From 9942172e2d42cb89996fe260f65ca2ec5d6d91cf Mon Sep 17 00:00:00 2001
From: tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>
Date: Thu, 15 Sep 2011 17:30:04 +0000
Subject: Export the kdmtsak calling executable validation routine in a header
 file

git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdebase@1253837 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
---
 kdmlib/kdmtsak.cpp | 141 +--------------------------------------------
 kdmlib/kdmtsak.h   | 166 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 168 insertions(+), 139 deletions(-)
 create mode 100644 kdmlib/kdmtsak.h

(limited to 'kdmlib')

diff --git a/kdmlib/kdmtsak.cpp b/kdmlib/kdmtsak.cpp
index f00346182..2602025bb 100644
--- a/kdmlib/kdmtsak.cpp
+++ b/kdmlib/kdmtsak.cpp
@@ -18,146 +18,9 @@
    Boston, MA 02110-1301, USA.
 */
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <dirent.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/select.h>
-#include <sys/time.h>
-#include <termios.h>
-#include <signal.h>
-
-#include <tqstring.h>
-
-#include "config.h"
-
-#define FIFO_FILE "/tmp/ksocket-global/tsak"
-
-// #define DEBUG
+#include "kdmtsak.h"
 
 int main (int argc, char *argv[])
 {
-	int mPipe_fd;
-	char readbuf[128];
-	int numread;
-	bool authorized = false;
-
-	pid_t parentproc = getppid();
-#ifdef DEBUG
-	printf("Parent pid is: %d\n\r", parentproc);
-#endif
-
-	char parentexecutable[8192];
-	TQString procparent = TQString("/proc/%1/exe").arg(parentproc);
-	int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable));
-	parentexecutable[chars] = 0;
-	parentexecutable[8191] = 0;
-	procparent = parentexecutable;
-#ifdef DEBUG
-	printf("Parent executable name and full path is: %s\n\r", procparent.ascii());
-#endif
-
-	TQString tdeBinaryPath = TQString(KDE_BINDIR "/");
-#ifdef DEBUG
-	printf("The TDE binary path is: %s\n\r", tdeBinaryPath.ascii());
-#endif
-
-	if (!procparent.startsWith(tdeBinaryPath)) {
-		printf("Unauthorized path detected in calling process\n\r");
-		return 2;
-	}
-	else {
-		procparent = procparent.mid(tdeBinaryPath.length());
-#ifdef DEBUG
-		printf("Parent executable name is: %s\n\r", procparent.ascii());
-#endif
-		if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "kdm")) {
-			authorized = true;
-		}
-		else if (procparent == "kdeinit") {
-			printf("kdeinit detected\n\r");
-			// A bit more digging is needed to see if this is an authorized process or not
-			// Get the kdeinit command
-			char kdeinitcmdline[8192];
-			FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r");
-			if (fp != NULL) {
-				if (fgets (kdeinitcmdline, 8192, fp) != NULL)
-				fclose (fp);
-			}
-			kdeinitcmdline[8191] = 0;
-			TQString kdeinitCommand = kdeinitcmdline;
-
-			// Also get the environment, specifically the path
-			TQString kdeinitEnvironment;
-			char kdeinitenviron[8192];
-			fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r");
-			if (fp != NULL) {
-				int c;
-				int pos = 0;
-				do {
-					c = fgetc(fp);
-					kdeinitenviron[pos] = c;
-					pos++;
-					if (c == 0) {
-						TQString curEnvLine = kdeinitenviron;
-						if (curEnvLine.startsWith("PATH=")) {
-							kdeinitEnvironment = curEnvLine.mid(5);
-						}
-						pos = 0;
-					}
-				} while ((c != EOF) && (pos < 8192));
-				fclose (fp);
-			}
-			kdeinitenviron[8191] = 0;
-
-#ifdef DEBUG
-			printf("Called executable name is: %s\n\r", kdeinitCommand.ascii());
-			printf("Environment is: %s\n\r", kdeinitEnvironment.ascii());
-#endif
-
-			if ((kdeinitCommand == "kdesktop [kdeinit]") && (kdeinitEnvironment.startsWith(KDE_BINDIR))) {
-				authorized = true;
-			}
-			else {
-				return 4;
-			}
-		}
-		else {
-			printf("Unauthorized calling process detected\n\r");
-			return 3;
-		}
-
-		if (authorized == true) {
-			// OK, the calling process is authorized to retrieve SAK data
-			// First, flush the buffer
-			mPipe_fd = open(FIFO_FILE, O_RDWR | O_NONBLOCK);
-			numread = 1;
-			while (numread > 0) {
-				numread = read(mPipe_fd, readbuf, 128);
-			}
-			// Now wait for SAK press
-			mPipe_fd = open(FIFO_FILE, O_RDWR);
-			if (mPipe_fd > -1) {
-				numread = read(mPipe_fd, readbuf, 128);
-				readbuf[numread] = 0;
-				readbuf[127] = 0;
-				close(mPipe_fd);
-				if (strcmp(readbuf, "SAK\n\r") == 0) {
-					return 0;
-				}
-				else {
-					return 1;
-				}
-			}
-			return 6;
-		}
-	}
-
-	return 5;
+	return tde_sak_verify_calling_process();
 }
\ No newline at end of file
diff --git a/kdmlib/kdmtsak.h b/kdmlib/kdmtsak.h
new file mode 100644
index 000000000..171bece0b
--- /dev/null
+++ b/kdmlib/kdmtsak.h
@@ -0,0 +1,166 @@
+/*
+   This file is part of the TDE project
+   Copyright (C) 2011 Timothy Pearson <kb9vqf@pearsoncomputing.net>
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public License
+   along with this library; see the file COPYING.LIB.  If not, write to
+   the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA 02110-1301, USA.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <dirent.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/select.h>
+#include <sys/time.h>
+#include <termios.h>
+#include <signal.h>
+
+#include <tqstring.h>
+
+#include "config.h"
+
+#define FIFO_FILE "/tmp/ksocket-global/tsak"
+
+// #define DEBUG
+
+inline int tde_sak_verify_calling_process()
+{
+	int mPipe_fd;
+	char readbuf[128];
+	int numread;
+	bool authorized = false;
+
+	pid_t parentproc = getppid();
+#ifdef DEBUG
+	printf("Parent pid is: %d\n\r", parentproc);
+#endif
+
+	char parentexecutable[8192];
+	TQString procparent = TQString("/proc/%1/exe").arg(parentproc);
+	int chars = readlink(procparent.ascii(), parentexecutable, sizeof(parentexecutable));
+	parentexecutable[chars] = 0;
+	parentexecutable[8191] = 0;
+	procparent = parentexecutable;
+#ifdef DEBUG
+	printf("Parent executable name and full path is: %s\n\r", procparent.ascii());
+#endif
+
+	TQString tdeBinaryPath = TQString(KDE_BINDIR "/");
+#ifdef DEBUG
+	printf("The TDE binary path is: %s\n\r", tdeBinaryPath.ascii());
+#endif
+
+	if (!procparent.startsWith(tdeBinaryPath)) {
+		printf("Unauthorized path detected in calling process\n\r");
+		return 2;
+	}
+	else {
+		procparent = procparent.mid(tdeBinaryPath.length());
+#ifdef DEBUG
+		printf("Parent executable name is: %s\n\r", procparent.ascii());
+#endif
+		if ((procparent == "kdesktop") || (procparent == "kdesktop_lock") || (procparent == "kdm")) {
+			authorized = true;
+		}
+		else if (procparent == "kdeinit") {
+			printf("kdeinit detected\n\r");
+			// A bit more digging is needed to see if this is an authorized process or not
+			// Get the kdeinit command
+			char kdeinitcmdline[8192];
+			FILE *fp = fopen(TQString("/proc/%1/cmdline").arg(parentproc).ascii(),"r");
+			if (fp != NULL) {
+				if (fgets (kdeinitcmdline, 8192, fp) != NULL)
+				fclose (fp);
+			}
+			kdeinitcmdline[8191] = 0;
+			TQString kdeinitCommand = kdeinitcmdline;
+
+			// Also get the environment, specifically the path
+			TQString kdeinitEnvironment;
+			char kdeinitenviron[8192];
+			fp = fopen(TQString("/proc/%1/environ").arg(parentproc).ascii(),"r");
+			if (fp != NULL) {
+				int c;
+				int pos = 0;
+				do {
+					c = fgetc(fp);
+					kdeinitenviron[pos] = c;
+					pos++;
+					if (c == 0) {
+						TQString curEnvLine = kdeinitenviron;
+						if (curEnvLine.startsWith("PATH=")) {
+							kdeinitEnvironment = curEnvLine.mid(5);
+						}
+						pos = 0;
+					}
+				} while ((c != EOF) && (pos < 8192));
+				fclose (fp);
+			}
+			kdeinitenviron[8191] = 0;
+
+#ifdef DEBUG
+			printf("Called executable name is: %s\n\r", kdeinitCommand.ascii());
+			printf("Environment is: %s\n\r", kdeinitEnvironment.ascii());
+#endif
+
+			if ((kdeinitCommand == "kdesktop [kdeinit]") && (kdeinitEnvironment.startsWith(KDE_BINDIR))) {
+				authorized = true;
+			}
+			else {
+				return 4;
+			}
+		}
+		else {
+			printf("Unauthorized calling process detected\n\r");
+			return 3;
+		}
+
+		if (authorized == true) {
+			// OK, the calling process is authorized to retrieve SAK data
+			// First, flush the buffer
+			mPipe_fd = open(FIFO_FILE, O_RDWR | O_NONBLOCK);
+			numread = 1;
+			while (numread > 0) {
+				numread = read(mPipe_fd, readbuf, 128);
+			}
+			// Now wait for SAK press
+			mPipe_fd = open(FIFO_FILE, O_RDWR);
+			if (mPipe_fd > -1) {
+				numread = read(mPipe_fd, readbuf, 128);
+				readbuf[numread] = 0;
+				readbuf[127] = 0;
+				close(mPipe_fd);
+				if (strcmp(readbuf, "SAK\n\r") == 0) {
+					return 0;
+				}
+				else {
+					return 1;
+				}
+			}
+			return 6;
+		}
+	}
+
+	return 5;
+}
+
+#undef FIFO_FILE
+#undef DEBUG
\ No newline at end of file
-- 
cgit v1.2.3