summaryrefslogtreecommitdiffstats
path: root/tdmlib/tdmtsak.h
diff options
context:
space:
mode:
Diffstat (limited to 'tdmlib/tdmtsak.h')
-rw-r--r--tdmlib/tdmtsak.h144
1 files changed, 144 insertions, 0 deletions
diff --git a/tdmlib/tdmtsak.h b/tdmlib/tdmtsak.h
new file mode 100644
index 000000000..34a1953c3
--- /dev/null
+++ b/tdmlib/tdmtsak.h
@@ -0,0 +1,144 @@
+/*
+ This file is part of the TDE project
+ Copyright (C) 2011 Timothy Pearson <[email protected]>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public License
+ along with this library; see the file COPYING.LIB. If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <dirent.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/select.h>
+#include <sys/time.h>
+#include <termios.h>
+#include <signal.h>
+
+#include <tqstring.h>
+
+#include "config.h"
+
+// #define DEBUG
+
+inline int tde_sak_verify_calling_process()
+{
+ bool authorized = false;
+
+ // Root always has access to everything...
+ if (getuid() == 0) {
+ return 0;
+ }
+
+ pid_t parentproc = getppid();
+#ifdef DEBUG
+ printf("Parent pid is: %d\n", parentproc);
+#endif
+
+ char parentexecutable[8192];
+ TQString procparent = TQString("/proc/%1/exe").arg(parentproc);
+ int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable));
+ parentexecutable[chars] = 0;
+ parentexecutable[8191] = 0;
+ procparent = parentexecutable;
+#ifdef DEBUG
+ printf("Parent executable name and full path is: %s\n", procparent.ascii());
+#endif
+
+ TQString tdeBinaryPath = TQString(KDE_BINDIR "/");
+#ifdef DEBUG
+ printf("The TDE binary path is: %s\n", tdeBinaryPath.ascii());
+#endif
+
+ if (!procparent.startsWith(tdeBinaryPath)) {
+ printf("Unauthorized path detected in calling process\n");
+ return 2;
+ }
+ else {
+ procparent = procparent.mid(tdeBinaryPath.length());
+#ifdef DEBUG
+ printf("Parent executable name is: %s\n", procparent.ascii());
+#endif
+ if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "tdm")) {
+ authorized = true;
+ }
+ else if (procparent == "tdeinit") {
+ printf("tdeinit detected\n");
+ // A bit more digging is needed to see if this is an authorized process or not
+ // Get the tdeinit command
+ char tdeinitcmdline[8192];
+ FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r");
+ if (fp != NULL) {
+ if (fgets (tdeinitcmdline, 8192, fp) != NULL)
+ fclose (fp);
+ }
+ tdeinitcmdline[8191] = 0;
+ TQString tdeinitCommand = tdeinitcmdline;
+
+ // Also get the environment, specifically the path
+ TQString tdeinitEnvironment;
+ char tdeinitenviron[8192];
+ fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r");
+ if (fp != NULL) {
+ int c;
+ int pos = 0;
+ do {
+ c = fgetc(fp);
+ tdeinitenviron[pos] = c;
+ pos++;
+ if (c == 0) {
+ TQString curEnvLine = tdeinitenviron;
+ if (curEnvLine.startsWith("PATH=")) {
+ tdeinitEnvironment = curEnvLine.mid(5);
+ }
+ pos = 0;
+ }
+ } while ((c != EOF) && (pos < 8192));
+ fclose (fp);
+ }
+ tdeinitenviron[8191] = 0;
+
+#ifdef DEBUG
+ printf("Called executable name is: %s\n", tdeinitCommand.ascii());
+ printf("Environment is: %s\n", tdeinitEnvironment.ascii());
+#endif
+
+ if ((tdeinitCommand == "kdesktop [tdeinit]") && (tdeinitEnvironment.startsWith(KDE_BINDIR))) {
+ authorized = true;
+ }
+ else {
+ return 4;
+ }
+ }
+ else {
+ printf("Unauthorized calling process detected\n");
+ return 3;
+ }
+
+ if (authorized == true) {
+ return 0;
+ }
+ }
+
+ return 5;
+}
+
+#undef DEBUG