Commit 264ad344 authored by Nigel Kukard's avatar Nigel Kukard
Browse files

Save password in kwallet if available

If awit-ssh-client was given access to kwallet, save our LDAP
passsword if we managed to search the LDAP DB.
parent fce44728
......@@ -185,9 +185,14 @@ if (!defined($username) || $username eq "") {
print STDERR "Your LDAP CN : $username (passwd->gecos)\n";
}
my $password;
if ($config->SectionExists("kwallet")) {
# Sort out LDAP password
my $password;
# Lets try kwallet
my ($kwalletObject,$kwalletHandle);
# IF removed, lets rather run this in its own scope...
{
my $dbus = Net::DBus->find();
# Grab the kwallet service off DBus
......@@ -196,24 +201,15 @@ if ($config->SectionExists("kwallet")) {
logger('WARNING',color('magenta')."Kwallet not found on DBus".color('reset'));
goto KWALLET_END;
}
my $kwalletObject = $kwalletService->get_object('/modules/kwalletd','org.kde.KWallet');
$kwalletObject = $kwalletService->get_object('/modules/kwalletd','org.kde.KWallet');
# Grab a handle to the network wallet
my $networkWalletName = $kwalletObject->networkWallet();
my $kwalletHandle = $kwalletObject->open($networkWalletName,0,$NAME);
my $kwalletFolder = $config->val("kwallet","folder");
if (!defined($kwalletFolder) || $kwalletFolder eq "") {
logger('ERROR',color('magenta')."Kwallet folder not defined in config file".color('reset'));
exit 1;
}
my $kwalletFolderEntry = $config->val("kwallet","entry");
if (!defined($kwalletFolderEntry) || $kwalletFolderEntry eq "") {
logger('ERROR',color('magenta')."Kwallet folder entry not defined in config file".color('reset'));
exit 1;
}
$password = $kwalletObject->readPassword($kwalletHandle,$kwalletFolder,$kwalletFolderEntry,$NAME);
$kwalletHandle = $kwalletObject->open($networkWalletName,0,$NAME);
$password = $kwalletObject->readPassword($kwalletHandle,"ldap","password",$NAME);
KWALLET_END:
}
# If kwallet returned nothing, try read from terminal
if (!defined($password) || $password eq "") {
print STDERR "Your LDAP Password: ";
# Don't echo password
......@@ -374,6 +370,13 @@ delete($ENV{'LC_TIME'});
delete($ENV{'LC_CTYPE'});
# If we have kwalletObject and kwalletHandle defined, store the password as we've given awit-ssh-client permission to access
# kwallet
if (defined($kwalletObject) && defined($kwalletHandle)) {
$kwalletObject->writePassword($kwalletHandle,"ldap","password",$password,$NAME);
}
exec('/usr/bin/ssh',
'-F',$ENV{"HOME"}.'/.ssh/config',
# Try our key only, we should never need to fall back to password
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment