1 /* -*- mode: C; c-file-style: "gnu" -*- */ 2 /* bus.c message bus context object 3 * 4 * Copyright (C) 2003, 2004 Red Hat, Inc. 5 * 6 * Licensed under the Academic Free License version 2.1 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 * 22 */ 23 24 #include "bus.h" 25 #include "activation.h" 26 #include "connection.h" 27 #include "services.h" 28 #include "utils.h" 29 #include "policy.h" 30 #include "config-parser.h" 31 #include "signals.h" 32 #include "selinux.h" 33 #include "dir-watch.h" 34 #include <dbus/dbus-list.h> 35 #include <dbus/dbus-hash.h> 36 #include <dbus/dbus-internals.h> 37 38 struct BusContext 39 { 40 int refcount; 41 char *config_file; 42 char *type; 43 char *address; 44 #ifdef WANT_PIDFILE 45 char *pidfile; 46 #endif 47 char *user; 48 DBusLoop *loop; 49 DBusList *servers; 50 BusConnections *connections; 51 BusActivation *activation; 52 BusRegistry *registry; 53 BusPolicy *policy; 54 BusMatchmaker *matchmaker; 55 DBusUserDatabase *user_database; 56 BusLimits limits; 57 unsigned int fork : 1; 58 }; 59 60 static dbus_int32_t server_data_slot = -1; 61 62 typedef struct 63 { 64 BusContext *context; 65 } BusServerData; 66 67 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot)) 68 69 static BusContext* 70 server_get_context (DBusServer *server) 71 { 72 BusContext *context; 73 BusServerData *bd; 74 75 if (!dbus_server_allocate_data_slot (&server_data_slot)) 76 return NULL; 77 78 bd = BUS_SERVER_DATA (server); 79 if (bd == NULL) 80 { 81 dbus_server_free_data_slot (&server_data_slot); 82 return NULL; 83 } 84 85 context = bd->context; 86 87 dbus_server_free_data_slot (&server_data_slot); 88 89 return context; 90 } 91 92 static dbus_bool_t 93 server_watch_callback (DBusWatch *watch, 94 unsigned int condition, 95 void *data) 96 { 97 /* FIXME this can be done in dbus-mainloop.c 98 * if the code in activation.c for the babysitter 99 * watch handler is fixed. 100 */ 101 102 return dbus_watch_handle (watch, condition); 103 } 104 105 static dbus_bool_t 106 add_server_watch (DBusWatch *watch, 107 void *data) 108 { 109 DBusServer *server = data; 110 BusContext *context; 111 112 context = server_get_context (server); 113 114 return _dbus_loop_add_watch (context->loop, 115 watch, server_watch_callback, server, 116 NULL); 117 } 118 119 static void 120 remove_server_watch (DBusWatch *watch, 121 void *data) 122 { 123 DBusServer *server = data; 124 BusContext *context; 125 126 context = server_get_context (server); 127 128 _dbus_loop_remove_watch (context->loop, 129 watch, server_watch_callback, server); 130 } 131 132 133 static void 134 server_timeout_callback (DBusTimeout *timeout, 135 void *data) 136 { 137 /* can return FALSE on OOM but we just let it fire again later */ 138 dbus_timeout_handle (timeout); 139 } 140 141 static dbus_bool_t 142 add_server_timeout (DBusTimeout *timeout, 143 void *data) 144 { 145 DBusServer *server = data; 146 BusContext *context; 147 148 context = server_get_context (server); 149 150 return _dbus_loop_add_timeout (context->loop, 151 timeout, server_timeout_callback, server, NULL); 152 } 153 154 static void 155 remove_server_timeout (DBusTimeout *timeout, 156 void *data) 157 { 158 DBusServer *server = data; 159 BusContext *context; 160 161 context = server_get_context (server); 162 163 _dbus_loop_remove_timeout (context->loop, 164 timeout, server_timeout_callback, server); 165 } 166 167 static void 168 new_connection_callback (DBusServer *server, 169 DBusConnection *new_connection, 170 void *data) 171 { 172 BusContext *context = data; 173 174 if (!bus_connections_setup_connection (context->connections, new_connection)) 175 { 176 _dbus_verbose ("No memory to setup new connection\n"); 177 178 /* if we don't do this, it will get unref'd without 179 * being disconnected... kind of strange really 180 * that we have to do this, people won't get it right 181 * in general. 182 */ 183 dbus_connection_close (new_connection); 184 } 185 186 dbus_connection_set_max_received_size (new_connection, 187 context->limits.max_incoming_bytes); 188 189 dbus_connection_set_max_message_size (new_connection, 190 context->limits.max_message_size); 191 192 /* on OOM, we won't have ref'd the connection so it will die. */ 193 } 194 195 static void 196 free_server_data (void *data) 197 { 198 BusServerData *bd = data; 199 200 dbus_free (bd); 201 } 202 203 static dbus_bool_t 204 setup_server (BusContext *context, 205 DBusServer *server, 206 char **auth_mechanisms, 207 DBusError *error) 208 { 209 BusServerData *bd; 210 211 bd = dbus_new0 (BusServerData, 1); 212 if (!dbus_server_set_data (server, 213 server_data_slot, 214 bd, free_server_data)) 215 { 216 dbus_free (bd); 217 BUS_SET_OOM (error); 218 return FALSE; 219 } 220 221 bd->context = context; 222 223 if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms)) 224 { 225 BUS_SET_OOM (error); 226 return FALSE; 227 } 228 229 dbus_server_set_new_connection_function (server, 230 new_connection_callback, 231 context, NULL); 232 233 if (!dbus_server_set_watch_functions (server, 234 add_server_watch, 235 remove_server_watch, 236 NULL, 237 server, 238 NULL)) 239 { 240 BUS_SET_OOM (error); 241 return FALSE; 242 } 243 244 if (!dbus_server_set_timeout_functions (server, 245 add_server_timeout, 246 remove_server_timeout, 247 NULL, 248 server, NULL)) 249 { 250 BUS_SET_OOM (error); 251 return FALSE; 252 } 253 254 return TRUE; 255 } 256 257 /* This code only gets executed the first time the 258 config files are parsed. It is not executed 259 when config files are reloaded.*/ 260 static dbus_bool_t 261 process_config_first_time_only (BusContext *context, 262 BusConfigParser *parser, 263 DBusError *error) 264 { 265 DBusList *link; 266 DBusList **addresses; 267 const char *user, *pidfile; 268 char **auth_mechanisms; 269 DBusList **auth_mechanisms_list; 270 int len; 271 dbus_bool_t retval; 272 273 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 274 275 retval = FALSE; 276 auth_mechanisms = NULL; 277 278 #ifdef WANT_PIDFILE 279 /* Check for an existing pid file. Of course this is a race; 280 * we'd have to use fcntl() locks on the pid file to 281 * avoid that. But we want to check for the pid file 282 * before overwriting any existing sockets, etc. 283 */ 284 pidfile = bus_config_parser_get_pidfile (parser); 285 if (pidfile != NULL) 286 { 287 DBusString u; 288 DBusStat stbuf; 289 290 _dbus_string_init_const (&u, pidfile); 291 292 if (_dbus_stat (&u, &stbuf, NULL)) 293 { 294 dbus_set_error (error, DBUS_ERROR_FAILED, 295 "The pid file \"%s\" exists, if the message bus is not running, remove this file", 296 pidfile); 297 goto failed; 298 } 299 } 300 301 /* keep around the pid filename so we can delete it later */ 302 context->pidfile = _dbus_strdup (pidfile); 303 #endif 304 305 /* Build an array of auth mechanisms */ 306 307 auth_mechanisms_list = bus_config_parser_get_mechanisms (parser); 308 len = _dbus_list_get_length (auth_mechanisms_list); 309 310 if (len > 0) 311 { 312 int i; 313 314 auth_mechanisms = dbus_new0 (char*, len + 1); 315 if (auth_mechanisms == NULL) 316 { 317 BUS_SET_OOM (error); 318 goto failed; 319 } 320 321 i = 0; 322 link = _dbus_list_get_first_link (auth_mechanisms_list); 323 while (link != NULL) 324 { 325 auth_mechanisms[i] = _dbus_strdup (link->data); 326 if (auth_mechanisms[i] == NULL) 327 { 328 BUS_SET_OOM (error); 329 goto failed; 330 } 331 link = _dbus_list_get_next_link (auth_mechanisms_list, link); 332 } 333 } 334 else 335 { 336 auth_mechanisms = NULL; 337 } 338 339 /* Listen on our addresses */ 340 341 addresses = bus_config_parser_get_addresses (parser); 342 343 link = _dbus_list_get_first_link (addresses); 344 while (link != NULL) 345 { 346 DBusServer *server; 347 348 server = dbus_server_listen (link->data, error); 349 if (server == NULL) 350 { 351 _DBUS_ASSERT_ERROR_IS_SET (error); 352 goto failed; 353 } 354 else if (!setup_server (context, server, auth_mechanisms, error)) 355 { 356 _DBUS_ASSERT_ERROR_IS_SET (error); 357 goto failed; 358 } 359 360 if (!_dbus_list_append (&context->servers, server)) 361 { 362 BUS_SET_OOM (error); 363 goto failed; 364 } 365 366 link = _dbus_list_get_next_link (addresses, link); 367 } 368 369 /* note that type may be NULL */ 370 context->type = _dbus_strdup (bus_config_parser_get_type (parser)); 371 if (bus_config_parser_get_type (parser) != NULL && context->type == NULL) 372 { 373 BUS_SET_OOM (error); 374 goto failed; 375 } 376 377 user = bus_config_parser_get_user (parser); 378 if (user != NULL) 379 { 380 context->user = _dbus_strdup (user); 381 if (context->user == NULL) 382 { 383 BUS_SET_OOM (error); 384 goto failed; 385 } 386 } 387 388 context->fork = bus_config_parser_get_fork (parser); 389 390 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 391 retval = TRUE; 392 393 failed: 394 dbus_free_string_array (auth_mechanisms); 395 return retval; 396 } 397 398 /* This code gets executed every time the config files 399 are parsed: both during BusContext construction 400 and on reloads. */ 401 static dbus_bool_t 402 process_config_every_time (BusContext *context, 403 BusConfigParser *parser, 404 dbus_bool_t is_reload, 405 DBusError *error) 406 { 407 DBusString full_address; 408 DBusList *link; 409 char *addr; 410 411 dbus_bool_t retval; 412 413 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 414 415 addr = NULL; 416 retval = FALSE; 417 418 if (!_dbus_string_init (&full_address)) 419 { 420 BUS_SET_OOM (error); 421 return FALSE; 422 } 423 424 /* get our limits and timeout lengths */ 425 bus_config_parser_get_limits (parser, &context->limits); 426 427 context->policy = bus_config_parser_steal_policy (parser); 428 _dbus_assert (context->policy != NULL); 429 430 /* We have to build the address backward, so that 431 * <listen> later in the config file have priority 432 */ 433 link = _dbus_list_get_last_link (&context->servers); 434 while (link != NULL) 435 { 436 addr = dbus_server_get_address (link->data); 437 if (addr == NULL) 438 { 439 BUS_SET_OOM (error); 440 goto failed; 441 } 442 443 if (_dbus_string_get_length (&full_address) > 0) 444 { 445 if (!_dbus_string_append (&full_address, ";")) 446 { 447 BUS_SET_OOM (error); 448 goto failed; 449 } 450 } 451 452 if (!_dbus_string_append (&full_address, addr)) 453 { 454 BUS_SET_OOM (error); 455 goto failed; 456 } 457 458 dbus_free (addr); 459 addr = NULL; 460 461 link = _dbus_list_get_prev_link (&context->servers, link); 462 } 463 464 if (is_reload) 465 dbus_free (context->address); 466 467 if (!_dbus_string_copy_data (&full_address, &context->address)) 468 { 469 BUS_SET_OOM (error); 470 goto failed; 471 } 472 473 /* Create activation subsystem */ 474 475 if (is_reload) 476 bus_activation_unref (context->activation); 477 478 context->activation = bus_activation_new (context, &full_address, 479 bus_config_parser_get_service_dirs (parser), 480 error); 481 if (context->activation == NULL) 482 { 483 _DBUS_ASSERT_ERROR_IS_SET (error); 484 goto failed; 485 } 486 487 /* Drop existing conf-dir watches (if applicable) */ 488 489 if (is_reload) 490 bus_drop_all_directory_watches (); 491 492 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 493 retval = TRUE; 494 495 failed: 496 _dbus_string_free (&full_address); 497 498 if (addr) 499 dbus_free (addr); 500 501 return retval; 502 } 503 504 static dbus_bool_t 505 process_config_postinit (BusContext *context, 506 BusConfigParser *parser, 507 DBusError *error) 508 { 509 DBusHashTable *service_context_table; 510 511 service_context_table = bus_config_parser_steal_service_context_table (parser); 512 if (!bus_registry_set_service_context_table (context->registry, 513 service_context_table)) 514 { 515 BUS_SET_OOM (error); 516 return FALSE; 517 } 518 519 _dbus_hash_table_unref (service_context_table); 520 521 /* Watch all conf directories */ 522 _dbus_list_foreach (bus_config_parser_get_conf_dirs (parser), 523 (DBusForeachFunction) bus_watch_directory, 524 context); 525 526 return TRUE; 527 } 528 529 BusContext* 530 bus_context_new (const DBusString *config_file, 531 ForceForkSetting force_fork, 532 int print_addr_fd, 533 int print_pid_fd, 534 DBusError *error) 535 { 536 BusContext *context; 537 BusConfigParser *parser; 538 DBusCredentials creds; 539 540 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 541 542 context = NULL; 543 parser = NULL; 544 545 if (!dbus_server_allocate_data_slot (&server_data_slot)) 546 { 547 BUS_SET_OOM (error); 548 return NULL; 549 } 550 551 context = dbus_new0 (BusContext, 1); 552 if (context == NULL) 553 { 554 BUS_SET_OOM (error); 555 goto failed; 556 } 557 context->refcount = 1; 558 559 if (!_dbus_string_copy_data (config_file, &context->config_file)) 560 { 561 BUS_SET_OOM (error); 562 goto failed; 563 } 564 565 context->loop = _dbus_loop_new (); 566 if (context->loop == NULL) 567 { 568 BUS_SET_OOM (error); 569 goto failed; 570 } 571 572 context->registry = bus_registry_new (context); 573 if (context->registry == NULL) 574 { 575 BUS_SET_OOM (error); 576 goto failed; 577 } 578 579 parser = bus_config_load (config_file, TRUE, NULL, error); 580 if (parser == NULL) 581 { 582 _DBUS_ASSERT_ERROR_IS_SET (error); 583 goto failed; 584 } 585 586 if (!process_config_first_time_only (context, parser, error)) 587 { 588 _DBUS_ASSERT_ERROR_IS_SET (error); 589 goto failed; 590 } 591 if (!process_config_every_time (context, parser, FALSE, error)) 592 { 593 _DBUS_ASSERT_ERROR_IS_SET (error); 594 goto failed; 595 } 596 597 /* we need another ref of the server data slot for the context 598 * to own 599 */ 600 if (!dbus_server_allocate_data_slot (&server_data_slot)) 601 _dbus_assert_not_reached ("second ref of server data slot failed"); 602 603 context->user_database = _dbus_user_database_new (); 604 if (context->user_database == NULL) 605 { 606 BUS_SET_OOM (error); 607 goto failed; 608 } 609 610 /* Note that we don't know whether the print_addr_fd is 611 * one of the sockets we're using to listen on, or some 612 * other random thing. But I think the answer is "don't do 613 * that then" 614 */ 615 if (print_addr_fd >= 0) 616 { 617 DBusString addr; 618 const char *a = bus_context_get_address (context); 619 int bytes; 620 621 _dbus_assert (a != NULL); 622 if (!_dbus_string_init (&addr)) 623 { 624 BUS_SET_OOM (error); 625 goto failed; 626 } 627 628 if (!_dbus_string_append (&addr, a) || 629 !_dbus_string_append (&addr, "\n")) 630 { 631 _dbus_string_free (&addr); 632 BUS_SET_OOM (error); 633 goto failed; 634 } 635 636 bytes = _dbus_string_get_length (&addr); 637 if (_dbus_write_socket (print_addr_fd, &addr, 0, bytes) != bytes) 638 { 639 dbus_set_error (error, DBUS_ERROR_FAILED, 640 "Printing message bus address: %s\n", 641 _dbus_strerror (errno)); 642 _dbus_string_free (&addr); 643 goto failed; 644 } 645 646 if (print_addr_fd > 2) 647 _dbus_close_socket (print_addr_fd, NULL); 648 649 _dbus_string_free (&addr); 650 } 651 652 context->connections = bus_connections_new (context); 653 if (context->connections == NULL) 654 { 655 BUS_SET_OOM (error); 656 goto failed; 657 } 658 659 context->matchmaker = bus_matchmaker_new (); 660 if (context->matchmaker == NULL) 661 { 662 BUS_SET_OOM (error); 663 goto failed; 664 } 665 666 /* check user before we fork */ 667 if (context->user != NULL) 668 { 669 DBusString u; 670 671 _dbus_string_init_const (&u, context->user); 672 673 if (!_dbus_credentials_from_username (&u, &creds) || 674 creds.uid < 0 || 675 creds.gid < 0) 676 { 677 dbus_set_error (error, DBUS_ERROR_FAILED, 678 "Could not get UID and GID for username \"%s\"", 679 context->user); 680 goto failed; 681 } 682 } 683 684 /* Now become a daemon if appropriate */ 685 if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS) 686 { 687 DBusString u; 688 #ifdef WANT_PIDFILE 689 if (context->pidfile) 690 _dbus_string_init_const (&u, context->pidfile); 691 692 if (!_dbus_become_daemon (context->pidfile ? &u : NULL, 693 print_pid_fd, 694 error)) 695 # else 696 if (!_dbus_become_daemon (NULL, 697 0, 698 error)) 699 #endif 700 { 701 _DBUS_ASSERT_ERROR_IS_SET (error); 702 goto failed; 703 } 704 } 705 #ifdef WANT_PIDFILE 706 else 707 { 708 /* Need to write PID file for ourselves, not for the child process */ 709 if (context->pidfile != NULL) 710 { 711 DBusString u; 712 713 _dbus_string_init_const (&u, context->pidfile); 714 715 if (!_dbus_write_pid_file (&u, _dbus_getpid (), error)) 716 { 717 _DBUS_ASSERT_ERROR_IS_SET (error); 718 goto failed; 719 } 720 } 721 } 722 #endif 723 724 /* Write PID if requested */ 725 if (print_pid_fd >= 0) 726 { 727 DBusString pid; 728 int bytes; 729 730 if (!_dbus_string_init (&pid)) 731 { 732 BUS_SET_OOM (error); 733 goto failed; 734 } 735 736 if (!_dbus_string_append_int (&pid, _dbus_getpid ()) || 737 !_dbus_string_append (&pid, "\n")) 738 { 739 _dbus_string_free (&pid); 740 BUS_SET_OOM (error); 741 goto failed; 742 } 743 744 bytes = _dbus_string_get_length (&pid); 745 if (_dbus_write_socket (print_pid_fd, &pid, 0, bytes) != bytes) 746 { 747 dbus_set_error (error, DBUS_ERROR_FAILED, 748 "Printing message bus PID: %s\n", 749 _dbus_strerror (errno)); 750 _dbus_string_free (&pid); 751 goto failed; 752 } 753 754 if (print_pid_fd > 2) 755 _dbus_close_socket (print_pid_fd, NULL); 756 757 _dbus_string_free (&pid); 758 } 759 760 if (!bus_selinux_full_init ()) 761 { 762 _dbus_warn ("SELinux initialization failed\n"); 763 } 764 765 if (!process_config_postinit (context, parser, error)) 766 { 767 _DBUS_ASSERT_ERROR_IS_SET (error); 768 goto failed; 769 } 770 771 if (parser != NULL) 772 { 773 bus_config_parser_unref (parser); 774 parser = NULL; 775 } 776 777 /* Here we change our credentials if required, 778 * as soon as we've set up our sockets and pidfile 779 */ 780 if (context->user != NULL) 781 { 782 if (!_dbus_change_identity (creds.uid, creds.gid, error)) 783 { 784 _DBUS_ASSERT_ERROR_IS_SET (error); 785 goto failed; 786 } 787 } 788 789 dbus_server_free_data_slot (&server_data_slot); 790 791 return context; 792 793 failed: 794 if (parser != NULL) 795 bus_config_parser_unref (parser); 796 if (context != NULL) 797 bus_context_unref (context); 798 799 if (server_data_slot >= 0) 800 dbus_server_free_data_slot (&server_data_slot); 801 802 return NULL; 803 } 804 805 dbus_bool_t 806 bus_context_reload_config (BusContext *context, 807 DBusError *error) 808 { 809 BusConfigParser *parser; 810 DBusString config_file; 811 dbus_bool_t ret; 812 813 /* Flush the user database cache */ 814 _dbus_user_database_flush(context->user_database); 815 816 ret = FALSE; 817 _dbus_string_init_const (&config_file, context->config_file); 818 parser = bus_config_load (&config_file, TRUE, NULL, error); 819 if (parser == NULL) 820 { 821 _DBUS_ASSERT_ERROR_IS_SET (error); 822 goto failed; 823 } 824 825 if (!process_config_every_time (context, parser, TRUE, error)) 826 { 827 _DBUS_ASSERT_ERROR_IS_SET (error); 828 goto failed; 829 } 830 if (!process_config_postinit (context, parser, error)) 831 { 832 _DBUS_ASSERT_ERROR_IS_SET (error); 833 goto failed; 834 } 835 ret = TRUE; 836 837 failed: 838 if (parser != NULL) 839 bus_config_parser_unref (parser); 840 return ret; 841 } 842 843 static void 844 shutdown_server (BusContext *context, 845 DBusServer *server) 846 { 847 if (server == NULL || 848 !dbus_server_get_is_connected (server)) 849 return; 850 851 if (!dbus_server_set_watch_functions (server, 852 NULL, NULL, NULL, 853 context, 854 NULL)) 855 _dbus_assert_not_reached ("setting watch functions to NULL failed"); 856 857 if (!dbus_server_set_timeout_functions (server, 858 NULL, NULL, NULL, 859 context, 860 NULL)) 861 _dbus_assert_not_reached ("setting timeout functions to NULL failed"); 862 863 dbus_server_disconnect (server); 864 } 865 866 void 867 bus_context_shutdown (BusContext *context) 868 { 869 DBusList *link; 870 871 link = _dbus_list_get_first_link (&context->servers); 872 while (link != NULL) 873 { 874 shutdown_server (context, link->data); 875 876 link = _dbus_list_get_next_link (&context->servers, link); 877 } 878 } 879 880 BusContext * 881 bus_context_ref (BusContext *context) 882 { 883 _dbus_assert (context->refcount > 0); 884 context->refcount += 1; 885 886 return context; 887 } 888 889 void 890 bus_context_unref (BusContext *context) 891 { 892 _dbus_assert (context->refcount > 0); 893 context->refcount -= 1; 894 895 if (context->refcount == 0) 896 { 897 DBusList *link; 898 899 _dbus_verbose ("Finalizing bus context %p\n", context); 900 901 bus_context_shutdown (context); 902 903 if (context->connections) 904 { 905 bus_connections_unref (context->connections); 906 context->connections = NULL; 907 } 908 909 if (context->registry) 910 { 911 bus_registry_unref (context->registry); 912 context->registry = NULL; 913 } 914 915 if (context->activation) 916 { 917 bus_activation_unref (context->activation); 918 context->activation = NULL; 919 } 920 921 link = _dbus_list_get_first_link (&context->servers); 922 while (link != NULL) 923 { 924 dbus_server_unref (link->data); 925 926 link = _dbus_list_get_next_link (&context->servers, link); 927 } 928 _dbus_list_clear (&context->servers); 929 930 if (context->policy) 931 { 932 bus_policy_unref (context->policy); 933 context->policy = NULL; 934 } 935 936 if (context->loop) 937 { 938 _dbus_loop_unref (context->loop); 939 context->loop = NULL; 940 } 941 942 if (context->matchmaker) 943 { 944 bus_matchmaker_unref (context->matchmaker); 945 context->matchmaker = NULL; 946 } 947 948 dbus_free (context->config_file); 949 dbus_free (context->type); 950 dbus_free (context->address); 951 dbus_free (context->user); 952 953 #ifdef WANT_PIDFILE 954 if (context->pidfile) 955 { 956 DBusString u; 957 _dbus_string_init_const (&u, context->pidfile); 958 959 /* Deliberately ignore errors here, since there's not much 960 * we can do about it, and we're exiting anyways. 961 */ 962 _dbus_delete_file (&u, NULL); 963 964 dbus_free (context->pidfile); 965 } 966 #endif 967 968 if (context->user_database != NULL) 969 _dbus_user_database_unref (context->user_database); 970 971 dbus_free (context); 972 973 dbus_server_free_data_slot (&server_data_slot); 974 } 975 } 976 977 /* type may be NULL */ 978 const char* 979 bus_context_get_type (BusContext *context) 980 { 981 return context->type; 982 } 983 984 const char* 985 bus_context_get_address (BusContext *context) 986 { 987 return context->address; 988 } 989 990 BusRegistry* 991 bus_context_get_registry (BusContext *context) 992 { 993 return context->registry; 994 } 995 996 BusConnections* 997 bus_context_get_connections (BusContext *context) 998 { 999 return context->connections; 1000 } 1001 1002 BusActivation* 1003 bus_context_get_activation (BusContext *context) 1004 { 1005 return context->activation; 1006 } 1007 1008 BusMatchmaker* 1009 bus_context_get_matchmaker (BusContext *context) 1010 { 1011 return context->matchmaker; 1012 } 1013 1014 DBusLoop* 1015 bus_context_get_loop (BusContext *context) 1016 { 1017 return context->loop; 1018 } 1019 1020 DBusUserDatabase* 1021 bus_context_get_user_database (BusContext *context) 1022 { 1023 return context->user_database; 1024 } 1025 1026 dbus_bool_t 1027 bus_context_allow_user (BusContext *context, 1028 unsigned long uid) 1029 { 1030 return bus_policy_allow_user (context->policy, 1031 context->user_database, 1032 uid); 1033 } 1034 1035 BusPolicy * 1036 bus_context_get_policy (BusContext *context) 1037 { 1038 return context->policy; 1039 } 1040 1041 BusClientPolicy* 1042 bus_context_create_client_policy (BusContext *context, 1043 DBusConnection *connection, 1044 DBusError *error) 1045 { 1046 _DBUS_ASSERT_ERROR_IS_CLEAR (error); 1047 return bus_policy_create_client_policy (context->policy, connection, 1048 error); 1049 } 1050 1051 int 1052 bus_context_get_activation_timeout (BusContext *context) 1053 { 1054 1055 return context->limits.activation_timeout; 1056 } 1057 1058 int 1059 bus_context_get_auth_timeout (BusContext *context) 1060 { 1061 return context->limits.auth_timeout; 1062 } 1063 1064 int 1065 bus_context_get_max_completed_connections (BusContext *context) 1066 { 1067 return context->limits.max_completed_connections; 1068 } 1069 1070 int 1071 bus_context_get_max_incomplete_connections (BusContext *context) 1072 { 1073 return context->limits.max_incomplete_connections; 1074 } 1075 1076 int 1077 bus_context_get_max_connections_per_user (BusContext *context) 1078 { 1079 return context->limits.max_connections_per_user; 1080 } 1081 1082 int 1083 bus_context_get_max_pending_activations (BusContext *context) 1084 { 1085 return context->limits.max_pending_activations; 1086 } 1087 1088 int 1089 bus_context_get_max_services_per_connection (BusContext *context) 1090 { 1091 return context->limits.max_services_per_connection; 1092 } 1093 1094 int 1095 bus_context_get_max_match_rules_per_connection (BusContext *context) 1096 { 1097 return context->limits.max_match_rules_per_connection; 1098 } 1099 1100 int 1101 bus_context_get_max_replies_per_connection (BusContext *context) 1102 { 1103 return context->limits.max_replies_per_connection; 1104 } 1105 1106 int 1107 bus_context_get_reply_timeout (BusContext *context) 1108 { 1109 return context->limits.reply_timeout; 1110 } 1111 1112 /* 1113 * addressed_recipient is the recipient specified in the message. 1114 * 1115 * proposed_recipient is the recipient we're considering sending 1116 * to right this second, and may be an eavesdropper. 1117 * 1118 * sender is the sender of the message. 1119 * 1120 * NULL for proposed_recipient or sender definitely means the bus driver. 1121 * 1122 * NULL for addressed_recipient may mean the bus driver, or may mean 1123 * no destination was specified in the message (e.g. a signal). 1124 */ 1125 dbus_bool_t 1126 bus_context_check_security_policy (BusContext *context, 1127 BusTransaction *transaction, 1128 DBusConnection *sender, 1129 DBusConnection *addressed_recipient, 1130 DBusConnection *proposed_recipient, 1131 DBusMessage *message, 1132 DBusError *error) 1133 { 1134 BusClientPolicy *sender_policy; 1135 BusClientPolicy *recipient_policy; 1136 int type; 1137 dbus_bool_t requested_reply; 1138 1139 type = dbus_message_get_type (message); 1140 1141 /* dispatch.c was supposed to ensure these invariants */ 1142 _dbus_assert (dbus_message_get_destination (message) != NULL || 1143 type == DBUS_MESSAGE_TYPE_SIGNAL || 1144 (sender == NULL && !bus_connection_is_active (proposed_recipient))); 1145 _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL || 1146 addressed_recipient != NULL || 1147 strcmp (dbus_message_get_destination (message), DBUS_SERVICE_DBUS) == 0); 1148 1149 switch (type) 1150 { 1151 case DBUS_MESSAGE_TYPE_METHOD_CALL: 1152 case DBUS_MESSAGE_TYPE_SIGNAL: 1153 case DBUS_MESSAGE_TYPE_METHOD_RETURN: 1154 case DBUS_MESSAGE_TYPE_ERROR: 1155 break; 1156 1157 default: 1158 _dbus_verbose ("security check disallowing message of unknown type %d\n", 1159 type); 1160 1161 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1162 "Message bus will not accept messages of unknown type\n"); 1163 1164 return FALSE; 1165 } 1166 1167 requested_reply = FALSE; 1168 1169 if (sender != NULL) 1170 { 1171 const char *dest; 1172 1173 dest = dbus_message_get_destination (message); 1174 1175 /* First verify the SELinux access controls. If allowed then 1176 * go on with the standard checks. 1177 */ 1178 if (!bus_selinux_allows_send (sender, proposed_recipient, 1179 dbus_message_type_to_string (dbus_message_get_type (message)), 1180 dbus_message_get_interface (message), 1181 dbus_message_get_member (message), 1182 dbus_message_get_error_name (message), 1183 dest ? dest : DBUS_SERVICE_DBUS, error)) 1184 { 1185 1186 if (dbus_error_is_set (error) && 1187 dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) 1188 { 1189 return FALSE; 1190 } 1191 1192 1193 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1194 "An SELinux policy prevents this sender " 1195 "from sending this message to this recipient " 1196 "(rejected message had interface \"%s\" " 1197 "member \"%s\" error name \"%s\" destination \"%s\")", 1198 dbus_message_get_interface (message) ? 1199 dbus_message_get_interface (message) : "(unset)", 1200 dbus_message_get_member (message) ? 1201 dbus_message_get_member (message) : "(unset)", 1202 dbus_message_get_error_name (message) ? 1203 dbus_message_get_error_name (message) : "(unset)", 1204 dest ? dest : DBUS_SERVICE_DBUS); 1205 _dbus_verbose ("SELinux security check denying send to service\n"); 1206 return FALSE; 1207 } 1208 1209 if (bus_connection_is_active (sender)) 1210 { 1211 sender_policy = bus_connection_get_policy (sender); 1212 _dbus_assert (sender_policy != NULL); 1213 1214 /* Fill in requested_reply variable with TRUE if this is a 1215 * reply and the reply was pending. 1216 */ 1217 if (dbus_message_get_reply_serial (message) != 0) 1218 { 1219 if (proposed_recipient != NULL /* not to the bus driver */ && 1220 addressed_recipient == proposed_recipient /* not eavesdropping */) 1221 { 1222 DBusError error2; 1223 1224 dbus_error_init (&error2); 1225 requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender), 1226 transaction, 1227 sender, addressed_recipient, message, 1228 &error2); 1229 if (dbus_error_is_set (&error2)) 1230 { 1231 dbus_move_error (&error2, error); 1232 return FALSE; 1233 } 1234 } 1235 } 1236 } 1237 else 1238 { 1239 /* Policy for inactive connections is that they can only send 1240 * the hello message to the bus driver 1241 */ 1242 if (proposed_recipient == NULL && 1243 dbus_message_is_method_call (message, 1244 DBUS_INTERFACE_DBUS, 1245 "Hello")) 1246 { 1247 _dbus_verbose ("security check allowing %s message\n", 1248 "Hello"); 1249 return TRUE; 1250 } 1251 else 1252 { 1253 _dbus_verbose ("security check disallowing non-%s message\n", 1254 "Hello"); 1255 1256 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1257 "Client tried to send a message other than %s without being registered", 1258 "Hello"); 1259 1260 return FALSE; 1261 } 1262 } 1263 } 1264 else 1265 { 1266 sender_policy = NULL; 1267 1268 /* If the sender is the bus driver, we assume any reply was a 1269 * requested reply as bus driver won't send bogus ones 1270 */ 1271 if (addressed_recipient == proposed_recipient /* not eavesdropping */ && 1272 dbus_message_get_reply_serial (message) != 0) 1273 requested_reply = TRUE; 1274 } 1275 1276 _dbus_assert ((sender != NULL && sender_policy != NULL) || 1277 (sender == NULL && sender_policy == NULL)); 1278 1279 if (proposed_recipient != NULL) 1280 { 1281 /* only the bus driver can send to an inactive recipient (as it 1282 * owns no services, so other apps can't address it). Inactive 1283 * recipients can receive any message. 1284 */ 1285 if (bus_connection_is_active (proposed_recipient)) 1286 { 1287 recipient_policy = bus_connection_get_policy (proposed_recipient); 1288 _dbus_assert (recipient_policy != NULL); 1289 } 1290 else if (sender == NULL) 1291 { 1292 _dbus_verbose ("security check using NULL recipient policy for message from bus\n"); 1293 recipient_policy = NULL; 1294 } 1295 else 1296 { 1297 _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n"); 1298 recipient_policy = NULL; 1299 } 1300 } 1301 else 1302 recipient_policy = NULL; 1303 1304 _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) || 1305 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) || 1306 (proposed_recipient == NULL && recipient_policy == NULL)); 1307 1308 if (sender_policy && 1309 !bus_client_policy_check_can_send (sender_policy, 1310 context->registry, 1311 requested_reply, 1312 proposed_recipient, 1313 message)) 1314 { 1315 const char *dest; 1316 1317 dest = dbus_message_get_destination (message); 1318 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1319 "A security policy in place prevents this sender " 1320 "from sending this message to this recipient, " 1321 "see message bus configuration file (rejected message " 1322 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")", 1323 dbus_message_get_interface (message) ? 1324 dbus_message_get_interface (message) : "(unset)", 1325 dbus_message_get_member (message) ? 1326 dbus_message_get_member (message) : "(unset)", 1327 dbus_message_get_error_name (message) ? 1328 dbus_message_get_error_name (message) : "(unset)", 1329 dest ? dest : DBUS_SERVICE_DBUS); 1330 _dbus_verbose ("security policy disallowing message due to sender policy\n"); 1331 return FALSE; 1332 } 1333 1334 if (recipient_policy && 1335 !bus_client_policy_check_can_receive (recipient_policy, 1336 context->registry, 1337 requested_reply, 1338 sender, 1339 addressed_recipient, proposed_recipient, 1340 message)) 1341 { 1342 const char *dest; 1343 1344 dest = dbus_message_get_destination (message); 1345 dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, 1346 "A security policy in place prevents this recipient " 1347 "from receiving this message from this sender, " 1348 "see message bus configuration file (rejected message " 1349 "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)", 1350 dbus_message_get_interface (message) ? 1351 dbus_message_get_interface (message) : "(unset)", 1352 dbus_message_get_member (message) ? 1353 dbus_message_get_member (message) : "(unset)", 1354 dbus_message_get_error_name (message) ? 1355 dbus_message_get_error_name (message) : "(unset)", 1356 dest ? dest : DBUS_SERVICE_DBUS, 1357 dbus_message_get_reply_serial (message), 1358 requested_reply); 1359 _dbus_verbose ("security policy disallowing message due to recipient policy\n"); 1360 return FALSE; 1361 } 1362 1363 /* See if limits on size have been exceeded */ 1364 if (proposed_recipient && 1365 dbus_connection_get_outgoing_size (proposed_recipient) > 1366 context->limits.max_outgoing_bytes) 1367 { 1368 const char *dest; 1369 1370 dest = dbus_message_get_destination (message); 1371 dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, 1372 "The destination service \"%s\" has a full message queue", 1373 dest ? dest : (proposed_recipient ? 1374 bus_connection_get_name (proposed_recipient) : 1375 DBUS_SERVICE_DBUS)); 1376 _dbus_verbose ("security policy disallowing message due to full message queue\n"); 1377 return FALSE; 1378 } 1379 1380 /* Record that we will allow a reply here in the future (don't 1381 * bother if the recipient is the bus or this is an eavesdropping 1382 * connection). Only the addressed recipient may reply. 1383 */ 1384 if (type == DBUS_MESSAGE_TYPE_METHOD_CALL && 1385 sender && 1386 addressed_recipient && 1387 addressed_recipient == proposed_recipient && /* not eavesdropping */ 1388 !bus_connections_expect_reply (bus_connection_get_connections (sender), 1389 transaction, 1390 sender, addressed_recipient, 1391 message, error)) 1392 { 1393 _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); 1394 return FALSE; 1395 } 1396 1397 _dbus_verbose ("security policy allowing message\n"); 1398 return TRUE; 1399 } 1400