1 files changed, 56 insertions, 58 deletions

diff --git a/src/daemon/caps.c b/src/daemon/caps.c
index cebdaebc..ae07119c 100644
--- a/src/daemon/caps.c
+++ b/src/daemon/caps.c
@@ -1,18 +1,19 @@
-/* $Id$ */
-
 /***
   This file is part of PulseAudio.
- 
+
+  Copyright 2004-2006 Lennart Poettering
+  Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
+
   PulseAudio is free software; you can redistribute it and/or modify
   it under the terms of the GNU Lesser General Public License as published
   by the Free Software Foundation; either version 2 of the License,
   or (at your option) any later version.
- 
+
   PulseAudio is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
   General Public License for more details.
- 
+
   You should have received a copy of the GNU Lesser General Public License
   along with PulseAudio; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
@@ -23,15 +24,18 @@
 #include <config.h>
 #endif
 
-#include <assert.h>
 #include <unistd.h>
 #include <errno.h>
 #include <string.h>
 #include <sys/types.h>
+#include <pulsecore/macro.h>
 
 #ifdef HAVE_SYS_CAPABILITY_H
 #include <sys/capability.h>
 #endif
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
 
 #include <pulsecore/core-error.h>
 
@@ -50,20 +54,23 @@ int setresuid(uid_t r, uid_t e, uid_t s);
 /* Drop root rights when called SUID root */
 void pa_drop_root(void) {
     uid_t uid = getuid();
-    
+
     if (uid == 0 || geteuid() != 0)
         return;
 
-    pa_log_info("dropping root rights.");
+    pa_log_info("Dropping root priviliges.");
 
 #if defined(HAVE_SETRESUID)
-    setresuid(uid, uid, uid);
+    pa_assert_se(setresuid(uid, uid, uid) >= 0);
 #elif defined(HAVE_SETREUID)
-    setreuid(uid, uid);
+    pa_assert_se(setreuid(uid, uid) >= 0);
 #else
-    setuid(uid);
-    seteuid(uid);
+    pa_assert_se(setuid(uid) >= 0);
+    pa_assert_se(seteuid(uid) >= 0);
 #endif
+
+    pa_assert_se(getuid() == uid);
+    pa_assert_se(geteuid() == uid);
 }
 
 #else
@@ -73,77 +80,68 @@ void pa_drop_root(void) {
 
 #endif
 
-#ifdef HAVE_SYS_CAPABILITY_H
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_SYS_PRCTL_H)
 
-/* Limit capabilities set to CAPSYS_NICE */
-int pa_limit_caps(void) {
-    int r = -1;
+/* Limit permitted capabilities set to CAPSYS_NICE */
+void pa_limit_caps(void) {
     cap_t caps;
     cap_value_t nice_cap = CAP_SYS_NICE;
 
-    /* Only drop caps when called SUID */
-    if (getuid() == 0)
-        return 0;
-
-    caps = cap_init();
-    assert(caps);
-
-    cap_clear(caps);
-
-    cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET);
-    cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET);
+    pa_assert_se(caps = cap_init());
+    pa_assert_se(cap_clear(caps) == 0);
+    pa_assert_se(cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET) == 0);
+    pa_assert_se(cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET) == 0);
 
     if (cap_set_proc(caps) < 0)
-        goto fail;
+        /* Hmm, so we couldn't limit our caps, which probably means we
+         * hadn't any in the first place, so let's just make sure of
+         * that */
+        pa_drop_caps();
+    else
+        pa_log_info("Limited capabilities successfully to CAP_SYS_NICE.");
 
-    pa_log_info("dropped capabilities successfully."); 
-    
-    r = 0;
+    pa_assert_se(cap_free(caps) == 0);
 
-fail:
-    cap_free (caps);
-    
-    return r;
+    pa_assert_se(prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == 0);
 }
 
 /* Drop all capabilities, effectively becoming a normal user */
-int pa_drop_caps(void) {
+void pa_drop_caps(void) {
     cap_t caps;
-    int r = -1;
 
-    /* Only drop caps when called SUID */
-    if (getuid() == 0)
-        return 0;
+    pa_assert_se(prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == 0);
 
-    caps = cap_init();
-    assert(caps);
+    pa_assert_se(caps = cap_init());
+    pa_assert_se(cap_clear(caps) == 0);
+    pa_assert_se(cap_set_proc(caps) == 0);
+    pa_assert_se(cap_free(caps) == 0);
 
-    cap_clear(caps);
+    pa_assert_se(!pa_have_caps());
+}
 
-    if (cap_set_proc(caps) < 0) {
-        pa_log("failed to drop capabilities: %s", pa_cstrerror(errno));
-        goto fail;
-    }
-    
-    r = 0;
+pa_bool_t pa_have_caps(void) {
+    cap_t caps;
+    cap_flag_value_t flag = CAP_CLEAR;
 
-fail:
-    cap_free (caps);
-    
-    return r;
+    pa_assert_se(caps = cap_get_proc());
+    pa_assert_se(cap_get_flag(caps, CAP_SYS_NICE, CAP_EFFECTIVE, &flag) >= 0);
+    pa_assert_se(cap_free(caps) == 0);
+
+    return flag == CAP_SET;
 }
 
 #else
 
 /* NOOPs in case capabilities are not available. */
-int pa_limit_caps(void) {
-    return 0;
+void pa_limit_caps(void) {
 }
 
-int pa_drop_caps(void) {
+void pa_drop_caps(void) {
     pa_drop_root();
-    return 0;
 }
 
-#endif
+pa_bool_t pa_have_caps(void) {
+    return FALSE;
+}
 
+#endif