diff options
author | dec05eba <dec05eba@protonmail.com> | 2023-04-08 05:50:43 +0200 |
---|---|---|
committer | dec05eba <dec05eba@protonmail.com> | 2023-04-08 05:50:43 +0200 |
commit | be388cda5ff9e96078e39ff9c5f963e4b8fc451c (patch) | |
tree | c8cf08ca85e165206b927741c0b68201bdd6dd38 /src/kms/kms_client.c | |
parent | 8d250f7e33d568b26d2a034e10b33f0cd193268d (diff) |
kms permission ok if running as root, no pkexec needed
Diffstat (limited to 'src/kms/kms_client.c')
-rw-r--r-- | src/kms/kms_client.c | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/src/kms/kms_client.c b/src/kms/kms_client.c index ededbe9..e689aaf 100644 --- a/src/kms/kms_client.c +++ b/src/kms/kms_client.c @@ -67,29 +67,30 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path, const char struct sockaddr_un local_addr = {0}; struct sockaddr_un remote_addr = {0}; - // TODO: Check if gsr-kms-server is installed - // TODO: Check if pkexec is installed - char server_filepath[PATH_MAX]; snprintf(server_filepath, sizeof(server_filepath), "%s/%s", program_dir, "gsr-kms-server"); int has_perm = 0; - cap_t kms_server_cap = cap_get_file(server_filepath); - if(kms_server_cap) { - cap_flag_value_t res = 0; - cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res); - if(res == CAP_SET) { - //fprintf(stderr, "has permission!\n"); - has_perm = 1; + if(geteuid() == 0) { + has_perm = 1; + } else { + cap_t kms_server_cap = cap_get_file(server_filepath); + if(kms_server_cap) { + cap_flag_value_t res = 0; + cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res); + if(res == CAP_SET) { + //fprintf(stderr, "has permission!\n"); + has_perm = 1; + } else { + //fprintf(stderr, "No permission:(\n"); + } + cap_free(kms_server_cap); } else { - //fprintf(stderr, "No permission:(\n"); + if(errno == ENODATA) + fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath); + else + fprintf(stderr, "failed to get cap\n"); } - cap_free(kms_server_cap); - } else { - if(errno == ENODATA) - fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath); - else - fprintf(stderr, "failed to get cap\n"); } self->card_path = strdup(card_path); |