-/* $Id$ */
-
/***
- This file is part of polypaudio.
-
- polypaudio is free software; you can redistribute it and/or modify
+ This file is part of PulseAudio.
+
+ Copyright 2004-2006 Lennart Poettering
+ Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
+
+ PulseAudio is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
-
- polypaudio is distributed in the hope that it will be useful, but
+
+ PulseAudio is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-
+
You should have received a copy of the GNU Lesser General Public License
- along with polypaudio; if not, write to the Free Software
+ along with PulseAudio; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA.
***/
#include <config.h>
#endif
-#include <assert.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
+#include <sys/types.h>
+
+#include <pulse/i18n.h>
+
+#include <pulsecore/macro.h>
+#include <pulsecore/core-error.h>
+#include <pulsecore/log.h>
#ifdef HAVE_SYS_CAPABILITY_H
#include <sys/capability.h>
#endif
-
-#include <polyp/error.h>
-
-#include <polypcore/log.h>
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
#include "caps.h"
/* Drop root rights when called SUID root */
void pa_drop_root(void) {
uid_t uid = getuid();
-
+
if (uid == 0 || geteuid() != 0)
return;
- pa_log_info(__FILE__": dropping root rights.");
+ pa_log_info(_("Dropping root priviliges."));
#if defined(HAVE_SETRESUID)
- setresuid(uid, uid, uid);
+ pa_assert_se(setresuid(uid, uid, uid) >= 0);
#elif defined(HAVE_SETREUID)
- setreuid(uid, uid);
+ pa_assert_se(setreuid(uid, uid) >= 0);
#else
- setuid(uid);
- seteuid(uid);
+ pa_assert_se(setuid(uid) >= 0);
+ pa_assert_se(seteuid(uid) >= 0);
#endif
+
+ pa_assert_se(getuid() == uid);
+ pa_assert_se(geteuid() == uid);
}
#else
#endif
-#ifdef HAVE_SYS_CAPABILITY_H
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_SYS_PRCTL_H)
-/* Limit capabilities set to CAPSYS_NICE */
-int pa_limit_caps(void) {
- int r = -1;
+/* Limit permitted capabilities set to CAPSYS_NICE */
+void pa_limit_caps(void) {
cap_t caps;
cap_value_t nice_cap = CAP_SYS_NICE;
- caps = cap_init();
- assert(caps);
-
- cap_clear(caps);
-
- cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET);
- cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET);
+ pa_assert_se(caps = cap_init());
+ pa_assert_se(cap_clear(caps) == 0);
+ pa_assert_se(cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET) == 0);
+ pa_assert_se(cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET) == 0);
if (cap_set_proc(caps) < 0)
- goto fail;
+ /* Hmm, so we couldn't limit our caps, which probably means we
+ * hadn't any in the first place, so let's just make sure of
+ * that */
+ pa_drop_caps();
+ else
+ pa_log_info(_("Limited capabilities successfully to CAP_SYS_NICE."));
- pa_log_info(__FILE__": dropped capabilities successfully.");
-
- r = 0;
+ pa_assert_se(cap_free(caps) == 0);
-fail:
- cap_free (caps);
-
- return r;
+ pa_assert_se(prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == 0);
}
/* Drop all capabilities, effectively becoming a normal user */
-int pa_drop_caps(void) {
+void pa_drop_caps(void) {
cap_t caps;
- int r = -1;
- caps = cap_init();
- assert(caps);
+#ifndef __OPTIMIZE__
+ /* Valgrind doesn't not know set_caps, so we bypass it here -- but
+ * only in development builds.*/
+
+ if (pa_in_valgrind() && !pa_have_caps())
+ return;
+#endif
+
+ pa_assert_se(prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == 0);
+
+ pa_assert_se(caps = cap_init());
+ pa_assert_se(cap_clear(caps) == 0);
+ pa_assert_se(cap_set_proc(caps) == 0);
+ pa_assert_se(cap_free(caps) == 0);
+
+ pa_assert_se(!pa_have_caps());
+}
- cap_clear(caps);
+pa_bool_t pa_have_caps(void) {
+ cap_t caps;
+ cap_flag_value_t flag = CAP_CLEAR;
- if (cap_set_proc(caps) < 0) {
- pa_log(__FILE__": failed to drop capabilities: %s", pa_cstrerror(errno));
- goto fail;
- }
-
- r = 0;
+#ifdef __OPTIMIZE__
+ pa_assert_se(caps = cap_get_proc());
+#else
+ if (!(caps = cap_get_proc()))
+ return FALSE;
+#endif
+ pa_assert_se(cap_get_flag(caps, CAP_SYS_NICE, CAP_EFFECTIVE, &flag) >= 0);
+ pa_assert_se(cap_free(caps) == 0);
-fail:
- cap_free (caps);
-
- return r;
+ return flag == CAP_SET;
}
#else
/* NOOPs in case capabilities are not available. */
-int pa_limit_caps(void) {
- return 0;
+void pa_limit_caps(void) {
}
-int pa_drop_caps(void) {
+void pa_drop_caps(void) {
pa_drop_root();
- return 0;
}
-#endif
+pa_bool_t pa_have_caps(void) {
+ return FALSE;
+}
+#endif