From df875f725293af53399f5146362eb158b4f9216a Mon Sep 17 00:00:00 2001 From: Albert Astals Cid Date: Wed, 10 May 2017 10:03:45 +0200 Subject: Verify that whoever is calling us is actually who he says he is CVE-2017-8422 --- src/AuthBackend.cpp | 5 +++++ src/AuthBackend.h | 7 +++++++ src/backends/dbus/DBusHelperProxy.cpp | 27 +++++++++++++++++++++++++-- src/backends/dbus/DBusHelperProxy.h | 6 +++++- src/backends/policykit/PolicyKitBackend.cpp | 5 +++++ src/backends/policykit/PolicyKitBackend.h | 1 + src/backends/polkit-1/Polkit1Backend.cpp | 5 +++++ src/backends/polkit-1/Polkit1Backend.h | 1 + 8 files changed, 54 insertions(+), 3 deletions(-) diff --git a/src/AuthBackend.cpp b/src/AuthBackend.cpp index a41d4f1..a847494 100644 --- a/src/AuthBackend.cpp +++ b/src/AuthBackend.cpp @@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) d->capabilities = capabilities; } +AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const +{ + return NoExtraCallerIDVerificationMethod; +} + bool AuthBackend::actionExists(const QString &action) { Q_UNUSED(action); diff --git a/src/AuthBackend.h b/src/AuthBackend.h index c67a706..09195ef 100644 --- a/src/AuthBackend.h +++ b/src/AuthBackend.h @@ -43,6 +43,12 @@ public: }; Q_DECLARE_FLAGS(Capabilities, Capability) + enum ExtraCallerIDVerificationMethod { + NoExtraCallerIDVerificationMethod, + VerifyAgainstDBusServiceName, + VerifyAgainstDBusServicePid, + }; + AuthBackend(); virtual ~AuthBackend(); virtual void setupAction(const QString &action) = 0; @@ -50,6 +56,7 @@ public: virtual Action::AuthStatus authorizeAction(const QString &action) = 0; virtual Action::AuthStatus actionStatus(const QString &action) = 0; virtual QByteArray callerID() const = 0; + virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; virtual bool actionExists(const QString &action); diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp index 9c5cb96..3c1c108 100644 --- a/src/backends/dbus/DBusHelperProxy.cpp +++ b/src/backends/dbus/DBusHelperProxy.cpp @@ -235,6 +235,29 @@ bool DBusHelperProxy::hasToStopAction() return m_stopRequest; } +bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) +{ + // Check the caller is really who it says it is + switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { + case AuthBackend::NoExtraCallerIDVerificationMethod: + break; + + case AuthBackend::VerifyAgainstDBusServiceName: + if (message().service().toUtf8() != callerID) { + return false; + } + break; + + case AuthBackend::VerifyAgainstDBusServicePid: + if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { + return false; + } + break; + } + + return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); +} + QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) { if (!responder) { @@ -259,7 +282,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); timer->stop(); - if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { + if (isCallerAuthorized(action, callerID)) { QString slotname = action; if (slotname.startsWith(m_name + QLatin1Char('.'))) { slotname = slotname.right(slotname.length() - m_name.length() - 1); @@ -301,7 +324,7 @@ uint DBusHelperProxy::authorizeAction(const QString &action, const QByteArray &c QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value(); timer->stop(); - if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { + if (isCallerAuthorized(action, callerID)) { retVal = static_cast(Action::AuthorizedStatus); } else { retVal = static_cast(Action::DeniedStatus); diff --git a/src/backends/dbus/DBusHelperProxy.h b/src/backends/dbus/DBusHelperProxy.h index 52b0ac4..82cec5a 100644 --- a/src/backends/dbus/DBusHelperProxy.h +++ b/src/backends/dbus/DBusHelperProxy.h @@ -25,12 +25,13 @@ #include "kauthactionreply.h" #include +#include #include namespace KAuth { -class DBusHelperProxy : public HelperProxy +class DBusHelperProxy : public HelperProxy, protected QDBusContext { Q_OBJECT Q_PLUGIN_METADATA(IID "org.kde.DBusHelperProxy") @@ -79,6 +80,9 @@ Q_SIGNALS: private Q_SLOTS: void remoteSignalReceived(int type, const QString &action, QByteArray blob); + +private: + bool isCallerAuthorized(const QString &action, const QByteArray &callerID); }; } // namespace Auth diff --git a/src/backends/policykit/PolicyKitBackend.cpp b/src/backends/policykit/PolicyKitBackend.cpp index c2b4d42..bf038a8 100644 --- a/src/backends/policykit/PolicyKitBackend.cpp +++ b/src/backends/policykit/PolicyKitBackend.cpp @@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const return a; } +AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const +{ + return VerifyAgainstDBusServicePid; +} + bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) { QDataStream s(&callerID, QIODevice::ReadOnly); diff --git a/src/backends/policykit/PolicyKitBackend.h b/src/backends/policykit/PolicyKitBackend.h index eb17a3a..38b0240 100644 --- a/src/backends/policykit/PolicyKitBackend.h +++ b/src/backends/policykit/PolicyKitBackend.h @@ -40,6 +40,7 @@ public: virtual Action::AuthStatus authorizeAction(const QString &); virtual Action::AuthStatus actionStatus(const QString &); virtual QByteArray callerID() const; + ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE; virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); private Q_SLOTS: diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp index 78ee5bb..774588c 100644 --- a/src/backends/polkit-1/Polkit1Backend.cpp +++ b/src/backends/polkit-1/Polkit1Backend.cpp @@ -162,6 +162,11 @@ QByteArray Polkit1Backend::callerID() const return QDBusConnection::systemBus().baseService().toUtf8(); } +AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const +{ + return VerifyAgainstDBusServiceName; +} + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) { PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); diff --git a/src/backends/polkit-1/Polkit1Backend.h b/src/backends/polkit-1/Polkit1Backend.h index d7d1e3a..2357892 100644 --- a/src/backends/polkit-1/Polkit1Backend.h +++ b/src/backends/polkit-1/Polkit1Backend.h @@ -49,6 +49,7 @@ public: Action::AuthStatus authorizeAction(const QString &) Q_DECL_OVERRIDE; Action::AuthStatus actionStatus(const QString &) Q_DECL_OVERRIDE; QByteArray callerID() const Q_DECL_OVERRIDE; + ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE; bool isCallerAuthorized(const QString &action, QByteArray callerID) Q_DECL_OVERRIDE; bool actionExists(const QString &action) Q_DECL_OVERRIDE; -- cgit v0.11.2