[gnome-online-accounts/wip/kerberos: 3/5] goabackend: Add a kerberos provider



commit f1f782ab373240fc430bf7cb2ba84992dcfba6bc
Author: Ray Strode <rstrode redhat com>
Date:   Sat Jun 23 03:54:35 2012 -0400

    goabackend: Add a kerberos provider
    
    This commit adds a goa backend for kerberos.
    
    This gives us the ability to integrate kerberos with control-center.
    
    We still need the service half of this for everything to be functional.

 configure.ac                          |   32 ++
 src/goabackend/Makefile.am            |   19 +
 src/goabackend/goabackendtypes.h      |    3 +
 src/goabackend/goakerberosprovider.c  |  765 +++++++++++++++++++++++++++++++++
 src/goabackend/goakerberosprovider.h  |   43 ++
 src/goabackend/goaprovider.c          |    4 +
 src/goabackend/org.gnome.Identity.xml |   73 ++++
 7 files changed, 939 insertions(+), 0 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index adea2b8..1fc7b89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -91,6 +91,37 @@ if test "$enable_exchange" != "no"; then
   AC_DEFINE(GOA_EXCHANGE_ENABLED, 1, [Enable Microsoft Exchange data provider])
 fi
 
+# Kerberos
+AC_ARG_ENABLE([kerberos],
+              [AS_HELP_STRING([--enable-kerberos],
+              [Enable Kerberos provider])],
+              [with_kerberos=$enableval],
+              [enable_kerberos=no])
+AC_PATH_PROG([KRB5_CONFIG], krb5-config, none, $PATH:/usr/kerberos/bin)
+
+if test "x$KRB5_CONFIG" != "xnone"; then
+    KRB5_LIBS="`${KRB5_CONFIG} --libs krb5`"
+    KRB5_CFLAGS="`${KRB5_CONFIG} --cflags krb5`"
+    have_kerberos=yes
+else
+    KRB5_LIBS=""
+    KRB5_CFLAGS=""
+    have_kerberos=no
+fi
+AC_SUBST(KRB5_CFLAGS)
+AC_SUBST(KRB5_LIBS)
+
+if test "$enable_kerberos" != "no"; then
+  if test "$have_kerberos" = "no" ; then
+      AC_MSG_ERROR([kerberos support requested, but not available])
+  fi
+
+  PKG_CHECK_MODULES(GCR, gcr-3)
+  AC_DEFINE(GCR_API_SUBJECT_TO_CHANGE, 1, [Define to use the GCR API])
+  AC_DEFINE(GOA_KERBEROS_ENABLED, 1, [Enable Enterprise Identity data provider])
+fi
+AM_CONDITIONAL(BUILD_KERBEROS, [test x$enable_kerberos != xno])
+
 # Google
 AC_ARG_ENABLE([google], [AS_HELP_STRING([--enable-google], [Enable Google provider])], [], [enable_google=yes])
 AC_ARG_WITH(google-consumer-key,
@@ -259,6 +290,7 @@ echo "
 
 	Google provider:                ${enable_google} (OAuth 1.0, key:${with_google_consumer_key} secret:${with_google_consumer_secret})
 	Microsoft Exchange provider:    ${enable_exchange}
+	Kerberos provider:              ${enable_kerberos}
 	Twitter provider:               ${enable_twitter} (OAuth 1.0, key:${with_twitter_consumer_key} secret:${with_twitter_consumer_secret})
 	Yahoo provider:                 ${enable_yahoo} (OAuth 1.0, key:${with_yahoo_consumer_key} secret:${with_yahoo_consumer_secret})
 	Facebook provider:              ${enable_facebook} (OAuth 2.0, id:${with_facebook_client_id})
diff --git a/src/goabackend/Makefile.am b/src/goabackend/Makefile.am
index 7c29d84..b9d607f 100644
--- a/src/goabackend/Makefile.am
+++ b/src/goabackend/Makefile.am
@@ -35,6 +35,19 @@ enum_built_sources =							\
 
 EXTRA_DIST += goabackendenumtypes.h.template goabackendenumtypes.c.template
 
+dbus_built_sources = org.gnome.Identity.c org.gnome.Identity.h
+
+$(dbus_built_sources) : Makefile.am org.gnome.Identity.xml
+	gdbus-codegen                                       \
+		--interface-prefix org.gnome.Identity.      \
+		--c-namespace GoaIdentity                   \
+		--c-generate-object-manager                 \
+		--generate-c-code org.gnome.Identity        \
+		org.gnome.Identity.xml                      \
+		$(NULL)
+
+EXTRA_DIST += $(dbus_built_sources)
+
 # ----------------------------------------------------------------------------------------------------
 
 lib_LTLIBRARIES = libgoa-backend-1.0.la
@@ -50,11 +63,15 @@ libgoa_backend_1_0_la_HEADERS =						\
 	goaeditablelabel.h						\
 	goaprovider.h							\
 	goaexchangeprovider.h						\
+	goakerberosprovider.h						\
+	goaoauthprovider.h						\
+	goaoauth2provider.h						\
 	goagoogleprovider.h						\
 	goafacebookprovider.h						\
 	goayahooprovider.h						\
 	goatwitterprovider.h						\
 	goawindowsliveprovider.h					\
+	org.gnome.Identity.h						\
 	$(NULL)
 
 libgoa_backend_1_0_la_SOURCES =						\
@@ -66,6 +83,7 @@ libgoa_backend_1_0_la_SOURCES =						\
 	goaewsclient.h			goaewsclient.c			\
 	goaprovider.h			goaprovider.c			\
 	goaexchangeprovider.h		goaexchangeprovider.c		\
+	goakerberosprovider.h		goakerberosprovider.c		\
 	goalogging.h			goalogging.c			\
 	goaoauthprovider.h		goaoauthprovider.c		\
 	goaoauth2provider.h		goaoauth2provider.c		\
@@ -77,6 +95,7 @@ libgoa_backend_1_0_la_SOURCES =						\
 	goautils.h			goautils.c			\
 	goawebview.h			goawebview.c			\
 	nautilus-floating-bar.h		nautilus-floating-bar.c		\
+	org.gnome.Identity.c		 org.gnome.Identity.h		\
 	$(NULL)
 
 libgoa_backend_1_0_la_CPPFLAGS =				\
diff --git a/src/goabackend/goabackendtypes.h b/src/goabackend/goabackendtypes.h
index db340c9..ee8b4bf 100644
--- a/src/goabackend/goabackendtypes.h
+++ b/src/goabackend/goabackendtypes.h
@@ -42,6 +42,9 @@ typedef struct _GoaProvider GoaProvider;
 struct _GoaExchangeProvider;
 typedef struct _GoaExchangeProvider GoaExchangeProvider;
 
+struct _GoaKerberosProvider;
+typedef struct _GoaKerberosProvider GoaKerberosProvider;
+
 struct _GoaOAuthProvider;
 typedef struct _GoaOAuthProvider GoaOAuthProvider;
 
diff --git a/src/goabackend/goakerberosprovider.c b/src/goabackend/goakerberosprovider.c
new file mode 100644
index 0000000..1b8b75b
--- /dev/null
+++ b/src/goabackend/goakerberosprovider.c
@@ -0,0 +1,765 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
+/*
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Ray Strode <rstrode redhat com>
+ * Based on code from Debarshi Ray <debarshir gnome org>
+ */
+
+#include "config.h"
+#include <glib/gi18n-lib.h>
+
+#include "goalogging.h"
+#include "goaprovider.h"
+#include "goakerberosprovider.h"
+#include "goaeditablelabel.h"
+#include "goautils.h"
+
+#include "org.gnome.Identity.h"
+
+/**
+ * GoaKerberosProvider:
+ *
+ * The #GoaKerberosProvider structure contains only private request and should
+ * only be accessed using the provided API.
+ */
+struct _GoaKerberosProvider
+{
+  /*< private >*/
+  GoaProvider parent_instance;
+  GoaIdentityManager *identity_manager;
+};
+
+typedef struct _GoaKerberosProviderClass GoaKerberosProviderClass;
+
+struct _GoaKerberosProviderClass
+{
+  GoaProviderClass parent_class;
+};
+
+/**
+ * SECTION:goakerberosprovider
+ * @title: GoaKerberosProvider
+ * @short_description: A provider for enterperise identity servers
+ *
+ * #GoaKerberosProvider is used to access enterperise identity servers.
+ */
+
+G_DEFINE_TYPE_WITH_CODE (GoaKerberosProvider, goa_kerberos_provider, GOA_TYPE_PROVIDER,
+                         g_io_extension_point_implement (GOA_PROVIDER_EXTENSION_POINT_NAME,
+                                                         g_define_type_id,
+                                                         "kerberos",
+                                                         0));
+
+static const gchar *
+get_provider_type (GoaProvider *provider)
+{
+  return "kerberos";
+}
+
+static gchar *
+get_provider_name (GoaProvider *provider, GoaObject *object)
+{
+  return g_strdup(_("Enterprise Identity"));
+}
+
+static gboolean
+build_object (GoaProvider         *provider,
+              GoaObjectSkeleton   *object,
+              GKeyFile            *key_file,
+              const gchar         *group,
+              gboolean             just_added,
+              GError             **error)
+{
+  GoaAccount   *account;
+  GoaTicketing *ticketing;
+  gboolean      ticketing_enabled;
+  gboolean      ret;
+
+  ret = FALSE;
+
+  if (!GOA_PROVIDER_CLASS (goa_kerberos_provider_parent_class)->build_object (provider,
+                                                                              object,
+                                                                              key_file,
+                                                                              group,
+                                                                              just_added,
+                                                                              error))
+    goto out;
+
+  account = goa_object_get_account (GOA_OBJECT (object));
+
+  ticketing = goa_object_get_ticketing (GOA_OBJECT (object));
+  ticketing_enabled = g_key_file_get_boolean (key_file, group, "TicketingEnabled", NULL);
+
+  if (ticketing_enabled)
+    {
+      if (ticketing == NULL)
+        {
+          ticketing = goa_ticketing_skeleton_new ();
+          goa_object_skeleton_set_ticketing (object, ticketing);
+        }
+    }
+  else
+    {
+      if (ticketing != NULL)
+        goa_object_skeleton_set_ticketing (object, NULL);
+    }
+
+  if (just_added)
+    {
+      goa_account_set_ticketing_disabled (account, !ticketing_enabled);
+
+      g_signal_connect (account,
+                        "notify::ticketing-disabled",
+                        G_CALLBACK (goa_util_account_notify_property_cb),
+                        "TicketingEnabled");
+    }
+
+  ret = TRUE;
+
+ out:
+  if (ticketing != NULL)
+    g_object_unref (ticketing);
+
+  return ret;
+}
+
+static void
+add_entry (GtkWidget     *grid1,
+           GtkWidget     *grid2,
+           const gchar   *text,
+           GtkWidget    **out_entry)
+{
+  GtkStyleContext *context;
+  GtkWidget *label;
+  GtkWidget *entry;
+
+  label = gtk_label_new_with_mnemonic (text);
+  context = gtk_widget_get_style_context (label);
+  gtk_style_context_add_class (context, GTK_STYLE_CLASS_DIM_LABEL);
+  gtk_widget_set_vexpand (label, TRUE);
+  gtk_misc_set_alignment (GTK_MISC (label), 1.0, 0.5);
+  gtk_container_add (GTK_CONTAINER (grid1), label);
+
+  entry = gtk_entry_new ();
+  gtk_widget_set_hexpand (entry, TRUE);
+  gtk_widget_set_vexpand (entry, TRUE);
+  gtk_entry_set_activates_default (GTK_ENTRY (entry), TRUE);
+  gtk_entry_set_max_length (GTK_ENTRY (entry), 132);
+  gtk_container_add (GTK_CONTAINER (grid2), entry);
+
+  gtk_label_set_mnemonic_widget (GTK_LABEL (label), entry);
+  if (out_entry != NULL)
+    *out_entry = entry;
+}
+
+typedef struct
+{
+  GtkDialog *dialog;
+  GMainLoop *loop;
+
+  GtkWidget *cluebar;
+  GtkWidget *cluebar_label;
+  GtkWidget *spinner;
+
+  GtkWidget *realm;
+
+  GtkWidget *expander;
+  GtkWidget *username;
+  GtkWidget *server;
+
+  gchar *account_object_path;
+
+  GError *error;
+} SignInRequest;
+
+static void
+create_account_details_ui (GtkBox *vbox, gboolean new_account, SignInRequest *request)
+{
+  GtkWidget *header_grid;
+  GtkWidget *grid1;
+  GtkWidget *grid2;
+  GtkWidget *hbox;
+  GtkWidget *label;
+  gchar *markup;
+  gint width;
+
+  request->cluebar = gtk_info_bar_new ();
+  gtk_info_bar_set_message_type (GTK_INFO_BAR (request->cluebar), GTK_MESSAGE_ERROR);
+  gtk_widget_set_no_show_all (request->cluebar, TRUE);
+  gtk_box_pack_start (GTK_BOX (vbox), request->cluebar, FALSE, FALSE, 0);
+
+  request->cluebar_label = gtk_label_new ("");
+  gtk_label_set_line_wrap (GTK_LABEL (request->cluebar_label), TRUE);
+  gtk_container_add (GTK_CONTAINER (gtk_info_bar_get_content_area (GTK_INFO_BAR (request->cluebar))),
+                     request->cluebar_label);
+
+  header_grid = gtk_grid_new ();
+  gtk_orientable_set_orientation (GTK_ORIENTABLE (header_grid), GTK_ORIENTATION_HORIZONTAL);
+  gtk_box_pack_start (vbox, header_grid, FALSE, FALSE, 0);
+
+  label = gtk_label_new (NULL);
+  gtk_widget_set_hexpand (label, TRUE);
+  markup = g_strconcat ("<b>",
+                        (new_account) ? _("New Enterprise Identity") : _("Enterpise Identity"),
+                        "</b>",
+                        NULL);
+  gtk_label_set_markup (GTK_LABEL (label), markup);
+  g_free (markup);
+  gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
+  gtk_container_add (GTK_CONTAINER (header_grid), label);
+
+  request->spinner = gtk_spinner_new ();
+  gtk_widget_set_no_show_all (request->spinner, TRUE);
+  gtk_container_add (GTK_CONTAINER (header_grid), request->spinner);
+
+  grid1 = gtk_grid_new ();
+  gtk_orientable_set_orientation (GTK_ORIENTABLE (grid1), GTK_ORIENTATION_VERTICAL);
+  gtk_grid_set_row_spacing (GTK_GRID (grid1), 12);
+
+  grid2 = gtk_grid_new ();
+  gtk_orientable_set_orientation (GTK_ORIENTABLE (grid2), GTK_ORIENTATION_VERTICAL);
+  gtk_grid_set_row_spacing (GTK_GRID (grid2), 12);
+
+  hbox = gtk_box_new (GTK_ORIENTATION_HORIZONTAL, 12);
+  gtk_box_set_homogeneous (GTK_BOX (hbox), FALSE);
+  gtk_box_pack_start (GTK_BOX (hbox), grid1, FALSE, FALSE, 0);
+  gtk_box_pack_start (GTK_BOX (hbox), grid2, TRUE, TRUE, 0);
+  gtk_box_pack_start (vbox, hbox, FALSE, FALSE, 0);
+
+  add_entry (grid1, grid2, _("User_name"), &request->username);
+  add_entry (grid1, grid2, _("_Realm"), &request->realm);
+
+  gtk_widget_grab_focus (request->username);
+
+  gtk_dialog_add_button (request->dialog, GTK_STOCK_CONNECT, GTK_RESPONSE_OK);
+  gtk_dialog_set_default_response (request->dialog, GTK_RESPONSE_OK);
+  gtk_dialog_set_response_sensitive (request->dialog, GTK_RESPONSE_OK, TRUE);
+
+  gtk_window_get_size (GTK_WINDOW (request->dialog), &width, NULL);
+  gtk_widget_set_size_request (GTK_WIDGET (request->dialog), width, -1);
+}
+
+static void
+add_account_cb (GoaManager *manager, GAsyncResult *res, gpointer user_request)
+{
+  SignInRequest *request = user_request;
+  goa_manager_call_add_account_finish (manager,
+                                       &request->account_object_path,
+                                       res,
+                                       &request->error);
+  g_main_loop_quit (request->loop);
+}
+
+static void
+on_identity_signed_in (GoaIdentityManager *manager,
+                       GAsyncResult       *result,
+                       GSimpleAsyncResult *operation_result)
+{
+  gboolean  signed_in;
+  GError   *error;
+  char     *identity_object_path;
+
+  error = NULL;
+  signed_in = goa_identity_manager_call_sign_in_finish (manager,
+                                                        &identity_object_path,
+                                                        result,
+                                                        &error);
+
+  if (!signed_in)
+    {
+      g_simple_async_result_take_error (operation_result, error);
+      g_simple_async_result_complete_in_idle (operation_result);
+      return;
+    }
+
+  g_simple_async_result_set_op_res_gpointer (operation_result,
+                                             g_strdup (identity_object_path),
+                                             (GDestroyNotify)
+                                             g_free);
+  g_simple_async_result_complete_in_idle (operation_result);
+}
+
+static void
+on_identity_manager_ensured (GoaKerberosProvider *self,
+                             GAsyncResult        *result,
+                             GSimpleAsyncResult  *operation_result)
+{
+  GoaIdentityManager *manager;
+  GError             *error;
+
+  error = NULL;
+  manager = goa_identity_manager_proxy_new_for_bus_finish (result, &error);
+  if (manager == NULL)
+    {
+      g_simple_async_result_take_error (operation_result, error);
+      g_simple_async_result_complete_in_idle (operation_result);
+      return;
+    }
+
+  g_simple_async_result_set_op_res_gpointer (operation_result,
+                                             g_object_ref (manager),
+                                             (GDestroyNotify)
+                                             g_object_unref);
+  g_simple_async_result_complete_in_idle (operation_result);
+}
+
+static void
+ensure_identity_manager (GoaKerberosProvider *self,
+                         GCancellable        *cancellable,
+                         GAsyncReadyCallback  callback,
+                         gpointer             user_data)
+{
+  GSimpleAsyncResult *operation_result;
+
+  operation_result = g_simple_async_result_new (G_OBJECT (self),
+                                                callback,
+                                                user_data,
+                                                ensure_identity_manager);
+  g_simple_async_result_set_check_cancellable (operation_result, cancellable);
+
+  g_object_set_data (G_OBJECT (operation_result),
+                     "cancellable",
+                     cancellable);
+
+  if (self->identity_manager != NULL)
+    {
+      g_simple_async_result_set_op_res_gpointer (operation_result,
+                                                 g_object_ref (self->identity_manager),
+                                                 (GDestroyNotify)
+                                                 g_object_unref);
+      g_simple_async_result_complete_in_idle (operation_result);
+      return;
+    }
+
+  goa_identity_manager_proxy_new_for_bus (G_BUS_TYPE_SESSION,
+                                          G_DBUS_PROXY_FLAGS_NONE,
+                                          "org.gnome.Identity",
+                                          "/org/gnome/Identity/Manager",
+                                          cancellable,
+                                          (GAsyncReadyCallback)
+                                          on_identity_manager_ensured,
+                                          operation_result);
+}
+
+static void
+on_identity_manager_ensured_for_sign_in (GoaKerberosProvider *self,
+                                         GAsyncResult        *result,
+                                         GSimpleAsyncResult  *operation_result)
+{
+  GoaIdentityManager *manager;
+  const char         *identity;
+  const char         *password;
+  GCancellable       *cancellable;
+  GError             *error;
+  GVariantBuilder     details;
+
+  error = NULL;
+
+  if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
+                                             &error))
+    {
+      g_simple_async_result_take_error (operation_result, error);
+      g_simple_async_result_complete_in_idle (operation_result);
+      return;
+    }
+
+  manager = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
+
+  if (self->identity_manager == NULL) {
+        self->identity_manager = g_object_ref (manager);
+  }
+
+  cancellable = g_object_get_data (G_OBJECT (operation_result), "cancellable");
+  password = g_object_get_data (G_OBJECT (operation_result), "password");
+  identity = g_simple_async_result_get_source_tag (operation_result);
+
+  g_variant_builder_init (&details, G_VARIANT_TYPE ("a{ss}"));
+
+  if (password != NULL)
+    g_variant_builder_add (&details, "{ss}", "initial-password", password);
+
+  goa_identity_manager_call_sign_in (self->identity_manager,
+                                     identity,
+                                     g_variant_builder_end (&details),
+                                     cancellable,
+                                     (GAsyncReadyCallback)
+                                     on_identity_signed_in,
+                                     operation_result);
+}
+
+static void
+sign_in_identity (GoaKerberosProvider  *self,
+                  const char           *identity,
+                  const char           *password,
+                  GCancellable         *cancellable,
+                  GAsyncReadyCallback   callback,
+                  gpointer              user_data)
+{
+  GSimpleAsyncResult *operation_result;
+
+  operation_result = g_simple_async_result_new (G_OBJECT (self),
+                                                callback,
+                                                user_data,
+                                                (gpointer)
+                                                identity);
+
+  g_simple_async_result_set_check_cancellable (operation_result, cancellable);
+
+  g_object_set_data (G_OBJECT (operation_result),
+                     "cancellable",
+                     cancellable);
+  g_object_set_data (G_OBJECT (operation_result),
+                     "password",
+                     (gpointer)
+                     password);
+
+  ensure_identity_manager (self,
+                           cancellable,
+                           (GAsyncReadyCallback)
+                           on_identity_manager_ensured_for_sign_in,
+                           operation_result);
+}
+
+static void
+on_account_signed_in (GoaProvider   *provider,
+                      GAsyncResult  *result,
+                      SignInRequest *request)
+{
+  if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
+                                             &request->error))
+    {
+      g_main_loop_quit (request->loop);
+      return;
+    }
+
+  g_main_loop_quit (request->loop);
+}
+
+static gboolean
+refresh_account (GoaProvider    *provider,
+                 GoaClient      *client,
+                 GoaObject      *object,
+                 GtkWindow      *parent,
+                 GError        **error)
+{
+  GoaKerberosProvider *self = GOA_KERBEROS_PROVIDER (provider);
+  SignInRequest        request;
+  GoaAccount          *account;
+  const char          *identity;
+
+  g_return_val_if_fail (GOA_IS_KERBEROS_PROVIDER (provider), FALSE);
+  g_return_val_if_fail (GOA_IS_CLIENT (client), FALSE);
+  g_return_val_if_fail (GOA_IS_OBJECT (object), FALSE);
+  g_return_val_if_fail (parent == NULL || GTK_IS_WINDOW (parent), FALSE);
+  g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
+
+  account = goa_object_peek_account (object);
+  identity = goa_account_get_identity (account);
+
+  memset (&request, 0, sizeof (SignInRequest));
+  request.loop = g_main_loop_new (NULL, FALSE);
+  request.error = NULL;
+
+  error = NULL;
+  sign_in_identity (self,
+                    identity,
+                    NULL,
+                    NULL,
+                    (GAsyncReadyCallback)
+                    on_account_signed_in,
+                    &request);
+
+  g_main_loop_run (request.loop);
+  g_main_loop_unref (request.loop);
+
+  if (request.error != NULL)
+    {
+      g_propagate_error (error, request.error);
+      return FALSE;
+    }
+
+  return TRUE;
+}
+
+static GoaObject *
+add_account (GoaProvider    *provider,
+             GoaClient      *client,
+             GtkDialog      *dialog,
+             GtkBox         *vbox,
+             GError        **error)
+{
+  GoaKerberosProvider *self = GOA_KERBEROS_PROVIDER (provider);
+  SignInRequest request;
+  GVariantBuilder credentials;
+  GVariantBuilder details;
+  GoaObject   *object;
+  GoaAccount  *account;
+  const gchar *realm;
+  const gchar *username;
+  gchar *principal;
+  gchar *principal_for_display;
+  const gchar *provider_type;
+  gint response;
+
+  object = NULL;
+  principal = NULL;
+  principal_for_display = NULL;
+
+  memset (&request, 0, sizeof (SignInRequest));
+  request.loop = g_main_loop_new (NULL, FALSE);
+  request.dialog = dialog;
+  request.error = NULL;
+
+  create_account_details_ui (vbox, TRUE, &request);
+  gtk_widget_show_all (GTK_WIDGET (vbox));
+
+start_over:
+  response = gtk_dialog_run (dialog);
+  if (response != GTK_RESPONSE_OK)
+    {
+      g_set_error (&request.error,
+                   GOA_ERROR,
+                   GOA_ERROR_DIALOG_DISMISSED,
+                   _("Dialog was dismissed"));
+      goto out;
+    }
+
+  realm = gtk_entry_get_text (GTK_ENTRY (request.realm));
+  username = gtk_entry_get_text (GTK_ENTRY (request.username));
+
+  g_free (principal);
+  principal = g_strdup_printf ("%s %s", username, realm);
+
+  /* See if there's already an account of this type with the
+   * given identity
+   */
+  provider_type = goa_provider_get_provider_type (provider);
+  /* FIXME: consider adding a new credentials interface for
+   * kerberos
+   */
+  if (!goa_utils_check_duplicate (client,
+                                  principal,
+                                  provider_type,
+                                  (GoaPeekInterfaceFunc) goa_object_peek_account,
+                                  &request.error))
+    goto out;
+
+  /* If there isn't an account, then go ahead and create one
+   */
+  g_variant_builder_init (&credentials, G_VARIANT_TYPE_VARDICT);
+
+  g_variant_builder_init (&details, G_VARIANT_TYPE ("a{ss}"));
+  g_variant_builder_add (&details, "{ss}", "Realm", realm);
+
+  g_free (principal_for_display);
+  principal_for_display = g_strdup_printf ("%s %s", username, realm);
+
+  goa_manager_call_add_account (goa_client_get_manager (client),
+                                goa_provider_get_provider_type (provider),
+                                principal,
+                                principal_for_display,
+                                g_variant_builder_end (&credentials),
+                                g_variant_builder_end (&details),
+                                NULL, /* GCancellable* */
+                                (GAsyncReadyCallback) add_account_cb,
+                                &request);
+  g_main_loop_run (request.loop);
+  if (request.error != NULL)
+    goto out;
+
+  object = GOA_OBJECT (g_dbus_object_manager_get_object (goa_client_get_object_manager (client),
+                                                         request.account_object_path));
+  account = goa_object_peek_account (object);
+
+  gtk_spinner_start (GTK_SPINNER (request.spinner));
+  gtk_widget_show (request.spinner);
+
+  /* After the account is created, try to sign it in
+   */
+  sign_in_identity (self,
+                    principal,
+                    NULL,
+                    NULL,
+                    (GAsyncReadyCallback)
+                    on_account_signed_in,
+                    &request);
+
+  g_main_loop_run (request.loop);
+
+  if (request.error != NULL)
+    {
+      GtkWidget *button;
+      gchar *markup;
+
+      g_dbus_error_strip_remote_error (request.error);
+      markup = g_strdup_printf ("<b>%s:</b> %s",
+                                _("Error connecting to enterperise identity server"),
+                                request.error->message);
+      g_clear_error (&request.error);
+
+      gtk_label_set_markup (GTK_LABEL (request.cluebar_label), markup);
+      g_free (markup);
+
+      button = gtk_dialog_get_widget_for_response (request.dialog, GTK_RESPONSE_OK);
+      gtk_button_set_label (GTK_BUTTON (button), _("_Try Again"));
+      gtk_expander_set_expanded (GTK_EXPANDER (request.expander), TRUE);
+      gtk_widget_set_no_show_all (request.cluebar, FALSE);
+      gtk_widget_show_all (request.cluebar);
+
+      /* If it couldn't be signed in, then delete it and start over
+       */
+      goa_account_call_remove_sync (account, NULL, NULL);
+      g_clear_object (&object);
+      goto start_over;
+    }
+
+  gtk_widget_hide (GTK_WIDGET (dialog));
+
+ out:
+  /* We might have an object even when request.error is set.
+   * eg., if we failed to store the credentials in the keyring.
+   */
+  if (request.error != NULL)
+    g_propagate_error (error, request.error);
+  else
+    g_assert (object != NULL);
+
+  g_free (request.account_object_path);
+  g_free (principal);
+  g_free (principal_for_display);
+  if (request.loop != NULL)
+    g_main_loop_unref (request.loop);
+  return object;
+}
+
+static void
+show_account (GoaProvider         *provider,
+              GoaClient           *client,
+              GoaObject           *object,
+              GtkBox              *vbox,
+              GtkGrid             *left,
+              GtkGrid             *right)
+{
+  GOA_PROVIDER_CLASS (goa_kerberos_provider_parent_class)->show_account (provider,
+                                                                         client,
+                                                                         object,
+                                                                         vbox,
+                                                                         left,
+                                                                         right);
+  goa_util_add_row_switch_from_keyfile_with_blurb (left, right, object,
+                                                   _("Use for"),
+                                                   "ticketing-disabled",
+                                                   _("Network Resources"));
+}
+
+static gboolean
+ensure_credentials_sync (GoaProvider         *provider,
+                         GoaObject           *object,
+                         gint                *out_expires_in,
+                         GCancellable        *cancellable,
+                         GError             **error)
+{
+  GoaKerberosProvider *self = GOA_KERBEROS_PROVIDER (provider);
+  GVariant            *credentials;
+  GoaAccount          *account;
+  const char          *identity;
+  const char          *password;
+  SignInRequest        request;
+  gboolean             ret;
+
+  ret = FALSE;
+
+  account = goa_object_peek_account (object);
+  identity = goa_account_get_identity (account);
+
+  credentials = goa_utils_lookup_credentials_sync (provider,
+                                                   object,
+                                                   cancellable,
+                                                   error);
+  if (credentials == NULL)
+    {
+      if (error != NULL && *error == NULL)
+        g_set_error (error,
+                     GOA_ERROR,
+                     GOA_ERROR_NOT_AUTHORIZED,
+                     _("Could not find saved credentials for principal `%s' in keyring"), identity);
+      goto out;
+    }
+
+  if (!g_variant_lookup (credentials, "password", "&s", &password))
+    {
+      g_set_error (error,
+                   GOA_ERROR,
+                   GOA_ERROR_NOT_AUTHORIZED,
+                   _("Did not find password for principal `%s' in credentials"),
+                   identity);
+      goto out;
+    }
+
+  memset (&request, 0, sizeof (SignInRequest));
+  request.loop = g_main_loop_new (NULL, FALSE);
+  request.error = NULL;
+
+  error = NULL;
+  sign_in_identity (self,
+                    identity,
+                    password,
+
+                    NULL,
+                    (GAsyncReadyCallback)
+                    on_account_signed_in,
+                    &request);
+
+  g_main_loop_run (request.loop);
+  g_main_loop_unref (request.loop);
+
+  if (request.error != NULL)
+    {
+      g_propagate_error (error, request.error);
+      goto out;
+    }
+
+  *out_expires_in = -1;
+  ret = TRUE;
+out:
+  if (credentials != NULL)
+    g_variant_unref (credentials);
+
+  return ret;
+}
+
+static void
+goa_kerberos_provider_init (GoaKerberosProvider *provider)
+{
+}
+
+static void
+goa_kerberos_provider_class_init (GoaKerberosProviderClass *klass)
+{
+  GoaProviderClass *provider_class;
+
+  provider_class = GOA_PROVIDER_CLASS (klass);
+  provider_class->get_provider_type          = get_provider_type;
+  provider_class->get_provider_name          = get_provider_name;
+  provider_class->build_object               = build_object;
+  provider_class->add_account                = add_account;
+  provider_class->refresh_account            = refresh_account;
+  provider_class->show_account               = show_account;
+  provider_class->ensure_credentials_sync    = ensure_credentials_sync;
+}
diff --git a/src/goabackend/goakerberosprovider.h b/src/goabackend/goakerberosprovider.h
new file mode 100644
index 0000000..385664c
--- /dev/null
+++ b/src/goabackend/goakerberosprovider.h
@@ -0,0 +1,43 @@
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
+/*
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Ray Strode <rstrode redhat com>
+ * Based on code from Debarshi Ray <debarshir gnome org>
+ */
+
+#if !defined (__GOA_BACKEND_INSIDE_GOA_BACKEND_H__) && !defined (GOA_BACKEND_COMPILATION)
+#error "Only <goabackend/goabackend.h> can be included directly."
+#endif
+
+#ifndef __GOA_KERBEROS_PROVIDER_H__
+#define __GOA_KERBEROS_PROVIDER_H__
+
+#include <goabackend/goabackendtypes.h>
+
+G_BEGIN_DECLS
+
+#define GOA_TYPE_KERBEROS_PROVIDER   (goa_kerberos_provider_get_type ())
+#define GOA_KERBEROS_PROVIDER(o)     (G_TYPE_CHECK_INSTANCE_CAST ((o), GOA_TYPE_KERBEROS_PROVIDER, GoaKerberosProvider))
+#define GOA_IS_KERBEROS_PROVIDER(o)  (G_TYPE_CHECK_INSTANCE_TYPE ((o), GOA_TYPE_KERBEROS_PROVIDER))
+
+GType goa_kerberos_provider_get_type (void) G_GNUC_CONST;
+
+G_END_DECLS
+
+#endif /* __GOA_KERBEROS_PROVIDER_H__ */
diff --git a/src/goabackend/goaprovider.c b/src/goabackend/goaprovider.c
index 41ebbdb..140c115 100644
--- a/src/goabackend/goaprovider.c
+++ b/src/goabackend/goaprovider.c
@@ -28,6 +28,7 @@
 #include "goalogging.h"
 #include "goaprovider.h"
 #include "goaexchangeprovider.h"
+#include "goakerberosprovider.h"
 #include "goagoogleprovider.h"
 #include "goafacebookprovider.h"
 #include "goayahooprovider.h"
@@ -754,6 +755,9 @@ ensure_ep_and_builtins (void)
 #ifdef GOA_WINDOWS_LIVE_ENABLED
       type = GOA_TYPE_WINDOWS_LIVE_PROVIDER;
 #endif
+#ifdef GOA_KERBEROS_ENABLED
+      type = GOA_TYPE_KERBEROS_PROVIDER;
+#endif
 #ifdef GOA_EXCHANGE_ENABLED
       type = GOA_TYPE_EXCHANGE_PROVIDER;
 #endif
diff --git a/src/goabackend/org.gnome.Identity.xml b/src/goabackend/org.gnome.Identity.xml
new file mode 100644
index 0000000..0bf6394
--- /dev/null
+++ b/src/goabackend/org.gnome.Identity.xml
@@ -0,0 +1,73 @@
+<!DOCTYPE node PUBLIC
+"-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
+"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd";>
+
+<!--
+ Copyright (C) 2012 Red Hat, Inc.
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General
+ Public License along with this library; if not, write to the
+ Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ Boston, MA 02111-1307, USA.
+
+ Author: Ray Strode <rstrode redhat com>
+-->
+
+<node name="/" xmlns:doc="http://www.freedesktop.org/dbus/1.0/doc.dtd";>
+  <!--
+      org.gnome.Identity.Manager:
+
+      An interface used for managing identities.
+  -->
+  <interface name="org.gnome.Identity.Manager">
+
+    <!--
+        SignIn:
+        @identity: The identifier of the identity (i.e., a kerberos principal name)
+        @details: Extra key/value pairs to set.
+        @identity_object_path: The object path of the signed in identity.
+
+        Signs in an identity.
+    -->
+    <method name="SignIn">
+      <arg name="identity" type="s" direction="in"/>
+      <arg name="details" type="a{ss}" direction="in"/>
+      <arg name="identity_object_path" type="o" direction="out"/>
+    </method>
+
+    <method name="SignOut">
+      <arg name="identity" type="s" direction="in"/>
+    </method>
+  </interface>
+
+  <!--
+      org.gnome.Identity:
+
+      The identity interface.
+  -->
+  <interface name="org.gnome.Identity">
+    <!--
+        Identifier:
+        Unique string identifying identity (i.e., a kerberos principal name)
+    -->
+    <property name="Identifier" type="s" access="read"/>
+
+    <!--
+        ExpirationTimestamp:
+        The time the identity's credentials will expire
+    -->
+    <property name="ExpirationTimestamp" type="x" access="read"/>
+
+  </interface>
+
+</node>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]