1 /* vi: set et sw=4 ts=4 cino=t0,(0: */
2 /* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
4 * This file is part of libgsignon-glib
6 * Copyright (C) 2012-2013 Intel Corporation.
8 * Contact: Jussi Laako <jussi.laako@linux.intel.com>
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public License
12 * version 2.1 as published by the Free Software Foundation.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
26 * SECTION:signon-security-context
27 * @title: SignonSecurityContext
28 * @short_description: representation of a security context.
30 * The #SignonSecurityContext represents a security context within
31 * system and also within application. Security contexts are used:
33 * - within identities to specify the owner of the identity, and
34 * users of the identity (items on the access control list). See #SignonIdentity.
35 * - by gSSO daemon to identify the application accessing the gSSO service and
36 * to determine if the application is an identity's owner, or is on the identity's access
37 * control list, and make access control decisions accordingly.
39 * #SignonSecurityContext contains two strings: a system context and an
40 * application context.
42 * System context can be a binary path, SMACK-label, or MSSF token. Specific
43 * interpretation of the system context value is performed by a gSSO extension module.
44 * The default gSSO extension expects binary paths.
46 * Application context identifies a script or a webpage within an application,
47 * and it's used for providing access control to runtime environments (when making an access
48 * control decision requires not only a binary identifier, but also information
49 * about what the binary is doing).
51 * System context and application context can contain a wildcard
52 * operator "*" to match 'any', while "" matches 'none' when a default
53 * gSSO extension is used. The system context is always evaluated first
54 * and if a match is found, only then the application context is evaluated.
55 * Check the documentation of a platform specific extension to determine
56 * any particular match rules used by a custom ACM (Access Control Manager).
59 #include "signon-security-context.h"
61 G_DEFINE_BOXED_TYPE (SignonSecurityContext, signon_security_context,
62 (GBoxedCopyFunc) signon_security_context_copy,
63 (GBoxedFreeFunc) signon_security_context_free);
66 _security_context_free (gpointer ptr)
68 SignonSecurityContext *ctx = (SignonSecurityContext *) ptr;
70 signon_security_context_free (ctx);
74 * signon_security_context_new:
76 * Allocates a new security context item.
78 * Returns: (transfer full): allocated #SignonSecurityContext.
80 SignonSecurityContext *
81 signon_security_context_new ()
83 SignonSecurityContext *ctx;
85 ctx = g_slice_new0 (SignonSecurityContext);
86 ctx->sys_ctx = g_strdup ("");
87 ctx->app_ctx = g_strdup ("");
93 * signon_security_context_new_from_values:
94 * @system_context: system security context (such as SMACK/MSSF label/token).
95 * @application_context: application security context (such as a script name).
97 * Allocates and initializes a new security context item.
99 * Returns: (transfer full): allocated #SignonSecurityContext.
101 SignonSecurityContext *
102 signon_security_context_new_from_values (const gchar *system_context,
103 const gchar *application_context)
105 SignonSecurityContext *ctx;
107 g_return_val_if_fail (system_context != NULL, NULL);
109 ctx = g_slice_new0 (SignonSecurityContext);
110 ctx->sys_ctx = g_strdup (system_context);
111 if (application_context)
112 ctx->app_ctx = g_strdup (application_context);
114 ctx->app_ctx = g_strdup ("");
120 * signon_security_context_copy:
121 * @src_ctx: source security context to copy.
123 * Copy a security context item.
125 * Returns: (transfer full): a copy of the #SignonSecurityContext item.
127 SignonSecurityContext *
128 signon_security_context_copy (const SignonSecurityContext *src_ctx)
133 return signon_security_context_new_from_values (src_ctx->sys_ctx,
138 * signon_security_context_free:
139 * @ctx: #SignonSecurityContext to be freed.
141 * Frees a security context item.
144 signon_security_context_free (SignonSecurityContext *ctx)
146 if (ctx == NULL) return;
148 g_free (ctx->sys_ctx);
149 g_free (ctx->app_ctx);
150 g_slice_free (SignonSecurityContext, ctx);
154 * signon_security_context_set_system_context:
155 * @ctx: #SignonSecurityContext item.
156 * @system_context: system security context.
158 * Sets the system context part (such as SMACK label or MSSF token) of the
159 * #SignonSecurityContext.
162 signon_security_context_set_system_context (SignonSecurityContext *ctx,
163 const gchar *system_context)
165 g_return_if_fail (ctx != NULL);
167 g_free (ctx->sys_ctx);
168 ctx->sys_ctx = g_strdup (system_context);
172 * signon_security_context_get_system_context:
173 * @ctx: #SignonSecurityContext item.
175 * Get the system context part (such as SMACK label or MSSF token) of the
176 * #SignonSecurityContext.
178 * Returns: (transfer none): system context.
181 signon_security_context_get_system_context (const SignonSecurityContext *ctx)
183 g_return_val_if_fail (ctx != NULL, NULL);
189 * signon_security_context_set_application_context:
190 * @ctx: #SignonSecurityContext item.
191 * @application_context: application security context.
193 * Sets the application context part (such as a script name or a web page) of
194 * the #SignonSecurityContext.
197 signon_security_context_set_application_context (SignonSecurityContext *ctx,
198 const gchar *application_context)
200 g_return_if_fail (ctx != NULL);
202 g_free (ctx->app_ctx);
203 ctx->app_ctx = g_strdup (application_context);
207 * signon_security_context_get_application_context:
208 * @ctx: #SignonSecurityContext item.
210 * Get the application context part (such as script name or a web page) of
211 * the #SignonSecurityContext.
213 * Returns: (transfer none): application context.
216 signon_security_context_get_application_context (
217 const SignonSecurityContext *ctx)
219 g_return_val_if_fail (ctx != NULL, NULL);
225 * signon_security_context_build_variant:
226 * @ctx: #SignonSecurityContext item.
228 * Build a GVariant of type "(ss)" from a #SignonSecurityContext item.
230 * Returns: (transfer full): GVariant construct of a #SignonSecurityContext.
233 signon_security_context_build_variant (const SignonSecurityContext *ctx)
237 g_return_val_if_fail (ctx != NULL, NULL);
239 variant = g_variant_new ("(ss)",
240 ctx->sys_ctx ? ctx->sys_ctx : "",
241 ctx->app_ctx ? ctx->app_ctx : "");
247 * signon_security_context_deconstruct_variant:
248 * @variant: GVariant item with a #SignonSecurityContext construct.
250 * Builds a #SignonSecurityContext item from a GVariant of type "(ss)".
252 * Returns: (transfer full): #SignonSecurityContext item.
254 SignonSecurityContext *
255 signon_security_context_deconstruct_variant (GVariant *variant)
257 gchar *sys_ctx = NULL;
258 gchar *app_ctx = NULL;
259 SignonSecurityContext *ctx;
261 g_return_val_if_fail (variant != NULL, NULL);
263 g_variant_get (variant, "(ss)", &sys_ctx, &app_ctx);
264 ctx = signon_security_context_new_from_values (sys_ctx, app_ctx);
271 * signon_security_context_list_build_variant:
272 * @list: #SignonSecurityContextList item.
274 * Builds a GVariant of type "a(ss)" from a GList of #SignonSecurityContext
277 * Returns: (transfer full): GVariant construct of a #SignonSecurityContextList.
280 signon_security_context_list_build_variant (
281 const SignonSecurityContextList *list)
283 GVariantBuilder builder;
285 SignonSecurityContext *ctx;
287 g_variant_builder_init (&builder, G_VARIANT_TYPE_ARRAY);
288 for ( ; list != NULL; list = g_list_next (list))
290 ctx = (SignonSecurityContext *) list->data;
291 g_variant_builder_add_value (&builder,
292 signon_security_context_build_variant (ctx));
294 variant = g_variant_builder_end (&builder);
300 * signon_security_context_list_deconstruct_variant:
301 * @variant: GVariant item with a list of security context tuples.
303 * Builds a GList of #SignonSecurityContext items from a GVariant of type
306 * Returns: (transfer full): #SignonSecurityContextList item.
308 SignonSecurityContextList *
309 signon_security_context_list_deconstruct_variant (GVariant *variant)
311 SignonSecurityContextList *list = NULL;
315 g_return_val_if_fail (variant != NULL, NULL);
317 g_variant_iter_init (&iter, variant);
318 while ((value = g_variant_iter_next_value (&iter)))
320 list = g_list_append (
321 list, signon_security_context_deconstruct_variant (value));
322 g_variant_unref (value);
329 * signon_security_context_list_copy:
330 * @src_list: source #SignonSecurityContextList.
332 * Copies a GList of #SignonSecurityContext items.
334 * Returns: (transfer full): #SignonSecurityContextList item.
336 SignonSecurityContextList *
337 signon_security_context_list_copy (const SignonSecurityContextList *src_list)
339 SignonSecurityContext *ctx;
340 SignonSecurityContextList *dst_list = NULL;
342 for ( ; src_list != NULL; src_list = g_list_next (src_list))
344 ctx = (SignonSecurityContext *) src_list->data;
345 dst_list = g_list_append (
346 dst_list, signon_security_context_copy (ctx));
353 * signon_security_context_list_free:
354 * @seclist: (transfer full): #SignonSecurityContextList item.
356 * Frees all items and the GList of #SignonSecurityContext.
359 signon_security_context_list_free (SignonSecurityContextList *seclist)
361 g_list_free_full (seclist, _security_context_free);