From 2e5f30a0619264c0674cf58cf9e2f6f9ea9aec5e Mon Sep 17 00:00:00 2001 From: liuxinhao Date: Fri, 2 Jun 2023 15:20:22 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E9=83=A8=E5=88=86=E9=97=AE?= =?UTF-8?q?=E9=A2=98:=20-=20=E5=A4=9A=E5=9B=A0=E5=AD=90=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E7=A6=81=E6=AD=A2=E8=B7=B3=E8=BD=AC=E7=99=BB=E5=BD=95=20-=20?= =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=9B=B4=E6=96=B0=E9=BB=98=E8=AE=A4=E8=AE=A4?= =?UTF-8?q?=E8=AF=81=E8=AE=BE=E5=A4=87=E7=9A=84=E9=80=BB=E8=BE=91=EF=BC=8C?= =?UTF-8?q?=E6=9B=B4=E6=96=B0=E7=BF=BB=E8=AF=91=20-=20=E5=A4=9A=E5=9B=A0?= =?UTF-8?q?=E5=AD=90=E8=AE=A4=E8=AF=81=EF=BC=8C=E5=A4=84=E7=90=86=E5=8F=AA?= =?UTF-8?q?=E6=9C=89=E5=AF=86=E7=A0=81=E8=AE=A4=E8=AF=81=E7=9A=84=E6=83=85?= =?UTF-8?q?=E5=86=B5=20-=20=E8=AE=BE=E5=A4=87=E9=80=82=E9=85=8D=E5=99=A8?= =?UTF-8?q?=E4=B8=8D=E6=9B=B4=E6=96=B0=E4=B8=8D=E5=AD=98=E5=9C=A8=E7=9A=84?= =?UTF-8?q?=E9=BB=98=E8=AE=A4=E8=AE=BE=E5=A4=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ce-Device-adapters-do-not-update-def.patch | 43 +++++++++++ ...-Multifactor-authentication-handling.patch | 74 +++++++++++++++++++ ...ce-Update-the-logic-of-the-default-a.patch | 61 +++++++++++++++ ...ti-factor-multi-factor-no-jump-login.patch | 29 ++++++++ kiran-authentication-service.spec | 12 ++- 5 files changed, 218 insertions(+), 1 deletion(-) create mode 100644 0006-fix-default-device-Device-adapters-do-not-update-def.patch create mode 100644 0007-fix-multi-factor-Multifactor-authentication-handling.patch create mode 100644 0008-fix-default-device-Update-the-logic-of-the-default-a.patch create mode 100644 0009-fix-multi-factor-multi-factor-no-jump-login.patch diff --git a/0006-fix-default-device-Device-adapters-do-not-update-def.patch b/0006-fix-default-device-Device-adapters-do-not-update-def.patch new file mode 100644 index 0000000..ef8c600 --- /dev/null +++ b/0006-fix-default-device-Device-adapters-do-not-update-def.patch @@ -0,0 +1,43 @@ +From d5b850a0249c2f2b19341acc5bd3a72eebcfa626 Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Fri, 2 Jun 2023 14:46:07 +0800 +Subject: [PATCH 6/9] fix(default device): Device adapters do not update + default devices that do not exist +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 设备适配器不更新不存在的默认设备 +--- + src/daemon/device/device-adaptor-factory.cpp | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/daemon/device/device-adaptor-factory.cpp b/src/daemon/device/device-adaptor-factory.cpp +index d3ffe19..531e0d9 100644 +--- a/src/daemon/device/device-adaptor-factory.cpp ++++ b/src/daemon/device/device-adaptor-factory.cpp +@@ -189,11 +189,16 @@ void DeviceAdaptorFactory::onDefaultDeviceChanged(int authType, + const QString &deviceID) + { + auto deviceAdaptor = this->getDeviceAdaptor(authType); +- if (deviceAdaptor && deviceAdaptor->getDeviceID() != deviceID) +- { +- auto dbusDeviceProxy = this->getDBusDeviceProxy(authType, deviceID); +- deviceAdaptor->updateDBusDeviceProxy(dbusDeviceProxy); +- } ++ // 当前不存在设备设配器的情况,不更新设备适配器代理,需要时会优先考虑默认设备 ++ // 设备适配器已使用默认设备代理,不需要更新设备适配器 ++ RETURN_IF_FALSE(deviceAdaptor && deviceAdaptor->getDeviceID()!=deviceID); ++ ++ // 尝试通过默认设备ID,拿到设备代理 ++ auto recommendedDeviceProxy = this->getDBusDeviceProxy(authType, deviceID); ++ // 未能拿到设备,或者拿不到默认设备,不更新设备适配器代理 ++ RETURN_IF_FALSE( recommendedDeviceProxy && recommendedDeviceProxy->deviceID()==deviceID); ++ ++ deviceAdaptor->updateDBusDeviceProxy(recommendedDeviceProxy); + } + + void DeviceAdaptorFactory::onAuthDeviceManagerLost(const QString &service) +-- +2.33.0 + diff --git a/0007-fix-multi-factor-Multifactor-authentication-handling.patch b/0007-fix-multi-factor-Multifactor-authentication-handling.patch new file mode 100644 index 0000000..a5f2fd3 --- /dev/null +++ b/0007-fix-multi-factor-Multifactor-authentication-handling.patch @@ -0,0 +1,74 @@ +From f32c0200d2bc9c537b45b37e9b4d246fd330f362 Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Fri, 2 Jun 2023 15:03:46 +0800 +Subject: [PATCH 7/9] fix(multi-factor): Multifactor authentication, handling + only password authentication +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 多因子认证,处理只有密码认证的情况 +--- + src/daemon/session.cpp | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/src/daemon/session.cpp b/src/daemon/session.cpp +index e8c516b..291f9fc 100644 +--- a/src/daemon/session.cpp ++++ b/src/daemon/session.cpp +@@ -132,7 +132,7 @@ void Session::StartAuth() + this->m_verifyInfo.m_inAuth = true; + this->m_verifyInfo.m_dbusMessage = this->message(); + this->startPhaseAuth(); +-} ++} + + void Session::StopAuth() + { +@@ -230,7 +230,7 @@ void Session::onIdentifyStatus(const QString &bid, int result, const QString &me + { + Q_EMIT this->AuthMessage(verifyResultStr, KADMessageType::KAD_MESSAGE_TYPE_INFO); + } +- else if(result == IdentifyStatus::IDENTIFY_STATUS_NOT_MATCH) ++ else if (result == IdentifyStatus::IDENTIFY_STATUS_NOT_MATCH) + { + Q_EMIT this->AuthMessage(verifyResultStr, KADMessageType::KAD_MESSAGE_TYPE_ERROR); + } +@@ -283,9 +283,14 @@ void Session::startUkeyAuth() + void Session::startPasswdAuth() + { + KLOG_DEBUG() << "The authentication service does not take over password authentication,ignore!"; ++ + this->m_verifyInfo.m_inAuth = true; +- this->m_verifyInfo.m_authenticatedUserName = m_userName; +- this->finishPhaseAuth(true,false); ++ if (this->m_verifyInfo.m_authenticatedUserName.isEmpty()) ++ { ++ this->m_verifyInfo.m_authenticatedUserName = m_userName; ++ } ++ ++ this->finishPhaseAuth(true, false); + } + + void Session::startGeneralAuth(const QString &extraInfo) +@@ -305,7 +310,7 @@ void Session::startGeneralAuth(const QString &extraInfo) + { + auto authTypeStr = Utils::authTypeEnum2Str(this->m_authType); + KLOG_WARNING() << m_sessionID << "start phase auth failed,can not find device,auth type:" << m_authType; +- Q_EMIT this->AuthMessage(QString(tr("can not find %1 device")).arg(Utils::authTypeEnum2LocaleStr(this->m_authType)),KADMessageType::KAD_MESSAGE_TYPE_ERROR); ++ Q_EMIT this->AuthMessage(QString(tr("can not find %1 device")).arg(Utils::authTypeEnum2LocaleStr(this->m_authType)), KADMessageType::KAD_MESSAGE_TYPE_ERROR); + + this->finishPhaseAuth(false, false); + return; +@@ -359,7 +364,7 @@ void Session::finishPhaseAuth(bool isSuccess, bool recordFailure) + break; + case KADAuthMode::KAD_AUTH_MODE_AND: + { +- if( this->m_authOrderWaiting.size() > 0 ) ++ if (this->m_authOrderWaiting.size() > 0) + { + this->m_authOrderWaiting.removeOne(this->m_authType); + } +-- +2.33.0 + diff --git a/0008-fix-default-device-Update-the-logic-of-the-default-a.patch b/0008-fix-default-device-Update-the-logic-of-the-default-a.patch new file mode 100644 index 0000000..b7e473a --- /dev/null +++ b/0008-fix-default-device-Update-the-logic-of-the-default-a.patch @@ -0,0 +1,61 @@ +From 17523794f035c7e66c232a799830c994da1a8a1b Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Fri, 2 Jun 2023 15:05:34 +0800 +Subject: [PATCH 8/9] fix(default device): Update the logic of the default + authentication device +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 修复更新默认认证设备的逻辑,更新翻译 +--- + src/daemon/device/device-adaptor.cpp | 7 +++++-- + translations/kiran-authentication-daemon.zh_CN.ts | 2 +- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/device/device-adaptor.cpp b/src/daemon/device/device-adaptor.cpp +index 32c768f..369554d 100644 +--- a/src/daemon/device/device-adaptor.cpp ++++ b/src/daemon/device/device-adaptor.cpp +@@ -92,13 +92,14 @@ void DeviceAdaptor::updateDBusDeviceProxy(QSharedPointer dbusDe + { + RETURN_IF_FALSE(dbusDeviceProxy); + ++ DEVICE_DEBUG() << "update auth device"; + if (!this->m_dbusDeviceProxy || + this->m_dbusDeviceProxy->deviceID() != dbusDeviceProxy->deviceID()) + { + if (this->m_dbusDeviceProxy) + { +- this->m_dbusDeviceProxy->disconnect(); +- this->m_dbusDeviceProxy = nullptr; ++ this->m_dbusDeviceProxy->disconnect(this); ++ this->m_dbusDeviceProxy.clear(); + } + + this->m_dbusDeviceProxy = dbusDeviceProxy; +@@ -108,6 +109,8 @@ void DeviceAdaptor::updateDBusDeviceProxy(QSharedPointer dbusDe + + connect(this->m_dbusDeviceProxy.get(), &AuthDeviceProxy::EnrollStatus, this, &DeviceAdaptor::onEnrollStatus); + connect(this->m_dbusDeviceProxy.get(), &AuthDeviceProxy::IdentifyStatus, this, &DeviceAdaptor::onIdentifyStatus); ++ ++ DEVICE_DEBUG() << "update auth device finished"; + this->schedule(); + } + } +diff --git a/translations/kiran-authentication-daemon.zh_CN.ts b/translations/kiran-authentication-daemon.zh_CN.ts +index 8c03e2c..e74195f 100644 +--- a/translations/kiran-authentication-daemon.zh_CN.ts ++++ b/translations/kiran-authentication-daemon.zh_CN.ts +@@ -27,7 +27,7 @@ + 请输入PIN码。 + + +- ++ + can not find %1 device + 未能检测到%1设备 + +-- +2.33.0 + diff --git a/0009-fix-multi-factor-multi-factor-no-jump-login.patch b/0009-fix-multi-factor-multi-factor-no-jump-login.patch new file mode 100644 index 0000000..3244154 --- /dev/null +++ b/0009-fix-multi-factor-multi-factor-no-jump-login.patch @@ -0,0 +1,29 @@ +From 9046f70a621f92a9eab590e380768b74d897d43e Mon Sep 17 00:00:00 2001 +From: liuxinhao +Date: Fri, 2 Jun 2023 15:09:15 +0800 +Subject: [PATCH 9/9] fix(multi-factor): multi-factor no jump login +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 多因子登录禁止跳转登录 +--- + src/daemon/session.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/daemon/session.cpp b/src/daemon/session.cpp +index 291f9fc..5144da1 100644 +--- a/src/daemon/session.cpp ++++ b/src/daemon/session.cpp +@@ -57,6 +57,8 @@ Session::Session(uint32_t sessionID, + if (m_authMode == KAD_AUTH_MODE_AND) + { + this->m_authOrderWaiting = authTypes; ++ // 多因子认证时,不允许调整用户登录 ++ this->m_verifyInfo.m_authenticatedUserName = m_userName; + } + + KLOG_DEBUG() << QString("new session authmode(%1),login user switchable(%2),default auth type(%3),auth order(%4)") +-- +2.33.0 + diff --git a/kiran-authentication-service.spec b/kiran-authentication-service.spec index 70270b5..b84d411 100644 --- a/kiran-authentication-service.spec +++ b/kiran-authentication-service.spec @@ -1,6 +1,6 @@ Name: kiran-authentication-service Version: 2.5.1 -Release: 3 +Release: 4 Summary: Kiran Desktop kiran authentication service License: MulanPSL-2.0 URL: http://www.kylinsec.com.cn @@ -12,6 +12,10 @@ Patch0002: 0002-fix-pam-conf-Adjust-the-number-of-non-password-authe.patch Patch0003: 0003-fix-Interface-permission-Upgrade-the-permission-of-s.patch Patch0004: 0004-fix-multi-factor-Fixed-an-authentication-failure-cau.patch Patch0005: 0005-fix-auth-order-Adjust-the-authentication-sequence.patch +Patch0006: 0006-fix-default-device-Device-adapters-do-not-update-def.patch +Patch0007: 0007-fix-multi-factor-Multifactor-authentication-handling.patch +Patch0008: 0008-fix-default-device-Update-the-logic-of-the-default-a.patch +Patch0009: 0009-fix-multi-factor-multi-factor-no-jump-login.patch BuildRequires: systemd BuildRequires: systemd-devel @@ -87,6 +91,12 @@ systemctl enable kiran-authentication-daemon.service %{_includedir}/kiran-authentication-service/kas-authentication-i.h %changelog +* Fri Jun 02 2023 liuxinhao - 2.5.1-4 +- KYOS-B: Device adapters do not update default devices that do not exist +- KYOS-B: Multifactor authentication, handling only password authentication +- KYOS-B: Update the logic of the default authentication device +- KYOS-B: multi-factor no jump login + * Wed May 31 2023 liuxinhao - 2.5.1-3 - KYOS-B: fix terminl authentication type check (#I792B4) - KYOS-B: Adjust the number of non-password authentication failures recorded in the PAM configuration file(#I7937W) -- Gitee