signon
8.58
|
00001 /* 00002 * This file is part of signon 00003 * 00004 * Copyright (C) 2009-2010 Nokia Corporation. 00005 * Copyright (C) 2011 Intel Corporation. 00006 * Copyright (C) 2013 Canonical Ltd. 00007 * 00008 * Contact: Aurel Popirtac <ext-aurel.popirtac@nokia.com> 00009 * Contact: Alberto Mardegan <alberto.mardegan@canonical.com> 00010 * Contact: Jussi Laako <jussi.laako@linux.intel.com> 00011 * 00012 * This library is free software; you can redistribute it and/or 00013 * modify it under the terms of the GNU Lesser General Public License 00014 * version 2.1 as published by the Free Software Foundation. 00015 * 00016 * This library is distributed in the hope that it will be useful, but 00017 * WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00019 * Lesser General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU Lesser General Public 00022 * License along with this library; if not, write to the Free Software 00023 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 00024 * 02110-1301 USA 00025 */ 00026 00027 #include "signonidentityadaptor.h" 00028 00029 #include "signonidentity.h" 00030 #include "accesscontrolmanagerhelper.h" 00031 00032 namespace SignonDaemonNS { 00033 00034 SignonIdentityAdaptor::SignonIdentityAdaptor(SignonIdentity *parent): 00035 QDBusAbstractAdaptor(parent), 00036 m_parent(parent) 00037 { 00038 setAutoRelaySignals(true); 00039 } 00040 00041 SignonIdentityAdaptor::~SignonIdentityAdaptor() 00042 { 00043 } 00044 00045 void SignonIdentityAdaptor::securityErrorReply(const char *failedMethodName) 00046 { 00047 QString errMsg; 00048 QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR 00049 << "Method:" 00050 << failedMethodName; 00051 00052 errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg); 00053 TRACE() << "Method FAILED Access Control check:" << failedMethodName; 00054 } 00055 00056 void SignonIdentityAdaptor::errorReply(const QString &name, 00057 const QString &message) 00058 { 00059 QDBusMessage msg = parentDBusContext().message(); 00060 msg.setDelayedReply(true); 00061 QDBusMessage errReply = msg.createErrorReply(name, message); 00062 parentDBusContext().connection().send(errReply); 00063 } 00064 00065 quint32 SignonIdentityAdaptor::requestCredentialsUpdate(const QString &msg) 00066 { 00067 /* Access Control */ 00068 if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity( 00069 parentDBusContext().connection(), 00070 parentDBusContext().message(), 00071 m_parent->id())) { 00072 securityErrorReply(__func__); 00073 return 0; 00074 } 00075 00076 return m_parent->requestCredentialsUpdate(msg); 00077 } 00078 00079 QVariantMap SignonIdentityAdaptor::getInfo() 00080 { 00081 /* Access Control */ 00082 if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity( 00083 parentDBusContext().connection(), 00084 parentDBusContext().message(), 00085 m_parent->id())) { 00086 securityErrorReply(__func__); 00087 return QVariantMap(); 00088 } 00089 00090 return m_parent->getInfo(); 00091 } 00092 00093 void SignonIdentityAdaptor::addReference(const QString &reference) 00094 { 00095 /* Access Control */ 00096 if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity( 00097 parentDBusContext().connection(), 00098 parentDBusContext().message(), 00099 m_parent->id())) { 00100 securityErrorReply(__func__); 00101 return; 00102 } 00103 00104 if (!m_parent->addReference(reference)) { 00105 /* TODO: add a lastError() method to SignonIdentity */ 00106 errorReply(SIGNOND_OPERATION_FAILED_ERR_NAME, 00107 SIGNOND_OPERATION_FAILED_ERR_STR); 00108 } 00109 } 00110 00111 void SignonIdentityAdaptor::removeReference(const QString &reference) 00112 { 00113 /* Access Control */ 00114 if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity( 00115 parentDBusContext().connection(), 00116 parentDBusContext().message(), 00117 m_parent->id())) { 00118 securityErrorReply(__func__); 00119 return; 00120 } 00121 00122 if (!m_parent->removeReference(reference)) { 00123 /* TODO: add a lastError() method to SignonIdentity */ 00124 errorReply(SIGNOND_OPERATION_FAILED_ERR_NAME, 00125 SIGNOND_OPERATION_FAILED_ERR_STR); 00126 } 00127 } 00128 00129 00130 bool SignonIdentityAdaptor::verifyUser(const QVariantMap ¶ms) 00131 { 00132 /* Access Control */ 00133 if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity( 00134 parentDBusContext().connection(), 00135 parentDBusContext().message(), 00136 m_parent->id())) { 00137 securityErrorReply(__func__); 00138 return false; 00139 } 00140 00141 return m_parent->verifyUser(params); 00142 } 00143 00144 bool SignonIdentityAdaptor::verifySecret(const QString &secret) 00145 { 00146 /* Access Control */ 00147 if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity( 00148 parentDBusContext().connection(), 00149 parentDBusContext().message(), 00150 m_parent->id())) { 00151 securityErrorReply(__func__); 00152 return false; 00153 } 00154 00155 return m_parent->verifySecret(secret); 00156 } 00157 00158 void SignonIdentityAdaptor::remove() 00159 { 00160 /* Access Control */ 00161 AccessControlManagerHelper::IdentityOwnership ownership = 00162 AccessControlManagerHelper::instance()->isPeerOwnerOfIdentity( 00163 parentDBusContext().connection(), 00164 parentDBusContext().message(), 00165 m_parent->id()); 00166 00167 if (ownership != AccessControlManagerHelper::IdentityDoesNotHaveOwner) { 00168 //Identity has an owner 00169 if (ownership == AccessControlManagerHelper::ApplicationIsNotOwner && 00170 !AccessControlManagerHelper::instance()->isPeerKeychainWidget( 00171 parentDBusContext().connection(), 00172 parentDBusContext().message())) { 00173 securityErrorReply(__func__); 00174 return; 00175 } 00176 } 00177 00178 m_parent->remove(); 00179 } 00180 00181 bool SignonIdentityAdaptor::signOut() 00182 { 00183 /* Access Control */ 00184 if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity( 00185 parentDBusContext().connection(), 00186 parentDBusContext().message(), 00187 m_parent->id())) { 00188 securityErrorReply(__func__); 00189 return false; 00190 } 00191 00192 return m_parent->signOut(); 00193 } 00194 00195 quint32 SignonIdentityAdaptor::store(const QVariantMap &info) 00196 { 00197 quint32 id = info.value(QLatin1String("Id"), SIGNOND_NEW_IDENTITY).toInt(); 00198 /* Access Control */ 00199 if (id != SIGNOND_NEW_IDENTITY) { 00200 AccessControlManagerHelper::IdentityOwnership ownership = 00201 AccessControlManagerHelper::instance()->isPeerOwnerOfIdentity( 00202 parentDBusContext().connection(), 00203 parentDBusContext().message(), 00204 m_parent->id()); 00205 00206 if (ownership != AccessControlManagerHelper::IdentityDoesNotHaveOwner) { 00207 //Identity has an owner 00208 if (ownership == AccessControlManagerHelper::ApplicationIsNotOwner && 00209 !AccessControlManagerHelper::instance()->isPeerKeychainWidget( 00210 parentDBusContext().connection(), 00211 parentDBusContext().message())) { 00212 00213 securityErrorReply(__func__); 00214 return 0; 00215 } 00216 } 00217 } 00218 return m_parent->store(info); 00219 } 00220 00221 } //namespace SignonDaemonNS