From b81e43465b14836b17e4fe2dea91c78a2bdd29b3 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sun, 22 Jan 2012 01:02:36 -0600 Subject: Part 2 of prior commit --- kdmlib/kdmtsak.h | 144 ------------------------------------------------------- 1 file changed, 144 deletions(-) delete mode 100644 kdmlib/kdmtsak.h (limited to 'kdmlib/kdmtsak.h') diff --git a/kdmlib/kdmtsak.h b/kdmlib/kdmtsak.h deleted file mode 100644 index 1987a8218..000000000 --- a/kdmlib/kdmtsak.h +++ /dev/null @@ -1,144 +0,0 @@ -/* - This file is part of the TDE project - Copyright (C) 2011 Timothy Pearson - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public License - along with this library; see the file COPYING.LIB. If not, write to - the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "config.h" - -// #define DEBUG - -inline int tde_sak_verify_calling_process() -{ - bool authorized = false; - - // Root always has access to everything... - if (getuid() == 0) { - return 0; - } - - pid_t parentproc = getppid(); -#ifdef DEBUG - printf("Parent pid is: %d\n\r", parentproc); -#endif - - char parentexecutable[8192]; - TQString procparent = TQString("/proc/%1/exe").arg(parentproc); - int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable)); - parentexecutable[chars] = 0; - parentexecutable[8191] = 0; - procparent = parentexecutable; -#ifdef DEBUG - printf("Parent executable name and full path is: %s\n\r", procparent.ascii()); -#endif - - TQString tdeBinaryPath = TQString(KDE_BINDIR "/"); -#ifdef DEBUG - printf("The TDE binary path is: %s\n\r", tdeBinaryPath.ascii()); -#endif - - if (!procparent.startsWith(tdeBinaryPath)) { - printf("Unauthorized path detected in calling process\n\r"); - return 2; - } - else { - procparent = procparent.mid(tdeBinaryPath.length()); -#ifdef DEBUG - printf("Parent executable name is: %s\n\r", procparent.ascii()); -#endif - if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "tdm")) { - authorized = true; - } - else if (procparent == "tdeinit") { - printf("tdeinit detected\n\r"); - // A bit more digging is needed to see if this is an authorized process or not - // Get the tdeinit command - char tdeinitcmdline[8192]; - FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r"); - if (fp != NULL) { - if (fgets (tdeinitcmdline, 8192, fp) != NULL) - fclose (fp); - } - tdeinitcmdline[8191] = 0; - TQString tdeinitCommand = tdeinitcmdline; - - // Also get the environment, specifically the path - TQString tdeinitEnvironment; - char tdeinitenviron[8192]; - fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r"); - if (fp != NULL) { - int c; - int pos = 0; - do { - c = fgetc(fp); - tdeinitenviron[pos] = c; - pos++; - if (c == 0) { - TQString curEnvLine = tdeinitenviron; - if (curEnvLine.startsWith("PATH=")) { - tdeinitEnvironment = curEnvLine.mid(5); - } - pos = 0; - } - } while ((c != EOF) && (pos < 8192)); - fclose (fp); - } - tdeinitenviron[8191] = 0; - -#ifdef DEBUG - printf("Called executable name is: %s\n\r", tdeinitCommand.ascii()); - printf("Environment is: %s\n\r", tdeinitEnvironment.ascii()); -#endif - - if ((tdeinitCommand == "kdesktop [tdeinit]") && (tdeinitEnvironment.startsWith(KDE_BINDIR))) { - authorized = true; - } - else { - return 4; - } - } - else { - printf("Unauthorized calling process detected\n\r"); - return 3; - } - - if (authorized == true) { - return 0; - } - } - - return 5; -} - -#undef DEBUG \ No newline at end of file -- cgit v1.2.1