2009-09-02 04:27:16 +02:00
|
|
|
/*
|
|
|
|
* Copyright 2009 by Rob Scheepmaker <r.scheepmaker@student.utwente.nl>
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor,
|
|
|
|
* Boston, MA 02110-1301 USA
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef PLASMA_AUTHORIZATIONMANAGER_H
|
|
|
|
#define PLASMA_AUTHORIZATIONMANAGER_H
|
|
|
|
|
|
|
|
#include "plasma_export.h"
|
|
|
|
|
|
|
|
#include <QtCore/QObject>
|
|
|
|
|
|
|
|
class QString;
|
|
|
|
|
|
|
|
namespace Plasma
|
|
|
|
{
|
|
|
|
|
|
|
|
class AuthorizationInterface;
|
|
|
|
class AuthorizationManagerPrivate;
|
|
|
|
class ServiceAccessJob;
|
|
|
|
class ServiceJob;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @class AuthorizationManager plasma/authorizationmanager.h <Plasma/AccessManager>
|
|
|
|
*
|
|
|
|
* @short Allows authorization of access to plasma services.
|
|
|
|
*
|
2009-09-03 01:49:46 +02:00
|
|
|
* This is the class where every message to or from another machine passes through.
|
2009-09-02 04:27:16 +02:00
|
|
|
* It's responsibilities are:
|
2009-09-03 01:49:46 +02:00
|
|
|
* - creating/keeping a credentials used for message signing.
|
|
|
|
* - verifying credentials of incoming messages.
|
2009-09-02 04:27:16 +02:00
|
|
|
* - testing whether or not the sender is allowed to access the requested resource by testing the
|
|
|
|
* request to a set of rules.
|
2009-09-03 01:49:46 +02:00
|
|
|
* - allowing the shell to respond to a remote request that doesn't match any of the rules that
|
|
|
|
* are in effect.
|
2009-09-02 04:27:16 +02:00
|
|
|
* Besides internal use in libplasma, the only moment you'll need to access this class is when you
|
2009-09-03 01:49:46 +02:00
|
|
|
* implement a plasma shell.
|
2009-09-02 04:27:16 +02:00
|
|
|
*
|
2009-09-03 01:49:46 +02:00
|
|
|
* @since 4.4
|
2009-09-02 04:27:16 +02:00
|
|
|
*/
|
|
|
|
class PLASMA_EXPORT AuthorizationManager : public QObject
|
|
|
|
{
|
|
|
|
Q_OBJECT
|
2009-09-03 01:49:46 +02:00
|
|
|
|
2009-09-02 04:27:16 +02:00
|
|
|
public:
|
|
|
|
enum AuthorizationPolicy {
|
|
|
|
DenyAll= 0, /** < Don't allow any incoming connections */
|
|
|
|
TrustedOnly= 1, /**< Standard PIN pairing for untrusted connections */
|
|
|
|
PinPairing= 2, /** < Only allow connections from trusted machines */
|
|
|
|
Custom= 256 /** < Specify a custom AuthorizationInterface */
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Singleton pattern accessor.
|
|
|
|
*/
|
|
|
|
static AuthorizationManager *self();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set a policy used for authorizing incoming connections. You can either use one of the
|
2009-09-03 01:49:46 +02:00
|
|
|
* included policies, Default is to deny all incoming connections. This can only be set
|
|
|
|
* once to avoid that malicious plugins can change this. This means that you should ALWAYS
|
|
|
|
* call this function in any plasma shell, even if you like to use the default DenyAll
|
|
|
|
* policy.
|
2009-09-02 04:27:16 +02:00
|
|
|
*/
|
|
|
|
void setAuthorizationPolicy(AuthorizationPolicy policy);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Register an implementation of AuthorizationInterface. Use this to make your shell
|
2009-09-03 01:49:46 +02:00
|
|
|
* handle authorization requests. This can only be set once to avoid that malicious plugins
|
|
|
|
* can change this.
|
2009-09-02 04:27:16 +02:00
|
|
|
*/
|
|
|
|
void setAuthorizationInterface(AuthorizationInterface *interface);
|
|
|
|
|
|
|
|
Q_SIGNALS:
|
|
|
|
/**
|
|
|
|
* fires when the AuthorizationManager is ready for accesssing remote plasmoids, meaning the
|
|
|
|
* private key has been unlocked by the user.
|
|
|
|
*/
|
|
|
|
void readyForRemoteAccess();
|
|
|
|
|
|
|
|
private:
|
|
|
|
AuthorizationManager();
|
|
|
|
~AuthorizationManager();
|
|
|
|
|
|
|
|
AuthorizationManagerPrivate *const d;
|
|
|
|
|
2009-09-03 01:49:46 +02:00
|
|
|
Q_PRIVATE_SLOT(d, void slotLoadRules())
|
2009-09-02 04:27:16 +02:00
|
|
|
Q_PRIVATE_SLOT(d, void slotWalletOpened())
|
|
|
|
|
2009-09-03 01:49:58 +02:00
|
|
|
friend class AccessManager;
|
2009-09-02 04:27:16 +02:00
|
|
|
friend class AuthorizationManagerPrivate;
|
|
|
|
friend class AuthorizationManagerSingleton;
|
|
|
|
friend class AuthorizationRule;
|
2009-09-03 01:49:58 +02:00
|
|
|
friend class AuthorizationRulePrivate;
|
2009-09-02 04:27:16 +02:00
|
|
|
friend class Applet;
|
2009-09-04 02:08:26 +02:00
|
|
|
friend class AppletPrivate;
|
2009-09-03 01:49:46 +02:00
|
|
|
friend class Credentials;
|
2009-09-02 04:27:16 +02:00
|
|
|
friend class DataEngine;
|
|
|
|
friend class GetSource;
|
|
|
|
friend class PackagePrivate;
|
|
|
|
friend class PlasmoidServiceJob;
|
|
|
|
friend class RemoteService;
|
|
|
|
friend class RemoteServiceJob;
|
2009-09-03 01:49:58 +02:00
|
|
|
friend class ServicePrivate;
|
2009-09-02 04:27:16 +02:00
|
|
|
friend class ServiceProvider;
|
|
|
|
};
|
|
|
|
} // Plasma namespace
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|