signon  8.50
SignonDaemonNS::AccessControlManagerHelper Class Reference

Contains helper functions related to Access Control. More...

#include <accesscontrolmanagerhelper.h>

List of all members.

Public Types

enum  IdentityOwnership { ApplicationIsOwner = 0, ApplicationIsNotOwner, IdentityDoesNotHaveOwner }
 
   Specifies the owner relationship of an application over a specific
   identity, or the lack of ownership over that specific identity.
More...

Public Member Functions

 AccessControlManagerHelper (SignOn::AbstractAccessControlManager *acManager)
 ~AccessControlManagerHelper ()
bool isPeerAllowedToUseIdentity (const QDBusMessage &peerMessage, const quint32 identityId)
 Checks if a client process is allowed to use a specific SignonIdentity.
IdentityOwnership isPeerOwnerOfIdentity (const QDBusMessage &peerMessage, const quint32 identityId)
 Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.
bool isPeerAllowedToUseAuthSession (const QDBusMessage &peerMessage, const SignonAuthSession &authSession)
 Checks if a specific process is allowed to use the SignonAuthSession functionality.
bool isPeerAllowedToUseAuthSession (const QDBusMessage &peerMessage, const quint32 ownerIdentityId)
 Checks if a specific process is allowed to use the SignonAuthSession functionality.
bool isPeerKeychainWidget (const QDBusMessage &peerMessage)
QString appIdOfPeer (const QDBusMessage &peerMessage)
 Looks up for the application identifier of a specific client process.
bool isPeerAllowedToAccess (const QDBusMessage &peerMessage, const QString securityContext)
 Checks if a client process is allowed to access objects with a certain security context.
bool peerHasOneOfAccesses (const QDBusMessage &peerMessage, const QStringList secContexts)
 Checks if a client process is allowed to access at least one object from the list with a certain security context.

Static Public Member Functions

static pid_t pidOfPeer (const QDBusContext &peerContext)
static AccessControlManagerHelperinstance ()

Detailed Description

Contains helper functions related to Access Control.

Definition at line 52 of file accesscontrolmanagerhelper.h.


Member Enumeration Documentation

   Specifies the owner relationship of an application over a specific
   identity, or the lack of ownership over that specific identity.

See also:
isPeerOwnerOfIdentity().
Enumerator:
ApplicationIsOwner 
ApplicationIsNotOwner 
IdentityDoesNotHaveOwner 

Definition at line 61 of file accesscontrolmanagerhelper.h.


Constructor & Destructor Documentation

AccessControlManagerHelper::AccessControlManagerHelper ( SignOn::AbstractAccessControlManager *  acManager)

Definition at line 45 of file accesscontrolmanagerhelper.cpp.

References BLAME.

AccessControlManagerHelper::~AccessControlManagerHelper ( )

Definition at line 56 of file accesscontrolmanagerhelper.cpp.


Member Function Documentation

QString AccessControlManagerHelper::appIdOfPeer ( const QDBusMessage &  peerMessage)

Looks up for the application identifier of a specific client process.

Parameters:
peerMessage,therequest message sent over DBUS by the process.
Returns:
the application identifier of the process, or an empty string if none found.

Definition at line 122 of file accesscontrolmanagerhelper.cpp.

References TRACE.

Referenced by SignonDaemonNS::SignonIdentity::addReference(), SignonDaemonNS::SignonIdentity::removeReference(), and SignonDaemonNS::SignonIdentity::store().

bool AccessControlManagerHelper::isPeerAllowedToAccess ( const QDBusMessage &  peerMessage,
const QString  securityContext 
)

Checks if a client process is allowed to access objects with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters:
peerMessage,therequest message sent over DBUS by the process.
securityContext,thesecurityContext to be checked against.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 144 of file accesscontrolmanagerhelper.cpp.

References TRACE.

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession ( const QDBusMessage &  peerMessage,
const SignonAuthSession authSession 
)
inline

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters:
peerMessage,therequest message sent over DBUS by the process.
authSession,theauthentication session to be used by the peer request.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 108 of file accesscontrolmanagerhelper.h.

References SignonDaemonNS::SignonAuthSession::id(), and isPeerAllowedToUseIdentity().

bool SignonDaemonNS::AccessControlManagerHelper::isPeerAllowedToUseAuthSession ( const QDBusMessage &  peerMessage,
const quint32  ownerIdentityId 
)
inline

Checks if a specific process is allowed to use the SignonAuthSession functionality.

Parameters:
peerMessage,therequest message sent over DBUS by the process.
ownerIdentityId,idof the Identity owning the authentication session.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 122 of file accesscontrolmanagerhelper.h.

References isPeerAllowedToUseIdentity().

bool AccessControlManagerHelper::isPeerAllowedToUseIdentity ( const QDBusMessage &  peerMessage,
const quint32  identityId 
)

Checks if a client process is allowed to use a specific SignonIdentity.

Parameters:
peerMessage,therequest message sent over DBUS by the process.
identityId,theSignonIdentity to be used.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 64 of file accesscontrolmanagerhelper.cpp.

References SignonDaemonNS::CredentialsDB::accessControlList(), SignonDaemonNS::CredentialsDB::errorOccurred(), instance(), peerHasOneOfAccesses(), and TRACE.

Referenced by isPeerAllowedToUseAuthSession().

bool AccessControlManagerHelper::isPeerKeychainWidget ( const QDBusMessage &  peerMessage)
Parameters:
peerMessage,therequest message sent over DBUS by the process.
Returns:
true, if the peer is the Keychain Widget, false otherwise.

Definition at line 115 of file accesscontrolmanagerhelper.cpp.

Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

AccessControlManagerHelper::IdentityOwnership AccessControlManagerHelper::isPeerOwnerOfIdentity ( const QDBusMessage &  peerMessage,
const quint32  identityId 
)

Checks if a specific process is the owner of a SignonIdentity, thus having full control over it.

Parameters:
peerMessage,therequest message sent over DBUS by the process.
identityId,theSignonIdentity in context.
Return values:
ApplicationIsOwner/ApplicationIsNotOwnerif the identity is/isn't the owner or IdentityDoesNotHaveOwner if the identity does not have an owner at all.

Definition at line 93 of file accesscontrolmanagerhelper.cpp.

References ApplicationIsNotOwner, ApplicationIsOwner, SignonDaemonNS::CredentialsDB::errorOccurred(), IdentityDoesNotHaveOwner, instance(), SignonDaemonNS::CredentialsDB::ownerList(), peerHasOneOfAccesses(), and TRACE.

Referenced by SignonDaemonNS::SignonIdentityAdaptor::remove(), and SignonDaemonNS::SignonIdentityAdaptor::store().

bool AccessControlManagerHelper::peerHasOneOfAccesses ( const QDBusMessage &  peerMessage,
const QStringList  secContexts 
)

Checks if a client process is allowed to access at least one object from the list with a certain security context.

The access type to be checked depends on the concrete implementation of this function.

Parameters:
peerMessage,therequest message sent over DBUS by the process.
secContexts,theobjects' securityContexts to be checked against.
Returns:
true, if the peer is allowed, false otherwise.

Definition at line 129 of file accesscontrolmanagerhelper.cpp.

References BLAME, and TRACE.

Referenced by isPeerAllowedToUseIdentity(), and isPeerOwnerOfIdentity().

pid_t AccessControlManagerHelper::pidOfPeer ( const QDBusContext &  peerContext)
static

The documentation for this class was generated from the following files: