Version 0.1 22 January 2003 Havoc Pennington

hp@pobox.com

Anders Carlsson CodeFactory AB

andersca@codefactory.se

D-BUS is a system for low-latency, low-overhead, easy to use interprocess communication (IPC). In more detail: D-BUS is low-latency because it is designed to avoid round trips and allow asynchronous operation, much like the X protocol. D-BUS is low-overhead because it uses a binary protocol, and does not have to convert to and from a text format such as XML. Because D-BUS is intended for potentially high-resolution same-machine IPC, not primarily for Internet IPC, this is an interesting optimization. D-BUS is easy to use because it works in terms of messages rather than byte streams, and does not require users to understand any complex concepts such as a new type system or elaborate APIs. Libraries implementing D-BUS may choose to abstract messages as "method calls" (see ). The base D-BUS protocol is a peer-to-peer protocol, specified in . That is, it is a system for one application to talk to a single other application. However, the primary intended application of D-BUS is the D-BUS message bus, specified in . The message bus is a special application that accepts connections from multiple other applications, and forwards messages among them. A message consists of a header and a body. If you think of a message as a package, the header is the address, and the body contains the package contents. The message delivery system uses the header information to figure out where to send the message and how to interpret it; the recipient inteprets the body of the message. The body of the message is made up of zero or more arguments, which are typed values, such as an integer or a byte array. Following the mandatory fields, there are zero or more named fields (see ), and then nul bytes padding the header such that its total length in bytes is a multiple of 8. The header MUST begin with the following mandatory fields in the following order: Size Description 1 byte Endianness flag; ASCII 'l' for little-endian or ASCII 'B' for big-endian. 1 byte Bitwise OR of flags. Unknown flags MUST be ignored. Currently-defined flags are described below. 1 byte Major protocol version of the sending application. If the major protocol version of the receiving application does not match, the applications will not be able to communicate and the D-BUS connection MUST be disconnected. The major protocol version for this version of the specification is 0. 1 byte A nul byte, reserved for future use. Any value for this byte MUST be accepted. 4 bytes An unsigned 32-bit integer in the message's byte order, indicating the total length in bytes of the header including named fields and any alignment padding. MUST be a multiple of 8. 4 bytes An unsigned 32-bit integer in the message's byte order, indicating the total length in bytes of the message body. 4 bytes The message's serial number, a signed 32-bit integer in the message's byte order. Applications MUST NOT reuse the same serial number for different messages more often than 32-bit integer wraparound. Serial numbers must be greater than zero. Flags that can appear in the second byte of the header: Hex value Description 0x1 This message is an error reply. In addition to the required header information mentioned in , the header may contain zero or more named header fields. These fields are named to allow future versions of this protocol specification to add new fields; implementations must ignore fields they do not understand. Implementations must not invent their own header fields; only changes to this specification may introduce new header fields. Header field names MUST consist of 4 non-nul bytes. The field name is NOT nul terminated; it occupies exactly 4 bytes. Following the name, the field MUST have a type code, and then a properly-aligned value of that type. See for a description of how each type is encoded. If an implementation sees a header field name that it does not understand, it MUST ignore that field. Here are the currently-defined named header fields: Name Type Description name STRING The name of the message, such as org.freedesktop.Peer.Ping rply INT32 The serial number of the message this message is a reply to. (The serial number is one of the mandatory header fields, see .) srvc STRING The name of the service this message should be routed to. Only used in combination with the message bus, see . sndr STRING The name of the service that sent this message. The message bus fills in this field; the field is only meaningful in combination with the message bus. To allow implementations to keep the header and the body in a single buffer while keeping data types aligned, the total length of the header must be a multiple of 8 bytes. To achieve this, the header MUST be padded with nul bytes to align its total length on an 8-byte boundary. The minimum number of padding bytes MUST be used. Because all possible named fields use at least 8 bytes, implementations can distinguish padding (which must be less than 8 bytes) from additional named fields (which must be at least 8 bytes). The message body is made up of arguments. Each argument is a type code, followed by the value of the argument in a type-dependent format. The type codes are as follows: Type name Code Description INVALID 0 Not a valid type code (error if it appears in a message) NIL 1 Marks an "unset" or "nonexistent" argument INT32 2 32-bit signed integer UINT32 3 32-bit unsigned integer DOUBLE 4 IEEE 754 double STRING 5 UTF-8 string (must be valid UTF-8) INT32_ARRAY 6 Array of INT32 UINT32_ARRAY 7 Array of UINT32 DOUBLE_ARRAY 8 Array of DOUBLE BYTE_ARRAY 9 Array of bytes STRING_ARRAY 10 Array of STRING The types are encoded as follows: Type name Encoding INVALID Not applicable; cannot be encoded. NIL No data is encoded; the type code is followed immediately by the type code of the next argument. INT32 32-bit signed integer in the message's byte order, aligned to 4-byte boundary. UINT32 32-bit unsigned integer in the message's byte order, aligned to 4-byte boundary. DOUBLE 64-bit IEEE 754 double in the message's byte order, aligned to 8-byte boundary. STRING UINT32 aligned to 4-byte boundary indicating the string's length in bytes excluding its terminating nul, followed by string data of the given length, followed by a terminating nul byte. INT32_ARRAY UINT32 giving the number of values in the array, followed by the given number of INT32 values. UINT32_ARRAY UINT32 giving the number of values in the array, followed by the given number of UINT32 values. DOUBLE_ARRAY UINT32 giving the number of values in the array, followed by the given number of DOUBLE values aligned to 8-byte boundary. BYTE_ARRAY UINT32 giving the number of values in the array, followed by the given number of one-byte values. STRING_ARRAY UINT32 giving the number of values in the array, followed by the given number of STRING values. Before the flow of messages begins, two applications must authenticate. A simple text protocol is used for authentication; this protocol is a SASL profile, and maps fairly directly from the SASL specification. In examples, "C:" and "S:" indicate lines sent by the client and server respectively. The protocol is a line-based protocol, where each line ends with \r\n. Each line begins with an all-caps ASCII command name containing only the character range [A-Z], a space, then any arguments for the command, then the \r\n ending the line. The protocol is case-sensitive. All bytes must be in the ASCII character set. Commands from the client to the server are as follows: AUTH [mechanism] [initial-response] CANCELBEGIN DATA <data in base 64 encoding> ERROR [human-readable error explanation] From server to client are as follows: REJECTED <space-separated list of mechanism names> OK DATA <data in base 64 encoding> ERROR Immediately after connecting to the server, the client must send a single nul byte. This byte may be accompanied by credentials information on some operating systems that use sendmsg() with SCM_CREDS or SCM_CREDENTIALS to pass credentials over UNIX domain sockets. However, the nul byte MUST be sent even on other kinds of socket, and even on operating systems that do not require a byte to be sent in order to transmit credentials. The text protocol described in this document begins after the single nul byte. If the first byte received from the client is not a nul byte, the server may disconnect that client. A nul byte in any context other than the initial byte is an error; the protocol is ASCII-only. The credentials sent along with the nul byte may be used with the SASL mechanism EXTERNAL. If an AUTH command has no arguments, it is a request to list available mechanisms. The server SHOULD respond with a REJECTED command listing the mechanisms it understands. If an AUTH command specifies a mechanism, and the server supports said mechanism, the server SHOULD begin exchanging SASL challenge-response data with the client using DATA commands. If the server does not support the mechanism given in the AUTH command, it SHOULD send a REJECTED command listing the mechanisms it does support. If the [initial-response] argument is provided, it is intended for use with mechanisms that have no initial challenge (or an empty initial challenge), as if it were the argument to an initial DATA command. If the selected mechanism has an initial challenge, the server should reject authentication by sending REJECTED. If authentication succeeds after exchanging DATA commands, an OK command should be sent to the client. The first octet received by the client after the \r\n of the OK command MUST be the first octet of the authenticated/encrypted stream of D-BUS messages. The first octet received by the server after the \r\n of the BEGIN command from the client MUST be the first octet of the authenticated/encrypted stream of D-BUS messages. At any time up to sending the BEGIN command, the client may send a CANCEL command. On receiving the CANCEL command, the server MUST send a REJECTED command and abort the current authentication exchange. The DATA command may come from either client or server, and simply contains a base64-encoded block of data to be interpreted according to the SASL mechanism in use. Some SASL mechanisms support sending an "empty string"; FIXME we need some way to do this. The BEGIN command acknowledges that the client has received an OK command from the server, and that the stream of messages is about to begin. The first octet received by the server after the \r\n of the BEGIN command from the client MUST be the first octet of the authenticated/encrypted stream of D-BUS messages. The REJECTED command indicates that the current authentication exchange has failed, and further exchange of DATA is inappropriate. The client would normally try another mechanism, or try providing different responses to challenges. Optionally, the REJECTED command has a space-separated list of available auth mechanisms as arguments. If a server ever provides a list of supported mechanisms, it MUST provide the same list each time it sends a REJECTED message. Clients are free to ignore all lists received after the first. The OK command indicates that the client has been authenticated, and that further communication will be a stream of D-BUS messages (optionally encrypted, as negotiated) rather than this protocol. The first octet received by the client after the \r\n of the OK command MUST be the first octet of the authenticated/encrypted stream of D-BUS messages. The client MUST respond to the OK command by sending a BEGIN command, followed by its stream of messages, or by disconnecting. The server MUST NOT accept additional commands using this protocol after the OK command has been sent. The ERROR command indicates that either server or client did not know a command, does not accept the given command in the current context, or did not understand the arguments to the command. This allows the protocol to be extended; a client or server can send a command present or permitted only in new protocol versions, and if an ERROR is received instead of an appropriate response, fall back to using some other technique. If an ERROR is sent, the server or client MUST continue as if the command causing the ERROR had never been received.

(MAGIC_COOKIE is a made up mechanism) C: AUTH MAGIC_COOKIE BsAY3g4gBNo= S: OK C: BEGIN

C: AUTH S: REJECTED KERBEROS_V4 SKEY C: AUTH SKEY bW9yZ2Fu S: DATA OTUgUWE1ODMwOA== C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA== S: OK C: BEGIN

C: FOOBAR S: ERROR C: AUTH MAGIC_COOKIE BsAY3g4gBNo= S: OK C: BEGIN

C: AUTH MAGIC_COOKIE BsAY3g4gBNo= S: REJECTED KERBEROS_V4 SKEY C: AUTH SKEY bW9yZ2Fu S: DATA OTUgUWE1ODMwOA== C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA== S: OK C: BEGIN

C: AUTH MAGIC_COOKIE BsAY3g4gBNo= S: REJECTED KERBEROS_V4 SKEY C: AUTH SKEY bW9yZ2Fu S: DATA OTUgUWE1ODMwOA== C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA== S: REJECTED C: AUTH SKEY bW9yZ2Fu S: DATA OTUgUWE1ODMwOA== C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA== S: OK C: BEGIN

C: AUTH MAGIC_COOKIE BsAY3g4gBNo= S: REJECTED KERBEROS_V4 SKEY C: AUTH SKEY bW9yZ2Fu S: DATA OTUgUWE1ODMwOA== C: CANCEL S: REJECTED C: AUTH SKEY bW9yZ2Fu S: DATA OTUgUWE1ODMwOA== C: DATA Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA== S: OK C: BEGIN

Server addresses consist of a transport name followed by a colon, and then an optional, comma-separated list of keys and values in the form key=value. For example: unix:path=/tmp/dbus-test Which is the address to a unix socket with the path /tmp/dbus-test. When connecting to a server, multiple server addresses can be separated by a semi-colon. The library will then try to connect to the first address and if that fails, it'll try to connect to the next one specified, and so forth. For example unix:path=/tmp/dbus-test;unix:path=/tmp/dbus-test2 Currently, a transport over local UNIX sockets exists, a debug transport that only works in-process and therefore can be used for for unit testing also exists. It is possible that other transports are added, such as a TCP/IP transport, and a transport that works over X11. This section documents conventions that are not essential to D-BUS functionality, but should generally be followed in order to simplify programmer's lives. Messages are normally named in the form "org.freedesktop.Peer.Ping", which has three distinct components: Namespace e.g. org.freedesktop Message names have a Java-style namespace: a reversed domain name. The components of the domain are normally lowercase. Package or object e.g. Peer The next part of the message name can be thought of as the name of a singleton object, or as the name of a package of related messages. More than one dot-separated component might be used here. (Note that D-BUS does not define any idea of object instances or object references.) The package or object name is capitalized LikeThis. Method or operation e.g. Ping The final part of the message name is the most specific, and should be a verb indicating an operation to be performed on the object. The method or operation name is capitalized LikeThis. A reply to a message conventionally has the same name as the message being replied to. When following method call conventions (see ), this convention is mandatory, because a message with multiple possible replies can't be mapped to method call semantics without special-case code. Some implementations of D-BUS may present an API that translates object method calls into D-BUS messages. This document does not specify in detail how such an API should look or work. However, it does specify how message-based protocols should be designed to be friendly to such an API. Remember that D-BUS does not have object references or object instances. So when one application sends the message org.freedesktop.Peer.Ping, it sends it to another application, not to any kind of sub-portion of that application. However, a convenience API used within the recipient application may route all messages that start with org.freedesktop.Peer to a particular object instance, and may invoke the Ping() method on said instance in order to handle the message. This is a convenience API based on method calls. A "method call" consists of a message and, optionally, a reply to that message. The name of the "method" is the last component of the message, for example, org.freedesktop.Peer.Ping would map to the method Ping() on some object. Arguments to a method may be considered "in" (processed by the recipient of the message), or "out" (returned to the sender of the message in the reply). "inout" arguments are both sent and received, i.e. the caller passes in a value which is modified. An "inout" argument is equivalent to an "in" argument, followed by an "out" argument. Given a method with zero or one return values, followed by zero or more arguments, where each argument may be "in", "out", or "inout", the caller constructs a message by appending each "in" or "inout" argument, in order. "out" arguments are not represented in the caller's message. The recipient constructs a reply by appending first the return value if any, then each "out" or "inout" argument, in order. "in" arguments are not represented in the reply message. The standard reply message MUST have the same name as the message being replied to, and MUST set the "rply" header field to the serial number of the message being replied to. If an error occurs, an error reply may be sent in place of the standard reply. Error replies can be identified by a special header flag, see . Error replies have a name which reflects the type of error that occurred. Error replies would generally be mapped to exceptions in a programming language. In the following message definitions, "method call notation" is presented in addition to simply listing the message names and arguments. The special type name ANY means any type other than NIL, and the special type name ANY_OR_NIL means any valid type. [FIXME the messages here are just made up to illustrate the format for defining them] As a method: void Ping () On receipt of the message org.freedesktop.Peer.Ping, an application should reply with org.freedesktop.Peer.Ping. Neither the message nor its reply have any arguments. [FIXME the messages here are just made up to illustrate the format for defining them] As a method: ANY_OR_NIL Get (in STRING property_name) Message arguments: Argument Type Description 0 STRING Name of the property to get Reply arguments: Argument Type Description 0 ANY_OR_NIL The value of the property. The type depends on the property. [FIXME the messages here are just made up to illustrate the format for defining them] The message bus accepts connections from one or more applications. Once connected, applications can send and receive messages from the message bus, as in the peer-to-peer case. The message bus keeps track of a set of services. A service is simply a name, such as com.yoyodyne.Screensaver, which can be owned by one of the connected applications. The message bus itself always owns the special service org.freedesktop.DBus. Messages may have a srvc field (see ). When the message bus receives a message, if the srvc field is absent, the message is taken to be a standard peer-to-peer message and interpreted by the message bus itself. For example, sending an org.freedesktop.Peer.Ping message with no srvc will cause the message bus itself to reply to the ping immediately; the message bus would never make this message visible to other applications. If the srvc field is present, then it indicates a request for the message bus to route the message. In the usual case, messages are routed to the owner of the named service. Messages may also be broadcast by sending them to the special service org.freedesktop.Broadcast. Broadcast messages are sent to all applications with message matching rules that match the message. Continuing the org.freedesktop.Peer.Ping example, if the ping message were sent with a srvc name of com.yoyodyne.Screensaver, then the ping would be forwarded, and the Yoyodyne Corporation screensaver application would be expected to reply to the ping. If org.freedesktop.Peer.Ping were sent to org.freedesktop.Broadcast, then multiple applications might receive the ping, and all would normally reply to it. The special message bus service org.freedesktop.DBus responds to a number of messages, allowing applications to interact with the message bus. As a method: STRING Hello () Reply arguments: Argument Type Description 0 STRING Name of the service assigned to the client Before a client is able to send messages to other clients it must send the org.freedesktop.DBus.Hello message to the message bus service. If a client tries to send a message to another client, or a message to the message bus service that isn't the org.freedesktop.DBus.Hello message, it will be disconnected from the bus. The reply message contains the name of the base service. Any messages sent to the base service will be rereouted by the message bus, delivering it to the client. As a method: STRING_ARRAY ListServices () Reply arguments: Argument Type Description 0 STRING_ARRAY Array of strings where each string is the name of a service Returns a list of all existing services registered with the message bus. As a method: UINT32 ServiceExists (in STRING service_name) Message arguments: Argument Type Description 0 STRING Name of the service Reply arguments: Argument Type Description 0 UINT32 Return value, 1 if the service exists and 0 otherwise Checks if a service with a specified name exists. As a method: UINT32 AcquireService (in STRING service_name) Message arguments: Argument Type Description 0 STRING Name of the service 1 UINT32 Flags Reply arguments: Argument Type Description 0 UINT32 Return value Tries to become owner of a specific service. The flags specified can be the following values logically ORed together: Identifier Value Description DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT 0x1 If the client succeeds in being the owner of the specified service, then ownership of the service can't be transferred until the service disconnects. If this flag is not set, then any client trying to become the owner of the service will succeed and the previous owner will be sent a org.freedesktop.DBus.ServiceLost message. DBUS_SERVICE_FLAGS_REPLACE_EXISTING 0x2 Only become the owner of the service if there is no current owner. The return value can be one of the following values: Identifier Value Description DBUS_SERVICE_REPLY_PRIMARY_OWNER 0x1 The client is now the primary owner of the service. DBUS_SERVICE_REPLY_IN_QUEUE 0x2 The service already has an owner which do not want to give up ownership and therefore the client has been put in a queue. DBUS_SERVICE_REPLY_SERVICE_EXISTS 0x4 The service does already have a primary owner, and DBUS_SERVICE_FLAG_REPLACE_EXISTING was not specified when trying to acquire the service. DBUS_SERVICE_REPLY_ALREADY_OWNER 0x8 The client trying to request ownership of the service is already the owner of it. As a method: ServiceAcquired (in STRING service_name) Message arguments: Argument Type Description 0 STRING Name of the service 1 UINT32 Flags This message is sent to a specific client when it becomes the primary owner of a service. As a method: ServiceLost (in STRING service_name) Message arguments: Argument Type Description 0 STRING Name of the service 1 UINT32 Flags This message is sent to a specific client when it loses primary ownership of a service. As a method: ServiceCreated (in STRING service_name) Message arguments: Argument Type Description 0 STRING Name of the service 1 UINT32 Flags This message is broadcast to all clients when a service has been successfully registered on the message bus. As a method: ServiceDeleted (in STRING service_name) Message arguments: Argument Type Description 0 STRING Name of the service 1 UINT32 Flags This message is broadcast to all clients when a service has been deleted from the message bus. As a method: void ActivateService (in STRING service_name, in UINT32 flags) Message arguments: Argument Type Description 0 STRING Name of the service to activate 1 UINT32 Flags (currently not used) Tries to launch the executable associated with a service. For more information, see the part on A service is a name that identifies a certain client. Each client connected to the message bus has at least one service name acquired through the org.freedesktop.DBus.Hello message. In addition, a client can request additional service names to be associated with it using the org.freedesktop.DBus.AcquireService message. Service ownership handling can be specified in the flags part of the org.freedesktop.DBus.AcquireService message. If a client specifies the DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT flag, then all clients trying to acquire the service will be put in a queue. When the primary owner disconnects from the bus or removes ownership from the service, the next client in the queue will be the primary owner. If the DBUS_SERVICE_FLAGS_PROHIBIT_REPLACEMENT flag is not specified, then the primary owner will lose ownership whenever another client requests ownership of the service. Activation is a way to launch executables that handle certain services. The bus daemon looks in certain directories (possibly different depending on if it's a system bus or a message bus) for service description files. Service description files have the ".service" file extension. The message bus will only load service description files ending with .service; all other files will be ignored. The file format is similar to that of desktop entries. All service description files must be in UTF-8 encoding.

# Sample service description file [D-BUS Service] Name=org.gnome.ConfigurationDatabase Exec=gconfd-2

When a client requests a service to be activated, the bus daemon tries to find it in the list of activation entries. It then tries to spawn the executable associated with it. If this fails, it will report an error. The executable launched will have the environment variable DBUS_ADDRESS set to the address of the server so it can connect and register the appropriate services. Two standard message bus instances are defined here, along with how to locate them. Each time a user logs in, a login session message bus may be started. All applications in the user's login session may interact with one another using this message bus. [specify how to find the address of the login session message bus via environment variable and/or X property] A computer may have a system message bus, accessible to all applications on the system. This message bus may be used to broadcast system events, such as adding new hardware devices. [specify how to find the address of the system message bus] This glossary defines some of the terms used in this specification. Broadcast A message sent to the special org.freedesktop.Broadcast service; the message bus will forward the broadcast message to all clients that have expressed interest in it. Message A message is the atomic unit of communication via the D-BUS protocol. It consists of a header and a body; the body is made up of arguments. Message Bus The message bus is a special application that forwards or broadcasts messages between a group of applications connected to the message bus. It also manages services. Service A service is simply a named application that other applications can refer to. For example, the hypothetical com.yoyodyne.Screensaver service might accept messages that affect a screensaver from Yoyodyne Corporation. An application is said to own a service if the message bus has associated the application with the service name.