1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
4 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
5 <title>gsignond API Reference Manual: GSignondAccessControlManager</title>
6 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
7 <link rel="home" href="index.html" title="gsignond API Reference Manual">
8 <link rel="up" href="ch06.html" title="GSignond API for writing platform adaptation extensions">
9 <link rel="prev" href="GSignondExtension.html" title="GSignondExtension">
10 <link rel="next" href="gsignond-GSignondSecurityContext.html" title="GSignondSecurityContext">
11 <meta name="generator" content="GTK-Doc V1.20 (XML mode)">
12 <link rel="stylesheet" href="style.css" type="text/css">
14 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
15 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="10"><tr valign="middle">
16 <td width="100%" align="left" class="shortcuts">
17 <a href="#" class="shortcut">Top</a><span id="nav_description"> <span class="dim">|</span>
18 <a href="#GSignondAccessControlManager.description" class="shortcut">Description</a></span><span id="nav_hierarchy"> <span class="dim">|</span>
19 <a href="#GSignondAccessControlManager.object-hierarchy" class="shortcut">Object Hierarchy</a></span><span id="nav_properties"> <span class="dim">|</span>
20 <a href="#GSignondAccessControlManager.properties" class="shortcut">Properties</a></span>
22 <td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
23 <td><a accesskey="u" href="ch06.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
24 <td><a accesskey="p" href="GSignondExtension.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
25 <td><a accesskey="n" href="gsignond-GSignondSecurityContext.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
27 <div class="refentry">
28 <a name="GSignondAccessControlManager"></a><div class="titlepage"></div>
29 <div class="refnamediv"><table width="100%"><tr>
31 <h2><span class="refentrytitle"><a name="GSignondAccessControlManager.top_of_page"></a>GSignondAccessControlManager</span></h2>
32 <p>GSignondAccessControlManager — an object that performs access control checks</p>
34 <td class="gallery_image" valign="top" align="right"></td>
36 <div class="refsect1">
37 <a name="GSignondAccessControlManager.functions"></a><h2>Functions</h2>
38 <div class="informaltable"><table width="100%" border="0">
40 <col width="150px" class="functions_return">
41 <col class="functions_name">
45 <td class="function_type">
46 <span class="returnvalue">void</span>
48 <td class="function_name">
49 <a class="link" href="GSignondAccessControlManager.html#gsignond-access-control-manager-security-context-of-peer" title="gsignond_access_control_manager_security_context_of_peer ()">gsignond_access_control_manager_security_context_of_peer</a> <span class="c_punctuation">()</span>
53 <td class="function_type">
54 <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a>
56 <td class="function_name">
57 <a class="link" href="GSignondAccessControlManager.html#gsignond-access-control-manager-peer-is-allowed-to-use-identity" title="gsignond_access_control_manager_peer_is_allowed_to_use_identity ()">gsignond_access_control_manager_peer_is_allowed_to_use_identity</a> <span class="c_punctuation">()</span>
61 <td class="function_type">
62 <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a>
64 <td class="function_name">
65 <a class="link" href="GSignondAccessControlManager.html#gsignond-access-control-manager-peer-is-owner-of-identity" title="gsignond_access_control_manager_peer_is_owner_of_identity ()">gsignond_access_control_manager_peer_is_owner_of_identity</a> <span class="c_punctuation">()</span>
69 <td class="function_type">
70 <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a>
72 <td class="function_name">
73 <a class="link" href="GSignondAccessControlManager.html#gsignond-access-control-manager-acl-is-valid" title="gsignond_access_control_manager_acl_is_valid ()">gsignond_access_control_manager_acl_is_valid</a> <span class="c_punctuation">()</span>
77 <td class="function_type">
78 <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="returnvalue">GSignondSecurityContext</span></a> *
80 <td class="function_name">
81 <a class="link" href="GSignondAccessControlManager.html#gsignond-access-control-manager-security-context-of-keychain" title="gsignond_access_control_manager_security_context_of_keychain ()">gsignond_access_control_manager_security_context_of_keychain</a> <span class="c_punctuation">()</span>
87 <div class="refsect1">
88 <a name="GSignondAccessControlManager.properties"></a><h2>Properties</h2>
89 <div class="informaltable"><table border="0">
91 <col width="150px" class="properties_type">
92 <col width="300px" class="properties_name">
93 <col width="200px" class="properties_flags">
96 <td class="property_type">
97 <a class="link" href="GSignondConfig.html" title="GSignondConfig"><span class="type">GSignondConfig</span></a> *</td>
98 <td class="property_name"><a class="link" href="GSignondAccessControlManager.html#GSignondAccessControlManager--config" title="The “config” property">config</a></td>
99 <td class="property_flags">Read / Write / Construct Only</td>
103 <div class="refsect1">
104 <a name="GSignondAccessControlManager.object-hierarchy"></a><h2>Object Hierarchy</h2>
105 <pre class="screen"> <a href="http://library.gnome.org/devel/gobject/unstable/gobject-The-Base-Object-Type.html#GObject">GObject</a>
106 <span class="lineart">╰──</span> GSignondAccessControlManager
109 <div class="refsect1">
110 <a name="GSignondAccessControlManager.includes"></a><h2>Includes</h2>
111 <pre class="synopsis">#include <gsignond/gsignond-access-control-manager.h>
114 <div class="refsect1">
115 <a name="GSignondAccessControlManager.description"></a><h2>Description</h2>
116 <p><a class="link" href="GSignondAccessControlManager.html" title="GSignondAccessControlManager"><span class="type">GSignondAccessControlManager</span></a> performs access control checks using
117 available system services. gSSO can be configured to use a custom extension
118 that provides a subclassed implementation of <a class="link" href="GSignondAccessControlManager.html" title="GSignondAccessControlManager"><span class="type">GSignondAccessControlManager</span></a>
119 (see <a class="link" href="GSignondExtension.html" title="GSignondExtension"><span class="type">GSignondExtension</span></a>), otherwise a default implementation is used.</p>
121 <div class="refsect1">
122 <a name="GSignondAccessControlManager.functions_details"></a><h2>Functions</h2>
123 <div class="refsect2">
124 <a name="gsignond-access-control-manager-security-context-of-peer"></a><h3>gsignond_access_control_manager_security_context_of_peer ()</h3>
125 <pre class="programlisting"><span class="returnvalue">void</span>
126 gsignond_access_control_manager_security_context_of_peer
127 (<em class="parameter"><code><a class="link" href="GSignondAccessControlManager.html" title="GSignondAccessControlManager"><span class="type">GSignondAccessControlManager</span></a> *self</code></em>,
128 <em class="parameter"><code><a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="type">GSignondSecurityContext</span></a> *peer_ctx</code></em>,
129 <em class="parameter"><code><span class="type">int</span> peer_fd</code></em>,
130 <em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *peer_service</code></em>,
131 <em class="parameter"><code>const <a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gchar"><span class="type">gchar</span></a> *peer_app_ctx</code></em>);</pre>
132 <p>Retrieves and sets <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="type">GSignondSecurityContext</span></a> of the specified peer.</p>
133 <p>The default implementation sets the app context as it was passed, and sets
134 the system context to the binary path of the process that is determined from
135 <em class="parameter"><code>peer_fd</code></em>
136 and <em class="parameter"><code>peer_service</code></em>
138 <div class="refsect3">
139 <a name="id-1.7.3.8.2.6"></a><h4>Parameters</h4>
140 <div class="informaltable"><table width="100%" border="0">
142 <col width="150px" class="parameters_name">
143 <col class="parameters_description">
144 <col width="200px" class="parameters_annotations">
148 <td class="parameter_name"><p>self</p></td>
149 <td class="parameter_description"><p>object instance.</p></td>
150 <td class="parameter_annotations"> </td>
153 <td class="parameter_name"><p>peer_ctx</p></td>
154 <td class="parameter_description"><p>instance of security context to be set.</p></td>
155 <td class="parameter_annotations"> </td>
158 <td class="parameter_name"><p>peer_fd</p></td>
159 <td class="parameter_description"><p>file descriptor of the peer connection if using peer-to-peer dbus, -1 otherwise.</p></td>
160 <td class="parameter_annotations"> </td>
163 <td class="parameter_name"><p>peer_service</p></td>
164 <td class="parameter_description"><p>g_dbus_method_invocation_get_sender() of the peer connection, if not using peer-to-peer dbus, NULL otherwise</p></td>
165 <td class="parameter_annotations"> </td>
168 <td class="parameter_name"><p>peer_app_ctx</p></td>
169 <td class="parameter_description"><p>application context of the peer connection.</p></td>
170 <td class="parameter_annotations"> </td>
177 <div class="refsect2">
178 <a name="gsignond-access-control-manager-peer-is-allowed-to-use-identity"></a><h3>gsignond_access_control_manager_peer_is_allowed_to_use_identity ()</h3>
179 <pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a>
180 gsignond_access_control_manager_peer_is_allowed_to_use_identity
181 (<em class="parameter"><code><a class="link" href="GSignondAccessControlManager.html" title="GSignondAccessControlManager"><span class="type">GSignondAccessControlManager</span></a> *self</code></em>,
182 <em class="parameter"><code>const <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="type">GSignondSecurityContext</span></a> *peer_ctx</code></em>,
183 <em class="parameter"><code>const <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="type">GSignondSecurityContext</span></a> *owner_ctx</code></em>,
184 <em class="parameter"><code>const <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContextList" title="GSignondSecurityContextList"><span class="type">GSignondSecurityContextList</span></a> *identity_acl</code></em>);</pre>
185 <p>Checks if specified peer is allowed to access the specified identity.</p>
186 <p>The default implementation goes over items in <em class="parameter"><code>identity_acl</code></em>
188 <a class="link" href="gsignond-GSignondSecurityContext.html#gsignond-security-context-check" title="gsignond_security_context_check ()"><code class="function">gsignond_security_context_check()</code></a> to check them against <em class="parameter"><code>peer_ctx</code></em>
190 <div class="refsect3">
191 <a name="id-1.7.3.8.3.6"></a><h4>Parameters</h4>
192 <div class="informaltable"><table width="100%" border="0">
194 <col width="150px" class="parameters_name">
195 <col class="parameters_description">
196 <col width="200px" class="parameters_annotations">
200 <td class="parameter_name"><p>self</p></td>
201 <td class="parameter_description"><p>object instance.</p></td>
202 <td class="parameter_annotations"> </td>
205 <td class="parameter_name"><p>peer_ctx</p></td>
206 <td class="parameter_description"><p>security context of the peer connection.</p></td>
207 <td class="parameter_annotations"> </td>
210 <td class="parameter_name"><p>owner_ctx</p></td>
211 <td class="parameter_description"><p>security context of the identity owner.</p></td>
212 <td class="parameter_annotations"> </td>
215 <td class="parameter_name"><p>identity_acl</p></td>
216 <td class="parameter_description"><p>access control list for the identity in question. Includes the <em class="parameter"><code>owner_ctx</code></em>
218 <td class="parameter_annotations"> </td>
223 <div class="refsect3">
224 <a name="id-1.7.3.8.3.7"></a><h4>Returns</h4>
225 <p> access is allowed?</p>
230 <div class="refsect2">
231 <a name="gsignond-access-control-manager-peer-is-owner-of-identity"></a><h3>gsignond_access_control_manager_peer_is_owner_of_identity ()</h3>
232 <pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a>
233 gsignond_access_control_manager_peer_is_owner_of_identity
234 (<em class="parameter"><code><a class="link" href="GSignondAccessControlManager.html" title="GSignondAccessControlManager"><span class="type">GSignondAccessControlManager</span></a> *self</code></em>,
235 <em class="parameter"><code>const <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="type">GSignondSecurityContext</span></a> *peer_ctx</code></em>,
236 <em class="parameter"><code>const <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="type">GSignondSecurityContext</span></a> *owner_ctx</code></em>);</pre>
237 <p>Checks if the peer specified in <em class="parameter"><code>peer_ctx</code></em>
238 is the owner of the identity.</p>
239 <p>The default implementation is using <a class="link" href="gsignond-GSignondSecurityContext.html#gsignond-security-context-check" title="gsignond_security_context_check ()"><code class="function">gsignond_security_context_check()</code></a>
240 to check <em class="parameter"><code>peer_ctx</code></em>
241 against <em class="parameter"><code>owner_ctx</code></em>
243 <div class="refsect3">
244 <a name="id-1.7.3.8.4.6"></a><h4>Parameters</h4>
245 <div class="informaltable"><table width="100%" border="0">
247 <col width="150px" class="parameters_name">
248 <col class="parameters_description">
249 <col width="200px" class="parameters_annotations">
253 <td class="parameter_name"><p>self</p></td>
254 <td class="parameter_description"><p>object instance.</p></td>
255 <td class="parameter_annotations"> </td>
258 <td class="parameter_name"><p>peer_ctx</p></td>
259 <td class="parameter_description"><p>security context of the peer connection.</p></td>
260 <td class="parameter_annotations"> </td>
263 <td class="parameter_name"><p>owner_ctx</p></td>
264 <td class="parameter_description"><p>security context of the identity owner.</p></td>
265 <td class="parameter_annotations"> </td>
270 <div class="refsect3">
271 <a name="id-1.7.3.8.4.7"></a><h4>Returns</h4>
277 <div class="refsect2">
278 <a name="gsignond-access-control-manager-acl-is-valid"></a><h3>gsignond_access_control_manager_acl_is_valid ()</h3>
279 <pre class="programlisting"><a href="http://library.gnome.org/devel/glib/unstable/glib-Basic-Types.html#gboolean"><span class="returnvalue">gboolean</span></a>
280 gsignond_access_control_manager_acl_is_valid
281 (<em class="parameter"><code><a class="link" href="GSignondAccessControlManager.html" title="GSignondAccessControlManager"><span class="type">GSignondAccessControlManager</span></a> *self</code></em>,
282 <em class="parameter"><code>const <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="type">GSignondSecurityContext</span></a> *peer_ctx</code></em>,
283 <em class="parameter"><code>const <a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContextList" title="GSignondSecurityContextList"><span class="type">GSignondSecurityContextList</span></a> *identity_acl</code></em>);</pre>
284 <p>Checks if the specified peer is allowed to set the specified access
285 control list. <a class="link" href="GSignondAccessControlManager.html#gsignond-access-control-manager-peer-is-owner-of-identity" title="gsignond_access_control_manager_peer_is_owner_of_identity ()"><code class="function">gsignond_access_control_manager_peer_is_owner_of_identity()</code></a>
286 is used before calling this method to verify identity ownership.</p>
287 <p>The default implementation always returns TRUE.</p>
288 <div class="refsect3">
289 <a name="id-1.7.3.8.5.6"></a><h4>Parameters</h4>
290 <div class="informaltable"><table width="100%" border="0">
292 <col width="150px" class="parameters_name">
293 <col class="parameters_description">
294 <col width="200px" class="parameters_annotations">
298 <td class="parameter_name"><p>self</p></td>
299 <td class="parameter_description"><p>object instance.</p></td>
300 <td class="parameter_annotations"> </td>
303 <td class="parameter_name"><p>peer_ctx</p></td>
304 <td class="parameter_description"><p>security context of the peer connection.</p></td>
305 <td class="parameter_annotations"> </td>
308 <td class="parameter_name"><p>identity_acl</p></td>
309 <td class="parameter_description"><p>access control list for the identity.</p></td>
310 <td class="parameter_annotations"> </td>
315 <div class="refsect3">
316 <a name="id-1.7.3.8.5.7"></a><h4>Returns</h4>
317 <p> access control list is OK?</p>
322 <div class="refsect2">
323 <a name="gsignond-access-control-manager-security-context-of-keychain"></a><h3>gsignond_access_control_manager_security_context_of_keychain ()</h3>
324 <pre class="programlisting"><a class="link" href="gsignond-GSignondSecurityContext.html#GSignondSecurityContext" title="GSignondSecurityContext"><span class="returnvalue">GSignondSecurityContext</span></a> *
325 gsignond_access_control_manager_security_context_of_keychain
326 (<em class="parameter"><code><a class="link" href="GSignondAccessControlManager.html" title="GSignondAccessControlManager"><span class="type">GSignondAccessControlManager</span></a> *self</code></em>);</pre>
327 <p>Retrieves security context of the keychain application. Keychain application
328 has a special management access to all stored identities and is able to
329 perform deletion of all identities from storage.</p>
330 <p>The default implementation returns a context either set in <a class="link" href="GSignondConfig.html" title="GSignondConfig"><span class="type">GSignondConfig</span></a>,
331 or if not set, a value specified through a configure --enable-keychain
333 <a class="link" href="gsignond-building.html" title="Building and installing the gsignond daemon">Building gsignond</a>), or if that is not
334 <p>set either then an empty string "" is returned. </p>
335 <p>If gSSO was compiled
336 with --enable-debug and SSO_KEYCHAIN_SYSCTX environment variable is set, then
337 the value of that variable is used to set the returned system context instead.</p>
338 <div class="refsect3">
339 <a name="id-1.7.3.8.6.9"></a><h4>Parameters</h4>
340 <div class="informaltable"><table width="100%" border="0">
342 <col width="150px" class="parameters_name">
343 <col class="parameters_description">
344 <col width="200px" class="parameters_annotations">
347 <td class="parameter_name"><p>self</p></td>
348 <td class="parameter_description"><p>object instance.</p></td>
349 <td class="parameter_annotations"> </td>
353 <div class="refsect3">
354 <a name="id-1.7.3.8.6.10"></a><h4>Returns</h4>
355 <p> security context of the keychain application.</p>
360 <div class="refsect1">
361 <a name="GSignondAccessControlManager.other_details"></a><h2>Types and Values</h2>
363 <div class="refsect1">
364 <a name="GSignondAccessControlManager.property-details"></a><h2>Property Details</h2>
365 <div class="refsect2">
366 <a name="GSignondAccessControlManager--config"></a><h3>The <code class="literal">“config”</code> property</h3>
367 <pre class="programlisting"> “config” <a class="link" href="GSignondConfig.html" title="GSignondConfig"><span class="type">GSignondConfig</span></a> *</pre>
368 <p>Configuration object.</p>
369 <p>Flags: Read / Write / Construct Only</p>
375 Generated by GTK-Doc V1.20</div>