signon  8.42
accesscontrolmanagerhelper.cpp
Go to the documentation of this file.
1 /* -*- Mode: C++; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3  * This file is part of signon
4  *
5  * Copyright (C) 2009-2010 Nokia Corporation.
6  * Copyright (C) 2011 Intel Corporation.
7  *
8  * Contact: Aurel Popirtac <ext-aurel.popirtac@nokia.com>
9  * Contact: Alberto Mardegan <alberto.mardegan@canonical.com>
10  * Contact: Elena Reshetova <elena.reshetova@intel.com>
11  *
12  * This library is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU Lesser General Public License
14  * version 2.1 as published by the Free Software Foundation.
15  *
16  * This library is distributed in the hope that it will be useful, but
17  * WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19  * Lesser General Public License for more details.
20  *
21  * You should have received a copy of the GNU Lesser General Public
22  * License along with this library; if not, write to the Free Software
23  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
24  * 02110-1301 USA
25  */
26 
27 #include <QBuffer>
28 #include <QDBusConnection>
29 #include <QDBusConnectionInterface>
30 
32 #include "signond-common.h"
34 #include "signonidentity.h"
35 
36 using namespace SignonDaemonNS;
37 
38 AccessControlManagerHelper *AccessControlManagerHelper::m_pInstance = NULL;
39 
41 {
42  return m_pInstance;
43 }
44 
46  SignOn::AbstractAccessControlManager *acManager)
47 {
48  if (!m_pInstance) {
49  m_pInstance = this;
50  m_acManager = acManager;
51  } else {
52  BLAME() << "Creating a second instance of the CAM";
53  }
54 }
55 
57 {
58  m_acManager = NULL;
59  m_pInstance = NULL;
60 }
61 
62 
63 bool
65  const QDBusMessage &peerMessage,
66  const quint32 identityId)
67 {
68  // TODO - improve this, the error handling and more precise behaviour
69 
70  CredentialsDB *db = CredentialsAccessManager::instance()->credentialsDB();
71  if (db == 0) {
72  TRACE() << "NULL db pointer, secure storage might be unavailable,";
73  return false;
74  }
75  QStringList acl = db->accessControlList(identityId);
76 
77  TRACE() << QString(QLatin1String("Access control list of identity: "
78  "%1: [%2].Tokens count: %3\t"))
79  .arg(identityId)
80  .arg(acl.join(QLatin1String(", ")))
81  .arg(acl.size());
82 
83  if (db->errorOccurred())
84  return false;
85 
86  if (acl.isEmpty())
87  return true;
88 
89  return peerHasOneOfAccesses(peerMessage, acl);
90 }
91 
94  const QDBusMessage &peerMessage,
95  const quint32 identityId)
96 {
97  CredentialsDB *db = CredentialsAccessManager::instance()->credentialsDB();
98  if (db == 0) {
99  TRACE() << "NULL db pointer, secure storage might be unavailable,";
100  return ApplicationIsNotOwner;
101  }
102  QStringList ownerSecContexts = db->ownerList(identityId);
103 
104  if (db->errorOccurred())
105  return ApplicationIsNotOwner;
106 
107  if (ownerSecContexts.isEmpty())
109 
110  return peerHasOneOfAccesses(peerMessage, ownerSecContexts) ?
112 }
113 
114 bool
115 AccessControlManagerHelper::isPeerKeychainWidget(const QDBusMessage &peerMessage)
116 {
117  static QString keychainWidgetAppId = m_acManager->keychainWidgetAppId();
118  QString peerAppId = m_acManager->appIdOfPeer(peerMessage);
119  return (peerAppId == keychainWidgetAppId);
120 }
121 
122 QString AccessControlManagerHelper::appIdOfPeer(const QDBusMessage &peerMessage)
123 {
124  TRACE() << m_acManager->appIdOfPeer(peerMessage);
125  return m_acManager->appIdOfPeer(peerMessage);
126 }
127 
128 bool
129 AccessControlManagerHelper::peerHasOneOfAccesses(const QDBusMessage &peerMessage,
130  const QStringList secContexts)
131 {
132  foreach(QString securityContext, secContexts)
133  {
134  TRACE() << securityContext;
135  if (m_acManager->isPeerAllowedToAccess(peerMessage, securityContext))
136  return true;
137  }
138 
139  BLAME() << "given peer does not have needed permissions";
140  return false;
141 }
142 
143 bool
145  const QDBusMessage &peerMessage,
146  const QString securityContext)
147 {
148  TRACE() << securityContext;
149  return m_acManager->isPeerAllowedToAccess(peerMessage, securityContext);
150 }
151 
152 pid_t AccessControlManagerHelper::pidOfPeer(const QDBusContext &peerContext)
153 {
154  QString service = peerContext.message().service();
155  return peerContext.connection().interface()->servicePid(service).value();
156 }
157