aboutsummaryrefslogtreecommitdiff
path: root/kms/client/kms_client.c
diff options
context:
space:
mode:
Diffstat (limited to 'kms/client/kms_client.c')
-rw-r--r--kms/client/kms_client.c318
1 files changed, 240 insertions, 78 deletions
diff --git a/kms/client/kms_client.c b/kms/client/kms_client.c
index 587dda3..869bf81 100644
--- a/kms/client/kms_client.c
+++ b/kms/client/kms_client.c
@@ -10,8 +10,15 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/wait.h>
+#include <sys/stat.h>
#include <sys/capability.h>
+#define GSR_SOCKET_PAIR_LOCAL 0
+#define GSR_SOCKET_PAIR_REMOTE 1
+
+static void cleanup_socket(gsr_kms_client *self, bool kill_server);
+static int gsr_kms_client_replace_connection(gsr_kms_client *self);
+
static bool generate_random_characters(char *buffer, int buffer_size, const char *alphabet, size_t alphabet_size) {
int fd = open("/dev/urandom", O_RDONLY);
if(fd == -1) {
@@ -34,19 +41,45 @@ static bool generate_random_characters(char *buffer, int buffer_size, const char
return true;
}
+static void close_fds(gsr_kms_response *response) {
+ for(int i = 0; i < response->num_fds; ++i) {
+ if(response->fds[i].fd > 0)
+ close(response->fds[i].fd);
+ response->fds[i].fd = 0;
+ }
+}
+
static int send_msg_to_server(int server_fd, gsr_kms_request *request) {
struct iovec iov;
iov.iov_base = request;
iov.iov_len = sizeof(*request);
- struct msghdr request_message = {0};
- request_message.msg_iov = &iov;
- request_message.msg_iovlen = 1;
+ struct msghdr response_message = {0};
+ response_message.msg_iov = &iov;
+ response_message.msg_iovlen = 1;
+
+ char cmsgbuf[CMSG_SPACE(sizeof(int) * 1)];
+ memset(cmsgbuf, 0, sizeof(cmsgbuf));
+
+ if(request->new_connection_fd > 0) {
+ response_message.msg_control = cmsgbuf;
+ response_message.msg_controllen = sizeof(cmsgbuf);
- return sendmsg(server_fd, &request_message, 0);
+ struct cmsghdr *cmsg = CMSG_FIRSTHDR(&response_message);
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(int) * 1);
+
+ int *fds = (int*)CMSG_DATA(cmsg);
+ fds[0] = request->new_connection_fd;
+
+ response_message.msg_controllen = cmsg->cmsg_len;
+ }
+
+ return sendmsg(server_fd, &response_message, 0);
}
-static int recv_msg_from_server(int server_fd, gsr_kms_response *response) {
+static int recv_msg_from_server(int server_pid, int server_fd, gsr_kms_response *response) {
struct iovec iov;
iov.iov_base = response;
iov.iov_len = sizeof(*response);
@@ -60,11 +93,26 @@ static int recv_msg_from_server(int server_fd, gsr_kms_response *response) {
response_message.msg_control = cmsgbuf;
response_message.msg_controllen = sizeof(cmsgbuf);
- int res = recvmsg(server_fd, &response_message, MSG_WAITALL);
- if(res <= 0)
- return res;
+ int res = 0;
+ for(;;) {
+ res = recvmsg(server_fd, &response_message, MSG_DONTWAIT);
+ if(res <= 0 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
+ // If we are replacing the connection and closing the application at the same time
+ // then recvmsg can get stuck (because the server died), so we prevent that by doing
+ // non-blocking recvmsg and checking if the server died
+ int status = 0;
+ int wait_result = waitpid(server_pid, &status, WNOHANG);
+ if(wait_result != 0) {
+ res = -1;
+ break;
+ }
+ usleep(1000);
+ } else {
+ break;
+ }
+ }
- if(response->num_fds > 0) {
+ if(res > 0 && response->num_fds > 0) {
struct cmsghdr *cmsg = CMSG_FIRSTHDR(&response_message);
if(cmsg) {
int *fds = (int*)CMSG_DATA(cmsg);
@@ -72,9 +120,7 @@ static int recv_msg_from_server(int server_fd, gsr_kms_response *response) {
response->fds[i].fd = fds[i];
}
} else {
- for(int i = 0; i < response->num_fds; ++i) {
- response->fds[i].fd = 0;
- }
+ close_fds(response);
}
}
@@ -96,7 +142,7 @@ static bool create_socket_path(char *output_path, size_t output_path_size) {
return true;
}
-static void strncpy_safe(char *dst, const char *src, int len) {
+static void string_copy(char *dst, const char *src, int len) {
int src_len = strlen(src);
int min_len = src_len;
if(len - 1 < min_len)
@@ -105,69 +151,114 @@ static void strncpy_safe(char *dst, const char *src, int len) {
dst[min_len] = '\0';
}
+static bool find_program_in_path(const char *program_name, char *filepath, int filepath_len) {
+ const char *path = getenv("PATH");
+ if(!path)
+ return false;
+
+ int program_name_len = strlen(program_name);
+ const char *end = path + strlen(path);
+ while(path != end) {
+ const char *part_end = strchr(path, ':');
+ const char *next = part_end;
+ if(part_end) {
+ next = part_end + 1;
+ } else {
+ part_end = end;
+ next = end;
+ }
+
+ int len = part_end - path;
+ if(len + 1 + program_name_len < filepath_len) {
+ memcpy(filepath, path, len);
+ filepath[len] = '/';
+ memcpy(filepath + len + 1, program_name, program_name_len);
+ filepath[len + 1 + program_name_len] = '\0';
+
+ if(access(filepath, F_OK) == 0)
+ return true;
+ }
+
+ path = next;
+ }
+
+ return false;
+}
+
int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
+ int result = -1;
self->kms_server_pid = -1;
- self->socket_fd = -1;
- self->client_fd = -1;
- self->socket_path[0] = '\0';
+ self->initial_socket_fd = -1;
+ self->initial_client_fd = -1;
+ self->initial_socket_path[0] = '\0';
+ self->socket_pair[0] = -1;
+ self->socket_pair[1] = -1;
struct sockaddr_un local_addr = {0};
struct sockaddr_un remote_addr = {0};
- if(!create_socket_path(self->socket_path, sizeof(self->socket_path))) {
+ if(!create_socket_path(self->initial_socket_path, sizeof(self->initial_socket_path))) {
fprintf(stderr, "gsr error: gsr_kms_client_init: failed to create path to kms socket\n");
return -1;
}
- // This doesn't work on nixos, but we dont want to use $PATH because we want to make this as safe as possible by running pkexec
- // on a path that only root can modify. If we use "gsr-kms-server" instead then $PATH can be modified in ~/.bashrc for example
- // which will overwrite the path to gsr-kms-server and the user can end up running a malicious program that pretends to be gsr-kms-server.
- // If there is a safe way to do this on nixos, then please tell me; or use gpu-screen-recorder flatpak instead.
- const char *server_filepath = "/usr/bin/gsr-kms-server";
- bool has_perm = 0;
+ char server_filepath[PATH_MAX];
+ if(!find_program_in_path("gsr-kms-server", server_filepath, sizeof(server_filepath))) {
+ fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server is not installed\n");
+ return -1;
+ }
+
const bool inside_flatpak = getenv("FLATPAK_ID") != NULL;
- if(!inside_flatpak) {
- if(access("/usr/bin/gsr-kms-server", F_OK) != 0) {
- fprintf(stderr, "gsr error: gsr_kms_client_init: /usr/bin/gsr-kms-server not found, please install gpu-screen-recorder first\n");
- return -1;
- }
+ const char *home = getenv("HOME");
+ if(!home)
+ home = "/tmp";
- if(geteuid() == 0) {
- has_perm = true;
- } else {
- cap_t kms_server_cap = cap_get_file(server_filepath);
- if(kms_server_cap) {
- cap_flag_value_t res = 0;
- cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res);
- if(res == CAP_SET) {
- //fprintf(stderr, "has permission!\n");
- has_perm = true;
- } else {
- //fprintf(stderr, "No permission:(\n");
- }
- cap_free(kms_server_cap);
+ bool has_perm = 0;
+ if(geteuid() == 0) {
+ has_perm = true;
+ } else {
+ cap_t kms_server_cap = cap_get_file(server_filepath);
+ if(kms_server_cap) {
+ cap_flag_value_t res = CAP_CLEAR;
+ cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res);
+ if(res == CAP_SET) {
+ //fprintf(stderr, "has permission!\n");
+ has_perm = true;
} else {
- if(errno == ENODATA)
- fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath);
- else
- fprintf(stderr, "gsr info: gsr_kms_client_init: failed to get cap\n");
+ //fprintf(stderr, "No permission:(\n");
}
+ cap_free(kms_server_cap);
+ } else if(!inside_flatpak) {
+ if(errno == ENODATA)
+ fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath);
+ else
+ fprintf(stderr, "gsr info: gsr_kms_client_init: failed to get cap\n");
}
}
- self->socket_fd = socket(AF_UNIX, SOCK_STREAM, 0);
- if(self->socket_fd == -1) {
+ if(socketpair(AF_UNIX, SOCK_STREAM, 0, self->socket_pair) == -1) {
+ fprintf(stderr, "gsr error: gsr_kms_client_init: socketpair failed, error: %s\n", strerror(errno));
+ goto err;
+ }
+
+ self->initial_socket_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if(self->initial_socket_fd == -1) {
fprintf(stderr, "gsr error: gsr_kms_client_init: socket failed, error: %s\n", strerror(errno));
goto err;
}
local_addr.sun_family = AF_UNIX;
- strncpy_safe(local_addr.sun_path, self->socket_path, sizeof(local_addr.sun_path));
- if(bind(self->socket_fd, (struct sockaddr*)&local_addr, sizeof(local_addr.sun_family) + strlen(local_addr.sun_path)) == -1) {
+ string_copy(local_addr.sun_path, self->initial_socket_path, sizeof(local_addr.sun_path));
+
+ const mode_t prev_mask = umask(0000);
+ const int bind_res = bind(self->initial_socket_fd, (struct sockaddr*)&local_addr, sizeof(local_addr.sun_family) + strlen(local_addr.sun_path));
+ umask(prev_mask);
+
+ if(bind_res == -1) {
fprintf(stderr, "gsr error: gsr_kms_client_init: failed to bind socket, error: %s\n", strerror(errno));
goto err;
}
- if(listen(self->socket_fd, 1) == -1) {
+ if(listen(self->initial_socket_fd, 1) == -1) {
fprintf(stderr, "gsr error: gsr_kms_client_init: failed to listen on socket, error: %s\n", strerror(errno));
goto err;
}
@@ -178,13 +269,13 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
goto err;
} else if(pid == 0) { /* child */
if(inside_flatpak) {
- const char *args[] = { "flatpak-spawn", "--host", "pkexec", "flatpak", "run", "--command=gsr-kms-server", "com.dec05eba.gpu_screen_recorder", self->socket_path, card_path, NULL };
+ const char *args[] = { "flatpak-spawn", "--host", "/var/lib/flatpak/app/com.dec05eba.gpu_screen_recorder/current/active/files/bin/kms-server-proxy", self->initial_socket_path, card_path, home, NULL };
execvp(args[0], (char *const*)args);
} else if(has_perm) {
- const char *args[] = { server_filepath, self->socket_path, card_path, NULL };
+ const char *args[] = { server_filepath, self->initial_socket_path, card_path, NULL };
execvp(args[0], (char *const*)args);
} else {
- const char *args[] = { "pkexec", server_filepath, self->socket_path, card_path, NULL };
+ const char *args[] = { "pkexec", server_filepath, self->initial_socket_path, card_path, NULL };
execvp(args[0], (char *const*)args);
}
fprintf(stderr, "gsr error: gsr_kms_client_init: execvp failed, error: %s\n", strerror(errno));
@@ -198,80 +289,151 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
struct timeval tv;
fd_set rfds;
FD_ZERO(&rfds);
- FD_SET(self->socket_fd, &rfds);
+ FD_SET(self->initial_socket_fd, &rfds);
tv.tv_sec = 0;
tv.tv_usec = 100 * 1000; // 100 ms
- int select_res = select(1 + self->socket_fd, &rfds, NULL, NULL, &tv);
+ int select_res = select(1 + self->initial_socket_fd, &rfds, NULL, NULL, &tv);
if(select_res > 0) {
socklen_t sock_len = 0;
- self->client_fd = accept(self->socket_fd, (struct sockaddr*)&remote_addr, &sock_len);
- if(self->client_fd == -1) {
+ self->initial_client_fd = accept(self->initial_socket_fd, (struct sockaddr*)&remote_addr, &sock_len);
+ if(self->initial_client_fd == -1) {
fprintf(stderr, "gsr error: gsr_kms_client_init: accept failed on socket, error: %s\n", strerror(errno));
goto err;
}
break;
} else {
- int status;
+ int status = 0;
int wait_result = waitpid(self->kms_server_pid, &status, WNOHANG);
if(wait_result != 0) {
- fprintf(stderr, "gsr error: gsr_kms_client_init: kms server died or never started, error: %s\n", strerror(errno));
+ int exit_code = -1;
+ if(WIFEXITED(status))
+ exit_code = WEXITSTATUS(status);
+ fprintf(stderr, "gsr error: gsr_kms_client_init: kms server died or never started, exit code: %d\n", exit_code);
self->kms_server_pid = -1;
+ if(exit_code != 0)
+ result = exit_code;
goto err;
}
}
}
fprintf(stderr, "gsr info: gsr_kms_client_init: server connected\n");
+ fprintf(stderr, "gsr info: replacing file-backed unix domain socket with socketpair\n");
+ if(gsr_kms_client_replace_connection(self) != 0)
+ goto err;
+
+ cleanup_socket(self, false);
+ fprintf(stderr, "gsr info: using socketpair\n");
+
return 0;
err:
gsr_kms_client_deinit(self);
- return -1;
+ return result;
}
-void gsr_kms_client_deinit(gsr_kms_client *self) {
- if(self->client_fd != -1) {
- close(self->client_fd);
- self->client_fd = -1;
+void cleanup_socket(gsr_kms_client *self, bool kill_server) {
+ if(self->initial_client_fd != -1) {
+ close(self->initial_client_fd);
+ self->initial_client_fd = -1;
+ }
+
+ if(self->initial_socket_fd != -1) {
+ close(self->initial_socket_fd);
+ self->initial_socket_fd = -1;
}
- if(self->socket_fd != -1) {
- close(self->socket_fd);
- self->socket_fd = -1;
+ if(kill_server) {
+ for(int i = 0; i < 2; ++i) {
+ if(self->socket_pair[i] > 0) {
+ close(self->socket_pair[i]);
+ self->socket_pair[i] = -1;
+ }
+ }
}
- if(self->kms_server_pid != -1) {
- kill(self->kms_server_pid, SIGINT);
- int status;
- waitpid(self->kms_server_pid, &status, 0);
+ if(kill_server && self->kms_server_pid != -1) {
+ kill(self->kms_server_pid, SIGKILL);
+ //int status;
+ //waitpid(self->kms_server_pid, &status, 0);
self->kms_server_pid = -1;
}
- if(self->socket_path[0] != '\0') {
- remove(self->socket_path);
- self->socket_path[0] = '\0';
+ if(self->initial_socket_path[0] != '\0') {
+ remove(self->initial_socket_path);
+ self->initial_socket_path[0] = '\0';
}
}
+void gsr_kms_client_deinit(gsr_kms_client *self) {
+ cleanup_socket(self, true);
+}
+
+int gsr_kms_client_replace_connection(gsr_kms_client *self) {
+ gsr_kms_response response;
+ response.version = 0;
+ response.result = KMS_RESULT_FAILED_TO_SEND;
+ response.err_msg[0] = '\0';
+
+ gsr_kms_request request;
+ request.version = GSR_KMS_PROTOCOL_VERSION;
+ request.type = KMS_REQUEST_TYPE_REPLACE_CONNECTION;
+ request.new_connection_fd = self->socket_pair[GSR_SOCKET_PAIR_REMOTE];
+ if(send_msg_to_server(self->initial_client_fd, &request) == -1) {
+ fprintf(stderr, "gsr error: gsr_kms_client_replace_connection: failed to send request message to server\n");
+ return -1;
+ }
+
+ const int recv_res = recv_msg_from_server(self->kms_server_pid, self->socket_pair[GSR_SOCKET_PAIR_LOCAL], &response);
+ if(recv_res == 0) {
+ fprintf(stderr, "gsr warning: gsr_kms_client_replace_connection: kms server shut down\n");
+ return -1;
+ } else if(recv_res == -1) {
+ fprintf(stderr, "gsr error: gsr_kms_client_replace_connection: failed to receive response\n");
+ return -1;
+ }
+
+ if(response.version != GSR_KMS_PROTOCOL_VERSION) {
+ fprintf(stderr, "gsr error: gsr_kms_client_replace_connection: expected gsr-kms-server protocol version to be %u, but it's %u\n", GSR_KMS_PROTOCOL_VERSION, response.version);
+ /*close_fds(response);*/
+ return -1;
+ }
+
+ return 0;
+}
+
int gsr_kms_client_get_kms(gsr_kms_client *self, gsr_kms_response *response) {
+ response->version = 0;
response->result = KMS_RESULT_FAILED_TO_SEND;
- strcpy(response->err_msg, "failed to send");
+ response->err_msg[0] = '\0';
gsr_kms_request request;
+ request.version = GSR_KMS_PROTOCOL_VERSION;
request.type = KMS_REQUEST_TYPE_GET_KMS;
- if(send_msg_to_server(self->client_fd, &request) == -1) {
+ request.new_connection_fd = 0;
+ if(send_msg_to_server(self->socket_pair[GSR_SOCKET_PAIR_LOCAL], &request) == -1) {
fprintf(stderr, "gsr error: gsr_kms_client_get_kms: failed to send request message to server\n");
+ strcpy(response->err_msg, "failed to send");
return -1;
}
- const int recv_res = recv_msg_from_server(self->client_fd, response);
+ const int recv_res = recv_msg_from_server(self->kms_server_pid, self->socket_pair[GSR_SOCKET_PAIR_LOCAL], response);
if(recv_res == 0) {
fprintf(stderr, "gsr warning: gsr_kms_client_get_kms: kms server shut down\n");
+ strcpy(response->err_msg, "failed to receive");
return -1;
} else if(recv_res == -1) {
fprintf(stderr, "gsr error: gsr_kms_client_get_kms: failed to receive response\n");
+ strcpy(response->err_msg, "failed to receive");
+ return -1;
+ }
+
+ if(response->version != GSR_KMS_PROTOCOL_VERSION) {
+ fprintf(stderr, "gsr error: gsr_kms_client_get_kms: expected gsr-kms-server protocol version to be %u, but it's %u\n", GSR_KMS_PROTOCOL_VERSION, response->version);
+ /*close_fds(response);*/
+ strcpy(response->err_msg, "mismatching protocol version");
return -1;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 12:37:21 +0000