Qt 4.8
|
Authenticate a message transport. More...
#include <qtransportauth_qws.h>
Classes | |
struct | Data |
Public Types | |
enum | Properties { Trusted = 0x01, Connection = 0x02, UnixStreamSock = 0x04, SharedMemory = 0x08, MessageQueue = 0x10, UDP = 0x20, TCP = 0x40, UserDefined = 0x80, TransportType = 0xfc } |
enum | Result { Pending = 0x00, TooSmall = 0x01, CacheMiss = 0x02, NoMagic = 0x03, NoSuchKey = 0x04, FailMatch = 0x05, OutOfDate = 0x06, Success = 0x1e, ErrMask = 0x1f, Allow = 0x20, Deny = 0x40, Ask = 0x60, StatusMask = 0xe0 } |
Signals | |
void | authViolation (QTransportAuth::Data &) |
void | policyCheck (QTransportAuth::Data &, const QString &) |
Signals inherited from QObject | |
void | destroyed (QObject *=0) |
This signal is emitted immediately before the object obj is destroyed, and can not be blocked. More... | |
Public Functions | |
QAuthDevice * | authBuf (QTransportAuth::Data *, QIODevice *) |
Return a QIODevice pointer (to an internal QBuffer) which can be used to write data onto, for authorization on transport d. More... | |
bool | authFromMessage (QTransportAuth::Data &d, const char *msg, int msgLen) |
Check authorization on the msg, which must be of size msgLen, for the transport d. More... | |
bool | authorizeRequest (QTransportAuth::Data &d, const QString &request) |
bool | authToMessage (QTransportAuth::Data &d, char *hdr, const char *msg, int msgLen) |
Add authentication header to the beginning of a message. More... | |
QTransportAuth::Data * | connectTransport (unsigned char, int) |
Record a new transport connection with properties and descriptor. More... | |
const unsigned char * | getClientKey (unsigned char progId) |
QMutex * | getKeyFileMutex () |
void | invalidateClientKeyCache () |
bool | isDiscoveryMode () const |
QString | keyFilePath () const |
QString | logFilePath () const |
QIODevice * | passThroughByClient (QWSClient *) const |
QAuthDevice * | recvBuf (QTransportAuth::Data *, QIODevice *) |
Return a QIODevice pointer (to an internal QBuffer) which can be used to receive data after authorization on transport d. More... | |
void | registerPolicyReceiver (QObject *) |
Register pr as a policy handler object. More... | |
void | setKeyFilePath (const QString &) |
Set the full path to the key file. More... | |
void | setLogFilePath (const QString &) |
void | setPackageRegistry (QObject *registry) |
void | setProcessKey (const char *) |
Set the process key for this currently running Qt Extended process to the authdata. More... | |
void | setProcessKey (const char *, const char *) |
Apply key as the process key for the currently running application. More... | |
void | unregisterPolicyReceiver (QObject *) |
Unregister the pr from being a policy handler. More... | |
Public Functions inherited from QObject | |
bool | blockSignals (bool b) |
If block is true, signals emitted by this object are blocked (i.e., emitting a signal will not invoke anything connected to it). More... | |
const QObjectList & | children () const |
Returns a list of child objects. More... | |
bool | connect (const QObject *sender, const char *signal, const char *member, Qt::ConnectionType type=Qt::AutoConnection) const |
bool | disconnect (const char *signal=0, const QObject *receiver=0, const char *member=0) |
bool | disconnect (const QObject *receiver, const char *member=0) |
void | dumpObjectInfo () |
Dumps information about signal connections, etc. More... | |
void | dumpObjectTree () |
Dumps a tree of children to the debug output. More... | |
QList< QByteArray > | dynamicPropertyNames () const |
Returns the names of all properties that were dynamically added to the object using setProperty(). More... | |
virtual bool | event (QEvent *) |
This virtual function receives events to an object and should return true if the event e was recognized and processed. More... | |
virtual bool | eventFilter (QObject *, QEvent *) |
Filters events if this object has been installed as an event filter for the watched object. More... | |
template<typename T > | |
T | findChild (const QString &aName=QString()) const |
Returns the child of this object that can be cast into type T and that is called name, or 0 if there is no such object. More... | |
template<typename T > | |
QList< T > | findChildren (const QString &aName=QString()) const |
Returns all children of this object with the given name that can be cast to type T, or an empty list if there are no such objects. More... | |
template<typename T > | |
QList< T > | findChildren (const QRegExp &re) const |
bool | inherits (const char *classname) const |
Returns true if this object is an instance of a class that inherits className or a QObject subclass that inherits className; otherwise returns false. More... | |
void | installEventFilter (QObject *) |
Installs an event filter filterObj on this object. More... | |
bool | isWidgetType () const |
Returns true if the object is a widget; otherwise returns false. More... | |
void | killTimer (int id) |
Kills the timer with timer identifier, id. More... | |
virtual const QMetaObject * | metaObject () const |
Returns a pointer to the meta-object of this object. More... | |
void | moveToThread (QThread *thread) |
Changes the thread affinity for this object and its children. More... | |
QString | objectName () const |
QObject * | parent () const |
Returns a pointer to the parent object. More... | |
QVariant | property (const char *name) const |
Returns the value of the object's name property. More... | |
Q_INVOKABLE | QObject (QObject *parent=0) |
Constructs an object with parent object parent. More... | |
void | removeEventFilter (QObject *) |
Removes an event filter object obj from this object. More... | |
void | setObjectName (const QString &name) |
void | setParent (QObject *) |
Makes the object a child of parent. More... | |
bool | setProperty (const char *name, const QVariant &value) |
Sets the value of the object's name property to value. More... | |
void | setUserData (uint id, QObjectUserData *data) |
bool | signalsBlocked () const |
Returns true if signals are blocked; otherwise returns false. More... | |
int | startTimer (int interval) |
Starts a timer and returns a timer identifier, or returns zero if it could not start a timer. More... | |
QThread * | thread () const |
Returns the thread in which the object lives. More... | |
QObjectUserData * | userData (uint id) const |
virtual | ~QObject () |
Destroys the object, deleting all its child objects. More... | |
Static Public Functions | |
static const char * | errorString (const QTransportAuth::Data &) |
static QTransportAuth * | getInstance () |
Return a pointer to the instance of this process's QTransportAuth object. More... | |
Static Public Functions inherited from QObject | |
static bool | connect (const QObject *sender, const char *signal, const QObject *receiver, const char *member, Qt::ConnectionType=Qt::AutoConnection) |
Creates a connection of the given type from the signal in the sender object to the method in the receiver object. More... | |
static bool | connect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &method, Qt::ConnectionType type=Qt::AutoConnection) |
static bool | disconnect (const QObject *sender, const char *signal, const QObject *receiver, const char *member) |
Disconnects signal in object sender from method in object receiver. More... | |
static bool | disconnect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &member) |
static uint | registerUserData () |
static QString | tr (const char *sourceText, const char *comment=0, int n=-1) |
static QString | trUtf8 (const char *sourceText, const char *comment=0, int n=-1) |
Private Slots | |
void | bufferDestroyed (QObject *) |
Private Functions | |
QTransportAuth () | |
~QTransportAuth () | |
Friends | |
class | QAuthDevice |
Additional Inherited Members | |
Public Slots inherited from QObject | |
void | deleteLater () |
Schedules this object for deletion. More... | |
Static Public Variables inherited from QObject | |
static const QMetaObject | staticMetaObject |
This variable stores the meta-object for the class. More... | |
Protected Functions inherited from QObject | |
virtual void | childEvent (QChildEvent *) |
This event handler can be reimplemented in a subclass to receive child events. More... | |
virtual void | connectNotify (const char *signal) |
This virtual function is called when something has been connected to signal in this object. More... | |
virtual void | customEvent (QEvent *) |
This event handler can be reimplemented in a subclass to receive custom events. More... | |
virtual void | disconnectNotify (const char *signal) |
This virtual function is called when something has been disconnected from signal in this object. More... | |
QObject (QObjectPrivate &dd, QObject *parent=0) | |
int | receivers (const char *signal) const |
Returns the number of receivers connected to the signal. More... | |
QObject * | sender () const |
Returns a pointer to the object that sent the signal, if called in a slot activated by a signal; otherwise it returns 0. More... | |
int | senderSignalIndex () const |
virtual void | timerEvent (QTimerEvent *) |
This event handler can be reimplemented in a subclass to receive timer events for the object. More... | |
Protected Variables inherited from QObject | |
QScopedPointer< QObjectData > | d_ptr |
Static Protected Variables inherited from QObject | |
static const QMetaObject | staticQtMetaObject |
Related Functions inherited from QObject | |
T | qFindChildqFindChildren (const QObject *obj, const QString &name)() |
QList< T > | qFindChildrenqFindChildren (const QObject *obj, const QString &name)() |
QList< T > | qFindChildrenqFindChildren (const QObject *obj, const QRegExp ®Exp)() |
T * | qobject_cast (QObject *object) |
QObjectList | |
void * | qt_find_obj_child (QObject *parent, const char *type, const QString &name) |
Returns a pointer to the object named name that inherits type and with a given parent. More... | |
Authenticate a message transport.
For performance reasons, message authentication is tied to an individual message transport instance. For example in connection oriented transports the authentication cookie can be cached against the connection avoiding the overhead of authentication on every message.
For each process there is one instance of the QTransportAuth object. For server processes it can determine the SXE Program Identity and provide access to policy data to determine if the message should be forwarded for action. If not actioned, the message may be treated as being from a flawed or malicious process.
Retrieve the instance with the getInstance() method. The constructor is disabled and instances of QTransportAuth should never be constructed by calling classes.
To make the Authentication easier to use a proxied QIODevice is provided which uses an internal QBuffer.
In the server code first get a pointer to a QTransportAuth::Data object using the connectTransport() method:
Here it is asserted that the transport is trusted. See the assumptions listed in the SXE documentation
Then proxy in the authentication device:
In the client code it is similar. Use the connectTransport() method just the same then proxy in the authentication device instead of the socket in write calls:
Definition at line 69 of file qtransportauth_qws.h.
Enumerator | |
---|---|
Trusted | |
Connection | |
UnixStreamSock | |
SharedMemory | |
MessageQueue | |
UDP | |
TCP | |
UserDefined | |
TransportType |
Definition at line 96 of file qtransportauth_qws.h.
Enumerator | |
---|---|
Pending | |
TooSmall | |
CacheMiss | |
NoMagic | |
NoSuchKey | |
FailMatch | |
OutOfDate | |
Success | |
ErrMask | |
Allow | |
Deny | |
Ask | |
StatusMask |
Definition at line 75 of file qtransportauth_qws.h.
|
private |
Definition at line 198 of file qtransportauth_qws.cpp.
|
private |
Definition at line 207 of file qtransportauth_qws.cpp.
QAuthDevice * QTransportAuth::authBuf | ( | QTransportAuth::Data * | data, |
QIODevice * | iod | ||
) |
Return a QIODevice pointer (to an internal QBuffer) which can be used to write data onto, for authorization on transport d.
The return QIODevice will act as a pass-through.
The data written to the return QIODevice will be forwarded on to the returned QIODevice. In the case of a QTcpSocket, this will cause it to send out the data with the authentication information on it.
This will be called in the client process to generate outgoing authenticated requests.
The returned QIODevice will take ownership of data which will be deleted when the QIODevice is delected.
Definition at line 493 of file qtransportauth_qws.cpp.
Referenced by QWSDisplay::Data::init(), and QWSDisplay::Data::reinit().
bool QTransportAuth::authFromMessage | ( | QTransportAuth::Data & | d, |
const char * | msg, | ||
int | msgLen | ||
) |
Check authorization on the msg, which must be of size msgLen, for the transport d.
If able to determine authorization, return the program identity of the message source in the reference progId, and return true.
Otherwise return false.
If data is being received on a socket, it may be that more data is yet needed before authentication can proceed.
Also the message may not be an authenticated at all.
In these cases the method returns false to indicate authorization could not be determined:
If however the authentication header (preceded by the magic bytes) and any authenticated payload is received the method will determine the authentication status, and return true.
In the following cases as well as returning true it will also emit an authViolation():
In these cases the authViolation( QTransportAuth::Data d ) signal is emitted and the error string can be obtained from the status like this:
Definition at line 1294 of file qtransportauth_qws.cpp.
bool QTransportAuth::authorizeRequest | ( | QTransportAuth::Data & | d, |
const QString & | request | ||
) |
Definition at line 534 of file qtransportauth_qws.cpp.
Referenced by QAuthDevice::authorizeMessage(), and QAuthDevice::recvReadyRead().
bool QTransportAuth::authToMessage | ( | QTransportAuth::Data & | d, |
char * | hdr, | ||
const char * | msg, | ||
int | msgLen | ||
) |
Add authentication header to the beginning of a message.
Note that the per-process auth cookie is used.
For this to be secure some mechanism (eg MAC kernel or other permissions) must prevent other processes from reading the key.
The buffer must have AUTH_SPACE(0) bytes spare at the beginning for the authentication header to be added.
Returns true if header successfully added. Will fail if the per-process key has not yet been set with setProcessKey()
Definition at line 1199 of file qtransportauth_qws.cpp.
|
signal |
|
privateslot |
Definition at line 521 of file qtransportauth_qws.cpp.
QTransportAuth::Data * QTransportAuth::connectTransport | ( | unsigned char | properties, |
int | descriptor | ||
) |
Record a new transport connection with properties and descriptor.
The calling code is responsible for destroying the returned data when the tranport connection is closed.
Definition at line 288 of file qtransportauth_qws.cpp.
Referenced by QWSServerPrivate::_q_newConnection(), QWSDisplay::Data::init(), and QWSDisplay::Data::reinit().
|
static |
Definition at line 157 of file qtransportauth_qws.cpp.
const unsigned char * QTransportAuth::getClientKey | ( | unsigned char | progId | ) |
Definition at line 498 of file qtransportauth_qws.cpp.
|
static |
Return a pointer to the instance of this process's QTransportAuth object.
Definition at line 359 of file qtransportauth_qws.cpp.
Referenced by QWSServerPrivate::_q_newConnection(), QAuthDevice::authorizeMessage(), QWSDisplay::Data::init(), FAREnforcer::logAuthAttempt(), qws_write_command(), QWSClient::readMoreCommand(), QAuthDevice::recvReadyRead(), QWSDisplay::Data::reinit(), QAuthDevice::setClient(), and QAuthDevice::writeData().
QMutex * QTransportAuth::getKeyFileMutex | ( | ) |
Definition at line 510 of file qtransportauth_qws.cpp.
void QTransportAuth::invalidateClientKeyCache | ( | ) |
Definition at line 504 of file qtransportauth_qws.cpp.
bool QTransportAuth::isDiscoveryMode | ( | ) | const |
Definition at line 405 of file qtransportauth_qws.cpp.
Referenced by authorizeRequest(), and FAREnforcer::logAuthAttempt().
QString QTransportAuth::keyFilePath | ( | ) | const |
Definition at line 381 of file qtransportauth_qws.cpp.
QString QTransportAuth::logFilePath | ( | ) | const |
Definition at line 393 of file qtransportauth_qws.cpp.
Referenced by authorizeRequest(), isDiscoveryMode(), and FAREnforcer::logAuthAttempt().
Definition at line 435 of file qtransportauth_qws.cpp.
Referenced by qws_write_command(), and QWSClient::readMoreCommand().
|
signal |
Referenced by authorizeRequest(), and registerPolicyReceiver().
QAuthDevice * QTransportAuth::recvBuf | ( | QTransportAuth::Data * | data, |
QIODevice * | iod | ||
) |
Return a QIODevice pointer (to an internal QBuffer) which can be used to receive data after authorization on transport d.
The return QIODevice will act as a pass-through.
The data will be consumed from iod and forwarded on to the returned QIODevice which can be connected to readyRead() signal handlers in place of the original QIODevice iod.
This will be called in the server process to handle incoming authenticated requests.
The returned QIODevice will take ownership of data which will be deleted when the QIODevice is delected.
Definition at line 470 of file qtransportauth_qws.cpp.
Referenced by QWSServerPrivate::_q_newConnection().
void QTransportAuth::registerPolicyReceiver | ( | QObject * | pr | ) |
Register pr as a policy handler object.
The object pointed to by pr should have a slot as follows
All requests received by this server will then generate a call to this slot, and may be processed for policy compliance.
Definition at line 262 of file qtransportauth_qws.cpp.
void QTransportAuth::setKeyFilePath | ( | const QString & | path | ) |
Set the full path to the key file.
Since this is normally relative to Qtopia::qpeDir() this needs to be set within the Qt Extended framework.
The keyfile should be protected by file permissions or by MAC rules such that it can only be read/written by the "qpe" server process
Definition at line 375 of file qtransportauth_qws.cpp.
void QTransportAuth::setLogFilePath | ( | const QString & | path | ) |
Definition at line 387 of file qtransportauth_qws.cpp.
void QTransportAuth::setPackageRegistry | ( | QObject * | registry | ) |
Definition at line 399 of file qtransportauth_qws.cpp.
void QTransportAuth::setProcessKey | ( | const char * | authdata | ) |
Set the process key for this currently running Qt Extended process to the authdata.
authdata should be sizeof(struct AuthCookie) in length and contain the key and program id. Use this method when setting or changing the SXE identity of the current program.
Definition at line 218 of file qtransportauth_qws.cpp.
Referenced by setProcessKey().
void QTransportAuth::setProcessKey | ( | const char * | key, |
const char * | prog | ||
) |
Apply key as the process key for the currently running application.
prog is current ignored
Deprecated function
Definition at line 244 of file qtransportauth_qws.cpp.
void QTransportAuth::unregisterPolicyReceiver | ( | QObject * | pr | ) |
Unregister the pr from being a policy handler.
No more policyCheck signals are received by this object.
Definition at line 275 of file qtransportauth_qws.cpp.
|
friend |
Definition at line 171 of file qtransportauth_qws.h.