diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-17 18:33:37 -0500 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-17 18:33:37 -0500 |
commit | 5b260a9627dd03085931882a9918cd6fbca58752 (patch) | |
tree | 12536e59fe69ee814a0d1ba3545fcdd27d8ebe2d /tdm | |
parent | ce477303019c7f3ba18dcab48e4205d59614ce5a (diff) | |
download | tdebase-5b260a9627dd03085931882a9918cd6fbca58752.tar.gz tdebase-5b260a9627dd03085931882a9918cd6fbca58752.zip |
Fix cryptographic card login when SAK is enabled
Diffstat (limited to 'tdm')
-rw-r--r-- | tdm/kfrontend/kgreeter.cpp | 28 | ||||
-rw-r--r-- | tdm/kfrontend/kgreeter.h | 3 | ||||
-rw-r--r-- | tdm/kfrontend/kgverify.cpp | 42 | ||||
-rw-r--r-- | tdm/kfrontend/kgverify.h | 1 | ||||
-rw-r--r-- | tdm/kfrontend/sakdlg.cc | 200 | ||||
-rw-r--r-- | tdm/kfrontend/sakdlg.h | 73 |
6 files changed, 226 insertions, 121 deletions
diff --git a/tdm/kfrontend/kgreeter.cpp b/tdm/kfrontend/kgreeter.cpp index d3ee07de6..945110de7 100644 --- a/tdm/kfrontend/kgreeter.cpp +++ b/tdm/kfrontend/kgreeter.cpp @@ -219,17 +219,6 @@ KGreeter::KGreeter( bool framed ) pluginList = KGVerify::init( _pluginsLogin ); } - // Initialize SmartCard readers - TDEGenericDevice *hwdevice; - TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); - TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); - for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { - TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice); - connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*))); - connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*))); - cdevice->enableCardMonitoring(true); - } - mControlPipeHandlerThread = new TQEventLoopThread(); mControlPipeHandler = new ControlPipeHandlerObject(); mControlPipeHandler->mKGreeterParent = this; @@ -252,6 +241,19 @@ KGreeter::~KGreeter() delete stsFile; } +void KGreeter::cryptographicCardWatcherSetup() { + // Initialize SmartCard readers + TDEGenericDevice *hwdevice; + TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); + TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); + for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { + TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice); + connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*))); + connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*))); + cdevice->enableCardMonitoring(true); + } +} + void KGreeter::done(int r) { closingDown = true; inherited::done(r); @@ -1047,6 +1049,8 @@ KStdGreeter::KStdGreeter() pluginSetup(); verify->start(); + + TQTimer::singleShot(0, this, SLOT(cryptographicCardWatcherSetup())); } void @@ -1194,6 +1198,8 @@ KThemedGreeter::KThemedGreeter() pluginSetup(); verify->start(); + + TQTimer::singleShot(0, this, SLOT(cryptographicCardWatcherSetup())); } bool diff --git a/tdm/kfrontend/kgreeter.h b/tdm/kfrontend/kgreeter.h index fa24622d0..793a034df 100644 --- a/tdm/kfrontend/kgreeter.h +++ b/tdm/kfrontend/kgreeter.h @@ -112,6 +112,9 @@ class KGreeter : public KGDialog, public KGVerifyHandler { public: TQString curUser, curWMSession, dName; + protected slots: + void cryptographicCardWatcherSetup(); + protected: void readFacesList(); void installUserList(); diff --git a/tdm/kfrontend/kgverify.cpp b/tdm/kfrontend/kgverify.cpp index a02cc1c39..a25fac8b8 100644 --- a/tdm/kfrontend/kgverify.cpp +++ b/tdm/kfrontend/kgverify.cpp @@ -91,6 +91,7 @@ KGVerify::KGVerify(KGVerifyHandler *_handler, KdmThemer *_themer, , suspended(false) , failed(false) , isClear(true) + , inGreeterPlugin(false) , abortRequested(false) { connect( &timer, TQT_SIGNAL(timeout()), TQT_SLOT(slotTimeout()) ); @@ -360,21 +361,22 @@ KGVerify::doReject( bool initial ) { // assert( !cont ); if (running) { - Debug( "%s->abort()\n", pName.data() ); + Debug("%s->abort()\n", pName.data()); greet->abort(); } handler->verifyClear(); - Debug( "%s->clear()\n", pName.data() ); + Debug("%s->clear()\n", pName.data()); greet->clear(); curUser = TQString::null; - if (!scheduleAutoLogin( initial )) { + if (!scheduleAutoLogin(initial)) { isClear = !(isClear && applyPreset()); if (running) { Debug( "%s->start()\n", pName.data() ); greet->start(); } - if (!failed) + if (!failed) { timer.stop(); + } } } @@ -388,6 +390,9 @@ void // not a slot - called manually by greeter KGVerify::requestAbort() { abortRequested = true; + if (inGreeterPlugin) { + greet->next(); + } } void @@ -615,7 +620,9 @@ KGVerify::handleVerify() ndelay = GRecvInt(); Debug( " ndelay = %d\n%s->textPrompt(...)\n", ndelay, pName.data() ); if (abortRequested) { + inGreeterPlugin = true; greet->textPrompt("", echo, ndelay); + inGreeterPlugin = !ndelay; abortRequested = false; } else { @@ -623,10 +630,14 @@ KGVerify::handleVerify() // Reset password entry and change text setPassPromptText(msg); greet->start(); + inGreeterPlugin = true; greet->textPrompt(msg, echo, ndelay); + inGreeterPlugin = !ndelay; } else { + inGreeterPlugin = true; greet->textPrompt(msg, echo, ndelay); + inGreeterPlugin = !ndelay; } } if (msg) { @@ -641,10 +652,11 @@ KGVerify::handleVerify() Debug( " ndelay = %d\n%s->binaryPrompt(...)\n", ndelay, pName.data() ); if (abortRequested) { gplugReturnBinary(NULL); - abortRequested = false; } else { + inGreeterPlugin = true; greet->binaryPrompt( msg, ndelay ); + inGreeterPlugin = !ndelay; } if (msg) { free(msg); @@ -679,6 +691,7 @@ KGVerify::handleVerify() Debug("%s->succeeded()\n", pName.data()); greet->succeeded(); abortRequested = false; + inGreeterPlugin = false; continue; case V_CHTOK_AUTH: Debug( " V_CHTOK_AUTH\n" ); @@ -695,6 +708,7 @@ KGVerify::handleVerify() Debug( "%s->succeeded()\n", pName.data() ); greet->succeeded(); abortRequested = false; + inGreeterPlugin = false; KGChTok chtok( parent, user, pluginList, curPlugin, nfunc, KGreeterPlugin::Login ); if (!chtok.exec()) { goto retry; @@ -706,13 +720,16 @@ KGVerify::handleVerify() Debug( " V_MSG_ERR\n" ); msg = GRecvStr(); Debug( " %s->textMessage(%\"s, true)\n", pName.data(), msg ); + inGreeterPlugin = true; if (!greet->textMessage( msg, true )) { + inGreeterPlugin = false; Debug( " message passed\n" ); if (!abortRequested) { VErrBox( parent, user, msg ); } } else { + inGreeterPlugin = false; Debug( " message swallowed\n" ); } if (msg) { @@ -723,13 +740,16 @@ KGVerify::handleVerify() Debug( " V_MSG_INFO\n" ); msg = GRecvStr(); Debug( " %s->textMessage(%\"s, false)\n", pName.data(), msg ); + inGreeterPlugin = true; if (!greet->textMessage( msg, false )) { + inGreeterPlugin = false; Debug( " message passed\n" ); if (!abortRequested) { VInfoBox(parent, user, msg); } } else { + inGreeterPlugin = false; Debug(" message swallowed\n"); } free(msg); @@ -751,6 +771,7 @@ KGVerify::handleVerify() Debug( "%s->failed()\n", pName.data() ); greet->failed(); abortRequested = false; + inGreeterPlugin = false; MsgBox( sorrybox, i18n("Authenticated user (%1) does not match requested user (%2).\n") .arg( ent ).arg( fixedEntity ) ); @@ -760,6 +781,7 @@ KGVerify::handleVerify() Debug( "%s->succeeded()\n", pName.data() ); greet->succeeded(); abortRequested = false; + inGreeterPlugin = false; handler->verifyOk(); return; } @@ -767,6 +789,7 @@ KGVerify::handleVerify() Debug( "%s->failed()\n", pName.data() ); greet->failed(); abortRequested = false; + inGreeterPlugin = false; // Reset password prompt text setPassPromptText(TQString::null, true); @@ -788,8 +811,9 @@ KGVerify::handleVerify() running = true; Debug( "%s->start()\n", pName.data() ); greet->start(); - if (!cont) + if (!cont) { return; + } user = TQString::null; } } @@ -1043,8 +1067,9 @@ KGStdVerify::slotPluginSelected( int id ) delete greet; selectPlugin( id ); handler->verifyPluginChanged( id ); - if (running) + if (running) { start(); + } parent->setUpdatesEnabled( true ); } } @@ -1142,8 +1167,9 @@ KGThemedVerify::slotPluginSelected( int id ) delete greet; selectPlugin( id ); handler->verifyPluginChanged( id ); - if (running) + if (running) { start(); + } } } diff --git a/tdm/kfrontend/kgverify.h b/tdm/kfrontend/kgverify.h index 7db52f2ab..3cd22b6c9 100644 --- a/tdm/kfrontend/kgverify.h +++ b/tdm/kfrontend/kgverify.h @@ -148,6 +148,7 @@ class KGVerify : public TQObject, public KGreeterPluginHandler { bool capsLocked; bool enabled, running, suspended, failed, delayed, cont; bool authTok, isClear, timeable; + bool inGreeterPlugin; bool abortRequested; static void VMsgBox( TQWidget *parent, const TQString &user, TQMessageBox::Icon type, const TQString &mesg ); diff --git a/tdm/kfrontend/sakdlg.cc b/tdm/kfrontend/sakdlg.cc index 1f1adefdf..3ea8d761d 100644 --- a/tdm/kfrontend/sakdlg.cc +++ b/tdm/kfrontend/sakdlg.cc @@ -10,6 +10,11 @@ #include <dmctl.h> +#include <ksslcertificate.h> + +#include <tdehardwaredevices.h> +#include <tdecryptographiccarddevice.h> + #include <tdeapplication.h> #include <tdelocale.h> #include <kpushbutton.h> @@ -87,64 +92,75 @@ extern bool trinity_desktop_lock_use_sak; // SAKDlg::SAKDlg(TQWidget *parent) : TQDialog(parent, "information dialog", true, (trinity_desktop_lock_use_system_modal_dialogs?((WFlags)WStyle_StaysOnTop):((WFlags)WX11BypassWM))), - mUnlockingFailed(false), closingDown(false) + closingDown(false), mUnlockingFailed(false) { - if (trinity_desktop_lock_use_system_modal_dialogs) { - // Signal that we do not want any window controls to be shown at all - Atom kde_wm_system_modal_notification; - kde_wm_system_modal_notification = XInternAtom(tqt_xdisplay(), "_TDE_WM_MODAL_SYS_NOTIFICATION", False); - XChangeProperty(tqt_xdisplay(), winId(), kde_wm_system_modal_notification, XA_INTEGER, 32, PropModeReplace, (unsigned char *) "TRUE", 1L); - } - setCaption(TDM_LOGIN_SCREEN_BASE_TITLE); - - frame = new TQFrame( this ); - if (trinity_desktop_lock_use_system_modal_dialogs) - frame->setFrameStyle( TQFrame::NoFrame ); - else - frame->setFrameStyle( TQFrame::Panel | TQFrame::Raised ); - frame->setLineWidth( 2 ); - - KSMModalDialogHeader* theader = new KSMModalDialogHeader( frame ); - - KUser user; - - mStatusLabel = new TQLabel( "<b> </b>", frame ); - mStatusLabel->setAlignment( TQLabel::AlignVCenter ); - - TQVBoxLayout *unlockDialogLayout = new TQVBoxLayout( this ); - unlockDialogLayout->addWidget( frame ); - - TQHBoxLayout *layStatus = new TQHBoxLayout( 0, 0, KDialog::spacingHint()); - layStatus->addWidget( mStatusLabel ); - - frameLayout = new TQGridLayout( frame, 1, 1, KDialog::marginHint(), KDialog::spacingHint() ); - frameLayout->addMultiCellWidget( theader, 0, 0, 0, 1, AlignTop | AlignLeft ); - frameLayout->addMultiCellLayout( layStatus, 1, 1, 0, 1, AlignLeft | AlignVCenter); - - mStatusLabel->setText("<b>" + i18n("Press Ctrl+Alt+Del to begin.") + "</b><p>" + i18n("This process helps keep your password secure.") + "<br>" + i18n("It prevents unauthorized users from emulating the login screen.")); - - installEventFilter(this); - - mSAKProcess = new TDEProcess; - *mSAKProcess << "tdmtsak" << "dm"; - connect(mSAKProcess, TQT_SIGNAL(processExited(TDEProcess*)), this, TQT_SLOT(slotSAKProcessExited())); - mSAKProcess->start(); - - mControlPipeHandlerThread = new TQEventLoopThread(); - mControlPipeHandler = new ControlPipeHandlerObject(); - mControlPipeHandler->mSAKDlgParent = this; - mControlPipeHandler->moveToThread(mControlPipeHandlerThread); - TQObject::connect(mControlPipeHandler, SIGNAL(processCommand(TQString)), this, SLOT(processInputPipeCommand(TQString))); - TQTimer::singleShot(0, mControlPipeHandler, SLOT(run())); - mControlPipeHandlerThread->start(); + if (trinity_desktop_lock_use_system_modal_dialogs) { + // Signal that we do not want any window controls to be shown at all + Atom kde_wm_system_modal_notification; + kde_wm_system_modal_notification = XInternAtom(tqt_xdisplay(), "_TDE_WM_MODAL_SYS_NOTIFICATION", False); + XChangeProperty(tqt_xdisplay(), winId(), kde_wm_system_modal_notification, XA_INTEGER, 32, PropModeReplace, (unsigned char *) "TRUE", 1L); + } + setCaption(TDM_LOGIN_SCREEN_BASE_TITLE); + + frame = new TQFrame( this ); + if (trinity_desktop_lock_use_system_modal_dialogs) + frame->setFrameStyle( TQFrame::NoFrame ); + else + frame->setFrameStyle( TQFrame::Panel | TQFrame::Raised ); + frame->setLineWidth( 2 ); + + KSMModalDialogHeader* theader = new KSMModalDialogHeader( frame ); + + KUser user; + + mStatusLabel = new TQLabel( "<b> </b>", frame ); + mStatusLabel->setAlignment( TQLabel::AlignVCenter ); + + TQVBoxLayout *unlockDialogLayout = new TQVBoxLayout( this ); + unlockDialogLayout->addWidget( frame ); + + TQHBoxLayout *layStatus = new TQHBoxLayout( 0, 0, KDialog::spacingHint()); + layStatus->addWidget( mStatusLabel ); + + frameLayout = new TQGridLayout( frame, 1, 1, KDialog::marginHint(), KDialog::spacingHint() ); + frameLayout->addMultiCellWidget( theader, 0, 0, 0, 1, AlignTop | AlignLeft ); + frameLayout->addMultiCellLayout( layStatus, 1, 1, 0, 1, AlignLeft | AlignVCenter); + + mStatusLabel->setText("<b>" + i18n("Press Ctrl+Alt+Del to begin.") + "</b><p>" + i18n("This process helps keep your password secure.") + "<br>" + i18n("It prevents unauthorized users from emulating the login screen.")); + + installEventFilter(this); + + mSAKProcess = new TDEProcess; + *mSAKProcess << "tdmtsak" << "dm"; + connect(mSAKProcess, TQT_SIGNAL(processExited(TDEProcess*)), this, TQT_SLOT(slotSAKProcessExited())); + mSAKProcess->start(); + + // Initialize SmartCard readers + TDEGenericDevice *hwdevice; + TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); + TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); + for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { + TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice); + connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*))); + connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*))); + cdevice->enableCardMonitoring(true); + } + + mControlPipeHandlerThread = new TQEventLoopThread(); + mControlPipeHandler = new ControlPipeHandlerObject(); + mControlPipeHandler->mSAKDlgParent = this; + mControlPipeHandler->moveToThread(mControlPipeHandlerThread); + TQObject::connect(mControlPipeHandler, SIGNAL(processCommand(TQString)), this, SLOT(processInputPipeCommand(TQString))); + TQTimer::singleShot(0, mControlPipeHandler, SLOT(run())); + mControlPipeHandlerThread->start(); } void SAKDlg::slotSAKProcessExited() { - int retcode = mSAKProcess->exitStatus(); - if (retcode != 0) trinity_desktop_lock_use_sak = false; - closingDown = true; - hide(); + int retcode = mSAKProcess->exitStatus(); + if (retcode != 0) trinity_desktop_lock_use_sak = false; + closingDown = true; + hide(); } void SAKDlg::processInputPipeCommand(TQString command) { @@ -155,41 +171,89 @@ void SAKDlg::processInputPipeCommand(TQString command) { } } +void SAKDlg::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) { + TQString login_name = TQString::null; + X509CertificatePtrList certList = cdevice->cardX509Certificates(); + if (certList.count() > 0) { + KSSLCertificate* card_cert = NULL; + card_cert = KSSLCertificate::fromX509(certList[0]); + TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false); + for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) { + TQString lcpart = (*it).lower(); + if (lcpart.startsWith("cn=")) { + login_name = lcpart.right(lcpart.length() - strlen("cn=")); + } + } + delete card_cert; + } + + if (login_name != "") { + DM dm; + SessList sess; + bool vt_active = false; + bool user_active = false; + if (dm.localSessions(sess)) { + TQString user, loc; + for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) { + DM::sess2Str2(*it, user, loc); + if (user.startsWith(login_name + ": ")) { + // Found active session + user_active = true; + } + if ((*it).self) { + if ((*it).vt == dm.activeVT()) { + vt_active = true; + } + } + } + } + + if (!user_active && vt_active) { + // Terminate SAK dialog + closeDialogForced(); + } + } +} + +void SAKDlg::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) { + // +} + SAKDlg::~SAKDlg() { - if ((mSAKProcess) && (mSAKProcess->isRunning())) { - mSAKProcess->kill(SIGTERM); - delete mSAKProcess; - } + if ((mSAKProcess) && (mSAKProcess->isRunning())) { + mSAKProcess->kill(SIGTERM); + delete mSAKProcess; + } - mControlPipeHandlerThread->terminate(); - mControlPipeHandlerThread->wait(); - delete mControlPipeHandler; -// delete mControlPipeHandlerThread; + mControlPipeHandlerThread->terminate(); + mControlPipeHandlerThread->wait(); + delete mControlPipeHandler; +// delete mControlPipeHandlerThread; - hide(); + hide(); } void SAKDlg::closeDialogForced() { - TQDialog::reject(); + TQDialog::reject(); } void SAKDlg::reject() { - + // } void SAKDlg::updateLabel(TQString &txt) { - mStatusLabel->setPaletteForegroundColor(Qt::black); - mStatusLabel->setText("<b>" + txt + "</b>"); + mStatusLabel->setPaletteForegroundColor(Qt::black); + mStatusLabel->setText("<b>" + txt + "</b>"); } void SAKDlg::show() { - TQDialog::show(); - TQApplication::flushX(); + TQDialog::show(); + TQApplication::flushX(); } #include "sakdlg.moc" diff --git a/tdm/kfrontend/sakdlg.h b/tdm/kfrontend/sakdlg.h index 22d5ec869..fd77dd028 100644 --- a/tdm/kfrontend/sakdlg.h +++ b/tdm/kfrontend/sakdlg.h @@ -22,6 +22,7 @@ class TQLabel; class KPushButton; class TQListView; class SAKDlg; +class TDECryptographicCardDevice; //=========================================================================== // @@ -30,40 +31,44 @@ class SAKDlg; // class SAKDlg : public TQDialog { - Q_OBJECT - -public: - SAKDlg(TQWidget *parent); - ~SAKDlg(); - virtual void show(); - - void updateLabel( TQString &txt ); - void closeDialogForced(); - -private slots: - void slotSAKProcessExited(); - void processInputPipeCommand(TQString command); - -protected slots: - virtual void reject(); - -private: - TQFrame *frame; - TQGridLayout *frameLayout; - TQLabel *mStatusLabel; - int mCapsLocked; - bool mUnlockingFailed; - TQStringList layoutsList; - TQStringList::iterator currLayout; - int sPid, sFd; - TDEProcess* mSAKProcess; - ControlPipeHandlerObject* mControlPipeHandler; - TQEventLoopThread* mControlPipeHandlerThread; - -protected: - bool closingDown; - - friend class ControlPipeHandlerObject; + Q_OBJECT + + public: + SAKDlg(TQWidget *parent); + ~SAKDlg(); + virtual void show(); + + void updateLabel( TQString &txt ); + void closeDialogForced(); + + private slots: + void slotSAKProcessExited(); + void processInputPipeCommand(TQString command); + + protected slots: + virtual void reject(); + + private slots: + void cryptographicCardInserted(TDECryptographicCardDevice*); + void cryptographicCardRemoved(TDECryptographicCardDevice*); + + protected: + bool closingDown; + + private: + TQFrame *frame; + TQGridLayout *frameLayout; + TQLabel *mStatusLabel; + int mCapsLocked; + bool mUnlockingFailed; + TQStringList layoutsList; + TQStringList::iterator currLayout; + int sPid, sFd; + TDEProcess* mSAKProcess; + ControlPipeHandlerObject* mControlPipeHandler; + TQEventLoopThread* mControlPipeHandlerThread; + + friend class ControlPipeHandlerObject; }; #endif |