summaryrefslogtreecommitdiffstats
path: root/src/pulsecore/protocol-native.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2006-07-19 21:48:35 +0000
committerLennart Poettering <lennart@poettering.net>2006-07-19 21:48:35 +0000
commita382492204ad3588c0c837e120e5bc31578df72a (patch)
tree3b9abb372bc4f5882136be2eaa821cc7f137a4b3 /src/pulsecore/protocol-native.c
parent340803b30c154ead29795454416592ff9d0e0df2 (diff)
* add new function pa_check_in_group()
* abstract credential APis a little bit by introducing HAVE_CREDS and a structure pa_creds * rework credential authentication * fix module-volume-restore and friends for usage in system-wide instance * remove loopback= argument from moulde-*-protocol-tcp since it is a superset of listen= and usually a bad idea anyway since the user shouldn't load the TCP module at all if he doesn't want remote access * rename a few variables in the jack modules to make sure they don't conflict with symbols defined in the system headers * add server address for system-wide daemons to the default server list for the the client libs * update todo git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1109 fefdeb5f-60dc-0310-8127-8f9354f1896f
Diffstat (limited to 'src/pulsecore/protocol-native.c')
-rw-r--r--src/pulsecore/protocol-native.c55
1 files changed, 37 insertions, 18 deletions
diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c
index 14f880d7..2775d774 100644
--- a/src/pulsecore/protocol-native.c
+++ b/src/pulsecore/protocol-native.c
@@ -55,6 +55,8 @@
#include <pulsecore/props.h>
#include <pulsecore/sample-util.h>
#include <pulsecore/llist.h>
+#include <pulsecore/creds.h>
+#include <pulsecore/core-util.h>
#include "protocol-native.h"
@@ -134,7 +136,7 @@ struct pa_protocol_native {
pa_idxset *connections;
uint8_t auth_cookie[PA_NATIVE_COOKIE_LENGTH];
int auth_cookie_in_property;
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
char *auth_group;
#endif
};
@@ -910,25 +912,32 @@ static void command_auth(PA_GCC_UNUSED pa_pdispatch *pd, PA_GCC_UNUSED uint32_t
if (!c->authorized) {
int success = 0;
-#ifdef SCM_CREDENTIALS
- const struct ucred *ucred = pa_pdispatch_creds(pd);
+#ifdef HAVE_CREDS
+ const pa_creds *creds;
- if (ucred) {
- if (ucred->uid == getuid())
+ if ((creds = pa_pdispatch_creds(pd))) {
+ if (creds->uid == getuid())
success = 1;
else if (c->protocol->auth_group) {
int r;
-
- if ((r = pa_uid_in_group(ucred->uid, c->protocol->auth_group)) < 0)
- pa_log_warn(__FILE__": failed to check group membership.");
- else if (r > 0)
+ gid_t gid;
+
+ if ((gid = pa_get_gid_of_group(c->protocol->auth_group)) == (gid_t) -1)
+ pa_log_warn(__FILE__": failed to get GID of group '%s'", c->protocol->auth_group);
+ else if (gid == creds->gid)
success = 1;
+
+ if (!success) {
+ if ((r = pa_uid_in_group(creds->uid, c->protocol->auth_group)) < 0)
+ pa_log_warn(__FILE__": failed to check group membership.");
+ else if (r > 0)
+ success = 1;
+ }
}
- pa_log_info(__FILE__": Got credentials: pid=%lu uid=%lu gid=%lu auth=%i",
- (unsigned long) ucred->pid,
- (unsigned long) ucred->uid,
- (unsigned long) ucred->gid,
+ pa_log_info(__FILE__": Got credentials: uid=%lu gid=%lu success=%i",
+ (unsigned long) creds->uid,
+ (unsigned long) creds->gid,
success);
}
#endif
@@ -2100,7 +2109,7 @@ static void command_get_autoload_info_list(PA_GCC_UNUSED pa_pdispatch *pd, PA_GC
/*** pstream callbacks ***/
-static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const struct ucred *creds, void *userdata) {
+static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const pa_creds *creds, void *userdata) {
struct connection *c = userdata;
assert(p && packet && packet->data && c);
@@ -2272,7 +2281,7 @@ static void on_connection(PA_GCC_UNUSED pa_socket_server*s, pa_iochannel *io, vo
pa_idxset_put(p->connections, c, NULL);
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
if (pa_iochannel_creds_supported(io))
pa_iochannel_creds_enable(io);
@@ -2323,8 +2332,18 @@ static pa_protocol_native* protocol_new_internal(pa_core *c, pa_module *m, pa_mo
p->public = public;
p->server = NULL;
-#ifdef SCM_CREDENTIALS
- p->auth_group = pa_xstrdup(pa_modargs_get_value(ma, "auth-group", NULL));
+#ifdef HAVE_CREDS
+ {
+ int a = 1;
+ if (pa_modargs_get_value_boolean(ma, "auth-group-enabled", &a) < 0) {
+ pa_log(__FILE__": auth-group-enabled= expects a boolean argument.");
+ return NULL;
+ }
+ p->auth_group = a ? pa_xstrdup(pa_modargs_get_value(ma, "auth-group", c->is_system_instance ? PA_ACCESS_GROUP : NULL)) : NULL;
+
+ if (p->auth_group)
+ pa_log_info(__FILE__": Allowing access to group '%s'.", p->auth_group);
+ }
#endif
if (load_key(p, pa_modargs_get_value(ma, "cookie", NULL)) < 0) {
@@ -2386,7 +2405,7 @@ void pa_protocol_native_free(pa_protocol_native *p) {
if (p->auth_cookie_in_property)
pa_authkey_prop_unref(p->core, PA_NATIVE_COOKIE_PROPERTY_NAME);
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
pa_xfree(p->auth_group);
#endif
pa_xfree(p);