summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2015-09-14 20:46:15 -0500
committerTimothy Pearson <[email protected]>2015-09-14 20:46:15 -0500
commit6095bc10ad5fc08d8202e3a8f05a7998253f6e6c (patch)
tree15332ae5fcab1282ff24ad1a5cdc6b3ad6e805bd
parent9556cd9e6908d6906717a89fff12b046beaeb7fd (diff)
downloadtdebase-6095bc10ad5fc08d8202e3a8f05a7998253f6e6c.tar.gz
tdebase-6095bc10ad5fc08d8202e3a8f05a7998253f6e6c.zip
Add cryptographic card support to LUKS configuration
-rw-r--r--kcontrol/hwmanager/cryptpassworddlg.cpp33
-rw-r--r--kcontrol/hwmanager/cryptpassworddlg.h5
-rw-r--r--kcontrol/hwmanager/cryptpassworddlgbase.ui16
-rw-r--r--kcontrol/hwmanager/devicepropsdlg.cpp228
-rw-r--r--kcontrol/hwmanager/devicepropsdlgbase.ui24
-rw-r--r--kcontrol/hwmanager/hwmanager.cpp27
-rw-r--r--kcontrol/hwmanager/hwmanager.h1
7 files changed, 319 insertions, 15 deletions
diff --git a/kcontrol/hwmanager/cryptpassworddlg.cpp b/kcontrol/hwmanager/cryptpassworddlg.cpp
index 43d714e12..1d66d89c1 100644
--- a/kcontrol/hwmanager/cryptpassworddlg.cpp
+++ b/kcontrol/hwmanager/cryptpassworddlg.cpp
@@ -46,11 +46,13 @@
#include <kpushbutton.h>
#include <kstdguiitem.h>
#include <tdemessagebox.h>
+#include <ksslcertificate.h>
#include "cryptpassworddlg.h"
-CryptPasswordDialog::CryptPasswordDialog(TQWidget *parent, TQString passwordPrompt, TQString caption)
- : KDialogBase(Plain, ((caption == "")?i18n("Enter Password"):caption), Ok|Cancel, Ok, parent, 0L, true, true)
+CryptPasswordDialog::CryptPasswordDialog(TQWidget *parent, TQString passwordPrompt, TQString caption, bool allow_card, KSSLCertificate* card_cert, bool* use_card)
+ : KDialogBase(Plain, ((caption == "")?i18n("Enter Password"):caption), Ok|Cancel, Ok, parent, 0L, true, true),
+ m_useCard(use_card)
{
m_base = new CryptPasswordDialogBase(plainPage());
@@ -61,8 +63,19 @@ CryptPasswordDialog::CryptPasswordDialog(TQWidget *parent, TQString passwordProm
m_base->passwordPrompt->setText(passwordPrompt);
m_base->passwordIcon->setPixmap(SmallIcon("password.png"));
+ if (!allow_card) {
+ m_base->cardKeyButton->hide();
+ m_base->cardKeyInfo->hide();
+ }
+ else {
+ if (card_cert) {
+ m_base->cardKeyInfo->setText(card_cert->getSubject());
+ }
+ }
+
connect(m_base->textPasswordButton, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts()));
connect(m_base->filePasswordButton, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts()));
+ connect(m_base->cardKeyButton, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts()));
connect(m_base->textPasswordEntry, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(processLockouts()));
connect(m_base->filePasswordURL, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(processLockouts()));
@@ -78,9 +91,14 @@ CryptPasswordDialog::~CryptPasswordDialog()
TQByteArray CryptPasswordDialog::password() {
if (m_base->textPasswordButton->isOn() == true) {
m_password.duplicate(m_base->textPasswordEntry->password(), strlen(m_base->textPasswordEntry->password()));
+ if (m_useCard) *m_useCard = false;
}
- else {
+ else if (m_base->filePasswordButton->isOn() == true) {
m_password = TQFile(m_base->filePasswordURL->url()).readAll();
+ if (m_useCard) *m_useCard = false;
+ }
+ else {
+ if (m_useCard) *m_useCard = true;
}
return m_password;
@@ -90,6 +108,7 @@ void CryptPasswordDialog::processLockouts() {
if (m_base->textPasswordButton->isOn() == true) {
m_base->textPasswordEntry->setEnabled(true);
m_base->filePasswordURL->setEnabled(false);
+ m_base->textPasswordEntry->setFocus();
if (strlen(m_base->textPasswordEntry->password()) > 0) {
enableButtonOK(true);
}
@@ -97,9 +116,10 @@ void CryptPasswordDialog::processLockouts() {
enableButtonOK(false);
}
}
- else {
+ else if (m_base->filePasswordButton->isOn() == true) {
m_base->textPasswordEntry->setEnabled(false);
m_base->filePasswordURL->setEnabled(true);
+ m_base->filePasswordURL->setFocus();
if (TQFile(m_base->filePasswordURL->url()).exists()) {
enableButtonOK(true);
}
@@ -107,6 +127,11 @@ void CryptPasswordDialog::processLockouts() {
enableButtonOK(false);
}
}
+ else {
+ m_base->textPasswordEntry->setEnabled(false);
+ m_base->filePasswordURL->setEnabled(false);
+ enableButtonOK(true);
+ }
}
void CryptPasswordDialog::virtual_hook( int id, void* data )
diff --git a/kcontrol/hwmanager/cryptpassworddlg.h b/kcontrol/hwmanager/cryptpassworddlg.h
index 8cec6e55b..d595c4a73 100644
--- a/kcontrol/hwmanager/cryptpassworddlg.h
+++ b/kcontrol/hwmanager/cryptpassworddlg.h
@@ -23,6 +23,8 @@
#include "cryptpassworddlgbase.h"
+class KSSLCertificate;
+
/**
*
* Dialog to enter LUKS passwords or password files
@@ -39,7 +41,7 @@ public:
* Create a dialog that allows a user to enter LUKS passwords or password files
* @param parent Parent widget
*/
- CryptPasswordDialog(TQWidget *parent, TQString passwordPrompt, TQString caption=TQString::null);
+ CryptPasswordDialog(TQWidget *parent, TQString passwordPrompt, TQString caption=TQString::null, bool allow_card=false, KSSLCertificate* card_cert=NULL, bool* use_card=NULL);
virtual ~CryptPasswordDialog();
TQByteArray password();
@@ -53,6 +55,7 @@ private slots:
private:
CryptPasswordDialogBase* m_base;
TQByteArray m_password;
+ bool* m_useCard;
class CryptPasswordDialogPrivate;
CryptPasswordDialogPrivate* d;
diff --git a/kcontrol/hwmanager/cryptpassworddlgbase.ui b/kcontrol/hwmanager/cryptpassworddlgbase.ui
index 7c61187ae..549a591b0 100644
--- a/kcontrol/hwmanager/cryptpassworddlgbase.ui
+++ b/kcontrol/hwmanager/cryptpassworddlgbase.ui
@@ -112,6 +112,22 @@
<number>17</number>
</property>
</widget>
+ <widget class="TQRadioButton" row="2" column="0" colspan="1">
+ <property name="name">
+ <cstring>cardKeyButton</cstring>
+ </property>
+ <property name="text">
+ <string>Cryptographic Card</string>
+ </property>
+ </widget>
+ <widget class="TQLabel" row="2" column="1" colspan="1">
+ <property name="name">
+ <cstring>cardKeyInfo</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ </widget>
</grid>
</widget>
</grid>
diff --git a/kcontrol/hwmanager/devicepropsdlg.cpp b/kcontrol/hwmanager/devicepropsdlg.cpp
index 7ce36f1b3..a1ef81c2b 100644
--- a/kcontrol/hwmanager/devicepropsdlg.cpp
+++ b/kcontrol/hwmanager/devicepropsdlg.cpp
@@ -41,6 +41,7 @@
#include <kpushbutton.h>
#include <kstdguiitem.h>
#include <tdemessagebox.h>
+#include <ksslcertificate.h>
#include "cryptpassworddlg.h"
@@ -800,12 +801,47 @@ void DevicePropertiesDialog::updateCryptographicCardStatusDisplay() {
int status = cdevice->cardPresent();
if ((status < 0) ||(status > 1)) {
base->labelCardStatus->setText(i18n("Unknown"));
+ base->labelCardCertificates->setText("");
+ base->groupCardCerts->hide();
}
else if (status == 0) {
base->labelCardStatus->setText(i18n("Empty"));
+ base->labelCardCertificates->setText("");
+ base->groupCardCerts->hide();
}
else if (status == 1) {
base->labelCardStatus->setText(i18n("Inserted") + TQString("<br>") + i18n("ATR: %1").arg(cdevice->cardATR()));
+
+ X509CertificatePtrList certList = cdevice->cardX509Certificates();
+
+ if (certList.count() > 0) {
+ // Assemble list of certificates on card
+ unsigned int certificate_number = 1;
+ TQString certInfo = "<qt>";
+ X509CertificatePtrList::iterator it;
+ for (it = certList.begin(); it != certList.end(); ++it) {
+ KSSLCertificate* tdeCert = KSSLCertificate::fromX509(*it);
+ KSSLCertificate::KSSLValidation validationStatus = tdeCert->validate();
+ certInfo += i18n("Certificate #%1").arg(certificate_number) + ":<br>";
+ certInfo += i18n("Subject") + ": " + tdeCert->getSubject() + "<br>";
+ certInfo += i18n("Issuer") + ": " + tdeCert->getIssuer() + "<br>";
+ certInfo += i18n("Status") + ": " + KSSLCertificate::verifyText(validationStatus) + "<br>";
+ certInfo += i18n("Valid From") + ": " + tdeCert->getNotBefore() + "<br>";
+ certInfo += i18n("Valid Until") + ": " + tdeCert->getNotAfter() + "<br>";
+ certInfo += i18n("Serial Number") + ": " + tdeCert->getSerialNumber() + "<br>";
+ certInfo += i18n("MD5 Digest") + ": " + tdeCert->getMD5DigestText() + "<br>";
+ certInfo += "<p>";
+ delete tdeCert;
+ certificate_number++;
+ }
+ certInfo += "</qt>";
+ base->labelCardCertificates->setText(certInfo);
+ base->groupCardCerts->show();
+ }
+ else {
+ base->labelCardCertificates->setText("");
+ base->groupCardCerts->hide();
+ }
}
}
@@ -879,27 +915,169 @@ void DevicePropertiesDialog::unmountDisk() {
}
void DevicePropertiesDialog::cryptLUKSAddKey() {
+ int retcode;
+
if (m_device->type() == TDEGenericDeviceType::Disk) {
TDEStorageDevice* sdevice = static_cast<TDEStorageDevice*>(m_device);
TQListViewItem* lvi = base->cryptLUKSKeySlotList->selectedItem();
if (lvi) {
+ TDECryptographicCardDevice* cdevice = NULL;
+ unsigned int key_slot = lvi->text(0).toUInt();
+ bool allow_card = false;
+ bool use_card = false;
+ KSSLCertificate* card_cert = NULL;
+ X509* card_cert_x509;
+ TQString disk_uuid = sdevice->diskUUID();
+ TDEGenericDevice *hwdevice;
+ TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
+ TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
+ for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
+ cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+ X509CertificatePtrList certList = cdevice->cardX509Certificates();
+ if (certList.count() > 0) {
+ allow_card = true;
+ card_cert_x509 = certList[0];
+ card_cert = KSSLCertificate::fromX509(certList[0]);
+ }
+ }
TQByteArray new_password;
- CryptPasswordDialog* passDlg = new CryptPasswordDialog(this, i18n("Enter the new LUKS password for key slot %1").arg(lvi->text(0)));
+ CryptPasswordDialog* passDlg = new CryptPasswordDialog(this, i18n("Enter the new LUKS password for key slot %1").arg(key_slot), TQString::null, allow_card, card_cert, &use_card);
if (passDlg->exec() == TQDialog::Accepted) {
new_password = passDlg->password();
+ if (allow_card && use_card) {
+ // Create new private key for disk device
+ if (!TQDir("/etc/trinity/luks").exists()) {
+ TQDir directory;
+ if (!directory.mkdir("/etc/trinity/luks", true)) {
+ KMessageBox::error(this, i18n("<qt><b>Key creation failed</b><br>Please check that you have write access to /etc/trinity and try again</qt>"), i18n("Key creation failure"));
+ delete card_cert;
+ return;
+ }
+ }
+ if (!TQDir("/etc/trinity/luks/card").exists()) {
+ TQDir directory;
+ if (!directory.mkdir("/etc/trinity/luks/card", true)) {
+ KMessageBox::error(this, i18n("<qt><b>Key creation failed</b><br>Please check that you have write access to /etc/trinity/luks and try again</qt>"), i18n("Key creation failure"));
+ delete card_cert;
+ return;
+ }
+ }
+ TQString cryptoFileName = TQString("/etc/trinity/luks/card/%1_slot%2").arg(disk_uuid).arg(key_slot);
+ TQFile file(cryptoFileName);
+ if (file.exists()) {
+ if (KMessageBox::warningYesNo(this, i18n("<qt><b>You are about to overwrite an existing card key for LUKS key slot %1</b><br>This action cannot be undone<p>Are you sure you want to proceed?</qt>").arg(key_slot), i18n("Confirmation Required")) != KMessageBox::Yes) {
+ delete card_cert;
+ return;
+ }
+ }
+ if (file.open(IO_WriteOnly)) {
+ TQByteArray randomKey;
+ TQByteArray encryptedRandomKey;
+
+ // Create a new secret key using the public key from the card certificate
+ if (TDECryptographicCardDevice::createNewSecretRSAKeyFromCertificate(randomKey, encryptedRandomKey, card_cert_x509) < 0) {
+ KMessageBox::error(this, i18n("<qt><b>Key creation failed</b><br>Unable to create new secret key using the provided X509 certificate</qt>"), i18n("Key creation failure"));
+ delete card_cert;
+ return;
+ }
+
+ // Write the encrypted key file to disk
+ file.writeBlock(encryptedRandomKey, encryptedRandomKey.size());
+ file.close();
+
+ // Use the secret key as the LUKS passcode
+ new_password = randomKey;
+ }
+ else {
+ KMessageBox::error(this, i18n("<qt><b>Key creation failed</b><br>Please check that you have write access to /etc/trinity/luks/card and try again</qt>"), i18n("Key creation failure"));
+ delete card_cert;
+ return;
+ }
+ }
delete passDlg;
if (!sdevice->cryptOperationsUnlockPasswordSet()) {
TQCString password;
- passDlg = new CryptPasswordDialog(this, i18n("Enter the LUKS device unlock password"));
+ passDlg = new CryptPasswordDialog(this, i18n("Enter the LUKS device unlock password"), TQString::null, allow_card, card_cert, &use_card);
if (passDlg->exec() == TQDialog::Accepted) {
- sdevice->cryptSetOperationsUnlockPassword(passDlg->password());
+ TQByteArray unlockPassword = passDlg->password();
+ if (use_card) {
+ // List all matching keys in directory and try each in turn...
+ TQDir luksKeyDir("/etc/trinity/luks/card/");
+ luksKeyDir.setFilter(TQDir::Files);
+ luksKeyDir.setSorting(TQDir::Unsorted);
+
+ TQValueList<TQByteArray> luksCryptedList;
+ TQValueList<TQByteArray> luksDecryptedList;
+ TQValueList<int> luksSlotNumberList;
+
+ const TQFileInfoList *luksKeyDirList = luksKeyDir.entryInfoList();
+ TQFileInfoListIterator it(*luksKeyDirList);
+ TQFileInfo *luksKeyFileInfo;
+ TQString errstr;
+ while ((luksKeyFileInfo = it.current()) != 0) {
+ if (luksKeyFileInfo->fileName().startsWith(disk_uuid) && luksKeyFileInfo->fileName().contains("_slot")) {
+ // Found candidate, try decryption
+ TQFile luksKeyFile(luksKeyFileInfo->absFilePath());
+ if (luksKeyFile.open(IO_ReadOnly)) {
+ TQByteArray keycrypted = luksKeyFile.readAll();
+ luksCryptedList.append(keycrypted);
+
+ // Parse the file name and find the matching key slot
+ int current_card_keyslot = -1;
+ TQString fileName = luksKeyFile.name();
+ int pos = fileName.find("_slot");
+ if (pos >= 0) {
+ fileName.remove(0, pos + strlen("_slot"));
+ current_card_keyslot = fileName.toInt();
+ luksSlotNumberList.append(current_card_keyslot);
+ }
+ }
+ }
+ ++it;
+ }
+
+ // Decrypt LUKS keys
+ TQValueList<int> retCodeList;
+ retcode = cdevice->decryptDataEncryptedWithCertPublicKey(luksCryptedList, luksDecryptedList, retCodeList, &errstr);
+ TQValueList<TQByteArray>::iterator it2;
+ TQValueList<int>::iterator it3;
+ TQValueList<int>::iterator it4;
+ for (it2 = luksDecryptedList.begin(), it3 = retCodeList.begin(), it4 = luksSlotNumberList.begin(); it2 != luksDecryptedList.end(); ++it2, ++it3, ++it4) {
+ TQByteArray luksKeyData = *it2;
+ retcode = *it3;
+ int current_card_keyslot = *it4;
+ if (retcode == -3) {
+ // User cancelled
+ break;
+ }
+ if (retcode < 0) {
+ // ERROR
+ }
+ else {
+ // Key decryption successful, try to open LUKS device...
+ sdevice->cryptSetOperationsUnlockPassword(luksKeyData);
+ if (sdevice->cryptCheckKey(current_card_keyslot) == TDELUKSResult::Success) {
+ break;
+ }
+ else {
+ sdevice->cryptClearOperationsUnlockPassword();
+ }
+ }
+ }
+ if (!sdevice->cryptOperationsUnlockPasswordSet()) {
+ KMessageBox::error(this, i18n("<qt><b>Key write failed</b><br>Please check the LUKS password and try again</qt>"), i18n("Key write failure"));
+ }
+ }
+ else {
+ sdevice->cryptSetOperationsUnlockPassword(unlockPassword);
+ }
}
delete passDlg;
}
if (sdevice->cryptOperationsUnlockPasswordSet()) {
- if ((lvi->text(1) == sdevice->cryptKeySlotFriendlyName(TDELUKSKeySlotStatus::Inactive)) || (KMessageBox::warningYesNo(this, i18n("<qt><b>You are about to overwrite the key in key slot %1</b><br>This action cannot be undone<p>Are you sure you want to proceed?</qt>").arg(lvi->text(0)), i18n("Confirmation Required")) == KMessageBox::Yes)) {
- if (sdevice->cryptAddKey(lvi->text(0).toUInt(), new_password) != TDELUKSResult::Success) {
+ if ((lvi->text(1) == sdevice->cryptKeySlotFriendlyName(TDELUKSKeySlotStatus::Inactive)) || (KMessageBox::warningYesNo(this, i18n("<qt><b>You are about to overwrite the key in key slot %1</b><br>This action cannot be undone<p>Are you sure you want to proceed?</qt>").arg(key_slot), i18n("Confirmation Required")) == KMessageBox::Yes)) {
+ if (sdevice->cryptAddKey(key_slot, new_password) != TDELUKSResult::Success) {
sdevice->cryptClearOperationsUnlockPassword();
KMessageBox::error(this, i18n("<qt><b>Key write failed</b><br>Please check the LUKS password and try again</qt>"), i18n("Key write failure"));
}
@@ -909,6 +1087,7 @@ void DevicePropertiesDialog::cryptLUKSAddKey() {
else {
delete passDlg;
}
+ delete card_cert;
}
}
@@ -921,17 +1100,52 @@ void DevicePropertiesDialog::cryptLUKSDelKey() {
TQListViewItem* lvi = base->cryptLUKSKeySlotList->selectedItem();
if (lvi) {
+ unsigned int key_slot = lvi->text(0).toUInt();
if (KMessageBox::warningYesNo(this, i18n("<qt><b>You are about to purge the key in key slot %1</b><br>This action cannot be undone<p>Are you sure you want to proceed?</qt>").arg(lvi->text(0)), i18n("Confirmation Required")) == KMessageBox::Yes) {
- if (sdevice->cryptKeySlotStatus()[lvi->text(0).toUInt()] & TDELUKSKeySlotStatus::Last) {
+ if (sdevice->cryptKeySlotStatus()[key_slot] & TDELUKSKeySlotStatus::Last) {
if (KMessageBox::warningYesNo(this, i18n("<qt><b>You are about to purge the last active key from the device!</b><p>This action will render the contents of the encrypted device permanently inaccessable and cannot be undone<p>Are you sure you want to proceed?</qt>"), i18n("Confirmation Required")) != KMessageBox::Yes) {
cryptLUKSPopulateList();
return;
}
}
- if (sdevice->cryptDelKey(lvi->text(0).toUInt()) != TDELUKSResult::Success) {
+ if (sdevice->cryptDelKey(key_slot) != TDELUKSResult::Success) {
sdevice->cryptClearOperationsUnlockPassword();
KMessageBox::error(this, i18n("<qt><b>Key purge failed</b><br>The key in key slot %1 is still active</qt>").arg(lvi->text(0)), i18n("Key purge failure"));
}
+ else {
+ // See if there was a cryptographic card key associated with this device and slot
+ TQString disk_uuid = sdevice->diskUUID();
+ TQDir luksKeyDir("/etc/trinity/luks/card/");
+ luksKeyDir.setFilter(TQDir::Files);
+ luksKeyDir.setSorting(TQDir::Unsorted);
+
+ const TQFileInfoList *luksKeyDirList = luksKeyDir.entryInfoList();
+ TQFileInfoListIterator it(*luksKeyDirList);
+ TQFileInfo *luksKeyFileInfo;
+ TQString errstr;
+ while ((luksKeyFileInfo = it.current()) != 0) {
+ if (luksKeyFileInfo->fileName().startsWith(disk_uuid) && luksKeyFileInfo->fileName().contains("_slot")) {
+ // Parse the file name and find the matching key slot
+ int current_card_keyslot = -1;
+ TQString fileName = luksKeyFileInfo->absFilePath();
+ TQString fileNameSlot = fileName;
+ int pos = fileNameSlot.find("_slot");
+ if (pos >= 0) {
+ fileNameSlot.remove(0, pos + strlen("_slot"));
+ current_card_keyslot = fileNameSlot.toInt();
+ if (current_card_keyslot >= 0) {
+ if ((unsigned int)current_card_keyslot == key_slot) {
+ if (!TQFile(fileName).remove()) {
+ KMessageBox::error(this, i18n("<qt><b>Card key purge failed</b><br>The card key for slot %1 has been fully deactivated but is still present on your system<br>This does not present a significant security risk</qt>").arg(lvi->text(0)), i18n("Key purge failure"));
+ }
+ break;
+ }
+ }
+ }
+ }
+ ++it;
+ }
+ }
}
}
}
diff --git a/kcontrol/hwmanager/devicepropsdlgbase.ui b/kcontrol/hwmanager/devicepropsdlgbase.ui
index de77d5f91..131cf69bf 100644
--- a/kcontrol/hwmanager/devicepropsdlgbase.ui
+++ b/kcontrol/hwmanager/devicepropsdlgbase.ui
@@ -1652,6 +1652,30 @@
</widget>
</grid>
</widget>
+ <widget class="TQGroupBox" row="1" column="0">
+ <property name="name">
+ <cstring>groupCardCerts</cstring>
+ </property>
+ <property name="title">
+ <string>Card Certificates</string>
+ </property>
+ <grid>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="TQLabel" row="0" column="0" colspan="1">
+ <property name="name">
+ <cstring>labelCardCertificates</cstring>
+ </property>
+ <property name="text">
+ <string></string>
+ </property>
+ <property name="alignment">
+ <set>AlignTop|AlignLeft</set>
+ </property>
+ </widget>
+ </grid>
+ </widget>
<spacer row="8" column="0">
<property name="name" stdset="0">
<cstring>Spacer4</cstring>
diff --git a/kcontrol/hwmanager/hwmanager.cpp b/kcontrol/hwmanager/hwmanager.cpp
index 00b5143bf..1cd8b04e0 100644
--- a/kcontrol/hwmanager/hwmanager.cpp
+++ b/kcontrol/hwmanager/hwmanager.cpp
@@ -42,6 +42,7 @@
#include <kgenericfactory.h>
#include <unistd.h>
+#include <kpassdlg.h>
#include <ksimpleconfig.h>
#include <string>
#include <stdio.h>
@@ -147,7 +148,10 @@ void TDEHWManager::populateTreeView()
TDEGenericDevice *hwdevice;
for ( hwdevice = hwlist.first(); hwdevice; hwdevice = hwlist.next() ) {
if (hwdevice->type() == TDEGenericDeviceType::CryptographicCard) {
- static_cast<TDECryptographicCardDevice*>(hwdevice)->enableCardMonitoring(true);
+ TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+ connect(cdevice, SIGNAL(pinRequested(TQString,TDECryptographicCardDevice*)), this, SLOT(cryptographicCardPinRequested(TQString,TDECryptographicCardDevice*)));
+ cdevice->enableCardMonitoring(true);
+ cdevice->enablePINEntryCallbacks(true);
}
DeviceIconItem* item = new DeviceIconItem(base->deviceTree, hwdevice->detailedFriendlyName(), hwdevice->icon(base->deviceTree->iconSize()), hwdevice);
if ((!selected_syspath.isNull()) && (hwdevice->systemPath() == selected_syspath)) {
@@ -166,7 +170,10 @@ void TDEHWManager::populateTreeView()
TDEGenericHardwareList hwlist = hwdevices->listByDeviceClass((TDEGenericDeviceType::TDEGenericDeviceType)i);
for ( hwdevice = hwlist.first(); hwdevice; hwdevice = hwlist.next() ) {
if (hwdevice->type() == TDEGenericDeviceType::CryptographicCard) {
- static_cast<TDECryptographicCardDevice*>(hwdevice)->enableCardMonitoring(true);
+ TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+ connect(cdevice, SIGNAL(pinRequested(TQString,TDECryptographicCardDevice*)), this, SLOT(cryptographicCardPinRequested(TQString,TDECryptographicCardDevice*)));
+ cdevice->enableCardMonitoring(true);
+ cdevice->enablePINEntryCallbacks(true);
}
DeviceIconItem* item = new DeviceIconItem(rootitem, hwdevice->detailedFriendlyName(), hwdevice->icon(base->deviceTree->iconSize()), hwdevice);
if ((!selected_syspath.isNull()) && (hwdevice->systemPath() == selected_syspath)) {
@@ -186,7 +193,10 @@ void TDEHWManager::populateTreeViewLeaf(DeviceIconItem *parent, bool show_by_con
TDEGenericDevice *hwdevice;
for ( hwdevice = hwlist.first(); hwdevice; hwdevice = hwlist.next() ) {
if (hwdevice->type() == TDEGenericDeviceType::CryptographicCard) {
- static_cast<TDECryptographicCardDevice*>(hwdevice)->enableCardMonitoring(true);
+ TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+ connect(cdevice, SIGNAL(pinRequested(TQString,TDECryptographicCardDevice*)), this, SLOT(cryptographicCardPinRequested(TQString,TDECryptographicCardDevice*)));
+ cdevice->enableCardMonitoring(true);
+ cdevice->enablePINEntryCallbacks(true);
}
if (hwdevice->parentDevice() == parent->device()) {
DeviceIconItem* item = new DeviceIconItem(parent, hwdevice->detailedFriendlyName(), hwdevice->icon(base->deviceTree->iconSize()), hwdevice);
@@ -218,6 +228,17 @@ void TDEHWManager::deviceChanged(TDEGenericDevice* device) {
}
}
+void TDEHWManager::cryptographicCardPinRequested(TQString prompt, TDECryptographicCardDevice* cdevice) {
+ TQCString password;
+ int result = KPasswordDialog::getPassword(password, prompt);
+ if (result == KPasswordDialog::Accepted) {
+ cdevice->setProvidedPin(password);
+ }
+ else {
+ cdevice->setProvidedPin(TQString::null);
+ }
+}
+
TQString TDEHWManager::quickHelp() const
{
return i18n("<h1>TDE Hardware Device Manager</h1> This module allows you to configure hardware devices on your system");
diff --git a/kcontrol/hwmanager/hwmanager.h b/kcontrol/hwmanager/hwmanager.h
index b75a494d9..abc05fa54 100644
--- a/kcontrol/hwmanager/hwmanager.h
+++ b/kcontrol/hwmanager/hwmanager.h
@@ -61,6 +61,7 @@ private slots:
void populateTreeView();
void populateTreeViewLeaf(DeviceIconItem *parent, bool show_by_connection, TQString selected_syspath);
void deviceChanged(TDEGenericDevice*);
+ void cryptographicCardPinRequested(TQString prompt, TDECryptographicCardDevice* cdevice);
private:
TDEHWManagerBase *base;