File kwalletd.patch of Package kdebase4-runtime
Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt.orig
+++ CMakeLists.txt
@@ -63,6 +63,13 @@ set_package_properties(QCA2 PROPERTIES D
TYPE OPTIONAL
)
+find_package(LibGcrypt 1.5.0 REQUIRED QUIET)
+set_package_properties(LibGcrypt PROPERTIES DESCRIPTION "Libgcrypt is a general purpose cryptographic library based on the code from GnuPG."
+ URL "http://www.gnu.org/software/libgcrypt/"
+ TYPE REQUIRED
+ PURPOSE "kwalletd needs libgcrypt to perform PBKDF2-SHA512 hashing"
+ )
+
check_include_files(sys/wait.h HAVE_SYS_WAIT_H)
check_include_files(sys/time.h HAVE_SYS_TIME_H)
Index: cmake/modules/FindLibGcrypt.cmake
===================================================================
--- /dev/null
+++ cmake/modules/FindLibGcrypt.cmake
@@ -0,0 +1,81 @@
+#.rst
+# FindLibGcrypt
+# -------------
+#
+# Finds the Libgcrypt library.
+#
+# This will define the following variables:
+#
+# ``LIBGCRYPT_FOUND``
+# True if the requested version of gcrypt was found
+# ``LIBGCRYPT_VERSION``
+# The version of gcrypt that was found
+# ``LIBGCRYPT_INCLUDE_DIRS``
+# The gcrypt include directories
+# ``LIBGCRYPT_LIBRARIES``
+# The linker libraries needed to use the gcrypt library
+
+# Copyright 2014 Nicolás Alvarez <nicolas.alvarez@gmail.com>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+find_program(LIBGCRYPTCONFIG_SCRIPT NAMES libgcrypt-config)
+if(LIBGCRYPTCONFIG_SCRIPT)
+ execute_process(COMMAND "${LIBGCRYPTCONFIG_SCRIPT}" --prefix OUTPUT_VARIABLE PREFIX)
+ set(LIBGCRYPT_LIB_HINT "${PREFIX}/lib")
+ set(LIBGCRYPT_INCLUDE_HINT "${PREFIX}/include")
+endif()
+
+find_library(LIBGCRYPT_LIBRARY
+ NAMES gcrypt
+ HINTS ${LIBGCRYPT_LIB_HINT}
+)
+find_path(LIBGCRYPT_INCLUDE_DIR
+ NAMES gcrypt.h
+ HINTS ${LIBGCRYPT_INCLUDE_HINT}
+)
+
+if(LIBGCRYPT_INCLUDE_DIR)
+ file(STRINGS ${LIBGCRYPT_INCLUDE_DIR}/gcrypt.h GCRYPT_H REGEX "^#define GCRYPT_VERSION ")
+ string(REGEX REPLACE "^#define GCRYPT_VERSION \"(.*)\".*$" "\\1" LIBGCRYPT_VERSION "${GCRYPT_H}")
+endif()
+
+include(FindPackageHandleStandardArgs)
+
+find_package_handle_standard_args(LibGcrypt
+ REQUIRED_VARS LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR
+ VERSION_VAR LIBGCRYPT_VERSION
+)
+if(LIBGCRYPT_FOUND)
+ set(LIBGCRYPT_LIBRARIES ${LIBGCRYPT_LIBRARY})
+ set(LIBGCRYPT_INCLUDE_DIRS ${LIBGCRYPT_INCLUDE_DIR})
+endif()
+
+mark_as_advanced(LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR)
+
+include(FeatureSummary)
+set_package_properties(LibGcrypt PROPERTIES
+ DESCRIPTION "A general purpose cryptographic library based on the code from GnuPG."
+ URL "http://www.gnu.org/software/libgcrypt/"
+)
Index: kwalletd/CMakeLists.txt
===================================================================
--- kwalletd/CMakeLists.txt.orig
+++ kwalletd/CMakeLists.txt
@@ -1,5 +1,17 @@
project(kwalletd)
+########### find needed packages ######
+find_package(Gpgme) # Called by FindQGpgme, but since we call some gpgme
+ # functions ourselves we need to link against it directly.
+find_package(QGpgme) # provided by kdepimlibs
+
+if (GPGME_FOUND AND QGPGME_FOUND)
+ add_definitions(-DHAVE_QGPGME)
+ include_directories(${GPGME_INCLUDES} ${QGPGME_INCLUDE_DIR})
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${KDE4_ENABLE_EXCEPTIONS}")
+endif(GPGME_FOUND AND QGPGME_FOUND)
+
+########### build backends #########
add_subdirectory(backend)
########### kwalletd ###############
@@ -17,7 +29,6 @@ set(kwalletd_KDEINIT_SRCS
kwalletsessionstore.cpp
)
-
kde4_add_ui_files(kwalletd_KDEINIT_SRCS
kbetterthankdialogbase.ui
kwalletwizardpageexplanation.ui
@@ -26,13 +37,30 @@ kde4_add_ui_files(kwalletd_KDEINIT_SRCS
kwalletwizardpagepassword.ui
)
+if (GPGME_FOUND AND QGPGME_FOUND)
+ set(kwalletd_KDEINIT_SRCS
+ ${kwalletd_KDEINIT_SRCS}
+ knewwalletdialog.cpp
+ )
+ kde4_add_ui_files(kwalletd_KDEINIT_SRCS
+ kwalletwizardpagepasswordgpg.ui
+ kwalletwizardpagegpgkey.ui
+ knewwalletdialogintro.ui
+ knewwalletdialoggpg.ui
+ )
+endif(GPGME_FOUND AND QGPGME_FOUND)
+
find_file(kwallet_xml org.kde.KWallet.xml HINTS ${KDE4_DBUS_INTERFACES_DIR} )
qt4_add_dbus_adaptor( kwalletd_KDEINIT_SRCS ${kwallet_xml} kwalletd.h KWalletD )
kde4_add_kdeinit_executable( kwalletd NOGUI ${kwalletd_KDEINIT_SRCS} )
-target_link_libraries(kdeinit_kwalletd ${KDE4_KDEUI_LIBS} kwalletbackend )
+target_link_libraries(kdeinit_kwalletd ${KDE4_KDEUI_LIBS} kwalletbackend )
+if (GPGME_FOUND AND QGPGME_FOUND)
+ target_link_libraries(kdeinit_kwalletd ${QGPGME_LIBRARIES} )
+endif(GPGME_FOUND AND QGPGME_FOUND)
+
install(TARGETS kdeinit_kwalletd ${INSTALL_TARGETS_DEFAULT_ARGS})
target_link_libraries(kwalletd kdeinit_kwalletd)
@@ -42,5 +70,6 @@ install(TARGETS kwalletd ${INSTALL_TARG
install( FILES kwalletd.desktop DESTINATION ${SERVICES_INSTALL_DIR} )
install( FILES kwalletd.notifyrc DESTINATION ${DATA_INSTALL_DIR}/kwalletd )
+install( FILES kwallet-4.13.upd DESTINATION ${DATA_INSTALL_DIR}/kconf_update)
add_subdirectory(tests)
Index: kwalletd/backend/CMakeLists.txt
===================================================================
--- kwalletd/backend/CMakeLists.txt.orig
+++ kwalletd/backend/CMakeLists.txt
@@ -14,11 +14,15 @@ set(kwalletbackend_LIB_SRCS
sha1.cc
kwalletentry.cc
kwalletbackend.cc
+ backendpersisthandler.cpp
)
kde4_add_library(kwalletbackend SHARED ${kwalletbackend_LIB_SRCS})
-target_link_libraries(kwalletbackend ${KDE4_KDEUI_LIBS} )
+target_link_libraries(kwalletbackend ${KDE4_KDEUI_LIBS} ${LIBGCRYPT_LIBRARIES})
+if(QGPGME_FOUND)
+target_link_libraries(kwalletbackend ${QGPGME_LIBRARIES} )
+endif(QGPGME_FOUND)
# link with advapi32 on windows
if(WIN32 AND NOT WINCE)
Index: kwalletd/backend/backendpersisthandler.cpp
===================================================================
--- /dev/null
+++ kwalletd/backend/backendpersisthandler.cpp
@@ -0,0 +1,732 @@
+/**
+ * This file is part of the KDE project
+ * Copyright (C) 2013 Valentin Rusu <kde@rusu.info>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#include <QIODevice>
+#include <QFile>
+#include <QTextDocument>
+#include <assert.h>
+#include <ksavefile.h>
+#include <kdebug.h>
+#include <kmessagebox.h>
+#include <klocalizedstring.h>
+#ifdef HAVE_QGPGME
+#include <gpgme.h>
+#include <gpgme++/context.h>
+#include <gpgme++/key.h>
+#include <gpgme++/keylistresult.h>
+#include <gpgme++/data.h>
+#include <gpgme++/encryptionresult.h>
+#include <gpgme++/decryptionresult.h>
+#endif
+#include "backendpersisthandler.h"
+#include "kwalletbackend.h"
+#include "blowfish.h"
+#include "sha1.h"
+#include "cbc.h"
+
+#ifdef Q_OS_WIN
+#include <windows.h>
+#include <wincrypt.h>
+#endif
+
+#define KWALLET_CIPHER_BLOWFISH_ECB 0 // this was the old KWALLET_CIPHER_BLOWFISH_CBC
+#define KWALLET_CIPHER_3DES_CBC 1 // unsupported
+#define KWALLET_CIPHER_GPG 2
+#define KWALLET_CIPHER_BLOWFISH_CBC 3
+
+#define KWALLET_HASH_SHA1 0
+#define KWALLET_HASH_MD5 1 // unsupported
+#define KWALLET_HASH_PBKDF2_SHA512 2 // used when using kwallet with pam or since 4.13 version
+
+namespace KWallet {
+
+static int getRandomBlock(QByteArray& randBlock) {
+
+#ifdef Q_OS_WIN //krazy:exclude=cpp
+
+ // Use windows crypto API to get randomness on win32
+ // HACK: this should be done using qca
+ HCRYPTPROV hProv;
+
+ if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) return -1; // couldn't get random data
+
+ if (!CryptGenRandom(hProv, static_cast<DWORD>(randBlock.size()),
+ (BYTE*)randBlock.data())) {
+ return -3; // read error
+ }
+
+ // release the crypto context
+ CryptReleaseContext(hProv, 0);
+
+ return randBlock.size();
+
+#else
+
+ // First try /dev/urandom
+ if (QFile::exists("/dev/urandom")) {
+ QFile devrand("/dev/urandom");
+ if (devrand.open(QIODevice::ReadOnly)) {
+ int rc = devrand.read(randBlock.data(), randBlock.size());
+
+ if (rc != randBlock.size()) {
+ return -3; // not enough data read
+ }
+
+ return 0;
+ }
+ }
+
+ // If that failed, try /dev/random
+ // FIXME: open in noblocking mode!
+ if (QFile::exists("/dev/random")) {
+ QFile devrand("/dev/random");
+ if (devrand.open(QIODevice::ReadOnly)) {
+ int rc = 0;
+ int cnt = 0;
+
+ do {
+ int rc2 = devrand.read(randBlock.data() + rc, randBlock.size());
+
+ if (rc2 < 0) {
+ return -3; // read error
+ }
+
+ rc += rc2;
+ cnt++;
+ if (cnt > randBlock.size()) {
+ return -4; // reading forever?!
+ }
+ } while(rc < randBlock.size());
+
+ return 0;
+ }
+ }
+
+ // EGD method
+ QString randFilename = QString::fromLocal8Bit(qgetenv("RANDFILE"));
+ if (!randFilename.isEmpty()) {
+ if (QFile::exists(randFilename)) {
+ QFile devrand(randFilename);
+ if (devrand.open(QIODevice::ReadOnly)) {
+ int rc = devrand.read(randBlock.data(), randBlock.size());
+ if (rc != randBlock.size()) {
+ return -3; // not enough data read
+ }
+ return 0;
+ }
+ }
+ }
+
+ // Couldn't get any random data!!
+ return -1;
+
+#endif
+}
+
+BackendPersistHandler *BackendPersistHandler::getPersistHandler(BackendCipherType cipherType)
+{
+ switch (cipherType){
+ case BACKEND_CIPHER_BLOWFISH:
+ return new BlowfishPersistHandler;
+#ifdef HAVE_QGPGME
+ case BACKEND_CIPHER_GPG:
+ return new GpgPersistHandler;
+#endif // HAVE_QGPGME
+ default:
+ Q_ASSERT(0);
+ return 0;
+ }
+}
+
+BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12])
+{
+ if ((magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB || magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC) &&
+ (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) {
+ bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB;
+ if (useECBforReading) {
+ qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save.";
+ }
+ return new BlowfishPersistHandler(useECBforReading);
+ }
+#ifdef HAVE_QGPGME
+ if (magicBuf[2] == KWALLET_CIPHER_GPG &&
+ magicBuf[3] == 0) {
+ return new GpgPersistHandler;
+ }
+#endif // HAVE_QGPGME
+ return 0; // unknown cipher or hash
+}
+
+int BlowfishPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WId)
+{
+ assert(wb->_cipherType == BACKEND_CIPHER_BLOWFISH);
+
+ if (_useECBforReading) {
+ qDebug() << "This wallet used ECB and is now saved using CBC";
+ _useECBforReading = false;
+ }
+
+ version[2] = KWALLET_CIPHER_BLOWFISH_CBC;
+ if(!wb->_useNewHash) {
+ version[3] = KWALLET_HASH_SHA1;
+ } else {
+ version[3] = KWALLET_HASH_PBKDF2_SHA512;//Since 4.13 we always use PBKDF2_SHA512
+ }
+
+ if (sf.write(version, 4) != 4) {
+ sf.abort();
+ return -4; // write error
+ }
+
+ // Holds the hashes we write out
+ QByteArray hashes;
+ QDataStream hashStream(&hashes, QIODevice::WriteOnly);
+ KMD5 md5;
+ hashStream << static_cast<quint32>(wb->_entries.count());
+
+ // Holds decrypted data prior to encryption
+ QByteArray decrypted;
+
+ // FIXME: we should estimate the amount of data we will write in each
+ // buffer and resize them approximately in order to avoid extra
+ // resizes.
+
+ // populate decrypted
+ QDataStream dStream(&decrypted, QIODevice::WriteOnly);
+ for (Backend::FolderMap::ConstIterator i = wb->_entries.constBegin(); i != wb->_entries.constEnd(); ++i) {
+ dStream << i.key();
+ dStream << static_cast<quint32>(i.value().count());
+
+ md5.reset();
+ md5.update(i.key().toUtf8());
+ hashStream.writeRawData(reinterpret_cast<const char*>(&(md5.rawDigest()[0])), 16);
+ hashStream << static_cast<quint32>(i.value().count());
+
+ for (Backend::EntryMap::ConstIterator j = i.value().constBegin(); j != i.value().constEnd(); ++j) {
+ dStream << j.key();
+ dStream << static_cast<qint32>(j.value()->type());
+ dStream << j.value()->value();
+
+ md5.reset();
+ md5.update(j.key().toUtf8());
+ hashStream.writeRawData(reinterpret_cast<const char*>(&(md5.rawDigest()[0])), 16);
+ }
+ }
+
+ if (sf.write(hashes, hashes.size()) != hashes.size()) {
+ sf.abort();
+ return -4; // write error
+ }
+
+ // calculate the hash of the file
+ SHA1 sha;
+ BlowFish _bf;
+ CipherBlockChain bf(&_bf);
+
+ sha.process(decrypted.data(), decrypted.size());
+
+ // prepend and append the random data
+ QByteArray wholeFile;
+ long blksz = bf.blockSize();
+ long newsize = decrypted.size() +
+ blksz + // encrypted block
+ 4 + // file size
+ 20; // size of the SHA hash
+
+ int delta = (blksz - (newsize % blksz));
+ newsize += delta;
+ wholeFile.resize(newsize);
+
+ QByteArray randBlock;
+ randBlock.resize(blksz+delta);
+ if (getRandomBlock(randBlock) < 0) {
+ sha.reset();
+ decrypted.fill(0);
+ sf.abort();
+ return -3; // Fatal error: can't get random
+ }
+
+ for (int i = 0; i < blksz; i++) {
+ wholeFile[i] = randBlock[i];
+ }
+
+ for (int i = 0; i < 4; i++) {
+ wholeFile[(int)(i+blksz)] = (decrypted.size() >> 8*(3-i))&0xff;
+ }
+
+ for (int i = 0; i < decrypted.size(); i++) {
+ wholeFile[(int)(i+blksz+4)] = decrypted[i];
+ }
+
+ for (int i = 0; i < delta; i++) {
+ wholeFile[(int)(i+blksz+4+decrypted.size())] = randBlock[(int)(i+blksz)];
+ }
+
+ const char *hash = (const char *)sha.hash();
+ for (int i = 0; i < 20; i++) {
+ wholeFile[(int)(newsize - 20 + i)] = hash[i];
+ }
+
+ sha.reset();
+ decrypted.fill(0);
+
+ // encrypt the data
+ if (!bf.setKey(wb->_passhash.data(), wb->_passhash.size() * 8)) {
+ wholeFile.fill(0);
+ sf.abort();
+ return -2; // encrypt error
+ }
+
+ int rc = bf.encrypt(wholeFile.data(), wholeFile.size());
+ if (rc < 0) {
+ wholeFile.fill(0);
+ sf.abort();
+ return -2; // encrypt error
+ }
+
+ // write the file
+ if (sf.write(wholeFile, wholeFile.size()) != wholeFile.size()) {
+ wholeFile.fill(0);
+ sf.abort();
+ return -4; // write error
+ }
+ if (!sf.finalize()) {
+ kDebug() << "WARNING: wallet sync to disk failed! KSaveFile status was " << sf.errorString();
+ wholeFile.fill(0);
+ return -4; // write error
+ }
+
+ wholeFile.fill(0);
+
+ return 0;
+}
+
+
+int BlowfishPersistHandler::read(Backend* wb, QFile& db, WId)
+{
+ wb->_cipherType = BACKEND_CIPHER_BLOWFISH;
+ wb->_hashes.clear();
+ // Read in the hashes
+ QDataStream hds(&db);
+ quint32 n;
+ hds >> n;
+ if (n > 0xffff) { // sanity check
+ return -43;
+ }
+
+ for (size_t i = 0; i < n; ++i) {
+ KMD5::Digest d, d2; // judgment day
+ MD5Digest ba;
+ QMap<MD5Digest,QList<MD5Digest> >::iterator it;
+ quint32 fsz;
+ if (hds.atEnd()) return -43;
+ hds.readRawData(reinterpret_cast<char *>(d), 16);
+ hds >> fsz;
+ ba = MD5Digest(reinterpret_cast<char *>(d));
+ it = wb->_hashes.insert(ba, QList<MD5Digest>());
+ for (size_t j = 0; j < fsz; ++j) {
+ hds.readRawData(reinterpret_cast<char *>(d2), 16);
+ ba = MD5Digest(reinterpret_cast<char *>(d2));
+ (*it).append(ba);
+ }
+ }
+
+ // Read in the rest of the file.
+ QByteArray encrypted = db.readAll();
+ assert(encrypted.size() < db.size());
+
+ BlowFish _bf;
+ CipherBlockChain bf(&_bf, _useECBforReading);
+ int blksz = bf.blockSize();
+ if ((encrypted.size() % blksz) != 0) {
+ return -5; // invalid file structure
+ }
+
+ bf.setKey((void *)wb->_passhash.data(), wb->_passhash.size()*8);
+
+ if (!encrypted.data()) {
+ wb->_passhash.fill(0);
+ encrypted.fill(0);
+ return -7; // file structure error
+ }
+
+ int rc = bf.decrypt(encrypted.data(), encrypted.size());
+ if (rc < 0) {
+ wb->_passhash.fill(0);
+ encrypted.fill(0);
+ return -6; // decrypt error
+ }
+
+ const char *t = encrypted.data();
+
+ // strip the leading data
+ t += blksz; // one block of random data
+
+ // strip the file size off
+ long fsize = 0;
+
+ fsize |= (long(*t) << 24) & 0xff000000;
+ t++;
+ fsize |= (long(*t) << 16) & 0x00ff0000;
+ t++;
+ fsize |= (long(*t) << 8) & 0x0000ff00;
+ t++;
+ fsize |= long(*t) & 0x000000ff;
+ t++;
+
+ if (fsize < 0 || fsize > long(encrypted.size()) - blksz - 4) {
+ //kDebug() << "fsize: " << fsize << " encrypted.size(): " << encrypted.size() << " blksz: " << blksz;
+ encrypted.fill(0);
+ return -9; // file structure error.
+ }
+
+ // compute the hash ourself
+ SHA1 sha;
+ sha.process(t, fsize);
+ const char *testhash = (const char *)sha.hash();
+
+ // compare hashes
+ int sz = encrypted.size();
+ for (int i = 0; i < 20; i++) {
+ if (testhash[i] != encrypted[sz - 20 + i]) {
+ encrypted.fill(0);
+ sha.reset();
+ return -8; // hash error.
+ }
+ }
+
+ sha.reset();
+
+ // chop off the leading blksz+4 bytes
+ QByteArray tmpenc(encrypted.data()+blksz+4, fsize);
+ encrypted = tmpenc;
+ tmpenc.fill(0);
+
+ // Load the data structures up
+ QDataStream eStream(encrypted);
+
+ while (!eStream.atEnd()) {
+ QString folder;
+ quint32 n;
+
+ eStream >> folder;
+ eStream >> n;
+
+ // Force initialisation
+ wb->_entries[folder].clear();
+
+ for (size_t i = 0; i < n; ++i) {
+ QString key;
+ KWallet::Wallet::EntryType et = KWallet::Wallet::Unknown;
+ Entry *e = new Entry;
+ eStream >> key;
+ qint32 x = 0; // necessary to read properly
+ eStream >> x;
+ et = static_cast<KWallet::Wallet::EntryType>(x);
+
+ switch (et) {
+ case KWallet::Wallet::Password:
+ case KWallet::Wallet::Stream:
+ case KWallet::Wallet::Map:
+ break;
+ default: // Unknown entry
+ delete e;
+ continue;
+ }
+
+ QByteArray a;
+ eStream >> a;
+ e->setValue(a);
+ e->setType(et);
+ e->setKey(key);
+ wb->_entries[folder][key] = e;
+ }
+ }
+
+ wb->_open = true;
+ encrypted.fill(0);
+ return 0;
+}
+
+#ifdef HAVE_QGPGME
+GpgME::Error initGpgME()
+{
+ GpgME::Error err;
+ static bool alreadyInitialized = false;
+ if (!alreadyInitialized) {
+ GpgME::initializeLibrary();
+ err = GpgME::checkEngine(GpgME::OpenPGP);
+ if (err){
+ kDebug() << "OpenPGP not supported!";
+ }
+ alreadyInitialized = true;
+ }
+ return err;
+}
+
+int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WId w)
+{
+ version[2] = KWALLET_CIPHER_GPG;
+ version[3] = 0;
+ if (sf.write(version, 4) != 4) {
+ sf.abort();
+ return -4; // write error
+ }
+
+ GpgME::Error err = initGpgME();
+ if (err) {
+ kDebug() << "initGpgME returned " << err.code();
+ KMessageBox::errorWId( w, i18n("<qt>Error when attempting to initialize OpenPGP while attempting to save the wallet <b>%1</b>. Error code is <b>%2</b>. Please fix your system configuration, then try again!</qt>", Qt::escape(wb->_name), err.code()));
+ sf.abort();
+ return -5;
+ }
+
+ boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
+ if (0 == ctx) {
+ kDebug() << "Cannot setup OpenPGP context!";
+ KMessageBox::errorWId(w, i18n("<qt>Error when attempting to initialize OpenPGP while attempting to save the wallet <b>%1</b>. Please fix your system configuration, then try again!</qt>"), Qt::escape(wb->_name));
+ return -6;
+ }
+
+ assert(wb->_cipherType == BACKEND_CIPHER_GPG);
+
+ QByteArray hashes;
+ QDataStream hashStream(&hashes, QIODevice::WriteOnly);
+ KMD5 md5;
+ hashStream << static_cast<quint32>(wb->_entries.count());
+
+ QByteArray values;
+ QDataStream valueStream(&values, QIODevice::WriteOnly);
+ Backend::FolderMap::ConstIterator i = wb->_entries.constBegin();
+ Backend::FolderMap::ConstIterator ie = wb->_entries.constEnd();
+ for ( ; i != ie; ++i) {
+ valueStream << i.key();
+ valueStream << static_cast<quint32>(i.value().count());
+
+ md5.reset();
+ md5.update(i.key().toUtf8());
+ hashStream.writeRawData(reinterpret_cast<const char*>(&(md5.rawDigest()[0])), 16);
+ hashStream << static_cast<quint32>(i.value().count());
+
+ Backend::EntryMap::ConstIterator j = i.value().constBegin();
+ Backend::EntryMap::ConstIterator je = i.value().constEnd();
+ for (; j != je; ++j) {
+ valueStream << j.key();
+ valueStream << static_cast<qint32>(j.value()->type());
+ valueStream << j.value()->value();
+
+ md5.reset();
+ md5.update(j.key().toUtf8());
+ hashStream.writeRawData(reinterpret_cast<const char*>(&(md5.rawDigest()[0])), 16);
+ }
+ }
+
+ QByteArray dataBuffer;
+ QDataStream dataStream(&dataBuffer, QIODevice::WriteOnly);
+ QString keyID(wb->_gpgKey.keyID());
+ dataStream << keyID;
+ dataStream << hashes;
+ dataStream << values;
+
+ GpgME::Data decryptedData(dataBuffer.data(), dataBuffer.size(), false);
+ GpgME::Data encryptedData;
+ std::vector< GpgME::Key > keys;
+ keys.push_back(wb->_gpgKey);
+ GpgME::EncryptionResult res = ctx->encrypt(keys, decryptedData, encryptedData, GpgME::Context::None);
+ if (res.error()){
+ int gpgerr = res.error().code();
+ KMessageBox::errorWId( w, i18n("<qt>Encryption error while attempting to save the wallet <b>%1</b>. Error code is <b>%2 (%3)</b>. Please fix your system configuration, then try again!</qt>",
+ Qt::escape(wb->_name), gpgerr, gpgme_strerror(gpgerr)));
+ kDebug() << "GpgME encryption error: " << res.error().code();
+ sf.abort();
+ return -7;
+ }
+
+ char buffer[4096];
+ ssize_t bytes =0;
+ encryptedData.seek(0, SEEK_SET);
+ while (bytes = encryptedData.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){
+ if (sf.write(buffer, bytes) != bytes){
+ KMessageBox::errorWId( w, i18n("<qt>File handling error while attempting to save the wallet <b>%1</b>. Error was <b>%2</b>. Please fix your system configuration, then try again!</qt>", Qt::escape(wb->_name), sf.errorString()));
+ sf.abort();
+ return -4; // write error
+ }
+ }
+
+ return 0;
+}
+
+int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w)
+{
+ GpgME::Error err = initGpgME();
+ if (err){
+ KMessageBox::errorWId( w, i18n("<qt>Error when attempting to initialize OpenPGP while attempting to open the wallet <b>%1</b>. Error code is <b>%2</b>. Please fix your system configuration, then try again!</qt>", Qt::escape(wb->_name), err.code()));
+ return -1;
+ }
+
+ wb->_cipherType = BACKEND_CIPHER_GPG;
+ wb->_hashes.clear();
+
+ // the remainder of the file is GPG encrypted. Let's decrypt it
+ GpgME::Data encryptedData;
+ char buffer[4096];
+ ssize_t bytes = 0;
+ while (bytes = sf.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){
+ encryptedData.write(buffer, bytes);
+ }
+
+ retry_label:
+ boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
+ if (0 == ctx) {
+ KMessageBox::errorWId(w, i18n("<qt>Error when attempting to initialize OpenPGP while attempting to open the wallet <b>%1</b>. Please fix your system configuration, then try again!</qt>", Qt::escape(wb->_name)));
+ kDebug() << "Cannot setup OpenPGP context!";
+ return -1;
+ }
+
+ GpgME::Data decryptedData;
+ encryptedData.seek(0, SEEK_SET);
+ GpgME::DecryptionResult res = ctx->decrypt(encryptedData, decryptedData);
+ if (res.error()){
+ kDebug() << "Error decrypting message: " << res.error().asString() << ", code " << res.error().code() << ", source " << res.error().source();
+ KGuiItem btnRetry(i18n("Retry"));
+ // FIXME the logic here should be a little more elaborate; a dialog box should be used with "retry", "cancel", but also "troubleshoot" with options to show card status and to kill scdaemon
+ int userChoice = KMessageBox::warningYesNoWId(w, i18n("<qt>Error when attempting to decrypt the wallet <b>%1</b> using GPG. If you're using a SmartCard, please ensure it's inserted then try again.<br><br>GPG error was <b>%2</b></qt>", Qt::escape(wb->_name), res.error().asString()),
+ i18n("kwalletd GPG backend"), btnRetry, KStandardGuiItem::cancel());
+ if (userChoice == KMessageBox::Yes) {
+ decryptedData.seek(0, SEEK_SET);
+ goto retry_label;
+ }
+ return -1;
+ }
+
+ decryptedData.seek(0, SEEK_SET);
+ QByteArray dataBuffer;
+ while (bytes = decryptedData.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){
+ dataBuffer.append(buffer, bytes);
+ }
+
+ // load the wallet from the decrypted data
+ QDataStream dataStream(dataBuffer);
+ QString keyID;
+ QByteArray hashes;
+ QByteArray values;
+ dataStream >> keyID;
+ dataStream >> hashes;
+ dataStream >> values;
+
+ // locate the GPG key having the ID found inside the file. This will be needed later, when writing changes to disk.
+ QDataStream fileStream(&sf);
+ fileStream.unsetDevice();
+ kDebug() << "This wallet was encrypted using GPG key with ID " << keyID;
+
+ ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
+ std::vector< GpgME::Key > keys;
+ int row =0;
+ err = ctx->startKeyListing();
+ while (!err) {
+ GpgME::Key k = ctx->nextKey(err);
+ if (err)
+ break;
+ if (keyID == k.keyID()){
+ kDebug() << "The key was found.";
+ wb->_gpgKey = k;
+ break;
+ }
+ }
+ ctx->endKeyListing();
+ if (wb->_gpgKey.isNull()){
+ KMessageBox::errorWId(w, i18n("<qt>Error when attempting to open the wallet <b>%1</b>. The wallet was encrypted using the GPG Key ID <b>%2</b> but this key was not found on your system.</qt>", Qt::escape(wb->_name), keyID));
+ return -1;
+ }
+
+
+ QDataStream hashStream(hashes);
+ QDataStream valueStream(values);
+
+ quint32 hashCount;
+ hashStream >> hashCount;
+ if (hashCount > 0xFFFF) {
+ return -43;
+ }
+
+ quint32 folderCount = hashCount;
+ while (hashCount--){
+ KMD5::Digest d;
+ hashStream.readRawData(reinterpret_cast<char *>(d), 16);
+
+ quint32 folderSize;
+ hashStream >> folderSize;
+
+ MD5Digest ba = MD5Digest(reinterpret_cast<char *>(d));
+ QMap<MD5Digest, QList<MD5Digest> >::iterator it = wb->_hashes.insert(ba, QList<MD5Digest>());
+ while (folderSize--){
+ KMD5::Digest d2;
+ hashStream.readRawData(reinterpret_cast<char *>(d2), 16);
+ ba = MD5Digest(reinterpret_cast<char *>(d2));
+ (*it).append(ba);
+ }
+ }
+
+ while (folderCount--){
+ QString folder;
+ valueStream >> folder;
+
+ quint32 entryCount;
+ valueStream >> entryCount;
+
+ wb->_entries[folder].clear();
+
+ while (entryCount--){
+ KWallet::Wallet::EntryType et = KWallet::Wallet::Unknown;
+ Entry *e = new Entry;
+
+ QString key;
+ valueStream >> key;
+
+ qint32 x =0; // necessary to read properly
+ valueStream >> x;
+ et = static_cast<KWallet::Wallet::EntryType>(x);
+
+ switch (et) {
+ case KWallet::Wallet::Password:
+ case KWallet::Wallet::Stream:
+ case KWallet::Wallet::Map:
+ break;
+ default: // Unknown entry
+ delete e;
+ continue;
+ }
+
+ QByteArray a;
+ valueStream >> a;
+ e->setValue(a);
+ e->setType(et);
+ e->setKey(key);
+ wb->_entries[folder][key] = e;
+ }
+ }
+
+ wb->_open = true;
+
+ return 0;
+}
+#endif // HAVE_QGPGME
+
+} // namespace
Index: kwalletd/backend/backendpersisthandler.h
===================================================================
--- /dev/null
+++ kwalletd/backend/backendpersisthandler.h
@@ -0,0 +1,85 @@
+/**
+ * This file is part of the KDE project
+ * Copyright (C) 2013 Valentin Rusu <kde@rusu.info>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+#ifndef BACKENDPERSISTHANDLER_H
+#define BACKENDPERSISTHANDLER_H
+
+#define KWMAGIC_LEN 12
+
+#include <qwindowdefs.h>
+
+class QFile;
+class KSaveFile;
+namespace KWallet {
+
+class Backend;
+
+enum BackendCipherType {
+ BACKEND_CIPHER_UNKNOWN, /// this is used by freshly allocated wallets
+ BACKEND_CIPHER_BLOWFISH, /// use the legacy blowfish cipher type
+#ifdef HAVE_QGPGME
+ BACKEND_CIPHER_GPG /// use GPG backend to encrypt wallet contents
+#endif // HAVE_QGPGME
+};
+
+
+class BackendPersistHandler {
+protected:
+ BackendPersistHandler() {}
+public:
+ virtual ~BackendPersistHandler() {}
+ /**
+ * This is a factory method used to get an instance of the backend suitable
+ * for reading/writing using the given cipher type
+ *
+ * @param cypherType indication of the backend that should be returned
+ * @return a pointer to an instance of the requested handler type. No need to delete this pointer, it's lifetime is taken care of by this factory
+ */
+ static BackendPersistHandler *getPersistHandler(BackendCipherType cipherType);
+ static BackendPersistHandler *getPersistHandler(char magicBuf[KWMAGIC_LEN]);
+
+ virtual int write(Backend* wb, KSaveFile& sf, QByteArray& version, WId w) =0;
+ virtual int read(Backend* wb, QFile& sf, WId w) =0;
+};
+
+
+class BlowfishPersistHandler : public BackendPersistHandler {
+public:
+ explicit BlowfishPersistHandler(bool useECBforReading =false) : _useECBforReading(useECBforReading) {}
+ virtual ~BlowfishPersistHandler() {}
+
+ virtual int write(Backend* wb, KSaveFile& sf, QByteArray& version, WId w);
+ virtual int read(Backend* wb, QFile& sf, WId w);
+private:
+ bool _useECBforReading;
+};
+
+#ifdef HAVE_QGPGME
+class GpgPersistHandler : public BackendPersistHandler {
+public:
+ GpgPersistHandler() {}
+ virtual ~GpgPersistHandler() {}
+
+ virtual int write(Backend* wb, KSaveFile& sf, QByteArray& version, WId w);
+ virtual int read(Backend* wb, QFile& sf, WId w);
+};
+#endif // HAVE_QGPGME
+
+} // namespace
+
+#endif // BACKENDPERSISTHANDLER_H
Index: kwalletd/backend/cbc.cc
===================================================================
--- kwalletd/backend/cbc.cc.orig
+++ kwalletd/backend/cbc.cc
@@ -1,149 +1,212 @@
/* This file is part of the KDE project
Copyright (C) 2001 George Staikos <staikos@kde.org>
-
+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
-
+
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
-
+
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
-
#include "cbc.h"
#include <string.h>
+#include <kdebug.h>
-
-
-CipherBlockChain::CipherBlockChain(BlockCipher *cipher) : _cipher(cipher) {
- _next = 0L;
- _register = 0L;
- _len = -1;
- _reader = _writer = 0L;
- if (cipher) {
- _blksz = cipher->blockSize();
- }
-}
-
-
-CipherBlockChain::~CipherBlockChain() {
- delete[] (char *)_register;
- _register = 0L;
- delete[] (char *)_next;
- _next = 0L;
-}
-
-
-bool CipherBlockChain::setKey(void *key, int bitlength) {
- if (_cipher) {
- return _cipher->setKey(key, bitlength);
- }
- return false;
-}
-
-
-int CipherBlockChain::keyLen() const {
- if (_cipher) {
- return _cipher->keyLen();
- }
- return -1;
+CipherBlockChain::CipherBlockChain(BlockCipher *cipher, bool useECBforReading) :
+ _cipher(cipher)
+ , _useECBforReading(useECBforReading)
+{
+ _next = 0L;
+ _register = 0L;
+ _len = -1;
+ _reader = _writer = 0L;
+ if (cipher) {
+ _blksz = cipher->blockSize();
+ }
+}
+
+CipherBlockChain::~CipherBlockChain()
+{
+ delete[](char *)_register;
+ _register = 0L;
+ delete[](char *)_next;
+ _next = 0L;
+}
+
+bool CipherBlockChain::setKey(void *key, int bitlength)
+{
+ if (_cipher) {
+ return _cipher->setKey(key, bitlength);
+ }
+ return false;
+}
+
+int CipherBlockChain::keyLen() const
+{
+ if (_cipher) {
+ return _cipher->keyLen();
+ }
+ return -1;
+}
+
+bool CipherBlockChain::variableKeyLen() const
+{
+ if (_cipher) {
+ return _cipher->variableKeyLen();
+ }
+ return false;
+}
+
+bool CipherBlockChain::readyToGo() const
+{
+ if (_cipher) {
+ return _cipher->readyToGo();
+ }
+ return false;
+}
+
+void CipherBlockChain::initRegister() {
+ if (_register == 0L) {
+ size_t registerLen = _cipher->blockSize();
+ _register = new unsigned char[registerLen];
+ _len = registerLen;
+ }
+ memset(_register, 0, _len);
+}
+
+int CipherBlockChain::encrypt(void *block, int len)
+{
+ if (_cipher && !_reader) {
+ int rc;
+
+ _writer |= 1;
+
+ initRegister();
+
+ if ((len % _len) >0) {
+ kDebug() << "Block length given encrypt (" << len << ") is not a multiple of " << _len;
+ return -1;
+ }
+
+ char *elemBlock = static_cast<char*>(block);
+ for (int b = 0; b < len/_len; b++) {
+
+ // This might be optimizable
+ char *tb = static_cast<char*>(elemBlock);
+ for (int i = 0; i < _len; i++) {
+ *tb++ ^= ((char *)_register)[i];
+ }
+
+ rc = _cipher->encrypt(elemBlock, _len);
+
+ if (rc != -1) {
+ memcpy(_register, elemBlock, _len);
+ }
+ elemBlock += _len;
+ }
+
+ return rc;
+ }
+ return -1;
+}
+
+// This is the old decrypt method, that was decrypting using ECB
+// instead of CBC
+int CipherBlockChain::decryptECB(void *block, int len) {
+ if (_cipher && !_writer) {
+ int rc;
+
+ _reader |= 1;
+
+ if (!_register) {
+ _register = new unsigned char[len];
+ _len = len;
+ memset(_register, 0, len);
+ } else if (len > _len) {
+ return -1;
+ }
+
+ if (!_next) {
+ _next = new unsigned char[_len];
+ }
+ memcpy(_next, block, _len);
+
+ rc = _cipher->decrypt(block, len);
+
+ if (rc != -1) {
+ // This might be optimizable
+ char *tb = (char *)block;
+ for (int i = 0; i < len; i++) {
+ tb[i] ^= ((char *)_register)[i];
+ }
+ }
+
+ void *temp;
+ temp = _next;
+ _next = _register;
+ _register = temp;
+
+ return rc;
+ }
+ return -1;
+}
+
+int CipherBlockChain::decrypt(void *block, int len)
+{
+ if (_useECBforReading) {
+ kDebug() << "decrypting using ECB!";
+ return decryptECB(block, len);
+ }
+
+ if (_cipher && !_writer) {
+ int rc = 0;
+
+ _reader |= 1;
+
+ initRegister();
+
+ if ((len % _len) >0) {
+ kDebug() << "Block length given for decrypt (" << len << ") is not a multiple of " << _len;
+ return -1;
+ }
+
+ char *elemBlock = static_cast<char*>(block);
+ for (int b = 0; b < len/_len; b++) {
+ if (_next == 0L) {
+ _next = new unsigned char[_len];
+ }
+ memcpy(_next, elemBlock, _len);
+
+ int bytesDecrypted = _cipher->decrypt(elemBlock, _len);
+
+ if (bytesDecrypted != -1) {
+ rc += bytesDecrypted;
+ // This might be optimizable
+ char *tb = (char *)elemBlock;
+ for (int i = 0; i < _len; i++) {
+ *tb++ ^= ((char *)_register)[i];
+ }
+ }
+
+ void *temp;
+ temp = _next;
+ _next = _register;
+ _register = temp;
+
+ elemBlock += _len;
+ }
+
+ return rc;
+ }
+ return -1;
}
-
-bool CipherBlockChain::variableKeyLen() const {
- if (_cipher) {
- return _cipher->variableKeyLen();
- }
- return false;
-}
-
-
-bool CipherBlockChain::readyToGo() const {
- if (_cipher) {
- return _cipher->readyToGo();
- }
- return false;
-}
-
-
-int CipherBlockChain::encrypt(void *block, int len) {
- if (_cipher && !_reader) {
- int rc;
-
- _writer |= 1;
-
- if (!_register) {
- _register = new unsigned char[len];
- _len = len;
- memset(_register, 0, len);
- } else if (len > _len) {
- return -1;
- }
-
- // This might be optimizable
- char *tb = (char *)block;
- for (int i = 0; i < len; i++) {
- tb[i] ^= ((char *)_register)[i];
- }
-
- rc = _cipher->encrypt(block, len);
-
- if (rc != -1) {
- memcpy(_register, block, len);
- }
-
- return rc;
- }
- return -1;
-}
-
-
-int CipherBlockChain::decrypt(void *block, int len) {
- if (_cipher && !_writer) {
- int rc;
-
- _reader |= 1;
-
- if (!_register) {
- _register = new unsigned char[len];
- _len = len;
- memset(_register, 0, len);
- } else if (len > _len) {
- return -1;
- }
-
- if (!_next)
- _next = new unsigned char[_len];
- memcpy(_next, block, _len);
-
- rc = _cipher->decrypt(block, len);
-
- if (rc != -1) {
- // This might be optimizable
- char *tb = (char *)block;
- for (int i = 0; i < len; i++) {
- tb[i] ^= ((char *)_register)[i];
- }
- }
-
- void *temp;
- temp = _next;
- _next = _register;
- _register = temp;
-
- return rc;
- }
- return -1;
-}
-
-
-
-
Index: kwalletd/backend/cbc.h
===================================================================
--- kwalletd/backend/cbc.h.orig
+++ kwalletd/backend/cbc.h
@@ -1,24 +1,22 @@
/* This file is part of the KDE project
Copyright (C) 2001 George Staikos <staikos@kde.org>
-
+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
-
+
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
-
+
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
-
-
#ifndef __CBC__KO__H
#define __CBC__KO__H
@@ -33,30 +31,34 @@
* calls to the other will fail in this instance.
*/
-class CipherBlockChain : public BlockCipher {
- public:
- CipherBlockChain(BlockCipher *cipher);
- virtual ~CipherBlockChain();
+class CipherBlockChain : public BlockCipher
+{
+public:
+ CipherBlockChain(BlockCipher *cipher, bool useECBforReading =false);
+ virtual ~CipherBlockChain();
- virtual bool setKey(void *key, int bitlength);
+ virtual bool setKey(void *key, int bitlength);
- virtual int keyLen() const;
+ virtual int keyLen() const;
- virtual bool variableKeyLen() const;
+ virtual bool variableKeyLen() const;
- virtual bool readyToGo() const;
+ virtual bool readyToGo() const;
- virtual int encrypt(void *block, int len);
+ virtual int encrypt(void *block, int len);
- virtual int decrypt(void *block, int len);
+ virtual int decrypt(void *block, int len);
- private:
- BlockCipher *_cipher;
- void *_register;
- void *_next;
- int _len;
- int _reader, _writer;
+private:
+ void initRegister();
+ int decryptECB(void *block, int len);
+ BlockCipher *_cipher;
+ void *_register;
+ void *_next;
+ int _len;
+ int _reader, _writer;
+ bool _useECBforReading;
};
#endif
Index: kwalletd/backend/kwalletbackend.cc
===================================================================
--- kwalletd/backend/kwalletbackend.cc.orig
+++ kwalletd/backend/kwalletbackend.cc
@@ -28,6 +28,11 @@
#include <kcodecs.h>
#include <ksavefile.h>
#include <kstandarddirs.h>
+#ifdef HAVE_QGPGME
+#include <gpgme++/key.h>
+#endif
+#include <gcrypt.h>
+#include <knotification.h>
#include <QtCore/QFile>
#include <QtCore/QFileInfo>
@@ -46,19 +51,11 @@
#endif
#define KWALLET_VERSION_MAJOR 0
-#define KWALLET_VERSION_MINOR 0
-
-#define KWALLET_CIPHER_BLOWFISH_CBC 0
-#define KWALLET_CIPHER_3DES_CBC 1 // unsupported
-
-#define KWALLET_HASH_SHA1 0
-#define KWALLET_HASH_MD5 1 // unsupported
-
+#define KWALLET_VERSION_MINOR 1
using namespace KWallet;
#define KWMAGIC "KWALLET\n\r\0\r\n"
-#define KWMAGIC_LEN 12
class Backend::BackendPrivate
{
@@ -69,7 +66,13 @@ static void initKWalletDir()
KGlobal::dirs()->addResourceType("kwallet", 0, "share/apps/kwallet");
}
-Backend::Backend(const QString& name, bool isPath) : d(0), _name(name), _ref(0) {
+Backend::Backend(const QString& name, bool isPath)
+ : d(0)
+ , _name(name)
+ , _useNewHash(false)
+ , _ref(0)
+ , _cipherType(KWallet::BACKEND_CIPHER_UNKNOWN)
+{
initKWalletDir();
if (isPath) {
_path = name;
@@ -88,91 +91,41 @@ Backend::~Backend() {
delete d;
}
-static int getRandomBlock(QByteArray& randBlock) {
-
-#ifdef Q_OS_WIN //krazy:exclude=cpp
-
- // Use windows crypto API to get randomness on win32
- // HACK: this should be done using qca
- HCRYPTPROV hProv;
-
- if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) return -1; // couldn't get random data
-
- if (!CryptGenRandom(hProv, static_cast<DWORD>(randBlock.size()),
- (BYTE*)randBlock.data())) {
- return -3; // read error
- }
-
- // release the crypto context
- CryptReleaseContext(hProv, 0);
-
- return randBlock.size();
-
-#else
-
- // First try /dev/urandom
- if (QFile::exists("/dev/urandom")) {
- QFile devrand("/dev/urandom");
- if (devrand.open(QIODevice::ReadOnly)) {
- int rc = devrand.read(randBlock.data(), randBlock.size());
-
- if (rc != randBlock.size()) {
- return -3; // not enough data read
- }
-
- return 0;
- }
- }
-
- // If that failed, try /dev/random
- // FIXME: open in noblocking mode!
- if (QFile::exists("/dev/random")) {
- QFile devrand("/dev/random");
- if (devrand.open(QIODevice::ReadOnly)) {
- int rc = 0;
- int cnt = 0;
-
- do {
- int rc2 = devrand.read(randBlock.data() + rc, randBlock.size());
-
- if (rc2 < 0) {
- return -3; // read error
- }
-
- rc += rc2;
- cnt++;
- if (cnt > randBlock.size()) {
- return -4; // reading forever?!
- }
- } while(rc < randBlock.size());
-
- return 0;
- }
- }
-
- // EGD method
- QString randFilename = QString::fromLocal8Bit(qgetenv("RANDFILE"));
- if (!randFilename.isEmpty()) {
- if (QFile::exists(randFilename)) {
- QFile devrand(randFilename);
- if (devrand.open(QIODevice::ReadOnly)) {
- int rc = devrand.read(randBlock.data(), randBlock.size());
- if (rc != randBlock.size()) {
- return -3; // not enough data read
- }
- return 0;
- }
- }
- }
+void Backend::setCipherType(BackendCipherType ct)
+{
+ // changing cipher type on already initialed wallets is not permitted
+ assert(_cipherType == KWallet::BACKEND_CIPHER_UNKNOWN);
+ _cipherType = ct;
+}
- // Couldn't get any random data!!
- return -1;
+static int password2PBKDF2_SHA512(const QByteArray &password, QByteArray& hash, const QByteArray &salt)
+{
+ if (!gcry_check_version("1.5.0")) {
+ printf("libcrypt version is too old \n");
+ return GPG_ERR_USER_2;
+ }
+
+ gcry_error_t error;
+ bool static gcry_secmem_init = false;
+ if (!gcry_secmem_init) {
+ error = gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0);
+ if (error != 0) {
+ kWarning() << "Can't get secure memory:" << error;
+ return error;
+ }
+ gcry_secmem_init = true;
+ }
+
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
+ error = gcry_kdf_derive(password.constData(), password.size(),
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA512,
+ salt.data(), salt.size(),
+ PBKDF2_SHA512_ITERATIONS, PBKDF2_SHA512_KEYSIZE, hash.data());
-#endif
+ return error;
}
-
// this should be SHA-512 for release probably
static int password2hash(const QByteArray& password, QByteArray& hash) {
SHA1 sha;
@@ -309,32 +262,46 @@ QString Backend::openRCToString(int rc)
}
-int Backend::open(const QByteArray& password) {
+int Backend::open(const QByteArray& password, WId w) {
if (_open) {
return -255; // already open
}
-
+
setPassword(password);
- return openInternal();
+ return openInternal(w);
}
+#ifdef HAVE_QGPGME
+int Backend::open(const GpgME::Key& key)
+{
+ if (_open) {
+ return -255; // already open
+ }
+ _gpgKey = key;
+ return openInternal();
+}
+#endif // HAVE_QGPGME
+
int Backend::openPreHashed(const QByteArray &passwordHash)
{
if (_open) {
return -255; // already open
}
-
+
// check the password hash for correct size (currently fixed)
if (passwordHash.size() != 20 && passwordHash.size() != 40 &&
passwordHash.size() != 56) {
return -42; // unsupported encryption scheme
}
-
+
_passhash = passwordHash;
+ _newPassHash = passwordHash;
+ _useNewHash = true;//Only new hash is supported
+
return openInternal();
}
-
-int Backend::openInternal()
+
+int Backend::openInternal(WId w)
{
// No wallet existed. Let's create it.
// Note: 60 bytes is presently the minimum size of a wallet file.
@@ -346,8 +313,9 @@ int Backend::openInternal()
}
newfile.close();
_open = true;
- sync();
- return 1; // new file opened, but OK
+ if (sync(w) != 0) {
+ return -2;
+ }
}
QFile db(_path);
@@ -369,163 +337,58 @@ int Backend::openInternal()
return -4; // unknown version
}
- if (magicBuf[1] != KWALLET_VERSION_MINOR) {
- return -4; // unknown version
- }
-
- if (magicBuf[2] != KWALLET_CIPHER_BLOWFISH_CBC) {
- return -42; // unknown cipher
- }
-
- if (magicBuf[3] != KWALLET_HASH_SHA1) {
- return -42; // unknown hash
- }
-
- _hashes.clear();
- // Read in the hashes
- QDataStream hds(&db);
- quint32 n;
- hds >> n;
- if (n > 0xffff) { // sanity check
- return -43;
- }
-
- for (size_t i = 0; i < n; ++i) {
- KMD5::Digest d, d2; // judgment day
- MD5Digest ba;
- QMap<MD5Digest,QList<MD5Digest> >::iterator it;
- quint32 fsz;
- if (hds.atEnd()) return -43;
- hds.readRawData(reinterpret_cast<char *>(d), 16);
- hds >> fsz;
- ba = MD5Digest(reinterpret_cast<char *>(d));
- it = _hashes.insert(ba, QList<MD5Digest>());
- for (size_t j = 0; j < fsz; ++j) {
- hds.readRawData(reinterpret_cast<char *>(d2), 16);
- ba = MD5Digest(reinterpret_cast<char *>(d2));
- (*it).append(ba);
- }
- }
-
- // Read in the rest of the file.
- QByteArray encrypted = db.readAll();
- assert(encrypted.size() < db.size());
-
- BlowFish _bf;
- CipherBlockChain bf(&_bf);
- int blksz = bf.blockSize();
- if ((encrypted.size() % blksz) != 0) {
- return -5; // invalid file structure
- }
-
- bf.setKey((void *)_passhash.data(), _passhash.size()*8);
-
- if (!encrypted.data()) {
- _passhash.fill(0);
- encrypted.fill(0);
- return -7; // file structure error
- }
-
- int rc = bf.decrypt(encrypted.data(), encrypted.size());
- if (rc < 0) {
- _passhash.fill(0);
- encrypted.fill(0);
- return -6; // decrypt error
- }
-
- const char *t = encrypted.data();
-
- // strip the leading data
- t += blksz; // one block of random data
-
- // strip the file size off
- long fsize = 0;
-
- fsize |= (long(*t) << 24) & 0xff000000;
- t++;
- fsize |= (long(*t) << 16) & 0x00ff0000;
- t++;
- fsize |= (long(*t) << 8) & 0x0000ff00;
- t++;
- fsize |= long(*t) & 0x000000ff;
- t++;
+ //0 has been the MINOR version until 4.13, from that point we use it to upgrade the hash
+ if (magicBuf[1] == 1) {
+ kDebug() << "Wallet new enough, using new hash";
+ swapToNewHash();
+ } else if (magicBuf[1] != 0){
+ kDebug() << "Wallet is old, sad panda :(";
+ return -4; // unknown version
+ }
+
+ BackendPersistHandler *phandler = BackendPersistHandler::getPersistHandler(magicBuf);
+ if (0 == phandler){
+ return 42; // unknown cipher or hash
+ }
+ int result = phandler->read(this, db, w);
+ delete phandler;
+ return result;
+}
- if (fsize < 0 || fsize > long(encrypted.size()) - blksz - 4) {
- //kDebug() << "fsize: " << fsize << " encrypted.size(): " << encrypted.size() << " blksz: " << blksz;
- encrypted.fill(0);
- return -9; // file structure error.
- }
+void Backend::swapToNewHash()
+{
+ //Runtime error happened and we can't use the new hash
+ if (!_useNewHash) {
+ kDebug() << "Runtime error on the new hash";
+ return;
+ }
+ _passhash.fill(0);//Making sure the old passhash is not around in memory
+ _passhash = _newPassHash;//Use the new hash, means the wallet is modern enough
+}
- // compute the hash ourself
- SHA1 sha;
- sha.process(t, fsize);
- const char *testhash = (const char *)sha.hash();
+QByteArray Backend::createAndSaveSalt(const QString& path) const
+{
+ QFile saltFile(path);
+ saltFile.remove();
- // compare hashes
- int sz = encrypted.size();
- for (int i = 0; i < 20; i++) {
- if (testhash[i] != encrypted[sz - 20 + i]) {
- encrypted.fill(0);
- sha.reset();
- return -8; // hash error.
- }
- }
+ if (!saltFile.open(QIODevice::WriteOnly)) {
+ return QByteArray();
+ }
- sha.reset();
+ char *randomData = (char*) gcry_random_bytes(PBKDF2_SHA512_SALTSIZE, GCRY_STRONG_RANDOM);
+ QByteArray salt(randomData, PBKDF2_SHA512_SALTSIZE);
+ free(randomData);
- // chop off the leading blksz+4 bytes
- QByteArray tmpenc(encrypted.data()+blksz+4, fsize);
- encrypted = tmpenc;
- tmpenc.fill(0);
-
- // Load the data structures up
- QDataStream eStream(encrypted);
-
- while (!eStream.atEnd()) {
- QString folder;
- quint32 n;
-
- eStream >> folder;
- eStream >> n;
-
- // Force initialisation
- _entries[folder].clear();
-
- for (size_t i = 0; i < n; ++i) {
- QString key;
- KWallet::Wallet::EntryType et = KWallet::Wallet::Unknown;
- Entry *e = new Entry;
- eStream >> key;
- qint32 x = 0; // necessary to read properly
- eStream >> x;
- et = static_cast<KWallet::Wallet::EntryType>(x);
-
- switch (et) {
- case KWallet::Wallet::Password:
- case KWallet::Wallet::Stream:
- case KWallet::Wallet::Map:
- break;
- default: // Unknown entry
- delete e;
- continue;
- }
+ if (saltFile.write(salt) != PBKDF2_SHA512_SALTSIZE) {
+ return QByteArray();
+ }
- QByteArray a;
- eStream >> a;
- e->setValue(a);
- e->setType(et);
- e->setKey(key);
- _entries[folder][key] = e;
- }
- }
+ saltFile.close();
- _open = true;
- encrypted.fill(0);
- return 0;
+ return salt;
}
-
-int Backend::sync() {
+int Backend::sync(WId w) {
if (!_open) {
return -255; // not open yet
}
@@ -545,146 +408,41 @@ int Backend::sync() {
// Write the version number
QByteArray version(4, 0);
version[0] = KWALLET_VERSION_MAJOR;
- version[1] = KWALLET_VERSION_MINOR;
- version[2] = KWALLET_CIPHER_BLOWFISH_CBC;
- version[3] = KWALLET_HASH_SHA1;
- if (sf.write(version, 4) != 4) {
- sf.abort();
- return -4; // write error
- }
-
- // Holds the hashes we write out
- QByteArray hashes;
- QDataStream hashStream(&hashes, QIODevice::WriteOnly);
- KMD5 md5;
- hashStream << static_cast<quint32>(_entries.count());
-
- // Holds decrypted data prior to encryption
- QByteArray decrypted;
-
- // FIXME: we should estimate the amount of data we will write in each
- // buffer and resize them approximately in order to avoid extra
- // resizes.
-
- // populate decrypted
- QDataStream dStream(&decrypted, QIODevice::WriteOnly);
- for (FolderMap::ConstIterator i = _entries.constBegin(); i != _entries.constEnd(); ++i) {
- dStream << i.key();
- dStream << static_cast<quint32>(i.value().count());
-
- md5.reset();
- md5.update(i.key().toUtf8());
- hashStream.writeRawData(reinterpret_cast<const char*>(&(md5.rawDigest()[0])), 16);
- hashStream << static_cast<quint32>(i.value().count());
-
- for (EntryMap::ConstIterator j = i.value().constBegin(); j != i.value().constEnd(); ++j) {
- dStream << j.key();
- dStream << static_cast<qint32>(j.value()->type());
- dStream << j.value()->value();
-
- md5.reset();
- md5.update(j.key().toUtf8());
- hashStream.writeRawData(reinterpret_cast<const char*>(&(md5.rawDigest()[0])), 16);
- }
- }
-
- if (sf.write(hashes, hashes.size()) != hashes.size()) {
- sf.abort();
- return -4; // write error
- }
-
- // calculate the hash of the file
- SHA1 sha;
- BlowFish _bf;
- CipherBlockChain bf(&_bf);
-
- sha.process(decrypted.data(), decrypted.size());
-
- // prepend and append the random data
- QByteArray wholeFile;
- long blksz = bf.blockSize();
- long newsize = decrypted.size() +
- blksz + // encrypted block
- 4 + // file size
- 20; // size of the SHA hash
-
- int delta = (blksz - (newsize % blksz));
- newsize += delta;
- wholeFile.resize(newsize);
-
- QByteArray randBlock;
- randBlock.resize(blksz+delta);
- if (getRandomBlock(randBlock) < 0) {
- sha.reset();
- decrypted.fill(0);
- sf.abort();
- return -3; // Fatal error: can't get random
- }
-
- for (int i = 0; i < blksz; i++) {
- wholeFile[i] = randBlock[i];
- }
-
- for (int i = 0; i < 4; i++) {
- wholeFile[(int)(i+blksz)] = (decrypted.size() >> 8*(3-i))&0xff;
- }
-
- for (int i = 0; i < decrypted.size(); i++) {
- wholeFile[(int)(i+blksz+4)] = decrypted[i];
- }
-
- for (int i = 0; i < delta; i++) {
- wholeFile[(int)(i+blksz+4+decrypted.size())] = randBlock[(int)(i+blksz)];
- }
-
- const char *hash = (const char *)sha.hash();
- for (int i = 0; i < 20; i++) {
- wholeFile[(int)(newsize - 20 + i)] = hash[i];
- }
-
- sha.reset();
- decrypted.fill(0);
-
- // encrypt the data
- if (!bf.setKey(_passhash.data(), _passhash.size() * 8)) {
- wholeFile.fill(0);
- sf.abort();
- return -2; // encrypt error
- }
-
- int rc = bf.encrypt(wholeFile.data(), wholeFile.size());
- if (rc < 0) {
- wholeFile.fill(0);
- sf.abort();
- return -2; // encrypt error
- }
-
- // write the file
- if (sf.write(wholeFile, wholeFile.size()) != wholeFile.size()) {
- wholeFile.fill(0);
- sf.abort();
- return -4; // write error
- }
- if (!sf.finalize()) {
- wholeFile.fill(0);
- return -4; // write error
- }
-
- wholeFile.fill(0);
-
- return 0;
+ if (_useNewHash) {
+ version[1] = KWALLET_VERSION_MINOR;
+ //Use the sync to update the hash to PBKDF2_SHA512
+ swapToNewHash();
+ } else {
+ version[1] = 0; //was KWALLET_VERSION_MINOR before the new hash
+ }
+
+
+ BackendPersistHandler *phandler = BackendPersistHandler::getPersistHandler(_cipherType);
+ if (0 == phandler) {
+ return -4; // write error
+ }
+ int rc = phandler->write(this, sf, version, w);
+ if (rc<0) {
+ // Oops! wallet file sync filed! Display a notification about that
+ // TODO: change kwalletd status flags, when status flags will be implemented
+ KNotification *notification = new KNotification( "syncFailed" );
+ notification->setText( i18n("Failed to sync wallet <b>%1</b> to disk. Error codes are:\nRC <b>%2</b>\nSF <b>%3</b>. Please file a BUG report using this information to bugs.kde.org").arg(_name).arg(rc).arg(sf.errorString()) );
+ notification->sendEvent();
+ }
+ delete phandler;
+ return rc;
}
int Backend::close(bool save) {
// save if requested
if (save) {
- int rc = sync();
+ int rc = sync(0);
if (rc != 0) {
return rc;
}
}
-
+
// do the actual close
for (FolderMap::ConstIterator i = _entries.constBegin(); i != _entries.constEnd(); ++i) {
for (EntryMap::ConstIterator j = i.value().constBegin(); j != i.value().constEnd(); ++j) {
@@ -692,12 +450,13 @@ int Backend::close(bool save) {
}
}
_entries.clear();
-
+
// empty the password hash
_passhash.fill(0);
+ _newPassHash.fill(0);
_open = false;
-
+
return 0;
}
@@ -899,6 +658,31 @@ void Backend::setPassword(const QByteArr
BlowFish _bf;
CipherBlockChain bf(&_bf);
_passhash.resize(bf.keyLen()/8);
+ _newPassHash.resize(bf.keyLen()/8);
+ _newPassHash.fill(0);
+
password2hash(password, _passhash);
-}
+ QByteArray salt;
+ QFile saltFile(KGlobal::dirs()->saveLocation("kwallet") + _name + ".salt");
+ if (!saltFile.exists() || saltFile.size() == 0) {
+ salt = createAndSaveSalt(saltFile.fileName());
+ } else {
+ if (!saltFile.open(QIODevice::ReadOnly)) {
+ salt = createAndSaveSalt(saltFile.fileName());
+ } else {
+ salt = saltFile.readAll();
+ }
+ }
+
+ if (!salt.isEmpty() && password2PBKDF2_SHA512(password, _newPassHash, salt) == 0) {
+ kDebug() << "Setting useNewHash to true";
+ _useNewHash = true;
+ }
+}
+
+#ifdef HAVE_QGPGME
+const GpgME::Key &Backend::gpgKey() const {
+ return _gpgKey;
+}
+#endif
Index: kwalletd/backend/kwalletbackend.h
===================================================================
--- kwalletd/backend/kwalletbackend.h.orig
+++ kwalletd/backend/kwalletbackend.h
@@ -28,7 +28,15 @@
#include <QtCore/QStringList>
#include <QtCore/QMap>
#include "kwalletentry.h"
+#include "backendpersisthandler.h"
+#ifdef HAVE_QGPGME
+#include <gpgme++/key.h>
+#endif // HAVE_QGPGME
+
+#define PBKDF2_SHA512_KEYSIZE 56
+#define PBKDF2_SHA512_SALTSIZE 56
+#define PBKDF2_SHA512_ITERATIONS 50000
namespace KWallet {
@@ -70,7 +78,10 @@ class KDE_EXPORT Backend {
// Open and unlock the wallet.
// If opening succeeds, the password's hash will be remembered.
// If opening fails, the password's hash will be cleared.
- int open(const QByteArray& password);
+ int open(const QByteArray& password, WId w=0);
+#ifdef HAVE_QGPGME
+ int open(const GpgME::Key& key);
+#endif
// Open and unlock the wallet using a pre-hashed password.
// If opening succeeds, the password's hash will be remembered.
@@ -82,7 +93,7 @@ class KDE_EXPORT Backend {
int close(bool save = false);
// Write the wallet to disk
- int sync();
+ int sync(WId w);
// Returns true if the current wallet is open.
bool isOpen() const;
@@ -148,6 +159,12 @@ class KDE_EXPORT Backend {
static QString openRCToString(int rc);
+ void setCipherType(BackendCipherType ct);
+ BackendCipherType cipherType() const { return _cipherType; }
+#ifdef HAVE_QGPGME
+ const GpgME::Key &gpgKey() const;
+#endif
+
private:
Q_DISABLE_COPY( Backend )
class BackendPrivate;
@@ -155,6 +172,7 @@ class KDE_EXPORT Backend {
QString _name;
QString _path;
bool _open;
+ bool _useNewHash;
QString _folder;
int _ref;
// Map Folder->Entries
@@ -163,11 +181,21 @@ class KDE_EXPORT Backend {
FolderMap _entries;
typedef QMap<MD5Digest, QList<MD5Digest> > HashMap;
HashMap _hashes;
- QByteArray _passhash; // password hash used for saving the wallet
+ QByteArray _passhash; // password hash used for saving the wallet
+ QByteArray _newPassHash; //Modern hash using KWALLET_HASH_PBKDF2_SHA512
+ BackendCipherType _cipherType; // the kind of encryption used for this wallet
+#ifdef HAVE_QGPGME
+ GpgME::Key _gpgKey;
+#endif
+ friend class BlowfishPersistHandler;
+ friend class GpgPersistHandler;
// open the wallet with the password already set. This is
// called internally by both open and openPreHashed.
- int openInternal();
+ int openInternal(WId w=0);
+ void swapToNewHash();
+ QByteArray createAndSaveSalt(const QString &path) const;
+
};
}
Index: kwalletd/backend/tests/testbf.cpp
===================================================================
--- kwalletd/backend/tests/testbf.cpp.orig
+++ kwalletd/backend/tests/testbf.cpp
@@ -4,64 +4,60 @@
#include "blowfish.h"
#include "cbc.h"
-
-int main() {
-BlockCipher *bf;
-char data[] = "This is a test.";
-char expect[] = "\x22\x30\x7e\x2f\x42\x28\x44\x01\xda\xdf\x5a\x81\xd7\xe5\x7c\xd0";
-char key[] = "testkey";
-unsigned long et[] = {0x11223344};
-
- printf("%d: 0x11 == %d and 0x44 == %d\n", ((unsigned char *)et)[0],
- 0x11, 0x44);
- bf = new BlowFish();
+int main()
+{
+ BlockCipher *bf;
+ char data[] = "This is a test.";
+ char expect[] = "\x3f\x3c\x2d\xae\x8c\x7\x84\xf2\xa7\x6d\x28\xbd\xd\xb\xb8\x79";
+ char key[] = "testkey";
+ unsigned long et[] = {0x11223344};
+
+ printf("%d: 0x11 == %d and 0x44 == %d\n", ((unsigned char *)et)[0],
+ 0x11, 0x44);
+ bf = new BlowFish();
// bf = new CipherBlockChain(new BlowFish());
- bf->setKey((void *)key, 7*8);
+ bf->setKey((void *)key, 7 * 8);
- if (!bf->readyToGo()) {
- printf("Error: not ready to go!\n");
- return -1;
- }
-
- printf("About to encrypt...\n"); fflush(stdout);
- if (-1 == bf->encrypt((void *)data, 8)) {
- printf("Error: encrypt failed!\n");
- return -1;
- }
- printf("About to encrypt part 2...\n"); fflush(stdout);
- bf->encrypt((void *)(data+8), 8);
-
- printf("Encryption done. data[] is now: ");
- for (int i = 0; i < 16; i++) {
- printf("0x%x ", data[i]&0xff);
- if ((data[i]&0xff) != (expect[i]&0xff)) {
- printf("Error. This byte failed the comparison. It should have been 0x%x.\n", expect[i]&0xff);
+ if (!bf->readyToGo()) {
+ printf("Error: not ready to go!\n");
return -1;
- }
- }
- printf("\n");
+ }
- delete bf;
- bf = new BlowFish();
-// bf = new CipherBlockChain(new BlowFish());
- bf->setKey((void *)key, 7*8);
+ printf("About to encrypt...\n"); fflush(stdout);
+ if (-1 == bf->encrypt((void *)data, 16)) {
+ printf("Error: encrypt failed!\n");
+ return -1;
+ }
- printf("About to decrypt...\n"); fflush(stdout);
- if (-1 == bf->decrypt((void *)data, 16)) {
- printf("Error: decrypt failed!\n");
- return -1;
- }
- //bf->decrypt((void *)(data+8), 8);
-
- printf("All done! Result... data[] = \"%s\"\n", data);
- if (strcmp(data, "This is a test.")) {
- printf("ERROR. Decryption failed.\n");
- return -1;
- }
+ printf("Encryption done. data[] is now: ");
+ for (int i = 0; i < 16; i++) {
+ printf("0x%x ", data[i] & 0xff);
+ if ((data[i] & 0xff) != (expect[i] & 0xff)) {
+ printf("Error. This byte failed the comparison. It should have been 0x%x.\n", expect[i] & 0xff);
+ break;
+ }
+ }
+ printf("\n");
- delete bf;
-}
+ delete bf;
+ bf = new BlowFish();
+// bf = new CipherBlockChain(new BlowFish());
+ bf->setKey((void *)key, 7 * 8);
+ printf("About to decrypt...\n"); fflush(stdout);
+ if (-1 == bf->decrypt((void *)data, 16)) {
+ printf("Error: decrypt failed!\n");
+ return -1;
+ }
+ //bf->decrypt((void *)(data+8), 8);
+
+ printf("All done! Result... data[] = \"%s\"\n", data);
+ if (strcmp(data, "This is a test.")) {
+ printf("ERROR. Decryption failed.\n");
+ return -1;
+ }
+ delete bf;
+}
Index: kwalletd/knewwalletdialog.cpp
===================================================================
--- /dev/null
+++ kwalletd/knewwalletdialog.cpp
@@ -0,0 +1,186 @@
+/**
+ * This file is part of the KDE project
+ * Copyright (C) 2013 Valentin Rusu <kde@rusu.info>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#include "knewwalletdialog.h"
+#include <klocalizedstring.h>
+#include <QLabel>
+#include <QTextDocument>
+#include <QTimer>
+#include <QTableWidget>
+#include <QTableWidgetItem>
+#include <gpgme.h>
+#include <gpgme++/context.h>
+#include <gpgme++/key.h>
+#include <gpgme++/keylistresult.h>
+#include <kmessagebox.h>
+#include <kdebug.h>
+
+Q_DECLARE_METATYPE(GpgME::Key)
+
+namespace KWallet {
+
+KNewWalletDialog::KNewWalletDialog(const QString &appName, const QString &walletName, QWidget* parent):
+ QWizard(parent), _intro(0), _introId(0), _gpg(0), _gpgId(0)
+{
+ setOption(HaveFinishButtonOnEarlyPages);
+ _intro = new KNewWalletDialogIntro(appName, walletName, this);
+ _introId = addPage(_intro);
+
+ _gpg = new KNewWalletDialogGpg(appName, walletName, this);
+ _gpgId = addPage(_gpg);
+}
+
+bool KNewWalletDialog::isBlowfish() const
+{
+ return _intro->isBlowfish();
+}
+
+GpgME::Key KNewWalletDialog::gpgKey() const
+{
+ QVariant varKey = field("key");
+ return varKey.value< GpgME::Key >();
+}
+
+KNewWalletDialogIntro::KNewWalletDialogIntro(const QString& appName, const QString& walletName, QWidget* parent): QWizardPage(parent)
+{
+ _ui.setupUi(this);
+ if (appName.isEmpty()){
+ _ui.labelIntro->setText(i18n("<qt>KDE has requested to create a new wallet named '<b>%1</b>'. This is used to store sensitive data in a secure fashion. Please choose the new wallet's type below or click cancel to deny the application's request.</qt>", Qt::escape(walletName)));
+ } else {
+ _ui.labelIntro->setText(i18n("<qt>The application '<b>%1</b>' has requested to create a new wallet named '<b>%2</b>'. This is used to store sensitive data in a secure fashion. Please choose the new wallet's type below or click cancel to deny the application's request.</qt>", Qt::escape(appName), Qt::escape(walletName)));
+ }
+}
+
+void KNewWalletDialogIntro::onBlowfishToggled(bool blowfish)
+{
+ setFinalPage(blowfish);
+}
+
+
+bool KNewWalletDialogIntro::isBlowfish() const
+{
+ return _ui.radioBlowfish->isChecked();
+}
+
+int KNewWalletDialogIntro::nextId() const
+{
+ if (isBlowfish()){
+ return -1;
+ } else {
+ return qobject_cast< const KNewWalletDialog* >(wizard())->gpgId();
+ }
+}
+
+KNewWalletDialogGpg::KNewWalletDialogGpg(const QString& appName, const QString& walletName, QWidget* parent):
+ QWizardPage(parent), _alreadyInitialized(false), _complete(false)
+{
+ _ui.setupUi(this);
+}
+
+struct AddKeyToList {
+ QTableWidget *_list;
+ int _row;
+ AddKeyToList(QTableWidget *list) : _list(list), _row(0) {}
+ void operator()( const GpgME::Key &k) {
+ GpgME::UserID uid = k.userID(0);
+ QString name(uid.name());
+ if (uid.comment()){
+ name = QString("%1 (%2)").arg(name).arg(uid.comment());
+ }
+ _list->setItem(_row, 0, new QTableWidgetItem(name));
+ _list->setItem(_row, 1, new QTableWidgetItem(uid.email()));
+ _list->setItem(_row, 2, new QTableWidgetItem(k.shortKeyID()));
+ QVariant varKey;
+ varKey.setValue(k);
+ _list->item(_row, 0)->setData(Qt::UserRole, varKey);
+ ++_row;
+ }
+};
+
+void KNewWalletDialogGpg::initializePage()
+{
+ if (_alreadyInitialized)
+ return;
+
+ registerField("key", this);
+
+ GpgME::initializeLibrary();
+ GpgME::Error err = GpgME::checkEngine(GpgME::OpenPGP);
+ if (err){
+ kDebug() << "OpenPGP not supported on your system!";
+ KMessageBox::error(this, i18n("The QGpgME library failed to initialize for the OpenPGP protocol. Please check your system's configuration then try again."));
+ emit completeChanged();
+ return;
+ }
+ boost::shared_ptr< GpgME::Context > _ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
+ if (0 == _ctx) {
+ KMessageBox::error(this, i18n("The QGpgME library failed to initialize for the OpenPGP protocol. Please check your system's configuration then try again."));
+ emit completeChanged();
+ return;
+ }
+ _ctx->setKeyListMode(GpgME::Local);
+
+ std::vector< GpgME::Key > keys;
+ int row =0;
+ err = _ctx->startKeyListing();
+ while (!err) {
+ GpgME::Key k = _ctx->nextKey(err);
+ if (err)
+ break;
+ if (!k.isInvalid() && k.canEncrypt() && (k.ownerTrust() == GpgME::Key::Ultimate)) {
+ keys.push_back(k);
+ }
+ }
+ _ctx->endKeyListing();
+
+ if (keys.size() == 0) {
+ KMessageBox::error(this, i18n("Seems that your system has no keys suitable for encryption. Please set-up at least an encryption key, then try again."));
+ emit completeChanged();
+ return;
+ }
+
+ _ui.listCertificates->setRowCount(keys.size());
+ std::for_each(keys.begin(), keys.end(), AddKeyToList(_ui.listCertificates));
+ _ui.listCertificates->resizeColumnsToContents();
+ _ui.listCertificates->setCurrentCell(0, 0);
+
+ _alreadyInitialized = true;
+}
+
+void KNewWalletDialogGpg::onItemSelectionChanged()
+{
+ _complete = _ui.listCertificates->currentRow() >= 0;
+ QVariant varKey = _ui.listCertificates->item(_ui.listCertificates->currentRow(), 0)->data(Qt::UserRole);
+ setField("key", varKey);
+ emit completeChanged();
+}
+
+bool KNewWalletDialogGpg::isComplete() const
+{
+ return _complete;
+}
+
+bool KNewWalletDialogGpg::validateCurrentPage()
+{
+ return false;
+}
+
+
+} // namespace
+#include "moc_knewwalletdialog.cpp"
Index: kwalletd/knewwalletdialog.h
===================================================================
--- /dev/null
+++ kwalletd/knewwalletdialog.h
@@ -0,0 +1,81 @@
+/**
+ * This file is part of the KDE project
+ * Copyright (C) 2013 Valentin Rusu <kde@rusu.info>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+#ifndef KNEWWALLETDIALOG_H
+#define KNEWWALLETDIALOG_H
+
+#include <QWizard>
+
+#include "ui_knewwalletdialogintro.h"
+#include "ui_knewwalletdialoggpg.h"
+#include <boost/shared_ptr.hpp>
+
+namespace GpgME {
+class Key;
+}
+
+namespace KWallet {
+
+class KNewWalletDialogIntro;
+class KNewWalletDialogGpg;
+
+class KNewWalletDialog : public QWizard {
+ Q_OBJECT
+public:
+ KNewWalletDialog(const QString &appName, const QString &walletName, QWidget* parent = 0);
+
+ bool isBlowfish() const;
+ int gpgId() const { return _gpgId; }
+ GpgME::Key gpgKey() const;
+private:
+ KNewWalletDialogIntro *_intro;
+ int _introId;
+ KNewWalletDialogGpg *_gpg;
+ int _gpgId;
+};
+
+class KNewWalletDialogIntro : public QWizardPage {
+ Q_OBJECT
+public:
+ KNewWalletDialogIntro(const QString &appName, const QString &walletName, QWidget* parent = 0);
+ bool isBlowfish() const;
+ virtual int nextId() const;
+protected Q_SLOTS:
+ void onBlowfishToggled(bool);
+private:
+ Ui_KNewWalletDialogIntro _ui;
+};
+
+class KNewWalletDialogGpg : public QWizardPage {
+ Q_OBJECT
+public:
+ KNewWalletDialogGpg(const QString &appName, const QString &walletName, QWidget* parent = 0);
+ virtual void initializePage();
+ virtual bool isComplete() const;
+ virtual bool validateCurrentPage();
+protected Q_SLOTS:
+ void onItemSelectionChanged();
+private:
+ bool _alreadyInitialized;
+ Ui_KNewWalletDialogGpg _ui;
+ bool _complete;
+};
+
+} // namespace
+
+#endif // KNEWWALLETDIALOG_H
Index: kwalletd/knewwalletdialoggpg.ui
===================================================================
--- /dev/null
+++ kwalletd/knewwalletdialoggpg.ui
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>KNewWalletDialogGpg</class>
+ <widget class="QWidget" name="KNewWalletDialogGpg">
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>400</width>
+ <height>300</height>
+ </rect>
+ </property>
+ <layout class="QVBoxLayout" name="verticalLayout">
+ <item>
+ <widget class="QLabel" name="label">
+ <property name="text">
+ <string>Please select the signing key from the list below:</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QLabel" name="label_2">
+ <property name="text">
+ <string><html><head/><body><p><span style=" font-weight:600;">NOTE:</span> this list shows only &quot;ultimate-level&quot; trusted keys</p></body></html></string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QTableWidget" name="listCertificates">
+ <property name="showDropIndicator" stdset="0">
+ <bool>false</bool>
+ </property>
+ <property name="dragDropOverwriteMode">
+ <bool>false</bool>
+ </property>
+ <property name="selectionBehavior">
+ <enum>QAbstractItemView::SelectRows</enum>
+ </property>
+ <property name="showGrid">
+ <bool>false</bool>
+ </property>
+ <property name="columnCount">
+ <number>3</number>
+ </property>
+ <attribute name="horizontalHeaderCascadingSectionResizes">
+ <bool>true</bool>
+ </attribute>
+ <attribute name="horizontalHeaderShowSortIndicator" stdset="0">
+ <bool>true</bool>
+ </attribute>
+ <attribute name="verticalHeaderVisible">
+ <bool>false</bool>
+ </attribute>
+ <attribute name="verticalHeaderHighlightSections">
+ <bool>false</bool>
+ </attribute>
+ <column>
+ <property name="text">
+ <string>Name</string>
+ </property>
+ </column>
+ <column>
+ <property name="text">
+ <string>E-Mail</string>
+ </property>
+ </column>
+ <column>
+ <property name="text">
+ <string>Key-ID</string>
+ </property>
+ </column>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ <resources/>
+ <connections>
+ <connection>
+ <sender>listCertificates</sender>
+ <signal>itemSelectionChanged()</signal>
+ <receiver>KNewWalletDialogGpg</receiver>
+ <slot>onItemSelectionChanged()</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>48</x>
+ <y>89</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>0</x>
+ <y>81</y>
+ </hint>
+ </hints>
+ </connection>
+ </connections>
+ <slots>
+ <slot>onItemSelectionChanged()</slot>
+ </slots>
+</ui>
Index: kwalletd/knewwalletdialogintro.ui
===================================================================
--- /dev/null
+++ kwalletd/knewwalletdialogintro.ui
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>KNewWalletDialogIntro</class>
+ <widget class="QWidget" name="KNewWalletDialogIntro">
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>341</width>
+ <height>190</height>
+ </rect>
+ </property>
+ <layout class="QVBoxLayout" name="verticalLayout_2">
+ <item>
+ <widget class="KTitleWidget" name="ktitlewidget">
+ <property name="comment">
+ <string>The KDE Wallet System</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QLabel" name="labelIntro">
+ <property name="sizePolicy">
+ <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ <property name="text">
+ <string><html><head/><body><p>The application '<span style=" font-weight:600;">%1</span>' has requested to open the KDE wallet. This is used to store sensitive data in a secure fashion. Please choose the new wallet's type below or click cancel to deny the application's request.</p></body></html></string>
+ </property>
+ <property name="textFormat">
+ <enum>Qt::RichText</enum>
+ </property>
+ <property name="alignment">
+ <set>Qt::AlignVCenter</set>
+ </property>
+ <property name="wordWrap">
+ <bool>true</bool>
+ </property>
+ <property name="margin">
+ <number>12</number>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <layout class="QHBoxLayout" name="horizontalLayout">
+ <item>
+ <spacer name="horizontalSpacer">
+ <property name="orientation">
+ <enum>Qt::Horizontal</enum>
+ </property>
+ <property name="sizeHint" stdset="0">
+ <size>
+ <width>40</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ </item>
+ <item>
+ <layout class="QVBoxLayout" name="verticalLayout">
+ <item>
+ <widget class="QRadioButton" name="radioBlowfish">
+ <property name="text">
+ <string>Classic, blowfish encrypted file</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QRadioButton" name="radioGpg">
+ <property name="text">
+ <string>Use GPG encryption, for better protection</string>
+ </property>
+ <property name="checked">
+ <bool>true</bool>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </item>
+ <item>
+ <spacer name="horizontalSpacer_2">
+ <property name="orientation">
+ <enum>Qt::Horizontal</enum>
+ </property>
+ <property name="sizeHint" stdset="0">
+ <size>
+ <width>40</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ </item>
+ </layout>
+ </item>
+ </layout>
+ </widget>
+ <customwidgets>
+ <customwidget>
+ <class>KTitleWidget</class>
+ <extends>QWidget</extends>
+ <header>ktitlewidget.h</header>
+ </customwidget>
+ </customwidgets>
+ <resources/>
+ <connections>
+ <connection>
+ <sender>radioBlowfish</sender>
+ <signal>toggled(bool)</signal>
+ <receiver>KNewWalletDialogIntro</receiver>
+ <slot>onBlowfishToggled(bool)</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>31</x>
+ <y>144</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>2</x>
+ <y>138</y>
+ </hint>
+ </hints>
+ </connection>
+ </connections>
+ <slots>
+ <slot>onBlowfishToggled(bool)</slot>
+ </slots>
+</ui>
Index: kwalletd/kwallet-4.13.upd
===================================================================
--- /dev/null
+++ kwalletd/kwallet-4.13.upd
@@ -0,0 +1,5 @@
+# We changed the default in 4.13
+Id=kde4.13
+File=kwalletrc
+Group=Wallet
+RemoveKey=Launch Manager
\ No newline at end of file
Index: kwalletd/kwalletd.cpp
===================================================================
--- kwalletd/kwalletd.cpp.orig
+++ kwalletd/kwalletd.cpp
@@ -27,6 +27,10 @@
#include "kbetterthankdialog.h"
#include "kwalletwizard.h"
+#ifdef HAVE_QGPGME
+#include "knewwalletdialog.h"
+#endif
+
#include <kuniqueapplication.h>
#include <ktoolinvocation.h>
#include <kconfig.h>
@@ -45,6 +49,9 @@
#include <kpluginfactory.h>
#include <kpluginloader.h>
#include <KNotification>
+#ifdef HAVE_QGPGME
+#include <gpgme++/key.h>
+#endif
#include <QtCore/QDir>
#include <QTextDocument> // Qt::escape
@@ -100,7 +107,10 @@ class KWalletTransaction {
int KWalletTransaction::nextTransactionId = 0;
KWalletD::KWalletD()
- : QObject(0), _failed(0), _syncTime(5000), _curtrans(0) {
+ : QObject(0), _failed(0), _syncTime(5000), _curtrans(0), _useGpg(false) {
+#ifdef HAVE_QGPGME
+ _useGpg = true;
+#endif
srand(time(0));
_showingFailureNotify = false;
@@ -140,9 +150,9 @@ KWalletD::~KWalletD() {
qDeleteAll(_transactions);
}
-#ifdef Q_WS_X11
void KWalletD::connectToScreenSaver()
{
+#ifdef Q_WS_X11
screensaver = new QDBusInterface("org.freedesktop.ScreenSaver", "/ScreenSaver", "org.freedesktop.ScreenSaver");
if (!screensaver->isValid()) {
kDebug() << "Service org.freedesktop.ScreenSaver not found. Retrying in 10 seconds...";
@@ -152,8 +162,8 @@ void KWalletD::connectToScreenSaver()
connect(screensaver, SIGNAL(ActiveChanged(bool)), SLOT(screenSaverChanged(bool)));
kDebug() << "connected to screen saver service.";
}
-}
#endif
+}
int KWalletD::generateHandle() {
int rc;
@@ -409,6 +419,7 @@ int KWalletD::doTransactionOpen(const QS
qlonglong wId, bool modal, const QString& service) {
if (_firstUse && !wallets().contains(KWallet::Wallet::LocalWallet()) && !isPath) {
// First use wizard
+ // TODO GPG adjust new smartcard options gathered by the wizard
QPointer<KWalletWizard> wiz = new KWalletWizard(0);
wiz->setWindowTitle(i18n("KDE Wallet Service"));
setupDialog( wiz, (WId)wId, appid, modal );
@@ -430,11 +441,23 @@ int KWalletD::doTransactionOpen(const QS
}
// Create the wallet
+ // TODO GPG select the correct wallet type upon cretion (GPG or blowfish based)
KWallet::Backend *b = new KWallet::Backend(KWallet::Wallet::LocalWallet());
- QString pass = wiz->field("pass1").toString();
- QByteArray p(pass.toUtf8(), pass.length());
- b->open(p);
- p.fill(0);
+#ifdef HAVE_QGPGME
+ if (wiz->field("useBlowfish").toBool()) {
+ b->setCipherType(KWallet::BACKEND_CIPHER_BLOWFISH);
+#endif
+ QString pass = wiz->field("pass1").toString();
+ QByteArray p(pass.toUtf8(), pass.length());
+ b->open(p);
+ p.fill(0);
+#ifdef HAVE_QGPGME
+ } else {
+ assert(wiz->field("useGpg").toBool());
+ b->setCipherType(KWallet::BACKEND_CIPHER_GPG);
+ b->open(wiz->gpgKey());
+ }
+#endif
b->createFolder(KWallet::Wallet::PasswordFolder());
b->createFolder(KWallet::Wallet::FormDataFolder());
b->close(true);
@@ -483,7 +506,20 @@ int KWalletD::internalOpen(const QString
QString password;
bool emptyPass = false;
if ((isPath && QFile::exists(wallet)) || (!isPath && KWallet::Backend::exists(wallet))) {
- int pwless = b->open(QByteArray());
+ // this open attempt will set wallet type from the file header, even if password is needed
+ int pwless = b->open(QByteArray(), w);
+#ifdef HAVE_QGPGME
+ assert(b->cipherType() != KWallet::BACKEND_CIPHER_UNKNOWN);
+ if (b->cipherType() == KWallet::BACKEND_CIPHER_GPG) {
+ // GPG based wallets do not prompt for password here. Instead, GPG should already have popped pinentry utility for wallet decryption
+ if (!b->isOpen()){
+ // for some reason, GPG operation failed
+ delete b;
+ return -1;
+ }
+ emptyPass = true;
+ } else {
+#endif
if (0 != pwless || !b->isOpen()) {
if (pwless == 0) {
// release, start anew
@@ -544,7 +580,33 @@ int KWalletD::internalOpen(const QString
} else {
emptyPass = true;
}
+#ifdef HAVE_QGPGME
+ }
+#endif
} else {
+ brandNew = true;
+#ifdef HAVE_QGPGME
+ // prompt the user for the new wallet format here
+ KWallet::BackendCipherType newWalletType = KWallet::BACKEND_CIPHER_UNKNOWN;
+
+ boost::shared_ptr<KWallet::KNewWalletDialog> newWalletDlg( new KWallet::KNewWalletDialog(appid, wallet, QWidget::find(w)));
+ GpgME::Key gpgKey;
+ setupDialog( newWalletDlg.get(), (WId)w, appid, true );
+ if (newWalletDlg->exec() == QDialog::Accepted) {
+ newWalletType = newWalletDlg->isBlowfish() ? KWallet::BACKEND_CIPHER_BLOWFISH : KWallet::BACKEND_CIPHER_GPG;
+ gpgKey = newWalletDlg->gpgKey();
+ } else {
+ // user cancelled the dialog box
+ delete b;
+ return -1;
+ }
+
+ if (newWalletType == KWallet::BACKEND_CIPHER_GPG) {
+ b->setCipherType(newWalletType);
+ b->open(gpgKey);
+ } else if (newWalletType == KWallet::BACKEND_CIPHER_BLOWFISH) {
+#endif // HAVE_QGPGME
+ b->setCipherType(KWallet::BACKEND_CIPHER_BLOWFISH);
KNewPasswordDialog *kpd = new KNewPasswordDialog();
if (wallet == KWallet::Wallet::LocalWallet() ||
wallet == KWallet::Wallet::NetworkWallet())
@@ -562,7 +624,6 @@ int KWalletD::internalOpen(const QString
kpd->setPrompt(i18n("<qt>The application '<b>%1</b>' has requested to create a new wallet named '<b>%2</b>'. Please choose a password for this wallet, or cancel to deny the application's request.</qt>", Qt::escape(appid), Qt::escape(wallet)));
}
}
- brandNew = true;
kpd->setCaption(i18n("KDE Wallet Service"));
kpd->setButtonGuiItem(KDialog::Ok,KGuiItem(i18n("C&reate"),"document-new"));
kpd->setPixmap(KIcon("kwalletmanager").pixmap(96, 96));
@@ -579,11 +640,14 @@ int KWalletD::internalOpen(const QString
}
}
delete kpd;
+#ifdef HAVE_QGPGME
+ }
+#endif
}
-
-
- if (!emptyPass && (password.isNull() || !b->isOpen())) {
+
+ if ((b->cipherType() == KWallet::BACKEND_CIPHER_BLOWFISH) &&
+ !emptyPass && (password.isNull() || !b->isOpen())) {
delete b;
return -1;
}
@@ -703,6 +767,7 @@ bool KWalletD::isAuthorizedApp(const QSt
int KWalletD::deleteWallet(const QString& wallet) {
+ int result = -1;
QString path = KGlobal::dirs()->saveLocation("kwallet") + QDir::separator() + wallet + ".kwl";
if (QFile::exists(path)) {
@@ -710,10 +775,17 @@ int KWalletD::deleteWallet(const QString
internalClose(walletInfo.second, walletInfo.first, true);
QFile::remove(path);
emit walletDeleted(wallet);
- return 0;
+ // also delete access control entries
+ KConfigGroup cfgAllow = KSharedConfig::openConfig("kwalletrc")->group("Auto Allow");
+ cfgAllow.deleteEntry(wallet);
+
+ KConfigGroup cfgDeny = KSharedConfig::openConfig("kwalletrc")->group("Auto Deny");
+ cfgDeny.deleteEntry(wallet);
+
+ result = 0;
}
- return -1;
+ return result;
}
@@ -722,6 +794,7 @@ void KWalletD::changePassword(const QStr
message().setDelayedReply(true);
xact->message = message();
+ // TODO GPG this shouldn't be allowed on a GPG managed wallet; a warning should be displayed about this
xact->appid = appid;
xact->wallet = wallet;
@@ -762,30 +835,40 @@ void KWalletD::doTransactionChangePasswo
assert(w);
- QPointer<KNewPasswordDialog> kpd = new KNewPasswordDialog();
- kpd->setPrompt(i18n("<qt>Please choose a new password for the wallet '<b>%1</b>'.</qt>", Qt::escape(wallet)));
- kpd->setCaption(i18n("KDE Wallet Service"));
- kpd->setAllowEmptyPasswords(true);
- setupDialog( kpd, (WId)wId, appid, false );
- if (kpd->exec() == KDialog::Accepted && kpd) {
- QString p = kpd->password();
- if (!p.isNull()) {
- w->setPassword(p.toUtf8());
- int rc = w->close(true);
- if (rc < 0) {
- KMessageBox::sorryWId((WId)wId, i18n("Error re-encrypting the wallet. Password was not changed."), i18n("KDE Wallet Service"));
- reclose = true;
- } else {
- rc = w->open(p.toUtf8());
- if (rc < 0) {
- KMessageBox::sorryWId((WId)wId, i18n("Error reopening the wallet. Data may be lost."), i18n("KDE Wallet Service"));
- reclose = true;
- }
- }
- }
- }
+#ifdef HAVE_QGPGME
+ if (w->cipherType() == KWallet::BACKEND_CIPHER_GPG) {
+ QString keyID = w->gpgKey().shortKeyID();
+ assert(!keyID.isNull());
+ KMessageBox::errorWId((WId)wId, i18n("<qt>The <b>%1</b> wallet is encrypted using GPG key <b>%2</b>. Please use <b>GPG</b> tools (such as <b>kleopatra</b>) to change the passphrase associated to that key.</qt>", Qt::escape(wallet), keyID));
+ } else {
+#endif
+ QPointer<KNewPasswordDialog> kpd = new KNewPasswordDialog();
+ kpd->setPrompt(i18n("<qt>Please choose a new password for the wallet '<b>%1</b>'.</qt>", Qt::escape(wallet)));
+ kpd->setCaption(i18n("KDE Wallet Service"));
+ kpd->setAllowEmptyPasswords(true);
+ setupDialog( kpd, (WId)wId, appid, false );
+ if (kpd->exec() == KDialog::Accepted && kpd) {
+ QString p = kpd->password();
+ if (!p.isNull()) {
+ w->setPassword(p.toUtf8());
+ int rc = w->close(true);
+ if (rc < 0) {
+ KMessageBox::sorryWId((WId)wId, i18n("Error re-encrypting the wallet. Password was not changed."), i18n("KDE Wallet Service"));
+ reclose = true;
+ } else {
+ rc = w->open(p.toUtf8());
+ if (rc < 0) {
+ KMessageBox::sorryWId((WId)wId, i18n("Error reopening the wallet. Data may be lost."), i18n("KDE Wallet Service"));
+ reclose = true;
+ }
+ }
+ }
+ }
- delete kpd;
+ delete kpd;
+#ifdef HAVE_QGPGME
+ }
+#endif
if (reclose) {
internalClose(w, handle, true);
@@ -892,14 +975,14 @@ void KWalletD::sync(int handle, const QS
// get the wallet and check if we have a password for it (safety measure)
if ((b = getWallet(appid, handle))) {
QString wallet = b->walletName();
- b->sync();
+ b->sync(0);
}
}
void KWalletD::timedOutSync(int handle) {
_syncTimers.removeTimer(handle);
if (_wallets.contains(handle) && _wallets[handle]) {
- _wallets[handle]->sync();
+ _wallets[handle]->sync(0);
}
}
@@ -1363,7 +1446,7 @@ void KWalletD::reconfigure() {
KConfigGroup walletGroup(&cfg, "Wallet");
_firstUse = walletGroup.readEntry("First Use", true);
_enabled = walletGroup.readEntry("Enabled", true);
- _launchManager = walletGroup.readEntry("Launch Manager", true);
+ _launchManager = walletGroup.readEntry("Launch Manager", false);
_leaveOpen = walletGroup.readEntry("Leave Open", false);
bool idleSave = _closeIdle;
_closeIdle = walletGroup.readEntry("Close When Idle", false);
@@ -1529,50 +1612,59 @@ void KWalletD::activatePasswordDialog()
int KWalletD::pamOpen(const QString &wallet, const QByteArray &passwordHash, int sessionTimeout)
{
- // don't do anything if transactions are already being processed!
- if (_processing) {
- return -1;
- }
-
- // check if the wallet is already open
- QPair<int, KWallet::Backend*> walletInfo = findWallet(wallet);
- int rc = walletInfo.first;
- if (rc == -1) {
- if (_wallets.count() > 20) {
- kDebug() << "Too many wallets open.";
- return -1;
- }
-
- if (!QRegExp("^[\\w\\^\\&\\'\\@\\{\\}\\[\\]\\,\\$\\=\\!\\-\\#\\(\\)\\%\\.\\+\\_\\s]+$").exactMatch(wallet) ||
- !KWallet::Backend::exists(wallet)) {
- return -1;
- }
-
- KWallet::Backend *b = new KWallet::Backend(wallet);
- int openrc = b->openPreHashed(passwordHash);
- if (openrc == 0 && b->isOpen()) {
- // opening the wallet was successful
- int handle = generateHandle();
- _wallets.insert(handle, b);
- _syncTimers.addTimer(handle, _syncTime);
-
- // don't reference the wallet or add a session so it
- // can be reclosed easily.
-
- if (sessionTimeout > 0) {
- _closeTimers.addTimer(handle, sessionTimeout);
- } else if (_closeIdle) {
- _closeTimers.addTimer(handle, _idleTime);
- }
- emit walletOpened(wallet);
- if (_wallets.count() == 1 && _launchManager) {
- KToolInvocation::startServiceByDesktopName("kwalletmanager-kwalletd");
- }
- return handle;
- }
- }
+ if (_processing) {
+ return -1;
+ }
+
+ if (!QRegExp("^[\\w\\^\\&\\'\\@\\{\\}\\[\\]\\,\\$\\=\\!\\-\\#\\(\\)\\%\\.\\+\\_\\s]+$").exactMatch(wallet)) {
+ return -1;
+ }
+
+ // check if the wallet is already open
+ QPair<int, KWallet::Backend*> walletInfo = findWallet(wallet);
+ int rc = walletInfo.first;
+ if (rc != -1) {
+ return rc;//Wallet already opened, return handle
+ }
+
+ KWallet::Backend *b = 0;
+ //If the wallet we want to open does not exists. create it and set pam hash
+ if (!wallets().contains(wallet)) {
+ b = new KWallet::Backend(wallet);
+ b->setCipherType(KWallet::BACKEND_CIPHER_BLOWFISH);
+ } else {
+ b = new KWallet::Backend(wallet);
+ }
+
+ if (_wallets.count() > 20) {
+ return -1;
+ }
+
+ int openrc = b->openPreHashed(passwordHash);
+ if (openrc != 0 || !b->isOpen()) {
+ return -1;
+ }
+
+ // opening the wallet was successful
+ int handle = generateHandle();
+ _wallets.insert(handle, b);
+ _syncTimers.addTimer(handle, _syncTime);
+
+ // don't reference the wallet or add a session so it
+ // can be reclosed easily.
+
+ if (sessionTimeout > 0) {
+ _closeTimers.addTimer(handle, sessionTimeout);
+ } else if (_closeIdle) {
+ _closeTimers.addTimer(handle, _idleTime);
+ }
+ emit walletOpened(wallet);
+
+ if (_wallets.count() == 1 && _launchManager) {
+ KToolInvocation::startServiceByDesktopName("kwalletmanager-kwalletd");
+ }
- return -1;
+ return handle;
}
#include "kwalletd.moc"
Index: kwalletd/kwalletd.desktop
===================================================================
--- kwalletd/kwalletd.desktop.orig
+++ kwalletd/kwalletd.desktop
@@ -18,13 +18,13 @@ Name[ca@valencia]=Servidor de carteres
Name[cs]=Server úschovny
Name[csb]=Serwera Wallet
Name[da]=Wallet-server
-Name[de]=Digitale Brieftasche
+Name[de]=Passwortspeicher-Server
Name[el]=Εξυπηρετητής πορτοφολιού
Name[en_GB]=Wallet Server
Name[eo]=Servilo de portilo
Name[es]=Servidor de carteras
Name[et]=Turvalaeka server
-Name[eu]=Zorro-zerbitzua
+Name[eu]=Zorro-zerbitzaria
Name[fa]=خادم کیفپول
Name[fi]=Lompakkopalvelin
Name[fr]=Serveur de portefeuilles
@@ -62,7 +62,7 @@ Name[or]=ୱାଲେଟ ସର୍ଭର
Name[pa]=ਵਾਲਿਟ ਸਰਵਰ
Name[pl]=Serwer Portfela
Name[pt]=Servidor da Carteira
-Name[pt_BR]=Servidor da carteira
+Name[pt_BR]=Servidor de carteiras
Name[ro]=Server de portofel
Name[ru]=Wallet Server
Name[si]=පසුම්බි ධාරකය
@@ -98,13 +98,13 @@ Comment[ca@valencia]=Servidor de cartere
Comment[cs]=Server úschovny
Comment[csb]=Serwera Wallet
Comment[da]=Wallet-server
-Comment[de]=Dienst für die digitale Brieftasche
+Comment[de]=Passwortspeicher-Server
Comment[el]=Εξυπηρετητής πορτοφολιού
Comment[en_GB]=Wallet Server
Comment[eo]=Servilo de portilo
Comment[es]=Servidor de carteras
Comment[et]=Turvalaeka server
-Comment[eu]=Zorro-zerbitzua
+Comment[eu]=Zorro-zerbitzaria
Comment[fa]=خادم کیفپول
Comment[fi]=Lompakkopalvelin
Comment[fr]=Serveur de portefeuilles
@@ -142,7 +142,7 @@ Comment[or]=ୱାଲେଟ ସର୍ଭ
Comment[pa]=ਵਾਲਿਟ ਸਰਵਰ
Comment[pl]=Serwer Portfela
Comment[pt]=Servidor da Carteira
-Comment[pt_BR]=Servidor da carteira
+Comment[pt_BR]=Servidor de carteiras
Comment[ro]=Server de portofel
Comment[ru]=Служба бумажника
Comment[si]=පසුම්බි ධාරකය
Index: kwalletd/kwalletd.h
===================================================================
--- kwalletd/kwalletd.h.orig
+++ kwalletd/kwalletd.h
@@ -42,7 +42,6 @@ class KTimeout;
// @Private
class KWalletTransaction;
-class KWalletSyncTimer;
class KWalletSessionStore;
class KWalletD : public QObject, protected QDBusContext {
@@ -183,9 +182,7 @@ class KWalletD : public QObject, protect
void notifyFailures();
void processTransactions();
void activatePasswordDialog();
-#ifdef Q_WS_X11
void connectToScreenSaver();
-#endif
private:
// Internal - open a wallet
@@ -244,6 +241,8 @@ class KWalletD : public QObject, protect
// sessions
KWalletSessionStore _sessions;
QDBusServiceWatcher _serviceWatcher;
+
+ bool _useGpg;
};
Index: kwalletd/kwalletd.notifyrc
===================================================================
--- kwalletd/kwalletd.notifyrc.orig
+++ kwalletd/kwalletd.notifyrc
@@ -10,7 +10,7 @@ Comment[ca]=Cartera
Comment[ca@valencia]=Cartera
Comment[cs]=Úschovna
Comment[da]=Tegnebog
-Comment[de]=Brieftasche
+Comment[de]=Passwortspeicher
Comment[el]=Πορτοφόλι
Comment[en_GB]=Wallet
Comment[eo]=Portilo
@@ -149,7 +149,7 @@ Name[ast]=Necesita contraseña
Name[bg]=Нужна е парола
Name[bn]=পাসওয়ার্ড প্রয়োজন
Name[bs]=Zahtjeva lozinku
-Name[ca]=Cal contrasenya
+Name[ca]=Cal una contrasenya
Name[ca@valencia]=Cal contrasenya
Name[cs]=Je třeba heslo
Name[csb]=Wëmôgô zjinaczi parolë
@@ -226,13 +226,13 @@ Comment[ca@valencia]=El dimoni de carter
Comment[cs]=Démon úschovny KDE požaduje heslo
Comment[csb]=Demóna KDE Wallet żądô parolë
Comment[da]=Dæmonen for KDE's tegnebog anmoder om en adgangskode
-Comment[de]=Die digitale Brieftasche benötigt ein Passwort
+Comment[de]=Der Passwortspeicher benötigt ein Passwort
Comment[el]=Ο δαίμονας πορτοφολιού του KDE απαιτεί έναν κωδικό πρόσβασης
Comment[en_GB]=The KDE Wallet Dæmon requests a password
Comment[eo]=la demono de portilo de KDE postulas pasvorton
Comment[es]=El demonio de la cartera de KDE requiere una contraseña
Comment[et]=KDE turvalaeka deemon nõuab parooli
-Comment[eu]=KDE diruzorroaren deabruak pasahitza eskatzen du
+Comment[eu]=KDEren zorroaren daemon-ak pasahitza eskatzen du
Comment[fa]=شبح Wallte کیدیای رمزعبوری را درخواست میکند
Comment[fi]=KDE:n Lompakkotaustaprosessi pyytää salasanaa
Comment[fr]=Le démon du portefeuille de KDE demande un mot de passe
@@ -266,7 +266,7 @@ Comment[nn]=Lommeboktenesta i KDE treng
Comment[pa]=KDE ਵਾਲਿਟ ਡੈਮਨ ਨੇ ਪਾਸਵਰਡ ਦੀ ਮੰਗ ਕੀਤੀ ਹੈ
Comment[pl]=Demon Portfela KDE wymaga hasła
Comment[pt]=O Servidor da Carteira do KDE está a pedir uma senha
-Comment[pt_BR]=O servidor da carteira do KDE está solicitando uma senha
+Comment[pt_BR]=O servidor de carteiras do KDE está solicitando uma senha
Comment[ro]=Demonul de portofel KDE cere o parolă
Comment[ru]=Бумажник KDE запрашивает пароль
Comment[si]=The KDE පසුම්බි ඩීමනය මුරපදයක් ඉල්ලයි
@@ -281,10 +281,105 @@ Comment[tg]=Модули ҳамёни KD
Comment[th]=บริการกระเป๋าคุมข้อมูลของ KDE ร้องขอรหัสผ่าน
Comment[tr]=KDE Cüzdan Servisi bir parola ister
Comment[ug]=KDE ھەميان نازارەتچىسى ئىم سورايدۇ
-Comment[uk]=Фонова служба кишені KDE надіслала запит на пароль
+Comment[uk]=Фонова служба торбинок KDE надіслала запит на пароль
Comment[vi]=Trình nền Wallet KDE yêu cầu một mật khẩu
Comment[wa]=Li démon poite-manoye di KDE dimande on scret
Comment[x-test]=xxThe KDE Wallet Daemon requests a passwordxx
Comment[zh_CN]=KDE 钱包守护程序请求密码
Comment[zh_TW]=KDE 錢包守護程式需要密碼
Action=Popup
+
+[Event/syncFailed]
+Name=Sync Failed
+Name[ar]=فشل في المزامنة
+Name[bs]=Sinkronizacija nije uspjela
+Name[ca]=La sincronització ha fallat
+Name[ca@valencia]=La sincronització ha fallat
+Name[cs]=Synchronizace selhala
+Name[da]=Synkronisering mislykkedes
+Name[de]=Abgleich fehlgeschlagen
+Name[el]=Αποτυχία συγχρονισμού
+Name[en_GB]=Sync Failed
+Name[es]=Sincronización fallida
+Name[et]=Sünkroonimine nurjus
+Name[eu]=Sinkronizatzeak huts egin du
+Name[fa]=همگامسازی شکست خورد
+Name[fi]=Synkronointi epäonnistui
+Name[fr]=Échec de la synchronisation
+Name[gl]=Fallou a sincronización
+Name[hu]=A szinkronizálás meghiúsult
+Name[ia]=Il falleva synchronisar
+Name[id]=Sinkronisasi Gagal
+Name[is]=Samstilling mistókst
+Name[it]=Sincronizzazione non riuscita
+Name[kk]=Қадамдастыру жаңылды
+Name[ko]=동기화 실패
+Name[nb]=Synkronisering mislyktes
+Name[nds]=Synkroniseren is fehlslaan
+Name[nl]=Synchronisatie mislukt
+Name[nn]=Feil ved synkronisering
+Name[pa]=ਸਿੰਕ ਫੇਲ੍ਹ ਹੈ
+Name[pl]=Nieudana synchronizacja
+Name[pt]=A Sincronização Falhou
+Name[pt_BR]=Falha na sincronização
+Name[ro]=Sincronizare eșuată
+Name[ru]=Сбой записи
+Name[sk]=Synchronizácia zlyhala
+Name[sl]=Uskladitev spodletela
+Name[sr]=Синхронизација пропала
+Name[sr@ijekavian]=Синхронизација пропала
+Name[sr@ijekavianlatin]=Sinhronizacija propala
+Name[sr@latin]=Sinhronizacija propala
+Name[sv]=Synkronisering misslyckades
+Name[tr]=Eşitleme Başarısız
+Name[uk]=Спроба синхронізації зазнала невдачі
+Name[x-test]=xxSync Failedxx
+Name[zh_CN]=同步失败
+Name[zh_TW]=同步失敗
+Comment=KDE Wallet System failed to sync a wallet file to disk
+Comment[ar]=فشل نظام الحافظة في مزامنة ملف الحافظة إلى القرص
+Comment[bs]=Sistem KDE Wallet neuspio da sinhronizira datoteku novčanika s diskom
+Comment[ca]=El sistema de carteres del KDE ha fallat en sincronitzar un fitxer de cartera al disc
+Comment[ca@valencia]=El sistema de cartera del KDE ha fallat en sincronitzar un fitxer de cartera al disc
+Comment[cs]=Systému úschovny pro KDE selhala synchronizace úschovny na disk
+Comment[da]=KDE's tegnebogsystem kunne ikke synkronisere en tegnebogsfil til disken
+Comment[de]=Abgleich des KDE-Passwortspeicher mit einer Passwortspeicherdatei auf der Festplatte ist fehlgeschlagen.
+Comment[el]=Το σύστημα πορτοφολιού του KDE απέτυχε να συγχρονίσει ενός πορτοφολιού στον δίσκο
+Comment[en_GB]=KDE Wallet System failed to sync a wallet file to disk
+Comment[es]=El sistema de carteras de KDE ha fallado al sincronizar un archivo de cartera con el disco
+Comment[et]=KDE turvalaekasüsteem ei suutnud sünkroonida turvalaekafaili kettale
+Comment[eu]=KDE zorro-sistemak ezin izan du zorro bat diskora sinkronizatu
+Comment[fa]=سامانه کیفپول کیدیای در همگامسازی یک کیفپول در دیسک شکست خورد
+Comment[fi]=KDE:n lompakkojärjestelmä ei onnistunut tallentamaan lompakkotiedostoa levylle
+Comment[fr]=Le système du portefeuille de KDE n'a pas réussi à synchroniser un fichier de portefeuille sur le disque
+Comment[gl]=O sistema de carteiras de KDE non conseguiu sincronizar un ficheiro de carteira co disco
+Comment[hu]=A KDE jelszókezelő rendszer nem tudta szinkronizálni a jelszófájlt a lemezre
+Comment[ia]=Le sistema de portafolio de KDE (KDE Wallet System) falleva synchronisar un file de portafolio con le disco
+Comment[id]=Sistem Dompet KDE gagal sinkronisasi berkas dompet ke cakram
+Comment[is]=KDE Veskiskerfið náði ekki að samstilla veskisskrá á disk
+Comment[it]=Il sistema di portafogli di KDE non è riuscito a sincronizzare il file del portafogli sul disco
+Comment[kk]=KDE әмиян жүйесінің дискідегі әмиян файлымен қадамдастыру жаңылысы
+Comment[ko]=KDE 지갑 시스템과 디스크의 지갑 상태를 동기화할 수 없음
+Comment[nb]=KDE Wallet System klarte ikke å synkronisere en lommebokfil til disk
+Comment[nds]=Binnen KDE sien Knippsystem lett sik en Knipp nich mit de Datei op de Fastplaat synkroniseren
+Comment[nl]=Het lukte het KDE portefeuillesysteem niet om een portefeuillebestand naar schijf te synchroniseren
+Comment[nn]=Lommeboktenesta klarte ikkje synkronisera lommebokfila til disken
+Comment[pa]=KDE ਵਾਲਿਟ ਸਿਸਟਮ ਵਾਲਿਟ ਫਾਇਲ ਨੂੰ ਡਿਸਕ ਉੱਤੇ ਸਿੰਕ ਕਰਨ ਲਈ ਫੇਲ੍ਹ ਹੈ
+Comment[pl]=Nieudana synchronizacja pliku portfela przez System portfela KDE
+Comment[pt]=O sistema da Carteira do KDE não conseguiu sincronizar um ficheiro da carteira para o disco
+Comment[pt_BR]=O Sistema da Carteiras do KDE não conseguiu sincronizar um arquivo de carteira com o disco
+Comment[ro]=Sistemul de portofele KDE nu a putut sincroniza fișierul unui portofel cu discul
+Comment[ru]=Служба бумажника KDE не смогла записать файл бумажника на диск
+Comment[sk]=Systému KDE peňaženky sa nepodarilo synchronizovať súbor peňaženky na disk
+Comment[sl]=Sistem listnic za KDE ni uspel uskladiti datoteke z listnico na disku
+Comment[sr]=К‑новчаник не може да синхронизује фајл новчаника на диск
+Comment[sr@ijekavian]=К‑новчаник не може да синхронизује фајл новчаника на диск
+Comment[sr@ijekavianlatin]=K‑novčanik ne može da sinhronizuje fajl novčanika na disk
+Comment[sr@latin]=K‑novčanik ne može da sinhronizuje fajl novčanika na disk
+Comment[sv]=KDE:s plånbokssystem misslyckades synkronisera en plånboksfil till disk
+Comment[tr]=KDE Cüzdan Sistemi diske bir cüzdan dosyası eşitlerken başarısız oldu
+Comment[uk]=Система торбинок KDE не змогла синхронізувати дані файла торбинок з диском
+Comment[x-test]=xxKDE Wallet System failed to sync a wallet file to diskxx
+Comment[zh_CN]=KDE 钱包系统无法将钱包文件写入磁盘
+Comment[zh_TW]=KDE 錢包系統在將錢包檔同步到磁碟時失敗
+Action=Popup
Index: kwalletd/kwalletwizard.cpp
===================================================================
--- kwalletd/kwalletwizard.cpp.orig
+++ kwalletd/kwalletwizard.cpp
@@ -23,11 +23,25 @@
#include "ui_kwalletwizardpageintro.h"
#include "ui_kwalletwizardpageoptions.h"
#include "ui_kwalletwizardpagepassword.h"
+#ifdef HAVE_QGPGME
+#include "ui_kwalletwizardpagepasswordgpg.h"
+#include "ui_kwalletwizardpagegpgkey.h"
+#endif
#include <QButtonGroup>
#include <klocale.h>
+#ifdef HAVE_QGPGME
+#include <QComboBox>
+#include <gpgme++/context.h>
+#include <gpgme++/key.h>
+#include <gpgme++/keylistresult.h>
+#include <kdebug.h>
+#include <kmessagebox.h>
+#include <gpgme.h>
+#endif
+
class PageIntro : public QWizardPage
{
public:
@@ -59,18 +73,23 @@ private:
Ui::KWalletWizardPageIntro ui;
};
-
class PagePassword : public QWizardPage
{
public:
PagePassword(QWidget *parent)
: QWizardPage(parent)
{
+
ui.setupUi(this);
registerField("useWallet", ui._useWallet);
registerField("pass1", ui._pass1);
registerField("pass2", ui._pass2);
+#ifdef HAVE_QGPGME
+ registerField("useGPG", ui._radioGpg);
+ registerField("useBlowfish", ui._radioBlowfish);
+ connect(ui._radioBlowfish, SIGNAL(toggled(bool)), parent, SLOT(passwordPageUpdate()));
+#endif
connect(ui._useWallet, SIGNAL(clicked()), parent, SLOT(passwordPageUpdate()));
connect(ui._pass1, SIGNAL(textChanged(QString)), parent, SLOT(passwordPageUpdate()));
@@ -79,7 +98,20 @@ public:
virtual int nextId() const
{
+#ifdef HAVE_QGPGME
+ int nextId = -1;
+ if (field("useWallet").toBool()) {
+ if (field("useBlowfish").toBool()) {
+ nextId = static_cast<KWalletWizard*>(wizard())->wizardType() == KWalletWizard::Basic ? -1 : KWalletWizard::PageOptionsId; // same as non QGPGME case
+ } else {
+ nextId = KWalletWizard::PageGpgKeyId;
+ }
+ }
+
+ return nextId;
+#else
return static_cast<KWalletWizard*>(wizard())->wizardType() == KWalletWizard::Basic ? -1 : KWalletWizard::PageOptionsId;
+#endif
}
void setMatchLabelText(const QString &text)
@@ -88,9 +120,96 @@ public:
}
private:
+#ifdef HAVE_QGPGME
+ Ui::KWalletWizardPagePasswordGpg ui;
+#else
Ui::KWalletWizardPagePassword ui;
+#endif
+};
+
+#ifdef HAVE_QGPGME
+typedef std::vector< GpgME::Key > KeysVector;
+Q_DECLARE_METATYPE(GpgME::Key)
+
+struct AddKeyToCombo {
+ QComboBox *_list;
+ AddKeyToCombo(QComboBox *list) : _list(list) {}
+ void operator()( const GpgME::Key &k) {
+ QString text = QString("%1 (%2)").arg(k.shortKeyID()).arg(k.userID(0).email());
+ QVariant varKey;
+ varKey.setValue(k);
+ _list->addItem(text, varKey);
+ }
};
+class PageGpgKey : public QWizardPage
+{
+public:
+ PageGpgKey(QWidget* parent)
+ : QWizardPage(parent)
+ , userHasGpgKeys(false)
+ {
+ ui.setupUi(this);
+
+ registerField("gpgKey", ui._gpgKey);
+
+ KeysVector keys;
+ GpgME::initializeLibrary();
+ GpgME::Error err = GpgME::checkEngine(GpgME::OpenPGP);
+ if (err){
+ kDebug() << "OpenPGP not supported on your system!";
+ KMessageBox::error(this, i18n("The QGpgME library failed to initialize for the OpenPGP protocol. Please check your system's configuration then try again."));
+ } else {
+ boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
+ if (0 == ctx) {
+ KMessageBox::error(this, i18n("The QGpgME library failed to initialize for the OpenPGP protocol. Please check your system's configuration then try again."));
+ } else {
+
+ ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
+ int row =0;
+ err = ctx->startKeyListing();
+ while (!err) {
+ GpgME::Key k = ctx->nextKey(err);
+ if (err)
+ break;
+ if (!k.isInvalid() && k.canEncrypt() && (k.ownerTrust() == GpgME::Key::Ultimate)) {
+ keys.push_back(k);
+ }
+ }
+ ctx->endKeyListing();
+ }
+ }
+ std::for_each(keys.begin(), keys.end(), AddKeyToCombo(ui._gpgKey));
+
+ userHasGpgKeys = keys.size() >0;
+ if (userHasGpgKeys) {
+ ui.stackedWidget->setCurrentWidget(ui._pageWhenHasKeys);
+ } else {
+ ui.stackedWidget->setCurrentWidget(ui._pageNoKeys);
+ setFinalPage(true);
+ }
+ emit completeChanged();
+ }
+
+ virtual int nextId() const {
+ return static_cast<KWalletWizard*>(wizard())->wizardType() == KWalletWizard::Basic ? -1 : KWalletWizard::PageOptionsId;
+ }
+
+ virtual bool isComplete() const {
+ return userHasGpgKeys;
+ }
+
+ bool hasGpgKeys() const { return userHasGpgKeys; }
+
+ GpgME::Key gpgKey() const {
+ QVariant varKey = ui._gpgKey->itemData(field("gpgKey").toInt());
+ return varKey.value< GpgME::Key >();
+ }
+private:
+ Ui::KWalletWizardPageGpgKey ui;
+ bool userHasGpgKeys;
+};
+#endif
class PageOptions : public QWizardPage
{
@@ -134,24 +253,42 @@ KWalletWizard::KWalletWizard( QWidget *p
setPage(PageIntroId, m_pageIntro);
m_pagePasswd = new PagePassword(this);
setPage(PagePasswordId, m_pagePasswd);
+#ifdef HAVE_QGPGME
+ m_pageGpgKey = new PageGpgKey(this);
+ setPage(PageGpgKeyId, m_pageGpgKey);
+#endif
setPage(PageOptionsId, new PageOptions(this));
setPage(PageExplanationId, new PageExplanation(this));
+
+ resize(500, 420);
}
void KWalletWizard::passwordPageUpdate()
{
bool complete = true;
if (field("useWallet").toBool()) {
- if (field("pass1").toString() == field("pass2").toString()) {
- if (field("pass1").toString().isEmpty()) {
- m_pagePasswd->setMatchLabelText(i18n("<qt>Password is empty. <b>(WARNING: Insecure)</b></qt>"));
+#ifdef HAVE_QGPGME
+ if (field("useBlowfish").toBool()) {
+ m_pagePasswd->setFinalPage(wizardType() == Basic);
+ button(NextButton)->setVisible(wizardType() != Basic);
+#endif
+ if (field("pass1").toString() == field("pass2").toString()) {
+ if (field("pass1").toString().isEmpty()) {
+ m_pagePasswd->setMatchLabelText(i18n("<qt>Password is empty. <b>(WARNING: Insecure)</b></qt>"));
+ } else {
+ m_pagePasswd->setMatchLabelText(i18n("Passwords match."));
+ }
} else {
- m_pagePasswd->setMatchLabelText(i18n("Passwords match."));
+ m_pagePasswd->setMatchLabelText(i18n("Passwords do not match."));
+ complete = false;
}
+#ifdef HAVE_QGPGME
} else {
- m_pagePasswd->setMatchLabelText(i18n("Passwords do not match."));
- complete = false;
+ m_pagePasswd->setFinalPage(false);
+ button(NextButton)->setEnabled(true);
+ return;
}
+#endif
} else {
m_pagePasswd->setMatchLabelText(QString());
}
@@ -176,3 +313,8 @@ void KWalletWizard::initializePage(int i
}
}
+#ifdef HAVE_QGPGME
+GpgME::Key KWalletWizard::gpgKey() const {
+ return m_pageGpgKey->gpgKey();
+}
+#endif
Index: kwalletd/kwalletwizard.h
===================================================================
--- kwalletd/kwalletwizard.h.orig
+++ kwalletd/kwalletwizard.h
@@ -20,9 +20,13 @@
#define KWALLETWIZARD_H
#include <QWizard>
+#ifdef HAVE_QGPGME
+#include <gpgme++/key.h>
+#endif
-class PageIntro;
+class PageGpgKey;
class PagePassword;
+class PageIntro;
class KWalletWizard : public QWizard
{
@@ -37,13 +41,20 @@ class KWalletWizard : public QWizard
static const int PageIntroId = 0;
static const int PagePasswordId = 1;
- static const int PageOptionsId = 2;
- static const int PageExplanationId = 3;
+#ifdef HAVE_QGPGME
+ static const int PageGpgKeyId =2;
+#endif
+ static const int PageOptionsId = 3;
+ static const int PageExplanationId = 4;
KWalletWizard( QWidget *parent = 0 );
WizardType wizardType() const;
+#ifdef HAVE_QGPGME
+ GpgME::Key gpgKey() const;
+#endif // HAVE_QGPGME
+
protected:
virtual void initializePage(int id);
@@ -53,6 +64,9 @@ class KWalletWizard : public QWizard
private:
PageIntro *m_pageIntro;
PagePassword *m_pagePasswd;
+#ifdef HAVE_QGPGME
+ PageGpgKey *m_pageGpgKey;
+#endif
};
#endif
Index: kwalletd/kwalletwizardpageexplanation.ui
===================================================================
--- kwalletd/kwalletwizardpageexplanation.ui.orig
+++ kwalletd/kwalletwizardpageexplanation.ui
@@ -1,7 +1,8 @@
-<ui version="4.0" >
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
<class>KWalletWizardPageExplanation</class>
- <widget class="QWidget" name="KWalletWizardPageExplanation" >
- <property name="geometry" >
+ <widget class="QWidget" name="KWalletWizardPageExplanation">
+ <property name="geometry">
<rect>
<x>0</x>
<y>0</y>
@@ -9,16 +10,16 @@
<height>215</height>
</rect>
</property>
- <layout class="QVBoxLayout" >
+ <layout class="QVBoxLayout">
<item>
- <widget class="QLabel" name="textLabel2_3" >
- <property name="text" >
- <string>The KDE Wallet system stores your data in a <i>wallet</i> file on your local hard disk. The data is only written in encrypted form, presently using the blowfish algorithm with your password as the key. When a wallet is opened, the wallet manager application will launch and display an icon in the system tray. You can use this application to manage your wallets. It even permits you to drag wallets and wallet contents, allowing you to easily copy a wallet to a remote system.</string>
+ <widget class="QLabel" name="textLabel2_3">
+ <property name="text">
+ <string><html><head/><body><p>The KDE Wallet system stores your data in a <span style=" font-style:italic;">wallet</span> file on your local hard disk. The data is only written in the encrypted form of your choice - blowfish algorithm with your password as the key or using a GPG encryption key. When a wallet is opened, the wallet manager application will launch and display an icon in the system tray. You can use this application to manage all of your wallets. It even permits you to drag wallets and wallet contents, allowing you to easily copy a wallet to a remote system.</p></body></html></string>
</property>
- <property name="textFormat" >
+ <property name="textFormat">
<enum>Qt::RichText</enum>
</property>
- <property name="wordWrap" >
+ <property name="wordWrap">
<bool>true</bool>
</property>
</widget>
Index: kwalletd/kwalletwizardpagegpgkey.ui
===================================================================
--- /dev/null
+++ kwalletd/kwalletwizardpagegpgkey.ui
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>KWalletWizardPageGpgKey</class>
+ <widget class="QWidget" name="KWalletWizardPageGpgKey">
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>436</width>
+ <height>309</height>
+ </rect>
+ </property>
+ <layout class="QVBoxLayout" name="verticalLayout_3">
+ <item>
+ <widget class="QStackedWidget" name="stackedWidget">
+ <property name="currentIndex">
+ <number>0</number>
+ </property>
+ <widget class="QWidget" name="_pageWhenHasKeys">
+ <layout class="QVBoxLayout" name="verticalLayout_2">
+ <item>
+ <widget class="QLabel" name="label_3">
+ <property name="text">
+ <string><html><head/><body><p>The GPG-based wallet use a GPG encryption key to securely encrypt data on disk. The key must be available when decrypting is needed or your wallet will not be accessible. For example, if you choose a SmartCard-based encryption key, the GPG system will prompt you to enter it and its associated PIN when attempting to open the wallet. <b>NOTE:</b> only &quot;ultimate-level&quot; trusted keys are shown in this list.</p></body></html></string>
+ </property>
+ <property name="wordWrap">
+ <bool>true</bool>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <layout class="QHBoxLayout" name="horizontalLayout">
+ <item>
+ <widget class="QLabel" name="label">
+ <property name="enabled">
+ <bool>true</bool>
+ </property>
+ <property name="text">
+ <string>Select encryption GPG key:</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QComboBox" name="_gpgKey">
+ <property name="enabled">
+ <bool>true</bool>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </item>
+ <item>
+ <spacer name="verticalSpacer">
+ <property name="orientation">
+ <enum>Qt::Vertical</enum>
+ </property>
+ <property name="sizeHint" stdset="0">
+ <size>
+ <width>20</width>
+ <height>173</height>
+ </size>
+ </property>
+ </spacer>
+ </item>
+ </layout>
+ </widget>
+ <widget class="QWidget" name="_pageNoKeys">
+ <layout class="QVBoxLayout" name="verticalLayout">
+ <item>
+ <widget class="QLabel" name="label_2">
+ <property name="sizePolicy">
+ <sizepolicy hsizetype="Preferred" vsizetype="Expanding">
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ <property name="text">
+ <string>Unable to locate at least one <b>encrypting GPG key</b>. KDE Wallet needs such <b>encrypting key</b> to securely store passwords or other sensitive data on disk. If you still want to setup a GPG-based wallet, then cancel this wizard, set-up an <b>encrypting GPG key</b>, then retry this assistant. Otherwise, you may still click back, then choose a classic, blowfish encrypted file format on the previous page.</string>
+ </property>
+ <property name="wordWrap">
+ <bool>true</bool>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ <resources/>
+ <connections/>
+</ui>
Index: kwalletd/kwalletwizardpageintro.ui
===================================================================
--- kwalletd/kwalletwizardpageintro.ui.orig
+++ kwalletd/kwalletwizardpageintro.ui
@@ -6,8 +6,8 @@
<rect>
<x>0</x>
<y>0</y>
- <width>275</width>
- <height>283</height>
+ <width>449</width>
+ <height>327</height>
</rect>
</property>
<layout class="QVBoxLayout" name="verticalLayout">
Index: kwalletd/kwalletwizardpagepasswordgpg.ui
===================================================================
--- /dev/null
+++ kwalletd/kwalletwizardpagepasswordgpg.ui
@@ -0,0 +1,350 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>KWalletWizardPagePasswordGpg</class>
+ <widget class="QWidget" name="KWalletWizardPagePasswordGpg">
+ <property name="geometry">
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>448</width>
+ <height>385</height>
+ </rect>
+ </property>
+ <layout class="QVBoxLayout" name="verticalLayout_2">
+ <item>
+ <widget class="QLabel" name="textLabel3">
+ <property name="text">
+ <string><html><head/><body><p>Various applications may attempt to use the KDE wallet to store passwords or other information such as web form data and cookies. If you would like these applications to use the wallet, you must enable it now and choose method for its encryption.</p><p>GPG method is more secure, but you must have configured at least one encrypting key on your system.</p><p>If you choose the classic format, be warned that the password you choose <span style=" font-style:italic;">cannot</span> be recovered if it is lost, and will allow anyone who knows it to obtain all the information contained in the wallet.</p></body></html></string>
+ </property>
+ <property name="textFormat">
+ <enum>Qt::RichText</enum>
+ </property>
+ <property name="wordWrap">
+ <bool>true</bool>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QCheckBox" name="_useWallet">
+ <property name="text">
+ <string>Yes, I wish to use the KDE wallet to store my personal information.</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QGroupBox" name="_groupBox">
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy hsizetype="Preferred" vsizetype="MinimumExpanding">
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ <property name="title">
+ <string>What kind of encryption do you wish?</string>
+ </property>
+ <layout class="QVBoxLayout" name="verticalLayout">
+ <item>
+ <widget class="QRadioButton" name="_radioGpg">
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>Use GPG encryption, for better protection</string>
+ </property>
+ <property name="checked">
+ <bool>true</bool>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QRadioButton" name="_radioBlowfish">
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>Classic, blowfish encrypted file</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <layout class="QHBoxLayout" name="horizontalLayout_2">
+ <item>
+ <spacer>
+ <property name="orientation">
+ <enum>Qt::Horizontal</enum>
+ </property>
+ <property name="sizeType">
+ <enum>QSizePolicy::Expanding</enum>
+ </property>
+ <property name="sizeHint" stdset="0">
+ <size>
+ <width>28</width>
+ <height>28</height>
+ </size>
+ </property>
+ </spacer>
+ </item>
+ <item>
+ <layout class="QHBoxLayout" name="horizontalLayout">
+ <item>
+ <layout class="QVBoxLayout">
+ <property name="spacing">
+ <number>6</number>
+ </property>
+ <property name="margin">
+ <number>0</number>
+ </property>
+ <item>
+ <widget class="QLabel" name="textLabel1_3">
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>Enter a new password:</string>
+ </property>
+ <property name="alignment">
+ <set>Qt::AlignAbsolute|Qt::AlignBottom|Qt::AlignCenter|Qt::AlignHCenter|Qt::AlignHorizontal_Mask|Qt::AlignJustify|Qt::AlignLeading|Qt::AlignLeft|Qt::AlignRight|Qt::AlignTop|Qt::AlignTrailing|Qt::AlignVCenter|Qt::AlignVertical_Mask</set>
+ </property>
+ <property name="buddy">
+ <cstring>_pass1</cstring>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QLabel" name="textLabel2_3">
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="text">
+ <string>Verify password:</string>
+ </property>
+ <property name="alignment">
+ <set>Qt::AlignAbsolute|Qt::AlignBottom|Qt::AlignCenter|Qt::AlignHCenter|Qt::AlignHorizontal_Mask|Qt::AlignJustify|Qt::AlignLeading|Qt::AlignLeft|Qt::AlignRight|Qt::AlignTop|Qt::AlignTrailing|Qt::AlignVCenter|Qt::AlignVertical_Mask</set>
+ </property>
+ <property name="buddy">
+ <cstring>_pass2</cstring>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </item>
+ <item>
+ <layout class="QVBoxLayout">
+ <property name="spacing">
+ <number>6</number>
+ </property>
+ <property name="margin">
+ <number>0</number>
+ </property>
+ <item>
+ <widget class="KLineEdit" name="_pass1">
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="echoMode">
+ <enum>QLineEdit::Password</enum>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="KLineEdit" name="_pass2">
+ <property name="enabled">
+ <bool>false</bool>
+ </property>
+ <property name="echoMode">
+ <enum>QLineEdit::Password</enum>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </item>
+ </layout>
+ </item>
+ <item>
+ <spacer>
+ <property name="orientation">
+ <enum>Qt::Horizontal</enum>
+ </property>
+ <property name="sizeType">
+ <enum>QSizePolicy::Expanding</enum>
+ </property>
+ <property name="sizeHint" stdset="0">
+ <size>
+ <width>98</width>
+ <height>18</height>
+ </size>
+ </property>
+ </spacer>
+ </item>
+ </layout>
+ </item>
+ <item>
+ <widget class="QLabel" name="_matchLabel">
+ <property name="text">
+ <string/>
+ </property>
+ <property name="alignment">
+ <set>Qt::AlignAbsolute|Qt::AlignBottom|Qt::AlignCenter|Qt::AlignHCenter|Qt::AlignHorizontal_Mask|Qt::AlignJustify|Qt::AlignLeading|Qt::AlignLeft|Qt::AlignRight|Qt::AlignTop|Qt::AlignTrailing|Qt::AlignVCenter|Qt::AlignVertical_Mask</set>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <spacer name="verticalSpacer">
+ <property name="orientation">
+ <enum>Qt::Vertical</enum>
+ </property>
+ <property name="sizeHint" stdset="0">
+ <size>
+ <width>20</width>
+ <height>31</height>
+ </size>
+ </property>
+ </spacer>
+ </item>
+ </layout>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ <customwidgets>
+ <customwidget>
+ <class>KLineEdit</class>
+ <extends>QLineEdit</extends>
+ <header>klineedit.h</header>
+ </customwidget>
+ </customwidgets>
+ <resources/>
+ <connections>
+ <connection>
+ <sender>_radioBlowfish</sender>
+ <signal>toggled(bool)</signal>
+ <receiver>textLabel1_3</receiver>
+ <slot>setEnabled(bool)</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>239</x>
+ <y>220</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>213</x>
+ <y>249</y>
+ </hint>
+ </hints>
+ </connection>
+ <connection>
+ <sender>_radioBlowfish</sender>
+ <signal>toggled(bool)</signal>
+ <receiver>_pass1</receiver>
+ <slot>setEnabled(bool)</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>239</x>
+ <y>220</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>331</x>
+ <y>249</y>
+ </hint>
+ </hints>
+ </connection>
+ <connection>
+ <sender>_radioBlowfish</sender>
+ <signal>toggled(bool)</signal>
+ <receiver>textLabel2_3</receiver>
+ <slot>setEnabled(bool)</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>239</x>
+ <y>220</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>142</x>
+ <y>277</y>
+ </hint>
+ </hints>
+ </connection>
+ <connection>
+ <sender>_radioBlowfish</sender>
+ <signal>toggled(bool)</signal>
+ <receiver>_pass2</receiver>
+ <slot>setEnabled(bool)</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>239</x>
+ <y>220</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>331</x>
+ <y>277</y>
+ </hint>
+ </hints>
+ </connection>
+ <connection>
+ <sender>_radioBlowfish</sender>
+ <signal>clicked()</signal>
+ <receiver>_pass1</receiver>
+ <slot>setFocus()</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>239</x>
+ <y>220</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>331</x>
+ <y>249</y>
+ </hint>
+ </hints>
+ </connection>
+ <connection>
+ <sender>_useWallet</sender>
+ <signal>toggled(bool)</signal>
+ <receiver>_groupBox</receiver>
+ <slot>setEnabled(bool)</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>42</x>
+ <y>112</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>33</x>
+ <y>193</y>
+ </hint>
+ </hints>
+ </connection>
+ <connection>
+ <sender>_useWallet</sender>
+ <signal>toggled(bool)</signal>
+ <receiver>_radioGpg</receiver>
+ <slot>setEnabled(bool)</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>50</x>
+ <y>112</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>63</x>
+ <y>166</y>
+ </hint>
+ </hints>
+ </connection>
+ <connection>
+ <sender>_useWallet</sender>
+ <signal>toggled(bool)</signal>
+ <receiver>_radioBlowfish</receiver>
+ <slot>setEnabled(bool)</slot>
+ <hints>
+ <hint type="sourcelabel">
+ <x>85</x>
+ <y>112</y>
+ </hint>
+ <hint type="destinationlabel">
+ <x>97</x>
+ <y>220</y>
+ </hint>
+ </hints>
+ </connection>
+ </connections>
+</ui>
Index: kwalletd/main.cpp
===================================================================
--- kwalletd/main.cpp.orig
+++ kwalletd/main.cpp
@@ -1,6 +1,7 @@
/**
* This file is part of the KDE project
* Copyright (C) 2008 Michael Leupold <lemma@confuego.org>
+ * Copyright (C) 2014 Alejandro Fiestas Olivares <afiestas@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
@@ -24,9 +25,17 @@
#include <kconfig.h>
#include <kconfiggroup.h>
#include <klocale.h>
-
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
#include "kwalletd.h"
+#include "backend/kwalletbackend.h" //For the hash size
+#define BSIZE 1000
+static int pipefd = 0;
+static int socketfd = 0;
static bool isWalletEnabled()
{
KConfig cfg("kwalletrc");
@@ -34,14 +43,117 @@ static bool isWalletEnabled()
return walletGroup.readEntry("Enabled", true);
}
+//Waits until the PAM_MODULE sends the hash
+static char *waitForHash()
+{
+ printf("kwalletd: Waiting for hash on %d-\n", pipefd);
+ int totalRead = 0;
+ int readBytes = 0;
+ int attemps = 0;
+ char *buf = (char*)malloc(sizeof(char) * PBKDF2_SHA512_KEYSIZE);
+ memset(buf, '\0', PBKDF2_SHA512_KEYSIZE);
+ while(totalRead != PBKDF2_SHA512_KEYSIZE) {
+ readBytes = read(pipefd, buf + totalRead, PBKDF2_SHA512_KEYSIZE - totalRead);
+ if (readBytes == -1 || attemps > 5) {
+ free(buf);
+ return NULL;
+ }
+ totalRead += readBytes;
+ ++attemps;
+ }
+
+ close(pipefd);
+ return buf;
+}
+
+//Waits until startkde sends the environment variables
+static int waitForEnvironment()
+{
+ printf("kwalletd: waitingForEnvironment on: %d\n", socketfd);
+
+ int s2;
+ struct sockaddr_un remote;
+ socklen_t t = sizeof(remote);
+ if ((s2 = accept(socketfd, (struct sockaddr *)&remote, &t)) == -1) {
+ fprintf(stdout, "kwalletd: Couldn't accept incoming connection\n");
+ return -1;
+ }
+ printf("kwalletd: client connected\n");
+
+ char str[BSIZE];
+ memset(str, '\0', sizeof(char) * BSIZE);
+
+ int chop = 0;
+ FILE *s3 = fdopen(s2, "r");
+ while(!feof(s3)) {
+ if (fgets(str, BSIZE, s3)) {
+ chop = strlen(str) - 1;
+ str[chop] = '\0';
+ putenv(strdup(str));
+ }
+ }
+ printf("kwalletd: client disconnected\n");
+ close(socketfd);
+ return 1;
+}
+
+char* checkPamModule(int argc, char **argv)
+{
+ printf("Checking for pam module\n");
+ char *hash = NULL;
+ int x = 1;
+ for (; x < argc; ++x) {
+ if (strcmp(argv[x], "--pam-login") != 0) {
+ continue;
+ }
+ printf("Got pam-login\n");
+ argv[x] = NULL;
+ x++;
+ //We need at least 2 extra arguments after --pam-login
+ if (x + 1 > argc) {
+ printf("Invalid arguments (less than needed)\n");
+ return NULL;
+ }
+
+ //first socket for the hash, comes from a pipe
+ pipefd = atoi(argv[x]);
+ argv[x] = NULL;
+ x++;
+ //second socket for environemtn, comes from a localsock
+ socketfd = atoi(argv[x]);
+ argv[x] = NULL;
+ break;
+ }
+
+ if (!pipefd || !socketfd) {
+ printf("Lacking a socket, pipe: %d, env:%d\n", pipefd, socketfd);
+ return NULL;
+ }
+
+ hash = waitForHash();
+
+ if (hash == NULL || waitForEnvironment() == -1) {
+ printf("Hash or environment not received\n");
+ return NULL;
+ }
+
+ return hash;
+}
+
extern "C" KDE_EXPORT int kdemain(int argc, char **argv)
{
+ char *hash = NULL;
+ if (getenv("PAM_KWALLET_LOGIN")) {
+ hash = checkPamModule(argc, argv);
+ }
+
KAboutData aboutdata("kwalletd", 0, ki18n("KDE Wallet Service"),
"0.2", ki18n("KDE Wallet Service"),
- KAboutData::License_LGPL, ki18n("(C) 2002-2008 George Staikos, Michael Leupold, Thiago Maceira"));
+ KAboutData::License_LGPL, ki18n("(C) 2002-2008 George Staikos, Michael Leupold, Thiago Maceira, Valentin Rusu"));
aboutdata.addAuthor(ki18n("Michael Leupold"),ki18n("Maintainer"),"lemma@confuego.org");
aboutdata.addAuthor(ki18n("George Staikos"),ki18n("Former maintainer"),"staikos@kde.org");
aboutdata.addAuthor(ki18n("Thiago Maceira"),ki18n("D-Bus Interface"),"thiago@kde.org");
+ aboutdata.addAuthor(ki18n("Valentin Rusu"),ki18n("GPG backend support"),"kde@rusu.info");
aboutdata.setProgramIconName("kwalletmanager");
@@ -67,5 +179,14 @@ extern "C" KDE_EXPORT int kdemain(int ar
kDebug() << "kwalletd started";
KWalletD walletd;
+ if (hash) {
+ kDebug() << "LOGIN INSIDE!";
+ QByteArray passHash(hash, PBKDF2_SHA512_KEYSIZE);
+ int wallet = walletd.pamOpen(KWallet::Wallet::LocalWallet(), passHash, 0);
+ kDebug() << "Wallet handler: " << wallet;
+ free(hash);
+ } else {
+ kDebug() << "Not pam login";
+ }
return app.exec();
}
Index: kwalletd/tests/CMakeLists.txt
===================================================================
--- kwalletd/tests/CMakeLists.txt.orig
+++ kwalletd/tests/CMakeLists.txt
@@ -14,10 +14,20 @@ kde4_add_ui_files(kwalletwizardtest_SRCS
../kwalletwizardpageintro.ui
../kwalletwizardpageoptions.ui
../kwalletwizardpagepassword.ui
+ ../kwalletwizardpagegpgkey.ui
)
+if (QGPGME_FOUND)
+ kde4_add_ui_files(kwalletwizardtest_SRCS
+ ../kwalletwizardpagepasswordgpg.ui)
+endif(QGPGME_FOUND)
+
kde4_add_executable(kwalletwizardtest TEST ${kwalletwizardtest_SRCS})
target_link_libraries(kwalletwizardtest ${KDE4_KDECORE_LIBS} ${KDE4_KDEUI_LIBS} ${QT_QTGUI_LIBRARY})
+if (QGPGME_FOUND)
+ target_link_libraries(kwalletwizardtest ${QGPGME_LIBRARIES})
+endif(QGPGME_FOUND)
+
set( EXECUTABLE_OUTPUT_PATH ${CMAKE_CURRENT_BINARY_DIR} )
include_directories( ${KDE4_KDEUI_INCLUDES} ) # for kwallet.h
