TDE
/
tdebase
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/tdebase
0
0
Fork 0
Code Issues Releases Wiki Activity

Fix cryptographic card login when SAK is enabled

Browse Source
pull/2/head
Timothy Pearson 10 years ago
parent ce47730301
commit 5b260a9627
6 changed files with 226 additions and 121 deletions
Show Stats Download Patch File Download Diff File

28
tdm/kfrontend/kgreeter.cpp
Unescape Escape View File

@ -219,17 +219,6 @@ KGreeter::KGreeter( bool framed )
pluginList = KGVerify::init( _pluginsLogin ); pluginList = KGVerify::init( _pluginsLogin );
} }
// Initialize SmartCard readers
TDEGenericDevice *hwdevice;
TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*)));
connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*)));
cdevice->enableCardMonitoring(true);
}
mControlPipeHandlerThread = new TQEventLoopThread(); mControlPipeHandlerThread = new TQEventLoopThread();
mControlPipeHandler = new ControlPipeHandlerObject(); mControlPipeHandler = new ControlPipeHandlerObject();
mControlPipeHandler->mKGreeterParent = this; mControlPipeHandler->mKGreeterParent = this;
@ -252,6 +241,19 @@ KGreeter::~KGreeter()
delete stsFile; delete stsFile;
} }
void KGreeter::cryptographicCardWatcherSetup() {
// Initialize SmartCard readers
TDEGenericDevice *hwdevice;
TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*)));
connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*)));
cdevice->enableCardMonitoring(true);
}
}
void KGreeter::done(int r) { void KGreeter::done(int r) {
closingDown = true; closingDown = true;
inherited::done(r); inherited::done(r);
@ -1047,6 +1049,8 @@ KStdGreeter::KStdGreeter()
pluginSetup(); pluginSetup();
verify->start(); verify->start();
TQTimer::singleShot(0, this, SLOT(cryptographicCardWatcherSetup()));
} }
void void
@ -1194,6 +1198,8 @@ KThemedGreeter::KThemedGreeter()
pluginSetup(); pluginSetup();
verify->start(); verify->start();
TQTimer::singleShot(0, this, SLOT(cryptographicCardWatcherSetup()));
} }
bool bool

3
tdm/kfrontend/kgreeter.h
Unescape Escape View File

@ -112,6 +112,9 @@ class KGreeter : public KGDialog, public KGVerifyHandler {
public: public:
TQString curUser, curWMSession, dName; TQString curUser, curWMSession, dName;
protected slots:
void cryptographicCardWatcherSetup();
protected: protected:
void readFacesList(); void readFacesList();
void installUserList(); void installUserList();

36
tdm/kfrontend/kgverify.cpp
Unescape Escape View File

@ -91,6 +91,7 @@ KGVerify::KGVerify(KGVerifyHandler *_handler, KdmThemer *_themer,
, suspended(false) , suspended(false)
, failed(false) , failed(false)
, isClear(true) , isClear(true)
, inGreeterPlugin(false)
, abortRequested(false) , abortRequested(false)
{ {
connect( &timer, TQT_SIGNAL(timeout()), TQT_SLOT(slotTimeout()) ); connect( &timer, TQT_SIGNAL(timeout()), TQT_SLOT(slotTimeout()) );
@ -373,10 +374,11 @@ KGVerify::doReject( bool initial )
Debug( "%s->start()\n", pName.data() ); Debug( "%s->start()\n", pName.data() );
greet->start(); greet->start();
} }
if (!failed) if (!failed) {
timer.stop(); timer.stop();
} }
} }
}
void // not a slot - called manually by greeter void // not a slot - called manually by greeter
KGVerify::reject() KGVerify::reject()
@ -388,6 +390,9 @@ void // not a slot - called manually by greeter
KGVerify::requestAbort() KGVerify::requestAbort()
{ {
abortRequested = true; abortRequested = true;
if (inGreeterPlugin) {
greet->next();
}
} }
void void
@ -615,7 +620,9 @@ KGVerify::handleVerify()
ndelay = GRecvInt(); ndelay = GRecvInt();
Debug( " ndelay = %d\n%s->textPrompt(...)\n", ndelay, pName.data() ); Debug( " ndelay = %d\n%s->textPrompt(...)\n", ndelay, pName.data() );
if (abortRequested) { if (abortRequested) {
inGreeterPlugin = true;
greet->textPrompt("", echo, ndelay); greet->textPrompt("", echo, ndelay);
inGreeterPlugin = !ndelay;
abortRequested = false; abortRequested = false;
} }
else { else {
@ -623,10 +630,14 @@ KGVerify::handleVerify()
// Reset password entry and change text // Reset password entry and change text
setPassPromptText(msg); setPassPromptText(msg);
greet->start(); greet->start();
inGreeterPlugin = true;
greet->textPrompt(msg, echo, ndelay); greet->textPrompt(msg, echo, ndelay);
inGreeterPlugin = !ndelay;
} }
else { else {
inGreeterPlugin = true;
greet->textPrompt(msg, echo, ndelay); greet->textPrompt(msg, echo, ndelay);
inGreeterPlugin = !ndelay;
} }
} }
if (msg) { if (msg) {
@ -641,10 +652,11 @@ KGVerify::handleVerify()
Debug( " ndelay = %d\n%s->binaryPrompt(...)\n", ndelay, pName.data() ); Debug( " ndelay = %d\n%s->binaryPrompt(...)\n", ndelay, pName.data() );
if (abortRequested) { if (abortRequested) {
gplugReturnBinary(NULL); gplugReturnBinary(NULL);
abortRequested = false;
} }
else { else {
inGreeterPlugin = true;
greet->binaryPrompt( msg, ndelay ); greet->binaryPrompt( msg, ndelay );
inGreeterPlugin = !ndelay;
} }
if (msg) { if (msg) {
free(msg); free(msg);
@ -679,6 +691,7 @@ KGVerify::handleVerify()
Debug("%s->succeeded()\n", pName.data()); Debug("%s->succeeded()\n", pName.data());
greet->succeeded(); greet->succeeded();
abortRequested = false; abortRequested = false;
inGreeterPlugin = false;
continue; continue;
case V_CHTOK_AUTH: case V_CHTOK_AUTH:
Debug( " V_CHTOK_AUTH\n" ); Debug( " V_CHTOK_AUTH\n" );
@ -695,6 +708,7 @@ KGVerify::handleVerify()
Debug( "%s->succeeded()\n", pName.data() ); Debug( "%s->succeeded()\n", pName.data() );
greet->succeeded(); greet->succeeded();
abortRequested = false; abortRequested = false;
inGreeterPlugin = false;
KGChTok chtok( parent, user, pluginList, curPlugin, nfunc, KGreeterPlugin::Login ); KGChTok chtok( parent, user, pluginList, curPlugin, nfunc, KGreeterPlugin::Login );
if (!chtok.exec()) { if (!chtok.exec()) {
goto retry; goto retry;
@ -706,13 +720,16 @@ KGVerify::handleVerify()
Debug( " V_MSG_ERR\n" ); Debug( " V_MSG_ERR\n" );
msg = GRecvStr(); msg = GRecvStr();
Debug( " %s->textMessage(%\"s, true)\n", pName.data(), msg ); Debug( " %s->textMessage(%\"s, true)\n", pName.data(), msg );
inGreeterPlugin = true;
if (!greet->textMessage( msg, true )) { if (!greet->textMessage( msg, true )) {
inGreeterPlugin = false;
Debug( " message passed\n" ); Debug( " message passed\n" );
if (!abortRequested) { if (!abortRequested) {
VErrBox( parent, user, msg ); VErrBox( parent, user, msg );
} }
} }
else { else {
inGreeterPlugin = false;
Debug( " message swallowed\n" ); Debug( " message swallowed\n" );
} }
if (msg) { if (msg) {
@ -723,13 +740,16 @@ KGVerify::handleVerify()
Debug( " V_MSG_INFO\n" ); Debug( " V_MSG_INFO\n" );
msg = GRecvStr(); msg = GRecvStr();
Debug( " %s->textMessage(%\"s, false)\n", pName.data(), msg ); Debug( " %s->textMessage(%\"s, false)\n", pName.data(), msg );
inGreeterPlugin = true;
if (!greet->textMessage( msg, false )) { if (!greet->textMessage( msg, false )) {
inGreeterPlugin = false;
Debug( " message passed\n" ); Debug( " message passed\n" );
if (!abortRequested) { if (!abortRequested) {
VInfoBox(parent, user, msg); VInfoBox(parent, user, msg);
} }
} }
else { else {
inGreeterPlugin = false;
Debug(" message swallowed\n"); Debug(" message swallowed\n");
} }
free(msg); free(msg);
@ -751,6 +771,7 @@ KGVerify::handleVerify()
Debug( "%s->failed()\n", pName.data() ); Debug( "%s->failed()\n", pName.data() );
greet->failed(); greet->failed();
abortRequested = false; abortRequested = false;
inGreeterPlugin = false;
MsgBox( sorrybox, MsgBox( sorrybox,
i18n("Authenticated user (%1) does not match requested user (%2).\n") i18n("Authenticated user (%1) does not match requested user (%2).\n")
.arg( ent ).arg( fixedEntity ) ); .arg( ent ).arg( fixedEntity ) );
@ -760,6 +781,7 @@ KGVerify::handleVerify()
Debug( "%s->succeeded()\n", pName.data() ); Debug( "%s->succeeded()\n", pName.data() );
greet->succeeded(); greet->succeeded();
abortRequested = false; abortRequested = false;
inGreeterPlugin = false;
handler->verifyOk(); handler->verifyOk();
return; return;
} }
@ -767,6 +789,7 @@ KGVerify::handleVerify()
Debug( "%s->failed()\n", pName.data() ); Debug( "%s->failed()\n", pName.data() );
greet->failed(); greet->failed();
abortRequested = false; abortRequested = false;
inGreeterPlugin = false;
// Reset password prompt text // Reset password prompt text
setPassPromptText(TQString::null, true); setPassPromptText(TQString::null, true);
@ -788,8 +811,9 @@ KGVerify::handleVerify()
running = true; running = true;
Debug( "%s->start()\n", pName.data() ); Debug( "%s->start()\n", pName.data() );
greet->start(); greet->start();
if (!cont) if (!cont) {
return; return;
}
user = TQString::null; user = TQString::null;
} }
} }
@ -1043,8 +1067,9 @@ KGStdVerify::slotPluginSelected( int id )
delete greet; delete greet;
selectPlugin( id ); selectPlugin( id );
handler->verifyPluginChanged( id ); handler->verifyPluginChanged( id );
if (running) if (running) {
start(); start();
}
parent->setUpdatesEnabled( true ); parent->setUpdatesEnabled( true );
} }
} }
@ -1142,10 +1167,11 @@ KGThemedVerify::slotPluginSelected( int id )
delete greet; delete greet;
selectPlugin( id ); selectPlugin( id );
handler->verifyPluginChanged( id ); handler->verifyPluginChanged( id );
if (running) if (running) {
start(); start();
} }
} }
}
void void
KGThemedVerify::updateStatus() KGThemedVerify::updateStatus()

1
tdm/kfrontend/kgverify.h
Unescape Escape View File

@ -148,6 +148,7 @@ class KGVerify : public TQObject, public KGreeterPluginHandler {
bool capsLocked; bool capsLocked;
bool enabled, running, suspended, failed, delayed, cont; bool enabled, running, suspended, failed, delayed, cont;
bool authTok, isClear, timeable; bool authTok, isClear, timeable;
bool inGreeterPlugin;
bool abortRequested; bool abortRequested;
static void VMsgBox( TQWidget *parent, const TQString &user, TQMessageBox::Icon type, const TQString &mesg ); static void VMsgBox( TQWidget *parent, const TQString &user, TQMessageBox::Icon type, const TQString &mesg );

68
tdm/kfrontend/sakdlg.cc
Unescape Escape View File

@ -10,6 +10,11 @@
#include <dmctl.h> #include <dmctl.h>
#include <ksslcertificate.h>
#include <tdehardwaredevices.h>
#include <tdecryptographiccarddevice.h>
#include <tdeapplication.h> #include <tdeapplication.h>
#include <tdelocale.h> #include <tdelocale.h>
#include <kpushbutton.h> #include <kpushbutton.h>
@ -87,7 +92,7 @@ extern bool trinity_desktop_lock_use_sak;
// //
SAKDlg::SAKDlg(TQWidget *parent) SAKDlg::SAKDlg(TQWidget *parent)
: TQDialog(parent, "information dialog", true, (trinity_desktop_lock_use_system_modal_dialogs?((WFlags)WStyle_StaysOnTop):((WFlags)WX11BypassWM))), : TQDialog(parent, "information dialog", true, (trinity_desktop_lock_use_system_modal_dialogs?((WFlags)WStyle_StaysOnTop):((WFlags)WX11BypassWM))),
mUnlockingFailed(false), closingDown(false) closingDown(false), mUnlockingFailed(false)
{ {
if (trinity_desktop_lock_use_system_modal_dialogs) { if (trinity_desktop_lock_use_system_modal_dialogs) {
// Signal that we do not want any window controls to be shown at all // Signal that we do not want any window controls to be shown at all
@ -130,6 +135,17 @@ SAKDlg::SAKDlg(TQWidget *parent)
connect(mSAKProcess, TQT_SIGNAL(processExited(TDEProcess*)), this, TQT_SLOT(slotSAKProcessExited())); connect(mSAKProcess, TQT_SIGNAL(processExited(TDEProcess*)), this, TQT_SLOT(slotSAKProcessExited()));
mSAKProcess->start(); mSAKProcess->start();
// Initialize SmartCard readers
TDEGenericDevice *hwdevice;
TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*)));
connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*)));
cdevice->enableCardMonitoring(true);
}
mControlPipeHandlerThread = new TQEventLoopThread(); mControlPipeHandlerThread = new TQEventLoopThread();
mControlPipeHandler = new ControlPipeHandlerObject(); mControlPipeHandler = new ControlPipeHandlerObject();
mControlPipeHandler->mSAKDlgParent = this; mControlPipeHandler->mSAKDlgParent = this;
@ -155,6 +171,54 @@ void SAKDlg::processInputPipeCommand(TQString command) {
} }
} }
void SAKDlg::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) {
TQString login_name = TQString::null;
X509CertificatePtrList certList = cdevice->cardX509Certificates();
if (certList.count() > 0) {
KSSLCertificate* card_cert = NULL;
card_cert = KSSLCertificate::fromX509(certList[0]);
TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false);
for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) {
TQString lcpart = (*it).lower();
if (lcpart.startsWith("cn=")) {
login_name = lcpart.right(lcpart.length() - strlen("cn="));
}
}
delete card_cert;
}
if (login_name != "") {
DM dm;
SessList sess;
bool vt_active = false;
bool user_active = false;
if (dm.localSessions(sess)) {
TQString user, loc;
for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) {
DM::sess2Str2(*it, user, loc);
if (user.startsWith(login_name + ": ")) {
// Found active session
user_active = true;
}
if ((*it).self) {
if ((*it).vt == dm.activeVT()) {
vt_active = true;
}
}
}
}
if (!user_active && vt_active) {
// Terminate SAK dialog
closeDialogForced();
}
}
}
void SAKDlg::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) {
//
}
SAKDlg::~SAKDlg() SAKDlg::~SAKDlg()
{ {
if ((mSAKProcess) && (mSAKProcess->isRunning())) { if ((mSAKProcess) && (mSAKProcess->isRunning())) {
@ -177,7 +241,7 @@ void SAKDlg::closeDialogForced()
void SAKDlg::reject() void SAKDlg::reject()
{ {
//
} }
void SAKDlg::updateLabel(TQString &txt) void SAKDlg::updateLabel(TQString &txt)

11
tdm/kfrontend/sakdlg.h
Unescape Escape View File

@ -22,6 +22,7 @@ class TQLabel;
class KPushButton; class KPushButton;
class TQListView; class TQListView;
class SAKDlg; class SAKDlg;
class TDECryptographicCardDevice;
//=========================================================================== //===========================================================================
// //
@ -47,6 +48,13 @@ private slots:
protected slots: protected slots:
virtual void reject(); virtual void reject();
private slots:
void cryptographicCardInserted(TDECryptographicCardDevice*);
void cryptographicCardRemoved(TDECryptographicCardDevice*);
protected:
bool closingDown;
private: private:
TQFrame *frame; TQFrame *frame;
TQGridLayout *frameLayout; TQGridLayout *frameLayout;
@ -60,9 +68,6 @@ private:
ControlPipeHandlerObject* mControlPipeHandler; ControlPipeHandlerObject* mControlPipeHandler;
TQEventLoopThread* mControlPipeHandlerThread; TQEventLoopThread* mControlPipeHandlerThread;
protected:
bool closingDown;
friend class ControlPipeHandlerObject; friend class ControlPipeHandlerObject;
}; };

Write Preview
Loading…
Cancel
Save