#include #include #include #include #include #include #include #include #include #include #define GSR_KMS_SERVER_FILEPATH "/var/lib/flatpak/app/com.dec05eba.gpu_screen_recorder/current/active/files/bin/gsr-kms-server" #define GSR_GLOBAL_HOTKEYS_FILEPATH "/var/lib/flatpak/app/com.dec05eba.gpu_screen_recorder/current/active/files/bin/gsr-global-hotkeys" static int readlink_realpath(const char *filepath, char *buffer) { char symlinked_path[PATH_MAX]; ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1); if(bytes_written == -1 && errno == EINVAL) { /* Not a symlink */ strncpy(symlinked_path, filepath, sizeof(symlinked_path)); } else if(bytes_written == -1) { return 0; } else { symlinked_path[bytes_written] = '\0'; } if(!realpath(symlinked_path, buffer)) return 0; return 1; } static int file_has_sys_admin_capability(const char *filepath) { cap_t cap = cap_get_file(filepath); if(!cap) return 0; cap_flag_value_t res = CAP_CLEAR; cap_get_flag(cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res); int cap_set = res == CAP_SET; cap_free(cap); return cap_set; } static int file_set_capabilities(const char *filepath, const cap_value_t *caps_to_set, int num_caps_to_set) { cap_t cap = cap_get_file(filepath); if(!cap && errno != ENODATA) return 0; if(!cap) { cap = cap_init(); if(!cap) return 0; } int res = 0; res |= cap_set_flag(cap, CAP_EFFECTIVE, num_caps_to_set, caps_to_set, CAP_SET); res |= cap_set_flag(cap, CAP_PERMITTED, num_caps_to_set, caps_to_set, CAP_SET); /*cap_set_flag(cap, CAP_INHERITABLE, num_caps_to_set, caps_to_set, CAP_SET);*/ res |= cap_set_file(filepath, cap); cap_free(cap); return res == 0; } static int create_local_kms_server_proxy_directory(const char *home) { char path[PATH_MAX]; int err; const char *paths[] = { ".local", ".local/share", ".local/share/gpu-screen-recorder", NULL }; for(size_t i = 0; paths[i]; ++i) { const char *path_part = paths[i]; snprintf(path, sizeof(path), "%s/%s", home, path_part); err = mkdir(path, S_IRWXU); if(err == -1 && errno != EEXIST) return 0; } return 1; } static int copy_file_atomic_set_capabilities(const char *source_path, const char *dest_path, const cap_value_t *caps_to_set, int num_caps_to_set) { int in_fd = -1; int out_fd = -1; int res = 0; char tmp_filepath[PATH_MAX]; snprintf(tmp_filepath, sizeof(tmp_filepath), "%s.tmp", dest_path); in_fd = open(source_path, O_RDONLY); if(in_fd == -1) goto done; struct stat st; if(fstat(in_fd, &st) == -1) goto done; out_fd = open(tmp_filepath, O_RDWR | O_CREAT | O_TRUNC, 0755); if(out_fd == -1) goto done; if(sendfile(out_fd, in_fd, NULL, st.st_size) != st.st_size) goto done; res = 1; done: if(in_fd) close(in_fd); if(out_fd) close(out_fd); if(res) res = file_set_capabilities(tmp_filepath, caps_to_set, num_caps_to_set); if(res) res = rename(tmp_filepath, dest_path) == 0; return res; } static void usage(void) { fprintf(stderr, "usage alt.1: kms-server-proxy \n"); fprintf(stderr, "usage alt.2: kms-server-proxy setup-gsr-ui [user_homepath]\n"); exit(1); } static int setup_gsr_ui(const char *user_homepath) { char self_path[PATH_MAX]; if(!readlink_realpath("/proc/self/exe", self_path)) { fprintf(stderr, "failed to resolve /proc/self/exe\n"); return 1; } if(!user_homepath) { user_homepath = getenv("HOME"); if(!user_homepath) user_homepath = "/tmp"; } char kms_server_proxy_local_filepath[PATH_MAX]; /* Update kms-server-proxy-N to kms-server-proxy-N+1 on update (update that needs to run before this program launches itself) */ snprintf(kms_server_proxy_local_filepath, sizeof(kms_server_proxy_local_filepath), "%s/.local/share/gpu-screen-recorder/kms-server-proxy-1", user_homepath); char gsr_global_hotkeys_local_filepath[PATH_MAX]; snprintf(gsr_global_hotkeys_local_filepath, sizeof(gsr_global_hotkeys_local_filepath), "%s/.local/share/gpu-screen-recorder/gsr-global-hotkeys", user_homepath); if(geteuid() == 0) { /* is current user root? */ int success = 1; success &= (file_set_capabilities(GSR_KMS_SERVER_FILEPATH, (const cap_value_t[]){ CAP_SYS_ADMIN }, 1) == 1); success &= (copy_file_atomic_set_capabilities(self_path, kms_server_proxy_local_filepath, (const cap_value_t[]){ CAP_SYS_ADMIN, CAP_SETFCAP }, 2) == 1); success &= (copy_file_atomic_set_capabilities(GSR_GLOBAL_HOTKEYS_FILEPATH, gsr_global_hotkeys_local_filepath, (const cap_value_t[]){ CAP_SETUID }, 1) == 1); return success ? 0 : 1; } else { if(create_local_kms_server_proxy_directory(user_homepath) != 1) return 1; const char *args[] = { "pkexec", self_path, "setup-gsr-ui", user_homepath, NULL }; return execvp(args[0], (char *const*)args); } } static int launch_gsr_kms_server(const char *initial_socket_path, const char *card_path, const char *user_homepath) { char self_path[PATH_MAX]; if(!readlink_realpath("/proc/self/exe", self_path)) { fprintf(stderr, "failed to resolve /proc/self/exe\n"); return 1; } char kms_server_proxy_local_filepath[PATH_MAX]; /* Update kms-server-proxy-N to kms-server-proxy-N+1 on update (update that needs to run before this program launches itself) */ snprintf(kms_server_proxy_local_filepath, sizeof(kms_server_proxy_local_filepath), "%s/.local/share/gpu-screen-recorder/kms-server-proxy-1", user_homepath); if(file_has_sys_admin_capability(GSR_KMS_SERVER_FILEPATH)) { const char *args[] = { GSR_KMS_SERVER_FILEPATH, initial_socket_path, card_path, NULL }; return execv(args[0], (char *const*)args); } else if(file_has_sys_admin_capability(kms_server_proxy_local_filepath)) { /* Need to resolve kms_server_proxy_local_filepath because /home can be a symlink to another location */ char kms_server_proxy_local_filepath_full[PATH_MAX]; if(!readlink_realpath(kms_server_proxy_local_filepath, kms_server_proxy_local_filepath_full)) { fprintf(stderr, "failed to resolve %s\n", kms_server_proxy_local_filepath); return 1; } /* Run cached ~/.local/share/gpu-screen-recorder/kms-server-proxy which has sys admin capability. The one in flatpak location gets capabilities overwritten on flatpak update. */ if(strcmp(self_path, kms_server_proxy_local_filepath_full) != 0) { const char *args[] = { kms_server_proxy_local_filepath_full, initial_socket_path, card_path, user_homepath, NULL }; return execv(args[0], (char *const*)args); } /* TODO: Remove the need for this. Instead inherit capabilities */ if(file_set_capabilities(GSR_KMS_SERVER_FILEPATH, (const cap_value_t[]){ CAP_SYS_ADMIN }, 1)) { const char *args[] = { GSR_KMS_SERVER_FILEPATH, initial_socket_path, card_path, NULL }; return execv(args[0], (char *const*)args); } const char *args[] = { "pkexec", GSR_KMS_SERVER_FILEPATH, initial_socket_path, card_path, NULL }; return execvp(args[0], (char *const*)args); } else if(geteuid() == 0) { /* is current user root? */ file_set_capabilities(GSR_KMS_SERVER_FILEPATH, (const cap_value_t[]){ CAP_SYS_ADMIN }, 1); copy_file_atomic_set_capabilities(self_path, kms_server_proxy_local_filepath, (const cap_value_t[]){ CAP_SYS_ADMIN, CAP_SETFCAP }, 2); const char *args[] = { GSR_KMS_SERVER_FILEPATH, initial_socket_path, card_path, NULL }; return execv(args[0], (char *const*)args); } else { create_local_kms_server_proxy_directory(user_homepath); const char *args[] = { "pkexec", self_path, initial_socket_path, card_path, user_homepath, NULL }; return execvp(args[0], (char *const*)args); } } int main(int argc, char **argv) { if(argc == 2 || argc == 3) { const char *user_homepath = argc == 3 ? argv[2] : NULL; if(strcmp(argv[1], "setup-gsr-ui") == 0) { return setup_gsr_ui(user_homepath); } else { fprintf(stderr, "error: invalid option \"%s\".\n", argv[1]); usage(); } } else if(argc == 4) { return launch_gsr_kms_server(argv[1], argv[2], argv[3]); } else { usage(); } }