diff options
author | Timothy Pearson <[email protected]> | 2015-09-17 17:30:17 -0500 |
---|---|---|
committer | Timothy Pearson <[email protected]> | 2015-09-17 17:30:17 -0500 |
commit | ce477303019c7f3ba18dcab48e4205d59614ce5a (patch) | |
tree | 19e49c43c92ba12de306af4f92f3fda64d9e92b8 /kdesktop | |
parent | 5d20ad97bffa56b2e366989e71ac9429116c017d (diff) | |
download | tdebase-ce477303019c7f3ba18dcab48e4205d59614ce5a.tar.gz tdebase-ce477303019c7f3ba18dcab48e4205d59614ce5a.zip |
Add initial cryptographic card login support
Tested with themed greeter and SAK disabled
Diffstat (limited to 'kdesktop')
-rw-r--r-- | kdesktop/lock/lockdlg.cc | 22 | ||||
-rw-r--r-- | kdesktop/lock/lockdlg.h | 3 | ||||
-rw-r--r-- | kdesktop/lock/lockprocess.cc | 154 | ||||
-rw-r--r-- | kdesktop/lock/lockprocess.h | 10 | ||||
-rw-r--r-- | kdesktop/lock/main.cc | 12 | ||||
-rw-r--r-- | kdesktop/lockeng.cc | 82 | ||||
-rw-r--r-- | kdesktop/lockeng.h | 5 |
7 files changed, 253 insertions, 35 deletions
diff --git a/kdesktop/lock/lockdlg.cc b/kdesktop/lock/lockdlg.cc index e75ac2b18..827495c33 100644 --- a/kdesktop/lock/lockdlg.cc +++ b/kdesktop/lock/lockdlg.cc @@ -513,7 +513,17 @@ void PasswordDlg::handleVerify() case ConvGetHidden: if (!GRecvArr( &arr )) break; - greet->textPrompt( arr, false, false ); + if (arr && (arr[0] != 0)) { + // Reset password entry and change text + greet->start(); + greet->textPrompt( arr, false, false ); + // Force relayout + setFixedSize( sizeHint().width(), sizeHint().height() + 1 ); + setFixedSize( sizeHint() ); + } + else { + greet->textPrompt( arr, false, false ); + } if (arr) ::free( arr ); return; @@ -915,4 +925,14 @@ void PasswordDlg::capsLocked() updateLabel(); } +void PasswordDlg::attemptCardLogin() { + greet->start(); + greet->next(); +} + +void PasswordDlg::resetCardLogin() { + greet->abort(); + greet->start(); +} + #include "lockdlg.moc" diff --git a/kdesktop/lock/lockdlg.h b/kdesktop/lock/lockdlg.h index eea0931ab..1bcb75671 100644 --- a/kdesktop/lock/lockdlg.h +++ b/kdesktop/lock/lockdlg.h @@ -49,6 +49,9 @@ class PasswordDlg : public TQDialog, public KGreeterPluginHandler virtual void gplugStart(); virtual void gplugActivity(); virtual void gplugMsgBox( TQMessageBox::Icon type, const TQString &text ); + + virtual void attemptCardLogin(); + virtual void resetCardLogin(); protected: virtual void timerEvent(TQTimerEvent *); diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc index aa9514312..494852e39 100644 --- a/kdesktop/lock/lockprocess.cc +++ b/kdesktop/lock/lockprocess.cc @@ -34,6 +34,7 @@ #include <tdeapplication.h> #include <kservicegroup.h> #include <kdebug.h> +#include <kuser.h> #include <tdemessagebox.h> #include <tdeglobalsettings.h> #include <tdelocale.h> @@ -112,6 +113,8 @@ Status DPMSInfo ( Display *, CARD16 *, BOOL * ); #include <GL/glx.h> #endif +#define KDESKTOP_DEBUG_ID 1204 + #define LOCK_GRACE_DEFAULT 5000 #define AUTOLOGOUT_DEFAULT 600 @@ -146,7 +149,7 @@ Atom kde_wm_transparent_to_black = 0; static void segv_handler(int) { - kdError(1204) << "A fatal exception was encountered." + kdError(KDESKTOP_DEBUG_ID) << "A fatal exception was encountered." << " Trapping and ignoring it so as not to compromise desktop security..." << kdBacktrace() << endl; sleep(1); @@ -272,7 +275,7 @@ LockProcess::LockProcess() KServiceGroup::Ptr servGroup = KServiceGroup::baseGroup( "screensavers"); if (servGroup) { relPath=servGroup->relPath(); - kdDebug(1204) << "relPath=" << relPath << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "relPath=" << relPath << endl; } TDEGlobal::dirs()->addResourceType("scrsav", TDEGlobal::dirs()->kde_default("apps") + @@ -290,6 +293,19 @@ LockProcess::LockProcess() } } + // Initialize SmartCard readers + TDEGenericDevice *hwdevice; + TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); + TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); + for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { + TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice); + // connect(cdevice, SIGNAL(pinRequested(TQString,TDECryptographicCardDevice*)), this, SLOT(cryptographicCardPinRequested(TQString,TDECryptographicCardDevice*))); + connect(cdevice, TQT_SIGNAL(cardInserted(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*))); + connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*))); + cdevice->enableCardMonitoring(true); + // cdevice->enablePINEntryCallbacks(true); + } + #ifdef KEEP_MOUSE_UNGRABBED setEnabled(false); #endif @@ -781,11 +797,11 @@ void LockProcess::readSaver() TQStringList saverTypes = TQStringList::split(";", saverType); for (uint i = 0; i < saverTypes.count(); i++) { if ((saverTypes[i] == "ManipulateScreen") && !manipulatescreen) { - kdDebug(1204) << "Screensaver is type ManipulateScreen and ManipulateScreen is forbidden" << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "Screensaver is type ManipulateScreen and ManipulateScreen is forbidden" << endl; mForbidden = true; } if ((saverTypes[i] == "OpenGL") && !opengl) { - kdDebug(1204) << "Screensaver is type OpenGL and OpenGL is forbidden" << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "Screensaver is type OpenGL and OpenGL is forbidden" << endl; mForbidden = true; } if (saverTypes[i] == "OpenGL") { @@ -794,7 +810,7 @@ void LockProcess::readSaver() } } - kdDebug(1204) << "mForbidden: " << (mForbidden ? "true" : "false") << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "mForbidden: " << (mForbidden ? "true" : "false") << endl; if (trinity_desktop_lock_use_system_modal_dialogs) { if (config.hasActionGroup("InWindow")) { @@ -968,7 +984,7 @@ void LockProcess::createSaverWindow() } } - kdDebug(1204) << "Saver window Id: " << winId() << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "Saver window Id: " << winId() << endl; } void LockProcess::desktopResized() @@ -1307,7 +1323,7 @@ bool LockProcess::startSaver(bool notify_ready) { if (!child_saver && !grabInput()) { - kdWarning(1204) << "LockProcess::startSaver() grabInput() failed!!!!" << endl; + kdWarning(KDESKTOP_DEBUG_ID) << "LockProcess::startSaver() grabInput() failed!!!!" << endl; return false; } mBusy = false; @@ -1393,7 +1409,7 @@ bool LockProcess::startSaver(bool notify_ready) // void LockProcess::stopSaver() { - kdDebug(1204) << "LockProcess: stopping saver" << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "LockProcess: stopping saver" << endl; mHackProc.kill(SIGCONT); stopHack(); mSuspended = false; @@ -1446,30 +1462,30 @@ bool LockProcess::startLock() GreeterPluginHandle plugin; TQString path = KLibLoader::self()->findLibrary( ((*it)[0] == '/' ? *it : "kgreet_" + *it ).latin1() ); if (path.isEmpty()) { - kdWarning(1204) << "GreeterPlugin " << *it << " does not exist" << endl; + kdWarning(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " does not exist" << endl; continue; } if (!(plugin.library = KLibLoader::self()->library( path.latin1() ))) { - kdWarning(1204) << "Cannot load GreeterPlugin " << *it << " (" << path << ")" << endl; + kdWarning(KDESKTOP_DEBUG_ID) << "Cannot load GreeterPlugin " << *it << " (" << path << ")" << endl; continue; } if (!plugin.library->hasSymbol( "kgreeterplugin_info" )) { - kdWarning(1204) << "GreeterPlugin " << *it << " (" << path << ") is no valid greet widget plugin" << endl; + kdWarning(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " (" << path << ") is no valid greet widget plugin" << endl; plugin.library->unload(); continue; } plugin.info = (kgreeterplugin_info*)plugin.library->symbol( "kgreeterplugin_info" ); if (plugin.info->method && !mMethod.isEmpty() && mMethod != plugin.info->method) { - kdDebug(1204) << "GreeterPlugin " << *it << " (" << path << ") serves " << plugin.info->method << ", not " << mMethod << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " (" << path << ") serves " << plugin.info->method << ", not " << mMethod << endl; plugin.library->unload(); continue; } if (!plugin.info->init( mMethod, getConf, this )) { - kdDebug(1204) << "GreeterPlugin " << *it << " (" << path << ") refuses to serve " << mMethod << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " (" << path << ") refuses to serve " << mMethod << endl; plugin.library->unload(); continue; } - kdDebug(1204) << "GreeterPlugin " << *it << " (" << plugin.info->method << ", " << plugin.info->name << ") loaded" << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "GreeterPlugin " << *it << " (" << plugin.info->method << ", " << plugin.info->name << ") loaded" << endl; greetPlugin = plugin; mLocked = true; DM().setLock( true ); @@ -1588,7 +1604,7 @@ bool LockProcess::startHack() if (!path.isEmpty()) { mHackProc << path; - kdDebug(1204) << "Starting hack: " << path << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "Starting hack: " << path << endl; while (!ts.atEnd()) { ts >> word; @@ -2297,10 +2313,10 @@ void LockProcess::stayOnTop() // and stack others below it Window* stack = new Window[ mDialogs.count() + mVkbdWindows.count() + 1 ]; int count = 0; - for( TQValueList< VkbdWindow >::ConstIterator it = mVkbdWindows.begin(); it != mVkbdWindows.end(); ++it ) + for( TQValueList< VkbdWindow >::ConstIterator it = mVkbdWindows.begin(); it != mVkbdWindows.end(); ++it ) { stack[ count++ ] = (*it).id; } - for( TQValueList< TQWidget* >::ConstIterator it = mDialogs.begin(); it != mDialogs.end(); ++it ) + for( TQValueList< TQWidget* >::ConstIterator it = mDialogs.begin(); it != mDialogs.end(); ++it ) { stack[ count++ ] = (*it)->winId(); } stack[ count++ ] = winId(); @@ -2795,6 +2811,110 @@ void LockProcess::processInputPipeCommand(TQString inputcommand) { } } +void LockProcess::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) { + TQString login_name = TQString::null; + X509CertificatePtrList certList = cdevice->cardX509Certificates(); + if (certList.count() > 0) { + KSSLCertificate* card_cert = NULL; + card_cert = KSSLCertificate::fromX509(certList[0]); + TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false); + for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) { + TQString lcpart = (*it).lower(); + if (lcpart.startsWith("cn=")) { + login_name = lcpart.right(lcpart.length() - strlen("cn=")); + } + } + delete card_cert; + } + + if (login_name != "") { + KUser user; + if (login_name == user.loginName()) { + // Activate appropriate VT + DM dm; + SessList sess; + if (dm.localSessions(sess)) { + TQString user, loc; + for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) { + DM::sess2Str2(*it, user, loc); + if ((*it).self) { + // Switch VTs + DM().switchVT((*it).vt); + break; + } + } + } + + // Pass login to the PAM stack... + if (dynamic_cast<SAKDlg*>(currentDialog)) { + dynamic_cast<SAKDlg*>(currentDialog)->closeDialogForced(); + TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardLogin())); + } + else if (dynamic_cast<SecureDlg*>(currentDialog)) { + dynamic_cast<SecureDlg*>(currentDialog)->closeDialogForced(); + TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardLogin())); + } + else if (dynamic_cast<PasswordDlg*>(currentDialog)) { + signalPassDlgToAttemptCardLogin(); + } + } + } +} + +void LockProcess::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) { + PasswordDlg* passDlg = dynamic_cast<PasswordDlg*>(currentDialog); + if (passDlg) { + passDlg->resetCardLogin(); + } + else { + TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardAbort())); + } +} + +void LockProcess::signalPassDlgToAttemptCardLogin() { + PasswordDlg* passDlg = dynamic_cast<PasswordDlg*>(currentDialog); + if (passDlg) { + passDlg->attemptCardLogin(); + } + else { + if (currentDialog) { + // Try again later + TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardLogin())); + } + } +} + +void LockProcess::signalPassDlgToAttemptCardAbort() { + PasswordDlg* passDlg = dynamic_cast<PasswordDlg*>(currentDialog); + if (passDlg) { + passDlg->resetCardLogin(); + } + else { + if (currentDialog) { + // Try again later + TQTimer::singleShot(0, this, SLOT(signalPassDlgToAttemptCardAbort())); + } + } +} + +void LockProcess::cryptographicCardPinRequested(TQString prompt, TDECryptographicCardDevice* cdevice) { + TQCString password; + const char * pin_entry; + + QueryDlg qryDlg(this); + qryDlg.updateLabel(prompt); + qryDlg.setUnlockIcon(); + mForceReject = false; + execDialog(&qryDlg); + if (mForceReject == false) { + pin_entry = qryDlg.getEntry(); + cdevice->setProvidedPin(pin_entry); + } + else { + cdevice->setProvidedPin(TQString::null); + } +} + void LockProcess::fullyOnline() { if (!mFullyOnlineSent) { if (kdesktop_pid > 0) { diff --git a/kdesktop/lock/lockprocess.h b/kdesktop/lock/lockprocess.h index ae2a71c1d..dafd2ae1c 100644 --- a/kdesktop/lock/lockprocess.h +++ b/kdesktop/lock/lockprocess.h @@ -10,6 +10,11 @@ #ifndef __LOCKENG_H__ #define __LOCKENG_H__ +#include <ksslcertificate.h> + +#include <tdehardwaredevices.h> +#include <tdecryptographiccarddevice.h> + #include <kgreeterplugin.h> #include <kprocess.h> @@ -134,6 +139,11 @@ class LockProcess : public TQWidget void startSecureDialog(); void slotMouseActivity(XEvent *event); void processInputPipeCommand(TQString command); + void cryptographicCardInserted(TDECryptographicCardDevice*); + void cryptographicCardRemoved(TDECryptographicCardDevice*); + void cryptographicCardPinRequested(TQString prompt, TDECryptographicCardDevice* cdevice); + void signalPassDlgToAttemptCardLogin(); + void signalPassDlgToAttemptCardAbort(); private: void configure(); diff --git a/kdesktop/lock/main.cc b/kdesktop/lock/main.cc index e82650928..6937cbe6a 100644 --- a/kdesktop/lock/main.cc +++ b/kdesktop/lock/main.cc @@ -372,15 +372,23 @@ int main( int argc, char **argv ) KSimpleConfig* tdmconfig; OPEN_TDMCONFIG_AND_SET_GROUP + sigset_t new_mask; + sigset_t orig_mask; + + // Block reception of all signals in this thread + sigprocmask(SIG_BLOCK, &new_mask, NULL); + + // Create new LockProcess, which also spawns threads inheriting the blocked signal mask trinity_desktop_lock_process = new LockProcess; + // Unblock reception of all signals in this thread + sigprocmask(SIG_UNBLOCK, &new_mask, NULL); + // Start loading core functions, such as the desktop wallpaper interface app->processEvents(); if (args->isSet( "internal" )) { kdesktop_pid = atoi(args->getOption( "internal" )); - sigset_t new_mask; - sigset_t orig_mask; struct sigaction act; in_internal_mode = TRUE; diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc index 600573f27..ceffd73f0 100644 --- a/kdesktop/lockeng.cc +++ b/kdesktop/lockeng.cc @@ -11,10 +11,16 @@ #include <stdlib.h> +#include <ksslcertificate.h> + +#include <tdehardwaredevices.h> +#include <tdecryptographiccarddevice.h> + #include <kstandarddirs.h> #include <tdeapplication.h> #include <kservicegroup.h> #include <kdebug.h> +#include <kuser.h> #include <tdelocale.h> #include <tqfile.h> #include <tqtimer.h> @@ -82,6 +88,7 @@ SaverEngine::SaverEngine() mTerminationRequested(false), mSaverProcessReady(false), mNewVTAfterLockEngage(false), + mValidCryptoCardInserted(false), mSwitchVTAfterLockEngage(-1), dBusLocal(0), dBusWatch(0), @@ -158,6 +165,17 @@ SaverEngine::SaverEngine() sigaddset(&mThreadBlockSet, SIGTTIN); pthread_sigmask(SIG_BLOCK, &mThreadBlockSet, NULL); + // Initialize SmartCard readers + TDEGenericDevice *hwdevice; + TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); + TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); + for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { + TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice); + connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*))); + connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*))); + cdevice->enableCardMonitoring(true); + } + dBusConnect(); } @@ -186,6 +204,43 @@ SaverEngine::~SaverEngine() delete m_helperThread; } +void SaverEngine::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) { + TQString login_name = TQString::null; + X509CertificatePtrList certList = cdevice->cardX509Certificates(); + if (certList.count() > 0) { + KSSLCertificate* card_cert = NULL; + card_cert = KSSLCertificate::fromX509(certList[0]); + TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false); + for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) { + TQString lcpart = (*it).lower(); + if (lcpart.startsWith("cn=")) { + login_name = lcpart.right(lcpart.length() - strlen("cn=")); + } + } + delete card_cert; + } + + if (login_name != "") { + KUser user; + if (login_name == user.loginName()) { + mValidCryptoCardInserted = true; + // Disable saver + enable(false); + } + } +} + +void SaverEngine::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) { + if (mValidCryptoCardInserted) { + // Restore saver timeout + configure(); + + // Force lock + lockScreen(); + } + mValidCryptoCardInserted = false; +} + //--------------------------------------------------------------------------- // // This should be called only using DCOP. @@ -283,28 +338,25 @@ bool SaverEngine::enable( bool e ) mEnabled = e; - if (mEnabled) - { + if (mEnabled) { if ( !mXAutoLock ) { mXAutoLock = new XAutoLock(); connect(mXAutoLock, TQT_SIGNAL(timeout()), TQT_SLOT(idleTimeout())); } - mXAutoLock->setTimeout(mTimeout); - mXAutoLock->setDPMS(true); + mXAutoLock->setTimeout(mTimeout); + mXAutoLock->setDPMS(true); //mXAutoLock->changeCornerLockStatus( mLockCornerTopLeft, mLockCornerTopRight, mLockCornerBottomLeft, mLockCornerBottomRight); - // We'll handle blanking - XSetScreenSaver(tqt_xdisplay(), mTimeout + 10, mXInterval, PreferBlanking, mXExposures); - kdDebug() << "XSetScreenSaver " << mTimeout + 10 << endl; - - mXAutoLock->start(); - - kdDebug(1204) << "Saver Engine started, timeout: " << mTimeout << endl; + // We'll handle blanking + XSetScreenSaver(tqt_xdisplay(), mTimeout + 10, mXInterval, PreferBlanking, mXExposures); + kdDebug() << "XSetScreenSaver " << mTimeout + 10 << endl; + + mXAutoLock->start(); + + kdDebug(1204) << "Saver Engine started, timeout: " << mTimeout << endl; } - else - { - if (mXAutoLock) - { + else { + if (mXAutoLock) { delete mXAutoLock; mXAutoLock = 0; } diff --git a/kdesktop/lockeng.h b/kdesktop/lockeng.h index 166d6b40e..5eebaa472 100644 --- a/kdesktop/lockeng.h +++ b/kdesktop/lockeng.h @@ -18,6 +18,7 @@ #include <tqdbusconnection.h> +class TDECryptographicCardDevice; class DCOPClientTransaction; class TQT_DBusMessage; class TQT_DBusProxy; @@ -134,6 +135,9 @@ private slots: void handleSecureDialog(); void slotSAKProcessExited(); + void cryptographicCardInserted(TDECryptographicCardDevice*); + void cryptographicCardRemoved(TDECryptographicCardDevice*); + /** * Enable wallpaper exports */ @@ -186,6 +190,7 @@ private: bool mTerminationRequested; bool mSaverProcessReady; bool mNewVTAfterLockEngage; + bool mValidCryptoCardInserted; int mSwitchVTAfterLockEngage; struct sigaction mSignalAction; TQT_DBusConnection dBusConn; |