diff options
author | dec05eba <dec05eba@protonmail.com> | 2023-04-09 15:54:29 +0200 |
---|---|---|
committer | dec05eba <dec05eba@protonmail.com> | 2023-04-09 15:54:29 +0200 |
commit | cb82677ae8e7b3d5ef35a36b7c6d88020959864c (patch) | |
tree | f053a6b29d766d4dad977cfbd2fa2fcd985f1459 /src/kms/kms_client.c | |
parent | e3702f147ff5462a03299115f0e7765715a37976 (diff) |
Move kms client and server to separate directories
Diffstat (limited to 'src/kms/kms_client.c')
-rw-r--r-- | src/kms/kms_client.c | 245 |
1 files changed, 0 insertions, 245 deletions
diff --git a/src/kms/kms_client.c b/src/kms/kms_client.c deleted file mode 100644 index cddd8ff..0000000 --- a/src/kms/kms_client.c +++ /dev/null @@ -1,245 +0,0 @@ -#include "../../include/kms/kms_client.h" -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <errno.h> -#include <unistd.h> -#include <signal.h> -#include <limits.h> -#include <stdbool.h> -#include <sys/socket.h> -#include <sys/un.h> -#include <sys/wait.h> -#include <sys/capability.h> - -static bool is_inside_flatpak(void) { - return getenv("FLATPAK_ID") != NULL; -} - -static int send_msg_to_server(int server_fd, gsr_kms_request *request) { - struct iovec iov; - iov.iov_base = request; - iov.iov_len = sizeof(*request); - - struct msghdr request_message = {0}; - request_message.msg_iov = &iov; - request_message.msg_iovlen = 1; - - return sendmsg(server_fd, &request_message, 0); -} - -static int recv_msg_from_server(int server_fd, gsr_kms_response *response) { - struct iovec iov; - iov.iov_base = response; - iov.iov_len = sizeof(*response); - - struct msghdr response_message = {0}; - response_message.msg_iov = &iov; - response_message.msg_iovlen = 1; - - char cmsgbuf[CMSG_SPACE(sizeof(int))]; - memset(cmsgbuf, 0, sizeof(cmsgbuf)); - response_message.msg_control = cmsgbuf; - response_message.msg_controllen = sizeof(cmsgbuf); - - int res = recvmsg(server_fd, &response_message, MSG_WAITALL); - if(res <= 0) - return res; - - if(response->result == KMS_RESULT_OK) - response->data.fd.fd = 0; - - struct cmsghdr *cmsg = CMSG_FIRSTHDR(&response_message); - if(cmsg) { - fprintf(stderr, "got cmsg, %d\n", cmsg->cmsg_type); - if(cmsg->cmsg_type == SCM_RIGHTS) { - int kms_fd = 0; - memcpy(&kms_fd, CMSG_DATA(cmsg), sizeof(int)); - fprintf(stderr, "kms fd: %d\n", kms_fd); - response->data.fd.fd = kms_fd; - } - } - - return res; -} - -int gsr_kms_client_init(gsr_kms_client *self, const char *card_path, const char *program_dir) { - self->kms_server_pid = -1; - self->card_path = NULL; - self->socket_fd = -1; - self->client_fd = -1; - self->socket_path[0] = '\0'; - struct sockaddr_un local_addr = {0}; - struct sockaddr_un remote_addr = {0}; - - bool inside_flatpak = is_inside_flatpak(); - char server_filepath[PATH_MAX]; - snprintf(server_filepath, sizeof(server_filepath), "%s/%s", program_dir, "gsr-kms-server"); - if(access(server_filepath, F_OK) != 0 || inside_flatpak) - snprintf(server_filepath, sizeof(server_filepath), "gsr-kms-server"); // Assume gsr-kms-server is in $PATH - - bool has_perm = 0; - if(geteuid() == 0) { - has_perm = true; - } else { - cap_t kms_server_cap = cap_get_file(server_filepath); - if(kms_server_cap) { - cap_flag_value_t res = 0; - cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res); - if(res == CAP_SET) { - //fprintf(stderr, "has permission!\n"); - has_perm = true; - } else { - //fprintf(stderr, "No permission:(\n"); - } - cap_free(kms_server_cap); - } else { - if(errno == ENODATA) - fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath); - else - fprintf(stderr, "gsr info: gsr_kms_client_init: failed to get cap\n"); - } - } - - fprintf(stderr, "gsr info: gsr server path: %s, exists: %s\n", server_filepath, access(server_filepath, F_OK) == 0 ? "yes" : "no"); - - self->card_path = strdup(card_path); - if(!self->card_path) { - fprintf(stderr, "gsr error: gsr_kms_client_init: failed to duplicate card_path\n"); - goto err; - } - - strcpy(self->socket_path, "/tmp/gsr-kms-socket-XXXXXX"); - if(!tmpnam(self->socket_path)) { - fprintf(stderr, "gsr error: gsr_kms_client_init: mkstemp failed, error: %s\n", strerror(errno)); - goto err; - } - - self->socket_fd = socket(AF_UNIX, SOCK_STREAM, 0); - if(self->socket_fd == -1) { - fprintf(stderr, "gsr error: gsr_kms_client_init: socket failed, error: %s\n", strerror(errno)); - goto err; - } - - local_addr.sun_family = AF_UNIX; - strncpy(local_addr.sun_path, self->socket_path, sizeof(local_addr.sun_path)); - if(bind(self->socket_fd, (struct sockaddr*)&local_addr, sizeof(local_addr.sun_family) + strlen(local_addr.sun_path)) == -1) { - fprintf(stderr, "gsr error: gsr_kms_client_init: failed to bind socket, error: %s\n", strerror(errno)); - goto err; - } - - if(listen(self->socket_fd, 1) == -1) { - fprintf(stderr, "gsr error: gsr_kms_client_init: failed to listen on socket, error: %s\n", strerror(errno)); - goto err; - } - - pid_t pid = fork(); - if(pid == -1) { - fprintf(stderr, "gsr error: gsr_kms_client_init: fork failed, error: %s\n", strerror(errno)); - goto err; - } else if(pid == 0) { /* child */ - if(has_perm) { - const char *args[] = { server_filepath, self->socket_path, NULL }; - execvp(args[0], (char *const*)args); - } else if(inside_flatpak) { - const char *args[] = { "flatpak-spawn", "--host", "pkexec", server_filepath, self->socket_path, NULL }; - execvp(args[0], (char *const*)args); - } else { - const char *args[] = { "pkexec", server_filepath, self->socket_path, NULL }; - execvp(args[0], (char *const*)args); - } - perror("execvp"); - _exit(127); - } else { /* parent */ - self->kms_server_pid = pid; - } - - fprintf(stderr, "gsr info: gsr_kms_client_init: waiting for client to connect\n"); - for(;;) { - struct timeval tv; - fd_set rfds; - FD_ZERO(&rfds); - FD_SET(self->socket_fd, &rfds); - - tv.tv_sec = 0; - tv.tv_usec = 100 * 1000; // 100 ms - - int select_res = select(1 + self->socket_fd, &rfds, NULL, NULL, &tv); - if(select_res > 0) { - socklen_t sock_len = 0; - self->client_fd = accept(self->socket_fd, (struct sockaddr*)&remote_addr, &sock_len); - if(self->client_fd == -1) { - fprintf(stderr, "gsr error: gsr_kms_client_init: accept failed on socket, error: %s\n", strerror(errno)); - goto err; - } - break; - } else { - int status; - int wait_result = waitpid(self->kms_server_pid, &status, WNOHANG); - if(wait_result != 0) { - fprintf(stderr, "gsr error: gsr_kms_client_init: kms server died or never started, error: %s\n", strerror(errno)); - goto err; - } - } - } - fprintf(stderr, "gsr info: gsr_kms_client_init: client connected\n"); - - return 0; - - err: - gsr_kms_client_deinit(self); - return -1; -} - -void gsr_kms_client_deinit(gsr_kms_client *self) { - if(self->card_path) { - free(self->card_path); - self->card_path = NULL; - } - - if(self->client_fd != -1) { - close(self->client_fd); - self->client_fd = -1; - } - - if(self->socket_fd != -1) { - close(self->socket_fd); - self->socket_fd = -1; - } - - if(self->kms_server_pid != -1) { - kill(self->kms_server_pid, SIGINT); - int status; - waitpid(self->kms_server_pid, &status, 0); - self->kms_server_pid = -1; - } - - if(self->socket_path[0] != '\0') { - remove(self->socket_path); - self->socket_path[0] = '\0'; - } -} - -int gsr_kms_client_get_kms(gsr_kms_client *self, gsr_kms_response *response) { - response->result = KMS_RESULT_FAILED_TO_SEND; - strcpy(response->data.err_msg, "failed to send"); - - gsr_kms_request request; - request.type = KMS_REQUEST_TYPE_GET_KMS; - strcpy(request.data.card_path, self->card_path); - if(send_msg_to_server(self->client_fd, &request) == -1) { - fprintf(stderr, "gsr error: gsr_kms_client_get_kms: failed to send request message to server\n"); - return -1; - } - - const int recv_res = recv_msg_from_server(self->client_fd, response); - if(recv_res == 0) { - fprintf(stderr, "gsr warning: gsr_kms_client_get_kms: kms server shut down\n"); - return -1; - } else if(recv_res == -1) { - fprintf(stderr, "gsr error: gsr_kms_client_get_kms: failed to receive response\n"); - return -1; - } - - return 0; -} |