1 /* 2 * This file is part of signon 3 * 4 * Copyright (C) 2011 Intel Corporation. 5 * Copyright (C) 2013-2016 Canonical Ltd. 6 * 7 * Contact: Elena Reshetova <elena.reshetova@intel.com> 8 * Contact: Alberto Mardegan <alberto.mardegan@canonical.com> 9 * 10 * This library is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU Lesser General Public License 12 * version 2.1 as published by the Free Software Foundation. 13 * 14 * This library is distributed in the hope that it will be useful, but 15 * WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with this library; if not, write to the Free Software 21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 22 * 02110-1301 USA 23 */ 24 /*! 25 * @file abstract-access-control-manager.h 26 * Definition of the AbstractAccessControlManager object. 27 * @ingroup Accounts_and_SSO_Framework 28 */ 29 30 #ifndef SIGNON_ABSTRACT_ACCESS_CONTROL_MANAGER_H 31 #define SIGNON_ABSTRACT_ACCESS_CONTROL_MANAGER_H 32 33 #include <SignOn/extension-interface.h> 34 35 #include <QSharedDataPointer> 36 #include <QString> 37 38 class QDBusConnection; 39 class QDBusMessage; 40 41 namespace SignOn { 42 43 class AbstractAccessControlManager; 44 class AccessRequestData; 45 46 class SIGNON_EXPORT AccessRequest 47 { 48 public: 49 explicit AccessRequest(); 50 AccessRequest(const AccessRequest &other); 51 ~AccessRequest(); 52 53 /*! 54 * Identifies the client requesting the access. 55 * @param peerConnection the connection over which the message was sent. 56 * @param peerMessage, the request message sent over DBUS by the process. 57 */ 58 void setPeer(const QDBusConnection &connection, 59 const QDBusMessage &message); 60 const QDBusConnection &peerConnection() const; 61 const QDBusMessage &peerMessage() const; 62 63 /*! 64 * Specifies the SignOn::Identity resource being accessed. 65 */ 66 void setIdentity(quint32 id); 67 quint32 identity() const; 68 69 private: 70 QSharedDataPointer<AccessRequestData> d; 71 }; 72 73 class AccessReplyPrivate; 74 class SIGNON_EXPORT AccessReply: public QObject 75 { 76 Q_OBJECT 77 78 public: 79 ~AccessReply(); 80 81 const AccessRequest &request() const; 82 bool isAccepted() const; 83 84 Q_SIGNALS: 85 void finished(); 86 87 protected: 88 explicit AccessReply(const AccessRequest &request, QObject *parent = 0); 89 90 protected Q_SLOTS: 91 void accept(); 92 void decline(); 93 94 private: 95 friend class AbstractAccessControlManager; 96 AccessReplyPrivate *d_ptr; 97 Q_DECLARE_PRIVATE(AccessReply) 98 }; 99 100 /*! 101 * @class AbstractAccessControlManager 102 * Helps filtering incoming Singnon Daemon requests, 103 * based on security priviledges of the client processes. 104 * @ingroup Accounts_and_SSO_Framework 105 */ 106 class SIGNON_EXPORT AbstractAccessControlManager: public QObject 107 { 108 Q_OBJECT 109 110 public: 111 /*! 112 * Constructs a AbstractAccessControlManager object with the given parent. 113 * @param parent 114 */ 115 explicit AbstractAccessControlManager(QObject *parent = 0); 116 117 /*! 118 * Destructor. 119 */ 120 virtual ~AbstractAccessControlManager(); 121 122 /*! 123 * Checks if a client process is allowed to access objects with a certain 124 * security context. 125 * The access type to be checked depends on the concrete implementation of 126 * this function. 127 * @param peerConnection the connection over which the message was sent. 128 * @param peerMessage, the request message sent over DBUS by the process. 129 * @param securityContext, the securityContext to be checked against. 130 * @returns true, if the peer is allowed, false otherwise. 131 */ 132 virtual bool isPeerAllowedToAccess(const QDBusConnection &peerConnection, 133 const QDBusMessage &peerMessage, 134 const QString &securityContext); 135 136 /*! 137 * Looks up for the application identifier of a specific client process. 138 * @param peerConnection the connection over which the message was sent. 139 * @param peerMessage, the request message sent over DBUS by the process. 140 * @returns the application identifier of the process, or an empty string 141 * if none found. 142 */ 143 virtual QString appIdOfPeer(const QDBusConnection &peerConnection, 144 const QDBusMessage &peerMessage); 145 146 /*! 147 * @returns the application identifier of the keychain widget 148 */ 149 virtual QString keychainWidgetAppId(); 150 151 /*! 152 * Asynchronously handle an access request from a client. 153 * @param request, the AccessRequest describing the requested access. 154 * @returns an AccessReply object which can be used to obtain the 155 * asynchronous reply. 156 */ 157 virtual AccessReply *handleRequest(const AccessRequest &request); 158 }; 159 160 } // namespace 161 162 #endif // SIGNON_ABSTRACT_ACCESS_CONTROL_MANAGER_H 163