libgsignon-glib Reference Manual | ||||
---|---|---|---|---|
Top | Description |
struct SignonIdentityClass; void (*SignonIdentityInfoCb) (SignonIdentity *self
,const SignonIdentityInfo *info
,const GError *error
,gpointer user_data
); typedef SignonIdentityReferenceAddedCb; typedef SignonIdentityReferenceRemovedCb; typedef SignonIdentityRemovedCb; void (*SignonIdentitySessionReadyCb) (SignonAuthSession *self
,GError *error
,GDBusConnection *connection
,const gchar *bus_name
,const gchar *object_path
); typedef SignonIdentitySignedOutCb; void (*SignonIdentityStoreCredentialsCb) (SignonIdentity *self
,guint32 id
,const GError *error
,gpointer user_data
); void (*SignonIdentityVerifyCb) (SignonIdentity *self
,gboolean valid
,const GError *error
,gpointer user_data
); void (*SignonIdentityVoidCb) (SignonIdentity *self
,const GError *error
,gpointer user_data
); void signon_identity_add_reference (SignonIdentity *self
,const gchar *reference
,SignonIdentityReferenceAddedCb cb
,gpointer user_data
); SignonAuthSession * signon_identity_create_session (SignonIdentity *self
,const gchar *method
,GError **error
); void signon_identity_get_auth_session (SignonIdentity *self
,SignonAuthSession *session
,const gchar *method
,SignonIdentitySessionReadyCb cb
); const GError * signon_identity_get_last_error (SignonIdentity *identity
); SignonIdentity * signon_identity_new (const gchar *application_context
); SignonIdentity * signon_identity_new_from_db (guint32 id
,const gchar *application_context
); void signon_identity_query_info (SignonIdentity *self
,SignonIdentityInfoCb cb
,gpointer user_data
); void signon_identity_remove (SignonIdentity *self
,SignonIdentityRemovedCb cb
,gpointer user_data
); void signon_identity_remove_reference (SignonIdentity *self
,const gchar *reference
,SignonIdentityReferenceRemovedCb cb
,gpointer user_data
); void signon_identity_signout (SignonIdentity *self
,SignonIdentitySignedOutCb cb
,gpointer user_data
); void signon_identity_store_credentials_with_args (SignonIdentity *self
,const gchar *username
,const gchar *secret
,const gboolean store_secret
,const GHashTable *methods
,const gchar *caption
,const gchar * const *realms
,const SignonSecurityContext *owner
,const SignonSecurityContextList *access_control_list
,SignonIdentityType type
,SignonIdentityStoreCredentialsCb cb
,gpointer user_data
); void signon_identity_store_credentials_with_info (SignonIdentity *self
,const SignonIdentityInfo *info
,SignonIdentityStoreCredentialsCb cb
,gpointer user_data
); void signon_identity_verify_secret (SignonIdentity *self
,const gchar *secret
,SignonIdentityVerifyCb cb
,gpointer user_data
);
The SignonIdentity objects represent identities and provide operations that can be performed on them such as identity creation, removal, starting an authentication session, and so on.
Identities can also be stored and retrieved from a gSSO database, in which
case they also contain a number of properties that can be retrieved
using signon_identity_query_info()
and are represented via SignonIdentityInfo.
Such identities are identified by a numeric id number and they are subject
to access control.
a new identity can be created with signon_identity_new()
. This operation
does not store the identity to the database, the identity is not visible
to other applications, and accordingly it is not subject to access control.
an authentication session can be started from an identity using
signon_identity_create_session()
or signon_auth_session_new()
. If the identity
has been retrieved from a database, only the authentication methods listed
in associated SignonIdentityInfo are allowed to be used.
identites stored in a database can be enumerated using
signon_auth_service_query_identities()
. Only the identites owned by the
requesting application are returned.
identities stored in a database can be retrieved using signon_identity_new_from_db()
,
subject to access control (an application performing that operation has to be
either the identity's owner, or it has to be on the ACL list).
newly created identities can be stored to the database, and identities already
in the database can be updated using signon_identity_store_credentials_with_info()
(with SignonIdentityInfo)
or signon_identity_store_credentials_with_args()
(with separate arguments that
together form the contents of SignonIdentityInfo). Only the owners can update
identites.
identites in the database can be removed by their owners using
signon_identity_remove()
.
identity owners can request to close all authentication sessions and
remove all secrets and tokens using signon_identity_signout()
.
These are the data fields that are stored into the database as a part of an
identity record using signon_identity_store_credentials_with_args()
or
signon_identity_store_credentials_with_info()
and can be retrieved using
signon_identity_query_info()
or signon_auth_service_query_identities()
:
Caption is a display name for the identity, presented to the user. Default value is an empty caption.
Realms is a list of realms that the identity can be used in. Interpretation of this field is up to the method. Typically it is a list of internet domains allowed for an authentication request. Default value is an empty list.
Type is a SignonIdentityType. Interpretation of this field is up to the application; gSSO does not use it. Default value is SIGNON_IDENTITY_TYPE_OTHER
Owner is a SignonSecurityContext object, which specifies the identity
owner. Owners are allowed to perform all of the operations on the identity
specified above. By default an identity's owner is determined by gSSO daemon
using system services for the system context, and a string supplied in
signon_identity_new()
for the application context.
ACL is a list of SignonSecurityContext objects, that specifies applications that can access the identity to perform authentication sessions. They're not allowed to make any changes to the identity. Default value is an empty list, and depending on how gSSO is configured it's also possible to provide a list with a wildcard item to relax the access control restriction (see SignonSecurityContext).
Methods is a GHashTable containing method names as keys, and lists of allowed mechanisms as values (also, a special value "*" means that any mechanism is allowed). Only those methods and mechanisms that are in the table are allowed to be used in authentication sessions. Default is an empty list.
Id is a numeric identification of the identity record in the database. The application cannot set this, as it's determined by the daemon.
Username is used to provide a username to authentication plugins after
issuing signon_auth_session_process_async()
. Applications can override this
by providing a username explicitly in the session_data
parameter to that
function. By default there is no username.
Secret is used in the same way as username, but it is write-only (cannot be retrieved from a SignonIdentityInfo). It is also possible to prevent secret from being stored in the database.
struct SignonIdentityClass { GObjectClass parent_class; };
Opaque struct. Use the accessor functions below.
GObjectClass |
reference to a parent class |
void (*SignonIdentityInfoCb) (SignonIdentity *self
,const SignonIdentityInfo *info
,const GError *error
,gpointer user_data
);
Callback to be passed to signon_identity_query_info()
.
|
the SignonIdentity. |
|
the SignonIdentityInfo for self . |
|
a GError if an error occurred, or NULL otherwise. |
|
the user data that was passed when installing this callback. |
typedef SignonIdentityVoidCb SignonIdentityReferenceAddedCb;
Callback to be passed to signon_identity_add_reference()
.
typedef SignonIdentityVoidCb SignonIdentityReferenceRemovedCb;
Callback to be passed to signon_identity_remove_reference()
.
typedef SignonIdentityVoidCb SignonIdentityRemovedCb;
Callback to be passed to signon_identity_remove()
.
void (*SignonIdentitySessionReadyCb) (SignonAuthSession *self
,GError *error
,GDBusConnection *connection
,const gchar *bus_name
,const gchar *object_path
);
Callback to be passed to signon_identity_get_auth_session()
.
|
the SignonAuthSession. |
|
a GError if an error occurred, or NULL otherwise. |
|
a GDBusConnection for the session. |
|
a D-Bus bus name for the session. |
|
a D-Bus object path for the session. |
typedef SignonIdentityVoidCb SignonIdentitySignedOutCb;
Callback to be passed to signon_identity_signout()
.
void (*SignonIdentityStoreCredentialsCb) (SignonIdentity *self
,guint32 id
,const GError *error
,gpointer user_data
);
Callback to be passed to signon_identity_store_credentials_with_args()
or
signon_identity_store_credentials_with_info()
.
void (*SignonIdentityVerifyCb) (SignonIdentity *self
,gboolean valid
,const GError *error
,gpointer user_data
);
Callback to be passed to signon_identity_verify_secret()
.
void (*SignonIdentityVoidCb) (SignonIdentity *self
,const GError *error
,gpointer user_data
);
Generic callback to be passed to several SignonIdentity methods.
void signon_identity_add_reference (SignonIdentity *self
,const gchar *reference
,SignonIdentityReferenceAddedCb cb
,gpointer user_data
);
Adds named reference to identity. Not currently supported by gSSO.
|
the SignonIdentity. |
|
reference to be added |
|
callback |
|
user_data. |
SignonAuthSession * signon_identity_create_session (SignonIdentity *self
,const gchar *method
,GError **error
);
Creates an authentication session for this identity. If the identity has been
retrieved from the database, the authentication method must be one of those
listed in signon_identity_info_get_methods()
, otherwise it can be any method
supported by gSSO.
|
the SignonIdentity. |
|
authentication method. |
|
pointer to a location which will receive the error, if any. |
Returns : |
a new SignonAuthSession. [transfer full] |
void signon_identity_get_auth_session (SignonIdentity *self
,SignonAuthSession *session
,const gchar *method
,SignonIdentitySessionReadyCb cb
);
Obtain a remote object for a local session object. Should not be used by applications.
|
the SignonIdentity. |
|
the SignonAuthSession object to get the remote object for. |
|
method name for the session. |
|
completion callback. [scope async] |
const GError * signon_identity_get_last_error (SignonIdentity *identity
);
Get the most recent error that occurred on identity
.
SignonIdentity * signon_identity_new (const gchar *application_context
);
Construct a new, empty, identity object. See SignonSecurityContext for a
discussion of application_context
contents. application_context
is used to set the identity's owner
if the identity is stored to the database with signon_identity_store_credentials_with_args()
or signon_identity_store_credentials_with_info()
.
|
application security context, can be NULL . |
Returns : |
an instance of an SignonIdentity. |
SignonIdentity * signon_identity_new_from_db (guint32 id
,const gchar *application_context
);
Construct an identity object associated with an existing identity
record. See SignonSecurityContext for a discussion of application_context
contents.
Together with the system context it is used to determine by the gSSO daemon
if the application can access the identity (the application needs to be either the
identity's owner or to be present on the ACL).
Applications can determine the id
either by enumerating the identities with
signon_auth_service_query_identities()
(if they're the owner of the identity)
or via other means (such as the system's accounts service, or an application
configuration).
|
identity ID. |
|
application security context, can be NULL . |
Returns : |
an instance of a SignonIdentity. |
void signon_identity_query_info (SignonIdentity *self
,SignonIdentityInfoCb cb
,gpointer user_data
);
Fetches the SignonIdentityInfo data associated with this identity.
|
the SignonIdentity. |
|
callback. [scope async] |
|
user_data. |
void signon_identity_remove (SignonIdentity *self
,SignonIdentityRemovedCb cb
,gpointer user_data
);
Removes the corresponding credentials record from the database.
|
the SignonIdentity. |
|
callback to be called when the operation has completed. [scope async] |
|
user_data to pass to the callback. |
void signon_identity_remove_reference (SignonIdentity *self
,const gchar *reference
,SignonIdentityReferenceRemovedCb cb
,gpointer user_data
);
Removes named reference from identity. Not currently supported by gSSO.
|
the SignonIdentity. |
|
reference to be removed |
|
callback |
|
user_data. |
void signon_identity_signout (SignonIdentity *self
,SignonIdentitySignedOutCb cb
,gpointer user_data
);
Asks signond to close all authentication sessions for this identity, and to remove any stored secrets associated with it (password and authentication tokens).
|
the SignonIdentity. |
|
callback. [scope async] |
|
user_data. |
void signon_identity_store_credentials_with_args (SignonIdentity *self
,const gchar *username
,const gchar *secret
,const gboolean store_secret
,const GHashTable *methods
,const gchar *caption
,const gchar * const *realms
,const SignonSecurityContext *owner
,const SignonSecurityContextList *access_control_list
,SignonIdentityType type
,SignonIdentityStoreCredentialsCb cb
,gpointer user_data
);
Stores the given data into the identity. See above for the meaning of the specific fields.
|
the SignonIdentity. |
|
username. [allow-none] |
|
secret. [allow-none] |
|
whether gSSO should save the password in secret storage. |
|
allowed methods. [transfer none][element-type utf8 GStrv] |
|
caption. [allow-none] |
|
realms. [allow-none] |
|
owner. [allow-none] |
|
access control list. [allow-none] |
|
the type of the identity. |
|
callback. [scope async] |
|
user_data. |
void signon_identity_store_credentials_with_info (SignonIdentity *self
,const SignonIdentityInfo *info
,SignonIdentityStoreCredentialsCb cb
,gpointer user_data
);
Stores the data contained in info
into the identity record in the database.
See above for the detailed discussion of the meaning of various fields and
their defaults.
|
the SignonIdentity. |
|
the SignonIdentityInfo data to store. |
|
callback. [scope async] |
|
user_data. |
void signon_identity_verify_secret (SignonIdentity *self
,const gchar *secret
,SignonIdentityVerifyCb cb
,gpointer user_data
);
Verifies the given secret. Not currently supported by gSSO.
|
the SignonIdentity. |
|
the secret (password) to be verified. |
|
callback. [scope async] |
|
user_data. |