/* $Id$ */
/***
- This file is part of polypaudio.
+ This file is part of PulseAudio.
- polypaudio is free software; you can redistribute it and/or modify
+ PulseAudio is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
- polypaudio is distributed in the hope that it will be useful, but
+ PulseAudio is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
- along with polypaudio; if not, write to the Free Software
+ along with PulseAudio; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA.
***/
#include <unistd.h>
#include <locale.h>
#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+
#include <liboil/liboil.h>
#ifdef HAVE_SYS_IOCTL_H
#include <tcpd.h>
#endif
-#include "../polypcore/winsock.h"
-
-#include <polyp/mainloop.h>
-#include <polyp/mainloop-signal.h>
-#include <polyp/xmalloc.h>
-
-#include <polypcore/core.h>
-#include <polypcore/memblock.h>
-#include <polypcore/module.h>
-#include <polypcore/cli-command.h>
-#include <polypcore/log.h>
-#include <polypcore/core-util.h>
-#include <polypcore/sioman.h>
-#include <polypcore/cli-text.h>
-#include <polypcore/pid.h>
-#include <polypcore/namereg.h>
-#include <polypcore/random.h>
+#include "../pulsecore/winsock.h"
+
+#include <pulse/mainloop.h>
+#include <pulse/mainloop-signal.h>
+#include <pulse/timeval.h>
+#include <pulse/xmalloc.h>
+
+#include <pulsecore/core-error.h>
+#include <pulsecore/core.h>
+#include <pulsecore/memblock.h>
+#include <pulsecore/module.h>
+#include <pulsecore/cli-command.h>
+#include <pulsecore/log.h>
+#include <pulsecore/core-util.h>
+#include <pulsecore/sioman.h>
+#include <pulsecore/cli-text.h>
+#include <pulsecore/pid.h>
+#include <pulsecore/namereg.h>
+#include <pulsecore/random.h>
#include "cmdline.h"
#include "cpulimit.h"
int deny_severity = LOG_WARNING;
#endif
+#ifdef HAVE_OSS
+/* padsp looks for this symbol in the running process and disables
+ * itself if it finds it and it is set to 7 (which is actually a bit
+ * mask). For details see padsp. */
+int __padsp_disabled__ = 7;
+#endif
+
#ifdef OS_IS_WIN32
static void message_cb(pa_mainloop_api*a, pa_time_event*e, PA_GCC_UNUSED const struct timeval *tv, void *userdata) {
p[0] = p[1] = -1;
}
+#define set_env(key, value) putenv(pa_sprintf_malloc("%s=%s", (key), (value)))
+
+static int change_user(void) {
+ struct passwd *pw;
+ struct group * gr;
+ int r;
+
+ /* This function is called only in system-wide mode. It creates a
+ * runtime dir in /var/run/ with proper UID/GID and drops privs
+ * afterwards. */
+
+ if (!(pw = getpwnam(PA_SYSTEM_USER))) {
+ pa_log(__FILE__": Failed to find user '%s'.", PA_SYSTEM_USER);
+ return -1;
+ }
+
+ if (!(gr = getgrnam(PA_SYSTEM_GROUP))) {
+ pa_log(__FILE__": Failed to find group '%s'.", PA_SYSTEM_GROUP);
+ return -1;
+ }
+
+ pa_log_info(__FILE__": Found user '%s' (UID %lu) and group '%s' (GID %lu).",
+ PA_SYSTEM_USER, (unsigned long) pw->pw_uid,
+ PA_SYSTEM_GROUP, (unsigned long) gr->gr_gid);
+
+ if (pw->pw_gid != gr->gr_gid) {
+ pa_log(__FILE__": GID of user '%s' and of group '%s' don't match.", PA_SYSTEM_USER, PA_SYSTEM_GROUP);
+ return -1;
+ }
+
+ if (strcmp(pw->pw_dir, PA_SYSTEM_RUNTIME_PATH) != 0)
+ pa_log_warn(__FILE__": Warning: home directory of user '%s' is not '%s', ignoring.", PA_SYSTEM_USER, PA_SYSTEM_RUNTIME_PATH);
+
+ if (pa_make_secure_dir(PA_SYSTEM_RUNTIME_PATH, 0755, pw->pw_uid, gr->gr_gid) < 0) {
+ pa_log(__FILE__": Failed to create '%s': %s", PA_SYSTEM_RUNTIME_PATH, pa_cstrerror(errno));
+ return -1;
+ }
+
+ if (initgroups(PA_SYSTEM_USER, gr->gr_gid) != 0) {
+ pa_log(__FILE__": Failed to change group list: %s", pa_cstrerror(errno));
+ return -1;
+ }
+
+#if defined(HAVE_SETRESGID)
+ r = setresgid(gr->gr_gid, gr->gr_gid, gr->gr_gid);
+#elif defined(HAVE_SETEGID)
+ if ((r = setgid(gr->gr_gid)) >= 0)
+ r = setegid(gr->gr_gid);
+#elif defined(HAVE_SETREGID)
+ r = setregid(gr->gr_gid, gr->gr_gid);
+#else
+#error "No API to drop priviliges"
+#endif
+
+ if (r < 0) {
+ pa_log(__FILE__": Failed to change GID: %s", pa_cstrerror(errno));
+ return -1;
+ }
+
+#if defined(HAVE_SETRESUID)
+ r = setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid);
+#elif defined(HAVE_SETEUID)
+ if ((r = setuid(pw->pw_uid)) >= 0)
+ r = seteuid(pw->pw_uid);
+#elif defined(HAVE_SETREUID)
+ r = setreuid(pw->pw_uid, pw->pw_uid);
+#else
+#error "No API to drop priviliges"
+#endif
+
+ if (r < 0) {
+ pa_log(__FILE__": Failed to change UID: %s", pa_cstrerror(errno));
+ return -1;
+ }
+
+ set_env("USER", PA_SYSTEM_USER);
+ set_env("LOGNAME", PA_SYSTEM_GROUP);
+ set_env("HOME", PA_SYSTEM_RUNTIME_PATH);
+
+ /* Relevant for pa_runtime_path() */
+ set_env("PULSE_RUNTIME_PATH", PA_SYSTEM_RUNTIME_PATH);
+ set_env("PULSE_CONFIG_PATH", PA_SYSTEM_RUNTIME_PATH);
+
+ pa_log_info(__FILE__": Successfully dropped root privileges.");
+
+ return 0;
+}
+
+static int create_runtime_dir(void) {
+ char fn[PATH_MAX];
+
+ pa_runtime_path(NULL, fn, sizeof(fn));
+
+ /* This function is called only when the daemon is started in
+ * per-user mode. We create the runtime directory somewhere in
+ * /tmp/ with the current UID/GID */
+
+ if (pa_make_secure_dir(fn, 0700, (uid_t)-1, (gid_t)-1) < 0) {
+ pa_log(__FILE__": Failed to create '%s': %s", fn, pa_cstrerror(errno));
+ return -1;
+ }
+
+ return 0;
+}
+
+#ifdef HAVE_SYS_RESOURCE_H
+
+static void set_one_rlimit(const pa_rlimit *r, int resource, const char *name) {
+ struct rlimit rl;
+ assert(r);
+
+ if (!r->is_set)
+ return;
+
+ rl.rlim_cur = rl.rlim_max = r->value;
+
+ if (setrlimit(resource, &rl) < 0)
+ pa_log_warn(__FILE__": setrlimit(%s, (%u, %u)) failed: %s", name, (unsigned) r->value, (unsigned) r->value, pa_cstrerror(errno));
+}
+
+static void set_all_rlimits(const pa_daemon_conf *conf) {
+ set_one_rlimit(&conf->rlimit_as, RLIMIT_AS, "RLIMIT_AS");
+ set_one_rlimit(&conf->rlimit_core, RLIMIT_CORE, "RLIMIT_CORE");
+ set_one_rlimit(&conf->rlimit_data, RLIMIT_DATA, "RLIMIT_DATA");
+ set_one_rlimit(&conf->rlimit_fsize, RLIMIT_FSIZE, "RLIMIT_FSIZE");
+ set_one_rlimit(&conf->rlimit_nofile, RLIMIT_NOFILE, "RLIMIT_NOFILE");
+ set_one_rlimit(&conf->rlimit_stack, RLIMIT_STACK, "RLIMIT_STACK");
+#ifdef RLIMIT_NPROC
+ set_one_rlimit(&conf->rlimit_nproc, RLIMIT_NPROC, "RLIMIT_NPROC");
+#endif
+#ifdef RLIMIT_MEMLOCK
+ set_one_rlimit(&conf->rlimit_memlock, RLIMIT_MEMLOCK, "RLIMIT_MEMLOCK");
+#endif
+}
+#endif
+
int main(int argc, char *argv[]) {
pa_core *c;
pa_strbuf *buf = NULL;
setlocale(LC_ALL, "");
- pa_limit_caps();
+ if (getuid() != 0)
+ pa_limit_caps();
#ifdef HAVE_GETUID
suid_root = getuid() != 0 && geteuid() == 0;
- if (suid_root && (pa_own_uid_in_group("realtime", &gid) <= 0 || gid >= 1000)) {
- pa_log_warn(__FILE__": WARNING: called SUID root, but not in group 'realtime'.");
+ if (suid_root && (pa_own_uid_in_group(PA_REALTIME_GROUP, &gid) <= 0 || gid >= 1000)) {
+ pa_log_warn(__FILE__": WARNING: called SUID root, but not in group '"PA_REALTIME_GROUP"'.");
pa_drop_root();
}
#else
pa_random_seed();
- pa_log_set_ident("polypaudio");
+ pa_log_set_ident("pulseaudio");
conf = pa_daemon_conf_new();
if (conf->high_priority && conf->cmd == PA_CMD_DAEMON)
pa_raise_priority();
- pa_drop_caps();
+ if (getuid() != 0)
+ pa_drop_caps();
if (suid_root)
pa_drop_root();
-
+
if (conf->dl_search_path)
lt_dlsetsearchpath(conf->dl_search_path);
assert(conf->cmd == PA_CMD_DAEMON);
}
+ if (getuid() == 0 && !conf->system_instance) {
+ pa_log(__FILE__": This program is not intended to be run as root (unless --system is specified).");
+ goto finish;
+ } else if (getuid() != 0 && conf->system_instance) {
+ pa_log(__FILE__": Root priviliges required.");
+ goto finish;
+ }
+
if (conf->daemonize) {
pid_t child;
int tty_fd;
}
if ((child = fork()) < 0) {
- pa_log(__FILE__": fork() failed: %s", strerror(errno));
+ pa_log(__FILE__": fork() failed: %s", pa_cstrerror(errno));
goto finish;
}
close(daemon_pipe[1]);
daemon_pipe[1] = -1;
- if (pa_loop_read(daemon_pipe[0], &retval, sizeof(retval)) != sizeof(retval)) {
- pa_log(__FILE__": read() failed: %s", strerror(errno));
+ if (pa_loop_read(daemon_pipe[0], &retval, sizeof(retval), NULL) != sizeof(retval)) {
+ pa_log(__FILE__": read() failed: %s", pa_cstrerror(errno));
retval = 1;
}
}
chdir("/");
+ umask(0022);
+
+ if (conf->system_instance) {
+ if (change_user() < 0)
+ goto finish;
+ } else if (create_runtime_dir() < 0)
+ goto finish;
if (conf->use_pid_file) {
if (pa_pid_file_create() < 0) {
pa_log(__FILE__": pa_pid_file_create() failed.");
#ifdef HAVE_FORK
if (conf->daemonize)
- pa_loop_write(daemon_pipe[1], &retval, sizeof(retval));
+ pa_loop_write(daemon_pipe[1], &retval, sizeof(retval), NULL);
#endif
goto finish;
}
valid_pid_file = 1;
}
+#ifdef HAVE_SYS_RESOURCE_H
+ set_all_rlimits(conf);
+#endif
+
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
-
+
mainloop = pa_mainloop_new();
assert(mainloop);
c = pa_core_new(pa_mainloop_get_api(mainloop));
assert(c);
+ c->is_system_instance = !!conf->system_instance;
r = pa_signal_init(pa_mainloop_get_api(mainloop));
assert(r == 0);
pa_log(__FILE__": failed to initialize daemon.");
#ifdef HAVE_FORK
if (conf->daemonize)
- pa_loop_write(daemon_pipe[1], &retval, sizeof(retval));
+ pa_loop_write(daemon_pipe[1], &retval, sizeof(retval), NULL);
#endif
} else if (!c->modules || pa_idxset_size(c->modules) == 0) {
pa_log(__FILE__": daemon startup without any loaded modules, refusing to work.");
#ifdef HAVE_FORK
if (conf->daemonize)
- pa_loop_write(daemon_pipe[1], &retval, sizeof(retval));
+ pa_loop_write(daemon_pipe[1], &retval, sizeof(retval), NULL);
#endif
} else {
retval = 0;
#ifdef HAVE_FORK
if (conf->daemonize)
- pa_loop_write(daemon_pipe[1], &retval, sizeof(retval));
+ pa_loop_write(daemon_pipe[1], &retval, sizeof(retval), NULL);
#endif
c->disallow_module_loading = conf->disallow_module_loading;