Contains helper functions related to Access Control. More...

#include <accesscontrolmanagerhelper.h>

Public Types
enum	IdentityOwnership { ApplicationIsOwner = 0, ApplicationIsNotOwner, IdentityDoesNotHaveOwner }
	Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity. More...

Public Member Functions
	AccessControlManagerHelper (SignOn::AbstractAccessControlManager *acManager)

	~AccessControlManagerHelper ()

bool	isPeerAllowedToUseIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
	Checks if a client process is allowed to use a specific SignonIdentity. More...

IdentityOwnership	isPeerOwnerOfIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 identityId)
	Checks if a specific process is the owner of a SignonIdentity, thus having full control over it. More...

bool	isPeerAllowedToUseAuthSession (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const SignonAuthSession &authSession)
	Checks if a specific process is allowed to use the SignonAuthSession functionality. More...

bool	isPeerAllowedToUseAuthSession (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const quint32 ownerIdentityId)
	Checks if a specific process is allowed to use the SignonAuthSession functionality. More...

bool	isPeerKeychainWidget (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)

QString	appIdOfPeer (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)
	Looks up for the application identifier of a specific client process. More...

bool	isPeerAllowedToAccess (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QString securityContext)
	Checks if a client process is allowed to access objects with a certain security context. More...

bool	peerHasOneOfAccesses (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, const QStringList secContexts)
	Checks if a client process is allowed to access at least one object from the list with a certain security context. More...

SignOn::AccessReply *	requestAccessToIdentity (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage, quint32 id)

Static Public Member Functions
static pid_t	pidOfPeer (const QDBusContext &peerContext)

static pid_t	pidOfPeer (const QDBusConnection &peerConnection, const QDBusMessage &peerMessage)

static AccessControlManagerHelper *	instance ()

Detailed Description

Contains helper functions related to Access Control.

Definition at line 51 of file accesscontrolmanagerhelper.h.

Member Enumeration Documentation

enum SignonDaemonNS::AccessControlManagerHelper::IdentityOwnership

Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity.

See also: isPeerOwnerOfIdentity().

Enumerator
ApplicationIsOwner
ApplicationIsNotOwner
IdentityDoesNotHaveOwner

Definition at line 60 of file accesscontrolmanagerhelper.h.

Constructor & Destructor Documentation

AccessControlManagerHelper::AccessControlManagerHelper ( SignOn::AbstractAccessControlManager * acManager )

Definition at line 49 of file accesscontrolmanagerhelper.cpp.

References BLAME.

AccessControlManagerHelper::~AccessControlManagerHelper ( )

Definition at line 60 of file accesscontrolmanagerhelper.cpp.

Member Function Documentation

QString AccessControlManagerHelper::appIdOfPeer	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage
	)

Looks up for the application identifier of a specific client process.

Parameters

peerConnection	the connection over which the message was sent.
peerMessage,the	request message sent over DBUS by the process.

Returns: the application identifier of the process, or an empty string if none found.

Definition at line 137 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by SignonDaemonNS::SignonIdentity::addReference(), isPeerKeychainWidget(), SignonDaemonNS::SignonIdentity::removeReference(), and SignonDaemonNS::SignonIdentity::store().

AccessControlManagerHelper * AccessControlManagerHelper::instance ( )

static

Definition at line 44 of file accesscontrolmanagerhelper.cpp.

bool AccessControlManagerHelper::isPeerAllowedToAccess	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage,
		const QString	securityContext
	)

Checks if a client process is allowed to access objects with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters

peerConnection	the connection over which the message was sent.
peerMessage,the	request message sent over DBUS by the process.
securityContext,the	securityContext to be checked against.

Returns: true, if the peer is allowed, false otherwise.

Definition at line 163 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by peerHasOneOfAccesses().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage,
		const SignonAuthSession &	authSession
	)

inline

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters

peerConnection	the connection over which the message was sent.
peerMessage,the	request message sent over DBUS by the process.
authSession,the	authentication session to be used by the peer request.

Returns: true, if the peer is allowed, false otherwise.

Definition at line 114 of file accesscontrolmanagerhelper.h.

References SignonDaemonNS::SignonAuthSession::id(), and isPeerAllowedToUseIdentity().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage,
		const quint32	ownerIdentityId
	)

inline

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters

peerConnection	the connection over which the message was sent.
peerMessage,the	request message sent over DBUS by the process.
ownerIdentityId,id	of the Identity owning the authentication session.

Returns: true, if the peer is allowed, false otherwise.

Definition at line 131 of file accesscontrolmanagerhelper.h.

References isPeerAllowedToUseIdentity().

bool AccessControlManagerHelper::isPeerAllowedToUseIdentity	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage,
		const quint32	identityId
	)

Checks if a client process is allowed to use a specific SignonIdentity.

Parameters

peerConnection	the connection over which the message was sent.
peerMessage,the	request message sent over DBUS by the process.
identityId,the	SignonIdentity to be used.

Returns: true, if the peer is allowed, false otherwise.

Definition at line 67 of file accesscontrolmanagerhelper.cpp.

References SignonDaemonNS::CredentialsDB::accessControlList(), ApplicationIsOwner, SignonDaemonNS::CredentialsAccessManager::credentialsDB(), SignonDaemonNS::CredentialsDB::errorOccurred(), SignonDaemonNS::CredentialsAccessManager::instance(), isPeerOwnerOfIdentity(), peerHasOneOfAccesses(), and TRACE.

Referenced by SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonDaemonAdaptor::getIdentity(), and isPeerAllowedToUseAuthSession().

bool AccessControlManagerHelper::isPeerKeychainWidget	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage
	)

Parameters

peerConnection	the connection over which the message was sent.
peerMessage,the	request message sent over DBUS by the process.

Returns: true, if the peer is the Keychain Widget, false otherwise.

Definition at line 128 of file accesscontrolmanagerhelper.cpp.

References appIdOfPeer().

Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

AccessControlManagerHelper::IdentityOwnership AccessControlManagerHelper::isPeerOwnerOfIdentity	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage,
		const quint32	identityId
	)

Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.

Parameters

peerConnection	the connection over which the message was sent.
peerMessage,the	request message sent over DBUS by the process.
identityId,the	SignonIdentity in context.

Return values

ApplicationIsOwner/ApplicationIsNotOwner if the identity is/isn't the owner or IdentityDoesNotHaveOwner if the identity does not have an owner at all.

Definition at line 105 of file accesscontrolmanagerhelper.cpp.

References ApplicationIsNotOwner, ApplicationIsOwner, SignonDaemonNS::CredentialsAccessManager::credentialsDB(), SignonDaemonNS::CredentialsDB::errorOccurred(), IdentityDoesNotHaveOwner, SignonDaemonNS::CredentialsAccessManager::instance(), SignonDaemonNS::CredentialsDB::ownerList(), peerHasOneOfAccesses(), and TRACE.

Referenced by isPeerAllowedToUseIdentity(), SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

bool AccessControlManagerHelper::peerHasOneOfAccesses	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage,
		const QStringList	secContexts
	)

Checks if a client process is allowed to access at least one object from the list with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters

peerConnection	the connection over which the message was sent.
peerMessage,the	request message sent over DBUS by the process.
secContexts,the	objects' securityContexts to be checked against.

Returns: true, if the peer is allowed, false otherwise.

Definition at line 146 of file accesscontrolmanagerhelper.cpp.

References BLAME, isPeerAllowedToAccess(), and TRACE.

Referenced by isPeerAllowedToUseIdentity(), and isPeerOwnerOfIdentity().

pid_t AccessControlManagerHelper::pidOfPeer ( const QDBusContext & peerContext )

static

Parameters

peerContext,the context, which process id we want to know

Returns: process id of service client.

Definition at line 173 of file accesscontrolmanagerhelper.cpp.

Referenced by SignonDaemonNS::SignonAuthSessionAdaptor::cancel(), SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonAuthSessionAdaptor::objectUnref(), SignonDaemonNS::SignonAuthSessionAdaptor::process(), SignonDaemonNS::SignonAuthSessionAdaptor::queryAvailableMechanisms(), and SignonDaemonNS::SignonAuthSessionAdaptor::setId().

pid_t AccessControlManagerHelper::pidOfPeer	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage
	)

static

Definition at line 178 of file accesscontrolmanagerhelper.cpp.

References BLAME.

SignOn::AccessReply * AccessControlManagerHelper::requestAccessToIdentity	(	const QDBusConnection &	peerConnection,
		const QDBusMessage &	peerMessage,
		quint32	id
	)

Definition at line 205 of file accesscontrolmanagerhelper.cpp.

Referenced by SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), and SignonDaemonNS::SignonDaemonAdaptor::getIdentity().

The documentation for this class was generated from the following files:

src/signond/accesscontrolmanagerhelper.h
src/signond/accesscontrolmanagerhelper.cpp

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Enumeration Documentation

Constructor & Destructor Documentation

Member Function Documentation