5d20ad97 | 2015-09-16 18:08:32 | Timothy Pearson |
Fix warnings regarding return value being ignored |
||
M tdm/backend/client.c |
||
diff --git a/tdm/backend/client.c b/tdm/backend/client.c index 1dfd978..cb185bc 100644 --- a/tdm/backend/client.c +++ b/tdm/backend/client.c @@ -1114,7 +1114,9 @@ #ifdef HAVE_INITGROUPS if (initgroups( name, gid ) < 0) { LogError( "initgroups for %s failed: %m\n", name ); - setgid( 0 ); + if (setgid(0) != 0) { + LogError("setgid(0) failed\n"); + } return 0; } #endif /* QNX4 doesn't support multi-groups, no initgroups() */ @@ -1642,7 +1644,10 @@ } } else { cdroot: - chdir( "/" ); + if (chdir( "/" ) != 0) { + LogError( "Cannot change directory to %s\n", "/" ); + goto logerr; + } tmperr: ASPrintf( &lname, "/tmp/xerr-%s-%s", curuser, td->name ); unlink( lname ); @@ -1828,13 +1833,19 @@ exit( 0 ); if (!(data = iniLoad( fname ))) { static const int m1 = -1; - write( pfd[1], &m1, sizeof(int) ); - exit( 0 ); + if (write(pfd[1], &m1, sizeof(int)) < 0) { + return GE_Error; + } + exit(0); } len = strlen( data ); - write( pfd[1], &len, sizeof(int) ); - write( pfd[1], data, len + 1 ); - exit( 0 ); + if (write(pfd[1], &len, sizeof(int)) < 0) { + return GE_Error; + } + if (write(pfd[1], data, len + 1) < 0) { + return GE_Error; + } + exit(0); } close( pfd[1] ); free( fname ); |
||
ce477303 | 2015-09-17 17:30:17 | Timothy Pearson |
Add initial cryptographic card login support Tested with themed greeter and SAK disabled |
||
A tdm/cryptocardwatcher/CMakeLists.txt A tdm/cryptocardwatcher/main.cpp A tdm/cryptocardwatcher/watcher.cc A tdm/cryptocardwatcher/watcher.h M kcheckpass/checkpass_pam.c M kcontrol/hwmanager/devicepropsdlg.cpp M kdesktop/lock/lockdlg.cc M kdesktop/lock/lockdlg.h M kdesktop/lock/lockprocess.cc M kdesktop/lock/lockprocess.h M kdesktop/lock/main.cc M kdesktop/lockeng.cc M kdesktop/lockeng.h M tdm/CMakeLists.txt M tdm/backend/client.c M tdm/kfrontend/CMakeLists.txt M tdm/kfrontend/kgapp.cpp M tdm/kfrontend/kgreeter.cpp M tdm/kfrontend/kgreeter.h M tdm/kfrontend/kgverify.cpp M tdm/kfrontend/kgverify.h M tdm/kfrontend/themer/tdmitem.cpp M tdm/kfrontend/themer/tdmitem.h M tdm/kfrontend/themer/tdmlabel.h M tdm/kfrontend/themer/tdmthemer.cpp M tdm/kfrontend/themer/tdmthemer.h M tdm/kfrontend/themes/circles/circles.xml M tdm/kfrontend/themes/minimalist/minimalist.xml M tdm/kfrontend/themes/o2_enterprise/enterprise.xml M tdmlib/dmctl.cpp M tdmlib/kgreet_classic.cpp M tdmlib/kgreet_classic.h M tdmlib/kgreet_pam.cpp M tdmlib/kgreet_pam.h M tdmlib/kgreet_winbind.cpp M tdmlib/kgreet_winbind.h M tdmlib/kgreeterplugin.h |
||
diff --git a/kcheckpass/checkpass_pam.c b/kcheckpass/checkpass_pam.c index 7a35eed..b11148c 100644 --- a/kcheckpass/checkpass_pam.c +++ b/kcheckpass/checkpass_pam.c @@ -72,8 +72,20 @@ repl[count].resp = pd->conv(ConvGetNormal, msg[count]->msg); break; case PAM_PROMPT_ECHO_OFF: - repl[count].resp = - pd->conv(ConvGetHidden, pd->classic ? 0 : msg[count]->msg); + if (pd->classic) { + // WARNING + // This is far from foolproof, but it's the best we can do at this time... + // Try to detect PIN entry requests + if (strstr(msg[count]->msg, "PIN")) { + repl[count].resp = pd->conv(ConvGetHidden, msg[count]->msg); + } + else { + repl[count].resp = pd->conv(ConvGetHidden, 0); + } + } + else { + repl[count].resp = pd->conv(ConvGetHidden, msg[count]->msg); + } break; #ifdef PAM_BINARY_PROMPT case PAM_BINARY_PROMPT: diff --git a/kcontrol/hwmanager/devicepropsdlg.cpp b/kcontrol/hwmanager/devicepropsdlg.cpp index a1ef81c..9946ede 100644 --- a/kcontrol/hwmanager/devicepropsdlg.cpp +++ b/kcontrol/hwmanager/devicepropsdlg.cpp @@ -779,8 +779,8 @@ if (m_device->type() == TDEGenericDeviceType::CryptographicCard) { TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(m_device); - connect(cdevice, TQT_SIGNAL(cardInserted()), this, TQT_SLOT(cryptographicCardInserted())); - connect(cdevice, TQT_SIGNAL(cardRemoved()), this, TQT_SLOT(cryptographicCardRemoved())); + connect(cdevice, TQT_SIGNAL(cardInserted(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted())); + connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved())); updateCryptographicCardStatusDisplay(); } @@ -926,6 +926,7 @@ unsigned int key_slot = lvi->text(0).toUInt(); bool allow_card = false; bool use_card = false; + bool luks_card_key_modified = false; KSSLCertificate* card_cert = NULL; X509* card_cert_x509; TQString disk_uuid = sdevice->diskUUID(); @@ -988,6 +989,7 @@ // Use the secret key as the LUKS passcode new_password = randomKey; + luks_card_key_modified = true; } else { KMessageBox::error(this, i18n("<qt><b>Key creation failed</b><br>Please check that you have write access to /etc/trinity/luks/card and try again</qt>"), i18n("Key creation failure")); @@ -1081,6 +1083,16 @@ sdevice->cryptClearOperationsUnlockPassword(); KMessageBox::error(this, i18n("<qt><b>Key write failed</b><br>Please check the LUKS password and try again</qt>"), i18n("Key write failure")); } + else { + if (luks_card_key_modified) { + if (KMessageBox::warningYesNo(this, i18n("<qt><b>You have created a new card-dependent key</b><br>Card-dependent keys work in conjunction with an encrypted key file stored on the host system.<br>When a card is used to boot, card-dependent keys must be updated in the initramfs image to become usable.<p>Would you like to update the initramfs image now?</qt>"), i18n("Update Required")) == KMessageBox::Yes) { + // Update the initramfs + if (system("update-initramfs -u -k all") != 0) { + KMessageBox::error(this, i18n("<qt><b>Initramfs update failed</b><br>Card-dependent keys may not be available for use until the root storage device is available / unlocked</qt>"), i18n("Initramfs update failure")); + } + } + } + } } } } diff --git a/kdesktop/lock/lockdlg.cc b/kdesktop/lock/lockdlg.cc index e75ac2b..827495c 100644 --- a/kdesktop/lock/lockdlg.cc +++ b/kdesktop/lock/lockdlg.cc @@ -513,7 +513,17 @@ case ConvGetHidden: if (!GRecvArr( &arr )) break; - greet->textPrompt( arr, false, false ); + if (arr && (arr[0] != 0)) { + // Reset password entry and change text + greet->start(); + greet->textPrompt( arr, false, false ); + // Force relayout + setFixedSize( sizeHint().width(), sizeHint().height() + 1 ); + setFixedSize( sizeHint() ); + } + else { + greet->textPrompt( arr, false, false ); + } if (arr) ::free( arr ); return; @@ -915,4 +925,14 @@ updateLabel(); } +void PasswordDlg::attemptCardLogin() { + greet->start(); + greet->next(); +} + +void PasswordDlg::resetCardLogin() { + greet->abort(); + greet->start(); +} + #include "lockdlg.moc" diff --git a/kdesktop/lock/lockdlg.h b/kdesktop/lock/lockdlg.h index eea0931..1bcb756 100644 --- a/kdesktop/lock/lockdlg.h +++ b/kdesktop/lock/lockdlg.h @@ -49,6 +49,9 @@ virtual void gplugStart(); virtual void gplugActivity(); virtual void gplugMsgBox( TQMessageBox::Icon type, const TQString &text ); + + virtual void attemptCardLogin(); + virtual void resetCardLogin(); protected: virtual void timerEvent(TQTimerEvent *); diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc index aa95143..494852e 100644 --- a/kdesktop/lock/lockprocess.cc +++ b/kdesktop/lock/lockprocess.cc @@ -34,6 +34,7 @@ #include <tdeapplication.h> #include <kservicegroup.h> #include <kdebug.h> +#include <kuser.h> #include <tdemessagebox.h> #include <tdeglobalsettings.h> #include <tdelocale.h> @@ -112,6 +113,8 @@ #include <GL/glx.h> #endif +#define KDESKTOP_DEBUG_ID 1204 + #define LOCK_GRACE_DEFAULT 5000 #define AUTOLOGOUT_DEFAULT 600 @@ -146,7 +149,7 @@ static void segv_handler(int) { - kdError(1204) << "A fatal exception was encountered." + kdError(KDESKTOP_DEBUG_ID) << "A fatal exception was encountered." << " Trapping and ignoring it so as not to compromise desktop security..." << kdBacktrace() << endl; sleep(1); @@ -272,7 +275,7 @@ KServiceGroup::Ptr servGroup = KServiceGroup::baseGroup( "screensavers"); if (servGroup) { relPath=servGroup->relPath(); - kdDebug(1204) << "relPath=" << relPath << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "relPath=" << relPath << endl; } TDEGlobal::dirs()->addResourceType("scrsav", TDEGlobal::dirs()->kde_default("apps") + @@ -288,6 +291,19 @@ if ((*it).startsWith("method=")) { mMethod = (*it).mid(7); } + } + + // Initialize SmartCard readers + TDEGenericDevice *hwdevice; + TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices(); + TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard); + for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) { + TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice); + // connect(cdevice, SIGNAL(pinRequested(TQString,TDECryptographicCardDevice*)), this, SLOT(cryptographicCardPinRequested(TQString,TDECryptographicCardDevice*))); + connect(cdevice, TQT_SIGNAL(cardInserted(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardInserted(TDECryptographicCardDevice*))); + connect(cdevice, TQT_SIGNAL(cardRemoved(TDECryptographicCardDevice*)), this, TQT_SLOT(cryptographicCardRemoved(TDECryptographicCardDevice*))); + cdevice->enableCardMonitoring(true); + // cdevice->enablePINEntryCallbacks(true); } #ifdef KEEP_MOUSE_UNGRABBED @@ -781,11 +797,11 @@ TQStringList saverTypes = TQStringList::split(";", saverType); for (uint i = 0; i < saverTypes.count(); i++) { if ((saverTypes[i] == "ManipulateScreen") && !manipulatescreen) { - kdDebug(1204) << "Screensaver is type ManipulateScreen and ManipulateScreen is forbidden" << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "Screensaver is type ManipulateScreen and ManipulateScreen is forbidden" << endl; mForbidden = true; } if ((saverTypes[i] == "OpenGL") && !opengl) { - kdDebug(1204) << "Screensaver is type OpenGL and OpenGL is forbidden" << endl; + kdDebug(KDESKTOP_DEBUG_ID) << "Screensaver is type OpenGL and OpenGL is forbidden" << endl; mForbidden = true; ** Diff limit reached (max: 250 lines) ** |