--- /dev/null
+.deps/
+.libs/
+.*.swp
+Makefile
+Makefile.in
+aclocal.m4
+/build-aux/
+configure
+config.*
+/docs/reference/html/
+/docs/reference/libgsignon-glib*
+/docs/reference/libgsignon-glib-sections.txt
+/docs/reference/version.xml
+/docs/reference/xml/
+gtk-doc.make
+examples/gsso-example
+/INSTALL
+/libgsignon-glib/signon-errors-map.c
+/libgsignon-glib/signon-marshal.c
+/libgsignon-glib/signon-marshal.h
+/libgsignon-glib/sso-*-gen.*
+/libgsignon-glib/sso-*-gen-doc-*
+libtool
+m4/gtk-doc.m4
+m4/libtool.m4
+m4/lt*.m4
+patches/
+stamp-h1
+*~
+*.cache
+*.gir
+*.la
+*.lo
+*.o
+*.pc
+*.stamp
+*.typelib
+*.tar.*
AM_DISTCHECK_CONFIGURE_FLAGS = \
--enable-gtk-doc \
--enable-introspection=yes
-SUBDIRS = libgsignon-glib docs
+SUBDIRS = libgsignon-glib docs examples
if ENABLE_PYTHON
SUBDIRS += pygobject
m4/introspection.m4
dist-hook: git-changelog-hook
+ @echo
+ @echo "==== Run 'make update-online-doc' to update online documentation ===="
+ @echo
git-changelog-hook: Makefile
$(AM_V_at)if $(top_srcdir)/build-aux/missing --run git \
EXTRA_DIST = dists tools
.PHONY: git-changelog-hook
+
+update-online-doc:
+ @tar zxf $(PACKAGE)-$(VERSION).tar.gz && \
+ pushd . > /dev/null && \
+ cd .. && \
+ git clone https://code.google.com/p/accounts-sso.gsignon-docs/ ; \
+ cd accounts-sso.gsignon-docs && \
+ git pull ; \
+ mkdir -p $(PACKAGE) && \
+ rm -rf $(PACKAGE)/* && \
+ popd > /dev/null && \
+ cp -rf $(PACKAGE)-$(VERSION)/docs/reference/html/* ../accounts-sso.gsignon-docs/$(PACKAGE)/ && \
+ pushd . > /dev/null && \
+ cd ../accounts-sso.gsignon-docs && \
+ git add $(PACKAGE)/* && \
+ git commit -m "Updated documentation for $(PACKAGE) to version $(VERSION)" && \
+ git push ; \
+ popd > /dev/null && \
+ rm -rf $(PACKAGE)-$(VERSION)
\ No newline at end of file
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ([2.64])
AC_INIT([libgsignon-glib],
- [2.0.1],
+ [2.0.2],
[http://code.google.com/p/accounts-sso/issues/entry],
[libgsignon-glib],
[http://code.google.com/p/accounts-sso/])
docs/reference/version.xml
tests/Makefile
pygobject/Makefile
+ examples/Makefile
])
AC_OUTPUT
--- /dev/null
+The Debian Package libgsignon-glib
+----------------------------------
+
+This is default Debian packaging for libgsignon-glib.
+
+ -- Jussi Laako <jussi.laako@linux.intel.com> Thu, 04 Jul 2013 15:28:50 +0300
--- /dev/null
+libgsignon-glib (2.0.1-2) unstable; urgency=low
+
+ * Produce a separate debug symbols package
+
+ -- Jussi Laako <jussi.laako@linux.intel.com> Wed, 10 Jul 2013 15:08:00 +0300
+
+libgsignon-glib (2.0.1-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Jussi Laako <jussi.laako@linux.intel.com> Thu, 04 Jul 2013 15:28:50 +0300
--- /dev/null
+Source: libgsignon-glib
+Section: net
+Priority: extra
+Maintainer: Jussi Laako <jussi.laako@linux.intel.com>
+Build-Depends: debhelper (>= 8.0.0), autotools-dev, pkg-config, libdbus-1-dev, gtk-doc-tools, gobject-introspection, libglib2.0-dev, libgirepository1.0-dev
+Standards-Version: 3.9.2
+Homepage: https://01.org/gsso
+Vcs-Git: http://code.google.com/p/accounts-sso.libgsignon-glib/
+Vcs-Browser: http://code.google.com/p/accounts-sso/source/browse/?repo=libgsignon-glib
+
+Package: libgsignon-glib
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: gSSO client library
+ gSSO is a single sign-on framework, providing secure storage and single sign-on service.
+
+Package: libgsignon-glib-dev
+Architecture: any
+Depends: libgsignon-glib (= ${binary:Version}), ${misc:Depends}
+Description: development files for libgsignon-glib
+ Headers and libraries necessary for developing applications using gSSO.
+
+Package: libgsignon-glib-dbg
+Architecture: any
+Depends: libgsignon-glib (= ${binary:Version}), ${misc:Depends}
+Description: debug symbols for libgsignon-glib
+ Debug symbols necessary for debugging applications using gSSO.
+
+Package: libgsignon-glib-doc
+Architecture: all
+Description: documentation for libgsignon-glib
+ Developer documentation for developing applications using gSSO.
+
--- /dev/null
+Format: http://dep.debian.net/deps/dep5
+Upstream-Name: libgsignon-glib
+Source: http://code.google.com/p/accounts-sso/source/checkout?repo=libgsignon-glib
+
+Files: *
+Copyright: 2009 - 2010 Nokia Corporation
+ 2012 - 2013 Intel Corporation
+ 2012 - 2013 Canonical Ltd
+License: LGPL-2.1+
+
+Files: debian/*
+Copyright: 2013 Jussi Laako <jussi.laako@linux.intel.com>
+License: LGPL-2.1+
+
+License: LGPL-2.1+
+ This package is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU Lesser General
+ Public License can be found in "/usr/share/common-licenses/LGPL-2.1".
+
+# Please also look if there are files or directories which have a
+# different copyright/license attached and list them here.
--- /dev/null
+AUTHORS
+NEWS
+README
--- /dev/null
+/usr/lib/libgsignon-glib.so.*
--- /dev/null
+/usr/include/libgsignon-glib/*
+/usr/lib/libgsignon-glib.so
+/usr/lib/libgsignon-glib*.la
+/usr/lib/pkgconfig/libgsignon-glib.pc
+/usr/lib/girepository-1.0/gSignon-1.0.typelib
--- /dev/null
+/usr/share/gtk-doc/html/libgsignon-glib/*
--- /dev/null
+#!/bin/sh
+# postinst script for libgsignon-glib
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ configure)
+ ldconfig
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# postrm script for libgsignon-glib
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ldconfig
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# preinst script for libgsignon-glib
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ install)
+ ;;
+ upgrade)
+ ;;
+
+ abort-upgrade)
+ ;;
+
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# prerm script for libgsignon-glib
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <prerm> `remove'
+# * <old-prerm> `upgrade' <new-version>
+# * <new-prerm> `failed-upgrade' <old-version>
+# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+# * <deconfigured's-prerm> `deconfigure' `in-favour'
+# <package-being-installed> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ remove|upgrade|deconfigure)
+ ;;
+
+ failed-upgrade)
+ ;;
+
+ *)
+ echo "prerm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+DEB_CONFIGURE_EXTRA_FLAGS += --enable-dbus-type=session
+
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+%:
+ dh $@ --parallel
+
+override_dh_auto_configure:
+ dh_auto_configure -- --enable-dbus-type=session --enable-gtk-doc --enable-introspection=yes
+
+.PHONY: override_dh_auto_test
+override_dh_auto_test:
+ true
+
+.PHONY: override_dh_strip
+override_dh_strip:
+ dh_strip --dbg-package=libgsignon-glib-dbg
+
--- /dev/null
+3.0 (native)
Name: libgsignon-glib
Summary: GLib API for the SSO framework
-Version: 2.0.1
-Release: 1
+Version: 2.0.2
+Release: 4
Group: System/Libraries
-License: LGPL
+License: LGPL-2.1+
Source: %{name}-%{version}.tar.gz
+URL: https://01.org/gsso
Requires: dbus-1
+Requires: gsignon
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
BuildRequires: pkgconfig(gtk-doc)
%{summary}.
+%debug_package
+
+
%prep
%setup -q -n %{name}-%{version}
gtkdocize
%{_datadir}/gir-1.0/gSignon-1.0.gir
#%{_datadir}/vala/vapi/gsignon.vapi
%{_datadir}/gtk-doc/html/%{name}/*
+%{_bindir}/gsso-example
%changelog
+* Fri Nov 22 2013 Imran Zaman <imran.zaman@intel.com>
+- Release 2.0.2 that fixes package licensing info and added docs
+
* Mon Jun 24 2013 Imran Zaman <imran.zaman@intel.com>
- Release 2.0.1 that comprises of bug fixes
+* Fri Nov 22 2013 Imran Zaman <imran.zaman@intel.com>
+- Release 2.0.2 that fixes package licensing info and added docs
+
* Mon Jun 24 2013 Imran Zaman <imran.zaman@intel.com>
- Release 2.0.1 that comprises of bug fixes
Name: libgsignon-glib
Summary: GLib API for the SSO framework
-Version: 2.0.1
-Release: 1
+Version: 2.0.2
+Release: 4
Group: System/Libraries
-License: LGPL
+License: LGPL-2.1+
Source: %{name}-%{version}.tar.gz
+URL: https://01.org/gsso
Requires: dbus-1
+Requires: gsignon
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
BuildRequires: pkgconfig(check)
%{_includedir}/%{name}/*.h
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/%{name}.pc
+%{_libdir}/girepository-1.0/gSignon-1.0.typelib
+%{_datadir}/gir-1.0/gSignon-1.0.gir
%{_datadir}/gtk-doc/html/%{name}/*
+%{_bindir}/gsso-example
# Extra options to supply to gtkdoc-mkdb.
# e.g. MKDB_OPTIONS=--sgml-mode --output-format=xml
-MKDB_OPTIONS=--source-dir=$(top_srcdir)/libgsignon-glib --sgml-mode --output-format=xml --name-space=signon
+MKDB_OPTIONS=--source-dir=$(top_srcdir)/libgsignon-glib --sgml-mode --output-format=xml --name-space=signon \
+--ignore-files="sso-auth-service-gen.c sso-auth-session-gen.c sso-identity-gen.c"
# Extra options to supply to gtkdoc-fixref. Not normally needed.
# e.g. FIXXREF_OPTIONS=--extra-dir=../gdk-pixbuf/html --extra-dir=../gdk/html
-FIXXREF_OPTIONS=
+FIXXREF_OPTIONS=--extra-dir=../../../accounts-sso.gsignond/docs/html
# Used for dependencies. The docs will be rebuilt if any of these change.
# e.g. HFILE_GLOB=$(top_srcdir)/gtk/*.h
signon-client-glib-gen.h \
signon-identity-glib-gen.h \
signon-dbus-queue.h \
+ signon-enum-types.h \
signon-internals.h \
signon-proxy.h \
+ signon-types.h \
signon-utils.h \
signon-marshal.h \
sso-auth-service-gen.h \
sso-auth-service.h \
sso-auth-session-gen.h \
- sso-identity-gen.h
+ sso-identity-gen.h \
+ stamp-signon-enum-types.h
# Images to copy into HTML directory.
# e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png
if ENABLE_GTK_DOC
TESTS = $(GTKDOC_CHECK)
endif
+
+CLEANFILES += $(DOC_MODULE)-*.txt $(DOC_MODULE).types
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+<refentry id="gsso-examples">
+ <refmeta>
+ <refentrytitle>gSSO usage examples</refentrytitle>
+ </refmeta>
+
+ <refsect1 id="intro">
+ <title>Introduction</title>
+ <para>
+ libgsignond-glib comes with an example application <application>gsso-example</application>
+ that demonstrates the most common use cases: listing available authentication methods and
+ their mechanisms, creating and removing identities and performing authentication
+ sessions.
+ </para>
+ <para>
+ Before running the example application, make sure that gSSO daemon and
+ gSSO UI (that is appropriate for your system) are installed and configured
+ correctly.
+ </para>
+ <para>
+ The source code for the example application is available at
+ <ulink url="http://code.google.com/p/accounts-sso/source/browse/examples/gsso-example.c?repo=libgsignon-glib&name=master">
+ http://code.google.com/p/accounts-sso/source/browse/examples/gsso-example.c?repo=libgsignon-glib&name=master</ulink>
+ </para>
+ <para>
+ The full list of available <application>gsso-example</application> options can be
+ obtained with <userinput>gsso-example --help-all</userinput>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Authentication methods and mechanisms</title>
+ <para>
+ The list of available authentication methods can be obtained with
+ <userinput>--query-methods</userinput>:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --query-methods</userinput>:
+Available authentication methods:
+ password
+ oauth
+ digest
+ </computeroutput></literallayout>
+ </para>
+ <para>
+ For each of the available authentication methods it's possible to query
+ available authentication mechanisms with
+ <userinput>gsso-example --query-mechanisms=method</userinput>:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --query-mechanisms=oauth</userinput>
+Available authentication mechanisms for method oauth:
+ oauth1
+ oauth2
+ </computeroutput></literallayout>
+ </para>
+
+ </refsect1>
+ <refsect1>
+ <title>Identity management</title>
+ <para>
+ The list of stored identities that the gsso-example application is allowed
+ to use can be obtained with <userinput>gsso-example --query-identities</userinput>:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --query-identities</userinput>
+Available identities:
+ id=27 caption='My test identity'
+ id=28 caption='Another test identity'
+ </computeroutput></literallayout>
+ </para>
+ <para>
+ To create an identity, use <userinput>--create-identity</userinput> option
+ with identity caption (user-readable name) and <userinput>--identity-method</userinput>
+ with the authentication method that the identity will be using.
+ <literallayout><computeroutput>
+<userinput>> gsso-example --create-identity="My test identity" --identity-method=password</userinput>
+Identity stored with id 28
+ </computeroutput></literallayout>
+ </para>
+ <para>
+ To remove an identity, use <userinput>--remove-identity</userinput> option
+ with identity id:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --remove-identity=28</userinput>
+Identity removed
+ </computeroutput></literallayout>
+ </para>
+ </refsect1>
+ <refsect1>
+ <title>Using 'password' authentication method</title>
+ <para>
+ 'password' authentication simply returns to the application the username
+ and the password associated with an identity. If they haven't been stored
+ in gSSO secret database, they're asked from the user through gSSO UI.
+ </para>
+ <para>
+ To use the method, first create an identity with authentication method
+ set to 'password' (as shown above), note its identitiy id and then run:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --get-password=27</userinput>
+Geting password
+Got response: {'UserName': <'megauser'>, 'Secret': <'megapassword'>}
+ </computeroutput></literallayout>
+ </para>
+ </refsect1>
+ <refsect1>
+ <title>Using 'oauth' authentication method</title>
+ <para>
+ 'oauth' authentication method is used to obtain an OAuth1 or OAuth2
+ authentication token from a remote service over HTTP. An application
+ needs to supply a few service-specific parameters when initiating the
+ authentication. gSSO example application supports obtaining an oauth
+ token from Google service (google-specific parameters are hardcoded
+ into the app source code).
+ </para>
+ <para>
+ Obtaining an OAuth token may also include authorization of the application
+ by the user, which is done through user interaction with the service webpages
+ that are shown by gSSO UI. From the application point of view this authorization
+ happens completely transparently behind the scenes.
+ </para>
+ <para>
+ Before trying the example, if you're behind a proxy, and are using
+ the Gtk-based gSSO UI, make sure that your GNOME proxy settings are
+ correctly configured, either via GNOME UI, or via command line:
+ <literallayout><computeroutput>
+<userinput>> gsettings list-recursively org.gnome.system.proxy</userinput>
+ </computeroutput></literallayout>
+ To set the proxy, use:
+ <literallayout><computeroutput>
+<userinput>> gsettings set org.gnome.system.proxy mode 'manual'
+> gsettings set org.gnome.system.proxy.http port 8080
+> gsettings set org.gnome.system.proxy.http host 'myproxy.domain.lan'</userinput>
+ </computeroutput></literallayout>
+ To disable the proxy, use
+ <literallayout><computeroutput>
+<userinput>> gsettings set org.gnome.system.proxy mode 'none'</userinput>
+ </computeroutput></literallayout>
+ See all available configurations keys here:
+ <ulink url="http://developer.gnome.org/ProxyConfiguration/">
+ http://developer.gnome.org/ProxyConfiguration/</ulink>
+ </para>
+ <para>
+ You would also need a client identifier and key from Google. Instructions
+ about how to get them are available at
+ <ulink url="https://developers.google.com/console/help/#generatingoauth2">https://developers.google.com/console/help/#generatingoauth2</ulink>
+ </para>
+ <para>
+ Once the above are settled, create an identity with 'oauth' method
+ (as shown above) and issue:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --get-google-token=12 --client-id=xxxxxxx.apps.googleusercontent.com --client-secret=yyyyyyyyyyyyy</userinput>
+Geting token
+Got response: {'Scope': <'email'>, 'AccessToken': <'tokenvalue'>,
+ 'TokenParameters': <@a{sv} {}>, 'TokenType': <'Bearer'>,
+ 'RefreshToken': <'refreshtokenvalue'>, 'Duration': <int64 3600>,
+ 'Timestamp': <int64 1377707888>}
+ </computeroutput></literallayout>
+ </para>
+ </refsect1>
+</refentry>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+<refentry id="gsso-intro">
+ <refmeta>
+ <refentrytitle>gSSO introduction</refentrytitle>
+ </refmeta>
+
+ <refsect1>
+ <title>What is gSSO?</title>
+ <para>
+ gSSO is a framework for centrally storing authentication credentials
+ and handling authentication on behalf of applications as requested by
+ them. It consists of a gSSO daemon that implements secure storage of
+ login credentials (for example usernames and passwords), plugins for
+ different authentication systems and a client library (libgsignond-glib)
+ for applications to communicate with this system.
+ </para>
+ <para>
+ By using this client library, an application can authenticate to a
+ (usually remote) service using an existing set of credentials, and manage
+ the credentials database as well (subject to access restrictions).
+ </para>
+ <para>
+ Some authentication methods require interaction with the user, for example
+ to request a username and password, or to show a webpage with which the
+ user is expected to interact. This functionality is provided by gSSO UI
+ component, and it's completely invisible from the applications' point
+ of view.
+ </para>
+ <para>
+ The client library (libgsignond-glib) interacts with gSSO daemon through
+ D-Bus. These D-Bus APIs should not be used directly as they are not documented, subject
+ to change and don't come with backwards compatibility guarantees.
+ </para>
+ </refsect1>
+ <refsect1>
+ <title>Terminology</title>
+ <para>
+ gSSO is built around a few key concepts which are explained below:
+ <itemizedlist>
+ <listitem>
+ <para>
+ <systemitem>Authentication service</systemitem>: the top level
+ object representing the gSSO service. It can be used to query
+ existing identities, available
+ authentication menthods and their mechanisms. Authentication
+ service is represented in the client library by
+ <link linkend="SignonAuthService">SignonAuthService objects</link>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>Identity</systemitem>: This is a local object representing a record in the
+ credentials DB. It contains information about the username and password (the
+ latter is write-only), plus some metadata such as a descriptive caption, access
+ control list, reference count, and other metadata. Identities are identified by
+ numeric identity IDs and represented in the client library by <link linkend="SignonIdentity">
+ SignonIdentity</link> objects.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>Security context</systemitem>: The information that is used by gSSO daemon
+ to make access control decisions when applications try to access identities
+ for reading, writing, or starting authentication sessions. Security contexts
+ consist of two strings: the system context which identifies the application process,
+ and application context which identifies what the application process is doing. Security
+ contexts are represented in the client library by <link linkend="SignonSecurityContext">
+ SignonSecurityContext</link> objects.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>Authentication method</systemitem>: the SSO daemon supports different
+ authentication methods, each implemented by a plugin. Well known examples of
+ authentication methods include <ulink url="http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer">SASL</ulink>,
+ or <ulink url="http://en.wikipedia.org/wiki/Oauth">OAuth</ulink>. Authentication methods
+ might support different authentication mechanisms, which are method-specific variants of authentication process.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>Authentication session</systemitem>: the process of performing the authentication.
+ It is represented in the client library by <link linkend="SignonAuthSession">SignonAuthSession objects</link>.
+ Authentication sessions are started from existing identites.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </refsect1>
+</refentry>
\ No newline at end of file
<title>libgsignon-glib Reference Manual</title>
<releaseinfo>
This document is for libgsignon-glib, version &version;. The latest
- version of this documentation can be built from the source code at
- <ulink role="online-location" url="https://code.google.com/p/accounts-sso/source/checkout?repo=libgsignon-glib">https://code.google.com/p/accounts-sso/source/checkout?repo=libgsignon-glib</ulink>.
+ version of this documentation can be found on-line at
+ <ulink role="online-location" url="http://gsignon-docs.accounts-sso.googlecode.com/git/libgsignon-glib/index.html">
+ http://gsignon-docs.accounts-sso.googlecode.com/git/libgsignon-glib/index.html</ulink>.
</releaseinfo>
</bookinfo>
<part id="libgsignon-glib-overview">
- <title>libgsignon-glib Overview</title>
+ <title>gSSO Overview</title>
- <partintro>
- <para>
- libgsignon-glib provides authorization and authentication management for
- GLib applications.
- </para>
- </partintro>
+ <xi:include href="introduction.xml"/>
+ <xi:include href="examples.xml"/>
</part>
<part id="libgsignon-glib-objects">
<chapter id="credential-management">
<title>Credential management</title>
<xi:include href="xml/signon-auth-service.xml"/>
- <xi:include href="xml/signon-auth-session.xml"/>
- <xi:include href="xml/signon-errors.xml"/>
<xi:include href="xml/signon-identity.xml"/>
<xi:include href="xml/signon-identity-info.xml"/>
<xi:include href="xml/signon-security-context.xml"/>
+ <xi:include href="xml/signon-auth-session.xml"/>
+ <xi:include href="xml/signon-errors.xml"/>
</chapter>
</part>
- <part id="signond-dbus-api">
- <title>signond D-Bus API</title>
-
- <partintro>
- <para>
- The signond D-Bus APIs are unstable, subject to change and should not be
- used by client applications, which should use libgsignon-glib or
- libgsignon-qt instead.
- </para>
- </partintro>
-
- <xi:include href="../../libgsignon-glib/sso-auth-service-gen-doc-com.google.code.AccountsSSO.gSingleSignOn.AuthService.xml"/>
- <xi:include href="../../libgsignon-glib/sso-auth-session-gen-doc-com.google.code.AccountsSSO.gSingleSignOn.AuthSession.xml"/>
- <xi:include href="../../libgsignon-glib/sso-identity-gen-doc-com.google.code.AccountsSSO.gSingleSignOn.Identity.xml"/>
- </part>
-
<part id="appendices">
<title>Appendices</title>
<index id="api-index-full">
+++ /dev/null
-<SECTION>
-<FILE>signon-auth-service</FILE>
-<TITLE>SignonAuthService</TITLE>
-SignonAuthService
-SignonQueryMechanismCb
-SignonQueryMethodsCb
-SignonQueryIdentitiesCb
-signon_auth_service_new
-signon_auth_service_query_mechanisms
-signon_auth_service_query_methods
-signon_auth_service_query_identities
-<SUBSECTION Private>
-SignonAuthServiceClass
-SignonAuthServicePrivate
-<SUBSECTION Standard>
-SIGNON_AUTH_SERVICE
-SIGNON_AUTH_SERVICE_CLASS
-SIGNON_AUTH_SERVICE_GET_CLASS
-SIGNON_IS_AUTH_SERVICE
-SIGNON_IS_AUTH_SERVICE_CLASS
-SIGNON_TYPE_AUTH_SERVICE
-signon_auth_service_get_type
-</SECTION>
-
-<SECTION>
-<FILE>signon-auth-session</FILE>
-<TITLE>SignonAuthSession</TITLE>
-SIGNON_SESSION_DATA_CAPTION
-SIGNON_SESSION_DATA_PROXY
-SIGNON_SESSION_DATA_REALM
-SIGNON_SESSION_DATA_RENEW_TOKEN
-SIGNON_SESSION_DATA_SECRET
-SIGNON_SESSION_DATA_TIMEOUT
-SIGNON_SESSION_DATA_UI_POLICY
-SIGNON_SESSION_DATA_USERNAME
-SIGNON_SESSION_DATA_WINDOW_ID
-SignonAuthSession
-SignonAuthSessionProcessCb
-SignonAuthSessionQueryAvailableMechanismsCb
-SignonSessionDataUiPolicy
-signon_auth_session_cancel
-signon_auth_session_get_method
-signon_auth_session_new
-signon_auth_session_process
-signon_auth_session_process_async
-signon_auth_session_process_finish
-signon_auth_session_query_available_mechanisms
-<SUBSECTION Private>
-SignonAuthSessionClass
-SignonAuthSessionPrivate
-SIGNON_DEPRECATED
-SIGNON_DEPRECATED_FOR
-G_DEPRECATED
-G_DEPRECATED_FOR
-<SUBSECTION Standard>
-SIGNON_AUTH_SESSION
-SIGNON_AUTH_SESSION_CLASS
-SIGNON_AUTH_SESSION_GET_CLASS
-SIGNON_IS_AUTH_SESSION
-SIGNON_IS_AUTH_SESSION_CLASS
-SIGNON_TYPE_AUTH_SESSION
-SIGNON_TYPE_SESSION_DATA_UI_POLICY
-signon_auth_session_get_type
-signon_session_data_ui_policy_get_type
-</SECTION>
-
-<SECTION>
-<FILE>signon-errors</FILE>
-SignonError
-<SUBSECTION Private>
-signon_error_quark
-<SUBSECTION Standard>
-SIGNON_ERROR
-SIGNON_TYPE_ERROR
-signon_error_get_type
-</SECTION>
-
-<SECTION>
-<FILE>signon-identity</FILE>
-<TITLE>SignonIdentity</TITLE>
-SignonIdentity
-SignonIdentityFilter
-SignonIdentityList
-SignonIdentityInfoCb
-SignonIdentityReferenceAddedCb
-SignonIdentityReferenceRemovedCb
-SignonIdentityRemovedCb
-SignonIdentitySignedOutCb
-SignonIdentityStoreCredentialsCb
-SignonIdentityVerifyCb
-SignonIdentityVoidCb
-SignonIdentitySessionReadyCb
-signon_identity_add_reference
-signon_identity_create_session
-signon_identity_get_last_error
-signon_identity_new
-signon_identity_new_from_db
-signon_identity_query_info
-signon_identity_remove
-signon_identity_remove_reference
-signon_identity_signout
-signon_identity_store_credentials_with_args
-signon_identity_store_credentials_with_info
-signon_identity_verify_secret
-signon_identity_get_auth_session
-signon_identity_info_access_control_list_append
-signon_identity_info_get_owner
-signon_identity_info_set_methods
-signon_identity_info_set_owner
-signon_identity_info_set_owner_from_values
-<SUBSECTION Private>
-SignonIdentityClass
-SignonIdentityPrivate
-<SUBSECTION Standard>
-SIGNON_IDENTITY
-SIGNON_IDENTITY_CLASS
-SIGNON_IDENTITY_GET_CLASS
-SIGNON_IS_IDENTITY
-SIGNON_IS_IDENTITY_CLASS
-SIGNON_TYPE_IDENTITY
-signon_identity_get_type
-</SECTION>
-
-<SECTION>
-<FILE>signon-identity-info</FILE>
-<TITLE>SignonIdentityInfo</TITLE>
-SignonIdentityInfo
-SignonIdentityType
-signon_identity_info_copy
-signon_identity_info_free
-signon_identity_info_get_access_control_list
-signon_identity_info_get_caption
-signon_identity_info_get_id
-signon_identity_info_get_identity_type
-signon_identity_info_get_methods
-signon_identity_info_get_realms
-signon_identity_info_get_storing_secret
-signon_identity_info_get_username
-signon_identity_info_new
-signon_identity_info_remove_method
-signon_identity_info_set_access_control_list
-signon_identity_info_set_caption
-signon_identity_info_set_identity_type
-signon_identity_info_set_method
-signon_identity_info_set_realms
-signon_identity_info_set_secret
-signon_identity_info_set_username
-<SUBSECTION Standard>
-SIGNON_TYPE_IDENTITY_TYPE
-signon_identity_info_get_type
-signon_identity_type_get_type
-</SECTION>
-
-<SECTION>
-<FILE>signon-security-context</FILE>
-<TITLE>SignonSecurityContext</TITLE>
-SignonSecurityContext
-SignonSecurityContextList
-signon_security_context_new
-signon_security_context_new_from_values
-signon_security_context_copy
-signon_security_context_free
-signon_security_context_set_system_context
-signon_security_context_get_system_context
-signon_security_context_set_application_context
-signon_security_context_get_application_context
-signon_security_context_build_variant
-signon_security_context_deconstruct_variant
-signon_security_context_list_build_variant
-signon_security_context_list_deconstruct_variant
-signon_security_context_list_copy
-signon_security_context_list_free
-<SUBSECTION Standard>
-signon_security_context_get_type
-</SECTION>
--- /dev/null
+## Process this file with automake to produce Makefile.in
+
+bin_PROGRAMS = gsso-example
+
+gsso_example_SOURCES = gsso-example.c
+gsso_example_CPPFLAGS = \
+ -I$(top_srcdir) \
+ $(DEPS_CFLAGS)
+gsso_example_LDADD = \
+ $(DEPS_LIBS) \
+ $(top_builddir)/libgsignon-glib/libgsignon-glib.la
--- /dev/null
+/* vi: set et sw=4 ts=4 cino=t0,(0: */
+/* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * Copyright (C) 2013 Intel Corporation.
+ *
+ * Contact: Alexander Kanavin <alex.kanavin@gmail.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <glib.h>
+#include <stdlib.h>
+#include "libgsignon-glib/signon-auth-service.h"
+#include "libgsignon-glib/signon-identity.h"
+
+static void
+signon_query_methods_cb (SignonAuthService *auth_service, gchar **methods,
+ const GError *error, gpointer user_data)
+{
+ if (error)
+ {
+ g_warning ("%s: %s", G_STRFUNC, error->message);
+ g_main_loop_quit (user_data);
+ return;
+ }
+
+ gchar **pmethods = methods;
+
+ g_print("Available authentication methods:\n");
+ while (*pmethods)
+ {
+ g_print("\t%s\n", *pmethods);
+ pmethods++;
+ }
+ if (methods) g_strfreev (methods);
+ g_main_loop_quit (user_data);
+}
+
+static void query_auth_methods(GMainLoop* main_loop)
+{
+ SignonAuthService* auth_service = signon_auth_service_new();
+
+ signon_auth_service_query_methods (auth_service,
+ signon_query_methods_cb,
+ main_loop);
+ g_main_loop_run(main_loop);
+
+ g_object_unref(auth_service);
+}
+
+static void
+signon_query_mechanisms_cb (SignonAuthService *auth_service,
+ const gchar *method,
+ gchar **mechanisms,
+ const GError *error,
+ gpointer user_data)
+{
+ if (error)
+ {
+ g_warning ("%s: %s", G_STRFUNC, error->message);
+ g_main_loop_quit (user_data);
+ return;
+ }
+
+ gchar **pmechanisms = mechanisms;
+
+ g_print("Available authentication mechanisms for method %s:\n", method);
+ while (*pmechanisms)
+ {
+ g_print("\t%s\n", *pmechanisms);
+ pmechanisms++;
+ }
+ if (mechanisms) g_strfreev (mechanisms);
+ g_main_loop_quit (user_data);
+}
+
+static void query_auth_mechanisms(GMainLoop* main_loop, const gchar* method)
+{
+ SignonAuthService* auth_service = signon_auth_service_new();
+
+ signon_auth_service_query_mechanisms (auth_service,
+ method,
+ signon_query_mechanisms_cb,
+ main_loop);
+ g_main_loop_run(main_loop);
+
+ g_object_unref(auth_service);
+}
+
+static void signon_query_identities_cb (SignonAuthService *auth_service,
+ SignonIdentityList *identity_list, const GError *error, gpointer user_data)
+{
+ GList *iter = identity_list;
+
+ if (error)
+ {
+ g_warning ("%s: %s", G_STRFUNC, error->message);
+ g_main_loop_quit (user_data);
+ return;
+ }
+
+ g_print("Available identities:\n");
+ while (iter)
+ {
+ SignonIdentityInfo *info = (SignonIdentityInfo *) iter->data;
+ const gchar *caption = signon_identity_info_get_caption (info);
+
+ g_print ("\tid=%d caption='%s'\n",
+ signon_identity_info_get_id (info),
+ signon_identity_info_get_caption (info));
+
+ iter = g_list_next (iter);
+ }
+ g_list_free_full (identity_list, (GDestroyNotify)signon_identity_info_free);
+
+ g_main_loop_quit (user_data);
+}
+
+static void query_auth_identities(GMainLoop* main_loop)
+{
+ SignonAuthService* auth_service = signon_auth_service_new();
+
+ signon_auth_service_query_identities (auth_service,
+ NULL, NULL,
+ signon_query_identities_cb,
+ main_loop);
+ g_main_loop_run(main_loop);
+
+ g_object_unref(auth_service);
+}
+
+static void signon_store_identity_cb(SignonIdentity *self,
+ guint32 id,
+ const GError *error,
+ gpointer user_data)
+{
+ if (error)
+ {
+ g_warning ("%s: %s", G_STRFUNC, error->message);
+ g_main_loop_quit (user_data);
+ return;
+ }
+
+ g_print("Identity stored with id %d\n", id);
+ g_main_loop_quit (user_data);
+}
+
+static void create_auth_identity(GMainLoop* main_loop, const gchar* identity_caption,
+ const gchar* identity_method)
+{
+ const gchar* all_mechanisms[] = { "*", NULL };
+
+ SignonIdentity* identity = signon_identity_new(NULL);
+ SignonIdentityInfo* identity_info = signon_identity_info_new();
+ signon_identity_info_set_caption(identity_info, identity_caption);
+ signon_identity_info_set_method(identity_info, identity_method, all_mechanisms);
+ if (g_strcmp0(identity_method, "password") == 0)
+ signon_identity_info_set_secret(identity_info, NULL, TRUE);
+
+ signon_identity_store_credentials_with_info (identity,
+ identity_info,
+ signon_store_identity_cb,
+ main_loop);
+ g_main_loop_run(main_loop);
+
+ g_object_unref(identity);
+ signon_identity_info_free(identity_info);
+}
+
+static void signon_remove_identity_cb(SignonIdentity *self,
+ const GError *error,
+ gpointer user_data)
+{
+ if (error)
+ {
+ g_warning ("%s: %s", G_STRFUNC, error->message);
+ g_main_loop_quit (user_data);
+ return;
+ }
+
+ g_print("Identity removed\n");
+ g_main_loop_quit (user_data);
+}
+
+
+static void remove_auth_identity(GMainLoop* main_loop, gint identity_id)
+{
+ SignonIdentity* identity = signon_identity_new_from_db(identity_id, NULL);
+ signon_identity_remove (identity,
+ signon_remove_identity_cb,
+ main_loop);
+ g_main_loop_run(main_loop);
+
+ g_object_unref(identity);
+}
+
+static void auth_session_process_cb (GObject *source_object,
+ GAsyncResult *res,
+ gpointer user_data)
+{
+ g_debug("%s", G_STRFUNC);
+ SignonAuthSession *auth_session = SIGNON_AUTH_SESSION (source_object);
+ GVariant *v_reply;
+ char *str_reply = NULL;
+ GError *error = NULL;
+
+ v_reply = signon_auth_session_process_finish (auth_session, res, &error);
+ if (error)
+ {
+ g_warning ("%s: %s", G_STRFUNC, error->message);
+ g_error_free(error);
+ g_main_loop_quit (user_data);
+ return;
+ }
+
+ str_reply = g_variant_print (v_reply, TRUE);
+ g_print("Got response: %s\n", str_reply);
+ g_free (str_reply);
+ g_variant_unref(v_reply);
+
+ g_main_loop_quit (user_data);
+}
+
+
+static void get_google_token(GMainLoop* main_loop, gint identity_id,
+ const gchar* client_id,
+ const gchar* client_secret)
+{
+ if (!client_id || !client_secret) {
+ g_print("Must provide a client ID and secret (get them at https://code.google.com/apis/console/ )\n");
+ exit(1);
+ }
+
+ SignonIdentity* identity = signon_identity_new_from_db(identity_id, NULL);
+ SignonAuthSession* session = signon_identity_create_session(identity, "oauth", NULL);
+
+ GVariantBuilder builder;
+ GVariant* session_data;
+ g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT);
+ g_variant_builder_add (&builder, "{sv}",
+ "ClientId", g_variant_new_string (client_id));
+ g_variant_builder_add (&builder, "{sv}",
+ "ClientSecret", g_variant_new_string (client_secret));
+ g_variant_builder_add (&builder, "{sv}",
+ "UiPolicy", g_variant_new_uint32 (SIGNON_POLICY_DEFAULT));
+ g_variant_builder_add (&builder, "{sv}",
+ "ResponseType", g_variant_new_string ("code"));
+ g_variant_builder_add (&builder, "{sv}",
+ "AuthHost", g_variant_new_string ("accounts.google.com"));
+ g_variant_builder_add (&builder, "{sv}",
+ "AuthPath", g_variant_new_string ("/o/oauth2/auth"));
+ g_variant_builder_add (&builder, "{sv}",
+ "RedirectUri", g_variant_new_string("https://localhost"));
+ g_variant_builder_add (&builder, "{sv}",
+ "Scope", g_variant_new_string ("email"));
+ g_variant_builder_add (&builder, "{sv}",
+ "ForceClientAuthViaRequestBody", g_variant_new_boolean(TRUE));
+ g_variant_builder_add (&builder, "{sv}",
+ "TokenHost", g_variant_new_string("accounts.google.com"));
+ g_variant_builder_add (&builder, "{sv}",
+ "TokenPath", g_variant_new_string("/o/oauth2/token"));
+ session_data = g_variant_builder_end (&builder);
+
+ signon_auth_session_process_async (session,
+ session_data,
+ "oauth2",
+ NULL,
+ auth_session_process_cb,
+ main_loop);
+
+ g_print("Geting token\n");
+ g_main_loop_run (main_loop);
+
+ g_object_unref(session);
+ g_object_unref(identity);
+}
+
+static void get_password(GMainLoop* main_loop, gint identity_id)
+{
+ SignonIdentity* identity = signon_identity_new_from_db(identity_id, NULL);
+ SignonAuthSession* session = signon_identity_create_session(identity, "password", NULL);
+
+ GVariantBuilder builder;
+ GVariant* session_data;
+ g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT);
+ session_data = g_variant_builder_end (&builder);
+
+ signon_auth_session_process_async (session,
+ session_data,
+ "password",
+ NULL,
+ auth_session_process_cb,
+ main_loop);
+
+ g_print("Geting password\n");
+ g_main_loop_run (main_loop);
+
+ g_object_unref(session);
+ g_object_unref(identity);
+}
+
+int
+main (int argc, char *argv[])
+{
+
+ GError *error = NULL;
+ GOptionContext *context;
+ GMainLoop* main_loop = NULL;
+
+ gboolean query_methods = FALSE;
+ gchar* query_mechanisms_method = NULL;
+ gboolean query_identities = FALSE;
+ gchar* create_identity_caption = NULL;
+ gchar* create_identity_method = NULL;
+ gint remove_identity_id = 0;
+
+ GOptionEntry main_entries[] =
+ {
+ { "query-methods", 0, 0, G_OPTION_ARG_NONE, &query_methods, "Query available authentication methods", NULL},
+ { "query-mechanisms", 0, 0, G_OPTION_ARG_STRING, &query_mechanisms_method, "Query available mechanisms for an authentication method", "method"},
+ { "query-identities", 0, 0, G_OPTION_ARG_NONE, &query_identities, "Query available authentication identities", NULL},
+ { "create-identity", 0, 0, G_OPTION_ARG_STRING, &create_identity_caption, "Create a new authentication identity", "caption"},
+ { "identity-method", 0, 0, G_OPTION_ARG_STRING, &create_identity_method, "Method to use when creating identity", "method"},
+ { "remove-identity", 0, 0, G_OPTION_ARG_INT, &remove_identity_id, "Remove an authentication identity", "id"},
+ { NULL }
+ };
+
+ gchar* client_id = NULL;
+ gchar* client_secret = NULL;
+ gint google_identity_id = 0;
+
+ GOptionEntry oauth_entries[] =
+ {
+ { "get-google-token", 0, 0, G_OPTION_ARG_INT, &google_identity_id, "Get an OAuth2 access token from Google", "identity-id"},
+ { "client-id", 0, 0, G_OPTION_ARG_STRING, &client_id, "Client ID", "id" },
+ { "client-secret", 0, 0, G_OPTION_ARG_STRING, &client_secret, "Client secret", "secret" },
+ { NULL }
+ };
+
+ gint password_identity_id = 0;
+
+ GOptionEntry password_entries[] =
+ {
+ { "get-password", 0, 0, G_OPTION_ARG_INT, &password_identity_id, "Get an identity's username and password using 'password' plugin", "identity-id"},
+ { NULL }
+ };
+
+
+#if !GLIB_CHECK_VERSION (2, 36, 0)
+ g_type_init ();
+#endif
+
+ context = g_option_context_new ("- gSSO application example");
+ g_option_context_add_main_entries (context, main_entries, NULL);
+ GOptionGroup* oauth_group = g_option_group_new("oauth", "OAuth-specific options", "OAuth-specific options", NULL, NULL);
+ g_option_group_add_entries(oauth_group, oauth_entries);
+ g_option_context_add_group (context, oauth_group);
+
+ GOptionGroup* password_group = g_option_group_new("password", "Password-specific options", "Password-specific options", NULL, NULL);
+ g_option_group_add_entries(password_group, password_entries);
+ g_option_context_add_group (context, password_group);
+
+ if (!g_option_context_parse (context, &argc, &argv, &error)) {
+ g_print ("option parsing failed: %s\n", error->message);
+ g_option_context_free(context);
+ exit (1);
+ }
+ g_option_context_free(context);
+
+ main_loop = g_main_loop_new(NULL, FALSE);
+
+ if (query_methods) {
+ query_auth_methods(main_loop);
+ } else if (query_mechanisms_method) {
+ query_auth_mechanisms(main_loop, query_mechanisms_method);
+ } else if (query_identities) {
+ query_auth_identities(main_loop);
+ } else if (create_identity_caption) {
+ create_auth_identity(main_loop, create_identity_caption, create_identity_method);
+ } else if (remove_identity_id > 0) {
+ remove_auth_identity(main_loop, remove_identity_id);
+ } else if (google_identity_id > 0) {
+ get_google_token(main_loop, google_identity_id, client_id, client_secret);
+ } else if (password_identity_id > 0) {
+ get_password(main_loop, password_identity_id);
+ }
+
+ g_main_loop_unref(main_loop);
+ if (client_id)
+ g_free (client_id);
+ if (client_secret)
+ g_free(client_secret);
+ if (query_mechanisms_method)
+ g_free(query_mechanisms_method);
+ if (create_identity_caption)
+ g_free(create_identity_caption);
+ if (create_identity_caption)
+ g_free(create_identity_method);
+}
/**
* SECTION:signon-auth-service
* @title: SignonAuthService
- * @short_description: The authorization service object
+ * @short_description: the authorization service object
*
- * The #SignonAuthService is the main object in this library.
+ * The #SignonAuthService is the main object in this library. It provides top-level
+ * functions to query existing identities, available methods and their mechanisms.
*/
#include "signon-auth-service.h"
* @cb: (scope async): callback to be invoked.
* @user_data: user data.
*
- * Lists all the available methods.
+ * Lists all the available authentication methods.
*/
void
signon_auth_service_query_methods (SignonAuthService *auth_service,
* @cb: (scope async): callback to be invoked.
* @user_data: user data.
*
- * Lists all the available mechanisms.
+ * Lists all the available mechanisms for an authentication method.
*/
void
signon_auth_service_query_mechanisms (SignonAuthService *auth_service,
* @cb: (scope async): callback to be invoked.
* @user_data: user data.
*
- * Query identities.
+ * Query available identities, possibly applying a filter.
+ *
+ * @filter is a #GHashTable that contains filter conditions in the form of
+ * string keys and #GVariant values. Currently the following keys are supported:
+ *
+ * - "Owner". The value should be a #SignonSecurityContext (use
+ * signon_security_context_build_variant() to create a #GVariant).
+ * Identites whose owner doesn't match will be filtered out. This key has
+ * effect only if the requesting application is a keychain application as determined
+ * by #GSignondAccessControlManager.
+ * - "Type". The value should be a #SignonIdentityType.
+ * - "Caption". The value is a string, and only those identites whose caption
+ * begins with the supplied value will be returned.
+ *
+ * The meaning of @application_context is explained in #SignonSecurityContext.
+ * It is used by #GSignondAccessControlManager to determine if the requesting
+ * application is a keychain application. If it is, then all identites will be
+ * returned (subject to "Owner" key in @filter). If it's not, then only the
+ * identites which the application owns will be returned (but "Type" and "Caption"
+ * can still be set in the @filter).
+ *
+ */
+/*
+ * //FIXME: @filter should come with setters and getters!
*/
void
signon_auth_service_query_identities (SignonAuthService *auth_service,
/**
* SignonAuthServiceClass:
+ * @parent_class: a reference to the parent class
*
* Opaque struct. Use the accessor functions below.
*/
/**
* SECTION:signon-auth-session
* @title: SignonAuthSession
- * @short_description: Authentication session handler.
+ * @short_description: the authentication session object
*
* The #SignonAuthSession object is responsible for handling the client
- * authentication. #SignonAuthSession objects can be created from existing
- * identities (via signon_identity_create_session() or by passing a non-zero ID
+ * authentication. #SignonAuthSession objects should be created from existing
+ * identities (via signon_identity_create_session() or by passing a non-NULL identity
* to signon_auth_session_new()), in which case the authentication data such as
- * username and password will be implicitly taken from the identity, or they
- * can be created with no existing identity bound to them, in which case all
- * the authentication data must be filled in by the client when
- * signon_auth_session_process() is called.
+ * username and password will be implicitly taken from the identity.
*/
#include "signon-internals.h"
* @message: the message associated with the state change
*
* Emitted when the state of the #SignonAuthSession changes.
+ * FIXME: @state should be registered as a GLib type (or use one from
+ * libgsignond-common)
*/
auth_session_signals[STATE_CHANGED] =
g_signal_new ("state-changed",
* @cb: (scope async): a callback which will be called with the result.
* @user_data: user data to be passed to the callback.
*
- * Queries the mechanisms available for this authentication session. the result
+ * Queries the mechanisms available for this authentication session. The result
* will be the intersection between @wanted_mechanisms and the mechanisms
- * supported by the authentication plugin.
+ * supported by the authentication plugin (and allowed by the #SignonIdentity that this
+ * session belongs to).
*/
void
signon_auth_session_query_available_mechanisms (SignonAuthSession *self,
* @cb: (scope async): a callback which will be called with the result.
* @user_data: user data to be passed to the callback.
*
- * Performs one step of the authentication process. If the #SignonAuthSession
- * object is bound to an existing identity, the identity properties such as
- * username and password will be also passed to the authentication plugin, so
- * there's no need to fill them into @session_data.
- * @session_data can be used to add additional authentication parameters to the
+ * Performs one step of the authentication process. If the #SignonIdentity that
+ * this session belongs to contains a username and a password, they will be also
+ * passed to the authentication plugin, otherwise they should be set directly in
+ * @session_data.
+ * @session_data should be used to add additional authentication parameters to the
* session, or to override the parameters otherwise taken from the identity.
*
* Deprecated: 1.8: Use signon_auth_session_process_async() instead.
/**
* signon_auth_session_process_async:
* @self: the #SignonAuthSession.
- * @session_data: (transfer floating): a dictionary of parameters.
+ * @session_data: (transfer full): a dictionary of parameters.
* @mechanism: the authentication mechanism to be used.
* @cancellable: (allow-none): optional #GCancellable object, %NULL to ignore.
* @callback: (scope async): a callback which will be called when the
* authentication reply is available.
* @user_data: user data to be passed to the callback.
*
- * Performs one step of the authentication process. If the #SignonAuthSession
- * object is bound to an existing identity, the identity properties such as
- * username and password will be also passed to the authentication plugin, so
- * there's no need to fill them into @session_data.
- * @session_data can be used to add additional authentication parameters to the
+ * Performs one step of the authentication process. If the #SignonIdentity that
+ * this session belongs to contains a username and a password, the daemon will
+ * pass them to the authentication plugin, otherwise they should be set directly in
+ * @session_data.
+ * @session_data should be used to add additional authentication parameters to the
* session, or to override the parameters otherwise taken from the identity.
+ *
+ * What specific parameters should be used can be found from authentication plugins'
+ * documentation (look for parameters that are expected in gsignond_plugin_request_initial()
+ * for the first step, and parameters that are expected in gsignond_plugin_request() for
+ * the subsequent steps). See, for example, #GSignondPasswordPlugin and #GSignondDigestPlugin.
*
* Since: 1.8
*/
* Collect the result of the signon_auth_session_process_async() operation.
*
* Returns: a #GVariant of type %G_VARIANT_TYPE_VARDICT containing the
- * authentication reply.
+ * authentication reply. As with signon_auth_session_process_async(), specific
+ * parameters contained in the #GVariant can be found from plugins' documentation:
+ * #GSignondPlugin::response-final for the final response, and #GSignondPlugin::response
+ * for the intermediate responses. See, for example, #GSignondPasswordPlugin
+ * and #GSignondDigestPlugin.
*
* Since: 1.8
*/
* @SIGNON_POLICY_VALIDATION: UI elements can be shown to the user only when
* CAPTCHA-like security measures are required.
*
- * Policy for the signon process, passed to the UI plugin.
+ * UI policy for the signon process, passed to the UI plugin.
*/
typedef enum {
SIGNON_POLICY_DEFAULT = 0,
/**
* SignonAuthSessionClass:
+ * @parent: reference to the parent class
*
* Opaque struct. Use the accessor functions below.
*/
/**
* SECTION:signon-errors
* @title: SignonError
- * @short_description: Possible errors from Signon.
+ * @short_description: possible gSSO errors
*
- * An enumeration of errors that are possible from Signon.
+ * An enumeration of errors that are possible when using gSSO
*/
#define SIGNON_ERROR_PREFIX SIGNOND_SERVICE_PREFIX ".Error"
#include "signon-errors-map.c"
+/**
+ * signon_error_quark:
+ *
+ * Creates and returns a domain for gSSO errors.
+ */
GQuark signon_error_quark (void)
{
static volatile gsize quark = 0;
#include <glib-object.h>
#include "signon-enum-types.h"
+/**
+ * SIGNON_ERROR:
+ *
+ * This macro is used when creating a #GError in libgsignond-glib library
+ */
#define SIGNON_ERROR (signon_error_quark())
+//FIXME: reuse error definitions from libgsignond-common
/**
* SignonError:
* @SIGNON_ERROR_UNKNOWN: Catch-all for errors not distinguished by another code.
#include <libgsignon-glib/signon-identity-info.h>
#include <libgsignon-glib/signon-identity.h>
+/**
+ * SECTION:signon-glib
+ * @title: libgsignon-glib headers
+ * @short_description: what headers to include
+ *
+ * Include signon-glib.h header to get all necessary library declarations.
+ */
+
#endif /* SIGNON_GLIB_H */
/**
* SECTION:signon-identity-info
* @title: SignonIdentityInfo
- * @short_description: Extra data for a #SignonIdentity.
+ * @short_description: data contained in a SignonIdentity.
*
- * Extra data retreived from a #SignonIdentity.
+ * #SignonIdentityInfo represents data contained in a database record for an identity
+ * and provides getters and setters for individual items.
+ *
+ * See #SignonIdentity for a detailed discussion
+ * of what each item means and how and when it's used.
*/
#include "signon-identity-info.h"
/**
* signon_identity_info_set_methods:
* @info: the #SignonIdentityInfo.
- * @methods: (transfer none) (element-type utf8 GStrv): methods.
+ * @methods: (transfer none): (element-type utf8 GStrv): methods.
*
- * Set allowed methods.
- * Mechanisms are method-specific functions.
+ * Set authentication methods that are allowed to be used with this identity.
*/
void signon_identity_info_set_methods (SignonIdentityInfo *info,
const GHashTable *methods)
* signon_identity_info_get_id:
* @info: the #SignonIdentityInfo.
*
- * Get the numeric ID of @info.
+ * Get the numeric identity ID of @info.
*
* Returns: the numeric ID of the identity.
*/
* signon_identity_info_get_username:
* @info: the #SignonIdentityInfo.
*
- * Get the username of @info.
+ * Get the username associated with an identity.
*
* Returns: the username, or %NULL.
*/
* signon_identity_info_get_storing_secret:
* @info: the #SignonIdentityInfo.
*
- * Get whether the secret of @info should be stored.
+ * Get whether the secret of @info should be stored by gSSO in the secret database.
*
- * Returns: %TRUE if Signon must store the secret, %FALSE otherwise.
+ * Returns: %TRUE if gSSO must store the secret, %FALSE otherwise.
*/
gboolean signon_identity_info_get_storing_secret (const SignonIdentityInfo *info)
{
* signon_identity_info_get_methods:
* @info: the #SignonIdentityInfo.
*
- * Get a hash table of the methods and mechanisms of @info.
+ * Get a hash table of the methods and mechanisms of @info. See
+ * signon_identity_info_set_methods().
*
- * Returns: (transfer none) (element-type utf8 GStrv): the table of allowed
+ * Returns: (transfer none): (element-type utf8 GStrv): the table of allowed
* methods and mechanisms.
*/
const GHashTable *signon_identity_info_get_methods (const SignonIdentityInfo *info)
* signon_identity_info_get_owner:
* @info: the #SignonIdentityInfo.
*
- * Get owner security context of @info.
- *
+ * Get identity owner's security context.
+ *
* Returns: (transfer none): a security context.
*/
const SignonSecurityContext *signon_identity_info_get_owner (const SignonIdentityInfo *info)
* signon_identity_info_get_access_control_list:
* @info: the #SignonIdentityInfo.
*
- * Get an array of ACL statements of the identity.
+ * Get an access control list associated with an identity.
*
* Returns: (transfer none): a list of ACL security contexts.
*/
* @username: the username.
*
* Sets the username for the identity.
+ *
*/
void signon_identity_info_set_username (SignonIdentityInfo *info, const gchar *username)
{
* @secret: the secret.
* @store_secret: whether signond should store the secret in its DB.
*
- * Sets the secret (password) for the identity, and whether the signon daemon
+ * Sets the secret (password) for the identity, and whether the gSSO daemon
* should remember it.
+ *
*/
void signon_identity_info_set_secret (SignonIdentityInfo *info, const gchar *secret,
gboolean store_secret)
* @caption: the caption.
*
* Sets the caption (display name) for the identity.
+ *
*/
void signon_identity_info_set_caption (SignonIdentityInfo *info, const gchar *caption)
{
* signon_identity_info_set_method:
* @info: the #SignonIdentityInfo.
* @method: an authentication method.
- * @mechanisms: a %NULL-termianted list of mechanisms.
+ * @mechanisms: a %NULL-terminated list of mechanisms.
*
- * Adds a method to the list of allowed methods.
- * Mechanisms are method-specific functions.
+ * Adds a method to the list of allowed authentication methods.
*/
void signon_identity_info_set_method (SignonIdentityInfo *info, const gchar *method,
const gchar* const *mechanisms)
* @info: the #SignonIdentityInfo.
* @method: an authentication method.
*
- * Remove @method from the list of allowed authentication methods. If all
- * methods are removed, then all methods are allowed.
+ * Remove @method from the list of allowed authentication methods.
*/
void signon_identity_info_remove_method (SignonIdentityInfo *info, const gchar *method)
{
* @info: the #SignonIdentityInfo.
* @realms: a %NULL-terminated list of realms.
*
- * Specify what realms this identity can be used in.
+ * Specify what realms this identity can be used in.
*/
void signon_identity_info_set_realms (SignonIdentityInfo *info,
const gchar* const *realms)
/**
* signon_identity_info_set_owner:
* @info: the #SignonIdentityInfo.
- * @owner: (transfer none) a security context of owner.
+ * @owner: (transfer none): a security context of owner.
*
- * Specify owner security context.
+ * Set identity owner's security context.
*/
void signon_identity_info_set_owner (SignonIdentityInfo *info,
const SignonSecurityContext *owner)
* @system_context: owner's system context.
* @application_context: owner's application context.
*
- * Specify owner security context.
+ * Set identity owner's security context.
*/
void signon_identity_info_set_owner_from_values (
SignonIdentityInfo *info,
/**
* signon_identity_info_set_access_control_list:
* @info: the #SignonIdentityInfo.
- * @access_control_list: (transfer none) a list of ACL security contexts.
+ * @access_control_list: (transfer none): a list of ACL security contexts.
*
- * Specifies the ACL for this identity. The actual meaning of the ACL depends
- * on the security framework used by signond. Ownership of the list is trans
+ * Set an access control list associated with an identity.
*/
void signon_identity_info_set_access_control_list (SignonIdentityInfo *info,
const SignonSecurityContextList *access_control_list)
/**
* signon_identity_info_access_control_list_append:
* @info: the #SignonIdentityInfo.
- * @security_context: (transfer full) a security context to be appended.
+ * @security_context: (transfer full): a security context to be appended.
*
* Appends a new #SignonSecurityContext item to the access control list.
*/
* @SIGNON_IDENTITY_TYPE_WEB: a web identity
* @SIGNON_IDENTITY_TYPE_NETWORK: a network server identity
*
- * Types used in #SignonIdentityInfo.
+ * Identity types used in #SignonIdentityInfo.
*/
typedef enum {
SIGNON_IDENTITY_TYPE_OTHER = 0,
/**
* SECTION:signon-identity
* @title: SignonIdentity
- * @short_description: Client side presentation of a credential.
+ * @short_description: client side presentation of a credential.
*
- * The #SignonIdentity represents a database entry for a single identity.
+ * The #SignonIdentity objects represent identities and provide operations that
+ * can be performed on them such as identity creation, removal, starting an authentication
+ * session, and so on.
+ *
+ * Identities can also be stored and retrieved from a gSSO database, in which
+ * case they also contain a number of properties that can be retrieved
+ * using signon_identity_query_info() and are represented via #SignonIdentityInfo.
+ * Such identities are identified by a numeric id number and they are subject
+ * to access control.
+ *
+ * <refsect1><title>Operations on an identity</title></refsect1>
+ *
+ * - a new identity can be created with signon_identity_new(). This operation
+ * does not store the identity to the database, the identity is not visible
+ * to other applications, and accordingly it is not subject to access control.
+ *
+ * - an authentication session can be started from an identity using
+ * signon_identity_create_session() or signon_auth_session_new(). If the identity
+ * has been retrieved from a database, only the authentication methods listed
+ * in associated #SignonIdentityInfo are allowed to be used.
+ *
+ * - identites stored in a database can be enumerated using
+ * signon_auth_service_query_identities(). Only the identites owned by the
+ * requesting application are returned.
+ *
+ * - identities stored in a database can be retrieved using signon_identity_new_from_db(),
+ * subject to access control (an application performing that operation has to be
+ * either the identity's owner, or it has to be on the ACL list).
+ *
+ * - newly created identities can be stored to the database, and identities already
+ * in the database can be updated using signon_identity_store_credentials_with_info()
+ * (with #SignonIdentityInfo)
+ * or signon_identity_store_credentials_with_args() (with separate arguments that
+ * together form the contents of #SignonIdentityInfo). Only the owners can update
+ * identites.
+ *
+ * - identites in the database can be removed by their owners using
+ * signon_identity_remove().
+ *
+ * - identity owners can request to close all authentication sessions and
+ * remove all secrets and tokens using signon_identity_signout().
+ *
+ * <refsect1><title>Data fields in #SignonIdentityInfo</title></refsect1>
+ *
+ * These are the data fields that are stored into the database as a part of an
+ * identity record using signon_identity_store_credentials_with_args() or
+ * signon_identity_store_credentials_with_info() and can be retrieved using
+ * signon_identity_query_info() or signon_auth_service_query_identities():
+ *
+ * - Caption is a display name for the identity, presented to the user. Default
+ * value is an empty caption.
+ *
+ * - Realms is a list of realms that the identity can be used in.
+ * Interpretation of this field is up to the method. Typically it is
+ * a list of internet domains allowed for an authentication request.
+ * Default value is an empty list.
+ *
+ * - Type is a #SignonIdentityType. Interpretation of this field is up to the application;
+ * gSSO does not use it. Default value is #SIGNON_IDENTITY_TYPE_OTHER
+ *
+ * - Owner is a #SignonSecurityContext object, which specifies the identity
+ * owner. Owners are allowed to perform all of the operations on the identity
+ * specified above. By default an identity's owner is determined by gSSO daemon
+ * using system services for the system context, and a string supplied in
+ * signon_identity_new() for the application context.
+ *
+ * - ACL is a list of #SignonSecurityContext objects, that specifies applications
+ * that can access the identity to perform authentication sessions. They're not
+ * allowed to make any changes to the identity. Default value is an empty list,
+ * and depending on how gSSO is configured it's also possible to provide a list
+ * with a wildcard item to relax the access control restriction
+ * (see #SignonSecurityContext).
+ *
+ * - Methods is a #GHashTable containing method names as keys, and lists of
+ * allowed mechanisms as values (also, a special value "*" means that any
+ * mechanism is allowed). Only those methods and mechanisms that are in the table
+ * are allowed to be used in authentication sessions. Default is an empty list.
+ *
+ * - Id is a numeric identification of the identity record in the database. The
+ * application cannot set this, as it's determined by the daemon.
+ *
+ * - Username is used to provide a username to authentication plugins after
+ * issuing signon_auth_session_process_async(). Applications can override this
+ * by providing a username explicitly in the @session_data parameter to that
+ * function. By default there is no username.
+ *
+ * - Secret is used in the same way as username, but it is write-only (cannot
+ * be retrieved from a #SignonIdentityInfo). It is also possible to prevent
+ * secret from being stored in the database.
+ *
*/
#include "signon-identity.h"
* @application_context: application security context, can be %NULL.
*
* Construct an identity object associated with an existing identity
- * record.
- *
+ * record. See #SignonSecurityContext for a discussion of @application_context contents.
+ * Together with the system context it is used to determine by the gSSO daemon
+ * if the application can access the identity (the application needs to be either the
+ * identity's owner or to be present on the ACL).
+ *
+ * Applications can determine the @id either by enumerating the identities with
+ * signon_auth_service_query_identities() (if they're the owner of the identity)
+ * or via other means (such as the system's accounts service, or an application
+ * configuration).
+ *
* Returns: an instance of a #SignonIdentity.
*/
SignonIdentity*
* signon_identity_new:
* @application_context: application security context, can be %NULL.
*
- * Construct new, empty, identity object.
+ * Construct a new, empty, identity object. See #SignonSecurityContext for a
+ * discussion of @application_context contents. @application_context is used to set the identity's owner
+ * if the identity is stored to the database with signon_identity_store_credentials_with_args()
+ * or signon_identity_store_credentials_with_info().
*
* Returns: an instance of an #SignonIdentity.
*/
/**
* signon_identity_create_session:
* @self: the #SignonIdentity.
- * @method: method.
+ * @method: authentication method.
* @error: pointer to a location which will receive the error, if any.
*
- * Creates an authentication session for this identity.
+ * Creates an authentication session for this identity. If the identity has been
+ * retrieved from the database, the authentication method must be one of those
+ * listed in signon_identity_info_get_methods(), otherwise it can be any method
+ * supported by gSSO.
*
* Returns: (transfer full): a new #SignonAuthSession.
*/
* @cb: (scope async): callback.
* @user_data: user_data.
*
- * Stores the data from @info into the identity.
+ * Stores the data contained in @info into the identity record in the database.
+ * See above for the detailed discussion of the meaning of various fields and
+ * their defaults.
*/
void
signon_identity_store_credentials_with_info(SignonIdentity *self,
/**
* signon_identity_store_credentials_with_args:
* @self: the #SignonIdentity.
- * @username: username.
- * @secret: secret.
- * @store_secret: whether signond should store the password.
- * @methods: (transfer none) (element-type utf8 GStrv): methods.
- * @caption: caption.
- * @realms: realms.
- * @owner: owner.
- * @access_control_list: access control list.
+ * @username: (allow-none): username.
+ * @secret: (allow-none): secret.
+ * @store_secret: whether gSSO should save the password in secret storage.
+ * @methods: (transfer none) (element-type utf8 GStrv): allowed methods.
+ * @caption: (allow-none): caption.
+ * @realms: (allow-none): realms.
+ * @owner: (allow-none): owner.
+ * @access_control_list: (allow-none): access control list.
* @type: the type of the identity.
* @cb: (scope async): callback.
* @user_data: user_data.
*
- * Stores the given data into the identity.
+ * Stores the given data into the identity. See above for the meaning
+ * of the specific fields.
*/
void signon_identity_store_credentials_with_args(SignonIdentity *self,
const gchar *username,
* @cb: (scope async): callback.
* @user_data: user_data.
*
- * Verifies the given secret.
+ * Verifies the given secret. Not currently supported by gSSO.
*/
void signon_identity_verify_secret(SignonIdentity *self,
const gchar *secret,
* @cb: callback
* @user_data: user_data.
*
- * Adds named reference to identity
+ * Adds named reference to identity. Not currently supported by gSSO.
*/
void signon_identity_add_reference(SignonIdentity *self,
const gchar *reference,
* @cb: callback
* @user_data: user_data.
*
- * Removes named reference from identity
+ * Removes named reference from identity. Not currently supported by gSSO.
*/
void signon_identity_remove_reference(SignonIdentity *self,
const gchar *reference,
g_object_unref (self);
}
+//FIXME: is this a private method?
/**
* signon_identity_get_auth_session:
* @self: the #SignonIdentity.
* @method: method name for the session.
* @cb: (scope async): completion callback.
*
- * Obtain a remote object for a local session object.
+ * Obtain a remote object for a local session object. Should not be used by
+ * applications.
*/
void signon_identity_get_auth_session (SignonIdentity *self,
SignonAuthSession *session,
/**
* SignonIdentityClass:
+ * @parent_class: reference to a parent class
*
* Opaque struct. Use the accessor functions below.
*/
/**
* SECTION:signon-security-context
* @title: SignonSecurityContext
- * @short_description: Representation of a security context.
+ * @short_description: representation of a security context.
*
* The #SignonSecurityContext represents a security context within
- * system and also within application.
+ * system and also within application. Security contexts are used:
+ *
+ * - within identities to specify the owner of the identity, and
+ * users of the identity (items on the access control list). See #SignonIdentity.
+ * - by gSSO daemon to identify the application accessing the gSSO service and
+ * to determine if the application is an identity's owner, or is on the identity's access
+ * control list, and make access control decisions accordingly.
+ *
+ * #SignonSecurityContext contains two strings: a system context and an
+ * application context.
+ *
+ * System context can be a binary path, SMACK-label, or MSSF token. Specific
+ * interpretation of the system context value is performed by a gSSO extension module.
+ * The default gSSO extension expects binary paths.
+ *
+ * Application context identifies a script or a webpage within an application,
+ * and it's used for providing access control to runtime environments (when making an access
+ * control decision requires not only a binary identifier, but also information
+ * about what the binary is doing).
+ *
+ * System context and application context can contain a wildcard
+ * operator "*" to match 'any', while "" matches 'none' when a default
+ * gSSO extension is used. The system context is always evaluated first
+ * and if a match is found, only then the application context is evaluated.
+ * Check the documentation of a platform specific extension to determine
+ * any particular match rules used by a custom ACM (Access Control Manager).
*/
#include "signon-security-context.h"
*
* Allocates a new security context item.
*
- * Returns: (transfer full) allocated #SignonSecurityContext.
+ * Returns: (transfer full): allocated #SignonSecurityContext.
*/
SignonSecurityContext *
signon_security_context_new ()
*
* Allocates and initializes a new security context item.
*
- * Returns: (transfer full) allocated #SignonSecurityContext.
+ * Returns: (transfer full): allocated #SignonSecurityContext.
*/
SignonSecurityContext *
signon_security_context_new_from_values (const gchar *system_context,
*
* Copy a security context item.
*
- * Returns: (transfer full) a copy of the #SignonSecurityContext item.
+ * Returns: (transfer full): a copy of the #SignonSecurityContext item.
*/
SignonSecurityContext *
signon_security_context_copy (const SignonSecurityContext *src_ctx)
* Get the system context part (such as SMACK label or MSSF token) of the
* #SignonSecurityContext.
*
- * Returns: (transfer none) system context.
+ * Returns: (transfer none): system context.
*/
const gchar *
signon_security_context_get_system_context (const SignonSecurityContext *ctx)
* Get the application context part (such as script name or a web page) of
* the #SignonSecurityContext.
*
- * Returns: (transfer none) application context.
+ * Returns: (transfer none): application context.
*/
const gchar *
signon_security_context_get_application_context (
*
* Build a GVariant of type "(ss)" from a #SignonSecurityContext item.
*
- * Returns: (transfer full) GVariant construct of a #SignonSecurityContext.
+ * Returns: (transfer full): GVariant construct of a #SignonSecurityContext.
*/
GVariant *
signon_security_context_build_variant (const SignonSecurityContext *ctx)
*
* Builds a #SignonSecurityContext item from a GVariant of type "(ss)".
*
- * Returns: (transfer full) #SignonSecurityContext item.
+ * Returns: (transfer full): #SignonSecurityContext item.
*/
SignonSecurityContext *
signon_security_context_deconstruct_variant (GVariant *variant)
* Builds a GVariant of type "a(ss)" from a GList of #SignonSecurityContext
* items.
*
- * Returns: (transfer full) GVariant construct of a #SignonSecurityContextList.
+ * Returns: (transfer full): GVariant construct of a #SignonSecurityContextList.
*/
GVariant *
signon_security_context_list_build_variant (
/**
* signon_security_context_list_free:
- * @seclist: (transfer full) #SignonSecurityContextList item.
+ * @seclist: (transfer full): #SignonSecurityContextList item.
*
* Frees all items and the GList of #SignonSecurityContext.
*/
* binary path.
* @app_ctx: application context, such as a script or a web page.
*
- * Security context descriptor. Practically a string tuple.
+ * Security context descriptor used for access control checks.
*/
struct _SignonSecurityContext
{
+++ /dev/null
-* Mon Jun 24 2013 Imran Zaman <imran.zaman@intel.com>
-- Release 2.0.1 that comprises of bug fixes
-
-* Mon Jun 17 2013 Imran Zaman <imran.zaman@.intel.com> - 2.0.0
-- Prepare for first release of libgsignon-glib 2.0.0
--- /dev/null
+../dists/rpm/libgsignon-glib-tizen.changes
\ No newline at end of file
+++ /dev/null
-#define dbus bus type to use [p2p, session, system]
-%define dbus_type p2p
-
-Name: libgsignon-glib
-Summary: GLib API for the SSO framework
-Version: 2.0.1
-Release: 1
-Group: System/Libraries
-License: LGPL
-Source: %{name}-%{version}.tar.gz
-Requires: dbus-1
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
-BuildRequires: pkgconfig(check)
-BuildRequires: pkgconfig(glib-2.0)
-BuildRequires: pkgconfig(gobject-2.0)
-BuildRequires: pkgconfig(gio-2.0)
-BuildRequires: gobject-introspection
-
-%description
-%{summary}.
-
-
-%package devel
-Summary: Development files for %{name}
-Group: Development/Libraries
-Requires: %{name} = %{version}-%{release}
-
-%description devel
-%{summary}.
-
-
-%prep
-%setup -q -n %{name}-%{version}
-if [ -f = "gtk-doc.make" ]
-then
-rm gtk-doc.make
-fi
-touch gtk-doc.make
-autoreconf -f -i
-
-
-%build
-%configure --enable-dbus-type=%{dbus_type}
-make %{?_smp_mflags}
-
-
-%install
-rm -rf %{buildroot}
-%make_install
-
-
-%post -p /sbin/ldconfig
-
-
-%postun -p /sbin/ldconfig
-
-
-%files
-%defattr(-,root,root,-)
-%doc AUTHORS COPYING ChangeLog INSTALL NEWS README
-%{_libdir}/%{name}.so.*
-
-
-%files devel
-%defattr(-,root,root,-)
-%{_includedir}/%{name}/*.h
-%{_libdir}/%{name}.so
-%{_libdir}/pkgconfig/%{name}.pc
-%{_datadir}/gtk-doc/html/%{name}/*
-
--- /dev/null
+../dists/rpm/libgsignon-glib-tizen.spec
\ No newline at end of file
echo "CURR dir = $currdir"
mkdir -p $2 && \
-tar -xzvf $1 -C $2 --strip-components 1 && \
cd $2 && \
+git rm -r * && \
+tar -xzvf $1 -C $2 --strip-components 1 && \
mkdir -p packaging && \
cd packaging && \
-cp -f ../dists/rpm/libgsignon-glib-tizen.spec libgsignon-glib.spec &&
-cp -f ../dists/rpm/libgsignon-glib-tizen.changes libgsignon-glib.changes;
+cp -f ../dists/rpm/libgsignon-glib-tizen.spec libgsignon-glib.spec && \
+cp -f ../dists/rpm/libgsignon-glib-tizen.changes libgsignon-glib.changes && \
+cd .. && git add *;
projects / profile / ivi / libgsignon-glib.git / commitdiff