kms permission ok if running as root, no pkexec needed
This commit is contained in:
parent
8d250f7e33
commit
be388cda5f
@ -67,29 +67,30 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path, const char
|
|||||||
struct sockaddr_un local_addr = {0};
|
struct sockaddr_un local_addr = {0};
|
||||||
struct sockaddr_un remote_addr = {0};
|
struct sockaddr_un remote_addr = {0};
|
||||||
|
|
||||||
// TODO: Check if gsr-kms-server is installed
|
|
||||||
// TODO: Check if pkexec is installed
|
|
||||||
|
|
||||||
char server_filepath[PATH_MAX];
|
char server_filepath[PATH_MAX];
|
||||||
snprintf(server_filepath, sizeof(server_filepath), "%s/%s", program_dir, "gsr-kms-server");
|
snprintf(server_filepath, sizeof(server_filepath), "%s/%s", program_dir, "gsr-kms-server");
|
||||||
|
|
||||||
int has_perm = 0;
|
int has_perm = 0;
|
||||||
cap_t kms_server_cap = cap_get_file(server_filepath);
|
if(geteuid() == 0) {
|
||||||
if(kms_server_cap) {
|
has_perm = 1;
|
||||||
cap_flag_value_t res = 0;
|
|
||||||
cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res);
|
|
||||||
if(res == CAP_SET) {
|
|
||||||
//fprintf(stderr, "has permission!\n");
|
|
||||||
has_perm = 1;
|
|
||||||
} else {
|
|
||||||
//fprintf(stderr, "No permission:(\n");
|
|
||||||
}
|
|
||||||
cap_free(kms_server_cap);
|
|
||||||
} else {
|
} else {
|
||||||
if(errno == ENODATA)
|
cap_t kms_server_cap = cap_get_file(server_filepath);
|
||||||
fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath);
|
if(kms_server_cap) {
|
||||||
else
|
cap_flag_value_t res = 0;
|
||||||
fprintf(stderr, "failed to get cap\n");
|
cap_get_flag(kms_server_cap, CAP_SYS_ADMIN, CAP_PERMITTED, &res);
|
||||||
|
if(res == CAP_SET) {
|
||||||
|
//fprintf(stderr, "has permission!\n");
|
||||||
|
has_perm = 1;
|
||||||
|
} else {
|
||||||
|
//fprintf(stderr, "No permission:(\n");
|
||||||
|
}
|
||||||
|
cap_free(kms_server_cap);
|
||||||
|
} else {
|
||||||
|
if(errno == ENODATA)
|
||||||
|
fprintf(stderr, "gsr info: gsr_kms_client_init: gsr-kms-server is missing sys_admin cap and will require root authentication. To bypass this automatically, run: sudo setcap cap_sys_admin+ep '%s'\n", server_filepath);
|
||||||
|
else
|
||||||
|
fprintf(stderr, "failed to get cap\n");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
self->card_path = strdup(card_path);
|
self->card_path = strdup(card_path);
|
||||||
|
@ -73,6 +73,7 @@ static int get_kms(const char *card_path, gsr_kms_response *response) {
|
|||||||
if (0 != drmSetClientCap(drmfd, DRM_CLIENT_CAP_UNIVERSAL_PLANES, 1)) {
|
if (0 != drmSetClientCap(drmfd, DRM_CLIENT_CAP_UNIVERSAL_PLANES, 1)) {
|
||||||
response->result = KMS_RESULT_INSUFFICIENT_PERMISSIONS;
|
response->result = KMS_RESULT_INSUFFICIENT_PERMISSIONS;
|
||||||
snprintf(response->data.err_msg, sizeof(response->data.err_msg), "drmSetClientCap failed, error: %s", strerror(errno));
|
snprintf(response->data.err_msg, sizeof(response->data.err_msg), "drmSetClientCap failed, error: %s", strerror(errno));
|
||||||
|
close(drmfd);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -80,6 +81,7 @@ static int get_kms(const char *card_path, gsr_kms_response *response) {
|
|||||||
if (!planes) {
|
if (!planes) {
|
||||||
response->result = KMS_RESULT_FAILED_TO_GET_KMS;
|
response->result = KMS_RESULT_FAILED_TO_GET_KMS;
|
||||||
snprintf(response->data.err_msg, sizeof(response->data.err_msg), "failed to access planes, error: %s", strerror(errno));
|
snprintf(response->data.err_msg, sizeof(response->data.err_msg), "failed to access planes, error: %s", strerror(errno));
|
||||||
|
close(drmfd);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -134,7 +136,7 @@ static int get_kms(const char *card_path, gsr_kms_response *response) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
drmModeFreePlaneResources(planes);
|
drmModeFreePlaneResources(planes);
|
||||||
close(drmfd); // TODO?
|
close(drmfd);
|
||||||
|
|
||||||
if(response->data.fd.fd == 0) {
|
if(response->data.fd.fd == 0) {
|
||||||
response->result = KMS_RESULT_NO_KMS_AVAILABLE;
|
response->result = KMS_RESULT_NO_KMS_AVAILABLE;
|
||||||
|
Loading…
Reference in New Issue
Block a user