Add named referencies implementation
[accounts-sso:vitalyrepins-signon.git] / src / signond / signonidentityadaptor.cpp
1 /*
2  * This file is part of signon
3  *
4  * Copyright (C) 2009-2010 Nokia Corporation.
5  *
6  * Contact: Aurel Popirtac <ext-aurel.popirtac@nokia.com>
7  * Contact: Alberto Mardegan <alberto.mardegan@nokia.com>
8  *
9  * This library is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public License
11  * version 2.1 as published by the Free Software Foundation.
12  *
13  * This library is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public
19  * License along with this library; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21  * 02110-1301 USA
22  */
23
24 #include "signonidentityadaptor.h"
25
26 #include "signonidentity.h"
27 #include "accesscontrolmanager.h"
28
29 namespace SignonDaemonNS {
30
31     SignonIdentityAdaptor::SignonIdentityAdaptor(SignonIdentity *parent)
32         : QDBusAbstractAdaptor(parent),
33           m_parent(parent)
34     {
35         setAutoRelaySignals(true);
36     }
37
38     SignonIdentityAdaptor::~SignonIdentityAdaptor()
39     {}
40
41     void SignonIdentityAdaptor::securityErrorReply(const char *failedMethodName)
42     {
43         QString errMsg;
44         QTextStream(&errMsg) << SIGNOND_PERMISSION_DENIED_ERR_STR
45                              << "Method:"
46                              << failedMethodName;
47
48         QDBusMessage errReply =
49                     parentDBusContext().message().createErrorReply(
50                                             SIGNOND_PERMISSION_DENIED_ERR_NAME,
51                                             errMsg);
52         SIGNOND_BUS.send(errReply);
53         TRACE() << "\nMethod FAILED Access Control check:\n" << failedMethodName;
54     }
55
56     quint32 SignonIdentityAdaptor::requestCredentialsUpdate(const QString &message)
57     {
58         /* Access Control */
59         if (!AccessControlManager::isPeerAllowedToUseIdentity(
60                                         parentDBusContext(), m_parent->id())) {
61             securityErrorReply(__func__);
62             return 0;
63         }
64
65         return m_parent->requestCredentialsUpdate(message);
66     }
67
68     QList<QVariant> SignonIdentityAdaptor::queryInfo()
69     {
70         /* Access Control */
71         if (!AccessControlManager::isPeerAllowedToUseIdentity(
72                                         parentDBusContext(), m_parent->id())) {
73             securityErrorReply(__func__);
74             return QList<QVariant>();
75         }
76
77         return m_parent->queryInfo();
78     }
79
80     quint32 SignonIdentityAdaptor::addReference(const QString &reference)
81     {
82         /* Access Control */
83         if (!AccessControlManager::isPeerAllowedToUseIdentity(
84                                         parentDBusContext(), m_parent->id())) {
85             securityErrorReply(__func__);
86             return 0;
87         }
88
89         return m_parent->addReference(reference) ? 1 : 0;
90     }
91
92     quint32 SignonIdentityAdaptor::removeReference(const QString &reference)
93     {
94         /* Access Control */
95         if (!AccessControlManager::isPeerAllowedToUseIdentity(
96                                         parentDBusContext(), m_parent->id())) {
97             securityErrorReply(__func__);
98             return 0;
99         }
100
101         return m_parent->addReference(reference) ? 1 : 0;
102     }
103
104
105     bool SignonIdentityAdaptor::verifyUser(const QString &message)
106     {
107         /* Access Control */
108         if (!AccessControlManager::isPeerAllowedToUseIdentity(
109                                         parentDBusContext(), m_parent->id())) {
110             securityErrorReply(__func__);
111             return false;
112         }
113
114         return m_parent->verifyUser(message);
115     }
116
117     bool SignonIdentityAdaptor::verifySecret(const QString &secret)
118     {
119         /* Access Control */
120         if (!AccessControlManager::isPeerAllowedToUseIdentity(
121                                         parentDBusContext(), m_parent->id())) {
122             securityErrorReply(__func__);
123             return false;
124         }
125
126         return m_parent->verifySecret(secret);
127     }
128
129     void SignonIdentityAdaptor::remove()
130     {
131         /* Access Control */
132         AccessControlManager::IdentityOwnership ownership =
133                 AccessControlManager::isPeerOwnerOfIdentity(
134                             parentDBusContext(), m_parent->id());
135
136         if (ownership != AccessControlManager::IdentityDoesNotHaveOwner) {
137             //Identity has an owner
138             if (ownership == AccessControlManager::ApplicationIsNotOwner
139                 && !AccessControlManager::isPeerKeychainWidget(parentDBusContext())) {
140
141                 securityErrorReply(__func__);
142                 return;
143             }
144         }
145
146         m_parent->remove();
147     }
148
149     bool SignonIdentityAdaptor::signOut()
150     {
151         /* Access Control */
152         if (!AccessControlManager::isPeerAllowedToUseIdentity(
153                                         parentDBusContext(), m_parent->id())) {
154             securityErrorReply(__func__);
155             return false;
156         }
157
158         return m_parent->signOut();
159     }
160
161     quint32 SignonIdentityAdaptor::storeCredentials(const quint32 id,
162                                                     const QString &userName,
163                                                     const QString &secret,
164                                                     const bool storeSecret,
165                                                     const QMap<QString, QVariant> &methods,
166                                                     const QString &caption,
167                                                     const QStringList &realms,
168                                                     const QStringList &accessControlList,
169                                                     const int type)
170     {
171         /* Access Control */
172         if (id != SIGNOND_NEW_IDENTITY) {
173             AccessControlManager::IdentityOwnership ownership =
174                     AccessControlManager::isPeerOwnerOfIdentity(
175                                                 parentDBusContext(), m_parent->id());
176
177             if (ownership != AccessControlManager::IdentityDoesNotHaveOwner) {
178                 //Identity has an owner
179                 if (ownership == AccessControlManager::ApplicationIsNotOwner
180                     && !AccessControlManager::isPeerKeychainWidget(parentDBusContext())) {
181
182                     securityErrorReply(__func__);
183                     return 0;
184                 }
185             }
186         }
187
188         return m_parent->storeCredentials(id,
189                                           userName,
190                                           secret,
191                                           storeSecret,
192                                           methods,
193                                           caption,
194                                           realms,
195                                           accessControlList,
196                                           type);
197     }
198
199 } //namespace SignonDaemonNS