diff options
Diffstat (limited to 'tdm/cryptocardwatcher')
-rw-r--r-- | tdm/cryptocardwatcher/CMakeLists.txt | 32 | ||||
-rw-r--r-- | tdm/cryptocardwatcher/main.cpp | 139 | ||||
-rw-r--r-- | tdm/cryptocardwatcher/watcher.cc | 105 | ||||
-rw-r--r-- | tdm/cryptocardwatcher/watcher.h | 40 |
4 files changed, 316 insertions, 0 deletions
diff --git a/tdm/cryptocardwatcher/CMakeLists.txt b/tdm/cryptocardwatcher/CMakeLists.txt new file mode 100644 index 000000000..7564ac2cf --- /dev/null +++ b/tdm/cryptocardwatcher/CMakeLists.txt @@ -0,0 +1,32 @@ +################################################# +# +# (C) 2015 Timothy Pearson +# kb9vqf (AT) pearsoncomputing.net +# +# Improvements and feedback are welcome +# +# This file is released under GPL >= 2 +# +################################################# + +include_directories( + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_SOURCE_DIR}/tdmlib + ${TDE_INCLUDE_DIR} + ${TQT_INCLUDE_DIRS} +) + +link_directories( + ${TQT_LIBRARY_DIRS} +) + + +##### tdecryptocardwatcher (executable) ######### + +tde_add_executable( tdecryptocardwatcher AUTOMOC + SOURCES main.cpp watcher.cc + LINK tdecore-shared tdeio-shared dmctl-static + DESTINATION ${BIN_INSTALL_DIR} + SETUID +) + diff --git a/tdm/cryptocardwatcher/main.cpp b/tdm/cryptocardwatcher/main.cpp new file mode 100644 index 000000000..5d27ff19b --- /dev/null +++ b/tdm/cryptocardwatcher/main.cpp @@ -0,0 +1,139 @@ +/* + * Copyright 2015 Timothy Pearson <[email protected]> + * + * This file is part of cryptocardwatcher, the TDE Cryptographic Card Session Monitor + * + * cryptocardwatcher is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as + * published by the Free Software Foundation, either version 3 + * of the License, or (at your option) any later version. + * + * cryptocardwatcher is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with cryptocardwatcher. If not, see http://www.gnu.org/licenses/. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <exception> +#include <string.h> +#include <unistd.h> +#include <errno.h> +#include <fcntl.h> +#include <limits.h> +#include <sys/file.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/select.h> +#include <sys/time.h> +#include <termios.h> +#include <signal.h> +#include <stdint.h> + +#include <tqobject.h> + +#include <tdeapplication.h> +#include <tdecmdlineargs.h> + +#include <ksslcertificate.h> + +#include <tdehardwaredevices.h> +#include <tdecryptographiccarddevice.h> + +#include "watcher.h" + +int lockfd = -1; +char lockFileName[256]; + +// -------------------------------------------------------------------------------------- +// Useful function from Stack Overflow +// http://stackoverflow.com/questions/1599459/optimal-lock-file-method +// -------------------------------------------------------------------------------------- +int tryGetLock(char const *lockName) { + mode_t m = umask( 0 ); + int fd = open( lockName, O_RDWR|O_CREAT, 0666 ); + umask( m ); + if( fd >= 0 && flock( fd, LOCK_EX | LOCK_NB ) < 0 ) { + close( fd ); + fd = -1; + } + return fd; +} +// -------------------------------------------------------------------------------------- + +// -------------------------------------------------------------------------------------- +// Useful function from Stack Overflow +// http://stackoverflow.com/questions/1599459/optimal-lock-file-method +// -------------------------------------------------------------------------------------- +void releaseLock(int fd, char const *lockName) { + if( fd < 0 ) { + return; + } + remove( lockName ); + close( fd ); +} +// -------------------------------------------------------------------------------------- + +void handle_sigterm(int signum) { + if (lockfd >= 0) { + releaseLock(lockfd, lockFileName); + } + exit(0); +} + +static TDECmdLineOptions options[] = +{ + TDECmdLineLastOption +}; + +int main(int argc, char *argv[]) { + int ret = -1; + + // Register cleanup handlers + struct sigaction action; + memset(&action, 0, sizeof(struct sigaction)); + action.sa_handler = handle_sigterm; + sigaction(SIGTERM, &action, NULL); + + // Ensure only one process is running + sprintf(lockFileName, "/var/lock/cryptocardwatcher.lock"); + lockfd = tryGetLock(lockFileName); + if (lockfd < 0) { + printf ("[cryptocardwatcher] Another instance of this program is already running!\n[cryptocardwatcher] Lockfile detected at '%s'\n", lockFileName); + return -2; + } + + // Parse command line arguments + TDECmdLineArgs::init(argc, argv, "cryptocardwatcher", "cryptocardwatcher", "TDE Cryptographic Card Session Monitor", "0.1"); + TDECmdLineArgs::addCmdLineOptions(options); + TDEApplication::addCmdLineOptions(); + + // Initialize TDE application + TDEApplication tdeapp(false, false); + tdeapp.disableAutoDcopRegistration(); + CardWatcher* watcher = new CardWatcher(); + + // Initialize SmartCard readers + TDEGenericDevice *hwdevice; + TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); + TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); + for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { + TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice); + TQObject::connect(cdevice, TQT_SIGNAL(cardInserted(TDECryptographicCardDevice*)), watcher, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*))); + TQObject::connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), watcher, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*))); + cdevice->enableCardMonitoring(true); + } + + // Start TDE application + ret = tdeapp.exec(); + + // Clean up + delete watcher; + + releaseLock(lockfd, lockFileName); + return ret; +} diff --git a/tdm/cryptocardwatcher/watcher.cc b/tdm/cryptocardwatcher/watcher.cc new file mode 100644 index 000000000..ecd4e8f3c --- /dev/null +++ b/tdm/cryptocardwatcher/watcher.cc @@ -0,0 +1,105 @@ +/* + * Copyright 2015 Timothy Pearson <[email protected]> + * + * This file is part of cryptocardwatcher, the TDE Cryptographic Card Session Monitor + * + * cryptocardwatcher is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as + * published by the Free Software Foundation, either version 3 + * of the License, or (at your option) any later version. + * + * cryptocardwatcher is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with cryptocardwatcher. If not, see http://www.gnu.org/licenses/. + */ + +#include "watcher.h" + +#include <ksslcertificate.h> + +#include <tdehardwaredevices.h> +#include <tdecryptographiccarddevice.h> + +#include <dmctl.h> +#include <kuser.h> + +CardWatcher::CardWatcher() : TQObject() { + // +} + +CardWatcher::~CardWatcher() { + // +} + +void CardWatcher::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) { + TQString login_name = TQString::null; + X509CertificatePtrList certList = cdevice->cardX509Certificates(); + if (certList.count() > 0) { + KSSLCertificate* card_cert = NULL; + card_cert = KSSLCertificate::fromX509(certList[0]); + TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false); + for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) { + TQString lcpart = (*it).lower(); + if (lcpart.startsWith("cn=")) { + login_name = lcpart.right(lcpart.length() - strlen("cn=")); + } + } + delete card_cert; + } + + if (login_name != "") { + // Determine if user already has an active session + DM dm; + SessList sess; + bool user_active = false; + bool unused_session_available = false; + bool unused_session_active = false; + int unused_session_vt_number = -1; + if (dm.localSessions(sess)) { + TQString user, loc; + for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) { + DM::sess2Str2(*it, user, loc); + if (user.startsWith(login_name + ": ")) { + // Found active session + user_active = true; + + // Switch VTs + DM().switchVT((*it).vt); + + break; + } + if (user == "Unused") { + // Found active unused session + unused_session_available = true; + unused_session_vt_number = (*it).vt; + if ((*it).vt == dm.activeVT()) { + unused_session_active = true; + break; + } + } + } + } + if (!user_active || unused_session_available) { + if (unused_session_available) { + if (!unused_session_active) { + // Switch to unused VT + DM().switchVT(unused_session_vt_number); + } + } + else { + // Activate new VT + DM().startReserve(); + } + } + } +} + +void CardWatcher::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) { + // +} + +#include "watcher.moc"
\ No newline at end of file diff --git a/tdm/cryptocardwatcher/watcher.h b/tdm/cryptocardwatcher/watcher.h new file mode 100644 index 000000000..bfbb010a0 --- /dev/null +++ b/tdm/cryptocardwatcher/watcher.h @@ -0,0 +1,40 @@ +/* + * Copyright 2015 Timothy Pearson <[email protected]> + * + * This file is part of cryptocardwatcher, the TDE Cryptographic Card Session Monitor + * + * cryptocardwatcher is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as + * published by the Free Software Foundation, either version 3 + * of the License, or (at your option) any later version. + * + * cryptocardwatcher is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with cryptocardwatcher. If not, see http://www.gnu.org/licenses/. + */ + +#ifndef __TDECRYPTOCARDWATCHER_H__ +#define __TDECRYPTOCARDWATCHER_H__ + +#include <tqobject.h> + +class TDECryptographicCardDevice; + +class CardWatcher : public TQObject +{ + Q_OBJECT + + public: + CardWatcher(); + ~CardWatcher(); + + public slots: + void cryptographicCardInserted(TDECryptographicCardDevice*); + void cryptographicCardRemoved(TDECryptographicCardDevice*); +}; + +#endif // __TDECRYPTOCARDWATCHER_H__
\ No newline at end of file |