4
4
������������<code class="email"><<a class="email" href="mailto:andersca@codefactory.se">andersca@codefactory.se</a>></code><br>
5
5
����������</p></div></div></div><div class="author"><h3 class="author"><span class="firstname">Alexander</span> <span class="surname">Larsson</span></h3><div class="affiliation"><span class="orgname">Red Hat, Inc.<br></span><div class="address"><p><br>
6
6
������������<code class="email"><<a class="email" href="mailto:alexl@redhat.com">alexl@redhat.com</a>></code><br>
7
����������</p></div></div></div></div></div><div><p class="releaseinfo">Version 0.12</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#introduction">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="#stability">Protocol and Specification Stability</a></span></dt></dl></dd><dt><span class="sect1"><a href="#message-protocol">Message Protocol</a></span></dt><dd><dl><dt><span class="sect2"><a href="#message-protocol-signatures">Type Signatures</a></span></dt><dt><span class="sect2"><a href="#message-protocol-marshaling">Marshaling (Wire Format)</a></span></dt><dt><span class="sect2"><a href="#message-protocol-messages">Message Format</a></span></dt><dt><span class="sect2"><a href="#message-protocol-names">Valid Names</a></span></dt><dt><span class="sect2"><a href="#message-protocol-types">Message Types</a></span></dt><dt><span class="sect2"><a href="#message-protocol-handling-invalid">Invalid Protocol and Spec Extensions</a></span></dt></dl></dd><dt><span class="sect1"><a href="#auth-protocol">Authentication Protocol</a></span></dt><dd><dl><dt><span class="sect2"><a href="#auth-protocol-overview">Protocol Overview</a></span></dt><dt><span class="sect2"><a href="#auth-nul-byte">Special credentials-passing nul byte</a></span></dt><dt><span class="sect2"><a href="#auth-command-auth">AUTH command</a></span></dt><dt><span class="sect2"><a href="#auth-command-cancel">CANCEL Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-data">DATA Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-begin">BEGIN Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-rejected">REJECTED Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-ok">OK Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-error">ERROR Command</a></span></dt><dt><span class="sect2"><a href="#auth-examples">Authentication examples</a></span></dt><dt><span class="sect2"><a href="#auth-states">Authentication state diagrams</a></span></dt><dt><span class="sect2"><a href="#auth-mechanisms">Authentication mechanisms</a></span></dt></dl></dd><dt><span class="sect1"><a href="#addresses">Server Addresses</a></span></dt><dt><span class="sect1"><a href="#transports">Transports</a></span></dt><dd><dl><dt><span class="sect2"><a href="#transports-unix-domain-sockets">Unix Domain Sockets</a></span></dt></dl></dd><dt><span class="sect1"><a href="#naming-conventions">Naming Conventions</a></span></dt><dt><span class="sect1"><a href="#uuids">UUIDs</a></span></dt><dt><span class="sect1"><a href="#standard-interfaces">Standard Interfaces</a></span></dt><dd><dl><dt><span class="sect2"><a href="#standard-interfaces-peer"><code class="literal">org.freedesktop.DBus.Peer</code></a></span></dt><dt><span class="sect2"><a href="#standard-interfaces-introspectable"><code class="literal">org.freedesktop.DBus.Introspectable</code></a></span></dt><dt><span class="sect2"><a href="#standard-interfaces-properties"><code class="literal">org.freedesktop.DBus.Properties</code></a></span></dt></dl></dd><dt><span class="sect1"><a href="#introspection-format">Introspection Data Format</a></span></dt><dt><span class="sect1"><a href="#message-bus">Message Bus Specification</a></span></dt><dd><dl><dt><span class="sect2"><a href="#message-bus-overview">Message Bus Overview</a></span></dt><dt><span class="sect2"><a href="#message-bus-names">Message Bus Names</a></span></dt><dt><span class="sect2"><a href="#message-bus-routing">Message Bus Message Routing</a></span></dt><dt><span class="sect2"><a href="#message-bus-starting-services">Message Bus Starting Services</a></span></dt><dt><span class="sect2"><a href="#message-bus-types">Well-known Message Bus Instances</a></span></dt><dt><span class="sect2"><a href="#message-bus-messages">Message Bus Messages</a></span></dt></dl></dd><dt><span class="glossary"><a href="#id324439">Glossary</a></span></dt></dl></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="introduction"></a>Introduction</h2></div></div></div><p>
7
����������</p></div></div></div></div></div><div><p class="releaseinfo">Version 0.14</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#introduction">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="#stability">Protocol and Specification Stability</a></span></dt></dl></dd><dt><span class="sect1"><a href="#message-protocol">Message Protocol</a></span></dt><dd><dl><dt><span class="sect2"><a href="#message-protocol-signatures">Type Signatures</a></span></dt><dt><span class="sect2"><a href="#message-protocol-marshaling">Marshaling (Wire Format)</a></span></dt><dt><span class="sect2"><a href="#message-protocol-messages">Message Format</a></span></dt><dt><span class="sect2"><a href="#message-protocol-names">Valid Names</a></span></dt><dt><span class="sect2"><a href="#message-protocol-types">Message Types</a></span></dt><dt><span class="sect2"><a href="#message-protocol-handling-invalid">Invalid Protocol and Spec Extensions</a></span></dt></dl></dd><dt><span class="sect1"><a href="#auth-protocol">Authentication Protocol</a></span></dt><dd><dl><dt><span class="sect2"><a href="#auth-protocol-overview">Protocol Overview</a></span></dt><dt><span class="sect2"><a href="#auth-nul-byte">Special credentials-passing nul byte</a></span></dt><dt><span class="sect2"><a href="#auth-command-auth">AUTH command</a></span></dt><dt><span class="sect2"><a href="#auth-command-cancel">CANCEL Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-data">DATA Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-begin">BEGIN Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-rejected">REJECTED Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-ok">OK Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-error">ERROR Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-negotiate-unix-fd">NEGOTIATE_UNIX_FD Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-agree-unix-fd">AGREE_UNIX_FD Command</a></span></dt><dt><span class="sect2"><a href="#auth-command-future">Future Extensions</a></span></dt><dt><span class="sect2"><a href="#auth-examples">Authentication examples</a></span></dt><dt><span class="sect2"><a href="#auth-states">Authentication state diagrams</a></span></dt><dt><span class="sect2"><a href="#auth-mechanisms">Authentication mechanisms</a></span></dt></dl></dd><dt><span class="sect1"><a href="#addresses">Server Addresses</a></span></dt><dt><span class="sect1"><a href="#transports">Transports</a></span></dt><dd><dl><dt><span class="sect2"><a href="#transports-unix-domain-sockets">Unix Domain Sockets</a></span></dt><dt><span class="sect2"><a href="#transports-tcp-sockets">TCP Sockets</a></span></dt><dt><span class="sect2"><a href="#transports-nonce-tcp-sockets">Nonce-secured TCP Sockets</a></span></dt></dl></dd><dt><span class="sect1"><a href="#naming-conventions">Naming Conventions</a></span></dt><dt><span class="sect1"><a href="#uuids">UUIDs</a></span></dt><dt><span class="sect1"><a href="#standard-interfaces">Standard Interfaces</a></span></dt><dd><dl><dt><span class="sect2"><a href="#standard-interfaces-peer"><code class="literal">org.freedesktop.DBus.Peer</code></a></span></dt><dt><span class="sect2"><a href="#standard-interfaces-introspectable"><code class="literal">org.freedesktop.DBus.Introspectable</code></a></span></dt><dt><span class="sect2"><a href="#standard-interfaces-properties"><code class="literal">org.freedesktop.DBus.Properties</code></a></span></dt></dl></dd><dt><span class="sect1"><a href="#introspection-format">Introspection Data Format</a></span></dt><dt><span class="sect1"><a href="#message-bus">Message Bus Specification</a></span></dt><dd><dl><dt><span class="sect2"><a href="#message-bus-overview">Message Bus Overview</a></span></dt><dt><span class="sect2"><a href="#message-bus-names">Message Bus Names</a></span></dt><dt><span class="sect2"><a href="#message-bus-routing">Message Bus Message Routing</a></span></dt><dt><span class="sect2"><a href="#message-bus-starting-services">Message Bus Starting Services</a></span></dt><dt><span class="sect2"><a href="#message-bus-types">Well-known Message Bus Instances</a></span></dt><dt><span class="sect2"><a href="#message-bus-messages">Message Bus Messages</a></span></dt></dl></dd><dt><span class="glossary"><a href="#id426787">Glossary</a></span></dt></dl></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="introduction"></a>Introduction</h2></div></div></div><p>
8
8
D-Bus is a system for low-latency, low-overhead, easy to use
9
9
interprocess communication (IPC). In more detail:
10
10
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
219
219
map, hash table, or dict object.
221
221
The following table summarizes the D-Bus types.
222
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Conventional Name</th><th>Code</th><th>Description</th></tr></thead><tbody><tr><td><code class="literal">INVALID</code></td><td>0 (ASCII NUL)</td><td>Not a valid type code, used to terminate signatures</td></tr><tr><td><code class="literal">BYTE</code></td><td>121 (ASCII 'y')</td><td>8-bit unsigned integer</td></tr><tr><td><code class="literal">BOOLEAN</code></td><td>98 (ASCII 'b')</td><td>Boolean value, 0 is <code class="literal">FALSE</code> and 1 is <code class="literal">TRUE</code>. Everything else is invalid.</td></tr><tr><td><code class="literal">INT16</code></td><td>110 (ASCII 'n')</td><td>16-bit signed integer</td></tr><tr><td><code class="literal">UINT16</code></td><td>113 (ASCII 'q')</td><td>16-bit unsigned integer</td></tr><tr><td><code class="literal">INT32</code></td><td>105 (ASCII 'i')</td><td>32-bit signed integer</td></tr><tr><td><code class="literal">UINT32</code></td><td>117 (ASCII 'u')</td><td>32-bit unsigned integer</td></tr><tr><td><code class="literal">INT64</code></td><td>120 (ASCII 'x')</td><td>64-bit signed integer</td></tr><tr><td><code class="literal">UINT64</code></td><td>116 (ASCII 't')</td><td>64-bit unsigned integer</td></tr><tr><td><code class="literal">DOUBLE</code></td><td>100 (ASCII 'd')</td><td>IEEE 754 double</td></tr><tr><td><code class="literal">STRING</code></td><td>115 (ASCII 's')</td><td>UTF-8 string (<span class="emphasis"><em>must</em></span> be valid UTF-8). Must be nul terminated and contain no other nul bytes.</td></tr><tr><td><code class="literal">OBJECT_PATH</code></td><td>111 (ASCII 'o')</td><td>Name of an object instance</td></tr><tr><td><code class="literal">SIGNATURE</code></td><td>103 (ASCII 'g')</td><td>A type signature</td></tr><tr><td><code class="literal">ARRAY</code></td><td>97 (ASCII 'a')</td><td>Array</td></tr><tr><td><code class="literal">STRUCT</code></td><td>114 (ASCII 'r'), 40 (ASCII '('), 41 (ASCII ')')</td><td>Struct</td></tr><tr><td><code class="literal">VARIANT</code></td><td>118 (ASCII 'v') </td><td>Variant type (the type of the value is part of the value itself)</td></tr><tr><td><code class="literal">DICT_ENTRY</code></td><td>101 (ASCII 'e'), 123 (ASCII '{'), 125 (ASCII '}') </td><td>Entry in a dict or map (array of key-value pairs)</td></tr></tbody></table></div><p>
222
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Conventional Name</th><th>Code</th><th>Description</th></tr></thead><tbody><tr><td><code class="literal">INVALID</code></td><td>0 (ASCII NUL)</td><td>Not a valid type code, used to terminate signatures</td></tr><tr><td><code class="literal">BYTE</code></td><td>121 (ASCII 'y')</td><td>8-bit unsigned integer</td></tr><tr><td><code class="literal">BOOLEAN</code></td><td>98 (ASCII 'b')</td><td>Boolean value, 0 is <code class="literal">FALSE</code> and 1 is <code class="literal">TRUE</code>. Everything else is invalid.</td></tr><tr><td><code class="literal">INT16</code></td><td>110 (ASCII 'n')</td><td>16-bit signed integer</td></tr><tr><td><code class="literal">UINT16</code></td><td>113 (ASCII 'q')</td><td>16-bit unsigned integer</td></tr><tr><td><code class="literal">INT32</code></td><td>105 (ASCII 'i')</td><td>32-bit signed integer</td></tr><tr><td><code class="literal">UINT32</code></td><td>117 (ASCII 'u')</td><td>32-bit unsigned integer</td></tr><tr><td><code class="literal">INT64</code></td><td>120 (ASCII 'x')</td><td>64-bit signed integer</td></tr><tr><td><code class="literal">UINT64</code></td><td>116 (ASCII 't')</td><td>64-bit unsigned integer</td></tr><tr><td><code class="literal">DOUBLE</code></td><td>100 (ASCII 'd')</td><td>IEEE 754 double</td></tr><tr><td><code class="literal">STRING</code></td><td>115 (ASCII 's')</td><td>UTF-8 string (<span class="emphasis"><em>must</em></span> be valid UTF-8). Must be nul terminated and contain no other nul bytes.</td></tr><tr><td><code class="literal">OBJECT_PATH</code></td><td>111 (ASCII 'o')</td><td>Name of an object instance</td></tr><tr><td><code class="literal">SIGNATURE</code></td><td>103 (ASCII 'g')</td><td>A type signature</td></tr><tr><td><code class="literal">ARRAY</code></td><td>97 (ASCII 'a')</td><td>Array</td></tr><tr><td><code class="literal">STRUCT</code></td><td>114 (ASCII 'r'), 40 (ASCII '('), 41 (ASCII ')')</td><td>Struct</td></tr><tr><td><code class="literal">VARIANT</code></td><td>118 (ASCII 'v') </td><td>Variant type (the type of the value is part of the value itself)</td></tr><tr><td><code class="literal">DICT_ENTRY</code></td><td>101 (ASCII 'e'), 123 (ASCII '{'), 125 (ASCII '}') </td><td>Entry in a dict or map (array of key-value pairs)</td></tr><tr><td><code class="literal">UNIX_FD</code></td><td>104 (ASCII 'h')</td><td>Unix file descriptor</td></tr></tbody></table></div><p>
223
223
</p></div><div class="sect2" title="Marshaling (Wire Format)"><div class="titlepage"><div><div><h3 class="title"><a name="message-protocol-marshaling"></a>Marshaling (Wire Format)</h3></div></div></div><p>
224
224
Given a type signature, a block of bytes can be converted into typed
225
225
values. This section describes the format of the block of bytes. Byte
289
289
Identical to STRUCT.
292
</td></tr></tbody></table></div><p>
292
</td></tr><tr><td><code class="literal">UNIX_FD</code></td><td>32-bit unsigned integer in the message's byte
293
order. The actual file descriptors need to be
294
transferred out-of-band via some platform specific
295
mechanism. On the wire, values of this type store the index to the
296
file descriptor in the array of file descriptors that
297
accompany the message.</td><td>4</td></tr></tbody></table></div><p>
293
298
</p><div class="sect3" title="Valid Object Paths"><div class="titlepage"><div><div><h4 class="title"><a name="message-protocol-marshaling-object-path"></a>Valid Object Paths</h4></div></div></div><p>
294
299
An object path is a name used to refer to an object instance.
295
300
Conceptually, each participant in a D-Bus message exchange may have
450
455
The message bus fills in this field so it is reliable; the field is
451
456
only meaningful in combination with the message bus.</td></tr><tr><td><code class="literal">SIGNATURE</code></td><td>8</td><td><code class="literal">SIGNATURE</code></td><td>optional</td><td>The signature of the message body.
452
457
If omitted, it is assumed to be the
453
empty signature "" (i.e. the body must be 0-length).</td></tr></tbody></table></div><p>
458
empty signature "" (i.e. the body must be 0-length).</td></tr><tr><td><code class="literal">UNIX_FDS</code></td><td>9</td><td><code class="literal">UINT32</code></td><td>optional</td><td>The number of Unix file descriptors that
459
accompany the message. If omitted, it is assumed
460
that no Unix file descriptors accompany the
461
message. The actual file descriptors need to be
462
transferred via platform specific mechanism
463
out-of-band. They must be sent at the same time as
464
part of the message itself. They may not be sent
465
before the first byte of the message itself is
466
transferred or after the last byte of the message
467
itself.</td></tr></tbody></table></div><p>
454
468
</p></div></div><div class="sect2" title="Valid Names"><div class="titlepage"><div><div><h3 class="title"><a name="message-protocol-names"></a>Valid Names</h3></div></div></div><p>
455
469
The various names in D-Bus messages have some restrictions.
716
730
Commands from the client to the server are as follows:
718
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>AUTH [mechanism] [initial-response]</p></li><li class="listitem"><p>CANCEL</p></li><li class="listitem"><p>BEGIN</p></li><li class="listitem"><p>DATA <data in hex encoding></p></li><li class="listitem"><p>ERROR [human-readable error explanation]</p></li></ul></div><p>
732
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>AUTH [mechanism] [initial-response]</p></li><li class="listitem"><p>CANCEL</p></li><li class="listitem"><p>BEGIN</p></li><li class="listitem"><p>DATA <data in hex encoding></p></li><li class="listitem"><p>ERROR [human-readable error explanation]</p></li><li class="listitem"><p>NEGOTIATE_UNIX_FD</p></li></ul></div><p>
720
734
From server to client are as follows:
722
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>REJECTED <space-separated list of mechanism names></p></li><li class="listitem"><p>OK <GUID in hex></p></li><li class="listitem"><p>DATA <data in hex encoding></p></li><li class="listitem"><p>ERROR</p></li></ul></div><p>
736
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>REJECTED <space-separated list of mechanism names></p></li><li class="listitem"><p>OK <GUID in hex></p></li><li class="listitem"><p>DATA <data in hex encoding></p></li><li class="listitem"><p>ERROR</p></li><li class="listitem"><p>AGREE_UNIX_FD</p></li></ul></div><p>
724
738
Unofficial extensions to the command set must begin with the letters
725
739
"EXTENSION_", to avoid conflicts with future official commands.
764
778
If authentication succeeds after exchanging DATA commands,
765
779
an OK command must be sent to the client.
767
The first octet received by the client after the \r\n of the OK
768
command must be the first octet of the authenticated/encrypted
769
stream of D-Bus messages.
771
781
The first octet received by the server after the \r\n of the BEGIN
772
782
command from the client must be the first octet of the
773
783
authenticated/encrypted stream of D-Bus messages.
785
If BEGIN is received by the server, the first octet received
786
by the client after the \r\n of the OK command must be the
787
first octet of the authenticated/encrypted stream of D-Bus
774
789
</p></div><div class="sect2" title="CANCEL Command"><div class="titlepage"><div><div><h3 class="title"><a name="auth-command-cancel"></a>CANCEL Command</h3></div></div></div><p>
775
790
At any time up to sending the BEGIN command, the client may send a
776
791
CANCEL command. On receiving the CANCEL command, the server must
803
818
each time it sends a REJECTED message. Clients are free to
804
819
ignore all lists received after the first.
805
820
</p></div><div class="sect2" title="OK Command"><div class="titlepage"><div><div><h3 class="title"><a name="auth-command-ok"></a>OK Command</h3></div></div></div><p>
806
The OK command indicates that the client has been authenticated,
807
and that further communication will be a stream of D-Bus messages
808
(optionally encrypted, as negotiated) rather than this protocol.
810
The first octet received by the client after the \r\n of the OK
811
command must be the first octet of the authenticated/encrypted
812
stream of D-Bus messages.
814
The client must respond to the OK command by sending a BEGIN
815
command, followed by its stream of messages, or by disconnecting.
816
The server must not accept additional commands using this protocol
817
after the OK command has been sent.
821
The OK command indicates that the client has been
822
authenticated. The client may now proceed with negotiating
823
Unix file descriptor passing. To do that it shall send
824
NEGOTIATE_UNIX_FD to the server.
826
Otherwise, the client must respond to the OK command by
827
sending a BEGIN command, followed by its stream of messages,
828
or by disconnecting. The server must not accept additional
829
commands using this protocol after the BEGIN command has been
830
received. Further communication will be a stream of D-Bus
831
messages (optionally encrypted, as negotiated) rather than
834
If a client sends BEGIN the first octet received by the client
835
after the \r\n of the OK command must be the first octet of
836
the authenticated/encrypted stream of D-Bus messages.
819
838
The OK command has one argument, which is the GUID of the server.
820
839
See <a class="xref" href="#addresses" title="Server Addresses">the section called “Server Addresses”</a> for more on server GUIDs.
839
858
receiving an ERROR from applications that don't understand it. Thus the
840
859
ERROR feature of the auth protocol is an escape hatch that lets us
841
860
negotiate extensions or changes to the D-Bus protocol in the future.
861
</p></div><div class="sect2" title="NEGOTIATE_UNIX_FD Command"><div class="titlepage"><div><div><h3 class="title"><a name="auth-command-negotiate-unix-fd"></a>NEGOTIATE_UNIX_FD Command</h3></div></div></div><p>
862
The NEGOTIATE_UNIX_FD command indicates that the client
863
supports Unix file descriptor passing. This command may only
864
be sent after the connection is authenticated, i.e. after OK
865
was received by the client. This command may only be sent on
866
transports that support Unix file descriptor passing.
868
On receiving NEGOTIATE_UNIX_FD the server must respond with
869
either AGREE_UNIX_FD or ERROR. It shall respond the former if
870
the transport chosen supports Unix file descriptor passing and
871
the server supports this feature. It shall respond the latter
872
if the transport does not support Unix file descriptor
873
passing, the server does not support this feature, or the
874
server decides not to enable file descriptor passing due to
875
security or other reasons.
876
</p></div><div class="sect2" title="AGREE_UNIX_FD Command"><div class="titlepage"><div><div><h3 class="title"><a name="auth-command-agree-unix-fd"></a>AGREE_UNIX_FD Command</h3></div></div></div><p>
877
The AGREE_UNIX_FD command indicates that the server supports
878
Unix file descriptor passing. This command may only be sent
879
after the connection is authenticated, and the client sent
880
NEGOTIATE_UNIX_FD to enable Unix file descriptor passing. This
881
command may only be sent on transports that support Unix file
884
On receiving AGREE_UNIX_FD the client must respond with BEGIN,
885
followed by its stream of messages, or by disconnecting. The
886
server must not accept additional commands using this protocol
887
after the BEGIN command has been received. Further
888
communication will be a stream of D-Bus messages (optionally
889
encrypted, as negotiated) rather than this protocol.
890
</p></div><div class="sect2" title="Future Extensions"><div class="titlepage"><div><div><h3 class="title"><a name="auth-command-future"></a>Future Extensions</h3></div></div></div><p>
891
Future extensions to the authentication and negotiation
892
protocol are possible. For that new commands may be
893
introduced. If a client or server receives an unknown command
894
it shall respond with ERROR and not consider this fatal. New
895
commands may be introduced both before, and after
896
authentication, i.e. both before and after the OK command.
842
897
</p></div><div class="sect2" title="Authentication examples"><div class="titlepage"><div><div><h3 class="title"><a name="auth-examples"></a>Authentication examples</h3></div></div></div><p>
843
</p><div class="figure"><a name="id320449"></a><p class="title"><b>Figure�1.�Example of successful magic cookie authentication</b></p><div class="figure-contents"><pre class="programlisting">
898
</p><div class="figure"><a name="id422013"></a><p class="title"><b>Figure�1.�Example of successful magic cookie authentication</b></p><div class="figure-contents"><pre class="programlisting">
844
899
(MAGIC_COOKIE is a made up mechanism)
846
901
C: AUTH MAGIC_COOKIE 3138363935333137393635383634
847
902
S: OK 1234deadbeef
849
904
</pre></div></div><p><br class="figure-break">
850
</p><div class="figure"><a name="id320464"></a><p class="title"><b>Figure�2.�Example of finding out mechanisms then picking one</b></p><div class="figure-contents"><pre class="programlisting">
905
</p><div class="figure"><a name="id422028"></a><p class="title"><b>Figure�2.�Example of finding out mechanisms then picking one</b></p><div class="figure-contents"><pre class="programlisting">
852
907
S: REJECTED KERBEROS_V4 SKEY
853
908
C: AUTH SKEY 7ab83f32ee
856
911
S: OK 1234deadbeef
858
913
</pre></div></div><p><br class="figure-break">
859
</p><div class="figure"><a name="id320480"></a><p class="title"><b>Figure�3.�Example of client sends unknown command then falls back to regular auth</b></p><div class="figure-contents"><pre class="programlisting">
914
</p><div class="figure"><a name="id422044"></a><p class="title"><b>Figure�3.�Example of client sends unknown command then falls back to regular auth</b></p><div class="figure-contents"><pre class="programlisting">
862
917
C: AUTH MAGIC_COOKIE 3736343435313230333039
863
918
S: OK 1234deadbeef
865
920
</pre></div></div><p><br class="figure-break">
866
</p><div class="figure"><a name="id320496"></a><p class="title"><b>Figure�4.�Example of server doesn't support initial auth mechanism</b></p><div class="figure-contents"><pre class="programlisting">
921
</p><div class="figure"><a name="id422060"></a><p class="title"><b>Figure�4.�Example of server doesn't support initial auth mechanism</b></p><div class="figure-contents"><pre class="programlisting">
867
922
C: AUTH MAGIC_COOKIE 3736343435313230333039
868
923
S: REJECTED KERBEROS_V4 SKEY
869
924
C: AUTH SKEY 7ab83f32ee
898
953
S: OK 1234deadbeef
900
955
</pre></div></div><p><br class="figure-break">
956
</p><div class="figure"><a name="id422112"></a><p class="title"><b>Figure�7.�Example of successful magic cookie authentication with successful negotiation of Unix FD passing</b></p><div class="figure-contents"><pre class="programlisting">
957
(MAGIC_COOKIE is a made up mechanism)
959
C: AUTH MAGIC_COOKIE 3138363935333137393635383634
964
</pre></div></div><p><br class="figure-break">
965
</p><div class="figure"><a name="id422128"></a><p class="title"><b>Figure�8.�Example of successful magic cookie authentication with unsuccessful negotiation of Unix FD passing</b></p><div class="figure-contents"><pre class="programlisting">
966
(MAGIC_COOKIE is a made up mechanism)
968
C: AUTH MAGIC_COOKIE 3138363935333137393635383634
973
</pre></div></div><p><br class="figure-break">
901
974
</p></div><div class="sect2" title="Authentication state diagrams"><div class="titlepage"><div><div><h3 class="title"><a name="auth-states"></a>Authentication state diagrams</h3></div></div></div><p>
902
975
This section documents the auth protocol in terms of
903
976
a state machine for the client and the server. This is
1260
1333
previous versions of D-Bus that would create sockets with a fixed
1261
1334
length path name. Names which were shorter than the fixed length
1262
1335
would be padded by Nul bytes.
1263
</p></div></div><div class="sect1" title="Naming Conventions"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="naming-conventions"></a>Naming Conventions</h2></div></div></div><p>
1337
Unix domain sockets are not available on windows.
1338
</p><div class="sect3" title="Server Address Format"><div class="titlepage"><div><div><h4 class="title"><a name="transports-unix-domain-sockets-addresses"></a>Server Address Format</h4></div></div></div><p>
1339
Unix domain socket addresses are identified by the "unix:" prefix
1340
and support the following key/value pairs:
1341
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Name</th><th>Values</th><th>Description</th></tr></thead><tbody><tr><td>path</td><td>(path)</td><td>path of the unix domain socket. If set, the "tmpdir" and "abstract" key must not be set.</td></tr><tr><td>tmpdir</td><td>(path)</td><td>temporary directory in which a socket file with a random file name starting with 'dbus-' will be created by the server. This key can only be used in server addresses, not in client addresses. If set, the "path" and "abstract" key must not be set.</td></tr><tr><td>abstract</td><td>(string)</td><td>unique string (path) in the abstract namespace. If set, the "path" or "tempdir" key must not be set.</td></tr></tbody></table></div></div></div><div class="sect2" title="TCP Sockets"><div class="titlepage"><div><div><h3 class="title"><a name="transports-tcp-sockets"></a>TCP Sockets</h3></div></div></div><p>
1342
The tcp transport provides TCP/IP based connections between clients
1343
located on the same or different hosts.
1345
Using tcp transport without any additional secure authentification mechanismus
1346
over a network is unsecure.
1348
Windows notes: Because of the tcp stack on windows does not provide sending
1349
credentials over a tcp connection, the EXTERNAL authentification
1350
mechanismus does not work.
1351
</p><div class="sect3" title="Server Address Format"><div class="titlepage"><div><div><h4 class="title"><a name="transports-tcp-sockets-addresses"></a>Server Address Format</h4></div></div></div><p>
1352
TCP/IP socket addresses are identified by the "tcp:" prefix
1353
and support the following key/value pairs:
1354
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Name</th><th>Values</th><th>Description</th></tr></thead><tbody><tr><td>host</td><td>(string)</td><td>dns name or ip address</td></tr><tr><td>port</td><td>(number)</td><td>The tcp port the server will open. A zero value let the server
1355
choose a free port provided from the underlaying operating system.
1356
libdbus is able to retrieve the real used port from the server.
1357
</td></tr><tr><td>family</td><td>(string)</td><td>If set, provide the type of socket family either "ipv4" or "ipv6". If unset, the family is unspecified.</td></tr></tbody></table></div></div></div><div class="sect2" title="Nonce-secured TCP Sockets"><div class="titlepage"><div><div><h3 class="title"><a name="transports-nonce-tcp-sockets"></a>Nonce-secured TCP Sockets</h3></div></div></div><p>
1358
The nonce-tcp transport provides a secured TCP transport, using a
1359
simple authentication mechanism to ensure that only clients with read
1360
access to a certain location in the filesystem can connect to the server.
1361
The server writes a secret, the nonce, to a file and an incoming client
1362
connection is only accepted if the client sends the nonce right after
1363
the connect. The nonce mechanism requires no setup and is orthogonal to
1364
the higher-level authentication mechanisms described in the
1365
Authentication section.
1367
On start, the server generates a random 16 byte nonce and writes it
1368
to a file in the user's temporary directory. The nonce file location
1369
is published as part of the server's D-Bus address using the
1370
"noncefile" key-value pair.
1372
After an accept, the server reads 16 bytes from the socket. If the
1373
read bytes do not match the nonce stored in the nonce file, the
1374
server MUST immediately drop the connection.
1375
If the nonce match the received byte sequence, the client is accepted
1376
and the transport behaves like an unsecured tcp transport.
1378
After a successful connect to the server socket, the client MUST read
1379
the nonce from the file published by the server via the noncefile=
1380
key-value pair and send it over the socket. After that, the
1381
transport behaves like an unsecured tcp transport.
1382
</p><div class="sect3" title="Server Address Format"><div class="titlepage"><div><div><h4 class="title"><a name="transports-nonce-tcp-sockets-addresses"></a>Server Address Format</h4></div></div></div><p>
1383
Nonce TCP/IP socket addresses uses the "nonce-tcp:" prefix
1384
and support the following key/value pairs:
1385
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Name</th><th>Values</th><th>Description</th></tr></thead><tbody><tr><td>host</td><td>(string)</td><td>dns name or ip address</td></tr><tr><td>port</td><td>(number)</td><td>The tcp port the server will open. A zero value let the server
1386
choose a free port provided from the underlaying operating system.
1387
libdbus is able to retrieve the real used port from the server.
1388
</td></tr><tr><td>family</td><td>(string)</td><td>If set, provide the type of socket family either "ipv4" or "ipv6". If unset, the family is unspecified.</td></tr><tr><td>noncefile</td><td>(path)</td><td>file location containing the secret</td></tr></tbody></table></div></div></div></div><div class="sect1" title="Naming Conventions"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="naming-conventions"></a>Naming Conventions</h2></div></div></div><p>
1264
1389
D-Bus namespaces are all lowercase and correspond to reversed domain
1265
1390
names, as with Java. e.g. "org.freedesktop"
1373
1498
the results are undefined (picking one by according to an arbitrary
1374
1499
deterministic rule, or returning an error, are the reasonable
1375
1500
possibilities).
1502
If one or more properties change on an object, the
1503
<code class="literal">org.freedesktop.DBus.Properties.PropertiesChanged</code>
1504
signal may be emitted (this signal was added in 0.14):
1506
</p><pre class="programlisting">
1507
org.freedesktop.DBus.Properties.PropertiesChanged (STRING interface_name,
1508
DICT<STRING,VARIANT> changed_properties,
1509
ARRAY<STRING> invalidated_properties);
1512
where <code class="literal">changed_properties</code> is a dictionary
1513
containing the changed properties with the new values and
1514
<code class="literal">invalidated_properties</code> is an array of
1515
properties that changed but the value is not conveyed.
1517
Whether the <code class="literal">PropertiesChanged</code> signal is
1518
supported can be determined by calling
1519
<code class="literal">org.freedesktop.DBus.Introspectable.Introspect</code>. Note
1520
that the signal may be supported for an object but it may
1521
differ how whether and how it is used on a per-property basis
1522
(for e.g. performance or security reasons). Each property (or
1523
the parent interface) must be annotated with the
1524
<code class="literal">org.freedesktop.DBus.Property.EmitsChangedSignal</code>
1525
annotation to convey this (usually the default value
1526
<code class="literal">true</code> is sufficient meaning that the
1527
annotation does not need to be used). See <a class="xref" href="#introspection-format" title="Introspection Data Format">the section called “Introspection Data Format”</a> for details on this
1376
1529
</p></div></div><div class="sect1" title="Introspection Data Format"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="introspection-format"></a>Introspection Data Format</h2></div></div></div><p>
1377
1530
As described in <a class="xref" href="#standard-interfaces-introspectable" title="org.freedesktop.DBus.Introspectable">the section called “<code class="literal">org.freedesktop.DBus.Introspectable</code>”</a>,
1378
1531
objects may be introspected at runtime, returning an XML string
1447
1600
"annotations", which are generic key/value pairs of metadata.
1448
1601
They are similar conceptually to Java's annotations and C# attributes.
1449
1602
Well-known annotations:
1450
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Name</th><th>Values (separated by ,)</th><th>Description</th></tr></thead><tbody><tr><td>org.freedesktop.DBus.Deprecated</td><td>true,false</td><td>Whether or not the entity is deprecated; defaults to false</td></tr><tr><td>org.freedesktop.DBus.GLib.CSymbol</td><td>(string)</td><td>The C symbol; may be used for methods and interfaces</td></tr><tr><td>org.freedesktop.DBus.Method.NoReply</td><td>true,false</td><td>If set, don't expect a reply to the method call; defaults to false.</td></tr></tbody></table></div></div><div class="sect1" title="Message Bus Specification"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="message-bus"></a>Message Bus Specification</h2></div></div></div><div class="sect2" title="Message Bus Overview"><div class="titlepage"><div><div><h3 class="title"><a name="message-bus-overview"></a>Message Bus Overview</h3></div></div></div><p>
1603
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Name</th><th>Values (separated by ,)</th><th>Description</th></tr></thead><tbody><tr><td>org.freedesktop.DBus.Deprecated</td><td>true,false</td><td>Whether or not the entity is deprecated; defaults to false</td></tr><tr><td>org.freedesktop.DBus.GLib.CSymbol</td><td>(string)</td><td>The C symbol; may be used for methods and interfaces</td></tr><tr><td>org.freedesktop.DBus.Method.NoReply</td><td>true,false</td><td>If set, don't expect a reply to the method call; defaults to false.</td></tr><tr><td>org.freedesktop.DBus.Property.EmitsChangedSignal</td><td>true,invalidates,false</td><td>
1605
If set to <code class="literal">false</code>, the
1606
<code class="literal">org.freedesktop.DBus.Properties.PropertiesChanged</code>
1607
signal, see <a class="xref" href="#standard-interfaces-properties" title="org.freedesktop.DBus.Properties">the section called “<code class="literal">org.freedesktop.DBus.Properties</code>”</a> is not
1608
guaranteed to be emitted if the property changes.
1611
If set to <code class="literal">invalidates</code> the signal
1612
is emitted but the value is not included in the
1616
If set to <code class="literal">true</code> the signal is
1617
emitted with the value included.
1620
The value for the annotation defaults to
1621
<code class="literal">true</code> if the enclosing interface
1622
element does not specify the annotation. Otherwise it
1623
defaults to the value specified in the enclosing
1626
</td></tr></tbody></table></div></div><div class="sect1" title="Message Bus Specification"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="message-bus"></a>Message Bus Specification</h2></div></div></div><div class="sect2" title="Message Bus Overview"><div class="titlepage"><div><div><h3 class="title"><a name="message-bus-overview"></a>Message Bus Overview</h3></div></div></div><p>
1451
1627
The message bus accepts connections from one or more applications.
1452
1628
Once connected, applications can exchange messages with other
1453
1629
applications that are also connected to the bus.
1669
1845
in the queue for the name and has now been removed from the
1670
1846
queue.</td></tr><tr><td>DBUS_RELEASE_NAME_REPLY_NON_EXISTENT</td><td>2</td><td>The given name does not exist on this bus.</td></tr><tr><td>DBUS_RELEASE_NAME_REPLY_NOT_OWNER</td><td>3</td><td>The caller was not the primary owner of this name,
1671
1847
and was also not waiting in the queue to own this name.</td></tr></tbody></table></div><p>
1848
</p></div><div class="sect3" title="org.freedesktop.DBus.ListQueuedOwners"><div class="titlepage"><div><div><h4 class="title"><a name="bus-messages-list-queued-owners"></a><code class="literal">org.freedesktop.DBus.ListQueuedOwners</code></h4></div></div></div><p>
1850
</p><pre class="programlisting">
1851
ARRAY of STRING ListQueuedOwners (in STRING name)
1854
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Argument</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>0</td><td>STRING</td><td>The well-known bus name to query, such as
1855
<code class="literal">com.example.cappuccino</code></td></tr></tbody></table></div><p>
1857
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Argument</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>0</td><td>ARRAY of STRING</td><td>The unique bus names of connections currently queued
1858
for the name</td></tr></tbody></table></div><p>
1860
This method call should be sent to
1861
<code class="literal">org.freedesktop.DBus</code> and lists the connections
1862
currently queued for a bus name (see
1863
<a class="xref" href="#term-queued-owner" title="Queued Name Owner">Queued Name Owner</a>).
1672
1864
</p></div></div><div class="sect2" title="Message Bus Message Routing"><div class="titlepage"><div><div><h3 class="title"><a name="message-bus-routing"></a>Message Bus Message Routing</h3></div></div></div><p>
1674
1866
</p><div class="sect3" title="Match Rules"><div class="titlepage"><div><div><h4 class="title"><a name="message-bus-routing-match-rules"></a>Match Rules</h4></div></div></div><p>
1954
2148
</p></div><div class="sect3" title="org.freedesktop.DBus.GetConnectionUnixUser"><div class="titlepage"><div><div><h4 class="title"><a name="bus-messages-get-connection-unix-user"></a><code class="literal">org.freedesktop.DBus.GetConnectionUnixUser</code></h4></div></div></div><p>
1956
2150
</p><pre class="programlisting">
1957
UINT32 GetConnectionUnixUser (in STRING connection_name)
1960
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Argument</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>0</td><td>STRING</td><td>Name of the connection to query</td></tr></tbody></table></div><p>
1962
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Argument</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>0</td><td>UINT32</td><td>unix user id</td></tr></tbody></table></div><p>
1963
Returns the unix uid of the process connected to the server. If unable to
1964
determine it, a <code class="literal">org.freedesktop.DBus.Error.Failed</code>
2151
UINT32 GetConnectionUnixUser (in STRING bus_name)
2154
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Argument</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>0</td><td>STRING</td><td>Unique or well-known bus name of the connection to
2155
query, such as <code class="literal">:12.34</code> or
2156
<code class="literal">com.example.tea</code></td></tr></tbody></table></div><p>
2158
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Argument</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>0</td><td>UINT32</td><td>Unix user ID</td></tr></tbody></table></div><p>
2159
Returns the Unix user ID of the process connected to the server. If
2160
unable to determine it (for instance, because the process is not on the
2161
same machine as the bus daemon), an error is returned.
2162
</p></div><div class="sect3" title="org.freedesktop.DBus.GetConnectionUnixProcessID"><div class="titlepage"><div><div><h4 class="title"><a name="bus-messages-get-connection-unix-process-id"></a><code class="literal">org.freedesktop.DBus.GetConnectionUnixProcessID</code></h4></div></div></div><p>
2164
</p><pre class="programlisting">
2165
UINT32 GetConnectionUnixProcessID (in STRING bus_name)
2168
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Argument</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>0</td><td>STRING</td><td>Unique or well-known bus name of the connection to
2169
query, such as <code class="literal">:12.34</code> or
2170
<code class="literal">com.example.tea</code></td></tr></tbody></table></div><p>
2172
</p><div class="informaltable"><table border="1"><colgroup><col><col><col></colgroup><thead><tr><th>Argument</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>0</td><td>UINT32</td><td>Unix process id</td></tr></tbody></table></div><p>
2173
Returns the Unix process ID of the process connected to the server. If
2174
unable to determine it (for instance, because the process is not on the
2175
same machine as the bus daemon), an error is returned.
1966
2176
</p></div><div class="sect3" title="org.freedesktop.DBus.AddMatch"><div class="titlepage"><div><div><h4 class="title"><a name="bus-messages-add-match"></a><code class="literal">org.freedesktop.DBus.AddMatch</code></h4></div></div></div><p>
1968
2178
</p><pre class="programlisting">
1997
2207
There is also a per-machine ID, described in <a class="xref" href="#standard-interfaces-peer" title="org.freedesktop.DBus.Peer">the section called “<code class="literal">org.freedesktop.DBus.Peer</code>”</a> and returned
1998
2208
by org.freedesktop.DBus.Peer.GetMachineId().
1999
2209
For a desktop session bus, the bus ID can be used as a way to uniquely identify a user's session.
2000
</p></div></div></div><div class="glossary" title="Glossary"><div class="titlepage"><div><div><h2 class="title"><a name="id324439"></a>Glossary</h2></div></div></div><p>
2210
</p></div></div></div><div class="glossary" title="Glossary"><div class="titlepage"><div><div><h2 class="title"><a name="id426787"></a>Glossary</h2></div></div></div><p>
2001
2211
This glossary defines some of the terms used in this specification.
2002
2212
</p><dl><dt><a name="term-bus-name"></a>Bus Name</dt><dd><p>
2003
2213
The message bus maintains an association between names and
2071
2281
message bus. This name will never change owner, and will be unique
2072
2282
(never reused during the lifetime of the message bus).
2073
2283
It will begin with a ':' character.
2074
</p></dd></dl></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id321252" href="#id321252" class="para">1</a>] </sup>Lockfiles are used instead of real file
2284
</p></dd></dl></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id422845" href="#id422845" class="para">1</a>] </sup>Lockfiles are used instead of real file
2075
2285
locking <code class="literal">fcntl()</code> because real locking
2076
2286
implementations are still flaky on network
2077
filesystems.</p></div><div class="footnote"><p><sup>[<a name="ftn.id323183" href="#id323183" class="para">2</a>] </sup>
2287
filesystems.</p></div><div class="footnote"><p><sup>[<a name="ftn.id425407" href="#id425407" class="para">2</a>] </sup>
2078
2288
The D-Bus reference implementation actually honors the
2079
2289
<code class="literal">$(localstatedir)</code> configure option
2080
2290
for this address, on both client and server side.