signon  8.58
SignonDaemonNS::AccessControlManagerHelper Class Reference

Contains helper functions related to Access Control. More...

#include <accesscontrolmanagerhelper.h>

Public Types

enum  IdentityOwnership { ApplicationIsOwner = 0, ApplicationIsNotOwner, IdentityDoesNotHaveOwner }
 Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity. More...
 

Public Member Functions

 AccessControlManagerHelper (SignOn::AbstractAccessControlManager *acManager)
 
 ~AccessControlManagerHelper ()
 
bool isPeerAllowedToUseIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
 Checks if a client process is allowed to use a specific SignonIdentity. More...
 
IdentityOwnership isPeerOwnerOfIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
 Checks if a specific process is the owner of a SignonIdentity, thus having full control over it. More...
 
bool isPeerAllowedToUseAuthSession (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const SignonAuthSession &authSession)
 Checks if a specific process is allowed to use the SignonAuthSession functionality. More...
 
bool isPeerAllowedToUseAuthSession (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 ownerIdentityId)
 Checks if a specific process is allowed to use the SignonAuthSession functionality. More...
 
bool isPeerKeychainWidget (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
 
QString appIdOfPeer (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
 Looks up for the application identifier of a specific client process. More...
 
bool isPeerAllowedToAccess (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QString securityContext)
 Checks if a client process is allowed to access objects with a certain security context. More...
 
bool peerHasOneOfAccesses (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QStringList secContexts)
 Checks if a client process is allowed to access at least one object from the list with a certain security context. More...
 
SignOn::AccessReply * requestAccessToIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, quint32 id)
 

Static Public Member Functions

static pid_t pidOfPeer (const QDBusContext &peerContext)
 
static pid_t pidOfPeer (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
 
static AccessControlManagerHelperinstance ()
 

Detailed Description

Contains helper functions related to Access Control.

Definition at line 51 of file accesscontrolmanagerhelper.h.

Member Enumeration Documentation

Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity.

See also
isPeerOwnerOfIdentity().
Enumerator
ApplicationIsOwner 
ApplicationIsNotOwner 
IdentityDoesNotHaveOwner 

Definition at line 60 of file accesscontrolmanagerhelper.h.

Constructor & Destructor Documentation

AccessControlManagerHelper::AccessControlManagerHelper ( SignOn::AbstractAccessControlManager *  acManager)

Definition at line 49 of file accesscontrolmanagerhelper.cpp.

References BLAME.

AccessControlManagerHelper::~AccessControlManagerHelper ( )

Definition at line 60 of file accesscontrolmanagerhelper.cpp.

Member Function Documentation

QString AccessControlManagerHelper::appIdOfPeer ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage 
)

Looks up for the application identifier of a specific client process.

Parameters
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
Returns
the application identifier of the process, or an empty string if none found.

Definition at line 137 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by SignonDaemonNS::SignonIdentity::addReference(), isPeerAllowedToUseAuthSession(), isPeerKeychainWidget(), SignonDaemonNS::SignonIdentity::removeReference(), SignonDaemonNS::SignonSessionCore::setId(), and SignonDaemonNS::SignonIdentity::store().

bool AccessControlManagerHelper::isPeerAllowedToAccess ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const QString  securityContext 
)

Checks if a client process is allowed to access objects with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
securityContext,thesecurityContext to be checked against.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 163 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by isPeerAllowedToUseAuthSession(), and peerHasOneOfAccesses().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const SignonAuthSession authSession 
)
inline

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
authSession,theauthentication session to be used by the peer request.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 114 of file accesscontrolmanagerhelper.h.

References SignonDaemonNS::SignonAuthSession::id(), and isPeerAllowedToUseIdentity().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const quint32  ownerIdentityId 
)
inline

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
ownerIdentityId,idof the Identity owning the authentication session.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 131 of file accesscontrolmanagerhelper.h.

References appIdOfPeer(), isPeerAllowedToAccess(), isPeerAllowedToUseIdentity(), isPeerKeychainWidget(), peerHasOneOfAccesses(), and requestAccessToIdentity().

bool AccessControlManagerHelper::isPeerAllowedToUseIdentity ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const quint32  identityId 
)

Checks if a client process is allowed to use a specific SignonIdentity.

Parameters
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
identityId,theSignonIdentity to be used.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 67 of file accesscontrolmanagerhelper.cpp.

References SignonDaemonNS::CredentialsDB::accessControlList(), ApplicationIsOwner, SignonDaemonNS::CredentialsAccessManager::credentialsDB(), SignonDaemonNS::CredentialsDB::errorOccurred(), SignonDaemonNS::CredentialsAccessManager::instance(), isPeerOwnerOfIdentity(), peerHasOneOfAccesses(), and TRACE.

Referenced by SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonDaemonAdaptor::getIdentity(), and isPeerAllowedToUseAuthSession().

bool AccessControlManagerHelper::isPeerKeychainWidget ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage 
)
Parameters
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
Returns
true, if the peer is the Keychain Widget, false otherwise.

Definition at line 128 of file accesscontrolmanagerhelper.cpp.

References appIdOfPeer().

Referenced by isPeerAllowedToUseAuthSession(), SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

AccessControlManagerHelper::IdentityOwnership AccessControlManagerHelper::isPeerOwnerOfIdentity ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const quint32  identityId 
)

Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.

Parameters
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
identityId,theSignonIdentity in context.
Return values
ApplicationIsOwner/ApplicationIsNotOwnerif the identity is/isn't the owner or IdentityDoesNotHaveOwner if the identity does not have an owner at all.

Definition at line 105 of file accesscontrolmanagerhelper.cpp.

References ApplicationIsNotOwner, ApplicationIsOwner, SignonDaemonNS::CredentialsAccessManager::credentialsDB(), SignonDaemonNS::CredentialsDB::errorOccurred(), IdentityDoesNotHaveOwner, SignonDaemonNS::CredentialsAccessManager::instance(), SignonDaemonNS::CredentialsDB::ownerList(), peerHasOneOfAccesses(), and TRACE.

Referenced by isPeerAllowedToUseIdentity(), SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

bool AccessControlManagerHelper::peerHasOneOfAccesses ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const QStringList  secContexts 
)

Checks if a client process is allowed to access at least one object from the list with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
secContexts,theobjects' securityContexts to be checked against.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 146 of file accesscontrolmanagerhelper.cpp.

References BLAME, isPeerAllowedToAccess(), and TRACE.

Referenced by isPeerAllowedToUseAuthSession(), isPeerAllowedToUseIdentity(), and isPeerOwnerOfIdentity().

pid_t AccessControlManagerHelper::pidOfPeer ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage 
)
static

Definition at line 178 of file accesscontrolmanagerhelper.cpp.

References BLAME.

SignOn::AccessReply * AccessControlManagerHelper::requestAccessToIdentity ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
quint32  id 
)

The documentation for this class was generated from the following files: