Home | History | Annotate | Download | only in bus
      1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
      2 /* bus.c  message bus context object
      3  *
      4  * Copyright (C) 2003, 2004 Red Hat, Inc.
      5  *
      6  * Licensed under the Academic Free License version 2.1
      7  *
      8  * This program is free software; you can redistribute it and/or modify
      9  * it under the terms of the GNU General Public License as published by
     10  * the Free Software Foundation; either version 2 of the License, or
     11  * (at your option) any later version.
     12  *
     13  * This program is distributed in the hope that it will be useful,
     14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     16  * GNU General Public License for more details.
     17  *
     18  * You should have received a copy of the GNU General Public License
     19  * along with this program; if not, write to the Free Software
     20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
     21  *
     22  */
     23 
     24 #include <config.h>
     25 #include "bus.h"
     26 
     27 #include <stdio.h>
     28 
     29 #include "activation.h"
     30 #include "connection.h"
     31 #include "services.h"
     32 #include "utils.h"
     33 #include "policy.h"
     34 #include "config-parser.h"
     35 #include "signals.h"
     36 #include "selinux.h"
     37 #include "dir-watch.h"
     38 #include <dbus/dbus-list.h>
     39 #include <dbus/dbus-hash.h>
     40 #include <dbus/dbus-credentials.h>
     41 #include <dbus/dbus-internals.h>
     42 
     43 #ifdef DBUS_CYGWIN
     44 #include <signal.h>
     45 #endif
     46 
     47 struct BusContext
     48 {
     49   int refcount;
     50   DBusGUID uuid;
     51   char *config_file;
     52   char *type;
     53   char *servicehelper;
     54   char *address;
     55 #ifdef WANT_PIDFILE
     56   char *pidfile;
     57 #endif
     58   char *user;
     59   char *log_prefix;
     60   DBusLoop *loop;
     61   DBusList *servers;
     62   BusConnections *connections;
     63   BusActivation *activation;
     64   BusRegistry *registry;
     65   BusPolicy *policy;
     66   BusMatchmaker *matchmaker;
     67   BusLimits limits;
     68   unsigned int fork : 1;
     69   unsigned int syslog : 1;
     70   unsigned int keep_umask : 1;
     71   unsigned int allow_anonymous : 1;
     72   unsigned int systemd_activation : 1;
     73 };
     74 
     75 static dbus_int32_t server_data_slot = -1;
     76 
     77 typedef struct
     78 {
     79   BusContext *context;
     80 } BusServerData;
     81 
     82 #define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))
     83 
     84 static BusContext*
     85 server_get_context (DBusServer *server)
     86 {
     87   BusContext *context;
     88   BusServerData *bd;
     89 
     90   if (!dbus_server_allocate_data_slot (&server_data_slot))
     91     return NULL;
     92 
     93   bd = BUS_SERVER_DATA (server);
     94   if (bd == NULL)
     95     {
     96       dbus_server_free_data_slot (&server_data_slot);
     97       return NULL;
     98     }
     99 
    100   context = bd->context;
    101 
    102   dbus_server_free_data_slot (&server_data_slot);
    103 
    104   return context;
    105 }
    106 
    107 static dbus_bool_t
    108 add_server_watch (DBusWatch  *watch,
    109                   void       *data)
    110 {
    111   DBusServer *server = data;
    112   BusContext *context;
    113 
    114   context = server_get_context (server);
    115 
    116   return _dbus_loop_add_watch (context->loop, watch);
    117 }
    118 
    119 static void
    120 remove_server_watch (DBusWatch  *watch,
    121                      void       *data)
    122 {
    123   DBusServer *server = data;
    124   BusContext *context;
    125 
    126   context = server_get_context (server);
    127 
    128   _dbus_loop_remove_watch (context->loop, watch);
    129 }
    130 
    131 static void
    132 toggle_server_watch (DBusWatch  *watch,
    133                      void       *data)
    134 {
    135   DBusServer *server = data;
    136   BusContext *context;
    137 
    138   context = server_get_context (server);
    139 
    140   _dbus_loop_toggle_watch (context->loop, watch);
    141 }
    142 
    143 static dbus_bool_t
    144 add_server_timeout (DBusTimeout *timeout,
    145                     void        *data)
    146 {
    147   DBusServer *server = data;
    148   BusContext *context;
    149 
    150   context = server_get_context (server);
    151 
    152   return _dbus_loop_add_timeout (context->loop, timeout);
    153 }
    154 
    155 static void
    156 remove_server_timeout (DBusTimeout *timeout,
    157                        void        *data)
    158 {
    159   DBusServer *server = data;
    160   BusContext *context;
    161 
    162   context = server_get_context (server);
    163 
    164   _dbus_loop_remove_timeout (context->loop, timeout);
    165 }
    166 
    167 static void
    168 new_connection_callback (DBusServer     *server,
    169                          DBusConnection *new_connection,
    170                          void           *data)
    171 {
    172   BusContext *context = data;
    173 
    174   if (!bus_connections_setup_connection (context->connections, new_connection))
    175     {
    176       _dbus_verbose ("No memory to setup new connection\n");
    177 
    178       /* if we don't do this, it will get unref'd without
    179        * being disconnected... kind of strange really
    180        * that we have to do this, people won't get it right
    181        * in general.
    182        */
    183       dbus_connection_close (new_connection);
    184     }
    185 
    186   dbus_connection_set_max_received_size (new_connection,
    187                                          context->limits.max_incoming_bytes);
    188 
    189   dbus_connection_set_max_message_size (new_connection,
    190                                         context->limits.max_message_size);
    191 
    192   dbus_connection_set_max_received_unix_fds (new_connection,
    193                                          context->limits.max_incoming_unix_fds);
    194 
    195   dbus_connection_set_max_message_unix_fds (new_connection,
    196                                         context->limits.max_message_unix_fds);
    197 
    198   dbus_connection_set_allow_anonymous (new_connection,
    199                                        context->allow_anonymous);
    200 
    201   /* on OOM, we won't have ref'd the connection so it will die. */
    202 }
    203 
    204 static void
    205 free_server_data (void *data)
    206 {
    207   BusServerData *bd = data;
    208 
    209   dbus_free (bd);
    210 }
    211 
    212 static dbus_bool_t
    213 setup_server (BusContext *context,
    214               DBusServer *server,
    215               char      **auth_mechanisms,
    216               DBusError  *error)
    217 {
    218   BusServerData *bd;
    219 
    220   bd = dbus_new0 (BusServerData, 1);
    221   if (bd == NULL || !dbus_server_set_data (server,
    222                                            server_data_slot,
    223                                            bd, free_server_data))
    224     {
    225       dbus_free (bd);
    226       BUS_SET_OOM (error);
    227       return FALSE;
    228     }
    229 
    230   bd->context = context;
    231 
    232   if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
    233     {
    234       BUS_SET_OOM (error);
    235       return FALSE;
    236     }
    237 
    238   dbus_server_set_new_connection_function (server,
    239                                            new_connection_callback,
    240                                            context, NULL);
    241 
    242   if (!dbus_server_set_watch_functions (server,
    243                                         add_server_watch,
    244                                         remove_server_watch,
    245                                         toggle_server_watch,
    246                                         server,
    247                                         NULL))
    248     {
    249       BUS_SET_OOM (error);
    250       return FALSE;
    251     }
    252 
    253   if (!dbus_server_set_timeout_functions (server,
    254                                           add_server_timeout,
    255                                           remove_server_timeout,
    256                                           NULL,
    257                                           server, NULL))
    258     {
    259       BUS_SET_OOM (error);
    260       return FALSE;
    261     }
    262 
    263   return TRUE;
    264 }
    265 
    266 /* This code only gets executed the first time the
    267  * config files are parsed.  It is not executed
    268  * when config files are reloaded.
    269  */
    270 static dbus_bool_t
    271 process_config_first_time_only (BusContext       *context,
    272 				BusConfigParser  *parser,
    273                                 const DBusString *address,
    274                                 BusContextFlags   flags,
    275 				DBusError        *error)
    276 {
    277   DBusString log_prefix;
    278   DBusList *link;
    279   DBusList **addresses;
    280   const char *user, *pidfile;
    281   char **auth_mechanisms;
    282   DBusList **auth_mechanisms_list;
    283   int len;
    284   dbus_bool_t retval;
    285 
    286   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
    287 
    288   retval = FALSE;
    289   auth_mechanisms = NULL;
    290   pidfile = NULL;
    291 
    292   _dbus_init_system_log ();
    293 
    294   if (flags & BUS_CONTEXT_FLAG_SYSTEMD_ACTIVATION)
    295     context->systemd_activation = TRUE;
    296   else
    297     context->systemd_activation = FALSE;
    298 
    299 #ifdef WANT_PIDFILE
    300   /* Check for an existing pid file. Of course this is a race;
    301    * we'd have to use fcntl() locks on the pid file to
    302    * avoid that. But we want to check for the pid file
    303    * before overwriting any existing sockets, etc.
    304    */
    305 
    306   if (flags & BUS_CONTEXT_FLAG_WRITE_PID_FILE)
    307     pidfile = bus_config_parser_get_pidfile (parser);
    308 
    309   if (pidfile != NULL)
    310     {
    311       DBusString u;
    312       DBusStat stbuf;
    313 
    314       _dbus_string_init_const (&u, pidfile);
    315 
    316       if (_dbus_stat (&u, &stbuf, NULL))
    317         {
    318 #ifdef DBUS_CYGWIN
    319           DBusString p;
    320           long /* int */ pid;
    321 
    322           _dbus_string_init (&p);
    323           _dbus_file_get_contents(&p, &u, NULL);
    324           _dbus_string_parse_int(&p, 0, &pid, NULL);
    325           _dbus_string_free(&p);
    326 
    327           if ((kill((int)pid, 0))) {
    328             dbus_set_error(NULL, DBUS_ERROR_FILE_EXISTS,
    329                            "pid %ld not running, removing stale pid file\n",
    330                            pid);
    331             _dbus_delete_file(&u, NULL);
    332           } else {
    333 #endif
    334           dbus_set_error (error, DBUS_ERROR_FAILED,
    335 		                  "The pid file \"%s\" exists, if the message bus is not running, remove this file",
    336                           pidfile);
    337 	      goto failed;
    338 #ifdef DBUS_CYGWIN
    339           }
    340 #endif
    341         }
    342     }
    343 
    344   /* keep around the pid filename so we can delete it later */
    345   context->pidfile = _dbus_strdup (pidfile);
    346 #endif
    347 
    348   /* note that type may be NULL */
    349   context->type = _dbus_strdup (bus_config_parser_get_type (parser));
    350   if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
    351     goto oom;
    352 
    353   user = bus_config_parser_get_user (parser);
    354   if (user != NULL)
    355     {
    356       context->user = _dbus_strdup (user);
    357       if (context->user == NULL)
    358         goto oom;
    359     }
    360 
    361   /* Set up the prefix for syslog messages */
    362   if (!_dbus_string_init (&log_prefix))
    363     goto oom;
    364   if (context->type && !strcmp (context->type, "system"))
    365     {
    366       if (!_dbus_string_append (&log_prefix, "[system] "))
    367         goto oom;
    368     }
    369   else if (context->type && !strcmp (context->type, "session"))
    370     {
    371       DBusCredentials *credentials;
    372 
    373       credentials = _dbus_credentials_new_from_current_process ();
    374       if (!credentials)
    375         goto oom;
    376       if (!_dbus_string_append (&log_prefix, "[session "))
    377         {
    378           _dbus_credentials_unref (credentials);
    379           goto oom;
    380         }
    381       if (!_dbus_credentials_to_string_append (credentials, &log_prefix))
    382         {
    383           _dbus_credentials_unref (credentials);
    384           goto oom;
    385         }
    386       if (!_dbus_string_append (&log_prefix, "] "))
    387         {
    388           _dbus_credentials_unref (credentials);
    389           goto oom;
    390         }
    391       _dbus_credentials_unref (credentials);
    392     }
    393   if (!_dbus_string_steal_data (&log_prefix, &context->log_prefix))
    394     goto oom;
    395   _dbus_string_free (&log_prefix);
    396 
    397   /* Build an array of auth mechanisms */
    398 
    399   auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
    400   len = _dbus_list_get_length (auth_mechanisms_list);
    401 
    402   if (len > 0)
    403     {
    404       int i;
    405 
    406       auth_mechanisms = dbus_new0 (char*, len + 1);
    407       if (auth_mechanisms == NULL)
    408         goto oom;
    409 
    410       i = 0;
    411       link = _dbus_list_get_first_link (auth_mechanisms_list);
    412       while (link != NULL)
    413         {
    414           auth_mechanisms[i] = _dbus_strdup (link->data);
    415           if (auth_mechanisms[i] == NULL)
    416             goto oom;
    417           link = _dbus_list_get_next_link (auth_mechanisms_list, link);
    418           i += 1;
    419         }
    420     }
    421   else
    422     {
    423       auth_mechanisms = NULL;
    424     }
    425 
    426   /* Listen on our addresses */
    427 
    428   if (address)
    429     {
    430       DBusServer *server;
    431 
    432       server = dbus_server_listen (_dbus_string_get_const_data(address), error);
    433       if (server == NULL)
    434         {
    435           _DBUS_ASSERT_ERROR_IS_SET (error);
    436           goto failed;
    437         }
    438       else if (!setup_server (context, server, auth_mechanisms, error))
    439         {
    440           _DBUS_ASSERT_ERROR_IS_SET (error);
    441           goto failed;
    442         }
    443 
    444       if (!_dbus_list_append (&context->servers, server))
    445         goto oom;
    446     }
    447   else
    448     {
    449       addresses = bus_config_parser_get_addresses (parser);
    450 
    451       link = _dbus_list_get_first_link (addresses);
    452       while (link != NULL)
    453         {
    454           DBusServer *server;
    455 
    456           server = dbus_server_listen (link->data, error);
    457           if (server == NULL)
    458             {
    459               _DBUS_ASSERT_ERROR_IS_SET (error);
    460               goto failed;
    461             }
    462           else if (!setup_server (context, server, auth_mechanisms, error))
    463             {
    464               _DBUS_ASSERT_ERROR_IS_SET (error);
    465               goto failed;
    466             }
    467 
    468           if (!_dbus_list_append (&context->servers, server))
    469             goto oom;
    470 
    471           link = _dbus_list_get_next_link (addresses, link);
    472         }
    473     }
    474 
    475   context->fork = bus_config_parser_get_fork (parser);
    476   context->syslog = bus_config_parser_get_syslog (parser);
    477   context->keep_umask = bus_config_parser_get_keep_umask (parser);
    478   context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
    479 
    480   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
    481   retval = TRUE;
    482 
    483  failed:
    484   dbus_free_string_array (auth_mechanisms);
    485   return retval;
    486 
    487  oom:
    488   BUS_SET_OOM (error);
    489   dbus_free_string_array (auth_mechanisms);
    490   return FALSE;
    491 }
    492 
    493 /* This code gets executed every time the config files
    494  * are parsed: both during BusContext construction
    495  * and on reloads. This function is slightly screwy
    496  * since it can do a "half reload" in out-of-memory
    497  * situations. Realistically, unlikely to ever matter.
    498  */
    499 static dbus_bool_t
    500 process_config_every_time (BusContext      *context,
    501 			   BusConfigParser *parser,
    502 			   dbus_bool_t      is_reload,
    503 			   DBusError       *error)
    504 {
    505   DBusString full_address;
    506   DBusList *link;
    507   DBusList **dirs;
    508   char *addr;
    509   const char *servicehelper;
    510   char *s;
    511 
    512   dbus_bool_t retval;
    513 
    514   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
    515 
    516   addr = NULL;
    517   retval = FALSE;
    518 
    519   if (!_dbus_string_init (&full_address))
    520     {
    521       BUS_SET_OOM (error);
    522       return FALSE;
    523     }
    524 
    525   /* get our limits and timeout lengths */
    526   bus_config_parser_get_limits (parser, &context->limits);
    527 
    528   if (context->policy)
    529     bus_policy_unref (context->policy);
    530   context->policy = bus_config_parser_steal_policy (parser);
    531   _dbus_assert (context->policy != NULL);
    532 
    533   /* We have to build the address backward, so that
    534    * <listen> later in the config file have priority
    535    */
    536   link = _dbus_list_get_last_link (&context->servers);
    537   while (link != NULL)
    538     {
    539       addr = dbus_server_get_address (link->data);
    540       if (addr == NULL)
    541         {
    542           BUS_SET_OOM (error);
    543           goto failed;
    544         }
    545 
    546       if (_dbus_string_get_length (&full_address) > 0)
    547         {
    548           if (!_dbus_string_append (&full_address, ";"))
    549             {
    550               BUS_SET_OOM (error);
    551               goto failed;
    552             }
    553         }
    554 
    555       if (!_dbus_string_append (&full_address, addr))
    556         {
    557           BUS_SET_OOM (error);
    558           goto failed;
    559         }
    560 
    561       dbus_free (addr);
    562       addr = NULL;
    563 
    564       link = _dbus_list_get_prev_link (&context->servers, link);
    565     }
    566 
    567   if (is_reload)
    568     dbus_free (context->address);
    569 
    570   if (!_dbus_string_copy_data (&full_address, &context->address))
    571     {
    572       BUS_SET_OOM (error);
    573       goto failed;
    574     }
    575 
    576   /* get the service directories */
    577   dirs = bus_config_parser_get_service_dirs (parser);
    578 
    579   /* and the service helper */
    580   servicehelper = bus_config_parser_get_servicehelper (parser);
    581 
    582   s = _dbus_strdup(servicehelper);
    583   if (s == NULL && servicehelper != NULL)
    584     {
    585       BUS_SET_OOM (error);
    586       goto failed;
    587     }
    588   else
    589     {
    590       dbus_free(context->servicehelper);
    591       context->servicehelper = s;
    592     }
    593 
    594   /* Create activation subsystem */
    595   if (context->activation)
    596     {
    597       if (!bus_activation_reload (context->activation, &full_address, dirs, error))
    598         goto failed;
    599     }
    600   else
    601     {
    602       context->activation = bus_activation_new (context, &full_address, dirs, error);
    603     }
    604 
    605   if (context->activation == NULL)
    606     {
    607       _DBUS_ASSERT_ERROR_IS_SET (error);
    608       goto failed;
    609     }
    610 
    611   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
    612   retval = TRUE;
    613 
    614  failed:
    615   _dbus_string_free (&full_address);
    616 
    617   if (addr)
    618     dbus_free (addr);
    619 
    620   return retval;
    621 }
    622 
    623 static dbus_bool_t
    624 list_concat_new (DBusList **a,
    625                  DBusList **b,
    626                  DBusList **result)
    627 {
    628   DBusList *link;
    629 
    630   *result = NULL;
    631 
    632   for (link = _dbus_list_get_first_link (a); link; link = _dbus_list_get_next_link (a, link))
    633     {
    634       if (!_dbus_list_append (result, link->data))
    635         goto oom;
    636     }
    637   for (link = _dbus_list_get_first_link (b); link; link = _dbus_list_get_next_link (b, link))
    638     {
    639       if (!_dbus_list_append (result, link->data))
    640         goto oom;
    641     }
    642 
    643   return TRUE;
    644 oom:
    645   _dbus_list_clear (result);
    646   return FALSE;
    647 }
    648 
    649 static void
    650 raise_file_descriptor_limit (BusContext      *context)
    651 {
    652 
    653   /* I just picked this out of thin air; we need some extra
    654    * descriptors for things like any internal pipes we create,
    655    * inotify, connections to SELinux, etc.
    656    */
    657   unsigned int arbitrary_extra_fds = 32;
    658   unsigned int limit;
    659 
    660   limit = context->limits.max_completed_connections +
    661     context->limits.max_incomplete_connections
    662     + arbitrary_extra_fds;
    663 
    664   _dbus_request_file_descriptor_limit (limit);
    665 }
    666 
    667 static dbus_bool_t
    668 process_config_postinit (BusContext      *context,
    669 			 BusConfigParser *parser,
    670 			 DBusError       *error)
    671 {
    672   DBusHashTable *service_context_table;
    673   DBusList *watched_dirs = NULL;
    674 
    675   raise_file_descriptor_limit (context);
    676 
    677   service_context_table = bus_config_parser_steal_service_context_table (parser);
    678   if (!bus_registry_set_service_context_table (context->registry,
    679 					       service_context_table))
    680     {
    681       BUS_SET_OOM (error);
    682       return FALSE;
    683     }
    684 
    685   _dbus_hash_table_unref (service_context_table);
    686 
    687   /* We need to monitor both the configuration directories and directories
    688    * containing .service files.
    689    */
    690   if (!list_concat_new (bus_config_parser_get_conf_dirs (parser),
    691                         bus_config_parser_get_service_dirs (parser),
    692                         &watched_dirs))
    693     {
    694       BUS_SET_OOM (error);
    695       return FALSE;
    696     }
    697 
    698   bus_set_watched_dirs (context, &watched_dirs);
    699 
    700   _dbus_list_clear (&watched_dirs);
    701 
    702   return TRUE;
    703 }
    704 
    705 BusContext*
    706 bus_context_new (const DBusString *config_file,
    707                  BusContextFlags   flags,
    708                  DBusPipe         *print_addr_pipe,
    709                  DBusPipe         *print_pid_pipe,
    710                  const DBusString *address,
    711                  DBusError        *error)
    712 {
    713   BusContext *context;
    714   BusConfigParser *parser;
    715 
    716   _dbus_assert ((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 ||
    717                 (flags & BUS_CONTEXT_FLAG_FORK_ALWAYS) == 0);
    718 
    719   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
    720 
    721   context = NULL;
    722   parser = NULL;
    723 
    724   if (!dbus_server_allocate_data_slot (&server_data_slot))
    725     {
    726       BUS_SET_OOM (error);
    727       return NULL;
    728     }
    729 
    730   context = dbus_new0 (BusContext, 1);
    731   if (context == NULL)
    732     {
    733       BUS_SET_OOM (error);
    734       goto failed;
    735     }
    736   context->refcount = 1;
    737 
    738   _dbus_generate_uuid (&context->uuid);
    739 
    740   if (!_dbus_string_copy_data (config_file, &context->config_file))
    741     {
    742       BUS_SET_OOM (error);
    743       goto failed;
    744     }
    745 
    746   context->loop = _dbus_loop_new ();
    747   if (context->loop == NULL)
    748     {
    749       BUS_SET_OOM (error);
    750       goto failed;
    751     }
    752 
    753   context->registry = bus_registry_new (context);
    754   if (context->registry == NULL)
    755     {
    756       BUS_SET_OOM (error);
    757       goto failed;
    758     }
    759 
    760   parser = bus_config_load (config_file, TRUE, NULL, error);
    761   if (parser == NULL)
    762     {
    763       _DBUS_ASSERT_ERROR_IS_SET (error);
    764       goto failed;
    765     }
    766 
    767   if (!process_config_first_time_only (context, parser, address, flags, error))
    768     {
    769       _DBUS_ASSERT_ERROR_IS_SET (error);
    770       goto failed;
    771     }
    772   if (!process_config_every_time (context, parser, FALSE, error))
    773     {
    774       _DBUS_ASSERT_ERROR_IS_SET (error);
    775       goto failed;
    776     }
    777 
    778   /* we need another ref of the server data slot for the context
    779    * to own
    780    */
    781   if (!dbus_server_allocate_data_slot (&server_data_slot))
    782     _dbus_assert_not_reached ("second ref of server data slot failed");
    783 
    784   /* Note that we don't know whether the print_addr_pipe is
    785    * one of the sockets we're using to listen on, or some
    786    * other random thing. But I think the answer is "don't do
    787    * that then"
    788    */
    789   if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
    790     {
    791       DBusString addr;
    792       const char *a = bus_context_get_address (context);
    793       int bytes;
    794 
    795       _dbus_assert (a != NULL);
    796       if (!_dbus_string_init (&addr))
    797         {
    798           BUS_SET_OOM (error);
    799           goto failed;
    800         }
    801 
    802       if (!_dbus_string_append (&addr, a) ||
    803           !_dbus_string_append (&addr, "\n"))
    804         {
    805           _dbus_string_free (&addr);
    806           BUS_SET_OOM (error);
    807           goto failed;
    808         }
    809 
    810       bytes = _dbus_string_get_length (&addr);
    811       if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
    812         {
    813           /* pipe write returns an error on failure but not short write */
    814           if (error != NULL && !dbus_error_is_set (error))
    815             {
    816               dbus_set_error (error, DBUS_ERROR_FAILED,
    817                               "Printing message bus address: did not write all bytes\n");
    818             }
    819           _dbus_string_free (&addr);
    820           goto failed;
    821         }
    822 
    823       if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
    824         _dbus_pipe_close (print_addr_pipe, NULL);
    825 
    826       _dbus_string_free (&addr);
    827     }
    828 
    829   context->connections = bus_connections_new (context);
    830   if (context->connections == NULL)
    831     {
    832       BUS_SET_OOM (error);
    833       goto failed;
    834     }
    835 
    836   context->matchmaker = bus_matchmaker_new ();
    837   if (context->matchmaker == NULL)
    838     {
    839       BUS_SET_OOM (error);
    840       goto failed;
    841     }
    842 
    843   /* check user before we fork */
    844   if (context->user != NULL)
    845     {
    846       if (!_dbus_verify_daemon_user (context->user))
    847         {
    848           dbus_set_error (error, DBUS_ERROR_FAILED,
    849                           "Could not get UID and GID for username \"%s\"",
    850                           context->user);
    851           goto failed;
    852         }
    853     }
    854 
    855   /* Now become a daemon if appropriate and write out pid file in any case */
    856   {
    857 #ifdef WANT_PIDFILE
    858     DBusString u;
    859 
    860     if (context->pidfile)
    861       _dbus_string_init_const (&u, context->pidfile);
    862 
    863     if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) ||
    864         (flags & BUS_CONTEXT_FLAG_FORK_ALWAYS))
    865       {
    866         _dbus_verbose ("Forking and becoming daemon\n");
    867 
    868         if (!_dbus_become_daemon (context->pidfile ? &u : NULL,
    869                                   print_pid_pipe,
    870                                   error,
    871                                   context->keep_umask))
    872 
    873           {
    874             _DBUS_ASSERT_ERROR_IS_SET (error);
    875             goto failed;
    876           }
    877       }
    878     else
    879       {
    880         _dbus_verbose ("Fork not requested\n");
    881 
    882         /* Need to write PID file and to PID pipe for ourselves,
    883          * not for the child process. This is a no-op if the pidfile
    884          * is NULL and print_pid_pipe is NULL.
    885          */
    886         if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
    887                                                print_pid_pipe,
    888                                                _dbus_getpid (),
    889                                                error))
    890           {
    891             _DBUS_ASSERT_ERROR_IS_SET (error);
    892             goto failed;
    893           }
    894       }
    895 #else
    896     if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) ||
    897         (flags & BUS_CONTEXT_FLAG_FORK_ALWAYS))
    898       {
    899         if (!_dbus_become_daemon (NULL,
    900                                   0,
    901                                   error,
    902                                   context->keep_umask))
    903           {
    904             _DBUS_ASSERT_ERROR_IS_SET (error);
    905             goto failed;
    906           }
    907       }
    908 #endif
    909   }
    910 
    911   if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
    912       !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
    913     _dbus_pipe_close (print_pid_pipe, NULL);
    914 
    915   if (!bus_selinux_full_init ())
    916     {
    917       bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n");
    918     }
    919 
    920   if (!process_config_postinit (context, parser, error))
    921     {
    922       _DBUS_ASSERT_ERROR_IS_SET (error);
    923       goto failed;
    924     }
    925 
    926   if (parser != NULL)
    927     {
    928       bus_config_parser_unref (parser);
    929       parser = NULL;
    930     }
    931 
    932   /* Here we change our credentials if required,
    933    * as soon as we've set up our sockets and pidfile
    934    */
    935   if (context->user != NULL)
    936     {
    937       if (!_dbus_change_to_daemon_user (context->user, error))
    938 	{
    939 	  _DBUS_ASSERT_ERROR_IS_SET (error);
    940 	  goto failed;
    941 	}
    942 
    943 #ifdef HAVE_SELINUX
    944       /* FIXME - why not just put this in full_init() below? */
    945       bus_selinux_audit_init ();
    946 #endif
    947     }
    948 
    949   dbus_server_free_data_slot (&server_data_slot);
    950 
    951   return context;
    952 
    953  failed:
    954   if (parser != NULL)
    955     bus_config_parser_unref (parser);
    956   if (context != NULL)
    957     bus_context_unref (context);
    958 
    959   if (server_data_slot >= 0)
    960     dbus_server_free_data_slot (&server_data_slot);
    961 
    962   return NULL;
    963 }
    964 
    965 dbus_bool_t
    966 bus_context_get_id (BusContext       *context,
    967                     DBusString       *uuid)
    968 {
    969   return _dbus_uuid_encode (&context->uuid, uuid);
    970 }
    971 
    972 dbus_bool_t
    973 bus_context_reload_config (BusContext *context,
    974 			   DBusError  *error)
    975 {
    976   BusConfigParser *parser;
    977   DBusString config_file;
    978   dbus_bool_t ret;
    979 
    980   /* Flush the user database cache */
    981   _dbus_flush_caches ();
    982 
    983   ret = FALSE;
    984   _dbus_string_init_const (&config_file, context->config_file);
    985   parser = bus_config_load (&config_file, TRUE, NULL, error);
    986   if (parser == NULL)
    987     {
    988       _DBUS_ASSERT_ERROR_IS_SET (error);
    989       goto failed;
    990     }
    991 
    992   if (!process_config_every_time (context, parser, TRUE, error))
    993     {
    994       _DBUS_ASSERT_ERROR_IS_SET (error);
    995       goto failed;
    996     }
    997   if (!process_config_postinit (context, parser, error))
    998     {
    999       _DBUS_ASSERT_ERROR_IS_SET (error);
   1000       goto failed;
   1001     }
   1002   ret = TRUE;
   1003 
   1004   bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Reloaded configuration");
   1005  failed:
   1006   if (!ret)
   1007     bus_context_log (context, DBUS_SYSTEM_LOG_INFO, "Unable to reload configuration: %s", error->message);
   1008   if (parser != NULL)
   1009     bus_config_parser_unref (parser);
   1010   return ret;
   1011 }
   1012 
   1013 static void
   1014 shutdown_server (BusContext *context,
   1015                  DBusServer *server)
   1016 {
   1017   if (server == NULL ||
   1018       !dbus_server_get_is_connected (server))
   1019     return;
   1020 
   1021   if (!dbus_server_set_watch_functions (server,
   1022                                         NULL, NULL, NULL,
   1023                                         context,
   1024                                         NULL))
   1025     _dbus_assert_not_reached ("setting watch functions to NULL failed");
   1026 
   1027   if (!dbus_server_set_timeout_functions (server,
   1028                                           NULL, NULL, NULL,
   1029                                           context,
   1030                                           NULL))
   1031     _dbus_assert_not_reached ("setting timeout functions to NULL failed");
   1032 
   1033   dbus_server_disconnect (server);
   1034 }
   1035 
   1036 void
   1037 bus_context_shutdown (BusContext  *context)
   1038 {
   1039   DBusList *link;
   1040 
   1041   link = _dbus_list_get_first_link (&context->servers);
   1042   while (link != NULL)
   1043     {
   1044       shutdown_server (context, link->data);
   1045 
   1046       link = _dbus_list_get_next_link (&context->servers, link);
   1047     }
   1048 }
   1049 
   1050 BusContext *
   1051 bus_context_ref (BusContext *context)
   1052 {
   1053   _dbus_assert (context->refcount > 0);
   1054   context->refcount += 1;
   1055 
   1056   return context;
   1057 }
   1058 
   1059 void
   1060 bus_context_unref (BusContext *context)
   1061 {
   1062   _dbus_assert (context->refcount > 0);
   1063   context->refcount -= 1;
   1064 
   1065   if (context->refcount == 0)
   1066     {
   1067       DBusList *link;
   1068 
   1069       _dbus_verbose ("Finalizing bus context %p\n", context);
   1070 
   1071       bus_context_shutdown (context);
   1072 
   1073       if (context->connections)
   1074         {
   1075           bus_connections_unref (context->connections);
   1076           context->connections = NULL;
   1077         }
   1078 
   1079       if (context->registry)
   1080         {
   1081           bus_registry_unref (context->registry);
   1082           context->registry = NULL;
   1083         }
   1084 
   1085       if (context->activation)
   1086         {
   1087           bus_activation_unref (context->activation);
   1088           context->activation = NULL;
   1089         }
   1090 
   1091       link = _dbus_list_get_first_link (&context->servers);
   1092       while (link != NULL)
   1093         {
   1094           dbus_server_unref (link->data);
   1095 
   1096           link = _dbus_list_get_next_link (&context->servers, link);
   1097         }
   1098       _dbus_list_clear (&context->servers);
   1099 
   1100       if (context->policy)
   1101         {
   1102           bus_policy_unref (context->policy);
   1103           context->policy = NULL;
   1104         }
   1105 
   1106       if (context->loop)
   1107         {
   1108           _dbus_loop_unref (context->loop);
   1109           context->loop = NULL;
   1110         }
   1111 
   1112       if (context->matchmaker)
   1113         {
   1114           bus_matchmaker_unref (context->matchmaker);
   1115           context->matchmaker = NULL;
   1116         }
   1117 
   1118       dbus_free (context->config_file);
   1119       dbus_free (context->log_prefix);
   1120       dbus_free (context->type);
   1121       dbus_free (context->address);
   1122       dbus_free (context->user);
   1123       dbus_free (context->servicehelper);
   1124 
   1125 #ifdef WANT_PIDFILE
   1126       if (context->pidfile)
   1127 	{
   1128           DBusString u;
   1129           _dbus_string_init_const (&u, context->pidfile);
   1130 
   1131           /* Deliberately ignore errors here, since there's not much
   1132 	   * we can do about it, and we're exiting anyways.
   1133 	   */
   1134 	  _dbus_delete_file (&u, NULL);
   1135 
   1136           dbus_free (context->pidfile);
   1137 	}
   1138 #endif
   1139 
   1140       dbus_free (context);
   1141 
   1142       dbus_server_free_data_slot (&server_data_slot);
   1143     }
   1144 }
   1145 
   1146 /* type may be NULL */
   1147 const char*
   1148 bus_context_get_type (BusContext *context)
   1149 {
   1150   return context->type;
   1151 }
   1152 
   1153 const char*
   1154 bus_context_get_address (BusContext *context)
   1155 {
   1156   return context->address;
   1157 }
   1158 
   1159 const char*
   1160 bus_context_get_servicehelper (BusContext *context)
   1161 {
   1162   return context->servicehelper;
   1163 }
   1164 
   1165 dbus_bool_t
   1166 bus_context_get_systemd_activation (BusContext *context)
   1167 {
   1168   return context->systemd_activation;
   1169 }
   1170 
   1171 BusRegistry*
   1172 bus_context_get_registry (BusContext  *context)
   1173 {
   1174   return context->registry;
   1175 }
   1176 
   1177 BusConnections*
   1178 bus_context_get_connections (BusContext  *context)
   1179 {
   1180   return context->connections;
   1181 }
   1182 
   1183 BusActivation*
   1184 bus_context_get_activation (BusContext  *context)
   1185 {
   1186   return context->activation;
   1187 }
   1188 
   1189 BusMatchmaker*
   1190 bus_context_get_matchmaker (BusContext  *context)
   1191 {
   1192   return context->matchmaker;
   1193 }
   1194 
   1195 DBusLoop*
   1196 bus_context_get_loop (BusContext *context)
   1197 {
   1198   return context->loop;
   1199 }
   1200 
   1201 dbus_bool_t
   1202 bus_context_allow_unix_user (BusContext   *context,
   1203                              unsigned long uid)
   1204 {
   1205   return bus_policy_allow_unix_user (context->policy,
   1206                                      uid);
   1207 }
   1208 
   1209 /* For now this is never actually called because the default
   1210  * DBusConnection behavior of 'same user that owns the bus can connect'
   1211  * is all it would do.
   1212  */
   1213 dbus_bool_t
   1214 bus_context_allow_windows_user (BusContext       *context,
   1215                                 const char       *windows_sid)
   1216 {
   1217   return bus_policy_allow_windows_user (context->policy,
   1218                                         windows_sid);
   1219 }
   1220 
   1221 BusPolicy *
   1222 bus_context_get_policy (BusContext *context)
   1223 {
   1224   return context->policy;
   1225 }
   1226 
   1227 BusClientPolicy*
   1228 bus_context_create_client_policy (BusContext      *context,
   1229                                   DBusConnection  *connection,
   1230                                   DBusError       *error)
   1231 {
   1232   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
   1233   return bus_policy_create_client_policy (context->policy, connection,
   1234                                           error);
   1235 }
   1236 
   1237 int
   1238 bus_context_get_activation_timeout (BusContext *context)
   1239 {
   1240 
   1241   return context->limits.activation_timeout;
   1242 }
   1243 
   1244 int
   1245 bus_context_get_auth_timeout (BusContext *context)
   1246 {
   1247   return context->limits.auth_timeout;
   1248 }
   1249 
   1250 int
   1251 bus_context_get_max_completed_connections (BusContext *context)
   1252 {
   1253   return context->limits.max_completed_connections;
   1254 }
   1255 
   1256 int
   1257 bus_context_get_max_incomplete_connections (BusContext *context)
   1258 {
   1259   return context->limits.max_incomplete_connections;
   1260 }
   1261 
   1262 int
   1263 bus_context_get_max_connections_per_user (BusContext *context)
   1264 {
   1265   return context->limits.max_connections_per_user;
   1266 }
   1267 
   1268 int
   1269 bus_context_get_max_pending_activations (BusContext *context)
   1270 {
   1271   return context->limits.max_pending_activations;
   1272 }
   1273 
   1274 int
   1275 bus_context_get_max_services_per_connection (BusContext *context)
   1276 {
   1277   return context->limits.max_services_per_connection;
   1278 }
   1279 
   1280 int
   1281 bus_context_get_max_match_rules_per_connection (BusContext *context)
   1282 {
   1283   return context->limits.max_match_rules_per_connection;
   1284 }
   1285 
   1286 int
   1287 bus_context_get_max_replies_per_connection (BusContext *context)
   1288 {
   1289   return context->limits.max_replies_per_connection;
   1290 }
   1291 
   1292 int
   1293 bus_context_get_reply_timeout (BusContext *context)
   1294 {
   1295   return context->limits.reply_timeout;
   1296 }
   1297 
   1298 void
   1299 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...) _DBUS_GNUC_PRINTF (3, 4);
   1300 
   1301 void
   1302 bus_context_log (BusContext *context, DBusSystemLogSeverity severity, const char *msg, ...)
   1303 {
   1304   va_list args;
   1305 
   1306   if (!context->syslog)
   1307     {
   1308       /* we're not syslogging; just output to stderr */
   1309       va_start (args, msg);
   1310       vfprintf (stderr, msg, args);
   1311       fprintf (stderr, "\n");
   1312       va_end (args);
   1313       return;
   1314     }
   1315 
   1316   va_start (args, msg);
   1317 
   1318   if (context->log_prefix)
   1319     {
   1320       DBusString full_msg;
   1321 
   1322       if (!_dbus_string_init (&full_msg))
   1323         goto out;
   1324       if (!_dbus_string_append (&full_msg, context->log_prefix))
   1325         goto oom_out;
   1326       if (!_dbus_string_append_printf_valist (&full_msg, msg, args))
   1327         goto oom_out;
   1328 
   1329       _dbus_system_log (severity, "%s", _dbus_string_get_const_data (&full_msg));
   1330     oom_out:
   1331       _dbus_string_free (&full_msg);
   1332     }
   1333   else
   1334     _dbus_system_logv (severity, msg, args);
   1335 
   1336 out:
   1337   va_end (args);
   1338 }
   1339 
   1340 static inline const char *
   1341 nonnull (const char *maybe_null,
   1342          const char *if_null)
   1343 {
   1344   return (maybe_null ? maybe_null : if_null);
   1345 }
   1346 
   1347 /*
   1348  * Log something about a message, usually that it was rejected.
   1349  */
   1350 static void
   1351 complain_about_message (BusContext     *context,
   1352                         const char     *error_name,
   1353                         const char     *complaint,
   1354                         int             matched_rules,
   1355                         DBusMessage    *message,
   1356                         DBusConnection *sender,
   1357                         DBusConnection *proposed_recipient,
   1358                         dbus_bool_t     requested_reply,
   1359                         dbus_bool_t     log,
   1360                         DBusError      *error)
   1361 {
   1362   DBusError stack_error = DBUS_ERROR_INIT;
   1363   const char *sender_name;
   1364   const char *sender_loginfo;
   1365   const char *proposed_recipient_loginfo;
   1366 
   1367   if (error == NULL && !log)
   1368     return;
   1369 
   1370   if (sender != NULL)
   1371     {
   1372       sender_name = bus_connection_get_name (sender);
   1373       sender_loginfo = bus_connection_get_loginfo (sender);
   1374     }
   1375   else
   1376     {
   1377       sender_name = "(unset)";
   1378       sender_loginfo = "(bus)";
   1379     }
   1380 
   1381   if (proposed_recipient != NULL)
   1382     proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient);
   1383   else
   1384     proposed_recipient_loginfo = "bus";
   1385 
   1386   dbus_set_error (&stack_error, error_name,
   1387       "%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) "
   1388       "interface=\"%s\" member=\"%s\" error name=\"%s\" "
   1389       "requested_reply=\"%d\" destination=\"%s\" (%s)",
   1390       complaint,
   1391       matched_rules,
   1392       dbus_message_type_to_string (dbus_message_get_type (message)),
   1393       sender_name,
   1394       sender_loginfo,
   1395       nonnull (dbus_message_get_interface (message), "(unset)"),
   1396       nonnull (dbus_message_get_member (message), "(unset)"),
   1397       nonnull (dbus_message_get_error_name (message), "(unset)"),
   1398       requested_reply,
   1399       nonnull (dbus_message_get_destination (message), DBUS_SERVICE_DBUS),
   1400       proposed_recipient_loginfo);
   1401 
   1402   /* If we hit OOM while setting the error, this will syslog "out of memory"
   1403    * which is itself an indication that something is seriously wrong */
   1404   if (log)
   1405     bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY, "%s",
   1406         stack_error.message);
   1407 
   1408   dbus_move_error (&stack_error, error);
   1409 }
   1410 
   1411 /*
   1412  * addressed_recipient is the recipient specified in the message.
   1413  *
   1414  * proposed_recipient is the recipient we're considering sending
   1415  * to right this second, and may be an eavesdropper.
   1416  *
   1417  * sender is the sender of the message.
   1418  *
   1419  * NULL for proposed_recipient or sender definitely means the bus driver.
   1420  *
   1421  * NULL for addressed_recipient may mean the bus driver, or may mean
   1422  * no destination was specified in the message (e.g. a signal).
   1423  */
   1424 dbus_bool_t
   1425 bus_context_check_security_policy (BusContext     *context,
   1426                                    BusTransaction *transaction,
   1427                                    DBusConnection *sender,
   1428                                    DBusConnection *addressed_recipient,
   1429                                    DBusConnection *proposed_recipient,
   1430                                    DBusMessage    *message,
   1431                                    DBusError      *error)
   1432 {
   1433   const char *dest;
   1434   BusClientPolicy *sender_policy;
   1435   BusClientPolicy *recipient_policy;
   1436   dbus_int32_t toggles;
   1437   dbus_bool_t log;
   1438   int type;
   1439   dbus_bool_t requested_reply;
   1440 
   1441   type = dbus_message_get_type (message);
   1442   dest = dbus_message_get_destination (message);
   1443 
   1444   /* dispatch.c was supposed to ensure these invariants */
   1445   _dbus_assert (dest != NULL ||
   1446                 type == DBUS_MESSAGE_TYPE_SIGNAL ||
   1447                 (sender == NULL && !bus_connection_is_active (proposed_recipient)));
   1448   _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
   1449                 addressed_recipient != NULL ||
   1450                 strcmp (dest, DBUS_SERVICE_DBUS) == 0);
   1451 
   1452   switch (type)
   1453     {
   1454     case DBUS_MESSAGE_TYPE_METHOD_CALL:
   1455     case DBUS_MESSAGE_TYPE_SIGNAL:
   1456     case DBUS_MESSAGE_TYPE_METHOD_RETURN:
   1457     case DBUS_MESSAGE_TYPE_ERROR:
   1458       break;
   1459 
   1460     default:
   1461       _dbus_verbose ("security check disallowing message of unknown type %d\n",
   1462                      type);
   1463 
   1464       dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
   1465                       "Message bus will not accept messages of unknown type\n");
   1466 
   1467       return FALSE;
   1468     }
   1469 
   1470   requested_reply = FALSE;
   1471 
   1472   if (sender != NULL)
   1473     {
   1474       /* First verify the SELinux access controls.  If allowed then
   1475        * go on with the standard checks.
   1476        */
   1477       if (!bus_selinux_allows_send (sender, proposed_recipient,
   1478 				    dbus_message_type_to_string (dbus_message_get_type (message)),
   1479 				    dbus_message_get_interface (message),
   1480 				    dbus_message_get_member (message),
   1481 				    dbus_message_get_error_name (message),
   1482 				    dest ? dest : DBUS_SERVICE_DBUS, error))
   1483         {
   1484           if (error != NULL && !dbus_error_is_set (error))
   1485             {
   1486               /* don't syslog this, just set the error: avc_has_perm should
   1487                * have already written to either the audit log or syslog */
   1488               complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
   1489                   "An SELinux policy prevents this sender from sending this "
   1490                   "message to this recipient",
   1491                   0, message, sender, proposed_recipient, FALSE, FALSE, error);
   1492               _dbus_verbose ("SELinux security check denying send to service\n");
   1493             }
   1494 
   1495           return FALSE;
   1496         }
   1497 
   1498       if (bus_connection_is_active (sender))
   1499         {
   1500           sender_policy = bus_connection_get_policy (sender);
   1501           _dbus_assert (sender_policy != NULL);
   1502 
   1503           /* Fill in requested_reply variable with TRUE if this is a
   1504            * reply and the reply was pending.
   1505            */
   1506           if (dbus_message_get_reply_serial (message) != 0)
   1507             {
   1508               if (proposed_recipient != NULL /* not to the bus driver */ &&
   1509                   addressed_recipient == proposed_recipient /* not eavesdropping */)
   1510                 {
   1511                   DBusError error2;
   1512 
   1513                   dbus_error_init (&error2);
   1514                   requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
   1515                                                                  transaction,
   1516                                                                  sender, addressed_recipient, message,
   1517                                                                  &error2);
   1518                   if (dbus_error_is_set (&error2))
   1519                     {
   1520                       dbus_move_error (&error2, error);
   1521                       return FALSE;
   1522                     }
   1523                 }
   1524             }
   1525         }
   1526       else
   1527         {
   1528           /* Policy for inactive connections is that they can only send
   1529            * the hello message to the bus driver
   1530            */
   1531           if (proposed_recipient == NULL &&
   1532               dbus_message_is_method_call (message,
   1533                                            DBUS_INTERFACE_DBUS,
   1534                                            "Hello"))
   1535             {
   1536               _dbus_verbose ("security check allowing %s message\n",
   1537                              "Hello");
   1538               return TRUE;
   1539             }
   1540           else
   1541             {
   1542               _dbus_verbose ("security check disallowing non-%s message\n",
   1543                              "Hello");
   1544 
   1545               dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
   1546                               "Client tried to send a message other than %s without being registered",
   1547                               "Hello");
   1548 
   1549               return FALSE;
   1550             }
   1551         }
   1552     }
   1553   else
   1554     {
   1555       sender_policy = NULL;
   1556 
   1557       /* If the sender is the bus driver, we assume any reply was a
   1558        * requested reply as bus driver won't send bogus ones
   1559        */
   1560       if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
   1561           dbus_message_get_reply_serial (message) != 0)
   1562         requested_reply = TRUE;
   1563     }
   1564 
   1565   _dbus_assert ((sender != NULL && sender_policy != NULL) ||
   1566                 (sender == NULL && sender_policy == NULL));
   1567 
   1568   if (proposed_recipient != NULL)
   1569     {
   1570       /* only the bus driver can send to an inactive recipient (as it
   1571        * owns no services, so other apps can't address it). Inactive
   1572        * recipients can receive any message.
   1573        */
   1574       if (bus_connection_is_active (proposed_recipient))
   1575         {
   1576           recipient_policy = bus_connection_get_policy (proposed_recipient);
   1577           _dbus_assert (recipient_policy != NULL);
   1578         }
   1579       else if (sender == NULL)
   1580         {
   1581           _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
   1582           recipient_policy = NULL;
   1583         }
   1584       else
   1585         {
   1586           _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
   1587           recipient_policy = NULL;
   1588         }
   1589     }
   1590   else
   1591     recipient_policy = NULL;
   1592 
   1593   _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
   1594                 (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
   1595                 (proposed_recipient == NULL && recipient_policy == NULL));
   1596 
   1597   log = FALSE;
   1598   if (sender_policy &&
   1599       !bus_client_policy_check_can_send (sender_policy,
   1600                                          context->registry,
   1601                                          requested_reply,
   1602                                          proposed_recipient,
   1603                                          message, &toggles, &log))
   1604     {
   1605       complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
   1606           "Rejected send message", toggles,
   1607           message, sender, proposed_recipient, requested_reply,
   1608           (addressed_recipient == proposed_recipient), error);
   1609       _dbus_verbose ("security policy disallowing message due to sender policy\n");
   1610       return FALSE;
   1611     }
   1612 
   1613   if (log)
   1614     {
   1615       /* We want to drop this message, and are only not doing so for backwards
   1616        * compatibility. */
   1617       complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
   1618           "Would reject message", toggles,
   1619           message, sender, proposed_recipient, requested_reply,
   1620           TRUE, NULL);
   1621     }
   1622 
   1623   if (recipient_policy &&
   1624       !bus_client_policy_check_can_receive (recipient_policy,
   1625                                             context->registry,
   1626                                             requested_reply,
   1627                                             sender,
   1628                                             addressed_recipient, proposed_recipient,
   1629                                             message, &toggles))
   1630     {
   1631       complain_about_message (context, DBUS_ERROR_ACCESS_DENIED,
   1632           "Rejected receive message", toggles,
   1633           message, sender, proposed_recipient, requested_reply,
   1634           (addressed_recipient == proposed_recipient), NULL);
   1635       _dbus_verbose ("security policy disallowing message due to recipient policy\n");
   1636       return FALSE;
   1637     }
   1638 
   1639   /* See if limits on size have been exceeded */
   1640   if (proposed_recipient &&
   1641       ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) ||
   1642        (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds)))
   1643     {
   1644       complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED,
   1645           "Rejected: destination has a full message queue",
   1646           0, message, sender, proposed_recipient, requested_reply, TRUE,
   1647           error);
   1648       _dbus_verbose ("security policy disallowing message due to full message queue\n");
   1649       return FALSE;
   1650     }
   1651 
   1652   /* Record that we will allow a reply here in the future (don't
   1653    * bother if the recipient is the bus or this is an eavesdropping
   1654    * connection). Only the addressed recipient may reply.
   1655    */
   1656   if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
   1657       sender &&
   1658       addressed_recipient &&
   1659       addressed_recipient == proposed_recipient && /* not eavesdropping */
   1660       !bus_connections_expect_reply (bus_connection_get_connections (sender),
   1661                                      transaction,
   1662                                      sender, addressed_recipient,
   1663                                      message, error))
   1664     {
   1665       _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
   1666       return FALSE;
   1667     }
   1668 
   1669   _dbus_verbose ("security policy allowing message\n");
   1670   return TRUE;
   1671 }
   1672