diff options
author | dec05eba <dec05eba@protonmail.com> | 2023-04-08 05:50:43 +0200 |
---|---|---|
committer | dec05eba <dec05eba@protonmail.com> | 2023-04-08 05:50:43 +0200 |
commit | be388cda5ff9e96078e39ff9c5f963e4b8fc451c (patch) | |
tree | c8cf08ca85e165206b927741c0b68201bdd6dd38 | |
parent | 8d250f7e33d568b26d2a034e10b33f0cd193268d (diff) |
kms permission ok if running as root, no pkexec needed
-rw-r--r-- | src/kms/kms_client.c | 35 | ||||
-rw-r--r-- | src/kms/kms_server.c | 4 |
2 files changed, 21 insertions, 18 deletions
diff --git a/src/kms/kms_client.c b/src/kms/kms_client.c index ededbe9..e689aaf 100644 --- a/src/kms/kms_client.c +++ b/src/kms/kms_client.c @@ -67,29 +67,30 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path, const char struct sockaddr_un local_addr = {0}; struct sockaddr_un remote_addr = {0}; - // TODO: Check if gsr-kms-server is installed - // TODO: Check if pkexec is installed - char server_filepath[PATH_MAX]; snprintf(server_filepath, sizeof(server_filepath), "%s/%s", program_dir, "gsr-kms-server"); int has_perm = 0; - cap_t kms_server_cap = cap_get_file(server_filepath); - if(kms_server_cap) { - cap_flag_value_t res = 0; - cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res); - if(res == CAP_SET) { - //fprintf(stderr, "has permission!\n"); - has_perm = 1; + if(geteuid() == 0) { + has_perm = 1; + } else { + cap_t kms_server_cap = cap_get_file(server_filepath); + if(kms_server_cap) { + cap_flag_value_t res = 0; + cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res); + if(res == CAP_SET) { + //fprintf(stderr, "has permission!\n"); + has_perm = 1; + } else { + //fprintf(stderr, "No permission:(\n"); + } + cap_free(kms_server_cap); } else { - //fprintf(stderr, "No permission:(\n"); + if(errno == ENODATA) + fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath); + else + fprintf(stderr, "failed to get cap\n"); } - cap_free(kms_server_cap); - } else { - if(errno == ENODATA) - fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath); - else - fprintf(stderr, "failed to get cap\n"); } self->card_path = strdup(card_path); diff --git a/src/kms/kms_server.c b/src/kms/kms_server.c index f811050..e7ee02f 100644 --- a/src/kms/kms_server.c +++ b/src/kms/kms_server.c @@ -73,6 +73,7 @@ static int get_kms(const char *card_path, gsr_kms_response *response) { if (0 != drmSetClientCap(drmfd, DRM_CLIENT_CAP_UNIVERSAL_PLANES, 1)) { response->result = KMS_RESULT_INSUFFICIENT_PERMISSIONS; snprintf(response->data.err_msg, sizeof(response->data.err_msg), "drmSetClientCap failed, error: %s", strerror(errno)); + close(drmfd); return -1; } @@ -80,6 +81,7 @@ static int get_kms(const char *card_path, gsr_kms_response *response) { if (!planes) { response->result = KMS_RESULT_FAILED_TO_GET_KMS; snprintf(response->data.err_msg, sizeof(response->data.err_msg), "failed to access planes, error: %s", strerror(errno)); + close(drmfd); return -1; } @@ -134,7 +136,7 @@ static int get_kms(const char *card_path, gsr_kms_response *response) { } drmModeFreePlaneResources(planes); - close(drmfd); // TODO? + close(drmfd); if(response->data.fd.fd == 0) { response->result = KMS_RESULT_NO_KMS_AVAILABLE; |