From 01b44d9e12a324b8d77f52d66c6799f6f8f0df28 Mon Sep 17 00:00:00 2001 From: clem Date: Mon, 14 Jun 2004 21:37:21 +0000 Subject: First revision of libopiesecurity2: plugin-based authentication framework (see http://dudu.dyn.2-h.org/nist/OMAF.php). --- (limited to 'libopie2/opiesecurity') diff --git a/libopie2/opiesecurity/config.in b/libopie2/opiesecurity/config.in new file mode 100644 index 0000000..bf33bd2 --- a/dev/null +++ b/libopie2/opiesecurity/config.in @@ -0,0 +1,3 @@ + config LIBOPIE2SECURITY + boolean "libopie2security (plugin-based authentication library for Opie)" + depends ( LIBQPE || LIBQPE-X11 ) && LIBOPIE2CORE && LIBOPIE2UI diff --git a/libopie2/opiesecurity/multiauthcommon.cpp b/libopie2/opiesecurity/multiauthcommon.cpp new file mode 100644 index 0000000..b72b9b1 --- a/dev/null +++ b/libopie2/opiesecurity/multiauthcommon.cpp @@ -0,0 +1,179 @@ +#include "multiauthplugininterface.h" +#include "multiauthcommon.h" + +/* Opie */ +#include +#include + +/* Qt */ +#include +#include +#include +#include +#include + +/* UNIX */ +#include +#include + + +SecOwnerDlg::SecOwnerDlg( QWidget *parent, const char * name, Contact c, + bool modal, bool fullscreen = FALSE ) +: QDialog( parent, name, modal, + fullscreen ? + WStyle_NoBorder | WStyle_Customize | WStyle_StaysOnTop : 0 ) +{ + if ( fullscreen ) { + QRect desk = qApp->desktop()->geometry(); + setGeometry( 0, 0, desk.width(), desk.height() ); + } + // set up contents. + QString text("

" + tr("Please contact the owner (directions follow), or try again clicking of this screen (and waiting for the penalty time) if you are the legitimate owner") + "

"); + text += c.toRichText(); + tv = new QTextView(this); + tv->setText(text); + + tv->viewport()->installEventFilter(this); +} + +void SecOwnerDlg::resizeEvent( QResizeEvent * ) +{ + tv->resize( size() ); +} + +bool SecOwnerDlg::eventFilter(QObject *o, QEvent *e) +{ + if (e->type() == QEvent::KeyPress || e->type() == QEvent::MouseButtonPress ) { + accept(); + return TRUE; + } + return QWidget::eventFilter(o, e); +} + +void SecOwnerDlg::mousePressEvent( QMouseEvent * ) { accept(); } + + +/// run plugins until we reach nbSuccessMin successes +int runPlugins() { + + SecOwnerDlg *oi = 0; + // see if there is contact information. + QString vfilename = Global::applicationFileName("addressbook", + "businesscard.vcf"); + if (QFile::exists(vfilename)) { + Contact c; + c = Contact::readVCard( vfilename )[0]; + + oi = new SecOwnerDlg(0, 0, c, TRUE, TRUE); + } + + Config config("Security"); + config.setGroup("Plugins"); + QStringList plugins = config.readListEntry("IncludePlugins", ','); + config.setGroup("Misc"); + int nbSuccessMin = config.readNumEntry("nbSuccessMin", 1); + int nbSuccess = 0; + + /* tries to launch successively each plugin in $OPIEDIR/plugins/security + * directory which file name is in Security.conf / [Misc] / IncludePlugins + */ + QString path = QPEApplication::qpeDir() + "/plugins/security"; + QStringList::Iterator libIt; + + for ( libIt = plugins.begin(); libIt != plugins.end(); ++libIt ) { + QInterfacePtr iface; + QLibrary *lib = new QLibrary( path + "/" + *libIt ); + + if ( lib->queryInterface( + IID_MultiauthPluginInterface, + (QUnknownInterface**)&iface ) == QS_OK ) + { + // the plugin is a true Multiauth plugin + odebug << "Accepted plugin: " << QString( path + "/" + *libIt ) << oendl; + odebug << "Plugin name: " << iface->plugin()->pluginName() << oendl; + + int resultCode; + int tries = 0; + + // perform authentication + resultCode = iface->plugin()->authenticate(); + + // display the result in command line + QString resultMessage; + switch (resultCode) + { + case MultiauthPluginObject::Success: + resultMessage = "Success!"; + nbSuccess++; + break; + case MultiauthPluginObject::Failure: + resultMessage = "Failure..."; + break; + case MultiauthPluginObject::Skip: + resultMessage = "Skip"; + break; + } + odebug << "Plugin result: " << resultMessage << oendl; + + // if failure, wait, reperform, wait, reperform... until right + while (resultCode == MultiauthPluginObject::Failure) + { + tries++; + owarn << "This plugin has failed " << tries << " times already" << oendl; + + // displays owner information, if any + if (oi) + { + oi->exec(); + odebug << "Contact information displayed" << oendl; + } + + /// \todo parametrize the time penalty according to \em mode (exponential, + /// linear or fixed) and \em basetime (time penalty for the first failure) + sleep(2 * tries); + + if (oi) + { + oi->hide(); + /** \todo fix the focus here: should go back to the current plugin widget + * but it doesn't, so we have to tap once on the widget before e.g. buttons + * are active again + */ + odebug << "Contact information hidden" << oendl; + } + + // perform authentication + resultCode = iface->plugin()->authenticate(); + + // display the result in command line + switch (resultCode) + { + case MultiauthPluginObject::Success: + resultMessage = "Success!"; + nbSuccess++; + break; + case MultiauthPluginObject::Failure: + resultMessage = "Failure..."; + break; + case MultiauthPluginObject::Skip: + resultMessage = "Skip"; + break; + } + odebug << "Plugin result: " << resultMessage << oendl; + } + delete lib; + + if (resultCode == MultiauthPluginObject::Success && nbSuccess == nbSuccessMin) + { + if(oi) delete oi; + // we have reached the required number of successes, we can exit the plugin loop + return 0; + } + } else { + owarn << "Could not recognize plugin " << QString( path + "/" + *libIt ) << oendl; + delete lib; + } // end if plugin recognized + } //end for + if(oi) delete oi; + return 1; +} diff --git a/libopie2/opiesecurity/multiauthcommon.h b/libopie2/opiesecurity/multiauthcommon.h new file mode 100644 index 0000000..6d6d5d1 --- a/dev/null +++ b/libopie2/opiesecurity/multiauthcommon.h @@ -0,0 +1,62 @@ +/** + * \file multiauthcommon.h + * \brief Objects and functions for Opie multiauth framework + * \author Clément Séveillac (clement . seveillac (at) via . ecp . fr) + */ +/* + =. This file is part of the Opie Project + .=l. Copyright (C) 2004 Opie Developer Team + .>+-= + _;:, .> :=|. This library is free software; you can +.> <`_, > . <= redistribute it and/or modify it under +:`=1 )Y*s>-.-- : the terms of the GNU Library General Public +.="- .-=="i, .._ License as published by the Free Software + - . .-<_> .<> Foundation; either version 2 of the License, + ._= =} : or (at your option) any later version. + .%`+i> _;_. + .i_,=:_. -`: PARTICULAR PURPOSE. See the GNU +..}^=.= = ; Library General Public License for more +++= -. .` .: details. + : = ...= . :.=- + -. .:....=;==+<; You should have received a copy of the GNU + -_. . . )=. = Library General Public License along with + -- :-=` this library; see the file COPYING.LIB. + If not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + +*/ + +#ifndef MULTIAUTHCOMMON_H +#define MULTIAUTHCOMMON_H + + +/* OwnerDialog stuff */ +#include +#include +#include +#include + +class SecOwnerDlg : public QDialog +{ + Q_OBJECT + public: + + SecOwnerDlg( QWidget *parent, const char * name, Contact c, + bool modal, bool fullscreen); + + void resizeEvent( QResizeEvent * ); + bool eventFilter(QObject *o, QEvent *e); + void mousePressEvent( QMouseEvent * ); + + private: + QTextView *tv; +}; + +int runPlugins(); + +#endif // MULTIAUTHCOMMON_H diff --git a/libopie2/opiesecurity/multiauthconfigwidget.h b/libopie2/opiesecurity/multiauthconfigwidget.h new file mode 100644 index 0000000..cd6f047 --- a/dev/null +++ b/libopie2/opiesecurity/multiauthconfigwidget.h @@ -0,0 +1,68 @@ +/** + * \file multiauthconfigwidget.h + * \brief Defines the Opie multiauth configuration widget interface. + * \author Clément Séveillac (clement . seveillac (at) via . ecp . fr) + */ +/* + =. This file is part of the Opie Project + .=l. Copyright (C) 2004 Opie Developer Team + .>+-= + _;:, .> :=|. This library is free software; you can +.> <`_, > . <= redistribute it and/or modify it under +:`=1 )Y*s>-.-- : the terms of the GNU Library General Public +.="- .-=="i, .._ License as published by the Free Software + - . .-<_> .<> Foundation; either version 2 of the License, + ._= =} : or (at your option) any later version. + .%`+i> _;_. + .i_,=:_. -`: PARTICULAR PURPOSE. See the GNU +..}^=.= = ; Library General Public License for more +++= -. .` .: details. + : = ...= . :.=- + -. .:....=;==+<; You should have received a copy of the GNU + -_. . . )=. = Library General Public License along with + -- :-=` this library; see the file COPYING.LIB. + If not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + +*/ + +#ifndef MULTIAUTHCONFIGWIDGET_H +#define MULTIAUTHCONFIGWIDGET_H + +#include +#include + +/// Base class of all Opie multiauth config widgets +/** + * A base class for all Opie Multiauth Config Widgets. + * This will let a Opie multiauth plugin to add the possibility of configuration. + * Plugins need to inherit from this class and need to implement + * the pure virtual method to control configuration. + * The Plugin should read its configuration during creation of the Widget + * + * \author Clement Seveillac (helped by Maximilian Reiß's Today framework) + */ +class MultiauthConfigWidget : public QWidget { + + Q_OBJECT + + public: + + /// standard widget constructor + MultiauthConfigWidget( QWidget *parent, const char *name ) : QWidget( parent, name ) {} + virtual ~MultiauthConfigWidget() {} + + /// Method to reimplement, supposed to save the plugin configuration + /** + * Plugins need to reimplement this in the config widget + * Used when the config dialog is closed to write config stuff + */ + virtual void writeConfig() = 0; +}; + +#endif // MULTIAUTHCONFIGWIDGET_H diff --git a/libopie2/opiesecurity/multiauthmainwindow.cpp b/libopie2/opiesecurity/multiauthmainwindow.cpp new file mode 100644 index 0000000..2be3473 --- a/dev/null +++ b/libopie2/opiesecurity/multiauthmainwindow.cpp @@ -0,0 +1,129 @@ +#include "multiauthmainwindow.h" + +#include "multiauthcommon.h" +#include + +/// Initializes widgets according to allowBypass and explanScreens config +MultiauthMainWindow::MultiauthMainWindow() + : QDialog(0, "main Opie multiauth modal dialog", TRUE, + Qt::WStyle_NoBorder | Qt::WStyle_Customize | Qt::WStyle_StaysOnTop) + +{ + alreadyDone = false; + // initializes widget pointers which not always point to an object + quit = 0; + message2 = 0; + + Config *pcfg = new Config("Security"); + pcfg->setGroup("Misc"); + explanScreens = pcfg->readBoolEntry("explanScreens", true); + allowBypass = pcfg->readBoolEntry("allowBypass", true); + delete pcfg; + + layout = new QVBoxLayout(this); + layout->setSpacing(11); + layout->setMargin(11); + layout->setAlignment( Qt::AlignTop ); + + // if explanScreens is false, we don't show any text in the QDialog, + // and we proceed directly + if ( explanScreens == true ) + { + title = new QLabel("

" + tr("Welcome to Opie Multi-authentication Framework") + "

", this); + message = new QLabel("

" + tr("Launching authentication plugins...") + "

", this); + } else { + title = new QLabel("", this); + message = new QLabel("", this); + } + + layout->addWidget(title); + layout->addWidget(message); + proceedButton = new QPushButton(tr("Proceed..."), this); + layout->addWidget(proceedButton, 0, Qt::AlignHCenter); + + QObject::connect(proceedButton, SIGNAL(clicked()), this, SLOT(proceed())); + + if ( explanScreens == true ) + { + quit = new QPushButton("Exit", this); + layout->addWidget(quit, 0, Qt::AlignHCenter); + if ( allowBypass == true ) + { + // very important: we can close the widget through the quit button, and bypass authentication, only if allowBypass is set! + message2 = new QLabel("
" + tr("Note: the 'exit' button should be removed for real protection, through Security config dialog") + ".
", this); + layout->addWidget(message2); + QObject::connect(quit, SIGNAL(clicked()), this, SLOT(close())); + } + else + { + quit->hide(); + } + + } + else + { + // we will need this button only if runPlugins() fails in proceed() + proceedButton->hide(); + // let's proceed now + proceed(); + } +} + +/// nothing to do +MultiauthMainWindow::~MultiauthMainWindow() { +} + +/// launch the authentication +void MultiauthMainWindow::proceed() { + int result = runPlugins(); + + + if ( (result == 0) && !explanScreens ) + { + // the authentication has succeeded, we can exit directly + // this will work if we haven't been called by the constructor of MultiauthMainWindow + close(); + // and if we've been called by this constructor, we use this variable to tell our + // caller we're already done + alreadyDone = true; + return; + } + else + { + + proceedButton->setText("Another try?"); + QString resultMessage; + + if (result == 0) + { + // authentication has succeeded, adapt interface then + message->setText( "

" + tr("Congratulations! Your authentication has been successful.") + "

" ); + quit->setText("Enter Opie"); + if ( quit->isHidden() ) + { + // that means we don't allow to bypass, but now we can show and connect this button + QObject::connect(quit, SIGNAL(clicked()), this, SLOT(close())); + quit->show(); + } else { + if ( message2 != 0 ) message2->hide(); + } + } + else + { + // authentication has failed, explain that according to allowBypass + message->setText( "

" + tr("You have not succeeded enough authentication steps!") + "

" ); + proceedButton->show(); + if ( allowBypass == true ) + message2->setText( "

" + tr("Note: if 'allow to bypass' was uncheck in Security config, you would have to go back through all the steps now.") + "

" ); + } + } +} + +/** When we don't show explanatory screens and we succeed authentication, + * as early as during the proceed() call of the constructor, the caller must know + * (through this function) authentication has already been succeeded.. + * \todo try to avoid this hack? + */ +bool MultiauthMainWindow::isAlreadyDone() { + return alreadyDone; +} diff --git a/libopie2/opiesecurity/multiauthmainwindow.h b/libopie2/opiesecurity/multiauthmainwindow.h new file mode 100644 index 0000000..d5f53c6 --- a/dev/null +++ b/libopie2/opiesecurity/multiauthmainwindow.h @@ -0,0 +1,74 @@ +/** + * \file multiauthmainwindow.h + * \brief Defines the Opie multiauth main window. + * + * This implementation was derived from the today plugins implementation. + * \author Clément Séveillac (clement . seveillac (at) via . ecp . fr) + */ +/* + =. This file is part of the Opie Project + .=l. Copyright (C) 2004 Opie Developer Team + .>+-= + _;:, .> :=|. This library is free software; you can +.> <`_, > . <= redistribute it and/or modify it under +:`=1 )Y*s>-.-- : the terms of the GNU Library General Public +.="- .-=="i, .._ License as published by the Free Software + - . .-<_> .<> Foundation; either version 2 of the License, + ._= =} : or (at your option) any later version. + .%`+i> _;_. + .i_,=:_. -`: PARTICULAR PURPOSE. See the GNU +..}^=.= = ; Library General Public License for more +++= -. .` .: details. + : = ...= . :.=- + -. .:....=;==+<; You should have received a copy of the GNU + -_. . . )=. = Library General Public License along with + -- :-=` this library; see the file COPYING.LIB. + If not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + +*/ + +#ifndef MULTIAUTHMAINWINDOW_H +#define MULTIAUTHMAINWINDOW_H + +#include +#include +#include +#include + +/// Multiauth main window +/** + * This QDialog window displays some information and an exit button, + * and completely hides the desktop, preventing user interactions + * with it. + */ +class MultiauthMainWindow : public QDialog { + Q_OBJECT + + public: + MultiauthMainWindow(); + ~MultiauthMainWindow(); + bool isAlreadyDone(); + + private: + QVBoxLayout * layout; + QLabel * title, * message, * message2; + QPushButton * proceedButton, * quit; + /// whether to show explanatory screens before and after the authentication plugins + bool explanScreens; + /// allow to bypass authnentication via 'exit' buttons on both explan. screens + bool allowBypass; + /// true when the authentication has been done successfully + bool alreadyDone; + + private slots: + void proceed(); +}; + +#endif // MULTIAUTHMAINWINDOW_H + diff --git a/libopie2/opiesecurity/multiauthplugininterface.h b/libopie2/opiesecurity/multiauthplugininterface.h new file mode 100644 index 0000000..0035107 --- a/dev/null +++ b/libopie2/opiesecurity/multiauthplugininterface.h @@ -0,0 +1,109 @@ +/** + * \file multiauthplugininterface.h + * \brief Main public interface to Opie multiauth authentication plugins. + * + * This implementation was derived from the todolist plugin implementation. + * \author Clément Séveillac (clement . seveillac (at) via . ecp . fr) + */ +/* + =. This file is part of the Opie Project + .=l. Copyright (C) 2004 Opie Developer Team + .>+-= + _;:, .> :=|. This library is free software; you can +.> <`_, > . <= redistribute it and/or modify it under +:`=1 )Y*s>-.-- : the terms of the GNU Library General Public +.="- .-=="i, .._ License as published by the Free Software + - . .-<_> .<> Foundation; either version 2 of the License, + ._= =} : or (at your option) any later version. + .%`+i> _;_. + .i_,=:_. -`: PARTICULAR PURPOSE. See the GNU +..}^=.= = ; Library General Public License for more +++= -. .` .: details. + : = ...= . :.=- + -. .:....=;==+<; You should have received a copy of the GNU + -_. . . )=. = Library General Public License along with + -- :-=` this library; see the file COPYING.LIB. + If not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + +*/ + +#ifndef MULTIAUTH_PLUGIN_INTERFACE +#define MULTIAUTH_PLUGIN_INTERFACE + +#include + +#include "multiauthconfigwidget.h" + +class QString; +class QWidget; + +#ifndef IID_MultiauthPluginInterface +/// Universally Unique Id of the interface (required by QCOM): +/// {AD5BE8B1-8421-447b-9AED-250BE1CDA49c} +#define IID_MultiauthPluginInterface QUuid(0xad5be8b1, 0x8421, 0x447b, 0x9a, 0xed, 0x25, 0x0b, 0xe1, 0xcd, 0xa4, 0x9c) +#endif + +/// Base class for Opie multiauth plugins +/** + * A MultiauthPluginObject is the base for all Multiauth Plugins. + * A plugin author needs to inherit this class and implement + * the pure virtual methods. + * + * \author Clement Seveillac (helped by Maximilian Reiß's Today framework) + */ +class MultiauthPluginObject { + + public: + + virtual ~MultiauthPluginObject() {}; + + /// The name of the plugin + /* + * \return The plugin should return its name here + */ + virtual QString pluginName() const = 0; + + /// Ask the plugin to launch one authentication attempt + virtual int authenticate() = 0; + + /// Possible return codes for authenticate() function + enum authResult { Success = 0, + Failure = 1, + Skip = 2 }; + + /// Pointer to the (optional) plugin configuration widget + virtual MultiauthConfigWidget * configWidget(QWidget * parent) = 0; + + /// (optional) plugin configuration tab icon + /** + * \return path to the image file (without the extension) + * from $OPIEDIR/pics + */ + virtual QString pixmapNameConfig() const = 0; + + /// Plugin icon, to be displayed in the plugin list configuration widget + /** + * \return path to the image file (without the extension) + * from $OPIEDIR/pics + */ + virtual QString pixmapNameWidget() const = 0; + +}; + +/// Interface for multiauth plugin classes. +/* + * This is part of the QCOM works. See example plugins how to do it right. + * \see http://doc.trolltech.com/qtopia/html/pluginintro.html + */ +struct MultiauthPluginInterface : public QUnknownInterface { + /// return the MultiauthPluginObject implementation + virtual MultiauthPluginObject *plugin() = 0; +}; + +#endif diff --git a/libopie2/opiesecurity/opiesecurity.pro b/libopie2/opiesecurity/opiesecurity.pro new file mode 100644 index 0000000..8cb4821 --- a/dev/null +++ b/libopie2/opiesecurity/opiesecurity.pro @@ -0,0 +1,15 @@ +TEMPLATE = lib +CONFIG += qt warn_on +DESTDIR = $(OPIEDIR)/lib +HEADERS = multiauthcommon.h \ + multiauthmainwindow.h \ + multiauthconfigwidget.h \ + multiauthplugininterface.h +SOURCES = multiauthcommon.cpp \ + multiauthmainwindow.cpp +TARGET = opiesecurity2 +VERSION = 0.0.2 +INCLUDEPATH += $(OPIEDIR)/include +DEPENDPATH += $(OPIEDIR)/include + +include ( $(OPIEDIR)/include.pro ) -- cgit v0.9.0.2