diff options
Diffstat (limited to 'kms')
| -rw-r--r-- | kms/client/kms_client.c | 83 | ||||
| -rw-r--r-- | kms/server/kms_server.c | 94 |
2 files changed, 141 insertions, 36 deletions
diff --git a/kms/client/kms_client.c b/kms/client/kms_client.c index 468e3a6..9fadf05 100644 --- a/kms/client/kms_client.c +++ b/kms/client/kms_client.c @@ -1,4 +1,5 @@ #include "kms_client.h" +#include "../../include/utils.h" #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -12,7 +13,6 @@ #include <sys/wait.h> #include <sys/stat.h> #include <sys/capability.h> -#include <sys/random.h> #define GSR_SOCKET_PAIR_LOCAL 0 #define GSR_SOCKET_PAIR_REMOTE 1 @@ -20,21 +20,6 @@ static void cleanup_socket(gsr_kms_client *self, bool kill_server); static int gsr_kms_client_replace_connection(gsr_kms_client *self); -static bool generate_random_characters(char *buffer, int buffer_size, const char *alphabet, size_t alphabet_size) { - /* TODO: Use other functions on other platforms than linux */ - if(getrandom(buffer, buffer_size, 0) < buffer_size) { - fprintf(stderr, "Failed to get random bytes, error: %s\n", strerror(errno)); - return false; - } - - for(int i = 0; i < buffer_size; ++i) { - unsigned char c = *(unsigned char*)&buffer[i]; - buffer[i] = alphabet[c % alphabet_size]; - } - - return true; -} - static void close_fds(gsr_kms_response *response) { for(int i = 0; i < response->num_items; ++i) { for(int j = 0; j < response->items[i].num_dma_bufs; ++j) { @@ -139,20 +124,48 @@ static bool create_socket_path(char *output_path, size_t output_path_size) { char random_characters[11]; random_characters[10] = '\0'; - if(!generate_random_characters(random_characters, 10, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 62)) + if(!generate_random_characters_standard_alphabet(random_characters, 10)) return false; snprintf(output_path, output_path_size, "%s/.gsr-kms-socket-%s", home, random_characters); return true; } -static void string_copy(char *dst, const char *src, int len) { - int src_len = strlen(src); - int min_len = src_len; - if(len - 1 < min_len) - min_len = len - 1; - memcpy(dst, src, min_len); - dst[min_len] = '\0'; +static bool readlink_realpath(const char *filepath, char *buffer) { + char symlinked_path[PATH_MAX]; + ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1); + if(bytes_written == -1 && errno == EINVAL) { + /* Not a symlink */ + snprintf(symlinked_path, sizeof(symlinked_path), "%s", filepath); + } else if(bytes_written == -1) { + return false; + } else { + symlinked_path[bytes_written] = '\0'; + } + + if(!realpath(symlinked_path, buffer)) + return false; + + return true; +} + +static bool strcat_safe(char *str, int size, const char *str_to_add) { + const int str_len = strlen(str); + const int str_to_add_len = strlen(str_to_add); + if(str_len + str_to_add_len + 1 >= size) + return false; + + memcpy(str + str_len, str_to_add, str_to_add_len); + str[str_len + str_to_add_len] = '\0'; + return true; +} + +static void file_get_directory(char *filepath) { + char *end = strrchr(filepath, '/'); + if(end == NULL) + filepath[0] = '\0'; + else + *end = '\0'; } static bool find_program_in_path(const char *program_name, char *filepath, int filepath_len) { @@ -206,10 +219,26 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { } char server_filepath[PATH_MAX]; - if(!find_program_in_path("gsr-kms-server", server_filepath, sizeof(server_filepath))) { - fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server is not installed\n"); + if(!readlink_realpath("/proc/self/exe", server_filepath)) { + fprintf(stderr, "gsr error: gsr_kms_client_init: failed to resolve /proc/self/exe\n"); return -1; } + file_get_directory(server_filepath); + + if(!strcat_safe(server_filepath, sizeof(server_filepath), "/gsr-kms-server")) { + fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server path too long\n"); + return -1; + } + + if(access(server_filepath, F_OK) != 0) { + fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is not installed in the same directory as gpu-screen-recorder (%s not found), looking for gsr-kms-server in PATH instead\n", server_filepath); + if(!find_program_in_path("gsr-kms-server", server_filepath, sizeof(server_filepath)) || access(server_filepath, F_OK) != 0) { + fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server was not found in PATH. Please install gpu-screen-recorder properly\n"); + return -1; + } + } + + fprintf(stderr, "gsr info: gsr_kms_client_init: setting up connection to %s\n", server_filepath); const bool inside_flatpak = getenv("FLATPAK_ID") != NULL; const char *home = getenv("HOME"); @@ -251,7 +280,7 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) { } local_addr.sun_family = AF_UNIX; - string_copy(local_addr.sun_path, self->initial_socket_path, sizeof(local_addr.sun_path)); + snprintf(local_addr.sun_path, sizeof(local_addr.sun_path), "%s", (const char*)self->initial_socket_path); const mode_t prev_mask = umask(0000); const int bind_res = bind(self->initial_socket_fd, (struct sockaddr*)&local_addr, sizeof(local_addr.sun_family) + strlen(local_addr.sun_path)); diff --git a/kms/server/kms_server.c b/kms/server/kms_server.c index c6460ad..b4f3378 100644 --- a/kms/server/kms_server.c +++ b/kms/server/kms_server.c @@ -1,3 +1,7 @@ +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif + #include "../kms_shared.h" #include <stdio.h> @@ -6,6 +10,7 @@ #include <stdlib.h> #include <unistd.h> +#include <limits.h> #include <fcntl.h> #include <sys/socket.h> #include <sys/un.h> @@ -413,14 +418,80 @@ static double clock_get_monotonic_seconds(void) { return (double)ts.tv_sec + (double)ts.tv_nsec * 0.000000001; } -static void string_copy(char *dst, const char *src, int len) { - int src_len = strlen(src); - int min_len = src_len; - if(len - 1 < min_len) - min_len = len - 1; - memcpy(dst, src, min_len); - dst[min_len] = '\0'; -} +// static bool readlink_realpath(const char *filepath, char *buffer) { +// char symlinked_path[PATH_MAX]; +// ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1); +// if(bytes_written == -1 && errno == EINVAL) { +// /* Not a symlink */ +// snprintf(symlinked_path, sizeof(symlinked_path), "%s", filepath); +// } else if(bytes_written == -1) { +// return false; +// } else { +// symlinked_path[bytes_written] = '\0'; +// } + +// if(!realpath(symlinked_path, buffer)) +// return false; + +// return true; +// } + +// static void file_get_directory(char *filepath) { +// char *end = strrchr(filepath, '/'); +// if(end == NULL) +// filepath[0] = '\0'; +// else +// *end = '\0'; +// } + +// static bool string_ends_with(const char *str, const char *ends_with) { +// const int len = strlen(str); +// const int ends_with_len = strlen(ends_with); +// return len >= ends_with_len && memcmp(str + len - ends_with_len, ends_with, ends_with_len) == 0; +// } + +// This is not foolproof, but the assumption is that gsr-kms-server and gpu-screen-recorder are installed in the same directory +// in a location that only the root user can write to (usually /usr/bin or /usr/local/bin) and if the client runs from that location +// and is called gpu-screen-recorder then gsr-kms-server can only be used by a malicious program if the malicious program +// had root access, to modify that program install directory. +// static bool is_remote_peer_program_gpu_screen_recorder(int socket_fd) { +// // TODO: Use SO_PEERPIDFD on kernel >= 6.5 to avoid a race condition in the /proc/<pid> check +// struct ucred cred; +// socklen_t ucred_len = sizeof(cred); +// if(getsockopt(socket_fd, SOL_SOCKET, SO_PEERCRED, &cred, &ucred_len) == -1) { +// fprintf(stderr, "kms server error: failed to get peer credentials, error: %s\n", strerror(errno)); +// return false; +// } + +// char self_directory[PATH_MAX]; +// if(!readlink_realpath("/proc/self/exe", self_directory)) { +// fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n"); +// return false; +// } +// file_get_directory(self_directory); + +// char peer_directory[PATH_MAX]; +// char peer_exe_path[PATH_MAX]; +// snprintf(peer_exe_path, sizeof(peer_exe_path), "/proc/%d/exe", (int)cred.pid); +// if(!readlink_realpath(peer_exe_path, peer_directory)) { +// fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n"); +// return false; +// } + +// if(!string_ends_with(peer_directory, "/gpu-screen-recorder")) { +// fprintf(stderr, "kms server error: only gpu-screen-recorder can use gsr-kms-server. client program location is %s\n", peer_directory); +// return false; +// } + +// file_get_directory(peer_directory); + +// if(strcmp(self_directory, peer_directory) != 0) { +// fprintf(stderr, "kms server error: the client program is in directory %s but only programs in %s can run gsr-kms-server\n", peer_directory, self_directory); +// return false; +// } + +// return true; +// } int main(int argc, char **argv) { int res = 0; @@ -478,7 +549,7 @@ int main(int argc, char **argv) { while(clock_get_monotonic_seconds() - start_time < connect_timeout_sec) { struct sockaddr_un remote_addr = {0}; remote_addr.sun_family = AF_UNIX; - string_copy(remote_addr.sun_path, domain_socket_path, sizeof(remote_addr.sun_path)); + snprintf(remote_addr.sun_path, sizeof(remote_addr.sun_path), "%s", domain_socket_path); // TODO: Check if parent disconnected if(connect(socket_fd, (struct sockaddr*)&remote_addr, sizeof(remote_addr.sun_family) + strlen(remote_addr.sun_path)) == -1) { if(errno == ECONNREFUSED || errno == ENOENT) { @@ -505,6 +576,11 @@ int main(int argc, char **argv) { goto done; } + // if(!is_remote_peer_program_gpu_screen_recorder(socket_fd)) { + // res = 3; + // goto done; + // } + for(;;) { gsr_kms_request request; request.version = 0; |