From 9942172e2d42cb89996fe260f65ca2ec5d6d91cf Mon Sep 17 00:00:00 2001 From: tpearson Date: Thu, 15 Sep 2011 17:30:04 +0000 Subject: Export the kdmtsak calling executable validation routine in a header file git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdebase@1253837 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- kdmlib/kdmtsak.cpp | 141 +-------------------------------------------- kdmlib/kdmtsak.h | 166 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 168 insertions(+), 139 deletions(-) create mode 100644 kdmlib/kdmtsak.h diff --git a/kdmlib/kdmtsak.cpp b/kdmlib/kdmtsak.cpp index f00346182..2602025bb 100644 --- a/kdmlib/kdmtsak.cpp +++ b/kdmlib/kdmtsak.cpp @@ -18,146 +18,9 @@ Boston, MA 02110-1301, USA. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "config.h" - -#define FIFO_FILE "/tmp/ksocket-global/tsak" - -// #define DEBUG +#include "kdmtsak.h" int main (int argc, char *argv[]) { - int mPipe_fd; - char readbuf[128]; - int numread; - bool authorized = false; - - pid_t parentproc = getppid(); -#ifdef DEBUG - printf("Parent pid is: %d\n\r", parentproc); -#endif - - char parentexecutable[8192]; - TQString procparent = TQString("/proc/%1/exe").arg(parentproc); - int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable)); - parentexecutable[chars] = 0; - parentexecutable[8191] = 0; - procparent = parentexecutable; -#ifdef DEBUG - printf("Parent executable name and full path is: %s\n\r", procparent.ascii()); -#endif - - TQString tdeBinaryPath = TQString(KDE_BINDIR "/"); -#ifdef DEBUG - printf("The TDE binary path is: %s\n\r", tdeBinaryPath.ascii()); -#endif - - if (!procparent.startsWith(tdeBinaryPath)) { - printf("Unauthorized path detected in calling process\n\r"); - return 2; - } - else { - procparent = procparent.mid(tdeBinaryPath.length()); -#ifdef DEBUG - printf("Parent executable name is: %s\n\r", procparent.ascii()); -#endif - if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "kdm")) { - authorized = true; - } - else if (procparent == "kdeinit") { - printf("kdeinit detected\n\r"); - // A bit more digging is needed to see if this is an authorized process or not - // Get the kdeinit command - char kdeinitcmdline[8192]; - FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r"); - if (fp != NULL) { - if (fgets (kdeinitcmdline, 8192, fp) != NULL) - fclose (fp); - } - kdeinitcmdline[8191] = 0; - TQString kdeinitCommand = kdeinitcmdline; - - // Also get the environment, specifically the path - TQString kdeinitEnvironment; - char kdeinitenviron[8192]; - fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r"); - if (fp != NULL) { - int c; - int pos = 0; - do { - c = fgetc(fp); - kdeinitenviron[pos] = c; - pos++; - if (c == 0) { - TQString curEnvLine = kdeinitenviron; - if (curEnvLine.startsWith("PATH=")) { - kdeinitEnvironment = curEnvLine.mid(5); - } - pos = 0; - } - } while ((c != EOF) && (pos < 8192)); - fclose (fp); - } - kdeinitenviron[8191] = 0; - -#ifdef DEBUG - printf("Called executable name is: %s\n\r", kdeinitCommand.ascii()); - printf("Environment is: %s\n\r", kdeinitEnvironment.ascii()); -#endif - - if ((kdeinitCommand == "kdesktop [kdeinit]") && (kdeinitEnvironment.startsWith(KDE_BINDIR))) { - authorized = true; - } - else { - return 4; - } - } - else { - printf("Unauthorized calling process detected\n\r"); - return 3; - } - - if (authorized == true) { - // OK, the calling process is authorized to retrieve SAK data - // First, flush the buffer - mPipe_fd = open(FIFO_FILE, O_RDWR | O_NONBLOCK); - numread = 1; - while (numread > 0) { - numread = read(mPipe_fd, readbuf, 128); - } - // Now wait for SAK press - mPipe_fd = open(FIFO_FILE, O_RDWR); - if (mPipe_fd > -1) { - numread = read(mPipe_fd, readbuf, 128); - readbuf[numread] = 0; - readbuf[127] = 0; - close(mPipe_fd); - if (strcmp(readbuf, "SAK\n\r") == 0) { - return 0; - } - else { - return 1; - } - } - return 6; - } - } - - return 5; + return tde_sak_verify_calling_process(); } \ No newline at end of file diff --git a/kdmlib/kdmtsak.h b/kdmlib/kdmtsak.h new file mode 100644 index 000000000..171bece0b --- /dev/null +++ b/kdmlib/kdmtsak.h @@ -0,0 +1,166 @@ +/* + This file is part of the TDE project + Copyright (C) 2011 Timothy Pearson + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with this library; see the file COPYING.LIB. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "config.h" + +#define FIFO_FILE "/tmp/ksocket-global/tsak" + +// #define DEBUG + +inline int tde_sak_verify_calling_process() +{ + int mPipe_fd; + char readbuf[128]; + int numread; + bool authorized = false; + + pid_t parentproc = getppid(); +#ifdef DEBUG + printf("Parent pid is: %d\n\r", parentproc); +#endif + + char parentexecutable[8192]; + TQString procparent = TQString("/proc/%1/exe").arg(parentproc); + int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable)); + parentexecutable[chars] = 0; + parentexecutable[8191] = 0; + procparent = parentexecutable; +#ifdef DEBUG + printf("Parent executable name and full path is: %s\n\r", procparent.ascii()); +#endif + + TQString tdeBinaryPath = TQString(KDE_BINDIR "/"); +#ifdef DEBUG + printf("The TDE binary path is: %s\n\r", tdeBinaryPath.ascii()); +#endif + + if (!procparent.startsWith(tdeBinaryPath)) { + printf("Unauthorized path detected in calling process\n\r"); + return 2; + } + else { + procparent = procparent.mid(tdeBinaryPath.length()); +#ifdef DEBUG + printf("Parent executable name is: %s\n\r", procparent.ascii()); +#endif + if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "kdm")) { + authorized = true; + } + else if (procparent == "kdeinit") { + printf("kdeinit detected\n\r"); + // A bit more digging is needed to see if this is an authorized process or not + // Get the kdeinit command + char kdeinitcmdline[8192]; + FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r"); + if (fp != NULL) { + if (fgets (kdeinitcmdline, 8192, fp) != NULL) + fclose (fp); + } + kdeinitcmdline[8191] = 0; + TQString kdeinitCommand = kdeinitcmdline; + + // Also get the environment, specifically the path + TQString kdeinitEnvironment; + char kdeinitenviron[8192]; + fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r"); + if (fp != NULL) { + int c; + int pos = 0; + do { + c = fgetc(fp); + kdeinitenviron[pos] = c; + pos++; + if (c == 0) { + TQString curEnvLine = kdeinitenviron; + if (curEnvLine.startsWith("PATH=")) { + kdeinitEnvironment = curEnvLine.mid(5); + } + pos = 0; + } + } while ((c != EOF) && (pos < 8192)); + fclose (fp); + } + kdeinitenviron[8191] = 0; + +#ifdef DEBUG + printf("Called executable name is: %s\n\r", kdeinitCommand.ascii()); + printf("Environment is: %s\n\r", kdeinitEnvironment.ascii()); +#endif + + if ((kdeinitCommand == "kdesktop [kdeinit]") && (kdeinitEnvironment.startsWith(KDE_BINDIR))) { + authorized = true; + } + else { + return 4; + } + } + else { + printf("Unauthorized calling process detected\n\r"); + return 3; + } + + if (authorized == true) { + // OK, the calling process is authorized to retrieve SAK data + // First, flush the buffer + mPipe_fd = open(FIFO_FILE, O_RDWR | O_NONBLOCK); + numread = 1; + while (numread > 0) { + numread = read(mPipe_fd, readbuf, 128); + } + // Now wait for SAK press + mPipe_fd = open(FIFO_FILE, O_RDWR); + if (mPipe_fd > -1) { + numread = read(mPipe_fd, readbuf, 128); + readbuf[numread] = 0; + readbuf[127] = 0; + close(mPipe_fd); + if (strcmp(readbuf, "SAK\n\r") == 0) { + return 0; + } + else { + return 1; + } + } + return 6; + } + } + + return 5; +} + +#undef FIFO_FILE +#undef DEBUG \ No newline at end of file -- cgit v1.2.1