signon
8.42
|
Contains helper functions related to Access Control. More...
#include <accesscontrolmanagerhelper.h>
Public Types | |
enum | IdentityOwnership { ApplicationIsOwner = 0, ApplicationIsNotOwner, IdentityDoesNotHaveOwner } |
Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity. More... |
Public Member Functions | |
AccessControlManagerHelper (SignOn::AbstractAccessControlManager *acManager) | |
~AccessControlManagerHelper () | |
bool | isPeerAllowedToUseIdentity (const QDBusMessage &peerMessage, const quint32 identityId) |
Checks if a client process is allowed to use a specific SignonIdentity. | |
IdentityOwnership | isPeerOwnerOfIdentity (const QDBusMessage &peerMessage, const quint32 identityId) |
Checks if a specific process is the owner of a SignonIdentity, thus having full control over it. | |
bool | isPeerAllowedToUseAuthSession (const QDBusMessage &peerMessage, const SignonAuthSession &authSession) |
Checks if a specific process is allowed to use the SignonAuthSession functionality. | |
bool | isPeerAllowedToUseAuthSession (const QDBusMessage &peerMessage, const quint32 ownerIdentityId) |
Checks if a specific process is allowed to use the SignonAuthSession functionality. | |
bool | isPeerKeychainWidget (const QDBusMessage &peerMessage) |
QString | appIdOfPeer (const QDBusMessage &peerMessage) |
Looks up for the application identifier of a specific client process. | |
bool | isPeerAllowedToAccess (const QDBusMessage &peerMessage, const QString securityContext) |
Checks if a client process is allowed to access objects with a certain security context. | |
bool | peerHasOneOfAccesses (const QDBusMessage &peerMessage, const QStringList secContexts) |
Checks if a client process is allowed to access at least one object from the list with a certain security context. |
Static Public Member Functions | |
static pid_t | pidOfPeer (const QDBusContext &peerContext) |
static AccessControlManagerHelper * | instance () |
Contains helper functions related to Access Control.
Definition at line 52 of file accesscontrolmanagerhelper.h.
Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity.
Definition at line 61 of file accesscontrolmanagerhelper.h.
AccessControlManagerHelper::AccessControlManagerHelper | ( | SignOn::AbstractAccessControlManager * | acManager | ) |
Definition at line 45 of file accesscontrolmanagerhelper.cpp.
References BLAME.
AccessControlManagerHelper::~AccessControlManagerHelper | ( | ) |
Definition at line 56 of file accesscontrolmanagerhelper.cpp.
QString AccessControlManagerHelper::appIdOfPeer | ( | const QDBusMessage & | peerMessage | ) |
Looks up for the application identifier of a specific client process.
peerMessage,the | request message sent over DBUS by the process. |
Definition at line 122 of file accesscontrolmanagerhelper.cpp.
References TRACE.
Referenced by SignonDaemonNS::SignonIdentity::addReference(), SignonDaemonNS::SignonIdentity::removeReference(), and SignonDaemonNS::SignonIdentity::store().
|
static |
Definition at line 40 of file accesscontrolmanagerhelper.cpp.
Referenced by SignonDaemonNS::SignonIdentityAdaptor::addReference(), SignonDaemonNS::SignonIdentity::addReference(), SignonDaemonNS::SignonDaemonAdaptor::clear(), SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonDaemonAdaptor::getIdentity(), SignonDaemonNS::SignonIdentityAdaptor::getInfo(), isPeerAllowedToUseIdentity(), isPeerOwnerOfIdentity(), SignonDaemonNS::SignonDaemonAdaptor::queryIdentities(), SignonDaemonNS::SignonIdentityAdaptor::remove(), SignonDaemonNS::SignonIdentityAdaptor::removeReference(), SignonDaemonNS::SignonIdentity::removeReference(), SignonDaemonNS::SignonIdentityAdaptor::requestCredentialsUpdate(), SignonDaemonNS::SignonAuthSessionAdaptor::setId(), SignonDaemonNS::SignonIdentityAdaptor::signOut(), SignonDaemonNS::SignonIdentityAdaptor::store(), SignonDaemonNS::SignonIdentity::store(), SignonDaemonNS::SignonIdentityAdaptor::verifySecret(), and SignonDaemonNS::SignonIdentityAdaptor::verifyUser().
bool AccessControlManagerHelper::isPeerAllowedToAccess | ( | const QDBusMessage & | peerMessage, |
const QString | securityContext | ||
) |
Checks if a client process is allowed to access objects with a certain security context.
The access type to be checked depends on the concrete implementation of this function.
peerMessage,the | request message sent over DBUS by the process. |
securityContext,the | securityContext to be checked against. |
Definition at line 144 of file accesscontrolmanagerhelper.cpp.
References TRACE.
|
inline |
Checks if a specific process is allowed to use the SignonAuthSession functionality.
peerMessage,the | request message sent over DBUS by the process. |
authSession,the | authentication session to be used by the peer request. |
Definition at line 108 of file accesscontrolmanagerhelper.h.
References SignonDaemonNS::SignonAuthSession::id(), and isPeerAllowedToUseIdentity().
|
inline |
Checks if a specific process is allowed to use the SignonAuthSession functionality.
peerMessage,the | request message sent over DBUS by the process. |
ownerIdentityId,id | of the Identity owning the authentication session. |
Definition at line 122 of file accesscontrolmanagerhelper.h.
References isPeerAllowedToUseIdentity().
bool AccessControlManagerHelper::isPeerAllowedToUseIdentity | ( | const QDBusMessage & | peerMessage, |
const quint32 | identityId | ||
) |
Checks if a client process is allowed to use a specific SignonIdentity.
peerMessage,the | request message sent over DBUS by the process. |
identityId,the | SignonIdentity to be used. |
Definition at line 64 of file accesscontrolmanagerhelper.cpp.
References SignonDaemonNS::CredentialsDB::accessControlList(), SignonDaemonNS::CredentialsDB::errorOccurred(), instance(), peerHasOneOfAccesses(), and TRACE.
Referenced by isPeerAllowedToUseAuthSession().
bool AccessControlManagerHelper::isPeerKeychainWidget | ( | const QDBusMessage & | peerMessage | ) |
peerMessage,the | request message sent over DBUS by the process. |
Definition at line 115 of file accesscontrolmanagerhelper.cpp.
Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().
AccessControlManagerHelper::IdentityOwnership AccessControlManagerHelper::isPeerOwnerOfIdentity | ( | const QDBusMessage & | peerMessage, |
const quint32 | identityId | ||
) |
Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.
peerMessage,the | request message sent over DBUS by the process. |
identityId,the | SignonIdentity in context. |
ApplicationIsOwner/ApplicationIsNotOwner | if the identity is/isn't the owner or IdentityDoesNotHaveOwner if the identity does not have an owner at all. |
Definition at line 93 of file accesscontrolmanagerhelper.cpp.
References ApplicationIsNotOwner, ApplicationIsOwner, SignonDaemonNS::CredentialsDB::errorOccurred(), IdentityDoesNotHaveOwner, instance(), SignonDaemonNS::CredentialsDB::ownerList(), peerHasOneOfAccesses(), and TRACE.
Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().
bool AccessControlManagerHelper::peerHasOneOfAccesses | ( | const QDBusMessage & | peerMessage, |
const QStringList | secContexts | ||
) |
Checks if a client process is allowed to access at least one object from the list with a certain security context.
The access type to be checked depends on the concrete implementation of this function.
peerMessage,the | request message sent over DBUS by the process. |
secContexts,the | objects' securityContexts to be checked against. |
Definition at line 129 of file accesscontrolmanagerhelper.cpp.
Referenced by isPeerAllowedToUseIdentity(), and isPeerOwnerOfIdentity().
|
static |
peerContext,the | context, which process id we want to know |
Definition at line 152 of file accesscontrolmanagerhelper.cpp.
Referenced by SignonDaemonNS::SignonAuthSessionAdaptor::cancel(), SignonDaemonNS::SignonAuthSessionAdaptor::objectUnref(), SignonDaemonNS::SignonAuthSessionAdaptor::process(), SignonDaemonNS::SignonAuthSessionAdaptor::queryAvailableMechanisms(), and SignonDaemonNS::SignonAuthSessionAdaptor::setId().