accounts-sso:signon.git
10 years agoPublic methods for checking the authentication core cache's size. session_core_refactoring
Aurel Popirtac [Sun, 15 May 2011 15:52:11 +0000 (18:52 +0300)]
Public methods for checking the authentication core cache's size.

10 years agoThe Signon session request data also holds the dbus peer pid now.
Aurel Popirtac [Fri, 13 May 2011 13:00:16 +0000 (16:00 +0300)]
The Signon session request data also holds the dbus peer pid now.
DBus daemon is queried only once for the pid of the requesting peer.
At the same time the RequestData object is more widely used in order
to have the code more structured.
Moved the encrypt/try decrypt session data functionality to specific methods.

10 years agoSystematized hardcoded values and removed integer as bool auto type casts from condit...
Aurel Popirtac [Fri, 13 May 2011 12:37:01 +0000 (15:37 +0300)]
Systematized hardcoded values and removed integer as bool auto type casts from conditional statements.

10 years agoSessionCore variables names are more meaningful.
Aurel Popirtac [Mon, 9 May 2011 07:32:29 +0000 (10:32 +0300)]
SessionCore variables names are more meaningful.
  - cancelKey --> sessionKey
  - listOfRequests --> requestsQueue

10 years agoSessionIdentity related SignonUi DBus functionality is fully handled by the SignonUiA...
Aurel Popirtac [Sun, 8 May 2011 16:20:55 +0000 (19:20 +0300)]
SessionIdentity related SignonUi DBus functionality is fully handled by the SignonUiAdaptor.

10 years agoSessionCore related SignonUi DBus functionality is fully handled by the SignonUiAdaptor.
Aurel Popirtac [Fri, 13 May 2011 08:26:07 +0000 (11:26 +0300)]
SessionCore related SignonUi DBus functionality is fully handled by the SignonUiAdaptor.

10 years agoVersion 8.33 8.33
Alberto Mardegan [Mon, 6 Jun 2011 13:43:39 +0000 (16:43 +0300)]
Version 8.33

10 years agoLink libsignon-extensions with libcryptsetup
Alberto Mardegan [Mon, 6 Jun 2011 13:30:34 +0000 (16:30 +0300)]
Link libsignon-extensions with libcryptsetup

10 years agoAllow building without the libcreds library
Alberto Mardegan [Mon, 6 Jun 2011 09:08:45 +0000 (12:08 +0300)]
Allow building without the libcreds library

This library is part of the MeeGo Simplified Security Framework, which is going
to be obsoleted in meego.com.

10 years agoRemoved unused private method
Alberto Mardegan [Mon, 6 Jun 2011 09:08:02 +0000 (12:08 +0300)]
Removed unused private method

10 years agoincrease version 8.32
Tomi Suviola [Mon, 6 Jun 2011 09:45:14 +0000 (12:45 +0300)]
increase version

10 years agoMerge branch 'set_owner'
Tomi Suviola [Mon, 6 Jun 2011 08:19:22 +0000 (11:19 +0300)]
Merge branch 'set_owner'

Conflicts:
src/signond/signonidentity.cpp

10 years agoVersion 8.31 8.31
Alberto Mardegan [Wed, 1 Jun 2011 08:57:23 +0000 (11:57 +0300)]
Version 8.31

10 years agoAdd FinalUrl property to UiSessionData 17
Alberto Mardegan [Wed, 1 Jun 2011 08:40:05 +0000 (11:40 +0300)]
Add FinalUrl property to UiSessionData

This can be used in signon-ui to improve the user experience by either closing
the browser dialog or replacing the final page with an informative text.

11 years agoupdate version 8.30
Tomi Suviola [Fri, 27 May 2011 11:47:07 +0000 (14:47 +0300)]
update version

11 years agoMerge branch 'bug_259134'
Tomi Suviola [Thu, 26 May 2011 05:42:51 +0000 (08:42 +0300)]
Merge branch 'bug_259134'

11 years agoAdd new params into uisessiondata.
Tomi Suviola [Wed, 25 May 2011 13:01:13 +0000 (16:01 +0300)]
Add new params into uisessiondata.

11 years agoVersion 8.29 8.29
Alberto Mardegan [Wed, 25 May 2011 12:05:04 +0000 (15:05 +0300)]
Version 8.29

11 years agolib: restore signal connections 16
Alberto Mardegan [Wed, 25 May 2011 11:43:27 +0000 (14:43 +0300)]
lib: restore signal connections

D-Bus signals were lost when we moved away from QDBusInterface. Now they are
back in place.

11 years agolib: helper method to connect DBus signals
Alberto Mardegan [Wed, 25 May 2011 11:42:51 +0000 (14:42 +0300)]
lib: helper method to connect DBus signals

11 years agoVersion 8.28 8.28
Alberto Mardegan [Wed, 25 May 2011 06:47:13 +0000 (09:47 +0300)]
Version 8.28

11 years agosignond: do not open DB when started for backup 15
Alberto Mardegan [Wed, 25 May 2011 06:02:51 +0000 (09:02 +0300)]
signond: do not open DB when started for backup

If backup fails, reopen the DB only if we are not running in backup mode.

11 years agoCAM: fix opening of secrets DB
Alberto Mardegan [Wed, 25 May 2011 05:57:52 +0000 (08:57 +0300)]
CAM: fix opening of secrets DB

If the encrypted FS is not mounted when we are requested to open the
credentials system, we must attempt mounting it (and after that, the secrets DB
will be opened).

11 years agoDefault key authorizer: reformat unaccessible storage
Alberto Mardegan [Tue, 24 May 2011 12:35:50 +0000 (15:35 +0300)]
Default key authorizer: reformat unaccessible storage

If the storage has been encrypted with a different set of keys, none of which
are currently accessible, the default key authorizer will now reformat the
secrets storage with the new key.

11 years agoMerge branch 'fix_sasltests'
Tomi Suviola [Tue, 24 May 2011 11:33:32 +0000 (14:33 +0300)]
Merge branch 'fix_sasltests'

11 years agoDon't compare path to empty string, use isEmpty
Alberto Mardegan [Tue, 24 May 2011 11:08:32 +0000 (14:08 +0300)]
Don't compare path to empty string, use isEmpty

Code is poetry, but up to a certain point.

11 years agolibsignon: Don't use QDBusInterface
Alberto Mardegan [Tue, 24 May 2011 10:34:46 +0000 (13:34 +0300)]
libsignon: Don't use QDBusInterface

QDBusInterface makes blocking calls for introspecting the remove service.
Replace them with a simple wrapper around QDBusAbstractInterface.

11 years agoFix sasl tests. process call was reinitializing sasl library and server state got...
Tomi Suviola [Tue, 24 May 2011 10:34:46 +0000 (13:34 +0300)]
Fix sasl tests. process call was reinitializing sasl library and server state got wrong.

11 years agovserion 8.27 8.27
smita [Mon, 23 May 2011 11:49:59 +0000 (14:49 +0300)]
vserion 8.27

11 years agoFixing: 220787 - Twitter: 'Unknown error' is displayed while configuring Twitter...
smita [Mon, 23 May 2011 11:46:18 +0000 (14:46 +0300)]
Fixing: 220787 - Twitter: 'Unknown error' is displayed while configuring Twitter account when incorrect/default date and time is set on the device

11 years agosignond: moderate logging from external modules
Alberto Mardegan [Mon, 23 May 2011 08:13:22 +0000 (11:13 +0300)]
signond: moderate logging from external modules

If external modules (libraries or extensions) call the Qt logging functions,
make sure we don't spam the syslog if the LoggingLevel is /etc/signond.conf is
configured for a less verbose profile.

11 years agoRemove some unnecessary debug messages
Alberto Mardegan [Mon, 23 May 2011 08:13:02 +0000 (11:13 +0300)]
Remove some unnecessary debug messages

11 years agoCopy owners from acl during update 12
Tomi Suviola [Fri, 20 May 2011 12:15:15 +0000 (15:15 +0300)]
Copy owners from acl during update

11 years agoincrease version 8.26
Tomi Suviola [Fri, 20 May 2011 11:09:35 +0000 (14:09 +0300)]
increase version

11 years agoMerge commit '025f13011b466fda675d04f03c34fa647748c286'
Tomi Suviola [Fri, 20 May 2011 11:06:20 +0000 (14:06 +0300)]
Merge commit '025f13011b466fda675d04f03c34fa647748c286'

11 years agoRemoved unused code
Tomi Suviola [Fri, 20 May 2011 10:35:14 +0000 (13:35 +0300)]
Removed unused code

11 years agoReview changes
Tomi Suviola [Fri, 20 May 2011 10:21:25 +0000 (13:21 +0300)]
Review changes

11 years agofix merge errors
Tomi Suviola [Fri, 20 May 2011 08:36:52 +0000 (11:36 +0300)]
fix merge errors

11 years agoVersion 8.25 8.25
Alberto Mardegan [Fri, 20 May 2011 08:22:57 +0000 (11:22 +0300)]
Version 8.25

11 years agoTake owner into use
Tomi Suviola [Thu, 19 May 2011 11:55:44 +0000 (14:55 +0300)]
Take owner into use

11 years agoAdapt tests to changes, and fix findings
Tomi Suviola [Thu, 19 May 2011 11:27:10 +0000 (14:27 +0300)]
Adapt tests to changes, and fix findings

11 years agoremove owners before inserting
Tomi Suviola [Thu, 19 May 2011 10:29:55 +0000 (13:29 +0300)]
remove owners before inserting

11 years agoAdd owner to database
Tomi Suviola [Thu, 19 May 2011 09:55:34 +0000 (12:55 +0300)]
Add owner to database

11 years agoadd store method into dbus api
Tomi Suviola [Wed, 18 May 2011 07:58:30 +0000 (10:58 +0300)]
add store method into dbus api

11 years agoAdd owner to Identity
Tomi Suviola [Mon, 18 Apr 2011 12:10:51 +0000 (15:10 +0300)]
Add owner to Identity

11 years agoCAM: Support pluggable KeyAuthorizer 11
Alberto Mardegan [Thu, 19 May 2011 12:02:18 +0000 (15:02 +0300)]
CAM: Support pluggable KeyAuthorizer

11 years agoRemove UiKeyAuthorizer
Alberto Mardegan [Thu, 19 May 2011 08:58:12 +0000 (11:58 +0300)]
Remove UiKeyAuthorizer

Consequently, simplify the SignOnUi interface, removing the secure storage
adaptor.

11 years agosignond-dev: upgrade extension interface
Alberto Mardegan [Thu, 19 May 2011 08:26:01 +0000 (11:26 +0300)]
signond-dev: upgrade extension interface

Add a virtual method to get the KeyAuthorizer object.

11 years agoMove KeyHandler and AbstractKeyAuthorizer to library
Alberto Mardegan [Thu, 19 May 2011 07:32:17 +0000 (10:32 +0300)]
Move KeyHandler and AbstractKeyAuthorizer to library

We also need to bring in the CryptoManager and CryptoHandlers and the misc.cpp
file, but the latter two are not be exported, while CryptoManager APIs are onlu
available if the SIGNON_ENABLE_UNSTABLE_APIS preprocessor symbol is defined.

11 years agosignond-dev: selective exporting of symbols
Alberto Mardegan [Thu, 19 May 2011 07:09:15 +0000 (10:09 +0300)]
signond-dev: selective exporting of symbols

11 years agosignond-dev: add debugging facilities
Alberto Mardegan [Thu, 19 May 2011 06:34:21 +0000 (09:34 +0300)]
signond-dev: add debugging facilities

11 years agoCAM: use default key authorizer
Alberto Mardegan [Thu, 19 May 2011 08:55:25 +0000 (11:55 +0300)]
CAM: use default key authorizer

This is a temporary commit; we are moving the UiKeyAuthorizer into a separate
plugin.

11 years agosignon: add default key authorizer
Alberto Mardegan [Thu, 19 May 2011 08:54:08 +0000 (11:54 +0300)]
signon: add default key authorizer

Add a key authorizer which will authorize all given keys.

11 years agoVersion 8.24
Aurel Popirtac [Thu, 19 May 2011 11:11:56 +0000 (14:11 +0300)]
Version 8.24

11 years agoFixes: NB#255674 - UI freeze (for ~10 seconds) caused by the signond. 10
Aurel Popirtac [Thu, 19 May 2011 10:14:56 +0000 (13:14 +0300)]
Fixes: NB#255674 - UI freeze (for ~10 seconds) caused by the signond.

11 years agoVersion 8.23 8.23
Alberto Mardegan [Wed, 18 May 2011 08:41:10 +0000 (11:41 +0300)]
Version 8.23

11 years agosignond: fine-grain check for allowed mechanisms
Alberto Mardegan [Mon, 16 May 2011 13:25:52 +0000 (16:25 +0300)]
signond: fine-grain check for allowed mechanisms

SASL uses the mechanism string as a space-separated list; therefore, if
comparing the full string fails, we need to split it in words, and filter out
those mechanisms that are not allowed.

11 years agoSASL: reinitialize libsasl after every session
Alberto Mardegan [Mon, 16 May 2011 12:24:17 +0000 (15:24 +0300)]
SASL: reinitialize libsasl after every session

It seems that libsasl is misbehaving when following up a compelted XMPP
authentication.

11 years agoSignon DB: file permissions and ownership 9
Alberto Mardegan [Wed, 18 May 2011 08:13:11 +0000 (11:13 +0300)]
Signon DB: file permissions and ownership

Let the DB files be owned by the user running signond (currently that is root,
in Harmattan), and set an appropriate umask at startup so that other users
cannot read our files.
When creating files for backup, though, change their ownership to the current
user, so that the backup application can read them.

11 years agoincrease version 8.22
Tomi Suviola [Tue, 17 May 2011 07:04:02 +0000 (10:04 +0300)]
increase version

11 years agoFix bug 242165
Tomi Suviola [Mon, 16 May 2011 10:34:12 +0000 (13:34 +0300)]
Fix bug 242165

11 years agoVersion 8.21
Aurel Popirtac [Sun, 15 May 2011 16:44:32 +0000 (19:44 +0300)]
Version 8.21

11 years agoUsing ftruncate to create the signon secure FS partition file.
Aurel Popirtac [Sun, 15 May 2011 15:48:19 +0000 (18:48 +0300)]
Using ftruncate to create the signon secure FS partition file.

11 years agoMoved the creation of the storage directory to CAM's init phase.
Aurel Popirtac [Sun, 15 May 2011 15:47:15 +0000 (18:47 +0300)]
Moved the creation of the storage directory to CAM's init phase.

11 years agoVersion 8.20
Aurel Popirtac [Wed, 11 May 2011 10:34:36 +0000 (13:34 +0300)]
Version 8.20

11 years agoFixed signond crash.
Aurel Popirtac [Wed, 11 May 2011 10:27:11 +0000 (13:27 +0300)]
Fixed signond crash.

11 years agoRemoved unused tests.
Aurel Popirtac [Wed, 11 May 2011 10:26:18 +0000 (13:26 +0300)]
Removed unused tests.

11 years agoVersion 8.19
Aurel Popirtac [Mon, 9 May 2011 13:17:27 +0000 (16:17 +0300)]
Version 8.19

11 years agoRemoved encryption for the SignOn plugins' IPC.
Aurel Popirtac [Sat, 7 May 2011 11:24:40 +0000 (14:24 +0300)]
Removed encryption for the SignOn plugins' IPC.

11 years agoVersion 8.18
Aurel Popirtac [Mon, 9 May 2011 13:00:35 +0000 (16:00 +0300)]
Version 8.18

11 years agoTests temporary fix.
Aurel Popirtac [Mon, 9 May 2011 12:54:13 +0000 (15:54 +0300)]
Tests temporary fix.
- 6 more tests are skipped for the moment, until the secure storage is
stabilized.

11 years agoFixes: NB#250431 - sign up into ovi account always fails at first.
Aurel Popirtac [Mon, 9 May 2011 10:50:19 +0000 (13:50 +0300)]
Fixes: NB#250431 - sign up into ovi account always fails at first.

11 years agoVersion 8.17 8.17
Alberto Mardegan [Wed, 4 May 2011 10:53:35 +0000 (13:53 +0300)]
Version 8.17

11 years agoTests: add retries on failed initialization 6
Alberto Mardegan [Wed, 4 May 2011 10:42:20 +0000 (13:42 +0300)]
Tests: add retries on failed initialization

If signond was not already running by the time when tests were started, in some
cases tests could fail with this error: "Server internal error
occurred.Database error occurred.".
The reason is that the SIM initialization takes some time.

This patch fixes that issue by retrying the operation a few times, when it
fails because of that error.

11 years agoUse libcrypto pkg-config file
Alberto Mardegan [Mon, 2 May 2011 11:24:06 +0000 (14:24 +0300)]
Use libcrypto pkg-config file

Do not add -lcrypto to LIBS; instead, use the pkg-config feature.

11 years agoincrease version 8.16
Tomi Suviola [Mon, 2 May 2011 10:57:49 +0000 (13:57 +0300)]
increase version

11 years agoAdd new fields into uisessiondata for fixing bug 249311
Tomi Suviola [Mon, 2 May 2011 07:03:53 +0000 (10:03 +0300)]
Add new fields into uisessiondata for fixing bug 249311

11 years agoVersion 8.15 8.15
Alberto Mardegan [Sat, 30 Apr 2011 11:35:41 +0000 (14:35 +0300)]
Version 8.15

11 years agogitignore
Alberto Mardegan [Sat, 30 Apr 2011 11:35:20 +0000 (14:35 +0300)]
gitignore

11 years agoSession adaptor: refactor method/mechanism check
Alberto Mardegan [Tue, 26 Apr 2011 12:43:10 +0000 (15:43 +0300)]
Session adaptor: refactor method/mechanism check

Add a method on the IdentityInfo class to check if a method/mechanism
combination is allowed.

11 years agoIndentation
Alberto Mardegan [Tue, 26 Apr 2011 12:32:15 +0000 (15:32 +0300)]
Indentation

Also, no need to wrap everything inside the namespace when defining the
methods.

11 years agoEncrypt communication with plugins
Rauli Ikonen [Thu, 10 Feb 2011 11:55:59 +0000 (13:55 +0200)]
Encrypt communication with plugins

Added new class EncryptedDevice. EncryptedDevice inherits QIODevice and uses
AES in OFB mode to encrypt/decrypt any data that passes through it. The
constructor allows specifying the actual device from which data is read from /
written to, encryption key and initialization vectors for input and output
streams. PluginProxy and RemotePluginProcess were changed so that they wrap the
QProcess and QFile devices into EncryptedDevice objects and use those for
reading/writing data so that no data is passed in plain text.

The encryption key and initialization vectors are generated by PluginProxy
after launching remotepluginprocess and passed through normal stdin channel
before any other data as a string that has been encrypted using aegis-crypto
with *sso-encryption-token the remotepluginprocess provides. That is,
aegis-crypto is only used to protect the encryption key. This is because
aegis-crypto does not allow maintaining a state and is thus unsuitable for
doing stream encryption.

Fixes https://bugs.meego.com/show_bug.cgi?id=12435

11 years agoAuthSession: check method and mechanism
Rauli Ikonen [Thu, 10 Feb 2011 10:07:31 +0000 (12:07 +0200)]
AuthSession: check method and mechanism

SignonAuthSessionAdaptor now enforces the authentication method and mechanism.
New error code was added for this.

Fixes https://bugs.meego.com/show_bug.cgi?id=12425

11 years agoAuthSession: restrict setId() usage
Rauli Ikonen [Thu, 10 Feb 2011 09:58:49 +0000 (11:58 +0200)]
AuthSession: restrict setId() usage

SignonAuthSessionAdaptor now only allows setId call with identity id that the
calling process is allowed to access.

Fixes https://bugs.meego.com/show_bug.cgi?id=12570

11 years agoAuthSession: check calling process ID
Rauli Ikonen [Thu, 10 Feb 2011 09:14:23 +0000 (11:14 +0200)]
AuthSession: check calling process ID

SignonAuthSessionAdaptor now refuses to serve requests that come from a process
different than the one that created the associated SignonAuthSession object.
Fixes http://bugs.meego.com/show_bug.cgi?id=12427

11 years agoverifySecret call now properly encrypts password
Rauli Ikonen [Wed, 9 Feb 2011 15:21:11 +0000 (17:21 +0200)]
verifySecret call now properly encrypts password

Both on client and server side. Fixes
https://bugs.meego.com/show_bug.cgi?id=12430

11 years agoFixed storeCredentials to use decodedSecret instead of secret. Fixes https://bugs...
Rauli Ikonen [Wed, 9 Feb 2011 15:16:03 +0000 (17:16 +0200)]
Fixed storeCredentials to use decodedSecret instead of secret. Fixes https://bugs.meego.com/show_bug.cgi?id=12429

11 years agoAll SQL queries with string parameters changed to use prepared statements. New test...
Rauli Ikonen [Wed, 9 Feb 2011 15:07:53 +0000 (17:07 +0200)]
All SQL queries with string parameters changed to use prepared statements. New test case added to ensure checkPassword does not allow SQL injection. Fixes https://bugs.meego.com/show_bug.cgi?id=12424

11 years agoPlugins: initialize debugging
Alberto Mardegan [Sat, 30 Apr 2011 08:53:17 +0000 (11:53 +0300)]
Plugins: initialize debugging

We added the initDebug() function, but forgot to use it. :-)

11 years agoRevert "Tests: set preprocessor macro in project file"
Alberto Mardegan [Fri, 29 Apr 2011 14:10:04 +0000 (17:10 +0300)]
Revert "Tests: set preprocessor macro in project file"

This reverts commit 76fab5f19737af85034ae14ba51c8ae067328b23.

We cannot simply use a define, or "make" will see the the object file has
already been compiled and won't build it again.

11 years agolibsignon-qt-tests: enable untrusted tests in SB
Alberto Mardegan [Fri, 29 Apr 2011 14:09:02 +0000 (17:09 +0300)]
libsignon-qt-tests: enable untrusted tests in SB

The untrusted tests run in scratchbox just fine.

11 years agoFixed ACL in libsignon-qt-tests.
Aurel Popirtac [Wed, 27 Apr 2011 09:03:18 +0000 (12:03 +0300)]
Fixed ACL in libsignon-qt-tests.

11 years agoTests: allow running unit tests individually
Alberto Mardegan [Tue, 19 Apr 2011 11:04:00 +0000 (14:04 +0300)]
Tests: allow running unit tests individually

Remove some useless class and expose the test cases as individual slots. This
allows directly executing a single unit test from the command line.

The tests need some deeper refactoring and cleanup, but this is the first step.

11 years agoTests: set preprocessor macro in project file
Alberto Mardegan [Tue, 19 Apr 2011 07:32:12 +0000 (10:32 +0300)]
Tests: set preprocessor macro in project file

There's no need for a .cpp file just for defining a simple macro.

11 years agoVersion 8.14
Aurel Popirtac [Tue, 19 Apr 2011 14:40:58 +0000 (17:40 +0300)]
Version 8.14

11 years agoAdded miscellaneous files.
Aurel Popirtac [Tue, 19 Apr 2011 11:04:17 +0000 (14:04 +0300)]
Added miscellaneous files.
- Currently only defines functions for setting file permissions and
ownership

11 years agoSetting the right file permissions and ownership for the storage directory.
Aurel Popirtac [Fri, 15 Apr 2011 12:35:37 +0000 (15:35 +0300)]
Setting the right file permissions and ownership for the storage directory.
Also the same are set for the meta data DB file.

11 years agoSetting the right ownership for the crypto mount target.
Aurel Popirtac [Fri, 15 Apr 2011 12:34:42 +0000 (15:34 +0300)]
Setting the right ownership for the crypto mount target.

11 years agoSetting the right file permissions and ownership for the crypto container.
Aurel Popirtac [Fri, 15 Apr 2011 12:33:58 +0000 (15:33 +0300)]
Setting the right file permissions and ownership for the crypto container.

11 years agoFixed backup and restore processes.
Aurel Popirtac [Tue, 19 Apr 2011 11:40:44 +0000 (14:40 +0300)]
Fixed backup and restore processes.
- If a backup is created after boot time, prior to any signond start,
create the storage directory tree with the right file permissions.
- If a restore is made, make sure the restored files have the right
permissions.