• Skip to content
  • Skip to link menu
  • KDE API Reference
  • kdelibs-4.14.38 API Reference
  • KDE Home
  • Contact Us
 

KDECore

  • kdecore
  • kernel
kauthorized.cpp
Go to the documentation of this file.
1/* This file is part of the KDE libraries
2 Copyright (C) 1997 Matthias Kalle Dalheimer (kalle@kde.org)
3 Copyright (C) 1998, 1999, 2000 Waldo Bastian <bastian@kde.org>
4
5 This library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Library General Public
7 License as published by the Free Software Foundation; either
8 version 2 of the License, or (at your option) any later version.
9
10 This library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Library General Public License for more details.
14
15 You should have received a copy of the GNU Library General Public License
16 along with this library; see the file COPYING.LIB. If not, write to
17 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
19*/
20
21#include "kauthorized.h"
22
23#include <QtCore/QDir>
24#include <QtCore/QRegExp>
25#include <QList>
26
27
28#include <QCoreApplication>
29#include <kglobal.h>
30#include <ksharedconfig.h>
31#include <kprotocolinfo.h>
32#include <kstandarddirs.h>
33#include <stdlib.h> // srand(), rand()
34#include <unistd.h>
35#include <netdb.h>
36#include <kurl.h>
37#include <kconfiggroup.h>
38
39#include <QMutex>
40#include <QMutexLocker>
41#include <QtCore/QBool>
42
43extern bool kde_kiosk_exception;
44
45
46class URLActionRule
47{
48 public:
49#define checkExactMatch(s, b) \
50 if (s.isEmpty()) b = true; \
51 else if (s[s.length()-1] == QLatin1Char('!')) \
52 { b = false; s.truncate(s.length()-1); } \
53 else b = true;
54#define checkStartWildCard(s, b) \
55 if (s.isEmpty()) b = true; \
56 else if (s[0] == QLatin1Char('*')) \
57 { b = true; s = s.mid(1); } \
58 else b = false;
59#define checkEqual(s, b) \
60 b = (s == QString::fromLatin1("="));
61
62 URLActionRule(const QByteArray &act,
63 const QString &bProt, const QString &bHost, const QString &bPath,
64 const QString &dProt, const QString &dHost, const QString &dPath,
65 bool perm)
66 : action(act),
67 baseProt(bProt), baseHost(bHost), basePath(bPath),
68 destProt(dProt), destHost(dHost), destPath(dPath),
69 permission(perm)
70 {
71 checkExactMatch(baseProt, baseProtWildCard);
72 checkStartWildCard(baseHost, baseHostWildCard);
73 checkExactMatch(basePath, basePathWildCard);
74 checkExactMatch(destProt, destProtWildCard);
75 checkStartWildCard(destHost, destHostWildCard);
76 checkExactMatch(destPath, destPathWildCard);
77 checkEqual(destProt, destProtEqual);
78 checkEqual(destHost, destHostEqual);
79 }
80
81 bool baseMatch(const KUrl &url, const QString &protClass) const
82 {
83 if (baseProtWildCard)
84 {
85 if ( !baseProt.isEmpty() && !url.protocol().startsWith(baseProt) &&
86 (protClass.isEmpty() || (protClass != baseProt)) )
87 return false;
88 }
89 else
90 {
91 if ( (url.protocol() != baseProt) &&
92 (protClass.isEmpty() || (protClass != baseProt)) )
93 return false;
94 }
95 if (baseHostWildCard)
96 {
97 if (!baseHost.isEmpty() && !url.host().endsWith(baseHost))
98 return false;
99 }
100 else
101 {
102 if (url.host() != baseHost)
103 return false;
104 }
105 if (basePathWildCard)
106 {
107 if (!basePath.isEmpty() && !url.path().startsWith(basePath))
108 return false;
109 }
110 else
111 {
112 if (url.path() != basePath)
113 return false;
114 }
115 return true;
116 }
117
118 bool destMatch(const KUrl &url, const QString &protClass, const KUrl &base, const QString &baseClass) const
119 {
120 if (destProtEqual)
121 {
122 if ( (url.protocol() != base.protocol()) &&
123 (protClass.isEmpty() || baseClass.isEmpty() || protClass != baseClass) )
124 return false;
125 }
126 else if (destProtWildCard)
127 {
128 if ( !destProt.isEmpty() && !url.protocol().startsWith(destProt) &&
129 (protClass.isEmpty() || (protClass != destProt)) )
130 return false;
131 }
132 else
133 {
134 if ( (url.protocol() != destProt) &&
135 (protClass.isEmpty() || (protClass != destProt)) )
136 return false;
137 }
138 if (destHostWildCard)
139 {
140 if (!destHost.isEmpty() && !url.host().endsWith(destHost))
141 return false;
142 }
143 else if (destHostEqual)
144 {
145 if (url.host() != base.host())
146 return false;
147 }
148 else
149 {
150 if (url.host() != destHost)
151 return false;
152 }
153 if (destPathWildCard)
154 {
155 if (!destPath.isEmpty() && !url.path().startsWith(destPath))
156 return false;
157 }
158 else
159 {
160 if (url.path() != destPath)
161 return false;
162 }
163 return true;
164 }
165
166 QByteArray action;
167 QString baseProt;
168 QString baseHost;
169 QString basePath;
170 QString destProt;
171 QString destHost;
172 QString destPath;
173 bool baseProtWildCard : 1;
174 bool baseHostWildCard : 1;
175 bool basePathWildCard : 1;
176 bool destProtWildCard : 1;
177 bool destHostWildCard : 1;
178 bool destPathWildCard : 1;
179 bool destProtEqual : 1;
180 bool destHostEqual : 1;
181 bool permission;
182};
183
184class KAuthorizedPrivate {
185public:
186 KAuthorizedPrivate()
187 : actionRestrictions( false ), blockEverything(false),mutex(QMutex::Recursive)
188 {
189 Q_ASSERT_X(QCoreApplication::instance(),"KAuthorizedPrivate()","There has to be an existing QCoreApplication::instance() pointer");
190
191 KSharedConfig::Ptr config = KGlobal::config();
192
193 Q_ASSERT_X(config,"KAuthorizedPrivate()","There has to be an existing KGlobal::config() pointer");
194 if (!config) {
195 blockEverything=true;
196 return;
197 }
198 actionRestrictions = config->hasGroup("KDE Action Restrictions" ) && !kde_kiosk_exception;
199 }
200
201 ~KAuthorizedPrivate()
202 {
203 }
204
205 bool actionRestrictions : 1;
206 bool blockEverything : 1;
207 QList<URLActionRule> urlActionRestrictions;
208 QMutex mutex;
209};
210
211Q_GLOBAL_STATIC(KAuthorizedPrivate,authPrivate)
212#define MY_D KAuthorizedPrivate *d=authPrivate();
213
214
215bool KAuthorized::authorize(const QString &genericAction)
216{
217 MY_D
218 if (d->blockEverything) return false;
219
220 if (!d->actionRestrictions)
221 return true;
222
223 KConfigGroup cg(KGlobal::config(), "KDE Action Restrictions");
224 return cg.readEntry(genericAction, true);
225}
226
227bool KAuthorized::authorizeKAction(const QString& action)
228{
229 MY_D
230 if (d->blockEverything) return false;
231 if (!d->actionRestrictions || action.isEmpty())
232 return true;
233
234 return authorize(QLatin1String("action/") + action);
235}
236
237bool KAuthorized::authorizeControlModule(const QString &menuId)
238{
239 if (menuId.isEmpty() || kde_kiosk_exception)
240 return true;
241 KConfigGroup cg(KGlobal::config(), "KDE Control Module Restrictions");
242 return cg.readEntry(menuId, true);
243}
244
245QStringList KAuthorized::authorizeControlModules(const QStringList &menuIds)
246{
247 KConfigGroup cg(KGlobal::config(), "KDE Control Module Restrictions");
248 QStringList result;
249 for(QStringList::ConstIterator it = menuIds.begin();
250 it != menuIds.end(); ++it)
251 {
252 if (cg.readEntry(*it, true))
253 result.append(*it);
254 }
255 return result;
256}
257
258static void initUrlActionRestrictions()
259{
260 MY_D
261 const QString Any;
262
263 d->urlActionRestrictions.clear();
264 d->urlActionRestrictions.append(
265 URLActionRule("open", Any, Any, Any, Any, Any, Any, true));
266 d->urlActionRestrictions.append(
267 URLActionRule("list", Any, Any, Any, Any, Any, Any, true));
268// TEST:
269// d->urlActionRestrictions.append(
270// URLActionRule("list", Any, Any, Any, Any, Any, Any, false));
271// d->urlActionRestrictions.append(
272// URLActionRule("list", Any, Any, Any, "file", Any, QDir::homePath(), true));
273 d->urlActionRestrictions.append(
274 URLActionRule("link", Any, Any, Any, QLatin1String(":internet"), Any, Any, true));
275 d->urlActionRestrictions.append(
276 URLActionRule("redirect", Any, Any, Any, QLatin1String(":internet"), Any, Any, true));
277
278 // We allow redirections to file: but not from internet protocols, redirecting to file:
279 // is very popular among io-slaves and we don't want to break them
280 d->urlActionRestrictions.append(
281 URLActionRule("redirect", Any, Any, Any, QLatin1String("file"), Any, Any, true));
282 d->urlActionRestrictions.append(
283 URLActionRule("redirect", QLatin1String(":internet"), Any, Any, QLatin1String("file"), Any, Any, false));
284
285 // local protocols may redirect everywhere
286 d->urlActionRestrictions.append(
287 URLActionRule("redirect", QLatin1String(":local"), Any, Any, Any, Any, Any, true));
288
289 // Anyone may redirect to about:
290 d->urlActionRestrictions.append(
291 URLActionRule("redirect", Any, Any, Any, QLatin1String("about"), Any, Any, true));
292
293 // Anyone may redirect to mailto:
294 d->urlActionRestrictions.append(
295 URLActionRule("redirect", Any, Any, Any, QLatin1String("mailto"), Any, Any, true));
296
297 // Anyone may redirect to itself, cq. within it's own group
298 d->urlActionRestrictions.append(
299 URLActionRule("redirect", Any, Any, Any, QLatin1String("="), Any, Any, true));
300
301 d->urlActionRestrictions.append(
302 URLActionRule("redirect", QLatin1String("about"), Any, Any, Any, Any, Any, true));
303
304
305 KConfigGroup cg(KGlobal::config(), "KDE URL Restrictions");
306 int count = cg.readEntry("rule_count", 0);
307 QString keyFormat = QString::fromLatin1("rule_%1");
308 for(int i = 1; i <= count; i++)
309 {
310 QString key = keyFormat.arg(i);
311 const QStringList rule = cg.readEntry(key, QStringList());
312 if (rule.count() != 8)
313 continue;
314 const QByteArray action = rule[0].toLatin1();
315 QString refProt = rule[1];
316 QString refHost = rule[2];
317 QString refPath = rule[3];
318 QString urlProt = rule[4];
319 QString urlHost = rule[5];
320 QString urlPath = rule[6];
321 bool bEnabled = (rule[7].toLower() == QLatin1String("true"));
322
323 if (refPath.startsWith(QLatin1String("$HOME")))
324 refPath.replace(0, 5, QDir::homePath());
325 else if (refPath.startsWith(QLatin1Char('~')))
326 refPath.replace(0, 1, QDir::homePath());
327 if (urlPath.startsWith(QLatin1String("$HOME")))
328 urlPath.replace(0, 5, QDir::homePath());
329 else if (urlPath.startsWith(QLatin1Char('~')))
330 urlPath.replace(0, 1, QDir::homePath());
331
332 if (refPath.startsWith(QLatin1String("$TMP")))
333 refPath.replace(0, 4, KGlobal::dirs()->saveLocation("tmp"));
334 if (urlPath.startsWith(QLatin1String("$TMP")))
335 urlPath.replace(0, 4, KGlobal::dirs()->saveLocation("tmp"));
336
337 d->urlActionRestrictions.append(
338 URLActionRule( action, refProt, refHost, refPath, urlProt, urlHost, urlPath, bEnabled));
339 }
340}
341
342void KAuthorized::allowUrlAction(const QString &action, const KUrl &_baseURL, const KUrl &_destURL)
343{
344 MY_D
345 QMutexLocker locker((&d->mutex));
346 if (authorizeUrlAction(action, _baseURL, _destURL))
347 return;
348
349 d->urlActionRestrictions.append( URLActionRule
350 ( action.toLatin1(), _baseURL.protocol(), _baseURL.host(), _baseURL.path(KUrl::RemoveTrailingSlash),
351 _destURL.protocol(), _destURL.host(), _destURL.path(KUrl::RemoveTrailingSlash), true));
352}
353
354bool KAuthorized::authorizeUrlAction(const QString &action, const KUrl &_baseURL, const KUrl &_destURL)
355{
356 MY_D
357 QMutexLocker locker(&(d->mutex));
358 if (d->blockEverything) return false;
359
360 if (_destURL.isEmpty())
361 return true;
362
363 bool result = false;
364 if (d->urlActionRestrictions.isEmpty())
365 initUrlActionRestrictions();
366
367 KUrl baseURL(_baseURL);
368 baseURL.setPath(QDir::cleanPath(baseURL.path()));
369 QString baseClass = KProtocolInfo::protocolClass(baseURL.protocol());
370 KUrl destURL(_destURL);
371 destURL.setPath(QDir::cleanPath(destURL.path()));
372 QString destClass = KProtocolInfo::protocolClass(destURL.protocol());
373
374 foreach(const URLActionRule &rule, d->urlActionRestrictions) {
375 if ((result != rule.permission) && // No need to check if it doesn't make a difference
376 (action == QLatin1String(rule.action)) &&
377 rule.baseMatch(baseURL, baseClass) &&
378 rule.destMatch(destURL, destClass, baseURL, baseClass))
379 {
380 result = rule.permission;
381 }
382 }
383 return result;
384}
KConfigBase::hasGroup
bool hasGroup(const QString &group) const
Returns true if the specified group is known about.
Definition: kconfigbase.cpp:29
KConfigGroup
A class for one specific group in a KConfig object.
Definition: kconfiggroup.h:54
KConfigGroup::readEntry
T readEntry(const QString &key, const T &aDefault) const
Reads the value of an entry specified by pKey in the current group.
Definition: kconfiggroup.h:248
KProtocolInfo::protocolClass
static QString protocolClass(const QString &protocol)
Returns the protocol class for the specified protocol.
Definition: kprotocolinfo.cpp:368
KSharedPtr< KSharedConfig >
KStandardDirs::saveLocation
QString saveLocation(const char *type, const QString &suffix=QString(), bool create=true) const
Finds a location to save files into for the given type in the user's home directory.
Definition: kstandarddirs.cpp:1484
KUrl
Represents and parses a URL.
Definition: kurl.h:112
KUrl::RemoveTrailingSlash
@ RemoveTrailingSlash
strips a trailing '/', except when the path is already just "/".
Definition: kurl.h:125
KUrl::path
QString path(AdjustPathOption trailing=LeaveTrailingSlash) const
Definition: kurl.cpp:873
KUrl::setPath
void setPath(const QString &path)
Definition: kurl.cpp:1772
KUrl::protocol
QString protocol() const
Returns the protocol for the URL (i.e., file, http, etc.), lowercased.
Definition: kurl.cpp:672
QList
Definition: kaboutdata.h:33
QStringList
QString
checkStartWildCard
#define checkStartWildCard(s, b)
Definition: kauthorized.cpp:54
initUrlActionRestrictions
static void initUrlActionRestrictions()
Definition: kauthorized.cpp:258
MY_D
#define MY_D
Definition: kauthorized.cpp:212
checkEqual
#define checkEqual(s, b)
Definition: kauthorized.cpp:59
kde_kiosk_exception
bool kde_kiosk_exception
Definition: kcomponentdata.cpp:162
checkExactMatch
#define checkExactMatch(s, b)
Definition: kauthorized.cpp:49
kauthorized.h
kconfiggroup.h
kglobal.h
kprotocolinfo.h
ksharedconfig.h
kstandarddirs.h
kurl.h
KAuthorized::authorizeControlModule
bool authorizeControlModule(const QString &menuId)
Returns whether access to a certain control module is authorized.
Definition: kauthorized.cpp:237
KAuthorized::authorizeControlModules
QStringList authorizeControlModules(const QStringList &menuIds)
Returns which control modules from a given list are authorized for access.
Definition: kauthorized.cpp:245
KAuthorized::authorizeUrlAction
bool authorizeUrlAction(const QString &action, const KUrl &baseUrl, const KUrl &destUrl)
Returns whether a certain URL related action is authorized.
Definition: kauthorized.cpp:354
KAuthorized::allowUrlAction
void allowUrlAction(const QString &action, const KUrl &baseUrl, const KUrl &_destUrl)
Allow a certain URL action.
Definition: kauthorized.cpp:342
KAuthorized::authorize
bool authorize(const QString &genericAction)
Returns whether a certain action is authorized.
Definition: kauthorized.cpp:215
KAuthorized::authorizeKAction
bool authorizeKAction(const QString &action)
Returns whether a certain KAction is authorized.
Definition: kauthorized.cpp:227
KGlobal::dirs
KStandardDirs * dirs()
Returns the application standard dirs object.
KGlobal::config
KSharedConfigPtr config()
Returns the general config object.
Definition: kglobal.cpp:139
This file is part of the KDE documentation.
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Feb 20 2023 00:00:00 by doxygen 1.9.6 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

KDECore

Skip menu "KDECore"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Modules
  • Related Pages

kdelibs-4.14.38 API Reference

Skip menu "kdelibs-4.14.38 API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal