Differential D4997

Support for long running kcheckpass supporting multiple authentications
ClosedPublic
Actions

Authored by graesslin on Mar 10 2017, 6:07 AM.

Details

Reviewers

None

Group Reviewers

Plasma

Commits

R133:07d38ba65adc: Support for long running kcheckpass supporting multiple authentications

Summary

So far kcheckpass allowed to try to verify one password. This required
kscreenlocker_greet to exec for every new entered password. Due to that
we cannot enable seccomp in kscreenlocker_greet.

This change prepares for supporting seccomp by making it possible to
have a long living kcheckpass with multiple authentications. For that
the interaction is changed:

kcheckpass gets started without going into Authenticate directly
kcheckpass uses a signalfd for waiting on sigusr1 and sigusr2
kcheckpass goes into a loop for authentication
- signals parent process through socket that it is ready for auth
- waits for signal
- on sigusr1 starts to authenticate
- on sigusr2 goes out of loop
- after authenticate goes into next loop run to continue

For the authenticator in kscreenlocker_greet the main change is to
send the signal to kcheckpass when it wants to authenticate.

In addition the authenticator supports both a delayed and a direct
mode. In the delayed case kcheckpass gets started directly on startup
for the long living process. In the direct mode it starts kcheckpass
when going into authenticate. We need both modes as kcheckpass is not
supposed to use the long living process when it is setuid root.

For the moment kscreenlocker_greet by default still uses the direct
interaction. This will change when seccomp integration is added.

The test application gained a new command line switch to use either
direct or delayed authentication.

Diff Detail

Branch

kcheckpass-sigusr

Lint

No Linters Available

Unit

No Unit Test Coverage

graesslin created this revision.Mar 10 2017, 6:07 AM

Restricted Application added a project: Plasma. · View Herald TranscriptMar 10 2017, 6:07 AM

Restricted Application added a subscriber: plasma-devel. · View Herald Transcript

graesslin added a dependency: D4806: [greeter] Send the auth result through the server instead return value.Mar 10 2017, 6:08 AM

graesslin added a dependent revision: D5029: Use seccomp for implementing a sandbox for kscreenlocker_greet.Mar 12 2017, 4:17 PM

romangg added a subscriber: romangg.Mar 26 2017, 6:10 PM

romangg added inline comments.

greeter/authenticator.h
64	Can we only use the enum class in Authenticator, instead of duplicating it here?
kcheckpass/kcheckpass.c
394	Shouldn't we test this before we write the result to the socket (and then write an error as result)?

graesslin added inline comments.Mar 26 2017, 7:44 PM

greeter/authenticator.h
64	I don't like using enums defined in other classes. But moving it a level up into the namespace would be an option.
kcheckpass/kcheckpass.c
394	No, we need to support the setuid case. It is used by bsds and slackware. So we need to support general authentication. The break here is more a better safe than sorry thingy. Technically it would support the long running also in setuid. But I don't trust the code. So to decrease the attack surface we do an early exit.

Declare enum globally instead of as a class member. Thus we don't have to have the same enum in two classes

I have problems applying this patch properly:

roman@laptop ..kde/source/kde/workspace/kscreenlocker (git)-[master] % git apply D4806.diff 
roman@laptop ..kde/source/kde/workspace/kscreenlocker (git)-[master] % git apply D4997.diff 
error: authenticator.h: No such file or directory
error: authenticator.cpp: No such file or directory
error: autotests/authenticatortest.cpp: No such file or directory
error: greeterapp.cpp: No such file or directory
error: kcheckpass-enums.h: No such file or directory
error: kcheckpass.c: No such file or directory
error: kcheckpass_test.cpp: No such file or directory

Closed by commit R133:07d38ba65adc: Support for long running kcheckpass supporting multiple authentications (authored by graesslin). · Explain WhyApr 19 2017, 3:43 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

			Path	Packages
M			greeter/authenticator.h (24 lines)
M			greeter/authenticator.cpp (77 lines)
M			greeter/autotests/authenticatortest.cpp (8 lines)
M			greeter/greeterapp.cpp (2 lines)
M			kcheckpass/kcheckpass-enums.h (3 lines)
M			kcheckpass/kcheckpass.c (101 lines)
M			tests/kcheckpass_test.cpp (19 lines)

Diff	ID	Base	Description	Created	Lint	Unit
Base			Base
Diff 1	12348	af5a642		Mar 10 2017, 6:07 AM	★	★
Diff 2	13188	af5a642	Declare enum globally instead of as a class member. Thus we don't have to have…	Apr 7 2017, 1:02 PM	★	★
Diff 3	13603	d666fe8	R133:07d38ba65adc2707a4914d11c0a5307e63a16aca	Apr 19 2017, 3:40 PM	★	★

Commit	Tree	Parents	Author	Summary	Date
9ba20a54a5ab	c5a6603e7dff	af5a6426fb78	Martin Gräßlin	Support for long running kcheckpass supporting multiple authentications (Show More…)	Feb 27 2017, 5:48 AM

Status	Author	Revision
Closed	graesslin	D5029 Use seccomp for implementing a sandbox for kscreenlocker_greet
Closed	graesslin	D4997 Support for long running kcheckpass supporting multiple authentications
Closed	graesslin	D4806 [greeter] Send the auth result through the server instead return value
Closed	graesslin	D4785 Add a small test application for kcheckpass
Closed	graesslin	D4780 [kcheckpass] Drop the conv_legacy support
Closed	graesslin	D4773 [kcheckpass] Drop the caller command line option
Closed	graesslin	D4759 [kcheckpass] Drop command line option for username