/* Authentication method specific conversation plugin for KDE's greeter widgets Copyright (C) 2003 Oswald Buddenhagen <ossi@kde.org> Copyright (C) 2003 Fabian Kaiser <xfk@softpro.de> This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #ifndef KGREETERPLUGIN_H #define KGREETERPLUGIN_H #include <tqvariant.h> #include <tqmessagebox.h> #include <kdemacros.h> class KdmThemer; class TQWidget; class TQLayoutItem; class KGreeterPluginHandler { public: /* keep in sync with V_IS_* */ enum { IsSecret = 1, IsUser = 2, IsPassword = 4, IsOldPassword = 8, IsNewPassword = 16 }; /** * Reply to textPrompt(). * @param text text to return to core; null to abort auth cycle * @param tag zero or one of Is* */ virtual void gplugReturnText( const char *text, int tag ) = 0; /** * Reply to binaryPrompt(). * @param data data in pam_client format to return to the core; * null to abort auth cycle */ virtual void gplugReturnBinary( const char *data ) = 0; /** * Tell the greeter who is logging in. * Call this preferably before gplugStart, as otherwise the .dmrc * load will be delayed. Don't call at all if your plugin doesn't * have the Local flag set. Call only for internally generated * user changes. * @param user the user logging in */ virtual void gplugSetUser( const TQString &user ) = 0; /** * Start processing. */ virtual void gplugStart() = 0; /** * Plugins that expect user input from a different device than the mouse or * keyboard must call this when user activity is detected to prevent the * greeter from resetting/going away. Events should be compressed to no * more than ten per second; one every five seconds is actually enough. * Events should be actual changes to the input fields, not random motion. */ virtual void gplugActivity() = 0; /** * Show a message box on behalf of the talker. * @param type message severity * @param text message text */ virtual void gplugMsgBox( TQMessageBox::Icon type, const TQString &text ) = 0; }; /** * Abstract base class for conversation plugins ("talkers") to be used with * TDM, kdesktop_lock, etc. * The authentication method used by a particular instance of a plugin * may be configurable, but the instance must handle exactly one method, * i.e., info->method must be determined at the latest at init() time. */ class KGreeterPlugin { public: KGreeterPlugin( KGreeterPluginHandler *h ) : handler( h ) {} virtual ~KGreeterPlugin() {} /** * Variations of the talker: * - Authenticate: authentication * - AuthChAuthTok: authentication and password change * - ChAuthTok: password change */ enum Function { Authenticate, AuthChAuthTok, ChAuthTok }; /** * Contexts the talker can be used in: * - Login: tdm login dialog * - Shutdown: tdm shutdown dialog * - Unlock: tdm unlock dialog (TODO) * - ChangeTok: tdm password change dialog (TODO) * - ExUnlock: kdesktop_lock unlock dialog * - ExChangeTok: kdepasswd password change dialog (TODO) * * The Ex* contexts exist within a running session; the talker must know * how to obtain the currently logged in user (+ domain/realm, etc.) * itself (i.e., fixedEntity will be null). The non-Ex variants will have * a fixedEntity passed in. */ enum Context { Login, Shutdown, Unlock, ChangeTok, ExUnlock, ExChangeTok }; /** * Provide the talker with a list of selectable users. This can be used * for autocompletion, etc. * Will be called only when not running. * @param users the users to load. */ virtual void loadUsers( const TQStringList &users ) = 0; /** * Preload the talker with an (opaque to the greeter) entity. * Will be called only when not running. * @param entity the entity to preload the talker with. That * will usually be something like "user" or "user@domain". * @param field the sub-widget (probably line edit) to put the cursor into. * If -1, preselect the user for timed login. This means pre-filling * the password field with anything, disabling it, and placing the * cursor in the user name field. */ virtual void presetEntity( const TQString &entity, int field ) = 0; /** * Obtain the actually logged in entity. * Will be called only after succeeded() was called. */ virtual TQString getEntity() const = 0; /** * "Push" a user into the talker. That can be a click into the user list * or successful authentication without the talker calling gplugSetUser. * Will be called only when running. * @param user the user to set. Note that this is a UNIX login, not a * canonical entity */ virtual void setUser( const TQString &user ) = 0; /** * "Push" a password into the talker. * @param pass the password to set. */ virtual void setPassword( const TQString &pass ) = 0; /** * En-/disable any widgets contained in the talker. * Will be called only when not running. * @param on the state to set */ virtual void setEnabled( bool on ) = 0; /** * Called when a message from the authentication backend arrives. * @param message the message received from the backend * @param error if true, @p message is an error message, otherwise it's * an informational message * @return true means that the talker already handled the message, false * that the greeter should display it in a message box * * FIXME: Filtering a message usually means that the backend issued a * prompt and obtains the authentication data itself. However, in that * state the backend is unresponsive, e.g., no shutdown is possible. * The frontend could send the backend a signal, but the "escape path" * within the backend is unclear (PAM won't like simply longjmp()ing * out of it). */ virtual bool textMessage( const char *message, bool error ) = 0; /** * Prompt the user for data. Reply by calling handler->gplugReturnText(). * @param propmt the prompt to display. It may be null, in which case * "Username"/"Password" should be shown and the replies should be tagged * with the respective Is* flag. * @param echo if true, a normal input widget can be used, otherwise one that * visually obscures the user's input. * @param nonBlocking if true, report whatever is already available, * otherwise wait for user input. */ virtual void textPrompt( const char *prompt, bool echo, bool nonBlocking ) = 0; /** * Request binary authentication data from the talker. Reply by calling * handler->gplugReturnBinary(). * @param prompt prompt in pam_client format * @param nonBlocking if true, report whatever is already available, * otherwise wait for user input. * @return always true for now * * TODO: * @return if true, the prompt was handled by the talker, otherwise the * handler has to use libpam_client to obtain the authentication data. * In that state the talker still can abort the data fetch by * gplugReturn()ing a null array. When the data was obtained, another * binaryPrompt with a null prompt will be issued. */ virtual bool binaryPrompt( const char *prompt, bool nonBlocking ) = 0; /** * This can either * - Start a processing cycle. Will be called only when not running. * - Restart authTok cycle - will be called while running and implies * revive(). PAM is a bit too clever, so we need this. * In any case the talker is running afterwards. */ virtual void start() = 0; /** * Request to suspend the auth. Make sure that a second talker of any * type will be able to operate while this one is suspended (no busy * device nodes, etc.). * Will be called only if running within Login context. (Actually it * won't be called at all, but be prepared.) */ virtual void suspend() = 0; /** * Request to resume the auth from the point it was suspended at. * Will be called only when suspended. */ virtual void resume() = 0; /** * The "login" button was pressed in the greeter. * This might call gplugReturn* or gplugStart. * Will be called only when running. */ virtual void next() = 0; /** * Abort auth cycle. Note that this should _not_ clear out already * entered auth tokens if they are still on the screen. * Will be called only when running and stops it. */ virtual void abort() = 0; /** * Indicate successful end of the current phase. * This is more or less a request to disable editable widgets * responsible for the that phase. * There will be no further attempt to enter that phase until the * widget is destroyed. * Will be called only when running and stops it. */ virtual void succeeded() = 0; /** * Indicate unsuccessful end of the current phase. * This is mostly a request to disable all editable widgets. * The widget will be treated as dead until revive() is called. * Will be called only when running and stops it. */ virtual void failed() = 0; /** * Prepare retrying the previously failed phase. * This is mostly a request to re-enable all editable widgets failed() * disabled previously, clear the probably incorrect authentication tokens * and to set the input focus appropriately. * Will be called only after failed() (possibly with clear() in between), * or after presetEntity() with field -1. */ virtual void revive() = 0; /** * Clear any edit widgets, particularily anything set by setUser. * Will be called only when not running. */ virtual void clear() = 0; /** * Obtain the TQLayoutItem containg the widget(s) to actually handle the * conversation. See TQLayout and TQWidgetItem for possible implementations. */ TQLayoutItem *getLayoutItem() const { return layoutItem; } protected: KGreeterPluginHandler *handler; TQLayoutItem *layoutItem; }; struct KDE_EXPORT kgreeterplugin_info { /** * Human readable name of this plugin (should be a little more * informative than just the libary name). Must be I18N_NOOP()ed. */ const char *name; /** * The authentication method to use - the meaning is up to the backend, * but will usually be related to the PAM service. */ const char *method; /** * Capabilities. */ enum { /** * All users exist on the local system permanently (will be listed * by getpwent()); an entity corresponds to a UNIX user. */ Local = 1, /** * The entities consist of multiple fields. * PluginOptions/<plugin>.FocusField is used instead of FocusPasswd. */ Fielded = 2, /** * An entity can be preset, the talker has a widget where a user can * be selected explicitly. If the method is "classic", timed login * is possible, too. * This also means that setUser/gplugSetUser can be used and a * userlist can be shown at all - provided Local is set as well. */ Presettable = 4 }; /* * Capability flags. */ int flags; /** * Call after loading the plugin. * * @param method if non-empty and the plugin is unable to handle that * method, return false. If the plugin has a constant method defined * above, it can ignore this parameter. * @param getConf can be used to obtain configuration items from the * greeter; you have to pass it the @p ctx pointer. * The only predefined key (in TDM) is "EchoMode", which is an int * (in fact, KPasswordEdit::EchoModes). * Other keys are obtained from the PluginOptions option; see tdmrc * for details. * If the key is unknown, dflt is returned. * @param ctx context pointer for @p getConf * @return if false, unload the plugin again (don't call done() first) */ bool (*init)( const TQString &method, TQVariant (*getConf)( void *ctx, const char *key, const TQVariant &dflt ), void *ctx ); /** * Call before unloading the plugin. * This pointer can be null. */ void (*done)( void ); /** * Factory method to create an instance of the plugin. * Note that multiple instances can exist at one time, but only * one of them is active at any moment (the others would be suspended * or not running at all). * @param handler the object offering the necessary callbacks * @param parent parent widget * @param predecessor the focus widget before the conversation widget * @param fixedEntity see below * @param func see below * @param ctx see below * @return an instance of this conversation plugin * * Valid combinations of Function and Context: * - Authenticate:Login - init * - Authenticate:Shutdown - init, for now "root" is passed as fixedEntitiy * and it is not supposed to be displayed. Plugins with Local not set * might have to conjure something up to make getEntity() return a * canonical entitiy. FIXME: don't restrict shutdown to root. * - AuthChAuthTok:Login, AuthChAuthTok:Shutdown - cont/cont, * only relevant for classic method (as it is relevant only for password- * less logins, which always use classic). The login should not be shown - * it is known to the user already; the backend won't ask for it, either. * - ChAuthTok:Login & ChAuthTok:Shutdown - cont * - Authenticate:Unlock & Authenticate:ExUnlock - init, * AuthChAuthTok:ChangeTok & AuthChAuthTok:ExChangeTok - init/cont, * display fixedEntity as labels. The backend does not ask for the UNIX * login, as it already knows it - but it will ask for all components of * the entity if it is no UNIX login. * * "init" means that the plugin is supposed to call gplugStart, "cont" * that the backend is already in a cycle of the method the plugin was * initialized with. */ KGreeterPlugin *(*create)( KGreeterPluginHandler *handler, KdmThemer *themer, TQWidget *parent, TQWidget *predecessor, const TQString &fixedEntity, KGreeterPlugin::Function func, KGreeterPlugin::Context ctx ); }; #endif