From 625bc4459722c3da77eb97a40ca59798957817d0 Mon Sep 17 00:00:00 2001 From: Jussi Laako Date: Tue, 27 Nov 2012 16:44:54 +0200 Subject: [PATCH] all: build independently from the signond sources all: add support for two-layer access control all: functionality to set the owner item on IdentityInfo dbus: update interfaces --- AUTHORS | 2 +- configure.ac | 4 +- libsignon-glib/Makefile.am | 8 +- ...e.AccountsSSO.SingleSignOn.AuthService.xml | 42 +++ ...e.AccountsSSO.SingleSignOn.AuthSession.xml | 25 ++ ...code.AccountsSSO.SingleSignOn.Identity.xml | 48 +++ libsignon-glib/signon-auth-session.c | 168 ++++----- libsignon-glib/signon-auth-session.h | 5 +- libsignon-glib/signon-errors.c | 3 +- libsignon-glib/signon-identity-info.c | 146 ++++++-- libsignon-glib/signon-identity-info.h | 37 +- libsignon-glib/signon-identity.c | 86 ++++- libsignon-glib/signon-identity.h | 28 +- libsignon-glib/signon-internals.h | 119 ++++++- libsignon-glib/signon-security-context.c | 329 ++++++++++++++++++ libsignon-glib/signon-security-context.h | 85 +++++ packaging/libsignon-glib.spec | 75 ++++ tests/check_signon.c | 55 +-- 18 files changed, 1090 insertions(+), 175 deletions(-) create mode 100644 libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.AuthService.xml create mode 100644 libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.AuthSession.xml create mode 100644 libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.Identity.xml create mode 100644 libsignon-glib/signon-security-context.c create mode 100644 libsignon-glib/signon-security-context.h create mode 100644 packaging/libsignon-glib.spec diff --git a/AUTHORS b/AUTHORS index c7608de..14a0a79 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,2 +1,2 @@ alberto.mardegan@nokia.com - +jussi.laako@linux.intel.com diff --git a/configure.ac b/configure.ac index dc84843..8e66dac 100644 --- a/configure.ac +++ b/configure.ac @@ -16,6 +16,7 @@ AM_INIT_AUTOMAKE([1.11 -Wall check-news nostdinc silent-rules subdir-objects]) AC_PROG_CC AC_PROG_CC_STDC AM_PROG_CC_C_O +AM_PROG_AR LT_PREREQ([2.2]) LT_INIT([disable-static]) @@ -28,8 +29,7 @@ PKG_CHECK_MODULES( [gio-2.0 >= 2.30 gio-unix-2.0 glib-2.0 >= 2.32 - gobject-2.0 - signond >= 8.40]) + gobject-2.0]) AC_SUBST(DEPS_CFLAGS) AC_SUBST(DEPS_LIBS) diff --git a/libsignon-glib/Makefile.am b/libsignon-glib/Makefile.am index e208101..67c3782 100644 --- a/libsignon-glib/Makefile.am +++ b/libsignon-glib/Makefile.am @@ -54,6 +54,8 @@ libsignon_glib_la_SOURCES = \ signon-utils.h \ signon-utils.c \ signon-types.h \ + signon-security-context.h \ + signon-security-context.c \ sso-auth-service.c \ sso-auth-service.h @@ -63,6 +65,7 @@ libsignon_glib_include_HEADERS = \ signon-auth-session.h \ signon-identity-info.h \ signon-identity.h \ + signon-security-context.h \ signon-errors.h \ signon-enum-types.h \ signon-glib.h \ @@ -76,7 +79,8 @@ libsignon_glib_headers_with_enums = \ signon-identity-info.h # This should come from `pkg-config --variable=interfaces_dir dbus-1` -DBUS_INTERFACES_DIR = /usr/share/dbus-1/interfaces +# default is /usr/share/dbus-1/interfaces +DBUS_INTERFACES_DIR = interfaces sso-auth-service-gen.h sso-auth-service-gen.c: $(DBUS_INTERFACES_DIR)/com.google.code.AccountsSSO.SingleSignOn.AuthService.xml $(AM_V_GEN)gdbus-codegen \ @@ -137,7 +141,7 @@ signon-enum-types.c: Makefile $(libsignon_glib_headers_with_enums) signon-errors-enum.c: Makefile signon-errors.h $(AM_V_GEN)( cd $(srcdir) && glib-mkenums \ - --fhead "#include \"signon-enum-types.h\"\n#include \"signon-errors.h\"\n#include \"signoncommon.h\"\n#define g_intern_static_string(s) (s)\n" \ + --fhead "#include \"signon-enum-types.h\"\n#include \"signon-errors.h\"\n#include \"signon-internals.h\"\n#define g_intern_static_string(s) (s)\n" \ --fprod "\n/* enumerations from \"@filename@\" */" \ --ftail "\n#define __SIGNON_ENUM_TYPES_C__\n" \ --vhead "GType\n@enum_name@_get_type (void)\n{\n static GType etype = 0;\n if (etype == 0) {\n static const G@Type@Value values[] = {" \ diff --git a/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.AuthService.xml b/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.AuthService.xml new file mode 100644 index 0000000..88465c3 --- /dev/null +++ b/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.AuthService.xml @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.AuthSession.xml b/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.AuthSession.xml new file mode 100644 index 0000000..62aa6c1 --- /dev/null +++ b/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.AuthSession.xml @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.Identity.xml b/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.Identity.xml new file mode 100644 index 0000000..55d4fb7 --- /dev/null +++ b/libsignon-glib/interfaces/com.google.code.AccountsSSO.SingleSignOn.Identity.xml @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/libsignon-glib/signon-auth-session.c b/libsignon-glib/signon-auth-session.c index ce02e75..6349012 100644 --- a/libsignon-glib/signon-auth-session.c +++ b/libsignon-glib/signon-auth-session.c @@ -5,8 +5,10 @@ * * Copyright (C) 2009-2010 Nokia Corporation. * Copyright (C) 2012 Canonical Ltd. + * Copyright (C) 2012-2013 Intel Corporation. * * Contact: Alberto Mardegan + * Contact: Jussi Laako * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -46,17 +48,22 @@ #include "signon-utils.h" #include "sso-auth-service.h" #include "sso-auth-session-gen.h" +#include "sso-identity-gen.h" -/* SignonAuthSessionState is defined in signoncommon.h */ -#include G_DEFINE_TYPE (SignonAuthSession, signon_auth_session, G_TYPE_OBJECT); +enum +{ + PROP_0, + PROP_IDENTITY, + PROP_APPCTX +}; + /* Signals */ enum { STATE_CHANGED, - LAST_SIGNAL }; @@ -68,10 +75,10 @@ static const gchar data_key_process[] = "signon-process"; struct _SignonAuthSessionPrivate { SsoAuthSession *proxy; - SsoAuthService *auth_service_proxy; + SsoIdentity *identity_proxy; GCancellable *cancellable; - gint id; + guint id; gchar *method_name; gboolean registering; @@ -118,7 +125,6 @@ static void auth_session_remote_object_destroyed_cb (GDBusProxy *proxy, gpointer static gboolean auth_session_priv_init (SignonAuthSession *self, guint id, const gchar *method_name, GError **err); -static void auth_session_set_id_ready_cb (gpointer object, const GError *error, gpointer user_data); static void auth_session_query_available_mechanisms_ready_cb (gpointer object, const GError *error, gpointer user_data); static void auth_session_cancel_ready_cb (gpointer object, const GError *error, gpointer user_data); @@ -262,11 +268,46 @@ auth_session_object_quark () return quark; } +static void +signon_auth_session_set_property (GObject *object, + guint property_id, + const GValue *value, + GParamSpec *pspec) +{ + SignonAuthSession *self = SIGNON_AUTH_SESSION (object); + + switch (property_id) + { + case PROP_IDENTITY: + self->priv->identity_proxy = g_value_dup_object (value); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); + } +} + +static void +signon_auth_session_get_property (GObject *object, + guint property_id, + GValue *value, + GParamSpec *pspec) +{ + SignonAuthSession *self = SIGNON_AUTH_SESSION (object); + + switch (property_id) + { + case PROP_IDENTITY: + g_value_set_object (value, self->priv->identity_proxy); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); + } +} + static void signon_auth_session_init (SignonAuthSession *self) { self->priv = SIGNON_AUTH_SESSION_GET_PRIV (self); - self->priv->auth_service_proxy = sso_auth_service_get_instance (); self->priv->cancellable = g_cancellable_new (); } @@ -296,10 +337,10 @@ signon_auth_session_dispose (GObject *object) priv->proxy = NULL; } - if (priv->auth_service_proxy) + if (priv->identity_proxy) { - g_object_unref (priv->auth_service_proxy); - priv->auth_service_proxy = NULL; + g_object_unref (priv->identity_proxy); + priv->identity_proxy = NULL; } G_OBJECT_CLASS (signon_auth_session_parent_class)->dispose (object); @@ -325,6 +366,19 @@ static void signon_auth_session_class_init (SignonAuthSessionClass *klass) { GObjectClass *object_class = G_OBJECT_CLASS (klass); + GParamSpec *pspec; + + object_class->set_property = signon_auth_session_set_property; + object_class->get_property = signon_auth_session_get_property; + + pspec = g_param_spec_object ("identity", + "Identity Proxy Object", + "Identity Proxy Object construct parameter", + TYPE_SSO_IDENTITY, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY); + g_object_class_install_property (object_class, + PROP_IDENTITY, + pspec); g_type_class_add_private (object_class, sizeof (SignonAuthSessionPrivate)); @@ -366,11 +420,17 @@ signon_auth_session_class_init (SignonAuthSessionClass *klass) * Returns: a new #SignonAuthSession. */ SignonAuthSession * -signon_auth_session_new (gint id, +signon_auth_session_new (gpointer identity_proxy, + gint id, const gchar *method_name, GError **err) { - SignonAuthSession *self = SIGNON_AUTH_SESSION(g_object_new (SIGNON_TYPE_AUTH_SESSION, NULL)); + SsoIdentity *identity = SSO_IDENTITY(identity_proxy); + + SignonAuthSession *self = SIGNON_AUTH_SESSION(g_object_new ( + SIGNON_TYPE_AUTH_SESSION, + "identity", identity, + NULL)); g_return_val_if_fail (self != NULL, NULL); if (!auth_session_priv_init(self, id, method_name, err)) @@ -385,54 +445,6 @@ signon_auth_session_new (gint id, return self; } -static void -auth_session_set_id_ready_cb (gpointer object, - const GError *error, - gpointer user_data) -{ - if (error) - { - g_warning ("%s returned error: %s", G_STRFUNC, error->message); - return; - } - - g_return_if_fail (SIGNON_IS_AUTH_SESSION (object)); - SignonAuthSession *self = SIGNON_AUTH_SESSION (object); - SignonAuthSessionPrivate *priv = self->priv; - g_return_if_fail (priv != NULL); - - gint id = GPOINTER_TO_INT(user_data); - - GError *err = NULL; - sso_auth_session_call_set_id_sync (priv->proxy, - id, - priv->cancellable, - &err); - priv->id = id; - - if (err) - g_warning ("%s returned error: %s", G_STRFUNC, err->message); - - g_clear_error(&err); -} - -void -signon_auth_session_set_id(SignonAuthSession* self, - gint id) -{ - g_return_if_fail (SIGNON_IS_AUTH_SESSION (self)); - - SignonAuthSessionPrivate *priv = self->priv; - g_return_if_fail (priv != NULL); - g_return_if_fail (id >= 0); - - auth_session_check_remote_object(self); - _signon_object_call_when_ready (self, - auth_session_object_quark(), - auth_session_set_id_ready_cb, - GINT_TO_POINTER(id)); -} - /** * signon_auth_session_get_method: * @self: the #SignonAuthSession. @@ -664,17 +676,17 @@ signon_auth_session_cancel (SignonAuthSession *self) } static void -auth_session_get_object_path_reply (GObject *object, GAsyncResult *res, - gpointer userdata) +identity_get_auth_session_reply (GObject *object, GAsyncResult *res, + gpointer userdata) { - SsoAuthService *proxy = SSO_AUTH_SERVICE (object); + SsoIdentity *proxy = SSO_IDENTITY (object); gchar *object_path = NULL; GError *error = NULL; - sso_auth_service_call_get_auth_session_object_path_finish (proxy, - &object_path, - res, - &error); + sso_identity_call_get_auth_session_finish (proxy, + &object_path, + res, + &error); SIGNON_RETURN_IF_CANCELLED (error); g_return_if_fail (SIGNON_IS_AUTH_SESSION (userdata)); @@ -791,13 +803,12 @@ auth_session_priv_init (SignonAuthSession *self, guint id, priv->method_name = g_strdup (method_name); priv->registering = TRUE; - sso_auth_service_call_get_auth_session_object_path ( - priv->auth_service_proxy, - id, - method_name, - priv->cancellable, - auth_session_get_object_path_reply, - self); + sso_identity_call_get_auth_session ( + priv->identity_proxy, + method_name, + priv->cancellable, + identity_get_auth_session_reply, + self); priv->busy = FALSE; priv->canceled = FALSE; return TRUE; @@ -906,17 +917,16 @@ auth_session_check_remote_object(SignonAuthSession *self) if (priv->proxy != NULL) return; - g_return_if_fail (priv->auth_service_proxy != NULL); + g_return_if_fail (priv->identity_proxy != NULL); if (!priv->registering) { priv->registering = TRUE; - sso_auth_service_call_get_auth_session_object_path ( - priv->auth_service_proxy, - priv->id, + sso_identity_call_get_auth_session ( + priv->identity_proxy, priv->method_name, priv->cancellable, - auth_session_get_object_path_reply, + identity_get_auth_session_reply, self); } } diff --git a/libsignon-glib/signon-auth-session.h b/libsignon-glib/signon-auth-session.h index 18bbcb3..d937904 100644 --- a/libsignon-glib/signon-auth-session.h +++ b/libsignon-glib/signon-auth-session.h @@ -5,8 +5,10 @@ * * Copyright (C) 2009-2010 Nokia Corporation. * Copyright (C) 2012 Canonical Ltd. + * Copyright (C) 2012-2013 Intel Corporation. * * Contact: Alberto Mardegan + * Contact: Jussi Laako * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -142,7 +144,8 @@ struct _SignonAuthSessionClass { GType signon_auth_session_get_type (void) G_GNUC_CONST; -SignonAuthSession *signon_auth_session_new(gint id, +SignonAuthSession *signon_auth_session_new(gpointer identity_proxy, + gint id, const gchar *method_name, GError **err); diff --git a/libsignon-glib/signon-errors.c b/libsignon-glib/signon-errors.c index 6ecde09..3316884 100644 --- a/libsignon-glib/signon-errors.c +++ b/libsignon-glib/signon-errors.c @@ -5,8 +5,10 @@ * * Copyright (C) 2009-2010 Nokia Corporation. * Copyright (C) 2012 Canonical Ltd. + * Copyright (C) 2012 Intel Corporation. * * Contact: Alberto Mardegan + * Contact: Jussi Laako * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -26,7 +28,6 @@ #include "signon-errors.h" #include "signon-enum-types.h" #include "signon-internals.h" -#include "signoncommon.h" #include /** diff --git a/libsignon-glib/signon-identity-info.c b/libsignon-glib/signon-identity-info.c index bd7fd79..29064d5 100644 --- a/libsignon-glib/signon-identity-info.c +++ b/libsignon-glib/signon-identity-info.c @@ -90,6 +90,8 @@ SignonIdentityInfo * signon_identity_info_new_from_variant (GVariant *variant) { GVariant *method_map; + GVariant *owner; + GVariant *acl; if (!variant) return NULL; @@ -146,10 +148,22 @@ signon_identity_info_new_from_variant (GVariant *variant) } } - g_variant_lookup (variant, - SIGNOND_IDENTITY_INFO_ACL, - "^as", - &info->access_control_list); + if (g_variant_lookup (variant, + SIGNOND_IDENTITY_INFO_OWNER, + "(ss)", + &owner)) + { + info->owner = signon_security_context_deconstruct_variant (owner); + } + + if (g_variant_lookup (variant, + SIGNOND_IDENTITY_INFO_ACL, + "@a(ss)", + &acl)) + { + info->access_control_list = + signon_security_context_list_deconstruct_variant (acl); + } g_variant_lookup (variant, SIGNOND_IDENTITY_INFO_TYPE, @@ -217,13 +231,20 @@ signon_identity_info_to_variant (const SignonIdentityInfo *self) -1)); } + if (self->owner != NULL) + { + g_variant_builder_add (&builder, "{sv}", + SIGNOND_IDENTITY_INFO_OWNER, + signon_security_context_build_variant ( + self->owner)); + } + if (self->access_control_list != NULL) { g_variant_builder_add (&builder, "{sv}", SIGNOND_IDENTITY_INFO_ACL, - g_variant_new_strv ((const gchar * const *) - self->access_control_list, - -1)); + signon_security_context_list_build_variant ( + self->access_control_list)); } g_variant_builder_add (&builder, "{sv}", @@ -250,6 +271,7 @@ SignonIdentityInfo *signon_identity_info_new () info->methods = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify)g_strfreev); info->store_secret = FALSE; + info->owner = signon_security_context_new (); return info; } @@ -271,7 +293,8 @@ void signon_identity_info_free (SignonIdentityInfo *info) g_hash_table_destroy (info->methods); g_strfreev (info->realms); - g_strfreev (info->access_control_list); + signon_security_context_free (info->owner); + signon_security_context_list_free (info->access_control_list); g_slice_free (SignonIdentityInfo, info); } @@ -291,16 +314,23 @@ SignonIdentityInfo *signon_identity_info_copy (const SignonIdentityInfo *other) identity_info_set_id (info, signon_identity_info_get_id (other)); - signon_identity_info_set_username (info, signon_identity_info_get_username (other)); + signon_identity_info_set_username (info, + signon_identity_info_get_username (other)); signon_identity_info_set_secret (info, identity_info_get_secret(other), - signon_identity_info_get_storing_secret (other)); + signon_identity_info_get_storing_secret (other)); + + signon_identity_info_set_caption (info, + signon_identity_info_get_caption(other)); - signon_identity_info_set_caption (info, signon_identity_info_get_caption(other)); + signon_identity_info_set_methods (info, + signon_identity_info_get_methods (other)); - signon_identity_info_set_methods (info, signon_identity_info_get_methods (other)); + signon_identity_info_set_realms (info, + signon_identity_info_get_realms (other)); - signon_identity_info_set_realms (info, signon_identity_info_get_realms (other)); + signon_identity_info_set_owner (info, + signon_identity_info_get_owner (other)); signon_identity_info_set_access_control_list (info, signon_identity_info_get_access_control_list (other)); @@ -396,18 +426,32 @@ const gchar* const *signon_identity_info_get_realms (const SignonIdentityInfo *i return (const gchar* const *)info->realms; } +/** + * signon_identity_info_get_owner: + * @info: the #SignonIdentityInfo. + * + * Get owner security context of @info. + * + * Returns: (transfer none): a security context. + */ +const SignonSecurityContext *signon_identity_info_get_owner (const SignonIdentityInfo *info) +{ + g_return_val_if_fail (info != NULL, NULL); + return info->owner; +} + /** * signon_identity_info_get_access_control_list: * @info: the #SignonIdentityInfo. * * Get an array of ACL statements of the identity. * - * Returns: (transfer none): a %NULL terminated array of ACL statements. + * Returns: (transfer none): a list of ACL security contexts. */ -const gchar* const *signon_identity_info_get_access_control_list (const SignonIdentityInfo *info) +const SignonSecurityContextList *signon_identity_info_get_access_control_list (const SignonIdentityInfo *info) { g_return_val_if_fail (info != NULL, NULL); - return (const gchar* const *)info->access_control_list; + return info->access_control_list; } /** @@ -532,22 +576,82 @@ void signon_identity_info_set_realms (SignonIdentityInfo *info, info->realms = g_strdupv ((gchar **)realms); } +/** + * signon_identity_info_set_owner: + * @info: the #SignonIdentityInfo. + * @owner: (transfer none) a security context of owner. + * + * Specify owner security context. + */ +void signon_identity_info_set_owner (SignonIdentityInfo *info, + const SignonSecurityContext *owner) +{ + g_return_if_fail (info != NULL); + + if (info->owner) signon_security_context_free (info->owner); + + info->owner = signon_security_context_copy (owner); +} + +/** + * signon_identity_info_set_owner_from_values: + * @info: the #SignonIdentityInfo. + * @system_context: owner's system context. + * @application_context: owner's application context. + * + * Specify owner security context. + */ +void signon_identity_info_set_owner_from_values ( + SignonIdentityInfo *info, + const gchar *system_context, + const gchar *application_context) +{ + g_return_if_fail (info != NULL && + system_context != NULL && + application_context != NULL); + + if (info->owner) signon_security_context_free (info->owner); + + info->owner = signon_security_context_new_from_values(system_context, + application_context); +} + /** * signon_identity_info_set_access_control_list: * @info: the #SignonIdentityInfo. - * @access_control_list: a %NULL-terminated list of ACL security domains. + * @access_control_list: (transfer none) a list of ACL security contexts. * * Specifies the ACL for this identity. The actual meaning of the ACL depends - * on the security framework used by signond. + * on the security framework used by signond. Ownership of the list is trans */ void signon_identity_info_set_access_control_list (SignonIdentityInfo *info, - const gchar* const *access_control_list) + const SignonSecurityContextList *access_control_list) { g_return_if_fail (info != NULL); - if (info->access_control_list) g_strfreev (info->access_control_list); + if (info->access_control_list) + signon_security_context_list_free (info->access_control_list); + + info->access_control_list = + signon_security_context_list_copy (access_control_list); +} + +/** + * signon_identity_info_access_control_list_append: + * @info: the #SignonIdentityInfo. + * @security_context: (transfer full) a security context to be appended. + * + * Appends a new #SignonSecurityContext item to the access control list. + */ +void signon_identity_info_access_control_list_append ( + SignonIdentityInfo *info, + SignonSecurityContext *security_context) +{ + g_return_if_fail (info != NULL); + g_return_if_fail (security_context != NULL); - info->access_control_list = g_strdupv ((gchar **)access_control_list); + info->access_control_list = g_list_append (info->access_control_list, + security_context); } /** diff --git a/libsignon-glib/signon-identity-info.h b/libsignon-glib/signon-identity-info.h index a6dedfc..fc35dfe 100644 --- a/libsignon-glib/signon-identity-info.h +++ b/libsignon-glib/signon-identity-info.h @@ -28,6 +28,8 @@ #include +#include "signon-security-context.h" + G_BEGIN_DECLS /** @@ -62,25 +64,42 @@ SignonIdentityInfo *signon_identity_info_copy (const SignonIdentityInfo *other); gint signon_identity_info_get_id (const SignonIdentityInfo *info); const gchar *signon_identity_info_get_username (const SignonIdentityInfo *info); -gboolean signon_identity_info_get_storing_secret (const SignonIdentityInfo *info); +gboolean signon_identity_info_get_storing_secret ( + const SignonIdentityInfo *info); const gchar *signon_identity_info_get_caption (const SignonIdentityInfo *info); -const GHashTable *signon_identity_info_get_methods (const SignonIdentityInfo *info); -const gchar* const *signon_identity_info_get_realms (const SignonIdentityInfo *info); -const gchar* const *signon_identity_info_get_access_control_list (const SignonIdentityInfo *info); -SignonIdentityType signon_identity_info_get_identity_type (const SignonIdentityInfo *info); +const GHashTable *signon_identity_info_get_methods ( + const SignonIdentityInfo *info); +const gchar* const *signon_identity_info_get_realms ( + const SignonIdentityInfo *info); +const SignonSecurityContext *signon_identity_info_get_owner ( + const SignonIdentityInfo *info); +const SignonSecurityContextList *signon_identity_info_get_access_control_list ( + const SignonIdentityInfo *info); +SignonIdentityType signon_identity_info_get_identity_type ( + const SignonIdentityInfo *info); void signon_identity_info_set_username (SignonIdentityInfo *info, const gchar *username); void signon_identity_info_set_secret (SignonIdentityInfo *info, const gchar *secret, gboolean store_secret); -void signon_identity_info_set_caption (SignonIdentityInfo *info, const gchar *caption); -void signon_identity_info_set_method (SignonIdentityInfo *info, const gchar *method, +void signon_identity_info_set_caption (SignonIdentityInfo *info, + const gchar *caption); +void signon_identity_info_set_method (SignonIdentityInfo *info, + const gchar *method, const gchar* const *mechanisms); -void signon_identity_info_remove_method (SignonIdentityInfo *info, const gchar *method); +void signon_identity_info_remove_method (SignonIdentityInfo *info, + const gchar *method); void signon_identity_info_set_realms (SignonIdentityInfo *info, const gchar* const *realms); +void signon_identity_info_set_owner (SignonIdentityInfo *info, + const SignonSecurityContext *owner); +void signon_identity_info_set_owner_from_values (SignonIdentityInfo *info, + const gchar *system_context, + const gchar *application_context); void signon_identity_info_set_access_control_list (SignonIdentityInfo *info, - const gchar* const *access_control_list); + const SignonSecurityContextList *access_control_list); +void signon_identity_info_access_control_list_append (SignonIdentityInfo *info, + SignonSecurityContext *security_context); void signon_identity_info_set_identity_type (SignonIdentityInfo *info, SignonIdentityType type); diff --git a/libsignon-glib/signon-identity.c b/libsignon-glib/signon-identity.c index d6c2d99..77a8b7a 100644 --- a/libsignon-glib/signon-identity.c +++ b/libsignon-glib/signon-identity.c @@ -5,8 +5,10 @@ * * Copyright (C) 2009-2010 Nokia Corporation. * Copyright (C) 2012 Canonical Ltd. + * Copyright (C) 2012-2013 Intel Corporation. * * Contact: Alberto Mardegan + * Contact: Jussi Laako * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -45,7 +47,8 @@ G_DEFINE_TYPE (SignonIdentity, signon_identity, G_TYPE_OBJECT); enum { PROP_0, - PROP_ID + PROP_ID, + PROP_APPCTX }; typedef enum { @@ -76,6 +79,7 @@ struct _SignonIdentityPrivate gboolean updated; guint id; + gchar *app_ctx; guint signal_info_updated; guint signal_unregistered; @@ -188,6 +192,10 @@ signon_identity_set_property (GObject *object, case PROP_ID: self->priv->id = g_value_get_uint (value); break; + case PROP_APPCTX: + g_free (self->priv->app_ctx); + self->priv->app_ctx = g_strdup (g_value_get_string (value)); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); break; @@ -207,6 +215,9 @@ signon_identity_get_property (GObject *object, case PROP_ID: g_value_set_uint (value, self->priv->id); break; + case PROP_APPCTX: + g_value_set_string (value, self->priv->app_ctx); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); break; @@ -230,6 +241,8 @@ signon_identity_init (SignonIdentity *identity) priv->removed = FALSE; priv->signed_out = FALSE; priv->updated = FALSE; + + priv->app_ctx = NULL; } static void @@ -264,6 +277,8 @@ signon_identity_dispose (GObject *object) if (priv->sessions) g_critical ("SignonIdentity: the list of AuthSessions MUST be empty"); + g_free(priv->app_ctx); + G_OBJECT_CLASS (signon_identity_parent_class)->dispose (object); } @@ -289,11 +304,19 @@ signon_identity_class_init (SignonIdentityClass *klass) G_MAXUINT, 0, G_PARAM_READWRITE); - g_object_class_install_property (object_class, PROP_ID, pspec); + pspec = g_param_spec_string ("app_ctx", + "Application Context", + "Set/Get Application Security Context", + "", + G_PARAM_READWRITE); + g_object_class_install_property (object_class, + PROP_APPCTX, + pspec); + g_type_class_add_private (object_class, sizeof (SignonIdentityPrivate)); /** @@ -531,11 +554,13 @@ identity_check_remote_registration (SignonIdentity *self) if (priv->id != 0) sso_auth_service_call_get_identity (priv->auth_service_proxy, priv->id, + priv->app_ctx, priv->cancellable, identity_new_from_db_cb, self); else sso_auth_service_call_register_new_identity (priv->auth_service_proxy, + priv->app_ctx, priv->cancellable, identity_new_cb, self); @@ -546,6 +571,7 @@ identity_check_remote_registration (SignonIdentity *self) /** * signon_identity_new_from_db: * @id: identity ID. + * @application_context: application security context, can be %NULL. * * Construct an identity object associated with an existing identity * record. @@ -553,18 +579,23 @@ identity_check_remote_registration (SignonIdentity *self) * Returns: an instance of a #SignonIdentity. */ SignonIdentity* -signon_identity_new_from_db (guint32 id) +signon_identity_new_from_db (guint32 id, const gchar *application_context) { SignonIdentity *identity; DEBUG ("%s %d: %d\n", G_STRFUNC, __LINE__, id); if (id == 0) return NULL; - identity = g_object_new (SIGNON_TYPE_IDENTITY, "id", id, NULL); + identity = g_object_new (SIGNON_TYPE_IDENTITY, + "id", id, + "app_ctx", application_context, + NULL); g_return_val_if_fail (SIGNON_IS_IDENTITY (identity), NULL); g_return_val_if_fail (identity->priv != NULL, NULL); identity->priv->id = id; + identity->priv->app_ctx = (application_context) ? + g_strdup (application_context) : g_strdup (""); identity_check_remote_registration (identity); return identity; @@ -572,18 +603,25 @@ signon_identity_new_from_db (guint32 id) /** * signon_identity_new: + * @application_context: application security context, can be %NULL. * * Construct new, empty, identity object. * * Returns: an instance of an #SignonIdentity. */ SignonIdentity* -signon_identity_new () +signon_identity_new (const gchar *application_context) { DEBUG ("%s %d", G_STRFUNC, __LINE__); - SignonIdentity *identity = g_object_new (SIGNON_TYPE_IDENTITY, NULL); + SignonIdentity *identity = g_object_new ( + SIGNON_TYPE_IDENTITY, + "app_ctx", application_context, + NULL); g_return_val_if_fail (SIGNON_IS_IDENTITY (identity), NULL); g_return_val_if_fail (identity->priv != NULL, NULL); + + identity->priv->app_ctx = (application_context) ? + g_strdup (application_context) : g_strdup (""); identity_check_remote_registration (identity); return identity; @@ -654,7 +692,8 @@ signon_identity_create_session(SignonIdentity *self, list = list->next; } - SignonAuthSession *session = signon_auth_session_new (priv->id, + SignonAuthSession *session = signon_auth_session_new (priv->proxy, + priv->id, method, error); if (session) @@ -737,7 +776,8 @@ void signon_identity_store_credentials_with_args(SignonIdentity *self, const GHashTable *methods, const gchar *caption, const gchar* const *realms, - const gchar* const *access_control_list, + const SignonSecurityContext *owner, + const SignonSecurityContextList *access_control_list, SignonIdentityType type, SignonIdentityStoreCredentialsCb cb, gpointer user_data) @@ -752,7 +792,26 @@ void signon_identity_store_credentials_with_args(SignonIdentity *self, signon_identity_info_set_methods (info, methods); signon_identity_info_set_caption (info, caption); signon_identity_info_set_realms (info, realms); - signon_identity_info_set_access_control_list (info, access_control_list); + if (owner) + { + signon_identity_info_set_owner (info, owner); + } + else + { + signon_identity_info_set_owner_from_values (info, "", ""); + DEBUG ("created empty owner context"); + } + if (access_control_list) + { + signon_identity_info_set_access_control_list (info, + access_control_list); + } + else + { + signon_identity_info_access_control_list_append (info, + signon_security_context_new_from_values ("*", "*")); + DEBUG ("created wildcard access control list"); + } signon_identity_info_set_identity_type (info, type); signon_identity_store_credentials_with_info (self, info, cb, user_data); @@ -824,15 +883,6 @@ identity_store_credentials_reply (GObject *object, GAsyncResult *res, { g_return_if_fail (priv->identity_info == NULL); - GSList *slist = priv->sessions; - - while (slist) - { - SignonAuthSession *session = SIGNON_AUTH_SESSION (priv->sessions->data); - signon_auth_session_set_id (session, id); - slist = g_slist_next (slist); - } - g_object_set (cb_data->self, "id", id, NULL); cb_data->self->priv->id = id; diff --git a/libsignon-glib/signon-identity.h b/libsignon-glib/signon-identity.h index ac4b38c..7924285 100644 --- a/libsignon-glib/signon-identity.h +++ b/libsignon-glib/signon-identity.h @@ -4,8 +4,10 @@ * This file is part of libsignon-glib * * Copyright (C) 2009-2010 Nokia Corporation. + * Copyright (C) 2012 Intel Corporation. * * Contact: Alberto Mardegan + * Contact: Jussi Laako * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -102,8 +104,9 @@ typedef SignonIdentityVoidCb SignonIdentityReferenceRemovedCb; GType signon_identity_get_type (void) G_GNUC_CONST; -SignonIdentity *signon_identity_new_from_db (guint32 id); -SignonIdentity *signon_identity_new (); +SignonIdentity *signon_identity_new_from_db (guint32 id, + const gchar *application_context); +SignonIdentity *signon_identity_new (const gchar *application_context); const GError *signon_identity_get_last_error (SignonIdentity *identity); @@ -132,16 +135,17 @@ void signon_identity_store_credentials_with_info(SignonIdentity *self, gpointer user_data); void signon_identity_store_credentials_with_args(SignonIdentity *self, - const gchar *username, - const gchar *secret, - const gboolean store_secret, - const GHashTable *methods, - const gchar *caption, - const gchar* const *realms, - const gchar* const *access_control_list, - SignonIdentityType type, - SignonIdentityStoreCredentialsCb cb, - gpointer user_data); + const gchar *username, + const gchar *secret, + const gboolean store_secret, + const GHashTable *methods, + const gchar *caption, + const gchar* const *realms, + const SignonSecurityContext *owner, + const SignonSecurityContextList *access_control_list, + SignonIdentityType type, + SignonIdentityStoreCredentialsCb cb, + gpointer user_data); /** * SignonIdentityVerifyCb: diff --git a/libsignon-glib/signon-internals.h b/libsignon-glib/signon-internals.h index c93c0d6..566a8cb 100644 --- a/libsignon-glib/signon-internals.h +++ b/libsignon-glib/signon-internals.h @@ -5,8 +5,10 @@ * * Copyright (C) 2009-2010 Nokia Corporation. * Copyright (C) 2012 Canonical Ltd. + * Copyright (C) 2012 Intel Corporation. * * Contact: Alberto Mardegan + * Contact: Jussi Laako * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -26,6 +28,8 @@ #ifndef _SIGNONINTERNALS_H_ #define _SIGNONINTERNALS_H_ +#include "signon-security-context.h" + #ifndef SIGNON_TRACE #define SIGNON_TRACE #endif @@ -36,13 +40,119 @@ #define DEBUG(...) do {} while (0) #endif -#include +/* + * Common DBUS definitions + * */ +#define SIGNOND_SERVICE_PREFIX "com.google.code.AccountsSSO.SingleSignOn" +#define SIGNOND_SERVICE SIGNOND_SERVICE_PREFIX + +#define SIGNOND_DAEMON_OBJECTPATH "/com/google/code/AccountsSSO/SingleSignOn" +#define SIGNOND_DAEMON_INTERFACE SIGNOND_SERVICE_PREFIX ".AuthService" +#define SIGNOND_IDENTITY_INTERFACE SIGNOND_SERVICE_PREFIX ".Identity" +#define SIGNOND_AUTH_SESSION_INTERFACE SIGNOND_SERVICE_PREFIX ".AuthSession" + +#define SIGNOND_ERR_PREFIX SIGNOND_SERVICE_PREFIX ".Error." + +/* + * Common server/client identity info strings + * */ +#define SIGNOND_IDENTITY_INFO_ID "Id" +#define SIGNOND_IDENTITY_INFO_USERNAME "UserName" +#define SIGNOND_IDENTITY_INFO_SECRET "Secret" +#define SIGNOND_IDENTITY_INFO_STORESECRET "StoreSecret" +#define SIGNOND_IDENTITY_INFO_CAPTION "Caption" +#define SIGNOND_IDENTITY_INFO_REALMS "Realms" +#define SIGNOND_IDENTITY_INFO_AUTHMETHODS "AuthMethods" +#define SIGNOND_IDENTITY_INFO_OWNER "Owner" +#define SIGNOND_IDENTITY_INFO_ACL "ACL" +#define SIGNOND_IDENTITY_INFO_TYPE "Type" +#define SIGNOND_IDENTITY_INFO_REFCOUNT "RefCount" +#define SIGNOND_IDENTITY_INFO_VALIDATED "Validated" +#define SIGNOND_IDENTITY_INFO_USERNAME_IS_SECRET "UserNameSecret" + +/* + * Common server/client sides error names and messages + * */ +#define SIGNOND_UNKNOWN_ERR_NAME SIGNOND_ERR_PREFIX "Unknown" +#define SIGNOND_INTERNAL_SERVER_ERR_NAME SIGNOND_ERR_PREFIX "InternalServer" +#define SIGNOND_INTERNAL_COMMUNICATION_ERR_NAME \ + SIGNOND_ERR_PREFIX "InternalCommunication" +#define SIGNOND_PERMISSION_DENIED_ERR_NAME \ + SIGNOND_ERR_PREFIX "PermissionDenied" +#define SIGNOND_METHOD_OR_MECHANISM_NOT_ALLOWED_ERR_NAME \ + SIGNOND_ERR_PREFIX "MethodOrMechanismNotAllowed" +#define SIGNOND_ENCRYPTION_FAILED_ERR_NAME \ + SIGNOND_ERR_PREFIX "EncryptionFailed" +#define SIGNOND_METHOD_NOT_KNOWN_ERR_NAME SIGNOND_ERR_PREFIX "MethodNotKnown" +#define SIGNOND_SERVICE_NOT_AVAILABLE_ERR_NAME \ + SIGNOND_ERR_PREFIX "ServiceNotAvailable" +#define SIGNOND_INVALID_QUERY_ERR_NAME SIGNOND_ERR_PREFIX "InvalidQuery" +#define SIGNOND_METHOD_NOT_AVAILABLE_ERR_NAME \ + SIGNOND_ERR_PREFIX "MethodNotAvailable" +#define SIGNOND_IDENTITY_NOT_FOUND_ERR_NAME \ + SIGNOND_ERR_PREFIX "IdentityNotFound" +#define SIGNOND_STORE_FAILED_ERR_NAME SIGNOND_ERR_PREFIX "StoreFailed" +#define SIGNOND_REMOVE_FAILED_ERR_NAME SIGNOND_ERR_PREFIX "RemoveFailed" +#define SIGNOND_SIGNOUT_FAILED_ERR_NAME SIGNOND_ERR_PREFIX "SignOutFailed" +#define SIGNOND_IDENTITY_OPERATION_CANCELED_ERR_NAME \ + SIGNOND_ERR_PREFIX "IdentityOperationCanceled" +#define SIGNOND_CREDENTIALS_NOT_AVAILABLE_ERR_NAME \ + SIGNOND_ERR_PREFIX "CredentialsNotAvailable" +#define SIGNOND_REFERENCE_NOT_FOUND_ERR_NAME \ + SIGNOND_ERR_PREFIX "ReferenceNotFound" +#define SIGNOND_MECHANISM_NOT_AVAILABLE_ERR_NAME \ + SIGNOND_ERR_PREFIX "MechanismNotAvailable" +#define SIGNOND_MISSING_DATA_ERR_NAME SIGNOND_ERR_PREFIX "MissingData" +#define SIGNOND_INVALID_CREDENTIALS_ERR_NAME \ + SIGNOND_ERR_PREFIX "InvalidCredentials" +#define SIGNOND_NOT_AUTHORIZED_ERR_NAME SIGNOND_ERR_PREFIX "NotAuthorized" +#define SIGNOND_WRONG_STATE_ERR_NAME SIGNOND_ERR_PREFIX "WrongState" +#define SIGNOND_OPERATION_NOT_SUPPORTED_ERR_NAME \ + SIGNOND_ERR_PREFIX "OperationNotSupported" +#define SIGNOND_NO_CONNECTION_ERR_NAME SIGNOND_ERR_PREFIX "NoConnection" +#define SIGNOND_NETWORK_ERR_NAME SIGNOND_ERR_PREFIX "Network" +#define SIGNOND_SSL_ERR_NAME SIGNOND_ERR_PREFIX "Ssl" +#define SIGNOND_RUNTIME_ERR_NAME SIGNOND_ERR_PREFIX "Runtime" +#define SIGNOND_SESSION_CANCELED_ERR_NAME SIGNOND_ERR_PREFIX "SessionCanceled" +#define SIGNOND_TIMED_OUT_ERR_NAME SIGNOND_ERR_PREFIX "TimedOut" +#define SIGNOND_USER_INTERACTION_ERR_NAME SIGNOND_ERR_PREFIX "UserInteraction" +#define SIGNOND_OPERATION_FAILED_ERR_NAME SIGNOND_ERR_PREFIX "OperationFailed" +#define SIGNOND_TOS_NOT_ACCEPTED_ERR_NAME SIGNOND_ERR_PREFIX "TOSNotAccepted" +#define SIGNOND_FORGOT_PASSWORD_ERR_NAME SIGNOND_ERR_PREFIX "ForgotPassword" +#define SIGNOND_INCORRECT_DATE_ERR_NAME SIGNOND_ERR_PREFIX "IncorrectDate" +#define SIGNOND_USER_ERROR_ERR_NAME SIGNOND_ERR_PREFIX "User" + #include "signon-identity.h" #include "signon-auth-session.h" G_BEGIN_DECLS +enum SignonAuthSessionState { + SIGNON_AUTH_SESSION_STATE_NOT_STARTED = 0, /**< No message. */ + SIGNON_AUTH_SESSION_STATE_RESOLVING_HOST, /**< Resolving remote server + host name. */ + SIGNON_AUTH_SESSION_STATE_CONNECTING, /**< Connecting to remote + server. */ + SIGNON_AUTH_SESSION_STATE_SENDING_DATA, /**< Sending data to remote + server. */ + SIGNON_AUTH_SESSION_STATE_WAITING_REPLY, /**< Waiting reply from remote + server. */ + SIGNON_AUTH_SESSION_STATE_USER_PENDING, /**< Waiting response from + user. */ + SIGNON_AUTH_SESSION_STATE_UI_REFRESHING, /**< Refreshing ui request. */ + SIGNON_AUTH_SESSION_STATE_PROCESS_PENDING, /**< Waiting another process + to start. */ + SIGNON_AUTH_SESSION_STATE_STARTED, /**< Authentication session is + started. */ + SIGNON_AUTH_SESSION_STATE_PROCESS_CANCELING, /**< Canceling.current + process. */ + SIGNON_AUTH_SESSION_STATE_PROCESS_DONE, /**< Authentication + completed. */ + SIGNON_AUTH_SESSION_STATE_CUSTOM, /**< Custom message. */ + SIGNON_AUTH_SESSION_STATE_LAST +}; + struct _SignonIdentityInfo { gint id; @@ -52,7 +162,8 @@ struct _SignonIdentityInfo gboolean store_secret; GHashTable *methods; gchar **realms; - gchar **access_control_list; + SignonSecurityContext *owner; + SignonSecurityContextList *access_control_list; gint type; }; @@ -68,10 +179,6 @@ G_GNUC_INTERNAL void signon_identity_info_set_methods (SignonIdentityInfo *self, const GHashTable *methods); -G_GNUC_INTERNAL -void signon_auth_session_set_id(SignonAuthSession* self, - gint32 id); - G_END_DECLS #endif diff --git a/libsignon-glib/signon-security-context.c b/libsignon-glib/signon-security-context.c new file mode 100644 index 0000000..3ecc9db --- /dev/null +++ b/libsignon-glib/signon-security-context.c @@ -0,0 +1,329 @@ +/* vi: set et sw=4 ts=4 cino=t0,(0: */ +/* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of libsignon-glib + * + * Copyright (C) 2012-2013 Intel Corporation. + * + * Contact: Jussi Laako + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include "signon-security-context.h" + +static void +_security_context_free (gpointer ptr) +{ + SignonSecurityContext *ctx = (SignonSecurityContext *) ptr; + + signon_security_context_free (ctx); +} + +static SignonSecurityContext * +_security_context_alloc () +{ + return g_new0 (SignonSecurityContext, 1); +} + +/** + * signon_security_context_new: + * + * Allocates a new security context item. + * + * Returns: (transfer full) allocated #SignonSecurityContext. + */ +SignonSecurityContext * +signon_security_context_new () +{ + SignonSecurityContext *ctx; + + ctx = _security_context_alloc (); + ctx->sys_ctx = g_strdup (""); + ctx->app_ctx = g_strdup (""); + + return ctx; +} + +/** + * signon_security_context_new_from_vaues: + * @system_context: system security context (such as SMACK/MSSF label/token). + * @application_context: application security context (such as a script name). + * + * Allocates and initializes a new security context item. + * + * Returns: (transfer full) allocated #SignonSecurityContext. + */ +SignonSecurityContext * +signon_security_context_new_from_values (const gchar *system_context, + const gchar *application_context) +{ + SignonSecurityContext *ctx; + + g_return_val_if_fail (system_context != NULL, NULL); + + ctx = _security_context_alloc (); + ctx->sys_ctx = g_strdup (system_context); + if (application_context) + ctx->app_ctx = g_strdup (application_context); + else + ctx->app_ctx = g_strdup (""); + + return ctx; +} + +/** + * signon_security_context_copy: + * @src_ctx: source security context to copy. + * + * Copy a security context item. + * + * Returns: (transfer full) a copy of the #SignonSecurityContex item. + */ +SignonSecurityContext * +signon_security_context_copy (const SignonSecurityContext *src_ctx) +{ + g_return_val_if_fail (src_ctx != NULL, NULL); + + return signon_security_context_new_from_values (src_ctx->sys_ctx, + src_ctx->app_ctx); +} + +/** + * signon_security_context_free: + * @ctx: #SignonSecurityContext to be freed. + * + * Frees a security context item. + */ +void +signon_security_context_free (SignonSecurityContext *ctx) +{ + g_return_if_fail (ctx != NULL); + + g_free (ctx->sys_ctx); + g_free (ctx->app_ctx); + g_free (ctx); +} + +/** + * signon_security_context_set_system_context: + * @ctx: #SignonSecurityContext item. + * @system_context: system security context. + * + * Sets the system context part (such as SMACK label or MSSF token) of the + * #SignonSecurityContext. + */ +void +signon_security_context_set_system_context (SignonSecurityContext *ctx, + const gchar *system_context) +{ + g_return_if_fail (ctx != NULL); + + g_free (ctx->sys_ctx); + ctx->sys_ctx = g_strdup (system_context); +} + +/** + * signon_security_context_get_system_context: + * @ctx: #SignonSecurityContext item. + * + * Get the system context part (such as SMACK label or MSSF token) of the + * #SignonSecurityContext. + * + * Returns: (transfer none) system context. + */ +const gchar * +signon_security_context_get_system_context (const SignonSecurityContext *ctx) +{ + g_return_val_if_fail (ctx != NULL, NULL); + + return ctx->sys_ctx; +} + +/** + * signon_security_context_set_application_context: + * @ctx: #SignonSecurityContext item. + * @application_context: application security context. + * + * Sets the application context part (such as a script name or a web page) of + * the #SignonSecurityContext. + */ +void +signon_security_context_set_application_context (SignonSecurityContext *ctx, + const gchar *application_context) +{ + g_return_if_fail (ctx != NULL); + + g_free (ctx->app_ctx); + ctx->app_ctx = g_strdup (application_context); +} + +/** + * signon_security_context_get_application_context: + * @ctx: #SignonSecurityContext item. + * + * Get the application context part (such as script name or a web page) of + * the #SignonSecurityContext. + * + * Returns: (transfer none) application context. + */ +const gchar * +signon_security_context_get_application_context ( + const SignonSecurityContext *ctx) +{ + g_return_val_if_fail (ctx != NULL, NULL); + + return ctx->app_ctx; +} + +/** + * signon_security_conetxt_build_variant: + * @ctx: #SignonSecurityContext item. + * + * Build a GVariant of type "(ss)" from a #SignonSecurityContext item. + * + * Returns: (transfer full) GVariant construct of a #SignonSecurityContext. + */ +GVariant * +signon_security_context_build_variant (const SignonSecurityContext *ctx) +{ + GVariant *variant; + + g_return_val_if_fail (ctx != NULL, NULL); + + variant = g_variant_new ("(ss)", + ctx->sys_ctx ? ctx->sys_ctx : "", + ctx->app_ctx ? ctx->app_ctx : ""); + + return variant; +} + +/** + * signon_security_context_deconstruct_variant: + * @variant: GVariant item with a #SignonSecurityContext construct. + * + * Builds a #SignonSecurityContext item from a GVariant of type "(ss)". + * + * Returns: (transfer full) #SignonSecurityContext item. + */ +SignonSecurityContext * +signon_security_context_deconstruct_variant (GVariant *variant) +{ + gchar *sys_ctx = NULL; + gchar *app_ctx = NULL; + SignonSecurityContext *ctx; + + g_return_val_if_fail (variant != NULL, NULL); + + g_variant_get (variant, "(ss)", &sys_ctx, &app_ctx); + ctx = signon_security_context_new_from_values (sys_ctx, app_ctx); + g_free (sys_ctx); + g_free (app_ctx); + return ctx; +} + +/** + * signon_security_context_list_build_variant: + * @list: #SignonSecurityContextList item. + * + * Builds a GVariant of type "a(ss)" from a GList of #SignonSecurityContext + * items. + * + * Returns: (transfer full) GVariant construct of a #SignonSecurityContextList. + */ +GVariant * +signon_security_context_list_build_variant ( + const SignonSecurityContextList *list) +{ + GVariantBuilder builder; + GVariant *variant; + SignonSecurityContext *ctx; + + g_variant_builder_init (&builder, G_VARIANT_TYPE_ARRAY); + for ( ; list != NULL; list = g_list_next (list)) + { + ctx = (SignonSecurityContext *) list->data; + g_variant_builder_add_value (&builder, + signon_security_context_build_variant (ctx)); + } + variant = g_variant_builder_end (&builder); + + return variant; +} + +/** + * signon_security_context_list_deconstruct_variant: + * @variant: GVariant item with a list of security context tuples. + * + * Builds a GList of #SignonSecurityContext items from a GVariant of type + * "a(ss)". + * + * Returns: (transfer full) #SignonSecurityContextList item. + */ +SignonSecurityContextList * +signon_security_context_list_deconstruct_variant (GVariant *variant) +{ + SignonSecurityContextList *list = NULL; + GVariantIter iter; + GVariant *value; + + g_return_val_if_fail (variant != NULL, NULL); + + g_variant_iter_init (&iter, variant); + while ((value = g_variant_iter_next_value (&iter))) + { + list = g_list_append ( + list, signon_security_context_deconstruct_variant (value)); + } + + return list; +} + +/** + * signon_security_context_list_copy: + * @src_list: source #SignonSecurityContextList. + * + * Copies a GList of #SignonSecurityContext items. + * + * Returns: (transfer full) #SignonSecurityContextList item. + */ +SignonSecurityContextList * +signon_security_context_list_copy (const SignonSecurityContextList *src_list) +{ + SignonSecurityContext *ctx; + SignonSecurityContextList *dst_list = NULL; + + for ( ; src_list != NULL; src_list = g_list_next (src_list)) + { + ctx = (SignonSecurityContext *) src_list->data; + dst_list = g_list_append ( + dst_list, signon_security_context_copy (ctx)); + } + + return dst_list; +} + +/** + * signon_security_context_list_free: + * @seclist: (transfer full) #SignonSecurityContextList item. + * + * Frees all items and the GList of #SignonSecurityContext. + */ +void +signon_security_context_list_free (SignonSecurityContextList *seclist) +{ + g_list_free_full (seclist, _security_context_free); +} + diff --git a/libsignon-glib/signon-security-context.h b/libsignon-glib/signon-security-context.h new file mode 100644 index 0000000..9c4662a --- /dev/null +++ b/libsignon-glib/signon-security-context.h @@ -0,0 +1,85 @@ +/* vi: set et sw=4 ts=4 cino=t0,(0: */ +/* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of libsignon-glib + * + * Copyright (C) 2012 Intel Corporation. + * + * Contact: Jussi Laako + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef _SIGNON_SECURITY_CONTEXT_H_ +#define _SIGNON_SECURITY_CONTEXT_H_ + +#include + +G_BEGIN_DECLS + +/** + * Security context descriptor. + * + * Practically a string tuple. + * + * @sys_ctx: system context, such as SMACK-label, MSSF token or just a + * binary path. + * @app_ctx: application context, such as a script or a web page. + */ +typedef struct _SignonSecurityContext +{ + gchar *sys_ctx; + gchar *app_ctx; +} SignonSecurityContext; + +/** + * GList of #SignonSecurityContext items. + */ +typedef GList SignonSecurityContextList; + +SignonSecurityContext * signon_security_context_new (); +SignonSecurityContext * signon_security_context_new_from_values ( + const gchar *system_context, + const gchar *application_context); +void signon_security_context_free (SignonSecurityContext *ctx); +SignonSecurityContext * signon_security_context_copy ( + const SignonSecurityContext *src_ctx); +void signon_security_context_set_system_context (SignonSecurityContext *ctx, + const gchar *system_context); +const gchar * signon_security_context_get_system_context ( + const SignonSecurityContext *ctx); +void signon_security_context_set_application_context ( + SignonSecurityContext *ctx, + const gchar *application_context); +const gchar * signon_security_context_get_application_context ( + const SignonSecurityContext *ctx); +GVariant * signon_security_context_build_variant ( + const SignonSecurityContext *ctx); +SignonSecurityContext * signon_security_context_deconstruct_variant ( + GVariant *variant); + +GVariant * signon_security_context_list_build_variant ( + const SignonSecurityContextList *list); +SignonSecurityContextList * signon_security_context_list_deconstruct_variant ( + GVariant *variant); + +SignonSecurityContextList * signon_security_context_list_copy ( + const SignonSecurityContextList *src_list); +void signon_security_context_list_free (SignonSecurityContextList *seclist); + +G_END_DECLS + +#endif /* _SIGNON_SECURITY_CONTEXT_H_ */ + diff --git a/packaging/libsignon-glib.spec b/packaging/libsignon-glib.spec new file mode 100644 index 0000000..e131910 --- /dev/null +++ b/packaging/libsignon-glib.spec @@ -0,0 +1,75 @@ +Name: libsignon-glib +Summary: GLib API for the SSO framework +Version: 1.7.0.20130207git +Release: 3 +Group: System/Libraries +License: LGPL +Source: %{name}-%{version}.tar.bz2 +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +BuildRequires: pkgconfig(gtk-doc) +BuildRequires: pkgconfig(check) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(gobject-2.0) +BuildRequires: pkgconfig(gio-2.0) + +%description +%{summary}. + + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +%{summary}. + + +%prep +%setup -q -n %{name}-%{version} +gtkdocize +autoreconf -f -i + + +%build +%configure --enable-gtk-doc --enable-gtk-doc-html --enable-python +make #%{?_smp_mflags} + + +%install +rm -rf %{buildroot} +%make_install + + +%post -p /sbin/ldconfig + + +%postun -p /sbin/ldconfig + + +%files +%defattr(-,root,root,-) +%doc AUTHORS COPYING ChangeLog INSTALL NEWS README +%{_libdir}/%{name}.so.* + + +%files devel +%defattr(-,root,root,-) +%{_includedir}/%{name}/*.h +%{_libdir}/%{name}.so +%{_libdir}/%{name}.la +%{_libdir}/pkgconfig/%{name}.pc +%{_datadir}/vala/vapi/signon.vapi +%{_datadir}/gtk-doc/html/%{name}/* + + +%changelog +* Thu Feb 07 2013 Jussi Laako - 1.7 +- Update to latest intel branch version + +* Tue Mar 27 2012 Jussi Laako - 1.1 +- Update to latest upstream version + +* Wed Aug 03 2011 Jussi Laako - 1.0 +- Update to latest upstream version diff --git a/tests/check_signon.c b/tests/check_signon.c index 7e79e2a..3873f6c 100644 --- a/tests/check_signon.c +++ b/tests/check_signon.c @@ -4,8 +4,10 @@ * * Copyright (C) 2009-2011 Nokia Corporation. * Copyright (C) 2011-2012 Canonical Ltd. + * Copyright (C) 2012 Intel Corporation. * * Contact: Alberto Mardegan + * Contact: Jussi Laako * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -484,7 +486,8 @@ START_TEST(test_auth_session_process) "mech1", test_auth_session_process_cb, sessionData); - main_loop = g_main_loop_new (NULL, FALSE); + if(!main_loop) + main_loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (main_loop); @@ -662,11 +665,14 @@ START_TEST(test_auth_session_process_after_store) g_type_init(); main_loop = g_main_loop_new (NULL, FALSE); - identity = signon_identity_new (); + identity = signon_identity_new (NULL); fail_unless (SIGNON_IS_IDENTITY (identity), "Failed to initialize the Identity."); info = signon_identity_info_new (); + signon_identity_info_set_owner_from_values (info, "", ""); + signon_identity_info_access_control_list_append (info, + signon_security_context_new_from_values ("*", "*")); signon_identity_info_set_username (info, "Nice user"); signon_identity_store_credentials_with_info (identity, @@ -727,7 +733,10 @@ new_identity() GHashTable *methods; guint id = 0; - identity = signon_identity_new(NULL, NULL); + if (main_loop == NULL) + main_loop = g_main_loop_new (NULL, FALSE); + + identity = signon_identity_new (NULL, NULL); fail_unless (SIGNON_IS_IDENTITY (identity)); methods = g_hash_table_new (g_str_hash, g_str_equal); signon_identity_store_credentials_with_args (identity, @@ -762,19 +771,18 @@ START_TEST(test_get_existing_identity) g_type_init (); g_debug("%s", G_STRFUNC); - - main_loop = g_main_loop_new (NULL, FALSE); guint id = new_identity(); fail_unless (id != 0); - identity = signon_identity_new_from_db(id); + identity = signon_identity_new_from_db (id, NULL); fail_unless (identity != NULL); fail_unless (SIGNON_IS_IDENTITY (identity), "Failed to initialize the Identity."); g_timeout_add (1000, identity_registered_cb, identity); + main_loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (main_loop); end_test (); @@ -786,7 +794,7 @@ START_TEST(test_get_nonexisting_identity) g_type_init (); g_debug("%s", G_STRFUNC); - identity = signon_identity_new_from_db(G_MAXINT); + identity = signon_identity_new_from_db (G_MAXINT, NULL); fail_unless (identity != NULL); fail_unless (SIGNON_IS_IDENTITY (identity), @@ -844,7 +852,6 @@ START_TEST(test_store_credentials_identity) fail_unless (SIGNON_IS_IDENTITY (idty), "Failed to initialize the Identity."); - main_loop = g_main_loop_new (NULL, FALSE); gint last_id = new_identity(); GHashTable *methods = create_methods_hashtable(); @@ -863,6 +870,7 @@ START_TEST(test_store_credentials_identity) g_hash_table_destroy (methods); g_timeout_add (1000, test_quit_main_loop_cb, idty); + main_loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (main_loop); g_object_unref(idty); @@ -955,7 +963,7 @@ START_TEST(test_remove_identity) { g_type_init (); g_debug("%s", G_STRFUNC); - SignonIdentity *idty = signon_identity_new(); + SignonIdentity *idty = signon_identity_new (NULL); fail_unless (idty != NULL); fail_unless (SIGNON_IS_IDENTITY (idty), "Failed to initialize the Identity."); @@ -981,6 +989,7 @@ START_TEST(test_remove_identity) caption, NULL, NULL, + NULL, 0, store_credentials_identity_cb, NULL); @@ -995,7 +1004,7 @@ START_TEST(test_remove_identity) * */ gint id = new_identity(); - SignonIdentity *idty2 = signon_identity_new_from_db (id); + SignonIdentity *idty2 = signon_identity_new_from_db (id, NULL); signon_identity_remove(idty2, identity_remove_cb, NULL); g_main_loop_run (main_loop); @@ -1087,6 +1096,9 @@ static SignonIdentityInfo *create_standard_info() { g_debug("%s", G_STRFUNC); SignonIdentityInfo *info = signon_identity_info_new (); + signon_identity_info_set_owner_from_values (info, "", ""); + signon_identity_info_access_control_list_append (info, + signon_security_context_new_from_values ("*", "*")); signon_identity_info_set_username (info, "James Bond"); signon_identity_info_set_secret (info, "007", TRUE); signon_identity_info_set_caption (info, "caption"); @@ -1109,7 +1121,7 @@ START_TEST(test_info_identity) { g_debug("%s", G_STRFUNC); g_type_init (); - SignonIdentity *idty = signon_identity_new(); + SignonIdentity *idty = signon_identity_new (NULL); fail_unless (idty != NULL); fail_unless (SIGNON_IS_IDENTITY (idty), "Failed to initialize the Identity."); @@ -1132,6 +1144,7 @@ START_TEST(test_info_identity) "caption", NULL, NULL, + NULL, 0, store_credentials_identity_cb, NULL); @@ -1159,7 +1172,7 @@ START_TEST(test_info_identity) gint id = signon_identity_info_get_id (info); fail_unless (id != 0); - SignonIdentity *idty2 = signon_identity_new_from_db (id); + SignonIdentity *idty2 = signon_identity_new_from_db (id, NULL); signon_identity_query_info (idty2, identity_info_cb, &info); g_main_loop_run (main_loop); @@ -1224,7 +1237,7 @@ START_TEST(test_signout_identity) { g_debug("%s", G_STRFUNC); g_type_init (); - SignonIdentity *idty = signon_identity_new(); + SignonIdentity *idty = signon_identity_new (NULL); fail_unless (idty != NULL); fail_unless (SIGNON_IS_IDENTITY (idty), "Failed to initialize the Identity."); @@ -1241,7 +1254,7 @@ START_TEST(test_signout_identity) g_main_loop_run (main_loop); gint id = signon_identity_info_get_id (info); - SignonIdentity *idty2 = signon_identity_new_from_db (id); + SignonIdentity *idty2 = signon_identity_new_from_db (id, NULL); /* wait some more time to ensure that the object gets registered */ g_timeout_add_seconds (2, test_quit_main_loop_cb, main_loop); @@ -1277,8 +1290,6 @@ START_TEST(test_signout_identity) g_object_unref (idty); g_object_unref (idty2); - - end_test (); } END_TEST @@ -1286,7 +1297,7 @@ START_TEST(test_unregistered_identity) { g_type_init (); g_debug("%s", G_STRFUNC); - SignonIdentity *idty = signon_identity_new(); + SignonIdentity *idty = signon_identity_new (NULL); fail_unless (idty != NULL); fail_unless (SIGNON_IS_IDENTITY (idty), "Failed to initialize the Identity."); @@ -1304,7 +1315,7 @@ START_TEST(test_unregistered_identity) * give the time for identity to became idle * */ sleep(SIGNOND_IDLE_TIMEOUT); - SignonIdentity *idty2 = signon_identity_new(); + SignonIdentity *idty2 = signon_identity_new (NULL); /* * give time to handle unregistered signal @@ -1316,8 +1327,6 @@ START_TEST(test_unregistered_identity) g_object_unref (idty); g_object_unref (idty2); - - end_test (); } END_TEST @@ -1325,7 +1334,7 @@ START_TEST(test_unregistered_auth_session) { g_debug("%s", G_STRFUNC); g_type_init (); - SignonIdentity *idty = signon_identity_new(); + SignonIdentity *idty = signon_identity_new (NULL); fail_unless (idty != NULL); fail_unless (SIGNON_IS_IDENTITY (idty), "Failed to initialize the Identity."); @@ -1344,7 +1353,7 @@ START_TEST(test_unregistered_auth_session) * give the time for identity to became idle * */ sleep(SIGNOND_IDLE_TIMEOUT); - SignonIdentity *idty2 = signon_identity_new(); + SignonIdentity *idty2 = signon_identity_new (NULL); /* * give time to handle unregistered signal @@ -1431,7 +1440,7 @@ START_TEST(test_regression_unref) session_data, "mech1", test_regression_unref_process_cb, - "Hi there!"); + g_strdup ("Hi there!")); g_main_loop_run (main_loop); end_test (); -- 2.34.1