GSignondIdentityInfo *info,
const GSignondSecurityContextList *acl);
-GSignondSecurityContextList *
-gsignond_identity_info_get_owner_list (GSignondIdentityInfo *info);
+GSignondSecurityContext *
+gsignond_identity_info_get_owner (GSignondIdentityInfo *info);
gboolean
-gsignond_identity_info_set_owner_list (
+gsignond_identity_info_set_owner (
GSignondIdentityInfo *info,
- const GSignondSecurityContextList *owner);
+ const GSignondSecurityContext *owner);
gboolean
gsignond_identity_info_get_validated (GSignondIdentityInfo *info);
GSequenceIter * iter = NULL;
GVariant *var = NULL;
GVariantBuilder builder;
- const gchar *item = NULL;
if (!seq) return NULL;
}
/**
- * gsignond_identity_info_get_owner_list:
+ * gsignond_identity_info_get_owner:
* @info: instance of #GSignondIdentityInfo
*
* Retrieves the id from the info.
*
- * Returns: (transfer full) the owner list if successful, NULL otherwise.
+ * Returns: (transfer full) the owner if successful, NULL otherwise.
* when done, owner list should be freed using
- * gsignond_security_context_list_free.
+ * gsignond_security_context_free.
*/
-GSignondSecurityContextList *
-gsignond_identity_info_get_owner_list (GSignondIdentityInfo *info)
+GSignondSecurityContext *
+gsignond_identity_info_get_owner (GSignondIdentityInfo *info)
{
GVariant *var = NULL;
var = gsignond_dictionary_get (info, GSIGNOND_IDENTITY_INFO_OWNER);
if (var != NULL) {
- return gsignond_security_context_list_from_variant (var);
+ return gsignond_security_context_from_variant (var);
}
return NULL;
}
/**
- * gsignond_identity_info_set_owner_list:
+ * gsignond_identity_info_set_owner:
* @info: instance of #GSignondIdentityInfo
*
- * @owners: (transfer none) owner list to be set
+ * @owners: (transfer none) owner to be set
*
- * Sets the owner list of the info.
+ * Sets the owner of the info.
*
* Returns: TRUE if successful, FALSE otherwise.
*/
gboolean
-gsignond_identity_info_set_owner_list (
+gsignond_identity_info_set_owner (
GSignondIdentityInfo *info,
- const GSignondSecurityContextList *owners)
+ const GSignondSecurityContext *owners)
{
g_return_val_if_fail (owners != NULL, FALSE);
return gsignond_dictionary_set (
info,
GSIGNOND_IDENTITY_INFO_OWNER,
- gsignond_security_context_list_to_variant (owners));
+ gsignond_security_context_to_variant (owners));
}
/**
gchar **allowed_mechanisms)
{
GSequence *mechanisms = NULL;
- GSequenceIter *iter = NULL;
gchar ** split_mechs = NULL;
GString* allowed_mechs = NULL;
gint i, j=0;
GSequence *info_realms = NULL, *other_realms = NULL;
GHashTable *info_methods = NULL, *other_methods = NULL;
GSignondSecurityContextList *info_acl = NULL, *other_acl = NULL;
- GSignondSecurityContextList *info_owners = NULL, *other_owners = NULL;
+ GSignondSecurityContext *info_owner = NULL, *other_owner = NULL;
gboolean equal = FALSE;
if (info == other)
info_acl = g_list_sort (
info_acl,
(GCompareFunc)gsignond_security_context_compare);
- other_acl = gsignond_identity_info_get_owner_list (other);
+ other_acl = gsignond_identity_info_get_access_control_list (other);
if (other_acl)
other_acl = g_list_sort (
other_acl,
return FALSE;
}
- info_owners = gsignond_identity_info_get_owner_list (info);
- if (info_owners)
- info_owners = g_list_sort (
- info_owners,
- (GCompareFunc)gsignond_security_context_compare);
- other_owners = gsignond_identity_info_get_owner_list (other);
- if (other_owners)
- other_owners = g_list_sort (
- other_owners,
- (GCompareFunc)gsignond_security_context_compare);
- equal = _gsignond_identity_info_sec_context_list_cmp (info_owners,
- other_owners);
- if (info_owners) gsignond_security_context_list_free (info_owners);
- if (other_owners) gsignond_security_context_list_free (other_owners);
+ info_owner = gsignond_identity_info_get_owner (info);
+ other_owner = gsignond_identity_info_get_owner (other);
+ equal = gsignond_security_context_match (info_owner, other_owner);
+ if (info_owner) gsignond_security_context_free (info_owner);
+ if (other_owner) gsignond_security_context_free (other_owner);
if (!equal) {
return FALSE;
}
}
/**
- * gsignond_db_credentials_database_get_owner_list:
+ * gsignond_db_credentials_database_get_owner:
*
* @self: instance of #GSignondDbCredentialsDatabase
* @identity_id: the id of the identity whose owner list is needed
*
- * Gets all the onwer list from the database into a list.
+ * Gets the onwer of the identity referred by @identity_id from the database.
*
- * Returns: (transfer full) the list #GSignondSecurityContextList if successful,
+ * Returns: (transfer full) the list #GSignondSecurityContext if successful,
* NULL otherwise. When done the list should be freed with
- * gsignond_identity_info_list_free
+ * gsignond_identity_info_free
*/
-GSignondSecurityContextList *
-gsignond_db_credentials_database_get_owner_list(
+GSignondSecurityContext *
+gsignond_db_credentials_database_get_owner(
GSignondDbCredentialsDatabase *self,
const guint32 identity_id)
{
g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
- return gsignond_db_metadata_database_get_owner_list (
+ return gsignond_db_metadata_database_get_owner (
self->priv->metadata_db, identity_id);
}
GSignondDbCredentialsDatabase *self,
const guint32 identity_id)
{
- GSignondSecurityContextList *list = NULL;
GSignondSecurityContext *ctx = NULL;
g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
- list = gsignond_db_metadata_database_get_owner_list (
+ ctx = gsignond_db_metadata_database_get_owner (
self->priv->metadata_db, identity_id);
- ctx = (GSignondSecurityContext *) g_list_first (list)->data;
- list = g_list_remove (list, ctx);
- gsignond_security_context_list_free (list);
return ctx;
}
GSignondDbCredentialsDatabase *self,
const guint32 identity_id);
-GSignondSecurityContextList *
-gsignond_db_credentials_database_get_owner_list(
+GSignondSecurityContext *
+gsignond_db_credentials_database_get_owner(
GSignondDbCredentialsDatabase *self,
const guint32 identity_id);
}
gboolean
-_gsignond_db_metadata_database_update_owners (
+_gsignond_db_metadata_database_update_owner (
GSignondDbMetadataDatabase *self,
GSignondIdentityInfo *identity,
- GSignondSecurityContextList *owners)
+ GSignondSecurityContext *owner)
{
- GSignondSecurityContextList *list = NULL;
- GSignondSecurityContext *ctx = NULL;
-
g_return_val_if_fail (GSIGNOND_DB_IS_METADATA_DATABASE (self), FALSE);
g_return_val_if_fail (identity != NULL, FALSE);
- if (!owners || g_list_length (owners) <= 0) {
- DBG ("NULL owners or no owners to be added to DB");
+ if (!owner) {
+ DBG ("no owner to be added to DB");
return FALSE;
}
- for (list = owners; list != NULL; list = g_list_next (list)) {
- ctx = (GSignondSecurityContext *) list->data;
- if (ctx->sys_ctx && strlen (ctx->sys_ctx) > 0) {
- _gsignond_db_metadata_database_exec (self,
+ if (owner->sys_ctx && strlen (owner->sys_ctx) > 0) {
+ _gsignond_db_metadata_database_exec (self,
"INSERT OR IGNORE INTO "
"SECCTX (sysctx, appctx) "
"VALUES (%Q, %Q);",
- ctx->sys_ctx, ctx->app_ctx);
- }
+ owner->sys_ctx, owner->app_ctx);
}
return TRUE;
guint32 ret = 0;
GHashTable *methods = NULL;
GSequence *realms = NULL;
- GSignondSecurityContextList *acl = NULL, *owners = NULL, *list = NULL;
+ GSignondSecurityContextList *acl = NULL, *list = NULL;
+ GSignondSecurityContext *owner = NULL;
GHashTableIter method_iter;
const gchar *method = NULL;
GSequence *mechanisms = NULL;
goto finished;
}
- /* owners */
- owners = gsignond_identity_info_get_owner_list (identity);
- if (!_gsignond_db_metadata_database_update_owners (self, identity, owners)){
- DBG ("Update owner list failed");
+ /* owner */
+ owner = gsignond_identity_info_get_owner (identity);
+ if (!_gsignond_db_metadata_database_update_owner (self, identity, owner)){
+ DBG ("Update owner failed");
gsignond_db_sql_database_rollback_transaction (sql);
goto finished;
}
}
}
- /* insert owner list */
- for (list = owners; list != NULL; list = g_list_next (list)) {
- GSignondSecurityContext *ctx = NULL;
- ctx = (GSignondSecurityContext *) list->data;
- _gsignond_db_metadata_database_exec (self,
+ /* insert owner */
+ _gsignond_db_metadata_database_exec (self,
"INSERT OR REPLACE INTO OWNER "
"(identity_id, secctx_id) "
"VALUES ( %u, "
"( SELECT id FROM SECCTX WHERE sysctx = %Q AND appctx = %Q ));",
- id, ctx->sys_ctx, ctx->app_ctx);
- }
+ id, owner->sys_ctx, owner->app_ctx);
if (gsignond_db_sql_database_commit_transaction (sql)) {
DBG ("Identity updated");
if (methods) g_hash_table_unref (methods);
if (realms) g_sequence_free (realms);
if (acl) gsignond_security_context_list_free (acl);
- if (owners) gsignond_security_context_list_free (owners);
+ if (owner) gsignond_security_context_free (owner);
return ret;
}
GHashTableIter iter;
gchar *method = NULL;
gint method_id = 0;
- GSignondSecurityContextList *acl = NULL, *owners = NULL;
+ GSignondSecurityContextList *acl = NULL;
+ GSignondSecurityContext *owner = NULL;
g_return_val_if_fail (GSIGNOND_DB_IS_METADATA_DATABASE (self), NULL);
RETURN_IF_NOT_OPEN (GSIGNOND_DB_SQL_DATABASE (self), NULL);
gsignond_security_context_list_free (acl);
}
- /*owners*/
- owners = gsignond_db_metadata_database_get_owner_list (self,
+ /*owner*/
+ owner = gsignond_db_metadata_database_get_owner (self,
identity_id);
- if (owners) {
- gsignond_identity_info_set_owner_list (identity, owners);
- gsignond_security_context_list_free (owners);
+ if (owner) {
+ gsignond_identity_info_set_owner (identity, owner);
+ gsignond_security_context_free (owner);
}
/*methods*/
}
/**
- * gsignond_db_metadata_database_get_owner_list:
+ * gsignond_db_metadata_database_get_owner:
*
* @self: instance of #GSignondDbMetadataDatabase
* @identity_id: the id of the identity whose owner list is needed
*
- * Gets all the onwer list from the database into a list.
+ * Gets the onwer of identity referred by @identity_id from the database.
*
- * Returns: (transfer full) the list #GSignondSecurityContextList if successful,
+ * Returns: (transfer full) the #GSignondSecurityContext if successful,
* NULL otherwise. When done the list should be freed with
- * gsignond_identity_info_list_free
+ * gsignond_identity_info_free
*/
-GSignondSecurityContextList *
-gsignond_db_metadata_database_get_owner_list(
+GSignondSecurityContext *
+gsignond_db_metadata_database_get_owner(
GSignondDbMetadataDatabase *self,
const guint32 identity_id)
{
- GSignondSecurityContextList *list = NULL;
GHashTable *tuples = NULL;
gchar *query = NULL;
- GHashTableIter iter;
- const gchar *sysctx = NULL, *appctx = NULL;
GSignondSecurityContext *ctx = NULL;
g_return_val_if_fail (GSIGNOND_DB_IS_METADATA_DATABASE (self), FALSE);
sqlite3_free (query);
if (tuples) {
+ GHashTableIter iter;
+ const gchar *sysctx = NULL, *appctx = NULL;
g_hash_table_iter_init(&iter, tuples);
while (g_hash_table_iter_next (&iter, (gpointer *)&sysctx,
(gpointer *)&appctx)) {
ctx = gsignond_security_context_new_from_values (sysctx, appctx);
- list = g_list_append (list, ctx);
+ break;
}
g_hash_table_unref (tuples);
}
- return list;
+ return ctx;
}
GSignondDbMetadataDatabase *self,
const guint32 identity_id);
-GSignondSecurityContextList *
-gsignond_db_metadata_database_get_owner_list(
+GSignondSecurityContext *
+gsignond_db_metadata_database_get_owner(
GSignondDbMetadataDatabase *self,
const guint32 identity_id);
#include "gsignond/gsignond-config.h"
#include "gsignond/gsignond-log.h"
+#include "gsignond/gsignond-error.h"
#include "gsignond/gsignond-extension-interface.h"
#include "daemon/gsignond-identity.h"
#include "daemon/dbus/gsignond-dbus-auth-service-adapter.h"
object_class->finalize = _finalize;
}
-static void
+static gboolean
_on_remove_identity (GSignondIdentity *identity, gpointer data)
{
GSignondDaemon *daemon = GSIGNOND_DAEMON (data);
gsignond_identity_get_id (identity)) == TRUE) {
g_object_unref (G_OBJECT (identity));
+
+ return TRUE;
}
+
+ return FALSE;
}
static void
static const gchar *
_register_new_identity (GSignondAuthServiceIface *self,
- const GSignondSecurityContext *ctx)
+ const GSignondSecurityContext *ctx,
+ GError **error)
{
+ if (G_LIKELY ((self && GSIGNOND_IS_DAEMON (self)) == 0)) {
+ WARN ("assertion failed G_LIKELY(self && GSIGNOND_IS_DAEMON (self) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return NULL;
+ }
+
GSignondDaemon *daemon = GSIGNOND_DAEMON (self);
const gchar *app_context = ctx ? gsignond_security_context_get_application_context (ctx) : "";
gint timeout = gsignond_config_get_integer (daemon->priv->config, GSIGNOND_CONFIG_DBUS_IDENTITY_TIMEOUT);
GSignondIdentityInfo *info = gsignond_dictionary_new ();
GSignondIdentity *identity = NULL;
- GSignondSecurityContextList *owners = NULL;
+ GSignondSecurityContext *owner = NULL;
+ GSignondSecurityContextList *acl = NULL;
- owners = g_list_append (NULL, (gpointer) ctx ? gsignond_security_context_copy (ctx)
- : gsignond_security_context_new_from_values ("*", NULL));
+ owner = ctx ? gsignond_security_context_copy (ctx)
+ : gsignond_security_context_new_from_values ("*", NULL);
- gsignond_identity_info_set_owner_list (info, owners);
- gsignond_identity_info_set_access_control_list (info, owners);
- gsignond_security_context_list_free (owners);
+ gsignond_identity_info_set_owner (info, owner);
+
+ acl = (GSignondSecurityContextList *)g_list_append (NULL, owner);
+ gsignond_identity_info_set_access_control_list (info, acl);
+ gsignond_security_context_free (owner);
+ g_list_free (acl);
identity = gsignond_identity_new (self, info, app_context, timeout);
if (identity == NULL) {
+ gsignond_dictionary_free (info);
ERR("Unable to register new identity");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_INTERNAL_SERVER, "Internal server error");
return NULL;
}
_get_identity (GSignondAuthServiceIface *iface,
const guint32 id,
const GSignondSecurityContext *ctx,
- GVariant **identity_data)
+ GVariant **identity_data,
+ GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_DAEMON (iface)) == 0)) {
+ WARN ("assertion G_LIKELY(iface && GSIGNOND_IS_DAEMON (iface) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return NULL;
+ }
+
GSignondDaemon *self = GSIGNOND_DAEMON (iface);
GSignondIdentity *identity = NULL;
GSignondIdentityInfo *identity_info = NULL;
gboolean valid = gsignond_access_control_manager_peer_is_allowed_to_use_identity (acm, ctx, acl); \
gsignond_security_context_list_free (acl); \
if (!valid) { \
+ WARN ("identity access check failed"); \
gsignond_dictionary_free (info); \
- /* TODO: throw access error */ \
+ if (error) { \
+ *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_PERMISSION_DENIED, "Can not read identity"); \
+ } \
return ret; \
} \
}
if (identity_data) *identity_data = NULL;
- g_return_val_if_fail (self && self->priv, NULL);
-
identity_info = gsignond_db_credentials_database_load_identity (
self->priv->db, id, TRUE);
- if (!identity_info) return NULL;
+ if (!identity_info) {
+ if (error) {
+ const GError *err = gsignond_db_credentials_database_get_last_error (self->priv->db);
+ *error = err ? g_error_copy (err) : gsignond_get_gerror_for_id (
+ GSIGNOND_ERROR_IDENTITY_NOT_FOUND, "identity not found with id '%d'", id);
+ }
+ return NULL;
+ }
VALIDATE_IDENTITY_READ_ACCESS (identity_info, ctx, NULL);
identity = gsignond_identity_new (iface, identity_info, app_context, timeout);
if (!identity) {
gsignond_identity_info_free (identity_info);
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_INTERNAL_SERVER, "Internal server error");
return NULL;
}
}
static const gchar **
-_query_methods (GSignondAuthServiceIface *self)
+_query_methods (GSignondAuthServiceIface *self, GError **error)
{
- g_return_val_if_fail (self && GSIGNOND_IS_DAEMON (self), NULL);
+ if (G_LIKELY ((self && GSIGNOND_IS_DAEMON (self)) == 0)) {
+ WARN ("assertion G_LIKELY ((self && GSIGNOND_IS_DAEMON(self)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return NULL;
+ }
+
GSignondDaemon *daemon = GSIGNOND_DAEMON (self);
return gsignond_plugin_proxy_factory_get_plugin_types (
}
static const gchar **
-_query_mechanisms (GSignondAuthServiceIface *self, const gchar *method)
+_query_mechanisms (GSignondAuthServiceIface *self, const gchar *method, GError **error)
{
- g_return_val_if_fail (self && GSIGNOND_IS_DAEMON (self), NULL);
+ if (G_LIKELY ((self && GSIGNOND_IS_DAEMON (self)) == 0)) {
+ WARN ("assertion G_LIKELY (self && GSIGNOND_IS_DAEMON(self)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return NULL;
+ }
+
GSignondDaemon *daemon = GSIGNOND_DAEMON (self);
- return gsignond_plugin_proxy_factory_get_plugin_mechanisms (
+ const gchar **mechanisms = gsignond_plugin_proxy_factory_get_plugin_mechanisms (
daemon->priv->plugin_proxy_factory, method);
+
+ if (!mechanisms || mechanisms[0] == NULL) {
+ DBG("no mechanisms found for method '%s'", method);
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_METHOD_NOT_KNOWN, "method '%s' not found", method);
+ }
+
+ return mechanisms;
}
static GVariant *
-_query_identities (GSignondAuthServiceIface *self, const GVariant *filter)
+_query_identities (GSignondAuthServiceIface *self, const GVariant *filter, GError **error)
{
- (void)self;
+ if (G_LIKELY ((self && GSIGNOND_IS_DAEMON (self)) == 0)) {
+ WARN ("assertion G_LIKELY (self && GSIGNOND_IS_DAEMON(self)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return NULL;
+ }
(void)filter;
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (self));
}
static gboolean
-_clear (GSignondAuthServiceIface *self)
+_clear (GSignondAuthServiceIface *self, GError **error)
{
- (void)self;
+ if (G_LIKELY ((self && GSIGNOND_IS_DAEMON (self)) == 0)) {
+ WARN ("assertion G_LIKELY (self && GSIGNOND_IS_DAEMON(self)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return FALSE;
+ }
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (self));
#include <string.h>
#include "gsignond/gsignond-log.h"
+#include "gsignond/gsignond-error.h"
#include "gsignond-identity-iface.h"
#include "dbus/gsignond-dbus.h"
gboolean valid = gsignond_access_control_manager_peer_is_allowed_to_use_identity (acm, ctx, acl); \
gsignond_security_context_list_free (acl); \
if (!valid) { \
- /* TODO: throw access error */ \
+ WARN ("cannot access identity."); \
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_PERMISSION_DENIED, "identity can not be accessed"); \
return ret; \
} \
}
#define VALIDATE_IDENTITY_WRITE_ACCESS(identity, ctx, ret) \
{ \
GSignondAccessControlManager *acm = gsignond_auth_service_iface_get_acm (identity->priv->owner); \
- GSignondSecurityContextList *owners = gsignond_identity_info_get_owner_list (identity->priv->info); \
- const GSignondSecurityContext *owner = (const GSignondSecurityContext *)g_list_first (owners); \
+ GSignondSecurityContext *owner = gsignond_identity_info_get_owner (identity->priv->info); \
gboolean valid = gsignond_access_control_manager_peer_is_owner_of_identity (acm, ctx, owner); \
- gsignond_security_context_list_free (owners); \
+ gsignond_security_context_free (owner); \
if (!valid) { \
- /* TODO: throw access error */ \
+ WARN ("is_owner_of_identity check failed."); \
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_PERMISSION_DENIED, "identity can not be accessed"); \
return ret; \
} \
}
gboolean valid = gsignond_access_control_manager_acl_is_valid (acm, ctx, acl); \
gsignond_security_context_list_free (acl); \
if (!valid) { \
- /* TODO: throw access error */ \
+ WARN ("acl validity check failed."); \
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_PERMISSION_DENIED, "invalid access control list"); \
return ret; \
} \
}
}
static gboolean
-_request_credentials_update (GSignondIdentityIface *iface, const gchar *message, const GSignondSecurityContext *ctx)
+_request_credentials_update (GSignondIdentityIface *iface, const gchar *message, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_IDENTITY (iface)) == 0)) {
+ WARN ("assertion G_LIKELTY ((iface && GSIGNOND_IS_IDENTITY(iface)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return FALSE;
+ }
+
GSignondIdentity *identity = GSIGNOND_IDENTITY (iface);
- if (!identity || !identity->priv->info) {
- /*
- * TODO: throw error
- */
+ if (G_LIKELY ((identity && identity->priv->info) == 0)) {
+ WARN ("assertion G_LIKELTY ((identity && identity->priv->info) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_IDENTITY_ERR, "Identity not found.");
return FALSE;
}
+
VALIDATE_IDENTITY_READ_ACCESS (identity, ctx, FALSE);
if (!gsignond_identity_info_get_store_secret (identity->priv->info)) {
- /*
- * TODO: throw error
- */
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_CREDENTIALS_NOT_AVAILABLE, "Password can not be stored.");
return FALSE;
}
}
static GVariant *
-_get_info (GSignondIdentityIface *iface, const GSignondSecurityContext *ctx)
+_get_info (GSignondIdentityIface *iface, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_IDENTITY (iface)) == 0)) {
+ WARN ("assertion G_LIKELTY ((iface && GSIGNOND_IS_IDENTITY(iface)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return FALSE;
+ }
+
GSignondIdentity *identity = GSIGNOND_IDENTITY (iface);
GVariant *info = NULL;
+ gchar *secret = 0;
+ gchar *username = 0;
- if (identity->priv->info) {
- gchar *secret = 0;
- gchar *username = 0;
-
- VALIDATE_IDENTITY_READ_ACCESS (identity, ctx, NULL);
+ if (G_UNLIKELY (identity->priv->info != 0)) {
+ WARN ("assertion G_UNLIKELTY (identity->priv->info != 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_IDENTITY_ERR, "Identity not found.");
+ return NULL;
+ }
- secret = g_strdup (gsignond_identity_info_get_secret (identity->priv->info));
+ VALIDATE_IDENTITY_READ_ACCESS (identity, ctx, NULL);
- /* unset password */
- gsignond_identity_info_set_secret (identity->priv->info, "");
+ secret = g_strdup (gsignond_identity_info_get_secret (identity->priv->info));
- /* unset username if its secret */
- if (gsignond_identity_info_get_is_username_secret (identity->priv->info)) {
- username = g_strdup (gsignond_identity_info_get_username (identity->priv->info));
- gsignond_identity_info_set_username (identity->priv->info, "");
- }
+ /* unset password */
+ gsignond_identity_info_set_secret (identity->priv->info, "");
- /* prepare identity info, excluding password and username if secret */
- info = gsignond_dictionary_to_variant (identity->priv->info);
+ /* unset username if its secret */
+ if (gsignond_identity_info_get_is_username_secret (identity->priv->info)) {
+ username = g_strdup (gsignond_identity_info_get_username (identity->priv->info));
+ gsignond_identity_info_set_username (identity->priv->info, "");
+ }
- /* reset password back */
- if (secret) {
- gsignond_identity_info_set_secret (identity->priv->info, secret);
- g_free (secret);
- }
+ /* prepare identity info, excluding password and username if secret */
+ info = gsignond_dictionary_to_variant (identity->priv->info);
+ if (G_UNLIKELY (info != 0)) {
+ WARN ("identity info to variant convertion failed.");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_IDENTITY_ERR, "Identity internal eror.");
+ return NULL;
+ }
+ /* reset password back */
+ if (secret) {
+ gsignond_identity_info_set_secret (identity->priv->info, secret);
+ g_free (secret);
+ }
- /* reset username back */
- if (username) {
- gsignond_identity_info_set_username (identity->priv->info, username);
- g_free (username);
- }
+ /* reset username back */
+ if (username) {
+ gsignond_identity_info_set_username (identity->priv->info, username);
+ g_free (username);
}
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (identity));
}
static const gchar *
-_get_auth_session (GSignondIdentityIface *iface, const gchar *method, const GSignondSecurityContext *ctx)
+_get_auth_session (GSignondIdentityIface *iface, const gchar *method, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_IDENTITY (iface)) == 0)) {
+ WARN ("assertion G_LIKELTY ((iface && GSIGNOND_IS_IDENTITY(iface)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return FALSE;
+ }
GSignondIdentity *identity = GSIGNOND_IDENTITY (iface);
GSignondAuthSession *session = NULL;
const gchar *object_path = NULL;
+ GHashTable *supported_methods = NULL;
+ gboolean method_available = FALSE;
+
+ if (G_LIKELY (method == 0)) {
+ WARN ("assertion G_LIKELY(method == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_METHOD_NOT_KNOWN,
+ "authentication method not provided");
+ return NULL;
+ }
+
+ supported_methods = gsignond_identity_info_get_methods (identity->priv->info);
+
+ if (supported_methods) {
+ method_available = g_hash_table_contains (supported_methods, method);
+ g_hash_table_unref (supported_methods);
+ } else method_available = FALSE;
+
+ if (!method_available) {
+ WARN ("authentication method '%s' is not supported", method);
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_METHOD_NOT_AVAILABLE,
+ "authentication method '%s' not supported for this identity", method);
+ return NULL;
+ }
- g_return_val_if_fail (iface, NULL);
- g_return_val_if_fail (method, NULL);
VALIDATE_IDENTITY_READ_ACCESS (identity, ctx, NULL);
session = gsignond_auth_session_new (gsignond_identity_info_get_id(
identity->priv->info), method);
- if (!session)
+ if (!session) {
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
return NULL;
+ }
object_path = gsignond_auth_session_get_object_path (session);
}
static gboolean
-_verify_user (GSignondIdentityIface *iface, const GVariant *params, const GSignondSecurityContext *ctx)
+_verify_user (GSignondIdentityIface *iface, const GVariant *params, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_IDENTITY (iface)) == 0)) {
+ WARN ("assertion G_LIKELTY ((iface && GSIGNOND_IS_IDENTITY(iface)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return FALSE;
+ }
GSignondIdentity *identity = GSIGNOND_IDENTITY (iface);
const gchar *passwd = 0;
-
- if (!identity || !identity->priv->info) {
- /*
- * TODO: throw error
- */
+ if (G_UNLIKELY (identity->priv->info != 0)) {
+ WARN ("assertion G_UNLIKELTY (identity->priv->info != 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_IDENTITY_ERR, "Identity not found.");
return FALSE;
}
if (!gsignond_identity_info_get_store_secret (identity->priv->info) ||
!(passwd = gsignond_identity_info_get_secret (identity->priv->info)) ||
!strlen (passwd)) {
- /*
- * TODO: password not stored to verify credentials, throw error
- */
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_CREDENTIALS_NOT_AVAILABLE,
+ "user can not be verified as credentials are not stored");
return FALSE;
}
}
static gboolean
-_verify_secret (GSignondIdentityIface *iface, const gchar *secret, const GSignondSecurityContext *ctx)
+_verify_secret (GSignondIdentityIface *iface, const gchar *secret, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_IDENTITY (iface)) == 0)) {
+ WARN ("assertion G_LIKELTY ((iface && GSIGNOND_IS_IDENTITY(iface)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return FALSE;
+ }
GSignondIdentity *identity = GSIGNOND_IDENTITY(iface);
VALIDATE_IDENTITY_READ_ACCESS (identity, ctx, FALSE);
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Not supported");
+
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (identity));
return FALSE;
}
static gboolean
-_sign_out (GSignondIdentityIface *iface, const GSignondSecurityContext *ctx)
+_sign_out (GSignondIdentityIface *iface, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_IDENTITY (iface))) == 0) {
+ WARN ("assertion G_LIKELTY ((iface && GSIGNOND_IS_IDENTITY(iface)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return FALSE;
+ }
GSignondIdentity *identity = GSIGNOND_IDENTITY(iface);
gboolean success = FALSE;
/*
* TODO: close all auth_sessions and emit "identity-signed-out"
*/
-
g_signal_emit (iface,
signals[SIG_SIGNOUT],
0,
&success);
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Not supported");
+
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (identity));
return success;
}
static guint32
-_store (GSignondIdentityIface *iface, const GVariant *info, const GSignondSecurityContext *ctx)
+_store (GSignondIdentityIface *iface, const GVariant *info, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_IDENTITY (iface)) == 0)) {
+ WARN ("assertion G_LIKELY ((iface && GSIGNOND_IS_IDENTITY(iface)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return 0;
+ }
GSignondIdentity *identity = GSIGNOND_IDENTITY(iface);
GSignondIdentityInfo *identity_info = NULL;
gboolean was_new_identity = FALSE;
GSignondSecurityContextList *contexts = NULL;
+ GSignondSecurityContext *owner = NULL;
guint32 id;
VALIDATE_IDENTITY_WRITE_ACCESS (identity, ctx, 0);
}
/* Add creater to owner list */
- contexts = gsignond_identity_info_get_owner_list (identity_info);
- if (!contexts) {
- contexts = gsignond_identity_info_get_owner_list (identity->priv->info);
+ owner = gsignond_identity_info_get_owner (identity_info);
+ if (!owner) {
+ owner = gsignond_identity_info_get_owner (identity->priv->info);
- gsignond_identity_info_set_owner_list (identity_info, contexts);
+ gsignond_identity_info_set_owner (identity_info, owner);
}
- gsignond_security_context_list_free (contexts);
-
/* update object cache */
if (identity->priv->info) gsignond_identity_info_free (identity->priv->info);
identity->priv->info = identity_info;
identity_info,
&id);
- if (was_new_identity)
- gsignond_identity_set_id (identity, id);
+ if (!id) {
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_STORE_FAILED,
+ "Failed to store identity");
+ }
+ else {
+ if (was_new_identity)
+ gsignond_identity_set_id (identity, id);
- gsignond_identity_iface_notify_info_updated (iface, GSIGNOND_IDENTITY_DATA_UPDATED);
+ gsignond_identity_iface_notify_info_updated (iface, GSIGNOND_IDENTITY_DATA_UPDATED);
+ }
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (identity));
return id;
}
-static void
-_remove (GSignondIdentityIface *iface, const GSignondSecurityContext *ctx)
+static gboolean
+_remove (GSignondIdentityIface *iface, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_LIKELY ((iface && GSIGNOND_IS_IDENTITY (iface)) == 0)) {
+ WARN ("assertion G_LIKELY ((iface && GSIGNOND_IS_IDENTITY(iface)) == 0) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return 0;
+ }
GSignondIdentity *identity = GSIGNOND_IDENTITY(iface);
+ gboolean is_removed = FALSE;
- VALIDATE_IDENTITY_WRITE_ACCESS (identity, ctx, );
+ VALIDATE_IDENTITY_WRITE_ACCESS (identity, ctx, FALSE);
g_signal_emit (identity,
signals[SIG_REMOVE],
0,
- identity->priv->info,
- NULL);
+ &is_removed);
- gsignond_identity_iface_notify_info_updated (iface, GSIGNOND_IDENTITY_REMOVED);
+ if (is_removed)
+ gsignond_identity_iface_notify_info_updated (iface, GSIGNOND_IDENTITY_REMOVED);
+ else if (error)
+ *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_REMOVE_FAILED, "failed to remove identity");
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (identity));
+
+ return is_removed;
}
static gint32
-_add_reference (GSignondIdentityIface *iface, const gchar *reference, const GSignondSecurityContext *ctx)
+_add_reference (GSignondIdentityIface *iface, const gchar *reference, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_UNLIKELY (iface && GSIGNOND_IS_IDENTITY (iface))) {
+ WARN ("assertion G_UNLIKELTY (iface && GSIGNOND_IS_IDENTITY(iface)) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return 0;
+ }
GSignondIdentity *identity = GSIGNOND_IDENTITY(iface);
- gint32 res;
+ gint32 res = 0;
VALIDATE_IDENTITY_READ_ACCESS (identity, ctx, 0);
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (identity));
+ if (res == 0) {
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ }
+
return res;
}
static gint32
-_remove_reference (GSignondIdentityIface *iface, const gchar *reference, const GSignondSecurityContext *ctx)
+_remove_reference (GSignondIdentityIface *iface, const gchar *reference, const GSignondSecurityContext *ctx, GError **error)
{
+ if (G_UNLIKELY (iface && GSIGNOND_IS_IDENTITY (iface))) {
+ WARN ("assertion G_UNLIKELTY (iface && GSIGNOND_IS_IDENTITY(iface)) failed");
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_UNKNOWN, "Unknown error");
+ return 0;
+ }
+
GSignondIdentity *identity = GSIGNOND_IDENTITY(iface);
- gint32 res;
+ gint32 res = 0;
VALIDATE_IDENTITY_READ_ACCESS (identity, ctx, 0);
g_signal_emit (iface,
- signals[SIG_REMOVE_REFERENCE],
- 0,
- reference,
- &res);
+ signals[SIG_REMOVE_REFERENCE],
+ 0,
+ reference,
+ &res);
gsignond_disposable_set_keep_in_use (GSIGNOND_DISPOSABLE (identity));
+ if (res == 0) {
+ if (error) *error = gsignond_get_gerror_for_id (GSIGNOND_ERROR_REFERENCE_NOT_FOUND,
+ "reference '%s' not found", reference);
+ }
return res;
}
return identity;
}
-
#include "daemon/db/gsignond-db-secret-cache.h"
static GSequence*
-_sequence_new (guint8 *data)
+_sequence_new (gchar *data)
{
GSequence *value = NULL;
value = g_sequence_new (NULL);
- g_sequence_append (value, data);
+ g_sequence_append (value, (guint8 *)data);
return value;
}
gboolean add_methods,
gboolean add_realms,
gboolean add_acl,
- gboolean add_owners)
+ gboolean add_owner)
{
- guint32 id = 0;
guint32 type = 456;
const gchar *username = "username1";
const gchar *secret = "secret1";
const gchar *caption = "caption1";
- const gchar *method1 = "method1";
GSignondIdentityInfo *identity = NULL;
- GSignondSecurityContextList *ctx_list;
- GSignondSecurityContext *ctx, *ctx1, *ctx2, *ctx3 ;
+ GSignondSecurityContextList *ctx_list = NULL;
+ GSignondSecurityContext *ctx1, *ctx2, *ctx3 ;
GHashTable *methods = NULL;
GSequence *seq1 = NULL, *seq_realms;
identity = *identity_inp;
}
/*owners*/
- if (add_owners) {
- gsignond_identity_info_set_owner_list (identity, ctx_list);
+ if (add_owner) {
+ gsignond_identity_info_set_owner (identity, ctx1);
}
gsignond_security_context_list_free (ctx_list);
const gchar *username = "username1";
const gchar *secret = "secret1";
const gchar *caption = "caption1";
- const gchar *method1 = "method1";
GSignondIdentityInfo *identity = NULL;
GSignondIdentityInfo *identity2 = NULL;
- GSignondSecurityContextList *ctx_list, *list;
+ GSignondSecurityContextList *ctx_list = NULL, *list = NULL;
GSignondSecurityContext *ctx, *ctx1, *ctx2, *ctx3 ;
GHashTable *methods = NULL, *methods2;
GSequence *seq1 = NULL, *seq_realms, *seq21, *mechs;
identity, "testmech") == NULL);
fail_unless (gsignond_identity_info_get_access_control_list (
identity) == NULL);
- fail_unless (gsignond_identity_info_get_owner_list (identity) == NULL);
+ fail_unless (gsignond_identity_info_get_owner (identity) == NULL);
fail_unless (gsignond_identity_info_get_validated (identity) == FALSE);
fail_unless (gsignond_identity_info_get_identity_type (identity) == -1);
gsignond_security_context_list_free (list); list = NULL;
/*owners*/
- fail_unless (gsignond_identity_info_set_owner_list (
- identity, ctx_list) == TRUE);
- list = gsignond_identity_info_get_owner_list (identity);
- fail_if (list == NULL);
- list2 = g_list_nth (list, 0);
- ctx = (GSignondSecurityContext *) list2->data;
+ fail_unless (gsignond_identity_info_set_owner (
+ identity, ctx1) == TRUE);
+ ctx = gsignond_identity_info_get_owner (identity);
+ fail_if (ctx == NULL);
fail_unless (gsignond_security_context_compare (ctx, ctx1) == 0);
- list2 = g_list_nth (list, 1);
- ctx = (GSignondSecurityContext *) list2->data;
- fail_unless (gsignond_security_context_compare (ctx, ctx2) == 0);
- list2 = g_list_nth (list, 2);
- ctx = (GSignondSecurityContext *) list2->data;
- fail_unless (gsignond_security_context_compare (ctx, ctx3) == 0);
- gsignond_security_context_list_free (list); list = NULL;
- gsignond_security_context_list_free (ctx_list);
+ gsignond_security_context_free (ctx); ctx = NULL;
fail_unless (gsignond_identity_info_set_validated (
identity, FALSE) == TRUE);
{
GSignondDbSecretDatabase *database = NULL;
GSignondConfig *config = NULL;
- gchar *filename = NULL, *query;
+ gchar *filename = NULL;
const gchar *dir = NULL;
- GString *un = NULL;
- GString *pass = NULL;
GSignondCredentials *creds = NULL;
- GSignondCredentials *creds1 = NULL;
guint32 id = 1, method = 2;
GHashTable *data = NULL;
GHashTable *data2 = NULL;
- GHashTableIter iter;
- GString *key = NULL;
- GByteArray *value = NULL;
Data input;
sqlite3_stmt *stmt = NULL;
gint status=0;
{
GSignondSecretStorage *storage = NULL;
GSignondConfig *config = NULL;
- GString *un = NULL;
- GString *pass = NULL;
GSignondCredentials *creds = NULL;
- GSignondCredentials *creds1 = NULL;
guint32 id = 1, method = 2;
GHashTable *data = NULL;
GHashTable *data2 = NULL;
- GHashTableIter iter;
- GString *key =NULL;
- GByteArray *value =NULL;
Data input;
config = gsignond_config_new ();
GSignondIdentityInfoList *identities = NULL;
GSignondSecurityContext *ctx1 = NULL;
GList *methods = NULL, *reflist = NULL;
- GSignondSecurityContextList *acl, *owners;
+ GSignondSecurityContextList *acl;
+ GSignondSecurityContext *owner = NULL;
config = gsignond_config_new ();
GSignondDbMetadataDatabase* metadata_db = NULL;
metadata_db, identity_id, ctx1) == NULL);
fail_unless (gsignond_db_metadata_database_get_accesscontrol_list (
metadata_db, identity_id) == NULL);
- fail_unless (gsignond_db_metadata_database_get_owner_list (
+ fail_unless (gsignond_db_metadata_database_get_owner (
metadata_db, identity_id) == NULL);
fail_unless (gsignond_db_metadata_database_open (metadata_db) == TRUE);
fail_unless (gsignond_db_metadata_database_get_accesscontrol_list (
metadata_db, identity_id) == NULL);
- fail_unless (gsignond_db_metadata_database_get_owner_list (
+ fail_unless (gsignond_db_metadata_database_get_owner (
metadata_db, identity_id) == NULL);
fail_unless (gsignond_db_metadata_database_get_method_id (
metadata_db, method1, &methodid) == TRUE);
fail_unless (methodid == gsignond_db_metadata_database_get_method_id (
- metadata_db, method1) == TRUE);
+ metadata_db, method1));
/*update_identity*/
identity = _get_filled_identity_info_2 (&identity,
fail_if (acl == NULL);
gsignond_security_context_list_free (acl);
- /*owners*/
- owners = gsignond_db_metadata_database_get_owner_list (metadata_db,
+ /*owner*/
+ owner = gsignond_db_metadata_database_get_owner (metadata_db,
identity_id);
- fail_if (owners == NULL);
- gsignond_security_context_list_free (owners);
+ fail_if (owner == NULL);
+ gsignond_security_context_free (owner);
fail_unless (gsignond_db_metadata_database_remove_identity (
metadata_db, identity_id) == TRUE);
START_TEST (test_credentials_database)
{
GSignondConfig *config = NULL;
- guint32 methodid = 0;
guint32 identity_id = 5;
- const gchar *method1 = "method1";
GSignondIdentityInfo *identity = NULL, *identity2= NULL;
GSignondIdentityInfoList *identities = NULL;
GSignondSecurityContext *ctx1 = NULL;
GList *methods = NULL, *reflist = NULL;
- GSignondSecurityContextList *acl, *owners;
- GSignondSecurityContext *owner;
+ GSignondSecurityContextList *acl = NULL ;
+ GSignondSecurityContext *owner = NULL;
GSignondDbCredentialsDatabase *credentials_db = NULL;
GSignondSecretStorage *storage =NULL;
GHashTable *data = NULL;
fail_if (acl == NULL);
gsignond_security_context_list_free (acl);
- owners = gsignond_db_credentials_database_get_owner_list (
+ owner = gsignond_db_credentials_database_get_owner (
credentials_db, identity_id);
- fail_if (owners == NULL);
- gsignond_security_context_list_free (owners);
+ fail_if (owner == NULL);
+ gsignond_security_context_free (owner);
owner = gsignond_db_credentials_database_get_identity_owner (
credentials_db, identity_id);