libweston: Allow taking screenshots when debug protocol is enabled

Screenshots of the outputs can only be taken by having a keyboard plug-ed in, as to avoid potential malicious intent. On the other hand, this is problematic as there are cases where a keyboard cannot be used as a input device. A particular use-case is that for multiple devices it can be cumbersome to connect a keyboard such that using ssh can be much easier and can be further automated. This patch allows taking screenshots without the need of having a keyboard connected when debug protocol is enabled. Add also a few words about the fact that this is a serious issue and can lead to silently leaking the output contents. Signed-off-by: Marius Vlad <marius.vlad0@gmail.com>
6 years ago · 4e1d9bc72f
parent d9bcc0b171
commit 4e1d9bc72f
2 changed files with 15 additions and 4 deletions
--- a/compositor/weston-screenshooter.c
+++ b/compositor/weston-screenshooter.c
@ -32,6 +32,7 @@
 #include "weston.h"
 #include "weston-screenshooter-server-protocol.h"
 #include "shared/helpers.h"
+#include "weston-debug.h"

 struct screenshooter {
 	struct weston_compositor *ec;
@ -88,13 +89,20 @@ bind_shooter(struct wl_client *client,
 {
 	struct screenshooter *shooter = data;
 	struct wl_resource *resource;
+	bool debug_enabled =
+		weston_compositor_is_debug_protocol_enabled(shooter->ec);

 	resource = wl_resource_create(client,
 				      &weston_screenshooter_interface, 1, id);

-	if (client != shooter->client) {
+	if (!debug_enabled && !shooter->client) {
 		wl_resource_post_error(resource, WL_DISPLAY_ERROR_INVALID_OBJECT,
-				       "screenshooter failed: permission denied");
+				       "screenshooter failed: permission denied. "\
+				       "Debug protocol must be enabled");
+		return;
+	} else if (!debug_enabled && client != shooter->client) {
+		wl_resource_post_error(resource, WL_DISPLAY_ERROR_INVALID_OBJECT,
+				       "screenshooter failed: permission denied.");
 		return;
 	}

--- a/man/weston.man
+++ b/man/weston.man
@ -141,8 +141,11 @@ which any client can use to receive debugging messages from the compositor.
 .B WARNING:
 This is risky for two reasons. First, a client may cause a denial-of-service
 blocking the compositor by providing an unsuitable file descriptor, and
-second, the debug messages may expose sensitive information. This option
-should not be used in production.
+second, the debug messages may expose sensitive information.
+Additionally this will expose weston-screenshooter interface allowing the user
+to take screenshots of the outputs using weston-screenshooter application,
+which can lead to silently leaking the output contents.  This option should
+not be used in production.
 .TP
 .BR \-\-version
 Print the program version.