From 32b6f4c4aeddfdda9343d59fba02ae7fe3e0b24c Mon Sep 17 00:00:00 2001
From: tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>
Date: Tue, 20 Sep 2011 20:01:11 +0000
Subject: Use new smartauthmon C++ program instead of the old bash script for
 smartcard authentication This plugs several possible security holes

git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/applications/smartcardauth@1254687 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
---
 usr/bin/setupcard.sh      | 32 +++++++++++---------------------
 usr/bin/setupslavecard.sh |  7 +++----
 2 files changed, 14 insertions(+), 25 deletions(-)

(limited to 'usr')

diff --git a/usr/bin/setupcard.sh b/usr/bin/setupcard.sh
index 32ff2b6..bd553d4 100755
--- a/usr/bin/setupcard.sh
+++ b/usr/bin/setupcard.sh
@@ -698,10 +698,10 @@ function loadpassword {
 GREETER="Welcome to the SmartCard authentication setup utility!\n\nAUT1 is the manual update key\nAUT2 is the login key\nAUT3 is the LUKS decrypt key\n\nCard ATR: $smartatr\nDetected: $CARD_NICE_NAME\n\nPlease select an action from the list below:"
 
 while [[ 1 -eq 1 ]]; do
-	if [ -e "/usr/bin/smartauthmon.sh" ]; then
-		LOGINOPTION="Disable automatic login for KDE3.5"
+	if [ -e "/etc/smartauth/smartauthmon.key" ]; then
+		LOGINOPTION="Disable automatic login for TDE"
 	else
-		LOGINOPTION="Enable automatic login for KDE3.5"
+		LOGINOPTION="Enable automatic login for TDE"
 	fi
 
 	if [[ $COMMAND_MODE == "acos" ]]; then
@@ -785,10 +785,6 @@ while [[ 1 -eq 1 ]]; do
 			if [ -e "/etc/smartauth/smartauthmon.key" ]; then
 				OLDKEY="<your key in hexadecimal>"
 				NEWKEY=$(cat /etc/smartauth/smartauthmon.key)
-				cp -Rp /etc/smartauth/smartauthmon.sh.in /usr/bin/smartauthmon.sh
-				sed -i "s#${OLDKEY}#${NEWKEY}#g" /usr/bin/smartauthmon.sh
-				chmod 600 /usr/bin/smartauthmon.sh
-				chmod a+x /usr/bin/smartauthmon.sh
 			fi
 		fi
 	fi
@@ -849,10 +845,10 @@ while [[ 1 -eq 1 ]]; do
 			echo "Securing directories..."
 			chmod 600 "/boot/initrd.img-$(uname -r)"
 			chmod -R 600 /etc/smartauth
-			if [ -e "/usr/bin/smartauthmon.sh" ]; then
-				echo "KDE3.5 login disabled; not altering"
+			if [ -e "/etc/smartauth/smartauthmon.key" ]; then
+				echo "TDE login disabled; not altering"
 			else
-				selection="Enable automatic login for KDE3.5"
+				selection="Enable automatic login for TDE"
 			fi
 		else
 			zenity --error --text "A SmartCard authentication error has occurred.\nNo changes have been made to your system."
@@ -949,10 +945,10 @@ while [[ 1 -eq 1 ]]; do
 							echo "Securing directories..."
 							chmod 600 "/boot/initrd.img-$(uname -r)"
 							chmod -R 600 /etc/smartauth
-							if [ -e "/usr/bin/smartauthmon.sh" ]; then
-								selection="Enable automatic login for KDE3.5"
+							if [ -e "/etc/smartauth/smartauthmon.key" ]; then
+								selection="Enable automatic login for TDE"
 							else
-								echo "KDE3.5 login disabled; not altering"
+								echo "TDE login disabled; not altering"
 							fi
 						else
 							zenity --error --text "A SmartCard authentication error has occurred."
@@ -968,25 +964,20 @@ while [[ 1 -eq 1 ]]; do
 		fi
 	fi
 
-	if [[ $selection = "Enable automatic login for KDE3.5" ]]; then
-		cp -Rp /etc/smartauth/smartauthmon.sh.in /usr/bin/smartauthmon.sh
+	if [[ $selection = "Enable automatic login for TDE" ]]; then
 		OLDKEY="<your key in hexadecimal>"
 		authenticatecard "AUT2"
 		if [[ $authenticated = "1" ]]; then
 			NEWKEY=$autkey
 			echo $NEWKEY > /etc/smartauth/smartauthmon.key
-			sed -i "s#${OLDKEY}#${NEWKEY}#g" /usr/bin/smartauthmon.sh
-			chmod 600 /usr/bin/smartauthmon.sh
-			chmod a+x /usr/bin/smartauthmon.sh
 			update-rc.d smartauthlogin defaults
 			/etc/init.d/smartauthlogin stop
 			/etc/init.d/smartauthlogin start
 		fi
 	fi
 
-	if [[ $selection = "Disable automatic login for KDE3.5" ]]; then
+	if [[ $selection = "Disable automatic login for TDE" ]]; then
 		/etc/init.d/smartauthlogin stop
-		rm -rf /usr/bin/smartauthmon.sh
 		rm -rf /etc/smartauth/smartauthmon.key
 		update-rc.d -f smartauthlogin remove
 	fi
@@ -1002,7 +993,6 @@ while [[ 1 -eq 1 ]]; do
 		chmod -R 600 /etc/smartauth
 		chown -R root /etc/smartauth
 		chmod a+x /usr/bin/smartauth.sh
-		chmod a+x /usr/bin/smartauthmon.sh
 		chmod 600 "/boot/initrd.img-$(uname -r)"
 		chown root "/boot/initrd.img-$(uname -r)"
 		exit
diff --git a/usr/bin/setupslavecard.sh b/usr/bin/setupslavecard.sh
index cdf3adf..9e54890 100755
--- a/usr/bin/setupslavecard.sh
+++ b/usr/bin/setupslavecard.sh
@@ -469,10 +469,10 @@ while [[ 1 -eq 1 ]]; do
 							echo "Securing directories..."
 							chmod 600 "/boot/initrd.img-$(uname -r)"
 							chmod -R 600 /etc/smartauth
-							if [ -e "/usr/bin/smartauthmon.sh" ]; then
-								selection="Enable automatic login for KDE3.5"
+							if [ -e "/etc/smartauth/smartauthmon.key" ]; then
+								selection="Enable automatic login for TDE"
 							else
-								echo "KDE3.5 login disabled; not altering"
+								echo "TDE login disabled; not altering"
 							fi
 						else
 							zenity --error --text "A SmartCard authentication error has occurred."
@@ -494,7 +494,6 @@ while [[ 1 -eq 1 ]]; do
 		chmod -R 600 /etc/smartauth
 		chown -R root /etc/smartauth
 		chmod a+x /usr/bin/smartauth.sh
-		chmod a+x /usr/bin/smartauthmon.sh
 		chmod 600 "/boot/initrd.img-$(uname -r)"
 		chown root "/boot/initrd.img-$(uname -r)"
 		exit
-- 
cgit v1.2.1