signon  8.42
signonauthsessionadaptor.cpp
Go to the documentation of this file.
1 /*
2  * This file is part of signon
3  *
4  * Copyright (C) 2009-2010 Nokia Corporation.
5  * Copyright (C) 2011 Intel Corporation.
6  *
7  * Contact: Alberto Mardegan <alberto.mardegan@canonical.com>
8  * Contact: Jussi Laako <jussi.laako@linux.intel.com>
9  *
10  * This library is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU Lesser General Public License
12  * version 2.1 as published by the Free Software Foundation.
13  *
14  * This library is distributed in the hope that it will be useful, but
15  * WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with this library; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
22  * 02110-1301 USA
23  */
24 
28 #include "credentialsdb.h"
29 
30 namespace SignonDaemonNS {
31 
32 SignonAuthSessionAdaptor::SignonAuthSessionAdaptor(SignonAuthSession *parent):
33  QDBusAbstractAdaptor(parent)
34 {
35  setAutoRelaySignals(true);
36 }
37 
38 SignonAuthSessionAdaptor::~SignonAuthSessionAdaptor()
39 {
40 }
41 
42 void SignonAuthSessionAdaptor::errorReply(const QString &name,
43  const QString &message)
44 {
45  QDBusMessage errReply =
46  static_cast<QDBusContext *>(parent())->message().
47  createErrorReply(name, message);
48  SIGNOND_BUS.send(errReply);
49 }
50 
51 QStringList
53  const QStringList &wantedMechanisms)
54 {
55  TRACE();
56 
57  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
58  if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
59  parent()->ownerPid()) {
60  TRACE() << "queryAvailableMechanisms called from peer that doesn't "
61  "own the AuthSession object\n";
62  QString errMsg;
63  QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
64  << " Authentication session owned by other "
65  "process.";
66  errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
67  return QStringList();
68  }
69 
70  return parent()->queryAvailableMechanisms(wantedMechanisms);
71 }
72 
73 QVariantMap SignonAuthSessionAdaptor::process(const QVariantMap &sessionDataVa,
74  const QString &mechanism)
75 {
76  TRACE();
77 
78  QString allowedMechanism(mechanism);
79 
80  if (parent()->id() != SIGNOND_NEW_IDENTITY) {
81  CredentialsDB *db =
83  if (db) {
84  SignonIdentityInfo identityInfo = db->credentials(parent()->id(),
85  false);
86  if (!identityInfo.checkMethodAndMechanism(parent()->method(),
87  mechanism,
88  allowedMechanism)) {
89  QString errMsg;
90  QTextStream(&errMsg) << SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_STR
91  << " Method:"
92  << parent()->method()
93  << ", mechanism:"
94  << mechanism
95  << ", allowed:"
96  << allowedMechanism;
97  errorReply(SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_NAME,
98  errMsg);
99  return QVariantMap();
100  }
101  } else {
102  BLAME() << "Null database handler object.";
103  }
104  }
105 
106  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
107  if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
108  parent()->ownerPid()) {
109  TRACE() << "process called from peer that doesn't own the AuthSession "
110  "object";
111  QString errMsg;
112  QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
113  << " Authentication session owned by other "
114  "process.";
115  errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
116  return QVariantMap();
117  }
118 
119  return parent()->process(sessionDataVa, allowedMechanism);
120 }
121 
123 {
124  TRACE();
125 
126  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
127  if (AccessControlManagerHelper::pidOfPeer(dbusContext) != parent()->ownerPid()) {
128  TRACE() << "cancel called from peer that doesn't own the AuthSession "
129  "object";
130  return;
131  }
132 
133  parent()->cancel();
134 }
135 
137 {
138  TRACE();
139 
140  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
141  if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
142  parent()->ownerPid()) {
143  TRACE() << "setId called from peer that doesn't own the AuthSession "
144  "object";
145  return;
146  }
147  if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
148  dbusContext.message(), id)) {
149  TRACE() << "setId called with an identifier the peer is not allowed "
150  "to use";
151  return;
152  }
153 
154  parent()->setId(id);
155 }
156 
158 {
159  TRACE();
160 
161  QDBusContext &dbusContext = *static_cast<QDBusContext *>(parent());
162  if (AccessControlManagerHelper::pidOfPeer(dbusContext) !=
163  parent()->ownerPid()) {
164  TRACE() << "objectUnref called from peer that doesn't own the "
165  "AuthSession object";
166  return;
167  }
168 
169  parent()->objectUnref();
170 }
171 
172 } //namespace SignonDaemonNS