[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: KWallet + PAM
From: Pierre <pinaraf () pinaraf ! info>
Date: 2009-05-25 21:58:07
Message-ID: 200905252358.13628.pinaraf () pinaraf ! info
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
On Sunday 24 May 2009 00:39:33 Michael Leupold wrote:
> Pierre wrote:
> > On Wednesday 29 April 2009 18:58:40 Herbert Graeber wrote:
> >> Am Mittwoch 29 April 2009 03:47:46 schrieb John Tapsell:
> >> > Has any progress been made on the pam+kwallet front? There seem to
> >> > be patches floating about (e.g.
> >> > http://kubuntuforums.net/forums/index.php?topic=3091705.0 ) but I'm
> >> > guessing that they haven't been integrated into our svn ?
> >>
> >> For KDE there has been a openSUSE package named pam_kwallet for this. It
> >> depends on a patch to the kwallet daemon, to open a wallet with a
> >> password given a parameter via dcop (function tryOpen). It would be easy
> >> to port pam_kwallet to KDE when a similar patch has been made for KDE4's
> >> kwallet daemon.
> >
> > If you're interested, I've got a port of this to KDE4 available on my
> > hard drive...
> > It does add a DBus tryOpen call in kwalletd. I ported the "kwalletclient"
> > from pam_kwallet to use dbus too. I only have to try it, but I'm too lazy
> > to do it right now (and I'll be AFK for one day or two..)
> > I'll send the patches in a few days.
>
> Could you please post it to the list? As many users are asking for it we
> might as well put it into 4.4. I guess marking it as "PAM module only" and
> not exposing it in our API should be enough to make it clear that this
> isn't supposed to be used in regular programs. Of course it should be
> documented that sending the (hashed?) password over D-Bus is inherently
> less secure than entering it manually.
Hi
I didn't look at a way to send the password hashed. It seems to be quite easy to
implement, I'll try to do that in a future version of the patch.
The attached patchs for kdelibs and kdebase-runtime implement the DBus call.
The kwalletclient part will be sent as soon as it has been tested and fixed...
So far, that part doesn't seem to work, but I may have done something wrong on
my testing system, and I had a huge unplanned event friday (a car crash) that
removed me a lot of free time...
Pierre
["kdelibs.patch" (text/x-patch)]
diff -Naur kdelibs-4.2.3-orig/kdeui/util/org.kde.KWallet.xml kdelibs-4.2.3/kdeui/util/org.kde.KWallet.xml
--- kdelibs-4.2.3-orig/kdeui/util/org.kde.KWallet.xml 2008-11-12 17:38:30.000000000 +0100
+++ kdelibs-4.2.3/kdeui/util/org.kde.KWallet.xml 2009-05-21 23:02:12.000000000 +0200
@@ -38,6 +38,11 @@
<method name="isEnabled">
<arg type="b" direction="out"/>
</method>
+ <method name="tryOpen">
+ <arg type="b" direction="out"/>
+ <arg name="wallet" type="s" direction="in"/>
+ <arg name="password" type="s" direction="in"/>
+ </method>
<method name="open">
<arg type="i" direction="out"/>
<arg name="wallet" type="s" direction="in"/>
["kdebase-runtime.patch" (text/x-patch)]
diff -Naur kdebase-runtime-4.2.3-orig/kwalletd/kwalletd.cpp kdebase-runtime-4.2.3/kwalletd/kwalletd.cpp
--- kdebase-runtime-4.2.3-orig/kwalletd/kwalletd.cpp 2009-02-26 15:16:05.000000000 +0100
+++ kdebase-runtime-4.2.3/kwalletd/kwalletd.cpp 2009-05-24 13:42:07.000000000 +0200
@@ -397,6 +397,46 @@
return rc;
}
+bool KWalletD::tryOpen (const QString& wallet, const QString& password) {
+ const QPair<int, KWallet::Backend*> walletInfo = findWallet(wallet);
+ int rc = walletInfo.first;
+ if (rc == -1) {
+ if (_wallets.count() > 20) {
+ kDebug() << "Too many wallets open.";
+ return false;
+ }
+
+ KWallet::Backend *b = new KWallet::Backend(wallet);
+ if (KWallet::Backend::exists(wallet)) {
+ int pwless = b->open(QByteArray());
+ if (0 != pwless || !b->isOpen()) {
+ if (pwless == 0) {
+ // release, start anew
+ delete b;
+ b = new KWallet::Backend(wallet);
+ }
+ b->open(password.toUtf8());
+ if (!b->isOpen()) {
+ delete b;
+ return false;
+ }
+ }
+ _wallets.insert(rc = generateHandle(), b);
+ _syncTimers.addTimer(rc, _syncTime);
+
+ b->ref();
+ if (_closeIdle) {
+ _closeTimers.addTimer(rc, _idleTime);
+ }
+ emit walletOpened(wallet);
+ if (_wallets.count() == 1 && _launchManager) {
+ KToolInvocation::startServiceByDesktopName("kwalletmanager-kwalletd");
+ }
+ return true;
+ }
+ }
+ return false;
+}
int KWalletD::internalOpen(const QString& appid, const QString& wallet, bool isPath, WId w,
bool modal, const QString& service) {
diff -Naur kdebase-runtime-4.2.3-orig/kwalletd/kwalletd.h kdebase-runtime-4.2.3/kwalletd/kwalletd.h
--- kdebase-runtime-4.2.3-orig/kwalletd/kwalletd.h 2008-11-19 11:17:51.000000000 +0100
+++ kdebase-runtime-4.2.3/kwalletd/kwalletd.h 2009-05-24 13:42:08.000000000 +0200
@@ -65,6 +65,9 @@
int openAsync(const QString& wallet, qlonglong wId, const QString& appid,
bool handleSession);
+ // Try to open a wallet with the given password
+ bool tryOpen(const QString& wallet, const QString& password);
+
// Open and unlock the wallet with this path asynchronously
int openPathAsync(const QString& path, qlonglong wId, const QString& appid,
bool handleSession);
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic