From 9c87a65ce91c38b60c19ae108a51a2e8ce46a85c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 19 Jul 2006 17:44:19 +0000
Subject: * add new --system command line parameter to the daemon for running
 PulseAudio as system-wide instance * add PA_ prefixes to all global #defines
 * modify auth-by-creds: define a new group "pulse-access" which is used for
 authentication * add proper privilige dropping when running in --system mode
 * create runtime directory once on startup and not by each module seperately

git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1105 fefdeb5f-60dc-0310-8127-8f9354f1896f
---
 src/pulse/client-conf.c | 19 ++++++++-----------
 src/pulse/client-conf.h |  2 +-
 src/pulse/context.c     | 24 +++++++++++++++++++++---
 3 files changed, 30 insertions(+), 15 deletions(-)

(limited to 'src/pulse')

diff --git a/src/pulse/client-conf.c b/src/pulse/client-conf.c
index 5cebcf46..28b4f2d1 100644
--- a/src/pulse/client-conf.c
+++ b/src/pulse/client-conf.c
@@ -39,21 +39,13 @@
 
 #include "client-conf.h"
 
-#ifndef DEFAULT_CONFIG_DIR
-# ifndef OS_IS_WIN32
-#  define DEFAULT_CONFIG_DIR "/etc/pulse"
-# else
-#  define DEFAULT_CONFIG_DIR "%PULSE_ROOT%"
-# endif
-#endif
-
 #ifndef OS_IS_WIN32
 # define PATH_SEP "/"
 #else
 # define PATH_SEP "\\"
 #endif
 
-#define DEFAULT_CLIENT_CONFIG_FILE DEFAULT_CONFIG_DIR PATH_SEP "client.conf"
+#define DEFAULT_CLIENT_CONFIG_FILE PA_DEFAULT_CONFIG_DIR PATH_SEP "client.conf"
 #define DEFAULT_CLIENT_CONFIG_FILE_USER ".pulse" PATH_SEP "client.conf"
 
 #define ENV_CLIENT_CONFIG_FILE "PULSE_CLIENTCONFIG"
@@ -71,15 +63,17 @@ static const pa_client_conf default_conf = {
     .default_server = NULL,
     .autospawn = 0,
     .cookie_file = NULL,
-    .cookie_valid = 0
+    .cookie_valid = 0,
+    .access_group = NULL
 };
 
 pa_client_conf *pa_client_conf_new(void) {
     pa_client_conf *c = pa_xmemdup(&default_conf, sizeof(default_conf));
     
-    c->daemon_binary = pa_xstrdup(PULSEAUDIO_BINARY);
+    c->daemon_binary = pa_xstrdup(PA_BINARY);
     c->extra_arguments = pa_xstrdup("--log-target=syslog --exit-idle-time=5");
     c->cookie_file = pa_xstrdup(PA_NATIVE_COOKIE_FILE);
+    c->access_group = pa_xstrdup(PA_ACCESS_GROUP);
     
     return c;
 }
@@ -92,6 +86,7 @@ void pa_client_conf_free(pa_client_conf *c) {
     pa_xfree(c->default_source);
     pa_xfree(c->default_server);
     pa_xfree(c->cookie_file);
+    pa_xfree(c->access_group);
     pa_xfree(c);
 }
 int pa_client_conf_load(pa_client_conf *c, const char *filename) {
@@ -108,6 +103,7 @@ int pa_client_conf_load(pa_client_conf *c, const char *filename) {
         { "default-server",         pa_config_parse_string,  NULL },
         { "autospawn",              pa_config_parse_bool,    NULL },
         { "cookie-file",            pa_config_parse_string,  NULL },
+        { "access-group",           pa_config_parse_string,  NULL },
         { NULL,                     NULL,                    NULL },
     };
 
@@ -118,6 +114,7 @@ int pa_client_conf_load(pa_client_conf *c, const char *filename) {
     table[4].data = &c->default_server;
     table[5].data = &c->autospawn;
     table[6].data = &c->cookie_file;
+    table[7].data = &c->access_group;
 
     f = filename ?
         fopen((fn = pa_xstrdup(filename)), "r") :
diff --git a/src/pulse/client-conf.h b/src/pulse/client-conf.h
index a532f0df..dfb1148d 100644
--- a/src/pulse/client-conf.h
+++ b/src/pulse/client-conf.h
@@ -27,7 +27,7 @@
 /* A structure containing configuration data for PulseAudio clients. */
 
 typedef struct pa_client_conf {
-    char *daemon_binary, *extra_arguments, *default_sink, *default_source, *default_server, *cookie_file;
+    char *daemon_binary, *extra_arguments, *default_sink, *default_source, *default_server, *cookie_file, *access_group;
     int autospawn;
     uint8_t cookie[PA_NATIVE_COOKIE_LENGTH];
     int cookie_valid; /* non-zero, when cookie is valid */
diff --git a/src/pulse/context.c b/src/pulse/context.c
index 228053bc..a25e2f78 100644
--- a/src/pulse/context.c
+++ b/src/pulse/context.c
@@ -33,6 +33,8 @@
 #include <errno.h>
 #include <signal.h>
 #include <limits.h>
+#include <sys/socket.h>
+#include <sys/un.h>
 
 #ifdef HAVE_SYS_WAIT_H
 #include <sys/wait.h>
@@ -270,7 +272,7 @@ static void pstream_die_callback(pa_pstream *p, void *userdata) {
     pa_context_fail(c, PA_ERR_CONNECTIONTERMINATED);
 }
 
-static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const void *creds, void *userdata) {
+static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const struct ucred *creds, void *userdata) {
     pa_context *c = userdata;
     
     assert(p);
@@ -420,7 +422,23 @@ static void setup_context(pa_context *c, pa_iochannel *io) {
     t = pa_tagstruct_command(c, PA_COMMAND_AUTH, &tag);
     pa_tagstruct_putu32(t, PA_PROTOCOL_VERSION);
     pa_tagstruct_put_arbitrary(t, c->conf->cookie, sizeof(c->conf->cookie));
-    pa_pstream_send_tagstruct_with_creds(c->pstream, t, 1);
+
+#ifdef SCM_CREDENTIALS
+{
+    struct ucred ucred;
+
+    ucred.pid = getpid();
+    ucred.uid = getuid();
+                   
+    if ((ucred.gid = pa_get_gid_of_group(PA_ACCESS_GROUP)) == (gid_t) -1)
+        ucred.gid = getgid();
+    
+    pa_pstream_send_tagstruct_with_creds(c->pstream, t, &ucred);
+}
+#else
+    pa_pstream_send_tagstruct_with_creds(c->pstream, t, NULL);
+#endif
+    
     pa_pdispatch_register_reply(c->pdispatch, tag, DEFAULT_TIMEOUT, setup_complete_callback, c, NULL);
 
     pa_context_set_state(c, PA_CONTEXT_AUTHORIZING);
@@ -680,7 +698,7 @@ int pa_context_connect(
             char lf[PATH_MAX];
 
             pa_runtime_path(AUTOSPAWN_LOCK, lf, sizeof(lf));
-            pa_make_secure_parent_dir(lf);
+            pa_make_secure_parent_dir(lf, 0700, getuid(), getgid());
             assert(c->autospawn_lock_fd <= 0);
             c->autospawn_lock_fd = pa_lock_lockfile(lf);
 
-- 
cgit