Hi,
i am on the train and had nothing to do, so here it is:
rip out the resmgr/group/etc access control.
This may help getting this going, i'll probably not commit it since it
is incomplete (e.g. checkPermissions() probably should go away completely).
But a little bit of the long boring stuff is done ;-)
Thomas, i hope this helps getting rid of the socket stuff.
If you want me to commit it (hey, it compiles and i can run it! ;-) drop
me a note and i'll do it.
--
Stefan Seyfried \ "I didn't want to write for pay. I
QA / R&D Team Mobile Devices \ wanted to be paid for what I write."
SUSE LINUX Products GmbH, Nürnberg \ -- Leonard Cohen
diff -rup /tmp/powersave/powersave-0.10.6/config_files/common
./config_files/common
--- /tmp/powersave/powersave-0.10.6/config_files/common 2005-07-22
11:46:07.000000000 +0200
+++ ./config_files/common 2005-08-05 20:33:30.000000000 +0200
@@ -71,10 +71,12 @@ NOTIFY_METHOD=""
## Default: "ac battery button fan processor thermal"
## ServiceRestart: powersaved
#
-# The powersaved startscript will load all necessary modules for acpi. If some
of
+# The acpid startscript will load all necessary modules for acpi. If some of
# these modules cause trouble, you may remove it from this variable. You may
# add the modules asus_acpi or toshiba_acpi if your computer is an Asus or a
# Toshiba. Seperate several modules by space.
+# If this variable is empty, the default is used. If you want to disable
+# module loading, enter "NONE".
#
ACPI_MODULES=""
@@ -159,16 +161,6 @@ START_ACPID=""
SECURITY=""
## Path: System/Powermanagement/Powersave/General
-## Type: string
-## Default "powersave"
-#
-# If the daemon is started with group security policy (powersave -a param)
-# you can specify the system group that is allowed to connect to the daemon
-# by default the resource mangager (resmgr) policy is used and this
-# variable is ignored
-PM_GROUP=""
-
-## Path: System/Powermanagement/Powersave/General
## Type: integer(1:100)
## Default "0"
#
diff -rup /tmp/powersave/powersave-0.10.6/daemon/clientConnection.cpp
./daemon/clientConnection.cpp
--- /tmp/powersave/powersave-0.10.6/daemon/clientConnection.cpp 2005-08-02
18:52:10.000000000 +0200
+++ ./daemon/clientConnection.cpp 2005-08-05 20:23:26.000000000 +0200
@@ -24,9 +24,6 @@ clientConnection::clientConnection(PM_ST
// allocate memory for the socketoperations
sockOp = new (socketOpts);
-
- // set the user management in reference to the configuration
- sockOp->setUserManagement(config->user_management,
config->current_scheme->PM_GROUP);
}
diff -rup /tmp/powersave/powersave-0.10.6/daemon/config_pm.cpp
./daemon/config_pm.cpp
--- /tmp/powersave/powersave-0.10.6/daemon/config_pm.cpp 2005-08-05
10:28:26.000000000 +0200
+++ ./daemon/config_pm.cpp 2005-08-05 20:34:05.000000000 +0200
@@ -32,7 +32,6 @@ PS_Config::PS_Config(){
ENABLE_THERMAL_MANAGEMENT = OFF;
- PM_GROUP = "powersave";
USER_STANDBY_DISABLED = 1;
USER_SUSPEND2DISK_DISABLED = 0;
USER_SUSPEND2RAM_DISABLED = 1;
@@ -180,10 +179,6 @@ void PS_Config::assignConfigEntries(){
CPU_IDLE_LIMIT = checkValue(CPU_IDLE_LIMIT, "CPU_IDLE_LIMIT", 0, 100);
POWER_BUTTON_DELAY = checkValue(POWER_BUTTON_DELAY, "POWERBTN_DELAY",
0);
- s = data["PM_GROUP"];
- if (s != "")
- PM_GROUP = s.c_str();
-
FORCE_BATTERY_POLLING = checkYes(FORCE_BATTERY_POLLING,
"FORCE_BATTERY_POLLING");
USER_SUSPEND2DISK_DISABLED = checkYes(USER_SUSPEND2DISK_DISABLED,
"DISABLE_USER_SUSPEND2DISK");
USER_SUSPEND2RAM_DISABLED = checkYes(USER_SUSPEND2RAM_DISABLED,
"DISABLE_USER_SUSPEND2RAM");
diff -rup /tmp/powersave/powersave-0.10.6/daemon/config_pm.h
./daemon/config_pm.h
--- /tmp/powersave/powersave-0.10.6/daemon/config_pm.h 2005-07-08
22:11:19.000000000 +0200
+++ ./daemon/config_pm.h 2005-08-05 20:34:23.000000000 +0200
@@ -29,8 +29,6 @@ enum CPUFREQ_CONTROL_MODE{CPUFREQ_USERSP
enum THERMAL_MANAGEMENT_DELIGATION { OFF, KERNEL };
-enum ACCESS_MODE { ACCESS_ALL=1, ACCESS_RESMGR, ACCESS_GROUP, ACCESS_ROOT };
-
class Event;
class GeneralConfig;
@@ -78,8 +76,6 @@ class PS_Config{
* the idle event is thrown */
int CPU_IDLE_LIMIT;
- string PM_GROUP;
-
/** @brief should niced processes count for cpufreq calculatiob, too? */
int CONSIDER_NICE;
@@ -199,9 +195,6 @@ class GeneralConfig: public PS_Config {
string config_dir;
int disable_CPU_freq;
int no_of_schemes;
- /** @brief this is given by parameter */
- static ACCESS_MODE user_management;
-
GeneralConfig();
virtual ~GeneralConfig();
diff -rup /tmp/powersave/powersave-0.10.6/daemon/general_config.cpp
./daemon/general_config.cpp
--- /tmp/powersave/powersave-0.10.6/daemon/general_config.cpp 2005-07-05
15:57:23.000000000 +0200
+++ ./daemon/general_config.cpp 2005-08-05 20:32:28.000000000 +0200
@@ -4,8 +4,6 @@
#include <dirent.h>
-ACCESS_MODE GeneralConfig::user_management = ACCESS_ROOT;
-
void PS_Config::strtointErr(char *str, int line, const char *file){
pDebug(DBG_ERR, "Could not convert string to int; given string: '%s' in"
" line %d; config file: %s\n", str, line, file);
@@ -302,24 +300,10 @@ int GeneralConfig::setActiveSchemeByPowe
ostream& operator<<(ostream& os, const GeneralConfig &gc){
string ret;
- string access_m = "";
int x;
- if (gc.user_management == ACCESS_ROOT)
- access_m = "root";
- else if (gc.user_management == ACCESS_GROUP)
- access_m = "group";
- else if (gc.user_management == ACCESS_RESMGR)
- access_m = "managed by resmgr";
- else if (gc.user_management == ACCESS_ALL)
- access_m = "all";
- else
- access_m = "undefined";
-
os << endl << endl
<< "GENERAL CONFIGURATIONS:";
- os << endl << "Users that are allowed to connect through socket:
" << access_m;
- os << (gc.user_management == ACCESS_GROUP ? gc.PM_GROUP : "");
os << endl << "Force CPU frequency scaling to be disabled: " <<
(gc.disable_CPU_freq == 1 ? "yes" : "no");
os << endl << "gc.AC_SCHEME: " << ((gc.AC_scheme == NULL) ? "Not
available" : gc.AC_scheme->SCHEME_NAME);
os << endl << "gc.BATTERY_SCHEME: " << ((gc.Battery_scheme ==
NULL) ? "Not available" : gc.Battery_scheme->SCHEME_NAME);
diff -rup /tmp/powersave/powersave-0.10.6/daemon/powersaved.cpp
./daemon/powersaved.cpp
--- /tmp/powersave/powersave-0.10.6/daemon/powersaved.cpp 2005-08-05
11:50:12.000000000 +0200
+++ ./daemon/powersaved.cpp 2005-08-05 20:22:36.000000000 +0200
@@ -126,9 +126,6 @@ int PM_Interface::rereadConfig(){
config->current_scheme->CONSIDER_NICE);
}
}
- /* maybe group that is allowed to access has changed, set it in socket
class */
- if (config->user_management == ACCESS_GROUP)
- server_socket.setUserManagement(config->user_management,
config->current_scheme->PM_GROUP);
return ret;
}
@@ -241,8 +238,6 @@ PM_Interface::PM_Interface(GeneralConfig
pDebug (DBG_ERR, "Cannot create cpufreq objects");
}
}
-
- server_socket.setUserManagement(config->user_management,
config->current_scheme->PM_GROUP);
// allocate memory for event management object
eM = new EventManagement();
@@ -1101,7 +1096,7 @@ void get_args(int argc, char** argv, Gen
{NULL, 0, 0, 0},
};
while (1){
- int i = getopt_long(argc, argv, "v:c:s:a:x:f:ndh", opts,
&option_index);
+ int i = getopt_long(argc, argv, "v:c:s:x:f:ndh", opts,
&option_index);
if (i == -1){
break;
}
diff -rup /tmp/powersave/powersave-0.10.6/daemon/scheme_config.cpp
./daemon/scheme_config.cpp
--- /tmp/powersave/powersave-0.10.6/daemon/scheme_config.cpp 2005-07-08
22:11:19.000000000 +0200
+++ ./daemon/scheme_config.cpp 2005-08-05 20:35:07.000000000 +0200
@@ -26,7 +26,6 @@ SchemeConfig::SchemeConfig(string file_n
ENABLE_THERMAL_MANAGEMENT = gc.ENABLE_THERMAL_MANAGEMENT;
- PM_GROUP = gc.PM_GROUP;
USER_STANDBY_DISABLED = gc.USER_STANDBY_DISABLED;
USER_SUSPEND2DISK_DISABLED = gc.USER_SUSPEND2DISK_DISABLED;
USER_SUSPEND2RAM_DISABLED = gc.USER_SUSPEND2RAM_DISABLED;
diff -rup /tmp/powersave/powersave-0.10.6/daemon/server_socket.cpp
./daemon/server_socket.cpp
--- /tmp/powersave/powersave-0.10.6/daemon/server_socket.cpp 2005-06-26
12:27:35.000000000 +0200
+++ ./daemon/server_socket.cpp 2005-08-05 20:29:22.000000000 +0200
@@ -19,14 +19,12 @@
ServerSocket::ServerSocket(){
- user_management = ACCESS_ROOT;
accepted_sockfd = -1;
socket_fd = -1;
}
ServerSocket::~ServerSocket(){
- user_management = ACCESS_ROOT;
if (socket_fd != -1)
closeSocket();
}
@@ -88,18 +86,11 @@ int ServerSocket::checkPermission(){
struct sockaddr_un client_address;
socklen_t client_len;
- int result, k;
- group *groupinfo = NULL;
-
+ int result;
struct ucred cred;
struct passwd *pwd = NULL;
socklen_t len = sizeof(cred);
-#ifdef HAVE_LIBRESMGR
- char *p;
- char **sessions = NULL;
- char **sessions_free = NULL;
-#endif
client_len = sizeof(client_address);
// should never hang ...
@@ -108,80 +99,15 @@ int ServerSocket::checkPermission(){
pDebug(DBG_DIAG, "Server threw error after accept: %s\n",
strerror(errno));
return -1;
}
- if ( user_management == ACCESS_ALL ){
+ if ( getsockopt(accepted_sockfd, SOL_SOCKET, SO_PEERCRED, &cred, &len)
< 0 ){
+ pDebug(DBG_DIAG, "getsockopt failed");
+ return -1;
}
- else {
- if ( getsockopt(accepted_sockfd, SOL_SOCKET, SO_PEERCRED,
&cred, &len) < 0 ){
- pDebug(DBG_DIAG, "getsockopt failed");
- return -1;
- }
- if ((pwd = getpwuid(cred.uid)) == NULL || !pwd->pw_name)
- goto no_rights;
+ if ((pwd = getpwuid(cred.uid)) == NULL || !pwd->pw_name)
+ goto no_rights;
- if ( user_management == ACCESS_RESMGR ){
-#ifdef HAVE_LIBRESMGR
- // only need resmgr if no root user tries to connect
- if ( cred.uid ){
- sessions = rsm_list_sessions();
- sessions_free = sessions;
- if ( !sessions || !*sessions )
- goto no_rights;
- int okay = 0;
- pwd = getpwuid(cred.uid);
- for ( ; sessions && *sessions; sessions++ ){
- p = strstr( *sessions, " " );
- if ( p && *(p+1) && !strcmp( p+1,
pwd->pw_name ) ){
- okay = 1;
- break;
- }
- }
- if (sessions_free){
- for (k=0; sessions_free[k]; k++)
- free(sessions_free[k]);
- free(sessions_free);
- }
- if ( !okay ){
- pDebug(DBG_DIAG, "user %s has no resmgr
session"
- " and is not allowed to
connect.",
- pwd->pw_name);
- goto no_rights;
- }
- }
-#else
- pDebug (DBG_ERR, "Binary has no resmgr support compiled
in, fall back"
- "to root user management");
- user_management = ACCESS_ROOT;
-#endif
- }
- /* is a member of the powersave group connecting ?*/
- else if ( user_management == ACCESS_GROUP ) {
- groupinfo = getgrnam(pm_group.c_str());
- if (cred.uid && (groupinfo == NULL || groupinfo->gr_mem
== NULL)){
- pDebug(DBG_DIAG, "Could not find group: %s that
is "
- "allowed to use PM. Only root will be
allowed to connect to daemon."
- , pm_group.c_str());
- goto no_rights;
- }
- if (cred.uid){
- for ( k=0; *(groupinfo->gr_mem+k); k++){
- int m =
min(strlen(*(groupinfo->gr_mem+k)), strlen(pm_group.c_str()));
- if (!strncmp(*(groupinfo->gr_mem+k),
pwd->pw_name, m)){
- pDebug(DBG_DIAG, "%s is a
member of group %s - allowed to connect",
- pwd->pw_name,
pm_group.c_str());
- break;
- }
- else
- continue;
- }
- if (!*(groupinfo->gr_mem+k))
- goto no_rights;
- }
- }
- else if ( user_management == ACCESS_ROOT ){
- if (cred.uid)
- goto no_rights;
- }
- }
+ if (cred.uid)
+ goto no_rights;
return 1;
no_rights:
@@ -364,13 +290,6 @@ void ServerSocket::closeSocket(){
close(socket_fd);
}
-void ServerSocket::setUserManagement(ACCESS_MODE um, string group){
-
- pm_group = group;
- user_management = um;
-
-}
-
// reads one 'line' from a filedescriptor and returns it. The 'line' has to be
// terminated with \0
diff -rup /tmp/powersave/powersave-0.10.6/daemon/server_socket.h
./daemon/server_socket.h
--- /tmp/powersave/powersave-0.10.6/daemon/server_socket.h 2004-11-17
12:44:28.000000000 +0100
+++ ./daemon/server_socket.h 2005-08-05 20:24:35.000000000 +0200
@@ -12,7 +12,6 @@ class ServerSocket {
private:
int socket_fd;
int accepted_sockfd;
- ACCESS_MODE user_management;
string pm_group;
public:
@@ -26,7 +25,6 @@ class ServerSocket {
int sendIntReply(int reply);
int sendLongReply(int64_t reply);
int sendSchemesReply (GeneralConfig *configs);
- void setUserManagement(ACCESS_MODE um, string pm_group);
int getAcceptedSockFD();
//reads one line from a filedescription and returns it. The line has to
be terminated with \n
char *readLine(int fd);
Only in ./docs/autodocs: CVS
Only in ./docs: CVS
diff -rup /tmp/powersave/powersave-0.10.6/docs/README.user_management
./docs/README.user_management
--- /tmp/powersave/powersave-0.10.6/docs/README.user_management 2005-07-04
18:33:57.000000000 +0200
+++ ./docs/README.user_management 2005-08-05 20:36:53.000000000 +0200
@@ -1,35 +1,2 @@
-There are 4 types the daemon might allow user's to
-connect to the daemon (e.g. with powersave/kpowersave):
-
-
-ALL:
-Everybody is allowed to connect to the daemon
-
-RESMGR:
-The daemon asks the resmgr who is allowed to
-obtain PM related info or control.
-
-GROUP:
-You can specify a system group in common config file
-and add users to this group that are allowed to
-communicate with the daemon
-
-ROOT:
-The superuser is always allowed to connect.
-If the -a parameter is missing at all, when invoking
-the powersaved, only root is allowed to connect.
-
-Also see the manpage of powersaved (param: -a).
-You can change the security settings in the
-/etc/sysconfig/powerave/common file by modifing the
-variable:
-SECURITY
-and if you have chosen group you can specify the group
-that is allowed to connect to the daemon through the
-variable:
-PM_GROUP
-This will tell the init script to always use this settings
-at boot time.
-
-Note that for the resmgr setting support has to be compiled
-in and the resource manager package needs to be installed.
+Access control is now handled via DBus, have a look at
+/etc/dbus-1/system.d/powersave.conf._______________________________________________
powersave-devel mailing list
[email protected]
http://forge.novell.com/mailman/listinfo/powersave-devel
