TDE
/
tdebase
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/tdebase
0
0
Fork 0
Code Issues Releases Wiki Activity

Fix cryptographic card login when SAK is enabled

Browse Source
pull/2/head
Timothy Pearson 9 years ago
parent ce47730301
commit 5b260a9627
6 changed files with 226 additions and 121 deletions
Show Stats Download Patch File Download Diff File

28
tdm/kfrontend/kgreeter.cpp
Unescape View File

@ -219,17 +219,6 @@ KGreeter::KGreeter( bool framed )
pluginList = KGVerify::init( _pluginsLogin );
}
// Initialize SmartCard readers
TDEGenericDevice *hwdevice;
TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*)));
connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*)));
cdevice->enableCardMonitoring(true);
}
mControlPipeHandlerThread = new TQEventLoopThread();
mControlPipeHandler = new ControlPipeHandlerObject();
mControlPipeHandler->mKGreeterParent = this;
@ -252,6 +241,19 @@ KGreeter::~KGreeter()
delete stsFile;
}
void KGreeter::cryptographicCardWatcherSetup() {
// Initialize SmartCard readers
TDEGenericDevice *hwdevice;
TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*)));
connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*)));
cdevice->enableCardMonitoring(true);
}
}
void KGreeter::done(int r) {
closingDown = true;
inherited::done(r);
@ -1047,6 +1049,8 @@ KStdGreeter::KStdGreeter()
pluginSetup();
verify->start();
TQTimer::singleShot(0, this, SLOT(cryptographicCardWatcherSetup()));
}
void
@ -1194,6 +1198,8 @@ KThemedGreeter::KThemedGreeter()
pluginSetup();
verify->start();
TQTimer::singleShot(0, this, SLOT(cryptographicCardWatcherSetup()));
}
bool

3
tdm/kfrontend/kgreeter.h
Unescape View File

@ -112,6 +112,9 @@ class KGreeter : public KGDialog, public KGVerifyHandler {
public:
TQString curUser, curWMSession, dName;
protected slots:
void cryptographicCardWatcherSetup();
protected:
void readFacesList();
void installUserList();

42
tdm/kfrontend/kgverify.cpp
Unescape View File

@ -91,6 +91,7 @@ KGVerify::KGVerify(KGVerifyHandler *_handler, KdmThemer *_themer,
, suspended(false)
, failed(false)
, isClear(true)
, inGreeterPlugin(false)
, abortRequested(false)
{
connect( &timer, TQT_SIGNAL(timeout()), TQT_SLOT(slotTimeout()) );
@ -360,21 +361,22 @@ KGVerify::doReject( bool initial )
{
// assert( !cont );
if (running) {
Debug( "%s->abort()\n", pName.data() );
Debug("%s->abort()\n", pName.data());
greet->abort();
}
handler->verifyClear();
Debug( "%s->clear()\n", pName.data() );
Debug("%s->clear()\n", pName.data());
greet->clear();
curUser = TQString::null;
if (!scheduleAutoLogin( initial )) {
if (!scheduleAutoLogin(initial)) {
isClear = !(isClear && applyPreset());
if (running) {
Debug( "%s->start()\n", pName.data() );
greet->start();
}
if (!failed)
if (!failed) {
timer.stop();
}
}
}
@ -388,6 +390,9 @@ void // not a slot - called manually by greeter
KGVerify::requestAbort()
{
abortRequested = true;
if (inGreeterPlugin) {
greet->next();
}
}
void
@ -615,7 +620,9 @@ KGVerify::handleVerify()
ndelay = GRecvInt();
Debug( " ndelay = %d\n%s->textPrompt(...)\n", ndelay, pName.data() );
if (abortRequested) {
inGreeterPlugin = true;
greet->textPrompt("", echo, ndelay);
inGreeterPlugin = !ndelay;
abortRequested = false;
}
else {
@ -623,10 +630,14 @@ KGVerify::handleVerify()
// Reset password entry and change text
setPassPromptText(msg);
greet->start();
inGreeterPlugin = true;
greet->textPrompt(msg, echo, ndelay);
inGreeterPlugin = !ndelay;
}
else {
inGreeterPlugin = true;
greet->textPrompt(msg, echo, ndelay);
inGreeterPlugin = !ndelay;
}
}
if (msg) {
@ -641,10 +652,11 @@ KGVerify::handleVerify()
Debug( " ndelay = %d\n%s->binaryPrompt(...)\n", ndelay, pName.data() );
if (abortRequested) {
gplugReturnBinary(NULL);
abortRequested = false;
}
else {
inGreeterPlugin = true;
greet->binaryPrompt( msg, ndelay );
inGreeterPlugin = !ndelay;
}
if (msg) {
free(msg);
@ -679,6 +691,7 @@ KGVerify::handleVerify()
Debug("%s->succeeded()\n", pName.data());
greet->succeeded();
abortRequested = false;
inGreeterPlugin = false;
continue;
case V_CHTOK_AUTH:
Debug( " V_CHTOK_AUTH\n" );
@ -695,6 +708,7 @@ KGVerify::handleVerify()
Debug( "%s->succeeded()\n", pName.data() );
greet->succeeded();
abortRequested = false;
inGreeterPlugin = false;
KGChTok chtok( parent, user, pluginList, curPlugin, nfunc, KGreeterPlugin::Login );
if (!chtok.exec()) {
goto retry;
@ -706,13 +720,16 @@ KGVerify::handleVerify()
Debug( " V_MSG_ERR\n" );
msg = GRecvStr();
Debug( " %s->textMessage(%\"s, true)\n", pName.data(), msg );
inGreeterPlugin = true;
if (!greet->textMessage( msg, true )) {
inGreeterPlugin = false;
Debug( " message passed\n" );
if (!abortRequested) {
VErrBox( parent, user, msg );
}
}
else {
inGreeterPlugin = false;
Debug( " message swallowed\n" );
}
if (msg) {
@ -723,13 +740,16 @@ KGVerify::handleVerify()
Debug( " V_MSG_INFO\n" );
msg = GRecvStr();
Debug( " %s->textMessage(%\"s, false)\n", pName.data(), msg );
inGreeterPlugin = true;
if (!greet->textMessage( msg, false )) {
inGreeterPlugin = false;
Debug( " message passed\n" );
if (!abortRequested) {
VInfoBox(parent, user, msg);
}
}
else {
inGreeterPlugin = false;
Debug(" message swallowed\n");
}
free(msg);
@ -751,6 +771,7 @@ KGVerify::handleVerify()
Debug( "%s->failed()\n", pName.data() );
greet->failed();
abortRequested = false;
inGreeterPlugin = false;
MsgBox( sorrybox,
i18n("Authenticated user (%1) does not match requested user (%2).\n")
.arg( ent ).arg( fixedEntity ) );
@ -760,6 +781,7 @@ KGVerify::handleVerify()
Debug( "%s->succeeded()\n", pName.data() );
greet->succeeded();
abortRequested = false;
inGreeterPlugin = false;
handler->verifyOk();
return;
}
@ -767,6 +789,7 @@ KGVerify::handleVerify()
Debug( "%s->failed()\n", pName.data() );
greet->failed();
abortRequested = false;
inGreeterPlugin = false;
// Reset password prompt text
setPassPromptText(TQString::null, true);
@ -788,8 +811,9 @@ KGVerify::handleVerify()
running = true;
Debug( "%s->start()\n", pName.data() );
greet->start();
if (!cont)
if (!cont) {
return;
}
user = TQString::null;
}
}
@ -1043,8 +1067,9 @@ KGStdVerify::slotPluginSelected( int id )
delete greet;
selectPlugin( id );
handler->verifyPluginChanged( id );
if (running)
if (running) {
start();
}
parent->setUpdatesEnabled( true );
}
}
@ -1142,8 +1167,9 @@ KGThemedVerify::slotPluginSelected( int id )
delete greet;
selectPlugin( id );
handler->verifyPluginChanged( id );
if (running)
if (running) {
start();
}
}
}

1
tdm/kfrontend/kgverify.h
Unescape View File

@ -148,6 +148,7 @@ class KGVerify : public TQObject, public KGreeterPluginHandler {
bool capsLocked;
bool enabled, running, suspended, failed, delayed, cont;
bool authTok, isClear, timeable;
bool inGreeterPlugin;
bool abortRequested;
static void VMsgBox( TQWidget *parent, const TQString &user, TQMessageBox::Icon type, const TQString &mesg );

200
tdm/kfrontend/sakdlg.cc
Unescape View File

@ -10,6 +10,11 @@
#include <dmctl.h>
#include <ksslcertificate.h>
#include <tdehardwaredevices.h>
#include <tdecryptographiccarddevice.h>
#include <tdeapplication.h>
#include <tdelocale.h>
#include <kpushbutton.h>
@ -87,64 +92,75 @@ extern bool trinity_desktop_lock_use_sak;
//
SAKDlg::SAKDlg(TQWidget *parent)
: TQDialog(parent, "information dialog", true, (trinity_desktop_lock_use_system_modal_dialogs?((WFlags)WStyle_StaysOnTop):((WFlags)WX11BypassWM))),
mUnlockingFailed(false), closingDown(false)
closingDown(false), mUnlockingFailed(false)
{
if (trinity_desktop_lock_use_system_modal_dialogs) {
// Signal that we do not want any window controls to be shown at all
Atom kde_wm_system_modal_notification;
kde_wm_system_modal_notification = XInternAtom(tqt_xdisplay(), "_TDE_WM_MODAL_SYS_NOTIFICATION", False);
XChangeProperty(tqt_xdisplay(), winId(), kde_wm_system_modal_notification, XA_INTEGER, 32, PropModeReplace, (unsigned char *) "TRUE", 1L);
}
setCaption(TDM_LOGIN_SCREEN_BASE_TITLE);
frame = new TQFrame( this );
if (trinity_desktop_lock_use_system_modal_dialogs)
frame->setFrameStyle( TQFrame::NoFrame );
else
frame->setFrameStyle( TQFrame::Panel | TQFrame::Raised );
frame->setLineWidth( 2 );
KSMModalDialogHeader* theader = new KSMModalDialogHeader( frame );
KUser user;
mStatusLabel = new TQLabel( "<b> </b>", frame );
mStatusLabel->setAlignment( TQLabel::AlignVCenter );
TQVBoxLayout *unlockDialogLayout = new TQVBoxLayout( this );
unlockDialogLayout->addWidget( frame );
TQHBoxLayout *layStatus = new TQHBoxLayout( 0, 0, KDialog::spacingHint());
layStatus->addWidget( mStatusLabel );
frameLayout = new TQGridLayout( frame, 1, 1, KDialog::marginHint(), KDialog::spacingHint() );
frameLayout->addMultiCellWidget( theader, 0, 0, 0, 1, AlignTop | AlignLeft );
frameLayout->addMultiCellLayout( layStatus, 1, 1, 0, 1, AlignLeft | AlignVCenter);
mStatusLabel->setText("<b>" + i18n("Press Ctrl+Alt+Del to begin.") + "</b><p>" + i18n("This process helps keep your password secure.") + "<br>" + i18n("It prevents unauthorized users from emulating the login screen."));
installEventFilter(this);
mSAKProcess = new TDEProcess;
*mSAKProcess << "tdmtsak" << "dm";
connect(mSAKProcess, TQT_SIGNAL(processExited(TDEProcess*)), this, TQT_SLOT(slotSAKProcessExited()));
mSAKProcess->start();
mControlPipeHandlerThread = new TQEventLoopThread();
mControlPipeHandler = new ControlPipeHandlerObject();
mControlPipeHandler->mSAKDlgParent = this;
mControlPipeHandler->moveToThread(mControlPipeHandlerThread);
TQObject::connect(mControlPipeHandler, SIGNAL(processCommand(TQString)), this, SLOT(processInputPipeCommand(TQString)));
TQTimer::singleShot(0, mControlPipeHandler, SLOT(run()));
mControlPipeHandlerThread->start();
if (trinity_desktop_lock_use_system_modal_dialogs) {
// Signal that we do not want any window controls to be shown at all
Atom kde_wm_system_modal_notification;
kde_wm_system_modal_notification = XInternAtom(tqt_xdisplay(), "_TDE_WM_MODAL_SYS_NOTIFICATION", False);
XChangeProperty(tqt_xdisplay(), winId(), kde_wm_system_modal_notification, XA_INTEGER, 32, PropModeReplace, (unsigned char *) "TRUE", 1L);
}
setCaption(TDM_LOGIN_SCREEN_BASE_TITLE);
frame = new TQFrame( this );
if (trinity_desktop_lock_use_system_modal_dialogs)
frame->setFrameStyle( TQFrame::NoFrame );
else
frame->setFrameStyle( TQFrame::Panel | TQFrame::Raised );
frame->setLineWidth( 2 );
KSMModalDialogHeader* theader = new KSMModalDialogHeader( frame );
KUser user;
mStatusLabel = new TQLabel( "<b> </b>", frame );
mStatusLabel->setAlignment( TQLabel::AlignVCenter );
TQVBoxLayout *unlockDialogLayout = new TQVBoxLayout( this );
unlockDialogLayout->addWidget( frame );
TQHBoxLayout *layStatus = new TQHBoxLayout( 0, 0, KDialog::spacingHint());
layStatus->addWidget( mStatusLabel );
frameLayout = new TQGridLayout( frame, 1, 1, KDialog::marginHint(), KDialog::spacingHint() );
frameLayout->addMultiCellWidget( theader, 0, 0, 0, 1, AlignTop | AlignLeft );
frameLayout->addMultiCellLayout( layStatus, 1, 1, 0, 1, AlignLeft | AlignVCenter);
mStatusLabel->setText("<b>" + i18n("Press Ctrl+Alt+Del to begin.") + "</b><p>" + i18n("This process helps keep your password secure.") + "<br>" + i18n("It prevents unauthorized users from emulating the login screen."));
installEventFilter(this);
mSAKProcess = new TDEProcess;
*mSAKProcess << "tdmtsak" << "dm";
connect(mSAKProcess, TQT_SIGNAL(processExited(TDEProcess*)), this, TQT_SLOT(slotSAKProcessExited()));
mSAKProcess->start();
// Initialize SmartCard readers
TDEGenericDevice *hwdevice;
TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*)));
connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*)));
cdevice->enableCardMonitoring(true);
}
mControlPipeHandlerThread = new TQEventLoopThread();
mControlPipeHandler = new ControlPipeHandlerObject();
mControlPipeHandler->mSAKDlgParent = this;
mControlPipeHandler->moveToThread(mControlPipeHandlerThread);
TQObject::connect(mControlPipeHandler, SIGNAL(processCommand(TQString)), this, SLOT(processInputPipeCommand(TQString)));
TQTimer::singleShot(0, mControlPipeHandler, SLOT(run()));
mControlPipeHandlerThread->start();
}
void SAKDlg::slotSAKProcessExited()
{
int retcode = mSAKProcess->exitStatus();
if (retcode != 0) trinity_desktop_lock_use_sak = false;
closingDown = true;
hide();
int retcode = mSAKProcess->exitStatus();
if (retcode != 0) trinity_desktop_lock_use_sak = false;
closingDown = true;
hide();
}
void SAKDlg::processInputPipeCommand(TQString command) {
@ -155,41 +171,89 @@ void SAKDlg::processInputPipeCommand(TQString command) {
}
}
void SAKDlg::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) {
TQString login_name = TQString::null;
X509CertificatePtrList certList = cdevice->cardX509Certificates();
if (certList.count() > 0) {
KSSLCertificate* card_cert = NULL;
card_cert = KSSLCertificate::fromX509(certList[0]);
TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false);
for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) {
TQString lcpart = (*it).lower();
if (lcpart.startsWith("cn=")) {
login_name = lcpart.right(lcpart.length() - strlen("cn="));
}
}
delete card_cert;
}
if (login_name != "") {
DM dm;
SessList sess;
bool vt_active = false;
bool user_active = false;
if (dm.localSessions(sess)) {
TQString user, loc;
for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) {
DM::sess2Str2(*it, user, loc);
if (user.startsWith(login_name + ": ")) {
// Found active session
user_active = true;
}
if ((*it).self) {
if ((*it).vt == dm.activeVT()) {
vt_active = true;
}
}
}
}
if (!user_active && vt_active) {
// Terminate SAK dialog
closeDialogForced();
}
}
}
void SAKDlg::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) {
//
}
SAKDlg::~SAKDlg()
{
if ((mSAKProcess) && (mSAKProcess->isRunning())) {
mSAKProcess->kill(SIGTERM);
delete mSAKProcess;
}
if ((mSAKProcess) && (mSAKProcess->isRunning())) {
mSAKProcess->kill(SIGTERM);
delete mSAKProcess;
}
mControlPipeHandlerThread->terminate();
mControlPipeHandlerThread->wait();
delete mControlPipeHandler;
// delete mControlPipeHandlerThread;
mControlPipeHandlerThread->terminate();
mControlPipeHandlerThread->wait();
delete mControlPipeHandler;
// delete mControlPipeHandlerThread;
hide();
hide();
}
void SAKDlg::closeDialogForced()
{
TQDialog::reject();
TQDialog::reject();
}
void SAKDlg::reject()
{
//
}
void SAKDlg::updateLabel(TQString &txt)
{
mStatusLabel->setPaletteForegroundColor(Qt::black);
mStatusLabel->setText("<b>" + txt + "</b>");
mStatusLabel->setPaletteForegroundColor(Qt::black);
mStatusLabel->setText("<b>" + txt + "</b>");
}
void SAKDlg::show()
{
TQDialog::show();
TQApplication::flushX();
TQDialog::show();
TQApplication::flushX();
}
#include "sakdlg.moc"

73
tdm/kfrontend/sakdlg.h
Unescape View File

@ -22,6 +22,7 @@ class TQLabel;
class KPushButton;
class TQListView;
class SAKDlg;
class TDECryptographicCardDevice;
//===========================================================================
//
@ -30,40 +31,44 @@ class SAKDlg;
//
class SAKDlg : public TQDialog
{
Q_OBJECT
public:
SAKDlg(TQWidget *parent);
~SAKDlg();
virtual void show();
void updateLabel( TQString &txt );
void closeDialogForced();
private slots:
void slotSAKProcessExited();
void processInputPipeCommand(TQString command);
protected slots:
virtual void reject();
private:
TQFrame *frame;
TQGridLayout *frameLayout;
TQLabel *mStatusLabel;
int mCapsLocked;
bool mUnlockingFailed;
TQStringList layoutsList;
TQStringList::iterator currLayout;
int sPid, sFd;
TDEProcess* mSAKProcess;
ControlPipeHandlerObject* mControlPipeHandler;
TQEventLoopThread* mControlPipeHandlerThread;
protected:
bool closingDown;
friend class ControlPipeHandlerObject;
Q_OBJECT
public:
SAKDlg(TQWidget *parent);
~SAKDlg();
virtual void show();
void updateLabel( TQString &txt );
void closeDialogForced();
private slots:
void slotSAKProcessExited();
void processInputPipeCommand(TQString command);
protected slots:
virtual void reject();
private slots:
void cryptographicCardInserted(TDECryptographicCardDevice*);
void cryptographicCardRemoved(TDECryptographicCardDevice*);
protected:
bool closingDown;
private:
TQFrame *frame;
TQGridLayout *frameLayout;
TQLabel *mStatusLabel;
int mCapsLocked;
bool mUnlockingFailed;
TQStringList layoutsList;
TQStringList::iterator currLayout;
int sPid, sFd;
TDEProcess* mSAKProcess;
ControlPipeHandlerObject* mControlPipeHandler;
TQEventLoopThread* mControlPipeHandlerThread;
friend class ControlPipeHandlerObject;
};
#endif

Write Preview
Loading…
Cancel
Save