accounts-sso:signon.git
6 years agopull extension harmattan/8.25-2
Tomi Suviola [Mon, 23 May 2011 13:04:33 +0000 (16:04 +0300)]
pull extension

6 years agoVersion 8.25-1 harmattan/8.25-1
Alberto Mardegan [Fri, 20 May 2011 08:25:22 +0000 (11:25 +0300)]
Version 8.25-1

6 years agoMerge branch 'master' into harmattan
Alberto Mardegan [Fri, 20 May 2011 08:23:20 +0000 (11:23 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.25 8.25
Alberto Mardegan [Fri, 20 May 2011 08:22:57 +0000 (11:22 +0300)]
Version 8.25

6 years agoCAM: Support pluggable KeyAuthorizer 11
Alberto Mardegan [Thu, 19 May 2011 12:02:18 +0000 (15:02 +0300)]
CAM: Support pluggable KeyAuthorizer

6 years agoRemove UiKeyAuthorizer
Alberto Mardegan [Thu, 19 May 2011 08:58:12 +0000 (11:58 +0300)]
Remove UiKeyAuthorizer

Consequently, simplify the SignOnUi interface, removing the secure storage
adaptor.

6 years agosignond-dev: upgrade extension interface
Alberto Mardegan [Thu, 19 May 2011 08:26:01 +0000 (11:26 +0300)]
signond-dev: upgrade extension interface

Add a virtual method to get the KeyAuthorizer object.

6 years agoMove KeyHandler and AbstractKeyAuthorizer to library
Alberto Mardegan [Thu, 19 May 2011 07:32:17 +0000 (10:32 +0300)]
Move KeyHandler and AbstractKeyAuthorizer to library

We also need to bring in the CryptoManager and CryptoHandlers and the misc.cpp
file, but the latter two are not be exported, while CryptoManager APIs are onlu
available if the SIGNON_ENABLE_UNSTABLE_APIS preprocessor symbol is defined.

6 years agosignond-dev: selective exporting of symbols
Alberto Mardegan [Thu, 19 May 2011 07:09:15 +0000 (10:09 +0300)]
signond-dev: selective exporting of symbols

6 years agosignond-dev: add debugging facilities
Alberto Mardegan [Thu, 19 May 2011 06:34:21 +0000 (09:34 +0300)]
signond-dev: add debugging facilities

6 years agoCAM: use default key authorizer
Alberto Mardegan [Thu, 19 May 2011 08:55:25 +0000 (11:55 +0300)]
CAM: use default key authorizer

This is a temporary commit; we are moving the UiKeyAuthorizer into a separate
plugin.

6 years agosignon: add default key authorizer
Alberto Mardegan [Thu, 19 May 2011 08:54:08 +0000 (11:54 +0300)]
signon: add default key authorizer

Add a key authorizer which will authorize all given keys.

6 years agoVersion 8.24-1 harmattan/8.24-1
Aurel Popirtac [Thu, 19 May 2011 11:21:57 +0000 (14:21 +0300)]
Version 8.24-1

6 years agoMerge branch 'master' into harmattan
Aurel Popirtac [Thu, 19 May 2011 11:14:23 +0000 (14:14 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.24
Aurel Popirtac [Thu, 19 May 2011 11:11:56 +0000 (14:11 +0300)]
Version 8.24

6 years agoFixes: NB#255674 - UI freeze (for ~10 seconds) caused by the signond. 10
Aurel Popirtac [Thu, 19 May 2011 10:14:56 +0000 (13:14 +0300)]
Fixes: NB#255674 - UI freeze (for ~10 seconds) caused by the signond.

6 years agoVersion 8.23-1 harmattan/8.23-1
Alberto Mardegan [Wed, 18 May 2011 08:44:08 +0000 (11:44 +0300)]
Version 8.23-1

6 years agoRequest permission to change file ownership
Alberto Mardegan [Wed, 18 May 2011 08:12:41 +0000 (11:12 +0300)]
Request permission to change file ownership

6 years agoMerge branch 'master' into harmattan
Alberto Mardegan [Wed, 18 May 2011 08:41:31 +0000 (11:41 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.23 8.23
Alberto Mardegan [Wed, 18 May 2011 08:41:10 +0000 (11:41 +0300)]
Version 8.23

6 years agosignond: fine-grain check for allowed mechanisms
Alberto Mardegan [Mon, 16 May 2011 13:25:52 +0000 (16:25 +0300)]
signond: fine-grain check for allowed mechanisms

SASL uses the mechanism string as a space-separated list; therefore, if
comparing the full string fails, we need to split it in words, and filter out
those mechanisms that are not allowed.

6 years agoSASL: reinitialize libsasl after every session
Alberto Mardegan [Mon, 16 May 2011 12:24:17 +0000 (15:24 +0300)]
SASL: reinitialize libsasl after every session

It seems that libsasl is misbehaving when following up a compelted XMPP
authentication.

6 years agoSignon DB: file permissions and ownership 9
Alberto Mardegan [Wed, 18 May 2011 08:13:11 +0000 (11:13 +0300)]
Signon DB: file permissions and ownership

Let the DB files be owned by the user running signond (currently that is root,
in Harmattan), and set an appropriate umask at startup so that other users
cannot read our files.
When creating files for backup, though, change their ownership to the current
user, so that the backup application can read them.

6 years agochangelog entry harmattan/8.22-1
Tomi Suviola [Tue, 17 May 2011 07:13:20 +0000 (10:13 +0300)]
changelog entry

6 years agoMerge branch 'master' into harmattan
Tomi Suviola [Tue, 17 May 2011 07:05:07 +0000 (10:05 +0300)]
Merge branch 'master' into harmattan

6 years agoincrease version 8.22
Tomi Suviola [Tue, 17 May 2011 07:04:02 +0000 (10:04 +0300)]
increase version

6 years agoFix bug 242165
Tomi Suviola [Mon, 16 May 2011 10:34:12 +0000 (13:34 +0300)]
Fix bug 242165

6 years agoVersion 8.21-1 harmattan/8.21-1
Aurel Popirtac [Sun, 15 May 2011 16:55:45 +0000 (19:55 +0300)]
Version 8.21-1

6 years agoMerge branch 'master' into harmattan
Aurel Popirtac [Sun, 15 May 2011 16:44:48 +0000 (19:44 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.21
Aurel Popirtac [Sun, 15 May 2011 16:44:32 +0000 (19:44 +0300)]
Version 8.21

6 years agoUsing ftruncate to create the signon secure FS partition file.
Aurel Popirtac [Sun, 15 May 2011 15:48:19 +0000 (18:48 +0300)]
Using ftruncate to create the signon secure FS partition file.

6 years agoMoved the creation of the storage directory to CAM's init phase.
Aurel Popirtac [Sun, 15 May 2011 15:47:15 +0000 (18:47 +0300)]
Moved the creation of the storage directory to CAM's init phase.

6 years agoVersion 8.20-1 harmattan/8.20-1
Aurel Popirtac [Wed, 11 May 2011 14:38:26 +0000 (17:38 +0300)]
Version 8.20-1

6 years agoRemoved signon-plugins-tests install file.
Aurel Popirtac [Wed, 11 May 2011 14:38:15 +0000 (17:38 +0300)]
Removed signon-plugins-tests install file.

6 years agoMerge branch 'master' into harmattan
Aurel Popirtac [Wed, 11 May 2011 10:35:16 +0000 (13:35 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.20
Aurel Popirtac [Wed, 11 May 2011 10:34:36 +0000 (13:34 +0300)]
Version 8.20

6 years agoFixed signond crash.
Aurel Popirtac [Wed, 11 May 2011 10:27:11 +0000 (13:27 +0300)]
Fixed signond crash.

6 years agoRemoved unused tests.
Aurel Popirtac [Wed, 11 May 2011 10:26:18 +0000 (13:26 +0300)]
Removed unused tests.

6 years agoAdded AID token for the signond application.
Aurel Popirtac [Wed, 11 May 2011 10:08:03 +0000 (13:08 +0300)]
Added AID token for the signond application.

6 years agoVersion 8.19-1 harmattan/8.19-1
Aurel Popirtac [Mon, 9 May 2011 14:36:14 +0000 (17:36 +0300)]
Version 8.19-1

6 years agoMerge branch 'master' into harmattan
Aurel Popirtac [Mon, 9 May 2011 13:23:01 +0000 (16:23 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.19
Aurel Popirtac [Mon, 9 May 2011 13:17:27 +0000 (16:17 +0300)]
Version 8.19

6 years agoRemoved encryption for the SignOn plugins' IPC.
Aurel Popirtac [Sat, 7 May 2011 11:24:40 +0000 (14:24 +0300)]
Removed encryption for the SignOn plugins' IPC.

6 years agoMerge branch 'master' into harmattan
Aurel Popirtac [Mon, 9 May 2011 13:00:59 +0000 (16:00 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.18
Aurel Popirtac [Mon, 9 May 2011 13:00:35 +0000 (16:00 +0300)]
Version 8.18

6 years agoTests temporary fix.
Aurel Popirtac [Mon, 9 May 2011 12:54:13 +0000 (15:54 +0300)]
Tests temporary fix.
- 6 more tests are skipped for the moment, until the secure storage is
stabilized.

6 years agoFixes: NB#250431 - sign up into ovi account always fails at first.
Aurel Popirtac [Mon, 9 May 2011 10:50:19 +0000 (13:50 +0300)]
Fixes: NB#250431 - sign up into ovi account always fails at first.

6 years agoVersion 8.17-1 harmattan/8.17-1
Alberto Mardegan [Wed, 4 May 2011 10:55:36 +0000 (13:55 +0300)]
Version 8.17-1

6 years agoMerge branch 'master' into harmattan
Alberto Mardegan [Wed, 4 May 2011 10:54:14 +0000 (13:54 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.17 8.17
Alberto Mardegan [Wed, 4 May 2011 10:53:35 +0000 (13:53 +0300)]
Version 8.17

6 years agoTests: add retries on failed initialization 6
Alberto Mardegan [Wed, 4 May 2011 10:42:20 +0000 (13:42 +0300)]
Tests: add retries on failed initialization

If signond was not already running by the time when tests were started, in some
cases tests could fail with this error: "Server internal error
occurred.Database error occurred.".
The reason is that the SIM initialization takes some time.

This patch fixes that issue by retrying the operation a few times, when it
fails because of that error.

6 years agoVersion 8.16-2 harmattan/8.16-2
Alberto Mardegan [Wed, 4 May 2011 06:54:29 +0000 (09:54 +0300)]
Version 8.16-2

6 years agoFix syntax error in aegis manifest file
Alberto Mardegan [Wed, 4 May 2011 06:33:26 +0000 (09:33 +0300)]
Fix syntax error in aegis manifest file

6 years agoUse libcrypto pkg-config file
Alberto Mardegan [Mon, 2 May 2011 11:24:06 +0000 (14:24 +0300)]
Use libcrypto pkg-config file

Do not add -lcrypto to LIBS; instead, use the pkg-config feature.

6 years agochangelog entry harmattan/8.16-1
Tomi Suviola [Mon, 2 May 2011 11:00:00 +0000 (14:00 +0300)]
changelog entry

6 years agoMerge branch 'master' into harmattan
Tomi Suviola [Mon, 2 May 2011 10:58:17 +0000 (13:58 +0300)]
Merge branch 'master' into harmattan

6 years agoincrease version 8.16
Tomi Suviola [Mon, 2 May 2011 10:57:49 +0000 (13:57 +0300)]
increase version

6 years agoAdd new fields into uisessiondata for fixing bug 249311
Tomi Suviola [Mon, 2 May 2011 07:03:53 +0000 (10:03 +0300)]
Add new fields into uisessiondata for fixing bug 249311

6 years agoVersion 8.15-1 harmattan/8.15-1
Alberto Mardegan [Sat, 30 Apr 2011 11:43:22 +0000 (14:43 +0300)]
Version 8.15-1

6 years agoDepend on new libsignoncrypto-qt
Alberto Mardegan [Sat, 30 Apr 2011 11:37:41 +0000 (14:37 +0300)]
Depend on new libsignoncrypto-qt

There is nothing new in libsignoncrypto-qt, but it removes some definitions of
TRACE() which were making signond emit a lot of qDebug() in some modules.

6 years agoMerge branch 'master' into harmattan
Alberto Mardegan [Sat, 30 Apr 2011 11:36:45 +0000 (14:36 +0300)]
Merge branch 'master' into harmattan

6 years agoVersion 8.15 8.15
Alberto Mardegan [Sat, 30 Apr 2011 11:35:41 +0000 (14:35 +0300)]
Version 8.15

6 years agogitignore
Alberto Mardegan [Sat, 30 Apr 2011 11:35:20 +0000 (14:35 +0300)]
gitignore

6 years agoSession adaptor: refactor method/mechanism check
Alberto Mardegan [Tue, 26 Apr 2011 12:43:10 +0000 (15:43 +0300)]
Session adaptor: refactor method/mechanism check

Add a method on the IdentityInfo class to check if a method/mechanism
combination is allowed.

6 years agoIndentation
Alberto Mardegan [Tue, 26 Apr 2011 12:32:15 +0000 (15:32 +0300)]
Indentation

Also, no need to wrap everything inside the namespace when defining the
methods.

6 years agoEncrypt communication with plugins
Rauli Ikonen [Thu, 10 Feb 2011 11:55:59 +0000 (13:55 +0200)]
Encrypt communication with plugins

Added new class EncryptedDevice. EncryptedDevice inherits QIODevice and uses
AES in OFB mode to encrypt/decrypt any data that passes through it. The
constructor allows specifying the actual device from which data is read from /
written to, encryption key and initialization vectors for input and output
streams. PluginProxy and RemotePluginProcess were changed so that they wrap the
QProcess and QFile devices into EncryptedDevice objects and use those for
reading/writing data so that no data is passed in plain text.

The encryption key and initialization vectors are generated by PluginProxy
after launching remotepluginprocess and passed through normal stdin channel
before any other data as a string that has been encrypted using aegis-crypto
with *sso-encryption-token the remotepluginprocess provides. That is,
aegis-crypto is only used to protect the encryption key. This is because
aegis-crypto does not allow maintaining a state and is thus unsuitable for
doing stream encryption.

Fixes https://bugs.meego.com/show_bug.cgi?id=12435

6 years agoAuthSession: check method and mechanism
Rauli Ikonen [Thu, 10 Feb 2011 10:07:31 +0000 (12:07 +0200)]
AuthSession: check method and mechanism

SignonAuthSessionAdaptor now enforces the authentication method and mechanism.
New error code was added for this.

Fixes https://bugs.meego.com/show_bug.cgi?id=12425

6 years agoAuthSession: restrict setId() usage
Rauli Ikonen [Thu, 10 Feb 2011 09:58:49 +0000 (11:58 +0200)]
AuthSession: restrict setId() usage

SignonAuthSessionAdaptor now only allows setId call with identity id that the
calling process is allowed to access.

Fixes https://bugs.meego.com/show_bug.cgi?id=12570

6 years agoAuthSession: check calling process ID
Rauli Ikonen [Thu, 10 Feb 2011 09:14:23 +0000 (11:14 +0200)]
AuthSession: check calling process ID

SignonAuthSessionAdaptor now refuses to serve requests that come from a process
different than the one that created the associated SignonAuthSession object.
Fixes http://bugs.meego.com/show_bug.cgi?id=12427

6 years agoverifySecret call now properly encrypts password
Rauli Ikonen [Wed, 9 Feb 2011 15:21:11 +0000 (17:21 +0200)]
verifySecret call now properly encrypts password

Both on client and server side. Fixes
https://bugs.meego.com/show_bug.cgi?id=12430

6 years agoFixed storeCredentials to use decodedSecret instead of secret. Fixes https://bugs...
Rauli Ikonen [Wed, 9 Feb 2011 15:16:03 +0000 (17:16 +0200)]
Fixed storeCredentials to use decodedSecret instead of secret. Fixes https://bugs.meego.com/show_bug.cgi?id=12429

6 years agoAll SQL queries with string parameters changed to use prepared statements. New test...
Rauli Ikonen [Wed, 9 Feb 2011 15:07:53 +0000 (17:07 +0200)]
All SQL queries with string parameters changed to use prepared statements. New test case added to ensure checkPassword does not allow SQL injection. Fixes https://bugs.meego.com/show_bug.cgi?id=12424

6 years agoPlugins: initialize debugging
Alberto Mardegan [Sat, 30 Apr 2011 08:53:17 +0000 (11:53 +0300)]
Plugins: initialize debugging

We added the initDebug() function, but forgot to use it. :-)

6 years agoMerge branch 'master' into harmattan
Alberto Mardegan [Fri, 29 Apr 2011 14:16:25 +0000 (17:16 +0300)]
Merge branch 'master' into harmattan

6 years agoRevert "Tests: set preprocessor macro in project file"
Alberto Mardegan [Fri, 29 Apr 2011 14:10:04 +0000 (17:10 +0300)]
Revert "Tests: set preprocessor macro in project file"

This reverts commit 76fab5f19737af85034ae14ba51c8ae067328b23.

We cannot simply use a define, or "make" will see the the object file has
already been compiled and won't build it again.

6 years agolibsignon-qt-tests: enable untrusted tests in SB
Alberto Mardegan [Fri, 29 Apr 2011 14:09:02 +0000 (17:09 +0300)]
libsignon-qt-tests: enable untrusted tests in SB

The untrusted tests run in scratchbox just fine.

6 years agolibsignon-qt-tests: fix aegis file
Alberto Mardegan [Fri, 29 Apr 2011 14:05:25 +0000 (17:05 +0300)]
libsignon-qt-tests: fix aegis file

The libsignon-qt-tests token was been requested for the wrong binary.

6 years agoMerge branch 'master' into harmattan
Aurel Popirtac [Wed, 27 Apr 2011 11:39:55 +0000 (14:39 +0300)]
Merge branch 'master' into harmattan

6 years agoFixed ACL in libsignon-qt-tests.
Aurel Popirtac [Wed, 27 Apr 2011 09:03:18 +0000 (12:03 +0300)]
Fixed ACL in libsignon-qt-tests.

6 years agoMerge branch 'master' into harmattan
Alberto Mardegan [Wed, 27 Apr 2011 06:35:39 +0000 (09:35 +0300)]
Merge branch 'master' into harmattan

Conflicts:

tests/libsignon-qt-tests/ssotestclient.cpp

6 years agoTests: allow running unit tests individually
Alberto Mardegan [Tue, 19 Apr 2011 11:04:00 +0000 (14:04 +0300)]
Tests: allow running unit tests individually

Remove some useless class and expose the test cases as individual slots. This
allows directly executing a single unit test from the command line.

The tests need some deeper refactoring and cleanup, but this is the first step.

6 years agoTests: set preprocessor macro in project file
Alberto Mardegan [Tue, 19 Apr 2011 07:32:12 +0000 (10:32 +0300)]
Tests: set preprocessor macro in project file

There's no need for a .cpp file just for defining a simple macro.

6 years agoVersion 8.14
Aurel Popirtac [Tue, 19 Apr 2011 14:40:58 +0000 (17:40 +0300)]
Version 8.14

6 years agoAdded miscellaneous files.
Aurel Popirtac [Tue, 19 Apr 2011 11:04:17 +0000 (14:04 +0300)]
Added miscellaneous files.
- Currently only defines functions for setting file permissions and
ownership

6 years agoSetting the right file permissions and ownership for the storage directory.
Aurel Popirtac [Fri, 15 Apr 2011 12:35:37 +0000 (15:35 +0300)]
Setting the right file permissions and ownership for the storage directory.
Also the same are set for the meta data DB file.

6 years agoSetting the right ownership for the crypto mount target.
Aurel Popirtac [Fri, 15 Apr 2011 12:34:42 +0000 (15:34 +0300)]
Setting the right ownership for the crypto mount target.

6 years agoSetting the right file permissions and ownership for the crypto container.
Aurel Popirtac [Fri, 15 Apr 2011 12:33:58 +0000 (15:33 +0300)]
Setting the right file permissions and ownership for the crypto container.

6 years agoFixed backup and restore processes.
Aurel Popirtac [Tue, 19 Apr 2011 11:40:44 +0000 (14:40 +0300)]
Fixed backup and restore processes.
- If a backup is created after boot time, prior to any signond start,
create the storage directory tree with the right file permissions.
- If a restore is made, make sure the restored files have the right
permissions.

6 years agoCryptoManager: extra check for setEncryptionKey 2
Alberto Mardegan [Mon, 18 Apr 2011 13:27:01 +0000 (16:27 +0300)]
CryptoManager: extra check for setEncryptionKey

Do not allow the encryption key to be changed while the FS is mounted.

6 years agoRemove CAM unit tests
Alberto Mardegan [Wed, 13 Apr 2011 12:26:48 +0000 (15:26 +0300)]
Remove CAM unit tests

These tests were of almost no value and just a maintenance burden, requiring
deep linking into signond sources.

6 years agoAbstractKeyManager: deprecate authorization APIs
Alberto Mardegan [Tue, 12 Apr 2011 05:48:19 +0000 (08:48 +0300)]
AbstractKeyManager: deprecate authorization APIs

The AbstractKeyManager is going to be just a key provider. The authorization
functionality is implemented in another class, KeyAuthorizer, which will soon
be part of this library.

6 years agoCAM: use the KeyHandler and KeyAuthorizer
Alberto Mardegan [Wed, 13 Apr 2011 08:27:42 +0000 (11:27 +0300)]
CAM: use the KeyHandler and KeyAuthorizer

Remove all the UI related code, the key handling and the logic for deciding on
key authorization out of CredentialsAccessManager; we now have the KeyHandler
and KeyAuthorizer providing the same functionality.

6 years agoAdd class UiKeyAuthorizer
Alberto Mardegan [Mon, 11 Apr 2011 13:27:47 +0000 (16:27 +0300)]
Add class UiKeyAuthorizer

This class takes care of the UI-based mechanisms of authorizing the keys.
It will eventually be moved to an extension, once the KeyHandler and
AbstractKeyAuthorizer APIs are stable.

6 years agoAdd AbstractKeyAuthorizer class
Alberto Mardegan [Fri, 8 Apr 2011 09:56:56 +0000 (12:56 +0300)]
Add AbstractKeyAuthorizer class

This class is responsible of deciding on the authorization of new keys.

6 years agoAdd class KeyHandler
Alberto Mardegan [Wed, 6 Apr 2011 12:28:29 +0000 (15:28 +0300)]
Add class KeyHandler

This class aggregates the signals from the key managers and provides
functionality to grant/revoke authorization to a key.

6 years agoFailing tests commented out harmattan/8.13-2
Tomi Suviola [Fri, 15 Apr 2011 12:12:38 +0000 (15:12 +0300)]
Failing tests commented out

6 years agoCryptoManager: add fileSystemIsSetup()
Alberto Mardegan [Fri, 8 Apr 2011 06:20:10 +0000 (09:20 +0300)]
CryptoManager: add fileSystemIsSetup()

This method replaces the CredentialsAccessManager::fileSystemDeployed().
Also, rename fileSystemMounted to fileSystemIsMounted, for consistency.

6 years agoCryptoManager: correct documentation
Alberto Mardegan [Thu, 7 Apr 2011 08:47:52 +0000 (11:47 +0300)]
CryptoManager: correct documentation

The implementation of encryptionKeyInUse() contradicts the previous
documentation. Updating.

6 years agoCAM: open secrets DB whenever possible
Alberto Mardegan [Thu, 7 Apr 2011 08:28:16 +0000 (11:28 +0300)]
CAM: open secrets DB whenever possible

This is not a change in behaviour; even with the previous implementation the
secrets DB was opened whenever the encrypted FS was mounted; this patch just
makes this behaviour more explicit, therefore leading to some code
simplifications.

6 years agoCryptoManager: add mount notification signals
Alberto Mardegan [Thu, 7 Apr 2011 07:57:19 +0000 (10:57 +0300)]
CryptoManager: add mount notification signals

The CredentialAccessManager could listen to this signals to know when the
encrypted partition is available. This helps in resolving the confusion around
the test whether a key can mount the encrypted FS: there is no way to know it,
other than actually attempting to mount the FS.