29 #include <QDBusConnection> 30 #include <QDBusConnectionInterface> 32 #include <dbus/dbus.h> 50 SignOn::AbstractAccessControlManager *acManager)
54 m_acManager = acManager;
56 BLAME() <<
"Creating a second instance of the CAM";
68 const QDBusConnection &peerConnection,
69 const QDBusMessage &peerMessage,
70 const quint32 identityId)
76 TRACE() <<
"NULL db pointer, secure storage might be unavailable,";
81 TRACE() << QString(QLatin1String(
"Access control list of identity: " 82 "%1: [%2].Tokens count: %3\t"))
84 .arg(acl.join(QLatin1String(
", ")))
98 if (acl.contains(QLatin1String(
"*")))
106 const QDBusConnection &peerConnection,
107 const QDBusMessage &peerMessage,
108 const quint32 identityId)
112 TRACE() <<
"NULL db pointer, secure storage might be unavailable,";
115 QStringList ownerSecContexts = db->
ownerList(identityId);
120 if (ownerSecContexts.isEmpty())
129 const QDBusConnection &peerConnection,
130 const QDBusMessage &peerMessage)
132 static QString keychainWidgetAppId = m_acManager->keychainWidgetAppId();
133 QString peerAppId =
appIdOfPeer(peerConnection, peerMessage);
134 return (peerAppId == keychainWidgetAppId);
138 const QDBusConnection &peerConnection,
139 const QDBusMessage &peerMessage)
141 TRACE() << m_acManager->appIdOfPeer(peerConnection, peerMessage);
142 return m_acManager->appIdOfPeer(peerConnection, peerMessage);
147 const QDBusConnection &peerConnection,
148 const QDBusMessage &peerMessage,
149 const QStringList secContexts)
151 foreach(QString securityContext, secContexts)
153 TRACE() << securityContext;
158 BLAME() <<
"given peer does not have needed permissions";
164 const QDBusConnection &peerConnection,
165 const QDBusMessage &peerMessage,
166 const QString securityContext)
168 TRACE() << securityContext;
169 return m_acManager->isPeerAllowedToAccess(peerConnection, peerMessage,
175 return pidOfPeer(peerContext.connection(), peerContext.message());
179 const QDBusConnection &peerConnection,
180 const QDBusMessage &peerMessage)
182 QString service = peerMessage.service();
183 if (service.isEmpty()) {
185 DBusConnection *connection =
186 (DBusConnection *)peerConnection.internalPointer();
187 unsigned long pid = 0;
188 dbus_bool_t ok = dbus_connection_get_unix_process_id(connection,
190 if (Q_UNLIKELY(!ok)) {
191 BLAME() <<
"Couldn't get PID of caller!";
196 BLAME() <<
"Empty caller name, and no P2P support enabled";
200 return peerConnection.interface()->servicePid(service).value();
204 SignOn::AccessReply *
206 const QDBusConnection &peerConnection,
207 const QDBusMessage &peerMessage,
210 SignOn::AccessRequest request;
211 request.setPeer(peerConnection, peerMessage);
212 request.setIdentity(
id);
213 return m_acManager->handleRequest(request);
bool peerHasOneOfAccesses(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QStringList secContexts)
Checks if a client process is allowed to access at least one object from the list with a certain secu...
QString appIdOfPeer(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
Looks up for the application identifier of a specific client process.
QStringList accessControlList(const quint32 identityId)
static AccessControlManagerHelper * instance()
bool isPeerKeychainWidget(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
~AccessControlManagerHelper()
AccessControlManagerHelper(SignOn::AbstractAccessControlManager *acManager)
static CredentialsAccessManager * instance()
Returns CAM instance.
SignOn::AccessReply * requestAccessToIdentity(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, quint32 id)
static pid_t pidOfPeer(const QDBusContext &peerContext)
Definition of the CredentialsAccessManager object.
IdentityOwnership
Specifies the owner relationship of an application over a specific identity, or the lack of ownership...
bool errorOccurred() const
IdentityOwnership isPeerOwnerOfIdentity(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
Checks if a specific process is the owner of a SignonIdentity, thus having full control over it...
CredentialsDB * credentialsDB() const
Manages the credentials I/O.
bool isPeerAllowedToAccess(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QString securityContext)
Checks if a client process is allowed to access objects with a certain security context.
QStringList ownerList(const quint32 identityId)
Helper class for access control-related functionality.
Contains helper functions related to Access Control.
bool isPeerAllowedToUseIdentity(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
Checks if a client process is allowed to use a specific SignonIdentity.