• Skip to content
  • Skip to link menu
  • KDE API Reference
  • kdelibs-4.14.38 API Reference
  • KDE Home
  • Contact Us
 

KDECore

  • kdecore
  • auth
  • backends
  • mac
AuthServicesBackend.cpp
Go to the documentation of this file.
1/*
2* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
3* Copyright (C) 2014 René Bertin <rjvbertin@gmail.com>
4*
5* This program is free software; you can redistribute it and/or modify
6* it under the terms of the GNU Lesser General Public License as published by
7* the Free Software Foundation; either version 2.1 of the License, or
8* (at your option) any later version.
9*
10* This program is distributed in the hope that it will be useful,
11* but WITHOUT ANY WARRANTY; without even the implied warranty of
12* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13* GNU General Public License for more details.
14*
15* You should have received a copy of the GNU Lesser General Public License
16* along with this program; if not, write to the
17* Free Software Foundation, Inc.,
18* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
19*/
20
21#include "AuthServicesBackend.h"
22#include <Security/Security.h>
23
24#include <QtCore/qplugin.h>
25#include <QtCore/QtCore>
26
27namespace KAuth
28{
29
30static AuthorizationRef s_authRef = NULL;
31
32AuthorizationRef authRef();
33
34AuthorizationRef authRef()
35{
36 if (!s_authRef) {
37 AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &s_authRef);
38 }
39
40 return s_authRef;
41}
42
43static OSStatus GetActionRights(const QString &action, AuthorizationFlags flags, AuthorizationRef auth=NULL)
44{
45 AuthorizationItem item;
46 item.name = action.toUtf8();
47 item.valueLength = 0;
48 item.value = NULL;
49 item.flags = 0;
50
51 AuthorizationRights rights;
52 rights.count = 1;
53 rights.items = &item;
54
55 OSStatus result = AuthorizationCopyRights( (auth)? auth : authRef(),
56 &rights,
57 kAuthorizationEmptyEnvironment,
58 flags, NULL);
59 return result;
60}
61
62// On OS X, the suggestion is to make the helper grant the actual privilege. The app does instead a
63// "pre-authorization", that's equivalent to look at isCallerAuthorized() in policykit.
64// RJVB: grab the privilege from here, the client.
65AuthServicesBackend::AuthServicesBackend()
66 : AuthBackend()
67{
68 setCapabilities(AuthorizeFromClientCapability | CheckActionExistenceCapability);
69}
70
71void AuthServicesBackend::setupAction(const QString&)
72{
73 // Nothing to do here...
74}
75
76// On OS X, the suggestion is to make the helper grant the actual privilege. The app does instead a
77// "pre-authorization", that's equivalent to look at isCallerAuthorized() in policykit.
78// RJVB: grab the privilege from here, the client.
79Action::AuthStatus AuthServicesBackend::authorizeAction(const QString &action)
80{
81 OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed );
82// qWarning() << "AuthServicesBackend::authorizeAction(" << action << ") AuthorizationCopyRights returned" << result;
83 switch (result) {
84 case errAuthorizationSuccess:
85 return Action::Authorized;
86 case errAuthorizationInteractionNotAllowed:
87 default:
88 return Action::Denied;
89 }
90}
91
92Action::AuthStatus AuthServicesBackend::actionStatus(const QString &action)
93{
94 OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize );
95// qWarning() << "AuthServicesBackend::actionStatus(" << action << ") AuthorizationCopyRights returned" << result;
96 switch (result) {
97 case errAuthorizationSuccess:
98 return Action::Authorized;
99 case errAuthorizationInteractionNotAllowed:
100 return Action::AuthRequired;
101 default:
102 return Action::Denied;
103 }
104}
105
106QByteArray AuthServicesBackend::callerID() const
107{
108 AuthorizationExternalForm ext;
109 AuthorizationMakeExternalForm(authRef(), &ext);
110
111 QByteArray id((const char *)&ext, sizeof(ext));
112
113 return id;
114}
115
116bool AuthServicesBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
117{
118 AuthorizationExternalForm ext;
119 memcpy(&ext, callerID.data(), sizeof(ext));
120
121 AuthorizationRef auth;
122
123 if (AuthorizationCreateFromExternalForm(&ext, &auth) != noErr){
124// qWarning() << "AuthorizationCreateFromExternalForm(" << action << "," << callerID.constData() << ") failed";
125 return false;
126 }
127
128 OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed,
129 auth);
130
131 AuthorizationFree(auth, kAuthorizationFlagDefaults);
132// qWarning() << "AuthServicesBackend::isCallerAuthorized(" << action << "," << callerID.constData() << ") AuthorizationCopyRights returned" << result;
133
134 return result == errAuthorizationSuccess;
135}
136
137// RJVB: OS X doesn't distinguish between "action doesn't exist" and "action not allowed". So the
138// best thing we can do is return true and hope that the action will be created if it didn't exist...
139bool AuthServicesBackend::actionExists(const QString& action)
140{
141 OSStatus exists = AuthorizationRightGet(action.toUtf8(), NULL);
142// qWarning() << "AuthServicesBackend::actionExists(" << action << ") AuthorizationRightGet returned" << exists;
143
144 return true;//exists == errAuthorizationSuccess;
145}
146
147}; // namespace KAuth
148
149Q_EXPORT_PLUGIN2(kauth_backend, KAuth::AuthServicesBackend)
AuthServicesBackend.h
KAuth::Action::AuthStatus
AuthStatus
The three values returned by authorization methods.
Definition: kauthaction.h:78
KAuth::Action::Denied
@ Denied
The authorization has been denied by the authorization backend.
Definition: kauthaction.h:79
KAuth::Action::Authorized
@ Authorized
The authorization has been granted by the authorization backend.
Definition: kauthaction.h:82
KAuth::Action::AuthRequired
@ AuthRequired
The user could obtain the authorization after authentication.
Definition: kauthaction.h:83
KAuth::AuthBackend
Definition: AuthBackend.h:32
KAuth::AuthBackend::setCapabilities
void setCapabilities(Capabilities capabilities)
Definition: AuthBackend.cpp:52
KAuth::AuthBackend::AuthorizeFromClientCapability
@ AuthorizeFromClientCapability
Definition: AuthBackend.h:39
KAuth::AuthBackend::CheckActionExistenceCapability
@ CheckActionExistenceCapability
Definition: AuthBackend.h:41
KAuth::AuthServicesBackend
Definition: AuthServicesBackend.h:29
KAuth::AuthServicesBackend::isCallerAuthorized
virtual bool isCallerAuthorized(const QString &action, QByteArray callerID)
Definition: AuthServicesBackend.cpp:116
KAuth::AuthServicesBackend::actionStatus
virtual Action::AuthStatus actionStatus(const QString &)
Definition: AuthServicesBackend.cpp:92
KAuth::AuthServicesBackend::AuthServicesBackend
AuthServicesBackend()
Definition: AuthServicesBackend.cpp:65
KAuth::AuthServicesBackend::setupAction
virtual void setupAction(const QString &)
Definition: AuthServicesBackend.cpp:71
KAuth::AuthServicesBackend::callerID
virtual QByteArray callerID() const
Definition: AuthServicesBackend.cpp:106
KAuth::AuthServicesBackend::authorizeAction
virtual Action::AuthStatus authorizeAction(const QString &)
Definition: AuthServicesBackend.cpp:79
KAuth::AuthServicesBackend::actionExists
virtual bool actionExists(const QString &action)
Definition: AuthServicesBackend.cpp:139
QString
KAuth
Definition: AuthBackend.cpp:24
KAuth::authRef
AuthorizationRef authRef()
Definition: AuthServicesBackend.cpp:34
KAuth::s_authRef
static AuthorizationRef s_authRef
Definition: AuthServicesBackend.cpp:30
KAuth::GetActionRights
static OSStatus GetActionRights(const QString &action, AuthorizationFlags flags, AuthorizationRef auth=NULL)
Definition: AuthServicesBackend.cpp:43
This file is part of the KDE documentation.
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Feb 20 2023 00:00:00 by doxygen 1.9.6 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

KDECore

Skip menu "KDECore"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Modules
  • Related Pages

kdelibs-4.14.38 API Reference

Skip menu "kdelibs-4.14.38 API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal