signon  8.58
signonauthsessionadaptor.cpp
Go to the documentation of this file.
1 /*
2  * This file is part of signon
3  *
4  * Copyright (C) 2009-2010 Nokia Corporation.
5  * Copyright (C) 2011 Intel Corporation.
6  * Copyright (C) 2013 Canonical Ltd.
7  *
8  * Contact: Alberto Mardegan <alberto.mardegan@canonical.com>
9  * Contact: Jussi Laako <jussi.laako@linux.intel.com>
10  *
11  * This library is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU Lesser General Public License
13  * version 2.1 as published by the Free Software Foundation.
14  *
15  * This library is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18  * Lesser General Public License for more details.
19  *
20  * You should have received a copy of the GNU Lesser General Public
21  * License along with this library; if not, write to the Free Software
22  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
23  * 02110-1301 USA
24  */
25 
29 #include "credentialsdb.h"
30 
31 namespace SignonDaemonNS {
32 
33 SignonAuthSessionAdaptor::SignonAuthSessionAdaptor(SignonAuthSession *parent):
34  QDBusAbstractAdaptor(parent)
35 {
36  setAutoRelaySignals(true);
37 }
38 
39 SignonAuthSessionAdaptor::~SignonAuthSessionAdaptor()
40 {
41 }
42 
43 void SignonAuthSessionAdaptor::errorReply(const QString &name,
44  const QString &message)
45 {
46  const QDBusContext &context = *static_cast<QDBusContext *>(parent());
47  QDBusMessage errReply = context.message().createErrorReply(name, message);
48  context.connection().send(errReply);
49 }
50 
51 QStringList
53  const QStringList &wantedMechanisms)
54 {
55  TRACE();
56 
57  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
58  if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
59  parent()->ownerPid()) {
60  TRACE() << "queryAvailableMechanisms called from peer that doesn't "
61  "own the AuthSession object\n";
62  QString errMsg;
63  QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
64  << " Authentication session owned by other "
65  "process.";
66  errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
67  return QStringList();
68  }
69 
70  return parent()->queryAvailableMechanisms(wantedMechanisms);
71 }
72 
73 QVariantMap SignonAuthSessionAdaptor::process(const QVariantMap &sessionDataVa,
74  const QString &mechanism)
75 {
76  TRACE() << mechanism;
77 
78  QString allowedMechanism(mechanism);
79 
80  if (parent()->id() != SIGNOND_NEW_IDENTITY) {
81  CredentialsDB *db =
83  if (db) {
84  SignonIdentityInfo identityInfo = db->credentials(parent()->id(),
85  false);
86  if (!identityInfo.checkMethodAndMechanism(parent()->method(),
87  mechanism,
88  allowedMechanism)) {
89  QString errMsg;
90  QTextStream(&errMsg) << SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_STR
91  << " Method:"
92  << parent()->method()
93  << ", mechanism:"
94  << mechanism
95  << ", allowed:"
96  << allowedMechanism;
97  errorReply(SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_NAME,
98  errMsg);
99  return QVariantMap();
100  }
101  } else {
102  BLAME() << "Null database handler object.";
103  }
104  }
105 
106  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
107  if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
108  parent()->ownerPid()) {
109  TRACE() << "process called from peer that doesn't own the AuthSession "
110  "object";
111  QString errMsg;
112  QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
113  << " Authentication session owned by other "
114  "process.";
115  errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
116  return QVariantMap();
117  }
118 
119  return parent()->process(sessionDataVa, allowedMechanism);
120 }
121 
123 {
124  TRACE();
125 
126  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
127  if (AccessControlManagerHelper::pidOfPeer(dbusContext) != parent()->ownerPid()) {
128  TRACE() << "cancel called from peer that doesn't own the AuthSession "
129  "object";
130  return;
131  }
132 
133  parent()->cancel();
134 }
135 
137 {
138  TRACE();
139 
140  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
141  if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
142  parent()->ownerPid()) {
143  TRACE() << "setId called from peer that doesn't own the AuthSession "
144  "object";
145  return;
146  }
147  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
148  dbusContext.connection(),
149  dbusContext.message(),
150  id)) {
151  TRACE() << "setId called with an identifier the peer is not allowed "
152  "to use";
153  return;
154  }
155 
156  parent()->setId(id);
157 }
158 
160 {
161  TRACE();
162 
163  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
164  if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
165  parent()->ownerPid()) {
166  TRACE() << "objectUnref called from peer that doesn't own the "
167  "AuthSession object";
168  return;
169  }
170 
171  parent()->objectUnref();
172 }
173 
174 } //namespace SignonDaemonNS
void process(const QDBusConnection &connection, const QDBusMessage &message, const QVariantMap &sessionDataVa, const QString &mechanism, const QString &cancelKey)
Definition of the CredentialsDB object.
QVariantMap process(const QVariantMap &sessionDataVa, const QString &mechanism)
#define BLAME()
Definition: debug.h:32
static AccessControlManagerHelper * instance()
bool checkMethodAndMechanism(const QString &method, const QString &mechanism, QString &allowedMechanism)
static CredentialsAccessManager * instance()
Returns CAM instance.
QStringList queryAvailableMechanisms(const QStringList &wantedMechanisms)
SignonSessionCore * parent() const
SignonIdentityInfo credentials(const quint32 id, bool queryPassword=true)
static pid_t pidOfPeer(const QDBusContext &peerContext)
Definition of the CredentialsAccessManager object.
#define TRACE()
Definition: debug.h:28
Daemon side representation of identity information.
Manages the credentials I/O.
Definition: credentialsdb.h:66
Helper class for access control-related functionality.
QStringList queryAvailableMechanisms(const QStringList &wantedMechanisms)
void cancel(const QString &cancelKey)