/* * Copyright 2009 by Rob Scheepmaker * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, * Boston, MA 02110-1301 USA */ #ifndef PLASMA_AUTHORIZATIONMANAGER_H #define PLASMA_AUTHORIZATIONMANAGER_H #include "plasma_export.h" #include class QString; namespace Plasma { class AuthorizationInterface; class AuthorizationManagerPrivate; class ServiceAccessJob; class ServiceJob; /** * @class AuthorizationManager plasma/authorizationmanager.h * * @short Allows authorization of access to plasma services. * * This is the class where every message to or from another machine passes through. * It's responsibilities are: * - creating/keeping a credentials used for message signing. * - verifying credentials of incoming messages. * - testing whether or not the sender is allowed to access the requested resource by testing the * request to a set of rules. * - allowing the shell to respond to a remote request that doesn't match any of the rules that * are in effect. * Besides internal use in libplasma, the only moment you'll need to access this class is when you * implement a plasma shell. * * @since 4.4 */ class PLASMA_EXPORT AuthorizationManager : public QObject { Q_OBJECT public: enum AuthorizationPolicy { DenyAll= 0, /** < Don't allow any incoming connections */ TrustedOnly= 1, /**< Standard PIN pairing for untrusted connections */ PinPairing= 2, /** < Only allow connections from trusted machines */ Custom= 256 /** < Specify a custom AuthorizationInterface */ }; /** * Singleton pattern accessor. */ static AuthorizationManager *self(); /** * Set a policy used for authorizing incoming connections. You can either use one of the * included policies, Default is to deny all incoming connections. This can only be set * once to avoid that malicious plugins can change this. This means that you should ALWAYS * call this function in any plasma shell, even if you like to use the default DenyAll * policy. */ void setAuthorizationPolicy(AuthorizationPolicy policy); /** * Register an implementation of AuthorizationInterface. Use this to make your shell * handle authorization requests. This can only be set once to avoid that malicious plugins * can change this. */ void setAuthorizationInterface(AuthorizationInterface *interface); Q_SIGNALS: /** * fires when the AuthorizationManager is ready for accesssing remote plasmoids, meaning the * private key has been unlocked by the user. */ void readyForRemoteAccess(); private: AuthorizationManager(); ~AuthorizationManager(); AuthorizationManagerPrivate *const d; Q_PRIVATE_SLOT(d, void slotLoadRules()) Q_PRIVATE_SLOT(d, void slotWalletOpened()) friend class AccessManager; friend class AuthorizationManagerPrivate; friend class AuthorizationManagerSingleton; friend class AuthorizationRule; friend class AuthorizationRulePrivate; friend class Applet; friend class AppletPrivate; friend class Credentials; friend class DataEngine; friend class GetSource; friend class PackagePrivate; friend class PlasmoidServiceJob; friend class RemoteService; friend class RemoteServiceJob; friend class ServicePrivate; friend class ServiceProvider; }; } // Plasma namespace #endif