[gnome-control-center] user-accounts: Update for realmd DBus interface changes
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-control-center] user-accounts: Update for realmd DBus interface changes
- Date: Mon, 20 Aug 2012 12:13:49 +0000 (UTC)
commit 3aab3eb358805c1b7a06c5a54b04ceaff2cc06b8
Author: Stef Walter <stefw gnome org>
Date: Fri Aug 17 16:58:10 2012 +0200
user-accounts: Update for realmd DBus interface changes
* DBus interface was reviewed and there were several things added
to make it more generic and useful for other realm types.
* Use ObjectManager to track objects in realmd. This facilitates
using realmd with the way it now uses multiple interfaces
on objects.
https://bugzilla.gnome.org/show_bug.cgi?id=682185
panels/user-accounts/Makefile.am | 4 +-
.../user-accounts/data/org.freedesktop.realmd.xml | 645 +++++++++++++++++--
...org.gnome.controlcenter.user-accounts.policy.in | 2 +-
panels/user-accounts/um-account-dialog.c | 68 ++-
panels/user-accounts/um-realm-manager.c | 501 +++++++---------
panels/user-accounts/um-realm-manager.h | 13 +-
6 files changed, 837 insertions(+), 396 deletions(-)
---
diff --git a/panels/user-accounts/Makefile.am b/panels/user-accounts/Makefile.am
index 13e86f9..ee85cdf 100644
--- a/panels/user-accounts/Makefile.am
+++ b/panels/user-accounts/Makefile.am
@@ -78,7 +78,9 @@ libuser_accounts_la_LDFLAGS = $(PANEL_LDFLAGS)
um-realm-generated.c: $(srcdir)/data/org.freedesktop.realmd.xml
$(AM_V_GEN) gdbus-codegen --interface-prefix org.freedesktop.realmd. \
- --generate-c-code um-realm-generated --c-namespace UmRealm $<
+ --generate-c-code um-realm-generated --c-namespace UmRealm \
+ --annotate "org.freedesktop.realmd.Realm" org.gtk.GDBus.C.Name Common \
+ --c-generate-object-manager $<
um-realm-generated.h: um-realm-generated.c
noinst_PROGRAMS = frob-account-dialog
diff --git a/panels/user-accounts/data/org.freedesktop.realmd.xml b/panels/user-accounts/data/org.freedesktop.realmd.xml
index 18f1324..316213a 100644
--- a/panels/user-accounts/data/org.freedesktop.realmd.xml
+++ b/panels/user-accounts/data/org.freedesktop.realmd.xml
@@ -1,150 +1,435 @@
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd";>
-
<node name="/">
+
<!--
- * Global interface implemented by realmd. Allows listing of providers
- * and discovering which one is relevant for a given domain.
- *
- * This is implemented by individual providers, but is aggregated
- * globally at the system bus name 'org.freedesktop.realmd' with the
- * object path '/org/freedesktop/realmd'
+ org.freedesktop.realmd.Provider:
+ @short_description: a realm provider
+
+ Various realm providers represent different software implementations
+ that provide access to realms or domains.
+
+ This interface is implemented by individual providers, but is
+ aggregated globally at the system bus name
+ <literal>org.freedesktop.realmd</literal>
+ with the object path <literal>/org/freedesktop/realmd</literal>
-->
<interface name="org.freedesktop.realmd.Provider">
<!--
- * The name of the provider
+ Name: the name of the provider
+
+ The name of the provider. This is not normally displayed
+ to the user, but may be useful for diagnostics or debugging.
-->
<property name="Name" type="s" access="read"/>
<!--
- * A version number for the provider
+ Version: the version of the provider
+
+ The version of the provider. This is not normally used in
+ logic, but may be useful for diagnostics or debugging.
-->
<property name="Version" type="s" access="read"/>
<!--
- * A list of known, enrolled or discovered realms.
- * Each realm is a DBus object and is represeted by a:
- * o: DBus object path of the realm
- * s: DBus interface name, like 'ofr.Kerberos' (below)
+ Realms: a list of realms
+
+ A list of known, enrolled or discovered realms. All realms
+ that this provider knows about are listed here. As realms
+ are discovered they are added to this list.
+
+ Each realm is represented by the DBus object path of the
+ realm object.
-->
- <property name="Realms" type="a(os)" access="read"/>
+ <property name="Realms" type="ao" access="read"/>
<!--
- * Discover whether a string represents a realm that a provider
- * can enroll or otherwise use.
+ Discover:
+ @string: an input string to discover realms for
+ @options: options for the discovery operation
+ @relevance: the relevance of the returned results
+ @realm: a list of realms discovered
+
+ Discover realms for the given string. The input @string is
+ usually a domain or realm name, perhaps typed by a user. If
+ an empty string is provided the realm provider should try to
+ discover a default realm if possible (eg: from DHCP).
+
+ @options can contain, but is not limited to, the following values:
+ <itemizedlist>
+ <listitem><para><literal>operation</literal>: a string
+ identifier chosen by the client, which can then later be
+ passed to org.freedesktop.realmd.Service.Cancel() in order
+ to cancel the operation</para></listitem>
+ </itemizedlist>
+
+ The @relevance returned can be used to rank results from
+ different discover calls to different providers. Implementors
+ should return a positive number if the provider highly
+ recommends that the realms be handled by this provider,
+ or a zero if it can possibly handle the realms. Negative
+ should be returned if no realms are found.
+
+ This method does not return an error when no realms are
+ discovered. It simply returns an @realm list.
+
+ To see diagnostic information about the discovery process
+ connect to the org.freedesktop.realmd.Service::Diagnostics
+ signal.
+
+ This method requires authorization for the PolicyKit action
+ called <literal>org.freedesktop.realmd.discover-realm</literal>.
+
+ In addition to common DBus error results, this method may
+ return:
+ <itemizedlist>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Failed</literal>:
+ may be returned if the discovery could not be run for some reason.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Cancelled</literal>:
+ returned if the operation was cancelled.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.NotAuthorized</literal>:
+ returned if the calling client is not permitted to perform a discovery
+ operation.</para></listitem>
+ </itemizedlist>
-->
<method name="Discover">
- <!-- The input string -->
<arg name="string" type="s" direction="in"/>
<arg name="options" type="a{sv}" direction="in"/>
-
- <!-- Returned match relevance -->
<arg name="relevance" type="i" direction="out"/>
-
- <!-- The realm objects: bus name, object path, interface -->
- <arg name="realm" type="a(os)" direction="out"/>
+ <arg name="realm" type="ao" direction="out"/>
</method>
+
</interface>
+ <!--
+ org.freedesktop.realmd.Service:
+ @short_description: the realmd service
+
+ Global calls for managing the realmd service. Usually you'll want
+ to use #org.freedesktop.realmd.Provider instead.
+
+ This interface is implemented by the realmd service, and is always
+ available at the object path <literal>/org/freedesktop/realmd</literal>
+
+ The service also implements the
+ <literal>org.freedesktop.DBus.ObjectManager</literal> interface which
+ makes it easy to retrieve all realmd objects and properties in one go.
+ -->
<interface name="org.freedesktop.realmd.Service">
+
+ <!--
+ Cancel:
+ @operation: the operation to cancel
+
+ Cancel a realmd operation. To be able to cancel an operation
+ pass a uniquely chosen <literal>operation</literal> string
+ identifier as an option in the methods <literal>options</literal>
+ argument.
+
+ These operation string identifiers should be unique per client
+ calling the realmd service.
+
+ It is not guaranteed that the service can or will cancel the
+ operation. For example the operation may have already completed
+ by the time this method is handled. The caller of the operation
+ method will receive a
+ <literal>org.freedesktop.realmd.Error.Cancelled</literal>
+ if the operation was cancelled.
+ -->
<method name="Cancel">
- <arg name="operation_id" type="s" direction="in"/>
+ <arg name="operation" type="s" direction="in"/>
</method>
+ <!--
+ SetLocale:
+ @locale: the locale for the client
+
+ Set the language @locale for the client. This locale is used
+ for error messages. The locale is used until the next time
+ this method is called, the client disconnects, or the client
+ calls #org.freedesktop.realmd.Service.Release().
+ -->
<method name="SetLocale">
<arg name="locale" type="s" direction="in"/>
</method>
+ <!--
+ Diagnostics:
+ @data: diagnostic data
+ @operation: the operation this data resulted from
+
+ This signal is fired when diagnostics result from an operation
+ in the provider or one of its realms.
+
+ It is not guaranteed that this signal is emitted once per line.
+ More than one line may be contained in @data, or a partial
+ line. New line characters are embedded in @data.
+
+ This signal is sent explicitly to the client which invoked
+ operation method. In order to tell which operation this
+ diagnostic data results from, pass a unique
+ <literal>operation</literal> string identifier in the
+ <literal>options</literal> argument of the operation method.
+ That same identifier will be passed back via the @operation
+ argument of this signal.
+ -->
<signal name="Diagnostics">
<arg name="data" type="s"/>
- <arg name="operation_id" type="s"/>
+ <arg name="operation" type="s"/>
</signal>
<!--
- * Normally realmd waits until all clients have disconnected
- * before exiting. For long lived clients, they can call
- * Release() allow realmd to quit. This is an optimization.
- * The daemon will not exit immediately. It is safe to call
- * this multiple times.
+ Release:
+
+ Normally realmd waits until all clients have disconnected
+ before exiting itself, sometime later. For long lived clients
+ they can call this method to allow the realmd service to quit.
+ This is an optimization. The daemon will not exit immediately.
+ It is safe to call this multiple times.
-->
<method name="Release">
<!-- no arguments -->
</method>
+
</interface>
<!--
- * This interface is implemented by Kerberos realms.
+ org.freedesktop.realmd.Realm:
+ @short_description: a realm
+
+ Represents one realm.
+
+ Contains generic information about a realm, and useful properties for
+ introspecting what kind of realm this is and how to work with
+ the realm.
+
+ Use #org.freedesktop.realmd.Provider:Realms or
+ #org.freedesktop.realmd.Provider.Discover() to get access to some
+ kerberos realm objects.
+
+ Realms will always implement additional interfaces, such as
+ #org.freedesktop.realmd.Kerberos. Do not assume that all realms
+ implement that kerberos interface. Use the
+ #org.freedesktop.realmd.Realm:SupportedInterfaces property to see
+ which interfaces are set.
+
+ Different realms support various ways to configure them on the
+ system. Use the #org.freedesktop.realmd.Realm:Configured property
+ to determine if a realm is configured. If it is configured the
+ property will be set to the interface of the mechanism that was
+ used to configure it.
+
+ To configure a realm, look in the
+ #org.freedesktop.realmd.Realm:SupportedInterfaces property for a
+ recognized purpose specific interface that can be used for
+ configuration, such as the
+ #org.freedesktop.realmd.KerberosMembership interface and its
+ #org.freedesktop.realmd.KerberosMembership.Join() method.
+
+ To deconfigure a realm from the current system, you can use the
+ #org.freedesktop.realmd.Realm.Deconfigure() method. In additon some
+ of the configuration specific interfaces provide methods to
+ deconfigure a realm in a specific way, such as
+ #org.freedesktop.realmd.KerberosMembership.Leave() method.
+
+ The various properties are guaranteed to have been updated before
+ the operation methods return, if they change state.
-->
- <interface name="org.freedesktop.realmd.Kerberos">
+ <interface name="org.freedesktop.realmd.Realm">
<!--
- * The kerberos realm name. Usually capitalized.
+ Name: the realm name
+
+ This is the name of the realm, appropriate for display to
+ end users where necessary.
-->
<property name="Name" type="s" access="read"/>
<!--
- * The DNS domain name for this realm.
- -->
- <property name="Domain" type="s" access="read"/>
+ Configured: whether this domain is configured and how
- <!--
- * The server software, for information only. eg: active-directory
+ If this property is an empty string, then the realm is not
+ configured. Otherwise the realm is configured, and contains
+ a string which is the interface that represents how it was
+ configured, for example #org.freedesktop.realmd.KerberosMembership.
-->
- <property name="Details" type="a{ss}" access="read"/>
+ <property name="Configured" type="s" access="read"/>
<!--
- * The suggested Administrator login name for this realm
+ Deconfigure: deconfigure this realm
+
+ Deconfigure this realm from the local machine with standard
+ default behavior.
+
+ The behavior of this method depends on the which configuration
+ interface is present in the
+ #org.freedesktop.realmd.Realm.Configured property. It does not
+ always delete membership accounts in the realm, but just
+ reconfigures the local machine so it no longer is configured
+ for the given realm. In some cases the implementation may try
+ to update membership accounts, but this is not guaranteed.
+
+ Various configuration interfaces may support more specific ways
+ to deconfigure a realm in a specific way, such as the
+ #org.freedesktop.realmd.KerberosMembership.Leave() method.
+
+ @options can contain, but is not limited to, the following values:
+ <itemizedlist>
+ <listitem><para><literal>operation</literal>: a string
+ identifier chosen by the client, which can then later be
+ passed to org.freedesktop.realmd.Service.Cancel() in order
+ to cancel the operation</para></listitem>
+ </itemizedlist>
+
+ This method requires authorization for the PolicyKit action
+ called <literal>org.freedesktop.realmd.deconfigure-realm</literal>.
+
+ In addition to common DBus error results, this method may return:
+ <itemizedlist>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Failed</literal>:
+ may be returned if the deconfigure failed for a generic reason.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Cancelled</literal>:
+ returned if the operation was cancelled.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.NotAuthorized</literal>:
+ returned if the calling client is not permitted to deconfigure a
+ realm.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.NotConfigured</literal>:
+ returned if this realm is not configured on the machine.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Busy</literal>:
+ returned if the service is currently performing another operation like
+ join or leave.</para></listitem>
+ </itemizedlist>
-->
- <property name="SuggestedAdministrator" type="s" access="read"/>
+ <method name="Deconfigure">
+ <arg name="options" type="a{sv}" direction="in"/>
+ </method>
<!--
- * Whether the machine is enrolled in this realm or not.
+ SupportedInterfaces:
+
+ Additional supported interfaces of this realm. This includes
+ interfaces that contain more information about the realm,
+ such as #org.freedesktop.realmd.Kerberos and interfaces
+ which contain methods for configuring a realm, such as
+ #org.freedesktop.realmd.KerberosMembership.
-->
- <property name="Enrolled" type="b" access="read"/>
+ <property name="SupportedInterfaces" type="as" access="read"/>
<!--
- * Credentials: (ssv)
- * type: 'ccache', 'password', 'automatic'
- * owner: 'administrator', 'user', 'computer', 'secret'
- * contents: ay, ss, b
- -->
- <property name="SupportedEnrollCredentials" type="a(ss)" access="read"/>
+ Details: informational details about the realm
- <property name="SupportedUnenrollCredentials" type="a(ss)" access="read"/>
+ Informational details about the realm. The following values
+ should be present:
+ <itemizedlist>
+ <listitem><para><literal>server-software</literal>:
+ identifier of the software running on the server (eg:
+ <literal>active-directory</literal>).</para></listitem>
+ <listitem><para><literal>client-software</literal>:
+ identifier of the software running on the client (eg:
+ <literal>sssd</literal>).</para></listitem>
+ </itemizedlist>
+ -->
+ <property name="Details" type="a(ss)" access="read"/>
- <method name="Enroll">
- <arg name="credentials" type="(ssv)" direction="in"/>
- <arg name="options" type="a{sv}" direction="in"/>
- </method>
+ <!--
+ LoginFormats: supported formats for login names
- <method name="Unenroll">
- <arg name="credentials" type="(ssv)" direction="in"/>
- <arg name="options" type="a{sv}" direction="in"/>
- </method>
+ Supported formats for login to this realm. This is only
+ relevant once the realm has been enrolled. The formats
+ will contain a <literal>%U</literal> in the string, which
+ indicate where the user name should be placed. The formats
+ may contain a <literal>%D</literal> in the string which
+ indicate where a domain name should be placed.
- <!--
- * The format for user logins when this realm is enrolled.
- * This property may not be valid unless machine is enrolled
- * in this realm. The format contains a %s where the user name
- * goes eg: "DOMAIN\%s"
+ The first format in the list is the preferred format for
+ login names.
-->
- <property name="LoginFormat" type="s" access="read"/>
+ <property name="LoginFormats" type="as" access="read"/>
<!--
- * The policy for logins using this realm.
- * 'allow-any-login' 'allow-permitted-logins' 'deny-any-login'
+ LoginPolicy: the policy for logins using this realm
+
+ The policy for logging into this computer using this realm.
+
+ The policy can be changed using the
+ #org.freedesktop.realmd.Realm.ChangeLoginPolicy() method.
+
+ The following policies are predefined. Not all providers
+ support all these policies and there may be provider specific
+ policies or multiple policies represented in the string:
+ <itemizedlist>
+ <listitem><para><literal>allow-any-login</literal>: allow
+ login by any authenticated user present in this
+ realm.</para></listitem>
+ <listitem><para><literal>allow-permitted-logins</literal>:
+ only allow the logins permitted in the
+ #org.freedesktop.realmd.Realm:PermittedLogins
+ property.</para></listitem>
+ <listitem><para><literal>deny-any-login</literal>:
+ don't allow any logins via authenticated users of this
+ realm.</para></listitem>
+ </itemizedlist>
-->
<property name="LoginPolicy" type="s" access="read"/>
<!--
- * The list of permitted logins in the LoginFormat style
+ PermittedLogins: the permitted login names
+
+ The list of permitted authenticated users allowed to login
+ into this computer. This is only relevant if the
+ #org.freedesktop.realmd.Realm:LoginPolicy property
+ contains the <literal>allow-permitted-logins</literal>
+ string.
-->
<property name="PermittedLogins" type="as" access="read"/>
<!--
- * Change the PermittedLogins property. Should take effect
- * immediately.
+ ChangeLoginPolicy:
+ @login_policy: the new login policy, or an empty string
+ @permitted_add: a list of logins to permit
+ @permitted_remove: a list of logins to not permit
+ @options: options for this operation
+
+ Change the login policy and/or permitted logins for this realm.
+
+ Not all realms support the all the various login policies. An
+ error will be returned if the new login policy is not supported.
+ You may specify an empty string for the @login_policy argument
+ which will cause no change in the policy itself. If the policy
+ is changed, it will be reflected in the
+ #org.freedesktop.realmd.Realm:LoginPolicy property.
+
+ The @permitted_add and @permitted_remove arguments represent
+ lists of login names that should be added and removed from
+ the #org.freedesktop.realmd.Kerberos:PermittedLogins property.
+
+ @options can contain, but is not limited to, the following values:
+ <itemizedlist>
+ <listitem><para><literal>operation</literal>: a string
+ identifier chosen by the client, which can then later be
+ passed to org.freedesktop.realmd.Service.Cancel() in order
+ to cancel the operation</para></listitem>
+ </itemizedlist>
+
+ This method requires authorization for the PolicyKit action
+ called <literal>org.freedesktop.realmd.login-policy</literal>.
+
+ In addition to common DBus error results, this method may return:
+ <itemizedlist>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Failed</literal>:
+ may be returned if the policy change failed for a generic reason.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Cancelled</literal>:
+ returned if the operation was cancelled.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.NotAuthorized</literal>:
+ returned if the calling client is not permitted to change login policy
+ operation.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.NotConfigured</literal>:
+ returned if the realm is not configured.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Busy</literal>:
+ returned if the service is currently performing another operation like
+ join or leave.</para></listitem>
+ </itemizedlist>
-->
<method name="ChangeLoginPolicy">
<arg name="login_policy" type="s" direction="in"/>
@@ -154,4 +439,228 @@
</method>
</interface>
+
+ <!--
+ org.freedesktop.realmd.Kerberos:
+ @short_description: a kerberos realm
+
+ An interface that describes a kerberos realm in more detail. This
+ is always implemented on an DBus object path that also implements
+ the #org.freedesktop.realmd.Realm interface.
+ -->
+ <interface name="org.freedesktop.realmd.Kerberos">
+
+ <!--
+ RealmName: the kerberos realm name
+
+ The kerberos name for this realm. This is usually in upper
+ case.
+ -->
+ <property name="RealmName" type="s" access="read"/>
+
+ <!--
+ DomainName: the DNS domain name
+
+ The DNS domain name for this realm.
+ -->
+ <property name="DomainName" type="s" access="read"/>
+
+ </interface>
+
+ <!--
+ org.freedesktop.realmd.KerberosMembership:
+
+ An interface used to configure this machine by joining a realm.
+
+ It sets up a computer/host account in the realm for this machine
+ and a keytab to track the credentials for that account.
+
+ The various properties are guaranteed to have been updated before
+ the operation methods return, if they change state.
+ -->
+ <interface name="org.freedesktop.realmd.KerberosMembership">
+
+ <!--
+ SuggestedAdministrator: common administrator name
+
+ The common administrator name for this type of realm. This
+ can be used by clients as a hint when prompting the user for
+ administrative authentication.
+ -->
+ <property name="SuggestedAdministrator" type="s" access="read"/>
+
+ <!--
+ SupportedJoinCredentials: credentials supported for joining
+
+ Various kinds of credentials that are supported when calling the
+ #org.freedesktop.realmd.Kerberos.Join() method.
+
+ Each credential is represented by a type, and an owner. The type
+ denotes which kind of credential is passed to the method. The
+ owner indicates to the client how to prompt the user or obtain
+ the credential, and to the service how to use the credential.
+
+ The various types are:
+ <itemizedlist>
+ <listitem><para><literal>ccache</literal>:
+ the credentials should contain an array of bytes as a
+ <literal>ay</literal> containing the data from a kerberos
+ credential cache file.</para></listitem>
+ <listitem><para><literal>password</literal>:
+ the credentials should contain a pair of strings as a
+ <literal>(ss)</literal> representing a name and
+ password. The name may contain a realm in the standard
+ kerberos format. If missing, it will default to this
+ realm. The name may be empty for a computer or one time
+ password.</para></listitem>
+ <listitem><para><literal>automatic</literal>:
+ the credentials should contain an empty string as a
+ <literal>s</literal>. Using <literal>automatic</literal>
+ indicates that default or system credentials are to be
+ used.</para></listitem>
+ </itemizedlist>
+
+ The various owners are:
+ <itemizedlist>
+ <listitem><para><literal>administrator</literal>:
+ the credentials belong to a kerberos user principal.
+ The caller may use this as a hint to prompt the user
+ for administrative credentials.</para></listitem>
+ <listitem><para><literal>user</literal>:
+ the credentials belong to a kerberos user principal.
+ The caller may use this as a hint to prompt the user
+ for his (possibly non-administrative)
+ credentials.</para></listitem>
+ <listitem><para><literal>computer</literal>:
+ the credentials belong to the computer realmd is
+ being run on.</para></listitem>
+ <listitem><para><literal>secret</literal>:
+ the credentials are a one time password or other secret
+ used to join or leave the computer.</para></listitem>
+ </itemizedlist>
+ -->
+ <property name="SupportedJoinCredentials" type="a(ss)" access="read"/>
+
+ <!--
+ SupportedLeaveCredentials: credentials supported for leaving
+
+ Various kinds of credentials that are supported when calling the
+ #org.freedesktop.realmd.Kerberos.Leave() method.
+
+ See #org.freedesktop.realmd.Kerberos:SupportedJoinCredentials for
+ a discussion of what the values represent.
+ -->
+ <property name="SupportedLeaveCredentials" type="a(ss)" access="read"/>
+
+ <!--
+ Join:
+
+ Join this machine to the realm and enroll the machine.
+
+ If this method returns successfully then the machine will be
+ joined to the realm. It is not necessary to restart services or the
+ machine afterward. Relevant properties on the realm will be updated
+ before the method returns.
+
+ The @credentials should be set according to one of the
+ supported credentials returned by
+ #org.freedesktop.realmd.Kerberos:SupportedJoinCredentials.
+ The first string in the tuple is the type, the second string
+ is the owner, and the variant contains the credential contents
+ See the discussion at
+ #org.freedesktop.realmd.Kerberos:SupportedJoinCredentials
+ for more information.
+
+ @options can contain, but is not limited to, the following values:
+ <itemizedlist>
+ <listitem><para><literal>operation</literal>: a string
+ identifier chosen by the client, which can then later be
+ passed to org.freedesktop.realmd.Service.Cancel() in order
+ to cancel the operation</para></listitem>
+ </itemizedlist>
+
+ This method requires authorization for the PolicyKit action
+ called <literal>org.freedesktop.realmd.configure-realm</literal>.
+
+ In addition to common DBus error results, this method may return:
+ <itemizedlist>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Failed</literal>:
+ may be returned if the join failed for a generic reason.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Cancelled</literal>:
+ returned if the operation was cancelled.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.NotAuthorized</literal>:
+ returned if the calling client is not permitted to perform an join
+ operation.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.AuthenicationFailed</literal>:
+ returned if the credentials passed did not authenticate against the realm
+ correctly. It is appropriate to prompt the user again.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.AlreadyEnrolled</literal>:
+ returned if already enrolled in this realm, or another realm and enrolling
+ in multiple realms is not supported.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Busy</literal>:
+ returned if the service is currently performing another operation like
+ join or leave.</para></listitem>
+ </itemizedlist>
+ -->
+ <method name="Join">
+ <arg name="credentials" type="(ssv)" direction="in"/>
+ <arg name="options" type="a{sv}" direction="in"/>
+ </method>
+
+ <!--
+ Leave:
+
+ Leave the realm and unenroll the machine.
+
+ If this method returns successfully then the machine will have
+ left the domain and been unenrolled. It is not necessary to restart
+ services or the machine afterward. Relevant properties on the realm
+ will be updated before the method returns.
+
+ The @credentials should be set according to one of the
+ supported credentials returned by
+ #org.freedesktop.realmd.Kerberos:SupportedUnenrollCredentials.
+ The first string in the tuple is the type, the second string
+ is the owner, and the variant contains the credential contents
+ See the discussion at
+ #org.freedesktop.realmd.Kerberos:SupportedEnrollCredentials
+ for more information.
+
+ @options can contain, but is not limited to, the following values:
+ <itemizedlist>
+ <listitem><para><literal>operation</literal>: a string
+ identifier chosen by the client, which can then later be
+ passed to org.freedesktop.realmd.Service.Cancel() in order
+ to cancel the operation</para></listitem>
+ </itemizedlist>
+
+ This method requires authorization for the PolicyKit action
+ called <literal>org.freedesktop.realmd.deconfigure-realm</literal>.
+
+ In addition to common DBus error results, this method may return:
+ <itemizedlist>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Failed</literal>:
+ may be returned if the unenroll failed for a generic reason.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Cancelled</literal>:
+ returned if the operation was cancelled.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.NotAuthorized</literal>:
+ returned if the calling client is not permitted to perform an unenroll
+ operation.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.AuthenicationFailed</literal>:
+ returned if the credentials passed did not authenticate against the realm
+ correctly. It is appropriate to prompt the user again.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.NotEnrolled</literal>:
+ returned if not enrolled in this realm.</para></listitem>
+ <listitem><para><literal>org.freedesktop.realmd.Error.Busy</literal>:
+ returned if the service is currently performing another operation like
+ enroll or unenroll.</para></listitem>
+ </itemizedlist>
+ -->
+ <method name="Leave">
+ <arg name="credentials" type="(ssv)" direction="in"/>
+ <arg name="options" type="a{sv}" direction="in"/>
+ </method>
+
+ </interface>
+
</node>
diff --git a/panels/user-accounts/org.gnome.controlcenter.user-accounts.policy.in b/panels/user-accounts/org.gnome.controlcenter.user-accounts.policy.in
index 46a4f2f..0f11b29 100644
--- a/panels/user-accounts/org.gnome.controlcenter.user-accounts.policy.in
+++ b/panels/user-accounts/org.gnome.controlcenter.user-accounts.policy.in
@@ -15,7 +15,7 @@
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
- <annotate key="org.freedesktop.policykit.imply">org.freedesktop.accounts.user-administration org.freedesktop.realmd.enroll-machine org.freedesktop.realmd.login-policy</annotate>
+ <annotate key="org.freedesktop.policykit.imply">org.freedesktop.accounts.user-administration org.freedesktop.realmd.configure-realm org.freedesktop.realmd.login-policy</annotate>
</action>
</policyconfig>
diff --git a/panels/user-accounts/um-account-dialog.c b/panels/user-accounts/um-account-dialog.c
index fc1e377..8922ad7 100644
--- a/panels/user-accounts/um-account-dialog.c
+++ b/panels/user-accounts/um-account-dialog.c
@@ -84,7 +84,7 @@ struct _UmAccountDialog {
GtkEntry *enterprise_login;
GtkEntry *enterprise_password;
UmRealmManager *realm_manager;
- UmRealmKerberos *selected_realm;
+ UmRealmObject *selected_realm;
/* Join credential dialog */
GtkDialog *join_dialog;
@@ -316,24 +316,28 @@ enterprise_validate (UmAccountDialog *self)
static void
enterprise_add_realm (UmAccountDialog *self,
- UmRealmKerberos *realm)
+ UmRealmObject *realm)
{
GtkTreeIter iter;
+ UmRealmCommon *common;
+
+ common = um_realm_object_get_common (realm);
gtk_list_store_append (self->enterprise_realms, &iter);
gtk_list_store_set (self->enterprise_realms, &iter,
- 0, um_realm_kerberos_get_domain (realm),
+ 0, um_realm_common_get_name (common),
1, realm,
-1);
- /* Select the domain if appropriate */
- if (!self->enterprise_domain_chosen && um_realm_kerberos_get_enrolled (realm))
+ if (!self->enterprise_domain_chosen && um_realm_is_configured (realm))
gtk_combo_box_set_active_iter (self->enterprise_domain, &iter);
+
+ g_object_unref (common);
}
static void
on_manager_realm_added (UmRealmManager *manager,
- UmRealmKerberos *realm,
+ UmRealmObject *realm,
gpointer user_data)
{
UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
@@ -366,25 +370,19 @@ on_register_user (GObject *source,
}
}
-static gchar *
-enterprise_calculate_login (UmAccountDialog *self)
-{
- const gchar *format = um_realm_kerberos_get_login_format (self->selected_realm);
- return g_strdup_printf (format, gtk_entry_get_text (self->enterprise_login));
-}
-
static void
on_permit_user_login (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
+ UmRealmCommon *common;
UmUserManager *manager;
GError *error = NULL;
gchar *login;
- um_realm_kerberos_call_change_login_policy_finish (UM_REALM_KERBEROS (source),
- result, &error);
+ common = UM_REALM_COMMON (source);
+ um_realm_common_call_change_login_policy_finish (common, result, &error);
if (error == NULL) {
/*
@@ -393,7 +391,9 @@ on_permit_user_login (GObject *source,
* sure all that is functional.
*/
manager = um_user_manager_ref_default ();
- login = enterprise_calculate_login (self);
+ login = um_realm_calculate_login (common, gtk_entry_get_text (self->enterprise_login));
+ g_return_if_fail (login != NULL);
+
um_user_manager_cache_user (manager, login, self->cancellable,
on_register_user, g_object_ref (self),
g_object_unref);
@@ -413,12 +413,16 @@ on_permit_user_login (GObject *source,
static void
enterprise_permit_user_login (UmAccountDialog *self)
{
+ UmRealmCommon *common;
gchar *login;
const gchar *add[2];
const gchar *remove[1];
GVariant *options;
- login = enterprise_calculate_login (self);
+ common = um_realm_object_get_common (self->selected_realm);
+
+ login = um_realm_calculate_login (common, gtk_entry_get_text (self->enterprise_login));
+ g_return_if_fail (login != NULL);
add[0] = login;
add[1] = NULL;
@@ -426,12 +430,13 @@ enterprise_permit_user_login (UmAccountDialog *self)
options = g_variant_new_array (G_VARIANT_TYPE ("{sv}"), NULL, 0);
- um_realm_kerberos_call_change_login_policy (self->selected_realm, "",
- add, remove, options,
- self->cancellable,
- on_permit_user_login,
- g_object_ref (self));
+ um_realm_common_call_change_login_policy (common, "",
+ add, remove, options,
+ self->cancellable,
+ on_permit_user_login,
+ g_object_ref (self));
+ g_object_unref (common);
g_free (login);
}
@@ -449,8 +454,7 @@ on_join_response (GtkDialog *dialog,
}
/* Prompted for some admin credentials, try to use them to log in */
- um_realm_login (um_realm_kerberos_get_name (self->selected_realm),
- um_realm_kerberos_get_domain (self->selected_realm),
+ um_realm_login (self->selected_realm,
gtk_entry_get_text (self->join_name),
gtk_entry_get_text (self->join_password),
self->cancellable,
@@ -462,19 +466,24 @@ static void
join_show_prompt (UmAccountDialog *self,
GError *error)
{
+ UmRealmKerberosMembership *membership;
+ UmRealmKerberos *kerberos;
const gchar *name;
gtk_entry_set_text (self->join_password, "");
gtk_widget_grab_focus (GTK_WIDGET (self->join_password));
+ kerberos = um_realm_object_get_kerberos (self->selected_realm);
+ membership = um_realm_object_get_kerberos_membership (self->selected_realm);
+
gtk_label_set_text (self->join_domain,
- um_realm_kerberos_get_domain (self->selected_realm));
+ um_realm_kerberos_get_domain_name (kerberos));
clear_entry_validation_error (self->join_name);
clear_entry_validation_error (self->join_password);
if (!self->join_prompted) {
- name = um_realm_kerberos_get_suggested_administrator (self->selected_realm);
+ name = um_realm_kerberos_membership_get_suggested_administrator (membership);
if (name && !g_str_equal (name, "")) {
gtk_entry_set_text (self->join_name, name);
} else {
@@ -494,6 +503,8 @@ join_show_prompt (UmAccountDialog *self,
gtk_window_present (GTK_WINDOW (self->join_dialog));
self->join_prompted = TRUE;
+ g_object_unref (kerberos);
+ g_object_unref (membership);
/* And now we wait for on_join_response() */
}
@@ -590,7 +601,7 @@ on_realm_login (GObject *source,
if (error == NULL) {
/* Already joined to the domain, just register this user */
- if (um_realm_kerberos_get_enrolled (self->selected_realm)) {
+ if (um_realm_is_configured (self->selected_realm)) {
enterprise_permit_user_login (self);
/* Join the domain, try using the user's creds */
@@ -635,8 +646,7 @@ enterprise_check_login (UmAccountDialog *self)
{
g_assert (self->selected_realm);
- um_realm_login (um_realm_kerberos_get_name (self->selected_realm),
- um_realm_kerberos_get_domain (self->selected_realm),
+ um_realm_login (self->selected_realm,
gtk_entry_get_text (self->enterprise_login),
gtk_entry_get_text (self->enterprise_password),
self->cancellable,
diff --git a/panels/user-accounts/um-realm-manager.c b/panels/user-accounts/um-realm-manager.c
index 4ff40d8..f4fec71 100644
--- a/panels/user-accounts/um-realm-manager.c
+++ b/panels/user-accounts/um-realm-manager.c
@@ -37,9 +37,9 @@
struct _UmRealmManager {
- UmRealmProviderProxy parent;
+ UmRealmObjectManagerClient parent;
+ UmRealmProvider *provider;
guint diagnostics_sig;
- GHashTable *realms;
};
typedef struct {
@@ -53,7 +53,7 @@ enum {
static gint signals[NUM_SIGNALS] = { 0, };
-G_DEFINE_TYPE (UmRealmManager, um_realm_manager, UM_REALM_TYPE_PROVIDER_PROXY);
+G_DEFINE_TYPE (UmRealmManager, um_realm_manager, UM_REALM_TYPE_OBJECT_MANAGER_CLIENT);
GQuark
um_realm_error_get_quark (void)
@@ -64,172 +64,49 @@ um_realm_error_get_quark (void)
return quark;
}
-typedef struct {
- UmRealmManager *manager;
- GList *realms;
- gint outstanding;
-} LoadClosure;
-
-static void
-load_closure_free (gpointer data)
-{
- LoadClosure *load = data;
- g_list_free_full (load->realms, g_object_unref);
- g_object_unref (load->manager);
- g_slice_free (LoadClosure, load);
-}
-
-static void
-on_realm_proxy_created (GObject *source,
- GAsyncResult *result,
- gpointer user_data)
+static gboolean
+is_realm_with_kerberos_and_membership (gpointer object)
{
- GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
- LoadClosure *load = g_simple_async_result_get_op_res_gpointer (async);
- UmRealmManager *self = load->manager;
- UmRealmKerberos *realm;
- UmRealmKerberos *have;
- GError *error = NULL;
- GDBusProxy *proxy;
- GVariant *info;
+ GDBusInterface *interface;
- realm = um_realm_kerberos_proxy_new_finish (result, &error);
- if (error == NULL) {
- proxy = G_DBUS_PROXY (realm);
- info = g_variant_new ("(os)",
- g_dbus_proxy_get_object_path (proxy),
- g_dbus_proxy_get_interface_name (proxy));
-
- /* Add it to the manager, unless race */
- have = g_hash_table_lookup (self->realms, info);
- if (have == NULL) {
- g_dbus_proxy_set_default_timeout (proxy, G_MAXINT);
- g_hash_table_insert (self->realms,
- g_variant_ref_sink (info), realm);
- g_signal_emit (self, signals[REALM_ADDED], 0, realm);
-
- } else {
- g_object_unref (realm);
- g_variant_unref (info);
- realm = have;
- }
-
- load->realms = g_list_prepend (load->realms, g_object_ref (realm));
+ if (!G_IS_DBUS_OBJECT (object))
+ return FALSE;
- } else {
- g_simple_async_result_take_error (async, error);
- }
+ interface = g_dbus_object_get_interface (object, "org.freedesktop.realmd.Kerberos");
+ if (interface == NULL)
+ return FALSE;
+ g_object_unref (interface);
- if (load->outstanding-- == 1)
- g_simple_async_result_complete (async);
+ interface = g_dbus_object_get_interface (object, "org.freedesktop.realmd.KerberosMembership");
+ if (interface == NULL)
+ return FALSE;
+ g_object_unref (interface);
- g_object_unref (async);
+ return TRUE;
}
static void
-um_realm_manager_load (UmRealmManager *self,
- GVariant *realms,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
+on_interface_added (GDBusObjectManager *manager,
+ GDBusObject *object,
+ GDBusInterface *interface)
{
- GSimpleAsyncResult *async;
- GDBusConnection *connection;
- LoadClosure *load;
- GVariantIter iter;
- GVariant *info;
- UmRealmKerberos *realm;
- const gchar *path;
- const gchar *iface;
-
- g_return_if_fail (realms != NULL);
-
- async = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
- um_realm_manager_load);
- load = g_slice_new0 (LoadClosure);
- load->manager = g_object_ref (self);
- g_simple_async_result_set_op_res_gpointer (async, load, load_closure_free);
-
- connection = g_dbus_proxy_get_connection (G_DBUS_PROXY (self));
-
- g_variant_iter_init (&iter, realms);
- while (1) {
- info = g_variant_iter_next_value (&iter);
- if (info == NULL)
- break;
- realm = g_hash_table_lookup (self->realms, info);
- if (realm == NULL) {
- g_variant_get (info, "(&o&s)", &path, &iface);
- if (g_str_equal (iface, "org.freedesktop.realmd.Kerberos")) {
- um_realm_kerberos_proxy_new (connection,
- G_DBUS_PROXY_FLAGS_NONE,
- "org.freedesktop.realmd",
- path, cancellable,
- on_realm_proxy_created,
- g_object_ref (async));
- load->outstanding++;
- }
- } else {
- load->realms = g_list_prepend (load->realms, g_object_ref (realm));
- }
- g_variant_unref (info);
- }
-
- if (load->outstanding == 0)
- g_simple_async_result_complete_in_idle (async);
-
- g_object_unref (async);
-}
-
-static GList *
-um_realm_manager_load_finish (UmRealmManager *self,
- GAsyncResult *result,
- GError **error)
-{
- GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (result);
- LoadClosure *load;
- GList *realms;
-
- if (g_simple_async_result_propagate_error (async, error))
- return NULL;
-
- load = g_simple_async_result_get_op_res_gpointer (async);
- realms = g_list_reverse (load->realms);
- load->realms = NULL;
- return realms;
-}
-
-static guint
-hash_realm_info (gconstpointer value)
-{
- const gchar *path, *iface;
- g_variant_get ((GVariant *)value, "(&o&s)", &path, &iface);
- return g_str_hash (path) ^ g_str_hash (iface);
+ g_dbus_proxy_set_default_timeout (G_DBUS_PROXY (interface), G_MAXINT);
}
static void
-um_realm_manager_init (UmRealmManager *self)
+on_object_added (GDBusObjectManager *manager,
+ GDBusObject *object,
+ gpointer user_data)
{
- self->realms = g_hash_table_new_full (hash_realm_info, g_variant_equal,
- (GDestroyNotify)g_variant_unref,
- g_object_unref);
+ if (is_realm_with_kerberos_and_membership (object))
+ g_signal_emit (user_data, signals[REALM_ADDED], 0, object);
}
static void
-um_realm_manager_notify (GObject *obj,
- GParamSpec *spec)
+um_realm_manager_init (UmRealmManager *self)
{
- UmRealmManager *self = UM_REALM_MANAGER (obj);
- GVariant *realms;
-
- if (G_OBJECT_CLASS (um_realm_manager_parent_class)->notify)
- G_OBJECT_CLASS (um_realm_manager_parent_class)->notify (obj, spec);
-
- if (g_str_equal (spec->name, "realms")) {
- realms = um_realm_provider_get_realms (UM_REALM_PROVIDER (self));
- if (realms != NULL)
- um_realm_manager_load (self, realms, NULL, NULL, NULL);
- }
+ g_signal_connect (self, "object-added", G_CALLBACK (on_object_added), self);
+ g_signal_connect (self, "interface-added", G_CALLBACK (on_interface_added), self);
}
static void
@@ -238,8 +115,10 @@ um_realm_manager_dispose (GObject *obj)
UmRealmManager *self = UM_REALM_MANAGER (obj);
GDBusConnection *connection;
+ g_clear_object (&self->provider);
+
if (self->diagnostics_sig) {
- connection = g_dbus_proxy_get_connection (G_DBUS_PROXY (self));
+ connection = g_dbus_object_manager_client_get_connection (G_DBUS_OBJECT_MANAGER_CLIENT (self));
if (connection != NULL)
g_dbus_connection_signal_unsubscribe (connection, self->diagnostics_sig);
self->diagnostics_sig = 0;
@@ -249,28 +128,16 @@ um_realm_manager_dispose (GObject *obj)
}
static void
-um_realm_manager_finalize (GObject *obj)
-{
- UmRealmManager *self = UM_REALM_MANAGER (obj);
-
- g_hash_table_destroy (self->realms);
-
- G_OBJECT_CLASS (um_realm_manager_parent_class)->finalize (obj);
-}
-
-static void
um_realm_manager_class_init (UmRealmManagerClass *klass)
{
GObjectClass *object_class = G_OBJECT_CLASS (klass);
- object_class->notify = um_realm_manager_notify;
object_class->dispose = um_realm_manager_dispose;
- object_class->finalize = um_realm_manager_finalize;
signals[REALM_ADDED] = g_signal_new ("realm-added", UM_TYPE_REALM_MANAGER,
G_SIGNAL_RUN_FIRST, 0, NULL, NULL,
g_cclosure_marshal_generic,
- G_TYPE_NONE, 1, UM_REALM_TYPE_KERBEROS);
+ G_TYPE_NONE, 1, UM_REALM_TYPE_OBJECT);
}
static void
@@ -324,80 +191,19 @@ version_compare (const char *version,
return match;
}
-static void
-on_realm_manager_async_init (GObject *source,
- GAsyncResult *result,
- gpointer user_data)
-{
- GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
- UmRealmManager *self;
- GError *error = NULL;
- const gchar *version;
- GDBusProxy *proxy;
- GObject *object;
- guint sig;
-
- object = g_async_initable_new_finish (G_ASYNC_INITABLE (source), result, &error);
-
- if (error != NULL)
- g_simple_async_result_take_error (async, error);
-
- /* This is temporary until the dbus interface stabilizes */
- if (object) {
- version = um_realm_provider_get_version (UM_REALM_PROVIDER (object));
- if (!version_compare (version, 0, 6)) {
- /* No need to bother translators with this temporary message */
- g_simple_async_result_set_error (async, UM_REALM_ERROR,
- UM_REALM_ERROR_GENERIC,
- "Unsupported version of realmd: %s", version);
- g_object_unref (object);
- object = NULL;
- }
- }
-
- if (object != NULL) {
- proxy = G_DBUS_PROXY (object);
- sig = g_dbus_connection_signal_subscribe (g_dbus_proxy_get_connection (proxy),
- "org.freedesktop.realmd",
- "org.freedesktop.realmd.Service",
- "Diagnostics",
- NULL,
- NULL,
- G_DBUS_SIGNAL_FLAGS_NONE,
- on_realm_diagnostics,
- NULL,
- NULL);
-
- self = UM_REALM_MANAGER (object);
- self->diagnostics_sig = sig;
- g_simple_async_result_set_op_res_gpointer (async, self, g_object_unref);
- }
-
- g_simple_async_result_complete (async);
- g_object_unref (async);
-}
-
void
um_realm_manager_new (GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
- GSimpleAsyncResult *async;
-
- async = g_simple_async_result_new (NULL, callback, user_data,
- um_realm_manager_new);
-
- g_async_initable_new_async (UM_TYPE_REALM_MANAGER,
- G_PRIORITY_DEFAULT, cancellable,
- on_realm_manager_async_init, g_object_ref (async),
- "g-name", "org.freedesktop.realmd",
- "g-bus-type", G_BUS_TYPE_SYSTEM,
- "g-object-path", "/org/freedesktop/realmd",
- "g-interface-name", "org.freedesktop.realmd.Provider",
- "g-default-timeout", G_MAXINT,
+ g_async_initable_new_async (UM_TYPE_REALM_MANAGER, G_PRIORITY_DEFAULT,
+ cancellable, callback, user_data,
+ "flags", G_DBUS_OBJECT_MANAGER_CLIENT_FLAGS_NONE,
+ "name", "org.freedesktop.realmd",
+ "bus-type", G_BUS_TYPE_SYSTEM,
+ "object-path", "/org/freedesktop/realmd",
+ "get-proxy-type-func", um_realm_object_manager_client_get_proxy_type,
NULL);
-
- g_object_unref (async);
}
UmRealmManager *
@@ -405,23 +211,63 @@ um_realm_manager_new_finish (GAsyncResult *result,
GError **error)
{
UmRealmManager *self;
- GSimpleAsyncResult *async;
+ GDBusConnection *connection;
+ GObject *source_object;
+ const gchar *version;
+ GObject *ret;
+ guint sig;
- g_return_val_if_fail (g_simple_async_result_is_valid (result, NULL,
- um_realm_manager_new), NULL);
- g_return_val_if_fail (error == NULL || *error == NULL, NULL);
+ source_object = g_async_result_get_source_object (result);
+ ret = g_async_initable_new_finish (G_ASYNC_INITABLE (source_object), result, error);
+ g_object_unref (source_object);
- async = G_SIMPLE_ASYNC_RESULT (result);
- if (g_simple_async_result_propagate_error (async, error))
+ if (ret == NULL)
+ return NULL;
+
+ self = UM_REALM_MANAGER (ret);
+ connection = g_dbus_object_manager_client_get_connection (G_DBUS_OBJECT_MANAGER_CLIENT (self));
+
+ /*
+ * TODO: Remove this version checking. This is temporary code, so
+ * just use sync here. Shortly we'll be stabilizing the realmd
+ * interfaces.
+ */
+
+ self->provider = um_realm_provider_proxy_new_sync (connection, G_DBUS_PROXY_FLAGS_NONE,
+ "org.freedesktop.realmd",
+ "/org/freedesktop/realmd",
+ NULL, error);
+ if (self->provider == NULL) {
+ g_object_unref (self);
+ return NULL;
+ }
+
+ version = um_realm_provider_get_version (self->provider);
+ if (!version_compare (version, 0, 7)) {
+ /* No need to bother translators with this temporary message */
+ g_set_error (error, UM_REALM_ERROR, UM_REALM_ERROR_GENERIC,
+ "Unsupported version of realmd: %s", version);
+ g_object_unref (self);
return NULL;
+ }
+
+ sig = g_dbus_connection_signal_subscribe (connection,
+ "org.freedesktop.realmd",
+ "org.freedesktop.realmd.Service",
+ "Diagnostics",
+ NULL,
+ NULL,
+ G_DBUS_SIGNAL_FLAGS_NONE,
+ on_realm_diagnostics,
+ NULL,
+ NULL);
+ self->diagnostics_sig = sig;
- self = g_simple_async_result_get_op_res_gpointer (async);
- if (self != NULL)
- g_object_ref (self);
return self;
}
typedef struct {
+ GDBusObjectManager *manager;
GCancellable *cancellable;
GList *realms;
} DiscoverClosure;
@@ -430,46 +276,35 @@ static void
discover_closure_free (gpointer data)
{
DiscoverClosure *discover = data;
+ g_object_unref (discover->manager);
g_clear_object (&discover->cancellable);
g_list_free_full (discover->realms, g_object_unref);
g_slice_free (DiscoverClosure, discover);
}
static void
-on_manager_load (GObject *source,
- GAsyncResult *result,
- gpointer user_data)
-{
- GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
- DiscoverClosure *discover = g_simple_async_result_get_op_res_gpointer (async);
- GError *error = NULL;
-
- discover->realms = um_realm_manager_load_finish (UM_REALM_MANAGER (source),
- result, &error);
- if (error != NULL)
- g_simple_async_result_take_error (async, error);
- g_simple_async_result_complete (async);
-
- g_object_unref (async);
-}
-
-static void
on_provider_discover (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
DiscoverClosure *discover = g_simple_async_result_get_op_res_gpointer (async);
- UmRealmManager *self = UM_REALM_MANAGER (source);
+ GDBusObject *object;
GError *error = NULL;
- GVariant *realms;
+ gchar **realms;
gint relevance;
+ gint i;
- um_realm_provider_call_discover_finish (UM_REALM_PROVIDER (self),
- &relevance, &realms, result, &error);
+ um_realm_provider_call_discover_finish (UM_REALM_PROVIDER (source), &relevance,
+ &realms, result, &error);
if (error == NULL) {
- um_realm_manager_load (self, realms, discover->cancellable,
- on_manager_load, g_object_ref (async));
+ for (i = 0; realms[i]; i++) {
+ object = g_dbus_object_manager_get_object (discover->manager, realms[i]);
+ if (object == NULL)
+ g_warning ("Realm is not in object manager: %s", realms[i]);
+ else
+ discover->realms = g_list_prepend (discover->realms, object);
+ }
} else {
g_simple_async_result_take_error (async, error);
@@ -497,12 +332,13 @@ um_realm_manager_discover (UmRealmManager *self,
res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
um_realm_manager_discover);
discover = g_slice_new0 (DiscoverClosure);
+ discover->manager = g_object_ref (self);
discover->cancellable = cancellable ? g_object_ref (cancellable) : NULL;
g_simple_async_result_set_op_res_gpointer (res, discover, discover_closure_free);
options = g_variant_new_array (G_VARIANT_TYPE ("{sv}"), NULL, 0);
- um_realm_provider_call_discover (UM_REALM_PROVIDER (self), input, options, cancellable,
+ um_realm_provider_call_discover (self->provider, input, options, cancellable,
on_provider_discover, g_object_ref (res));
g_object_unref (res);
@@ -533,7 +369,7 @@ um_realm_manager_discover_finish (UmRealmManager *self,
return NULL;
}
- realms = discover->realms;
+ realms = g_list_reverse (discover->realms);
discover->realms = NULL;
return realms;
}
@@ -541,12 +377,75 @@ um_realm_manager_discover_finish (UmRealmManager *self,
GList *
um_realm_manager_get_realms (UmRealmManager *self)
{
+ GList *objects;
+ GList *realms = NULL;
+ GList *l;
+
g_return_val_if_fail (UM_IS_REALM_MANAGER (self), NULL);
- return g_hash_table_get_values (self->realms);
+
+ objects = g_dbus_object_manager_get_objects (G_DBUS_OBJECT_MANAGER (self));
+ for (l = objects; l != NULL; l = g_list_next (l)) {
+ if (is_realm_with_kerberos_and_membership (l->data))
+ realms = g_list_prepend (realms, g_object_ref (l->data));
+ }
+
+ g_list_free_full (objects, g_object_unref);
+ return realms;
+}
+
+static void
+string_replace (GString *string,
+ const gchar *find,
+ const gchar *replace)
+{
+ const gchar *at;
+ gssize pos;
+
+ at = strstr (string->str, find);
+ if (at != NULL) {
+ pos = at - string->str;
+ g_string_erase (string, pos, strlen (find));
+ g_string_insert (string, pos, replace);
+ }
+}
+
+gchar *
+um_realm_calculate_login (UmRealmCommon *realm,
+ const gchar *username)
+{
+ GString *string;
+ const gchar *const *formats;
+ gchar *login = NULL;
+
+ formats = um_realm_common_get_login_formats (realm);
+ if (formats[0] != NULL) {
+ string = g_string_new (formats[0]);
+ string_replace (string, "%U", username);
+ string_replace (string, "%D", um_realm_common_get_name (realm));
+ login = g_string_free (string, FALSE);
+ }
+
+ return login;
+
+}
+
+gboolean
+um_realm_is_configured (UmRealmObject *realm)
+{
+ UmRealmCommon *common;
+ const gchar *configured;
+ gboolean is;
+
+ common = um_realm_object_get_common (realm);
+ configured = um_realm_common_get_configured (common);
+ is = configured != NULL && !g_str_equal (configured, "");
+ g_object_unref (common);
+
+ return is;
}
static const gchar *
-find_supported_credentials (UmRealmKerberos *realm,
+find_supported_credentials (UmRealmKerberosMembership *membership,
const gchar *owner)
{
const gchar *cred_owner;
@@ -554,7 +453,7 @@ find_supported_credentials (UmRealmKerberos *realm,
GVariant *supported;
GVariantIter iter;
- supported = um_realm_kerberos_get_supported_enroll_credentials (realm);
+ supported = um_realm_kerberos_membership_get_supported_join_credentials (membership);
g_return_val_if_fail (supported != NULL, NULL);
g_variant_iter_init (&iter, supported);
@@ -582,7 +481,7 @@ on_realm_join_complete (GObject *source,
}
static gboolean
-realm_join_as_owner (UmRealmKerberos *realm,
+realm_join_as_owner (UmRealmObject *realm,
const gchar *owner,
const gchar *login,
const gchar *password,
@@ -591,15 +490,21 @@ realm_join_as_owner (UmRealmKerberos *realm,
GAsyncReadyCallback callback,
gpointer user_data)
{
+ UmRealmKerberosMembership *membership;
GSimpleAsyncResult *async;
GVariant *contents;
GVariant *options;
GVariant *creds;
const gchar *type;
- type = find_supported_credentials (realm, owner);
- if (type == NULL)
+ membership = um_realm_object_get_kerberos_membership (realm);
+ g_return_val_if_fail (membership != NULL, FALSE);
+
+ type = find_supported_credentials (membership, owner);
+ if (type == NULL) {
+ g_object_unref (membership);
return FALSE;
+ }
async = g_simple_async_result_new (G_OBJECT (realm), callback, user_data,
realm_join_as_owner);
@@ -620,16 +525,18 @@ realm_join_as_owner (UmRealmKerberos *realm,
creds = g_variant_new ("(ssv)", type, owner, contents);
options = g_variant_new_array (G_VARIANT_TYPE ("{sv}"), NULL, 0);
- um_realm_kerberos_call_enroll (realm, creds, options,
- cancellable, on_realm_join_complete, g_object_ref (async));
+ um_realm_kerberos_membership_call_join (membership, creds, options,
+ cancellable, on_realm_join_complete,
+ g_object_ref (async));
g_object_unref (async);
+ g_object_unref (membership);
return TRUE;
}
gboolean
-um_realm_join_as_user (UmRealmKerberos *realm,
+um_realm_join_as_user (UmRealmObject *realm,
const gchar *login,
const gchar *password,
GBytes *credentials,
@@ -637,19 +544,19 @@ um_realm_join_as_user (UmRealmKerberos *realm,
GAsyncReadyCallback callback,
gpointer user_data)
{
- g_return_val_if_fail (UM_REALM_IS_KERBEROS (realm), FALSE);
+ g_return_val_if_fail (UM_REALM_IS_OBJECT (realm), FALSE);
g_return_val_if_fail (credentials != NULL, FALSE);
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE);
g_return_val_if_fail (login != NULL, FALSE);
g_return_val_if_fail (password != NULL, FALSE);
g_return_val_if_fail (credentials != NULL, FALSE);
- return realm_join_as_owner (realm, "user", login, password, credentials,
- cancellable, callback, user_data);
+ return realm_join_as_owner (realm, "user", login, password,
+ credentials, cancellable, callback, user_data);
}
gboolean
-um_realm_join_as_admin (UmRealmKerberos *realm,
+um_realm_join_as_admin (UmRealmObject *realm,
const gchar *login,
const gchar *password,
GBytes *credentials,
@@ -657,7 +564,7 @@ um_realm_join_as_admin (UmRealmKerberos *realm,
GAsyncReadyCallback callback,
gpointer user_data)
{
- g_return_val_if_fail (UM_REALM_IS_KERBEROS (realm), FALSE);
+ g_return_val_if_fail (UM_REALM_IS_OBJECT (realm), FALSE);
g_return_val_if_fail (credentials != NULL, FALSE);
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE);
g_return_val_if_fail (login != NULL, FALSE);
@@ -669,19 +576,25 @@ um_realm_join_as_admin (UmRealmKerberos *realm,
}
gboolean
-um_realm_join_finish (UmRealmKerberos *self,
+um_realm_join_finish (UmRealmObject *realm,
GAsyncResult *result,
GError **error)
{
+ UmRealmKerberosMembership *membership;
GError *call_error = NULL;
gchar *dbus_error;
GAsyncResult *async;
- g_return_val_if_fail (UM_REALM_IS_KERBEROS (self), FALSE);
+ g_return_val_if_fail (UM_REALM_IS_OBJECT (realm), FALSE);
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
+ membership = um_realm_object_get_kerberos_membership (realm);
+ g_return_val_if_fail (membership != NULL, FALSE);
+
async = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
- um_realm_kerberos_call_enroll_finish (self, async, &call_error);
+ um_realm_kerberos_membership_call_join_finish (membership, async, &call_error);
+ g_object_unref (membership);
+
if (call_error == NULL)
return TRUE;
@@ -693,7 +606,7 @@ um_realm_join_finish (UmRealmKerberos *self,
g_dbus_error_strip_remote_error (call_error);
- if (g_str_equal (dbus_error, "org.freedesktop.realmd.Error.AuthFailed")) {
+ if (g_str_equal (dbus_error, "org.freedesktop.realmd.Error.AuthenticationFailed")) {
g_set_error (error, UM_REALM_ERROR, UM_REALM_ERROR_BAD_LOGIN,
"%s", call_error->message);
g_error_free (call_error);
@@ -851,8 +764,7 @@ kinit_thread_func (GSimpleAsyncResult *async,
}
void
-um_realm_login (const gchar *realm,
- const gchar *domain,
+um_realm_login (UmRealmObject *realm,
const gchar *user,
const gchar *password,
GCancellable *cancellable,
@@ -861,17 +773,21 @@ um_realm_login (const gchar *realm,
{
GSimpleAsyncResult *async;
LoginClosure *login;
+ UmRealmKerberos *kerberos;
- g_return_if_fail (realm != NULL);
+ g_return_if_fail (UM_REALM_IS_OBJECT (realm));
g_return_if_fail (user != NULL);
g_return_if_fail (password != NULL);
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
+ kerberos = um_realm_object_get_kerberos (realm);
+ g_return_if_fail (kerberos != NULL);
+
async = g_simple_async_result_new (NULL, callback, user_data,
um_realm_login);
login = g_slice_new0 (LoginClosure);
- login->domain = g_strdup (domain ? domain : realm);
- login->realm = g_strdup (realm);
+ login->domain = g_strdup (um_realm_kerberos_get_domain_name (kerberos));
+ login->realm = g_strdup (um_realm_kerberos_get_realm_name (kerberos));
login->user = g_strdup (user);
login->password = g_strdup (password);
g_simple_async_result_set_op_res_gpointer (async, login, login_closure_free);
@@ -881,6 +797,7 @@ um_realm_login (const gchar *realm,
G_PRIORITY_DEFAULT, cancellable);
g_object_unref (async);
+ g_object_unref (kerberos);
}
gboolean
diff --git a/panels/user-accounts/um-realm-manager.h b/panels/user-accounts/um-realm-manager.h
index c5ffea3..a604fae 100644
--- a/panels/user-accounts/um-realm-manager.h
+++ b/panels/user-accounts/um-realm-manager.h
@@ -63,8 +63,7 @@ GList * um_realm_manager_discover_finish (UmRealmManager *self,
GList * um_realm_manager_get_realms (UmRealmManager *self);
-void um_realm_login (const gchar *realm_name,
- const gchar *domain,
+void um_realm_login (UmRealmObject *realm,
const gchar *login,
const gchar *password,
GCancellable *cancellable,
@@ -75,7 +74,7 @@ gboolean um_realm_login_finish (GAsyncResult *result,
GBytes **credentials,
GError **error);
-gboolean um_realm_join_as_user (UmRealmKerberos *realm,
+gboolean um_realm_join_as_user (UmRealmObject *realm,
const gchar *login,
const gchar *password,
GBytes *credentials,
@@ -84,7 +83,7 @@ gboolean um_realm_join_as_user (UmRealmKerberos *realm,
gpointer user_data)
G_GNUC_WARN_UNUSED_RESULT;
-gboolean um_realm_join_as_admin (UmRealmKerberos *realm,
+gboolean um_realm_join_as_admin (UmRealmObject *realm,
const gchar *login,
const gchar *password,
GBytes *credentials,
@@ -93,10 +92,14 @@ gboolean um_realm_join_as_admin (UmRealmKerberos *realm,
gpointer user_data)
G_GNUC_WARN_UNUSED_RESULT;
-gboolean um_realm_join_finish (UmRealmKerberos *self,
+gboolean um_realm_join_finish (UmRealmObject *realm,
GAsyncResult *result,
GError **error);
+gboolean um_realm_is_configured (UmRealmObject *realm);
+
+gchar * um_realm_calculate_login (UmRealmCommon *realm,
+ const gchar *username);
G_END_DECLS
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
