From d68baedc489a7ab4ab1419144608d28d5336a884 Mon Sep 17 00:00:00 2001 From: zecke Date: Sat, 17 Jul 2004 20:03:12 +0000 Subject: Add Clements reworked and OMAF capable Security Settings application This adds configuration of OMAF For now it disables quicklaunch which will be changed Also a demo application is added --- diff --git a/apps/Applications/multiauth.desktop b/apps/Applications/multiauth.desktop new file mode 100644 index 0000000..17a0132 --- a/dev/null +++ b/apps/Applications/multiauth.desktop @@ -0,0 +1,6 @@ +[Desktop Entry] +Exec=multiauth +Icon=security/multiauth +Type=Application +Name=Multiauth demo +Comment=Multi-authentication demonstration diff --git a/core/settings/security/.cvsignore b/core/settings/security/.cvsignore index ad7fd3a..c6e8c08 100644 --- a/core/settings/security/.cvsignore +++ b/core/settings/security/.cvsignore @@ -1,7 +1,7 @@ *.moc Makefile* moc_* -securitybase.cpp -securitybase.h +loginbase.* +syncbase.* .moc .obj diff --git a/core/settings/security/config.in b/core/settings/security/config.in index 14876da..c346353 100644 --- a/core/settings/security/config.in +++ b/core/settings/security/config.in @@ -1,4 +1,6 @@ config SECURITY - boolean "opie-security (to set a pin for PDA usage protection)" + boolean "opie-security (to set any kind of PDA usage protection)" default "y" - depends ( LIBQPE || LIBQPE-X11 ) + depends ( LIBQPE || LIBQPE-X11 ) && LIBOPIE2CORE && LIBOPIE2UI + + source core/settings/security/demo/config.in diff --git a/core/settings/security/demo/config.in b/core/settings/security/demo/config.in new file mode 100644 index 0000000..d867014 --- a/dev/null +++ b/core/settings/security/demo/config.in @@ -0,0 +1,4 @@ + config MULTIAUTH_DEMO + boolean "opie-security multiauth demo (provides several ways to lock and unlock the device)" + default "y" + depends SECURITY diff --git a/core/settings/security/demo/main.cpp b/core/settings/security/demo/main.cpp new file mode 100644 index 0000000..4ae76e4 --- a/dev/null +++ b/core/settings/security/demo/main.cpp @@ -0,0 +1,34 @@ +#include +#include + +#include + +/// main() function of the opie-multiauth-standalone demonstration application +/** + * Calls each plugin one after the other, and asks them to perform one authentication. + * It loads the plugins one after another through the MultiauthPluginInterface, + * then calls MultiauthPluginObject::authenticate(). + * \em Note: calls are not parsed by doxygen since they are done via a QInterfacePtr: + * \see http://dudu.dyn.2-h.org/nist/doxydoc/allOpie//classQInterfacePtr.html + */ +int main( int argc, char ** argv ) +{ + Opie::Core::OApplication app(argc, argv, "Multi-authentication demo"); + + /* Constructs the main window, which displays messages and blocks + * access to the desktop + */ + Opie::Security::MultiauthMainWindow win; + + app.showMainWidget(&win); + + // resize the QDialog object so it fills all the screen + QRect desk = qApp->desktop()->geometry(); + win.setGeometry( 0, 0, desk.width(), desk.height() ); + + // the authentication has already succeeded (without win interactions) + if ( win.isAlreadyDone() ) + return 0; + + return app.exec(); +} diff --git a/core/settings/security/demo/multiauth.control b/core/settings/security/demo/multiauth.control new file mode 100644 index 0000000..9b4d554 --- a/dev/null +++ b/core/settings/security/demo/multiauth.control @@ -0,0 +1,13 @@ +Package: opie-multiauth +Files: bin/multiauth apps/Applications/multiauth.desktop pics/security/multiauth.png +Priority: optional +Section: opie/settings +Maintainer: Clement Seveillac +Architecture: arm +Version: 0.0.1.13 +Depends: opie-security +Description: multi-plugin authentication demonstrator for Opie. + This demonstration application allows us to use one or several + ways to lock and unlock our device. + You must install some opie-multiauth-* plugins, and configure + them through opie-security, to really see its possibilities. diff --git a/core/settings/security/demo/multiauth.pro b/core/settings/security/demo/multiauth.pro new file mode 100644 index 0000000..ef931a5 --- a/dev/null +++ b/core/settings/security/demo/multiauth.pro @@ -0,0 +1,17 @@ +TEMPLATE = app +CONFIG += qt warn_on + +HEADERS = +SOURCES = main.cpp + +INCLUDEPATH += $(OPIEDIR)/include +DEPENDPATH += + +LIBS += -lqpe -lopiecore2 -lopieui2 -lopiesecurity2 + +DESTDIR = $(OPIEDIR)/bin +TARGET = multiauth + +include ( $(OPIEDIR)/include.pro ) + + diff --git a/core/settings/security/loginbase.ui b/core/settings/security/loginbase.ui new file mode 100644 index 0000000..03e5149 --- a/dev/null +++ b/core/settings/security/loginbase.ui @@ -0,0 +1,106 @@ + +LoginBase + + QWidget + + name + LoginBase + + + geometry + + 0 + 0 + 174 + 126 + + + + caption + LoginBase + + + + margin + 11 + + + spacing + 6 + + + QGroupBox + + name + GroupBox3 + + + title + Login + + + + margin + 6 + + + spacing + 6 + + + QCheckBox + + name + autologinToggle + + + text + Login Automatically + + + whatsThis + If you select this option, opie-login will automagically log you in with the user you have selected in the drop-down list. + +For the Zaurus 5x00 this is always the user "root". + + + + QComboBox + + name + userlist + + + whatsThis + This drop-down list allows you to select the user for auto-login +(if enabled above). + +You can only select an actually configured user. + + + + + + + name + Spacer2 + + + orientation + Vertical + + + sizeType + Expanding + + + sizeHint + + 20 + 20 + + + + + + diff --git a/core/settings/security/main.cpp b/core/settings/security/main.cpp index 200a541..f161109 100644 --- a/core/settings/security/main.cpp +++ b/core/settings/security/main.cpp @@ -1,30 +1,46 @@ -/********************************************************************** -** Copyright (C) 2000 Trolltech AS. All rights reserved. -** -** This file is part of Qtopia Environment. -** -** This file may be distributed and/or modified under the terms of the -** GNU General Public License version 2 as published by the Free Software -** Foundation and appearing in the file LICENSE.GPL included in the -** packaging of this file. -** -** This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE -** WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -** -** See http://www.trolltech.com/gpl/ for GPL licensing information. -** -** Contact info@trolltech.com if any conditions of this licensing are -** not clear to you. -** -**********************************************************************/ +#include "multiauthconfig.h" +#include +#include -#include "security.h" - -#include - -using namespace Opie::Core; -OPIE_EXPORT_APP( OApplicationFactory ) - +int main(int argc, char **argv) { + Opie::Core::OApplication app(argc, argv, "MultiAuthentication Config"); + // protect this dialog if option set + Config* pcfg = new Config("Security"); + pcfg->setGroup( "Misc" ); + bool protectConfigDialog = ! pcfg->readBoolEntry("noProtectConfig", true); + delete pcfg; + bool show = true; + if ( protectConfigDialog ) + { + if (Opie::Security::Internal::runPlugins() != 0) + { + // authentication failed + show = false; + } + } + if ( show == true ) + { + printf("building dialog\n"); + MultiauthConfig dialog; + app.setMainWidget(&dialog); + if ( dialog.exec() == QDialog::Accepted ) { + // write the general, login and sync config + dialog.writeConfig(); + // call writeConfig() on each plugin config widget + Opie::Security::MultiauthConfigWidget *confWidget; + for ( confWidget = dialog.configWidgetList.first(); confWidget != 0; + confWidget = dialog.configWidgetList.next() ) { + confWidget->writeConfig(); + } + } + dialog.close(); + app.quit(); + return 0; + } else { + owarn << "authentication failed, not showing opie-security" << oendl; + return 1; + } +} diff --git a/core/settings/security/multiauthconfig.cpp b/core/settings/security/multiauthconfig.cpp new file mode 100644 index 0000000..0ce4542 --- a/dev/null +++ b/core/settings/security/multiauthconfig.cpp @@ -0,0 +1,665 @@ +#include "multiauthconfig.h" + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +using Opie::Security::MultiauthPluginInterface; +using Opie::Security::MultiauthPluginObject; +using Opie::Security::MultiauthConfigWidget; +/// keeps information about MultiauthPluginObject plugins +struct MultiauthPlugin { + MultiauthPlugin() : library( 0 ), iface( 0 ), pluginObject( 0 ) {} + /// plugin file + QLibrary *library; + /// the plugin object interface + QInterfacePtr iface; + /// the plugin object itself + MultiauthPluginObject *pluginObject; + /// name of the plugin file + QString name; + /// should the plugin be launched during authentication or not + bool active; + /// order of the plugin, in the pluginListWidget and during authentication + int pos; +}; + +/// list of available MultiauthPlugin objects +static QValueList pluginList; + + +/// extension of QToolButton that adds signals, icons and stuff (taken from todayconfig.cpp) +class ToolButton : public QToolButton { + + public: + ToolButton( QWidget *parent, const char *name, const QString& icon, QObject *handler, const QString& slot, bool t = FALSE ) + : QToolButton( parent, name ) { + setPixmap( Resource::loadPixmap( icon ) ); + setAutoRaise( TRUE ); + setFocusPolicy( QWidget::NoFocus ); + setToggleButton( t ); + connect( this, t ? SIGNAL( toggled(bool) ) : SIGNAL( clicked() ), handler, slot ); + } +}; + +MultiauthGeneralConfig::MultiauthGeneralConfig(QWidget * parent, const char * name = "general Opie-multiauthentication config widget") + : QWidget(parent, name), onStart(0), onResume(0), nbSuccessMin(0) +{ + QVBoxLayout *vb = new QVBoxLayout(this); + vb->setSpacing(11); + vb->setMargin(11); + vb->setAlignment( Qt::AlignTop ); + + QGroupBox *lockBox = new QGroupBox(0, Qt::Vertical, tr("When to lock Opie"), this, "lock box"); + vb->addWidget(lockBox); + QGridLayout *boxLayout = new QGridLayout( lockBox->layout() ); + onStart = new QCheckBox( tr( "on Opie start" ), lockBox, "lock on opie start"); + onResume = new QCheckBox( tr( "on Opie resume" ), lockBox, "lock on opie resume"); + boxLayout->addWidget(onStart, 0, 0); + boxLayout->addWidget(onResume, 0, 1); + + QGroupBox *nbBox = new QGroupBox(0, Qt::Vertical, tr("Multiple plugins authentication"), this, "nb box"); + vb->addWidget(nbBox); + QGridLayout *nbBoxLayout = new QGridLayout( nbBox->layout() ); + nbSuccessMin = new QSpinBox(nbBox); + QLabel *lNbSuccessMin = new QLabel( tr( "Required successes" ), nbBox); + nbBoxLayout->addWidget(nbSuccessMin, 0, 0); + nbBoxLayout->addWidget(lNbSuccessMin, 0, 1); + nbSuccessMin->setMinValue(1); // the max value is defined in MultiauthConfig constructor + + QGroupBox *devBox = new QGroupBox(0, Qt::Vertical, tr("Debug options"), this, "dev box"); + vb->addWidget(devBox); + QGridLayout *devBoxLayout = new QGridLayout( devBox->layout() ); + noProtectConfig = new QCheckBox( tr("Don't protect this config screen"), devBox, "don't protect config"); + explanScreens = new QCheckBox( tr("Show explanatory screens"), devBox, "Show explan. screens"); + allowBypass = new QCheckBox( tr("Allow to bypass authentication"), devBox, "AllowBypass"); + QLabel *logicNote = new QLabel( "

" + tr("Note: the third option implies the second one") + "

", devBox ); + devBoxLayout->addWidget(noProtectConfig, 0, 0); + devBoxLayout->addWidget(explanScreens, 1, 0); + devBoxLayout->addWidget(allowBypass, 2, 0); + devBoxLayout->addMultiCellWidget(logicNote, 3, 3, 0, 1); + + connect( explanScreens, SIGNAL(toggled(bool)), this, SLOT(checkBypass()) ); + connect( allowBypass, SIGNAL(toggled(bool)), this, SLOT(checkScreens()) ); +} + +/// nothing to do +MultiauthGeneralConfig::~MultiauthGeneralConfig() +{} + +/// Be sure that explanScreens is checked if allowBypass is +void MultiauthGeneralConfig::checkScreens() +{ + if ( (allowBypass->isChecked() == true) && (explanScreens->isChecked() == false) ) + explanScreens->setChecked(true); +} + +/// Be sure that allowBypass is not checked if explanScreens is not +void MultiauthGeneralConfig::checkBypass() +{ + if ( (allowBypass->isChecked() == true) && (explanScreens->isChecked() == false) ) + allowBypass->setChecked(false); +} + +/// Builds and displays the Opie multi-authentication configuration dialog +MultiauthConfig::MultiauthConfig() : QDialog(0, 0, TRUE), + m_mainTW(0), m_pluginListView(0), m_pluginListWidget(0), + m_generalConfig(0), m_loginWidget(0), m_syncWidget(0), + m_nbSuccessReq(0), m_plugins_changed(false) +{ + /* Initializes the global configuration window + */ + setCaption( tr( "Security configuration" ) ); + QVBoxLayout *layout = new QVBoxLayout( this ); + m_mainTW = new Opie::Ui::OTabWidget( this ); + layout->addWidget(m_mainTW); + m_pluginListWidget = new QWidget(m_mainTW, "plugin list widget"); + QVBoxLayout * pluginListLayout = new QVBoxLayout(m_pluginListWidget); + pluginListLayout->setSpacing(6); + pluginListLayout->setMargin(11); + QLabel * pluginListTitle = new QLabel( tr( "Load which plugins in what order:" ), m_pluginListWidget ); + pluginListLayout->addWidget(pluginListTitle); + QHBox * pluginListHB = new QHBox(m_pluginListWidget); + pluginListLayout->addWidget(pluginListHB); + + m_pluginListView = new QListView(pluginListHB); + m_pluginListView->addColumn("PluginList"); + m_pluginListView->header()->hide(); + m_pluginListView->setSorting(-1); + QWhatsThis::add(m_pluginListView, tr( "Check a checkbox to activate/deactivate a plugin or use the arrow buttons on the right to change the order they will appear in" )); + + QVBox * pluginListVB = new QVBox(pluginListHB); + new ToolButton( pluginListVB, tr( "Move Up" ), "up", this , SLOT( moveSelectedUp() ) ); + new ToolButton( pluginListVB, tr( "Move Down" ), "down", this , SLOT( moveSelectedDown() ) ); + m_mainTW->addTab( m_pluginListWidget, "pass", tr( "plugins" ) ); + + connect ( m_pluginListView , SIGNAL( clicked ( QListViewItem * ) ), this, SLOT( pluginsChanged ( ) ) ); + + // general Opie multi-authentication configuration tab + m_generalConfig = new MultiauthGeneralConfig(m_mainTW); + m_mainTW->addTab(m_generalConfig, "SettingsIcon", tr( "Authentication") ); + + // login settings page + m_loginWidget = new LoginBase(m_mainTW, "login config widget"); + m_mainTW->addTab(m_loginWidget, "security/users", tr( "Login") ); + + // sync settings page + m_syncWidget = new SyncBase( m_mainTW, "sync config widget" ); + m_mainTW->addTab(m_syncWidget, "security/sync", tr( "Sync") ); + + // read the "Security" Config file and update our UI + readConfig(); + + /* loads plugins configuration widgets in mainTW tabs and in pluginListView + */ + + loadPlugins(); + + for ( int i = pluginList.count() - 1; i >= 0; i-- ) { + MultiauthPlugin plugin = pluginList[i]; + + // load the config widgets in the tabs + // (configWidget will return 0l if there is no configuration GUI) + MultiauthConfigWidget* widget = plugin.pluginObject->configWidget(m_mainTW); + if ( widget != 0l ) { + odebug << "plugin " << plugin.name << " has a configuration widget" << oendl; + configWidgetList.append(widget); + m_mainTW->addTab( widget, plugin.pluginObject->pixmapNameConfig(), + plugin.pluginObject->pluginName() ); + } + // set the order/activate tab + QPixmap icon = Resource::loadPixmap( plugin.pluginObject->pixmapNameWidget() ); + QCheckListItem * item = new QCheckListItem(m_pluginListView, plugin.pluginObject->pluginName(), QCheckListItem::CheckBox ); + if ( !icon.isNull() ) { + item->setPixmap( 0, icon ); + } + if ( m_excludePlugins.find( plugin.name ) == m_excludePlugins.end() ) { + item->setOn( TRUE ); + } + m_plugins[plugin.name] = item; + } + + // set the first tab as default. + m_mainTW->setCurrentTab(m_pluginListWidget); + + // put the number of plugins as the max number of req. auth. + m_generalConfig->nbSuccessMin->setMaxValue( pluginList.count() ); + + showMaximized(); +} + +/// nothing to do +MultiauthConfig::~MultiauthConfig() +{ +} + +/// moves up the selected plugin +void MultiauthConfig::moveSelectedUp() +{ + QListViewItem *item = m_pluginListView->selectedItem(); + if ( item && item->itemAbove() ) { + item->itemAbove()->moveItem( item ); + } +} + +/// moves down the selected plugin +void MultiauthConfig::moveSelectedDown() +{ + QListViewItem *item = m_pluginListView->selectedItem(); + if ( item && item->itemBelow() ) { + item->moveItem( item->itemBelow() ); + } +} + +/// reads the Security.conf Config file, and updates parts of the user interface +void MultiauthConfig::readConfig() +{ + // pointer, so we release this Config when we want + Config* pcfg = new Config("Security"); + pcfg->setGroup( "Misc" ); + m_generalConfig->onStart->setChecked( pcfg->readBoolEntry( "onStart", false ) ); + m_generalConfig->onResume->setChecked( pcfg->readBoolEntry( "onResume", false ) ); + m_generalConfig->nbSuccessMin->setValue( pcfg->readNumEntry( "nbSuccessMin", 1 ) ); + m_generalConfig->noProtectConfig->setChecked( pcfg->readBoolEntry( "noProtectConfig", true) ); + m_generalConfig->explanScreens->setChecked( pcfg->readBoolEntry( "explanScreens", true ) ); + m_generalConfig->allowBypass->setChecked( pcfg->readBoolEntry( "allowBypass", false ) ); + + pcfg->setGroup( "Plugins" ); + m_excludePlugins = pcfg->readListEntry( "ExcludePlugins", ',' ); + m_allPlugins = pcfg->readListEntry( "AllPlugins", ',' ); + + /* Login and Sync stuff */ + pcfg->setGroup("Sync"); + int auth_peer = pcfg->readNumEntry("auth_peer",0xc0a88100);//new default 192.168.129.0/24 + int auth_peer_bits = pcfg->readNumEntry("auth_peer_bits",24); + + pcfg->setGroup("SyncMode"); + int mode = pcfg->readNumEntry("Mode",2); // Default to Sharp + switch( mode ) { + case 0x01: + m_syncWidget->syncModeCombo->setCurrentItem( 0 ); + break; + case 0x02: + default: + m_syncWidget->syncModeCombo->setCurrentItem( 1 ); + break; + case 0x04: + m_syncWidget->syncModeCombo->setCurrentItem( 2 ); + break; + } + /* + cfg.setGroup("Remote"); + if ( telnetAvailable() ) + telnet->setChecked(cfg.readEntry("allow_telnet")); + else + telnet->hide(); + + if ( sshAvailable() ) + ssh->setChecked(cfg.readEntry("allow_ssh")); + else + ssh->hide(); + */ + + // release the Config handler + delete pcfg; + // indeed, selectNet will open the config file... + selectNet(auth_peer,auth_peer_bits,TRUE); + + connect( m_syncWidget->syncnet, SIGNAL(textChanged(const QString&)), + this, SLOT(setSyncNet(const QString&))); + + + + QString configFile = QPEApplication::qpeDir() + "/etc/opie-login.conf"; + Config loginCfg(configFile,Config::File); + + loginCfg.setGroup("General"); + autoLoginName=loginCfg.readEntry("AutoLogin",""); + + if (autoLoginName.stripWhiteSpace().isEmpty()) { + autoLogin=false; + } else { + autoLogin=true; + } + + + connect(m_loginWidget->autologinToggle, SIGNAL(toggled(bool)), this, SLOT(toggleAutoLogin(bool))); + connect(m_loginWidget->userlist, SIGNAL(activated(int)), this, SLOT(changeLoginName(int))); + connect(m_syncWidget->restoredefaults,SIGNAL(clicked()), this, SLOT(restoreDefaults())); + connect(m_syncWidget->deleteentry,SIGNAL(clicked()), this, SLOT(deleteListEntry())); + + loadUsers(); + updateGUI(); + +} + +void MultiauthConfig::writeConfig() +{ + Config* pcfg = new Config("Security"); + pcfg->setGroup( "Plugins" ); + QStringList exclude; + QStringList include; + QStringList allPlugins; + + QListViewItemIterator list_it( m_pluginListView ); + + // this makes sure the names get saved in the order selected + for ( ; list_it.current(); ++list_it ) { + QMap ::Iterator it; + for ( it = m_plugins.begin(); it != m_plugins. end (); ++it ) { + if ( list_it.current() == (*it) && !(*it)-> isOn () ) { + exclude << it.key(); + } else if ( list_it.current() == (*it) && (*it)-> isOn () ){ + include << it.key(); + } + if ( list_it.current() == (*it) ) { + allPlugins << it.key(); + } + } + } + pcfg->writeEntry( "ExcludePlugins", exclude, ',' ); + pcfg->writeEntry( "IncludePlugins", include, ',' ); + pcfg->writeEntry( "AllPlugins", allPlugins, ',' ); + + pcfg->setGroup( "Misc" ); + pcfg->writeEntry( "onStart", m_generalConfig->onStart->isChecked() ); + pcfg->writeEntry( "onResume", m_generalConfig->onResume->isChecked() ); + pcfg->writeEntry( "nbSuccessMin", m_generalConfig->nbSuccessMin->text() ); + pcfg->writeEntry( "noProtectConfig", m_generalConfig->noProtectConfig->isChecked() ); + pcfg->writeEntry( "explanScreens", m_generalConfig->explanScreens->isChecked() ); + pcfg->writeEntry( "allowBypass", m_generalConfig->allowBypass->isChecked() ); + + /* Login and Sync stuff */ + + pcfg->setGroup("Sync"); + int auth_peer=0; + int auth_peer_bits; + QString sn = m_syncWidget->syncnet->currentText(); + parseNet(sn,auth_peer,auth_peer_bits); + + //this is the *selected* (active) net range + pcfg->writeEntry("auth_peer",auth_peer); + pcfg->writeEntry("auth_peer_bits",auth_peer_bits); + + //write back all other net ranges in *cleartext* + for (int i=0; i<10; i++) { + QString target; + target.sprintf("net%d", i); + pcfg->writeEntry(target,m_syncWidget->syncnet->text(i)); + } + +#ifdef ODP +#error "Use 0,1,2 and use Launcher" +#endif + /* keep the old code so we don't use currentItem directly */ + int value = 0x02; + switch( m_syncWidget->syncModeCombo->currentItem() ) { + case 0: + value = 0x01; + break; + case 1: + value = 0x02; + break; + case 2: + value = 0x04; + break; + } + pcfg->setGroup("SyncMode"); + pcfg->writeEntry( "Mode", value ); + + /* + pcfg->setGroup("Remote"); + if ( telnetAvailable() ) + pcfg->writeEntry("allow_telnet",telnet->isChecked()); + if ( sshAvailable() ) + pcfg->writeEntry("allow_ssh",ssh->isChecked()); + // ### write ssh/telnet sys config files + */ + + //release the Config handler + delete pcfg; + + QString configFile = QPEApplication::qpeDir() + "/etc/opie-login.conf"; + Config loginCfg(configFile,Config::File); + loginCfg.setGroup("General"); + + if (autoLogin) { + loginCfg.writeEntry("AutoLogin",autoLoginName); + } else { + loginCfg.removeEntry("AutoLogin"); + } + +} + +/// slot used to record the fact plugins order has been modified +void MultiauthConfig::pluginsChanged() { + m_plugins_changed = true; +} + +/// loads each multiauth plugin +void MultiauthConfig::loadPlugins() { + + odebug << "loading plugins..." << oendl; + QString path = QPEApplication::qpeDir() + "/plugins/security"; + QDir dir( path, "lib*.so" ); + + QStringList list = dir.entryList(); + QStringList::Iterator it; + + // temporary list used to sort plugins + QMap sortList; + + for ( it = list.begin(); it != list.end(); ++it ) { + QInterfacePtr iface; + QLibrary *lib = new QLibrary( path + "/" + *it ); + QString libPath(path + "/" + *it); + odebug << "library path: " << libPath << oendl; + + odebug << "querying: " << QString( path + "/" + *it ) << oendl; + if ( lib->queryInterface( IID_MultiauthPluginInterface, (QUnknownInterface**)&iface ) == QS_OK ) { + odebug << "accepted: " << QString( path + "/" + *it ) << oendl; + + MultiauthPlugin plugin; + plugin.library = lib; + plugin.iface = iface; + plugin.name = QString(*it); + + // find out if plugins should be launched + if ( m_excludePlugins.grep( *it ).isEmpty() ) { + plugin.active = true; + } else { + plugin.active = false; + } + + plugin.pluginObject = plugin.iface->plugin(); + + // "prebuffer" it in one more list, to get the sorting done + sortList.insert( plugin.name, plugin ); + + // on first start the list is off course empty + if ( m_allPlugins.isEmpty() ) { + pluginList.append( plugin ); + } + // if plugin is not yet in the list, add it to the layout too + else if ( !m_allPlugins.contains( plugin.name ) ) { + pluginList.append( plugin ); + } + + } else { + odebug << "could not recognize " << QString( path + "/" + *it ) << oendl; + delete lib; + } + + } // end for + + // put m_allPlugins tempPlugin objects into pluginList + if ( !m_allPlugins.isEmpty() ) { + MultiauthPlugin tempPlugin; + QStringList::Iterator stringit; + for( stringit = m_allPlugins.begin(); stringit != m_allPlugins.end(); ++stringit ) { + tempPlugin = ( sortList.find( *stringit ) ).data(); + if ( !( (tempPlugin.name).isEmpty() ) ) { + pluginList.append( tempPlugin ); + } + } + } + +} + +void MultiauthConfig::deleteListEntry() +{ + m_syncWidget->syncnet->removeItem(m_syncWidget->syncnet->currentItem()); +} + +void MultiauthConfig::restoreDefaults() +{ + QMessageBox unrecbox( + tr("Attention"), + tr( "

All user-defined net ranges will be lost."), + QMessageBox::Warning, + QMessageBox::Cancel, QMessageBox::Yes, QMessageBox::NoButton, + 0, QString::null, TRUE, WStyle_StaysOnTop); + unrecbox.setButtonText(QMessageBox::Cancel, tr("Cancel")); + unrecbox.setButtonText(QMessageBox::Yes, tr("Ok")); + + if ( unrecbox.exec() == QMessageBox::Yes) + { + m_syncWidget->syncnet->clear(); + insertDefaultRanges(); + } + m_syncWidget->syncModeCombo->setCurrentItem( 2 ); +} + +void MultiauthConfig::insertDefaultRanges() +{ + m_syncWidget->syncnet->insertItem( tr( "192.168.129.0/24" ) ); + m_syncWidget->syncnet->insertItem( tr( "192.168.1.0/24" ) ); + m_syncWidget->syncnet->insertItem( tr( "192.168.0.0/16" ) ); + m_syncWidget->syncnet->insertItem( tr( "172.16.0.0/12" ) ); + m_syncWidget->syncnet->insertItem( tr( "10.0.0.0/8" ) ); + m_syncWidget->syncnet->insertItem( tr( "1.0.0.0/8" ) ); + m_syncWidget->syncnet->insertItem( tr( "Any" ) ); + m_syncWidget->syncnet->insertItem( tr( "None" ) ); +} + +void MultiauthConfig::updateGUI() +{ + m_loginWidget->autologinToggle->setChecked(autoLogin); + m_loginWidget->userlist->setEnabled(autoLogin); +} + +void MultiauthConfig::selectNet(int auth_peer,int auth_peer_bits, bool update) +{ + QString sn; + if ( auth_peer_bits == 0 && auth_peer == 0 ) { + sn = tr("Any"); + } else if ( auth_peer_bits == 32 && auth_peer == 0 ) { + sn = tr("None"); + } else { + sn = + QString::number((auth_peer>>24)&0xff) + "." + + QString::number((auth_peer>>16)&0xff) + "." + + QString::number((auth_peer>>8)&0xff) + "." + + QString::number((auth_peer>>0)&0xff) + "/" + + QString::number(auth_peer_bits); + } + + //insert user-defined list of netranges upon start + if (update) { + //User selected/active netrange first + m_syncWidget->syncnet->insertItem( tr(sn) ); + Config cfg("Security"); + cfg.setGroup("Sync"); + + //set up defaults if needed, if someone manually deletes net0 he'll get a suprise hehe + QString test = cfg.readEntry("net0",""); + if (test.isEmpty()) { + insertDefaultRanges(); + } else { + // 10 ought to be enough for everybody... :) + // If you need more, don't forget to edit applySecurity() as well + bool already_there=FALSE; + for (int i=0; i<10; i++) { + QString target, netrange; + target.sprintf("net%d", i); + netrange = cfg.readEntry(target,""); + if (! netrange.isEmpty()){ + //make sure we have no "twin" entries + for (int i=0; isyncnet->count(); i++) { + if ( m_syncWidget->syncnet->text(i) == netrange ) { + already_there=TRUE; + } + } + if (! already_there) { + m_syncWidget->syncnet->insertItem( tr( netrange ) ); + } else { + already_there=FALSE; + } + } + } + } + } + + for (int i=0; isyncnet->count(); i++) { + if ( m_syncWidget->syncnet->text(i).left(sn.length()) == sn ) { + m_syncWidget->syncnet->setCurrentItem(i); + return; + } + } + odebug << "No match for \"" << sn << "\"" << oendl; +} + +void MultiauthConfig::parseNet(const QString& sn,int& auth_peer,int& auth_peer_bits) +{ + auth_peer=0; + if ( sn == tr("Any") ) { + auth_peer = 0; + auth_peer_bits = 0; + } else if ( sn == tr("None") ) { + auth_peer = 0; + auth_peer_bits = 32; + } else { + int x=0; + for (int i=0; i<4; i++) { + int nx = sn.find(QChar(i==3 ? '/' : '.'),x); + auth_peer = (auth_peer<<8)|sn.mid(x,nx-x).toInt(); + x = nx+1; + } + uint n = (uint)sn.find(' ',x)-x; + auth_peer_bits = sn.mid(x,n).toInt(); + } +} + +void MultiauthConfig::loadUsers() +{ + QFile passwd("/etc/passwd"); + if ( passwd.open(IO_ReadOnly) ) { + QTextStream t( &passwd ); + QString s; + QStringList account; + while ( !t.eof() ) { + account = QStringList::split(':',t.readLine()); + // Hide disabled accounts and some special accounts + if (*account.at(1)!="*" && *account.at(0)!="ppp" && *account.at(0)!="messagebus") { + + m_loginWidget->userlist->insertItem(*account.at(0)); + // Highlight this item if it is set to m_loginWidget->autologinToggle + if ( *account.at(0) == autoLoginName) + m_loginWidget->userlist->setCurrentItem(m_loginWidget->userlist->count()-1); + } + } + passwd.close(); + } + +} + +void MultiauthConfig::toggleAutoLogin(bool val) +{ + autoLogin=val; + m_loginWidget->userlist->setEnabled(val); + // if autoLogin is true, we will set by default the login currently visible in the userlist + if (autoLogin) + autoLoginName=m_loginWidget->userlist->currentText(); +} + + + + +void MultiauthConfig::setSyncNet(const QString& sn) +{ + int auth_peer,auth_peer_bits; + parseNet(sn,auth_peer,auth_peer_bits); + selectNet(auth_peer,auth_peer_bits,FALSE); +} + +void MultiauthConfig::changeLoginName( int idx ) +{ + autoLoginName = m_loginWidget->userlist->text(idx);; + updateGUI(); +} + +/// \todo do implement that? who? how? +bool MultiauthConfig::telnetAvailable() const +{ + return FALSE; +} + +/// \todo do implement that? who? how? +bool MultiauthConfig::sshAvailable() const +{ + return FALSE; +} + diff --git a/core/settings/security/multiauthconfig.h b/core/settings/security/multiauthconfig.h new file mode 100644 index 0000000..ffe920f --- a/dev/null +++ b/core/settings/security/multiauthconfig.h @@ -0,0 +1,141 @@ +/** + * \file multiauthconfig.h + * \brief Configuration GUI for Opie multiauth. framework, login and sync + * \author Clément Séveillac (clement . seveillac (at) via . ecp . fr) + */ +/* + =. This file is part of the Opie Project + .=l. Copyright (C) 2004 Opie Developer Team + .>+-= + _;:, .> :=|. This library is free software; you can +.> <`_, > . <= redistribute it and/or modify it under +:`=1 )Y*s>-.-- : the terms of the GNU Library General Public +.="- .-=="i, .._ License as published by the Free Software + - . .-<_> .<> Foundation; either version 2 of the License, + ._= =} : or (at your option) any later version. + .%`+i> _;_. + .i_,=:_. -`: PARTICULAR PURPOSE. See the GNU +..}^=.= = ; Library General Public License for more +++= -. .` .: details. + : = ...= . :.=- + -. .:....=;==+<; You should have received a copy of the GNU + -_. . . )=. = Library General Public License along with + -- :-=` this library; see the file COPYING.LIB. + If not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + +*/ + +#ifndef MULTIAUTHCONFIG_H +#define MULTIAUTHCONFIG_H + +#include +#include + +/* OPIE */ +#include + +/* QT */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* UI */ +#include "syncbase.h" +#include "loginbase.h" + + +/// the "misc" configuration tab, about general Opie Multiauth settings +class MultiauthGeneralConfig : public QWidget +{ + Q_OBJECT +public: + MultiauthGeneralConfig(QWidget * parent, const char * name); + ~MultiauthGeneralConfig(); +protected: + QCheckBox *onStart, *onResume, *noProtectConfig, *explanScreens, *allowBypass; + QSpinBox *nbSuccessMin; +private: + friend class MultiauthConfig; +private slots: + void checkBypass(); + void checkScreens(); +}; + +/// the whole configuration dialog +class MultiauthConfig : public QDialog +{ + Q_OBJECT + +public: + MultiauthConfig(); + virtual ~MultiauthConfig(); + void writeConfig(); + QList configWidgetList; + +protected slots: + void pluginsChanged(); + void moveSelectedUp(); + void moveSelectedDown(); + +private slots: + // Login and Sync stuff + void setSyncNet(const QString&); + void changeLoginName(int); + void toggleAutoLogin(bool); + void restoreDefaults(); + void insertDefaultRanges(); + void deleteListEntry(); + +private: + /// the widget holding all the tabs (or pages) + Opie::Ui::OTabWidget *m_mainTW; + /// list of authentication plugins in the "Plugins" page + QListView *m_pluginListView; + QStringList m_allPlugins, m_excludePlugins; + QMap m_plugins; + /// plugin list page + QWidget *m_pluginListWidget; + /// misc config page + MultiauthGeneralConfig *m_generalConfig; + /// login (root / ...) choice page + LoginBase *m_loginWidget; + /// synchronization settings page + SyncBase *m_syncWidget; + + int m_nbSuccessReq; + bool m_plugins_changed; + + void readConfig(); + void loadPlugins(); + + // Login and Sync stuff + void loadUsers(); + bool telnetAvailable() const; + bool sshAvailable() const; + void updateGUI(); + + static void parseNet(const QString& sn,int& auth_peer,int& auth_peer_bits); + void selectNet(int auth_peer,int auth_peer_bits,bool update); + + + bool autoLogin; + QString autoLoginName; +}; + + +#endif // MULTIAUTHCONFIG_H + diff --git a/core/settings/security/opie-security.control b/core/settings/security/opie-security.control index a3e0c20..76e98d5 100644 --- a/core/settings/security/opie-security.control +++ b/core/settings/security/opie-security.control @@ -1,5 +1,5 @@ Package: opie-security -Files: plugins/application/libsecurity.so* bin/security apps/Settings/security.desktop pics/security +Files: bin/security apps/Settings/security.desktop pics/security/sync.png pics/security/users.png pics/security/Security.png Priority: optional Section: opie/settings Maintainer: Opie Team diff --git a/core/settings/security/security.pro b/core/settings/security/security.pro index fca37ad..5d2ae08 100644 --- a/core/settings/security/security.pro +++ b/core/settings/security/security.pro @@ -1,10 +1,16 @@ -CONFIG += qt warn_on quick-app -HEADERS = security.h -SOURCES = security.cpp main.cpp -INTERFACES = securitybase.ui -INCLUDEPATH += $(OPIEDIR)/include -DEPENDPATH += -LIBS += -lqpe -lopiecore2 -TARGET = security +CONFIG += qt warn_on + +HEADERS = multiauthconfig.h + +SOURCES = multiauthconfig.cpp main.cpp + +INTERFACES = loginbase.ui syncbase.ui + +INCLUDEPATH += $(OPIEDIR)/include + +LIBS += -lqpe -lopiecore2 -lopieui2 -lopiesecurity2 + +DESTDIR = $(OPIEDIR)/bin +TARGET = security include ( $(OPIEDIR)/include.pro ) diff --git a/core/settings/security/securitybase.ui b/core/settings/security/securitybase.ui deleted file mode 100644 index dcf1d6b..0000000 --- a/core/settings/security/securitybase.ui +++ b/dev/null @@ -1,504 +0,0 @@ - -SecurityBase - - QDialog - - name - SecurityBase - - - geometry - - 0 - 0 - 327 - 483 - - - - caption - Security Settings - - - layoutMargin - - - layoutSpacing - - - - margin - 0 - - - spacing - 0 - - - QTabWidget - - name - TabWidget2 - - - layoutMargin - - - QWidget - - name - tab - - - title - Passcode - - - - margin - 6 - - - spacing - 6 - - - QGroupBox - - name - GroupBox4 - - - title - Passcode - - - - margin - 11 - - - spacing - 6 - - - QLayoutWidget - - name - Layout1 - - - layoutSpacing - - - - margin - 0 - - - spacing - -1 - - - QPushButton - - name - changepasscode - - - text - Change passcode - - - whatsThis - This button will let you change the security passcode. - -Note: This is *not* the sync password. - - - - QPushButton - - name - clearpasscode - - - text - Clear passcode - - - whatsThis - Delete the current passcode. -You can enter a new one at any time. - - - - - - QCheckBox - - name - passcode_poweron - - - text - Require pass code at power-on - - - whatsThis - If you enable this option, a passcode must be entered after every resume event of your Zaurus. - - - - QLabel - - name - TextLabel1 - - - sizePolicy - - 5 - 7 - - - - text - <P>Pass code protection provides a minimal level of protection from casual access to this device. - - - textFormat - RichText - - - alignment - AlignTop|AlignLeft - - - vAlign - - - - - - - name - Spacer3 - - - orientation - Vertical - - - sizeType - Expanding - - - sizeHint - - 20 - 20 - - - - - - - QWidget - - name - tab - - - title - Login - - - - margin - 6 - - - spacing - 6 - - - QGroupBox - - name - GroupBox3 - - - title - Login - - - - margin - 11 - - - spacing - 6 - - - QCheckBox - - name - autologinToggle - - - text - Login Automatically - - - whatsThis - If you select this option, opie-login will automagically log you in with the user you have selected in the drop-down list. - -For the Zaurus 5x00 this is always the user "root". - - - - QComboBox - - name - userlist - - - whatsThis - This drop-down list allows you to select the user for auto-login -(if enabled above). - -You can only select an actually configured user. - - - - - - - name - Spacer2 - - - orientation - Vertical - - - sizeType - Expanding - - - sizeHint - - 20 - 20 - - - - - - - QWidget - - name - tab - - - title - Sync - - - - margin - 11 - - - spacing - 6 - - - - name - Spacer1 - - - orientation - Vertical - - - sizeType - Expanding - - - sizeHint - - 20 - 20 - - - - - QGroupBox - - name - GroupBox2 - - - title - Sync - - - - margin - 11 - - - spacing - 6 - - - QLabel - - name - TextLabel1_2 - - - text - Accept sync from network: - - - textFormat - RichText - - - - QComboBox - - name - syncnet - - - editable - true - - - whatsThis - Select a net-range or enter a new one. - -This drop-down list lets you select a net range which is allowed to connect to your Zaurus. - -For example, a net range of 192.168.1.0/24 will allow any machine with an IP between 192.168.1.1 and 192.168.1.254 to connect to (and sync with) your Zaurus. - -The entry "All" will allow *any* IP to connect. -The entry "None" will *deny* any connection. - -If unsure, select "Any". - - - - QLayoutWidget - - name - Layout4 - - - - margin - 0 - - - spacing - 6 - - - QPushButton - - name - deleteentry - - - text - Delete Entry - - - whatsThis - Delete the selected net range from the list - -If you press this button, the currently selected net range will be deleted from the list of net ranges. - -If you hit this button in error, the button "Restore Defaults" will restore -the list to the state it has been when you initially booted your Zaurus. - - - - QPushButton - - name - restoredefaults - - - text - Restore Defaults - - - whatsThis - This button will restore the list of net ranges -to the defaults. - -Beware that all manually entered net ranges will be lost! - - - - - - QLabel - - name - TextLabel2 - - - text - Select your sync software - - - - QComboBox - - - text - Qtopia 1.7 - - - - - text - Opie 1.0 - - - - - text - IntelliSync - - - - name - syncModeCombo - - - whatsThis - Alter the Sync Protocol to tweak for the different devices. - IntelliSync will disable the password check but you'll be prompted to accept the connection. - Opie1.0 will be compatible with QtopiaDesktop, MultiSync and KitchenSync - Qtopia1.7 will alter the way data is send to the client and will not work with older clients. - - - - - - - - - - - diff --git a/core/settings/security/syncbase.ui b/core/settings/security/syncbase.ui new file mode 100644 index 0000000..194d141 --- a/dev/null +++ b/core/settings/security/syncbase.ui @@ -0,0 +1,213 @@ + +SyncBase + + QWidget + + name + SyncBase + + + geometry + + 0 + 0 + 303 + 233 + + + + caption + SyncBase + + + + margin + 11 + + + spacing + 6 + + + + name + Spacer1 + + + orientation + Vertical + + + sizeType + Expanding + + + sizeHint + + 20 + 20 + + + + + QGroupBox + + name + GroupBox2 + + + title + Sync + + + + margin + 6 + + + spacing + 6 + + + QLabel + + name + TextLabel1_2 + + + text + Accept sync from network: + + + textFormat + RichText + + + + QComboBox + + name + syncnet + + + editable + true + + + whatsThis + Select a net-range or enter a new one. + +This drop-down list lets you select a net range which is allowed to connect to your Zaurus. + +For example, a net range of 192.168.1.0/24 will allow any machine with an IP between 192.168.1.1 and 192.168.1.254 to connect to (and sync with) your Zaurus. + +The entry "All" will allow *any* IP to connect. +The entry "None" will *deny* any connection. + +If unsure, select "Any". + + + + QLayoutWidget + + name + Layout4 + + + + margin + 0 + + + spacing + 6 + + + QPushButton + + name + deleteentry + + + text + Delete Entry + + + whatsThis + Delete the selected net range from the list + +If you press this button, the currently selected net range will be deleted from the list of net ranges. + +If you hit this button in error, the button "Restore Defaults" will restore +the list to the state it has been when you initially booted your Zaurus. + + + + QPushButton + + name + restoredefaults + + + text + Restore Defaults + + + whatsThis + This button will restore the list of net ranges +to the defaults. + +Beware that all manually entered net ranges will be lost! + + + + + + QLabel + + name + TextLabel2 + + + text + Select your sync software + + + + QComboBox + + + text + Qtopia 1.7 + + + + + text + Opie 1.0 + + + + + text + IntelliSync + + + + name + syncModeCombo + + + whatsThis + Alter the Sync Protocol to tweak for the different devices. + IntelliSync will disable the password check but you'll be prompted to accept the connection. + Opie1.0 will be compatible with QtopiaDesktop, MultiSync and KitchenSync + Qtopia1.7 will alter the way data is send to the client and will not work with older clients. + + + + + + + + diff --git a/libopie2/opiesecurity/multiauthmainwindow.cpp b/libopie2/opiesecurity/multiauthmainwindow.cpp index c6229c7..fa247ab 100644 --- a/libopie2/opiesecurity/multiauthmainwindow.cpp +++ b/libopie2/opiesecurity/multiauthmainwindow.cpp @@ -20,7 +20,7 @@ MultiauthMainWindow::MultiauthMainWindow() Config *pcfg = new Config("Security"); pcfg->setGroup("Misc"); explanScreens = pcfg->readBoolEntry("explanScreens", true); - allowBypass = pcfg->readBoolEntry("allowBypass", true); + allowBypass = pcfg->readBoolEntry("allowBypass", false); delete pcfg; layout = new QVBoxLayout(this); -- cgit v0.9.0.2