aboutsummaryrefslogtreecommitdiff
path: root/src/kms/kms_client.c
diff options
context:
space:
mode:
authordec05eba <dec05eba@protonmail.com>2023-04-08 05:50:43 +0200
committerdec05eba <dec05eba@protonmail.com>2023-04-08 05:50:43 +0200
commitbe388cda5ff9e96078e39ff9c5f963e4b8fc451c (patch)
treec8cf08ca85e165206b927741c0b68201bdd6dd38 /src/kms/kms_client.c
parent8d250f7e33d568b26d2a034e10b33f0cd193268d (diff)
kms permission ok if running as root, no pkexec needed
Diffstat (limited to 'src/kms/kms_client.c')
-rw-r--r--src/kms/kms_client.c35
1 files changed, 18 insertions, 17 deletions
diff --git a/src/kms/kms_client.c b/src/kms/kms_client.c
index ededbe9..e689aaf 100644
--- a/src/kms/kms_client.c
+++ b/src/kms/kms_client.c
@@ -67,29 +67,30 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path, const char
struct sockaddr_un local_addr = {0};
struct sockaddr_un remote_addr = {0};
- // TODO: Check if gsr-kms-server is installed
- // TODO: Check if pkexec is installed
-
char server_filepath[PATH_MAX];
snprintf(server_filepath, sizeof(server_filepath), "%s/%s", program_dir, "gsr-kms-server");
int has_perm = 0;
- cap_t kms_server_cap = cap_get_file(server_filepath);
- if(kms_server_cap) {
- cap_flag_value_t res = 0;
- cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res);
- if(res == CAP_SET) {
- //fprintf(stderr, "has permission!\n");
- has_perm = 1;
+ if(geteuid() == 0) {
+ has_perm = 1;
+ } else {
+ cap_t kms_server_cap = cap_get_file(server_filepath);
+ if(kms_server_cap) {
+ cap_flag_value_t res = 0;
+ cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res);
+ if(res == CAP_SET) {
+ //fprintf(stderr, "has permission!\n");
+ has_perm = 1;
+ } else {
+ //fprintf(stderr, "No permission:(\n");
+ }
+ cap_free(kms_server_cap);
} else {
- //fprintf(stderr, "No permission:(\n");
+ if(errno == ENODATA)
+ fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath);
+ else
+ fprintf(stderr, "failed to get cap\n");
}
- cap_free(kms_server_cap);
- } else {
- if(errno == ENODATA)
- fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath);
- else
- fprintf(stderr, "failed to get cap\n");
}
self->card_path = strdup(card_path);