diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-01-22 01:02:36 -0600 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-01-22 01:02:36 -0600 |
commit | b81e43465b14836b17e4fe2dea91c78a2bdd29b3 (patch) | |
tree | 7815d61ce59a6ccb6e655ed44f5fea786f520985 /tdmlib/tdmtsak.h | |
parent | 7021f40c13f949b7cb5ded32d0241d648a43bf6c (diff) | |
download | tdebase-b81e43465b14836b17e4fe2dea91c78a2bdd29b3.tar.gz tdebase-b81e43465b14836b17e4fe2dea91c78a2bdd29b3.zip |
Part 2 of prior commit
Diffstat (limited to 'tdmlib/tdmtsak.h')
-rw-r--r-- | tdmlib/tdmtsak.h | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/tdmlib/tdmtsak.h b/tdmlib/tdmtsak.h new file mode 100644 index 000000000..1987a8218 --- /dev/null +++ b/tdmlib/tdmtsak.h @@ -0,0 +1,144 @@ +/* + This file is part of the TDE project + Copyright (C) 2011 Timothy Pearson <kb9vqf@pearsoncomputing.net> + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with this library; see the file COPYING.LIB. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <errno.h> +#include <fcntl.h> +#include <limits.h> +#include <dirent.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/select.h> +#include <sys/time.h> +#include <termios.h> +#include <signal.h> + +#include <tqstring.h> + +#include "config.h" + +// #define DEBUG + +inline int tde_sak_verify_calling_process() +{ + bool authorized = false; + + // Root always has access to everything... + if (getuid() == 0) { + return 0; + } + + pid_t parentproc = getppid(); +#ifdef DEBUG + printf("Parent pid is: %d\n\r", parentproc); +#endif + + char parentexecutable[8192]; + TQString procparent = TQString("/proc/%1/exe").arg(parentproc); + int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable)); + parentexecutable[chars] = 0; + parentexecutable[8191] = 0; + procparent = parentexecutable; +#ifdef DEBUG + printf("Parent executable name and full path is: %s\n\r", procparent.ascii()); +#endif + + TQString tdeBinaryPath = TQString(KDE_BINDIR "/"); +#ifdef DEBUG + printf("The TDE binary path is: %s\n\r", tdeBinaryPath.ascii()); +#endif + + if (!procparent.startsWith(tdeBinaryPath)) { + printf("Unauthorized path detected in calling process\n\r"); + return 2; + } + else { + procparent = procparent.mid(tdeBinaryPath.length()); +#ifdef DEBUG + printf("Parent executable name is: %s\n\r", procparent.ascii()); +#endif + if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "tdm")) { + authorized = true; + } + else if (procparent == "tdeinit") { + printf("tdeinit detected\n\r"); + // A bit more digging is needed to see if this is an authorized process or not + // Get the tdeinit command + char tdeinitcmdline[8192]; + FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r"); + if (fp != NULL) { + if (fgets (tdeinitcmdline, 8192, fp) != NULL) + fclose (fp); + } + tdeinitcmdline[8191] = 0; + TQString tdeinitCommand = tdeinitcmdline; + + // Also get the environment, specifically the path + TQString tdeinitEnvironment; + char tdeinitenviron[8192]; + fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r"); + if (fp != NULL) { + int c; + int pos = 0; + do { + c = fgetc(fp); + tdeinitenviron[pos] = c; + pos++; + if (c == 0) { + TQString curEnvLine = tdeinitenviron; + if (curEnvLine.startsWith("PATH=")) { + tdeinitEnvironment = curEnvLine.mid(5); + } + pos = 0; + } + } while ((c != EOF) && (pos < 8192)); + fclose (fp); + } + tdeinitenviron[8191] = 0; + +#ifdef DEBUG + printf("Called executable name is: %s\n\r", tdeinitCommand.ascii()); + printf("Environment is: %s\n\r", tdeinitEnvironment.ascii()); +#endif + + if ((tdeinitCommand == "kdesktop [tdeinit]") && (tdeinitEnvironment.startsWith(KDE_BINDIR))) { + authorized = true; + } + else { + return 4; + } + } + else { + printf("Unauthorized calling process detected\n\r"); + return 3; + } + + if (authorized == true) { + return 0; + } + } + + return 5; +} + +#undef DEBUG
\ No newline at end of file |