sl@0: "(rejected message had interface \"%s\" " sl@0: "member \"%s\" error name \"%s\" destination \"%s\")", sl@0: dbus_message_get_interface (message) ? sl@0: dbus_message_get_interface (message) : "(unset)", sl@0: dbus_message_get_member (message) ? sl@0: dbus_message_get_member (message) : "(unset)", sl@0: dbus_message_get_error_name (message) ? sl@0: dbus_message_get_error_name (message) : "(unset)", sl@0: dest ? dest : DBUS_SERVICE_DBUS); sl@0: _dbus_verbose ("SELinux security check denying send to service\n"); sl@0: return FALSE; sl@0: } sl@0: sl@0: if (bus_connection_is_active (sender)) sl@0: { sl@0: sender_policy = bus_connection_get_policy (sender); sl@0: _dbus_assert (sender_policy != NULL); sl@0: sl@0: /* Fill in requested_reply variable with TRUE if this is a sl@0: * reply and the reply was pending. sl@0: */ sl@0: if (dbus_message_get_reply_serial (message) != 0) sl@0: { sl@0: if (proposed_recipient != NULL /* not to the bus driver */ && sl@0: addressed_recipient == proposed_recipient /* not eavesdropping */) sl@0: { sl@0: DBusError error2; sl@0: sl@0: dbus_error_init (&error2); sl@0: requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender), sl@0: transaction, sl@0: sender, addressed_recipient, message, sl@0: &error2); sl@0: if (dbus_error_is_set (&error2)) sl@0: { sl@0: dbus_move_error (&error2, error); sl@0: return FALSE; sl@0: } sl@0: } sl@0: } sl@0: } sl@0: else sl@0: { sl@0: /* Policy for inactive connections is that they can only send sl@0: * the hello message to the bus driver sl@0: */ sl@0: if (proposed_recipient == NULL && sl@0: dbus_message_is_method_call (message, sl@0: DBUS_INTERFACE_DBUS, sl@0: "Hello")) sl@0: { sl@0: _dbus_verbose ("security check allowing %s message\n", sl@0: "Hello"); sl@0: return TRUE; sl@0: } sl@0: else sl@0: { sl@0: _dbus_verbose ("security check disallowing non-%s message\n", sl@0: "Hello"); sl@0: sl@0: dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, sl@0: "Client tried to send a message other than %s without being registered", sl@0: "Hello"); sl@0: sl@0: return FALSE; sl@0: } sl@0: } sl@0: } sl@0: else sl@0: { sl@0: sender_policy = NULL; sl@0: sl@0: /* If the sender is the bus driver, we assume any reply was a sl@0: * requested reply as bus driver won't send bogus ones sl@0: */ sl@0: if (addressed_recipient == proposed_recipient /* not eavesdropping */ && sl@0: dbus_message_get_reply_serial (message) != 0) sl@0: requested_reply = TRUE; sl@0: } sl@0: sl@0: _dbus_assert ((sender != NULL && sender_policy != NULL) || sl@0: (sender == NULL && sender_policy == NULL)); sl@0: sl@0: if (proposed_recipient != NULL) sl@0: { sl@0: /* only the bus driver can send to an inactive recipient (as it sl@0: * owns no services, so other apps can't address it). Inactive sl@0: * recipients can receive any message. sl@0: */ sl@0: if (bus_connection_is_active (proposed_recipient)) sl@0: { sl@0: recipient_policy = bus_connection_get_policy (proposed_recipient); sl@0: _dbus_assert (recipient_policy != NULL); sl@0: } sl@0: else if (sender == NULL) sl@0: { sl@0: _dbus_verbose ("security check using NULL recipient policy for message from bus\n"); sl@0: recipient_policy = NULL; sl@0: } sl@0: else sl@0: { sl@0: _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n"); sl@0: recipient_policy = NULL; sl@0: } sl@0: } sl@0: else sl@0: recipient_policy = NULL; sl@0: sl@0: _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) || sl@0: (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) || sl@0: (proposed_recipient == NULL && recipient_policy == NULL)); sl@0: sl@0: if (sender_policy && sl@0: !bus_client_policy_check_can_send (sender_policy, sl@0: context->registry, sl@0: requested_reply, sl@0: proposed_recipient, sl@0: message)) sl@0: { sl@0: const char *dest; sl@0: sl@0: dest = dbus_message_get_destination (message); sl@0: dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, sl@0: "A security policy in place prevents this sender " sl@0: "from sending this message to this recipient, " sl@0: "see message bus configuration file (rejected message " sl@0: "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")", sl@0: dbus_message_get_interface (message) ? sl@0: dbus_message_get_interface (message) : "(unset)", sl@0: dbus_message_get_member (message) ? sl@0: dbus_message_get_member (message) : "(unset)", sl@0: dbus_message_get_error_name (message) ? sl@0: dbus_message_get_error_name (message) : "(unset)", sl@0: dest ? dest : DBUS_SERVICE_DBUS); sl@0: _dbus_verbose ("security policy disallowing message due to sender policy\n"); sl@0: return FALSE; sl@0: } sl@0: sl@0: if (recipient_policy && sl@0: !bus_client_policy_check_can_receive (recipient_policy, sl@0: context->registry, sl@0: requested_reply, sl@0: sender, sl@0: addressed_recipient, proposed_recipient, sl@0: message)) sl@0: { sl@0: const char *dest; sl@0: sl@0: dest = dbus_message_get_destination (message); sl@0: dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, sl@0: "A security policy in place prevents this recipient " sl@0: "from receiving this message from this sender, " sl@0: "see message bus configuration file (rejected message " sl@0: "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)", sl@0: dbus_message_get_interface (message) ? sl@0: dbus_message_get_interface (message) : "(unset)", sl@0: dbus_message_get_member (message) ? sl@0: dbus_message_get_member (message) : "(unset)", sl@0: dbus_message_get_error_name (message) ? sl@0: dbus_message_get_error_name (message) : "(unset)", sl@0: dest ? dest : DBUS_SERVICE_DBUS, sl@0: dbus_message_get_reply_serial (message), sl@0: requested_reply); sl@0: _dbus_verbose ("security policy disallowing message due to recipient policy\n"); sl@0: return FALSE; sl@0: } sl@0: sl@0: /* See if limits on size have been exceeded */ sl@0: if (proposed_recipient && sl@0: dbus_connection_get_outgoing_size (proposed_recipient) > sl@0: context->limits.max_outgoing_bytes) sl@0: { sl@0: const char *dest; sl@0: sl@0: dest = dbus_message_get_destination (message); sl@0: dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, sl@0: "The destination service \"%s\" has a full message queue", sl@0: dest ? dest : (proposed_recipient ? sl@0: bus_connection_get_name (proposed_recipient) : sl@0: DBUS_SERVICE_DBUS)); sl@0: _dbus_verbose ("security policy disallowing message due to full message queue\n"); sl@0: return FALSE; sl@0: } sl@0: sl@0: /* Record that we will allow a reply here in the future (don't sl@0: * bother if the recipient is the bus or this is an eavesdropping sl@0: * connection). Only the addressed recipient may reply. sl@0: */ sl@0: if (type == DBUS_MESSAGE_TYPE_METHOD_CALL && sl@0: sender && sl@0: addressed_recipient && sl@0: addressed_recipient == proposed_recipient && /* not eavesdropping */ sl@0: !bus_connections_expect_reply (bus_connection_get_connections (sender), sl@0: transaction, sl@0: sender, addressed_recipient, sl@0: message, error)) sl@0: { sl@0: _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); sl@0: return FALSE; sl@0: } sl@0: sl@0: _dbus_verbose ("security policy allowing message\n"); sl@0: return TRUE; sl@0: }