27 #define SIGNON_ENABLE_UNSTABLE_APIS
35 #include "SignOn/ExtensionInterface"
36 #include "SignOn/misc.h"
42 #define RETURN_IF_NOT_INITIALIZED(return_value) \
44 if (!m_isInitialized) { \
45 m_error = NotInitialized; \
46 TRACE() << "CredentialsAccessManager not initialized."; \
47 return return_value; \
51 using namespace SignonDaemonNS;
52 using namespace SignOn;
59 m_encryptionPassphrase(QByteArray())
69 if (!device->open(QIODevice::ReadWrite)) {
74 QTextStream stream(&buffer);
75 stream <<
"\n\n====== Credentials Access Manager Configuration ======\n\n";
76 const char *usingEncryption =
useEncryption() ?
"true" :
"false";
77 stream <<
"Using encryption: " << usingEncryption <<
'\n';
82 stream <<
"======================================================\n\n";
83 device->write(buffer.toUtf8());
94 return m_settings.value(QLatin1String(
"CryptoManager"),
95 QLatin1String(
"default")).toString();
100 return m_settings.value(QLatin1String(
"AccessControlManager"),
101 QLatin1String(
"default")).toString();
111 return m_settings.value(QLatin1String(
"SecretsStorage"),
112 QLatin1String(
"default")).toString();
131 m_isInitialized(false),
132 m_systemOpened(false),
135 m_pCredentialsDB(NULL),
136 m_cryptoManager(NULL),
138 m_keyAuthorizer(NULL),
139 m_secretsStorage(NULL),
140 m_CAMConfiguration(configuration),
142 m_acManagerHelper(NULL)
147 BLAME() <<
"Creating a second instance of the CAM";
150 m_keyHandler =
new SignOn::KeyHandler(
this);
173 foreach (SignOn::AbstractKeyManager *keyManager, keyManagers)
174 keyManager->disconnect();
176 m_isInitialized =
false;
182 if (m_isInitialized) {
183 TRACE() <<
"CAM already initialized.";
190 TRACE() <<
"Initializing CredentialsAccessManager with configuration: " <<
193 if (!createStorageDir()) {
194 BLAME() <<
"Failed to create storage directory.";
198 if (m_secretsStorage == 0) {
200 if (name != QLatin1String(
"default")) {
201 BLAME() <<
"Couldn't load SecretsStorage:" << name;
203 TRACE() <<
"No SecretsStorage set, using default (dummy)";
208 if (m_acManager == 0) {
210 if (name != QLatin1String(
"default")) {
211 BLAME() <<
"Couldn't load AccessControlManager:" << name;
213 TRACE() <<
"No AccessControlManager set, using default (dummy)";
214 m_acManager =
new SignOn::AbstractAccessControlManager(
this);
218 if (m_acManagerHelper == 0) {
223 if (m_cryptoManager == 0) {
225 if (name != QLatin1String(
"default")) {
226 BLAME() <<
"Couldn't load CryptoManager:" << name;
228 TRACE() <<
"No CryptoManager set, using default (dummy)";
231 QObject::connect(m_cryptoManager, SIGNAL(fileSystemMounted()),
232 this, SLOT(onEncryptedFSMounted()));
233 QObject::connect(m_cryptoManager, SIGNAL(fileSystemUnmounting()),
234 this, SLOT(onEncryptedFSUnmounting()));
235 m_cryptoManager->initialize(m_CAMConfiguration.
m_settings);
241 if (m_keyAuthorizer == 0) {
242 TRACE() <<
"No key authorizer set, using default";
245 QObject::connect(m_keyAuthorizer,
246 SIGNAL(keyAuthorizationQueried(
const SignOn::Key,
int)),
248 SLOT(onKeyAuthorizationQueried(
const SignOn::Key,
int)));
254 QObject::connect(m_keyHandler, SIGNAL(ready()),
256 QObject::connect(m_keyHandler, SIGNAL(keyInserted(SignOn::Key)),
257 this, SLOT(onKeyInserted(SignOn::Key)));
258 QObject::connect(m_keyHandler,
259 SIGNAL(lastAuthorizedKeyRemoved(SignOn::Key)),
261 SLOT(onLastAuthorizedKeyRemoved(SignOn::Key)));
262 QObject::connect(m_keyHandler, SIGNAL(keyRemoved(SignOn::Key)),
263 this, SLOT(onKeyRemoved(SignOn::Key)));
264 m_keyHandler->initialize(m_cryptoManager, keyManagers);
267 m_isInitialized =
true;
270 TRACE() <<
"CredentialsAccessManager successfully initialized...";
275 SignOn::AbstractKeyManager *keyManager)
277 keyManagers.append(keyManager);
282 bool extensionInUse =
false;
284 SignOn::ExtensionInterface *extension;
285 SignOn::ExtensionInterface2 *extension2;
286 SignOn::ExtensionInterface3 *extension3;
288 extension3 = qobject_cast<SignOn::ExtensionInterface3 *>(plugin);
291 extension2 = extension3;
293 extension2 = qobject_cast<SignOn::ExtensionInterface2 *>(plugin);
296 extension = extension2;
298 extension = qobject_cast<SignOn::ExtensionInterface *>(plugin);
300 if (extension == 0) {
301 qWarning() <<
"Plugin instance is not an ExtensionInterface";
305 SignOn::AbstractKeyManager *keyManager = extension->keyManager(
this);
308 extensionInUse =
true;
313 if (extension2 != 0) {
314 SignOn::AbstractKeyAuthorizer *keyAuthorizer =
315 extension2->keyAuthorizer(m_keyHandler,
this);
316 if (keyAuthorizer != 0) {
317 if (m_keyAuthorizer == 0) {
318 m_keyAuthorizer = keyAuthorizer;
319 extensionInUse =
true;
321 TRACE() <<
"Key authorizer already set";
322 delete keyAuthorizer;
327 if (extension3 != 0) {
331 SignOn::AbstractCryptoManager *cryptoManager =
332 extension3->cryptoManager(
this);
333 if (cryptoManager != 0) {
334 if (m_cryptoManager == 0) {
335 m_cryptoManager = cryptoManager;
336 extensionInUse =
true;
338 TRACE() <<
"Crypto manager already set";
339 delete cryptoManager;
346 SignOn::AbstractSecretsStorage *secretsStorage =
347 extension3->secretsStorage(
this);
348 if (secretsStorage != 0) {
349 if (m_secretsStorage == 0) {
350 m_secretsStorage = secretsStorage;
351 extensionInUse =
true;
353 TRACE() <<
"SecretsStorage already set";
354 delete secretsStorage;
361 if (plugin->objectName() ==
363 SignOn::AbstractAccessControlManager *acManager =
364 extension3->accessControlManager(
this);
365 if (acManager != 0) {
366 if (m_acManager == 0) {
367 m_acManager = acManager;
368 extensionInUse =
true;
370 TRACE() <<
"Access control manager already set";
376 return extensionInUse;
383 files << m_cryptoManager->backupFiles();
387 bool CredentialsAccessManager::openSecretsDB()
389 if (!m_cryptoManager->fileSystemIsMounted()) {
396 QString dbPath = m_cryptoManager->fileSystemMountPath()
400 TRACE() <<
"Database name: [" << dbPath <<
"]";
409 bool CredentialsAccessManager::isSecretsDBOpen()
414 bool CredentialsAccessManager::closeSecretsDB()
418 if (!m_cryptoManager->unmountFileSystem()) {
426 bool CredentialsAccessManager::createStorageDir()
430 QFileInfo fileInfo(dbPath);
431 if (!fileInfo.exists()) {
432 QDir storageDir(fileInfo.dir());
433 if (!storageDir.mkpath(storageDir.path())) {
434 BLAME() <<
"Could not create storage directory:" <<
444 bool CredentialsAccessManager::openMetaDataDB()
448 m_pCredentialsDB =
new CredentialsDB(dbPath, m_secretsStorage);
450 if (!m_pCredentialsDB->
init()) {
458 void CredentialsAccessManager::closeMetaDataDB()
460 if (m_pCredentialsDB) {
461 delete m_pCredentialsDB;
462 m_pCredentialsDB = NULL;
470 if (!openMetaDataDB()) {
471 BLAME() <<
"Couldn't open metadata DB!";
475 m_systemOpened =
true;
477 if (m_cryptoManager->fileSystemIsMounted()) {
478 if (!openSecretsDB()) {
479 BLAME() <<
"Failed to open secrets DB.";
487 m_cryptoManager->mountFileSystem();
500 bool allClosed =
true;
501 if (isSecretsDBOpen() && !closeSecretsDB())
507 m_systemOpened =
false;
520 BLAME() <<
"Not implemented";
528 return m_pCredentialsDB;
533 return (m_keyHandler != 0) ? m_keyHandler->isReady() :
true;
536 void CredentialsAccessManager::onKeyInserted(
const SignOn::Key key)
538 TRACE() <<
"Key inserted.";
540 if (!m_keyHandler->keyIsAuthorized(key))
541 m_keyAuthorizer->queryKeyAuthorization(
542 key, AbstractKeyAuthorizer::KeyInserted);
545 void CredentialsAccessManager::onLastAuthorizedKeyRemoved(
const SignOn::Key key)
548 TRACE() <<
"All keys disabled. Closing secure storage.";
549 if (isSecretsDBOpen() || m_cryptoManager->fileSystemIsMounted())
550 if (!closeSecretsDB())
551 BLAME() <<
"Error occurred while closing secure storage.";
554 void CredentialsAccessManager::onKeyRemoved(
const SignOn::Key key)
556 TRACE() <<
"Key removed.";
558 if (m_keyHandler->keyIsAuthorized(key)) {
559 if (!m_keyHandler->revokeKeyAuthorization(key)) {
560 BLAME() <<
"Revoking key authorization failed";
565 void CredentialsAccessManager::onKeyAuthorizationQueried(
const SignOn::Key key,
568 TRACE() <<
"result:" << result;
570 if (result != AbstractKeyAuthorizer::Denied) {
571 KeyHandler::AuthorizeFlags flags = KeyHandler::None;
572 if (result == AbstractKeyAuthorizer::Exclusive) {
573 TRACE() <<
"Reformatting secure storage.";
574 flags |= KeyHandler::FormatStorage;
577 if (!m_keyHandler->authorizeKey(key, flags)) {
578 BLAME() <<
"Authorization failed";
582 replyToSecureStorageEventNotifiers();
587 if (m_keyHandler == 0)
return false;
588 return !m_keyHandler->insertedKeys().isEmpty();
591 void CredentialsAccessManager::replyToSecureStorageEventNotifiers()
600 foreach (
EventSender object, m_secureStorageEventNotifiers) {
607 QCoreApplication::postEvent(
610 Qt::HighEventPriority);
613 m_secureStorageEventNotifiers.clear();
618 TRACE() <<
"Custom event received.";
620 QObject::customEvent(event);
629 m_secureStorageEventNotifiers.append(localEvent->
m_sender);
631 TRACE() <<
"Processing secure storage not available event.";
632 if ((localEvent == 0) || (m_pCredentialsDB == 0)) {
633 replyToSecureStorageEventNotifiers();
634 QObject::customEvent(event);
640 replyToSecureStorageEventNotifiers();
641 QObject::customEvent(event);
646 m_keyAuthorizer->queryKeyAuthorization(key,
647 AbstractKeyAuthorizer::StorageNeeded);
649 QObject::customEvent(event);
652 void CredentialsAccessManager::onEncryptedFSMounted()
657 if (!isSecretsDBOpen()) {
658 if (openSecretsDB()) {
659 TRACE() <<
"Secrets DB opened.";
661 BLAME() <<
"Failed to open secrets DB.";
664 BLAME() <<
"Secrets DB already opened?";
668 void CredentialsAccessManager::onEncryptedFSUnmounting()
673 if (isSecretsDBOpen()) {
CAMConfiguration()
Constructs a CAMConfiguration object with the default configuration - encryption in use...
QString metadataDBPath() const
Returns the path to the metadata DB.
bool deleteCredentialsSystem()
Deletes the credentials system.
void addSetting(const QString &key, const QVariant &value)
void serialize(QIODevice *device)
Serializes the CAMConfiguration object as string to a specific IODevice.
bool closeCredentialsSystem()
Closes the credentials system.
QString m_dbName
The database file name.
bool initExtension(QObject *object)
Initializes know objects from an extension plugin.
bool credentialsSystemOpened() const
For convenience method.
CredentialsAccessManager(const CAMConfiguration &configuration, QObject *parent=0)
Constructs a CredentialsAccessManager object with the given parent.
QString m_secretsDbName
The credentials database file name.
void customEvent(QEvent *event)
bool useEncryption() const
Any object in the signon framework that needs the CredentialsAccessManager - CAM - secure storage in ...
void addKeyManager(SignOn::AbstractKeyManager *keyManager)
Adds a key manager.
const char signonDefaultDbName[]
void setStoragePath(const QString &storagePath)
static CredentialsAccessManager * instance()
Returns CAM instance.
QString m_storagePath
The base directory for storage.
#define SIGNON_SECURE_STORAGE_AVAILABLE
The CAM will reply with an event of this type when the secure storage access will be successfully res...
#define RETURN_IF_NOT_INITIALIZED(return_value)
Main singleton and manager object of the credentials database system.
#define SIGNON_SECURE_STORAGE_NOT_AVAILABLE
Use this event type to signal the CAM when the secure storage is not available.
bool isCredentialsSystemReady() const
The creadentials system is ready when all of the subscribed key managers have successfully reported a...
bool setUserOwnership(const QString &filePath)
void credentialsSystemReady()
Is emitted when the credentials system becomes ready.
bool openSecretsDB(const QString &secretsDbName)
This method will open the DB file containing the user secrets.
bool init()
Initializes the CAM instance.
QString secretsStorageName() const
Returns the name of the SecretsStorage to use.
QPointer< QObject > EventSender
Dummy implementation of a manager for the credentials storage file system encryption.
bool keysAvailable() const
The CAM manages the encryption keys collection.
~CredentialsAccessManager()
Destroys a CredentialsAccessManager.
Definition of the CredentialsAccessManager object.
void finalize()
Finalizes the CAM instance, this could include, closing the credentials system and resetting the conf...
SQLite-based implementation of the AbstractSecretsStorage interface.
const char signonDefaultSecretsDbName[]
CredentialsDB * credentialsDB() const
Manages the credentials I/O.
Implements a default key authorizer, which authorizes all given keys.
QString accessControlManagerName() const
Returns the name of the AccessControlManager to use.
Configuration object for the CredentialsAccessManager - CAM.
bool openCredentialsSystem()
Opens the credentials system, creates the CreadentialsDB object; if encryption is configured this wil...
QString cryptoManagerName() const
Returns the name of the CryptoManager to use.
const char signonDefaultStoragePath[]
QStringList backupFiles() const
Contains helper functions related to Access Control.