signon  8.40
signonidentityadaptor.cpp
Go to the documentation of this file.
00001 /*
00002  * This file is part of signon
00003  *
00004  * Copyright (C) 2009-2010 Nokia Corporation.
00005  * Copyright (C) 2011 Intel Corporation.
00006  *
00007  * Contact: Aurel Popirtac <ext-aurel.popirtac@nokia.com>
00008  * Contact: Alberto Mardegan <alberto.mardegan@canonical.com>
00009  * Contact: Jussi Laako <jussi.laako@linux.intel.com>
00010  *
00011  * This library is free software; you can redistribute it and/or
00012  * modify it under the terms of the GNU Lesser General Public License
00013  * version 2.1 as published by the Free Software Foundation.
00014  *
00015  * This library is distributed in the hope that it will be useful, but
00016  * WITHOUT ANY WARRANTY; without even the implied warranty of
00017  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00018  * Lesser General Public License for more details.
00019  *
00020  * You should have received a copy of the GNU Lesser General Public
00021  * License along with this library; if not, write to the Free Software
00022  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
00023  * 02110-1301 USA
00024  */
00025 
00026 #include "signonidentityadaptor.h"
00027 
00028 #include "signonidentity.h"
00029 #include "accesscontrolmanagerhelper.h"
00030 
00031 namespace SignonDaemonNS {
00032 
00033 SignonIdentityAdaptor::SignonIdentityAdaptor(SignonIdentity *parent):
00034     QDBusAbstractAdaptor(parent),
00035     m_parent(parent)
00036 {
00037     setAutoRelaySignals(true);
00038 }
00039 
00040 SignonIdentityAdaptor::~SignonIdentityAdaptor()
00041 {
00042 }
00043 
00044 void SignonIdentityAdaptor::securityErrorReply(const char *failedMethodName)
00045 {
00046     QString errMsg;
00047     QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
00048                          << "Method:"
00049                          << failedMethodName;
00050 
00051     errorReply(SIGNOND_PERMISSION_DENIED_ERR_NAME, errMsg);
00052     TRACE() << "Method FAILED Access Control check:" << failedMethodName;
00053 }
00054 
00055 void SignonIdentityAdaptor::errorReply(const QString &name,
00056                                        const QString &message)
00057 {
00058     QDBusMessage msg = parentDBusContext().message();
00059     msg.setDelayedReply(true);
00060     QDBusMessage errReply = msg.createErrorReply(name, message);
00061     SIGNOND_BUS.send(errReply);
00062 }
00063 
00064 quint32 SignonIdentityAdaptor::requestCredentialsUpdate(const QString &msg)
00065 {
00066     /* Access Control */
00067     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00068                                     parentDBusContext().message(),
00069                                     m_parent->id())) {
00070         securityErrorReply(__func__);
00071         return 0;
00072     }
00073 
00074     return m_parent->requestCredentialsUpdate(msg);
00075 }
00076 
00077 QVariantMap SignonIdentityAdaptor::getInfo()
00078 {
00079     /* Access Control */
00080     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00081         parentDBusContext().message(), m_parent->id())) {
00082         securityErrorReply(__func__);
00083         return QVariantMap();
00084     }
00085 
00086     return m_parent->getInfo();
00087 }
00088 
00089 void SignonIdentityAdaptor::addReference(const QString &reference)
00090 {
00091     /* Access Control */
00092     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00093                                     parentDBusContext().message(),
00094                                     m_parent->id())) {
00095         securityErrorReply(__func__);
00096         return;
00097     }
00098 
00099     if (!m_parent->addReference(reference)) {
00100         /* TODO: add a lastError() method to SignonIdentity */
00101         errorReply(SIGNOND_OPERATION_FAILED_ERR_NAME,
00102                    SIGNOND_OPERATION_FAILED_ERR_STR);
00103     }
00104 }
00105 
00106 void SignonIdentityAdaptor::removeReference(const QString &reference)
00107 {
00108     /* Access Control */
00109     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00110                                     parentDBusContext().message(),
00111                                     m_parent->id())) {
00112         securityErrorReply(__func__);
00113         return;
00114     }
00115 
00116     if (!m_parent->removeReference(reference)) {
00117         /* TODO: add a lastError() method to SignonIdentity */
00118         errorReply(SIGNOND_OPERATION_FAILED_ERR_NAME,
00119                    SIGNOND_OPERATION_FAILED_ERR_STR);
00120     }
00121 }
00122 
00123 
00124 bool SignonIdentityAdaptor::verifyUser(const QVariantMap &params)
00125 {
00126     /* Access Control */
00127     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00128                                     parentDBusContext().message(),
00129                                     m_parent->id())) {
00130         securityErrorReply(__func__);
00131         return false;
00132     }
00133 
00134     return m_parent->verifyUser(params);
00135 }
00136 
00137 bool SignonIdentityAdaptor::verifySecret(const QString &secret)
00138 {
00139     /* Access Control */
00140     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00141                                     parentDBusContext().message(),
00142                                     m_parent->id())) {
00143         securityErrorReply(__func__);
00144         return false;
00145     }
00146 
00147     return m_parent->verifySecret(secret);
00148 }
00149 
00150 void SignonIdentityAdaptor::remove()
00151 {
00152     /* Access Control */
00153     AccessControlManagerHelper::IdentityOwnership ownership =
00154             AccessControlManagerHelper::instance()->isPeerOwnerOfIdentity(
00155                         parentDBusContext().message(), m_parent->id());
00156 
00157     if (ownership != AccessControlManagerHelper::IdentityDoesNotHaveOwner) {
00158         //Identity has an owner
00159         if (ownership == AccessControlManagerHelper::ApplicationIsNotOwner &&
00160             !AccessControlManagerHelper::instance()->isPeerKeychainWidget(
00161                                              parentDBusContext().message())) {
00162 
00163             securityErrorReply(__func__);
00164             return;
00165         }
00166     }
00167 
00168     m_parent->remove();
00169 }
00170 
00171 bool SignonIdentityAdaptor::signOut()
00172 {
00173     /* Access Control */
00174     if (!AccessControlManagerHelper::instance()->isPeerAllowedToUseIdentity(
00175                              parentDBusContext().message(), m_parent->id())) {
00176         securityErrorReply(__func__);
00177         return false;
00178     }
00179 
00180     return m_parent->signOut();
00181 }
00182 
00183 quint32 SignonIdentityAdaptor::store(const QVariantMap &info)
00184 {
00185     quint32 id = info.value(QLatin1String("Id"), SIGNOND_NEW_IDENTITY).toInt();
00186     /* Access Control */
00187     if (id != SIGNOND_NEW_IDENTITY) {
00188     AccessControlManagerHelper::IdentityOwnership ownership =
00189             AccessControlManagerHelper::instance()->isPeerOwnerOfIdentity(
00190                         parentDBusContext().message(), m_parent->id());
00191 
00192         if (ownership != AccessControlManagerHelper::IdentityDoesNotHaveOwner) {
00193             //Identity has an owner
00194             if (ownership == AccessControlManagerHelper::ApplicationIsNotOwner &&
00195                 !AccessControlManagerHelper::instance()->isPeerKeychainWidget(
00196                                               parentDBusContext().message())) {
00197 
00198                 securityErrorReply(__func__);
00199                 return 0;
00200             }
00201         }
00202     }
00203     return m_parent->store(info);
00204 }
00205 
00206 } //namespace SignonDaemonNS