Add hidden option to prevent disconnect when smartcard removed

This patch adds an option 'disconnectOnCardRemoval' to system-settings.xml which when set to false allows the user's session to stay connected if the smartcard is removed. The default value of this option is true if it is not specified. Test-information: Tested on Windows using NIST smartcards. Tested true and false values set for this option in the file and also when option is not specified (true). Unit tests pass. Change-Id: I7e421b4153ff7d3000f41999add20d339076c96e
author: Mili Verma <mili.verma@isode.com> 2015-07-06 14:10:25 (GMT)
committer: Kevin Smith <kevin.smith@isode.com> 2015-07-07 10:49:49 (GMT)
commit: f10c9618f8ccd9e44c9a45a69179883b39a445f5 (patch)
tree: c22b7ddfaa5aaba08edb1ae62650a45dce6af9e7
parent: 88e392fd98a1d49d787860f4b504a01f082c6ae6 (diff)
download: swift-f10c9618f8ccd9e44c9a45a69179883b39a445f5.zip
swift-f10c9618f8ccd9e44c9a45a69179883b39a445f5.tar.bz2
10 files changed, 47 insertions, 9 deletions
diff --git a/Swift/Controllers/SettingConstants.cpp b/Swift/Controllers/SettingConstants.cpp
index 33ed17d..d740686 100644
--- a/Swift/Controllers/SettingConstants.cpp
+++ b/Swift/Controllers/SettingConstants.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012 Isode Limited.
+ * Copyright (c) 2012-2015 Isode Limited.
 * All rights reserved.
 * See the COPYING file for more information.
 */
@@ -27,4 +27,5 @@ const SettingsProvider::Setting<std::string> SettingConstants::DICT_FILE("dictFi
 const SettingsProvider::Setting<std::string> SettingConstants::INVITE_AUTO_ACCEPT_MODE("inviteAutoAcceptMode", "presence");
 const SettingsProvider::Setting<std::string> SettingConstants::TRELLIS_GRID_SIZE("trellisGridSize", "");
 const SettingsProvider::Setting<std::string> SettingConstants::TRELLIS_GRID_POSITIONS("trellisGridPositions", "");
+const SettingsProvider::Setting<bool> SettingConstants::DISCONNECT_ON_CARD_REMOVAL("disconnectOnCardRemoval", true);
 }
diff --git a/Swift/Controllers/SettingConstants.h b/Swift/Controllers/SettingConstants.h
index b441303..eca3199 100644
--- a/Swift/Controllers/SettingConstants.h
+++ b/Swift/Controllers/SettingConstants.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012 Isode Limited.
+ * Copyright (c) 2012-2015 Isode Limited.
 * All rights reserved.
 * See the COPYING file for more information.
 */
@@ -86,5 +86,14 @@ namespace Swift {
                         * Its value is a Qt serialized representation.
                         */
                        static const SettingsProvider::Setting<std::string> TRELLIS_GRID_POSITIONS;
+                        /**
+                         * The #DISCONNECT_ON_CARD_REMOVAL setting
+                         * specifies whether or not to sign out the user when
+                         * the smartcard is removed.
+                         *
+                         * If set true Swift will sign out the user when the
+                         * smart card is removed; else not.
+                         */
+                        static const SettingsProvider::Setting<bool> DISCONNECT_ON_CARD_REMOVAL;
        };
 }
diff --git a/Swift/QtUI/QtSwift.cpp b/Swift/QtUI/QtSwift.cpp
index 20d7bc9..6d8ac7b 100644
--- a/Swift/QtUI/QtSwift.cpp
+++ b/Swift/QtUI/QtSwift.cpp
@@ -23,6 +23,7 @@
 #include <Swiften/Elements/Presence.h>
 #include <Swiften/Client/Client.h>
 #include <Swiften/Base/Paths.h>
+#include <Swiften/TLS/TLSContextFactory.h>
 #include <SwifTools/Application/PlatformApplicationPathProvider.h>
 #include <SwifTools/AutoUpdater/AutoUpdater.h>
@@ -32,6 +33,7 @@
 #include <Swift/Controllers/Storages/FileStoragesFactory.h>
 #include <Swift/Controllers/Settings/XMLSettingsProvider.h>
 #include <Swift/Controllers/Settings/SettingsProviderHierachy.h>
+#include <Swift/Controllers/SettingConstants.h>
 #include <Swift/Controllers/MainController.h>
 #include <Swift/Controllers/ApplicationInfo.h>
 #include <Swift/Controllers/BuildVersion.h>
@@ -144,6 +146,8 @@ QtSwift::QtSwift(const po::variables_map& options) : networkFactories_(&clientMa
        settingsHierachy_->addProviderToTopOfStack(xmlSettings_);
        settingsHierachy_->addProviderToTopOfStack(qtSettings_);
+        networkFactories_.getTLSContextFactory()->setDisconnectOnCardRemoval(settingsHierachy_->getSetting(SettingConstants::DISCONNECT_ON_CARD_REMOVAL));
        std::map<std::string, std::string> emoticons;
        loadEmoticonsFile(":/emoticons/emoticons.txt", emoticons);
        loadEmoticonsFile(P2QSTRING(pathToString(Paths::getExecutablePath() / "emoticons.txt")), emoticons);
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
index 50f6731..4981170 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010 Isode Limited.
+ * Copyright (c) 2010-2015 Isode Limited.
 * All rights reserved.
 * See the COPYING file for more information.
 */
@@ -20,8 +20,14 @@ TLSContext* OpenSSLContextFactory::createTLSContext(const TLSOptions&) {
 void OpenSSLContextFactory::setCheckCertificateRevocation(bool check) {
        if (check) {
-                assert(false);
                SWIFT_LOG(warning) << "CRL Checking not supported for OpenSSL" << std::endl;
+                assert(false);
+        }
+}
+void OpenSSLContextFactory::setDisconnectOnCardRemoval(bool check) {
+        if (check) {
+                SWIFT_LOG(warning) << "Smart cards not supported for OpenSSL" << std::endl;
        }
 }
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
index bf7f08a..89033ad 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLContextFactory.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010 Isode Limited.
+ * Copyright (c) 2010-2015 Isode Limited.
 * All rights reserved.
 * See the COPYING file for more information.
 */
@@ -18,5 +18,6 @@ namespace Swift {
                        // Not supported
                        virtual void setCheckCertificateRevocation(bool b);
+                        virtual void setDisconnectOnCardRemoval(bool b);
        };
 }
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 5f230ec..70ff7dd 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -21,7 +21,7 @@ namespace Swift {
 //------------------------------------------------------------------------
-SchannelContext::SchannelContext(bool tls1_0Workaround) : state_(Start), secContext_(0), myCertStore_(NULL), certStoreName_("MY"), certName_(), smartCardReader_(), checkCertificateRevocation_(true), tls1_0Workaround_(tls1_0Workaround) {
+SchannelContext::SchannelContext(bool tls1_0Workaround) : state_(Start), secContext_(0), myCertStore_(NULL), certStoreName_("MY"), certName_(), smartCardReader_(), checkCertificateRevocation_(true), tls1_0Workaround_(tls1_0Workaround), disconnectOnCardRemoval_(true) {
        contextFlags_ = ISC_REQ_ALLOCATE_MEMORY |
                                ISC_REQ_CONFIDENTIALITY |
                                ISC_REQ_EXTENDED_ERROR |
@@ -625,7 +625,9 @@ bool SchannelContext::setClientCertificate(CertificateWithKey::ref certificate)
 //------------------------------------------------------------------------
 void SchannelContext::handleCertificateCardRemoved() {
-        indicateError(boost::make_shared<TLSError>(TLSError::CertificateCardRemoved));
+        if (disconnectOnCardRemoval_) {
+                indicateError(boost::make_shared<TLSError>(TLSError::CertificateCardRemoved));
+        }
 }
 //------------------------------------------------------------------------
@@ -680,5 +682,9 @@ void SchannelContext::setCheckCertificateRevocation(bool b) {
        checkCertificateRevocation_ = b;
 }
+void SchannelContext::setDisconnectOnCardRemoval(bool b) {
+        disconnectOnCardRemoval_ = b;
+}
 }
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 19cc473..36a3f0c 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -5,7 +5,7 @@
 */
 /*
- * Copyright (c) 2012 Isode Limited.
+ * Copyright (c) 2012-2015 Isode Limited.
 * All rights reserved.
 * See the COPYING file for more information.
 */
@@ -57,6 +57,8 @@ namespace Swift
                virtual void setCheckCertificateRevocation(bool b);
+                virtual void setDisconnectOnCardRemoval(bool b);
        private:
                void                    determineStreamSizes();
                void                    continueHandshake(const SafeByteArray& data);
@@ -105,5 +107,6 @@ namespace Swift
                boost::shared_ptr<CAPICertificate> userCertificate_;
                bool checkCertificateRevocation_;
                bool tls1_0Workaround_;
+                bool disconnectOnCardRemoval_;
        };
 }
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.cpp b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
index 6e83b0d..c2587c5 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.cpp
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.cpp
@@ -15,7 +15,7 @@
 namespace Swift {
-SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true) {
+SchannelContextFactory::SchannelContextFactory() : checkCertificateRevocation(true), disconnectOnCardRemoval(true) {
 }
 bool SchannelContextFactory::canCreate() const {
@@ -25,6 +25,7 @@ bool SchannelContextFactory::canCreate() const {
 TLSContext* SchannelContextFactory::createTLSContext(const TLSOptions& tlsOptions) {
        SchannelContext* context = new SchannelContext(tlsOptions.schannelTLS1_0Workaround);
        context->setCheckCertificateRevocation(checkCertificateRevocation);
+        context->setDisconnectOnCardRemoval(disconnectOnCardRemoval);
        return context;
 }
@@ -32,5 +33,8 @@ void SchannelContextFactory::setCheckCertificateRevocation(bool b) {
        checkCertificateRevocation = b;
 }
+void SchannelContextFactory::setDisconnectOnCardRemoval(bool b) {
+        disconnectOnCardRemoval = b;
+}
 }
diff --git a/Swiften/TLS/Schannel/SchannelContextFactory.h b/Swiften/TLS/Schannel/SchannelContextFactory.h
index 789d15f..27b7dc9 100644
--- a/Swiften/TLS/Schannel/SchannelContextFactory.h
+++ b/Swiften/TLS/Schannel/SchannelContextFactory.h
@@ -24,7 +24,10 @@ namespace Swift {
                        virtual void setCheckCertificateRevocation(bool b);
+                        virtual void setDisconnectOnCardRemoval(bool b);
                public:
                        bool checkCertificateRevocation;
+                        bool disconnectOnCardRemoval;
        };
 }
diff --git a/Swiften/TLS/TLSContextFactory.h b/Swiften/TLS/TLSContextFactory.h
index 90da4a1..b67c34f 100644
--- a/Swiften/TLS/TLSContextFactory.h
+++ b/Swiften/TLS/TLSContextFactory.h
@@ -20,5 +20,6 @@ namespace Swift {
                        virtual TLSContext* createTLSContext(const TLSOptions& tlsOptions) = 0;
                        virtual void setCheckCertificateRevocation(bool b) = 0;
+                        virtual void setDisconnectOnCardRemoval(bool b) = 0;
        };
 }
author	Mili Verma <mili.verma@isode.com>	2015-07-06 14:10:25 (GMT)
committer	Kevin Smith <kevin.smith@isode.com>	2015-07-07 10:49:49 (GMT)
commit	f10c9618f8ccd9e44c9a45a69179883b39a445f5 (patch)
tree	c22b7ddfaa5aaba08edb1ae62650a45dce6af9e7
parent	88e392fd98a1d49d787860f4b504a01f082c6ae6 (diff)
download	swift-f10c9618f8ccd9e44c9a45a69179883b39a445f5.zip swift-f10c9618f8ccd9e44c9a45a69179883b39a445f5.tar.bz2