summaryrefslogtreecommitdiffstats
path: root/src/smartauthmon.cpp
diff options
context:
space:
mode:
authortpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>2011-09-21 21:23:46 +0000
committertpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>2011-09-21 21:23:46 +0000
commit38f40eb14d4e1ce626cef7c8400002ec96bbcfa1 (patch)
tree216ab918b966cd9eb482fb2454cbd416d549359d /src/smartauthmon.cpp
parent214716561bc27c38b414e93e1dc28e77a6951c5c (diff)
downloadsmartcardauth-38f40eb14d4e1ce626cef7c8400002ec96bbcfa1.tar.gz
smartcardauth-38f40eb14d4e1ce626cef7c8400002ec96bbcfa1.zip
Make smartauthlogin less dependent on Debian/Ubuntu
git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/applications/smartcardauth@1254874 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Diffstat (limited to 'src/smartauthmon.cpp')
-rw-r--r--src/smartauthmon.cpp90
1 files changed, 46 insertions, 44 deletions
diff --git a/src/smartauthmon.cpp b/src/smartauthmon.cpp
index f122cc0..0c353ab 100644
--- a/src/smartauthmon.cpp
+++ b/src/smartauthmon.cpp
@@ -75,7 +75,7 @@ TQString readfile(const char * filename) {
char *buf;
fp=fopen(filename, "rb");
if (fp == NULL) {
- printf("[WARNING] Unable to read from file %s\n\r", filename);
+ printf("[WARNING] Unable to read from file %s\n\r", filename); fflush(stdout);
return TQString();
}
fseek(fp,0,SEEK_END); // Seek to end
@@ -153,7 +153,7 @@ TQString get_file(TQString prefix, TQString mode) {
// Select EF prefix under DF 1000
systemexec((TQString("echo \"%1 %2\" > %3/query").tqarg(select_file).tqarg(prefix).tqarg(secure_directory)).ascii());
systemexec((TQString("scriptor %1/query 1> %2/response2").tqarg(secure_directory).tqarg(secure_directory)).ascii());
-// printf("[DEBUG 100.0] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii());
+// printf("[DEBUG 100.0] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii()); fflush(stdout);
// Read binary
systemexec((TQString("echo \"%1\" > %2/query").tqarg(read_binary).tqarg(secure_directory)).ascii());
@@ -173,7 +173,7 @@ TQString get_file(TQString prefix, TQString mode) {
newstring="";
systemexec((TQString("sed -i \"s#%1#%2#g\" %3/response4").tqarg(stringtoreplace).tqarg(newstring).tqarg(secure_directory)).ascii());
}
-// printf("[DEBUG 100.1] %s\n\r", readfile((TQString("%1/response4").tqarg(secure_directory))).ascii());
+// printf("[DEBUG 100.1] %s\n\r", readfile((TQString("%1/response4").tqarg(secure_directory))).ascii()); fflush(stdout);
unlink((TQString("%1/lukskey").tqarg(secure_directory)).ascii());
systemexec((TQString("xxd -r -p %1/response4 %2/lukskey").tqarg(secure_directory).tqarg(secure_directory)).ascii());
return(TQString("%1/lukskey").tqarg(secure_directory));
@@ -219,7 +219,7 @@ void createfile(TQString prefix, TQString mode)
systemexec((TQString("echo \"00 E0 00 00 1A 62 18 80 02 00 %1 82 01 01 83 02 %2 8A 01 %3 8C 08 7F 04 04 04 04 04 04 04\" > %4/query").tqarg(prefix).tqarg(mode).tqarg(CREATE_LIFE_CYCLE).tqarg(secure_directory)).ascii());
systemexec((TQString("scriptor %1/query 1> %2/response2 2>/dev/null").tqarg(secure_directory)).ascii());
- printf("[DEBUG 300.0] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii());
+ printf("[DEBUG 300.0] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii()); fflush(stdout);
}
}
@@ -228,7 +228,7 @@ void update_file(TQString prefix, TQString mode) {
// Select EF prefix under DF 1000
systemexec((TQString("echo \"$SELECT_FILE %1\" > %2/query").tqarg(prefix).tqarg(secure_directory)).ascii());
systemexec((TQString("scriptor %1/query 1> %2/response2").tqarg(secure_directory).tqarg(secure_directory)).ascii());
- printf("[DEBUG 200.0] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii());
+ printf("[DEBUG 200.0] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii()); fflush(stdout);
// Update existing file
// Zero pad input file
@@ -241,14 +241,14 @@ void update_file(TQString prefix, TQString mode) {
TQString hexready = readfile((TQString("%1/hexready").tqarg(secure_directory)).ascii());
systemexec((TQString("echo \"%1 %2\" > %3/query").tqarg(update_binary).tqarg(hexready).tqarg(secure_directory)).ascii());
systemexec((TQString("scriptor %1/query 1> %2/response2 2>/dev/null").tqarg(secure_directory).tqarg(secure_directory)).ascii());
- printf("[DEBUG 200.1] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii());
+ printf("[DEBUG 200.1] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii()); fflush(stdout);
}
if (command_mode == "cryptoflex") {
// Delete old file
systemexec((TQString("echo \"%1 $1\" > %2/query").tqarg(delete_file).tqarg(secure_directory)).ascii());
systemexec((TQString("scriptor %1/query 1> %2/response2 2>/dev/null").tqarg(secure_directory).tqarg(secure_directory)).ascii());
- printf("[DEBUG 200.2] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii());
+ printf("[DEBUG 200.2] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii()); fflush(stdout);
// Create new file
createfile("FF", prefix);
@@ -276,6 +276,8 @@ int main (int argc, char *argv[])
int internet_minutes;
int newdisplayint;
+ printf("[DEBUG 390.0] Starting up\n\r"); fflush(stdout);
+
// Create the secure directory and lock it down
secure_directory = SECURE_DIRECTORY_PATH;
rmrf(secure_directory.ascii());
@@ -289,27 +291,27 @@ int main (int argc, char *argv[])
chown(secure_directory.ascii(), 0, 0);
chmod(secure_directory.ascii(), 600);
- // Restart PCSCD and kill spurious processes
- systemexec("killall -9 pcscd 2>/dev/null 1>/dev/null");
- systemexec("/etc/init.d/pcscd restart 2>/dev/null 1>/dev/null");
- systemexec("/etc/init.d/pcscd-nodbus restart 2>/dev/null 1>/dev/null");
+ // Terminate old pcscd process from initrd
+ system("killall -9 pcscd");
// See if required programs are installed
TQString scriptor = exec("whereis scriptor");
if ( scriptor == "scriptor:" ) {
- printf("ERROR: scriptor is not installed! This program cannot continue!\n\r");
+ printf("ERROR: scriptor is not installed! This program cannot continue!\n\r"); fflush(stdout);
return 1;
}
TQString opensc = exec("whereis opensc-explorer");
if ( opensc == "opensc-explorer:" ) {
- printf("ERROR: opensc-explorer is not installed! This program cannot continue!\n\r");
+ printf("ERROR: opensc-explorer is not installed! This program cannot continue!\n\r"); fflush(stdout);
return 1;
}
+ printf("[DEBUG 390.2] Reading keys\n\r"); fflush(stdout);
+
// Read hexidecimal_key from the system crypto files
FILE* fpkey = fopen("/etc/smartauth/smartauthmon.key", "rb");
if (fpkey == NULL) {
- printf("Smart card login has been disabled. Exiting...\n\r");
+ printf("Smart card login has been disabled. Exiting...\n\r"); fflush(stdout);
return 1;
}
else {
@@ -319,12 +321,12 @@ int main (int argc, char *argv[])
hexidecimal_key.replace('\n', "");
oldsmartcard_username="";
- printf("[DEBUG 400.0] Ready...\n\r");
+ printf("[DEBUG 400.0] Ready...\n\r"); fflush(stdout);
while (1) {
sleep(1);
- int output = systemexec("echo \"exit\" | scriptor 2>/dev/null 1>/dev/null");
+ int output = systemexec("echo \"exit\" | timeout 1 scriptor 2>/dev/null 1>/dev/null");
if (output == 0) {
- printf("[DEBUG 400.1] Card inserted!\n\r");
+ printf("[DEBUG 400.1] Card inserted!\n\r"); fflush(stdout);
systemexec("echo \"TAuthenticating SmartCard...\" > /tmp/ksocket-global/kdesktoplockcontrol &");
// Get card ATR
@@ -338,18 +340,18 @@ int main (int argc, char *argv[])
TQString newstring="";
systemexec((TQString("sed -i \"s#%1#%2#g\" %3/response4").tqarg(stringtoreplace).tqarg(newstring).tqarg(secure_directory)).ascii());
TQString smartatr = readfile((TQString("%1/response4").tqarg(secure_directory)).ascii());
- printf("[DEBUG 400.2] Got ATR: %s\n\r", smartatr.ascii());
+ printf("[DEBUG 400.2] Got ATR: %s\n\r", smartatr.ascii()); fflush(stdout);
if (smartatr == "3B BE 18 00 00 41 05 10 00 00 00 00 00 00 00 00 00 90 00 ") {
- printf("[DEBUG 400.3] Detected ACOS5 card\n\r");
+ printf("[DEBUG 400.3] Detected ACOS5 card\n\r"); fflush(stdout);
command_mode="acos";
}
if (smartatr == "3B 02 14 50 ") {
- printf("[DEBUG 400.3] Detected Schlumberger CryptoFlex card\n\r");
+ printf("[DEBUG 400.3] Detected Schlumberger CryptoFlex card\n\r"); fflush(stdout);
command_mode="cryptoflex";
}
}
else {
- printf("[DEBUG 400.3] No card detected!\n\r");
+ printf("[DEBUG 400.3] No card detected!\n\r"); fflush(stdout);
}
if (command_mode == "cryptoflex") {
@@ -375,12 +377,12 @@ int main (int argc, char *argv[])
// Select MF
systemexec((TQString("echo \"00 A4 00 00 00\" > %1/query").tqarg(secure_directory)).ascii());
systemexec((TQString("scriptor %1/query 1> %2/response2").tqarg(secure_directory).tqarg(secure_directory)).ascii());
- printf("[DEBUG 400.4] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii());
+ printf("[DEBUG 400.4] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii()); fflush(stdout);
// Select DF 1000 under MF
systemexec((TQString("echo \"%1 10 00\" > %2/query").tqarg(select_file).tqarg(secure_directory)).ascii());
systemexec((TQString("scriptor %1/query 1> %2/response2").tqarg(secure_directory).tqarg(secure_directory)).ascii());
- printf("[DEBUG 400.5] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii());
+ printf("[DEBUG 400.5] %s\n\r", readfile((TQString("%1/response2").tqarg(secure_directory))).ascii()); fflush(stdout);
}
systemexec((TQString("echo %1 > %2/authscript").tqarg(get_challenge).tqarg(secure_directory)).ascii());
@@ -426,9 +428,9 @@ int main (int argc, char *argv[])
// Get the result
authokresponse = "< 90 00 : Normal processing";
response1 = exec((TQString("cat %1/response2 | grep \"%2\"").tqarg(secure_directory).tqarg(authokresponse)).ascii());
- printf("[DEBUG 400.6] %s\n\r", response1.ascii());
+ printf("[DEBUG 400.6] %s\n\r", response1.ascii()); fflush(stdout);
if (response1 != "") {
- printf("[DEBUG 400.7] Smart card validation successfull!\n\r");
+ printf("[DEBUG 400.7] Smart card validation successfull!\n\r"); fflush(stdout);
if (command_mode == "cryptoflex") {
opensc_explorer_file = popen("opensc-explorer 2>/dev/null 1>/dev/null", "w");
}
@@ -456,7 +458,7 @@ int main (int argc, char *argv[])
}
}
else {
- printf("[DEBUG 400.7] This card does not recognize this system!\n\r");
+ printf("[DEBUG 400.7] This card does not recognize this system!\n\r"); fflush(stdout);
systemexec("echo \"EInvalid SmartCard Inserted\" > /tmp/ksocket-global/kdesktoplockcontrol &");
sleep(1);
smartcard_username="";
@@ -480,7 +482,7 @@ int main (int argc, char *argv[])
}
if (smartcard_minutes == 0) {
- printf("[DEBUG 400.8] Minutes have been used up!\n\r");
+ printf("[DEBUG 400.8] Minutes have been used up!\n\r"); fflush(stdout);
// Prohibit logon
smartcard_username="";
unlink((TQString("%1/password").tqarg(secure_directory)).ascii());
@@ -506,7 +508,7 @@ int main (int argc, char *argv[])
noactivesessions=1;
result="okbutempty";
}
- printf("[DEBUG 400.9] %s\n\r", result.ascii());
+ printf("[DEBUG 400.9] %s\n\r", result.ascii()); fflush(stdout);
TQString resultbkp=result;
if (errcode == 0) {
@@ -538,7 +540,7 @@ int main (int argc, char *argv[])
while (index < MAXIMUM_VTS) {
if (darray[index] == smartcard_username) {
if (darray[index] != "") {
- printf("[DEBUG 400.a] Found existing session on desktop: %d\n\r", index);
+ printf("[DEBUG 400.a] Found existing session on desktop: %d\n\r", index); fflush(stdout);
foundsession=1;
udisplay = TQString(":%1").tqarg(index);
// Check password
@@ -552,7 +554,7 @@ int main (int argc, char *argv[])
}
}
else {
- printf("[DEBUG 400.b] Username not specified\n\r");
+ printf("[DEBUG 400.b] Username not specified\n\r"); fflush(stdout);
foundsession=2;
sleep(1);
}
@@ -561,29 +563,29 @@ int main (int argc, char *argv[])
}
if (foundsession == 0) {
- printf("[DEBUG 400.c] Existing session not found, starting new...\n\r");
+ printf("[DEBUG 400.c] Existing session not found, starting new...\n\r"); fflush(stdout);
// Make sure that this is not display :0 (default login screen).
// If it is, execute login. If not, create new session, then execute login
int usebasedisplay=0;
if (noactivesessions == 1) {
newdisplay = exec("ls /var/run/xdmctl/ | grep 'xdmctl-:0'");
- printf("[DEBUG 400.d] %s\n\r", newdisplay.ascii());
+ printf("[DEBUG 400.d] %s\n\r", newdisplay.ascii()); fflush(stdout);
if (newdisplay != "") {
usebasedisplay=1;
}
}
if (!resultbkp.contains(":")) {
newdisplay = exec("ls /var/run/xdmctl/ | grep 'xdmctl-:0'");
- printf("[DEBUG 400.d] %s\n\r", newdisplay.ascii());
+ printf("[DEBUG 400.d] %s\n\r", newdisplay.ascii()); fflush(stdout);
if (newdisplay != "") {
usebasedisplay=1;
}
}
- printf("[DEBUG 400.e] Creating new session\n\r");
+ printf("[DEBUG 400.e] Creating new session\n\r"); fflush(stdout);
if (usebasedisplay) {
- printf("[DEBUG 400.e] Using base display\n\r");
+ printf("[DEBUG 400.e] Using base display\n\r"); fflush(stdout);
}
// Attempt login
@@ -611,7 +613,7 @@ int main (int argc, char *argv[])
newdisplayint = systemexec("smartauth_displayfinder");
newdisplay = TQString(":%1").tqarg(newdisplayint);
- printf("[DEBUG 400.f] The next display to start will be %s\n\r", newdisplay.ascii());
+ printf("[DEBUG 400.f] The next display to start will be %s\n\r", newdisplay.ascii()); fflush(stdout);
if (!usebasedisplay) {
systemexec(TRINITY_BIN_PREFIX "kdmctl -g reserve");
@@ -661,7 +663,7 @@ int main (int argc, char *argv[])
update_file("10 05", TQString("%1/minutes").tqarg(secure_directory));
if (smartcard_minutes == 0) {
- printf("[DEBUG 401.0] Minutes have been used up!\n\r");
+ printf("[DEBUG 401.0] Minutes have been used up!\n\r"); fflush(stdout);
// Prohibit logon
smartcard_username="";
unlink((TQString("%1/password").tqarg(secure_directory)).ascii());
@@ -676,15 +678,15 @@ int main (int argc, char *argv[])
}
if (smartcard_minutes == 0) {
- printf("[DEBUG 401.1] Minutes have been used up!\n\r");
- printf("[DEBUG 401.2] Beginning logoff process\n\r");
+ printf("[DEBUG 401.1] Minutes have been used up!\n\r"); fflush(stdout);
+ printf("[DEBUG 401.2] Beginning logoff process\n\r"); fflush(stdout);
output=254;
}
}
}
}
- printf("[DEBUG 401.3] Card removed\n\r");
+ printf("[DEBUG 401.3] Card removed\n\r"); fflush(stdout);
// Is the user still logged in?
result="ok";
@@ -695,7 +697,7 @@ int main (int argc, char *argv[])
noactivesessions=1;
result="okbutempty";
}
- printf("[DEBUG 401.4] %s\n\r", result.ascii());
+ printf("[DEBUG 401.4] %s\n\r", result.ascii()); fflush(stdout);
// Zero the desktop array
index=0;
@@ -718,7 +720,7 @@ int main (int argc, char *argv[])
while (index != MAXIMUM_VTS) {
if (darray[index] == smartcard_username) {
if (darray[index] != "") {
- printf("[DEBUG 401.5] Found existing session on desktop: %d\n\r", index);
+ printf("[DEBUG 401.5] Found existing session on desktop: %d\n\r", index); fflush(stdout);
udisplay = TQString(":%1").tqarg(index);
foundsession=1;
errcode=1;
@@ -737,13 +739,13 @@ int main (int argc, char *argv[])
logouttest = exec((TQString("echo %1 | grep 'target display has no VT assigned'").tqarg(blankresult)).ascii());
if (logouttest != "") {
- printf("[DEBUG 401.6] User has logged out\n\r");
+ printf("[DEBUG 401.6] User has logged out\n\r"); fflush(stdout);
blankresult="true";
}
}
}
else {
- printf("[DEBUG 401.7] Username not specified!\n\r");
+ printf("[DEBUG 401.7] Username not specified!\n\r"); fflush(stdout);
sleep(1);
}
}