Allow Kerberos ticket init via cryptographic card

9 years ago · 5fb3200dbf
parent d660c1aa59
commit 5fb3200dbf
1 changed files with 41 additions and 1 deletions
--- a/src/toplevel.cpp
+++ b/src/toplevel.cpp
@ -54,6 +54,11 @@
 #include <klineeditdlg.h>
 #include <libtdeldap.h>

+#include <ksslcertificate.h>
+
+#include <tdehardwaredevices.h>
+#include <tdecryptographiccarddevice.h>
+
 #include "configdlg.h"

 #include "toplevel.h"
@ -89,6 +94,15 @@ TopLevel::TopLevel() : KSystemTray(), ticketWatch(0), m_refreshTimer(0), m_reque
 	menu->insertItem(SmallIcon("help"), i18n("&Help"), helpMnu);
 	menu->insertItem(SmallIcon("system-log-out"), i18n("Quit"), kapp, TQT_SLOT(quit()));

+	// Set up card monitoring
+	TDEGenericDevice *hwdevice;
+	TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
+	TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
+	for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
+		TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+		cdevice->enableCardMonitoring(true);
+	}
+
 	load();

 	updateTicketList();
@ -219,6 +233,32 @@ void TopLevel::updateMenu() {
 }

 void TopLevel::getNewTicket(bool requestServiceTicket) {
+	bool allow_card = false;
+	TDEGenericDevice *hwdevice;
+	TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
+	TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
+	for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
+		TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+		TQString login_name = TQString::null;
+		X509CertificatePtrList certList = cdevice->cardX509Certificates();
+		if (certList.count() > 0) {
+			KSSLCertificate* card_cert = NULL;
+			card_cert = KSSLCertificate::fromX509(certList[0]);
+			TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false);
+			for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) {
+				TQString lcpart = (*it).lower();
+				if (lcpart.startsWith("cn=")) {
+					login_name = lcpart.right(lcpart.length() - strlen("cn="));
+				}
+			}
+			delete card_cert;
+		}
+		if (login_name != "") {
+			allow_card = true;
+			break;
+		}
+	}
+
 	LDAPCredentials credentials;
 	if (m_ticketList.count() > 0) {
 		TQStringList princParts = TQStringList::split("@", m_ticketList[0].cachePrincipal);
@ -231,7 +271,7 @@ void TopLevel::getNewTicket(bool requestServiceTicket) {
 			credentials.username = TQString(pwd->pw_name);
 		}
 	}
-	int result = LDAPManager::getKerberosPassword(credentials, i18n("Please provide Kerberos credentials"), requestServiceTicket, this);
+	int result = LDAPManager::getKerberosPassword(credentials, i18n("Please provide Kerberos credentials"), requestServiceTicket, allow_card, this);
 	if (result == KDialog::Accepted) {
 		TQString errorstring;
 		TQString service;