/* Greeter widget for tdm Copyright (C) 1997, 1998, 2000 Steffen Hansen <hansen@kde.org> Copyright (C) 2000-2004 Oswald Buddenhagen <ossi@kde.org> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include "kgreeter.h" #include "kconsole.h" #include "tdmconfig.h" #include "tdmclock.h" #include "tdm_greet.h" #include "sakdlg.h" #include "tdmadmindialog.h" #include "themer/tdmthemer.h" #include "themer/tdmitem.h" #include "themer/tdmlabel.h" #include <dmctl.h> #ifdef WITH_TDEHWLIB #include <ksslcertificate.h> #include <tdehardwaredevices.h> #include <tdecryptographiccarddevice.h> #endif #include <tdeapplication.h> #include <tdelocale.h> #include <kstandarddirs.h> #include <kseparator.h> #include <tdelistview.h> #include <ksimpleconfig.h> #include <kstringhandler.h> #include <kdebug.h> #include <kdialog.h> #undef Unsorted // x headers suck - make tqdir.h work with --enable-final #include <tqdir.h> #include <tqfile.h> #include <tqbuffer.h> #include <tqmemarray.h> #include <tqimage.h> #include <tqmovie.h> #include <tqpainter.h> #include <tqpopupmenu.h> #include <tqtimer.h> #include <tqheader.h> #include <tqstyle.h> #include <tqlayout.h> #include <tqlabel.h> #include <tqpushbutton.h> #include <tqtooltip.h> #include <tqaccel.h> #include <tqstring.h> #include <tqeventloop.h> #include <tqbitmap.h> #include <pwd.h> #include <grp.h> #include <stdlib.h> #include <unistd.h> #include <fcntl.h> #include <sys/types.h> #ifdef HAVE_UTMPX # include <utmpx.h> #else # include <utmp.h> #endif #include <stdio.h> #include <string.h> #include <unistd.h> #include <errno.h> #include <limits.h> #include <dirent.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/select.h> #include <sys/time.h> #include <termios.h> #include <signal.h> #include <libgen.h> #include <X11/Xlib.h> #define FIFO_DIR "/tmp/tdesocket-global/tdm" #define FIFO_FILE "/tmp/tdesocket-global/tdm/tdmctl-%1" #define FIFO_SAK_FILE "/tmp/tdesocket-global/tdm/tdmctl-sak-%1" class UserListView : public TDEListView { public: UserListView( bool _them, TQWidget *parent = 0, const char *name = 0 ) : TDEListView( parent, name ) , themed(_them), cachedSizeHint( -1, 0 ) { setSizePolicy( TQSizePolicy::Preferred, TQSizePolicy::Ignored ); header()->hide(); addColumn( TQString::null ); setColumnAlignment( 0, AlignVCenter ); setResizeMode( TQListView::LastColumn ); // FIXME: This must be configurable, so disable // painting of list background for now. // if (themed) { // setBackgroundMode( Qt::NoBackground ); // viewport()->setBackgroundMode( Qt::NoBackground ); // setFrameStyle( TQFrame::NoFrame ); // } } bool themed; mutable TQSize cachedSizeHint; int sumHeight() const { int sum = 0; for (TQListViewItem *itm = firstChild(); itm; itm = itm->nextSibling()) { sum += itm->height(); } return sum; } public: virtual TQSize sizeHint() const { if (themed) return TDEListView::sizeHint(); if (!cachedSizeHint.isValid()) { constPolish(); uint maxw = 0; for (TQListViewItem *itm = firstChild(); itm; itm = itm->nextSibling()) { uint thisw = itm->width( fontMetrics(), this, 0 ); if (thisw > maxw) maxw = thisw; } cachedSizeHint.setWidth( style().pixelMetric( TQStyle::PM_ScrollBarExtent ) + frameWidth() * 2 + maxw ); } return cachedSizeHint; } virtual void paintEmptyArea ( TQPainter * p, const TQRect & rect ) { if (!themed) return TDEListView::paintEmptyArea(p, rect ); // FIXME: This must be configurable, so disable // painting of list background for now. return TDEListView::paintEmptyArea(p, rect ); const TQPixmap *pm = TQT_TQPIXMAP_CONST(paletteBackgroundPixmap()); if (!pm || pm->isNull()) { return; } kdDebug() << "paintEmpty " << rect << endl; TQRect devRect = p->xForm( rect ); kdDebug() << "paintEmpty2 " << devRect << endl; p->drawPixmap(0, 0, *pm, devRect.left(), devRect.top() ); } TQPixmap background; }; int KGreeter::curPlugin = -1; PluginList KGreeter::pluginList; KGreeter::KGreeter( bool framed ) : inherited( framed ) , dName( dname ) , userView( 0 ) , userList( 0 ) , nNormals( 0 ) , nSpecials( 0 ) , curPrev( -1 ) , curSel( -1 ) , prevValid( true ) , needLoad( false ) , themed( framed ) , showInfoMessages( true ) , closingDown( false ) { stsFile = new KSimpleConfig( _stsFile ); stsFile->setGroup( "PrevUser" ); if (_userList) { readFacesList(); userView = new UserListView( framed, this ); connect( userView, TQT_SIGNAL(clicked( TQListViewItem * )), TQT_SLOT(slotUserClicked( TQListViewItem * )) ); connect( userView, TQT_SIGNAL(doubleClicked( TQListViewItem * )), TQT_SLOT(accept()) ); } if (_userCompletion) { userList = new TQStringList; } sessMenu = new TQPopupMenu( this ); connect( sessMenu, TQT_SIGNAL(activated( int )), TQT_SLOT(slotSessionSelected( int )) ); insertSessions(); if (curPlugin < 0) { curPlugin = 0; pluginList = KGVerify::init( _pluginsLogin ); } mControlPipeHandlerThread = new TQEventLoopThread(); mControlPipeHandler = new ControlPipeHandlerObject(); mControlPipeHandler->mKGreeterParent = this; mControlPipeHandler->moveToThread(mControlPipeHandlerThread); TQObject::connect(mControlPipeHandler, SIGNAL(processCommand(TQString)), this, SLOT(processInputPipeCommand(TQString))); TQTimer::singleShot(0, mControlPipeHandler, SLOT(run())); mControlPipeHandlerThread->start(); } KGreeter::~KGreeter() { mControlPipeHandlerThread->terminate(); mControlPipeHandlerThread->wait(); delete mControlPipeHandler; // delete mControlPipeHandlerThread; hide(); delete userList; delete verify; delete stsFile; } void KGreeter::cryptographicCardWatcherSetup() { cardLoginUser = TQString::null; #ifdef WITH_TDEHWLIB // Initialize SmartCard readers TDEGenericDevice *hwdevice; TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice); connect(cdevice, TQT_SIGNAL(certificateListAvailable(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*))); connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*))); cdevice->enableCardMonitoring(true); } #endif } void KGreeter::done(int r) { closingDown = true; inherited::done(r); } void KGreeter::processInputPipeCommand(TQString command) { command = command.replace('\n', ""); TQStringList commandList = TQStringList::split('\t', command, false); if ((*(commandList.at(0))) == "LOGIN") { if (verify) { verify->setUser( (*(commandList.at(1))) ); verify->setPassword( (*(commandList.at(2))) ); accept(); } } } void KGreeter::readFacesList() { FILE *f = fopen( TQFile::encodeName( _faceDir + "/.randomlist" ), "rt" ); if ( !f ) return; TQTextIStream is( f ); while ( !is.eof() ) { TQString line = is.readLine().simplifyWhiteSpace(); if ( line.isEmpty() ) continue; TQString icon; int index = line.find( ' ' ); if ( index > 0 ) { icon = line.left( index ); line = line.mid( index ); } else { icon = line; line = TQString::null; } randomFaces.push_back( icon ); TQStringList list = TQStringList::split( ' ', line ); for ( TQStringList::ConstIterator it = list.begin(); it != list.end(); ++it ) randomFacesMap[*it] = icon; } } class UserListViewItem : public TDEListViewItem { public: UserListViewItem( UserListView *parent, const TQString &text, const TQPixmap &pixmap, const TQString &username ) : TDEListViewItem( parent ) , login( username ) { setPixmap( 0, pixmap ); setMultiLinesEnabled( true ); setText( 0, text ); parent->cachedSizeHint.setWidth( -1 ); } virtual void paintCell(TQPainter *p, const TQColorGroup &cg, int column, int width, int alignment) { if (((UserListView*)listView())->themed) TQListViewItem::paintCell(p, cg, column, width, alignment); else TDEListViewItem::paintCell(p, cg, column, width, alignment); } TQString login; }; #define FILE_LIMIT_ICON 20 #define FILE_LIMIT_IMAGE 200 void KGreeter::insertUser( const TQImage &default_pix, const TQString &username, struct passwd *ps ) { if (setegid( ps->pw_gid )) return; if (seteuid( ps->pw_uid )) { setegid(0); return; } if (userList) { userList->append( username ); } if (!userView) { seteuid(0); setegid(0); return; } int dp = 0, nd = 0; if (_faceSource == FACE_USER_ONLY || _faceSource == FACE_PREFER_USER) dp = 1; if (_faceSource != FACE_USER_ONLY && _faceSource != FACE_ADMIN_ONLY) nd = 1; TQImage p; do { dp ^= 1; TQCString fn = !dp ? TQCString( ps->pw_dir ) + '/' : TQCString(TQFile::encodeName( _faceDir + '/' + username )); fn += ".face.icon"; int fd, ico; if ((fd = open( fn.data(), O_RDONLY | O_NONBLOCK )) < 0) { fn.truncate( fn.length() - 5 ); if ((fd = open( fn.data(), O_RDONLY | O_NONBLOCK )) < 0) { continue; } ico = 0; } else ico = 1; TQFile f; f.open( IO_ReadOnly, fd ); int fs = f.size(); if (fs > (ico ? FILE_LIMIT_ICON : FILE_LIMIT_IMAGE) * 1000) { LogWarn( "%s exceeds file size limit (%dkB)\n", fn.data(), ico ? FILE_LIMIT_ICON : FILE_LIMIT_IMAGE ); continue; } TQByteArray fc( fs ); int rfs = f.readBlock( fc.data(), fs ); ::close( fd ); fc.resize( rfs > 0 ? rfs : 0 ); TQBuffer buf( fc ); buf.open( IO_ReadOnly ); TQImageIO ir; ir.setIODevice( TQT_TQIODEVICE(&buf) ); if (!ir.read()) { LogInfo( "%s is no valid image\n", fn.data() ); continue; } p = ir.image(); TQSize ns( 48, 48 ); if (p.size() != ns) { p = p.convertDepth( 32 ).smoothScale( ns, TQ_ScaleMin ); } break; } while (--nd >= 0); if ( p.isNull() && randomFaces.count() ) { TQString randomFace = randomFacesMap[username]; if ( randomFace.isNull() ) { TQStringList::size_type index = 0; for ( size_t i = 0; i < username.length(); ++i ) index += ( 0x7f - username.at( i ).latin1() ) % 37; randomFace = randomFaces[ index % randomFaces.count() ]; } p.load( _faceDir + "/../pics/users/" + randomFace + ".png" ); } if ( p.isNull() ) { p = default_pix; } TQString realname = KStringHandler::from8Bit( ps->pw_gecos ); realname.truncate( realname.find( ',' ) ); if (realname.isEmpty() || realname == username) new UserListViewItem( userView, username, TQPixmap( p ), username ); else { realname.append( "\n" ).append( username ); new UserListViewItem( userView, realname, TQPixmap( p ), username ); } seteuid( 0 ); setegid( 0 ); } class KCStringList : public TQValueList<TQCString> { public: bool contains( const char *str ) const { for (ConstIterator it = begin(); it != end(); ++it) if (*it == str) return true; return false; } }; class KGreeterUserList { public: KGreeterUserList( char **in ); bool hasUser( const char *str ) const { return users.contains( str ); } bool hasGroup( gid_t gid ) const { return groups.find( gid ) != groups.end(); } bool hasGroups() const { return !groups.isEmpty(); } KCStringList users; private: TQValueList<gid_t> groups; }; KGreeterUserList::KGreeterUserList( char **in ) { struct group *grp; for (; *in; in++) if (**in == '@') { if ((grp = getgrnam( *in + 1 ))) { for (; *grp->gr_mem; grp->gr_mem++) users.append( *grp->gr_mem ); groups.append( grp->gr_gid ); } } else users.append( *in ); } void KGreeter::insertUsers(int limit_users) { struct passwd *ps; if (!(ps = getpwnam( "nobody" ))) { return; } TQImage default_pix; if (userView) { if (!default_pix.load( _faceDir + "/.default.face.icon" )) if (!default_pix.load( _faceDir + "/.default.face" )) LogError( "Can't open default user face\n" ); TQSize ns( 48, 48 ); if (default_pix.size() != ns) default_pix = default_pix.convertDepth( 32 ).smoothScale( ns, TQ_ScaleMin ); } if (_showUsers == SHOW_ALL) { KGreeterUserList noUsers( _noUsers ); TQDict<int> dupes( 1000 ); // Potential crash risk with buffer overrun? TQStringList toinsert; int count = 0; for (setpwent(); (ps = getpwent()) != 0;) { if (*ps->pw_dir && *ps->pw_shell && ((ps->pw_uid >= (unsigned)_lowUserId) || ((!ps->pw_uid) && _showRoot)) && (ps->pw_uid <= (unsigned)_highUserId) && (!noUsers.hasUser( ps->pw_name )) && (!noUsers.hasGroup( ps->pw_gid ))) { TQString username( TQFile::decodeName( ps->pw_name ) ); if (!dupes.find( username )) { dupes.insert( username, (int *)-1 ); toinsert.append( username ); if ( limit_users >= 0 && ++count > limit_users ) break; } } } // FIXME: OpenSUSE added this code // For some reason it does not allow LDAP users to be listed (!), // therefore it was deactivated. It should be repaired and reactivated. // if ( limit_users >= 0 && ++count > limit_users ) { // utmpname( _PATH_WTMP ); // setutxent(); // toinsert = TQStringList(); // dupes.clear(); // // for ( count = 0; count < limit_users; ) { // struct utmpx * ent = getutxent(); // if ( !ent ) // break; // struct passwd *ps = getpwnam( ent->ut_user ); // if (ps && *ps->pw_dir && *ps->pw_shell && // (ps->pw_uid >= (unsigned)_lowUserId || // !ps->pw_uid && _showRoot) && // ps->pw_uid <= (unsigned)_highUserId && // !noUsers.hasUser( ps->pw_name ) && // !noUsers.hasGroup( ps->pw_gid )) // { // TQString username( TQFile::decodeName( ent->ut_user ) ); // if (!dupes.find( username )) { // dupes.insert( username, (int *)-1 ); // toinsert.append( username ); // count++; // } // } // // // } // endutxent(); // } for ( TQStringList::ConstIterator it = toinsert.begin(); it != toinsert.end(); ++it ) { // pretty stupid to do another lookup round, but the number is limited // and caching struct passwd is pretty ugly struct passwd *ps = getpwnam( TQFile::encodeName( *it ) ); if ( ps ) insertUser( default_pix, *it, ps ); } } else { KGreeterUserList users( _users ); if (users.hasGroups()) { TQDict<int> dupes( 1000 ); for (setpwent(); (ps = getpwent()) != 0;) { if (*ps->pw_dir && *ps->pw_shell && (ps->pw_uid >= (unsigned)_lowUserId || ((!ps->pw_uid) && _showRoot)) && ps->pw_uid <= (unsigned)_highUserId && (users.hasUser( ps->pw_name ) || users.hasGroup( ps->pw_gid ))) { TQString username( TQFile::decodeName( ps->pw_name ) ); if (!dupes.find( username )) { dupes.insert( username, (int *)-1 ); insertUser( default_pix, username, ps ); } } } } else { KCStringList::ConstIterator it = users.users.begin(); for (; it != users.users.end(); ++it) if ((ps = getpwnam( (*it).data() )) && (ps->pw_uid || _showRoot)) insertUser( default_pix, TQFile::decodeName( *it ), ps ); } } endpwent(); if (_sortUsers) { if (userView) userView->sort(); if (userList) userList->sort(); } } void KGreeter::putSession( const TQString &type, const TQString &name, bool hid, const char *exe ) { int prio = exe ? (!strcmp( exe, "default" ) ? 0 : !strcmp( exe, "custom" ) ? 1 : !strcmp( exe, "failsafe" ) ? 3 : 2) : 2; for (uint i = 0; i < sessionTypes.size(); i++) if (sessionTypes[i].type == type) { sessionTypes[i].prio = prio; return; } sessionTypes.append( SessType( name, type, hid, prio ) ); } void KGreeter::insertSessions() { for (char **dit = _sessionsDirs; *dit; ++dit) { TQStringList ents = TQDir( *dit ).entryList(); for (TQStringList::ConstIterator it = ents.begin(); it != ents.end(); ++it) if ((*it).endsWith( ".desktop" ) && !(*it).endsWith("admin.desktop")) { KSimpleConfig dsk( TQString( *dit ).append( '/' ).append( *it ) ); dsk.setGroup( "Desktop Entry" ); putSession( (*it).left( (*it).length() - 8 ), dsk.readEntry( "Name" ), (dsk.readBoolEntry( "Hidden", false ) || (dsk.hasKey( "TryExec" ) && TDEStandardDirs::findExe( dsk.readEntry( "TryExec" ) ).isEmpty())), dsk.readEntry( "Exec" ).latin1() ); } } putSession( "default", i18n("Default"), false, "default" ); putSession( "custom", i18n("Custom"), false, "custom" ); putSession( "failsafe", i18n("Failsafe"), false, "failsafe" ); qBubbleSort( sessionTypes ); for (uint i = 0; i < sessionTypes.size() && !sessionTypes[i].hid; i++) { sessMenu->insertItem( sessionTypes[i].name, i ); switch (sessionTypes[i].prio) { case 0: case 1: nSpecials++; break; case 2: nNormals++; break; } } } void KGreeter::slotUserEntered() { if (userView) { TQListViewItem *item; for (item = userView->firstChild(); item; item = item->nextSibling()) { if (((UserListViewItem *)item)->login == curUser) { userView->setSelected( item, true ); userView->ensureItemVisible( item ); goto oke; } } userView->clearSelection(); } oke: if (isVisible()) slotLoadPrevWM(); else TQTimer::singleShot( 0, this, TQT_SLOT(slotLoadPrevWM()) ); } void KGreeter::slotUserClicked( TQListViewItem *item ) { if (item) { curUser = ((UserListViewItem *)item)->login; verify->setUser( curUser ); slotLoadPrevWM(); } } void KGreeter::slotSessionSelected( int id ) { if (id != curSel) { sessMenu->setItemChecked( curSel, false ); sessMenu->setItemChecked( id, true ); curSel = id; verify->gplugActivity(); } } void KGreeter::reject() { verify->reject(); } void KGreeter::accept() { if (userView && userView->hasFocus()) slotUserClicked( userView->currentItem() ); else verify->accept(); } void // private KGreeter::setPrevWM( int wm ) { if (curPrev != wm) { if (curPrev != -1) { sessMenu->changeItem( curPrev, sessionTypes[curPrev].name ); } if (wm != -1) { sessMenu->changeItem( wm, sessionTypes[wm].name + i18n(" (previous)") ); } curPrev = wm; } } void KGreeter::slotLoadPrevWM() { int len, i, b; unsigned long crc, by; TQCString name; char *sess; if (verify->coreLock) { needLoad = true; return; } needLoad = false; prevValid = true; name = curUser.local8Bit(); GSendInt( G_ReadDmrc ); GSendStr( name.data() ); GRecvInt(); // ignore status code ... if ((len = name.length())) { GSendInt( G_GetDmrc ); GSendStr( "Session" ); sess = GRecvStr(); if (!sess) { /* no such user */ if (!userView && !userList) { // don't fake if user list shown prevValid = false; /* simple crc32 */ for (crc = _forgingSeed, i = 0; i < len; i++) { by = (crc & 255) ^ name[i]; for (b = 0; b < 8; b++) by = (by >> 1) ^ (-(by & 1) & 0xedb88320); crc = (crc >> 8) ^ by; } /* forge a session with this hash - default & custom more probable */ /* XXX - this should do a statistical analysis of the real users */ #if 1 setPrevWM( crc % (nSpecials * 2 + nNormals) % (nSpecials + nNormals) ); #else i = crc % (nSpecials * 2 + nNormals); if (i < nNormals) setPrevWM( i + nSpecials ); else setPrevWM( (i - nNormals) / 2 ); #endif return; } } else { if (!strcmp(sess, "admin")) { // need to get the original GSendInt( G_GetDmrc); GSendStr( "OrigSession"); sess = GRecvStr(); if (!sess) { free(sess); sess = strdup("default"); } } for (uint i = 0; i < sessionTypes.count() && !sessionTypes[i].hid; i++) { if (sessionTypes[i].type == sess) { free( sess ); setPrevWM( i ); curWMSession = sessionTypes[i].type.utf8(); return; } } if (curSel == -1) { MsgBox( sorrybox, i18n("Your saved session type '%1' is not valid any more.\n" "Please select a new one, otherwise 'default' will be used.").arg( sess ) ); } free( sess ); prevValid = false; } } setPrevWM( -1 ); } void // protected KGreeter::pluginSetup() { int field = 0; TQString ent, pn( verify->pluginName() ), dn( dName + '_' + pn ); if (_preselUser != PRESEL_PREV) stsFile->deleteEntry( verify->entitiesLocal() ? dName : dn, false ); if (_preselUser != PRESEL_NONE && verify->entityPresettable()) { if (verify->entitiesLocal()) ent = _preselUser == PRESEL_PREV ? stsFile->readEntry( dName ) : _defaultUser; else ent = _preselUser == PRESEL_PREV ? stsFile->readEntry( dn ) : verify->getConf( 0, (pn + ".DefaultEntity").latin1(), TQVariant() ).toString(); field = verify->entitiesFielded() ? verify->getConf( 0, (pn + ".FocusField").latin1(), TQVariant( 0 ) ).toInt() : _focusPasswd; } verify->presetEntity( ent, field ); if (userList) verify->loadUsers( *userList ); } void KGreeter::verifyPluginChanged( int id ) { curPlugin = id; pluginSetup(); } void KGreeter::verifyClear() { curUser = TQString::null; slotUserEntered(); slotSessionSelected( -1 ); } void KGreeter::verifyOk() { if (_preselUser == PRESEL_PREV && verify->entityPresettable()) stsFile->writeEntry( verify->entitiesLocal() ? dName : dName + '_' + verify->pluginName(), verify->getEntity() ); if (curSel != -1) { GSendInt( G_PutDmrc ); GSendStr( "Session" ); GSendStr( sessionTypes[curSel].type.utf8() ); curWMSession = sessionTypes[curSel].type.utf8(); } else if (!prevValid) { GSendInt( G_PutDmrc ); GSendStr( "Session" ); GSendStr( "default" ); } GSendInt( G_Ready ); closingDown = true; done( ex_exit ); } void KGreeter::verifyFailed() { if (needLoad) { slotLoadPrevWM(); } } void KGreeter::verifySetUser( const TQString &user ) { curUser = user; slotUserEntered(); } void KGreeter::cryptographicCardInserted(TDECryptographicCardDevice* cdevice) { #ifdef WITH_TDEHWLIB #ifndef HAVE_KRB5 // Don't enable card-based logins if Kerberos integration was disabled return; #endif // Make sure card logins are enabled before attempting one KSimpleConfig *systemconfig = new KSimpleConfig( TQString::fromLatin1( KDE_CONFDIR "/ldap/ldapconfigrc" )); systemconfig->setGroup(NULL); bool enabled = systemconfig->readBoolEntry("EnablePKCS11Login", false); delete systemconfig; if (!enabled) { return; } TQString login_name = TQString::null; X509CertificatePtrList certList = cdevice->cardX509Certificates(); if (certList.count() > 0) { KSSLCertificate* card_cert = NULL; card_cert = KSSLCertificate::fromX509(certList[0]); TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false); for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) { TQString lcpart = (*it).lower(); if (lcpart.startsWith("cn=")) { login_name = lcpart.right(lcpart.length() - strlen("cn=")); } } delete card_cert; } if (login_name != "") { if (verify->cardLoginInProgress) { return; } verify->cardLoginInProgress = true; verify->cardLoginDevice = cdevice; DM dm; SessList sess; bool vt_active = false; bool user_active = false; if (dm.localSessions(sess)) { TQString user, loc; for (SessList::ConstIterator it = sess.begin(); it != sess.end(); ++it) { DM::sess2Str2(*it, user, loc); if (user.startsWith(login_name + ": ")) { // Found active session user_active = true; } if ((*it).self) { if ((*it).vt == dm.activeVT()) { vt_active = true; } } } } if (!user_active && vt_active) { // Select the correct user verify->setUser(login_name); if (userView) { userView->setEnabled(false); } verifySetUser(login_name); verify->lockUserEntry(true); // FIXME // pam_pkcs11 is extremely chatty with no apparent way to disable the unwanted messages verify->setInfoMessageDisplay(false); // Set up password prompt cardLoginUser = login_name; verify->setPasswordPrompt(i18n("PIN:")); // Bypass initial password prompt verify->start(); verify->setPassword(""); verify->accept(); } } #endif } void KGreeter::cryptographicCardRemoved(TDECryptographicCardDevice* cdevice) { #ifdef WITH_TDEHWLIB cardLoginUser = TQString::null; userView->setEnabled(false); verify->lockUserEntry(false); verify->requestAbort(); verify->setPasswordPrompt(TQString::null); // Restore information message display settings verify->setInfoMessageDisplay(showInfoMessages); verify->cardLoginInProgress = false; verify->cardLoginDevice = NULL; #endif } KStdGreeter::KStdGreeter() : KGreeter() , clock( 0 ) , pixLabel( 0 ) { TQBoxLayout *main_box; #ifdef WITH_TDM_XCONSOLE if (consoleView) { TQBoxLayout *ex_box = new TQVBoxLayout( this, 10, 10 ); main_box = new TQHBoxLayout( ex_box, 10 ); ex_box->addWidget( consoleView ); } else #endif main_box = new TQHBoxLayout( this, 10, 10 ); if (userView) main_box->addWidget( userView ); TQBoxLayout *inner_box = new TQVBoxLayout( main_box, 10 ); if (!_authorized && _authComplain) { TQLabel *complainLabel = new TQLabel( i18n("Warning: this is an unsecured session"), this ); TQToolTip::add( complainLabel, i18n("This display requires no X authorization.\n" "This means that anybody can connect to it,\n" "open windows on it or intercept your input.") ); complainLabel->setAlignment( AlignCenter ); complainLabel->setFont( _failFont ); complainLabel->setPaletteForegroundColor( Qt::red ); inner_box->addWidget( complainLabel ); } if (_logoArea == LOGO_NONE) { KSMModalDialogHeader *theader = new KSMModalDialogHeader(this); inner_box->addWidget( theader, AlignCenter ); } if (!_greetString.isEmpty()) { TQLabel *welcomeLabel = new TQLabel( _greetString, this ); welcomeLabel->setAlignment( AlignCenter ); welcomeLabel->setFont( _greetFont ); inner_box->addWidget( welcomeLabel ); if (_logoArea == LOGO_NONE) { // Match caps lock warning font size TQLabel *spacerLabel = new TQLabel( " ", this ); spacerLabel->setFont( _failFont ); inner_box->addWidget( spacerLabel, AlignCenter ); } } switch (_logoArea) { case LOGO_CLOCK: clock = new KdmClock( this, "clock" ); break; case LOGO_LOGO: { TQMovie movie( _logo ); kapp->eventLoop()->processEvents( TQEventLoop::ExcludeUserInput | TQEventLoop::ExcludeSocketNotifiers, 100 ); TQPixmap pixmap; if (!movie.framePixmap().isNull() || pixmap.load( _logo )) { pixLabel = new TQLabel( this ); if (!movie.framePixmap().isNull()) { pixLabel->setMovie( movie ); if (!movie.framePixmap().hasAlpha()) pixLabel->setFrameStyle( TQFrame::Panel | TQFrame::Sunken ); } else { pixLabel->setPixmap( pixmap ); if (!pixmap.hasAlpha()) pixLabel->setFrameStyle( TQFrame::Panel | TQFrame::Sunken ); } pixLabel->setIndent( 0 ); } } break; } if (userView) { if (clock) inner_box->addWidget( clock, 0, AlignCenter ); else if (pixLabel) inner_box->addWidget( pixLabel, 0, AlignCenter ); } else { if (clock) main_box->addWidget( clock, 0, AlignCenter ); else if (pixLabel) main_box->addWidget( pixLabel, 0, AlignCenter ); } goButton = new TQPushButton( i18n("L&ogin"), this ); goButton->setDefault( true ); connect( goButton, TQT_SIGNAL(clicked()), TQT_SLOT(accept()) ); menuButton = new TQPushButton( i18n("&Menu"), this ); //helpButton TQWidget *prec; if (userView) prec = userView; #ifdef WITH_TDM_XCONSOLE else if (consoleView) prec = consoleView; #endif else prec = menuButton; KGStdVerify *sverify = new KGStdVerify( this, this, prec, TQString::null, pluginList, KGreeterPlugin::Authenticate, KGreeterPlugin::Login ); inner_box->addLayout( sverify->getLayout() ); TQPopupMenu *plugMenu = sverify->getPlugMenu(); sverify->selectPlugin( curPlugin ); verify = sverify; inner_box->addWidget( new KSeparator( KSeparator::HLine, this ) ); TQBoxLayout *hbox2 = new TQHBoxLayout( inner_box, 10 ); hbox2->addWidget( goButton ); hbox2->addStretch( 1 ); hbox2->addWidget( menuButton ); hbox2->addStretch( 1 ); if (sessMenu->count() > 1) { inserten( i18n("Session &Type"), 0, sessMenu ); needSep = true; } if (plugMenu) { inserten( i18n("&Authentication Method"), 0, plugMenu ); needSep = true; } #ifdef XDMCP completeMenu( LOGIN_LOCAL_ONLY, ex_choose, i18n("&Remote Login"), 0 ); #else completeMenu(); #endif if (userView || userList) insertUsers(); if (optMenu) menuButton->setPopup( optMenu ); else menuButton->hide(); pluginSetup(); verify->setInfoMessageDisplay(showInfoMessages); verify->start(); TQTimer::singleShot(0, this, SLOT(cryptographicCardWatcherSetup())); } void KStdGreeter::pluginSetup() { inherited::pluginSetup(); if (userView) { if (verify->entitiesLocal() && verify->entityPresettable()) userView->show(); else userView->hide(); } adjustGeometry(); update(); } void KStdGreeter::verifyFailed() { goButton->setEnabled( false ); menuButton->setEnabled( false ); if (userView) userView->setEnabled( false ); inherited::verifyFailed(); } void KStdGreeter::verifyRetry() { goButton->setEnabled( true ); menuButton->setEnabled( true ); if (userView) userView->setEnabled( true ); } KThemedGreeter::KThemedGreeter() : KGreeter( true ) , themer( 0 ) // , clock( 0 ) { // We do all painting ourselves setBackgroundMode( NoBackground ); // Allow tracking the mouse position setMouseTracking( true ); adjustGeometry(); themer = new KdmThemer( _theme, "console", this ); if (!themer->isOK()) { delete themer; themer = 0; return; } connect( themer, TQT_SIGNAL(activated( const TQString & )), TQT_SLOT(slotThemeActivated( const TQString & )) ); console_rect = themer->findNode( "xconsole" ); // tdm ext userlist_rect = themer->findNode( "userlist" ); caps_warning = themer->findNode( "caps-lock-warning" ); xauth_warning = themer->findNode( "xauth-warning" ); // tdm ext pam_error = themer->findNode( "pam-error" ); timed_label = themer->findNode( "timed-label" ); if (pam_error && pam_error->isA( "KdmLabel" )) { static_cast<KdmLabel*>(pam_error)->setText( i18n("Login Failed.") ); } KdmItem *itm; if ((itm = themer->findNode( "pam-message" ))) // done via msgboxes itm->hide( true ); if ((itm = themer->findNode( "language_button" ))) // not implemented yet itm->hide( true ); #ifdef WITH_TDM_XCONSOLE if (console_rect) { if (consoleView) console_rect->setWidget( consoleView ); else console_rect->hide( true ); } #endif if (xauth_warning && (_authorized || !_authComplain)) xauth_warning->hide( true ); if (userView || userList) insertUsers( 7 ); // TODO: find out how many are a good value // if (!_greetString.isEmpty()) { // } // clock = new KdmClock( this, "clock" ); TQWidget *prec; if (userView) prec = userView; #ifdef WITH_TDM_XCONSOLE else if (consoleView) prec = consoleView; #endif else prec = 0; KGThemedVerify *tverify = new KGThemedVerify( this, themer, this, prec, TQString::null, pluginList, KGreeterPlugin::Authenticate, KGreeterPlugin::Login ); TQPopupMenu *plugMenu = tverify->getPlugMenu(); tverify->selectPlugin( curPlugin ); verify = tverify; session_button = 0; if ((itm = themer->findNode( "session_button" ))) { if (sessMenu->count() <= 1) itm->hide( true ); else session_button = itm; } else { if (sessMenu->count() > 1) { inserten( i18n("Session &Type"), ALT+Key_T, sessMenu ); needSep = true; } } admin_button = themer->findNode( "admin_button"); if ( admin_button ) { if ( !_useAdminSession ) admin_button->hide( true ); } if (plugMenu) { inserten( i18n("&Authentication Method"), ALT+Key_A, plugMenu ); needSep = true; } #ifdef XDMCP completeMenu( LOGIN_LOCAL_ONLY, ex_choose, i18n("&Remote Login"), ALT+Key_R ); #else completeMenu(); #endif system_button = themer->findNode( "system_button" ); TQAccel *accel = new TQAccel( this ); accel->insertItem( ALT+Key_M, 0 ); connect( accel, TQT_SIGNAL(activated( int )), TQT_SLOT(slotActionMenu()) ); pluginSetup(); verify->setInfoMessageDisplay(showInfoMessages); verify->start(); TQTimer::singleShot(0, this, SLOT(cryptographicCardWatcherSetup())); } bool KThemedGreeter::event( TQEvent *e ) { if (themer) themer->widgetEvent( e ); return inherited::event( e ); } void KThemedGreeter::pluginSetup() { inherited::pluginSetup(); if (userView && verify->entitiesLocal() && verify->entityPresettable() && userlist_rect) { // userView->setMaximumHeight( userView->sumHeight() ); userlist_rect->setWidget( userView ); } else { if (userView) userView->hide(); if (userlist_rect) userlist_rect->hide( true ); } update(); } void KThemedGreeter::verifyFailed() { // goButton->setEnabled( false ); inherited::verifyFailed(); if (userView) userView->setEnabled(false); } void KThemedGreeter::verifyRetry() { // goButton->setEnabled( true ); if (userView) userView->setEnabled(true); } TQString KThemedGreeter::timedUser = TQString::null; int KThemedGreeter::timedDelay = -1; void KThemedGreeter::updateStatus( bool fail, bool caps, int timedleft ) { if (pam_error) { if (fail) pam_error->show( true ); else pam_error->hide( true ); } if (caps_warning) { if (caps) caps_warning->show( true ); else caps_warning->hide( true ); } if (timed_label) { if (timedleft) { if (timedleft != timedDelay) { timedDelay = timedleft; timedUser = curUser; timed_label->show( true ); timed_label->update(); } } else { timedDelay = -1; timed_label->hide( true ); } } #ifdef WITH_TDEHWLIB if (cardLoginUser != TQString::null) { verify->setPasswordPrompt(i18n("PIN:")); } #endif } void KThemedGreeter::slotThemeActivated( const TQString &id ) { if (id == "login_button") accept(); else if (id == "session_button") slotSessMenu(); else if (id == "system_button") slotActionMenu(); else if (id == "admin_button") slotAskAdminPassword(); } void KThemedGreeter::slotSessMenu() { sessMenu->popup( mapToGlobal( session_button->rect().center() ) ); } void KThemedGreeter::slotActionMenu() { if (system_button) optMenu->popup( mapToGlobal( system_button->rect().center() ) ); else optMenu->popup( mapToGlobal( rect().center() ) ); } void KThemedGreeter::keyPressEvent( TQKeyEvent *e ) { inherited::keyPressEvent( e ); if (!(e->state() & KeyButtonMask) && (e->key() == Key_Return || e->key() == Key_Enter)) accept(); } void KThemedGreeter::slotAskAdminPassword() { TDMAdmin k(curUser, this); if (k.exec()) { GSendInt(G_Ready); hide(); closingDown = true; done(ex_exit); } } //=========================================================================== // // TDM control pipe handler // ControlPipeHandlerObject::ControlPipeHandlerObject() : TQObject() { mPipe_fd = -1; mKGreeterParent = NULL; mSAKDlgParent = NULL; } ControlPipeHandlerObject::~ControlPipeHandlerObject() { if (mPipe_fd != -1) { if (mKGreeterParent) mKGreeterParent->closingDown = true; if (mSAKDlgParent) mSAKDlgParent->closingDown = true; ::close(mPipe_fd); ::unlink(mPipeFilename.ascii()); } } void ControlPipeHandlerObject::run(void) { while (1) { if ((mKGreeterParent && (mKGreeterParent->closingDown)) || (mSAKDlgParent && (mSAKDlgParent->closingDown))) { ::unlink(mPipeFilename.ascii()); TQApplication::eventLoop()->exit(-1); return; } if ((mKGreeterParent && (mKGreeterParent->isShown())) || (mSAKDlgParent && (mSAKDlgParent->isShown()))) { char readbuf[2048]; int displayNumber; TQString currentDisplay; currentDisplay = TQString(getenv("DISPLAY")); currentDisplay = currentDisplay.replace(":", ""); displayNumber = currentDisplay.toInt(); if (mKGreeterParent) { mPipeFilename = TQString(FIFO_FILE).arg(displayNumber); ::unlink((TQString(FIFO_SAK_FILE).arg(displayNumber)).ascii()); } if (mSAKDlgParent) { mPipeFilename = TQString(FIFO_SAK_FILE).arg(displayNumber); ::unlink((TQString(FIFO_FILE).arg(displayNumber)).ascii()); } /* Create the FIFOs if they do not exist */ umask(0); struct stat buffer; int status; char *fifo_parent_dir; char *fifo_dir = strdup(FIFO_DIR); fifo_parent_dir = dirname(fifo_dir); status = stat(fifo_parent_dir, &buffer); if (status != 0) { mkdir(fifo_parent_dir, 0755); } free(fifo_dir); status = stat(FIFO_DIR, &buffer); if (status == 0) { int dir_mode = ((buffer.st_mode & S_IRWXU) >> 6) * 100; dir_mode = dir_mode + ((buffer.st_mode & S_IRWXG) >> 3) * 10; dir_mode = dir_mode + ((buffer.st_mode & S_IRWXO) >> 0) * 1; if ((dir_mode != 700 && dir_mode != 600) || (buffer.st_uid != 0) || (buffer.st_gid != 0)) { printf("[WARNING] Possible security breach! Please check permissions on " FIFO_DIR " (must be 700 and owned by root/root, got %d %d/%d). Not listening for login credentials on remote control socket.\n", dir_mode, buffer.st_uid, buffer.st_gid); fflush(stdout); TQApplication::eventLoop()->exit(-1); return; } } else { mkdir(FIFO_DIR, 0700); } status = stat(mPipeFilename.ascii(), &buffer); if (status == 0) { int file_mode = ((buffer.st_mode & S_IRWXU) >> 6) * 100; file_mode = file_mode + ((buffer.st_mode & S_IRWXG) >> 3) * 10; file_mode = file_mode + ((buffer.st_mode & S_IRWXO) >> 0) * 1; if ((file_mode != 600) || (buffer.st_uid != 0) || (buffer.st_gid != 0)) { ::unlink(mPipeFilename.ascii()); printf("[WARNING] Possible security breach! Please check permissions on %s (must be 600 and owned by root/root, got %d %d/%d). Not listening for login credentials on remote control socket.\n", mPipeFilename.ascii(), file_mode, buffer.st_uid, buffer.st_gid); fflush(stdout); TQApplication::eventLoop()->exit(-1); return; } } else { mknod(mPipeFilename.ascii(), S_IFIFO|0600, 0); chmod(mPipeFilename.ascii(), 0600); } mPipe_fd = ::open(mPipeFilename.ascii(), O_RDONLY | O_NONBLOCK); int numread; int retval; fd_set rfds; FD_ZERO(&rfds); FD_SET(mPipe_fd, &rfds); TQString inputcommand = ""; while ((!inputcommand.contains('\n')) && ((mKGreeterParent && (!mKGreeterParent->closingDown)) || (mSAKDlgParent && (!mSAKDlgParent->closingDown)))) { // Wait for mPipe_fd to receive input retval = select(mPipe_fd + 1, &rfds, NULL, NULL, NULL); if (retval < 0) { // ERROR } else if (retval) { // New data is available numread = ::read(mPipe_fd, readbuf, 2048); readbuf[numread] = 0; readbuf[2047] = 0; inputcommand += readbuf; } } if ((mKGreeterParent && (mKGreeterParent->closingDown)) || (mSAKDlgParent && (mSAKDlgParent->closingDown))) { ::unlink(mPipeFilename.ascii()); TQApplication::eventLoop()->exit(-1); return; } emit processCommand(inputcommand); if ((mKGreeterParent && (!mKGreeterParent->closingDown)) || (mSAKDlgParent && (!mSAKDlgParent->closingDown))) { ::close(mPipe_fd); ::unlink(mPipeFilename.ascii()); } else { ::unlink(mPipeFilename.ascii()); TQApplication::eventLoop()->exit(-1); return; } } // Thread cancellation point usleep(1); } TQApplication::eventLoop()->exit(-1); } #include "kgreeter.moc"