runtime/kdesu/kdesud/kdesud.cpp

   1 /* vi: ts=8 sts=4 sw=4
   2  *
   3  * This file is part of the KDE project, module kdesu.
   4  * Copyright (C) 1999,2000 Geert Jansen <jansen@kde.org>
   5  *
   6  *
   7  * kdesud.cpp: KDE su daemon. Offers "keep password" functionality to kde su.
   8  *
   9  * The socket $KDEHOME/socket-$(HOSTNAME)/kdesud_$(display) is used for communication with
  10  * client programs.
  11  *
  12  * The protocol: Client initiates the connection. All commands and responses
  13  * are terminated by a newline.
  14  *
  15  *   Client                     Server     Description
  16  *   ------                     ------     -----------
  17  *
  18  *   PASS <pass> <timeout>      OK         Set password for commands in
  19  *                                         this session. Password is
  20  *                                         valid for <timeout> seconds.
  21  *
  22  *   USER <user>                OK         Set the target user [required]
  23  *
  24  *   EXEC <command>             OK         Execute command <command>. If
  25  *                              NO         <command> has been executed
  26  *                                         before (< timeout) no PASS
  27  *                                         command is needed.
  28  *
  29  *   DEL <command>              OK         Delete password for command
  30  *                              NO         <command>.
  31  *
  32  *   PING                       OK         Ping the server (diagnostics).
  33  */
  34
  35
  36 #include <config-runtime.h>
  37
  38 #include <stdio.h>
  39 #include <stdlib.h>
  40 #include <unistd.h>
  41 #include <ctype.h>
  42 #include <string.h>
  43 #include <stdarg.h>
  44 #include <signal.h>
  45 #include <pwd.h>
  46 #include <errno.h>
  47
  48 #include <sys/time.h>
  49 #include <sys/stat.h>
  50 #include <sys/types.h>
  51 #include <sys/socket.h>
  52 #include <sys/un.h>
  53 #include <sys/resource.h>
  54 #include <sys/wait.h>
  55 #ifdef HAVE_SYS_SELECT_H
  56 #include <sys/select.h>                // Needed on some systems.
  57 #endif
  58
  59 #include <QVector>
  60 #include <QFile>
  61 #include <QRegExp>
  62 #include <QByteArray>
  63
  64 #include <kcomponentdata.h>
  65 #include <kdebug.h>
  66 #include <klocale.h>
  67 #include <kcmdlineargs.h>
  68 #include <kstandarddirs.h>
  69 #include <kaboutdata.h>
  70 #include <kdesu/client.h>
  71 #include <kdesu/defaults.h>
  72
  73 #include "repo.h"
  74 #include "handler.h"
  75
  76 #ifdef Q_WS_X11
  77 #include <X11/X.h>
  78 #include <X11/Xlib.h>
  79 #endif
  80
  81 #ifndef SUN_LEN
  82 #define SUN_LEN(ptr) ((kde_socklen_t) (((struct sockaddr_un *) 0)->sun_path) \
  83                      + strlen ((ptr)->sun_path))
  84 #endif
  85
  86 #define ERR strerror(errno)
  87
  88
  89 using namespace KDESu;
  90
  91 // Globals
  92
  93 Repository *repo;
  94 const char *Version = "1.01";
  95 QByteArray sock;
  96 #ifdef Q_WS_X11
  97 Display *x11Display;
  98 #endif
  99 int pipeOfDeath[2];
 100
 101 // FIXME: This is just here to make it compile
 102 // It would be better to fix it more globally (Caleb Tennis)
 103 typedef unsigned ksocklen_t;
 104
 105 void kdesud_cleanup()
 106 {
 107     unlink(sock);
 108 }
 109
 110
 111 // Borrowed from kdebase/kaudio/kaudioserver.cpp
 112
 113 #ifdef Q_WS_X11
 114 extern "C" int xio_errhandler(Display *);
 115
 116 int xio_errhandler(Display *)
 117 {
 118     kError(1205) << "Fatal IO error, exiting...\n";
 119     kdesud_cleanup();
 120     exit(1);
 121     return 1;  //silence compilers
 122 }
 123
 124 int initXconnection()
 125 {
 126     x11Display = XOpenDisplay(NULL);
 127     if (x11Display != 0L)
 128     {
 129         XSetIOErrorHandler(xio_errhandler);
 130         XCreateSimpleWindow(x11Display, DefaultRootWindow(x11Display),
 131                 0, 0, 1, 1, 0,
 132                 BlackPixelOfScreen(DefaultScreenOfDisplay(x11Display)),
 133                 BlackPixelOfScreen(DefaultScreenOfDisplay(x11Display)));
 134         return XConnectionNumber(x11Display);
 135     } else
 136     {
 137         kWarning(1205) << "Can't connect to the X Server.\n";
 138         kWarning(1205) << "Might not terminate at end of session.\n";
 139         return -1;
 140     }
 141 }
 142 #endif
 143
 144 extern "C" {
 145   void signal_exit(int);
 146   void sigchld_handler(int);
 147 }
 148
 149 void signal_exit(int sig)
 150 {
 151     kDebug(1205) << "Exiting on signal " << sig << "\n";
 152     kdesud_cleanup();
 153     exit(1);
 154 }
 155
 156 void sigchld_handler(int)
 157 {
 158     char c = ' ';
 159     write(pipeOfDeath[1], &c, 1);
 160 }
 161
 162 /**
 163  * Creates an AF_UNIX socket in socket resource, mode 0600.
 164  */
 165
 166 int create_socket()
 167 {
 168     int sockfd;
 169     ksocklen_t addrlen;
 170     struct stat s;
 171
 172     QString display = QString::fromAscii(getenv("DISPLAY"));
 173     if (display.isEmpty())
 174     {
 175         kWarning(1205) << "$DISPLAY is not set\n";
 176         return -1;
 177     }
 178
 179     // strip the screen number from the display
 180     display.replace(QRegExp("\\.[0-9]+$"), "");
 181
 182     sock = QFile::encodeName(KStandardDirs::locateLocal("socket", QString("kdesud_%1").arg(display)));
 183     int stat_err=lstat(sock, &s);
 184     if(!stat_err && S_ISLNK(s.st_mode)) {
 185         kWarning(1205) << "Someone is running a symlink attack on you\n";
 186         if(unlink(sock)) {
 187             kWarning(1205) << "Could not delete symlink\n";
 188             return -1;
 189         }
 190     }
 191
 192     if (!access(sock, R_OK|W_OK))
 193     {
 194         KDEsuClient client;
 195         if (client.ping() == -1)
 196         {
 197             kWarning(1205) << "stale socket exists\n";
 198             if (unlink(sock))
 199             {
 200                 kWarning(1205) << "Could not delete stale socket\n";
 201                 return -1;
 202             }
 203         } else
 204         {
 205             kWarning(1205) << "kdesud is already running\n";
 206             return -1;
 207         }
 208
 209     }
 210
 211     sockfd = socket(PF_UNIX, SOCK_STREAM, 0);
 212     if (sockfd < 0)
 213     {
 214         kError(1205) << "socket(): " << ERR << "\n";
 215         return -1;
 216     }
 217
 218     struct sockaddr_un addr;
 219     addr.sun_family = AF_UNIX;
 220     strncpy(addr.sun_path, sock, sizeof(addr.sun_path)-1);
 221     addr.sun_path[sizeof(addr.sun_path)-1] = '\000';
 222     addrlen = SUN_LEN(&addr);
 223     if (bind(sockfd, (struct sockaddr *)&addr, addrlen) < 0)
 224     {
 225         kError(1205) << "bind(): " << ERR << "\n";
 226         return -1;
 227     }
 228
 229     struct linger lin;
 230     lin.l_onoff = lin.l_linger = 0;
 231     if (setsockopt(sockfd, SOL_SOCKET, SO_LINGER, (char *) &lin,
 232                    sizeof(linger)) < 0)
 233     {
 234         kError(1205) << "setsockopt(SO_LINGER): " << ERR << "\n";
 235         return -1;
 236     }
 237
 238     int opt = 1;
 239     if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char *) &opt,
 240                    sizeof(opt)) < 0)
 241     {
 242         kError(1205) << "setsockopt(SO_REUSEADDR): " << ERR << "\n";
 243         return -1;
 244     }
 245     opt = 1;
 246     if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt,
 247                    sizeof(opt)) < 0)
 248     {
 249         kError(1205) << "setsockopt(SO_KEEPALIVE): " << ERR << "\n";
 250         return -1;
 251     }
 252     chmod(sock, 0600);
 253     return sockfd;
 254 }
 255
 256
 257 /**
 258  * Main program
 259  */
 260
 261 int main(int argc, char *argv[])
 262 {
 263     KAboutData aboutData("kdesud", 0, ki18n("KDE su daemon"),
 264             Version, ki18n("Daemon used by kdesu"),
 265             KAboutData::License_Artistic,
 266             ki18n("Copyright (c) 1999,2000 Geert Jansen"));
 267     aboutData.addAuthor(ki18n("Geert Jansen"), ki18n("Author"),
 268             "jansen@kde.org", "http://www.stack.nl/~geertj/");
 269     KCmdLineArgs::init(argc, argv, &aboutData);
 270     KComponentData componentData(&aboutData);
 271
 272     // Set core dump size to 0
 273     struct rlimit rlim;
 274     rlim.rlim_cur = rlim.rlim_max = 0;
 275     if (setrlimit(RLIMIT_CORE, &rlim) < 0)
 276     {
 277         kError(1205) << "setrlimit(): " << ERR << "\n";
 278         exit(1);
 279     }
 280
 281     // Create the Unix socket.
 282     int sockfd = create_socket();
 283     if (sockfd < 0)
 284         exit(1);
 285     if (listen(sockfd, 1) < 0)
 286     {
 287         kError(1205) << "listen(): " << ERR << "\n";
 288         kdesud_cleanup();
 289         exit(1);
 290     }
 291     int maxfd = sockfd;
 292
 293     // Ok, we're accepting connections. Fork to the background.
 294     pid_t pid = fork();
 295     if (pid == -1)
 296     {
 297         kError(1205) << "fork():" << ERR << "\n";
 298         kdesud_cleanup();
 299         exit(1);
 300     }
 301     if (pid)
 302         exit(0);
 303
 304 #ifdef Q_WS_X11
 305     // Make sure we exit when the display gets closed.
 306     int x11Fd = initXconnection();
 307     maxfd = qMax(maxfd, x11Fd);
 308 #endif
 309
 310     repo = new Repository;
 311     QVector<ConnectionHandler *> handler;
 312
 313     pipe(pipeOfDeath);
 314     maxfd = qMax(maxfd, pipeOfDeath[0]);
 315
 316     // Signal handlers
 317     struct sigaction sa;
 318     sa.sa_handler = signal_exit;
 319     sigemptyset(&sa.sa_mask);
 320     sa.sa_flags = 0;
 321     sigaction(SIGHUP, &sa, 0L);
 322     sigaction(SIGINT, &sa, 0L);
 323     sigaction(SIGTERM, &sa, 0L);
 324     sigaction(SIGQUIT, &sa, 0L);
 325
 326     sa.sa_handler = sigchld_handler;
 327     sa.sa_flags = SA_NOCLDSTOP;
 328     sigaction(SIGCHLD, &sa, 0L);
 329     sa.sa_handler = SIG_IGN;
 330     sigaction(SIGPIPE, &sa, 0L);
 331
 332     // Main execution loop
 333
 334     ksocklen_t addrlen;
 335     struct sockaddr_un clientname;
 336
 337     fd_set tmp_fds, active_fds;
 338     FD_ZERO(&active_fds);
 339     FD_SET(sockfd, &active_fds);
 340     FD_SET(pipeOfDeath[0], &active_fds);
 341 #ifdef Q_WS_X11
 342     if (x11Fd != -1)
 343         FD_SET(x11Fd, &active_fds);
 344 #endif
 345
 346     while (1)
 347     {
 348         tmp_fds = active_fds;
 349 #ifdef Q_WS_X11
 350         if(x11Display)
 351             XFlush(x11Display);
 352 #endif
 353         if (select(maxfd+1, &tmp_fds, 0L, 0L, 0L) < 0)
 354         {
 355             if (errno == EINTR) continue;
 356
 357             kError(1205) << "select(): " << ERR << "\n";
 358             exit(1);
 359         }
 360         repo->expire();
 361         for (int i=0; i<=maxfd; i++)
 362         {
 363             if (!FD_ISSET(i, &tmp_fds))
 364                 continue;
 365
 366             if (i == pipeOfDeath[0])
 367             {
 368                 char buf[101];
 369                 read(pipeOfDeath[0], buf, 100);
 370                 pid_t result;
 371                 do
 372                 {
 373                     int status;
 374                     result = waitpid((pid_t)-1, &status, WNOHANG);
 375                     if (result > 0)
 376                     {
 377                         for(int j=handler.size(); j--;)
 378                         {
 379                             if (handler[j] && (handler[j]->m_pid == result))
 380                             {
 381                                 handler[j]->m_exitCode = WEXITSTATUS(status);
 382                                 handler[j]->m_hasExitCode = true;
 383                                 handler[j]->sendExitCode();
 384                                 handler[j]->m_pid = 0;
 385                                 break;
 386                             }
 387                         }
 388                     }
 389                 }
 390                 while(result > 0);
 391             }
 392
 393 #ifdef Q_WS_X11
 394             if (i == x11Fd)
 395             {
 396                 // Discard X events
 397                 XEvent event_return;
 398                 if (x11Display)
 399                     while(XPending(x11Display))
 400                         XNextEvent(x11Display, &event_return);
 401                 continue;
 402             }
 403 #endif
 404
 405             if (i == sockfd)
 406             {
 407                 // Accept new connection
 408                 int fd;
 409                 addrlen = 64;
 410                 fd = accept(sockfd, (struct sockaddr *) &clientname, &addrlen);
 411                 if (fd < 0)
 412                 {
 413                     kError(1205) << "accept():" << ERR << "\n";
 414                     continue;
 415                 }
 416                 while (fd+1 > (int) handler.size())
 417                     handler.append(0);
 418                 delete handler[fd];
 419                 handler[fd] = new ConnectionHandler(fd);
 420                 maxfd = qMax(maxfd, fd);
 421                 FD_SET(fd, &active_fds);
 422                 continue;
 423             }
 424
 425             // handle already established connection
 426             if (handler[i] && handler[i]->handle() < 0)
 427             {
 428                 delete handler[i];
 429                 handler[i] = 0;
 430                 FD_CLR(i, &active_fds);
 431             }
 432         }
 433     }
 434     kWarning(1205) << "???\n";
 435 }
 436