summaryrefslogtreecommitdiffstats
path: root/kdesktop/lock
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2015-09-17 17:30:17 -0500
committerTimothy Pearson <[email protected]>2015-09-17 17:30:17 -0500
commitce477303019c7f3ba18dcab48e4205d59614ce5a (patch)
tree19e49c43c92ba12de306af4f92f3fda64d9e92b8 /kdesktop/lock
parent5d20ad97bffa56b2e366989e71ac9429116c017d (diff)
downloadtdebase-ce477303019c7f3ba18dcab48e4205d59614ce5a.tar.gz
tdebase-ce477303019c7f3ba18dcab48e4205d59614ce5a.zip
Add initial cryptographic card login support
Tested with themed greeter and SAK disabled
Diffstat (limited to 'kdesktop/lock')
-rw-r--r--kdesktop/lock/lockdlg.cc22
-rw-r--r--kdesktop/lock/lockdlg.h3
-rw-r--r--kdesktop/lock/lockprocess.cc154
-rw-r--r--kdesktop/lock/lockprocess.h10
-rw-r--r--kdesktop/lock/main.cc12
5 files changed, 181 insertions, 20 deletions
diff --git a/kdesktop/lock/lockdlg.cc b/kdesktop/lock/lockdlg.cc
index e75ac2b18..827495c33 100644
--- a/kdesktop/lock/lockdlg.cc
+++ b/kdesktop/lock/lockdlg.cc
@@ -513,7 +513,17 @@ void PasswordDlg::handleVerify()
case ConvGetHidden:
if (!GRecvArr( &arr ))
break;
- greet->textPrompt( arr, false, false );
+ if (arr && (arr[0] != 0)) {
+ // Reset password entry and change text
+ greet->start();
+ greet->textPrompt( arr, false, false );
+ // Force relayout
+ setFixedSize( sizeHint().width(), sizeHint().height() + 1 );
+ setFixedSize( sizeHint() );
+ }
+ else {
+ greet->textPrompt( arr, false, false );
+ }
if (arr)
::free( arr );
return;
@@ -915,4 +925,14 @@ void PasswordDlg::capsLocked()
updateLabel();
}
+void PasswordDlg::attemptCardLogin() {
+ greet->start();
+ greet->next();
+}
+
+void PasswordDlg::resetCardLogin() {
+ greet->abort();
+ greet->start();
+}
+
#include "lockdlg.moc"
diff --git a/kdesktop/lock/lockdlg.h b/kdesktop/lock/lockdlg.h
index eea0931ab..1bcb75671 100644
--- a/kdesktop/lock/lockdlg.h
+++ b/kdesktop/lock/lockdlg.h
@@ -49,6 +49,9 @@ class PasswordDlg : public TQDialog, public KGreeterPluginHandler
virtual void gplugStart();
virtual void gplugActivity();
virtual void gplugMsgBox( TQMessageBox::Icon type, const TQString &text );
+
+ virtual void attemptCardLogin();
+ virtual void resetCardLogin();
protected:
virtual void timerEvent(TQTimerEvent *);
diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
index aa9514312..494852e39 100644
--- a/kdesktop/lock/lockprocess.cc
+++ b/kdesktop/lock/lockprocess.cc
@@ -34,6 +34,7 @@
#include <tdeapplication.h>
#include <kservicegroup.h>
#include <kdebug.h>
+#include <kuser.h>
#include <tdemessagebox.h>
#include <tdeglobalsettings.h>
#include <tdelocale.h>
@@ -112,6 +113,8 @@ Status DPMSInfo ( Display *, CARD16 *, BOOL * );
#include <GL/glx.h>
#endif
+#define KDESKTOP_DEBUG_ID 1204
+
#define LOCK_GRACE_DEFAULT 5000
#define AUTOLOGOUT_DEFAULT 600
@@ -146,7 +149,7 @@ Atom kde_wm_transparent_to_black = 0;
static void segv_handler(int)
{
- kdError(1204) << "A fatal exception was encountered."
+ kdError(KDESKTOP_DEBUG_ID) << "A fatal exception was encountered."
<< " Trapping and ignoring it so as not to compromise desktop security..."
<< kdBacktrace() << endl;
sleep(1);
@@ -272,7 +275,7 @@ LockProcess::LockProcess()
KServiceGroup::Ptr servGroup = KServiceGroup::baseGroup( "screensavers");
if (servGroup) {
relPath=servGroup->relPath();
- kdDebug(1204) << "relPath=" << relPath << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "relPath=" << relPath << endl;
}
TDEGlobal::dirs()->addResourceType("scrsav",
TDEGlobal::dirs()->kde_default("apps") +
@@ -290,6 +293,19 @@ LockProcess::LockProcess()
}
}
+ // Initialize SmartCard readers
+ TDEGenericDevice *hwdevice;
+ TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
+ TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
+ for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
+ TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+ // connect(cdevice, SIGNAL(pinRequested(TQString,TDECryptographicCardDevice*)), this, SLOT(cryptographicCardPinRequested(TQString,TDECryptographicCardDevice*)));
+ connect(cdevice, TQT_SIGNAL(cardInserted(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*)));
+ connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*)));
+ cdevice->enableCardMonitoring(true);
+ // cdevice->enablePINEntryCallbacks(true);
+ }
+
#ifdef KEEP_MOUSE_UNGRABBED
setEnabled(false);
#endif
@@ -781,11 +797,11 @@ void LockProcess::readSaver()
TQStringList saverTypes = TQStringList::split(";", saverType);
for (uint i = 0; i < saverTypes.count(); i++) {
if ((saverTypes[i] == "ManipulateScreen") && !manipulatescreen) {
- kdDebug(1204) << "Screensaver is type ManipulateScreen and ManipulateScreen is forbidden" << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "Screensaver is type ManipulateScreen and ManipulateScreen is forbidden" << endl;
mForbidden = true;
}
if ((saverTypes[i] == "OpenGL") && !opengl) {
- kdDebug(1204) << "Screensaver is type OpenGL and OpenGL is forbidden" << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "Screensaver is type OpenGL and OpenGL is forbidden" << endl;
mForbidden = true;
}
if (saverTypes[i] == "OpenGL") {
@@ -794,7 +810,7 @@ void LockProcess::readSaver()
}
}
- kdDebug(1204) << "mForbidden: " << (mForbidden ? "true" : "false") << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "mForbidden: " << (mForbidden ? "true" : "false") << endl;
if (trinity_desktop_lock_use_system_modal_dialogs) {
if (config.hasActionGroup("InWindow")) {
@@ -968,7 +984,7 @@ void LockProcess::createSaverWindow()
}
}
- kdDebug(1204) << "Saver window Id: " << winId() << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "Saver window Id: " << winId() << endl;
}
void LockProcess::desktopResized()
@@ -1307,7 +1323,7 @@ bool LockProcess::startSaver(bool notify_ready)
{
if (!child_saver && !grabInput())
{
- kdWarning(1204) << "LockProcess::startSaver() grabInput() failed!!!!" << endl;
+ kdWarning(KDESKTOP_DEBUG_ID) << "LockProcess::startSaver() grabInput() failed!!!!" << endl;
return false;
}
mBusy = false;
@@ -1393,7 +1409,7 @@ bool LockProcess::startSaver(bool notify_ready)
//
void LockProcess::stopSaver()
{
- kdDebug(1204) << "LockProcess: stopping saver" << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "LockProcess: stopping saver" << endl;
mHackProc.kill(SIGCONT);
stopHack();
mSuspended = false;
@@ -1446,30 +1462,30 @@ bool LockProcess::startLock()
GreeterPluginHandle plugin;
TQString path = KLibLoader::self()->findLibrary( ((*it)[0] == '/' ? *it : "kgreet_" + *it ).latin1() );
if (path.isEmpty()) {
- kdWarning(1204) << "GreeterPlugin " << *it << " does not exist" << endl;
+ kdWarning(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " does not exist" << endl;
continue;
}
if (!(plugin.library = KLibLoader::self()->library( path.latin1() ))) {
- kdWarning(1204) << "Cannot load GreeterPlugin " << *it << " (" << path << ")" << endl;
+ kdWarning(KDESKTOP_DEBUG_ID) << "Cannot load GreeterPlugin " << *it << " (" << path << ")" << endl;
continue;
}
if (!plugin.library->hasSymbol( "kgreeterplugin_info" )) {
- kdWarning(1204) << "GreeterPlugin " << *it << " (" << path << ") is no valid greet widget plugin" << endl;
+ kdWarning(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " (" << path << ") is no valid greet widget plugin" << endl;
plugin.library->unload();
continue;
}
plugin.info = (kgreeterplugin_info*)plugin.library->symbol( "kgreeterplugin_info" );
if (plugin.info->method && !mMethod.isEmpty() && mMethod != plugin.info->method) {
- kdDebug(1204) << "GreeterPlugin " << *it << " (" << path << ") serves " << plugin.info->method << ", not " << mMethod << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " (" << path << ") serves " << plugin.info->method << ", not " << mMethod << endl;
plugin.library->unload();
continue;
}
if (!plugin.info->init( mMethod, getConf, this )) {
- kdDebug(1204) << "GreeterPlugin " << *it << " (" << path << ") refuses to serve " << mMethod << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " (" << path << ") refuses to serve " << mMethod << endl;
plugin.library->unload();
continue;
}
- kdDebug(1204) << "GreeterPlugin " << *it << " (" << plugin.info->method << ", " << plugin.info->name << ") loaded" << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " (" << plugin.info->method << ", " << plugin.info->name << ") loaded" << endl;
greetPlugin = plugin;
mLocked = true;
DM().setLock( true );
@@ -1588,7 +1604,7 @@ bool LockProcess::startHack()
if (!path.isEmpty()) {
mHackProc << path;
- kdDebug(1204) << "Starting hack: " << path << endl;
+ kdDebug(KDESKTOP_DEBUG_ID) << "Starting hack: " << path << endl;
while (!ts.atEnd()) {
ts >> word;
@@ -2297,10 +2313,10 @@ void LockProcess::stayOnTop()
// and stack others below it
Window* stack = new Window[ mDialogs.count() + mVkbdWindows.count() + 1 ];
int count = 0;
- for( TQValueList< VkbdWindow >::ConstIterator it = mVkbdWindows.begin(); it != mVkbdWindows.end(); ++it )
+ for( TQValueList< VkbdWindow >::ConstIterator it = mVkbdWindows.begin(); it != mVkbdWindows.end(); ++it ) {
stack[ count++ ] = (*it).id;
}
- for( TQValueList< TQWidget* >::ConstIterator it = mDialogs.begin(); it != mDialogs.end(); ++it )
+ for( TQValueList< TQWidget* >::ConstIterator it = mDialogs.begin(); it != mDialogs.end(); ++it ) {
stack[ count++ ] = (*it)->winId();
}
stack[ count++ ] = winId();
@@ -2795,6 +2811,110 @@ void LockProcess::processInputPipeCommand(TQString inputcommand) {
}
}
+void LockProcess::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) {
+ TQString login_name = TQString::null;
+ X509CertificatePtrList certList = cdevice->cardX509Certificates();
+ if (certList.count() > 0) {
+ KSSLCertificate* card_cert = NULL;
+ card_cert = KSSLCertificate::fromX509(certList[0]);
+ TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false);
+ for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) {
+ TQString lcpart = (*it).lower();
+ if (lcpart.startsWith("cn=")) {
+ login_name = lcpart.right(lcpart.length() - strlen("cn="));
+ }
+ }
+ delete card_cert;
+ }
+
+ if (login_name != "") {
+ KUser user;
+ if (login_name == user.loginName()) {
+ // Activate appropriate VT
+ DM dm;
+ SessList sess;
+ if (dm.localSessions(sess)) {
+ TQString user, loc;
+ for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) {
+ DM::sess2Str2(*it, user, loc);
+ if ((*it).self) {
+ // Switch VTs
+ DM().switchVT((*it).vt);
+ break;
+ }
+ }
+ }
+
+ // Pass login to the PAM stack...
+ if (dynamic_cast<SAKDlg*>(currentDialog)) {
+ dynamic_cast<SAKDlg*>(currentDialog)->closeDialogForced();
+ TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardLogin()));
+ }
+ else if (dynamic_cast<SecureDlg*>(currentDialog)) {
+ dynamic_cast<SecureDlg*>(currentDialog)->closeDialogForced();
+ TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardLogin()));
+ }
+ else if (dynamic_cast<PasswordDlg*>(currentDialog)) {
+ signalPassDlgToAttemptCardLogin();
+ }
+ }
+ }
+}
+
+void LockProcess::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) {
+ PasswordDlg* passDlg = dynamic_cast<PasswordDlg*>(currentDialog);
+ if (passDlg) {
+ passDlg->resetCardLogin();
+ }
+ else {
+ TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardAbort()));
+ }
+}
+
+void LockProcess::signalPassDlgToAttemptCardLogin() {
+ PasswordDlg* passDlg = dynamic_cast<PasswordDlg*>(currentDialog);
+ if (passDlg) {
+ passDlg->attemptCardLogin();
+ }
+ else {
+ if (currentDialog) {
+ // Try again later
+ TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardLogin()));
+ }
+ }
+}
+
+void LockProcess::signalPassDlgToAttemptCardAbort() {
+ PasswordDlg* passDlg = dynamic_cast<PasswordDlg*>(currentDialog);
+ if (passDlg) {
+ passDlg->resetCardLogin();
+ }
+ else {
+ if (currentDialog) {
+ // Try again later
+ TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardAbort()));
+ }
+ }
+}
+
+void LockProcess::cryptographicCardPinRequested(TQString prompt, TDECryptographicCardDevice* cdevice) {
+ TQCString password;
+ const char * pin_entry;
+
+ QueryDlg qryDlg(this);
+ qryDlg.updateLabel(prompt);
+ qryDlg.setUnlockIcon();
+ mForceReject = false;
+ execDialog(&qryDlg);
+ if (mForceReject == false) {
+ pin_entry = qryDlg.getEntry();
+ cdevice->setProvidedPin(pin_entry);
+ }
+ else {
+ cdevice->setProvidedPin(TQString::null);
+ }
+}
+
void LockProcess::fullyOnline() {
if (!mFullyOnlineSent) {
if (kdesktop_pid > 0) {
diff --git a/kdesktop/lock/lockprocess.h b/kdesktop/lock/lockprocess.h
index ae2a71c1d..dafd2ae1c 100644
--- a/kdesktop/lock/lockprocess.h
+++ b/kdesktop/lock/lockprocess.h
@@ -10,6 +10,11 @@
#ifndef __LOCKENG_H__
#define __LOCKENG_H__
+#include <ksslcertificate.h>
+
+#include <tdehardwaredevices.h>
+#include <tdecryptographiccarddevice.h>
+
#include <kgreeterplugin.h>
#include <kprocess.h>
@@ -134,6 +139,11 @@ class LockProcess : public TQWidget
void startSecureDialog();
void slotMouseActivity(XEvent *event);
void processInputPipeCommand(TQString command);
+ void cryptographicCardInserted(TDECryptographicCardDevice*);
+ void cryptographicCardRemoved(TDECryptographicCardDevice*);
+ void cryptographicCardPinRequested(TQString prompt, TDECryptographicCardDevice* cdevice);
+ void signalPassDlgToAttemptCardLogin();
+ void signalPassDlgToAttemptCardAbort();
private:
void configure();
diff --git a/kdesktop/lock/main.cc b/kdesktop/lock/main.cc
index e82650928..6937cbe6a 100644
--- a/kdesktop/lock/main.cc
+++ b/kdesktop/lock/main.cc
@@ -372,15 +372,23 @@ int main( int argc, char **argv )
KSimpleConfig* tdmconfig;
OPEN_TDMCONFIG_AND_SET_GROUP
+ sigset_t new_mask;
+ sigset_t orig_mask;
+
+ // Block reception of all signals in this thread
+ sigprocmask(SIG_BLOCK, &new_mask, NULL);
+
+ // Create new LockProcess, which also spawns threads inheriting the blocked signal mask
trinity_desktop_lock_process = new LockProcess;
+ // Unblock reception of all signals in this thread
+ sigprocmask(SIG_UNBLOCK, &new_mask, NULL);
+
// Start loading core functions, such as the desktop wallpaper interface
app->processEvents();
if (args->isSet( "internal" )) {
kdesktop_pid = atoi(args->getOption( "internal" ));
- sigset_t new_mask;
- sigset_t orig_mask;
struct sigaction act;
in_internal_mode = TRUE;