[pulseaudio-commits] r1109 - in /trunk: ./ src/daemon/ src/modules/ src/pulse/ src/pulsecore/

svnmailer-noreply at 0pointer.de svnmailer-noreply at 0pointer.de
Wed Jul 19 14:48:39 PDT 2006


Author: lennart
Date: Wed Jul 19 23:48:35 2006
New Revision: 1109

URL: http://0pointer.de/cgi-bin/viewcvs.cgi?rev=1109&root=pulseaudio&view=rev
Log:
* add new function pa_check_in_group()
* abstract credential APis a little bit by introducing HAVE_CREDS and a structure pa_creds
* rework credential authentication
* fix module-volume-restore and friends for usage in system-wide instance
* remove loopback= argument from moulde-*-protocol-tcp since it is a superset of listen= and usually a bad idea anyway since the user shouldn't load the TCP module at all if he doesn't want remote access
* rename a few variables in the jack modules to make sure they don't conflict with symbols defined in the system headers
* add server address for system-wide daemons to the default server list for the the client libs
* update todo

Added:
    trunk/src/pulsecore/creds.h   (with props)
Modified:
    trunk/src/daemon/daemon-conf.c
    trunk/src/daemon/main.c
    trunk/src/modules/module-jack-sink.c
    trunk/src/modules/module-jack-source.c
    trunk/src/modules/module-match.c
    trunk/src/modules/module-protocol-stub.c
    trunk/src/modules/module-tunnel.c
    trunk/src/modules/module-volume-restore.c
    trunk/src/pulse/client-conf.c
    trunk/src/pulse/context.c
    trunk/src/pulsecore/core-util.c
    trunk/src/pulsecore/core-util.h
    trunk/src/pulsecore/iochannel.c
    trunk/src/pulsecore/iochannel.h
    trunk/src/pulsecore/pdispatch.c
    trunk/src/pulsecore/pdispatch.h
    trunk/src/pulsecore/protocol-native.c
    trunk/src/pulsecore/pstream-util.c
    trunk/src/pulsecore/pstream-util.h
    trunk/src/pulsecore/pstream.c
    trunk/src/pulsecore/pstream.h
    trunk/src/pulsecore/socket-server.c
    trunk/todo

Modified: trunk/src/daemon/daemon-conf.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/daemon/daemon-conf.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/daemon/daemon-conf.c (original)
+++ trunk/src/daemon/daemon-conf.c Wed Jul 19 23:48:35 2006
@@ -46,9 +46,9 @@
 #endif
 
 #define DEFAULT_SCRIPT_FILE PA_DEFAULT_CONFIG_DIR PATH_SEP "default.pa"
-#define DEFAULT_SCRIPT_FILE_USER ".pulse" PATH_SEP "default.pa"
+#define DEFAULT_SCRIPT_FILE_USER PATH_SEP "default.pa"
 #define DEFAULT_CONFIG_FILE PA_DEFAULT_CONFIG_DIR PATH_SEP "daemon.conf"
-#define DEFAULT_CONFIG_FILE_USER ".pulse" PATH_SEP "daemon.conf"
+#define DEFAULT_CONFIG_FILE_USER PATH_SEP "daemon.conf"
 
 #define ENV_SCRIPT_FILE "PULSE_SCRIPT"
 #define ENV_CONFIG_FILE "PULSE_CONFIG"

Modified: trunk/src/daemon/main.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/daemon/main.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/daemon/main.c (original)
+++ trunk/src/daemon/main.c Wed Jul 19 23:48:35 2006
@@ -229,6 +229,7 @@
 
     /* Relevant for pa_runtime_path() */
     set_env("PULSE_RUNTIME_PATH", PA_SYSTEM_RUNTIME_PATH);
+    set_env("PULSE_CONFIG_PATH", PA_SYSTEM_RUNTIME_PATH);
 
     pa_log_info(__FILE__": Successfully dropped root privileges.");
 
@@ -245,8 +246,6 @@
         return -1;
     }
 
-    /* Relevant for pa_runtime_path() later on */
-    set_env("PULSE_RUNTIME_PATH", fn);
     return 0;
 }
 

Modified: trunk/src/modules/module-jack-sink.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/modules/module-jack-sink.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/modules/module-jack-sink.c (original)
+++ trunk/src/modules/module-jack-sink.c Wed Jul 19 23:48:35 2006
@@ -242,7 +242,7 @@
     jack_status_t status;
     const char *server_name, *client_name;
     uint32_t channels = 0;
-    int connect = 1;
+    int do_connect = 1;
     unsigned i;
     const char **ports = NULL, **p;
     
@@ -256,7 +256,7 @@
         goto fail;
     }
 
-    if (pa_modargs_get_value_boolean(ma, "connect", &connect) < 0) {
+    if (pa_modargs_get_value_boolean(ma, "connect", &do_connect) < 0) {
         pa_log(__FILE__": failed to parse connect= argument.");
         goto fail;
     }
@@ -339,7 +339,7 @@
         goto fail;
     }
 
-    if (connect) {
+    if (do_connect) {
         for (i = 0, p = ports; i < ss.channels; i++, p++) {
 
             if (!*p) {

Modified: trunk/src/modules/module-jack-source.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/modules/module-jack-source.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/modules/module-jack-source.c (original)
+++ trunk/src/modules/module-jack-source.c Wed Jul 19 23:48:35 2006
@@ -240,7 +240,7 @@
     jack_status_t status;
     const char *server_name, *client_name;
     uint32_t channels = 0;
-    int connect = 1;
+    int do_connect = 1;
     unsigned i;
     const char **ports = NULL, **p;
     
@@ -254,7 +254,7 @@
         goto fail;
     }
 
-    if (pa_modargs_get_value_boolean(ma, "connect", &connect) < 0) {
+    if (pa_modargs_get_value_boolean(ma, "connect", &do_connect) < 0) {
         pa_log(__FILE__": failed to parse connect= argument.");
         goto fail;
     }
@@ -337,7 +337,7 @@
         goto fail;
     }
 
-    if (connect) {
+    if (do_connect) {
         for (i = 0, p = ports; i < ss.channels; i++, p++) {
 
             if (!*p) {

Modified: trunk/src/modules/module-match.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/modules/module-match.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/modules/module-match.c (original)
+++ trunk/src/modules/module-match.c Wed Jul 19 23:48:35 2006
@@ -53,7 +53,7 @@
 #define WHITESPACE "\n\r \t"
 
 #define DEFAULT_MATCH_TABLE_FILE PA_DEFAULT_CONFIG_DIR"/match.table"
-#define DEFAULT_MATCH_TABLE_FILE_USER ".pulse/match.table"
+#define DEFAULT_MATCH_TABLE_FILE_USER "match.table"
 
 static const char* const valid_modargs[] = {
     "table",

Modified: trunk/src/modules/module-protocol-stub.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/modules/module-protocol-stub.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/modules/module-protocol-stub.c (original)
+++ trunk/src/modules/module-protocol-stub.c Wed Jul 19 23:48:35 2006
@@ -52,10 +52,11 @@
 #include <pulsecore/modargs.h>
 #include <pulsecore/log.h>
 #include <pulsecore/native-common.h>
+#include <pulsecore/creds.h>
 
 #ifdef USE_TCP_SOCKETS
 #define SOCKET_DESCRIPTION "(TCP sockets)"
-#define SOCKET_USAGE "port=<TCP port number> loopback=<listen on loopback device only?> listen=<address to listen on>"
+#define SOCKET_USAGE "port=<TCP port number> listen=<address to listen on>"
 #else
 #define SOCKET_DESCRIPTION "(UNIX sockets)"
 #define SOCKET_USAGE "socket=<path to UNIX socket>"
@@ -127,9 +128,9 @@
     #include "module-native-protocol-unix-symdef.h"
   #endif
 
-  #if defined(SCM_CREDENTIALS) && !defined(USE_TCP_SOCKETS)
-    #define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON "auth-group",
-    #define AUTH_USAGE "auth-group=<local group to allow access>"
+  #if defined(HAVE_CREDS) && !defined(USE_TCP_SOCKETS)
+    #define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON "auth-group", "auth-group-enable="
+    #define AUTH_USAGE "auth-group=<system group to allow access> auth-group-enable=<enable auth by UNIX group?> "
   #else
     #define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON
     #define AUTH_USAGE
@@ -171,7 +172,6 @@
     MODULE_ARGUMENTS
 #if defined(USE_TCP_SOCKETS)
     "port",
-    "loopback",
     "listen",
 #else
     "socket",
@@ -197,7 +197,6 @@
 
 #if defined(USE_TCP_SOCKETS)
     pa_socket_server *s_ipv4 = NULL, *s_ipv6 = NULL;
-    int loopback = 1;
     uint32_t port = IPV4_PORT;
     const char *listen_on;
 #else
@@ -216,11 +215,6 @@
     u = pa_xnew0(struct userdata, 1);
 
 #if defined(USE_TCP_SOCKETS)
-    if (pa_modargs_get_value_boolean(ma, "loopback", &loopback) < 0) {
-        pa_log(__FILE__": loopback= expects a boolean argument.");
-        goto fail;
-    }
-
     if (pa_modargs_get_value_u32(ma, "port", &port) < 0 || port < 1 || port > 0xFFFF) {
         pa_log(__FILE__": port= expects a numerical argument between 1 and 65535.");
         goto fail;
@@ -231,9 +225,6 @@
     if (listen_on) {
         s_ipv6 = pa_socket_server_new_ipv6_string(c->mainloop, listen_on, port, TCPWRAP_SERVICE);
         s_ipv4 = pa_socket_server_new_ipv4_string(c->mainloop, listen_on, port, TCPWRAP_SERVICE);
-    } else if (loopback) {
-        s_ipv6 = pa_socket_server_new_ipv6_loopback(c->mainloop, port, TCPWRAP_SERVICE);
-        s_ipv4 = pa_socket_server_new_ipv4_loopback(c->mainloop, port, TCPWRAP_SERVICE);
     } else {
         s_ipv6 = pa_socket_server_new_ipv6_any(c->mainloop, port, TCPWRAP_SERVICE);
         s_ipv4 = pa_socket_server_new_ipv4_any(c->mainloop, port, TCPWRAP_SERVICE);

Modified: trunk/src/modules/module-tunnel.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/modules/module-tunnel.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/modules/module-tunnel.c (original)
+++ trunk/src/modules/module-tunnel.c Wed Jul 19 23:48:35 2006
@@ -611,7 +611,7 @@
 }
 
 
-static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const struct ucred *creds, void *userdata) {
+static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const pa_creds *creds, void *userdata) {
     struct userdata *u = userdata;
     assert(p && packet && u);
 

Modified: trunk/src/modules/module-volume-restore.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/modules/module-volume-restore.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/modules/module-volume-restore.c (original)
+++ trunk/src/modules/module-volume-restore.c Wed Jul 19 23:48:35 2006
@@ -53,7 +53,7 @@
 
 #define WHITESPACE "\n\r \t"
 
-#define DEFAULT_VOLUME_TABLE_FILE ".pulse/volume.table"
+#define DEFAULT_VOLUME_TABLE_FILE "volume.table"
 
 static const char* const valid_modargs[] = {
     "table",

Modified: trunk/src/pulse/client-conf.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulse/client-conf.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulse/client-conf.c (original)
+++ trunk/src/pulse/client-conf.c Wed Jul 19 23:48:35 2006
@@ -46,7 +46,7 @@
 #endif
 
 #define DEFAULT_CLIENT_CONFIG_FILE PA_DEFAULT_CONFIG_DIR PATH_SEP "client.conf"
-#define DEFAULT_CLIENT_CONFIG_FILE_USER ".pulse" PATH_SEP "client.conf"
+#define DEFAULT_CLIENT_CONFIG_FILE_USER "client.conf"
 
 #define ENV_CLIENT_CONFIG_FILE "PULSE_CLIENTCONFIG"
 #define ENV_DEFAULT_SINK "PULSE_SINK"

Modified: trunk/src/pulse/context.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulse/context.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulse/context.c (original)
+++ trunk/src/pulse/context.c Wed Jul 19 23:48:35 2006
@@ -62,6 +62,7 @@
 #include <pulsecore/core-util.h>
 #include <pulsecore/log.h>
 #include <pulsecore/socket-util.h>
+#include <pulsecore/creds.h>
 
 #include "internal.h"
 
@@ -272,7 +273,7 @@
     pa_context_fail(c, PA_ERR_CONNECTIONTERMINATED);
 }
 
-static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const struct ucred *creds, void *userdata) {
+static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const pa_creds *creds, void *userdata) {
     pa_context *c = userdata;
     
     assert(p);
@@ -423,15 +424,17 @@
     pa_tagstruct_putu32(t, PA_PROTOCOL_VERSION);
     pa_tagstruct_put_arbitrary(t, c->conf->cookie, sizeof(c->conf->cookie));
 
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
 {
-    struct ucred ucred;
-
-    ucred.pid = getpid();
+    pa_creds ucred;
+    gid_t g;
+
     ucred.uid = getuid();
+    ucred.gid = getgid();
                    
-    if ((ucred.gid = pa_get_gid_of_group(c->conf->access_group)) == (gid_t) -1)
-        ucred.gid = getgid();
+    if ((g = pa_get_gid_of_group(c->conf->access_group)) != (gid_t) -1) 
+        if (pa_check_in_group(g) > 0)
+            ucred.gid = g;
     
     pa_pstream_send_tagstruct_with_creds(c->pstream, t, &ucred);
 }
@@ -690,7 +693,12 @@
         }
         
         c->server_list = pa_strlist_prepend(c->server_list, "tcp6:localhost");
-        c->server_list = pa_strlist_prepend(c->server_list, "localhost");
+        c->server_list = pa_strlist_prepend(c->server_list, "tcp4:localhost");
+
+        /* The system wide instance */
+        c->server_list = pa_strlist_prepend(c->server_list, PA_SYSTEM_RUNTIME_PATH "/" PA_NATIVE_DEFAULT_UNIX_SOCKET);
+
+        /* The per-user instance */
         c->server_list = pa_strlist_prepend(c->server_list, pa_runtime_path(PA_NATIVE_DEFAULT_UNIX_SOCKET, ufn, sizeof(ufn)));
 
         /* Wrap the connection attempts in a single transaction for sane autospawn locking */

Modified: trunk/src/pulsecore/core-util.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/core-util.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/core-util.c (original)
+++ trunk/src/pulsecore/core-util.c Wed Jul 19 23:48:35 2006
@@ -741,6 +741,20 @@
     return ret;
 }
 
+int pa_check_in_group(gid_t g) {
+    gid_t gids[NGROUPS_MAX];
+    int r;
+
+    if ((r = getgroups(NGROUPS_MAX, gids)) < 0)
+        return -1;
+
+    for (; r > 0; r--)
+        if (gids[r-1] == g)
+            return 1;
+
+    return 0;
+}
+
 #else /* HAVE_GRP_H */
 
 int pa_own_uid_in_group(const char *name, gid_t *gid) {
@@ -749,6 +763,14 @@
 }
 
 int pa_uid_in_group(uid_t uid, const char *name) {
+    return -1;
+}
+
+gid_t pa_get_gid_of_group(const char *name) {
+    return (gid_t) -1;
+}
+
+int pa_check_in_group(gid_t g) {
     return -1;
 }
 
@@ -909,28 +931,33 @@
         return fopen(fn, mode);
     }
 
-    if (local && pa_get_home_dir(h, sizeof(h))) {
-        FILE *f;
-        char *lfn;
-        
-        fn = lfn = pa_sprintf_malloc("%s/%s", h, local);
-
+    if (local) {
+        const char *e;
+        char *lfn = NULL;
+
+        if ((e = getenv("PULSE_CONFIG_PATH")))
+            fn = lfn = pa_sprintf_malloc("%s/%s", e, local);
+        else if (pa_get_home_dir(h, sizeof(h)))
+            fn = lfn = pa_sprintf_malloc("%s/.pulse/%s", h, local);
+
+        if (lfn) {
+            FILE *f;
+        
 #ifdef OS_IS_WIN32
-        if (!ExpandEnvironmentStrings(lfn, buf, PATH_MAX))
-            return NULL;
-        fn = buf;
-#endif
-
-        f = fopen(fn, mode);
-
-        if (f || errno != ENOENT) {
-            if (result)
-                *result = pa_xstrdup(fn);
+            if (!ExpandEnvironmentStrings(lfn, buf, PATH_MAX))
+                return NULL;
+            fn = buf;
+#endif
+            
+            if ((f = fopen(fn, mode)) || errno != ENOENT) {
+                if (result)
+                    *result = pa_xstrdup(fn);
+                pa_xfree(lfn);
+                return f;
+            }
+        
             pa_xfree(lfn);
-            return f;
-        }
-        
-        pa_xfree(lfn);
+        }
     }
 
     if (!global) {

Modified: trunk/src/pulsecore/core-util.h
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/core-util.h?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/core-util.h (original)
+++ trunk/src/pulsecore/core-util.h Wed Jul 19 23:48:35 2006
@@ -67,6 +67,7 @@
 int pa_own_uid_in_group(const char *name, gid_t *gid);
 int pa_uid_in_group(uid_t uid, const char *name);
 gid_t pa_get_gid_of_group(const char *name);
+int pa_check_in_group(gid_t g);
 
 int pa_lock_fd(int fd, int b);
 

Added: trunk/src/pulsecore/creds.h
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/creds.h?rev=1109&root=pulseaudio&view=auto
==============================================================================
--- trunk/src/pulsecore/creds.h (added)
+++ trunk/src/pulsecore/creds.h Wed Jul 19 23:48:35 2006
@@ -1,0 +1,44 @@
+#ifndef foocredshfoo
+#define foocredshfoo
+
+/* $Id$ */
+
+/***
+  This file is part of PulseAudio.
+ 
+  PulseAudio is free software; you can redistribute it and/or modify
+  it under the terms of the GNU Lesser General Public License as
+  published by the Free Software Foundation; either version 2.1 of the
+  License, or (at your option) any later version.
+ 
+  PulseAudio is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+ 
+  You should have received a copy of the GNU Lesser General Public
+  License along with PulseAudio; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+  USA.
+***/
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+typedef struct pa_creds pa_creds;
+
+#if defined(SCM_CREDENTIALS)
+
+#define HAVE_CREDS 1
+
+struct pa_creds {
+    gid_t gid;
+    uid_t uid;
+};
+
+#else
+#undef HAVE_CREDS
+#endif
+
+#endif

Propchange: trunk/src/pulsecore/creds.h
------------------------------------------------------------------------------
    svn:keywords = Id

Modified: trunk/src/pulsecore/iochannel.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/iochannel.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/iochannel.c (original)
+++ trunk/src/pulsecore/iochannel.c Wed Jul 19 23:48:35 2006
@@ -231,7 +231,7 @@
     return r;
 }
 
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
 
 int pa_iochannel_creds_supported(pa_iochannel *io) {
     struct sockaddr_un sa;
@@ -263,7 +263,7 @@
     return 0;
 }
 
-ssize_t pa_iochannel_write_with_creds(pa_iochannel*io, const void*data, size_t l, const struct ucred *ucred) {
+ssize_t pa_iochannel_write_with_creds(pa_iochannel*io, const void*data, size_t l, const pa_creds *ucred) {
     ssize_t r;
     struct msghdr mh;
     struct iovec iov;
@@ -288,10 +288,11 @@
 
     u = (struct ucred*) CMSG_DATA(cmsg);
 
-    if (ucred)
-        *u = *ucred;
-    else {
-        u->pid = getpid();
+    u->pid = getpid();
+    if (ucred) {
+        u->uid = ucred->uid;
+        u->gid = ucred->gid;
+    } else {
         u->uid = getuid();
         u->gid = getgid();
     }
@@ -313,7 +314,7 @@
     return r;
 }
 
-ssize_t pa_iochannel_read_with_creds(pa_iochannel*io, void*data, size_t l, struct ucred *ucred, int *creds_valid) {
+ssize_t pa_iochannel_read_with_creds(pa_iochannel*io, void*data, size_t l, pa_creds *creds, int *creds_valid) {
     ssize_t r;
     struct msghdr mh;
     struct iovec iov;
@@ -323,7 +324,7 @@
     assert(data);
     assert(l);
     assert(io->ifd >= 0);
-    assert(ucred);
+    assert(creds);
     assert(creds_valid);
 
     memset(&iov, 0, sizeof(iov));
@@ -349,8 +350,12 @@
         for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
             
             if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_CREDENTIALS) {
+                struct ucred u;
                 assert(cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)));
-                memcpy(ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
+                memcpy(&u, CMSG_DATA(cmsg), sizeof(struct ucred));
+
+                creds->gid = u.gid;
+                creds->uid = u.uid;
                 *creds_valid = 1;
                 break;
             }
@@ -362,27 +367,8 @@
     
     return r;
 }
-#else /* SCM_CREDENTIALS */
-
-int pa_iochannel_creds_supported(pa_iochannel *io) {
-    return 0;
-}
-
-int pa_iochannel_creds_enable(pa_iochannel *io) {
-    return -1;
-}
-
-ssize_t pa_iochannel_write_with_creds(pa_iochannel*io, const void*data, size_t l) {
-    pa_log_error("pa_iochannel_write_with_creds() not supported.");
-    return -1;
-}
-
-ssize_t pa_iochannel_read_with_creds(pa_iochannel*io, void*data, size_t l, struct ucred *ucred, int *creds_valid) {
-    pa_log_error("pa_iochannel_read_with_creds() not supported.");
-    return -1;
-}
-
-#endif /* SCM_CREDENTIALS */
+
+#endif /* HAVE_CREDS */
 
 void pa_iochannel_set_callback(pa_iochannel*io, pa_iochannel_cb_t _callback, void *userdata) {
     assert(io);

Modified: trunk/src/pulsecore/iochannel.h
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/iochannel.h?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/iochannel.h (original)
+++ trunk/src/pulsecore/iochannel.h Wed Jul 19 23:48:35 2006
@@ -25,6 +25,7 @@
 #include <sys/types.h>
 
 #include <pulse/mainloop-api.h>
+#include <pulsecore/creds.h>
 
 /* A wrapper around UNIX file descriptors for attaching them to the a
    main event loop. Everytime new data may be read or be written to
@@ -49,13 +50,13 @@
 ssize_t pa_iochannel_write(pa_iochannel*io, const void*data, size_t l);
 ssize_t pa_iochannel_read(pa_iochannel*io, void*data, size_t l);
 
+#ifdef HAVE_CREDS
 int pa_iochannel_creds_supported(pa_iochannel *io);
 int pa_iochannel_creds_enable(pa_iochannel *io);
 
-struct ucred;
-
-ssize_t pa_iochannel_write_with_creds(pa_iochannel*io, const void*data, size_t l, const struct ucred *ucred);
-ssize_t pa_iochannel_read_with_creds(pa_iochannel*io, void*data, size_t l, struct ucred *ucred, int *creds_valid);
+ssize_t pa_iochannel_write_with_creds(pa_iochannel*io, const void*data, size_t l, const pa_creds *ucred);
+ssize_t pa_iochannel_read_with_creds(pa_iochannel*io, void*data, size_t l, pa_creds *ucred, int *creds_valid);
+#endif
 
 int pa_iochannel_is_readable(pa_iochannel*io);
 int pa_iochannel_is_writable(pa_iochannel*io);

Modified: trunk/src/pulsecore/pdispatch.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/pdispatch.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/pdispatch.c (original)
+++ trunk/src/pulsecore/pdispatch.c Wed Jul 19 23:48:35 2006
@@ -112,7 +112,7 @@
     PA_LLIST_HEAD(struct reply_info, replies);
     pa_pdispatch_drain_callback drain_callback;
     void *drain_userdata;
-    const void *creds;
+    const pa_creds *creds;
 };
 
 static void reply_info_free(struct reply_info *r) {
@@ -180,7 +180,7 @@
     pa_pdispatch_unref(pd);
 }
 
-int pa_pdispatch_run(pa_pdispatch *pd, pa_packet*packet, const struct ucred *creds, void *userdata) {
+int pa_pdispatch_run(pa_pdispatch *pd, pa_packet*packet, const pa_creds *creds, void *userdata) {
     uint32_t tag, command;
     pa_tagstruct *ts = NULL;
     int ret = -1;
@@ -310,7 +310,7 @@
     return pd;
 }
 
-const struct ucred * pa_pdispatch_creds(pa_pdispatch *pd) {
+const pa_creds * pa_pdispatch_creds(pa_pdispatch *pd) {
     assert(pd);
     assert(pd->ref >= 1);
     

Modified: trunk/src/pulsecore/pdispatch.h
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/pdispatch.h?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/pdispatch.h (original)
+++ trunk/src/pulsecore/pdispatch.h Wed Jul 19 23:48:35 2006
@@ -23,12 +23,13 @@
 ***/
 
 #include <inttypes.h>
+
 #include <pulse/mainloop-api.h>
 #include <pulse/def.h>
+
 #include <pulsecore/tagstruct.h>
 #include <pulsecore/packet.h>
-
-struct ucred;
+#include <pulsecore/creds.h>
 
 typedef struct pa_pdispatch pa_pdispatch;
 
@@ -39,7 +40,7 @@
 void pa_pdispatch_unref(pa_pdispatch *pd);
 pa_pdispatch* pa_pdispatch_ref(pa_pdispatch *pd);
 
-int pa_pdispatch_run(pa_pdispatch *pd, pa_packet*p, const struct ucred*creds, void *userdata);
+int pa_pdispatch_run(pa_pdispatch *pd, pa_packet*p, const pa_creds *creds, void *userdata);
 
 void pa_pdispatch_register_reply(pa_pdispatch *pd, uint32_t tag, int timeout, pa_pdispatch_cb_t callback, void *userdata, pa_free_cb_t free_cb);
 
@@ -50,6 +51,6 @@
 /* Remove all reply slots with the give userdata parameter */
 void pa_pdispatch_unregister_reply(pa_pdispatch *pd, void *userdata);
 
-const struct ucred * pa_pdispatch_creds(pa_pdispatch *pd);
+const pa_creds * pa_pdispatch_creds(pa_pdispatch *pd);
 
 #endif

Modified: trunk/src/pulsecore/protocol-native.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/protocol-native.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/protocol-native.c (original)
+++ trunk/src/pulsecore/protocol-native.c Wed Jul 19 23:48:35 2006
@@ -55,6 +55,8 @@
 #include <pulsecore/props.h>
 #include <pulsecore/sample-util.h>
 #include <pulsecore/llist.h>
+#include <pulsecore/creds.h>
+#include <pulsecore/core-util.h>
 
 #include "protocol-native.h"
 
@@ -134,7 +136,7 @@
     pa_idxset *connections;
     uint8_t auth_cookie[PA_NATIVE_COOKIE_LENGTH];
     int auth_cookie_in_property;
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     char *auth_group;
 #endif
 };
@@ -910,25 +912,32 @@
     if (!c->authorized) {
         int success = 0;
         
-#ifdef SCM_CREDENTIALS
-        const struct ucred *ucred = pa_pdispatch_creds(pd);
-
-        if (ucred) {
-            if (ucred->uid == getuid())
+#ifdef HAVE_CREDS
+        const pa_creds *creds;
+
+        if ((creds = pa_pdispatch_creds(pd))) {
+            if (creds->uid == getuid())
                 success = 1;
             else if (c->protocol->auth_group) {
                 int r;
-                
-                if ((r = pa_uid_in_group(ucred->uid, c->protocol->auth_group)) < 0)
-                    pa_log_warn(__FILE__": failed to check group membership.");
-                else if (r > 0)
+                gid_t gid;
+
+                if ((gid = pa_get_gid_of_group(c->protocol->auth_group)) == (gid_t) -1)
+                    pa_log_warn(__FILE__": failed to get GID of group '%s'", c->protocol->auth_group);
+                else if (gid == creds->gid)
                     success = 1;
+                    
+                if (!success) {
+                    if ((r = pa_uid_in_group(creds->uid, c->protocol->auth_group)) < 0)
+                        pa_log_warn(__FILE__": failed to check group membership.");
+                    else if (r > 0)
+                        success = 1;
+                }
             }
                 
-            pa_log_info(__FILE__": Got credentials: pid=%lu uid=%lu gid=%lu auth=%i",
-                        (unsigned long) ucred->pid,
-                        (unsigned long) ucred->uid,
-                        (unsigned long) ucred->gid,
+            pa_log_info(__FILE__": Got credentials: uid=%lu gid=%lu success=%i",
+                        (unsigned long) creds->uid,
+                        (unsigned long) creds->gid,
                         success);
         }
 #endif
@@ -2100,7 +2109,7 @@
 
 /*** pstream callbacks ***/
 
-static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const struct ucred *creds, void *userdata) {
+static void pstream_packet_callback(pa_pstream *p, pa_packet *packet, const pa_creds *creds, void *userdata) {
     struct connection *c = userdata;
     assert(p && packet && packet->data && c);
 
@@ -2272,7 +2281,7 @@
     pa_idxset_put(p->connections, c, NULL);
 
 
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     if (pa_iochannel_creds_supported(io))
         pa_iochannel_creds_enable(io);
     
@@ -2323,8 +2332,18 @@
     p->public = public;
     p->server = NULL;
 
-#ifdef SCM_CREDENTIALS
-    p->auth_group = pa_xstrdup(pa_modargs_get_value(ma, "auth-group", NULL));
+#ifdef HAVE_CREDS
+    {
+        int a = 1;
+        if (pa_modargs_get_value_boolean(ma, "auth-group-enabled", &a) < 0) {
+            pa_log(__FILE__": auth-group-enabled= expects a boolean argument.");
+            return NULL;
+        }
+        p->auth_group = a ? pa_xstrdup(pa_modargs_get_value(ma, "auth-group", c->is_system_instance ? PA_ACCESS_GROUP : NULL)) : NULL;
+
+        if (p->auth_group)
+            pa_log_info(__FILE__": Allowing access to group '%s'.", p->auth_group);
+    }
 #endif
     
     if (load_key(p, pa_modargs_get_value(ma, "cookie", NULL)) < 0) {
@@ -2386,7 +2405,7 @@
     if (p->auth_cookie_in_property)
         pa_authkey_prop_unref(p->core, PA_NATIVE_COOKIE_PROPERTY_NAME);
 
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     pa_xfree(p->auth_group);
 #endif
     pa_xfree(p);

Modified: trunk/src/pulsecore/pstream-util.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/pstream-util.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/pstream-util.c (original)
+++ trunk/src/pulsecore/pstream-util.c Wed Jul 19 23:48:35 2006
@@ -29,7 +29,7 @@
 
 #include "pstream-util.h"
 
-void pa_pstream_send_tagstruct_with_creds(pa_pstream *p, pa_tagstruct *t, const struct ucred *creds) {
+void pa_pstream_send_tagstruct_with_creds(pa_pstream *p, pa_tagstruct *t, const pa_creds *creds) {
     size_t length;
     uint8_t *data;
     pa_packet *packet;

Modified: trunk/src/pulsecore/pstream-util.h
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/pstream-util.h?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/pstream-util.h (original)
+++ trunk/src/pulsecore/pstream-util.h Wed Jul 19 23:48:35 2006
@@ -25,11 +25,10 @@
 #include <inttypes.h>
 #include <pulsecore/pstream.h>
 #include <pulsecore/tagstruct.h>
-
-struct ucred;
+#include <pulsecore/creds.h>
 
 /* The tagstruct is freed!*/
-void pa_pstream_send_tagstruct_with_creds(pa_pstream *p, pa_tagstruct *t, const struct ucred *creds);
+void pa_pstream_send_tagstruct_with_creds(pa_pstream *p, pa_tagstruct *t, const pa_creds *creds);
 
 #define pa_pstream_send_tagstruct(p, t) pa_pstream_send_tagstruct_with_creds((p), (t), 0)
 

Modified: trunk/src/pulsecore/pstream.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/pstream.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/pstream.c (original)
+++ trunk/src/pulsecore/pstream.c Wed Jul 19 23:48:35 2006
@@ -41,6 +41,7 @@
 #include <pulsecore/queue.h>
 #include <pulsecore/log.h>
 #include <pulsecore/core-scache.h>
+#include <pulsecore/creds.h>
 
 #include "pstream.h"
 
@@ -69,9 +70,9 @@
 
     /* packet info */
     pa_packet *packet;
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     int with_creds;
-    struct ucred creds;
+    pa_creds creds;
 #endif
 };
 
@@ -114,8 +115,8 @@
 
     pa_memblock_stat *memblock_stat;
 
-#ifdef SCM_CREDENTIALS
-    struct ucred read_creds, write_creds;
+#ifdef HAVE_CREDS
+    pa_creds read_creds, write_creds;
     int read_creds_valid, send_creds_now;
 #endif
 };
@@ -216,7 +217,7 @@
     pa_iochannel_socket_set_rcvbuf(io, 1024*8); 
     pa_iochannel_socket_set_sndbuf(io, 1024*8);
 
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     p->send_creds_now = 0;
     p->read_creds_valid = 0;
 #endif
@@ -258,7 +259,7 @@
     pa_xfree(p);
 }
 
-void pa_pstream_send_packet(pa_pstream*p, pa_packet *packet, const struct ucred *creds) {
+void pa_pstream_send_packet(pa_pstream*p, pa_packet *packet, const pa_creds *creds) {
     struct item_info *i;
     assert(p && packet && p->ref >= 1);
 
@@ -270,7 +271,7 @@
     i = pa_xnew(struct item_info, 1);
     i->type = PA_PSTREAM_ITEM_PACKET;
     i->packet = pa_packet_ref(packet);
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     if ((i->with_creds = !!creds))
         i->creds = *creds;
 #endif
@@ -294,7 +295,7 @@
     i->channel = channel;
     i->offset = offset;
     i->seek_mode = seek_mode;
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     i->with_creds = 0;
 #endif
 
@@ -334,7 +335,7 @@
         p->write.descriptor[PA_PSTREAM_DESCRIPTOR_SEEK] = htonl(p->write.current->seek_mode);
     }
 
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     if ((p->send_creds_now = p->write.current->with_creds))
         p->write_creds = p->write.current->creds;
     
@@ -364,7 +365,7 @@
         l = ntohl(p->write.descriptor[PA_PSTREAM_DESCRIPTOR_LENGTH]) - (p->write.index - PA_PSTREAM_DESCRIPTOR_SIZE);
     }
 
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     if (p->send_creds_now) {
 
         if ((r = pa_iochannel_write_with_creds(p->io, d, l, &p->write_creds)) < 0)
@@ -406,7 +407,7 @@
         l = ntohl(p->read.descriptor[PA_PSTREAM_DESCRIPTOR_LENGTH]) - (p->read.index - PA_PSTREAM_DESCRIPTOR_SIZE);
     }
 
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
     {
         int b = 0;
         
@@ -495,7 +496,7 @@
                 assert(p->read.packet);
                 
                 if (p->recieve_packet_callback)
-#ifdef SCM_CREDENTIALS                    
+#ifdef HAVE_CREDS
                     p->recieve_packet_callback(p, p->read.packet, p->read_creds_valid ? &p->read_creds : NULL, p->recieve_packet_callback_userdata);
 #else
                     p->recieve_packet_callback(p, p->read.packet, NULL, p->recieve_packet_callback_userdata);
@@ -506,7 +507,7 @@
             }
 
             p->read.index = 0;
-#ifdef SCM_CREDENTIALS
+#ifdef HAVE_CREDS
             p->read_creds_valid = 0;
 #endif
         }

Modified: trunk/src/pulsecore/pstream.h
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/pstream.h?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/pstream.h (original)
+++ trunk/src/pulsecore/pstream.h Wed Jul 19 23:48:35 2006
@@ -26,16 +26,16 @@
 
 #include <pulse/mainloop-api.h>
 #include <pulse/def.h>
+
 #include <pulsecore/packet.h>
 #include <pulsecore/memblock.h>
 #include <pulsecore/iochannel.h>
 #include <pulsecore/memchunk.h>
-
-struct ucred;
+#include <pulsecore/creds.h>
 
 typedef struct pa_pstream pa_pstream;
 
-typedef void (*pa_pstream_packet_cb_t)(pa_pstream *p, pa_packet *packet, const struct ucred *creds, void *userdata);
+typedef void (*pa_pstream_packet_cb_t)(pa_pstream *p, pa_packet *packet, const pa_creds *creds, void *userdata);
 typedef void (*pa_pstream_memblock_cb_t)(pa_pstream *p, uint32_t channel, int64_t offset, pa_seek_mode_t seek, const pa_memchunk *chunk, void *userdata);
 typedef void (*pa_pstream_notify_cb_t)(pa_pstream *p, void *userdata);
 
@@ -43,7 +43,7 @@
 void pa_pstream_unref(pa_pstream*p);
 pa_pstream* pa_pstream_ref(pa_pstream*p);
 
-void pa_pstream_send_packet(pa_pstream*p, pa_packet *packet, const struct ucred *creds);
+void pa_pstream_send_packet(pa_pstream*p, pa_packet *packet, const pa_creds *creds);
 void pa_pstream_send_memblock(pa_pstream*p, uint32_t channel, int64_t offset, pa_seek_mode_t seek, const pa_memchunk *chunk);
 
 void pa_pstream_set_recieve_packet_callback(pa_pstream *p, pa_pstream_packet_cb_t cb, void *userdata);

Modified: trunk/src/pulsecore/socket-server.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/socket-server.c?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/src/pulsecore/socket-server.c (original)
+++ trunk/src/pulsecore/socket-server.c Wed Jul 19 23:48:35 2006
@@ -30,6 +30,7 @@
 #include <sys/types.h>
 #include <stdio.h>
 #include <unistd.h>
+#include <sys/stat.h>
 
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
@@ -185,12 +186,18 @@
     sa.sun_path[sizeof(sa.sun_path) - 1] = 0;
 
     pa_socket_low_delay(fd);
-    
+
     if (bind(fd, (struct sockaddr*) &sa, SUN_LEN(&sa)) < 0) {
         pa_log(__FILE__": bind(): %s", pa_cstrerror(errno));
         goto fail;
     }
 
+    /* Allow access from all clients. Sockets like this one should
+     * always be put inside a directory with proper access rights,
+     * because not all OS check the access rights on the socket
+     * inodes. */
+    chmod(filename, 0777);
+    
     if (listen(fd, 5) < 0) {
         pa_log(__FILE__": listen(): %s", pa_cstrerror(errno));
         goto fail;

Modified: trunk/todo
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/todo?rev=1109&root=pulseaudio&r1=1108&r2=1109&view=diff
==============================================================================
--- trunk/todo (original)
+++ trunk/todo Wed Jul 19 23:48:35 2006
@@ -3,7 +3,6 @@
 Post 0.9.0:
 - alsa mmap driver
 - dbus/hal (Shams King is working on this one)
-- polish for starting polypaudio as root/system-wide instance
 - chroot()
 - module-tunnel: improve latency calculation
 - multiline configuration statements
@@ -32,6 +31,11 @@
 - gconf module + frontend
 - hooks for creating sink inputs
 - insert the low-level device name in the default sink/source name, to make them recognizable
+- ssl
+- key rings for auth
+- challenge response auth
+- sasl auth 
+- setrlimit
 
 Long term:
 - pass meta info for hearing impaired




More information about the pulseaudio-commits mailing list