signon  8.42
SignonDaemonNS::AccessControlManagerHelper Class Reference

Contains helper functions related to Access Control. More...

#include <accesscontrolmanagerhelper.h>

Public Types

enum  IdentityOwnership { ApplicationIsOwner = 0, ApplicationIsNotOwner, IdentityDoesNotHaveOwner }
 Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity. More...

Public Member Functions

 AccessControlManagerHelper (SignOn::AbstractAccessControlManager *acManager)
 ~AccessControlManagerHelper ()
bool isPeerAllowedToUseIdentity (const QDBusMessage &peerMessage, const quint32 identityId)
 Checks if a client process is allowed to use a specific SignonIdentity.
IdentityOwnership isPeerOwnerOfIdentity (const QDBusMessage &peerMessage, const quint32 identityId)
 Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.
bool isPeerAllowedToUseAuthSession (const QDBusMessage &peerMessage, const SignonAuthSession &authSession)
 Checks if a specific process is allowed to use the SignonAuthSession functionality.
bool isPeerAllowedToUseAuthSession (const QDBusMessage &peerMessage, const quint32 ownerIdentityId)
 Checks if a specific process is allowed to use the SignonAuthSession functionality.
bool isPeerKeychainWidget (const QDBusMessage &peerMessage)
QString appIdOfPeer (const QDBusMessage &peerMessage)
 Looks up for the application identifier of a specific client process.
bool isPeerAllowedToAccess (const QDBusMessage &peerMessage, const QString securityContext)
 Checks if a client process is allowed to access objects with a certain security context.
bool peerHasOneOfAccesses (const QDBusMessage &peerMessage, const QStringList secContexts)
 Checks if a client process is allowed to access at least one object from the list with a certain security context.

Static Public Member Functions

static pid_t pidOfPeer (const QDBusContext &peerContext)
static AccessControlManagerHelperinstance ()

Detailed Description

Contains helper functions related to Access Control.

Definition at line 52 of file accesscontrolmanagerhelper.h.

Member Enumeration Documentation

Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity.

See Also
isPeerOwnerOfIdentity().
Enumerator:
ApplicationIsOwner 
ApplicationIsNotOwner 
IdentityDoesNotHaveOwner 

Definition at line 61 of file accesscontrolmanagerhelper.h.

Constructor & Destructor Documentation

AccessControlManagerHelper::AccessControlManagerHelper ( SignOn::AbstractAccessControlManager *  acManager)

Definition at line 45 of file accesscontrolmanagerhelper.cpp.

References BLAME.

AccessControlManagerHelper::~AccessControlManagerHelper ( )

Definition at line 56 of file accesscontrolmanagerhelper.cpp.

Member Function Documentation

QString AccessControlManagerHelper::appIdOfPeer ( const QDBusMessage &  peerMessage)

Looks up for the application identifier of a specific client process.

Parameters
peerMessage,therequest message sent over DBUS by the process.
Returns
the application identifier of the process, or an empty string if none found.

Definition at line 122 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by SignonDaemonNS::SignonIdentity::addReference(), SignonDaemonNS::SignonIdentity::removeReference(), and SignonDaemonNS::SignonIdentity::store().

bool AccessControlManagerHelper::isPeerAllowedToAccess ( const QDBusMessage &  peerMessage,
const QString  securityContext 
)

Checks if a client process is allowed to access objects with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters
peerMessage,therequest message sent over DBUS by the process.
securityContext,thesecurityContext to be checked against.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 144 of file accesscontrolmanagerhelper.cpp.

References TRACE.

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession ( const QDBusMessage &  peerMessage,
const SignonAuthSession authSession 
)
inline

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters
peerMessage,therequest message sent over DBUS by the process.
authSession,theauthentication session to be used by the peer request.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 108 of file accesscontrolmanagerhelper.h.

References SignonDaemonNS::SignonAuthSession::id(), and isPeerAllowedToUseIdentity().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession ( const QDBusMessage &  peerMessage,
const quint32  ownerIdentityId 
)
inline

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters
peerMessage,therequest message sent over DBUS by the process.
ownerIdentityId,idof the Identity owning the authentication session.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 122 of file accesscontrolmanagerhelper.h.

References isPeerAllowedToUseIdentity().

bool AccessControlManagerHelper::isPeerAllowedToUseIdentity ( const QDBusMessage &  peerMessage,
const quint32  identityId 
)

Checks if a client process is allowed to use a specific SignonIdentity.

Parameters
peerMessage,therequest message sent over DBUS by the process.
identityId,theSignonIdentity to be used.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 64 of file accesscontrolmanagerhelper.cpp.

References SignonDaemonNS::CredentialsDB::accessControlList(), SignonDaemonNS::CredentialsDB::errorOccurred(), instance(), peerHasOneOfAccesses(), and TRACE.

Referenced by isPeerAllowedToUseAuthSession().

bool AccessControlManagerHelper::isPeerKeychainWidget ( const QDBusMessage &  peerMessage)
Parameters
peerMessage,therequest message sent over DBUS by the process.
Returns
true, if the peer is the Keychain Widget, false otherwise.

Definition at line 115 of file accesscontrolmanagerhelper.cpp.

Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

AccessControlManagerHelper::IdentityOwnership AccessControlManagerHelper::isPeerOwnerOfIdentity ( const QDBusMessage &  peerMessage,
const quint32  identityId 
)

Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.

Parameters
peerMessage,therequest message sent over DBUS by the process.
identityId,theSignonIdentity in context.
Return values
ApplicationIsOwner/ApplicationIsNotOwnerif the identity is/isn't the owner or IdentityDoesNotHaveOwner if the identity does not have an owner at all.

Definition at line 93 of file accesscontrolmanagerhelper.cpp.

References ApplicationIsNotOwner, ApplicationIsOwner, SignonDaemonNS::CredentialsDB::errorOccurred(), IdentityDoesNotHaveOwner, instance(), SignonDaemonNS::CredentialsDB::ownerList(), peerHasOneOfAccesses(), and TRACE.

Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

bool AccessControlManagerHelper::peerHasOneOfAccesses ( const QDBusMessage &  peerMessage,
const QStringList  secContexts 
)

Checks if a client process is allowed to access at least one object from the list with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters
peerMessage,therequest message sent over DBUS by the process.
secContexts,theobjects' securityContexts to be checked against.
Returns
true, if the peer is allowed, false otherwise.

Definition at line 129 of file accesscontrolmanagerhelper.cpp.

References BLAME, and TRACE.

Referenced by isPeerAllowedToUseIdentity(), and isPeerOwnerOfIdentity().

pid_t AccessControlManagerHelper::pidOfPeer ( const QDBusContext &  peerContext)
static

The documentation for this class was generated from the following files: