D4997: Support for long running kcheckpass supporting multiple authentications

Martin Gräßlin noreply at phabricator.kde.org
Fri Mar 10 06:07:57 UTC 2017 

graesslin created this revision.
Restricted Application added a project: Plasma.
Restricted Application added a subscriber: plasma-devel.

REVISION SUMMARY
  So far kcheckpass allowed to try to verify one password. This required
  kscreenlocker_greet to exec for every new entered password. Due to that
  we cannot enable seccomp in kscreenlocker_greet.
  
  This change prepares for supporting seccomp by making it possible to
  have a long living kcheckpass with multiple authentications. For that
  the interaction is changed:
  
  - kcheckpass gets started without going into Authenticate directly
  - kcheckpass uses a signalfd for waiting on sigusr1 and sigusr2
  - kcheckpass goes into a loop for authentication
    - signals parent process through socket that it is ready for auth
    - waits for signal
    - on sigusr1 starts to authenticate
    - on sigusr2 goes out of loop
    - after authenticate goes into next loop run to continue
  
  For the authenticator in kscreenlocker_greet the main change is to
  send the signal to kcheckpass when it wants to authenticate.
  
  In addition the authenticator supports both a delayed and a direct
  mode. In the delayed case kcheckpass gets started directly on startup
  for the long living process. In the direct mode it starts kcheckpass
  when going into authenticate. We need both modes as kcheckpass is not
  supposed to use the long living process when it is setuid root.
  
  For the moment kscreenlocker_greet by default still uses the direct
  interaction. This will change when seccomp integration is added.
  
  The test application gained a new command line switch to use either
  direct or delayed authentication.

BRANCH
  kcheckpass-sigusr

REVISION DETAIL
  https://phabricator.kde.org/D4997

AFFECTED FILES
  greeter/authenticator.cpp
  greeter/authenticator.h
  greeter/autotests/authenticatortest.cpp
  greeter/greeterapp.cpp
  kcheckpass/kcheckpass-enums.h
  kcheckpass/kcheckpass.c
  tests/kcheckpass_test.cpp

To: graesslin, #plasma
Cc: plasma-devel, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20170310/6878da14/attachment.html>

More information about the Plasma-devel mailing list