From kde-core-devel Sat Dec 30 14:52:11 2000 From: Christian Esken Date: Sat, 30 Dec 2000 14:52:11 +0000 To: kde-core-devel Subject: AFS support for kscreensaver / kcheckpass X-MARC-Message: https://marc.info/?l=kde-core-devel&m=97819053124263 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--------------Boundary-00=_ZMYDBPM5XP0K4TYDY69E" --------------Boundary-00=_ZMYDBPM5XP0K4TYDY69E Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Hi, I received the following patch to support AFS tokens in the KDE screensaver - without this support users of AFS auth cannot unlock the screen. It would be good if somebody could review the patch looking for security flaws. I especially think of the KDE_PAM_ACTION environment variable. I don not see anything bad, but it would be nice if somebody with PAM or AFS knowledge would review the patch in terms of a possible compromise of security. Christian -- Is Unix ready for the desktop? See http://www.kde.org The Christian Esken |/ Desktop KDE Developer |\ Environment esken@kde.org KDE - The net transparent free Unix Desktop for everyone --------------Boundary-00=_ZMYDBPM5XP0K4TYDY69E Content-Type: text/x-c; charset="iso-8859-1"; name="kdebase-auth.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="kdebase-auth.patch" LS0tIGtkZWJhc2UtMS45NC5vcmlnL2tjaGVja3Bhc3Mva2NoZWNrcGFzcy5jCU1vbiBKdWwgMjQg MTA6MjM6MTAgMjAwMAorKysga2RlYmFzZS0xLjk0L2tjaGVja3Bhc3Mva2NoZWNrcGFzcy5jCVR1 ZSBPY3QgIDMgMDk6MDQ6MjIgMjAwMApAQCAtNTcsMTQgKzU3LDIzIEBACiAjaW5jbHVkZSA8ZXJy bm8uaD4KICNpbmNsdWRlIDx0aW1lLmg+CiAKKy8qIERlZmluZSB0aGlzIGlmIHlvdSB3YW50IHRo ZSBwYW0gc2VydmljZSBmcm9tIAorICAgdGhlIGVudmlyb25tZW50IHZhcmlhYmxlICovCisjZGVm aW5lIEFDQ0VQVF9FTlYgICAKIC8qIERlZmluZSB0aGlzIGlmIHlvdSB3YW50IGtjaGVja3Bhc3Mg dG8gYWNjZXB0IG9wdGlvbnMKICAqIChUaGV5IGRvbid0IGRvIGFueXRoaW5nIHVzZWZ1bCByaWdo dCBub3cpICovCiAjdW5kZWYgQUNDRVBUX09QVElPTlMKKyNpZmRlZiBBQ0NFUFRfT1BUSU9OUwor I2lmZGVmIEFDQ0VQVF9FTlYKKyN1bmRlZiBBQ0NFUFRfRU5WCisjZW5kaWYKKyNlbmRpZgogCiAv KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioKICAqIFNldCB0byAxIGlmIHN0ZGluIGlzIGEgdHR5CiAgKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiovCiBzdGF0 aWMgaW50CWhhdmV0dHkgPSAwOworICAgICAgY2hhciBjYWxsZXJbMjBdID0gIiI7CiAjaWZkZWYg QUNDRVBUX09QVElPTlMKIHN0YXRpYyBpbnQJZGVidWcgPSAwOwogI2VuZGlmCkBAIC0xMTQsNyAr MTIzLDcgQEAKICAgICAgICAgICAiICAgICAgICAyIGNhbm5vdCByZWFkIHBhc3N3b3JkIGRhdGFi YXNlXG4iCiAJICAiICAgIEFueXRoaW5nIGVsc2UgdGVsbHMgeW91IHNvbWV0aGluZydzIGJhZGx5 IGhvc2VkLlxuIiwKICNpZmRlZiBBQ0NFUFRfT1BUSU9OUwotCSIgWy1kaF0iCisJIiBbLWRoXSBb LWMgY2FsbGVyXSIKICNlbHNlCiAJIiIKICNlbmRpZgpAQCAtMTI4LDEyICsxMzcsMTMgQEAKIGlu dAogbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3YpCiB7Ci0gIGNoYXIJCSpsb2dpbiwgcGFzc2J1 ZmZlclsxMDI0XSwgKnBhc3N3ZDsKKyAgY2hhcgkJKmxvZ2luLCBwYXNzYnVmZmVyWzEwMjRdLCAq cGFzc3dkLCpjYTsKICAgc3RydWN0IHBhc3N3ZAkqcHc7CiAgIGludAkJc3RhdHVzLCBjOwogICB1 aWRfdAkJdWlkOwogICBpbnQJCXBhc3NsZW47CiAKKwogICBvcGVubG9nKCJrY2hlY2twYXNzIiwg TE9HX1BJRCwgTE9HX0FVVEgpOwogCiAjaWZkZWYgSEFWRV9PU0ZfQzJfUEFTU1dECkBAIC0xNDcs NyArMTU3LDcgQEAKIAogICAgICAgaWYgKChuZmQgPSBvcGVuKCIvZGV2L251bGwiLCBPX1dST05M WSkpIDwgMCkgewogICAgICAgICBtZXNzYWdlKCJjYW5ub3Qgb3BlbiAvZGV2L251bGw6ICVzXG4i LCBzdHJlcnJvcihlcnJubykpOwotCWV4aXQoMTApOworICAgICAgICBleGl0KDEwKTsKICAgICAg IH0KICAgICAgIGlmIChjICE9IG5mZCkgewogCWR1cDIobmZkLCBjKTsKQEAgLTE1OSwyMyArMTY5 LDMzIEBACiAgIGhhdmV0dHkgPSBpc2F0dHkoMCk7CiAKICNpZm5kZWYgQUNDRVBUX09QVElPTlMK LSAgaWYgKGFyZ2MgIT0gMSkKLSAgICB1c2FnZSgxMCk7CisgIGlmIChhcmdjICE9IDEpIAorICAg IHVzYWdlKDEwKTsgCiAjZWxzZQotICB3aGlsZSAoKGMgPSBnZXRvcHQoYXJnYywgYXJndiwgImQi KSkgIT0gLTEpIHsKKyAgd2hpbGUgKChjID0gZ2V0b3B0KGFyZ2MsIGFyZ3YsICJkYzoiKSkgIT0g LTEpIHsKICAgICBzd2l0Y2ggKGMpIHsKICAgICBjYXNlICdkJzoKICAgICAgIGRlYnVnID0gMTsK ICAgICAgIGJyZWFrOworICAgIGNhc2UgJ2MnOgorICAgICAgc3RybmNweShjYWxsZXIsb3B0YXJn LDE5KTsgIAorICAgICAgY2FsbGVyWzE5XSA9ICdcMDAwJzsgIC8qIE1ha2Ugc3VyZSBjYWxsZXIg Y2FuIG5ldmVyIGJlIGxvbmdlciB0aGFuIDE5IGNoYXJhY3RlcnMgKi8KKyAgICAgIGJyZWFrOyAK ICAgICBjYXNlICdoJzoKLSAgICAgIHVzYWdlKDApOworICAgICAgdXNhZ2UoMCk7ICAgICAgCiAg ICAgZGVmYXVsdDoKICAgICAgIG1lc3NhZ2UoIlVua25vd24gb3B0aW9uICVjXG4iLCBjKTsKICAg ICAgIHVzYWdlKDEwKTsKICAgICB9CiAgIH0KICNlbmRpZgotCisjaWZkZWYgQUNDRVBUX0VOVgor ICBjYSA9IGdldGVudigiS0RFX1BBTV9BQ1RJT04iKTsKKyAgaWYgKGNhKSBzdHJuY3B5KGNhbGxl cixjYSwxOSk7CisgIGNhbGxlclsxOV0gPSAnXDAwMCc7ICAvKiBNYWtlIHN1cmUgY2FsbGVyIGNh biBuZXZlciBiZSBsb25nZXIgdGhhbiAxOSBjaGFyYWN0ZXJzICovCisgIHVuc2V0ZW52KCJLREVf UEFNX0FDVElPTiIpOworI2VuZGlmICAKKyAgCiAgIHVpZCA9IGdldHVpZCgpOwogICBpZiAoIShw dyA9IGdldHB3dWlkKHVpZCkpKSB7CiAgICAgbWVzc2FnZSgiVW5rbm93biB1c2VyICh1aWQgJWQp XG4iLCB1aWQpOwotLS0ga2RlYmFzZS0xLjk0Lm9yaWcva2NoZWNrcGFzcy9jaGVja3Bhc3NfcGFt LmMJU2F0IE1hciAgNiAwODo0MDo0OCAxOTk5CisrKyBrZGViYXNlLTEuOTQva2NoZWNrcGFzcy9j aGVja3Bhc3NfcGFtLmMJVHVlIE9jdCAgMyAwOTowMzowOSAyMDAwCkBAIC0xOCw2ICsxOCw3IEBA CiAjaW5jbHVkZSAia2NoZWNrcGFzcy5oIgogI2lmZGVmIEhBVkVfUEFNCiAKK2V4dGVybiAgY2hh ciBjYWxsZXJbMjBdOwogLyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqCiAgKiBUaGlzIGlzIHRoZSBhdXRoZW50aWNhdGlvbiBj b2RlIGlmIHlvdSB1c2UgUEFNCiAgKiBVZ2x5LCBidXQgcHJvdmVuIHRvIHdvcmsuCkBAIC0xMDIs MTcgKzEwMywzMiBAQAogewogICBwYW1faGFuZGxlX3QJKnBhbWg7CiAgIGludAkJcGFtX2Vycm9y OwotCisgIGNvbnN0IGNoYXIgKnR0eSA9ICI6MC4wIjsKKyAgY2hhciBrZGVfcGFtWzIwXSA9IEtE RV9QQU07CiAgIFBBTV91c2VybmFtZSA9IGxvZ2luOwogICBQQU1fcGFzc3dvcmQgPSBwYXNzd2Q7 Ci0KLSAgcGFtX2Vycm9yID0gcGFtX3N0YXJ0KEtERV9QQU0sIGxvZ2luLCAmUEFNX2NvbnZlcnNh dGlvbiwgJnBhbWgpOworICAKKyAgLyogSWYgdGhlIGNhbGxlciBpcyBrc2NyZWVuc2F2ZXIgdGhl biB1c2UgdGhlIGNvcnJlc3BvbmRpbmcgcGFtIG1vZHVsZSAqLworICBpZiAoICEgc3RybmNtcChj YWxsZXIsImtzY3JlZW5zYXZlciIsMTkpICApIHN0cm5jcHkoa2RlX3BhbSwia3NjcmVlbnNhdmVy IiwxOSk7IAorICAKKyAgcGFtX2Vycm9yID0gcGFtX3N0YXJ0KGtkZV9wYW0sIGxvZ2luLCAmUEFN X2NvbnZlcnNhdGlvbiwgJnBhbWgpOworICAKKyAgCisgIHBhbV9lcnJvciA9IHBhbV9zZXRfaXRl bSAocGFtaCwgUEFNX1RUWSwgc3RyZHVwKHR0eSkpOworICBwYW1fZXJyb3IgPSBwYW1fYXV0aGVu dGljYXRlKHBhbWgsIDApOwogICBpZiAocGFtX2Vycm9yICE9IFBBTV9TVUNDRVNTCiAgICAgICB8 fCAocGFtX2Vycm9yID0gcGFtX2F1dGhlbnRpY2F0ZShwYW1oLCAwKSkgIT0gUEFNX1NVQ0NFU1Mp IHsKICAgICBwYW1fZW5kKHBhbWgsIHBhbV9lcnJvcik7CiAgICAgcmV0dXJuIDA7CiAgIH0KLQor ICAvKiBTZXQgY3JlZGVudGlhbHMgKFlvdSBuZWVkIHRoaXMgZS5nLiBmb3IgQUZTICovCisgIHBh bV9lcnJvciA9IHBhbV9zZXRjcmVkKHBhbWgsIFBBTV9SRUZSRVNIX0NSRUQpOworICBpZiAocGFt X2Vycm9yICE9IFBBTV9TVUNDRVNTKSAgeworICAgIHBhbV9lbmQocGFtaCwgcGFtX2Vycm9yKTsK KyAgICByZXR1cm4gMDsKKyAgfQorICAKKyAKICAgcGFtX2VuZChwYW1oLCBQQU1fU1VDQ0VTUyk7 CiAgIHJldHVybiAxOwogfQotLS0ga2RlYmFzZS0xLjk0Lm9yaWcva2Rlc2t0b3AvbG9ja2VuZy5j YwlXZWQgQXVnIDE2IDAyOjU1OjIyIDIwMDAKKysrIGtkZWJhc2UtMS45NC9rZGVza3RvcC9sb2Nr ZW5nLmNjCVR1ZSBPY3QgIDMgMDk6MDU6MjUgMjAwMApAQCAtNSw3ICs1LDcgQEAKIC8vIENvcHly aWdodCAoYykgMTk5OSBNYXJ0aW4gUi4gSm9uZXMgPG1qb25lc0BrZGUub3JnPgogLy8KIAotCisj aW5jbHVkZSA8c3RkbGliLmg+CiAjaW5jbHVkZSA8cWJpdG1hcC5oPgogI2luY2x1ZGUgPHF0ZXh0 c3RyZWFtLmg+CiAKQEAgLTc0Nyw2ICs3NDcsMTIgQEAKIC8vCiAvLyBTdGFydHMgdGhlIGtjaGVj a3Bhc3MgcHJvY2VzcyB0byBjaGVjayB0aGUgdXNlcidzIHBhc3N3b3JkLgogLy8KKy8vIFNlcmdl IERyb3ogPHNlcmdlLmRyb3pAcHNvLmNoPiAxMC4yMDAwCisvLyBEZWZpbmUgQUNDRVBUX0VOViBp ZiB5b3Ugd2FudCB0byBwYXNzIGFuIGVudmlyb25tZW50IHZhcmlhYmxlIHRvCisvLyBrY2hlY2tw YXNzLiBEZWZpbmUgQUNDRVBUX0FSR1MgaWYgeW91IHdhbnQgdG8gcGFzcyBjb21tYW5kIGxpbmUg CisvLyBhcmd1bWVudHMgdG8ga2NoZWNrcGFzcworI2RlZmluZSBBQ0NFUFRfRU5WCisvLyNkZWZp bmUgQUNDRVBUX0FSR1MKIHZvaWQgU2F2ZXJFbmdpbmU6OnN0YXJ0Q2hlY2tQYXNzd29yZCgpCiB7 CiAgICAgY29uc3QgY2hhciAqcGFzc3dkID0gbVBhc3NEbGctPnBhc3N3b3JkKCkuYXNjaWkoKTsK QEAgLTc1NiwxNCArNzYyLDIyIEBACiAKICAgICAgICAgbVBhc3NQcm9jLmNsZWFyQXJndW1lbnRz KCk7CiAgICAgICAgIG1QYXNzUHJvYyA8PCBrY3BfYmluTmFtZTsKLQorICAgICAgICAjaWZkZWYg QUNDRVBUX0VOVgorICAgICAgICBzZXRlbnYoIktERV9QQU1fQUNUSU9OIiwia3NjcmVlbnNhdmVy IiwxKTsKKyAgICAgICAgI2VsaWYKKyAgICAgICAgI2lmZGVmIEFDQ0VQVF9BUkdTCisgICAgICAg IG1QYXNzUHJvYyA8PCAiLWMiIDw8ICJrc2NyZWVuc2F2ZXIiOworICAgICAgICAjZW5kaWYKKyAg ICAgICAgI2VuZGlmCiAgICAgICAgIGJvb2wgcmV0ID0gbVBhc3NQcm9jLnN0YXJ0KEtQcm9jZXNz OjpOb3RpZnlPbkV4aXQsIEtQcm9jZXNzOjpTdGRpbik7CisgICAgICAgICNpZm5kZWYgQUNDRVBU X0VOVgorICAgICAgICB1bnNldGVudigiS0RFX1BBTV9BQ1RJT04iKTsKKyAgICAgICAgI2VuZGlm IAogICAgICAgICBpZiAocmV0ID09IGZhbHNlKQogICAgICAgICB7CiAgICAgICAgICAgICBrZERl YnVnKDEyMDQpIDw8ICJrY2hlY2twYXNzIGZhaWxlZCB0byBzdGFydCIgPDwgZW5kbDsKICAgICAg ICAgICAgIHJldHVybjsKICAgICAgICAgfQotCiAgICAgICAgIC8vIHdyaXRlIFBhc3N3b3JkIHRv IHN0ZGluCiAgICAgICAgIG1QYXNzUHJvYy53cml0ZVN0ZGluKHBhc3N3ZCwgc3RybGVuKHBhc3N3 ZCkpOwogICAgICAgICBtUGFzc1Byb2MuY2xvc2VTdGRpbigpOwpkaWZmIC1OdSBrZGViYXNlLTEu OTQub3JpZy9rc2NyZWVuc2F2ZXIucGFtZCBrZGViYXNlLTEuOTQva3NjcmVlbnNhdmVyLnBhbWQK LS0tIGtkZWJhc2UtMS45NC5vcmlnL2tzY3JlZW5zYXZlci5wYW1kCVRodSBKYW4gIDEgMDE6MDA6 MDAgMTk3MAorKysga2RlYmFzZS0xLjk0L2tzY3JlZW5zYXZlci5wYW1kCVR1ZSBPY3QgIDMgMDk6 MDM6MDkgMjAwMApAQCAtMCwwICsxLDQgQEAKKyMlUEFNLTEuMAorYXV0aCAgICAgICBzdWZmaWNp ZW50ICAvbGliL3NlY3VyaXR5L3BhbV9saW51eF9hZnMuc28gaWdub3JlX3Jvb3QKKyNhdXRoICAg ICAgIHN1ZmZpY2llbnQgL2xpYi9zZWN1cml0eS9wYW1fbGludXhfYWZzLnNvIG5vX3VubG9nIGln bm9yZV9yb290CithdXRoICAgICAgIHJlcXVpcmVkICAgIC9saWIvc2VjdXJpdHkvcGFtX3B3ZGIu c28gc2hhZG93IG51bGxvawoA --------------Boundary-00=_ZMYDBPM5XP0K4TYDY69E--