Tree - rpms/pulseaudio - src.fedoraproject.org

rpms / pulseaudio

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: lennart
EPEL:: lennart
Files

Commit: b0ed4f1fdad9293612f5d070e094106df7a2c425
Blob Blame History Raw
From 8fcf8065b8329ab9abe14ecddc1040e14adc6461 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Fri, 15 Jul 2016 12:36:45 +0200
Subject: [PATCH 08/18] module-access: use the auth hook and pid

Connect to the client_auth hook and also check the pid from the
credentials to find the right policy for a client.
---
 src/modules/module-access.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/src/modules/module-access.c b/src/modules/module-access.c
index 290d052..c00612a 100644
--- a/src/modules/module-access.c
+++ b/src/modules/module-access.c
@@ -89,6 +89,7 @@ struct userdata {
 
     pa_hashmap *clients;
     pa_hook_slot *client_put_slot;
+    pa_hook_slot *client_auth_slot;
     pa_hook_slot *client_proplist_changed_slot;
     pa_hook_slot *client_unlink_slot;
 };
@@ -368,6 +369,9 @@ static uint32_t find_policy_for_client (struct userdata *u, pa_client *cl) {
     pa_log ("client proplist %s", s);
     pa_xfree(s);
 
+    if (cl->creds_valid) {
+      pa_log ("client has trusted pid %d", cl->creds.pid);
+    }
     return u->default_policy;
 }
 
@@ -381,6 +385,8 @@ static pa_hook_result_t client_put_cb(pa_core *c, pa_object *o, struct userdata
     cl = (pa_client *) o;
     pa_assert(cl);
 
+    /* when we get here, the client just connected and is not yet authenticated
+     * we should probably install a policy that denies all access */
     policy = find_policy_for_client(u, cl);
 
     client_data_new(u, cl->index, policy);
@@ -388,6 +394,27 @@ static pa_hook_result_t client_put_cb(pa_core *c, pa_object *o, struct userdata
     return PA_HOOK_OK;
 }
 
+static pa_hook_result_t client_auth_cb(pa_core *c, pa_object *o, struct userdata *u) {
+    pa_client *cl;
+    client_data *cd;
+    uint32_t policy;
+
+    pa_assert(c);
+    pa_object_assert_ref(o);
+
+    cl = (pa_client *) o;
+    pa_assert(cl);
+
+    cd = client_data_get (u, cl->index);
+    if (cd == NULL)
+        return PA_HOOK_OK;
+
+    policy = find_policy_for_client(u, cl);
+    cd->policy = policy;
+
+    return PA_HOOK_OK;
+}
+
 static pa_hook_result_t client_proplist_changed_cb(pa_core *c, pa_object *o, struct userdata *u) {
     pa_client *cl;
     client_data *cd;
@@ -446,6 +473,7 @@ int pa__init(pa_module*m) {
                                                     (pa_free_cb_t) client_data_free);
 
     u->client_put_slot = pa_hook_connect(&u->core->hooks[PA_CORE_HOOK_CLIENT_PUT], PA_HOOK_EARLY, (pa_hook_cb_t) client_put_cb, u);
+    u->client_auth_slot = pa_hook_connect(&u->core->hooks[PA_CORE_HOOK_CLIENT_AUTH], PA_HOOK_EARLY, (pa_hook_cb_t) client_auth_cb, u);
     u->client_proplist_changed_slot = pa_hook_connect(&u->core->hooks[PA_CORE_HOOK_CLIENT_PROPLIST_CHANGED], PA_HOOK_EARLY, (pa_hook_cb_t) client_proplist_changed_cb, u);
     u->client_unlink_slot = pa_hook_connect(&u->core->hooks[PA_CORE_HOOK_CLIENT_UNLINK], PA_HOOK_EARLY, (pa_hook_cb_t) client_unlink_cb, u);
 
@@ -519,6 +547,8 @@ void pa__done(pa_module*m) {
 
     if (u->client_put_slot)
         pa_hook_slot_free(u->client_put_slot);
+    if (u->client_auth_slot)
+        pa_hook_slot_free(u->client_auth_slot);
     if (u->client_proplist_changed_slot)
         pa_hook_slot_free(u->client_proplist_changed_slot);
     if (u->client_unlink_slot)
-- 
2.9.3
rpms / pulseaudio

Source Code

Files
