diff options
| author | tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2011-09-20 20:01:11 +0000 |
|---|---|---|
| committer | tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da> | 2011-09-20 20:01:11 +0000 |
| commit | 32b6f4c4aeddfdda9343d59fba02ae7fe3e0b24c (patch) | |
| tree | ede5064d9754d063fecece08d81f8ef1e98cb3ba /usr/bin | |
| parent | 125b13c1760df7ad557d0d5462b39c7f092e2f3b (diff) | |
| download | smartcardauth-32b6f4c4aeddfdda9343d59fba02ae7fe3e0b24c.tar.gz smartcardauth-32b6f4c4aeddfdda9343d59fba02ae7fe3e0b24c.zip | |
Use new smartauthmon C++ program instead of the old bash script for smartcard authentication
This plugs several possible security holes
git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/applications/smartcardauth@1254687 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Diffstat (limited to 'usr/bin')
| -rwxr-xr-x | usr/bin/setupcard.sh | 32 | ||||
| -rwxr-xr-x | usr/bin/setupslavecard.sh | 7 |
2 files changed, 14 insertions, 25 deletions
diff --git a/usr/bin/setupcard.sh b/usr/bin/setupcard.sh index 32ff2b6..bd553d4 100755 --- a/usr/bin/setupcard.sh +++ b/usr/bin/setupcard.sh @@ -698,10 +698,10 @@ function loadpassword { GREETER="Welcome to the SmartCard authentication setup utility!\n\nAUT1 is the manual update key\nAUT2 is the login key\nAUT3 is the LUKS decrypt key\n\nCard ATR: $smartatr\nDetected: $CARD_NICE_NAME\n\nPlease select an action from the list below:" while [[ 1 -eq 1 ]]; do - if [ -e "/usr/bin/smartauthmon.sh" ]; then - LOGINOPTION="Disable automatic login for KDE3.5" + if [ -e "/etc/smartauth/smartauthmon.key" ]; then + LOGINOPTION="Disable automatic login for TDE" else - LOGINOPTION="Enable automatic login for KDE3.5" + LOGINOPTION="Enable automatic login for TDE" fi if [[ $COMMAND_MODE == "acos" ]]; then @@ -785,10 +785,6 @@ while [[ 1 -eq 1 ]]; do if [ -e "/etc/smartauth/smartauthmon.key" ]; then OLDKEY="<your key in hexadecimal>" NEWKEY=$(cat /etc/smartauth/smartauthmon.key) - cp -Rp /etc/smartauth/smartauthmon.sh.in /usr/bin/smartauthmon.sh - sed -i "s#${OLDKEY}#${NEWKEY}#g" /usr/bin/smartauthmon.sh - chmod 600 /usr/bin/smartauthmon.sh - chmod a+x /usr/bin/smartauthmon.sh fi fi fi @@ -849,10 +845,10 @@ while [[ 1 -eq 1 ]]; do echo "Securing directories..." chmod 600 "/boot/initrd.img-$(uname -r)" chmod -R 600 /etc/smartauth - if [ -e "/usr/bin/smartauthmon.sh" ]; then - echo "KDE3.5 login disabled; not altering" + if [ -e "/etc/smartauth/smartauthmon.key" ]; then + echo "TDE login disabled; not altering" else - selection="Enable automatic login for KDE3.5" + selection="Enable automatic login for TDE" fi else zenity --error --text "A SmartCard authentication error has occurred.\nNo changes have been made to your system." @@ -949,10 +945,10 @@ while [[ 1 -eq 1 ]]; do echo "Securing directories..." chmod 600 "/boot/initrd.img-$(uname -r)" chmod -R 600 /etc/smartauth - if [ -e "/usr/bin/smartauthmon.sh" ]; then - selection="Enable automatic login for KDE3.5" + if [ -e "/etc/smartauth/smartauthmon.key" ]; then + selection="Enable automatic login for TDE" else - echo "KDE3.5 login disabled; not altering" + echo "TDE login disabled; not altering" fi else zenity --error --text "A SmartCard authentication error has occurred." @@ -968,25 +964,20 @@ while [[ 1 -eq 1 ]]; do fi fi - if [[ $selection = "Enable automatic login for KDE3.5" ]]; then - cp -Rp /etc/smartauth/smartauthmon.sh.in /usr/bin/smartauthmon.sh + if [[ $selection = "Enable automatic login for TDE" ]]; then OLDKEY="<your key in hexadecimal>" authenticatecard "AUT2" if [[ $authenticated = "1" ]]; then NEWKEY=$autkey echo $NEWKEY > /etc/smartauth/smartauthmon.key - sed -i "s#${OLDKEY}#${NEWKEY}#g" /usr/bin/smartauthmon.sh - chmod 600 /usr/bin/smartauthmon.sh - chmod a+x /usr/bin/smartauthmon.sh update-rc.d smartauthlogin defaults /etc/init.d/smartauthlogin stop /etc/init.d/smartauthlogin start fi fi - if [[ $selection = "Disable automatic login for KDE3.5" ]]; then + if [[ $selection = "Disable automatic login for TDE" ]]; then /etc/init.d/smartauthlogin stop - rm -rf /usr/bin/smartauthmon.sh rm -rf /etc/smartauth/smartauthmon.key update-rc.d -f smartauthlogin remove fi @@ -1002,7 +993,6 @@ while [[ 1 -eq 1 ]]; do chmod -R 600 /etc/smartauth chown -R root /etc/smartauth chmod a+x /usr/bin/smartauth.sh - chmod a+x /usr/bin/smartauthmon.sh chmod 600 "/boot/initrd.img-$(uname -r)" chown root "/boot/initrd.img-$(uname -r)" exit diff --git a/usr/bin/setupslavecard.sh b/usr/bin/setupslavecard.sh index cdf3adf..9e54890 100755 --- a/usr/bin/setupslavecard.sh +++ b/usr/bin/setupslavecard.sh @@ -469,10 +469,10 @@ while [[ 1 -eq 1 ]]; do echo "Securing directories..." chmod 600 "/boot/initrd.img-$(uname -r)" chmod -R 600 /etc/smartauth - if [ -e "/usr/bin/smartauthmon.sh" ]; then - selection="Enable automatic login for KDE3.5" + if [ -e "/etc/smartauth/smartauthmon.key" ]; then + selection="Enable automatic login for TDE" else - echo "KDE3.5 login disabled; not altering" + echo "TDE login disabled; not altering" fi else zenity --error --text "A SmartCard authentication error has occurred." @@ -494,7 +494,6 @@ while [[ 1 -eq 1 ]]; do chmod -R 600 /etc/smartauth chown -R root /etc/smartauth chmod a+x /usr/bin/smartauth.sh - chmod a+x /usr/bin/smartauthmon.sh chmod 600 "/boot/initrd.img-$(uname -r)" chown root "/boot/initrd.img-$(uname -r)" exit |