summaryrefslogtreecommitdiffstats
path: root/tdm/cryptocardwatcher
diff options
context:
space:
mode:
Diffstat (limited to 'tdm/cryptocardwatcher')
-rw-r--r--tdm/cryptocardwatcher/CMakeLists.txt32
-rw-r--r--tdm/cryptocardwatcher/main.cpp139
-rw-r--r--tdm/cryptocardwatcher/watcher.cc105
-rw-r--r--tdm/cryptocardwatcher/watcher.h40
4 files changed, 316 insertions, 0 deletions
diff --git a/tdm/cryptocardwatcher/CMakeLists.txt b/tdm/cryptocardwatcher/CMakeLists.txt
new file mode 100644
index 000000000..7564ac2cf
--- /dev/null
+++ b/tdm/cryptocardwatcher/CMakeLists.txt
@@ -0,0 +1,32 @@
+#################################################
+#
+# (C) 2015 Timothy Pearson
+# kb9vqf (AT) pearsoncomputing.net
+#
+# Improvements and feedback are welcome
+#
+# This file is released under GPL >= 2
+#
+#################################################
+
+include_directories(
+ ${CMAKE_CURRENT_BINARY_DIR}
+ ${CMAKE_SOURCE_DIR}/tdmlib
+ ${TDE_INCLUDE_DIR}
+ ${TQT_INCLUDE_DIRS}
+)
+
+link_directories(
+ ${TQT_LIBRARY_DIRS}
+)
+
+
+##### tdecryptocardwatcher (executable) #########
+
+tde_add_executable( tdecryptocardwatcher AUTOMOC
+ SOURCES main.cpp watcher.cc
+ LINK tdecore-shared tdeio-shared dmctl-static
+ DESTINATION ${BIN_INSTALL_DIR}
+ SETUID
+)
+
diff --git a/tdm/cryptocardwatcher/main.cpp b/tdm/cryptocardwatcher/main.cpp
new file mode 100644
index 000000000..5d27ff19b
--- /dev/null
+++ b/tdm/cryptocardwatcher/main.cpp
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2015 Timothy Pearson <[email protected]>
+ *
+ * This file is part of cryptocardwatcher, the TDE Cryptographic Card Session Monitor
+ *
+ * cryptocardwatcher is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * cryptocardwatcher is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with cryptocardwatcher. If not, see http://www.gnu.org/licenses/.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <exception>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <sys/file.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/select.h>
+#include <sys/time.h>
+#include <termios.h>
+#include <signal.h>
+#include <stdint.h>
+
+#include <tqobject.h>
+
+#include <tdeapplication.h>
+#include <tdecmdlineargs.h>
+
+#include <ksslcertificate.h>
+
+#include <tdehardwaredevices.h>
+#include <tdecryptographiccarddevice.h>
+
+#include "watcher.h"
+
+int lockfd = -1;
+char lockFileName[256];
+
+// --------------------------------------------------------------------------------------
+// Useful function from Stack Overflow
+// http://stackoverflow.com/questions/1599459/optimal-lock-file-method
+// --------------------------------------------------------------------------------------
+int tryGetLock(char const *lockName) {
+ mode_t m = umask( 0 );
+ int fd = open( lockName, O_RDWR|O_CREAT, 0666 );
+ umask( m );
+ if( fd >= 0 && flock( fd, LOCK_EX | LOCK_NB ) < 0 ) {
+ close( fd );
+ fd = -1;
+ }
+ return fd;
+}
+// --------------------------------------------------------------------------------------
+
+// --------------------------------------------------------------------------------------
+// Useful function from Stack Overflow
+// http://stackoverflow.com/questions/1599459/optimal-lock-file-method
+// --------------------------------------------------------------------------------------
+void releaseLock(int fd, char const *lockName) {
+ if( fd < 0 ) {
+ return;
+ }
+ remove( lockName );
+ close( fd );
+}
+// --------------------------------------------------------------------------------------
+
+void handle_sigterm(int signum) {
+ if (lockfd >= 0) {
+ releaseLock(lockfd, lockFileName);
+ }
+ exit(0);
+}
+
+static TDECmdLineOptions options[] =
+{
+ TDECmdLineLastOption
+};
+
+int main(int argc, char *argv[]) {
+ int ret = -1;
+
+ // Register cleanup handlers
+ struct sigaction action;
+ memset(&action, 0, sizeof(struct sigaction));
+ action.sa_handler = handle_sigterm;
+ sigaction(SIGTERM, &action, NULL);
+
+ // Ensure only one process is running
+ sprintf(lockFileName, "/var/lock/cryptocardwatcher.lock");
+ lockfd = tryGetLock(lockFileName);
+ if (lockfd < 0) {
+ printf ("[cryptocardwatcher] Another instance of this program is already running!\n[cryptocardwatcher] Lockfile detected at '%s'\n", lockFileName);
+ return -2;
+ }
+
+ // Parse command line arguments
+ TDECmdLineArgs::init(argc, argv, "cryptocardwatcher", "cryptocardwatcher", "TDE Cryptographic Card Session Monitor", "0.1");
+ TDECmdLineArgs::addCmdLineOptions(options);
+ TDEApplication::addCmdLineOptions();
+
+ // Initialize TDE application
+ TDEApplication tdeapp(false, false);
+ tdeapp.disableAutoDcopRegistration();
+ CardWatcher* watcher = new CardWatcher();
+
+ // Initialize SmartCard readers
+ TDEGenericDevice *hwdevice;
+ TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
+ TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
+ for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
+ TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+ TQObject::connect(cdevice, TQT_SIGNAL(cardInserted(TDECryptographicCardDevice*)), watcher, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*)));
+ TQObject::connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), watcher, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*)));
+ cdevice->enableCardMonitoring(true);
+ }
+
+ // Start TDE application
+ ret = tdeapp.exec();
+
+ // Clean up
+ delete watcher;
+
+ releaseLock(lockfd, lockFileName);
+ return ret;
+}
diff --git a/tdm/cryptocardwatcher/watcher.cc b/tdm/cryptocardwatcher/watcher.cc
new file mode 100644
index 000000000..ecd4e8f3c
--- /dev/null
+++ b/tdm/cryptocardwatcher/watcher.cc
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2015 Timothy Pearson <[email protected]>
+ *
+ * This file is part of cryptocardwatcher, the TDE Cryptographic Card Session Monitor
+ *
+ * cryptocardwatcher is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * cryptocardwatcher is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with cryptocardwatcher. If not, see http://www.gnu.org/licenses/.
+ */
+
+#include "watcher.h"
+
+#include <ksslcertificate.h>
+
+#include <tdehardwaredevices.h>
+#include <tdecryptographiccarddevice.h>
+
+#include <dmctl.h>
+#include <kuser.h>
+
+CardWatcher::CardWatcher() : TQObject() {
+ //
+}
+
+CardWatcher::~CardWatcher() {
+ //
+}
+
+void CardWatcher::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) {
+ TQString login_name = TQString::null;
+ X509CertificatePtrList certList = cdevice->cardX509Certificates();
+ if (certList.count() > 0) {
+ KSSLCertificate* card_cert = NULL;
+ card_cert = KSSLCertificate::fromX509(certList[0]);
+ TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false);
+ for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) {
+ TQString lcpart = (*it).lower();
+ if (lcpart.startsWith("cn=")) {
+ login_name = lcpart.right(lcpart.length() - strlen("cn="));
+ }
+ }
+ delete card_cert;
+ }
+
+ if (login_name != "") {
+ // Determine if user already has an active session
+ DM dm;
+ SessList sess;
+ bool user_active = false;
+ bool unused_session_available = false;
+ bool unused_session_active = false;
+ int unused_session_vt_number = -1;
+ if (dm.localSessions(sess)) {
+ TQString user, loc;
+ for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) {
+ DM::sess2Str2(*it, user, loc);
+ if (user.startsWith(login_name + ": ")) {
+ // Found active session
+ user_active = true;
+
+ // Switch VTs
+ DM().switchVT((*it).vt);
+
+ break;
+ }
+ if (user == "Unused") {
+ // Found active unused session
+ unused_session_available = true;
+ unused_session_vt_number = (*it).vt;
+ if ((*it).vt == dm.activeVT()) {
+ unused_session_active = true;
+ break;
+ }
+ }
+ }
+ }
+ if (!user_active || unused_session_available) {
+ if (unused_session_available) {
+ if (!unused_session_active) {
+ // Switch to unused VT
+ DM().switchVT(unused_session_vt_number);
+ }
+ }
+ else {
+ // Activate new VT
+ DM().startReserve();
+ }
+ }
+ }
+}
+
+void CardWatcher::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) {
+ //
+}
+
+#include "watcher.moc" \ No newline at end of file
diff --git a/tdm/cryptocardwatcher/watcher.h b/tdm/cryptocardwatcher/watcher.h
new file mode 100644
index 000000000..bfbb010a0
--- /dev/null
+++ b/tdm/cryptocardwatcher/watcher.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2015 Timothy Pearson <[email protected]>
+ *
+ * This file is part of cryptocardwatcher, the TDE Cryptographic Card Session Monitor
+ *
+ * cryptocardwatcher is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * cryptocardwatcher is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public
+ * License along with cryptocardwatcher. If not, see http://www.gnu.org/licenses/.
+ */
+
+#ifndef __TDECRYPTOCARDWATCHER_H__
+#define __TDECRYPTOCARDWATCHER_H__
+
+#include <tqobject.h>
+
+class TDECryptographicCardDevice;
+
+class CardWatcher : public TQObject
+{
+ Q_OBJECT
+
+ public:
+ CardWatcher();
+ ~CardWatcher();
+
+ public slots:
+ void cryptographicCardInserted(TDECryptographicCardDevice*);
+ void cryptographicCardRemoved(TDECryptographicCardDevice*);
+};
+
+#endif // __TDECRYPTOCARDWATCHER_H__ \ No newline at end of file