Top |
GSignondAccessControlManagerGSignondAccessControlManager — an object that performs access control checks |
void | gsignond_access_control_manager_security_context_of_peer () |
gboolean | gsignond_access_control_manager_peer_is_allowed_to_use_identity () |
gboolean | gsignond_access_control_manager_peer_is_owner_of_identity () |
gboolean | gsignond_access_control_manager_acl_is_valid () |
GSignondSecurityContext * | gsignond_access_control_manager_security_context_of_keychain () |
GSignondAccessControlManager performs access control checks using available system services. gSSO can be configured to use a custom extension that provides a subclassed implementation of GSignondAccessControlManager (see GSignondExtension), otherwise a default implementation is used.
void gsignond_access_control_manager_security_context_of_peer (GSignondAccessControlManager *self
,GSignondSecurityContext *peer_ctx
,int peer_fd
,const gchar *peer_service
,const gchar *peer_app_ctx
);
Retrieves and sets GSignondSecurityContext of the specified peer.
The default implementation sets the app context as it was passed, and sets
the system context to the binary path of the process that is determined from
peer_fd
and peer_service
parameters.
self |
object instance. |
|
peer_ctx |
instance of security context to be set. |
|
peer_fd |
file descriptor of the peer connection if using peer-to-peer dbus, -1 otherwise. |
|
peer_service |
g_dbus_method_invocation_get_sender() of the peer connection, if not using peer-to-peer dbus, NULL otherwise |
|
peer_app_ctx |
application context of the peer connection. |
gboolean gsignond_access_control_manager_peer_is_allowed_to_use_identity (GSignondAccessControlManager *self
,const GSignondSecurityContext *peer_ctx
,const GSignondSecurityContext *owner_ctx
,const GList *identity_acl
);
Checks if specified peer is allowed to access the specified identity.
The default implementation goes over items in identity_acl
, using
gsignond_security_context_check()
to check them against peer_ctx
.
gboolean gsignond_access_control_manager_peer_is_owner_of_identity (GSignondAccessControlManager *self
,const GSignondSecurityContext *peer_ctx
,const GSignondSecurityContext *owner_ctx
);
Checks if the peer specified in peer_ctx
is the owner of the identity.
The default implementation is using gsignond_security_context_check()
to check peer_ctx
against owner_ctx
directly.
gboolean gsignond_access_control_manager_acl_is_valid (GSignondAccessControlManager *self
,const GSignondSecurityContext *peer_ctx
,const GList *identity_acl
);
Checks if the specified peer is allowed to set the specified access
control list. gsignond_access_control_manager_peer_is_owner_of_identity()
is used before calling this method to verify identity ownership.
The default implementation always returns TRUE
.
GSignondSecurityContext *
gsignond_access_control_manager_security_context_of_keychain
(GSignondAccessControlManager *self
);
Retrieves security context of the keychain application. Keychain application has a special management access to all stored identities and is able to perform deletion of all identities from storage.
The default implementation returns a context either set in GSignondConfig, or if not set, a value specified through a configure --enable-keychain option (see
Building gsignond), or if that is notset either then an empty string "" is returned.
If gSSO was compiled with --enable-debug and SSO_KEYCHAIN_SYSCTX environment variable is set, then the value of that variable is used to set the returned system context instead.