diff options
Diffstat (limited to 'kms')
| -rw-r--r-- | kms/client/kms_client.c | 35 | ||||
| -rw-r--r-- | kms/server/kms_server.c | 85 |
2 files changed, 37 insertions, 83 deletions
diff --git a/kms/client/kms_client.c b/kms/client/kms_client.c index 018b25e..d7ddc78 100644 --- a/kms/client/kms_client.c +++ b/kms/client/kms_client.c @@ -13,7 +13,12 @@ #include <sys/wait.h> #include <poll.h> #include <sys/stat.h> +#ifdef __linux__ #include <sys/capability.h> +#endif +#ifdef __FreeBSD__ +#include <sys/sysctl.h> +#endif #define GSR_SOCKET_PAIR_LOCAL 0 #define GSR_SOCKET_PAIR_REMOTE 1 @@ -119,8 +124,11 @@ static int recv_msg_from_server(int server_pid, int server_fd, gsr_kms_response /* We have to use $HOME because in flatpak there is no simple path that is accessible, read and write, that multiple flatpak instances can access */ static bool create_socket_path(char *output_path, size_t output_path_size) { + const bool inside_flatpak = getenv("FLATPAK_ID") != NULL; const char *home = getenv("HOME"); - if(!home) + // Portable home with AppImage can cause the socket path to be longer than 108 characters (unix domain socket path max length). + // Using gsr-kms-socket in $HOME is only needed in flatpak, so use /tmp everywhere else instead. + if(!home || !inside_flatpak) home = "/tmp"; char random_characters[11]; @@ -132,6 +140,7 @@ static bool create_socket_path(char *output_path, size_t output_path_size) { return true; } +#ifdef __linux__ static bool readlink_realpath(const char *filepath, char *buffer) { char symlinked_path[PATH_MAX]; ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1); @@ -149,6 +158,7 @@ static bool readlink_realpath(const char *filepath, char *buffer) { return true; } +#endif static bool strcat_safe(char *str, int size, const char *str_to_add) { const int str_len = strlen(str); @@ -220,10 +230,24 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { } char server_filepath[PATH_MAX]; +#ifdef __linux__ if(!readlink_realpath("/proc/self/exe", server_filepath)) { fprintf(stderr, "gsr error: gsr_kms_client_init: failed to resolve /proc/self/exe\n"); return -1; } + +#elif defined(__FreeBSD__) + int mib[4] = { CTL_KERN, KERN_PROC, KERN_PROC_PATHNAME, getpid() }; + size_t size = PATH_MAX; + + if (sysctl(mib, 4, server_filepath, &size, NULL, 0) != 0) { + fprintf(stderr, "gsr error: gsr_kms_client_init: failed to resolve pathname using sysctl\n"); + return -1; + } + +#else +#error "Implement it by yourself" +#endif file_get_directory(server_filepath); if(!strcat_safe(server_filepath, sizeof(server_filepath), "/gsr-kms-server")) { @@ -250,6 +274,7 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { if(geteuid() == 0) { has_perm = true; } else { +#ifdef __linux__ cap_t kms_server_cap = cap_get_file(server_filepath); if(kms_server_cap) { cap_flag_value_t res = CAP_CLEAR; @@ -267,6 +292,9 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { else fprintf(stderr, "gsr info: gsr_kms_client_init: failed to get cap\n"); } +#else + fprintf(stderr, "gsr info: gsr_kms_client_init: platform doesn't support cap\n"); +#endif } if(socketpair(AF_UNIX, SOCK_STREAM, 0, self->socket_pair) == -1) { @@ -312,12 +340,14 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { const char *args[] = { "pkexec", server_filepath, self->initial_socket_path, card_path, NULL }; execvp(args[0], (char *const*)args); } - fprintf(stderr, "gsr error: gsr_kms_client_init: execvp failed, error: %s\n", strerror(errno)); + fprintf(stderr, "gsr error: gsr_kms_client_init: failed to launch \"gsr-kms-server\", error: %s\n", strerror(errno)); _exit(127); } else { /* parent */ self->kms_server_pid = pid; } + // We need this dumb-shit retardation with unix domain socket and then replace it with socketpair because + // pkexec doesn't work with socketpair................ fprintf(stderr, "gsr info: gsr_kms_client_init: waiting for server to connect\n"); struct pollfd poll_fd = { .fd = self->initial_socket_fd, @@ -387,6 +417,7 @@ void cleanup_socket(gsr_kms_client *self, bool kill_server) { if(kill_server && self->kms_server_pid > 0) { kill(self->kms_server_pid, SIGKILL); + // TODO: //int status; //waitpid(self->kms_server_pid, &status, 0); self->kms_server_pid = -1; diff --git a/kms/server/kms_server.c b/kms/server/kms_server.c index 6d46f8a..070875b 100644 --- a/kms/server/kms_server.c +++ b/kms/server/kms_server.c @@ -8,6 +8,7 @@ #include <string.h> #include <errno.h> #include <stdlib.h> +#include <locale.h> #include <unistd.h> #include <limits.h> @@ -207,7 +208,7 @@ static uint32_t plane_get_properties(int drmfd, uint32_t plane_id, int *x, int * return property_mask; } -/* Returns 0 if not found */ +/* Returns NULL if not found */ static const connector_crtc_pair* get_connector_pair_by_crtc_id(const connector_to_crtc_map *c2crtc_map, uint32_t crtc_id) { for(int i = 0; i < c2crtc_map->num_maps; ++i) { if(c2crtc_map->maps[i].crtc_id == crtc_id) @@ -433,82 +434,9 @@ static double clock_get_monotonic_seconds(void) { return (double)ts.tv_sec + (double)ts.tv_nsec * 0.000000001; } -// static bool readlink_realpath(const char *filepath, char *buffer) { -// char symlinked_path[PATH_MAX]; -// ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1); -// if(bytes_written == -1 && errno == EINVAL) { -// /* Not a symlink */ -// snprintf(symlinked_path, sizeof(symlinked_path), "%s", filepath); -// } else if(bytes_written == -1) { -// return false; -// } else { -// symlinked_path[bytes_written] = '\0'; -// } - -// if(!realpath(symlinked_path, buffer)) -// return false; - -// return true; -// } - -// static void file_get_directory(char *filepath) { -// char *end = strrchr(filepath, '/'); -// if(end == NULL) -// filepath[0] = '\0'; -// else -// *end = '\0'; -// } - -// static bool string_ends_with(const char *str, const char *ends_with) { -// const int len = strlen(str); -// const int ends_with_len = strlen(ends_with); -// return len >= ends_with_len && memcmp(str + len - ends_with_len, ends_with, ends_with_len) == 0; -// } - -// This is not foolproof, but the assumption is that gsr-kms-server and gpu-screen-recorder are installed in the same directory -// in a location that only the root user can write to (usually /usr/bin or /usr/local/bin) and if the client runs from that location -// and is called gpu-screen-recorder then gsr-kms-server can only be used by a malicious program if the malicious program -// had root access, to modify that program install directory. -// static bool is_remote_peer_program_gpu_screen_recorder(int socket_fd) { -// // TODO: Use SO_PEERPIDFD on kernel >= 6.5 to avoid a race condition in the /proc/<pid> check -// struct ucred cred; -// socklen_t ucred_len = sizeof(cred); -// if(getsockopt(socket_fd, SOL_SOCKET, SO_PEERCRED, &cred, &ucred_len) == -1) { -// fprintf(stderr, "kms server error: failed to get peer credentials, error: %s\n", strerror(errno)); -// return false; -// } - -// char self_directory[PATH_MAX]; -// if(!readlink_realpath("/proc/self/exe", self_directory)) { -// fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n"); -// return false; -// } -// file_get_directory(self_directory); - -// char peer_directory[PATH_MAX]; -// char peer_exe_path[PATH_MAX]; -// snprintf(peer_exe_path, sizeof(peer_exe_path), "/proc/%d/exe", (int)cred.pid); -// if(!readlink_realpath(peer_exe_path, peer_directory)) { -// fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n"); -// return false; -// } - -// if(!string_ends_with(peer_directory, "/gpu-screen-recorder")) { -// fprintf(stderr, "kms server error: only gpu-screen-recorder can use gsr-kms-server. client program location is %s\n", peer_directory); -// return false; -// } - -// file_get_directory(peer_directory); - -// if(strcmp(self_directory, peer_directory) != 0) { -// fprintf(stderr, "kms server error: the client program is in directory %s but only programs in %s can run gsr-kms-server\n", peer_directory, self_directory); -// return false; -// } - -// return true; -// } - int main(int argc, char **argv) { + setlocale(LC_ALL, "C"); // Sigh... stupid C + int res = 0; int socket_fd = 0; gsr_drm drm; @@ -579,11 +507,6 @@ int main(int argc, char **argv) { goto done; } - // if(!is_remote_peer_program_gpu_screen_recorder(socket_fd)) { - // res = 3; - // goto done; - // } - for(;;) { gsr_kms_request request; request.version = 0; |