aboutsummaryrefslogtreecommitdiff
path: root/kms
diff options
context:
space:
mode:
Diffstat (limited to 'kms')
-rw-r--r--kms/client/kms_client.c35
-rw-r--r--kms/server/kms_server.c85
2 files changed, 37 insertions, 83 deletions
diff --git a/kms/client/kms_client.c b/kms/client/kms_client.c
index 018b25e..d7ddc78 100644
--- a/kms/client/kms_client.c
+++ b/kms/client/kms_client.c
@@ -13,7 +13,12 @@
#include <sys/wait.h>
#include <poll.h>
#include <sys/stat.h>
+#ifdef __linux__
#include <sys/capability.h>
+#endif
+#ifdef __FreeBSD__
+#include <sys/sysctl.h>
+#endif
#define GSR_SOCKET_PAIR_LOCAL 0
#define GSR_SOCKET_PAIR_REMOTE 1
@@ -119,8 +124,11 @@ static int recv_msg_from_server(int server_pid, int server_fd, gsr_kms_response
/* We have to use $HOME because in flatpak there is no simple path that is accessible, read and write, that multiple flatpak instances can access */
static bool create_socket_path(char *output_path, size_t output_path_size) {
+ const bool inside_flatpak = getenv("FLATPAK_ID") != NULL;
const char *home = getenv("HOME");
- if(!home)
+ // Portable home with AppImage can cause the socket path to be longer than 108 characters (unix domain socket path max length).
+ // Using gsr-kms-socket in $HOME is only needed in flatpak, so use /tmp everywhere else instead.
+ if(!home || !inside_flatpak)
home = "/tmp";
char random_characters[11];
@@ -132,6 +140,7 @@ static bool create_socket_path(char *output_path, size_t output_path_size) {
return true;
}
+#ifdef __linux__
static bool readlink_realpath(const char *filepath, char *buffer) {
char symlinked_path[PATH_MAX];
ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1);
@@ -149,6 +158,7 @@ static bool readlink_realpath(const char *filepath, char *buffer) {
return true;
}
+#endif
static bool strcat_safe(char *str, int size, const char *str_to_add) {
const int str_len = strlen(str);
@@ -220,10 +230,24 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
}
char server_filepath[PATH_MAX];
+#ifdef __linux__
if(!readlink_realpath("/proc/self/exe", server_filepath)) {
fprintf(stderr, "gsr error: gsr_kms_client_init: failed to resolve /proc/self/exe\n");
return -1;
}
+
+#elif defined(__FreeBSD__)
+ int mib[4] = { CTL_KERN, KERN_PROC, KERN_PROC_PATHNAME, getpid() };
+ size_t size = PATH_MAX;
+
+ if (sysctl(mib, 4, server_filepath, &size, NULL, 0) != 0) {
+ fprintf(stderr, "gsr error: gsr_kms_client_init: failed to resolve pathname using sysctl\n");
+ return -1;
+ }
+
+#else
+#error "Implement it by yourself"
+#endif
file_get_directory(server_filepath);
if(!strcat_safe(server_filepath, sizeof(server_filepath), "/gsr-kms-server")) {
@@ -250,6 +274,7 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
if(geteuid() == 0) {
has_perm = true;
} else {
+#ifdef __linux__
cap_t kms_server_cap = cap_get_file(server_filepath);
if(kms_server_cap) {
cap_flag_value_t res = CAP_CLEAR;
@@ -267,6 +292,9 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
else
fprintf(stderr, "gsr info: gsr_kms_client_init: failed to get cap\n");
}
+#else
+ fprintf(stderr, "gsr info: gsr_kms_client_init: platform doesn't support cap\n");
+#endif
}
if(socketpair(AF_UNIX, SOCK_STREAM, 0, self->socket_pair) == -1) {
@@ -312,12 +340,14 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
const char *args[] = { "pkexec", server_filepath, self->initial_socket_path, card_path, NULL };
execvp(args[0], (char *const*)args);
}
- fprintf(stderr, "gsr error: gsr_kms_client_init: execvp failed, error: %s\n", strerror(errno));
+ fprintf(stderr, "gsr error: gsr_kms_client_init: failed to launch \"gsr-kms-server\", error: %s\n", strerror(errno));
_exit(127);
} else { /* parent */
self->kms_server_pid = pid;
}
+ // We need this dumb-shit retardation with unix domain socket and then replace it with socketpair because
+ // pkexec doesn't work with socketpair................
fprintf(stderr, "gsr info: gsr_kms_client_init: waiting for server to connect\n");
struct pollfd poll_fd = {
.fd = self->initial_socket_fd,
@@ -387,6 +417,7 @@ void cleanup_socket(gsr_kms_client *self, bool kill_server) {
if(kill_server && self->kms_server_pid > 0) {
kill(self->kms_server_pid, SIGKILL);
+ // TODO:
//int status;
//waitpid(self->kms_server_pid, &status, 0);
self->kms_server_pid = -1;
diff --git a/kms/server/kms_server.c b/kms/server/kms_server.c
index 6d46f8a..070875b 100644
--- a/kms/server/kms_server.c
+++ b/kms/server/kms_server.c
@@ -8,6 +8,7 @@
#include <string.h>
#include <errno.h>
#include <stdlib.h>
+#include <locale.h>
#include <unistd.h>
#include <limits.h>
@@ -207,7 +208,7 @@ static uint32_t plane_get_properties(int drmfd, uint32_t plane_id, int *x, int *
return property_mask;
}
-/* Returns 0 if not found */
+/* Returns NULL if not found */
static const connector_crtc_pair* get_connector_pair_by_crtc_id(const connector_to_crtc_map *c2crtc_map, uint32_t crtc_id) {
for(int i = 0; i < c2crtc_map->num_maps; ++i) {
if(c2crtc_map->maps[i].crtc_id == crtc_id)
@@ -433,82 +434,9 @@ static double clock_get_monotonic_seconds(void) {
return (double)ts.tv_sec + (double)ts.tv_nsec * 0.000000001;
}
-// static bool readlink_realpath(const char *filepath, char *buffer) {
-// char symlinked_path[PATH_MAX];
-// ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1);
-// if(bytes_written == -1 && errno == EINVAL) {
-// /* Not a symlink */
-// snprintf(symlinked_path, sizeof(symlinked_path), "%s", filepath);
-// } else if(bytes_written == -1) {
-// return false;
-// } else {
-// symlinked_path[bytes_written] = '\0';
-// }
-
-// if(!realpath(symlinked_path, buffer))
-// return false;
-
-// return true;
-// }
-
-// static void file_get_directory(char *filepath) {
-// char *end = strrchr(filepath, '/');
-// if(end == NULL)
-// filepath[0] = '\0';
-// else
-// *end = '\0';
-// }
-
-// static bool string_ends_with(const char *str, const char *ends_with) {
-// const int len = strlen(str);
-// const int ends_with_len = strlen(ends_with);
-// return len >= ends_with_len && memcmp(str + len - ends_with_len, ends_with, ends_with_len) == 0;
-// }
-
-// This is not foolproof, but the assumption is that gsr-kms-server and gpu-screen-recorder are installed in the same directory
-// in a location that only the root user can write to (usually /usr/bin or /usr/local/bin) and if the client runs from that location
-// and is called gpu-screen-recorder then gsr-kms-server can only be used by a malicious program if the malicious program
-// had root access, to modify that program install directory.
-// static bool is_remote_peer_program_gpu_screen_recorder(int socket_fd) {
-// // TODO: Use SO_PEERPIDFD on kernel >= 6.5 to avoid a race condition in the /proc/<pid> check
-// struct ucred cred;
-// socklen_t ucred_len = sizeof(cred);
-// if(getsockopt(socket_fd, SOL_SOCKET, SO_PEERCRED, &cred, &ucred_len) == -1) {
-// fprintf(stderr, "kms server error: failed to get peer credentials, error: %s\n", strerror(errno));
-// return false;
-// }
-
-// char self_directory[PATH_MAX];
-// if(!readlink_realpath("/proc/self/exe", self_directory)) {
-// fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n");
-// return false;
-// }
-// file_get_directory(self_directory);
-
-// char peer_directory[PATH_MAX];
-// char peer_exe_path[PATH_MAX];
-// snprintf(peer_exe_path, sizeof(peer_exe_path), "/proc/%d/exe", (int)cred.pid);
-// if(!readlink_realpath(peer_exe_path, peer_directory)) {
-// fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n");
-// return false;
-// }
-
-// if(!string_ends_with(peer_directory, "/gpu-screen-recorder")) {
-// fprintf(stderr, "kms server error: only gpu-screen-recorder can use gsr-kms-server. client program location is %s\n", peer_directory);
-// return false;
-// }
-
-// file_get_directory(peer_directory);
-
-// if(strcmp(self_directory, peer_directory) != 0) {
-// fprintf(stderr, "kms server error: the client program is in directory %s but only programs in %s can run gsr-kms-server\n", peer_directory, self_directory);
-// return false;
-// }
-
-// return true;
-// }
-
int main(int argc, char **argv) {
+ setlocale(LC_ALL, "C"); // Sigh... stupid C
+
int res = 0;
int socket_fd = 0;
gsr_drm drm;
@@ -579,11 +507,6 @@ int main(int argc, char **argv) {
goto done;
}
- // if(!is_remote_peer_program_gpu_screen_recorder(socket_fd)) {
- // res = 3;
- // goto done;
- // }
-
for(;;) {
gsr_kms_request request;
request.version = 0;