SignonDaemonNS::AccessControlManagerHelper Class Reference

Contains helper functions related to Access Control. More...

#include <accesscontrolmanagerhelper.h>

List of all members.

Public Types
enum	IdentityOwnership { ApplicationIsOwner = 0, ApplicationIsNotOwner, IdentityDoesNotHaveOwner }
	Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity. More...
Public Member Functions
	AccessControlManagerHelper (SignOn::AbstractAccessControlManager *acManager)
	~AccessControlManagerHelper ()
bool	isPeerAllowedToUseIdentity (const QDBusMessage &peerMessage, const quint32 identityId)
	Checks if a client process is allowed to use a specific SignonIdentity.
IdentityOwnership	isPeerOwnerOfIdentity (const QDBusMessage &peerMessage, const quint32 identityId)
	Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.
bool	isPeerAllowedToUseAuthSession (const QDBusMessage &peerMessage, const SignonAuthSession &authSession)
	Checks if a specific process is allowed to use the SignonAuthSession functionality.
bool	isPeerAllowedToUseAuthSession (const QDBusMessage &peerMessage, const quint32 ownerIdentityId)
	Checks if a specific process is allowed to use the SignonAuthSession functionality.
bool	isPeerKeychainWidget (const QDBusMessage &peerMessage)
QString	appIdOfPeer (const QDBusMessage &peerMessage)
	Looks up for the application identifier of a specific client process.
bool	isPeerAllowedToAccess (const QDBusMessage &peerMessage, const QString securityContext)
	Checks if a client process is allowed to access objects with a certain security context.
bool	peerHasOneOfAccesses (const QDBusMessage &peerMessage, const QStringList secContexts)
	Checks if a client process is allowed to access at least one object from the list with a certain security context.
Static Public Member Functions
static pid_t	pidOfPeer (const QDBusContext &peerContext)
static AccessControlManagerHelper *	instance ()

---

Detailed Description

Contains helper functions related to Access Control.

Definition at line 52 of file accesscontrolmanagerhelper.h.

---

Member Enumeration Documentation

enum SignonDaemonNS::AccessControlManagerHelper::IdentityOwnership

Specifies the owner relationship of an application over a specific identity, or the lack of ownership over that specific identity.

See also:

isPeerOwnerOfIdentity().

Enumerator:

ApplicationIsOwner
ApplicationIsNotOwner
IdentityDoesNotHaveOwner

Definition at line 61 of file accesscontrolmanagerhelper.h.

---

Constructor & Destructor Documentation

AccessControlManagerHelper::AccessControlManagerHelper

(

SignOn::AbstractAccessControlManager *

acManager

)

Definition at line 45 of file accesscontrolmanagerhelper.cpp.

References BLAME.

AccessControlManagerHelper::~AccessControlManagerHelper

(

)

Definition at line 56 of file accesscontrolmanagerhelper.cpp.

---

Member Function Documentation

QString AccessControlManagerHelper::appIdOfPeer

(

const QDBusMessage &

peerMessage

)

Looks up for the application identifier of a specific client process.

Parameters:

peerMessage,the

request message sent over DBUS by the process.

Returns:

the application identifier of the process, or an empty string if none found.

Definition at line 122 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by SignonDaemonNS::SignonIdentity::addReference(), SignonDaemonNS::SignonIdentity::removeReference(), and SignonDaemonNS::SignonIdentity::store().

AccessControlManagerHelper * AccessControlManagerHelper::instance

(

)

[static]

Definition at line 40 of file accesscontrolmanagerhelper.cpp.

Referenced by SignonDaemonNS::SignonIdentityAdaptor::addReference(), SignonDaemonNS::SignonIdentity::addReference(), SignonDaemonNS::SignonDaemonAdaptor::clear(), SignonDaemonNS::SignonDaemonAdaptor::getAuthSessionObjectPath(), SignonDaemonNS::SignonDaemonAdaptor::getIdentity(), SignonDaemonNS::SignonIdentityAdaptor::getInfo(), isPeerAllowedToUseIdentity(), isPeerOwnerOfIdentity(), SignonDaemonNS::SignonDaemonAdaptor::queryIdentities(), SignonDaemonNS::SignonIdentityAdaptor::remove(), SignonDaemonNS::SignonIdentityAdaptor::removeReference(), SignonDaemonNS::SignonIdentity::removeReference(), SignonDaemonNS::SignonIdentityAdaptor::requestCredentialsUpdate(), SignonDaemonNS::SignonAuthSessionAdaptor::setId(), SignonDaemonNS::SignonIdentityAdaptor::signOut(), SignonDaemonNS::SignonIdentityAdaptor::store(), SignonDaemonNS::SignonIdentity::store(), SignonDaemonNS::SignonIdentityAdaptor::verifySecret(), and SignonDaemonNS::SignonIdentityAdaptor::verifyUser().

bool AccessControlManagerHelper::isPeerAllowedToAccess	(	const QDBusMessage &	peerMessage,
		const QString	securityContext
	)

Checks if a client process is allowed to access objects with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters:

peerMessage,the	request message sent over DBUS by the process.
securityContext,the	securityContext to be checked against.

Returns:

true, if the peer is allowed, false otherwise.

Definition at line 144 of file accesscontrolmanagerhelper.cpp.

References TRACE.

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession	(	const QDBusMessage &	peerMessage,
		const SignonAuthSession &	authSession
	)		[inline]

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters:

peerMessage,the	request message sent over DBUS by the process.
authSession,the	authentication session to be used by the peer request.

Returns:

true, if the peer is allowed, false otherwise.

Definition at line 108 of file accesscontrolmanagerhelper.h.

References SignonDaemonNS::SignonAuthSession::id(), and isPeerAllowedToUseIdentity().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession	(	const QDBusMessage &	peerMessage,
		const quint32	ownerIdentityId
	)		[inline]

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters:

peerMessage,the	request message sent over DBUS by the process.
ownerIdentityId,id	of the Identity owning the authentication session.

Returns:

true, if the peer is allowed, false otherwise.

Definition at line 122 of file accesscontrolmanagerhelper.h.

References isPeerAllowedToUseIdentity().

bool AccessControlManagerHelper::isPeerAllowedToUseIdentity	(	const QDBusMessage &	peerMessage,
		const quint32	identityId
	)

Checks if a client process is allowed to use a specific SignonIdentity.

Parameters:

peerMessage,the	request message sent over DBUS by the process.
identityId,the	SignonIdentity to be used.

Returns:

true, if the peer is allowed, false otherwise.

Definition at line 64 of file accesscontrolmanagerhelper.cpp.

References SignonDaemonNS::CredentialsDB::accessControlList(), SignonDaemonNS::CredentialsDB::errorOccurred(), instance(), peerHasOneOfAccesses(), and TRACE.

Referenced by isPeerAllowedToUseAuthSession().

bool AccessControlManagerHelper::isPeerKeychainWidget

(

const QDBusMessage &

peerMessage

)

Parameters:

peerMessage,the

request message sent over DBUS by the process.

Returns:

true, if the peer is the Keychain Widget, false otherwise.

Definition at line 115 of file accesscontrolmanagerhelper.cpp.

Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

AccessControlManagerHelper::IdentityOwnership AccessControlManagerHelper::isPeerOwnerOfIdentity	(	const QDBusMessage &	peerMessage,
		const quint32	identityId
	)

Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.

Parameters:

peerMessage,the	request message sent over DBUS by the process.
identityId,the	SignonIdentity in context.

Return values:

ApplicationIsOwner/ApplicationIsNotOwner

if the identity is/isn't the owner or IdentityDoesNotHaveOwner if the identity does not have an owner at all.

Definition at line 93 of file accesscontrolmanagerhelper.cpp.

References ApplicationIsNotOwner, ApplicationIsOwner, SignonDaemonNS::CredentialsDB::errorOccurred(), IdentityDoesNotHaveOwner, instance(), SignonDaemonNS::CredentialsDB::ownerList(), peerHasOneOfAccesses(), and TRACE.

Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

bool AccessControlManagerHelper::peerHasOneOfAccesses	(	const QDBusMessage &	peerMessage,
		const QStringList	secContexts
	)

Checks if a client process is allowed to access at least one object from the list with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters:

peerMessage,the	request message sent over DBUS by the process.
secContexts,the	objects' securityContexts to be checked against.

Returns:

true, if the peer is allowed, false otherwise.

Definition at line 129 of file accesscontrolmanagerhelper.cpp.

References BLAME, and TRACE.

Referenced by isPeerAllowedToUseIdentity(), and isPeerOwnerOfIdentity().

pid_t AccessControlManagerHelper::pidOfPeer

(

const QDBusContext &

peerContext

)

[static]

Parameters:

peerContext,the

context, which process id we want to know

Returns:

process id of service client.

Definition at line 152 of file accesscontrolmanagerhelper.cpp.

Referenced by SignonDaemonNS::SignonAuthSessionAdaptor::cancel(), SignonDaemonNS::SignonAuthSessionAdaptor::objectUnref(), SignonDaemonNS::SignonAuthSessionAdaptor::process(), SignonDaemonNS::SignonAuthSessionAdaptor::queryAvailableMechanisms(), and SignonDaemonNS::SignonAuthSessionAdaptor::setId().

---

The documentation for this class was generated from the following files:

• src/signond/accesscontrolmanagerhelper.h
• src/signond/accesscontrolmanagerhelper.cpp