• Skip to content
  • Skip to link menu
KDE API Reference
  • KDE API Reference
  • kdelibs API Reference
  • KDE Home
  • Contact Us
 

KDECore

  • sources
  • kde-4.14
  • kdelibs
  • kdecore
  • kernel
kauthorized.cpp
Go to the documentation of this file.
1 /* This file is part of the KDE libraries
2  Copyright (C) 1997 Matthias Kalle Dalheimer (kalle@kde.org)
3  Copyright (C) 1998, 1999, 2000 Waldo Bastian <bastian@kde.org>
4 
5  This library is free software; you can redistribute it and/or
6  modify it under the terms of the GNU Library General Public
7  License as published by the Free Software Foundation; either
8  version 2 of the License, or (at your option) any later version.
9 
10  This library is distributed in the hope that it will be useful,
11  but WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Library General Public License for more details.
14 
15  You should have received a copy of the GNU Library General Public License
16  along with this library; see the file COPYING.LIB. If not, write to
17  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  Boston, MA 02110-1301, USA.
19 */
20 
21 #include "kauthorized.h"
22 
23 #include <QtCore/QDir>
24 #include <QtCore/QRegExp>
25 #include <QList>
26 
27 
28 #include <QCoreApplication>
29 #include <kglobal.h>
30 #include <ksharedconfig.h>
31 #include <kprotocolinfo.h>
32 #include <kstandarddirs.h>
33 #include <stdlib.h> // srand(), rand()
34 #include <unistd.h>
35 #include <netdb.h>
36 #include <kurl.h>
37 #include <kconfiggroup.h>
38 
39 #include <QMutex>
40 #include <QMutexLocker>
41 #include <QtCore/QBool>
42 
43 extern bool kde_kiosk_exception;
44 
45 
46 class URLActionRule
47 {
48  public:
49 #define checkExactMatch(s, b) \
50  if (s.isEmpty()) b = true; \
51  else if (s[s.length()-1] == QLatin1Char('!')) \
52  { b = false; s.truncate(s.length()-1); } \
53  else b = true;
54 #define checkStartWildCard(s, b) \
55  if (s.isEmpty()) b = true; \
56  else if (s[0] == QLatin1Char('*')) \
57  { b = true; s = s.mid(1); } \
58  else b = false;
59 #define checkEqual(s, b) \
60  b = (s == QString::fromLatin1("="));
61 
62  URLActionRule(const QByteArray &act,
63  const QString &bProt, const QString &bHost, const QString &bPath,
64  const QString &dProt, const QString &dHost, const QString &dPath,
65  bool perm)
66  : action(act),
67  baseProt(bProt), baseHost(bHost), basePath(bPath),
68  destProt(dProt), destHost(dHost), destPath(dPath),
69  permission(perm)
70  {
71  checkExactMatch(baseProt, baseProtWildCard);
72  checkStartWildCard(baseHost, baseHostWildCard);
73  checkExactMatch(basePath, basePathWildCard);
74  checkExactMatch(destProt, destProtWildCard);
75  checkStartWildCard(destHost, destHostWildCard);
76  checkExactMatch(destPath, destPathWildCard);
77  checkEqual(destProt, destProtEqual);
78  checkEqual(destHost, destHostEqual);
79  }
80 
81  bool baseMatch(const KUrl &url, const QString &protClass) const
82  {
83  if (baseProtWildCard)
84  {
85  if ( !baseProt.isEmpty() && !url.protocol().startsWith(baseProt) &&
86  (protClass.isEmpty() || (protClass != baseProt)) )
87  return false;
88  }
89  else
90  {
91  if ( (url.protocol() != baseProt) &&
92  (protClass.isEmpty() || (protClass != baseProt)) )
93  return false;
94  }
95  if (baseHostWildCard)
96  {
97  if (!baseHost.isEmpty() && !url.host().endsWith(baseHost))
98  return false;
99  }
100  else
101  {
102  if (url.host() != baseHost)
103  return false;
104  }
105  if (basePathWildCard)
106  {
107  if (!basePath.isEmpty() && !url.path().startsWith(basePath))
108  return false;
109  }
110  else
111  {
112  if (url.path() != basePath)
113  return false;
114  }
115  return true;
116  }
117 
118  bool destMatch(const KUrl &url, const QString &protClass, const KUrl &base, const QString &baseClass) const
119  {
120  if (destProtEqual)
121  {
122  if ( (url.protocol() != base.protocol()) &&
123  (protClass.isEmpty() || baseClass.isEmpty() || protClass != baseClass) )
124  return false;
125  }
126  else if (destProtWildCard)
127  {
128  if ( !destProt.isEmpty() && !url.protocol().startsWith(destProt) &&
129  (protClass.isEmpty() || (protClass != destProt)) )
130  return false;
131  }
132  else
133  {
134  if ( (url.protocol() != destProt) &&
135  (protClass.isEmpty() || (protClass != destProt)) )
136  return false;
137  }
138  if (destHostWildCard)
139  {
140  if (!destHost.isEmpty() && !url.host().endsWith(destHost))
141  return false;
142  }
143  else if (destHostEqual)
144  {
145  if (url.host() != base.host())
146  return false;
147  }
148  else
149  {
150  if (url.host() != destHost)
151  return false;
152  }
153  if (destPathWildCard)
154  {
155  if (!destPath.isEmpty() && !url.path().startsWith(destPath))
156  return false;
157  }
158  else
159  {
160  if (url.path() != destPath)
161  return false;
162  }
163  return true;
164  }
165 
166  QByteArray action;
167  QString baseProt;
168  QString baseHost;
169  QString basePath;
170  QString destProt;
171  QString destHost;
172  QString destPath;
173  bool baseProtWildCard : 1;
174  bool baseHostWildCard : 1;
175  bool basePathWildCard : 1;
176  bool destProtWildCard : 1;
177  bool destHostWildCard : 1;
178  bool destPathWildCard : 1;
179  bool destProtEqual : 1;
180  bool destHostEqual : 1;
181  bool permission;
182 };
183 
184 class KAuthorizedPrivate {
185 public:
186  KAuthorizedPrivate()
187  : actionRestrictions( false ), blockEverything(false),mutex(QMutex::Recursive)
188  {
189  Q_ASSERT_X(QCoreApplication::instance(),"KAuthorizedPrivate()","There has to be an existing QCoreApplication::instance() pointer");
190 
191  KSharedConfig::Ptr config = KGlobal::config();
192 
193  Q_ASSERT_X(config,"KAuthorizedPrivate()","There has to be an existing KGlobal::config() pointer");
194  if (!config) {
195  blockEverything=true;
196  return;
197  }
198  actionRestrictions = config->hasGroup("KDE Action Restrictions" ) && !kde_kiosk_exception;
199  }
200 
201  ~KAuthorizedPrivate()
202  {
203  }
204 
205  bool actionRestrictions : 1;
206  bool blockEverything : 1;
207  QList<URLActionRule> urlActionRestrictions;
208  QMutex mutex;
209 };
210 
211 Q_GLOBAL_STATIC(KAuthorizedPrivate,authPrivate)
212 #define MY_D KAuthorizedPrivate *d=authPrivate();
213 
214 
215 bool KAuthorized::authorize(const QString &genericAction)
216 {
217  MY_D
218  if (d->blockEverything) return false;
219 
220  if (!d->actionRestrictions)
221  return true;
222 
223  KConfigGroup cg(KGlobal::config(), "KDE Action Restrictions");
224  return cg.readEntry(genericAction, true);
225 }
226 
227 bool KAuthorized::authorizeKAction(const QString& action)
228 {
229  MY_D
230  if (d->blockEverything) return false;
231  if (!d->actionRestrictions || action.isEmpty())
232  return true;
233 
234  return authorize(QLatin1String("action/") + action);
235 }
236 
237 bool KAuthorized::authorizeControlModule(const QString &menuId)
238 {
239  if (menuId.isEmpty() || kde_kiosk_exception)
240  return true;
241  KConfigGroup cg(KGlobal::config(), "KDE Control Module Restrictions");
242  return cg.readEntry(menuId, true);
243 }
244 
245 QStringList KAuthorized::authorizeControlModules(const QStringList &menuIds)
246 {
247  KConfigGroup cg(KGlobal::config(), "KDE Control Module Restrictions");
248  QStringList result;
249  for(QStringList::ConstIterator it = menuIds.begin();
250  it != menuIds.end(); ++it)
251  {
252  if (cg.readEntry(*it, true))
253  result.append(*it);
254  }
255  return result;
256 }
257 
258 static void initUrlActionRestrictions()
259 {
260  MY_D
261  const QString Any;
262 
263  d->urlActionRestrictions.clear();
264  d->urlActionRestrictions.append(
265  URLActionRule("open", Any, Any, Any, Any, Any, Any, true));
266  d->urlActionRestrictions.append(
267  URLActionRule("list", Any, Any, Any, Any, Any, Any, true));
268 // TEST:
269 // d->urlActionRestrictions.append(
270 // URLActionRule("list", Any, Any, Any, Any, Any, Any, false));
271 // d->urlActionRestrictions.append(
272 // URLActionRule("list", Any, Any, Any, "file", Any, QDir::homePath(), true));
273  d->urlActionRestrictions.append(
274  URLActionRule("link", Any, Any, Any, QLatin1String(":internet"), Any, Any, true));
275  d->urlActionRestrictions.append(
276  URLActionRule("redirect", Any, Any, Any, QLatin1String(":internet"), Any, Any, true));
277 
278  // We allow redirections to file: but not from internet protocols, redirecting to file:
279  // is very popular among io-slaves and we don't want to break them
280  d->urlActionRestrictions.append(
281  URLActionRule("redirect", Any, Any, Any, QLatin1String("file"), Any, Any, true));
282  d->urlActionRestrictions.append(
283  URLActionRule("redirect", QLatin1String(":internet"), Any, Any, QLatin1String("file"), Any, Any, false));
284 
285  // local protocols may redirect everywhere
286  d->urlActionRestrictions.append(
287  URLActionRule("redirect", QLatin1String(":local"), Any, Any, Any, Any, Any, true));
288 
289  // Anyone may redirect to about:
290  d->urlActionRestrictions.append(
291  URLActionRule("redirect", Any, Any, Any, QLatin1String("about"), Any, Any, true));
292 
293  // Anyone may redirect to mailto:
294  d->urlActionRestrictions.append(
295  URLActionRule("redirect", Any, Any, Any, QLatin1String("mailto"), Any, Any, true));
296 
297  // Anyone may redirect to itself, cq. within it's own group
298  d->urlActionRestrictions.append(
299  URLActionRule("redirect", Any, Any, Any, QLatin1String("="), Any, Any, true));
300 
301  d->urlActionRestrictions.append(
302  URLActionRule("redirect", QLatin1String("about"), Any, Any, Any, Any, Any, true));
303 
304 
305  KConfigGroup cg(KGlobal::config(), "KDE URL Restrictions");
306  int count = cg.readEntry("rule_count", 0);
307  QString keyFormat = QString::fromLatin1("rule_%1");
308  for(int i = 1; i <= count; i++)
309  {
310  QString key = keyFormat.arg(i);
311  const QStringList rule = cg.readEntry(key, QStringList());
312  if (rule.count() != 8)
313  continue;
314  const QByteArray action = rule[0].toLatin1();
315  QString refProt = rule[1];
316  QString refHost = rule[2];
317  QString refPath = rule[3];
318  QString urlProt = rule[4];
319  QString urlHost = rule[5];
320  QString urlPath = rule[6];
321  bool bEnabled = (rule[7].toLower() == QLatin1String("true"));
322 
323  if (refPath.startsWith(QLatin1String("$HOME")))
324  refPath.replace(0, 5, QDir::homePath());
325  else if (refPath.startsWith(QLatin1Char('~')))
326  refPath.replace(0, 1, QDir::homePath());
327  if (urlPath.startsWith(QLatin1String("$HOME")))
328  urlPath.replace(0, 5, QDir::homePath());
329  else if (urlPath.startsWith(QLatin1Char('~')))
330  urlPath.replace(0, 1, QDir::homePath());
331 
332  if (refPath.startsWith(QLatin1String("$TMP")))
333  refPath.replace(0, 4, KGlobal::dirs()->saveLocation("tmp"));
334  if (urlPath.startsWith(QLatin1String("$TMP")))
335  urlPath.replace(0, 4, KGlobal::dirs()->saveLocation("tmp"));
336 
337  d->urlActionRestrictions.append(
338  URLActionRule( action, refProt, refHost, refPath, urlProt, urlHost, urlPath, bEnabled));
339  }
340 }
341 
342 void KAuthorized::allowUrlAction(const QString &action, const KUrl &_baseURL, const KUrl &_destURL)
343 {
344  MY_D
345  QMutexLocker locker((&d->mutex));
346  if (authorizeUrlAction(action, _baseURL, _destURL))
347  return;
348 
349  d->urlActionRestrictions.append( URLActionRule
350  ( action.toLatin1(), _baseURL.protocol(), _baseURL.host(), _baseURL.path(KUrl::RemoveTrailingSlash),
351  _destURL.protocol(), _destURL.host(), _destURL.path(KUrl::RemoveTrailingSlash), true));
352 }
353 
354 bool KAuthorized::authorizeUrlAction(const QString &action, const KUrl &_baseURL, const KUrl &_destURL)
355 {
356  MY_D
357  QMutexLocker locker(&(d->mutex));
358  if (d->blockEverything) return false;
359 
360  if (_destURL.isEmpty())
361  return true;
362 
363  bool result = false;
364  if (d->urlActionRestrictions.isEmpty())
365  initUrlActionRestrictions();
366 
367  KUrl baseURL(_baseURL);
368  baseURL.setPath(QDir::cleanPath(baseURL.path()));
369  QString baseClass = KProtocolInfo::protocolClass(baseURL.protocol());
370  KUrl destURL(_destURL);
371  destURL.setPath(QDir::cleanPath(destURL.path()));
372  QString destClass = KProtocolInfo::protocolClass(destURL.protocol());
373 
374  foreach(const URLActionRule &rule, d->urlActionRestrictions) {
375  if ((result != rule.permission) && // No need to check if it doesn't make a difference
376  (action == QLatin1String(rule.action)) &&
377  rule.baseMatch(baseURL, baseClass) &&
378  rule.destMatch(destURL, destClass, baseURL, baseClass))
379  {
380  result = rule.permission;
381  }
382  }
383  return result;
384 }
KStandardDirs::saveLocation
QString saveLocation(const char *type, const QString &suffix=QString(), bool create=true) const
Finds a location to save files into for the given type in the user's home directory.
Definition: kstandarddirs.cpp:1478
KSharedPtr
Can be used to control the lifetime of an object that has derived QSharedData.
Definition: kconfiggroup.h:38
checkStartWildCard
#define checkStartWildCard(s, b)
Definition: kauthorized.cpp:54
QMutex
QString::append
QString & append(QChar ch)
KUrl::RemoveTrailingSlash
strips a trailing '/', except when the path is already just "/".
Definition: kurl.h:125
kurl.h
kde_kiosk_exception
bool kde_kiosk_exception
Definition: kcomponentdata.cpp:162
QByteArray
kauthorized.h
QUrl::host
QString host() const
KGlobal::dirs
KStandardDirs * dirs()
Returns the application standard dirs object.
QUrl::isEmpty
bool isEmpty() const
QDir::homePath
QString homePath()
KUrl
Represents and parses a URL.
Definition: kurl.h:111
KGlobal::config
KSharedConfigPtr config()
Returns the general config object.
Definition: kglobal.cpp:139
KUrl::setPath
void setPath(const QString &path)
Definition: kurl.cpp:1772
QString::clear
void clear()
kglobal.h
QList::count
int count(const T &value) const
QList::append
void append(const T &value)
KAuthorized::authorizeControlModules
QStringList authorizeControlModules(const QStringList &menuIds)
Returns which control modules from a given list are authorized for access.
Definition: kauthorized.cpp:245
KAuthorized::authorizeUrlAction
bool authorizeUrlAction(const QString &action, const KUrl &baseUrl, const KUrl &destUrl)
Returns whether a certain URL related action is authorized.
Definition: kauthorized.cpp:354
KUrl::protocol
QString protocol() const
Returns the protocol for the URL (i.e., file, http, etc.), lowercased.
Definition: kurl.cpp:672
checkEqual
#define checkEqual(s, b)
Definition: kauthorized.cpp:59
QString::isEmpty
bool isEmpty() const
QString::startsWith
bool startsWith(const QString &s, Qt::CaseSensitivity cs) const
QString::endsWith
bool endsWith(const QString &s, Qt::CaseSensitivity cs) const
QCoreApplication::instance
QCoreApplication * instance()
ksharedconfig.h
QString
QList< URLActionRule >
KProtocolInfo::protocolClass
static QString protocolClass(const QString &protocol)
Returns the protocol class for the specified protocol.
Definition: kprotocolinfo.cpp:368
KUrl::path
QString path(AdjustPathOption trailing=LeaveTrailingSlash) const
Definition: kurl.cpp:873
QStringList
MY_D
#define MY_D
Definition: kauthorized.cpp:212
QList::end
iterator end()
initUrlActionRestrictions
static void initUrlActionRestrictions()
Definition: kauthorized.cpp:258
kprotocolinfo.h
QLatin1Char
KAuthorized::allowUrlAction
void allowUrlAction(const QString &action, const KUrl &baseUrl, const KUrl &_destUrl)
Allow a certain URL action.
Definition: kauthorized.cpp:342
KConfigGroup
A class for one specific group in a KConfig object.
Definition: kconfiggroup.h:53
QString::replace
QString & replace(int position, int n, QChar after)
QDir::cleanPath
QString cleanPath(const QString &path)
QString::toLatin1
QByteArray toLatin1() const
QLatin1String
QMutexLocker
kstandarddirs.h
QList::ConstIterator
typedef ConstIterator
checkExactMatch
#define checkExactMatch(s, b)
Definition: kauthorized.cpp:49
KAuthorized::authorize
bool authorize(const QString &genericAction)
Returns whether a certain action is authorized.
Definition: kauthorized.cpp:215
QString::fromLatin1
QString fromLatin1(const char *str, int size)
QString::arg
QString arg(qlonglong a, int fieldWidth, int base, const QChar &fillChar) const
KConfigGroup::readEntry
T readEntry(const QString &key, const T &aDefault) const
Reads the value of an entry specified by pKey in the current group.
Definition: kconfiggroup.h:248
QList::begin
iterator begin()
KAuthorized::authorizeControlModule
bool authorizeControlModule(const QString &menuId)
Returns whether access to a certain control module is authorized.
Definition: kauthorized.cpp:237
KAuthorized::authorizeKAction
bool authorizeKAction(const QString &action)
Returns whether a certain KAction is authorized.
Definition: kauthorized.cpp:227
kconfiggroup.h
This file is part of the KDE documentation.
Documentation copyright © 1996-2020 The KDE developers.
Generated on Mon Jun 22 2020 13:22:10 by doxygen 1.8.7 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

KDECore

Skip menu "KDECore"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Modules
  • Related Pages

kdelibs API Reference

Skip menu "kdelibs API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver

Search



Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal