signon  8.58
signonidentityadaptor.cpp
Go to the documentation of this file.
00001 /*
00002  * This file is part of signon
00003  *
00004  * Copyright (C) 2009-2010 Nokia Corporation.
00005  * Copyright (C) 2011 Intel Corporation.
00006  * Copyright (C) 2013 Canonical Ltd.
00007  *
00008  * Contact: Aurel Popirtac <ext-aurel.popirtac@nokia.com>
00009  * Contact: Alberto Mardegan <alberto.mardegan@canonical.com>
00010  * Contact: Jussi Laako <jussi.laako@linux.intel.com>
00011  *
00012  * This library is free software; you can redistribute it and/or
00013  * modify it under the terms of the GNU Lesser General Public License
00014  * version 2.1 as published by the Free Software Foundation.
00015  *
00016  * This library is distributed in the hope that it will be useful, but
00017  * WITHOUT ANY WARRANTY; without even the implied warranty of
00018  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00019  * Lesser General Public License for more details.
00020  *
00021  * You should have received a copy of the GNU Lesser General Public
00022  * License along with this library; if not, write to the Free Software
00023  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
00024  * 02110-1301 USA
00025  */
00026 
00027 #include "signonidentityadaptor.h"
00028 
00029 #include "signonidentity.h"
00030 #include "accesscontrolmanagerhelper.h"
00031 
00032 namespace SignonDaemonNS {
00033 
00034 SignonIdentityAdaptor::SignonIdentityAdaptor(SignonIdentity *parent):
00035     QDBusAbstractAdaptor(parent),
00036     m_parent(parent)
00037 {
00038     setAutoRelaySignals(true);
00039 }
00040 
00041 SignonIdentityAdaptor::~SignonIdentityAdaptor()
00042 {
00043 }
00044 
00045 void SignonIdentityAdaptor::securityErrorReply(const char *failedMethodName)
00046 {
00047     QString errMsg;
00048     QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
00049                          << "Method:"
00050                          << failedMethodName;
00051 
00052     errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
00053     TRACE() << "Method FAILED Access Control check:" << failedMethodName;
00054 }
00055 
00056 void SignonIdentityAdaptor::errorReply(const QString &name,
00057                                        const QString &message)
00058 {
00059     QDBusMessage msg = parentDBusContext().message();
00060     msg.setDelayedReply(true);
00061     QDBusMessage errReply = msg.createErrorReply(name, message);
00062     parentDBusContext().connection().send(errReply);
00063 }
00064 
00065 quint32 SignonIdentityAdaptor::requestCredentialsUpdate(const QString &msg)
00066 {
00067     /* Access Control */
00068     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00069                                     parentDBusContext().connection(),
00070                                     parentDBusContext().message(),
00071                                     m_parent->id())) {
00072         securityErrorReply(__func__);
00073         return 0;
00074     }
00075 
00076     return m_parent->requestCredentialsUpdate(msg);
00077 }
00078 
00079 QVariantMap SignonIdentityAdaptor::getInfo()
00080 {
00081     /* Access Control */
00082     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00083                                     parentDBusContext().connection(),
00084                                     parentDBusContext().message(),
00085                                     m_parent->id())) {
00086         securityErrorReply(__func__);
00087         return QVariantMap();
00088     }
00089 
00090     return m_parent->getInfo();
00091 }
00092 
00093 void SignonIdentityAdaptor::addReference(const QString &reference)
00094 {
00095     /* Access Control */
00096     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00097                                     parentDBusContext().connection(),
00098                                     parentDBusContext().message(),
00099                                     m_parent->id())) {
00100         securityErrorReply(__func__);
00101         return;
00102     }
00103 
00104     if (!m_parent->addReference(reference)) {
00105         /* TODO: add a lastError() method to SignonIdentity */
00106         errorReply(SIGNOND_OPERATION_FAILED_ERR_NAME,
00107                    SIGNOND_OPERATION_FAILED_ERR_STR);
00108     }
00109 }
00110 
00111 void SignonIdentityAdaptor::removeReference(const QString &reference)
00112 {
00113     /* Access Control */
00114     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00115                                     parentDBusContext().connection(),
00116                                     parentDBusContext().message(),
00117                                     m_parent->id())) {
00118         securityErrorReply(__func__);
00119         return;
00120     }
00121 
00122     if (!m_parent->removeReference(reference)) {
00123         /* TODO: add a lastError() method to SignonIdentity */
00124         errorReply(SIGNOND_OPERATION_FAILED_ERR_NAME,
00125                    SIGNOND_OPERATION_FAILED_ERR_STR);
00126     }
00127 }
00128 
00129 
00130 bool SignonIdentityAdaptor::verifyUser(const QVariantMap &params)
00131 {
00132     /* Access Control */
00133     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00134                                     parentDBusContext().connection(),
00135                                     parentDBusContext().message(),
00136                                     m_parent->id())) {
00137         securityErrorReply(__func__);
00138         return false;
00139     }
00140 
00141     return m_parent->verifyUser(params);
00142 }
00143 
00144 bool SignonIdentityAdaptor::verifySecret(const QString &secret)
00145 {
00146     /* Access Control */
00147     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00148                                     parentDBusContext().connection(),
00149                                     parentDBusContext().message(),
00150                                     m_parent->id())) {
00151         securityErrorReply(__func__);
00152         return false;
00153     }
00154 
00155     return m_parent->verifySecret(secret);
00156 }
00157 
00158 void SignonIdentityAdaptor::remove()
00159 {
00160     /* Access Control */
00161     AccessControlManagerHelper::IdentityOwnership ownership =
00162             AccessControlManagerHelper::instance()->isPeerOwnerOfIdentity(
00163                                     parentDBusContext().connection(),
00164                                     parentDBusContext().message(),
00165                                     m_parent->id());
00166 
00167     if (ownership != AccessControlManagerHelper::IdentityDoesNotHaveOwner) {
00168         //Identity has an owner
00169         if (ownership == AccessControlManagerHelper::ApplicationIsNotOwner &&
00170             !AccessControlManagerHelper::instance()->isPeerKeychainWidget(
00171                                     parentDBusContext().connection(),
00172                                     parentDBusContext().message())) {
00173             securityErrorReply(__func__);
00174             return;
00175         }
00176     }
00177 
00178     m_parent->remove();
00179 }
00180 
00181 bool SignonIdentityAdaptor::signOut()
00182 {
00183     /* Access Control */
00184     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00185                                     parentDBusContext().connection(),
00186                                     parentDBusContext().message(),
00187                                     m_parent->id())) {
00188         securityErrorReply(__func__);
00189         return false;
00190     }
00191 
00192     return m_parent->signOut();
00193 }
00194 
00195 quint32 SignonIdentityAdaptor::store(const QVariantMap &info)
00196 {
00197     quint32 id = info.value(QLatin1String("Id"), SIGNOND_NEW_IDENTITY).toInt();
00198     /* Access Control */
00199     if (id != SIGNOND_NEW_IDENTITY) {
00200     AccessControlManagerHelper::IdentityOwnership ownership =
00201             AccessControlManagerHelper::instance()->isPeerOwnerOfIdentity(
00202                                     parentDBusContext().connection(),
00203                                     parentDBusContext().message(),
00204                                     m_parent->id());
00205 
00206         if (ownership != AccessControlManagerHelper::IdentityDoesNotHaveOwner) {
00207             //Identity has an owner
00208             if (ownership == AccessControlManagerHelper::ApplicationIsNotOwner &&
00209                 !AccessControlManagerHelper::instance()->isPeerKeychainWidget(
00210                                     parentDBusContext().connection(),
00211                                     parentDBusContext().message())) {
00212 
00213                 securityErrorReply(__func__);
00214                 return 0;
00215             }
00216         }
00217     }
00218     return m_parent->store(info);
00219 }
00220 
00221 } //namespace SignonDaemonNS