diff options
-rw-r--r-- | kdmlib/kdmtsak.cpp | 66 |
1 files changed, 60 insertions, 6 deletions
diff --git a/kdmlib/kdmtsak.cpp b/kdmlib/kdmtsak.cpp index b8d83e5a0..f00346182 100644 --- a/kdmlib/kdmtsak.cpp +++ b/kdmlib/kdmtsak.cpp @@ -46,6 +46,7 @@ int main (int argc, char *argv[]) int mPipe_fd; char readbuf[128]; int numread; + bool authorized = false; pid_t parentproc = getppid(); #ifdef DEBUG @@ -76,7 +77,63 @@ int main (int argc, char *argv[]) #ifdef DEBUG printf("Parent executable name is: %s\n\r", procparent.ascii()); #endif - if ((procparent == "ksmserver") || (procparent == "kdesktop_lock") || (procparent == "kdm")) { + if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "kdm")) { + authorized = true; + } + else if (procparent == "kdeinit") { + printf("kdeinit detected\n\r"); + // A bit more digging is needed to see if this is an authorized process or not + // Get the kdeinit command + char kdeinitcmdline[8192]; + FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r"); + if (fp != NULL) { + if (fgets (kdeinitcmdline, 8192, fp) != NULL) + fclose (fp); + } + kdeinitcmdline[8191] = 0; + TQString kdeinitCommand = kdeinitcmdline; + + // Also get the environment, specifically the path + TQString kdeinitEnvironment; + char kdeinitenviron[8192]; + fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r"); + if (fp != NULL) { + int c; + int pos = 0; + do { + c = fgetc(fp); + kdeinitenviron[pos] = c; + pos++; + if (c == 0) { + TQString curEnvLine = kdeinitenviron; + if (curEnvLine.startsWith("PATH=")) { + kdeinitEnvironment = curEnvLine.mid(5); + } + pos = 0; + } + } while ((c != EOF) && (pos < 8192)); + fclose (fp); + } + kdeinitenviron[8191] = 0; + +#ifdef DEBUG + printf("Called executable name is: %s\n\r", kdeinitCommand.ascii()); + printf("Environment is: %s\n\r", kdeinitEnvironment.ascii()); +#endif + + if ((kdeinitCommand == "kdesktop [kdeinit]") && (kdeinitEnvironment.startsWith(KDE_BINDIR))) { + authorized = true; + } + else { + return 4; + } + } + else { + printf("Unauthorized calling process detected\n\r"); + return 3; + } + + if (authorized == true) { // OK, the calling process is authorized to retrieve SAK data // First, flush the buffer mPipe_fd = open(FIFO_FILE, O_RDWR | O_NONBLOCK); @@ -98,12 +155,9 @@ int main (int argc, char *argv[]) return 1; } } - } - else { - printf("Unauthorized calling process detected\n\r"); - return 3; + return 6; } } - return 4; + return 5; }
\ No newline at end of file |