signon
8.58
|
00001 /* 00002 * This file is part of signon 00003 * 00004 * Copyright (C) 2009-2010 Nokia Corporation. 00005 * Copyright (C) 2011 Intel Corporation. 00006 * Copyright (C) 2013 Canonical Ltd. 00007 * 00008 * Contact: Alberto Mardegan <alberto.mardegan@canonical.com> 00009 * Contact: Jussi Laako <jussi.laako@linux.intel.com> 00010 * 00011 * This library is free software; you can redistribute it and/or 00012 * modify it under the terms of the GNU Lesser General Public License 00013 * version 2.1 as published by the Free Software Foundation. 00014 * 00015 * This library is distributed in the hope that it will be useful, but 00016 * WITHOUT ANY WARRANTY; without even the implied warranty of 00017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00018 * Lesser General Public License for more details. 00019 * 00020 * You should have received a copy of the GNU Lesser General Public 00021 * License along with this library; if not, write to the Free Software 00022 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 00023 * 02110-1301 USA 00024 */ 00025 00026 #include "signonauthsessionadaptor.h" 00027 #include "accesscontrolmanagerhelper.h" 00028 #include "credentialsaccessmanager.h" 00029 #include "credentialsdb.h" 00030 00031 namespace SignonDaemonNS { 00032 00033 SignonAuthSessionAdaptor::SignonAuthSessionAdaptor(SignonAuthSession *parent): 00034 QDBusAbstractAdaptor(parent) 00035 { 00036 setAutoRelaySignals(true); 00037 } 00038 00039 SignonAuthSessionAdaptor::~SignonAuthSessionAdaptor() 00040 { 00041 } 00042 00043 void SignonAuthSessionAdaptor::errorReply(const QString &name, 00044 const QString &message) 00045 { 00046 const QDBusContext &context = *static_cast<QDBusContext *>(parent()); 00047 QDBusMessage errReply = context.message().createErrorReply(name, message); 00048 context.connection().send(errReply); 00049 } 00050 00051 QStringList 00052 SignonAuthSessionAdaptor::queryAvailableMechanisms( 00053 const QStringList &wantedMechanisms) 00054 { 00055 TRACE(); 00056 00057 QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent()); 00058 if (AccessControlManagerHelper::pidOfPeer(dbusContext) != 00059 parent()->ownerPid()) { 00060 TRACE() << "queryAvailableMechanisms called from peer that doesn't " 00061 "own the AuthSession object\n"; 00062 QString errMsg; 00063 QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR 00064 << " Authentication session owned by other " 00065 "process."; 00066 errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg); 00067 return QStringList(); 00068 } 00069 00070 return parent()->queryAvailableMechanisms(wantedMechanisms); 00071 } 00072 00073 QVariantMap SignonAuthSessionAdaptor::process(const QVariantMap &sessionDataVa, 00074 const QString &mechanism) 00075 { 00076 TRACE() << mechanism; 00077 00078 QString allowedMechanism(mechanism); 00079 00080 if (parent()->id() != SIGNOND_NEW_IDENTITY) { 00081 CredentialsDB *db = 00082 CredentialsAccessManager::instance()->credentialsDB(); 00083 if (db) { 00084 SignonIdentityInfo identityInfo = db->credentials(parent()->id(), 00085 false); 00086 if (!identityInfo.checkMethodAndMechanism(parent()->method(), 00087 mechanism, 00088 allowedMechanism)) { 00089 QString errMsg; 00090 QTextStream(&errMsg) << SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_STR 00091 << " Method:" 00092 << parent()->method() 00093 << ", mechanism:" 00094 << mechanism 00095 << ", allowed:" 00096 << allowedMechanism; 00097 errorReply(SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_NAME, 00098 errMsg); 00099 return QVariantMap(); 00100 } 00101 } else { 00102 BLAME() << "Null database handler object."; 00103 } 00104 } 00105 00106 QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent()); 00107 if (AccessControlManagerHelper::pidOfPeer(dbusContext) != 00108 parent()->ownerPid()) { 00109 TRACE() << "process called from peer that doesn't own the AuthSession " 00110 "object"; 00111 QString errMsg; 00112 QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR 00113 << " Authentication session owned by other " 00114 "process."; 00115 errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg); 00116 return QVariantMap(); 00117 } 00118 00119 return parent()->process(sessionDataVa, allowedMechanism); 00120 } 00121 00122 void SignonAuthSessionAdaptor::cancel() 00123 { 00124 TRACE(); 00125 00126 QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent()); 00127 if (AccessControlManagerHelper::pidOfPeer(dbusContext) != parent()->ownerPid()) { 00128 TRACE() << "cancel called from peer that doesn't own the AuthSession " 00129 "object"; 00130 return; 00131 } 00132 00133 parent()->cancel(); 00134 } 00135 00136 void SignonAuthSessionAdaptor::setId(quint32 id) 00137 { 00138 TRACE(); 00139 00140 QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent()); 00141 if (AccessControlManagerHelper::pidOfPeer(dbusContext) != 00142 parent()->ownerPid()) { 00143 TRACE() << "setId called from peer that doesn't own the AuthSession " 00144 "object"; 00145 return; 00146 } 00147 if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity( 00148 dbusContext.connection(), 00149 dbusContext.message(), 00150 id)) { 00151 TRACE() << "setId called with an identifier the peer is not allowed " 00152 "to use"; 00153 return; 00154 } 00155 00156 parent()->setId(id); 00157 } 00158 00159 void SignonAuthSessionAdaptor::objectUnref() 00160 { 00161 TRACE(); 00162 00163 QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent()); 00164 if (AccessControlManagerHelper::pidOfPeer(dbusContext) != 00165 parent()->ownerPid()) { 00166 TRACE() << "objectUnref called from peer that doesn't own the " 00167 "AuthSession object"; 00168 return; 00169 } 00170 00171 parent()->objectUnref(); 00172 } 00173 00174 } //namespace SignonDaemonNS