• Skip to content
  • Skip to link menu
  • KDE API Reference
  • kdelibs-4.14.38 API Reference
  • KDE Home
  • Contact Us
 

Plasma

  • plasma
  • remote
authorizationmanager.cpp
Go to the documentation of this file.
1/*
2 * Copyright 2009 by Rob Scheepmaker <r.scheepmaker@student.utwente.nl>
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor,
17 * Boston, MA 02110-1301 USA
18 */
19
20#include "authorizationmanager.h"
21#include "private/authorizationmanager_p.h"
22
23#include "authorizationinterface.h"
24#include "authorizationrule.h"
25#include "credentials.h"
26#include "service.h"
27#include "servicejob.h"
28
29#include "private/authorizationrule_p.h"
30#include "private/denyallauthorization_p.h"
31#include "private/joliemessagehelper_p.h"
32#include "private/pinpairingauthorization_p.h"
33#include "private/trustedonlyauthorization_p.h"
34
35#include <QtCore/QBuffer>
36#include <QtCore/QMap>
37#include <QtCore/QMetaType>
38#include <QtCore/QTimer>
39
40#include <QtNetwork/QHostInfo>
41
42#include <QtJolie/Message>
43#include <QtJolie/Server>
44
45#include <kauthaction.h>
46#include <kconfiggroup.h>
47#include <kdebug.h>
48#include <kstandarddirs.h>
49#include <ktemporaryfile.h>
50#include <kurl.h>
51#include <kwallet.h>
52
53namespace Plasma
54{
55
56class AuthorizationManagerSingleton
57{
58 public:
59 AuthorizationManager self;
60};
61
62K_GLOBAL_STATIC(AuthorizationManagerSingleton, privateAuthorizationManagerSelf)
63
64AuthorizationManager *AuthorizationManager::self()
65{
66 return &privateAuthorizationManagerSelf->self;
67}
68
69AuthorizationManager::AuthorizationManager()
70 : QObject(),
71 d(new AuthorizationManagerPrivate(this))
72{
73 qRegisterMetaTypeStreamOperators<Plasma::Credentials>("Plasma::Credentials");
74}
75
76AuthorizationManager::~AuthorizationManager()
77{
78 delete d;
79}
80
81void AuthorizationManager::setAuthorizationPolicy(AuthorizationPolicy policy)
82{
83 if (d->locked) {
84 kDebug() << "Can't change AuthorizationPolicy: interface locked.";
85 return;
86 }
87
88 if (policy == d->authorizationPolicy) {
89 return;
90 }
91
92 d->authorizationPolicy = policy;
93
94 if (d->authorizationInterface != d->customAuthorizationInterface) {
95 delete d->authorizationInterface;
96 }
97
98 switch (policy) {
99 case DenyAll:
100 d->authorizationInterface = new DenyAllAuthorization();
101 break;
102 case PinPairing:
103 d->authorizationInterface = new PinPairingAuthorization();
104 break;
105 case TrustedOnly:
106 d->authorizationInterface = new TrustedOnlyAuthorization();
107 break;
108 case Custom:
109 d->authorizationInterface = d->customAuthorizationInterface;
110 break;
111 }
112
113 d->locked = true;
114}
115
116void AuthorizationManager::setAuthorizationInterface(AuthorizationInterface *interface)
117{
118 if (d->authorizationInterface) {
119 kDebug() << "Can't change AuthorizationInterface: interface locked.";
120 return;
121 }
122
123 delete d->customAuthorizationInterface;
124 d->customAuthorizationInterface = interface;
125
126 if (d->authorizationPolicy == Custom) {
127 d->authorizationInterface = interface;
128 }
129}
130
131AuthorizationManagerPrivate::AuthorizationManagerPrivate(AuthorizationManager *manager)
132 : q(manager),
133 server(0),
134 authorizationPolicy(AuthorizationManager::DenyAll),
135 authorizationInterface(new DenyAllAuthorization()),
136 customAuthorizationInterface(0),
137 rulesConfig(KSharedConfig::openConfig("/etc/plasma-remotewidgets.conf")->group("Rules")),
138 locked(false)
139{
140}
141
142AuthorizationManagerPrivate::~AuthorizationManagerPrivate()
143{
144 delete authorizationInterface;
145 delete customAuthorizationInterface;
146 delete server;
147}
148
149void AuthorizationManagerPrivate::prepareForServiceAccess()
150{
151 if (myCredentials.isValid()) {
152 return;
153 }
154
155 wallet = KWallet::Wallet::openWallet("kdewallet", 0, KWallet::Wallet::Asynchronous);
156 q->connect(wallet, SIGNAL(walletOpened(bool)), q, SLOT(slotWalletOpened()));
157 QTimer::singleShot(0, q, SLOT(slotLoadRules()));
158}
159
160void AuthorizationManagerPrivate::prepareForServicePublication()
161{
162 if (!server) {
163 server = new Jolie::Server(4000);
164 }
165}
166
167void AuthorizationManagerPrivate::saveRules()
168{
169 kDebug() << "SAVE RULES";
170
171 KTemporaryFile tempFile;
172 tempFile.open();
173 tempFile.setAutoRemove(false);
174 KConfigGroup rulesGroup = KSharedConfig::openConfig(tempFile.fileName())->group("Rules");
175
176 int i = 0;
177 foreach (AuthorizationRule *rule, rules) {
178 if (rule->persistence() == AuthorizationRule::Persistent) {
179 kDebug() << "adding rule " << i;
180 rulesGroup.group(QString::number(i)).writeEntry("CredentialsID", rule->credentials().id());
181 rulesGroup.group(QString::number(i)).writeEntry("serviceName", rule->serviceName());
182 rulesGroup.group(QString::number(i)).writeEntry("Policy", (uint)rule->policy());
183 rulesGroup.group(QString::number(i)).writeEntry("Targets", (uint)rule->targets());
184 rulesGroup.group(QString::number(i)).writeEntry("Persistence", (uint)rule->persistence());
185 i++;
186 }
187 }
188 rulesGroup.sync();
189 tempFile.close();
190
191 kDebug() << "tempfile = " << tempFile.fileName();
192
193 KAuth::Action action("org.kde.kcontrol.kcmremotewidgets.save");
194 action.addArgument("source", tempFile.fileName());
195 action.addArgument("filename", "/etc/plasma-remotewidgets.conf");
196 KAuth::ActionReply reply = action.execute();
197
198 if (reply.failed()) {
199 kDebug() << "KAuth failed.... YOU SUCK!";
200 }
201}
202
203void AuthorizationManagerPrivate::slotWalletOpened()
204{
205 QByteArray identity;
206
207 if (!wallet->readEntry("Credentials", identity)) {
208 kDebug() << "Existing identity found";
209 QDataStream stream(&identity, QIODevice::ReadOnly);
210 stream >> myCredentials;
211 }
212
213 if (!myCredentials.isValid()) {
214 kDebug() << "Creating a new identity";
215 myCredentials = Credentials::createCredentials(QHostInfo::localHostName());
216 QDataStream stream(&identity, QIODevice::WriteOnly);
217 stream << myCredentials;
218 wallet->writeEntry("Credentials", identity);
219 }
220
221 emit q->readyForRemoteAccess();
222}
223
224void AuthorizationManagerPrivate::slotLoadRules()
225{
226 foreach (const QString &groupName, rulesConfig.groupList()) {
227 QString identityID = rulesConfig.group(groupName).readEntry("CredentialsID", "");
228 QString serviceName = rulesConfig.group(groupName).readEntry("serviceName", "");
229 uint policy = rulesConfig.group(groupName).readEntry("Policy", 0);
230 uint targets = rulesConfig.group(groupName).readEntry("Targets", 0);
231 uint persistence = rulesConfig.group(groupName).readEntry("Persistence", 0);
232 //Credentials storedCredentials = identities[identityID];
233 if (serviceName.isEmpty()) {
234 kDebug() << "Invalid rule";
235 } else {
236 AuthorizationRule *rule = new AuthorizationRule(serviceName, identityID);
237 rule->setPolicy(static_cast<AuthorizationRule::Policy>(policy));
238 rule->setTargets(static_cast<AuthorizationRule::Targets>(targets));
239 rule->setPersistence(static_cast<AuthorizationRule::Persistence>(persistence));
240 rules.append(rule);
241 }
242 }
243}
244
245AuthorizationRule *AuthorizationManagerPrivate::matchingRule(const QString &serviceName,
246 const Credentials &identity) const
247{
248 AuthorizationRule *matchingRule = 0;
249 foreach (AuthorizationRule *rule, rules) {
250 if (rule->d->matches(serviceName, identity.id())) {
251 //a message can have multiple matching rules, consider priorities: the more specific the
252 //rule is, the higher it's priority
253 if (!matchingRule) {
254 matchingRule = rule;
255 } else {
256 if (!matchingRule->targets().testFlag(AuthorizationRule::AllServices) &&
257 !matchingRule->targets().testFlag(AuthorizationRule::AllUsers)) {
258 matchingRule = rule;
259 }
260 }
261 }
262 }
263
264 if (!matchingRule) {
265 kDebug() << "no matching rule";
266 } else {
267 kDebug() << "matching rule found: " << matchingRule->description();
268 }
269 return matchingRule;
270}
271
272Credentials AuthorizationManagerPrivate::getCredentials(const QString &id)
273{
274 if (identities.contains(id)) {
275 return identities[id];
276 } else {
277 return Credentials();
278 }
279}
280
281void AuthorizationManagerPrivate::addCredentials(const Credentials &identity)
282{
283 if (identities.contains(identity.id())) {
284 return;
285 } else if (identity.isValid()) {
286 kDebug() << "Adding a new identity for " << identity.id();
287 identities[identity.id()] = identity;
288 }
289}
290
291} // Plasma namespace
292
293#include "authorizationmanager.moc"
authorizationinterface.h
authorizationmanager.h
authorizationrule.h
Plasma::AuthorizationInterface
Allows authorization of access to plasma services.
Definition: authorizationinterface.h:53
Plasma::AuthorizationManager
Allows authorization of access to plasma services.
Definition: authorizationmanager.h:57
Plasma::AuthorizationManager::AuthorizationPolicy
AuthorizationPolicy
Definition: authorizationmanager.h:61
Plasma::AuthorizationManager::TrustedOnly
@ TrustedOnly
< Don't allow any incoming connections
Definition: authorizationmanager.h:63
Plasma::AuthorizationManager::PinPairing
@ PinPairing
Definition: authorizationmanager.h:64
Plasma::AuthorizationManager::Custom
@ Custom
< Only allow connections from trusted machines
Definition: authorizationmanager.h:65
Plasma::AuthorizationManager::DenyAll
@ DenyAll
Definition: authorizationmanager.h:62
Plasma::AuthorizationManager::self
static AuthorizationManager * self()
Singleton pattern accessor.
Definition: authorizationmanager.cpp:64
QObject
credentials.h
Plasma
Namespace for everything in libplasma.
Definition: abstractdialogmanager.cpp:25
service.h
servicejob.h
This file is part of the KDE documentation.
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Feb 20 2023 00:00:00 by doxygen 1.9.6 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

Plasma

Skip menu "Plasma"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Related Pages

kdelibs-4.14.38 API Reference

Skip menu "kdelibs-4.14.38 API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal