33 SignonDaemonAdaptor::SignonDaemonAdaptor(SignonDaemon *parent):
34 QDBusAbstractAdaptor(parent),
37 setAutoRelaySignals(
false);
40 SignonDaemonAdaptor::~SignonDaemonAdaptor()
46 QObject *identity = m_parent->registerNewIdentity();
47 objectPath = registerObject(parentDBusContext().connection(), identity);
52 void SignonDaemonAdaptor::securityErrorReply()
54 securityErrorReply(parentDBusContext().connection(),
55 parentDBusContext().message());
58 void SignonDaemonAdaptor::securityErrorReply(
const QDBusConnection &conn,
59 const QDBusMessage &msg)
62 QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
66 msg.setDelayedReply(
true);
67 QDBusMessage errReply =
68 msg.createErrorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME,
71 TRACE() <<
"Method FAILED Access Control check:" << msg.member();
74 bool SignonDaemonAdaptor::handleLastError(
const QDBusConnection &conn,
75 const QDBusMessage &msg)
77 if (!m_parent->lastErrorIsValid())
return false;
79 msg.setDelayedReply(
true);
80 QDBusMessage errReply =
81 msg.createErrorReply(m_parent->lastErrorName(),
82 m_parent->lastErrorMessage());
88 SignonDaemonAdaptor::registerObject(
const QDBusConnection &connection,
91 QString path =
object->objectName();
93 if (connection.objectRegisteredAt(path) != object) {
94 QDBusConnection conn(connection);
95 if (!conn.registerObject(path,
object,
96 QDBusConnection::ExportAdaptors)) {
97 BLAME() <<
"Object registration failed:" <<
object <<
101 return QDBusObjectPath(path);
105 QDBusObjectPath &objectPath,
106 QVariantMap &identityData)
109 QDBusMessage msg = parentDBusContext().message();
110 QDBusConnection conn = parentDBusContext().connection();
112 SignOn::AccessReply *reply =
114 QObject::connect(reply, SIGNAL(finished()),
115 this, SLOT(onIdentityAccessReplyFinished()));
116 msg.setDelayedReply(
true);
120 QObject *identity = m_parent->getIdentity(
id, identityData);
121 if (handleLastError(conn, msg))
return;
123 objectPath = registerObject(conn, identity);
128 void SignonDaemonAdaptor::onIdentityAccessReplyFinished()
130 SignOn::AccessReply *reply = qobject_cast<SignOn::AccessReply*>(sender());
131 Q_ASSERT(reply != 0);
133 reply->deleteLater();
134 QDBusConnection connection = reply->request().peerConnection();
135 QDBusMessage message = reply->request().peerMessage();
136 quint32
id = reply->request().identity();
139 if (!reply->isAccepted() ||
141 securityErrorReply(connection, message);
145 QVariantMap identityData;
146 QObject *identity = m_parent->getIdentity(
id, identityData);
147 if (handleLastError(connection, message))
return;
149 QDBusObjectPath objectPath = registerObject(connection, identity);
152 args << QVariant::fromValue(objectPath);
153 args << identityData;
154 connection.send(message.createReply(args));
161 return m_parent->queryMethods();
170 QDBusMessage msg = parentDBusContext().message();
171 QDBusConnection conn = parentDBusContext().connection();
174 if (
id != SIGNOND_NEW_IDENTITY) {
176 SignOn::AccessReply *reply =
180 reply->setProperty(
"type", type);
181 QObject::connect(reply, SIGNAL(finished()),
182 this, SLOT(onAuthSessionAccessReplyFinished()));
183 msg.setDelayedReply(
true);
188 TRACE() <<
"ACM passed, creating AuthSession object";
189 pid_t ownerPid = acm->
pidOfPeer(conn, msg);
190 QObject *authSession = m_parent->getAuthSession(
id, type, ownerPid);
191 if (handleLastError(conn, msg))
return QString();
193 QDBusObjectPath objectPath = registerObject(conn, authSession);
194 return objectPath.path();
197 void SignonDaemonAdaptor::onAuthSessionAccessReplyFinished()
199 SignOn::AccessReply *reply = qobject_cast<SignOn::AccessReply*>(sender());
200 Q_ASSERT(reply != 0);
202 reply->deleteLater();
203 QDBusConnection connection = reply->request().peerConnection();
204 QDBusMessage message = reply->request().peerMessage();
205 quint32
id = reply->request().identity();
206 QString type = reply->property(
"type").toString();
209 if (!reply->isAccepted() ||
211 securityErrorReply(connection, message);
212 TRACE() <<
"still not allowed";
216 pid_t ownerPid = acm->
pidOfPeer(connection, message);
217 QObject *authSession = m_parent->getAuthSession(
id, type, ownerPid);
218 if (handleLastError(connection, message))
return;
219 QDBusObjectPath objectPath = registerObject(connection, authSession);
222 args << QVariant::fromValue(objectPath);
223 connection.send(message.createReply(args));
230 QStringList mechanisms = m_parent->queryMechanisms(method);
231 if (handleLastError(parentDBusContext().connection(),
232 parentDBusContext().message())) {
233 return QStringList();
242 QDBusMessage msg = parentDBusContext().message();
243 QDBusConnection conn = parentDBusContext().connection();
246 securityErrorReply();
250 msg.setDelayedReply(
true);
251 MapList identities = m_parent->queryIdentities(filter);
252 if (handleLastError(conn, msg))
return;
254 QDBusMessage reply = msg.createReply(QVariant::fromValue(identities));
261 QDBusMessage msg = parentDBusContext().message();
262 QDBusConnection conn = parentDBusContext().connection();
265 securityErrorReply();
269 bool ok = m_parent->clear();
270 if (handleLastError(conn, msg))
return false;
void registerNewIdentity(QDBusObjectPath &objectPath)
QStringList queryMethods()
static AccessControlManagerHelper * instance()
QStringList queryMechanisms(const QString &method)
void getIdentity(const quint32 id, QDBusObjectPath &objectPath, QVariantMap &identityData)
static void destroyUnused()
Deletes all disposable object for which the inactivity time has elapsed.
void queryIdentities(const QVariantMap &filter)
QString getAuthSessionObjectPath(const quint32 id, const QString &type)
SignOn::AccessReply * requestAccessToIdentity(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, quint32 id)
static pid_t pidOfPeer(const QDBusContext &peerContext)
Helper class for access control-related functionality.
Contains helper functions related to Access Control.
bool isPeerAllowedToUseIdentity(const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
Checks if a client process is allowed to use a specific SignonIdentity.