bus.c 38.2 KB
Newer Older
1
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 3
/* bus.c  message bus context object
 *
4
 * Copyright (C) 2003, 2004 Red Hat, Inc.
5
 *
6
 * Licensed under the Academic Free License version 2.1
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 */

#include "bus.h"
#include "activation.h"
#include "connection.h"
#include "services.h"
#include "utils.h"
29
#include "policy.h"
30
#include "config-parser.h"
31
#include "signals.h"
32
#include "selinux.h"
33
#include "dir-watch.h"
34 35
#include <dbus/dbus-list.h>
#include <dbus/dbus-hash.h>
36 37 38 39 40
#include <dbus/dbus-internals.h>

struct BusContext
{
  int refcount;
41
  DBusGUID uuid;
42
  char *config_file;
43
  char *type;
44
  char *servicehelper;
45
  char *address;
46
  char *pidfile;
47
  char *user;
48
  DBusLoop *loop;
49
  DBusList *servers;
50 51 52
  BusConnections *connections;
  BusActivation *activation;
  BusRegistry *registry;
53
  BusPolicy *policy;
54
  BusMatchmaker *matchmaker;
55
  BusLimits limits;
56
  unsigned int fork : 1;
57 58
};

59
static dbus_int32_t server_data_slot = -1;
60 61 62 63 64 65 66 67 68 69 70 71 72 73

typedef struct
{
  BusContext *context;
} BusServerData;

#define BUS_SERVER_DATA(server) (dbus_server_get_data ((server), server_data_slot))

static BusContext*
server_get_context (DBusServer *server)
{
  BusContext *context;
  BusServerData *bd;
  
74
  if (!dbus_server_allocate_data_slot (&server_data_slot))
75 76 77 78
    return NULL;

  bd = BUS_SERVER_DATA (server);
  if (bd == NULL)
79
    {
80
      dbus_server_free_data_slot (&server_data_slot);
81 82
      return NULL;
    }
83 84 85

  context = bd->context;

86
  dbus_server_free_data_slot (&server_data_slot);
87 88 89 90

  return context;
}

91
static dbus_bool_t
92 93 94 95
server_watch_callback (DBusWatch     *watch,
                       unsigned int   condition,
                       void          *data)
{
96 97 98 99 100 101
  /* FIXME this can be done in dbus-mainloop.c
   * if the code in activation.c for the babysitter
   * watch handler is fixed.
   */
  
  return dbus_watch_handle (watch, condition);
102 103
}

104
static dbus_bool_t
105
add_server_watch (DBusWatch  *watch,
106
                  void       *data)
107
{
108 109 110 111 112
  DBusServer *server = data;
  BusContext *context;
  
  context = server_get_context (server);
  
113 114 115
  return _dbus_loop_add_watch (context->loop,
                               watch, server_watch_callback, server,
                               NULL);
116 117 118 119
}

static void
remove_server_watch (DBusWatch  *watch,
120
                     void       *data)
121
{
122 123 124 125 126
  DBusServer *server = data;
  BusContext *context;
  
  context = server_get_context (server);
  
127 128
  _dbus_loop_remove_watch (context->loop,
                           watch, server_watch_callback, server);
129 130
}

131

132 133 134 135
static void
server_timeout_callback (DBusTimeout   *timeout,
                         void          *data)
{
136
  /* can return FALSE on OOM but we just let it fire again later */
137 138 139 140 141
  dbus_timeout_handle (timeout);
}

static dbus_bool_t
add_server_timeout (DBusTimeout *timeout,
142
                    void        *data)
143
{
144 145 146 147 148
  DBusServer *server = data;
  BusContext *context;
  
  context = server_get_context (server);

149 150
  return _dbus_loop_add_timeout (context->loop,
                                 timeout, server_timeout_callback, server, NULL);
151 152 153 154
}

static void
remove_server_timeout (DBusTimeout *timeout,
155
                       void        *data)
156
{
157 158 159 160 161
  DBusServer *server = data;
  BusContext *context;
  
  context = server_get_context (server);
  
162 163
  _dbus_loop_remove_timeout (context->loop,
                             timeout, server_timeout_callback, server);
164 165
}

166 167 168 169 170 171 172 173
static void
new_connection_callback (DBusServer     *server,
                         DBusConnection *new_connection,
                         void           *data)
{
  BusContext *context = data;
  
  if (!bus_connections_setup_connection (context->connections, new_connection))
174 175
    {
      _dbus_verbose ("No memory to setup new connection\n");
176

177 178 179 180 181
      /* if we don't do this, it will get unref'd without
       * being disconnected... kind of strange really
       * that we have to do this, people won't get it right
       * in general.
       */
182
      dbus_connection_close (new_connection);
183
    }
184 185

  dbus_connection_set_max_received_size (new_connection,
186
                                         context->limits.max_incoming_bytes);
187 188

  dbus_connection_set_max_message_size (new_connection,
189
                                        context->limits.max_message_size);
190
  
191
  /* on OOM, we won't have ref'd the connection so it will die. */
192 193
}

194 195 196 197 198 199 200 201
static void
free_server_data (void *data)
{
  BusServerData *bd = data;  
  
  dbus_free (bd);
}

202 203 204
static dbus_bool_t
setup_server (BusContext *context,
              DBusServer *server,
205
              char      **auth_mechanisms,
206
              DBusError  *error)
207
{
208
  BusServerData *bd;
209 210 211 212 213 214 215 216 217 218 219 220

  bd = dbus_new0 (BusServerData, 1);
  if (!dbus_server_set_data (server,
                             server_data_slot,
                             bd, free_server_data))
    {
      dbus_free (bd);
      BUS_SET_OOM (error);
      return FALSE;
    }

  bd->context = context;
221
  
222 223 224 225 226 227
  if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
    {
      BUS_SET_OOM (error);
      return FALSE;
    }
  
228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251
  dbus_server_set_new_connection_function (server,
                                           new_connection_callback,
                                           context, NULL);
  
  if (!dbus_server_set_watch_functions (server,
                                        add_server_watch,
                                        remove_server_watch,
                                        NULL,
                                        server,
                                        NULL))
    {
      BUS_SET_OOM (error);
      return FALSE;
    }

  if (!dbus_server_set_timeout_functions (server,
                                          add_server_timeout,
                                          remove_server_timeout,
                                          NULL,
                                          server, NULL))
    {
      BUS_SET_OOM (error);
      return FALSE;
    }
252
  
253 254 255
  return TRUE;
}

256
/* This code only gets executed the first time the
257 258 259
 * config files are parsed.  It is not executed
 * when config files are reloaded.
 */
260 261 262 263
static dbus_bool_t
process_config_first_time_only (BusContext      *context,
				BusConfigParser *parser,
				DBusError       *error)
264
{
265 266
  DBusList *link;
  DBusList **addresses;
267
  const char *user, *pidfile;
268 269 270
  char **auth_mechanisms;
  DBusList **auth_mechanisms_list;
  int len;
271
  dbus_bool_t retval;
272

273
  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
274

275
  retval = FALSE;
276
  auth_mechanisms = NULL;
277 278 279 280 281 282 283 284 285 286 287 288 289 290

  /* Check for an existing pid file. Of course this is a race;
   * we'd have to use fcntl() locks on the pid file to
   * avoid that. But we want to check for the pid file
   * before overwriting any existing sockets, etc.
   */
  pidfile = bus_config_parser_get_pidfile (parser);
  if (pidfile != NULL)
    {
      DBusString u;
      DBusStat stbuf;
      
      _dbus_string_init_const (&u, pidfile);
      
291
      if (_dbus_stat (&u, &stbuf, NULL))
292 293 294 295 296 297 298
	{
	  dbus_set_error (error, DBUS_ERROR_FAILED,
			  "The pid file \"%s\" exists, if the message bus is not running, remove this file",
			  pidfile);
	  goto failed;
	}
    }
299
  
300 301
  /* keep around the pid filename so we can delete it later */
  context->pidfile = _dbus_strdup (pidfile);
302 303 304 305 306 307 308 309 310 311 312 313

  /* Build an array of auth mechanisms */
  
  auth_mechanisms_list = bus_config_parser_get_mechanisms (parser);
  len = _dbus_list_get_length (auth_mechanisms_list);

  if (len > 0)
    {
      int i;

      auth_mechanisms = dbus_new0 (char*, len + 1);
      if (auth_mechanisms == NULL)
314 315 316 317
	{
	  BUS_SET_OOM (error);
	  goto failed;
	}
318 319 320 321 322 323 324
      
      i = 0;
      link = _dbus_list_get_first_link (auth_mechanisms_list);
      while (link != NULL)
        {
          auth_mechanisms[i] = _dbus_strdup (link->data);
          if (auth_mechanisms[i] == NULL)
325 326 327 328
	    {
	      BUS_SET_OOM (error);
	      goto failed;
	    }
329 330 331 332 333 334 335 336 337
          link = _dbus_list_get_next_link (auth_mechanisms_list, link);
        }
    }
  else
    {
      auth_mechanisms = NULL;
    }

  /* Listen on our addresses */
338 339 340 341 342 343 344 345 346 347
  
  addresses = bus_config_parser_get_addresses (parser);  
  
  link = _dbus_list_get_first_link (addresses);
  while (link != NULL)
    {
      DBusServer *server;
      
      server = dbus_server_listen (link->data, error);
      if (server == NULL)
348 349 350 351
	{
	  _DBUS_ASSERT_ERROR_IS_SET (error);
	  goto failed;
	}
352
      else if (!setup_server (context, server, auth_mechanisms, error))
353 354 355 356
	{
	  _DBUS_ASSERT_ERROR_IS_SET (error);
	  goto failed;
	}
357 358 359 360 361 362 363 364 365 366

      if (!_dbus_list_append (&context->servers, server))
        {
          BUS_SET_OOM (error);
          goto failed;
        }          
      
      link = _dbus_list_get_next_link (addresses, link);
    }

367 368
  /* note that type may be NULL */
  context->type = _dbus_strdup (bus_config_parser_get_type (parser));
369 370 371 372 373
  if (bus_config_parser_get_type (parser) != NULL && context->type == NULL)
    {
      BUS_SET_OOM (error);
      goto failed;
    }
374 375 376 377 378 379 380 381 382 383 384 385 386

  user = bus_config_parser_get_user (parser);
  if (user != NULL)
    {
      context->user = _dbus_strdup (user);
      if (context->user == NULL)
	{
	  BUS_SET_OOM (error);
	  goto failed;
	}
    }

  context->fork = bus_config_parser_get_fork (parser);
387
  
388 389 390 391 392 393 394 395 396
  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
  retval = TRUE;

 failed:
  dbus_free_string_array (auth_mechanisms);
  return retval;
}

/* This code gets executed every time the config files
397 398 399 400 401
 * are parsed: both during BusContext construction
 * and on reloads. This function is slightly screwy
 * since it can do a "half reload" in out-of-memory
 * situations. Realistically, unlikely to ever matter.
 */
402 403 404 405 406 407 408 409
static dbus_bool_t
process_config_every_time (BusContext      *context,
			   BusConfigParser *parser,
			   dbus_bool_t      is_reload,
			   DBusError       *error)
{
  DBusString full_address;
  DBusList *link;
410
  DBusList **dirs;
411
  BusActivation *new_activation;
412
  char *addr;
413 414 415
  const char *servicehelper;
  char *s;
  
416 417 418 419
  dbus_bool_t retval;

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

420
  addr = NULL;
421 422 423 424 425 426 427 428 429 430 431 432 433 434
  retval = FALSE;

  if (!_dbus_string_init (&full_address))
    {
      BUS_SET_OOM (error);
      return FALSE;
    }

  /* get our limits and timeout lengths */
  bus_config_parser_get_limits (parser, &context->limits);

  context->policy = bus_config_parser_steal_policy (parser);
  _dbus_assert (context->policy != NULL);

435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
  /* We have to build the address backward, so that
   * <listen> later in the config file have priority
   */
  link = _dbus_list_get_last_link (&context->servers);
  while (link != NULL)
    {
      addr = dbus_server_get_address (link->data);
      if (addr == NULL)
        {
          BUS_SET_OOM (error);
          goto failed;
        }

      if (_dbus_string_get_length (&full_address) > 0)
        {
          if (!_dbus_string_append (&full_address, ";"))
            {
              BUS_SET_OOM (error);
              goto failed;
            }
        }
456

457 458 459 460 461 462 463
      if (!_dbus_string_append (&full_address, addr))
        {
          BUS_SET_OOM (error);
          goto failed;
        }

      dbus_free (addr);
464
      addr = NULL;
465 466 467 468

      link = _dbus_list_get_prev_link (&context->servers, link);
    }

469 470 471
  if (is_reload)
    dbus_free (context->address);

472
  if (!_dbus_string_copy_data (&full_address, &context->address))
473 474 475 476
    {
      BUS_SET_OOM (error);
      goto failed;
    }
477

478 479 480
  /* get the service directories */
  dirs = bus_config_parser_get_service_dirs (parser);

481 482 483 484 485 486 487 488 489 490 491 492 493 494 495
  /* and the service helper */
  servicehelper = bus_config_parser_get_servicehelper (parser);

  s = _dbus_strdup(servicehelper);
  if (s == NULL && servicehelper != NULL)
    {
      BUS_SET_OOM (error);
      goto failed;
    }
  else
    {
      dbus_free(context->servicehelper);
      context->servicehelper = s;
    }
  
496
  /* Create activation subsystem */
497
  new_activation = bus_activation_new (context, &full_address,
498
                                       dirs, error);
499
  if (new_activation == NULL)
500 501 502 503 504
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      goto failed;
    }

505 506 507 508 509
  if (is_reload)
    bus_activation_unref (context->activation);

  context->activation = new_activation;

510
  /* Drop existing conf-dir watches (if applicable) */
511 512 513 514

  if (is_reload)
    bus_drop_all_directory_watches ();

515 516 517 518 519
  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
  retval = TRUE;

 failed:
  _dbus_string_free (&full_address);
520 521
  
  if (addr)
John Palmieri's avatar
John Palmieri committed
522
    dbus_free (addr);
523

524 525 526 527
  return retval;
}

static dbus_bool_t
528
process_config_postinit (BusContext      *context,
529
			 BusConfigParser *parser,
530
			 DBusError       *error)
531
{
532
  DBusHashTable *service_context_table;
533

534 535 536
  service_context_table = bus_config_parser_steal_service_context_table (parser);
  if (!bus_registry_set_service_context_table (context->registry,
					       service_context_table))
537
    {
538 539
      BUS_SET_OOM (error);
      return FALSE;
540 541
    }

542
  _dbus_hash_table_unref (service_context_table);
543 544 545 546

  /* Watch all conf directories */
  _dbus_list_foreach (bus_config_parser_get_conf_dirs (parser),
		      (DBusForeachFunction) bus_watch_directory,
547
		      context);
548

549
  return TRUE;
550 551 552 553
}

BusContext*
bus_context_new (const DBusString *config_file,
554
                 ForceForkSetting  force_fork,
555 556
                 DBusPipe         *print_addr_pipe,
                 DBusPipe         *print_pid_pipe,
557 558 559
                 DBusError        *error)
{
  BusContext *context;
560
  BusConfigParser *parser;
John Palmieri's avatar
John Palmieri committed
561

562 563
  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

564 565 566
  context = NULL;
  parser = NULL;

567 568 569 570 571 572 573 574 575 576 577 578 579 580
  if (!dbus_server_allocate_data_slot (&server_data_slot))
    {
      BUS_SET_OOM (error);
      return NULL;
    }

  context = dbus_new0 (BusContext, 1);
  if (context == NULL)
    {
      BUS_SET_OOM (error);
      goto failed;
    }
  context->refcount = 1;

581 582
  _dbus_generate_uuid (&context->uuid);
  
583 584 585 586 587 588 589 590 591 592 593 594 595
  if (!_dbus_string_copy_data (config_file, &context->config_file))
    {
      BUS_SET_OOM (error);
      goto failed;
    }

  context->loop = _dbus_loop_new ();
  if (context->loop == NULL)
    {
      BUS_SET_OOM (error);
      goto failed;
    }

596 597 598 599 600 601
  context->registry = bus_registry_new (context);
  if (context->registry == NULL)
    {
      BUS_SET_OOM (error);
      goto failed;
    }
602 603 604 605 606 607 608

  parser = bus_config_load (config_file, TRUE, NULL, error);
  if (parser == NULL)
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      goto failed;
    }
609
  
610 611 612 613 614 615
  if (!process_config_first_time_only (context, parser, error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      goto failed;
    }
  if (!process_config_every_time (context, parser, FALSE, error))
616 617 618 619 620 621 622 623 624 625 626
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      goto failed;
    }
  
  /* we need another ref of the server data slot for the context
   * to own
   */
  if (!dbus_server_allocate_data_slot (&server_data_slot))
    _dbus_assert_not_reached ("second ref of server data slot failed");

627
  /* Note that we don't know whether the print_addr_pipe is
628 629 630 631
   * one of the sockets we're using to listen on, or some
   * other random thing. But I think the answer is "don't do
   * that then"
   */
632
  if (print_addr_pipe != NULL && _dbus_pipe_is_valid (print_addr_pipe))
633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653
    {
      DBusString addr;
      const char *a = bus_context_get_address (context);
      int bytes;
      
      _dbus_assert (a != NULL);
      if (!_dbus_string_init (&addr))
        {
          BUS_SET_OOM (error);
          goto failed;
        }
      
      if (!_dbus_string_append (&addr, a) ||
          !_dbus_string_append (&addr, "\n"))
        {
          _dbus_string_free (&addr);
          BUS_SET_OOM (error);
          goto failed;
        }

      bytes = _dbus_string_get_length (&addr);
654
      if (_dbus_pipe_write (print_addr_pipe, &addr, 0, bytes, error) != bytes)
655
        {
656 657 658 659 660 661
          /* pipe write returns an error on failure but not short write */
          if (error != NULL && !dbus_error_is_set (error))
            {
              dbus_set_error (error, DBUS_ERROR_FAILED,
                              "Printing message bus address: did not write all bytes\n");
            }
662 663 664 665
          _dbus_string_free (&addr);
          goto failed;
        }

666 667
      if (!_dbus_pipe_is_stdout_or_stderr (print_addr_pipe))
        _dbus_pipe_close (print_addr_pipe, NULL);
668
      
669 670 671
      _dbus_string_free (&addr);
    }
  
672 673 674 675 676 677 678
  context->connections = bus_connections_new (context);
  if (context->connections == NULL)
    {
      BUS_SET_OOM (error);
      goto failed;
    }

679 680 681 682 683 684
  context->matchmaker = bus_matchmaker_new ();
  if (context->matchmaker == NULL)
    {
      BUS_SET_OOM (error);
      goto failed;
    }
John Palmieri's avatar
John Palmieri committed
685 686 687 688

  /* check user before we fork */
  if (context->user != NULL)
    {
689
      if (!_dbus_verify_daemon_user (context->user))
John Palmieri's avatar
John Palmieri committed
690 691 692 693 694 695 696 697
        {
          dbus_set_error (error, DBUS_ERROR_FAILED,
                          "Could not get UID and GID for username \"%s\"",
                          context->user);
          goto failed;
        }
    }

698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739
  /* Now become a daemon if appropriate and write out pid file in any case */
  {
    DBusString u;

    if (context->pidfile)
      _dbus_string_init_const (&u, context->pidfile);

    if ((force_fork != FORK_NEVER && context->fork) || force_fork == FORK_ALWAYS)
      {
        _dbus_verbose ("Forking and becoming daemon\n");
        
        if (!_dbus_become_daemon (context->pidfile ? &u : NULL, 
                                  print_pid_pipe,
                                  error))
          {
            _DBUS_ASSERT_ERROR_IS_SET (error);
            goto failed;
          }
      }
    else
      {
        _dbus_verbose ("Fork not requested\n");
        
        /* Need to write PID file and to PID pipe for ourselves,
         * not for the child process. This is a no-op if the pidfile
         * is NULL and print_pid_pipe is NULL.
         */
        if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL,
                                               print_pid_pipe,
                                               _dbus_getpid (),
                                               error))
          {
            _DBUS_ASSERT_ERROR_IS_SET (error);
            goto failed;
          }
      }
  }

  if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
      !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
    _dbus_pipe_close (print_pid_pipe, NULL);
  
740 741 742 743 744
  if (!process_config_postinit (context, parser, error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      goto failed;
    }
745

746
  if (parser != NULL)
747 748 749 750
    {
      bus_config_parser_unref (parser);
      parser = NULL;
    }
751
  
752 753 754
  /* Here we change our credentials if required,
   * as soon as we've set up our sockets and pidfile
   */
755
  if (context->user != NULL)
756
    {
757
      if (!_dbus_change_to_daemon_user (context->user, error))
758 759 760 761
	{
	  _DBUS_ASSERT_ERROR_IS_SET (error);
	  goto failed;
	}
762 763

#ifdef HAVE_SELINUX
764 765
      /* FIXME - why not just put this in full_init() below? */
      bus_selinux_audit_init ();
766
#endif
767
    }
768 769 770 771 772

  if (!bus_selinux_full_init ())
    {
      _dbus_warn ("SELinux initialization failed\n");
    }
773
  
774
  dbus_server_free_data_slot (&server_data_slot);
775 776 777
  
  return context;
  
778
 failed:  
779 780
  if (parser != NULL)
    bus_config_parser_unref (parser);
781 782 783
  if (context != NULL)
    bus_context_unref (context);

784 785
  if (server_data_slot >= 0)
    dbus_server_free_data_slot (&server_data_slot);
786
  
787 788 789
  return NULL;
}

790 791 792 793 794 795 796
dbus_bool_t
bus_context_get_id (BusContext       *context,
                    DBusString       *uuid)
{
  return _dbus_uuid_encode (&context->uuid, uuid);
}

797 798 799 800
dbus_bool_t
bus_context_reload_config (BusContext *context,
			   DBusError  *error)
{
801 802 803 804
  BusConfigParser *parser;
  DBusString config_file;
  dbus_bool_t ret;

805
  /* Flush the user database cache */
806
  _dbus_flush_caches ();
807

808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832
  ret = FALSE;
  _dbus_string_init_const (&config_file, context->config_file);
  parser = bus_config_load (&config_file, TRUE, NULL, error);
  if (parser == NULL)
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      goto failed;
    }
  
  if (!process_config_every_time (context, parser, TRUE, error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      goto failed;
    }
  if (!process_config_postinit (context, parser, error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      goto failed;
    }
  ret = TRUE;

 failed:  
  if (parser != NULL)
    bus_config_parser_unref (parser);
  return ret;
833 834
}

835 836 837
static void
shutdown_server (BusContext *context,
                 DBusServer *server)
838
{
839 840
  if (server == NULL ||
      !dbus_server_get_is_connected (server))
841 842
    return;
  
843
  if (!dbus_server_set_watch_functions (server,
844
                                        NULL, NULL, NULL,
845 846 847 848
                                        context,
                                        NULL))
    _dbus_assert_not_reached ("setting watch functions to NULL failed");
  
849
  if (!dbus_server_set_timeout_functions (server,
850
                                          NULL, NULL, NULL,
851 852 853 854
                                          context,
                                          NULL))
    _dbus_assert_not_reached ("setting timeout functions to NULL failed");
  
855 856 857 858 859 860 861 862 863 864 865 866 867 868 869
  dbus_server_disconnect (server);
}

void
bus_context_shutdown (BusContext  *context)
{
  DBusList *link;

  link = _dbus_list_get_first_link (&context->servers);
  while (link != NULL)
    {
      shutdown_server (context, link->data);

      link = _dbus_list_get_next_link (&context->servers, link);
    }
870 871
}

872
BusContext *
873 874 875 876
bus_context_ref (BusContext *context)
{
  _dbus_assert (context->refcount > 0);
  context->refcount += 1;
877 878

  return context;
879 880 881 882 883 884 885 886 887 888
}

void
bus_context_unref (BusContext *context)
{
  _dbus_assert (context->refcount > 0);
  context->refcount -= 1;

  if (context->refcount == 0)
    {
889 890
      DBusList *link;
      
891 892
      _dbus_verbose ("Finalizing bus context %p\n", context);
      
893
      bus_context_shutdown (context);
894 895 896 897 898 899

      if (context->connections)
        {
          bus_connections_unref (context->connections);
          context->connections = NULL;
        }
900
      
901
      if (context->registry)
902 903 904 905 906
        {
          bus_registry_unref (context->registry);
          context->registry = NULL;
        }
      
907
      if (context->activation)
908 909 910 911
        {
          bus_activation_unref (context->activation);
          context->activation = NULL;
        }
912 913 914

      link = _dbus_list_get_first_link (&context->servers);
      while (link != NULL)
915
        {
916 917 918
          dbus_server_unref (link->data);
          
          link = _dbus_list_get_next_link (&context->servers, link);
919
        }
920
      _dbus_list_clear (&context->servers);
921

922
      if (context->policy)
923
        {
924 925
          bus_policy_unref (context->policy);
          context->policy = NULL;
926
        }
927
      
928 929
      if (context->loop)
        {
930
          _dbus_loop_unref (context->loop);
931 932
          context->loop = NULL;
        }
933 934 935 936 937 938

      if (context->matchmaker)
        {
          bus_matchmaker_unref (context->matchmaker);
          context->matchmaker = NULL;
        }
939
      
940
      dbus_free (context->config_file);
941
      dbus_free (context->type);
942
      dbus_free (context->address);
943
      dbus_free (context->user);
944
      dbus_free (context->servicehelper);
945 946 947 948 949 950 951 952 953 954 955 956 957

      if (context->pidfile)
	{
          DBusString u;
          _dbus_string_init_const (&u, context->pidfile);

          /* Deliberately ignore errors here, since there's not much
	   * we can do about it, and we're exiting anyways.
	   */
	  _dbus_delete_file (&u, NULL);

          dbus_free (context->pidfile); 
	}
958
      dbus_free (context);
959

960
      dbus_server_free_data_slot (&server_data_slot);
961 962 963
    }
}

964 965 966 967 968 969 970
/* type may be NULL */
const char*
bus_context_get_type (BusContext *context)
{
  return context->type;
}

971 972 973 974 975 976
const char*
bus_context_get_address (BusContext *context)
{
  return context->address;
}

977 978 979 980 981 982
const char*
bus_context_get_servicehelper (BusContext *context)
{
  return context->servicehelper;
}

983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999
BusRegistry*
bus_context_get_registry (BusContext  *context)
{
  return context->registry;
}

BusConnections*
bus_context_get_connections (BusContext  *context)
{
  return context->connections;
}

BusActivation*
bus_context_get_activation (BusContext  *context)
{
  return context->activation;
}
1000

1001 1002 1003 1004 1005 1006
BusMatchmaker*
bus_context_get_matchmaker (BusContext  *context)
{
  return context->matchmaker;
}

1007
DBusLoop*
1008 1009 1010 1011 1012
bus_context_get_loop (BusContext *context)
{
  return context->loop;
}

1013
dbus_bool_t
1014 1015
bus_context_allow_unix_user (BusContext   *context,
                             unsigned long uid)
1016
{
1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030
  return bus_policy_allow_unix_user (context->policy,
                                     uid);
}

/* For now this is never actually called because the default
 * DBusConnection behavior of 'same user that owns the bus can connect'
 * is all it would do.
 */
dbus_bool_t
bus_context_allow_windows_user (BusContext       *context,
                                const char       *windows_sid)
{
  return bus_policy_allow_windows_user (context->policy,
                                        windows_sid);
1031 1032
}

1033 1034 1035 1036 1037 1038
BusPolicy *
bus_context_get_policy (BusContext *context)
{
  return context->policy;
}

1039 1040
BusClientPolicy*
bus_context_create_client_policy (BusContext      *context,
1041 1042
                                  DBusConnection  *connection,
                                  DBusError       *error)
1043
{
1044 1045 1046
  _DBUS_ASSERT_ERROR_IS_CLEAR (error);
  return bus_policy_create_client_policy (context->policy, connection,
                                          error);
1047
}
1048 1049 1050 1051 1052

int
bus_context_get_activation_timeout (BusContext *context)
{
  
1053
  return context->limits.activation_timeout;
1054
}
1055

1056 1057 1058
int
bus_context_get_auth_timeout (BusContext *context)
{
1059
  return context->limits.auth_timeout;
1060 1061 1062 1063 1064
}

int
bus_context_get_max_completed_connections (BusContext *context)
{
1065
  return context->limits.max_completed_connections;
1066 1067 1068 1069 1070
}

int
bus_context_get_max_incomplete_connections (BusContext *context)
{
1071
  return context->limits.max_incomplete_connections;
1072 1073 1074 1075 1076
}

int
bus_context_get_max_connections_per_user (BusContext *context)
{
1077
  return context->limits.max_connections_per_user;
1078 1079
}

1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091
int
bus_context_get_max_pending_activations (BusContext *context)
{
  return context->limits.max_pending_activations;
}

int
bus_context_get_max_services_per_connection (BusContext *context)
{
  return context->limits.max_services_per_connection;
}

1092 1093 1094 1095 1096 1097
int
bus_context_get_max_match_rules_per_connection (BusContext *context)
{
  return context->limits.max_match_rules_per_connection;
}

1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109
int
bus_context_get_max_replies_per_connection (BusContext *context)
{
  return context->limits.max_replies_per_connection;
}

int
bus_context_get_reply_timeout (BusContext *context)
{
  return context->limits.reply_timeout;
}

1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122
/*
 * addressed_recipient is the recipient specified in the message.
 *
 * proposed_recipient is the recipient we're considering sending
 * to right this second, and may be an eavesdropper.
 *
 * sender is the sender of the message.
 *
 * NULL for proposed_recipient or sender definitely means the bus driver.
 *
 * NULL for addressed_recipient may mean the bus driver, or may mean
 * no destination was specified in the message (e.g. a signal).
 */
1123 1124
dbus_bool_t
bus_context_check_security_policy (BusContext     *context,
1125
                                   BusTransaction *transaction,
1126
                                   DBusConnection *sender,
1127 1128
                                   DBusConnection *addressed_recipient,
                                   DBusConnection *proposed_recipient,
1129 1130 1131 1132 1133
                                   DBusMessage    *message,
                                   DBusError      *error)
{
  BusClientPolicy *sender_policy;
  BusClientPolicy *recipient_policy;
1134
  int type;
1135
  dbus_bool_t requested_reply;
1136 1137 1138 1139 1140
  
  type = dbus_message_get_type (message);
  
  /* dispatch.c was supposed to ensure these invariants */
  _dbus_assert (dbus_message_get_destination (message) != NULL ||
1141 1142
                type == DBUS_MESSAGE_TYPE_SIGNAL ||
                (sender == NULL && !bus_connection_is_active (proposed_recipient)));
1143 1144
  _dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
                addressed_recipient != NULL ||
1145
                strcmp (dbus_message_get_destination (message), DBUS_SERVICE_DBUS) == 0);
1146
  
1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166
  switch (type)
    {
    case DBUS_MESSAGE_TYPE_METHOD_CALL:
    case DBUS_MESSAGE_TYPE_SIGNAL:
    case DBUS_MESSAGE_TYPE_METHOD_RETURN:
    case DBUS_MESSAGE_TYPE_ERROR:
      break;
      
    default:
      _dbus_verbose ("security check disallowing message of unknown type %d\n",
                     type);

      dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
                      "Message bus will not accept messages of unknown type\n");
              
      return FALSE;
    }

  requested_reply = FALSE;
  
1167 1168
  if (sender != NULL)
    {
1169 1170 1171 1172
      const char *dest;

      dest = dbus_message_get_destination (message);
	
1173 1174 1175
      /* First verify the SELinux access controls.  If allowed then
       * go on with the standard checks.
       */
1176 1177 1178 1179 1180
      if (!bus_selinux_allows_send (sender, proposed_recipient,
				    dbus_message_type_to_string (dbus_message_get_type (message)),
				    dbus_message_get_interface (message),
				    dbus_message_get_member (message),
				    dbus_message_get_error_name (message),
1181
				    dest ? dest : DBUS_SERVICE_DBUS, error))
1182
        {
1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198
          if (error != NULL && !dbus_error_is_set (error))
            {
              dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
                              "An SELinux policy prevents this sender "
                              "from sending this message to this recipient "
                              "(rejected message had interface \"%s\" "
                              "member \"%s\" error name \"%s\" destination \"%s\")",
                              dbus_message_get_interface (message) ?
                              dbus_message_get_interface (message) : "(unset)",
                              dbus_message_get_member (message) ?
                              dbus_message_get_member (message) : "(unset)",
                              dbus_message_get_error_name (message) ?
                              dbus_message_get_error_name (message) : "(unset)",
                              dest ? dest : DBUS_SERVICE_DBUS);
              _dbus_verbose ("SELinux security check denying send to service\n");
            }
1199

1200 1201 1202
          return FALSE;
        }
       
1203
      if (bus_connection_is_active (sender))
1204
        {
1205 1206
          sender_policy = bus_connection_get_policy (sender);
          _dbus_assert (sender_policy != NULL);
1207 1208 1209 1210 1211
          
          /* Fill in requested_reply variable with TRUE if this is a
           * reply and the reply was pending.
           */
          if (dbus_message_get_reply_serial (message) != 0)
1212 1213
            {
              if (proposed_recipient != NULL /* not to the bus driver */ &&
1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228
                  addressed_recipient == proposed_recipient /* not eavesdropping */)
                {
                  DBusError error2;                  
                  
                  dbus_error_init (&error2);
                  requested_reply = bus_connections_check_reply (bus_connection_get_connections (sender),
                                                                 transaction,
                                                                 sender, addressed_recipient, message,
                                                                 &error2);
                  if (dbus_error_is_set (&error2))
                    {
                      dbus_move_error (&error2, error);
                      return FALSE;
                    }
                }
1229
            }
1230 1231 1232 1233 1234 1235
        }
      else
        {
          /* Policy for inactive connections is that they can only send
           * the hello message to the bus driver
           */
1236
          if (proposed_recipient == NULL &&
1237
              dbus_message_is_method_call (message,
1238
                                           DBUS_INTERFACE_DBUS,
1239
                                           "Hello"))
1240 1241
            {
              _dbus_verbose ("security check allowing %s message\n",
1242
                             "Hello");
1243 1244 1245 1246 1247
              return TRUE;
            }
          else
            {
              _dbus_verbose ("security check disallowing non-%s message\n",
1248
                             "Hello");
1249 1250 1251

              dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
                              "Client tried to send a message other than %s without being registered",
1252
                              "Hello");
1253 1254 1255
              
              return FALSE;
            }
1256
        }
1257 1258
    }
  else
1259 1260 1261 1262 1263 1264 1265 1266 1267 1268
    {
      sender_policy = NULL;

      /* If the sender is the bus driver, we assume any reply was a
       * requested reply as bus driver won't send bogus ones
       */
      if (addressed_recipient == proposed_recipient /* not eavesdropping */ &&
          dbus_message_get_reply_serial (message) != 0)
        requested_reply = TRUE;
    }
1269

1270 1271 1272
  _dbus_assert ((sender != NULL && sender_policy != NULL) ||
                (sender == NULL && sender_policy == NULL));
  
1273
  if (proposed_recipient != NULL)
1274
    {
1275 1276 1277 1278
      /* only the bus driver can send to an inactive recipient (as it
       * owns no services, so other apps can't address it). Inactive
       * recipients can receive any message.
       */
1279
      if (bus_connection_is_active (proposed_recipient))
1280
        {
1281
          recipient_policy = bus_connection_get_policy (proposed_recipient);
1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292
          _dbus_assert (recipient_policy != NULL);
        }
      else if (sender == NULL)
        {
          _dbus_verbose ("security check using NULL recipient policy for message from bus\n");
          recipient_policy = NULL;
        }
      else
        {
          _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n");
          recipient_policy = NULL;
1293
        }
1294 1295 1296
    }
  else
    recipient_policy = NULL;
1297
  
1298 1299 1300
  _dbus_assert ((proposed_recipient != NULL && recipient_policy != NULL) ||
                (proposed_recipient != NULL && sender == NULL && recipient_policy == NULL) ||
                (proposed_recipient == NULL && recipient_policy == NULL));
1301 1302
  
  if (sender_policy &&
1303
      !bus_client_policy_check_can_send (sender_policy,
1304 1305 1306
                                         context->registry,
                                         requested_reply,
                                         proposed_recipient,
1307 1308
                                         message))
    {
1309 1310 1311
      const char *dest;

      dest = dbus_message_get_destination (message);
1312 1313 1314 1315
      dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
                      "A security policy in place prevents this sender "
                      "from sending this message to this recipient, "
                      "see message bus configuration file (rejected message "
1316 1317 1318 1319 1320 1321 1322
                      "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")",
                      dbus_message_get_interface (message) ?
                      dbus_message_get_interface (message) : "(unset)",
                      dbus_message_get_member (message) ?
                      dbus_message_get_member (message) : "(unset)",
                      dbus_message_get_error_name (message) ?
                      dbus_message_get_error_name (message) : "(unset)",
1323
                      dest ? dest : DBUS_SERVICE_DBUS);
1324
      _dbus_verbose ("security policy disallowing message due to sender policy\n");
1325 1326 1327
      return FALSE;
    }

1328
  if (recipient_policy &&
1329
      !bus_client_policy_check_can_receive (recipient_policy,
1330 1331 1332
                                            context->registry,
                                            requested_reply,
                                            sender,
1333
                                            addressed_recipient, proposed_recipient,
1334 1335
                                            message))
    {
1336 1337 1338
      const char *dest;

      dest = dbus_message_get_destination (message);
1339 1340 1341 1342
      dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
                      "A security policy in place prevents this recipient "
                      "from receiving this message from this sender, "
                      "see message bus configuration file (rejected message "
1343
                      "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)",
1344 1345 1346 1347 1348 1349
                      dbus_message_get_interface (message) ?
                      dbus_message_get_interface (message) : "(unset)",
                      dbus_message_get_member (message) ?
                      dbus_message_get_member (message) : "(unset)",
                      dbus_message_get_error_name (message) ?
                      dbus_message_get_error_name (message) : "(unset)",
1350
                      dest ? dest : DBUS_SERVICE_DBUS,
1351 1352
                      dbus_message_get_reply_serial (message),
                      requested_reply);
1353
      _dbus_verbose ("security policy disallowing message due to recipient policy\n");
1354 1355 1356
      return FALSE;
    }

1357
  /* See if limits on size have been exceeded */
1358 1359
  if (proposed_recipient &&
      dbus_connection_get_outgoing_size (proposed_recipient) >
1360
      context->limits.max_outgoing_bytes)
1361
    {
1362 1363 1364
      const char *dest;

      dest = dbus_message_get_destination (message);
1365 1366
      dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
                      "The destination service \"%s\" has a full message queue",
1367 1368
                      dest ? dest : (proposed_recipient ?
                                     bus_connection_get_name (proposed_recipient) : 
1369
                                     DBUS_SERVICE_DBUS));
1370
      _dbus_verbose ("security policy disallowing message due to full message queue\n");
1371 1372
      return FALSE;
    }
1373

1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385
  /* Record that we will allow a reply here in the future (don't
   * bother if the recipient is the bus or this is an eavesdropping
   * connection). Only the addressed recipient may reply.
   */
  if (type == DBUS_MESSAGE_TYPE_METHOD_CALL &&
      sender && 
      addressed_recipient &&
      addressed_recipient == proposed_recipient && /* not eavesdropping */
      !bus_connections_expect_reply (bus_connection_get_connections (sender),
                                     transaction,
                                     sender, addressed_recipient,
                                     message, error))
1386
    {
1387 1388
      _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n");
      return FALSE;
1389 1390
    }
  
1391
  _dbus_verbose ("security policy allowing message\n");