21 #include "private/authorizationmanager_p.h"
29 #include "private/authorizationrule_p.h"
30 #include "private/denyallauthorization_p.h"
31 #include "private/joliemessagehelper_p.h"
32 #include "private/pinpairingauthorization_p.h"
33 #include "private/trustedonlyauthorization_p.h"
35 #include <QtCore/QBuffer>
36 #include <QtCore/QMap>
37 #include <QtCore/QMetaType>
38 #include <QtCore/QTimer>
40 #include <QtNetwork/QHostInfo>
42 #include <QtJolie/Message>
43 #include <QtJolie/Server>
45 #include <kauthaction.h>
46 #include <kconfiggroup.h>
48 #include <kstandarddirs.h>
49 #include <ktemporaryfile.h>
56 class AuthorizationManagerSingleton
59 AuthorizationManager
self;
62 K_GLOBAL_STATIC(AuthorizationManagerSingleton, privateAuthorizationManagerSelf)
66 return &privateAuthorizationManagerSelf->
self;
69 AuthorizationManager::AuthorizationManager()
71 d(new AuthorizationManagerPrivate(this))
73 qRegisterMetaTypeStreamOperators<Plasma::Credentials>(
"Plasma::Credentials");
76 AuthorizationManager::~AuthorizationManager()
84 kDebug() <<
"Can't change AuthorizationPolicy: interface locked.";
88 if (policy == d->authorizationPolicy) {
92 d->authorizationPolicy = policy;
94 if (d->authorizationInterface != d->customAuthorizationInterface) {
95 delete d->authorizationInterface;
100 d->authorizationInterface =
new DenyAllAuthorization();
103 d->authorizationInterface =
new PinPairingAuthorization();
106 d->authorizationInterface =
new TrustedOnlyAuthorization();
109 d->authorizationInterface = d->customAuthorizationInterface;
118 if (d->authorizationInterface) {
119 kDebug() <<
"Can't change AuthorizationInterface: interface locked.";
123 delete d->customAuthorizationInterface;
124 d->customAuthorizationInterface = interface;
126 if (d->authorizationPolicy ==
Custom) {
127 d->authorizationInterface = interface;
135 authorizationInterface(new DenyAllAuthorization()),
136 customAuthorizationInterface(0),
137 rulesConfig(KSharedConfig::openConfig(
"/etc/plasma-remotewidgets.conf")->group(
"Rules")),
142 AuthorizationManagerPrivate::~AuthorizationManagerPrivate()
144 delete authorizationInterface;
145 delete customAuthorizationInterface;
149 void AuthorizationManagerPrivate::prepareForServiceAccess()
151 if (myCredentials.isValid()) {
155 wallet = KWallet::Wallet::openWallet(
"kdewallet", 0, KWallet::Wallet::Asynchronous);
156 q->connect(wallet, SIGNAL(walletOpened(
bool)), q, SLOT(slotWalletOpened()));
160 void AuthorizationManagerPrivate::prepareForServicePublication()
163 server =
new Jolie::Server(4000);
167 void AuthorizationManagerPrivate::saveRules()
169 kDebug() <<
"SAVE RULES";
171 KTemporaryFile tempFile;
173 tempFile.setAutoRemove(
false);
174 KConfigGroup rulesGroup = KSharedConfig::openConfig(tempFile.fileName())->group(
"Rules");
177 foreach (AuthorizationRule *rule, rules) {
179 kDebug() <<
"adding rule " << i;
180 rulesGroup.group(
QString::number(i)).writeEntry(
"CredentialsID", rule->credentials().id());
181 rulesGroup.group(
QString::number(i)).writeEntry(
"serviceName", rule->serviceName());
182 rulesGroup.group(
QString::number(i)).writeEntry(
"Policy", (uint)rule->policy());
183 rulesGroup.group(
QString::number(i)).writeEntry(
"Targets", (uint)rule->targets());
184 rulesGroup.group(
QString::number(i)).writeEntry(
"Persistence", (uint)rule->persistence());
191 kDebug() <<
"tempfile = " << tempFile.fileName();
193 KAuth::Action action(
"org.kde.kcontrol.kcmremotewidgets.save");
194 action.addArgument(
"source", tempFile.fileName());
195 action.addArgument(
"filename",
"/etc/plasma-remotewidgets.conf");
196 KAuth::ActionReply reply = action.execute();
198 if (reply.failed()) {
199 kDebug() <<
"KAuth failed.... YOU SUCK!";
203 void AuthorizationManagerPrivate::slotWalletOpened()
207 if (!wallet->readEntry(
"Credentials", identity)) {
208 kDebug() <<
"Existing identity found";
209 QDataStream stream(&identity, QIODevice::ReadOnly);
210 stream >> myCredentials;
213 if (!myCredentials.isValid()) {
214 kDebug() <<
"Creating a new identity";
216 QDataStream stream(&identity, QIODevice::WriteOnly);
217 stream << myCredentials;
218 wallet->writeEntry(
"Credentials", identity);
221 emit q->readyForRemoteAccess();
224 void AuthorizationManagerPrivate::slotLoadRules()
226 foreach (
const QString &groupName, rulesConfig.groupList()) {
227 QString identityID = rulesConfig.group(groupName).readEntry(
"CredentialsID",
"");
228 QString serviceName = rulesConfig.group(groupName).readEntry(
"serviceName",
"");
229 uint policy = rulesConfig.group(groupName).readEntry(
"Policy", 0);
230 uint targets = rulesConfig.group(groupName).readEntry(
"Targets", 0);
231 uint persistence = rulesConfig.group(groupName).readEntry(
"Persistence", 0);
234 kDebug() <<
"Invalid rule";
236 AuthorizationRule *rule =
new AuthorizationRule(serviceName, identityID);
237 rule->setPolicy(static_cast<AuthorizationRule::Policy>(policy));
238 rule->setTargets(static_cast<AuthorizationRule::Targets>(targets));
239 rule->setPersistence(static_cast<AuthorizationRule::Persistence>(persistence));
245 AuthorizationRule *AuthorizationManagerPrivate::matchingRule(
const QString &serviceName,
246 const Credentials &identity)
const
248 AuthorizationRule *matchingRule = 0;
249 foreach (AuthorizationRule *rule, rules) {
250 if (rule->d->matches(serviceName, identity.id())) {
265 kDebug() <<
"no matching rule";
267 kDebug() <<
"matching rule found: " << matchingRule->description();
272 Credentials AuthorizationManagerPrivate::getCredentials(
const QString &
id)
274 if (identities.contains(
id)) {
275 return identities[id];
277 return Credentials();
281 void AuthorizationManagerPrivate::addCredentials(
const Credentials &identity)
283 if (identities.contains(identity.id())) {
285 }
else if (identity.isValid()) {
286 kDebug() <<
"Adding a new identity for " << identity.id();
287 identities[identity.id()] = identity;
293 #include "authorizationmanager.moc"
Allows authorization of access to plasma services.
static Credentials createCredentials(const QString &name)
Create a new identity with a new set of random public/private keys.
specify that this rule is valid for all services
specify that this rule will be saved between sessions.
Allows authorization of access to plasma services.
static AuthorizationManager * self()
Singleton pattern accessor.
void setAuthorizationInterface(AuthorizationInterface *interface)
Register an implementation of AuthorizationInterface.
QString number(int n, int base)
< Don't allow any incoming connections
< Only allow connections from trusted machines
specify that this rule is valid for all users
void setAuthorizationPolicy(AuthorizationPolicy policy)
Set a policy used for authorizing incoming connections.