From 5fb3200dbf531059c194b96ec2cea8376ca941df Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Tue, 29 Sep 2015 15:07:45 -0500 Subject: Allow Kerberos ticket init via cryptographic card --- src/toplevel.cpp | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/src/toplevel.cpp b/src/toplevel.cpp index 6442a78..abbff54 100644 --- a/src/toplevel.cpp +++ b/src/toplevel.cpp @@ -54,6 +54,11 @@ #include #include +#include + +#include +#include + #include "configdlg.h" #include "toplevel.h" @@ -89,6 +94,15 @@ TopLevel::TopLevel() : KSystemTray(), ticketWatch(0), m_refreshTimer(0), m_reque menu->insertItem(SmallIcon("help"), i18n("&Help"), helpMnu); menu->insertItem(SmallIcon("system-log-out"), i18n("Quit"), kapp, TQT_SLOT(quit())); + // Set up card monitoring + TDEGenericDevice *hwdevice; + TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); + TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); + for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { + TDECryptographicCardDevice* cdevice = static_cast(hwdevice); + cdevice->enableCardMonitoring(true); + } + load(); updateTicketList(); @@ -219,6 +233,32 @@ void TopLevel::updateMenu() { } void TopLevel::getNewTicket(bool requestServiceTicket) { + bool allow_card = false; + TDEGenericDevice *hwdevice; + TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); + TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); + for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { + TDECryptographicCardDevice* cdevice = static_cast(hwdevice); + TQString login_name = TQString::null; + X509CertificatePtrList certList = cdevice->cardX509Certificates(); + if (certList.count() > 0) { + KSSLCertificate* card_cert = NULL; + card_cert = KSSLCertificate::fromX509(certList[0]); + TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false); + for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) { + TQString lcpart = (*it).lower(); + if (lcpart.startsWith("cn=")) { + login_name = lcpart.right(lcpart.length() - strlen("cn=")); + } + } + delete card_cert; + } + if (login_name != "") { + allow_card = true; + break; + } + } + LDAPCredentials credentials; if (m_ticketList.count() > 0) { TQStringList princParts = TQStringList::split("@", m_ticketList[0].cachePrincipal); @@ -231,7 +271,7 @@ void TopLevel::getNewTicket(bool requestServiceTicket) { credentials.username = TQString(pwd->pw_name); } } - int result = LDAPManager::getKerberosPassword(credentials, i18n("Please provide Kerberos credentials"), requestServiceTicket, this); + int result = LDAPManager::getKerberosPassword(credentials, i18n("Please provide Kerberos credentials"), requestServiceTicket, allow_card, this); if (result == KDialog::Accepted) { TQString errorstring; TQString service; -- cgit v1.2.1