1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* bus.c message bus context object
3 *
4 * Copyright (C) 2003, 2004 Red Hat, Inc.
5 *
6 * Licensed under the Academic Free License version 2.1
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21 *
22 */
23
24 #include <config.h>
25 #include "bus.h"
26
27 #include <stdio.h>
28
29 #include "activation.h"
30 #include "connection.h"
31 #include "services.h"
32 #include "utils.h"
33 #include "policy.h"
34 #include "config-parser.h"
35 #include "signals.h"
36 #include "selinux.h"
37 #include "dir-watch.h"
38 #include <dbus/dbus-list.h>
39 #include <dbus/dbus-hash.h>
40 #include <dbus/dbus-credentials.h>
41 #include <dbus/dbus-internals.h>
42
43 #ifdef DBUS_CYGWIN
44 #include <signal.h>
45 #endif
46
47 struct BusContext
48 {
49 int refcount;
50 DBusGUID uuid;
51 char *config_file;
52 char *type;
53 char *servicehelper;
54 char *address;
55 #ifdef WANT_PIDFILE
56 char *pidfile;
57 #endif
58 char *user;
59 char *log_prefix;
60 DBusLoop *loop;
61 DBusList *servers;
62 BusConnections *connections;
63 BusActivation *activation;
64 BusRegistry *registry;
65 BusPolicy *policy;
66 BusMatchmaker *matchmaker;
67 BusLimits limits;
68 unsigned int fork : 1;
69 unsigned int syslog : 1;
70 unsigned int keep_umask : 1;
71 unsigned int allow_anonymous : 1;
72 unsigned int systemd_activation : 1;
73 };
74
75 static dbus_int32_t server_data_slot = -1;
76
77 typedef struct
78 {
79 BusContext *context;
80 } BusServerData;
81
82 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
83
84 static BusContext*
server_get_context(DBusServer * server)85 server_get_context (DBusServer *server)
86 {
87 BusContext *context;
88 BusServerData *bd;
89
90 if (!dbus_server_allocate_data_slot (&server_data_slot))
91 return NULL;
92
93 bd = BUS_SERVER_DATA (server);
94 if (bd == NULL)
95 {
96 dbus_server_free_data_slot (&server_data_slot);
97 return NULL;
98 }
99
100 context = bd->context;
101
102 dbus_server_free_data_slot (&server_data_slot);
103
104 return context;
105 }
106
107 static dbus_bool_t
add_server_watch(DBusWatch * watch,void * data)108 add_server_watch (DBusWatch *watch,
109 void *data)
110 {
111 DBusServer *server = data;
112 BusContext *context;
113
114 context = server_get_context (server);
115
116 return _dbus_loop_add_watch (context->loop, watch);
117 }
118
119 static void
remove_server_watch(DBusWatch * watch,void * data)120 remove_server_watch (DBusWatch *watch,
121 void *data)
122 {
123 DBusServer *server = data;
124 BusContext *context;
125
126 context = server_get_context (server);
127
128 _dbus_loop_remove_watch (context->loop, watch);
129 }
130
131 static void
toggle_server_watch(DBusWatch * watch,void * data)132 toggle_server_watch (DBusWatch *watch,
133 void *data)
134 {
135 DBusServer *server = data;
136 BusContext *context;
137
138 context = server_get_context (server);
139
140 _dbus_loop_toggle_watch (context->loop, watch);
141 }
142
143 static dbus_bool_t
add_server_timeout(DBusTimeout * timeout,void * data)144 add_server_timeout (DBusTimeout *timeout,
145 void *data)
146 {
147 DBusServer *server = data;
148 BusContext *context;
149
150 context = server_get_context (server);
151
152 return _dbus_loop_add_timeout (context->loop, timeout);
153 }
154
155 static void
remove_server_timeout(DBusTimeout * timeout,void * data)156 remove_server_timeout (DBusTimeout *timeout,
157 void *data)
158 {
159 DBusServer *server = data;
160 BusContext *context;
161
162 context = server_get_context (server);
163
164 _dbus_loop_remove_timeout (context->loop, timeout);
165 }
166
167 static void
new_connection_callback(DBusServer * server,DBusConnection * new_connection,void * data)168 new_connection_callback (DBusServer *server,
169 DBusConnection *new_connection,
170 void *data)
171 {
172 BusContext *context = data;
173
174 if (!bus_connections_setup_connection (context->connections, new_connection))
175 {
176 _dbus_verbose ("No memory to setup new connection\n");
177
178 /* if we don't do this, it will get unref'd without
179 * being disconnected... kind of strange really
180 * that we have to do this, people won't get it right
181 * in general.
182 */
183 dbus_connection_close (new_connection);
184 }
185
186 dbus_connection_set_max_received_size (new_connection,
187 context->limits.max_incoming_bytes);
188
189 dbus_connection_set_max_message_size (new_connection,
190 context->limits.max_message_size);
191
192 dbus_connection_set_max_received_unix_fds (new_connection,
193 context->limits.max_incoming_unix_fds);
194
195 dbus_connection_set_max_message_unix_fds (new_connection,
196 context->limits.max_message_unix_fds);
197
198 dbus_connection_set_allow_anonymous (new_connection,
199 context->allow_anonymous);
200
201 /* on OOM, we won't have ref'd the connection so it will die. */
202 }
203
204 static void
free_server_data(void * data)205 free_server_data (void *data)
206 {
207 BusServerData *bd = data;
208
209 dbus_free (bd);
210 }
211
212 static dbus_bool_t
setup_server(BusContext * context,DBusServer * server,char ** auth_mechanisms,DBusError * error)213 setup_server (BusContext *context,
214 DBusServer *server,
215 char **auth_mechanisms,
216 DBusError *error)
217 {
218 BusServerData *bd;
219
220 bd = dbus_new0 (BusServerData, 1);
221 if (bd == NULL || !dbus_server_set_data (server,
222 server_data_slot,
223 bd, free_server_data))
224 {
225 dbus_free (bd);
226 BUS_SET_OOM (error);
227 return FALSE;
228 }
229
230 bd->context = context;
231
232 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
233 {
234 BUS_SET_OOM (error);
235 return FALSE;
236 }
237
238 dbus_server_set_new_connection_function (server,
239 new_connection_callback,
240 context, NULL);
241
242 if (!dbus_server_set_watch_functions (server,
243 add_server_watch,
244 remove_server_watch,
245 toggle_server_watch,
246 server,
247 NULL))
248 {
249 BUS_SET_OOM (error);
250 return FALSE;
251 }
252
253 if (!dbus_server_set_timeout_functions (server,
254 add_server_timeout,
255 remove_server_timeout,
256 NULL,
257 server, NULL))
258 {
259 BUS_SET_OOM (error);
260 return FALSE;
261 }
262
263 return TRUE;
264 }
265
266 /* This code only gets executed the first time the
267 * config files are parsed. It is not executed
268 * when config files are reloaded.
269 */
270 static dbus_bool_t
process_config_first_time_only(BusContext * context,BusConfigParser * parser,const DBusString * address,BusContextFlags flags,DBusError * error)271 process_config_first_time_only (BusContext *context,
272 BusConfigParser *parser,
273 const DBusString *address,
274 BusContextFlags flags,
275 DBusError *error)
276 {
277 DBusString log_prefix;
278 DBusList *link;
279 DBusList **addresses;
280 const char *user, *pidfile;
281 char **auth_mechanisms;
282 DBusList **auth_mechanisms_list;
283 int len;
284 dbus_bool_t retval;
285
286 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
287
288 retval = FALSE;
289 auth_mechanisms = NULL;
290 pidfile = NULL;
291
292 _dbus_init_system_log ();
293
294 if (flags & BUS_CONTEXT_FLAG_SYSTEMD_ACTIVATION)
295 context->systemd_activation = TRUE;
296 else
297 context->systemd_activation = FALSE;
298
299 #ifdef WANT_PIDFILE
300 /* Check for an existing pid file. Of course this is a race;
301 * we'd have to use fcntl() locks on the pid file to
302 * avoid that. But we want to check for the pid file
303 * before overwriting any existing sockets, etc.
304 */
305
306 if (flags & BUS_CONTEXT_FLAG_WRITE_PID_FILE)
307 pidfile = bus_config_parser_get_pidfile (parser);
308
309 if (pidfile != NULL)
310 {
311 DBusString u;
312 DBusStat stbuf;
313
314 _dbus_string_init_const (&u, pidfile);
315
316 if (_dbus_stat (&u, &stbuf, NULL))
317 {
318 #ifdef DBUS_CYGWIN
319 DBusString p;
320 long /* int */ pid;
321
322 _dbus_string_init (&p);
323 _dbus_file_get_contents(&p, &u, NULL);
324 _dbus_string_parse_int(&p, 0, &pid, NULL);
325 _dbus_string_free(&p);
326
327 if ((kill((int)pid, 0))) {
328 dbus_set_error(NULL, DBUS_ERROR_FILE_EXISTS,
329 "pid %ld not running, removing stale pid file\n",
330 pid);
331 _dbus_delete_file(&u, NULL);
332 } else {
333 #endif
334 dbus_set_error (error, DBUS_ERROR_FAILED,
335 "The pid file \"%s\" exists, if the message bus is not running, remove this file",
336 pidfile);
337 goto failed;
338 #ifdef DBUS_CYGWIN
339 }
340 #endif
341 }
342 }
343
344 /* keep around the pid filename so we can delete it later */
345 context->pidfile = _dbus_strdup (pidfile);
346 #endif
347
348 /* note that type may be NULL */
349 context->type = _dbus_strdup (bus_config_parser_get_type (parser));
350 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
351 goto oom;
352
353 user = bus_config_parser_get_user (parser);
354 if (user != NULL)
355 {
356 context->user = _dbus_strdup (user);
357 if (context->user == NULL)
358 goto oom;
359 }
360
361 /* Set up the prefix for syslog messages */
362 if (!_dbus_string_init (&log_prefix))
363 goto oom;
364 if (context->type && !strcmp (context->type, "system"))
365 {
366 if (!_dbus_string_append (&log_prefix, "[system] "))
367 goto oom;
368 }
369 else if (context->type && !strcmp (context->type, "session"))
370 {
371 DBusCredentials *credentials;
372
373 credentials = _dbus_credentials_new_from_current_process ();
374 if (!credentials)
375 goto oom;
376 if (!_dbus_string_append (&log_prefix, "[session "))
377 {
378 _dbus_credentials_unref (credentials);
379 goto oom;
380 }
381 if (!_dbus_credentials_to_string_append (credentials, &log_prefix))
382 {
383 _dbus_credentials_unref (credentials);
384 goto oom;
385 }
386 if (!_dbus_string_append (&log_prefix, "] "))
387 {
388 _dbus_credentials_unref (credentials);
389 goto oom;
390 }
391 _dbus_credentials_unref (credentials);
392 }
393 if (!_dbus_string_steal_data (&log_prefix, &context->log_prefix))
394 goto oom;
395 _dbus_string_free (&log_prefix);
396
397 /* Build an array of auth mechanisms */
398
399 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
400 len = _dbus_list_get_length (auth_mechanisms_list);
401
402 if (len > 0)
403 {
404 int i;
405
406 auth_mechanisms = dbus_new0 (char*, len + 1);
407 if (auth_mechanisms == NULL)
408 goto oom;
409
410 i = 0;
411 link = _dbus_list_get_first_link (auth_mechanisms_list);
412 while (link != NULL)
413 {
414 auth_mechanisms[i] = _dbus_strdup (link->data);
415 if (auth_mechanisms[i] == NULL)
416 goto oom;
417 link = _dbus_list_get_next_link (auth_mechanisms_list, link);
418 i += 1;
419 }
420 }
421 else
422 {
423 auth_mechanisms = NULL;
424 }
425
426 /* Listen on our addresses */
427
428 if (address)
429 {
430 DBusServer *server;
431
432 server = dbus_server_listen (_dbus_string_get_const_data(address), error);
433 if (server == NULL)
434 {
435 _DBUS_ASSERT_ERROR_IS_SET (error);
436 goto failed;
437 }
438 else if (!setup_server (context, server, auth_mechanisms, error))
439 {
440 _DBUS_ASSERT_ERROR_IS_SET (error);
441 goto failed;
442 }
443
444 if (!_dbus_list_append (&context->servers, server))
445 goto oom;
446 }
447 else
448 {
449 addresses = bus_config_parser_get_addresses (parser);
450
451 link = _dbus_list_get_first_link (addresses);
452 while (link != NULL)
453 {
454 DBusServer *server;
455
456 server = dbus_server_listen (link->data, error);
457 if (server == NULL)
458 {
459 _DBUS_ASSERT_ERROR_IS_SET (error);
460 goto failed;
461 }
462 else if (!setup_server (context, server, auth_mechanisms, error))
463 {
464 _DBUS_ASSERT_ERROR_IS_SET (error);
465 goto failed;
466 }
467
468 if (!_dbus_list_append (&context->servers, server))
469 goto oom;
470
471 link = _dbus_list_get_next_link (addresses, link);
472 }
473 }
474
475 context->fork = bus_config_parser_get_fork (parser);
476 context->syslog = bus_config_parser_get_syslog (parser);
477 context->keep_umask = bus_config_parser_get_keep_umask (parser);
478 context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
479
480 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
481 retval = TRUE;
482
483 failed:
484 dbus_free_string_array (auth_mechanisms);
485 return retval;
486
487 oom:
488 BUS_SET_OOM (error);
489 dbus_free_string_array (auth_mechanisms);
490 return FALSE;
491 }
492
493 /* This code gets executed every time the config files
494 * are parsed: both during BusContext construction
495 * and on reloads. This function is slightly screwy
496 * since it can do a "half reload" in out-of-memory
497 * situations. Realistically, unlikely to ever matter.
498 */
499 static dbus_bool_t
process_config_every_time(BusContext * context,BusConfigParser * parser,dbus_bool_t is_reload,DBusError * error)500 process_config_every_time (BusContext *context,
501 BusConfigParser *parser,
502 dbus_bool_t is_reload,
503 DBusError *error)
504 {
505 DBusString full_address;
506 DBusList *link;
507 DBusList **dirs;
508 char *addr;
509 const char *servicehelper;
510 char *s;
511
512 dbus_bool_t retval;
513
514 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
515
516 addr = NULL;
517 retval = FALSE;
518
519 if (!_dbus_string_init (&full_address))
520 {
521 BUS_SET_OOM (error);
522 return FALSE;
523 }
524
525 /* get our limits and timeout lengths */
526 bus_config_parser_get_limits (parser, &context->limits);
527
528 if (context->policy)
529 bus_policy_unref (context->policy);
530 context->policy = bus_config_parser_steal_policy (parser);
531 _dbus_assert (context->policy != NULL);
532
533 /* We have to build the address backward, so that
534 * <listen> later in the config file have priority
535 */
536 link = _dbus_list_get_last_link (&context->servers);
537 while (link != NULL)
538 {
539 addr = dbus_server_get_address (link->data);
540 if (addr == NULL)
541 {
542 BUS_SET_OOM (error);
543 goto failed;
544 }
545
546 if (_dbus_string_get_length (&full_address) > 0)
547 {
548 if (!_dbus_string_append (&full_address, ";"))
549 {
550 BUS_SET_OOM (error);
551 goto failed;
552 }
553 }
554
555 if (!_dbus_string_append (&full_address, addr))
556 {
557 BUS_SET_OOM (error);
558 goto failed;
559 }
560
561 dbus_free (addr);
562 addr = NULL;
563
564 link = _dbus_list_get_prev_link (&context->servers, link);
565 }
566
567 if (is_reload)
568 dbus_free (context->address);
569
570 if (!_dbus_string_copy_data (&full_address, &context->address))
571 {
572 BUS_SET_OOM (error);
573 goto failed;
574 }
575
576 /* get the service directories */
577 dirs = bus_config_parser_get_service_dirs (parser);
578
579 /* and the service helper */
580 servicehelper = bus_config_parser_get_servicehelper (parser);
581
582 s = _dbus_strdup(servicehelper);
583 if (s == NULL && servicehelper != NULL)
584 {
585 BUS_SET_OOM (error);
586 goto failed;
587 }
588 else
589 {
590 dbus_free(context->servicehelper);
591 context->servicehelper = s;
592 }
593
594 /* Create activation subsystem */
595 if (context->activation)
596 {
597 if (!bus_activation_reload (context->activation, &full_address, dirs, error))
598 goto failed;
599 }
600 else
601 {
602 context->activation = bus_activation_new (context, &full_address, dirs, error);
603 }
604
605 if (context->activation == NULL)
606 {
607 _DBUS_ASSERT_ERROR_IS_SET (error);
608 goto failed;
609 }
610
611 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
612 retval = TRUE;
613
614 failed:
615 _dbus_string_free (&full_address);
616
617 if (addr)
618 dbus_free (addr);
619
620 return retval;
621 }
622
623 static dbus_bool_t
list_concat_new(DBusList ** a,DBusList ** b,DBusList ** result)624 list_concat_new (DBusList **a,
625 DBusList **b,
626 DBusList **result)
627 {
628 DBusList *link;
629
630 *result = NULL;
631
632 for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link))
633 {
634 if (!_dbus_list_append (result, link->data))
635 goto oom;
636 }
637 for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link))
638 {
639 if (!_dbus_list_append (result, link->data))
640 goto oom;
641 }
642
643 return TRUE;
644 oom:
645 _dbus_list_clear (result);
646 return FALSE;
647 }
648
649 static void
raise_file_descriptor_limit(BusContext * context)650 raise_file_descriptor_limit (BusContext *context)
651 {
652
653 /* I just picked this out of thin air; we need some extra
654 * descriptors for things like any internal pipes we create,
655 * inotify, connections to SELinux, etc.
656 */
657 unsigned int arbitrary_extra_fds = 32;
658 unsigned int limit;
659
660 limit = context->limits.max_completed_connections +
661 context->limits.max_incomplete_connections
662 + arbitrary_extra_fds;
663
664 _dbus_request_file_descriptor_limit (limit);
665 }
666
667 static dbus_bool_t
process_config_postinit(BusContext * context,BusConfigParser * parser,DBusError * error)668 process_config_postinit (BusContext *context,
669 BusConfigParser *parser,
670 DBusError *error)
671 {
672 DBusHashTable *service_context_table;
673 DBusList *watched_dirs = NULL;
674
675 raise_file_descriptor_limit (context);
676
677 service_context_table = bus_config_parser_steal_service_context_table (parser);
678 if (!bus_registry_set_service_context_table (context->registry,
679 service_context_table))
680 {
681 BUS_SET_OOM (error);
682 return FALSE;
683 }
684
685 _dbus_hash_table_unref (service_context_table);
686
687 /* We need to monitor both the configuration directories and directories
688 * containing .service files.
689 */
690 if (!list_concat_new (bus_config_parser_get_conf_dirs (parser),
691 bus_config_parser_get_service_dirs (parser),
692 &watched_dirs))
693 {
694 BUS_SET_OOM (error);
695 return FALSE;
696 }
697
698 bus_set_watched_dirs (context, &watched_dirs);
699
700 _dbus_list_clear (&watched_dirs);
701
702 return TRUE;
703 }
704
705 BusContext*
bus_context_new(const DBusString * config_file,BusContextFlags flags,DBusPipe * print_addr_pipe,DBusPipe * print_pid_pipe,const DBusString * address,DBusError * error)706 bus_context_new (const DBusString *config_file,
707 BusContextFlags flags,
708 DBusPipe *print_addr_pipe,
709 DBusPipe *print_pid_pipe,
710 const DBusString *address,
711 DBusError *error)
712 {
713 BusContext *context;
714 BusConfigParser *parser;
715
716 _dbus_assert ((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 ||
717 (flags & BUS_CONTEXT_FLAG_FORK_ALWAYS) == 0);
718
719 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
720
721 context = NULL;
722 parser = NULL;
723
724 if (!dbus_server_allocate_data_slot (&server_data_slot))
725 {
726 BUS_SET_OOM (error);
727 return NULL;
728 }
729
730 context = dbus_new0 (BusContext, 1);
731 if (context == NULL)
732 {
733 BUS_SET_OOM (error);
734 goto failed;
735 }
736 context->refcount = 1;
737
738 _dbus_generate_uuid (&context->uuid);
739
740 if (!_dbus_string_copy_data (config_file, &context->config_file))
741 {
742 BUS_SET_OOM (error);
743 goto failed;
744 }
745
746 context->loop = _dbus_loop_new ();
747 if (context->loop == NULL)
748 {
749 BUS_SET_OOM (error);
750 goto failed;
751 }
752
753 context->registry = bus_registry_new (context);
754 if (context->registry == NULL)
755 {
756 BUS_SET_OOM (error);
757 goto failed;
758 }
759
760 parser = bus_config_load (config_file, TRUE, NULL, error);
761 if (parser == NULL)
762 {
763 _DBUS_ASSERT_ERROR_IS_SET (error);
764 goto failed;
765 }
766
767 if (!process_config_first_time_only (context, parser, address, flags, error))
768 {
769 _DBUS_ASSERT_ERROR_IS_SET (error);
770 goto failed;
771 }
772 if (!process_config_every_time (context, parser, FALSE, error))
773 {
774 _DBUS_ASSERT_ERROR_IS_SET (error);
775 goto failed;
776 }
777
778 /* we need another ref of the server data slot for the context
779 * to own
780 */
781 if (!dbus_server_allocate_data_slot (&server_data_slot))
782 _dbus_assert_not_reached ("second ref of server data slot failed");
783
784 /* Note that we don't know whether the print_addr_pipe is
785 * one of the sockets we're using to listen on, or some
786 * other random thing. But I think the answer is "don't do
787 * that then"
788 */
789 if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
790 {
791 DBusString addr;
792 const char *a = bus_context_get_address (context);
793 int bytes;
794
795 _dbus_assert (a != NULL);
796 if (!_dbus_string_init (&addr))
797 {
798 BUS_SET_OOM (error);
799 goto failed;
800 }
801
802 if (!_dbus_string_append (&addr, a) ||
803 !_dbus_string_append (&addr, "\n"))
804 {
805 _dbus_string_free (&addr);
806 BUS_SET_OOM (error);
807 goto failed;
808 }
809
810 bytes = _dbus_string_get_length (&addr);
811 if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
812 {
813 /* pipe write returns an error on failure but not short write */
814 if (error != NULL && !dbus_error_is_set (error))
815 {
816 dbus_set_error (error, DBUS_ERROR_FAILED,
817 "Printing message bus address: did not write all bytes\n");
818 }
819 _dbus_string_free (&addr);
820 goto failed;
821 }
822
823 if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
824 _dbus_pipe_close (print_addr_pipe, NULL);
825
826 _dbus_string_free (&addr);
827 }
828
829 context->connections = bus_connections_new (context);
830 if (context->connections == NULL)
831 {
832 BUS_SET_OOM (error);
833 goto failed;
834 }
835
836 context->matchmaker = bus_matchmaker_new ();
837 if (context->matchmaker == NULL)
838 {
839 BUS_SET_OOM (error);
840 goto failed;
841 }
842
843 /* check user before we fork */
844 if (context->user != NULL)
845 {
846 if (!_dbus_verify_daemon_user (context->user))
847 {
848 dbus_set_error (error, DBUS_ERROR_FAILED,
849 "Could not get UID and GID for username \"%s\"",
850 context->user);
851 goto failed;
852 }
853 }
854
855 /* Now become a daemon if appropriate and write out pid file in any case */
856 {
857 #ifdef WANT_PIDFILE
858 DBusString u;
859
860 if (context->pidfile)
861 _dbus_string_init_const (&u, context->pidfile);
862
863 if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) ||
864 (flags & BUS_CONTEXT_FLAG_FORK_ALWAYS))
865 {
866 _dbus_verbose ("Forking and becoming daemon\n");
867
868 if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
869 print_pid_pipe,
870 error,
871 context->keep_umask))
872
873 {
874 _DBUS_ASSERT_ERROR_IS_SET (error);
875 goto failed;
876 }
877 }
878 else
879 {
880 _dbus_verbose ("Fork not requested\n");
881
882 /* Need to write PID file and to PID pipe for ourselves,
883 * not for the child process. This is a no-op if the pidfile
884 * is NULL and print_pid_pipe is NULL.
885 */
886 if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
887 print_pid_pipe,
888 _dbus_getpid (),
889 error))
890 {
891 _DBUS_ASSERT_ERROR_IS_SET (error);
892 goto failed;
893 }
894 }
895 #else
896 if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) ||
897 (flags & BUS_CONTEXT_FLAG_FORK_ALWAYS))
898 {
899 if (!_dbus_become_daemon (NULL,
900 0,
901 error,
902 context->keep_umask))
903 {
904 _DBUS_ASSERT_ERROR_IS_SET (error);
905 goto failed;
906 }
907 }
908 #endif
909 }
910
911 if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
912 !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
913 _dbus_pipe_close (print_pid_pipe, NULL);
914
915 if (!bus_selinux_full_init ())
916 {
917 bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n");
918 }
919
920 if (!process_config_postinit (context, parser, error))
921 {
922 _DBUS_ASSERT_ERROR_IS_SET (error);
923 goto failed;
924 }
925
926 if (parser != NULL)
927 {
928 bus_config_parser_unref (parser);
929 parser = NULL;
930 }
931
932 /* Here we change our credentials if required,
933 * as soon as we've set up our sockets and pidfile
934 */
935 if (context->user != NULL)
936 {
937 if (!_dbus_change_to_daemon_user (context->user, error))
938 {
939 _DBUS_ASSERT_ERROR_IS_SET (error);
940 goto failed;
941 }
942
943 #ifdef HAVE_SELINUX
944 /* FIXME - why not just put this in full_init() below? */
945 bus_selinux_audit_init ();
946 #endif
947 }
948
949 dbus_server_free_data_slot (&server_data_slot);
950
951 return context;
952
953 failed:
954 if (parser != NULL)
955 bus_config_parser_unref (parser);
956 if (context != NULL)
957 bus_context_unref (context);
958
959 if (server_data_slot >= 0)
960 dbus_server_free_data_slot (&server_data_slot);
961
962 return NULL;
963 }
964
965 dbus_bool_t
bus_context_get_id(BusContext * context,DBusString * uuid)966 bus_context_get_id (BusContext *context,
967 DBusString *uuid)
968 {
969 return _dbus_uuid_encode (&context->uuid, uuid);
970 }
971
972 dbus_bool_t
bus_context_reload_config(BusContext * context,DBusError * error)973 bus_context_reload_config (BusContext *context,
974 DBusError *error)
975 {
976 BusConfigParser *parser;
977 DBusString config_file;
978 dbus_bool_t ret;
979
980 /* Flush the user database cache */
981 _dbus_flush_caches ();
982
983 ret = FALSE;
984 _dbus_string_init_const (&config_file, context->config_file);
985 parser = bus_config_load (&config_file, TRUE, NULL, error);
986 if (parser == NULL)
987 {
988 _DBUS_ASSERT_ERROR_IS_SET (error);
989 goto failed;
990 }
991
992 if (!process_config_every_time (context, parser, TRUE, error))
993 {
994 _DBUS_ASSERT_ERROR_IS_SET (error);
995 goto failed;
996 }
997 if (!process_config_postinit (context, parser, error))
998 {
999 _DBUS_ASSERT_ERROR_IS_SET (error);
1000 goto failed;
1001 }
1002 ret = TRUE;
1003
1004 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Reloaded configuration");
1005 failed:
1006 if (!ret)
1007 bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Unable to reload configuration: %s", error->message);
1008 if (parser != NULL)
1009 bus_config_parser_unref (parser);
1010 return ret;
1011 }
1012
1013 static void
shutdown_server(BusContext * context,DBusServer * server)1014 shutdown_server (BusContext *context,
1015 DBusServer *server)
1016 {
1017 if (server == NULL ||
1018 !dbus_server_get_is_connected (server))
1019 return;
1020
1021 if (!dbus_server_set_watch_functions (server,
1022 NULL, NULL, NULL,
1023 context,
1024 NULL))
1025 _dbus_assert_not_reached ("setting watch functions to NULL failed");
1026
1027 if (!dbus_server_set_timeout_functions (server,
1028 NULL, NULL, NULL,
1029 context,
1030 NULL))
1031 _dbus_assert_not_reached ("setting timeout functions to NULL failed");
1032
1033 dbus_server_disconnect (server);
1034 }
1035
1036 void
bus_context_shutdown(BusContext * context)1037 bus_context_shutdown (BusContext *context)
1038 {
1039 DBusList *link;
1040
1041 link = _dbus_list_get_first_link (&context->servers);
1042 while (link != NULL)
1043 {
1044 shutdown_server (context, link->data);
1045
1046 link = _dbus_list_get_next_link (&context->servers, link);
1047 }
1048 }
1049
1050 BusContext *
bus_context_ref(BusContext * context)1051 bus_context_ref (BusContext *context)
1052 {
1053 _dbus_assert (context->refcount > 0);
1054 context->refcount += 1;
1055
1056 return context;
1057 }
1058
1059 void
bus_context_unref(BusContext * context)1060 bus_context_unref (BusContext *context)
1061 {
1062 _dbus_assert (context->refcount > 0);
1063 context->refcount -= 1;
1064
1065 if (context->refcount == 0)
1066 {
1067 DBusList *link;
1068
1069 _dbus_verbose ("Finalizing bus context %p\n", context);
1070
1071 bus_context_shutdown (context);
1072
1073 if (context->connections)
1074 {
1075 bus_connections_unref (context->connections);
1076 context->connections = NULL;
1077 }
1078
1079 if (context->registry)
1080 {
1081 bus_registry_unref (context->registry);
1082 context->registry = NULL;
1083 }
1084
1085 if (context->activation)
1086 {
1087 bus_activation_unref (context->activation);
1088 context->activation = NULL;
1089 }
1090
1091 link = _dbus_list_get_first_link (&context->servers);
1092 while (link != NULL)
1093 {
1094 dbus_server_unref (link->data);
1095
1096 link = _dbus_list_get_next_link (&context->servers, link);
1097 }
1098 _dbus_list_clear (&context->servers);
1099
1100 if (context->policy)
1101 {
1102 bus_policy_unref (context->policy);
1103 context->policy = NULL;
1104 }
1105
1106 if (context->loop)
1107 {
1108 _dbus_loop_unref (context->loop);
1109 context->loop = NULL;
1110 }
1111
1112 if (context->matchmaker)
1113 {
1114 bus_matchmaker_unref (context->matchmaker);
1115 context->matchmaker = NULL;
1116 }
1117
1118 dbus_free (context->config_file);
1119 dbus_free (context->log_prefix);
1120 dbus_free (context->type);
1121 dbus_free (context->address);
1122 dbus_free (context->user);
1123 dbus_free (context->servicehelper);
1124
1125 #ifdef WANT_PIDFILE
1126 if (context->pidfile)
1127 {
1128 DBusString u;
1129 _dbus_string_init_const (&u, context->pidfile);
1130
1131 /* Deliberately ignore errors here, since there's not much
1132 * we can do about it, and we're exiting anyways.
1133 */
1134 _dbus_delete_file (&u, NULL);
1135
1136 dbus_free (context->pidfile);
1137 }
1138 #endif
1139
1140 dbus_free (context);
1141
1142 dbus_server_free_data_slot (&server_data_slot);
1143 }
1144 }
1145
1146 /* type may be NULL */
1147 const char*
bus_context_get_type(BusContext * context)1148 bus_context_get_type (BusContext *context)
1149 {
1150 return context->type;
1151 }
1152
1153 const char*
bus_context_get_address(BusContext * context)1154 bus_context_get_address (BusContext *context)
1155 {
1156 return context->address;
1157 }
1158
1159 const char*
bus_context_get_servicehelper(BusContext * context)1160 bus_context_get_servicehelper (BusContext *context)
1161 {
1162 return context->servicehelper;
1163 }
1164
1165 dbus_bool_t
bus_context_get_systemd_activation(BusContext * context)1166 bus_context_get_systemd_activation (BusContext *context)
1167 {
1168 return context->systemd_activation;
1169 }
1170
1171 BusRegistry*
bus_context_get_registry(BusContext * context)1172 bus_context_get_registry (BusContext *context)
1173 {
1174 return context->registry;
1175 }
1176
1177 BusConnections*
bus_context_get_connections(BusContext * context)1178 bus_context_get_connections (BusContext *context)
1179 {
1180 return context->connections;
1181 }
1182
1183 BusActivation*
bus_context_get_activation(BusContext * context)1184 bus_context_get_activation (BusContext *context)
1185 {
1186 return context->activation;
1187 }
1188
1189 BusMatchmaker*
bus_context_get_matchmaker(BusContext * context)1190 bus_context_get_matchmaker (BusContext *context)
1191 {
1192 return context->matchmaker;
1193 }
1194
1195 DBusLoop*
bus_context_get_loop(BusContext * context)1196 bus_context_get_loop (BusContext *context)
1197 {
1198 return context->loop;
1199 }
1200
1201 dbus_bool_t
bus_context_allow_unix_user(BusContext * context,unsigned long uid)1202 bus_context_allow_unix_user (BusContext *context,
1203 unsigned long uid)
1204 {
1205 return bus_policy_allow_unix_user (context->policy,
1206 uid);
1207 }
1208
1209 /* For now this is never actually called because the default
1210 * DBusConnection behavior of 'same user that owns the bus can connect'
1211 * is all it would do.
1212 */
1213 dbus_bool_t
bus_context_allow_windows_user(BusContext * context,const char * windows_sid)1214 bus_context_allow_windows_user (BusContext *context,
1215 const char *windows_sid)
1216 {
1217 return bus_policy_allow_windows_user (context->policy,
1218 windows_sid);
1219 }
1220
1221 BusPolicy *
bus_context_get_policy(BusContext * context)1222 bus_context_get_policy (BusContext *context)
1223 {
1224 return context->policy;
1225 }
1226
1227 BusClientPolicy*
bus_context_create_client_policy(BusContext * context,DBusConnection * connection,DBusError * error)1228 bus_context_create_client_policy (BusContext *context,
1229 DBusConnection *connection,
1230 DBusError *error)
1231 {
1232 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
1233 return bus_policy_create_client_policy (context->policy, connection,
1234 error);
1235 }
1236
1237 int
bus_context_get_activation_timeout(BusContext * context)1238 bus_context_get_activation_timeout (BusContext *context)
1239 {
1240
1241 return context->limits.activation_timeout;
1242 }
1243
1244 int
bus_context_get_auth_timeout(BusContext * context)1245 bus_context_get_auth_timeout (BusContext *context)
1246 {
1247 return context->limits.auth_timeout;
1248 }
1249
1250 int
bus_context_get_max_completed_connections(BusContext * context)1251 bus_context_get_max_completed_connections (BusContext *context)
1252 {
1253 return context->limits.max_completed_connections;
1254 }
1255
1256 int
bus_context_get_max_incomplete_connections(BusContext * context)1257 bus_context_get_max_incomplete_connections (BusContext *context)
1258 {
1259 return context->limits.max_incomplete_connections;
1260 }
1261
1262 int
bus_context_get_max_connections_per_user(BusContext * context)1263 bus_context_get_max_connections_per_user (BusContext *context)
1264 {
1265 return context->limits.max_connections_per_user;
1266 }
1267
1268 int
bus_context_get_max_pending_activations(BusContext * context)1269 bus_context_get_max_pending_activations (BusContext *context)
1270 {
1271 return context->limits.max_pending_activations;
1272 }
1273
1274 int
bus_context_get_max_services_per_connection(BusContext * context)1275 bus_context_get_max_services_per_connection (BusContext *context)
1276 {
1277 return context->limits.max_services_per_connection;
1278 }
1279
1280 int
bus_context_get_max_match_rules_per_connection(BusContext * context)1281 bus_context_get_max_match_rules_per_connection (BusContext *context)
1282 {
1283 return context->limits.max_match_rules_per_connection;
1284 }
1285
1286 int
bus_context_get_max_replies_per_connection(BusContext * context)1287 bus_context_get_max_replies_per_connection (BusContext *context)
1288 {
1289 return context->limits.max_replies_per_connection;
1290 }
1291
1292 int
bus_context_get_reply_timeout(BusContext * context)1293 bus_context_get_reply_timeout (BusContext *context)
1294 {
1295 return context->limits.reply_timeout;
1296 }
1297
1298 void
1299 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...) _DBUS_GNUC_PRINTF (3, 4);
1300
1301 void
bus_context_log(BusContext * context,DBusSystemLogSeverity severity,const char * msg,...)1302 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...)
1303 {
1304 va_list args;
1305
1306 if (!context->syslog)
1307 {
1308 /* we're not syslogging; just output to stderr */
1309 va_start (args, msg);
1310 vfprintf (stderr, msg, args);
1311 fprintf (stderr, "\n");
1312 va_end (args);
1313 return;
1314 }
1315
1316 va_start (args, msg);
1317
1318 if (context->log_prefix)
1319 {
1320 DBusString full_msg;
1321
1322 if (!_dbus_string_init (&full_msg))
1323 goto out;
1324 if (!_dbus_string_append (&full_msg, context->log_prefix))
1325 goto oom_out;
1326 if (!_dbus_string_append_printf_valist (&full_msg, msg, args))
1327 goto oom_out;
1328
1329 _dbus_system_log (severity, "%s", _dbus_string_get_const_data (&full_msg));
1330 oom_out:
1331 _dbus_string_free (&full_msg);
1332 }
1333 else
1334 _dbus_system_logv (severity, msg, args);
1335
1336 out:
1337 va_end (args);
1338 }
1339
1340 static inline const char *
nonnull(const char * maybe_null,const char * if_null)1341 nonnull (const char *maybe_null,
1342 const char *if_null)
1343 {
1344 return (maybe_null ? maybe_null : if_null);
1345 }
1346
1347 /*
1348 * Log something about a message, usually that it was rejected.
1349 */
1350 static void
complain_about_message(BusContext * context,const char * error_name,const char * complaint,int matched_rules,DBusMessage * message,DBusConnection * sender,DBusConnection * proposed_recipient,dbus_bool_t requested_reply,dbus_bool_t log,DBusError * error)1351 complain_about_message (BusContext *context,
1352 const char *error_name,
1353 const char *complaint,
1354 int matched_rules,
1355 DBusMessage *message,
1356 DBusConnection *sender,
1357 DBusConnection *proposed_recipient,
1358 dbus_bool_t requested_reply,
1359 dbus_bool_t log,
1360 DBusError *error)
1361 {
1362 DBusError stack_error = DBUS_ERROR_INIT;
1363 const char *sender_name;
1364 const char *sender_loginfo;
1365 const char *proposed_recipient_loginfo;
1366
1367 if (error == NULL && !log)
1368 return;
1369
1370 if (sender != NULL)
1371 {
1372 sender_name = bus_connection_get_name (sender);
1373 sender_loginfo = bus_connection_get_loginfo (sender);
1374 }
1375 else
1376 {
1377 sender_name = "(unset)";
1378 sender_loginfo = "(bus)";
1379 }
1380
1381 if (proposed_recipient != NULL)
1382 proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
1383 else
1384 proposed_recipient_loginfo = "bus";
1385
1386 dbus_set_error (&stack_error, error_name,
1387 "%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) "
1388 "interface=\"%s\" member=\"%s\" error name=\"%s\" "
1389 "requested_reply=\"%d\" destination=\"%s\" (%s)",
1390 complaint,
1391 matched_rules,
1392 dbus_message_type_to_string (dbus_message_get_type (message)),
1393 sender_name,
1394 sender_loginfo,
1395 nonnull (dbus_message_get_interface (message), "(unset)"),
1396 nonnull (dbus_message_get_member (message), "(unset)"),
1397 nonnull (dbus_message_get_error_name (message), "(unset)"),
1398 requested_reply,
1399 nonnull (dbus_message_get_destination (message), DBUS_SERVICE_DBUS),
1400 proposed_recipient_loginfo);
1401
1402 /* If we hit OOM while setting the error, this will syslog "out of memory"
1403 * which is itself an indication that something is seriously wrong */
1404 if (log)
1405 bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, "%s",
1406 stack_error.message);
1407
1408 dbus_move_error (&stack_error, error);
1409 }
1410
1411 /*
1412 * addressed_recipient is the recipient specified in the message.
1413 *
1414 * proposed_recipient is the recipient we're considering sending
1415 * to right this second, and may be an eavesdropper.
1416 *
1417 * sender is the sender of the message.
1418 *
1419 * NULL for proposed_recipient or sender definitely means the bus driver.
1420 *
1421 * NULL for addressed_recipient may mean the bus driver, or may mean
1422 * no destination was specified in the message (e.g. a signal).
1423 */
1424 dbus_bool_t
bus_context_check_security_policy(BusContext * context,BusTransaction * transaction,DBusConnection * sender,DBusConnection * addressed_recipient,DBusConnection * proposed_recipient,DBusMessage * message,DBusError * error)1425 bus_context_check_security_policy (BusContext *context,
1426 BusTransaction *transaction,
1427 DBusConnection *sender,
1428 DBusConnection *addressed_recipient,
1429 DBusConnection *proposed_recipient,
1430 DBusMessage *message,
1431 DBusError *error)
1432 {
1433 const char *dest;
1434 BusClientPolicy *sender_policy;
1435 BusClientPolicy *recipient_policy;
1436 dbus_int32_t toggles;
1437 dbus_bool_t log;
1438 int type;
1439 dbus_bool_t requested_reply;
1440
1441 type = dbus_message_get_type (message);
1442 dest = dbus_message_get_destination (message);
1443
1444 /* dispatch.c was supposed to ensure these invariants */
1445 _dbus_assert (dest != NULL ||
1446 type == DBUS_MESSAGE_TYPE_SIGNAL ||
1447 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1448 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
1449 addressed_recipient != NULL ||
1450 strcmp (dest, DBUS_SERVICE_DBUS) == 0);
1451
1452 switch (type)
1453 {
1454 case DBUS_MESSAGE_TYPE_METHOD_CALL:
1455 case DBUS_MESSAGE_TYPE_SIGNAL:
1456 case DBUS_MESSAGE_TYPE_METHOD_RETURN:
1457 case DBUS_MESSAGE_TYPE_ERROR:
1458 break;
1459
1460 default:
1461 _dbus_verbose ("security check disallowing message of unknown type %d\n",
1462 type);
1463
1464 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1465 "Message bus will not accept messages of unknown type\n");
1466
1467 return FALSE;
1468 }
1469
1470 requested_reply = FALSE;
1471
1472 if (sender != NULL)
1473 {
1474 /* First verify the SELinux access controls. If allowed then
1475 * go on with the standard checks.
1476 */
1477 if (!bus_selinux_allows_send (sender, proposed_recipient,
1478 dbus_message_type_to_string (dbus_message_get_type (message)),
1479 dbus_message_get_interface (message),
1480 dbus_message_get_member (message),
1481 dbus_message_get_error_name (message),
1482 dest ? dest : DBUS_SERVICE_DBUS, error))
1483 {
1484 if (error != NULL && !dbus_error_is_set (error))
1485 {
1486 /* don't syslog this, just set the error: avc_has_perm should
1487 * have already written to either the audit log or syslog */
1488 complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
1489 "An SELinux policy prevents this sender from sending this "
1490 "message to this recipient",
1491 0, message, sender, proposed_recipient, FALSE, FALSE, error);
1492 _dbus_verbose ("SELinux security check denying send to service\n");
1493 }
1494
1495 return FALSE;
1496 }
1497
1498 if (bus_connection_is_active (sender))
1499 {
1500 sender_policy = bus_connection_get_policy (sender);
1501 _dbus_assert (sender_policy != NULL);
1502
1503 /* Fill in requested_reply variable with TRUE if this is a
1504 * reply and the reply was pending.
1505 */
1506 if (dbus_message_get_reply_serial (message) != 0)
1507 {
1508 if (proposed_recipient != NULL /* not to the bus driver */ &&
1509 addressed_recipient == proposed_recipient /* not eavesdropping */)
1510 {
1511 DBusError error2;
1512
1513 dbus_error_init (&error2);
1514 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
1515 transaction,
1516 sender, addressed_recipient, message,
1517 &error2);
1518 if (dbus_error_is_set (&error2))
1519 {
1520 dbus_move_error (&error2, error);
1521 return FALSE;
1522 }
1523 }
1524 }
1525 }
1526 else
1527 {
1528 /* Policy for inactive connections is that they can only send
1529 * the hello message to the bus driver
1530 */
1531 if (proposed_recipient == NULL &&
1532 dbus_message_is_method_call (message,
1533 DBUS_INTERFACE_DBUS,
1534 "Hello"))
1535 {
1536 _dbus_verbose ("security check allowing %s message\n",
1537 "Hello");
1538 return TRUE;
1539 }
1540 else
1541 {
1542 _dbus_verbose ("security check disallowing non-%s message\n",
1543 "Hello");
1544
1545 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
1546 "Client tried to send a message other than %s without being registered",
1547 "Hello");
1548
1549 return FALSE;
1550 }
1551 }
1552 }
1553 else
1554 {
1555 sender_policy = NULL;
1556
1557 /* If the sender is the bus driver, we assume any reply was a
1558 * requested reply as bus driver won't send bogus ones
1559 */
1560 if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
1561 dbus_message_get_reply_serial (message) != 0)
1562 requested_reply = TRUE;
1563 }
1564
1565 _dbus_assert ((sender != NULL && sender_policy != NULL) ||
1566 (sender == NULL && sender_policy == NULL));
1567
1568 if (proposed_recipient != NULL)
1569 {
1570 /* only the bus driver can send to an inactive recipient (as it
1571 * owns no services, so other apps can't address it). Inactive
1572 * recipients can receive any message.
1573 */
1574 if (bus_connection_is_active (proposed_recipient))
1575 {
1576 recipient_policy = bus_connection_get_policy (proposed_recipient);
1577 _dbus_assert (recipient_policy != NULL);
1578 }
1579 else if (sender == NULL)
1580 {
1581 _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
1582 recipient_policy = NULL;
1583 }
1584 else
1585 {
1586 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
1587 recipient_policy = NULL;
1588 }
1589 }
1590 else
1591 recipient_policy = NULL;
1592
1593 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
1594 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
1595 (proposed_recipient == NULL && recipient_policy == NULL));
1596
1597 log = FALSE;
1598 if (sender_policy &&
1599 !bus_client_policy_check_can_send (sender_policy,
1600 context->registry,
1601 requested_reply,
1602 proposed_recipient,
1603 message, &toggles, &log))
1604 {
1605 complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
1606 "Rejected send message", toggles,
1607 message, sender, proposed_recipient, requested_reply,
1608 (addressed_recipient == proposed_recipient), error);
1609 _dbus_verbose ("security policy disallowing message due to sender policy\n");
1610 return FALSE;
1611 }
1612
1613 if (log)
1614 {
1615 /* We want to drop this message, and are only not doing so for backwards
1616 * compatibility. */
1617 complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
1618 "Would reject message", toggles,
1619 message, sender, proposed_recipient, requested_reply,
1620 TRUE, NULL);
1621 }
1622
1623 if (recipient_policy &&
1624 !bus_client_policy_check_can_receive (recipient_policy,
1625 context->registry,
1626 requested_reply,
1627 sender,
1628 addressed_recipient, proposed_recipient,
1629 message, &toggles))
1630 {
1631 complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
1632 "Rejected receive message", toggles,
1633 message, sender, proposed_recipient, requested_reply,
1634 (addressed_recipient == proposed_recipient), NULL);
1635 _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1636 return FALSE;
1637 }
1638
1639 /* See if limits on size have been exceeded */
1640 if (proposed_recipient &&
1641 ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) ||
1642 (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds)))
1643 {
1644 complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED,
1645 "Rejected: destination has a full message queue",
1646 0, message, sender, proposed_recipient, requested_reply, TRUE,
1647 error);
1648 _dbus_verbose ("security policy disallowing message due to full message queue\n");
1649 return FALSE;
1650 }
1651
1652 /* Record that we will allow a reply here in the future (don't
1653 * bother if the recipient is the bus or this is an eavesdropping
1654 * connection). Only the addressed recipient may reply.
1655 */
1656 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
1657 sender &&
1658 addressed_recipient &&
1659 addressed_recipient == proposed_recipient && /* not eavesdropping */
1660 !bus_connections_expect_reply (bus_connection_get_connections (sender),
1661 transaction,
1662 sender, addressed_recipient,
1663 message, error))
1664 {
1665 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
1666 return FALSE;
1667 }
1668
1669 _dbus_verbose ("security policy allowing message\n");
1670 return TRUE;
1671 }
1672