From ed36241085da8f797adf7d70ab702fee10e8cba0 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 23 Sep 2004 22:42:49 +0000
Subject: allow high priority scheduling only for users in group "realtime"

git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@238 fefdeb5f-60dc-0310-8127-8f9354f1896f
---
 polyp/caps.c | 26 ++++++++++++++----------
 polyp/main.c | 26 +++++++++++++++++-------
 polyp/util.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 polyp/util.h |  1 +
 4 files changed, 96 insertions(+), 21 deletions(-)

diff --git a/polyp/caps.c b/polyp/caps.c
index db00c604..258e13e4 100644
--- a/polyp/caps.c
+++ b/polyp/caps.c
@@ -36,14 +36,19 @@
 #include "caps.h"
 
 void pa_drop_root(void) {
-    if (getuid() != 0 && geteuid() == 0) {
-        pa_log(__FILE__": Started SUID root, dropping root rights.\n");
-        setuid(getuid());
-        seteuid(getuid());
-    }
+    uid_t uid = getuid();
+    
+    if (uid == 0 || geteuid() != 0)
+        return;
+    
+    pa_log(__FILE__": dropping root rights.\n");
+    
+    setuid(uid);
+    seteuid(uid);
 }
 
 #ifdef HAVE_SYS_CAPABILITY_H
+
 int pa_limit_caps(void) {
     int r = -1;
     cap_t caps;
@@ -53,14 +58,15 @@ int pa_limit_caps(void) {
     assert(caps);
 
     cap_clear(caps);
+
     cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET);
     cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET);
 
     if (cap_set_proc(caps) < 0)
         goto fail;
 
-    pa_log(__FILE__": Started SUID root, capabilities limited.\n");
-
+    pa_log(__FILE__": dropped capabilities successfully.\n");
+    
     r = 0;
 
 fail:
@@ -78,10 +84,10 @@ int pa_drop_caps(void) {
 
     cap_clear(caps);
 
-    if (cap_set_proc(caps) < 0)
+    if (cap_set_proc(caps) < 0) {
+        pa_log(__FILE__": failed to drop capabilities: %s\n", strerror(errno));
         goto fail;
-
-    pa_drop_root();
+    }
     
     r = 0;
 
diff --git a/polyp/main.c b/polyp/main.c
index 0e55528d..08677f7f 100644
--- a/polyp/main.c
+++ b/polyp/main.c
@@ -49,8 +49,6 @@
 #include "dumpmodules.h"
 #include "caps.h"
 
-static struct pa_mainloop *mainloop;
-
 static void signal_callback(struct pa_mainloop_api*m, struct pa_signal_event *e, int sig, void *userdata) {
     pa_log(__FILE__": Got signal %s.\n", pa_strsignal(sig));
 
@@ -84,22 +82,33 @@ int main(int argc, char *argv[]) {
     struct pa_core *c;
     struct pa_strbuf *buf = NULL;
     struct pa_daemon_conf *conf;
+    struct pa_mainloop *mainloop;
+
     char *s;
     int r, retval = 1, d = 0;
     int daemon_pipe[2] = { -1, -1 };
+    gid_t gid = (gid_t) -1;
+    int suid_root;
 
     pa_limit_caps();
+
+    suid_root = getuid() != 0 && geteuid() == 0;
+    
+    if (suid_root && (pa_uid_in_group("realtime", &gid) <= 0 || gid >= 1000)) {
+        pa_log(__FILE__": WARNING: called SUID root, but not in group 'realtime'.\n");
+        pa_drop_root();
+    }
     
     r = lt_dlinit();
     assert(r == 0);
     
     pa_log_set_ident("polypaudio");
-
+    
     conf = pa_daemon_conf_new();
-
+    
     if (pa_daemon_conf_load(conf, NULL) < 0)
         goto finish;
-
+    
     if (pa_daemon_conf_env(conf) < 0)
         goto finish;
     
@@ -107,13 +116,16 @@ int main(int argc, char *argv[]) {
         pa_log(__FILE__": failed to parse command line.\n");
         goto finish;
     }
-
+    
     pa_log_set_target(conf->auto_log_target ? PA_LOG_STDERR : conf->log_target, NULL);
 
     if (conf->high_priority && conf->cmd == PA_CMD_DAEMON)
         pa_raise_priority();
-    
+
     pa_drop_caps();
+
+    if (suid_root)
+        pa_drop_root();
     
     if (conf->dl_search_path)
         lt_dlsetsearchpath(conf->dl_search_path);
diff --git a/polyp/util.c b/polyp/util.c
index 7148654a..1246bbb5 100644
--- a/polyp/util.c
+++ b/polyp/util.c
@@ -41,11 +41,8 @@
 #include <sched.h>
 #include <sys/resource.h>
 #include <limits.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 #include <unistd.h>
-
+#include <grp.h>
 
 #include <samplerate.h>
 
@@ -444,3 +441,62 @@ int pa_parse_resample_method(const char *string) {
     else
         return -1;
 }
+
+static int is_group(gid_t gid, const char *name) {
+    struct group group, *result = NULL;
+    long n = sysconf(_SC_GETGR_R_SIZE_MAX);
+    void *data;
+    int r = -1;
+    
+    assert(n > 0);
+    data = pa_xmalloc(n);
+
+    if (getgrgid_r(gid, &group, data, n, &result) < 0 || !result) {
+        pa_log(__FILE__ ": getgrgid_r(%u) failed: %s\n", gid, strerror(errno));
+        goto finish;
+    }
+
+    
+    r = strcmp(name, result->gr_name) == 0;
+    
+finish:
+    pa_xfree(data);
+    
+    return r;
+}
+
+int pa_uid_in_group(const char *name, gid_t *gid) {
+    gid_t *gids, tgid;
+    long n = sysconf(_SC_NGROUPS_MAX);
+    int r = -1, i;
+
+    assert(n > 0);
+    
+    gids = pa_xmalloc(sizeof(gid_t)*n);
+    
+    if ((n = getgroups(n, gids)) < 0) {
+        pa_log(__FILE__": getgroups() failed: %s\n", strerror(errno));
+        goto finish;
+    }
+
+    for (i = 0; i < n; i++) {
+        if (is_group(gids[i], name) > 0) {
+            *gid = gids[i];
+            r = 1;
+            goto finish;
+        }
+    }
+
+    if (is_group(tgid = getgid(), name) > 0) {
+        *gid = tgid;
+        r = 1;
+        goto finish;
+    }
+
+    r = 0;
+    
+finish:
+
+    pa_xfree(gids);
+    return r;
+}
diff --git a/polyp/util.h b/polyp/util.h
index 4a387cef..8f4323f6 100644
--- a/polyp/util.h
+++ b/polyp/util.h
@@ -66,5 +66,6 @@ const char *pa_strsignal(int sig);
 
 int pa_parse_resample_method(const char *string);
 
+int pa_uid_in_group(const char *name, gid_t *gid);
 
 #endif
-- 
cgit