diff options
-rw-r--r-- | kms/client/kms_client.c | 42 | ||||
-rw-r--r-- | kms/client/kms_client.h | 2 |
2 files changed, 37 insertions, 7 deletions
diff --git a/kms/client/kms_client.c b/kms/client/kms_client.c index 6730318..f0c6d3c 100644 --- a/kms/client/kms_client.c +++ b/kms/client/kms_client.c @@ -7,6 +7,7 @@ #include <signal.h> #include <limits.h> #include <stdbool.h> +#include <fcntl.h> #include <sys/socket.h> #include <sys/un.h> #include <sys/wait.h> @@ -16,6 +17,28 @@ static bool is_inside_flatpak(void) { return getenv("FLATPAK_ID") != NULL; } +static bool generate_random_characters(char *buffer, int buffer_size, const char *alphabet, size_t alphabet_size) { + int fd = open("/dev/urandom", O_RDONLY); + if(fd == -1) { + perror("/dev/urandom"); + return false; + } + + if(read(fd, buffer, buffer_size) < buffer_size) { + fprintf(stderr, "Failed to read %d bytes from /dev/urandom\n", buffer_size); + close(fd); + return false; + } + + for(int i = 0; i < buffer_size; ++i) { + unsigned char c = *(unsigned char*)&buffer[i]; + buffer[i] = alphabet[c % alphabet_size]; + } + + close(fd); + return true; +} + static int send_msg_to_server(int server_fd, gsr_kms_request *request) { struct iovec iov; iov.iov_base = request; @@ -72,6 +95,19 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { struct sockaddr_un local_addr = {0}; struct sockaddr_un remote_addr = {0}; + // Can't use /tmp because of flatpak + const char *home_path = getenv("HOME"); + if(!home_path) + home_path = "/tmp"; + + char random_characters[11]; + random_characters[10] = '\0'; + if(!generate_random_characters(random_characters, 10, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 62)) { + fprintf(stderr, "gsr error: gsr_kms_client_init: failed to create path to kms socket\n"); + return -1; + } + snprintf(self->socket_path, sizeof(self->socket_path), "%s/.gsr-kms-socket-%s", home_path, random_characters); + // This doesn't work on nixos, but we dont want to use $PATH because we want to make this as safe as possible by running pkexec // on a path that only root can modify. If we use "gsr-kms-server" instead then $PATH can be modified in ~/.bashrc for example // which will overwrite the path to gsr-kms-server and the user can end up running a malicious program that pretends to be gsr-kms-server. @@ -114,12 +150,6 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { goto err; } - strcpy(self->socket_path, "/tmp/gsr-kms-socket-XXXXXX"); - if(!tmpnam(self->socket_path)) { - fprintf(stderr, "gsr error: gsr_kms_client_init: mkstemp failed, error: %s\n", strerror(errno)); - goto err; - } - self->socket_fd = socket(AF_UNIX, SOCK_STREAM, 0); if(self->socket_fd == -1) { fprintf(stderr, "gsr error: gsr_kms_client_init: socket failed, error: %s\n", strerror(errno)); diff --git a/kms/client/kms_client.h b/kms/client/kms_client.h index a15d869..41de507 100644 --- a/kms/client/kms_client.h +++ b/kms/client/kms_client.h @@ -8,7 +8,7 @@ typedef struct { pid_t kms_server_pid; int socket_fd; int client_fd; - char socket_path[27]; + char socket_path[255]; char *card_path; } gsr_kms_client; |