signon  8.58
signonidentityadaptor.cpp
Go to the documentation of this file.
1 /*
2  * This file is part of signon
3  *
4  * Copyright (C) 2009-2010 Nokia Corporation.
5  * Copyright (C) 2011 Intel Corporation.
6  * Copyright (C) 2013 Canonical Ltd.
7  *
8  * Contact: Aurel Popirtac <ext-aurel.popirtac@nokia.com>
9  * Contact: Alberto Mardegan <alberto.mardegan@canonical.com>
10  * Contact: Jussi Laako <jussi.laako@linux.intel.com>
11  *
12  * This library is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU Lesser General Public License
14  * version 2.1 as published by the Free Software Foundation.
15  *
16  * This library is distributed in the hope that it will be useful, but
17  * WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19  * Lesser General Public License for more details.
20  *
21  * You should have received a copy of the GNU Lesser General Public
22  * License along with this library; if not, write to the Free Software
23  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
24  * 02110-1301 USA
25  */
26 
27 #include "signonidentityadaptor.h"
28 
29 #include "signonidentity.h"
31 
32 namespace SignonDaemonNS {
33 
34 SignonIdentityAdaptor::SignonIdentityAdaptor(SignonIdentity *parent):
35  QDBusAbstractAdaptor(parent),
36  m_parent(parent)
37 {
38  setAutoRelaySignals(true);
39 }
40 
41 SignonIdentityAdaptor::~SignonIdentityAdaptor()
42 {
43 }
44 
45 void SignonIdentityAdaptor::securityErrorReply(const char *failedMethodName)
46 {
47  QString errMsg;
48  QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
49  << "Method:"
50  << failedMethodName;
51 
52  errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
53  TRACE() << "Method FAILED Access Control check:" << failedMethodName;
54 }
55 
56 void SignonIdentityAdaptor::errorReply(const QString &name,
57  const QString &message)
58 {
59  QDBusMessage msg = parentDBusContext().message();
60  msg.setDelayedReply(true);
61  QDBusMessage errReply = msg.createErrorReply(name, message);
62  parentDBusContext().connection().send(errReply);
63 }
64 
66 {
67  /* Access Control */
68  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
69  parentDBusContext().connection(),
70  parentDBusContext().message(),
71  m_parent->id())) {
72  securityErrorReply(__func__);
73  return 0;
74  }
75 
76  return m_parent->requestCredentialsUpdate(msg);
77 }
78 
80 {
81  /* Access Control */
82  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
83  parentDBusContext().connection(),
84  parentDBusContext().message(),
85  m_parent->id())) {
86  securityErrorReply(__func__);
87  return QVariantMap();
88  }
89 
90  return m_parent->getInfo();
91 }
92 
93 void SignonIdentityAdaptor::addReference(const QString &reference)
94 {
95  /* Access Control */
96  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
97  parentDBusContext().connection(),
98  parentDBusContext().message(),
99  m_parent->id())) {
100  securityErrorReply(__func__);
101  return;
102  }
103 
104  if (!m_parent->addReference(reference)) {
105  /* TODO: add a lastError() method to SignonIdentity */
106  errorReply(SIGNOND_OPERATION_FAILED_ERR_NAME,
107  SIGNOND_OPERATION_FAILED_ERR_STR);
108  }
109 }
110 
111 void SignonIdentityAdaptor::removeReference(const QString &reference)
112 {
113  /* Access Control */
114  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
115  parentDBusContext().connection(),
116  parentDBusContext().message(),
117  m_parent->id())) {
118  securityErrorReply(__func__);
119  return;
120  }
121 
122  if (!m_parent->removeReference(reference)) {
123  /* TODO: add a lastError() method to SignonIdentity */
124  errorReply(SIGNOND_OPERATION_FAILED_ERR_NAME,
125  SIGNOND_OPERATION_FAILED_ERR_STR);
126  }
127 }
128 
129 
130 bool SignonIdentityAdaptor::verifyUser(const QVariantMap &params)
131 {
132  /* Access Control */
133  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
134  parentDBusContext().connection(),
135  parentDBusContext().message(),
136  m_parent->id())) {
137  securityErrorReply(__func__);
138  return false;
139  }
140 
141  return m_parent->verifyUser(params);
142 }
143 
144 bool SignonIdentityAdaptor::verifySecret(const QString &secret)
145 {
146  /* Access Control */
147  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
148  parentDBusContext().connection(),
149  parentDBusContext().message(),
150  m_parent->id())) {
151  securityErrorReply(__func__);
152  return false;
153  }
154 
155  return m_parent->verifySecret(secret);
156 }
157 
159 {
160  /* Access Control */
163  parentDBusContext().connection(),
164  parentDBusContext().message(),
165  m_parent->id());
166 
168  //Identity has an owner
171  parentDBusContext().connection(),
172  parentDBusContext().message())) {
173  securityErrorReply(__func__);
174  return;
175  }
176  }
177 
178  m_parent->remove();
179 }
180 
182 {
183  /* Access Control */
184  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
185  parentDBusContext().connection(),
186  parentDBusContext().message(),
187  m_parent->id())) {
188  securityErrorReply(__func__);
189  return false;
190  }
191 
192  return m_parent->signOut();
193 }
194 
195 quint32 SignonIdentityAdaptor::store(const QVariantMap &info)
196 {
197  quint32 id = info.value(QLatin1String("Id"), SIGNOND_NEW_IDENTITY).toInt();
198  /* Access Control */
199  if (id != SIGNOND_NEW_IDENTITY) {
202  parentDBusContext().connection(),
203  parentDBusContext().message(),
204  m_parent->id());
205 
207  //Identity has an owner
210  parentDBusContext().connection(),
211  parentDBusContext().message())) {
212 
213  securityErrorReply(__func__);
214  return 0;
215  }
216  }
217  }
218  return m_parent->store(info);
219 }
220 
221 } //namespace SignonDaemonNS
quint32 store(const QVariantMap &info)
quint32 requestCredentialsUpdate(const QString &message)
static AccessControlManagerHelper * instance()
bool isPeerKeychainWidget(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
void removeReference(const QString &reference)
void addReference(const QString &reference)
IdentityOwnership
Specifies the owner relationship of an application over a specific identity, or the lack of ownership...
#define TRACE()
Definition: debug.h:28
IdentityOwnership isPeerOwnerOfIdentity(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
Checks if a specific process is the owner of a SignonIdentity, thus having full control over it...
Helper class for access control-related functionality.
bool verifyUser(const QVariantMap &params)