packages/kiran-authentication-service
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

更新部分问题:

Browse Source 
- 多因子登录禁止跳转登录
- 修复更新默认认证设备的逻辑,更新翻译
- 多因子认证,处理只有密码认证的情况
- 设备适配器不更新不存在的默认设备
This commit is contained in:
liuxinhao 2023-06-02 15:20:22 +08:00
parent 67705ea59b
commit d706e3ef4f
5 changed files with 218 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0006-fix-default-device-Device-adapters-do-not-update-def.patch Normal file
View File

@ -0,0 +1,43 @@
From d5b850a0249c2f2b19341acc5bd3a72eebcfa626 Mon Sep 17 00:00:00 2001
From: liuxinhao <liuxinhao@kylinsec.com.cn>
Date: Fri, 2 Jun 2023 14:46:07 +0800
Subject: [PATCH 6/9] fix(default device): Device adapters do not update
default devices that do not exist
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- 设备适配器不更新不存在的默认设备
---
src/daemon/device/device-adaptor-factory.cpp | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/daemon/device/device-adaptor-factory.cpp b/src/daemon/device/device-adaptor-factory.cpp
index d3ffe19..531e0d9 100644
--- a/src/daemon/device/device-adaptor-factory.cpp
+++ b/src/daemon/device/device-adaptor-factory.cpp
@@ -189,11 +189,16 @@ void DeviceAdaptorFactory::onDefaultDeviceChanged(int authType,
const QString &deviceID)
{
auto deviceAdaptor = this->getDeviceAdaptor(authType);
- if (deviceAdaptor && deviceAdaptor->getDeviceID() != deviceID)
- {
- auto dbusDeviceProxy = this->getDBusDeviceProxy(authType, deviceID);
- deviceAdaptor->updateDBusDeviceProxy(dbusDeviceProxy);
- }
+ // 当前不存在设备设配器的情况,不更新设备适配器代理,需要时会优先考虑默认设备
+ // 设备适配器已使用默认设备代理,不需要更新设备适配器
+ RETURN_IF_FALSE(deviceAdaptor && deviceAdaptor->getDeviceID()!=deviceID);
+
+ // 尝试通过默认设备ID拿到设备代理
+ auto recommendedDeviceProxy = this->getDBusDeviceProxy(authType, deviceID);
+ // 未能拿到设备,或者拿不到默认设备,不更新设备适配器代理
+ RETURN_IF_FALSE( recommendedDeviceProxy && recommendedDeviceProxy->deviceID()==deviceID);
+
+ deviceAdaptor->updateDBusDeviceProxy(recommendedDeviceProxy);
}
void DeviceAdaptorFactory::onAuthDeviceManagerLost(const QString &service)
--
2.33.0

74
0007-fix-multi-factor-Multifactor-authentication-handling.patch Normal file
View File

@ -0,0 +1,74 @@
From f32c0200d2bc9c537b45b37e9b4d246fd330f362 Mon Sep 17 00:00:00 2001
From: liuxinhao <liuxinhao@kylinsec.com.cn>
Date: Fri, 2 Jun 2023 15:03:46 +0800
Subject: [PATCH 7/9] fix(multi-factor): Multifactor authentication, handling
only password authentication
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- 多因子认证,处理只有密码认证的情况
---
src/daemon/session.cpp | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/src/daemon/session.cpp b/src/daemon/session.cpp
index e8c516b..291f9fc 100644
--- a/src/daemon/session.cpp
+++ b/src/daemon/session.cpp
@@ -132,7 +132,7 @@ void Session::StartAuth()
this->m_verifyInfo.m_inAuth = true;
this->m_verifyInfo.m_dbusMessage = this->message();
this->startPhaseAuth();
-}
+}
void Session::StopAuth()
{
@@ -230,7 +230,7 @@ void Session::onIdentifyStatus(const QString &bid, int result, const QString &me
{
Q_EMIT this->AuthMessage(verifyResultStr, KADMessageType::KAD_MESSAGE_TYPE_INFO);
}
- else if(result == IdentifyStatus::IDENTIFY_STATUS_NOT_MATCH)
+ else if (result == IdentifyStatus::IDENTIFY_STATUS_NOT_MATCH)
{
Q_EMIT this->AuthMessage(verifyResultStr, KADMessageType::KAD_MESSAGE_TYPE_ERROR);
}
@@ -283,9 +283,14 @@ void Session::startUkeyAuth()
void Session::startPasswdAuth()
{
KLOG_DEBUG() << "The authentication service does not take over password authentication,ignore!";
+
this->m_verifyInfo.m_inAuth = true;
- this->m_verifyInfo.m_authenticatedUserName = m_userName;
- this->finishPhaseAuth(true,false);
+ if (this->m_verifyInfo.m_authenticatedUserName.isEmpty())
+ {
+ this->m_verifyInfo.m_authenticatedUserName = m_userName;
+ }
+
+ this->finishPhaseAuth(true, false);
}
void Session::startGeneralAuth(const QString &extraInfo)
@@ -305,7 +310,7 @@ void Session::startGeneralAuth(const QString &extraInfo)
{
auto authTypeStr = Utils::authTypeEnum2Str(this->m_authType);
KLOG_WARNING() << m_sessionID << "start phase auth failed,can not find device,auth type:" << m_authType;
- Q_EMIT this->AuthMessage(QString(tr("can not find %1 device")).arg(Utils::authTypeEnum2LocaleStr(this->m_authType)),KADMessageType::KAD_MESSAGE_TYPE_ERROR);
+ Q_EMIT this->AuthMessage(QString(tr("can not find %1 device")).arg(Utils::authTypeEnum2LocaleStr(this->m_authType)), KADMessageType::KAD_MESSAGE_TYPE_ERROR);
this->finishPhaseAuth(false, false);
return;
@@ -359,7 +364,7 @@ void Session::finishPhaseAuth(bool isSuccess, bool recordFailure)
break;
case KADAuthMode::KAD_AUTH_MODE_AND:
{
- if( this->m_authOrderWaiting.size() > 0 )
+ if (this->m_authOrderWaiting.size() > 0)
{
this->m_authOrderWaiting.removeOne(this->m_authType);
}
--
2.33.0

61
0008-fix-default-device-Update-the-logic-of-the-default-a.patch Normal file
View File

@ -0,0 +1,61 @@
From 17523794f035c7e66c232a799830c994da1a8a1b Mon Sep 17 00:00:00 2001
From: liuxinhao <liuxinhao@kylinsec.com.cn>
Date: Fri, 2 Jun 2023 15:05:34 +0800
Subject: [PATCH 8/9] fix(default device): Update the logic of the default
authentication device
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- 修复更新默认认证设备的逻辑,更新翻译
---
src/daemon/device/device-adaptor.cpp | 7 +++++--
translations/kiran-authentication-daemon.zh_CN.ts | 2 +-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/daemon/device/device-adaptor.cpp b/src/daemon/device/device-adaptor.cpp
index 32c768f..369554d 100644
--- a/src/daemon/device/device-adaptor.cpp
+++ b/src/daemon/device/device-adaptor.cpp
@@ -92,13 +92,14 @@ void DeviceAdaptor::updateDBusDeviceProxy(QSharedPointer<AuthDeviceProxy> dbusDe
{
RETURN_IF_FALSE(dbusDeviceProxy);
+ DEVICE_DEBUG() << "update auth device";
if (!this->m_dbusDeviceProxy ||
this->m_dbusDeviceProxy->deviceID() != dbusDeviceProxy->deviceID())
{
if (this->m_dbusDeviceProxy)
{
- this->m_dbusDeviceProxy->disconnect();
- this->m_dbusDeviceProxy = nullptr;
+ this->m_dbusDeviceProxy->disconnect(this);
+ this->m_dbusDeviceProxy.clear();
}
this->m_dbusDeviceProxy = dbusDeviceProxy;
@@ -108,6 +109,8 @@ void DeviceAdaptor::updateDBusDeviceProxy(QSharedPointer<AuthDeviceProxy> dbusDe
connect(this->m_dbusDeviceProxy.get(), &AuthDeviceProxy::EnrollStatus, this, &DeviceAdaptor::onEnrollStatus);
connect(this->m_dbusDeviceProxy.get(), &AuthDeviceProxy::IdentifyStatus, this, &DeviceAdaptor::onIdentifyStatus);
+
+ DEVICE_DEBUG() << "update auth device finished";
this->schedule();
}
}
diff --git a/translations/kiran-authentication-daemon.zh_CN.ts b/translations/kiran-authentication-daemon.zh_CN.ts
index 8c03e2c..e74195f 100644
--- a/translations/kiran-authentication-daemon.zh_CN.ts
+++ b/translations/kiran-authentication-daemon.zh_CN.ts
@@ -27,7 +27,7 @@
<translation>请输入PIN码。</translation>
</message>
<message>
- <location filename="../src/daemon/session.cpp" line="308"/>
+ <location filename="../src/daemon/session.cpp" line="313"/>
<source>can not find %1 device</source>
<translation>未能检测到%1设备</translation>
</message>
--
2.33.0

29
0009-fix-multi-factor-multi-factor-no-jump-login.patch Normal file
View File

@ -0,0 +1,29 @@
From 9046f70a621f92a9eab590e380768b74d897d43e Mon Sep 17 00:00:00 2001
From: liuxinhao <liuxinhao@kylinsec.com.cn>
Date: Fri, 2 Jun 2023 15:09:15 +0800
Subject: [PATCH 9/9] fix(multi-factor): multi-factor no jump login
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- 多因子登录禁止跳转登录
---
src/daemon/session.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/daemon/session.cpp b/src/daemon/session.cpp
index 291f9fc..5144da1 100644
--- a/src/daemon/session.cpp
+++ b/src/daemon/session.cpp
@@ -57,6 +57,8 @@ Session::Session(uint32_t sessionID,
if (m_authMode == KAD_AUTH_MODE_AND)
{
this->m_authOrderWaiting = authTypes;
+ // 多因子认证时,不允许调整用户登录
+ this->m_verifyInfo.m_authenticatedUserName = m_userName;
}
KLOG_DEBUG() << QString("new session authmode(%1),login user switchable(%2),default auth type(%3),auth order(%4)")
--
2.33.0

12
kiran-authentication-service.spec
View File

@ -1,6 +1,6 @@
Name: kiran-authentication-service
Version: 2.5.1
Release: 3
Release: 4
Summary: Kiran Desktop kiran authentication service
License: MulanPSL-2.0
URL: http://www.kylinsec.com.cn
@ -12,6 +12,10 @@ Patch0002: 0002-fix-pam-conf-Adjust-the-number-of-non-password-authe.patch
Patch0003: 0003-fix-Interface-permission-Upgrade-the-permission-of-s.patch
Patch0004: 0004-fix-multi-factor-Fixed-an-authentication-failure-cau.patch
Patch0005: 0005-fix-auth-order-Adjust-the-authentication-sequence.patch
Patch0006: 0006-fix-default-device-Device-adapters-do-not-update-def.patch
Patch0007: 0007-fix-multi-factor-Multifactor-authentication-handling.patch
Patch0008: 0008-fix-default-device-Update-the-logic-of-the-default-a.patch
Patch0009: 0009-fix-multi-factor-multi-factor-no-jump-login.patch
BuildRequires: systemd
BuildRequires: systemd-devel
@ -87,6 +91,12 @@ systemctl enable kiran-authentication-daemon.service
%{_includedir}/kiran-authentication-service/kas-authentication-i.h
%changelog
* Fri Jun 02 2023 liuxinhao <liuxinhao@kylinsec.com.cn> - 2.5.1-4
- KYOS-B: Device adapters do not update default devices that do not exist
- KYOS-B: Multifactor authentication, handling only password authentication
- KYOS-B: Update the logic of the default authentication device
- KYOS-B: multi-factor no jump login
* Wed May 31 2023 liuxinhao <liuxinhao@kylinsec.com.cn> - 2.5.1-3
- KYOS-B: fix terminl authentication type check (#I792B4)
- KYOS-B: Adjust the number of non-password authentication failures recorded in the PAM configuration file(#I7937W)