summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-09-29 15:07:45 -0500
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-09-29 15:07:45 -0500
commit5fb3200dbf531059c194b96ec2cea8376ca941df (patch)
treef519171680d0a869f3d6d49647ec704707c74fb5
parentd660c1aa59da4bd75238921631712568db1aa4ca (diff)
downloadkerberostray-5fb3200d.tar.gz
kerberostray-5fb3200d.zip
Allow Kerberos ticket init via cryptographic card
-rw-r--r--src/toplevel.cpp42
1 files changed, 41 insertions, 1 deletions
diff --git a/src/toplevel.cpp b/src/toplevel.cpp
index 6442a78..abbff54 100644
--- a/src/toplevel.cpp
+++ b/src/toplevel.cpp
@@ -54,6 +54,11 @@
#include <klineeditdlg.h>
#include <libtdeldap.h>
+#include <ksslcertificate.h>
+
+#include <tdehardwaredevices.h>
+#include <tdecryptographiccarddevice.h>
+
#include "configdlg.h"
#include "toplevel.h"
@@ -89,6 +94,15 @@ TopLevel::TopLevel() : KSystemTray(), ticketWatch(0), m_refreshTimer(0), m_reque
menu->insertItem(SmallIcon("help"), i18n("&Help"), helpMnu);
menu->insertItem(SmallIcon("system-log-out"), i18n("Quit"), kapp, TQT_SLOT(quit()));
+ // Set up card monitoring
+ TDEGenericDevice *hwdevice;
+ TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
+ TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
+ for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
+ TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+ cdevice->enableCardMonitoring(true);
+ }
+
load();
updateTicketList();
@@ -219,6 +233,32 @@ void TopLevel::updateMenu() {
}
void TopLevel::getNewTicket(bool requestServiceTicket) {
+ bool allow_card = false;
+ TDEGenericDevice *hwdevice;
+ TDEHardwareDevices *hwdevices = TDEGlobal::hardwareDevices();
+ TDEGenericHardwareList cardReaderList = hwdevices->listByDeviceClass(TDEGenericDeviceType::CryptographicCard);
+ for (hwdevice = cardReaderList.first(); hwdevice; hwdevice = cardReaderList.next()) {
+ TDECryptographicCardDevice* cdevice = static_cast<TDECryptographicCardDevice*>(hwdevice);
+ TQString login_name = TQString::null;
+ X509CertificatePtrList certList = cdevice->cardX509Certificates();
+ if (certList.count() > 0) {
+ KSSLCertificate* card_cert = NULL;
+ card_cert = KSSLCertificate::fromX509(certList[0]);
+ TQStringList cert_subject_parts = TQStringList::split("/", card_cert->getSubject(), false);
+ for (TQStringList::Iterator it = cert_subject_parts.begin(); it != cert_subject_parts.end(); ++it ) {
+ TQString lcpart = (*it).lower();
+ if (lcpart.startsWith("cn=")) {
+ login_name = lcpart.right(lcpart.length() - strlen("cn="));
+ }
+ }
+ delete card_cert;
+ }
+ if (login_name != "") {
+ allow_card = true;
+ break;
+ }
+ }
+
LDAPCredentials credentials;
if (m_ticketList.count() > 0) {
TQStringList princParts = TQStringList::split("@", m_ticketList[0].cachePrincipal);
@@ -231,7 +271,7 @@ void TopLevel::getNewTicket(bool requestServiceTicket) {
credentials.username = TQString(pwd->pw_name);
}
}
- int result = LDAPManager::getKerberosPassword(credentials, i18n("Please provide Kerberos credentials"), requestServiceTicket, this);
+ int result = LDAPManager::getKerberosPassword(credentials, i18n("Please provide Kerberos credentials"), requestServiceTicket, allow_card, this);
if (result == KDialog::Accepted) {
TQString errorstring;
TQString service;