]> code.delx.au - pulseaudio/blob - src/daemon/main.c
delx.au / code / pulseaudio / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
never stay root after startup, even if we don't have capabilites
[pulseaudio] / src / daemon / main.c
1 /* $Id$ */
2
3 /***
4 This file is part of PulseAudio.
5
6 Copyright 2004-2006 Lennart Poettering
7 Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
8
9 PulseAudio is free software; you can redistribute it and/or modify
10 it under the terms of the GNU Lesser General Public License as published
11 by the Free Software Foundation; either version 2 of the License,
12 or (at your option) any later version.
13
14 PulseAudio is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public License
20 along with PulseAudio; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
22 USA.
23 ***/
24
25 #ifdef HAVE_CONFIG_H
26 #include <config.h>
27 #endif
28
29 #include <unistd.h>
30 #include <errno.h>
31 #include <string.h>
32 #include <stdlib.h>
33 #include <stdio.h>
34 #include <signal.h>
35 #include <stddef.h>
36 #include <assert.h>
37 #include <ltdl.h>
38 #include <limits.h>
39 #include <fcntl.h>
40 #include <unistd.h>
41 #include <locale.h>
42 #include <sys/types.h>
43
44 #include <liboil/liboil.h>
45
46 #ifdef HAVE_SYS_IOCTL_H
47 #include <sys/ioctl.h>
48 #endif
49
50 #ifdef HAVE_PWD_H
51 #include <pwd.h>
52 #endif
53 #ifdef HAVE_GRP_H
54 #include <grp.h>
55 #endif
56
57 #ifdef HAVE_LIBWRAP
58 #include <syslog.h>
59 #include <tcpd.h>
60 #endif
61
62 #include "../pulsecore/winsock.h"
63
64 #include <pulse/mainloop.h>
65 #include <pulse/mainloop-signal.h>
66 #include <pulse/timeval.h>
67 #include <pulse/xmalloc.h>
68
69 #include <pulsecore/core-error.h>
70 #include <pulsecore/core.h>
71 #include <pulsecore/memblock.h>
72 #include <pulsecore/module.h>
73 #include <pulsecore/cli-command.h>
74 #include <pulsecore/log.h>
75 #include <pulsecore/core-util.h>
76 #include <pulsecore/sioman.h>
77 #include <pulsecore/cli-text.h>
78 #include <pulsecore/pid.h>
79 #include <pulsecore/namereg.h>
80 #include <pulsecore/random.h>
81
82 #include "cmdline.h"
83 #include "cpulimit.h"
84 #include "daemon-conf.h"
85 #include "dumpmodules.h"
86 #include "caps.h"
87
88 #ifdef HAVE_LIBWRAP
89 /* Only one instance of these variables */
90 int allow_severity = LOG_INFO;
91 int deny_severity = LOG_WARNING;
92 #endif
93
94 #ifdef HAVE_OSS
95 /* padsp looks for this symbol in the running process and disables
96 * itself if it finds it and it is set to 7 (which is actually a bit
97 * mask). For details see padsp. */
98 int __padsp_disabled__ = 7;
99 #endif
100
101 #ifdef OS_IS_WIN32
102
103 static void message_cb(pa_mainloop_api*a, pa_time_event*e, PA_GCC_UNUSED const struct timeval *tv, void *userdata) {
104 MSG msg;
105 struct timeval tvnext;
106
107 while(PeekMessage(&msg, NULL, 0, 0, PM_REMOVE)) {
108 if (msg.message == WM_QUIT)
109 raise(SIGTERM);
110 else {
111 TranslateMessage(&msg);
112 DispatchMessage(&msg);
113 }
114 }
115
116 pa_timeval_add(pa_gettimeofday(&tvnext), 100000);
117 a->time_restart(e, &tvnext);
118 }
119
120 #endif
121
122 static void signal_callback(pa_mainloop_api*m, PA_GCC_UNUSED pa_signal_event *e, int sig, void *userdata) {
123 pa_log_info("Got signal %s.", pa_strsignal(sig));
124
125 switch (sig) {
126 #ifdef SIGUSR1
127 case SIGUSR1:
128 pa_module_load(userdata, "module-cli", NULL);
129 break;
130 #endif
131
132 #ifdef SIGUSR2
133 case SIGUSR2:
134 pa_module_load(userdata, "module-cli-protocol-unix", NULL);
135 break;
136 #endif
137
138 #ifdef SIGHUP
139 case SIGHUP: {
140 char *c = pa_full_status_string(userdata);
141 pa_log_notice("%s", c);
142 pa_xfree(c);
143 return;
144 }
145 #endif
146
147 case SIGINT:
148 case SIGTERM:
149 default:
150 pa_log_info("Exiting.");
151 m->quit(m, 1);
152 break;
153 }
154 }
155
156 static void close_pipe(int p[2]) {
157 if (p[0] != -1)
158 close(p[0]);
159 if (p[1] != -1)
160 close(p[1]);
161 p[0] = p[1] = -1;
162 }
163
164 #define set_env(key, value) putenv(pa_sprintf_malloc("%s=%s", (key), (value)))
165
166 #if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
167
168 static int change_user(void) {
169 struct passwd *pw;
170 struct group * gr;
171 int r;
172
173 /* This function is called only in system-wide mode. It creates a
174 * runtime dir in /var/run/ with proper UID/GID and drops privs
175 * afterwards. */
176
177 if (!(pw = getpwnam(PA_SYSTEM_USER))) {
178 pa_log("Failed to find user '%s'.", PA_SYSTEM_USER);
179 return -1;
180 }
181
182 if (!(gr = getgrnam(PA_SYSTEM_GROUP))) {
183 pa_log("Failed to find group '%s'.", PA_SYSTEM_GROUP);
184 return -1;
185 }
186
187 pa_log_info("Found user '%s' (UID %lu) and group '%s' (GID %lu).",
188 PA_SYSTEM_USER, (unsigned long) pw->pw_uid,
189 PA_SYSTEM_GROUP, (unsigned long) gr->gr_gid);
190
191 if (pw->pw_gid != gr->gr_gid) {
192 pa_log("GID of user '%s' and of group '%s' don't match.", PA_SYSTEM_USER, PA_SYSTEM_GROUP);
193 return -1;
194 }
195
196 if (strcmp(pw->pw_dir, PA_SYSTEM_RUNTIME_PATH) != 0)
197 pa_log_warn("Warning: home directory of user '%s' is not '%s', ignoring.", PA_SYSTEM_USER, PA_SYSTEM_RUNTIME_PATH);
198
199 if (pa_make_secure_dir(PA_SYSTEM_RUNTIME_PATH, 0755, pw->pw_uid, gr->gr_gid) < 0) {
200 pa_log("Failed to create '%s': %s", PA_SYSTEM_RUNTIME_PATH, pa_cstrerror(errno));
201 return -1;
202 }
203
204 if (initgroups(PA_SYSTEM_USER, gr->gr_gid) != 0) {
205 pa_log("Failed to change group list: %s", pa_cstrerror(errno));
206 return -1;
207 }
208
209 #if defined(HAVE_SETRESGID)
210 r = setresgid(gr->gr_gid, gr->gr_gid, gr->gr_gid);
211 #elif defined(HAVE_SETEGID)
212 if ((r = setgid(gr->gr_gid)) >= 0)
213 r = setegid(gr->gr_gid);
214 #elif defined(HAVE_SETREGID)
215 r = setregid(gr->gr_gid, gr->gr_gid);
216 #else
217 #error "No API to drop priviliges"
218 #endif
219
220 if (r < 0) {
221 pa_log("Failed to change GID: %s", pa_cstrerror(errno));
222 return -1;
223 }
224
225 #if defined(HAVE_SETRESUID)
226 r = setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid);
227 #elif defined(HAVE_SETEUID)
228 if ((r = setuid(pw->pw_uid)) >= 0)
229 r = seteuid(pw->pw_uid);
230 #elif defined(HAVE_SETREUID)
231 r = setreuid(pw->pw_uid, pw->pw_uid);
232 #else
233 #error "No API to drop priviliges"
234 #endif
235
236 if (r < 0) {
237 pa_log("Failed to change UID: %s", pa_cstrerror(errno));
238 return -1;
239 }
240
241 set_env("USER", PA_SYSTEM_USER);
242 set_env("LOGNAME", PA_SYSTEM_GROUP);
243 set_env("HOME", PA_SYSTEM_RUNTIME_PATH);
244
245 /* Relevant for pa_runtime_path() */
246 set_env("PULSE_RUNTIME_PATH", PA_SYSTEM_RUNTIME_PATH);
247 set_env("PULSE_CONFIG_PATH", PA_SYSTEM_RUNTIME_PATH);
248
249 pa_log_info("Successfully dropped root privileges.");
250
251 return 0;
252 }
253
254 #else /* HAVE_PWD_H && HAVE_GRP_H */
255
256 static int change_user(void) {
257 pa_log("System wide mode unsupported on this platform.");
258 return -1;
259 }
260
261 #endif /* HAVE_PWD_H && HAVE_GRP_H */
262
263 static int create_runtime_dir(void) {
264 char fn[PATH_MAX];
265
266 pa_runtime_path(NULL, fn, sizeof(fn));
267
268 /* This function is called only when the daemon is started in
269 * per-user mode. We create the runtime directory somewhere in
270 * /tmp/ with the current UID/GID */
271
272 if (pa_make_secure_dir(fn, 0700, (uid_t)-1, (gid_t)-1) < 0) {
273 pa_log("Failed to create '%s': %s", fn, pa_cstrerror(errno));
274 return -1;
275 }
276
277 return 0;
278 }
279
280 #ifdef HAVE_SYS_RESOURCE_H
281
282 static void set_one_rlimit(const pa_rlimit *r, int resource, const char *name) {
283 struct rlimit rl;
284 assert(r);
285
286 if (!r->is_set)
287 return;
288
289 rl.rlim_cur = rl.rlim_max = r->value;
290
291 if (setrlimit(resource, &rl) < 0)
292 pa_log_warn("setrlimit(%s, (%u, %u)) failed: %s", name, (unsigned) r->value, (unsigned) r->value, pa_cstrerror(errno));
293 }
294
295 static void set_all_rlimits(const pa_daemon_conf *conf) {
296 set_one_rlimit(&conf->rlimit_as, RLIMIT_AS, "RLIMIT_AS");
297 set_one_rlimit(&conf->rlimit_core, RLIMIT_CORE, "RLIMIT_CORE");
298 set_one_rlimit(&conf->rlimit_data, RLIMIT_DATA, "RLIMIT_DATA");
299 set_one_rlimit(&conf->rlimit_fsize, RLIMIT_FSIZE, "RLIMIT_FSIZE");
300 set_one_rlimit(&conf->rlimit_nofile, RLIMIT_NOFILE, "RLIMIT_NOFILE");
301 set_one_rlimit(&conf->rlimit_stack, RLIMIT_STACK, "RLIMIT_STACK");
302 #ifdef RLIMIT_NPROC
303 set_one_rlimit(&conf->rlimit_nproc, RLIMIT_NPROC, "RLIMIT_NPROC");
304 #endif
305 #ifdef RLIMIT_MEMLOCK
306 set_one_rlimit(&conf->rlimit_memlock, RLIMIT_MEMLOCK, "RLIMIT_MEMLOCK");
307 #endif
308 }
309 #endif
310
311 int main(int argc, char *argv[]) {
312 pa_core *c = NULL;
313 pa_strbuf *buf = NULL;
314 pa_daemon_conf *conf = NULL;
315 pa_mainloop *mainloop = NULL;
316
317 char *s;
318 int r, retval = 1, d = 0;
319 int daemon_pipe[2] = { -1, -1 };
320 int suid_root, real_root;
321 int valid_pid_file = 0;
322
323 gid_t gid = (gid_t) -1;
324
325 #ifdef OS_IS_WIN32
326 pa_time_event *timer;
327 struct timeval tv;
328 #endif
329
330 #ifdef HAVE_GETUID
331 real_root = getuid() == 0;
332 suid_root = !real_root && geteuid() == 0;
333 #else
334 real_root = 0;
335 suid_root = 0;
336 #endif
337
338 if (suid_root) {
339 /* Drop all capabilities except CAP_SYS_NICE */
340 pa_limit_caps();
341
342 /* Drop priviliges, but keep CAP_SYS_NICE */
343 pa_drop_root();
344
345 /* After dropping root, the effective set is reset, hence,
346 * let's raise it again */
347 pa_limit_caps();
348
349 /* When capabilities are not supported we will not be able to
350 * aquire RT sched anymore. But yes, that's the way it is. It
351 * is just too risky tun let PA run as root all the time. */
352 }
353
354 setlocale(LC_ALL, "");
355
356 if (suid_root && (pa_own_uid_in_group(PA_REALTIME_GROUP, &gid) <= 0 || gid >= 1000)) {
357 pa_log_warn("WARNING: called SUID root, but not in group '"PA_REALTIME_GROUP"'.");
358 pa_drop_caps();
359 pa_drop_root();
360 suid_root = real_root = 0;
361 }
362
363 LTDL_SET_PRELOADED_SYMBOLS();
364
365 r = lt_dlinit();
366 assert(r == 0);
367
368 #ifdef OS_IS_WIN32
369 {
370 WSADATA data;
371 WSAStartup(MAKEWORD(2, 0), &data);
372 }
373 #endif
374
375 pa_random_seed();
376
377 pa_log_set_ident("pulseaudio");
378
379 conf = pa_daemon_conf_new();
380
381 if (pa_daemon_conf_load(conf, NULL) < 0)
382 goto finish;
383
384 if (pa_daemon_conf_env(conf) < 0)
385 goto finish;
386
387 if (pa_cmdline_parse(conf, argc, argv, &d) < 0) {
388 pa_log("failed to parse command line.");
389 goto finish;
390 }
391
392 pa_log_set_maximal_level(conf->log_level);
393 pa_log_set_target(conf->auto_log_target ? PA_LOG_STDERR : conf->log_target, NULL);
394
395 if (conf->high_priority && conf->cmd == PA_CMD_DAEMON)
396 pa_raise_priority();
397
398 if (suid_root && conf->cmd != PA_CMD_DAEMON) {
399 pa_drop_caps();
400 pa_drop_root();
401 }
402
403 if (conf->dl_search_path)
404 lt_dlsetsearchpath(conf->dl_search_path);
405
406 switch (conf->cmd) {
407 case PA_CMD_DUMP_MODULES:
408 pa_dump_modules(conf, argc-d, argv+d);
409 retval = 0;
410 goto finish;
411
412 case PA_CMD_DUMP_CONF: {
413 s = pa_daemon_conf_dump(conf);
414 fputs(s, stdout);
415 pa_xfree(s);
416 retval = 0;
417 goto finish;
418 }
419
420 case PA_CMD_HELP :
421 pa_cmdline_help(argv[0]);
422 retval = 0;
423 goto finish;
424
425 case PA_CMD_VERSION :
426 printf(PACKAGE_NAME" "PACKAGE_VERSION"\n");
427 retval = 0;
428 goto finish;
429
430 case PA_CMD_CHECK: {
431 pid_t pid;
432
433 if (pa_pid_file_check_running(&pid) < 0) {
434 pa_log_info("daemon not running");
435 } else {
436 pa_log_info("daemon running as PID %u", pid);
437 retval = 0;
438 }
439
440 goto finish;
441
442 }
443 case PA_CMD_KILL:
444
445 if (pa_pid_file_kill(SIGINT, NULL) < 0)
446 pa_log("failed to kill daemon.");
447 else
448 retval = 0;
449
450 goto finish;
451
452 default:
453 assert(conf->cmd == PA_CMD_DAEMON);
454 }
455
456 if (real_root && !conf->system_instance) {
457 pa_log_warn("This program is not intended to be run as root (unless --system is specified).");
458 } else if (!real_root && conf->system_instance) {
459 pa_log("Root priviliges required.");
460 goto finish;
461 }
462
463 if (conf->daemonize) {
464 pid_t child;
465 int tty_fd;
466
467 if (pa_stdio_acquire() < 0) {
468 pa_log("failed to acquire stdio.");
469 goto finish;
470 }
471
472 #ifdef HAVE_FORK
473 if (pipe(daemon_pipe) < 0) {
474 pa_log("failed to create pipe.");
475 goto finish;
476 }
477
478 if ((child = fork()) < 0) {
479 pa_log("fork() failed: %s", pa_cstrerror(errno));
480 goto finish;
481 }
482
483 if (child != 0) {
484 /* Father */
485
486 close(daemon_pipe[1]);
487 daemon_pipe[1] = -1;
488
489 if (pa_loop_read(daemon_pipe[0], &retval, sizeof(retval), NULL) != sizeof(retval)) {
490 pa_log("read() failed: %s", pa_cstrerror(errno));
491 retval = 1;
492 }
493
494 if (retval)
495 pa_log("daemon startup failed.");
496 else
497 pa_log_info("daemon startup successful.");
498
499 goto finish;
500 }
501
502 close(daemon_pipe[0]);
503 daemon_pipe[0] = -1;
504 #endif
505
506 if (conf->auto_log_target)
507 pa_log_set_target(PA_LOG_SYSLOG, NULL);
508
509 #ifdef HAVE_SETSID
510 setsid();
511 #endif
512 #ifdef HAVE_SETPGID
513 setpgid(0,0);
514 #endif
515
516 #ifndef OS_IS_WIN32
517 close(0);
518 close(1);
519 close(2);
520
521 open("/dev/null", O_RDONLY);
522 open("/dev/null", O_WRONLY);
523 open("/dev/null", O_WRONLY);
524 #else
525 FreeConsole();
526 #endif
527
528 #ifdef SIGTTOU
529 signal(SIGTTOU, SIG_IGN);
530 #endif
531 #ifdef SIGTTIN
532 signal(SIGTTIN, SIG_IGN);
533 #endif
534 #ifdef SIGTSTP
535 signal(SIGTSTP, SIG_IGN);
536 #endif
537
538 #ifdef TIOCNOTTY
539 if ((tty_fd = open("/dev/tty", O_RDWR)) >= 0) {
540 ioctl(tty_fd, TIOCNOTTY, (char*) 0);
541 close(tty_fd);
542 }
543 #endif
544 }
545
546 chdir("/");
547 umask(0022);
548
549 if (conf->system_instance) {
550 if (change_user() < 0)
551 goto finish;
552 } else if (create_runtime_dir() < 0)
553 goto finish;
554
555 if (conf->use_pid_file) {
556 if (pa_pid_file_create() < 0) {
557 pa_log("pa_pid_file_create() failed.");
558 #ifdef HAVE_FORK
559 if (conf->daemonize)
560 pa_loop_write(daemon_pipe[1], &retval, sizeof(retval), NULL);
561 #endif
562 goto finish;
563 }
564
565 valid_pid_file = 1;
566 }
567
568 #ifdef HAVE_SYS_RESOURCE_H
569 set_all_rlimits(conf);
570 #endif
571
572 #ifdef SIGPIPE
573 signal(SIGPIPE, SIG_IGN);
574 #endif
575
576 mainloop = pa_mainloop_new();
577 assert(mainloop);
578
579 if (!(c = pa_core_new(pa_mainloop_get_api(mainloop), !conf->disable_shm))) {
580 pa_log("pa_core_new() failed.");
581 goto finish;
582 }
583
584 c->is_system_instance = !!conf->system_instance;
585 c->default_sample_spec = conf->default_sample_spec;
586 c->default_n_fragments = conf->default_n_fragments;
587 c->default_fragment_size_msec = conf->default_fragment_size_msec;
588
589 r = pa_signal_init(pa_mainloop_get_api(mainloop));
590 assert(r == 0);
591 pa_signal_new(SIGINT, signal_callback, c);
592 pa_signal_new(SIGTERM, signal_callback, c);
593
594 #ifdef SIGUSR1
595 pa_signal_new(SIGUSR1, signal_callback, c);
596 #endif
597 #ifdef SIGUSR2
598 pa_signal_new(SIGUSR2, signal_callback, c);
599 #endif
600 #ifdef SIGHUP
601 pa_signal_new(SIGHUP, signal_callback, c);
602 #endif
603
604 #ifdef OS_IS_WIN32
605 timer = pa_mainloop_get_api(mainloop)->time_new(
606 pa_mainloop_get_api(mainloop), pa_gettimeofday(&tv), message_cb, NULL);
607 assert(timer);
608 #endif
609
610 if (conf->daemonize)
611 c->running_as_daemon = 1;
612
613 oil_init();
614
615 if (!conf->no_cpu_limit) {
616 r = pa_cpu_limit_init(pa_mainloop_get_api(mainloop));
617 assert(r == 0);
618 }
619
620 buf = pa_strbuf_new();
621 if (conf->default_script_file)
622 r = pa_cli_command_execute_file(c, conf->default_script_file, buf, &conf->fail);
623
624 if (r >= 0)
625 r = pa_cli_command_execute(c, conf->script_commands, buf, &conf->fail);
626 pa_log_error("%s", s = pa_strbuf_tostring_free(buf));
627 pa_xfree(s);
628
629 if (r < 0 && conf->fail) {
630 pa_log("failed to initialize daemon.");
631 #ifdef HAVE_FORK
632 if (conf->daemonize)
633 pa_loop_write(daemon_pipe[1], &retval, sizeof(retval), NULL);
634 #endif
635 } else if (!c->modules || pa_idxset_size(c->modules) == 0) {
636 pa_log("daemon startup without any loaded modules, refusing to work.");
637 #ifdef HAVE_FORK
638 if (conf->daemonize)
639 pa_loop_write(daemon_pipe[1], &retval, sizeof(retval), NULL);
640 #endif
641 } else {
642
643 retval = 0;
644 #ifdef HAVE_FORK
645 if (conf->daemonize)
646 pa_loop_write(daemon_pipe[1], &retval, sizeof(retval), NULL);
647 #endif
648
649 c->disallow_module_loading = conf->disallow_module_loading;
650 c->exit_idle_time = conf->exit_idle_time;
651 c->module_idle_time = conf->module_idle_time;
652 c->scache_idle_time = conf->scache_idle_time;
653 c->resample_method = conf->resample_method;
654
655 if (c->default_sink_name &&
656 pa_namereg_get(c, c->default_sink_name, PA_NAMEREG_SINK, 1) == NULL) {
657 pa_log_error("%s : Fatal error. Default sink name (%s) does not exist in name register.", __FILE__, c->default_sink_name);
658 retval = 1;
659 } else {
660 pa_log_info("Daemon startup complete.");
661 if (pa_mainloop_run(mainloop, &retval) < 0)
662 retval = 1;
663 pa_log_info("Daemon shutdown initiated.");
664 }
665 }
666
667 #ifdef OS_IS_WIN32
668 pa_mainloop_get_api(mainloop)->time_free(timer);
669 #endif
670
671 pa_core_unref(c);
672
673 if (!conf->no_cpu_limit)
674 pa_cpu_limit_done();
675
676 pa_signal_done();
677
678 pa_log_info("Daemon terminated.");
679
680 finish:
681
682 if (mainloop)
683 pa_mainloop_free(mainloop);
684
685 if (conf)
686 pa_daemon_conf_free(conf);
687
688 if (valid_pid_file)
689 pa_pid_file_remove();
690
691 close_pipe(daemon_pipe);
692
693 #ifdef OS_IS_WIN32
694 WSACleanup();
695 #endif
696
697 lt_dlexit();
698
699 return retval;
700 }