From be388cda5ff9e96078e39ff9c5f963e4b8fc451c Mon Sep 17 00:00:00 2001
From: dec05eba <dec05eba@protonmail.com>
Date: Sat, 8 Apr 2023 05:50:43 +0200
Subject: kms permission ok if running as root, no pkexec needed

---
 src/kms/kms_client.c | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

(limited to 'src/kms/kms_client.c')

diff --git a/src/kms/kms_client.c b/src/kms/kms_client.c
index ededbe9..e689aaf 100644
--- a/src/kms/kms_client.c
+++ b/src/kms/kms_client.c
@@ -67,29 +67,30 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path, const char
     struct sockaddr_un local_addr = {0};
     struct sockaddr_un remote_addr = {0};
 
-    // TODO: Check if gsr-kms-server is installed
-    // TODO: Check if pkexec is installed
-
     char server_filepath[PATH_MAX];
     snprintf(server_filepath, sizeof(server_filepath), "%s/%s", program_dir, "gsr-kms-server");
 
     int has_perm = 0;
-    cap_t kms_server_cap = cap_get_file(server_filepath);
-    if(kms_server_cap) {
-        cap_flag_value_t res = 0;
-        cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res);
-        if(res == CAP_SET) {
-            //fprintf(stderr, "has permission!\n");
-            has_perm = 1;
+    if(geteuid() == 0) {
+        has_perm = 1;
+    } else {
+        cap_t kms_server_cap = cap_get_file(server_filepath);
+        if(kms_server_cap) {
+            cap_flag_value_t res = 0;
+            cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res);
+            if(res == CAP_SET) {
+                //fprintf(stderr, "has permission!\n");
+                has_perm = 1;
+            } else {
+                //fprintf(stderr, "No permission:(\n");
+            }
+            cap_free(kms_server_cap);
         } else {
-            //fprintf(stderr, "No permission:(\n");
+            if(errno == ENODATA)
+                fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath);
+            else
+                fprintf(stderr, "failed to get cap\n");
         }
-        cap_free(kms_server_cap);
-    } else {
-        if(errno == ENODATA)
-            fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath);
-        else
-            fprintf(stderr, "failed to get cap\n");
     }
 
     self->card_path = strdup(card_path);
-- 
cgit v1.2.3