27 #define SIGNON_ENABLE_UNSTABLE_APIS 35 #include "SignOn/ExtensionInterface" 36 #include "SignOn/misc.h" 42 #define RETURN_IF_NOT_INITIALIZED(return_value) \ 44 if (!m_isInitialized) { \ 45 m_error = NotInitialized; \ 46 TRACE() << "CredentialsAccessManager not initialized."; \ 47 return return_value; \ 59 m_encryptionPassphrase(QByteArray())
69 if (!device->open(QIODevice::ReadWrite)) {
74 QTextStream stream(&buffer);
75 stream <<
"\n\n====== Credentials Access Manager Configuration ======\n\n";
76 const char *usingEncryption =
useEncryption() ?
"true" :
"false";
77 stream <<
"Using encryption: " << usingEncryption <<
'\n';
82 stream <<
"======================================================\n\n";
83 device->write(buffer.toUtf8());
94 return m_settings.value(QLatin1String(
"CryptoManager")).toString();
99 return m_settings.value(QLatin1String(
"AccessControlManager")).toString();
109 return m_settings.value(QLatin1String(
"SecretsStorage")).toString();
128 m_isInitialized(false),
129 m_systemOpened(false),
132 m_pCredentialsDB(NULL),
133 m_cryptoManager(NULL),
135 m_keyAuthorizer(NULL),
136 m_secretsStorage(NULL),
137 m_CAMConfiguration(configuration),
139 m_acManagerHelper(NULL)
144 BLAME() <<
"Creating a second instance of the CAM";
147 m_keyHandler =
new SignOn::KeyHandler(
this);
170 foreach (SignOn::AbstractKeyManager *keyManager, keyManagers)
171 keyManager->disconnect();
173 m_isInitialized =
false;
179 if (m_isInitialized) {
180 TRACE() <<
"CAM already initialized.";
187 TRACE() <<
"Initializing CredentialsAccessManager with configuration: " <<
190 if (!createStorageDir()) {
191 BLAME() <<
"Failed to create storage directory.";
195 if (m_secretsStorage == 0) {
197 if (!name.isEmpty() && name != QLatin1String(
"default")) {
198 BLAME() <<
"Couldn't load SecretsStorage:" << name;
200 TRACE() <<
"No SecretsStorage set, using default (dummy)";
205 if (m_acManager == 0) {
207 if (!name.isEmpty() && name != QLatin1String(
"default")) {
208 BLAME() <<
"Couldn't load AccessControlManager:" << name;
210 TRACE() <<
"No AccessControlManager set, using default (dummy)";
211 m_acManager =
new SignOn::AbstractAccessControlManager(
this);
215 if (m_acManagerHelper == 0) {
220 if (m_cryptoManager == 0) {
222 if (!name.isEmpty() && name != QLatin1String(
"default")) {
223 BLAME() <<
"Couldn't load CryptoManager:" << name;
225 TRACE() <<
"No CryptoManager set, using default (dummy)";
228 QObject::connect(m_cryptoManager, SIGNAL(fileSystemMounted()),
229 this, SLOT(onEncryptedFSMounted()));
230 QObject::connect(m_cryptoManager, SIGNAL(fileSystemUnmounting()),
231 this, SLOT(onEncryptedFSUnmounting()));
232 m_cryptoManager->initialize(m_CAMConfiguration.
m_settings);
238 if (m_keyAuthorizer == 0) {
239 TRACE() <<
"No key authorizer set, using default";
242 QObject::connect(m_keyAuthorizer,
243 SIGNAL(keyAuthorizationQueried(
const SignOn::Key,
int)),
245 SLOT(onKeyAuthorizationQueried(
const SignOn::Key,
int)));
251 QObject::connect(m_keyHandler, SIGNAL(ready()),
253 QObject::connect(m_keyHandler, SIGNAL(keyInserted(SignOn::Key)),
254 this, SLOT(onKeyInserted(SignOn::Key)));
255 QObject::connect(m_keyHandler,
256 SIGNAL(lastAuthorizedKeyRemoved(SignOn::Key)),
258 SLOT(onLastAuthorizedKeyRemoved(SignOn::Key)));
259 QObject::connect(m_keyHandler, SIGNAL(keyRemoved(SignOn::Key)),
260 this, SLOT(onKeyRemoved(SignOn::Key)));
261 m_keyHandler->initialize(m_cryptoManager, keyManagers);
264 m_isInitialized =
true;
267 TRACE() <<
"CredentialsAccessManager successfully initialized...";
272 SignOn::AbstractKeyManager *keyManager)
274 keyManagers.append(keyManager);
279 bool extensionInUse =
false;
281 SignOn::ExtensionInterface *extension;
282 SignOn::ExtensionInterface2 *extension2;
283 SignOn::ExtensionInterface3 *extension3;
285 extension3 = qobject_cast<SignOn::ExtensionInterface3 *>(plugin);
288 extension2 = extension3;
290 extension2 = qobject_cast<SignOn::ExtensionInterface2 *>(plugin);
293 extension = extension2;
295 extension = qobject_cast<SignOn::ExtensionInterface *>(plugin);
297 if (extension == 0) {
298 qWarning() <<
"Plugin instance is not an ExtensionInterface";
302 SignOn::AbstractKeyManager *keyManager = extension->keyManager(
this);
305 extensionInUse =
true;
310 if (extension2 != 0) {
311 SignOn::AbstractKeyAuthorizer *keyAuthorizer =
312 extension2->keyAuthorizer(m_keyHandler,
this);
313 if (keyAuthorizer != 0) {
314 if (m_keyAuthorizer == 0) {
315 m_keyAuthorizer = keyAuthorizer;
316 extensionInUse =
true;
318 TRACE() <<
"Key authorizer already set";
319 delete keyAuthorizer;
324 if (extension3 != 0) {
329 SignOn::AbstractCryptoManager *cryptoManager =
330 extension3->cryptoManager(
this);
331 if (cryptoManager != 0) {
332 if (m_cryptoManager == 0) {
333 m_cryptoManager = cryptoManager;
334 extensionInUse =
true;
336 TRACE() <<
"Crypto manager already set";
337 delete cryptoManager;
344 SignOn::AbstractSecretsStorage *secretsStorage =
345 extension3->secretsStorage(
this);
346 if (secretsStorage != 0) {
347 if (m_secretsStorage == 0) {
348 m_secretsStorage = secretsStorage;
349 extensionInUse =
true;
351 TRACE() <<
"SecretsStorage already set";
352 delete secretsStorage;
360 plugin->objectName() ==
362 SignOn::AbstractAccessControlManager *acManager =
363 extension3->accessControlManager(
this);
364 if (acManager != 0) {
365 if (m_acManager == 0) {
366 m_acManager = acManager;
367 extensionInUse =
true;
369 TRACE() <<
"Access control manager already set";
375 return extensionInUse;
382 files << m_cryptoManager->backupFiles();
386 bool CredentialsAccessManager::openSecretsDB()
388 if (!m_cryptoManager->fileSystemIsMounted()) {
395 QString dbPath = m_cryptoManager->fileSystemMountPath()
399 TRACE() <<
"Database name: [" << dbPath <<
"]";
408 bool CredentialsAccessManager::isSecretsDBOpen()
413 bool CredentialsAccessManager::closeSecretsDB()
417 if (!m_cryptoManager->unmountFileSystem()) {
425 bool CredentialsAccessManager::createStorageDir()
429 QFileInfo fileInfo(dbPath);
430 if (!fileInfo.exists()) {
431 QDir storageDir(fileInfo.dir());
432 if (!storageDir.mkpath(storageDir.path())) {
433 BLAME() <<
"Could not create storage directory:" <<
443 bool CredentialsAccessManager::openMetaDataDB()
447 m_pCredentialsDB =
new CredentialsDB(dbPath, m_secretsStorage);
449 if (!m_pCredentialsDB->
init()) {
457 void CredentialsAccessManager::closeMetaDataDB()
459 if (m_pCredentialsDB) {
460 delete m_pCredentialsDB;
461 m_pCredentialsDB = NULL;
469 if (!openMetaDataDB()) {
470 BLAME() <<
"Couldn't open metadata DB!";
474 m_systemOpened =
true;
476 if (m_cryptoManager->fileSystemIsMounted()) {
477 if (!openSecretsDB()) {
478 BLAME() <<
"Failed to open secrets DB.";
486 m_cryptoManager->mountFileSystem();
499 bool allClosed =
true;
500 if (isSecretsDBOpen() && !closeSecretsDB())
506 m_systemOpened =
false;
519 BLAME() <<
"Not implemented";
527 return m_pCredentialsDB;
532 return (m_keyHandler != 0) ? m_keyHandler->isReady() :
true;
535 void CredentialsAccessManager::onKeyInserted(
const SignOn::Key key)
537 TRACE() <<
"Key inserted.";
539 if (!m_keyHandler->keyIsAuthorized(key))
540 m_keyAuthorizer->queryKeyAuthorization(
541 key, AbstractKeyAuthorizer::KeyInserted);
544 void CredentialsAccessManager::onLastAuthorizedKeyRemoved(
const SignOn::Key key)
547 TRACE() <<
"All keys disabled. Closing secure storage.";
548 if (isSecretsDBOpen() || m_cryptoManager->fileSystemIsMounted())
549 if (!closeSecretsDB())
550 BLAME() <<
"Error occurred while closing secure storage.";
553 void CredentialsAccessManager::onKeyRemoved(
const SignOn::Key key)
555 TRACE() <<
"Key removed.";
557 if (m_keyHandler->keyIsAuthorized(key)) {
558 if (!m_keyHandler->revokeKeyAuthorization(key)) {
559 BLAME() <<
"Revoking key authorization failed";
564 void CredentialsAccessManager::onKeyAuthorizationQueried(
const SignOn::Key key,
567 TRACE() <<
"result:" << result;
569 if (result != AbstractKeyAuthorizer::Denied) {
570 KeyHandler::AuthorizeFlags flags = KeyHandler::None;
571 if (result == AbstractKeyAuthorizer::Exclusive) {
572 TRACE() <<
"Reformatting secure storage.";
573 flags |= KeyHandler::FormatStorage;
576 if (!m_keyHandler->authorizeKey(key, flags)) {
577 BLAME() <<
"Authorization failed";
581 replyToSecureStorageEventNotifiers();
586 if (m_keyHandler == 0)
return false;
587 return !m_keyHandler->insertedKeys().isEmpty();
590 void CredentialsAccessManager::replyToSecureStorageEventNotifiers()
599 foreach (
EventSender object, m_secureStorageEventNotifiers) {
606 QCoreApplication::postEvent(
609 Qt::HighEventPriority);
612 m_secureStorageEventNotifiers.clear();
617 TRACE() <<
"Custom event received.";
619 QObject::customEvent(event);
628 m_secureStorageEventNotifiers.append(localEvent->
m_sender);
630 TRACE() <<
"Processing secure storage not available event.";
631 if ((localEvent == 0) || (m_pCredentialsDB == 0)) {
632 replyToSecureStorageEventNotifiers();
633 QObject::customEvent(event);
639 replyToSecureStorageEventNotifiers();
640 QObject::customEvent(event);
645 m_keyAuthorizer->queryKeyAuthorization(key,
646 AbstractKeyAuthorizer::StorageNeeded);
648 QObject::customEvent(event);
651 void CredentialsAccessManager::onEncryptedFSMounted()
656 if (!isSecretsDBOpen()) {
657 if (openSecretsDB()) {
658 TRACE() <<
"Secrets DB opened.";
660 BLAME() <<
"Failed to open secrets DB.";
663 BLAME() <<
"Secrets DB already opened?";
667 void CredentialsAccessManager::onEncryptedFSUnmounting()
672 if (isSecretsDBOpen()) {
CAMConfiguration()
Constructs a CAMConfiguration object with the default configuration - encryption in use...
QString metadataDBPath() const
Returns the path to the metadata DB.
bool deleteCredentialsSystem()
Deletes the credentials system.
void addSetting(const QString &key, const QVariant &value)
#define RETURN_IF_NOT_INITIALIZED(return_value)
void serialize(QIODevice *device)
Serializes the CAMConfiguration object as string to a specific IODevice.
bool closeCredentialsSystem()
Closes the credentials system.
QString m_dbName
The database file name.
bool initExtension(QObject *object)
Initializes know objects from an extension plugin.
bool credentialsSystemOpened() const
For convenience method.
CredentialsAccessManager(const CAMConfiguration &configuration, QObject *parent=0)
Constructs a CredentialsAccessManager object with the given parent.
QString m_secretsDbName
The credentials database file name.
void customEvent(QEvent *event)
bool useEncryption() const
Any object in the signon framework that needs the CredentialsAccessManager - CAM - secure storage in ...
void addKeyManager(SignOn::AbstractKeyManager *keyManager)
Adds a key manager.
const char signonDefaultDbName[]
void setStoragePath(const QString &storagePath)
static CredentialsAccessManager * instance()
Returns CAM instance.
QString m_storagePath
The base directory for storage.
#define SIGNON_SECURE_STORAGE_AVAILABLE
The CAM will reply with an event of this type when the secure storage access will be successfully res...
Main singleton and manager object of the credentials database system.
#define SIGNON_SECURE_STORAGE_NOT_AVAILABLE
Use this event type to signal the CAM when the secure storage is not available.
bool isCredentialsSystemReady() const
The creadentials system is ready when all of the subscribed key managers have successfully reported a...
bool setUserOwnership(const QString &filePath)
void credentialsSystemReady()
Is emitted when the credentials system becomes ready.
bool openSecretsDB(const QString &secretsDbName)
This method will open the DB file containing the user secrets.
bool init()
Initializes the CAM instance.
QString secretsStorageName() const
Returns the name of the SecretsStorage to use.
QPointer< QObject > EventSender
Dummy implementation of a manager for the credentials storage file system encryption.
bool keysAvailable() const
The CAM manages the encryption keys collection.
~CredentialsAccessManager()
Destroys a CredentialsAccessManager.
Definition of the CredentialsAccessManager object.
void finalize()
Finalizes the CAM instance, this could include, closing the credentials system and resetting the conf...
SQLite-based implementation of the AbstractSecretsStorage interface.
const char signonDefaultSecretsDbName[]
CredentialsDB * credentialsDB() const
Manages the credentials I/O.
Implements a default key authorizer, which authorizes all given keys.
QString accessControlManagerName() const
Returns the name of the AccessControlManager to use.
Configuration object for the CredentialsAccessManager - CAM.
bool openCredentialsSystem()
Opens the credentials system, creates the CreadentialsDB object; if encryption is configured this wil...
QString cryptoManagerName() const
Returns the name of the CryptoManager to use.
const char signonDefaultStoragePath[]
QStringList backupFiles() const
Contains helper functions related to Access Control.