27 #define SIGNON_ENABLE_UNSTABLE_APIS
35 #include "SignOn/ExtensionInterface"
36 #include "SignOn/misc.h"
42 #define RETURN_IF_NOT_INITIALIZED(return_value) \
44 if (!m_isInitialized) { \
45 m_error = NotInitialized; \
46 TRACE() << "CredentialsAccessManager not initialized."; \
47 return return_value; \
51 using namespace SignonDaemonNS;
52 using namespace SignOn;
59 m_encryptionPassphrase(QByteArray())
69 if (!device->open(QIODevice::ReadWrite)) {
74 QTextStream stream(&buffer);
75 stream <<
"\n\n====== Credentials Access Manager Configuration ======\n\n";
76 const char *usingEncryption =
useEncryption() ?
"true" :
"false";
77 stream <<
"Using encryption: " << usingEncryption <<
'\n';
82 stream <<
"======================================================\n\n";
83 device->write(buffer.toUtf8());
94 return m_settings.value(QLatin1String(
"CryptoManager"),
95 QLatin1String(
"default")).toString();
100 return m_settings.value(QLatin1String(
"AccessControlManager"),
101 QLatin1String(
"default")).toString();
111 return m_settings.value(QLatin1String(
"SecretsStorage"),
112 QLatin1String(
"default")).toString();
131 m_isInitialized(false),
132 m_systemOpened(false),
135 m_pCredentialsDB(NULL),
136 m_cryptoManager(NULL),
138 m_keyAuthorizer(NULL),
139 m_secretsStorage(NULL),
140 m_CAMConfiguration(configuration),
142 m_acManagerHelper(NULL)
147 BLAME() <<
"Creating a second instance of the CAM";
150 m_keyHandler =
new SignOn::KeyHandler(
this);
173 foreach (SignOn::AbstractKeyManager *keyManager, keyManagers)
174 keyManager->disconnect();
176 m_isInitialized =
false;
182 if (m_isInitialized) {
183 TRACE() <<
"CAM already initialized.";
190 TRACE() <<
"Initializing CredentialsAccessManager with configuration: " <<
193 if (!createStorageDir()) {
194 BLAME() <<
"Failed to create storage directory.";
198 if (m_secretsStorage == 0) {
200 if (name != QLatin1String(
"default")) {
201 BLAME() <<
"Couldn't load SecretsStorage:" << name;
203 TRACE() <<
"No SecretsStorage set, using default (dummy)";
208 if (m_acManager == 0) {
210 if (name != QLatin1String(
"default")) {
211 BLAME() <<
"Couldn't load AccessControlManager:" << name;
213 TRACE() <<
"No AccessControlManager set, using default (dummy)";
214 m_acManager =
new SignOn::AbstractAccessControlManager(
this);
218 if (m_acManagerHelper == 0) {
223 if (m_cryptoManager == 0) {
225 if (name != QLatin1String(
"default")) {
226 BLAME() <<
"Couldn't load CryptoManager:" << name;
228 TRACE() <<
"No CryptoManager set, using default (dummy)";
231 QObject::connect(m_cryptoManager, SIGNAL(fileSystemMounted()),
232 this, SLOT(onEncryptedFSMounted()));
233 QObject::connect(m_cryptoManager, SIGNAL(fileSystemUnmounting()),
234 this, SLOT(onEncryptedFSUnmounting()));
235 m_cryptoManager->initialize(m_CAMConfiguration.
m_settings);
241 if (m_keyAuthorizer == 0) {
242 TRACE() <<
"No key authorizer set, using default";
245 QObject::connect(m_keyAuthorizer,
246 SIGNAL(keyAuthorizationQueried(
const SignOn::Key,
int)),
248 SLOT(onKeyAuthorizationQueried(
const SignOn::Key,
int)));
254 QObject::connect(m_keyHandler, SIGNAL(ready()),
256 QObject::connect(m_keyHandler, SIGNAL(keyInserted(SignOn::Key)),
257 this, SLOT(onKeyInserted(SignOn::Key)));
258 QObject::connect(m_keyHandler,
259 SIGNAL(lastAuthorizedKeyRemoved(SignOn::Key)),
261 SLOT(onLastAuthorizedKeyRemoved(SignOn::Key)));
262 QObject::connect(m_keyHandler, SIGNAL(keyRemoved(SignOn::Key)),
263 this, SLOT(onKeyRemoved(SignOn::Key)));
264 m_keyHandler->initialize(m_cryptoManager, keyManagers);
267 m_isInitialized =
true;
270 TRACE() <<
"CredentialsAccessManager successfully initialized...";
275 SignOn::AbstractKeyManager *keyManager)
277 keyManagers.append(keyManager);
282 bool extensionInUse =
false;
284 SignOn::ExtensionInterface *extension;
285 SignOn::ExtensionInterface2 *extension2;
286 SignOn::ExtensionInterface3 *extension3;
288 extension3 = qobject_cast<SignOn::ExtensionInterface3 *>(plugin);
291 extension2 = extension3;
293 extension2 = qobject_cast<SignOn::ExtensionInterface2 *>(plugin);
296 extension = extension2;
298 extension = qobject_cast<SignOn::ExtensionInterface *>(plugin);
300 if (extension == 0) {
301 qWarning() <<
"Plugin instance is not an ExtensionInterface";
305 SignOn::AbstractKeyManager *keyManager = extension->keyManager(
this);
308 extensionInUse =
true;
313 if (extension2 != 0) {
314 SignOn::AbstractKeyAuthorizer *keyAuthorizer =
315 extension2->keyAuthorizer(m_keyHandler,
this);
316 if (keyAuthorizer != 0) {
317 if (m_keyAuthorizer == 0) {
318 m_keyAuthorizer = keyAuthorizer;
319 extensionInUse =
true;
321 TRACE() <<
"Key authorizer already set";
322 delete keyAuthorizer;
327 if (extension3 != 0) {
331 SignOn::AbstractCryptoManager *cryptoManager =
332 extension3->cryptoManager(
this);
333 if (cryptoManager != 0) {
334 if (m_cryptoManager == 0) {
335 m_cryptoManager = cryptoManager;
336 extensionInUse =
true;
338 TRACE() <<
"Crypto manager already set";
339 delete cryptoManager;
345 SignOn::AbstractSecretsStorage *secretsStorage =
346 extension3->secretsStorage(
this);
347 if (secretsStorage != 0) {
348 if (m_secretsStorage == 0) {
349 m_secretsStorage = secretsStorage;
350 extensionInUse =
true;
352 TRACE() <<
"SecretsStorage already set";
353 delete secretsStorage;
360 if (plugin->objectName() ==
362 SignOn::AbstractAccessControlManager *acManager =
363 extension3->accessControlManager(
this);
364 if (acManager != 0) {
365 if (m_acManager == 0) {
366 m_acManager = acManager;
367 extensionInUse =
true;
369 TRACE() <<
"Access control manager already set";
375 return extensionInUse;
382 files << m_cryptoManager->backupFiles();
386 bool CredentialsAccessManager::openSecretsDB()
388 if (!m_cryptoManager->fileSystemIsMounted()) {
395 QString dbPath = m_cryptoManager->fileSystemMountPath()
399 TRACE() <<
"Database name: [" << dbPath <<
"]";
408 bool CredentialsAccessManager::isSecretsDBOpen()
413 bool CredentialsAccessManager::closeSecretsDB()
417 if (!m_cryptoManager->unmountFileSystem()) {
425 bool CredentialsAccessManager::createStorageDir()
429 QFileInfo fileInfo(dbPath);
430 if (!fileInfo.exists()) {
431 QDir storageDir(fileInfo.dir());
432 if (!storageDir.mkpath(storageDir.path())) {
433 BLAME() <<
"Could not create storage directory:" <<
443 bool CredentialsAccessManager::openMetaDataDB()
447 m_pCredentialsDB =
new CredentialsDB(dbPath, m_secretsStorage);
449 if (!m_pCredentialsDB->
init()) {
457 void CredentialsAccessManager::closeMetaDataDB()
459 if (m_pCredentialsDB) {
460 delete m_pCredentialsDB;
461 m_pCredentialsDB = NULL;
469 if (!openMetaDataDB()) {
470 BLAME() <<
"Couldn't open metadata DB!";
474 m_systemOpened =
true;
476 if (m_cryptoManager->fileSystemIsMounted()) {
477 if (!openSecretsDB()) {
478 BLAME() <<
"Failed to open secrets DB.";
486 m_cryptoManager->mountFileSystem();
499 bool allClosed =
true;
500 if (isSecretsDBOpen() && !closeSecretsDB())
506 m_systemOpened =
false;
519 BLAME() <<
"Not implemented";
527 return m_pCredentialsDB;
532 return (m_keyHandler != 0) ? m_keyHandler->isReady() :
true;
535 void CredentialsAccessManager::onKeyInserted(
const SignOn::Key key)
537 TRACE() <<
"Key inserted.";
539 if (!m_keyHandler->keyIsAuthorized(key))
540 m_keyAuthorizer->queryKeyAuthorization(
541 key, AbstractKeyAuthorizer::KeyInserted);
544 void CredentialsAccessManager::onLastAuthorizedKeyRemoved(
const SignOn::Key key)
547 TRACE() <<
"All keys disabled. Closing secure storage.";
548 if (isSecretsDBOpen() || m_cryptoManager->fileSystemIsMounted())
549 if (!closeSecretsDB())
550 BLAME() <<
"Error occurred while closing secure storage.";
553 void CredentialsAccessManager::onKeyRemoved(
const SignOn::Key key)
555 TRACE() <<
"Key removed.";
557 if (m_keyHandler->keyIsAuthorized(key)) {
558 if (!m_keyHandler->revokeKeyAuthorization(key)) {
559 BLAME() <<
"Revoking key authorization failed";
564 void CredentialsAccessManager::onKeyAuthorizationQueried(
const SignOn::Key key,
567 TRACE() <<
"result:" << result;
569 if (result != AbstractKeyAuthorizer::Denied) {
570 KeyHandler::AuthorizeFlags flags = KeyHandler::None;
571 if (result == AbstractKeyAuthorizer::Exclusive) {
572 TRACE() <<
"Reformatting secure storage.";
573 flags |= KeyHandler::FormatStorage;
576 if (!m_keyHandler->authorizeKey(key, flags)) {
577 BLAME() <<
"Authorization failed";
581 replyToSecureStorageEventNotifiers();
586 if (m_keyHandler == 0)
return false;
587 return !m_keyHandler->insertedKeys().isEmpty();
590 void CredentialsAccessManager::replyToSecureStorageEventNotifiers()
599 foreach (
EventSender object, m_secureStorageEventNotifiers) {
606 QCoreApplication::postEvent(
609 Qt::HighEventPriority);
612 m_secureStorageEventNotifiers.clear();
617 TRACE() <<
"Custom event received.";
628 m_secureStorageEventNotifiers.append(localEvent->
m_sender);
630 TRACE() <<
"Processing secure storage not available event.";
631 if ((localEvent == 0) || (m_pCredentialsDB == 0)) {
632 replyToSecureStorageEventNotifiers();
639 replyToSecureStorageEventNotifiers();
645 m_keyAuthorizer->queryKeyAuthorization(key,
646 AbstractKeyAuthorizer::StorageNeeded);
651 void CredentialsAccessManager::onEncryptedFSMounted()
656 if (!isSecretsDBOpen()) {
657 if (openSecretsDB()) {
658 TRACE() <<
"Secrets DB opened.";
660 BLAME() <<
"Failed to open secrets DB.";
663 BLAME() <<
"Secrets DB already opened?";
667 void CredentialsAccessManager::onEncryptedFSUnmounting()
672 if (isSecretsDBOpen()) {