void KSecretUnlockCollectionJob::start() { if(!collection()->isLocked()) { setResult(true); emitResult(); return; } // default is always to ask the user if(unlockInfo().m_peer.isValid()) { m_collectionPerm = collection()->applicationPermission(unlockInfo().m_peer.exePath()); switch(m_collectionPerm) { case PermissionDeny: // the application was explicitly denied access by the user in the past setResult(false); emitResult(); break; case PermissionAsk: // the permission found was set to "ask each time for the password" createAskPasswordJob(); break; case PermissionAllow: { KSecretCollection *ksecretColl = dynamic_cast< KSecretCollection* >(collection()); if ( ksecretColl->tryUnlock().isError() ) { createAskPasswordJob(); } else { setResult(true); emitResult(); } } break; case PermissionUndefined: // this is the first time the calling application tries to open this collection // first, prompt for the collection password, then ask for ACL preferences createAskPasswordJob(); break; default: Q_ASSERT(0); // unknown case detected !! setResult(false); emitResult(); } } else { setResult(false); // FIXME: should we give a message here or let it silently deny access ? emitResult(); } }
void KSecretUnlockCollectionJob::askAclPrefsJobResult(KJob *job) { AbstractAskAclPrefsJob *apj = qobject_cast<AbstractAskAclPrefsJob*>(job); Q_ASSERT(apj); if(apj->denied()) { setResult(false); setError(BackendErrorOther, i18n("Unlocking the secret collection was denied.")); emitResult(); } else if (apj->cancelled() ) { setResult(false); setError(BackendErrorOther, i18n("Unlocking the secret collection was canceled by the user.")); emitResult(); } else { // now that the access to this collection is allowed, store user choice and go further and ask the password if ( !collection()->setApplicationPermission( unlockInfo().m_peer.exePath(), apj->permission() ) ) { setResult(false); setError(BackendErrorAclSetPermission, i18n("Cannot store application ACL policy into the back-end.") ); emitResult(); } else { if ( !m_passwordAsked ) { createAskPasswordJob(); } else { setResult(true); emitResult(); } } } }
void KSecretUnlockCollectionJob::askPasswordJobResult(KJob *job) { AbstractAskPasswordJob *apj = qobject_cast<AbstractAskPasswordJob*>(job); Q_ASSERT(apj); if(apj->cancelled()) { setResult(false); setError(BackendErrorOther, i18n("Unlocking the secret collection was canceled by the user.")); emitResult(); return; } KSecretCollection *ksecretColl = dynamic_cast< KSecretCollection* >(collection()); BackendReturn<bool> rc = ksecretColl->tryUnlockPassword(apj->password()); if(rc.isError()) { setResult(false); setError(rc.error(), rc.errorMessage()); emitResult(); } else if(!rc.value()) { // try again the password createAskPasswordJob(); } else { m_passwordAsked = true; m_collectionPerm = collection()->applicationPermission( unlockInfo().m_peer.exePath() ); if ( m_collectionPerm == PermissionUndefined ) { // ask for the ACL preference if the application is unknown by this collection AbstractUiManager *uiManager = BackendMaster::instance()->uiManager(); AbstractAskAclPrefsJob* askAclPrefsJob = uiManager->createAskAclPrefsJob(unlockInfo()); connect(askAclPrefsJob, SIGNAL(result(KJob*)), SLOT(askAclPrefsJobResult(KJob*))); if ( addSubjob( askAclPrefsJob ) ) { askAclPrefsJob->start(); } else { setResult(false); emitResult(); } } else { setResult(true); emitResult(); } } }
void KSecretChangeAuthenticationCollectionJob::start() { CollectionUnlockInfo unlockInfo( peer() ); UnlockCollectionJob *unlockJob = collection()->createUnlockJob( unlockInfo ); connect( unlockJob, SIGNAL(finished(KJob*)), this, SLOT(slotUnlockResult(KJob*)) ); if (addSubjob( unlockJob )) { unlockJob->start(); } else { qDebug() << "Failed to add unlock subjob"; setError(BackendErrorOther, i18n("Cannot start secret collection unlocking")); } }
/* * hostToIPAddr () * On many systems, gethostbyname must be protected by a * mutex since the routine is not thread-safe. */ epicsShareFunc int epicsShareAPI hostToIPAddr (const char *pHostName, struct in_addr *pIPA) { struct hostent *phe; int ret = -1; lockInfo (); phe = gethostbyname (pHostName); if (phe && phe->h_addr_list[0]) { if (phe->h_addrtype==AF_INET && phe->h_length<=sizeof(struct in_addr)) { struct in_addr *pInAddrIn = (struct in_addr *) phe->h_addr_list[0]; *pIPA = *pInAddrIn; ret = 0; } } unlockInfo (); return ret; }
/* * ipAddrToHostName * On many systems, gethostbyaddr must be protected by a * mutex since the routine is not thread-safe. */ epicsShareFunc unsigned epicsShareAPI ipAddrToHostName (const struct in_addr *pAddr, char *pBuf, unsigned bufSize) { struct hostent *ent; int ret = 0; if (bufSize<1) { return 0; } lockInfo (); ent = gethostbyaddr((const char *) pAddr, sizeof (*pAddr), AF_INET); if (ent) { strncpy (pBuf, ent->h_name, bufSize); pBuf[bufSize-1] = '\0'; ret = strlen (pBuf); } unlockInfo (); return ret; }