[gnome-online-accounts/wip/kerberos: 5/7] service squash
- From: Ray Strode <halfline src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-online-accounts/wip/kerberos: 5/7] service squash
- Date: Wed, 15 Aug 2012 23:49:17 +0000 (UTC)
commit bf2f0befb7bf9185301c3d24751907b8d48c7d09
Author: Ray Strode <rstrode redhat com>
Date: Tue Aug 14 11:37:22 2012 -0400
service squash
src/goaidentity/goaidentity.h | 8 ++
src/goaidentity/goaidentitymanager.c | 4 +
src/goaidentity/goaidentitymanager.h | 4 +
src/goaidentity/goaidentityservice.c | 111 +++++++++++++++++++++++---
src/goaidentity/goakerberosidentity.c | 46 +++++------
src/goaidentity/goakerberosidentity.h | 2 +
src/goaidentity/goakerberosidentitymanager.c | 11 +++
7 files changed, 149 insertions(+), 37 deletions(-)
---
diff --git a/src/goaidentity/goaidentity.h b/src/goaidentity/goaidentity.h
index f715489..14fed36 100644
--- a/src/goaidentity/goaidentity.h
+++ b/src/goaidentity/goaidentity.h
@@ -59,6 +59,14 @@ typedef enum
GOA_IDENTITY_ERROR_PARSING_IDENTIFIER,
} GoaIdentityError;
+typedef enum
+{
+ GOA_IDENTITY_SIGN_IN_FLAGS_NONE = 0,
+ GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_RENEWAL = 1,
+ GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_FORWARDING = 1 << 1,
+ GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_PROXYING = 1 << 2
+} GoaIdentitySignInFlags;
+
GType goa_identity_get_type (void);
GQuark goa_identity_error_quark (void);
diff --git a/src/goaidentity/goaidentitymanager.c b/src/goaidentity/goaidentitymanager.c
index b8e2a21..79335c5 100644
--- a/src/goaidentity/goaidentitymanager.c
+++ b/src/goaidentity/goaidentitymanager.c
@@ -204,6 +204,8 @@ goa_identity_manager_renew_identity_finish (GoaIdentityManager *self,
void
goa_identity_manager_sign_identity_in (GoaIdentityManager *self,
const char *identifier,
+ gconstpointer initial_password,
+ GoaIdentitySignInFlags flags,
GoaIdentityInquiryFunc inquiry_func,
gpointer inquiry_data,
GCancellable *cancellable,
@@ -212,6 +214,8 @@ goa_identity_manager_sign_identity_in (GoaIdentityManager *self,
{
GOA_IDENTITY_MANAGER_GET_IFACE (self)->sign_identity_in (self,
identifier,
+ initial_password,
+ flags,
inquiry_func,
inquiry_data,
cancellable,
diff --git a/src/goaidentity/goaidentitymanager.h b/src/goaidentity/goaidentitymanager.h
index fb15860..5b60c24 100644
--- a/src/goaidentity/goaidentitymanager.h
+++ b/src/goaidentity/goaidentitymanager.h
@@ -80,6 +80,8 @@ struct _GoaIdentityManagerInterface
void (* sign_identity_in) (GoaIdentityManager *identity_manager,
const char *identifier,
+ gconstpointer initial_password,
+ GoaIdentitySignInFlags flags,
GoaIdentityInquiryFunc inquiry_func,
gpointer inquiry_data,
GCancellable *cancellable,
@@ -141,6 +143,8 @@ GList *goa_identity_manager_list_identities_finish (GoaIdentityManager *identit
void goa_identity_manager_sign_identity_in (GoaIdentityManager *identity_manager,
const char *identifier,
+ gconstpointer initial_password,
+ GoaIdentitySignInFlags flags,
GoaIdentityInquiryFunc inquiry_func,
gpointer inquiry_data,
GCancellable *cancellable,
diff --git a/src/goaidentity/goaidentityservice.c b/src/goaidentity/goaidentityservice.c
index 28fd668..0c66f24 100644
--- a/src/goaidentity/goaidentityservice.c
+++ b/src/goaidentity/goaidentityservice.c
@@ -49,11 +49,13 @@ struct _GoaIdentityServicePrivate
};
static void identity_service_manager_interface_init (GoaIdentityServiceManagerIface *interface);
-static void ask_to_sign_in (GoaIdentityService *self,
- GoaIdentity *identity,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data);
+static void ask_to_sign_in (GoaIdentityService *self,
+ GoaIdentity *identity,
+ gconstpointer initial_password,
+ GoaIdentitySignInFlags flags,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
G_DEFINE_TYPE_WITH_CODE (GoaIdentityService,
goa_identity_service,
@@ -173,6 +175,8 @@ on_got_identity_for_sign_in (GoaIdentityManager *manager,
GoaIdentityService *self;
GError *error;
GoaIdentity *identity;
+ char *password;
+ GoaIdentitySignInFlags flags;
error = NULL;
identity = goa_identity_manager_get_identity_finish (manager, result, &error);
@@ -186,8 +190,15 @@ on_got_identity_for_sign_in (GoaIdentityManager *manager,
self = GOA_IDENTITY_SERVICE (g_async_result_get_source_object (G_ASYNC_RESULT (operation_result)));
+ password = g_object_get_data (G_OBJECT (result),
+ "initial-password");
+ flags = (GoaIdentitySignInFlags) GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (result),
+ "sign-in-flags"));
+
ask_to_sign_in (self,
identity,
+ password,
+ flags,
NULL,
(GAsyncReadyCallback)
on_sign_in_done,
@@ -216,21 +227,77 @@ on_sign_in_handled (GoaIdentityService *self,
}
}
+static void
+read_sign_in_details (GoaIdentityServiceManager *manager,
+ GVariant *details,
+ GoaIdentitySignInFlags *flags,
+ char **secret_key)
+{
+ GVariantIter iter;
+ char *key;
+ char *value;
+
+ *flags = GOA_IDENTITY_SIGN_IN_FLAGS_NONE;
+ g_variant_iter_init (&iter, details);
+ while (g_variant_iter_loop (&iter, "{ss}", &key, &value))
+ {
+ if (g_strcmp0 (key, "initial-secret") == 0)
+ *secret_key = g_strdup (value);
+ else if (g_strcmp0 (key, "disallow-renewal") == 0)
+ *flags |= GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_RENEWAL;
+ else if (g_strcmp0 (key, "disallow-forwarding") == 0)
+ *flags |= GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_FORWARDING;
+ else if (g_strcmp0 (key, "disallow-proxying") == 0)
+ *flags |= GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_PROXYING;
+ }
+}
+
static gboolean
goa_identity_service_handle_sign_in (GoaIdentityServiceManager *manager,
GDBusMethodInvocation *invocation,
const char *identifier,
GVariant *details)
{
- GoaIdentityService *self = GOA_IDENTITY_SERVICE (manager);
+ GoaIdentityService *self = GOA_IDENTITY_SERVICE (manager);
+ GSimpleAsyncResult *result;
+ GoaIdentitySignInFlags flags;
+ char *secret_key;
- GSimpleAsyncResult *result;
+ secret_key = NULL;
result = g_simple_async_result_new (G_OBJECT (self),
(GAsyncReadyCallback)
on_sign_in_handled,
g_object_ref (invocation),
goa_identity_service_handle_sign_in);
+
+ read_sign_in_details (manager, details, &flags, &secret_key);
+
+ g_object_set_data (G_OBJECT (result),
+ "sign-in-flags",
+ GUINT_TO_POINTER ((guint) flags));
+
+ if (secret_key != NULL)
+ {
+ GcrSecretExchange *secret_exchange;
+ gconstpointer initial_password;
+
+ secret_exchange = gcr_secret_exchange_new (NULL);
+
+ g_object_weak_ref (G_OBJECT (result),
+ (GWeakNotify)
+ g_object_unref,
+ secret_exchange);
+
+ gcr_secret_exchange_receive (secret_exchange, secret_key);
+ initial_password = gcr_secret_exchange_get_secret (secret_exchange, NULL);
+
+ g_object_set_data (G_OBJECT (result),
+ "initial-password",
+ (gpointer)
+ initial_password);
+ }
+
goa_identity_manager_get_identity (self->priv->identity_manager,
identifier,
NULL,
@@ -478,15 +545,20 @@ typedef struct
{
GoaIdentityService *service;
GoaIdentity *identity;
+ gconstpointer initial_password;
NotifyNotification *notification;
GSimpleAsyncResult *result;
GCancellable *cancellable;
gulong refreshed_signal_id;
+
+ GoaIdentitySignInFlags flags;
} SignInRequest;
static SignInRequest *
sign_in_request_new (GoaIdentityService *service,
GoaIdentity *identity,
+ gconstpointer initial_password,
+ GoaIdentitySignInFlags flags,
NotifyNotification *notification,
GSimpleAsyncResult *result,
GCancellable *cancellable)
@@ -497,6 +569,9 @@ sign_in_request_new (GoaIdentityService *service,
request->service = service;
request->identity = g_object_ref (identity);
+ /* intentionally not dup'd, it's sitting in mlocked memory */
+ request->initial_password = initial_password;
+ request->flags = flags;
request->notification = notification;
request->result = result;
request->cancellable = g_object_ref (cancellable);
@@ -920,6 +995,8 @@ on_sign_in_clicked (NotifyNotification *notification,
identifier = goa_identity_get_identifier (identity);
goa_identity_manager_sign_identity_in (self->priv->identity_manager,
identifier,
+ request->initial_password,
+ request->flags,
(GoaIdentityInquiryFunc)
on_identity_inquiry,
self,
@@ -946,11 +1023,13 @@ cancel_sign_in (GoaIdentityManager *identity_manager,
}
static void
-ask_to_sign_in (GoaIdentityService *self,
- GoaIdentity *identity,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
+ask_to_sign_in (GoaIdentityService *self,
+ GoaIdentity *identity,
+ gconstpointer initial_password,
+ GoaIdentitySignInFlags flags,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
{
NotifyNotification *notification;
char *name;
@@ -994,7 +1073,13 @@ ask_to_sign_in (GoaIdentityService *self,
g_free (description);
notify_notification_set_app_name (notification, _("Network Realm"));
- request = sign_in_request_new (self, identity, notification, result, cancellable);
+ request = sign_in_request_new (self,
+ identity,
+ initial_password,
+ flags,
+ notification,
+ result,
+ cancellable);
g_object_set_data (G_OBJECT (identity),
"sign-in-request",
diff --git a/src/goaidentity/goakerberosidentity.c b/src/goaidentity/goakerberosidentity.c
index 46c38fb..a66ff63 100644
--- a/src/goaidentity/goakerberosidentity.c
+++ b/src/goaidentity/goakerberosidentity.c
@@ -1127,13 +1127,9 @@ sign_in_operation_new (GoaKerberosIdentity *identity,
operation->destroy_notify = destroy_notify;
if (cancellable == NULL)
- {
- operation->cancellable = g_cancellable_new ();
- }
+ operation->cancellable = g_cancellable_new ();
else
- {
- operation->cancellable = g_object_ref (cancellable);
- }
+ operation->cancellable = g_object_ref (cancellable);
return operation;
}
@@ -1150,6 +1146,8 @@ sign_in_operation_free (SignInOperation *operation)
gboolean
goa_kerberos_identity_sign_in (GoaKerberosIdentity *self,
const char *principal_name,
+ gconstpointer initial_password,
+ GoaIdentitySignInFlags flags,
GoaIdentityInquiryFunc inquiry_func,
gpointer inquiry_data,
GDestroyNotify destroy_notify,
@@ -1162,7 +1160,6 @@ goa_kerberos_identity_sign_in (GoaKerberosIdentity *self,
krb5_get_init_creds_opt *options;
krb5_deltat start_time;
char *service_name;
- char *password;
gboolean signed_in;
if (g_cancellable_set_error_if_cancelled (cancellable, error))
@@ -1189,7 +1186,9 @@ goa_kerberos_identity_sign_in (GoaKerberosIdentity *self,
operation = sign_in_operation_new (self,
inquiry_func,
- inquiry_data, destroy_notify, cancellable);
+ inquiry_data,
+ destroy_notify,
+ cancellable);
if (g_strcmp0 (self->priv->identifier, principal_name) != 0)
{
@@ -1207,29 +1206,32 @@ goa_kerberos_identity_sign_in (GoaKerberosIdentity *self,
GOA_IDENTITY_ERROR_PARSING_IDENTIFIER,
error_code, "%k");
if (destroy_notify)
- {
- destroy_notify (inquiry_data);
- }
+ destroy_notify (inquiry_data);
return FALSE;
}
- /* FIXME: get from keyring if so configured */
- password = NULL;
+ if ((flags & GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_FORWARDING) == 0)
+ krb5_get_init_creds_opt_set_forwardable (options, TRUE);
- krb5_get_init_creds_opt_set_forwardable (options, TRUE);
- krb5_get_init_creds_opt_set_proxiable (options, TRUE);
- krb5_get_init_creds_opt_set_renew_life (options, G_MAXINT);
+ if ((flags & GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_PROXYING) == 0)
+ krb5_get_init_creds_opt_set_proxiable (options, TRUE);
+
+ if ((flags & GOA_IDENTITY_SIGN_IN_FLAGS_DISALLOW_RENEWAL) == 0)
+ krb5_get_init_creds_opt_set_renew_life (options, G_MAXINT);
start_time = 0;
service_name = NULL;
error_code = krb5_get_init_creds_password (self->priv->kerberos_context,
&new_credentials,
principal,
- password,
+ (char *)
+ initial_password,
(krb5_prompter_fct)
on_kerberos_inquiry,
operation,
- start_time, service_name, options);
+ start_time,
+ service_name,
+ options);
if (error_code != 0)
{
set_error_from_krb5_error_code (self,
@@ -1237,9 +1239,7 @@ goa_kerberos_identity_sign_in (GoaKerberosIdentity *self,
GOA_IDENTITY_ERROR_AUTHENTICATION_FAILED,
error_code, "%k");
if (destroy_notify)
- {
- destroy_notify (inquiry_data);
- }
+ destroy_notify (inquiry_data);
sign_in_operation_free (operation);
krb5_free_principal (self->priv->kerberos_context, principal);
@@ -1247,9 +1247,7 @@ goa_kerberos_identity_sign_in (GoaKerberosIdentity *self,
}
if (destroy_notify)
- {
- destroy_notify (inquiry_data);
- }
+ destroy_notify (inquiry_data);
sign_in_operation_free (operation);
if (!goa_kerberos_identity_update_credentials (self,
diff --git a/src/goaidentity/goakerberosidentity.h b/src/goaidentity/goakerberosidentity.h
index cf1305a..73681b0 100644
--- a/src/goaidentity/goakerberosidentity.h
+++ b/src/goaidentity/goakerberosidentity.h
@@ -69,6 +69,8 @@ GoaIdentity *goa_kerberos_identity_new (krb5_context kerberos_context,
gboolean goa_kerberos_identity_sign_in (GoaKerberosIdentity *self,
const char *principal_name,
+ gconstpointer initial_password,
+ GoaIdentitySignInFlags flags,
GoaIdentityInquiryFunc inquiry_func,
gpointer inquiry_data,
GDestroyNotify destroy_notify,
diff --git a/src/goaidentity/goakerberosidentitymanager.c b/src/goaidentity/goakerberosidentitymanager.c
index 10425c3..b9eeac9 100644
--- a/src/goaidentity/goakerberosidentitymanager.c
+++ b/src/goaidentity/goakerberosidentitymanager.c
@@ -83,6 +83,8 @@ typedef struct
struct
{
const char *identifier;
+ gconstpointer initial_password;
+ GoaIdentitySignInFlags sign_in_flags;
GoaIdentityInquiry *inquiry;
GoaIdentityInquiryFunc inquiry_func;
gpointer inquiry_data;
@@ -812,6 +814,8 @@ sign_in_identity (GoaKerberosIdentityManager *self,
if (!goa_kerberos_identity_sign_in (GOA_KERBEROS_IDENTITY (identity),
operation->identifier,
+ operation->initial_password,
+ operation->sign_in_flags,
(GoaIdentityInquiryFunc)
on_kerberos_identity_inquiry,
operation,
@@ -1123,6 +1127,8 @@ goa_kerberos_identity_manager_renew_identity_finish (GoaIdentityManager *self,
static void
goa_kerberos_identity_manager_sign_identity_in (GoaIdentityManager *manager,
const char *identifier,
+ gconstpointer *initial_password,
+ GoaIdentitySignInFlags flags,
GoaIdentityInquiryFunc inquiry_func,
gpointer inquiry_data,
GCancellable *cancellable,
@@ -1141,6 +1147,11 @@ goa_kerberos_identity_manager_sign_identity_in (GoaIdentityManager *manager,
g_object_unref (result);
operation->identifier = g_strdup (identifier);
+ /* Not duped. Caller is responsible for ensuring it stays alive
+ * for duration of operation
+ */
+ operation->initial_password = initial_password;
+ operation->sign_in_flags = flags;
operation->inquiry_func = inquiry_func;
operation->inquiry_data = inquiry_data;
g_mutex_init (&operation->inquiry_lock);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
