signon  8.58
SignonDaemonNS::AccessControlManagerHelper Class Reference

Contains helper functions related to Access Control. More...

#include <accesscontrolmanagerhelper.h>

List of all members.

Public Types

enum  IdentityOwnership { ApplicationIsOwner = 0, ApplicationIsNotOwner, IdentityDoesNotHaveOwner }
 Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity. More...

Public Member Functions

 AccessControlManagerHelper (SignOn::AbstractAccessControlManager *acManager)
 ~AccessControlManagerHelper ()
bool isPeerAllowedToUseIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
 Checks if a client process is allowed to use a specific SignonIdentity.
IdentityOwnership isPeerOwnerOfIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
 Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.
bool isPeerAllowedToUseAuthSession (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const SignonAuthSession &authSession)
 Checks if a specific process is allowed to use the SignonAuthSession functionality.
bool isPeerAllowedToUseAuthSession (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 ownerIdentityId)
 Checks if a specific process is allowed to use the SignonAuthSession functionality.
bool isPeerKeychainWidget (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
QString appIdOfPeer (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
 Looks up for the application identifier of a specific client process.
bool isPeerAllowedToAccess (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QString securityContext)
 Checks if a client process is allowed to access objects with a certain security context.
bool peerHasOneOfAccesses (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QStringList secContexts)
 Checks if a client process is allowed to access at least one object from the list with a certain security context.
SignOn::AccessReply * requestAccessToIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, quint32 id)

Static Public Member Functions

static pid_t pidOfPeer (const QDBusContext &peerContext)
static pid_t pidOfPeer (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
static AccessControlManagerHelperinstance ()

Detailed Description

Contains helper functions related to Access Control.

Definition at line 51 of file accesscontrolmanagerhelper.h.


Member Enumeration Documentation

Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity.

See also:
isPeerOwnerOfIdentity().
Enumerator:
ApplicationIsOwner 
ApplicationIsNotOwner 
IdentityDoesNotHaveOwner 

Definition at line 60 of file accesscontrolmanagerhelper.h.


Constructor & Destructor Documentation

AccessControlManagerHelper::AccessControlManagerHelper ( SignOn::AbstractAccessControlManager *  acManager)

Definition at line 49 of file accesscontrolmanagerhelper.cpp.

References BLAME.


Member Function Documentation

QString AccessControlManagerHelper::appIdOfPeer ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage 
)

Looks up for the application identifier of a specific client process.

Parameters:
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
Returns:
the application identifier of the process, or an empty string if none found.

Definition at line 137 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by SignonDaemonNS::SignonIdentity::addReference(), isPeerKeychainWidget(), SignonDaemonNS::SignonIdentity::removeReference(), and SignonDaemonNS::SignonIdentity::store().

bool AccessControlManagerHelper::isPeerAllowedToAccess ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const QString  securityContext 
)

Checks if a client process is allowed to access objects with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters:
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
securityContext,thesecurityContext to be checked against.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 163 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by peerHasOneOfAccesses().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const SignonAuthSession authSession 
) [inline]

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters:
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
authSession,theauthentication session to be used by the peer request.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 114 of file accesscontrolmanagerhelper.h.

References SignonDaemonNS::SignonAuthSession::id(), and isPeerAllowedToUseIdentity().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const quint32  ownerIdentityId 
) [inline]

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters:
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
ownerIdentityId,idof the Identity owning the authentication session.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 131 of file accesscontrolmanagerhelper.h.

References isPeerAllowedToUseIdentity().

bool AccessControlManagerHelper::isPeerAllowedToUseIdentity ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const quint32  identityId 
)

Checks if a client process is allowed to use a specific SignonIdentity.

Parameters:
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
identityId,theSignonIdentity to be used.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 67 of file accesscontrolmanagerhelper.cpp.

References SignonDaemonNS::CredentialsDB::accessControlList(), ApplicationIsOwner, SignonDaemonNS::CredentialsDB::errorOccurred(), instance(), isPeerOwnerOfIdentity(), peerHasOneOfAccesses(), and TRACE.

Referenced by SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonDaemonAdaptor::getIdentity(), and isPeerAllowedToUseAuthSession().

bool AccessControlManagerHelper::isPeerKeychainWidget ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage 
)
Parameters:
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
Returns:
true, if the peer is the Keychain Widget, false otherwise.

Definition at line 128 of file accesscontrolmanagerhelper.cpp.

References appIdOfPeer().

Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

AccessControlManagerHelper::IdentityOwnership AccessControlManagerHelper::isPeerOwnerOfIdentity ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const quint32  identityId 
)

Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.

Parameters:
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
identityId,theSignonIdentity in context.
Return values:
ApplicationIsOwner/ApplicationIsNotOwnerif the identity is/isn't the owner or IdentityDoesNotHaveOwner if the identity does not have an owner at all.

Definition at line 105 of file accesscontrolmanagerhelper.cpp.

References ApplicationIsNotOwner, ApplicationIsOwner, SignonDaemonNS::CredentialsDB::errorOccurred(), IdentityDoesNotHaveOwner, instance(), SignonDaemonNS::CredentialsDB::ownerList(), peerHasOneOfAccesses(), and TRACE.

Referenced by isPeerAllowedToUseIdentity(), SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

bool AccessControlManagerHelper::peerHasOneOfAccesses ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
const QStringList  secContexts 
)

Checks if a client process is allowed to access at least one object from the list with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters:
peerConnectionthe connection over which the message was sent.
peerMessage,therequest message sent over DBUS by the process.
secContexts,theobjects' securityContexts to be checked against.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 146 of file accesscontrolmanagerhelper.cpp.

References BLAME, isPeerAllowedToAccess(), and TRACE.

Referenced by isPeerAllowedToUseIdentity(), and isPeerOwnerOfIdentity().

pid_t AccessControlManagerHelper::pidOfPeer ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage 
) [static]

Definition at line 178 of file accesscontrolmanagerhelper.cpp.

References BLAME.

SignOn::AccessReply * AccessControlManagerHelper::requestAccessToIdentity ( const QDBusConnection &  peerConnection,
const QDBusMessage &  peerMessage,
quint32  id 
)

The documentation for this class was generated from the following files: