void KSecretUnlockCollectionJob::start()
{
if(!collection()->isLocked()) {
setResult(true);
emitResult();
return;
}
// default is always to ask the user
if(unlockInfo().m_peer.isValid()) {
m_collectionPerm = collection()->applicationPermission(unlockInfo().m_peer.exePath());
switch(m_collectionPerm) {
case PermissionDeny:
// the application was explicitly denied access by the user in the past
setResult(false);
emitResult();
break;
case PermissionAsk:
// the permission found was set to "ask each time for the password"
createAskPasswordJob();
break;
case PermissionAllow: {
KSecretCollection *ksecretColl = dynamic_cast< KSecretCollection* >(collection());
if ( ksecretColl->tryUnlock().isError() ) {
createAskPasswordJob();
}
else {
setResult(true);
emitResult();
}
}
break;
case PermissionUndefined:
// this is the first time the calling application tries to open this collection
// first, prompt for the collection password, then ask for ACL preferences
createAskPasswordJob();
break;
default:
Q_ASSERT(0); // unknown case detected !!
setResult(false);
emitResult();
}
}
else {
setResult(false); // FIXME: should we give a message here or let it silently deny access ?
emitResult();
}
}
void KSecretUnlockCollectionJob::askAclPrefsJobResult(KJob *job)
{
AbstractAskAclPrefsJob *apj = qobject_cast<AbstractAskAclPrefsJob*>(job);
Q_ASSERT(apj);
if(apj->denied()) {
setResult(false);
setError(BackendErrorOther, i18n("Unlocking the secret collection was denied."));
emitResult();
} else
if (apj->cancelled() ) {
setResult(false);
setError(BackendErrorOther, i18n("Unlocking the secret collection was canceled by the user."));
emitResult();
}
else {
// now that the access to this collection is allowed, store user choice and go further and ask the password
if ( !collection()->setApplicationPermission(
unlockInfo().m_peer.exePath(),
apj->permission() ) )
{
setResult(false);
setError(BackendErrorAclSetPermission, i18n("Cannot store application ACL policy into the back-end.") );
emitResult();
}
else {
if ( !m_passwordAsked ) {
createAskPasswordJob();
}
else {
setResult(true);
emitResult();
}
}
}
}
void KSecretUnlockCollectionJob::askPasswordJobResult(KJob *job)
{
AbstractAskPasswordJob *apj = qobject_cast<AbstractAskPasswordJob*>(job);
Q_ASSERT(apj);
if(apj->cancelled()) {
setResult(false);
setError(BackendErrorOther, i18n("Unlocking the secret collection was canceled by the user."));
emitResult();
return;
}
KSecretCollection *ksecretColl = dynamic_cast< KSecretCollection* >(collection());
BackendReturn<bool> rc = ksecretColl->tryUnlockPassword(apj->password());
if(rc.isError()) {
setResult(false);
setError(rc.error(), rc.errorMessage());
emitResult();
} else if(!rc.value()) {
// try again the password
createAskPasswordJob();
} else {
m_passwordAsked = true;
m_collectionPerm = collection()->applicationPermission( unlockInfo().m_peer.exePath() );
if ( m_collectionPerm == PermissionUndefined ) {
// ask for the ACL preference if the application is unknown by this collection
AbstractUiManager *uiManager = BackendMaster::instance()->uiManager();
AbstractAskAclPrefsJob* askAclPrefsJob = uiManager->createAskAclPrefsJob(unlockInfo());
connect(askAclPrefsJob, SIGNAL(result(KJob*)), SLOT(askAclPrefsJobResult(KJob*)));
if ( addSubjob( askAclPrefsJob ) ) {
askAclPrefsJob->start();
}
else {
setResult(false);
emitResult();
}
}
else {
setResult(true);
emitResult();
}
}
}
void KSecretChangeAuthenticationCollectionJob::start()
{
CollectionUnlockInfo unlockInfo( peer() );
UnlockCollectionJob *unlockJob = collection()->createUnlockJob( unlockInfo );
connect( unlockJob, SIGNAL(finished(KJob*)), this, SLOT(slotUnlockResult(KJob*)) );
if (addSubjob( unlockJob )) {
unlockJob->start();
}
else {
qDebug() << "Failed to add unlock subjob";
setError(BackendErrorOther, i18n("Cannot start secret collection unlocking"));
}
}
/*
* hostToIPAddr ()
* On many systems, gethostbyname must be protected by a
* mutex since the routine is not thread-safe.
*/
epicsShareFunc int epicsShareAPI hostToIPAddr
(const char *pHostName, struct in_addr *pIPA)
{
struct hostent *phe;
int ret = -1;
lockInfo ();
phe = gethostbyname (pHostName);
if (phe && phe->h_addr_list[0]) {
if (phe->h_addrtype==AF_INET && phe->h_length<=sizeof(struct in_addr)) {
struct in_addr *pInAddrIn = (struct in_addr *) phe->h_addr_list[0];
*pIPA = *pInAddrIn;
ret = 0;
}
}
unlockInfo ();
return ret;
}
/*
* ipAddrToHostName
* On many systems, gethostbyaddr must be protected by a
* mutex since the routine is not thread-safe.
*/
epicsShareFunc unsigned epicsShareAPI ipAddrToHostName
(const struct in_addr *pAddr, char *pBuf, unsigned bufSize)
{
struct hostent *ent;
int ret = 0;
if (bufSize<1) {
return 0;
}
lockInfo ();
ent = gethostbyaddr((const char *) pAddr, sizeof (*pAddr), AF_INET);
if (ent) {
strncpy (pBuf, ent->h_name, bufSize);
pBuf[bufSize-1] = '\0';
ret = strlen (pBuf);
}
unlockInfo ();
return ret;
}
