TDE base libraries and programs
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

tdmtsak.h 3.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
  1. /*
  2. This file is part of the TDE project
  3. Copyright (C) 2011 Timothy Pearson <kb9vqf@pearsoncomputing.net>
  4. This library is free software; you can redistribute it and/or
  5. modify it under the terms of the GNU Library General Public
  6. License as published by the Free Software Foundation; either
  7. version 2 of the License, or (at your option) any later version.
  8. This library is distributed in the hope that it will be useful,
  9. but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  11. Library General Public License for more details.
  12. You should have received a copy of the GNU Library General Public License
  13. along with this library; see the file COPYING.LIB. If not, write to
  14. the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  15. Boston, MA 02110-1301, USA.
  16. */
  17. #include <stdio.h>
  18. #include <stdlib.h>
  19. #include <string.h>
  20. #include <unistd.h>
  21. #include <errno.h>
  22. #include <fcntl.h>
  23. #include <limits.h>
  24. #include <dirent.h>
  25. #include <sys/types.h>
  26. #include <sys/stat.h>
  27. #include <sys/select.h>
  28. #include <sys/time.h>
  29. #include <termios.h>
  30. #include <signal.h>
  31. #include <tqstring.h>
  32. #include "config.h"
  33. // #define DEBUG
  34. inline int tde_sak_verify_calling_process()
  35. {
  36. bool authorized = false;
  37. // Root always has access to everything...
  38. if (getuid() == 0) {
  39. return 0;
  40. }
  41. pid_t parentproc = getppid();
  42. #ifdef DEBUG
  43. printf("Parent pid is: %d\n", parentproc);
  44. #endif
  45. char parentexecutable[8192];
  46. TQString procparent = TQString("/proc/%1/exe").arg(parentproc);
  47. int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable));
  48. parentexecutable[chars] = 0;
  49. parentexecutable[8191] = 0;
  50. procparent = parentexecutable;
  51. #ifdef DEBUG
  52. printf("Parent executable name and full path is: %s\n", procparent.ascii());
  53. #endif
  54. TQString tdeBinaryPath = TQString(KDE_BINDIR "/");
  55. #ifdef DEBUG
  56. printf("The TDE binary path is: %s\n", tdeBinaryPath.ascii());
  57. #endif
  58. if (!procparent.startsWith(tdeBinaryPath)) {
  59. printf("Unauthorized path detected in calling process\n");
  60. return 2;
  61. }
  62. else {
  63. procparent = procparent.mid(tdeBinaryPath.length());
  64. #ifdef DEBUG
  65. printf("Parent executable name is: %s\n", procparent.ascii());
  66. #endif
  67. if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "tdm")) {
  68. authorized = true;
  69. }
  70. else if (procparent == "tdeinit") {
  71. printf("tdeinit detected\n");
  72. // A bit more digging is needed to see if this is an authorized process or not
  73. // Get the tdeinit command
  74. char tdeinitcmdline[8192];
  75. FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r");
  76. if (fp != NULL) {
  77. if (fgets (tdeinitcmdline, 8192, fp) != NULL)
  78. fclose (fp);
  79. }
  80. tdeinitcmdline[8191] = 0;
  81. TQString tdeinitCommand = tdeinitcmdline;
  82. // Also get the environment, specifically the path
  83. TQString tdeinitEnvironment;
  84. char tdeinitenviron[8192];
  85. fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r");
  86. if (fp != NULL) {
  87. int c;
  88. int pos = 0;
  89. do {
  90. c = fgetc(fp);
  91. tdeinitenviron[pos] = c;
  92. pos++;
  93. if (c == 0) {
  94. TQString curEnvLine = tdeinitenviron;
  95. if (curEnvLine.startsWith("PATH=")) {
  96. tdeinitEnvironment = curEnvLine.mid(5);
  97. }
  98. pos = 0;
  99. }
  100. } while ((c != EOF) && (pos < 8192));
  101. fclose (fp);
  102. }
  103. tdeinitenviron[8191] = 0;
  104. #ifdef DEBUG
  105. printf("Called executable name is: %s\n", tdeinitCommand.ascii());
  106. printf("Environment is: %s\n", tdeinitEnvironment.ascii());
  107. #endif
  108. if ((tdeinitCommand == "kdesktop [tdeinit]") && (tdeinitEnvironment.startsWith(KDE_BINDIR))) {
  109. authorized = true;
  110. }
  111. else {
  112. return 4;
  113. }
  114. }
  115. else {
  116. printf("Unauthorized calling process detected\n");
  117. return 3;
  118. }
  119. if (authorized == true) {
  120. return 0;
  121. }
  122. }
  123. return 5;
  124. }
  125. #undef DEBUG