diff options
Diffstat (limited to 'kms')
| -rw-r--r-- | kms/client/kms_client.c | 101 | ||||
| -rw-r--r-- | kms/server/kms_server.c | 139 |
2 files changed, 172 insertions, 68 deletions
diff --git a/kms/client/kms_client.c b/kms/client/kms_client.c index 468e3a6..018b25e 100644 --- a/kms/client/kms_client.c +++ b/kms/client/kms_client.c @@ -1,4 +1,5 @@ #include "kms_client.h" +#include "../../include/utils.h" #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -10,9 +11,9 @@ #include <sys/socket.h> #include <sys/un.h> #include <sys/wait.h> +#include <poll.h> #include <sys/stat.h> #include <sys/capability.h> -#include <sys/random.h> #define GSR_SOCKET_PAIR_LOCAL 0 #define GSR_SOCKET_PAIR_REMOTE 1 @@ -20,21 +21,6 @@ static void cleanup_socket(gsr_kms_client *self, bool kill_server); static int gsr_kms_client_replace_connection(gsr_kms_client *self); -static bool generate_random_characters(char *buffer, int buffer_size, const char *alphabet, size_t alphabet_size) { - /* TODO: Use other functions on other platforms than linux */ - if(getrandom(buffer, buffer_size, 0) < buffer_size) { - fprintf(stderr, "Failed to get random bytes, error: %s\n", strerror(errno)); - return false; - } - - for(int i = 0; i < buffer_size; ++i) { - unsigned char c = *(unsigned char*)&buffer[i]; - buffer[i] = alphabet[c % alphabet_size]; - } - - return true; -} - static void close_fds(gsr_kms_response *response) { for(int i = 0; i < response->num_items; ++i) { for(int j = 0; j < response->items[i].num_dma_bufs; ++j) { @@ -139,20 +125,48 @@ static bool create_socket_path(char *output_path, size_t output_path_size) { char random_characters[11]; random_characters[10] = '\0'; - if(!generate_random_characters(random_characters, 10, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 62)) + if(!generate_random_characters_standard_alphabet(random_characters, 10)) return false; snprintf(output_path, output_path_size, "%s/.gsr-kms-socket-%s", home, random_characters); return true; } -static void string_copy(char *dst, const char *src, int len) { - int src_len = strlen(src); - int min_len = src_len; - if(len - 1 < min_len) - min_len = len - 1; - memcpy(dst, src, min_len); - dst[min_len] = '\0'; +static bool readlink_realpath(const char *filepath, char *buffer) { + char symlinked_path[PATH_MAX]; + ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1); + if(bytes_written == -1 && errno == EINVAL) { + /* Not a symlink */ + snprintf(symlinked_path, sizeof(symlinked_path), "%s", filepath); + } else if(bytes_written == -1) { + return false; + } else { + symlinked_path[bytes_written] = '\0'; + } + + if(!realpath(symlinked_path, buffer)) + return false; + + return true; +} + +static bool strcat_safe(char *str, int size, const char *str_to_add) { + const int str_len = strlen(str); + const int str_to_add_len = strlen(str_to_add); + if(str_len + str_to_add_len + 1 >= size) + return false; + + memcpy(str + str_len, str_to_add, str_to_add_len); + str[str_len + str_to_add_len] = '\0'; + return true; +} + +static void file_get_directory(char *filepath) { + char *end = strrchr(filepath, '/'); + if(end == NULL) + filepath[0] = '\0'; + else + *end = '\0'; } static bool find_program_in_path(const char *program_name, char *filepath, int filepath_len) { @@ -206,10 +220,26 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { } char server_filepath[PATH_MAX]; - if(!find_program_in_path("gsr-kms-server", server_filepath, sizeof(server_filepath))) { - fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server is not installed\n"); + if(!readlink_realpath("/proc/self/exe", server_filepath)) { + fprintf(stderr, "gsr error: gsr_kms_client_init: failed to resolve /proc/self/exe\n"); return -1; } + file_get_directory(server_filepath); + + if(!strcat_safe(server_filepath, sizeof(server_filepath), "/gsr-kms-server")) { + fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server path too long\n"); + return -1; + } + + if(access(server_filepath, F_OK) != 0) { + fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is not installed in the same directory as gpu-screen-recorder (%s not found), looking for gsr-kms-server in PATH instead\n", server_filepath); + if(!find_program_in_path("gsr-kms-server", server_filepath, sizeof(server_filepath)) || access(server_filepath, F_OK) != 0) { + fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server was not found in PATH. Please install gpu-screen-recorder properly\n"); + return -1; + } + } + + fprintf(stderr, "gsr info: gsr_kms_client_init: setting up connection to %s\n", server_filepath); const bool inside_flatpak = getenv("FLATPAK_ID") != NULL; const char *home = getenv("HOME"); @@ -251,7 +281,7 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { } local_addr.sun_family = AF_UNIX; - string_copy(local_addr.sun_path, self->initial_socket_path, sizeof(local_addr.sun_path)); + snprintf(local_addr.sun_path, sizeof(local_addr.sun_path), "%s", (const char*)self->initial_socket_path); const mode_t prev_mask = umask(0000); const int bind_res = bind(self->initial_socket_fd, (struct sockaddr*)&local_addr, sizeof(local_addr.sun_family) + strlen(local_addr.sun_path)); @@ -289,17 +319,14 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { } fprintf(stderr, "gsr info: gsr_kms_client_init: waiting for server to connect\n"); + struct pollfd poll_fd = { + .fd = self->initial_socket_fd, + .events = POLLIN, + .revents = 0 + }; for(;;) { - struct timeval tv; - fd_set rfds; - FD_ZERO(&rfds); - FD_SET(self->initial_socket_fd, &rfds); - - tv.tv_sec = 0; - tv.tv_usec = 100 * 1000; // 100 ms - - int select_res = select(1 + self->initial_socket_fd, &rfds, NULL, NULL, &tv); - if(select_res > 0) { + int poll_res = poll(&poll_fd, 1, 100); + if(poll_res > 0 && (poll_fd.revents & POLLIN)) { socklen_t sock_len = 0; self->initial_client_fd = accept(self->initial_socket_fd, (struct sockaddr*)&remote_addr, &sock_len); if(self->initial_client_fd == -1) { diff --git a/kms/server/kms_server.c b/kms/server/kms_server.c index c6460ad..6d46f8a 100644 --- a/kms/server/kms_server.c +++ b/kms/server/kms_server.c @@ -1,3 +1,7 @@ +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif + #include "../kms_shared.h" #include <stdio.h> @@ -6,6 +10,7 @@ #include <stdlib.h> #include <unistd.h> +#include <limits.h> #include <fcntl.h> #include <sys/socket.h> #include <sys/un.h> @@ -14,12 +19,12 @@ #include <xf86drm.h> #include <xf86drmMode.h> #include <drm_mode.h> +#include <drm_fourcc.h> #define MAX_CONNECTORS 32 typedef struct { int drmfd; - drmModePlaneResPtr planes; } gsr_drm; typedef struct { @@ -283,21 +288,31 @@ static int drm_prime_handles_to_fds(gsr_drm *drm, drmModeFB2Ptr drmfb, int *fb_f return GSR_KMS_MAX_DMA_BUFS; } -static int kms_get_fb(gsr_drm *drm, gsr_kms_response *response, connector_to_crtc_map *c2crtc_map) { +static int kms_get_fb(gsr_drm *drm, gsr_kms_response *response) { int result = -1; response->result = KMS_RESULT_OK; response->err_msg[0] = '\0'; response->num_items = 0; - for(uint32_t i = 0; i < drm->planes->count_planes && response->num_items < GSR_KMS_MAX_ITEMS; ++i) { + connector_to_crtc_map c2crtc_map; + c2crtc_map.num_maps = 0; + map_crtc_to_connector_ids(drm, &c2crtc_map); + + drmModePlaneResPtr planes = drmModeGetPlaneResources(drm->drmfd); + if(!planes) { + fprintf(stderr, "kms server error: failed to get plane resources, error: %s\n", strerror(errno)); + goto done; + } + + for(uint32_t i = 0; i < planes->count_planes && response->num_items < GSR_KMS_MAX_ITEMS; ++i) { drmModePlanePtr plane = NULL; drmModeFB2Ptr drmfb = NULL; - plane = drmModeGetPlane(drm->drmfd, drm->planes->planes[i]); + plane = drmModeGetPlane(drm->drmfd, planes->planes[i]); if(!plane) { response->result = KMS_RESULT_FAILED_TO_GET_PLANE; - snprintf(response->err_msg, sizeof(response->err_msg), "failed to get drm plane with id %u, error: %s\n", drm->planes->planes[i], strerror(errno)); + snprintf(response->err_msg, sizeof(response->err_msg), "failed to get drm plane with id %u, error: %s\n", planes->planes[i], strerror(errno)); fprintf(stderr, "kms server error: %s\n", response->err_msg); goto next; } @@ -340,7 +355,7 @@ static int kms_get_fb(gsr_drm *drm, gsr_kms_response *response, connector_to_crt const int item_index = response->num_items; - const connector_crtc_pair *crtc_pair = get_connector_pair_by_crtc_id(c2crtc_map, plane->crtc_id); + const connector_crtc_pair *crtc_pair = get_connector_pair_by_crtc_id(&c2crtc_map, plane->crtc_id); if(crtc_pair && crtc_pair->hdr_metadata_blob_id) { response->items[item_index].has_hdr_metadata = get_hdr_metadata(drm->drmfd, crtc_pair->hdr_metadata_blob_id, &response->items[item_index].hdr_metadata); } else { @@ -357,7 +372,7 @@ static int kms_get_fb(gsr_drm *drm, gsr_kms_response *response, connector_to_crt response->items[item_index].width = drmfb->width; response->items[item_index].height = drmfb->height; response->items[item_index].pixel_format = drmfb->pixel_format; - response->items[item_index].modifier = drmfb->modifier; + response->items[item_index].modifier = drmfb->flags & DRM_MODE_FB_MODIFIERS ? drmfb->modifier : DRM_FORMAT_MOD_INVALID; response->items[item_index].connector_id = crtc_pair ? crtc_pair->connector_id : 0; response->items[item_index].is_cursor = property_mask & PLANE_PROPERTY_IS_CURSOR; if(property_mask & PLANE_PROPERTY_IS_CURSOR) { @@ -383,6 +398,11 @@ static int kms_get_fb(gsr_drm *drm, gsr_kms_response *response, connector_to_crt drmModeFreePlane(plane); } + done: + + if(planes) + drmModeFreePlaneResources(planes); + if(response->num_items > 0) response->result = KMS_RESULT_OK; @@ -413,21 +433,86 @@ static double clock_get_monotonic_seconds(void) { return (double)ts.tv_sec + (double)ts.tv_nsec * 0.000000001; } -static void string_copy(char *dst, const char *src, int len) { - int src_len = strlen(src); - int min_len = src_len; - if(len - 1 < min_len) - min_len = len - 1; - memcpy(dst, src, min_len); - dst[min_len] = '\0'; -} +// static bool readlink_realpath(const char *filepath, char *buffer) { +// char symlinked_path[PATH_MAX]; +// ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1); +// if(bytes_written == -1 && errno == EINVAL) { +// /* Not a symlink */ +// snprintf(symlinked_path, sizeof(symlinked_path), "%s", filepath); +// } else if(bytes_written == -1) { +// return false; +// } else { +// symlinked_path[bytes_written] = '\0'; +// } + +// if(!realpath(symlinked_path, buffer)) +// return false; + +// return true; +// } + +// static void file_get_directory(char *filepath) { +// char *end = strrchr(filepath, '/'); +// if(end == NULL) +// filepath[0] = '\0'; +// else +// *end = '\0'; +// } + +// static bool string_ends_with(const char *str, const char *ends_with) { +// const int len = strlen(str); +// const int ends_with_len = strlen(ends_with); +// return len >= ends_with_len && memcmp(str + len - ends_with_len, ends_with, ends_with_len) == 0; +// } + +// This is not foolproof, but the assumption is that gsr-kms-server and gpu-screen-recorder are installed in the same directory +// in a location that only the root user can write to (usually /usr/bin or /usr/local/bin) and if the client runs from that location +// and is called gpu-screen-recorder then gsr-kms-server can only be used by a malicious program if the malicious program +// had root access, to modify that program install directory. +// static bool is_remote_peer_program_gpu_screen_recorder(int socket_fd) { +// // TODO: Use SO_PEERPIDFD on kernel >= 6.5 to avoid a race condition in the /proc/<pid> check +// struct ucred cred; +// socklen_t ucred_len = sizeof(cred); +// if(getsockopt(socket_fd, SOL_SOCKET, SO_PEERCRED, &cred, &ucred_len) == -1) { +// fprintf(stderr, "kms server error: failed to get peer credentials, error: %s\n", strerror(errno)); +// return false; +// } + +// char self_directory[PATH_MAX]; +// if(!readlink_realpath("/proc/self/exe", self_directory)) { +// fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n"); +// return false; +// } +// file_get_directory(self_directory); + +// char peer_directory[PATH_MAX]; +// char peer_exe_path[PATH_MAX]; +// snprintf(peer_exe_path, sizeof(peer_exe_path), "/proc/%d/exe", (int)cred.pid); +// if(!readlink_realpath(peer_exe_path, peer_directory)) { +// fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n"); +// return false; +// } + +// if(!string_ends_with(peer_directory, "/gpu-screen-recorder")) { +// fprintf(stderr, "kms server error: only gpu-screen-recorder can use gsr-kms-server. client program location is %s\n", peer_directory); +// return false; +// } + +// file_get_directory(peer_directory); + +// if(strcmp(self_directory, peer_directory) != 0) { +// fprintf(stderr, "kms server error: the client program is in directory %s but only programs in %s can run gsr-kms-server\n", peer_directory, self_directory); +// return false; +// } + +// return true; +// } int main(int argc, char **argv) { int res = 0; int socket_fd = 0; gsr_drm drm; drm.drmfd = 0; - drm.planes = NULL; if(argc != 3) { fprintf(stderr, "usage: gsr-kms-server <domain_socket_path> <card_path>\n"); @@ -460,17 +545,6 @@ int main(int argc, char **argv) { fprintf(stderr, "kms server warning: drmSetClientCap DRM_CLIENT_CAP_ATOMIC failed, error: %s. The wrong monitor may be captured as a result\n", strerror(errno)); } - drm.planes = drmModeGetPlaneResources(drm.drmfd); - if(!drm.planes) { - fprintf(stderr, "kms server error: failed to get plane resources, error: %s\n", strerror(errno)); - res = 2; - goto done; - } - - connector_to_crtc_map c2crtc_map; - c2crtc_map.num_maps = 0; - map_crtc_to_connector_ids(&drm, &c2crtc_map); - fprintf(stderr, "kms server info: connecting to the client\n"); bool connected = false; const double connect_timeout_sec = 5.0; @@ -478,7 +552,7 @@ int main(int argc, char **argv) { while(clock_get_monotonic_seconds() - start_time < connect_timeout_sec) { struct sockaddr_un remote_addr = {0}; remote_addr.sun_family = AF_UNIX; - string_copy(remote_addr.sun_path, domain_socket_path, sizeof(remote_addr.sun_path)); + snprintf(remote_addr.sun_path, sizeof(remote_addr.sun_path), "%s", domain_socket_path); // TODO: Check if parent disconnected if(connect(socket_fd, (struct sockaddr*)&remote_addr, sizeof(remote_addr.sun_family) + strlen(remote_addr.sun_path)) == -1) { if(errno == ECONNREFUSED || errno == ENOENT) { @@ -505,6 +579,11 @@ int main(int argc, char **argv) { goto done; } + // if(!is_remote_peer_program_gpu_screen_recorder(socket_fd)) { + // res = 3; + // goto done; + // } + for(;;) { gsr_kms_request request; request.version = 0; @@ -565,7 +644,7 @@ int main(int argc, char **argv) { response.version = GSR_KMS_PROTOCOL_VERSION; response.num_items = 0; - if(kms_get_fb(&drm, &response, &c2crtc_map) == 0) { + if(kms_get_fb(&drm, &response) == 0) { if(send_msg_to_client(socket_fd, &response) == -1) fprintf(stderr, "kms server error: failed to respond to client KMS_REQUEST_TYPE_GET_KMS request\n"); } else { @@ -604,8 +683,6 @@ int main(int argc, char **argv) { } done: - if(drm.planes) - drmModeFreePlaneResources(drm.planes); if(drm.drmfd > 0) close(drm.drmfd); if(socket_fd > 0) |