diff --git a/0006-fix-default-device-Device-adapters-do-not-update-def.patch b/0006-fix-default-device-Device-adapters-do-not-update-def.patch new file mode 100644 index 0000000000000000000000000000000000000000..ef8c6008051eddc50de5099eade9c439413f94a0 --- /dev/null +++ b/0006-fix-default-device-Device-adapters-do-not-update-def.patch @@ -0,0 +1,43 @@ +From d5b850a0249c2f2b19341acc5bd3a72eebcfa626 Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Fri, 2 Jun 2023 14:46:07 +0800 +Subject: [PATCH 6/9] fix(default device): Device adapters do not update + default devices that do not exist +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 设备适配器不更新不存在的默认设备 +--- + src/daemon/device/device-adaptor-factory.cpp | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/daemon/device/device-adaptor-factory.cpp b/src/daemon/device/device-adaptor-factory.cpp +index d3ffe19..531e0d9 100644 +--- a/src/daemon/device/device-adaptor-factory.cpp ++++ b/src/daemon/device/device-adaptor-factory.cpp +@@ -189,11 +189,16 @@ void DeviceAdaptorFactory::onDefaultDeviceChanged(int authType, + const QString &deviceID) + { + auto deviceAdaptor = this->getDeviceAdaptor(authType); +- if (deviceAdaptor && deviceAdaptor->getDeviceID() != deviceID) +- { +- auto dbusDeviceProxy = this->getDBusDeviceProxy(authType, deviceID); +- deviceAdaptor->updateDBusDeviceProxy(dbusDeviceProxy); +- } ++ // 当前不存在设备设配器的情况,不更新设备适配器代理,需要时会优先考虑默认设备 ++ // 设备适配器已使用默认设备代理,不需要更新设备适配器 ++ RETURN_IF_FALSE(deviceAdaptor && deviceAdaptor->getDeviceID()!=deviceID); ++ ++ // 尝试通过默认设备ID,拿到设备代理 ++ auto recommendedDeviceProxy = this->getDBusDeviceProxy(authType, deviceID); ++ // 未能拿到设备,或者拿不到默认设备,不更新设备适配器代理 ++ RETURN_IF_FALSE( recommendedDeviceProxy && recommendedDeviceProxy->deviceID()==deviceID); ++ ++ deviceAdaptor->updateDBusDeviceProxy(recommendedDeviceProxy); + } + + void DeviceAdaptorFactory::onAuthDeviceManagerLost(const QString &service) +-- +2.33.0 + diff --git a/0007-fix-multi-factor-Multifactor-authentication-handling.patch b/0007-fix-multi-factor-Multifactor-authentication-handling.patch new file mode 100644 index 0000000000000000000000000000000000000000..a5f2fd30baf5825fd180afb2b14f69088db5f3db --- /dev/null +++ b/0007-fix-multi-factor-Multifactor-authentication-handling.patch @@ -0,0 +1,74 @@ +From f32c0200d2bc9c537b45b37e9b4d246fd330f362 Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Fri, 2 Jun 2023 15:03:46 +0800 +Subject: [PATCH 7/9] fix(multi-factor): Multifactor authentication, handling + only password authentication +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 多因子认证,处理只有密码认证的情况 +--- + src/daemon/session.cpp | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/src/daemon/session.cpp b/src/daemon/session.cpp +index e8c516b..291f9fc 100644 +--- a/src/daemon/session.cpp ++++ b/src/daemon/session.cpp +@@ -132,7 +132,7 @@ void Session::StartAuth() + this->m_verifyInfo.m_inAuth = true; + this->m_verifyInfo.m_dbusMessage = this->message(); + this->startPhaseAuth(); +-} ++} + + void Session::StopAuth() + { +@@ -230,7 +230,7 @@ void Session::onIdentifyStatus(const QString &bid, int result, const QString &me + { + Q_EMIT this->AuthMessage(verifyResultStr, KADMessageType::KAD_MESSAGE_TYPE_INFO); + } +- else if(result == IdentifyStatus::IDENTIFY_STATUS_NOT_MATCH) ++ else if (result == IdentifyStatus::IDENTIFY_STATUS_NOT_MATCH) + { + Q_EMIT this->AuthMessage(verifyResultStr, KADMessageType::KAD_MESSAGE_TYPE_ERROR); + } +@@ -283,9 +283,14 @@ void Session::startUkeyAuth() + void Session::startPasswdAuth() + { + KLOG_DEBUG() << "The authentication service does not take over password authentication,ignore!"; ++ + this->m_verifyInfo.m_inAuth = true; +- this->m_verifyInfo.m_authenticatedUserName = m_userName; +- this->finishPhaseAuth(true,false); ++ if (this->m_verifyInfo.m_authenticatedUserName.isEmpty()) ++ { ++ this->m_verifyInfo.m_authenticatedUserName = m_userName; ++ } ++ ++ this->finishPhaseAuth(true, false); + } + + void Session::startGeneralAuth(const QString &extraInfo) +@@ -305,7 +310,7 @@ void Session::startGeneralAuth(const QString &extraInfo) + { + auto authTypeStr = Utils::authTypeEnum2Str(this->m_authType); + KLOG_WARNING() << m_sessionID << "start phase auth failed,can not find device,auth type:" << m_authType; +- Q_EMIT this->AuthMessage(QString(tr("can not find %1 device")).arg(Utils::authTypeEnum2LocaleStr(this->m_authType)),KADMessageType::KAD_MESSAGE_TYPE_ERROR); ++ Q_EMIT this->AuthMessage(QString(tr("can not find %1 device")).arg(Utils::authTypeEnum2LocaleStr(this->m_authType)), KADMessageType::KAD_MESSAGE_TYPE_ERROR); + + this->finishPhaseAuth(false, false); + return; +@@ -359,7 +364,7 @@ void Session::finishPhaseAuth(bool isSuccess, bool recordFailure) + break; + case KADAuthMode::KAD_AUTH_MODE_AND: + { +- if( this->m_authOrderWaiting.size() > 0 ) ++ if (this->m_authOrderWaiting.size() > 0) + { + this->m_authOrderWaiting.removeOne(this->m_authType); + } +-- +2.33.0 + diff --git a/0008-fix-default-device-Update-the-logic-of-the-default-a.patch b/0008-fix-default-device-Update-the-logic-of-the-default-a.patch new file mode 100644 index 0000000000000000000000000000000000000000..b7e473ac00d31232fb9b12dfadaaa11def820889 --- /dev/null +++ b/0008-fix-default-device-Update-the-logic-of-the-default-a.patch @@ -0,0 +1,61 @@ +From 17523794f035c7e66c232a799830c994da1a8a1b Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Fri, 2 Jun 2023 15:05:34 +0800 +Subject: [PATCH 8/9] fix(default device): Update the logic of the default + authentication device +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 修复更新默认认证设备的逻辑,更新翻译 +--- + src/daemon/device/device-adaptor.cpp | 7 +++++-- + translations/kiran-authentication-daemon.zh_CN.ts | 2 +- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/device/device-adaptor.cpp b/src/daemon/device/device-adaptor.cpp +index 32c768f..369554d 100644 +--- a/src/daemon/device/device-adaptor.cpp ++++ b/src/daemon/device/device-adaptor.cpp +@@ -92,13 +92,14 @@ void DeviceAdaptor::updateDBusDeviceProxy(QSharedPointer dbusDe + { + RETURN_IF_FALSE(dbusDeviceProxy); + ++ DEVICE_DEBUG() << "update auth device"; + if (!this->m_dbusDeviceProxy || + this->m_dbusDeviceProxy->deviceID() != dbusDeviceProxy->deviceID()) + { + if (this->m_dbusDeviceProxy) + { +- this->m_dbusDeviceProxy->disconnect(); +- this->m_dbusDeviceProxy = nullptr; ++ this->m_dbusDeviceProxy->disconnect(this); ++ this->m_dbusDeviceProxy.clear(); + } + + this->m_dbusDeviceProxy = dbusDeviceProxy; +@@ -108,6 +109,8 @@ void DeviceAdaptor::updateDBusDeviceProxy(QSharedPointer dbusDe + + connect(this->m_dbusDeviceProxy.get(), &AuthDeviceProxy::EnrollStatus, this, &DeviceAdaptor::onEnrollStatus); + connect(this->m_dbusDeviceProxy.get(), &AuthDeviceProxy::IdentifyStatus, this, &DeviceAdaptor::onIdentifyStatus); ++ ++ DEVICE_DEBUG() << "update auth device finished"; + this->schedule(); + } + } +diff --git a/translations/kiran-authentication-daemon.zh_CN.ts b/translations/kiran-authentication-daemon.zh_CN.ts +index 8c03e2c..e74195f 100644 +--- a/translations/kiran-authentication-daemon.zh_CN.ts ++++ b/translations/kiran-authentication-daemon.zh_CN.ts +@@ -27,7 +27,7 @@ + 请输入PIN码。 + + +- ++ + can not find %1 device + 未能检测到%1设备 + +-- +2.33.0 + diff --git a/0009-fix-multi-factor-multi-factor-no-jump-login.patch b/0009-fix-multi-factor-multi-factor-no-jump-login.patch new file mode 100644 index 0000000000000000000000000000000000000000..3244154aa950c4f0f58da01a2617d9e7d56f183c --- /dev/null +++ b/0009-fix-multi-factor-multi-factor-no-jump-login.patch @@ -0,0 +1,29 @@ +From 9046f70a621f92a9eab590e380768b74d897d43e Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Fri, 2 Jun 2023 15:09:15 +0800 +Subject: [PATCH 9/9] fix(multi-factor): multi-factor no jump login +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 多因子登录禁止跳转登录 +--- + src/daemon/session.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/daemon/session.cpp b/src/daemon/session.cpp +index 291f9fc..5144da1 100644 +--- a/src/daemon/session.cpp ++++ b/src/daemon/session.cpp +@@ -57,6 +57,8 @@ Session::Session(uint32_t sessionID, + if (m_authMode == KAD_AUTH_MODE_AND) + { + this->m_authOrderWaiting = authTypes; ++ // 多因子认证时,不允许调整用户登录 ++ this->m_verifyInfo.m_authenticatedUserName = m_userName; + } + + KLOG_DEBUG() << QString("new session authmode(%1),login user switchable(%2),default auth type(%3),auth order(%4)") +-- +2.33.0 + diff --git a/kiran-authentication-service.spec b/kiran-authentication-service.spec index 70270b5f79581e7058d20a207fec0a06e58e25fa..b84d411a8a60390247fbf4e3e2da2d7706053bf8 100644 --- a/kiran-authentication-service.spec +++ b/kiran-authentication-service.spec @@ -1,6 +1,6 @@ Name: kiran-authentication-service Version: 2.5.1 -Release: 3 +Release: 4 Summary: Kiran Desktop kiran authentication service License: MulanPSL-2.0 URL: http://www.kylinsec.com.cn @@ -12,6 +12,10 @@ Patch0002: 0002-fix-pam-conf-Adjust-the-number-of-non-password-authe.patch Patch0003: 0003-fix-Interface-permission-Upgrade-the-permission-of-s.patch Patch0004: 0004-fix-multi-factor-Fixed-an-authentication-failure-cau.patch Patch0005: 0005-fix-auth-order-Adjust-the-authentication-sequence.patch +Patch0006: 0006-fix-default-device-Device-adapters-do-not-update-def.patch +Patch0007: 0007-fix-multi-factor-Multifactor-authentication-handling.patch +Patch0008: 0008-fix-default-device-Update-the-logic-of-the-default-a.patch +Patch0009: 0009-fix-multi-factor-multi-factor-no-jump-login.patch BuildRequires: systemd BuildRequires: systemd-devel @@ -87,6 +91,12 @@ systemctl enable kiran-authentication-daemon.service %{_includedir}/kiran-authentication-service/kas-authentication-i.h %changelog +* Fri Jun 02 2023 liuxinhao - 2.5.1-4 +- KYOS-B: Device adapters do not update default devices that do not exist +- KYOS-B: Multifactor authentication, handling only password authentication +- KYOS-B: Update the logic of the default authentication device +- KYOS-B: multi-factor no jump login + * Wed May 31 2023 liuxinhao - 2.5.1-3 - KYOS-B: fix terminl authentication type check (#I792B4) - KYOS-B: Adjust the number of non-password authentication failures recorded in the PAM configuration file(#I7937W)