Allow Kerberos ticket init via cryptographic card

pull/1/head
Timothy Pearson 9 years ago
parent d660c1aa59
commit 5fb3200dbf

@ -54,6 +54,11 @@
#include <klineeditdlg.h> #include <klineeditdlg.h>
#include <libtdeldap.h> #include <libtdeldap.h>
#include <ksslcertificate.h>
#include <tdehardwaredevices.h>
#include <tdecryptographiccarddevice.h>
#include "configdlg.h" #include "configdlg.h"
#include "toplevel.h" #include "toplevel.h"
@ -89,6 +94,15 @@ TopLevel::TopLevel() : KSystemTray(), ticketWatch(0), m_refreshTimer(0), m_reque
menu->insertItem(SmallIcon("help"), i18n("&Help"), helpMnu); menu->insertItem(SmallIcon("help"), i18n("&Help"), helpMnu);
menu->insertItem(SmallIcon("system-log-out"), i18n("Quit"), kapp, TQT_SLOT(quit())); menu->insertItem(SmallIcon("system-log-out"), i18n("Quit"), kapp, TQT_SLOT(quit()));
// Set up card monitoring
TDEGenericDevice *hwdevice;
TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
cdevice->enableCardMonitoring(true);
}
load(); load();
updateTicketList(); updateTicketList();
@ -219,6 +233,32 @@ void TopLevel::updateMenu() {
} }
void TopLevel::getNewTicket(bool requestServiceTicket) { void TopLevel::getNewTicket(bool requestServiceTicket) {
bool allow_card = false;
TDEGenericDevice *hwdevice;
TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
TQString login_name = TQString::null;
X509CertificatePtrList certList = cdevice->cardX509Certificates();
if (certList.count() > 0) {
KSSLCertificate* card_cert = NULL;
card_cert = KSSLCertificate::fromX509(certList[0]);
TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false);
for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) {
TQString lcpart = (*it).lower();
if (lcpart.startsWith("cn=")) {
login_name = lcpart.right(lcpart.length() - strlen("cn="));
}
}
delete card_cert;
}
if (login_name != "") {
allow_card = true;
break;
}
}
LDAPCredentials credentials; LDAPCredentials credentials;
if (m_ticketList.count() > 0) { if (m_ticketList.count() > 0) {
TQStringList princParts = TQStringList::split("@", m_ticketList[0].cachePrincipal); TQStringList princParts = TQStringList::split("@", m_ticketList[0].cachePrincipal);
@ -231,7 +271,7 @@ void TopLevel::getNewTicket(bool requestServiceTicket) {
credentials.username = TQString(pwd->pw_name); credentials.username = TQString(pwd->pw_name);
} }
} }
int result = LDAPManager::getKerberosPassword(credentials, i18n("Please provide Kerberos credentials"), requestServiceTicket, this); int result = LDAPManager::getKerberosPassword(credentials, i18n("Please provide Kerberos credentials"), requestServiceTicket, allow_card, this);
if (result == KDialog::Accepted) { if (result == KDialog::Accepted) {
TQString errorstring; TQString errorstring;
TQString service; TQString service;

Loading…
Cancel
Save