signon  8.58
signonauthsessionadaptor.cpp
Go to the documentation of this file.
00001 /*
00002  * This file is part of signon
00003  *
00004  * Copyright (C) 2009-2010 Nokia Corporation.
00005  * Copyright (C) 2011 Intel Corporation.
00006  * Copyright (C) 2013 Canonical Ltd.
00007  *
00008  * Contact: Alberto Mardegan <alberto.mardegan@canonical.com>
00009  * Contact: Jussi Laako <jussi.laako@linux.intel.com>
00010  *
00011  * This library is free software; you can redistribute it and/or
00012  * modify it under the terms of the GNU Lesser General Public License
00013  * version 2.1 as published by the Free Software Foundation.
00014  *
00015  * This library is distributed in the hope that it will be useful, but
00016  * WITHOUT ANY WARRANTY; without even the implied warranty of
00017  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00018  * Lesser General Public License for more details.
00019  *
00020  * You should have received a copy of the GNU Lesser General Public
00021  * License along with this library; if not, write to the Free Software
00022  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
00023  * 02110-1301 USA
00024  */
00025 
00026 #include "signonauthsessionadaptor.h"
00027 #include "accesscontrolmanagerhelper.h"
00028 #include "credentialsaccessmanager.h"
00029 #include "credentialsdb.h"
00030 
00031 namespace SignonDaemonNS {
00032 
00033 SignonAuthSessionAdaptor::SignonAuthSessionAdaptor(SignonAuthSession *parent):
00034     QDBusAbstractAdaptor(parent)
00035 {
00036     setAutoRelaySignals(true);
00037 }
00038 
00039 SignonAuthSessionAdaptor::~SignonAuthSessionAdaptor()
00040 {
00041 }
00042 
00043 void SignonAuthSessionAdaptor::errorReply(const QString &name,
00044                                           const QString &message)
00045 {
00046     const QDBusContext &context = *static_cast<QDBusContext *>(parent());
00047     QDBusMessage errReply = context.message().createErrorReply(name, message);
00048     context.connection().send(errReply);
00049 }
00050 
00051 QStringList
00052 SignonAuthSessionAdaptor::queryAvailableMechanisms(
00053                                            const QStringList &wantedMechanisms)
00054 {
00055     TRACE();
00056 
00057     QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
00058     if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
00059         parent()->ownerPid()) {
00060         TRACE() << "queryAvailableMechanisms called from peer that doesn't "
00061             "own the AuthSession object\n";
00062         QString errMsg;
00063         QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
00064                              << " Authentication session owned by other "
00065                              "process.";
00066         errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
00067         return QStringList();
00068     }
00069 
00070     return parent()->queryAvailableMechanisms(wantedMechanisms);
00071 }
00072 
00073 QVariantMap SignonAuthSessionAdaptor::process(const QVariantMap &sessionDataVa,
00074                                               const QString &mechanism)
00075 {
00076     TRACE() << mechanism;
00077 
00078     QString allowedMechanism(mechanism);
00079 
00080     if (parent()->id() != SIGNOND_NEW_IDENTITY) {
00081         CredentialsDB *db =
00082             CredentialsAccessManager::instance()->credentialsDB();
00083         if (db) {
00084             SignonIdentityInfo identityInfo = db->credentials(parent()->id(),
00085                                                               false);
00086             if (!identityInfo.checkMethodAndMechanism(parent()->method(),
00087                                                       mechanism,
00088                                                       allowedMechanism)) {
00089                 QString errMsg;
00090                 QTextStream(&errMsg) << SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_STR
00091                                      << " Method:"
00092                                      << parent()->method()
00093                                      << ", mechanism:"
00094                                      << mechanism
00095                                      << ", allowed:"
00096                                      << allowedMechanism;
00097                 errorReply(SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_NAME,
00098                            errMsg);
00099                 return QVariantMap();
00100             }
00101         } else {
00102             BLAME() << "Null database handler object.";
00103         }
00104     }
00105 
00106     QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
00107     if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
00108         parent()->ownerPid()) {
00109         TRACE() << "process called from peer that doesn't own the AuthSession "
00110             "object";
00111         QString errMsg;
00112         QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
00113                              << " Authentication session owned by other "
00114                              "process.";
00115         errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
00116         return QVariantMap();
00117     }
00118 
00119     return parent()->process(sessionDataVa, allowedMechanism);
00120 }
00121 
00122 void SignonAuthSessionAdaptor::cancel()
00123 {
00124     TRACE();
00125 
00126     QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
00127     if (AccessControlManagerHelper::pidOfPeer(dbusContext) != parent()->ownerPid()) {
00128         TRACE() << "cancel called from peer that doesn't own the AuthSession "
00129             "object";
00130         return;
00131     }
00132 
00133     parent()->cancel();
00134 }
00135 
00136 void SignonAuthSessionAdaptor::setId(quint32 id)
00137 {
00138     TRACE();
00139 
00140     QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
00141     if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
00142         parent()->ownerPid()) {
00143         TRACE() << "setId called from peer that doesn't own the AuthSession "
00144             "object";
00145         return;
00146     }
00147     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00148                                     dbusContext.connection(),
00149                                     dbusContext.message(),
00150                                     id)) {
00151         TRACE() << "setId called with an identifier the peer is not allowed "
00152             "to use";
00153         return;
00154     }
00155 
00156     parent()->setId(id);
00157 }
00158 
00159 void SignonAuthSessionAdaptor::objectUnref()
00160 {
00161     TRACE();
00162 
00163     QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
00164     if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
00165         parent()->ownerPid()) {
00166         TRACE() << "objectUnref called from peer that doesn't own the "
00167             "AuthSession object";
00168         return;
00169     }
00170 
00171     parent()->objectUnref();
00172 }
00173 
00174 } //namespace SignonDaemonNS