[gnome-control-center/wip/user-identities: 3/3] add start of kerberos implemention of identity interface
- From: Ray Strode <halfline src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-control-center/wip/user-identities: 3/3] add start of kerberos implemention of identity interface
- Date: Fri, 24 Feb 2012 08:35:26 +0000 (UTC)
commit bc0c8bf657528c382ebea46c99fd2f40caaa6f72
Author: Ray Strode <rstrode redhat com>
Date: Wed Feb 22 12:14:20 2012 -0500
add start of kerberos implemention of identity interface
panels/user-accounts/Makefile.am | 4 +
panels/user-accounts/um-identity-manager-private.h | 2 +
panels/user-accounts/um-identity-manager.c | 60 +-
panels/user-accounts/um-identity-manager.h | 25 +-
panels/user-accounts/um-identity.c | 20 +-
panels/user-accounts/um-identity.h | 4 +-
.../user-accounts/um-kerberos-identity-manager.c | 840 ++++++++++++++++++++
panels/user-accounts/um-kerberos-identity.c | 467 +++++++++++
panels/user-accounts/um-kerberos-identity.h | 66 ++
panels/user-accounts/um-user-panel.c | 37 +-
10 files changed, 1486 insertions(+), 39 deletions(-)
---
diff --git a/panels/user-accounts/Makefile.am b/panels/user-accounts/Makefile.am
index f517bb2..84ea96e 100644
--- a/panels/user-accounts/Makefile.am
+++ b/panels/user-accounts/Makefile.am
@@ -36,6 +36,10 @@ libuser_accounts_la_SOURCES = \
um-identity-manager.c \
um-identity.h \
um-identity.c \
+ um-kerberos-identity-manager.h \
+ um-kerberos-identity-manager.c \
+ um-kerberos-identity.h \
+ um-kerberos-identity.c \
um-user.h \
um-user.c \
um-user-manager.h \
diff --git a/panels/user-accounts/um-identity-manager-private.h b/panels/user-accounts/um-identity-manager-private.h
index b3bd88d..3a3ac03 100644
--- a/panels/user-accounts/um-identity-manager-private.h
+++ b/panels/user-accounts/um-identity-manager-private.h
@@ -34,6 +34,8 @@ void _um_identity_manager_emit_identity_added (UmIdentityManager *identity_
UmIdentity *identity);
void _um_identity_manager_emit_identity_removed (UmIdentityManager *identity_manager,
UmIdentity *identity);
+void _um_identity_manager_emit_identity_expired (UmIdentityManager *identity_manager,
+ UmIdentity *identity);
G_END_DECLS
#endif /* __UM_IDENTITY_MANAGER_PRIVATE_H__ */
diff --git a/panels/user-accounts/um-identity-manager.c b/panels/user-accounts/um-identity-manager.c
index d1469ff..db39d3c 100644
--- a/panels/user-accounts/um-identity-manager.c
+++ b/panels/user-accounts/um-identity-manager.c
@@ -22,6 +22,7 @@
#include <glib-object.h>
#include <glib/gi18n.h>
+#include <gio/gio.h>
#include "um-identity-manager.h"
#include "um-identity-manager-private.h"
@@ -29,6 +30,7 @@
enum {
IDENTITY_ADDED,
IDENTITY_REMOVED,
+ IDENTITY_EXPIRED,
NUMBER_OF_SIGNALS,
};
@@ -37,18 +39,24 @@ static guint signals[NUMBER_OF_SIGNALS] = { 0 };
G_DEFINE_INTERFACE (UmIdentityManager, um_identity_manager, G_TYPE_OBJECT);
static void
-um_identity_manager_default_init (UmIdentityManagerInterface *iface)
+um_identity_manager_default_init (UmIdentityManagerInterface *interface)
{
- signals[IDENTITY_ADDED] = g_signal_new ("interface-removed",
- G_TYPE_FROM_INTERFACE (iface),
+ signals[IDENTITY_ADDED] = g_signal_new ("identity-added",
+ G_TYPE_FROM_INTERFACE (interface),
G_SIGNAL_RUN_LAST,
- G_STRUCT_OFFSET (GDBusObjectIface, interface_removed),
+ G_STRUCT_OFFSET (UmIdentityManagerInterface, identity_added),
NULL, NULL, NULL,
G_TYPE_NONE, 1, UM_TYPE_IDENTITY);
- signals[IDENTITY_REMOVED] = g_signal_new ("interface-removed",
- G_TYPE_FROM_INTERFACE (iface),
+ signals[IDENTITY_REMOVED] = g_signal_new ("identity-removed",
+ G_TYPE_FROM_INTERFACE (interface),
G_SIGNAL_RUN_LAST,
- G_STRUCT_OFFSET (GDBusObjectIface, interface_removed),
+ G_STRUCT_OFFSET (UmIdentityManagerInterface, identity_removed),
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 1, UM_TYPE_IDENTITY);
+ signals[IDENTITY_EXPIRED] = g_signal_new ("identity-expired",
+ G_TYPE_FROM_INTERFACE (interface),
+ G_SIGNAL_RUN_LAST,
+ G_STRUCT_OFFSET (UmIdentityManagerInterface, identity_expired),
NULL, NULL, NULL,
G_TYPE_NONE, 1, UM_TYPE_IDENTITY);
}
@@ -68,36 +76,41 @@ um_identity_manager_error_quark (void)
void
um_identity_manager_list_identities (UmIdentityManager *self,
GCancellable *cancellable,
- GAsyncReadyCallback callback)
+ GAsyncReadyCallback callback,
+ gpointer user_data)
{
- UM_IDENTITY_MANAGER_GET_IFACE (identity_manager)->list_identities (self,
- cancellable,
- callback);
+ UM_IDENTITY_MANAGER_GET_IFACE (self)->list_identities (self,
+ cancellable,
+ callback,
+ user_data);
}
-void
-um_identity_manager_list_identities_finish (UmIdentityManager *identity_manager,
+GList *
+um_identity_manager_list_identities_finish (UmIdentityManager *self,
GAsyncResult *result,
GError **error)
{
- UM_IDENTITY_MANAGER_GET_IFACE (identity_manager)->list_identities_finish (self, result error);
+ return UM_IDENTITY_MANAGER_GET_IFACE (self)->list_identities_finish (self,
+ result,
+ error);
}
void
-um_identity_manager_sign_identity_out (UmIdentityManager *self,
+um_identity_manager_sign_identity_out (UmIdentityManager *self,
UmIdentity *identity,
GCancellable *cancellable,
- GAsyncReadyCallback callback);
+ GAsyncReadyCallback callback,
+ gpointer user_data)
{
- UM_IDENTITY_MANAGER_GET_IFACE (self)->sign_identity_out (self, identity);
+ UM_IDENTITY_MANAGER_GET_IFACE (self)->sign_identity_out (self, identity, cancellable, callback, user_data);
}
void
um_identity_manager_sign_identity_out_finish (UmIdentityManager *self,
GAsyncResult *result,
- GError **error);
+ GError **error)
{
- UM_IDENTITY_MANAGER_GET_IFACE (self)->sign_identity_out (self, result, error);
+ UM_IDENTITY_MANAGER_GET_IFACE (self)->sign_identity_out_finish (self, result, error);
}
char *
@@ -109,7 +122,7 @@ um_identity_manager_name_identity (UmIdentityManager *self,
}
void
-_um_identity_manager_emit_identity_added (UmIdentityManager self,
+_um_identity_manager_emit_identity_added (UmIdentityManager *self,
UmIdentity *identity)
{
g_signal_emit (G_OBJECT (self), signals[IDENTITY_ADDED], 0, identity);
@@ -122,3 +135,10 @@ _um_identity_manager_emit_identity_removed (UmIdentityManager *self,
g_signal_emit (G_OBJECT (self), signals[IDENTITY_REMOVED], 0, identity);
}
+void
+_um_identity_manager_emit_identity_expired (UmIdentityManager *self,
+ UmIdentity *identity)
+{
+ g_signal_emit (G_OBJECT (self), signals[IDENTITY_EXPIRED], 0, identity);
+}
+
diff --git a/panels/user-accounts/um-identity-manager.h b/panels/user-accounts/um-identity-manager.h
index 733917a..5f34a16 100644
--- a/panels/user-accounts/um-identity-manager.h
+++ b/panels/user-accounts/um-identity-manager.h
@@ -25,6 +25,7 @@
#include <glib.h>
#include <glib-object.h>
+#include <gio/gio.h>
#include "um-identity.h"
@@ -51,19 +52,23 @@ struct _UmIdentityManagerInterface
void (* identity_removed) (UmIdentityManager *identity_manager,
UmIdentity *identity);
+ void (* identity_expired) (UmIdentityManager *identity_manager,
+ UmIdentity *identity);
/* Virtual Functions */
void (* list_identities) (UmIdentityManager *identity_manager,
GCancellable *cancellable,
- GAsyncReadyCallback callback);
- void (* list_identities_finish) (UmIdentityManager *identity_manager,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+ GList * (* list_identities_finish) (UmIdentityManager *identity_manager,
GAsyncResult *result,
GError **error);
void (* sign_identity_out) (UmIdentityManager *identity_manager,
UmIdentity *identity,
GCancellable *cancellable,
- GAsyncReadyCallback callback);
+ GAsyncReadyCallback callback,
+ gpointer user_data);
void (* sign_identity_out_finish) (UmIdentityManager *identity_manager,
GAsyncResult *result,
GError **error);
@@ -72,19 +77,27 @@ struct _UmIdentityManagerInterface
UmIdentity *identity);
};
+enum _UmIdentityManagerError {
+ UM_IDENTITY_MANAGER_ERROR_INITIALIZING,
+ UM_IDENTITY_MANAGER_ERROR_MONITORING,
+ UM_IDENTITY_MANAGER_ERROR_SIGNING_OUT
+};
+
GType um_identity_manager_get_type (void);
GQuark um_identity_manager_error_quark (void);
void um_identity_manager_list_identities (UmIdentityManager *identity_manager,
GCancellable *cancellable,
- GAsyncReadyCallback callback);
-void um_identity_manager_list_identities_finish (UmIdentityManager *identity_manager,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+GList * um_identity_manager_list_identities_finish (UmIdentityManager *identity_manager,
GAsyncResult *result,
GError **error);
void um_identity_manager_sign_identity_out (UmIdentityManager *identity_manager,
UmIdentity *identity,
GCancellable *cancellable,
- GAsyncReadyCallback callback);
+ GAsyncReadyCallback callback,
+ gpointer user_data);
void um_identity_manager_sign_identity_out_finish (UmIdentityManager *identity_manager,
GAsyncResult *result,
GError **error);
diff --git a/panels/user-accounts/um-identity.c b/panels/user-accounts/um-identity.c
index 2046d0c..e8e250b 100644
--- a/panels/user-accounts/um-identity.c
+++ b/panels/user-accounts/um-identity.c
@@ -24,19 +24,11 @@
#include <glib/gi18n.h>
#include "um-identity.h"
-#include "um-consolekit.h"
-#include "um-identityd.h"
-
-enum {
- LAST_SIGNAL
-};
-
-static guint signals[LAST_SIGNAL] = { 0 };
G_DEFINE_INTERFACE (UmIdentity, um_identity, G_TYPE_OBJECT);
static void
-um_identity_default_init (UmIdentityInterface *iface)
+um_identity_default_init (UmIdentityInterface *interface)
{
}
@@ -52,8 +44,14 @@ um_identity_error_quark (void)
return error_quark;
}
-GList *
+const char *
um_identity_get_identifier (UmIdentity *self)
{
- return UM_IDENTITY_GET_IFACE (identity)->get_identifier (self);
+ return UM_IDENTITY_GET_IFACE (self)->get_identifier (self);
+}
+
+gboolean
+um_identity_is_signed_in (UmIdentity *self)
+{
+ return UM_IDENTITY_GET_IFACE (self)->is_signed_in (self);
}
diff --git a/panels/user-accounts/um-identity.h b/panels/user-accounts/um-identity.h
index 0509d47..f889eeb 100644
--- a/panels/user-accounts/um-identity.h
+++ b/panels/user-accounts/um-identity.h
@@ -44,12 +44,14 @@ struct _UmIdentityInterface
GTypeInterface base_interface;
const char * (* get_identifier) (UmIdentity *identity);
+ gboolean (* is_signed_in) (UmIdentity *identity);
};
GType um_identity_get_type (void);
GQuark um_identity_error_quark (void);
-const char *um_identity_get_identifier (UmIdentity *identity);
+const char *um_identity_get_identifier (UmIdentity *identity);
+gboolean um_identitier_is_signed_in (UmIdentity *identity);
G_END_DECLS
diff --git a/panels/user-accounts/um-kerberos-identity-manager.c b/panels/user-accounts/um-kerberos-identity-manager.c
new file mode 100644
index 0000000..33fc72e
--- /dev/null
+++ b/panels/user-accounts/um-kerberos-identity-manager.c
@@ -0,0 +1,840 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Authors: Ray Strode
+ */
+
+#include "config.h"
+
+#include "um-kerberos-identity-manager.h"
+#include "um-identity-manager-private.h"
+#include "um-kerberos-identity.h"
+
+#include <string.h>
+
+#include <glib/gi18n.h>
+#include <gio/gio.h>
+
+#include <krb5.h>
+
+struct _UmKerberosIdentityManagerPrivate
+{
+ GHashTable *identities;
+ GAsyncQueue *pending_operations;
+ GCancellable *scheduler_cancellable;
+
+ krb5_context kerberos_context;
+ GFileMonitor *credentials_cache_monitor;
+ gulong credentials_cache_changed_signal_id;
+ GMutex refresh_lock;
+};
+
+typedef enum
+{
+ OPERATION_TYPE_REFRESH,
+ OPERATION_TYPE_LIST,
+ OPERATION_TYPE_SIGN_OUT
+} OperationType;
+
+typedef struct
+{
+ GCancellable *cancellable;
+ UmKerberosIdentityManager *manager;
+ OperationType type;
+ GSimpleAsyncResult *result;
+ GIOSchedulerJob *job;
+ UmIdentity *identity;
+} Operation;
+
+typedef struct
+{
+ UmKerberosIdentityManager *manager;
+ Operation *operation;
+ UmIdentity *identity;
+} IdentitySignalWork;
+
+static void identity_manager_interface_init (UmIdentityManagerInterface *interface);
+static void initable_interface_init (GInitableIface *interface);
+static void schedule_next_operation (UmKerberosIdentityManager *self);
+
+G_DEFINE_TYPE_WITH_CODE (UmKerberosIdentityManager,
+ um_kerberos_identity_manager,
+ G_TYPE_OBJECT,
+ G_IMPLEMENT_INTERFACE (UM_TYPE_IDENTITY_MANAGER,
+ identity_manager_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ initable_interface_init));
+
+static Operation *
+operation_new (UmKerberosIdentityManager *self,
+ GCancellable *cancellable,
+ OperationType type,
+ UmIdentity *identity,
+ GSimpleAsyncResult *result)
+{
+ Operation *operation;
+
+ operation = g_slice_new (Operation);
+
+ operation->manager = self;
+ operation->type = type;
+
+ if (cancellable == NULL) {
+ cancellable = g_cancellable_new ();
+ } else {
+ g_object_ref (cancellable);
+ }
+ operation->cancellable = cancellable;
+
+ if (identity != NULL) {
+ g_object_ref (identity);
+ }
+ operation->identity = identity;
+
+ if (result != NULL) {
+ g_object_ref (result);
+ }
+ operation->result = result;
+
+ return operation;
+}
+
+static void
+operation_free (Operation *operation)
+{
+ g_object_unref (operation->cancellable);
+
+ if (operation->identity != NULL) {
+ g_object_unref (operation->identity);
+ }
+
+ if (operation->result != NULL) {
+ g_object_unref (operation->result);
+ }
+
+ g_slice_free (Operation, operation);
+}
+
+static IdentitySignalWork *
+identity_signal_work_new (UmKerberosIdentityManager *self,
+ Operation *operation,
+ UmIdentity *identity)
+{
+ IdentitySignalWork *work;
+
+ work = g_slice_new (IdentitySignalWork);
+ work->manager = self;
+ work->operation = operation;
+ work->identity = g_object_ref (identity);
+
+ return work;
+}
+
+static void
+identity_signal_work_free (IdentitySignalWork *work)
+{
+ g_object_unref (work->identity);
+ g_slice_free (IdentitySignalWork, work);
+}
+
+static void
+do_identity_signal_removed_work (IdentitySignalWork *work)
+{
+ UmKerberosIdentityManager *self = work->manager;
+ UmIdentity *identity = work->identity;
+
+ _um_identity_manager_emit_identity_removed (UM_IDENTITY_MANAGER (self), identity);
+}
+
+static void
+on_identity_signed_out (UmIdentity *identity,
+ gpointer user_data)
+{
+ UmKerberosIdentityManager *self = UM_KERBEROS_IDENTITY_MANAGER (user_data);
+
+ _um_identity_manager_emit_identity_expired (UM_IDENTITY_MANAGER (self), identity);
+}
+
+static void
+do_identity_signal_added_work (IdentitySignalWork *work)
+{
+ UmKerberosIdentityManager *self = work->manager;
+ UmIdentity *identity = work->identity;
+
+ g_signal_connect (G_OBJECT (identity),
+ "signed-out",
+ G_CALLBACK (on_identity_signed_out),
+ self);
+
+ _um_identity_manager_emit_identity_added (UM_IDENTITY_MANAGER (self), identity);
+}
+
+static void
+drop_unknown_identities (Operation *operation,
+ UmKerberosIdentityManager *self,
+ GHashTable *known_identities)
+{
+ GList *stale_identity_ids;
+ GList *node;
+
+ stale_identity_ids = g_hash_table_get_keys (self->priv->identities);
+
+ node = stale_identity_ids;
+ while (node != NULL) {
+ UmIdentity *identity;
+ const char *id = node->data;
+
+ identity = g_hash_table_lookup (known_identities, id);
+ if (identity == NULL) {
+ IdentitySignalWork *job;
+
+ identity = g_hash_table_lookup (self->priv->identities, id);
+ job = identity_signal_work_new (self, operation, identity);
+ g_hash_table_remove (self->priv->identities, id);
+
+ g_io_scheduler_job_send_to_mainloop (operation->job,
+ (GSourceFunc)
+ do_identity_signal_removed_work,
+ job,
+ (GDestroyNotify)
+ identity_signal_work_free);
+
+ }
+ node = node->next;
+ }
+ g_list_free (stale_identity_ids);
+}
+
+static void
+refresh_identity (Operation *operation,
+ UmKerberosIdentityManager *self,
+ GHashTable *new_identities,
+ UmIdentity *identity)
+{
+ const char *id;
+ UmIdentity *old_identity;
+
+ id = um_identity_get_identifier (identity);
+ old_identity = g_hash_table_lookup (self->priv->identities, id);
+
+ if (old_identity != NULL) {
+ um_kerberos_identity_update (UM_KERBEROS_IDENTITY (old_identity),
+ UM_KERBEROS_IDENTITY (identity));
+ id = um_identity_get_identifier (old_identity);
+ /* Reuse the old identity, so the pointer doesn't change spurriously
+ */
+ identity = old_identity;
+ } else {
+ IdentitySignalWork *work;
+
+ g_hash_table_replace (self->priv->identities,
+ (gpointer) id,
+ g_object_ref (identity));
+ work = identity_signal_work_new (self, operation, identity);
+ g_io_scheduler_job_send_to_mainloop (operation->job,
+ (GSourceFunc)
+ do_identity_signal_added_work,
+ work,
+ (GDestroyNotify)
+ identity_signal_work_free);
+ }
+
+ /* Track new identities so we can emit removals when we're done fully
+ * enumerating the collection of credential caches
+ */
+ g_hash_table_replace (new_identities,
+ (gpointer) id,
+ g_object_ref (identity));
+}
+
+static void
+refresh_known_identities (Operation *operation,
+ UmKerberosIdentityManager *self)
+{
+ krb5_error_code error_code;
+ krb5_ccache cache;
+ krb5_cccol_cursor cursor;
+ const char *error_message;
+ GHashTable *new_identities;
+
+ new_identities = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+ NULL,
+ g_object_unref);
+ error_code = krb5_cccol_cursor_new (self->priv->kerberos_context, &cursor);
+
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentityManager: Error looking up available credential caches: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ goto done;
+ }
+
+ error_code = krb5_cccol_cursor_next (self->priv->kerberos_context,
+ cursor,
+ &cache);
+
+ while (error_code == 0 && cache != NULL) {
+ UmIdentity *identity;
+
+ identity = um_kerberos_identity_new (self->priv->kerberos_context,
+ cache);
+
+ if (identity != NULL) {
+ refresh_identity (operation, self, new_identities, identity);
+ g_object_unref (identity);
+ }
+
+ krb5_cc_close (self->priv->kerberos_context, cache);
+ error_code = krb5_cccol_cursor_next (self->priv->kerberos_context,
+ cursor,
+ &cache);
+ }
+
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentityManager: Error iterating over available credential caches: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ }
+
+ krb5_cccol_cursor_free (self->priv->kerberos_context, &cursor);
+done:
+ drop_unknown_identities (operation, self, new_identities);
+ g_hash_table_unref (new_identities);
+}
+
+static int
+identity_sort_func (UmIdentity *a,
+ UmIdentity *b)
+{
+ return g_strcmp0 (um_identity_get_identifier (a),
+ um_identity_get_identifier (b));
+}
+
+static void
+free_identity_list (GList *list)
+{
+ g_list_foreach (list, (GFunc) g_object_unref, NULL);
+ g_list_free (list);
+}
+
+static void
+list_identities (Operation *operation,
+ UmKerberosIdentityManager *self)
+{
+ GList *identities;
+
+ identities = g_hash_table_get_values (self->priv->identities);
+
+ identities = g_list_sort (identities,
+ (GCompareFunc)
+ identity_sort_func);
+
+ g_list_foreach (identities, (GFunc) g_object_ref, NULL);
+ g_simple_async_result_set_op_res_gpointer (operation->result,
+ identities,
+ (GDestroyNotify)
+ free_identity_list);
+}
+
+static void
+sign_out_identity (Operation *operation,
+ UmKerberosIdentityManager *self)
+{
+ krb5_ccache credentials_cache;
+ krb5_error_code error_code;
+ UmKerberosIdentity *identity = UM_KERBEROS_IDENTITY (operation->identity);
+
+ credentials_cache = um_kerberos_identity_get_credentials_cache (identity);
+
+ g_assert (credentials_cache != NULL);
+
+ error_code = krb5_cc_destroy (self->priv->kerberos_context,
+ credentials_cache);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_simple_async_result_set_error (operation->result,
+ UM_IDENTITY_MANAGER_ERROR,
+ UM_IDENTITY_MANAGER_ERROR_SIGNING_OUT,
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return;
+ }
+}
+
+static void
+set_cancelled_error (GError **error)
+{
+ g_set_error (error,
+ G_IO_ERROR,
+ G_IO_ERROR_CANCELLED,
+ "%s",
+ _("Operation was cancelled"));
+}
+
+static gboolean
+on_operation_scheduled (GIOSchedulerJob *job,
+ GCancellable *cancellable,
+ gpointer user_data)
+{
+ UmKerberosIdentityManager *self = UM_KERBEROS_IDENTITY_MANAGER (user_data);
+ Operation *operation;
+
+ operation = g_async_queue_try_pop (self->priv->pending_operations);
+
+ if (operation == NULL) {
+ return FALSE;
+ }
+
+ if (g_cancellable_is_cancelled (operation->cancellable) && operation->result != NULL) {
+ GError *error = NULL;
+ set_cancelled_error (&error);
+ g_simple_async_result_take_error (operation->result,
+ error);
+ g_simple_async_result_complete_in_idle (operation->result);
+ return FALSE;
+ }
+
+ operation->job = job;
+
+ /* We don't allow refreshes and lists to happen
+ * concurrently (since we can't procede with a list
+ * until a refresh has happend) but sign outs can
+ * happen any time
+ */
+ switch (operation->type) {
+ case OPERATION_TYPE_REFRESH:
+ g_mutex_lock (&self->priv->refresh_lock);
+ refresh_known_identities (operation, operation->manager);
+ g_mutex_unlock (&self->priv->refresh_lock);
+ break;
+ case OPERATION_TYPE_LIST:
+ g_mutex_lock (&self->priv->refresh_lock);
+ list_identities (operation, operation->manager);
+ g_mutex_unlock (&self->priv->refresh_lock);
+ break;
+ case OPERATION_TYPE_SIGN_OUT:
+ sign_out_identity (operation, operation->manager);
+ break;
+ }
+
+ operation->job = NULL;
+
+ if (operation->result != NULL) {
+ g_simple_async_result_complete_in_idle (operation->result);
+ }
+
+ schedule_next_operation (self);
+
+ return FALSE;
+}
+
+static void
+schedule_next_operation (UmKerberosIdentityManager *self)
+{
+ g_io_scheduler_push_job (on_operation_scheduled,
+ self,
+ NULL,
+ G_PRIORITY_DEFAULT,
+ self->priv->scheduler_cancellable);
+}
+
+static void
+um_kerberos_identity_manager_list_identities (UmIdentityManager *manager,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ UmKerberosIdentityManager *self = UM_KERBEROS_IDENTITY_MANAGER (manager);
+ GSimpleAsyncResult *result;
+ Operation *operation;
+
+ result = g_simple_async_result_new (G_OBJECT (self),
+ callback,
+ user_data,
+ um_kerberos_identity_manager_list_identities);
+
+ operation = operation_new (self, cancellable, OPERATION_TYPE_LIST, NULL, result);
+ g_object_unref (result);
+
+ g_async_queue_push (self->priv->pending_operations, operation);
+
+ schedule_next_operation (self);
+}
+
+static GList *
+um_kerberos_identity_manager_list_identities_finish (UmIdentityManager *manager,
+ GAsyncResult *result,
+ GError **error)
+{
+ GList *identities;
+
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
+ error)) {
+ return NULL;
+ }
+
+ identities = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
+
+ return identities;
+
+}
+
+static void
+um_kerberos_identity_manager_sign_identity_out (UmIdentityManager *manager,
+ UmIdentity *identity,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ UmKerberosIdentityManager *self = UM_KERBEROS_IDENTITY_MANAGER (manager);
+ GSimpleAsyncResult *result;
+ Operation *operation;
+
+ result = g_simple_async_result_new (G_OBJECT (self),
+ callback,
+ user_data,
+ um_kerberos_identity_manager_sign_identity_out);
+ operation = operation_new (self,
+ cancellable,
+ OPERATION_TYPE_SIGN_OUT,
+ identity,
+ result);
+ g_object_unref (result);
+
+ g_async_queue_push (self->priv->pending_operations, operation);
+
+ schedule_next_operation (self);
+}
+
+static void
+um_kerberos_identity_manager_sign_identity_out_finish (UmIdentityManager *self,
+ GAsyncResult *result,
+ GError **error)
+{
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
+ error)) {
+ return;
+ }
+
+ return;
+}
+
+static char *
+um_kerberos_identity_manager_name_identity (UmIdentityManager *self,
+ UmIdentity *identity)
+{
+ /* FIXME: prettify and make unique */
+ return g_strdup (um_identity_get_identifier (identity));
+}
+
+static void
+identity_manager_interface_init (UmIdentityManagerInterface *interface)
+{
+ interface->list_identities = um_kerberos_identity_manager_list_identities;
+ interface->list_identities_finish = um_kerberos_identity_manager_list_identities_finish;
+ interface->sign_identity_out = um_kerberos_identity_manager_sign_identity_out;
+ interface->sign_identity_out_finish = um_kerberos_identity_manager_sign_identity_out_finish;
+ interface->name_identity = um_kerberos_identity_manager_name_identity;
+}
+
+static void
+schedule_refresh (UmKerberosIdentityManager *self)
+{
+ Operation *operation;
+
+ operation = operation_new (self, NULL, OPERATION_TYPE_REFRESH, NULL, NULL);
+ g_async_queue_push (self->priv->pending_operations, operation);
+
+ schedule_next_operation (self);
+}
+
+static void
+on_credentials_cache_changed (GFileMonitor *monitor,
+ GFile *file,
+ GFile *other_file,
+ GFileMonitorEvent *event_type,
+ gpointer user_data)
+{
+ UmKerberosIdentityManager *self = UM_KERBEROS_IDENTITY_MANAGER (user_data);
+
+ schedule_refresh (self);
+}
+
+static gboolean
+monitor_credentials_cache (UmKerberosIdentityManager *self,
+ GError **error)
+{
+ krb5_ccache default_cache;
+ const char *cache_type;
+ const char *cache_path;
+ GFile *file;
+ GFileMonitor *monitor;
+ krb5_error_code error_code;
+ GError *monitoring_error;
+
+ error_code = krb5_cc_default (self->priv->kerberos_context,
+ &default_cache);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_set_error_literal (error,
+ UM_IDENTITY_MANAGER_ERROR,
+ UM_IDENTITY_MANAGER_ERROR_MONITORING,
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+
+ return FALSE;
+ }
+
+ cache_type = krb5_cc_get_type (self->priv->kerberos_context,
+ default_cache);
+ g_assert (cache_type != NULL);
+
+ if (strcmp (cache_type, "FILE") != 0 &&
+ strcmp (cache_type, "DIR") != 0) {
+ g_set_error (error,
+ UM_IDENTITY_MANAGER_ERROR,
+ UM_IDENTITY_MANAGER_ERROR_MONITORING,
+ "Only 'FILE' and 'DIR' credential cache types are really supported, not '%s'",
+ cache_type);
+ return FALSE;
+ }
+
+ /* If we're using a FILE type credential cache, then the
+ * default cache file is the only cache we care about,
+ * and its path is what we want to monitor.
+ *
+ * If we're using a DIR type credential cache, then the default
+ * cache file is one of many possible cache files, all in the
+ * same directory. We want to monitor that directory.
+ */
+ cache_path = krb5_cc_get_name (self->priv->kerberos_context,
+ default_cache);
+
+ /* The cache name might have a : in front of it.
+ * FIXME: figure out if that behavior is by design, or some
+ * odd bug.
+ */
+ if (cache_path[0] == ':') {
+ cache_path++;
+ }
+
+ file = g_file_new_for_path (cache_path);
+
+ monitoring_error = NULL;
+ if (strcmp (cache_type, "FILE") == 0) {
+ monitor = g_file_monitor_file (file,
+ G_FILE_MONITOR_NONE,
+ NULL,
+ &monitoring_error);
+ } else if (strcmp (cache_type, "DIR") == 0) {
+ GFile *directory;
+
+ directory = g_file_get_parent (file);
+ monitor = g_file_monitor_directory (directory,
+ G_FILE_MONITOR_NONE,
+ NULL,
+ &monitoring_error);
+ g_object_unref (directory);
+
+ } else {
+ g_assert_not_reached ();
+ }
+ g_object_unref (file);
+
+ if (monitor == NULL) {
+ g_propagate_error (error, monitoring_error);
+ return FALSE;
+ }
+
+ self->priv->credentials_cache_changed_signal_id = g_signal_connect (G_OBJECT (monitor),
+ "changed",
+ G_CALLBACK (on_credentials_cache_changed),
+ self);
+ self->priv->credentials_cache_monitor = monitor;
+
+ return TRUE;
+}
+
+static void
+stop_watching_credentials_cache (UmKerberosIdentityManager *self)
+{
+ if (!g_file_monitor_is_cancelled (self->priv->credentials_cache_monitor)) {
+ g_file_monitor_cancel (self->priv->credentials_cache_monitor);
+ }
+ g_object_unref (self->priv->credentials_cache_monitor);
+ self->priv->credentials_cache_monitor = NULL;
+}
+
+static gboolean
+um_kerberos_identity_manager_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ UmKerberosIdentityManager *self = UM_KERBEROS_IDENTITY_MANAGER (initable);
+ krb5_error_code error_code;
+ GError *monitoring_error;
+
+ if (g_cancellable_is_cancelled (cancellable)) {
+ set_cancelled_error (error);
+ return FALSE;
+ }
+
+ error_code = krb5_init_context (&self->priv->kerberos_context);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_set_error_literal (error,
+ UM_IDENTITY_MANAGER_ERROR,
+ UM_IDENTITY_MANAGER_ERROR_INITIALIZING,
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+
+ return FALSE;
+ }
+
+ monitoring_error = NULL;
+ if (!monitor_credentials_cache (self, &monitoring_error)) {
+ g_warning ("UmKerberosIdentityManager: Could not monitor credentials: %s",
+ monitoring_error->message);
+ g_error_free (monitoring_error);
+ }
+
+ schedule_refresh (self);
+
+ return TRUE;
+}
+
+static void
+initable_interface_init (GInitableIface *interface)
+{
+ interface->init = um_kerberos_identity_manager_initable_init;
+}
+
+static void
+um_kerberos_identity_manager_init (UmKerberosIdentityManager *self)
+{
+ self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
+ UM_TYPE_KERBEROS_IDENTITY_MANAGER,
+ UmKerberosIdentityManagerPrivate);
+ self->priv->identities = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+ NULL,
+ g_object_unref);
+ self->priv->pending_operations = g_async_queue_new ();
+
+ self->priv->scheduler_cancellable = g_cancellable_new ();
+ g_mutex_init (&self->priv->refresh_lock);
+}
+
+static void
+cancel_pending_operations (UmKerberosIdentityManager *self)
+{
+ Operation *operation;
+
+ operation = g_async_queue_try_pop (self->priv->pending_operations);
+ while (operation != NULL) {
+ if (!g_cancellable_is_cancelled (operation->cancellable)) {
+ g_cancellable_cancel (operation->cancellable);
+ }
+ operation_free (operation);
+ operation = g_async_queue_try_pop (self->priv->pending_operations);
+ }
+}
+
+static void
+um_kerberos_identity_manager_dispose (GObject *object)
+{
+ UmKerberosIdentityManager *self = UM_KERBEROS_IDENTITY_MANAGER (object);
+
+ if (self->priv->identities != NULL) {
+ g_hash_table_unref (self->priv->identities);
+ self->priv->identities = NULL;
+ }
+
+ if (self->priv->credentials_cache_monitor != NULL) {
+ stop_watching_credentials_cache (self);
+ }
+
+ if (self->priv->pending_operations != NULL) {
+ cancel_pending_operations (self);
+ g_async_queue_unref (self->priv->pending_operations);
+ self->priv->pending_operations = NULL;
+ }
+
+ if (self->priv->scheduler_cancellable != NULL) {
+ if (!g_cancellable_is_cancelled (self->priv->scheduler_cancellable)) {
+ g_cancellable_cancel (self->priv->scheduler_cancellable);
+ }
+
+ g_object_unref (self->priv->scheduler_cancellable);
+ self->priv->scheduler_cancellable = NULL;
+ }
+
+ G_OBJECT_CLASS (um_kerberos_identity_manager_parent_class)->dispose (object);
+}
+
+static void
+um_kerberos_identity_manager_finalize (GObject *object)
+{
+ UmKerberosIdentityManager *self = UM_KERBEROS_IDENTITY_MANAGER (object);
+
+ krb5_free_context (self->priv->kerberos_context);
+
+ G_OBJECT_CLASS (um_kerberos_identity_manager_parent_class)->finalize (object);
+}
+
+static void
+um_kerberos_identity_manager_class_init (UmKerberosIdentityManagerClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+
+ object_class->dispose = um_kerberos_identity_manager_dispose;
+ object_class->finalize = um_kerberos_identity_manager_finalize;
+
+ g_type_class_add_private (klass, sizeof (UmKerberosIdentityManagerPrivate));
+}
+
+UmIdentityManager*
+um_kerberos_identity_manager_new (void)
+{
+ GObject *object;
+ GError *error;
+ object = g_object_new (UM_TYPE_KERBEROS_IDENTITY_MANAGER, NULL);
+
+ error = NULL;
+ if (!g_initable_init (G_INITABLE (object), NULL, &error)) {
+ g_warning ("Could not create kerberos identity manager: %s",
+ error->message);
+ g_error_free (error);
+ g_object_unref (object);
+ return NULL;
+ }
+
+ return UM_IDENTITY_MANAGER (object);
+}
+
diff --git a/panels/user-accounts/um-kerberos-identity.c b/panels/user-accounts/um-kerberos-identity.c
new file mode 100644
index 0000000..ede45fd
--- /dev/null
+++ b/panels/user-accounts/um-kerberos-identity.c
@@ -0,0 +1,467 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Author: Ray Strode
+ */
+
+#include "config.h"
+
+#include "um-identity.h"
+#include "um-kerberos-identity.h"
+
+#include <string.h>
+#include <glib/gi18n.h>
+#include <gio/gio.h>
+
+struct _UmKerberosIdentityPrivate
+{
+ krb5_context kerberos_context;
+ krb5_ccache credentials_cache;
+
+ char *principal_name;
+ guint expiration_timeout_id;
+ krb5_timestamp expiration_time;
+};
+
+typedef enum
+{
+ VERIFICATION_LEVEL_UNVERIFIED,
+ VERIFICATION_LEVEL_EXISTS,
+ VERIFICATION_LEVEL_SIGNED_IN
+} VerificationLevel;
+
+enum {
+ SIGNED_OUT,
+ NUMBER_OF_SIGNALS,
+};
+
+static guint signals[NUMBER_OF_SIGNALS] = { 0 };
+
+static void identity_interface_init (UmIdentityInterface *interface);
+static void initable_interface_init (GInitableIface *interface);
+static void watch_for_expiration (UmKerberosIdentity *self);
+
+G_DEFINE_TYPE_WITH_CODE (UmKerberosIdentity,
+ um_kerberos_identity,
+ G_TYPE_OBJECT,
+ G_IMPLEMENT_INTERFACE (UM_TYPE_IDENTITY,
+ identity_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ initable_interface_init));
+
+static void
+um_kerberos_identity_finalize (GObject *object)
+{
+ UmKerberosIdentity *self = UM_KERBEROS_IDENTITY (object);
+
+ g_free (self->priv->principal_name);
+ self->priv->principal_name = NULL;
+
+ krb5_cc_close (self->priv->kerberos_context, self->priv->credentials_cache);
+ G_OBJECT_CLASS (um_kerberos_identity_parent_class)->finalize (object);
+}
+
+static void
+um_kerberos_identity_class_init (UmKerberosIdentityClass *klass)
+{
+ GObjectClass *object_class;
+
+ object_class = G_OBJECT_CLASS (klass);
+
+ object_class->finalize = um_kerberos_identity_finalize;
+
+ g_type_class_add_private (klass, sizeof (UmKerberosIdentityPrivate));
+
+ signals[SIGNED_OUT] = g_signal_new ("signed-out",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
+}
+
+static void
+um_kerberos_identity_init (UmKerberosIdentity *self)
+{
+ self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
+ UM_TYPE_KERBEROS_IDENTITY,
+ UmKerberosIdentityPrivate);
+}
+
+static char *
+get_principal_name (UmKerberosIdentity *self)
+{
+ krb5_principal principal;
+ krb5_error_code error_code;
+ char *unparsed_name;
+ char *principal_name;
+
+ error_code = krb5_cc_get_principal (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &principal);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentity: Error looking up principal identity in credential cache: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return NULL;
+ }
+
+ error_code = krb5_unparse_name (self->priv->kerberos_context,
+ principal,
+ &unparsed_name);
+
+ if (error_code != 0) {
+ const char *error_message;
+
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentity: Error parsing principal identity name: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return NULL;
+ }
+
+ principal_name = g_strdup (unparsed_name);
+ krb5_free_unparsed_name (self->priv->kerberos_context, unparsed_name);
+
+ return principal_name;
+}
+
+static const char *
+um_kerberos_identity_get_identifier (UmIdentity *identity)
+{
+ UmKerberosIdentity *self = UM_KERBEROS_IDENTITY (identity);
+
+ if (self->priv->principal_name == NULL) {
+ self->priv->principal_name = get_principal_name (self);
+ }
+
+ return self->priv->principal_name;
+}
+
+
+static gboolean
+credentials_show_existence (UmKerberosIdentity *self,
+ krb5_principal principal,
+ krb5_creds *credentials)
+{
+ /* Checks if default principal associated with the cache has a valid
+ * ticket granting ticket in the passed in credentials
+ */
+
+ if (krb5_is_config_principal (self->priv->kerberos_context,
+ credentials->server)) {
+ return FALSE;
+ }
+
+ /* looking for the krbtgt / REALM pair, so it should be exactly 2 items */
+ if (credentials->server->length != 2) {
+ return FALSE;
+ }
+
+ if (credentials->server->realm.length != principal->realm.length ||
+ memcmp (credentials->server->realm.data,
+ principal->realm.data,
+ principal->realm.length) != 0) {
+ /* credentials are from some other realm */
+ return FALSE;
+ }
+
+ if (strncmp (credentials->server->data[0].data,
+ KRB5_TGS_NAME,
+ credentials->server->data[0].length) != 0) {
+ /* credentials aren't for ticket granting */
+ return FALSE;
+ }
+
+ if (credentials->server->data[1].length != principal->realm.length ||
+ memcmp (credentials->server->data[1].data,
+ principal->realm.data,
+ principal->realm.length) != 0) {
+ /* credentials are for some other realm */
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+static krb5_timestamp
+get_current_time (UmKerberosIdentity *self)
+{
+ krb5_timestamp current_time;
+ krb5_error_code error_code;
+
+ error_code = krb5_timeofday (self->priv->kerberos_context,
+ ¤t_time);
+
+ if (error_code != 0) {
+ const char *error_message;
+
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentity: Error getting current time: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return 0;
+ }
+
+ return current_time;
+}
+
+static gboolean
+credentials_are_expired (UmKerberosIdentity *self,
+ krb5_creds *credentials)
+{
+ krb5_timestamp current_time;
+
+ current_time = get_current_time (self);
+
+ self->priv->expiration_time = MAX (credentials->times.endtime,
+ self->priv->expiration_time);
+
+ if (credentials->times.endtime <= current_time) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+static VerificationLevel
+verify_identity (UmKerberosIdentity *self,
+ GError **error)
+{
+ krb5_principal principal;
+ const char *error_message;
+ krb5_cc_cursor cursor;
+ krb5_creds credentials;
+ krb5_error_code error_code;
+ VerificationLevel verification_level = VERIFICATION_LEVEL_UNVERIFIED;
+
+ error_code = krb5_cc_get_principal (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &principal);
+
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentity: Error looking up principal identity in credential cache: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return FALSE;
+ }
+
+ error_code = krb5_cc_start_seq_get (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &cursor);
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentity: Error enumerating credentials in cache: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ goto out;
+ }
+
+ error_code = krb5_cc_next_cred (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &cursor,
+ &credentials);
+
+ while (error_code == 0) {
+ if (credentials_show_existence (self, principal, &credentials)) {
+ if (!credentials_are_expired (self, &credentials)) {
+ verification_level = VERIFICATION_LEVEL_SIGNED_IN;
+ } else {
+ verification_level = VERIFICATION_LEVEL_EXISTS;
+ }
+ }
+
+ error_code = krb5_cc_next_cred (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &cursor,
+ &credentials);
+ }
+
+ if (error_code != KRB5_CC_END) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentity: Error enumerating credentials in cache: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ }
+
+ error_code = krb5_cc_end_seq_get (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &cursor);
+
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("UmKerberosIdentity: Error finishing credential enumeration: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ }
+out:
+ krb5_free_principal (self->priv->kerberos_context, principal);
+ return verification_level;
+}
+
+static gboolean
+um_kerberos_identity_is_signed_in (UmIdentity *identity)
+{
+ UmKerberosIdentity *self = UM_KERBEROS_IDENTITY (identity);
+
+ return verify_identity (self, NULL) == VERIFICATION_LEVEL_SIGNED_IN;
+}
+
+static void
+identity_interface_init (UmIdentityInterface *interface)
+{
+ interface->get_identifier = um_kerberos_identity_get_identifier;
+ interface->is_signed_in = um_kerberos_identity_is_signed_in;
+}
+
+static void
+set_cancelled_error (GError **error)
+{
+ g_set_error (error,
+ G_IO_ERROR,
+ G_IO_ERROR_CANCELLED,
+ "%s",
+ _("Operation was cancelled"));
+}
+
+static gboolean
+on_expired (UmKerberosIdentity *self)
+{
+ VerificationLevel verification_level;
+
+ verification_level = verify_identity (self, NULL);
+
+ if (verification_level != VERIFICATION_LEVEL_SIGNED_IN) {
+ g_signal_emit (G_OBJECT (self), signals[SIGNED_OUT], 0);
+ } else {
+ watch_for_expiration (self);
+ }
+
+ return FALSE;
+}
+
+static void
+watch_for_expiration (UmKerberosIdentity *self)
+{
+ krb5_timestamp current_time;
+
+ current_time = get_current_time (self);
+ long seconds;
+
+ seconds = CLAMP (self->priv->expiration_time - current_time + 1, 0, G_MAXUINT);
+
+ self->priv->expiration_timeout_id = g_timeout_add_seconds ((guint) seconds,
+ (GSourceFunc)
+ on_expired,
+ self);
+}
+
+static gboolean
+um_kerberos_identity_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ UmKerberosIdentity *self = UM_KERBEROS_IDENTITY (initable);
+ VerificationLevel verification_level;
+
+ if (g_cancellable_is_cancelled (cancellable)) {
+ set_cancelled_error (error);
+ return FALSE;
+ }
+
+ verification_level = verify_identity (self, error);
+
+ switch (verification_level) {
+ case VERIFICATION_LEVEL_EXISTS:
+ return TRUE;
+
+ case VERIFICATION_LEVEL_SIGNED_IN:
+ watch_for_expiration (self);
+ return TRUE;
+
+ case VERIFICATION_LEVEL_UNVERIFIED:
+ default:
+ return FALSE;
+ }
+}
+
+static void
+initable_interface_init (GInitableIface *interface)
+{
+ interface->init = um_kerberos_identity_initable_init;
+}
+
+void
+um_kerberos_identity_update (UmKerberosIdentity *self,
+ UmKerberosIdentity *new_identity)
+{
+ char *new_principal_name;
+ VerificationLevel verification_level;
+
+ krb5_cc_close (self->priv->kerberos_context, self->priv->credentials_cache);
+ krb5_cc_dup (new_identity->priv->kerberos_context,
+ new_identity->priv->credentials_cache,
+ &self->priv->credentials_cache);
+
+ g_source_remove (self->priv->expiration_timeout_id);
+
+ new_principal_name = get_principal_name (self);
+
+ if (g_strcmp0 (self->priv->principal_name, new_principal_name) != 0) {
+ g_free (self->priv->principal_name);
+ self->priv->principal_name = new_principal_name;
+ } else {
+ g_free (new_principal_name);
+ }
+
+ verification_level = verify_identity (self, NULL);
+
+ if (verification_level == VERIFICATION_LEVEL_SIGNED_IN) {
+ watch_for_expiration (self);
+ }
+}
+
+krb5_ccache
+um_kerberos_identity_get_credentials_cache (UmKerberosIdentity *self)
+{
+ return self->priv->credentials_cache;
+}
+
+UmIdentity *
+um_kerberos_identity_new (krb5_context context,
+ krb5_ccache cache)
+{
+ UmKerberosIdentity *self;
+ GError *error;
+
+ self = UM_KERBEROS_IDENTITY (g_object_new (UM_TYPE_KERBEROS_IDENTITY, NULL));
+
+ krb5_cc_dup (context,
+ cache,
+ &self->priv->credentials_cache);
+ self->priv->kerberos_context = context;
+
+ error = NULL;
+ if (!g_initable_init (G_INITABLE (self), NULL, &error)) {
+ g_warning ("Could not create kerberos identity: %s",
+ error->message);
+ g_error_free (error);
+ g_object_unref (self);
+ return NULL;
+ }
+
+ return UM_IDENTITY (self);
+}
diff --git a/panels/user-accounts/um-kerberos-identity.h b/panels/user-accounts/um-kerberos-identity.h
new file mode 100644
index 0000000..e039e63
--- /dev/null
+++ b/panels/user-accounts/um-kerberos-identity.h
@@ -0,0 +1,66 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Authors: Ray Strode
+ */
+
+#ifndef __UM_KERBEROS_IDENTITY_H__
+#define __UM_KERBEROS_IDENTITY_H__
+
+#include <glib.h>
+#include <glib-object.h>
+
+#include <krb5.h>
+
+G_BEGIN_DECLS
+
+#define UM_TYPE_KERBEROS_IDENTITY (um_kerberos_identity_get_type ())
+#define UM_KERBEROS_IDENTITY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), UM_TYPE_KERBEROS_IDENTITY, UmKerberosIdentity))
+#define UM_KERBEROS_IDENTITY_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), UM_TYPE_KERBEROS_IDENTITY, UmKerberosIdentityClass))
+#define UM_IS_KERBEROS_IDENTITY(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), UM_TYPE_KERBEROS_IDENTITY))
+#define UM_IS_KERBEROS_IDENTITY_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), UM_TYPE_KERBEROS_IDENTITY))
+#define UM_KERBEROS_IDENTITY_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), UM_TYPE_KERBEROS_IDENTITY, UmKerberosIdentityClass))
+
+typedef struct _UmKerberosIdentity UmKerberosIdentity;
+typedef struct _UmKerberosIdentityClass UmKerberosIdentityClass;
+typedef struct _UmKerberosIdentityPrivate UmKerberosIdentityPrivate;
+
+struct _UmKerberosIdentity
+{
+ GObject parent;
+
+ UmKerberosIdentityPrivate *priv;
+};
+
+struct _UmKerberosIdentityClass
+{
+ GObjectClass parent_class;
+};
+
+GType um_kerberos_identity_get_type (void);
+
+UmIdentity *um_kerberos_identity_new (krb5_context kerberos_context,
+ krb5_ccache cache);
+void um_kerberos_identity_update (UmKerberosIdentity *identity,
+ UmKerberosIdentity *new_identity);
+
+krb5_ccache um_kerberos_identity_get_credentials_cache (UmKerberosIdentity *identity);
+G_END_DECLS
+
+#endif /* __UM_KERBEROS_IDENTITY_H__ */
diff --git a/panels/user-accounts/um-user-panel.c b/panels/user-accounts/um-user-panel.c
index 43135ac..b364a68 100644
--- a/panels/user-accounts/um-user-panel.c
+++ b/panels/user-accounts/um-user-panel.c
@@ -45,6 +45,9 @@
#include "um-user.h"
#include "um-user-manager.h"
+#include "um-identity-manager.h"
+#include "um-kerberos-identity-manager.h"
+
#include "um-strength-bar.h"
#include "um-editable-button.h"
#include "um-editable-combo.h"
@@ -71,6 +74,7 @@ struct _UmUserPanelPrivate {
GPermission *permission;
GtkWidget *language_chooser;
+ UmIdentityManager *identity_manager;
UmAccountDialog *account_dialog;
UmPasswordDialog *password_dialog;
UmPhotoDialog *photo_dialog;
@@ -1235,6 +1239,37 @@ setup_main_window (UmUserPanelPrivate *d)
}
static void
+on_identities_listed (UmIdentityManager *manager,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ UmUserPanelPrivate *d = user_data;
+ GError *error = NULL;
+ GList *identities;
+
+ identities = um_identity_manager_list_identities_finish (manager,
+ result,
+ &error);
+
+ if (error != NULL) {
+ g_warning ("UmUserPanel: Could not list identities: %s",
+ error->message);
+ g_error_free (error);
+ }
+}
+
+static void
+setup_identity_manager (UmUserPanelPrivate *d)
+{
+ d->identity_manager = um_kerberos_identity_manager_new ();
+ um_identity_manager_list_identities (d->identity_manager,
+ NULL,
+ (GAsyncReadyCallback)
+ on_identities_listed,
+ d);
+}
+
+static void
um_user_panel_init (UmUserPanel *self)
{
UmUserPanelPrivate *d;
@@ -1270,7 +1305,7 @@ um_user_panel_init (UmUserPanel *self)
g_error_free (error);
return;
}
-
+ setup_identity_manager (d);
setup_main_window (d);
d->account_dialog = um_account_dialog_new ();
d->password_dialog = um_password_dialog_new ();
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
