signon
8.58
|
Contains helper functions related to Access Control. More...
#include <accesscontrolmanagerhelper.h>
Public Types | |
enum | IdentityOwnership { ApplicationIsOwner = 0, ApplicationIsNotOwner, IdentityDoesNotHaveOwner } |
Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity. More... | |
Public Member Functions | |
AccessControlManagerHelper (SignOn::AbstractAccessControlManager *acManager) | |
~AccessControlManagerHelper () | |
bool | isPeerAllowedToUseIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId) |
Checks if a client process is allowed to use a specific SignonIdentity. More... | |
IdentityOwnership | isPeerOwnerOfIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId) |
Checks if a specific process is the owner of a SignonIdentity, thus having full control over it. More... | |
bool | isPeerAllowedToUseAuthSession (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const SignonAuthSession &authSession) |
Checks if a specific process is allowed to use the SignonAuthSession functionality. More... | |
bool | isPeerAllowedToUseAuthSession (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 ownerIdentityId) |
Checks if a specific process is allowed to use the SignonAuthSession functionality. More... | |
bool | isPeerKeychainWidget (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage) |
QString | appIdOfPeer (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage) |
Looks up for the application identifier of a specific client process. More... | |
bool | isPeerAllowedToAccess (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QString securityContext) |
Checks if a client process is allowed to access objects with a certain security context. More... | |
bool | peerHasOneOfAccesses (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QStringList secContexts) |
Checks if a client process is allowed to access at least one object from the list with a certain security context. More... | |
SignOn::AccessReply * | requestAccessToIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, quint32 id) |
Static Public Member Functions | |
static pid_t | pidOfPeer (const QDBusContext &peerContext) |
static pid_t | pidOfPeer (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage) |
static AccessControlManagerHelper * | instance () |
Contains helper functions related to Access Control.
Definition at line 51 of file accesscontrolmanagerhelper.h.
Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity.
Enumerator | |
---|---|
ApplicationIsOwner | |
ApplicationIsNotOwner | |
IdentityDoesNotHaveOwner |
Definition at line 60 of file accesscontrolmanagerhelper.h.
AccessControlManagerHelper::AccessControlManagerHelper | ( | SignOn::AbstractAccessControlManager * | acManager | ) |
Definition at line 49 of file accesscontrolmanagerhelper.cpp.
References BLAME.
AccessControlManagerHelper::~AccessControlManagerHelper | ( | ) |
Definition at line 60 of file accesscontrolmanagerhelper.cpp.
QString AccessControlManagerHelper::appIdOfPeer | ( | const QDBusConnection & | peerConnection, |
const QDBusMessage & | peerMessage | ||
) |
Looks up for the application identifier of a specific client process.
peerConnection | the connection over which the message was sent. |
peerMessage,the | request message sent over DBUS by the process. |
Definition at line 137 of file accesscontrolmanagerhelper.cpp.
References TRACE.
Referenced by SignonDaemonNS::SignonIdentity::addReference(), isPeerAllowedToUseAuthSession(), isPeerKeychainWidget(), SignonDaemonNS::SignonIdentity::removeReference(), SignonDaemonNS::SignonSessionCore::setId(), and SignonDaemonNS::SignonIdentity::store().
|
static |
Definition at line 44 of file accesscontrolmanagerhelper.cpp.
Referenced by SignonDaemonNS::SignonIdentityAdaptor::addReference(), SignonDaemonNS::SignonIdentity::addReference(), SignonDaemonNS::SignonDaemonAdaptor::clear(), SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonDaemonAdaptor::getIdentity(), SignonDaemonNS::SignonIdentityAdaptor::getInfo(), SignonDaemonNS::SignonDaemonAdaptor::queryIdentities(), SignonDaemonNS::SignonIdentityAdaptor::remove(), SignonDaemonNS::SignonIdentityAdaptor::removeReference(), SignonDaemonNS::SignonIdentity::removeReference(), SignonDaemonNS::SignonIdentityAdaptor::requestCredentialsUpdate(), SignonDaemonNS::SignonAuthSessionAdaptor::setId(), SignonDaemonNS::SignonSessionCore::setId(), SignonDaemonNS::SignonIdentityAdaptor::signOut(), SignonDaemonNS::SignonIdentityAdaptor::store(), SignonDaemonNS::SignonIdentity::store(), SignonDaemonNS::SignonIdentityAdaptor::verifySecret(), and SignonDaemonNS::SignonIdentityAdaptor::verifyUser().
bool AccessControlManagerHelper::isPeerAllowedToAccess | ( | const QDBusConnection & | peerConnection, |
const QDBusMessage & | peerMessage, | ||
const QString | securityContext | ||
) |
Checks if a client process is allowed to access objects with a certain security context.
The access type to be checked depends on the concrete implementation of this function.
peerConnection | the connection over which the message was sent. |
peerMessage,the | request message sent over DBUS by the process. |
securityContext,the | securityContext to be checked against. |
Definition at line 163 of file accesscontrolmanagerhelper.cpp.
References TRACE.
Referenced by isPeerAllowedToUseAuthSession(), and peerHasOneOfAccesses().
|
inline |
Checks if a specific process is allowed to use the SignonAuthSession functionality.
peerConnection | the connection over which the message was sent. |
peerMessage,the | request message sent over DBUS by the process. |
authSession,the | authentication session to be used by the peer request. |
Definition at line 114 of file accesscontrolmanagerhelper.h.
References SignonDaemonNS::SignonAuthSession::id(), and isPeerAllowedToUseIdentity().
|
inline |
Checks if a specific process is allowed to use the SignonAuthSession functionality.
peerConnection | the connection over which the message was sent. |
peerMessage,the | request message sent over DBUS by the process. |
ownerIdentityId,id | of the Identity owning the authentication session. |
Definition at line 131 of file accesscontrolmanagerhelper.h.
References appIdOfPeer(), isPeerAllowedToAccess(), isPeerAllowedToUseIdentity(), isPeerKeychainWidget(), peerHasOneOfAccesses(), and requestAccessToIdentity().
bool AccessControlManagerHelper::isPeerAllowedToUseIdentity | ( | const QDBusConnection & | peerConnection, |
const QDBusMessage & | peerMessage, | ||
const quint32 | identityId | ||
) |
Checks if a client process is allowed to use a specific SignonIdentity.
peerConnection | the connection over which the message was sent. |
peerMessage,the | request message sent over DBUS by the process. |
identityId,the | SignonIdentity to be used. |
Definition at line 67 of file accesscontrolmanagerhelper.cpp.
References SignonDaemonNS::CredentialsDB::accessControlList(), ApplicationIsOwner, SignonDaemonNS::CredentialsAccessManager::credentialsDB(), SignonDaemonNS::CredentialsDB::errorOccurred(), SignonDaemonNS::CredentialsAccessManager::instance(), isPeerOwnerOfIdentity(), peerHasOneOfAccesses(), and TRACE.
Referenced by SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonDaemonAdaptor::getIdentity(), and isPeerAllowedToUseAuthSession().
bool AccessControlManagerHelper::isPeerKeychainWidget | ( | const QDBusConnection & | peerConnection, |
const QDBusMessage & | peerMessage | ||
) |
peerConnection | the connection over which the message was sent. |
peerMessage,the | request message sent over DBUS by the process. |
Definition at line 128 of file accesscontrolmanagerhelper.cpp.
References appIdOfPeer().
Referenced by isPeerAllowedToUseAuthSession(), SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().
AccessControlManagerHelper::IdentityOwnership AccessControlManagerHelper::isPeerOwnerOfIdentity | ( | const QDBusConnection & | peerConnection, |
const QDBusMessage & | peerMessage, | ||
const quint32 | identityId | ||
) |
Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.
peerConnection | the connection over which the message was sent. |
peerMessage,the | request message sent over DBUS by the process. |
identityId,the | SignonIdentity in context. |
ApplicationIsOwner/ApplicationIsNotOwner | if the identity is/isn't the owner or IdentityDoesNotHaveOwner if the identity does not have an owner at all. |
Definition at line 105 of file accesscontrolmanagerhelper.cpp.
References ApplicationIsNotOwner, ApplicationIsOwner, SignonDaemonNS::CredentialsAccessManager::credentialsDB(), SignonDaemonNS::CredentialsDB::errorOccurred(), IdentityDoesNotHaveOwner, SignonDaemonNS::CredentialsAccessManager::instance(), SignonDaemonNS::CredentialsDB::ownerList(), peerHasOneOfAccesses(), and TRACE.
Referenced by isPeerAllowedToUseIdentity(), SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().
bool AccessControlManagerHelper::peerHasOneOfAccesses | ( | const QDBusConnection & | peerConnection, |
const QDBusMessage & | peerMessage, | ||
const QStringList | secContexts | ||
) |
Checks if a client process is allowed to access at least one object from the list with a certain security context.
The access type to be checked depends on the concrete implementation of this function.
peerConnection | the connection over which the message was sent. |
peerMessage,the | request message sent over DBUS by the process. |
secContexts,the | objects' securityContexts to be checked against. |
Definition at line 146 of file accesscontrolmanagerhelper.cpp.
References BLAME, isPeerAllowedToAccess(), and TRACE.
Referenced by isPeerAllowedToUseAuthSession(), isPeerAllowedToUseIdentity(), and isPeerOwnerOfIdentity().
|
static |
peerContext,the | context, which process id we want to know |
Definition at line 173 of file accesscontrolmanagerhelper.cpp.
Referenced by SignonDaemonNS::SignonAuthSessionAdaptor::cancel(), SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonAuthSessionAdaptor::objectUnref(), SignonDaemonNS::SignonAuthSessionAdaptor::process(), SignonDaemonNS::SignonAuthSessionAdaptor::queryAvailableMechanisms(), SignonDaemonNS::SignonAuthSessionAdaptor::setId(), and SignonDaemonNS::SignonSessionCore::setId().
|
static |
Definition at line 178 of file accesscontrolmanagerhelper.cpp.
References BLAME.
SignOn::AccessReply * AccessControlManagerHelper::requestAccessToIdentity | ( | const QDBusConnection & | peerConnection, |
const QDBusMessage & | peerMessage, | ||
quint32 | id | ||
) |
Definition at line 205 of file accesscontrolmanagerhelper.cpp.
Referenced by SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonDaemonAdaptor::getIdentity(), and isPeerAllowedToUseAuthSession().