You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
425 lines
11 KiB
425 lines
11 KiB
/*
|
|
*
|
|
* This file is part of the KDE project, module tdesu.
|
|
* Copyright (C) 1999,2000 Geert Jansen <jansen@kde.org>
|
|
*
|
|
*
|
|
* tdesud.cpp: TDE su daemon. Offers "keep password" functionality to TDE su.
|
|
*
|
|
* The socket $TDEHOME/socket-$(HOSTNAME)/tdesud_$(display) is used for communication with
|
|
* client programs.
|
|
*
|
|
* The protocol: Client initiates the connection. All commands and responses
|
|
* are terminated by a newline.
|
|
*
|
|
* Client Server Description
|
|
* ------ ------ -----------
|
|
*
|
|
* PASS <pass> <timeout> OK Set password for commands in
|
|
* this session. Password is
|
|
* valid for <timeout> seconds.
|
|
*
|
|
* USER <user> OK Set the target user [required]
|
|
*
|
|
* EXEC <command> OK Execute command <command>. If
|
|
* NO <command> has been executed
|
|
* before (< timeout) no PASS
|
|
* command is needed.
|
|
*
|
|
* DEL <command> OK Delete password for command
|
|
* NO <command>.
|
|
*
|
|
* PING OK Ping the server (diagnostics).
|
|
*/
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <ctype.h>
|
|
#include <string.h>
|
|
#include <stdarg.h>
|
|
#include <signal.h>
|
|
#include <pwd.h>
|
|
#include <errno.h>
|
|
|
|
#if !defined(__OpenBSD__) && !defined(__FreeBSD__) && !defined(__NetBSD__) &&\
|
|
!defined(Q_OS_SOLARIS)
|
|
#include <sys/prctl.h>
|
|
#endif
|
|
#include <sys/time.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/un.h>
|
|
#include <sys/resource.h>
|
|
#include <sys/wait.h>
|
|
#ifdef HAVE_SYS_SELECT_H
|
|
#include <sys/select.h> // Needed on some systems.
|
|
#endif
|
|
|
|
#include <tqptrvector.h>
|
|
#include <tqfile.h>
|
|
#include <tqregexp.h>
|
|
|
|
#include <kinstance.h>
|
|
#include <kdebug.h>
|
|
#include <tdelocale.h>
|
|
#include <tdecmdlineargs.h>
|
|
#include <kstandarddirs.h>
|
|
#include <tdeaboutdata.h>
|
|
#include <tdesu/client.h>
|
|
#include <tdesu/defaults.h>
|
|
#include <ksockaddr.h>
|
|
|
|
#include "repo.h"
|
|
#include "handler.h"
|
|
|
|
#include <X11/X.h>
|
|
#include <X11/Xlib.h>
|
|
|
|
#ifndef SUN_LEN
|
|
#define SUN_LEN(ptr) ((kde_socklen_t) (((struct sockaddr_un *) 0)->sun_path) \
|
|
+ strlen ((ptr)->sun_path))
|
|
#endif
|
|
|
|
#define ERR strerror(errno)
|
|
|
|
// Globals
|
|
|
|
Repository *repo;
|
|
const char *Version = "1.01";
|
|
TQCString sock;
|
|
Display *x11Display;
|
|
int pipeOfDeath[2];
|
|
|
|
|
|
void tdesud_cleanup()
|
|
{
|
|
unlink(sock);
|
|
}
|
|
|
|
|
|
// Borrowed from tdebase/kaudio/kaudioserver.cpp
|
|
|
|
extern "C" int xio_errhandler(Display *);
|
|
|
|
int xio_errhandler(Display *)
|
|
{
|
|
kdError(1205) << "Fatal IO error, exiting...\n";
|
|
tdesud_cleanup();
|
|
exit(1);
|
|
return 1; //silence compilers
|
|
}
|
|
|
|
int initXconnection()
|
|
{
|
|
x11Display = XOpenDisplay(NULL);
|
|
if (x11Display != 0L)
|
|
{
|
|
XSetIOErrorHandler(xio_errhandler);
|
|
XCreateSimpleWindow(x11Display, DefaultRootWindow(x11Display),
|
|
0, 0, 1, 1, 0,
|
|
BlackPixelOfScreen(DefaultScreenOfDisplay(x11Display)),
|
|
BlackPixelOfScreen(DefaultScreenOfDisplay(x11Display)));
|
|
return XConnectionNumber(x11Display);
|
|
} else
|
|
{
|
|
kdWarning(1205) << "Can't connect to the X Server.\n";
|
|
kdWarning(1205) << "Might not terminate at end of session.\n";
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
extern "C" {
|
|
void signal_exit(int);
|
|
void sigchld_handler(int);
|
|
}
|
|
|
|
void signal_exit(int sig)
|
|
{
|
|
kdDebug(1205) << "Exiting on signal " << sig << "\n";
|
|
tdesud_cleanup();
|
|
exit(1);
|
|
}
|
|
|
|
void sigchld_handler(int)
|
|
{
|
|
char c = ' ';
|
|
write(pipeOfDeath[1], &c, 1);
|
|
}
|
|
|
|
/**
|
|
* Creates an AF_UNIX socket in socket resource, mode 0600.
|
|
*/
|
|
|
|
int create_socket()
|
|
{
|
|
int sockfd;
|
|
ksocklen_t addrlen;
|
|
struct stat s;
|
|
|
|
TQCString display(getenv("DISPLAY"));
|
|
if (display.isEmpty())
|
|
{
|
|
kdWarning(1205) << "$DISPLAY is not set\n";
|
|
return -1;
|
|
}
|
|
|
|
// strip the screen number from the display
|
|
display.replace(TQRegExp("\\.[0-9]+$"), "");
|
|
|
|
sock = TQFile::encodeName(locateLocal("socket", TQString("tdesud_%1").arg(static_cast<const char *>(display))));
|
|
int stat_err=lstat(sock, &s);
|
|
if(!stat_err && S_ISLNK(s.st_mode)) {
|
|
kdWarning(1205) << "Someone is running a symlink attack on you\n";
|
|
if(unlink(sock)) {
|
|
kdWarning(1205) << "Could not delete symlink\n";
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
if (!access(sock, R_OK|W_OK))
|
|
{
|
|
TDEsuClient client;
|
|
if (client.ping() == -1)
|
|
{
|
|
kdWarning(1205) << "stale socket exists\n";
|
|
if (unlink(sock))
|
|
{
|
|
kdWarning(1205) << "Could not delete stale socket\n";
|
|
return -1;
|
|
}
|
|
} else
|
|
{
|
|
kdWarning(1205) << "tdesud is already running\n";
|
|
return -1;
|
|
}
|
|
|
|
}
|
|
|
|
sockfd = socket(PF_UNIX, SOCK_STREAM, 0);
|
|
if (sockfd < 0)
|
|
{
|
|
kdError(1205) << "socket(): " << ERR << "\n";
|
|
return -1;
|
|
}
|
|
|
|
struct sockaddr_un addr;
|
|
addr.sun_family = AF_UNIX;
|
|
strncpy(addr.sun_path, sock, sizeof(addr.sun_path)-1);
|
|
addr.sun_path[sizeof(addr.sun_path)-1] = '\000';
|
|
addrlen = SUN_LEN(&addr);
|
|
if (bind(sockfd, (struct sockaddr *)&addr, addrlen) < 0)
|
|
{
|
|
kdError(1205) << "bind(): " << ERR << "\n";
|
|
return -1;
|
|
}
|
|
|
|
struct linger lin;
|
|
lin.l_onoff = lin.l_linger = 0;
|
|
if (setsockopt(sockfd, SOL_SOCKET, SO_LINGER, (char *) &lin,
|
|
sizeof(linger)) < 0)
|
|
{
|
|
kdError(1205) << "setsockopt(SO_LINGER): " << ERR << "\n";
|
|
return -1;
|
|
}
|
|
|
|
int opt = 1;
|
|
if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char *) &opt,
|
|
sizeof(opt)) < 0)
|
|
{
|
|
kdError(1205) << "setsockopt(SO_REUSEADDR): " << ERR << "\n";
|
|
return -1;
|
|
}
|
|
opt = 1;
|
|
if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt,
|
|
sizeof(opt)) < 0)
|
|
{
|
|
kdError(1205) << "setsockopt(SO_KEEPALIVE): " << ERR << "\n";
|
|
return -1;
|
|
}
|
|
chmod(sock, 0600);
|
|
return sockfd;
|
|
}
|
|
|
|
|
|
/**
|
|
* Main program
|
|
*/
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
#if !defined(__OpenBSD__) && !defined(__FreeBSD__) && !defined(__NetBSD__) &&\
|
|
!defined(Q_OS_SOLARIS)
|
|
prctl(PR_SET_DUMPABLE, 0);
|
|
#endif
|
|
|
|
TDEAboutData aboutData("tdesud", I18N_NOOP("TDE su daemon"),
|
|
Version, I18N_NOOP("Daemon used by tdesu"),
|
|
TDEAboutData::License_Artistic,
|
|
"Copyright (c) 1999,2000 Geert Jansen");
|
|
aboutData.addAuthor("Geert Jansen", I18N_NOOP("Author"),
|
|
"jansen@kde.org", "http://www.stack.nl/~geertj/");
|
|
TDECmdLineArgs::init(argc, argv, &aboutData);
|
|
TDEInstance instance(&aboutData);
|
|
|
|
// Set core dump size to 0
|
|
struct rlimit rlim;
|
|
rlim.rlim_cur = rlim.rlim_max = 0;
|
|
if (setrlimit(RLIMIT_CORE, &rlim) < 0)
|
|
{
|
|
kdError(1205) << "setrlimit(): " << ERR << "\n";
|
|
exit(1);
|
|
}
|
|
|
|
// Create the Unix socket.
|
|
int sockfd = create_socket();
|
|
if (sockfd < 0)
|
|
exit(1);
|
|
if (listen(sockfd, 1) < 0)
|
|
{
|
|
kdError(1205) << "listen(): " << ERR << "\n";
|
|
tdesud_cleanup();
|
|
exit(1);
|
|
}
|
|
int maxfd = sockfd;
|
|
|
|
// Ok, we're accepting connections. Fork to the background.
|
|
pid_t pid = fork();
|
|
if (pid == -1)
|
|
{
|
|
kdError(1205) << "fork():" << ERR << "\n";
|
|
tdesud_cleanup();
|
|
exit(1);
|
|
}
|
|
if (pid)
|
|
exit(0);
|
|
|
|
// Make sure we exit when the display gets closed.
|
|
int x11Fd = initXconnection();
|
|
maxfd = TQMAX(maxfd, x11Fd);
|
|
|
|
repo = new Repository;
|
|
TQPtrVector<ConnectionHandler> handler;
|
|
handler.setAutoDelete(true);
|
|
|
|
pipe(pipeOfDeath);
|
|
maxfd = TQMAX(maxfd, pipeOfDeath[0]);
|
|
|
|
// Signal handlers
|
|
struct sigaction sa;
|
|
sa.sa_handler = signal_exit;
|
|
sigemptyset(&sa.sa_mask);
|
|
sa.sa_flags = 0;
|
|
sigaction(SIGHUP, &sa, 0L);
|
|
sigaction(SIGINT, &sa, 0L);
|
|
sigaction(SIGTERM, &sa, 0L);
|
|
sigaction(SIGQUIT, &sa, 0L);
|
|
|
|
sa.sa_handler = sigchld_handler;
|
|
sa.sa_flags = SA_NOCLDSTOP;
|
|
sigaction(SIGCHLD, &sa, 0L);
|
|
sa.sa_handler = SIG_IGN;
|
|
sigaction(SIGPIPE, &sa, 0L);
|
|
|
|
// Main execution loop
|
|
|
|
ksocklen_t addrlen;
|
|
struct sockaddr_un clientname;
|
|
|
|
fd_set tmp_fds, active_fds;
|
|
FD_ZERO(&active_fds);
|
|
FD_SET(sockfd, &active_fds);
|
|
FD_SET(pipeOfDeath[0], &active_fds);
|
|
if (x11Fd != -1)
|
|
FD_SET(x11Fd, &active_fds);
|
|
|
|
while (1)
|
|
{
|
|
tmp_fds = active_fds;
|
|
if(x11Display)
|
|
XFlush(x11Display);
|
|
if (select(maxfd+1, &tmp_fds, 0L, 0L, 0L) < 0)
|
|
{
|
|
if (errno == EINTR) continue;
|
|
|
|
kdError(1205) << "select(): " << ERR << "\n";
|
|
exit(1);
|
|
}
|
|
repo->expire();
|
|
for (int i=0; i<=maxfd; i++)
|
|
{
|
|
if (!FD_ISSET(i, &tmp_fds))
|
|
continue;
|
|
|
|
if (i == pipeOfDeath[0])
|
|
{
|
|
char buf[101];
|
|
read(pipeOfDeath[0], buf, 100);
|
|
pid_t result;
|
|
do
|
|
{
|
|
int status;
|
|
result = waitpid((pid_t)-1, &status, WNOHANG);
|
|
if (result > 0)
|
|
{
|
|
for(int j=handler.size(); j--;)
|
|
{
|
|
if (handler[j] && (handler[j]->m_pid == result))
|
|
{
|
|
handler[j]->m_exitCode = WEXITSTATUS(status);
|
|
handler[j]->m_hasExitCode = true;
|
|
handler[j]->sendExitCode();
|
|
handler[j]->m_pid = 0;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
while(result > 0);
|
|
}
|
|
|
|
if (i == x11Fd)
|
|
{
|
|
// Discard X events
|
|
XEvent event_return;
|
|
if (x11Display)
|
|
while(XPending(x11Display))
|
|
XNextEvent(x11Display, &event_return);
|
|
continue;
|
|
}
|
|
|
|
if (i == sockfd)
|
|
{
|
|
// Accept new connection
|
|
int fd;
|
|
addrlen = 64;
|
|
fd = accept(sockfd, (struct sockaddr *) &clientname, &addrlen);
|
|
if (fd < 0)
|
|
{
|
|
kdError(1205) << "accept():" << ERR << "\n";
|
|
continue;
|
|
}
|
|
if (fd+1 > (int) handler.size())
|
|
handler.resize(fd+1);
|
|
handler.insert(fd, new ConnectionHandler(fd));
|
|
maxfd = TQMAX(maxfd, fd);
|
|
FD_SET(fd, &active_fds);
|
|
continue;
|
|
}
|
|
|
|
// handle alreay established connection
|
|
if (handler[i] && handler[i]->handle() < 0)
|
|
{
|
|
handler.remove(i);
|
|
FD_CLR(i, &active_fds);
|
|
}
|
|
}
|
|
}
|
|
kdWarning(1205) << "???\n";
|
|
}
|
|
|