[gnome-control-center/wip/add-account: 6/7] user-accounts: Initial code implementing joining domain



commit f4c57932147ba66052a551352acd4b18e9426dc2
Author: Stef Walter <stefw gnome org>
Date:   Fri Jun 1 16:36:43 2012 +0200

    user-accounts: Initial code implementing joining domain
    
     * Validate join domain correctly
     * Add UmRealmManager for handling some stuff above the autogenerated
       realmd dbus code

 configure.ac                                       |   17 +
 panels/user-accounts/Makefile.am                   |    4 +
 panels/user-accounts/data/account-dialog.ui        |  220 +++++++
 .../user-accounts/data/org.freedesktop.realmd.xml  |    9 +-
 panels/user-accounts/um-account-dialog.c           |  525 ++++++++++++----
 panels/user-accounts/um-realm-manager.c            |  668 ++++++++++++++++++++
 panels/user-accounts/um-realm-manager.h            |   96 +++
 7 files changed, 1405 insertions(+), 134 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index 2bf29b9..4e0acf3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -224,6 +224,23 @@ PKG_CHECK_MODULES(ISOCODES, iso-codes)
 AC_DEFINE_UNQUOTED([ISO_CODES_PREFIX],["`$PKG_CONFIG --variable=prefix iso-codes`"],[ISO codes prefix])
 ISO_CODES=iso-codes
 
+# Kerberos kerberos support
+AC_PATH_PROG(KRB5_CONFIG, krb5-config)
+AC_MSG_CHECKING(for working krb5-config)
+if test -x "$KRB5_CONFIG"; then
+	KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"
+	KRB5_LIBS="`$KRB5_CONFIG --libs`"
+	AC_MSG_RESULT(yes)
+elif test x$KRB5_PASSED_LIBS = x; then
+	AC_MSG_ERROR(no. Please install MIT kerberos devel package)
+fi
+
+AC_SUBST(KRB5_CFLAGS)
+AC_SUBST(KRB5_LIBS)
+
+USER_ACCOUNTS_PANEL_CFLAGS="$USER_ACCOUNTS_PANEL_CFLAGS $KRB5_CFLAGS"
+USER_ACCOUNTS_PANEL_LIBS="$USER_ACCOUNTS_PANEL_LIBS $KRB5_LIBS"
+
 dnl ==============================================
 dnl End: Check that we meet the  dependencies
 dnl ==============================================
diff --git a/panels/user-accounts/Makefile.am b/panels/user-accounts/Makefile.am
index d98b5fb..2d94d69 100644
--- a/panels/user-accounts/Makefile.am
+++ b/panels/user-accounts/Makefile.am
@@ -60,6 +60,8 @@ libuser_accounts_la_SOURCES =		\
 	um-user-panel.h 		\
 	um-user-panel.c			\
 	um-user-module.c		\
+	um-realm-manager.c		\
+	um-realm-manager.h		\
 	$(BUILT_SOURCES)
 
 libuser_accounts_la_LIBADD = 		\
@@ -85,6 +87,8 @@ frob_account_dialog_SOURCES = \
 	frob-account-dialog.c \
 	um-account-dialog.h \
 	um-account-dialog.c \
+	um-realm-manager.c \
+	um-realm-manager.h \
 	um-user.h \
 	um-user.c \
 	um-user-manager.h \
diff --git a/panels/user-accounts/data/account-dialog.ui b/panels/user-accounts/data/account-dialog.ui
index 78ab9eb..14557fa 100644
--- a/panels/user-accounts/data/account-dialog.ui
+++ b/panels/user-accounts/data/account-dialog.ui
@@ -392,4 +392,224 @@
       </row>
     </data>
   </object>
+  <object class="GtkDialog" id="join-dialog">
+    <property name="can_focus">False</property>
+    <property name="border_width">10</property>
+    <property name="resizable">False</property>
+    <property name="modal">True</property>
+    <property name="destroy_with_parent">True</property>
+    <property name="type_hint">dialog</property>
+    <child internal-child="vbox">
+      <object class="GtkBox" id="dialog-vbox1">
+        <property name="can_focus">False</property>
+        <property name="orientation">vertical</property>
+        <property name="spacing">2</property>
+        <child internal-child="action_area">
+          <object class="GtkButtonBox" id="dialog-action_area1">
+            <property name="can_focus">False</property>
+            <property name="layout_style">end</property>
+            <child>
+              <object class="GtkButton" id="button1">
+                <property name="label">gtk-cancel</property>
+                <property name="use_action_appearance">False</property>
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="can_default">True</property>
+                <property name="receives_default">True</property>
+                <property name="use_action_appearance">False</property>
+                <property name="use_stock">True</property>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">True</property>
+                <property name="position">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkButton" id="button2">
+                <property name="label" translatable="yes">C_ontinue</property>
+                <property name="use_action_appearance">False</property>
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="can_default">True</property>
+                <property name="has_default">True</property>
+                <property name="receives_default">True</property>
+                <property name="use_action_appearance">False</property>
+                <property name="use_underline">True</property>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">True</property>
+                <property name="position">1</property>
+              </packing>
+            </child>
+          </object>
+          <packing>
+            <property name="expand">False</property>
+            <property name="fill">True</property>
+            <property name="pack_type">end</property>
+            <property name="position">0</property>
+          </packing>
+        </child>
+        <child>
+          <object class="GtkBox" id="box2">
+            <property name="visible">True</property>
+            <property name="can_focus">False</property>
+            <property name="border_width">5</property>
+            <property name="orientation">vertical</property>
+            <property name="spacing">10</property>
+            <child>
+              <object class="GtkLabel" id="label7">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="label" translatable="yes">Domain Administrator Login</property>
+                <attributes>
+                  <attribute name="weight" value="bold"/>
+                  <attribute name="scale" value="1.2"/>
+                </attributes>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">True</property>
+                <property name="position">0</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="label12">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="xalign">0</property>
+                <property name="yalign">0</property>
+                <property name="label" translatable="yes">In order to use enterpise logins, this computer needs to be
+enrolled in the domain. Please have your network administrator
+type their domain password here.</property>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">True</property>
+                <property name="position">1</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkGrid" id="grid1">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="margin_left">12</property>
+                <property name="hexpand">True</property>
+                <property name="row_spacing">6</property>
+                <property name="column_spacing">12</property>
+                <child>
+                  <object class="GtkLabel" id="label13">
+                    <property name="visible">True</property>
+                    <property name="can_focus">False</property>
+                    <property name="xalign">1</property>
+                    <property name="label" translatable="yes">_Domain</property>
+                    <property name="use_underline">True</property>
+                    <property name="mnemonic_widget">join-domain</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">0</property>
+                    <property name="top_attach">0</property>
+                    <property name="width">1</property>
+                    <property name="height">1</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkLabel" id="join-domain">
+                    <property name="visible">True</property>
+                    <property name="can_focus">False</property>
+                    <property name="margin_top">5</property>
+                    <property name="margin_bottom">5</property>
+                    <property name="xalign">0</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">1</property>
+                    <property name="top_attach">0</property>
+                    <property name="width">1</property>
+                    <property name="height">1</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkLabel" id="label14">
+                    <property name="visible">True</property>
+                    <property name="can_focus">False</property>
+                    <property name="xalign">1</property>
+                    <property name="label" translatable="yes">Administrator _Name</property>
+                    <property name="use_underline">True</property>
+                    <property name="mnemonic_widget">join-name</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">0</property>
+                    <property name="top_attach">1</property>
+                    <property name="width">1</property>
+                    <property name="height">1</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkEntry" id="join-name">
+                    <property name="visible">True</property>
+                    <property name="can_focus">True</property>
+                    <property name="hexpand">True</property>
+                    <property name="invisible_char">â</property>
+                    <property name="invisible_char_set">True</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">1</property>
+                    <property name="top_attach">1</property>
+                    <property name="width">1</property>
+                    <property name="height">1</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkLabel" id="label15">
+                    <property name="visible">True</property>
+                    <property name="can_focus">False</property>
+                    <property name="xalign">1</property>
+                    <property name="label" translatable="yes">Administrator Password</property>
+                    <property name="use_underline">True</property>
+                    <property name="mnemonic_widget">join-password</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">0</property>
+                    <property name="top_attach">2</property>
+                    <property name="width">1</property>
+                    <property name="height">1</property>
+                  </packing>
+                </child>
+                <child>
+                  <object class="GtkEntry" id="join-password">
+                    <property name="visible">True</property>
+                    <property name="can_focus">True</property>
+                    <property name="hexpand">True</property>
+                    <property name="invisible_char">â</property>
+                    <property name="invisible_char_set">True</property>
+                  </object>
+                  <packing>
+                    <property name="left_attach">1</property>
+                    <property name="top_attach">2</property>
+                    <property name="width">1</property>
+                    <property name="height">1</property>
+                  </packing>
+                </child>
+              </object>
+              <packing>
+                <property name="expand">False</property>
+                <property name="fill">True</property>
+                <property name="position">2</property>
+              </packing>
+            </child>
+          </object>
+          <packing>
+            <property name="expand">False</property>
+            <property name="fill">True</property>
+            <property name="position">1</property>
+          </packing>
+        </child>
+      </object>
+    </child>
+    <action-widgets>
+      <action-widget response="-6">button1</action-widget>
+      <action-widget response="-5">button2</action-widget>
+    </action-widgets>
+  </object>
 </interface>
diff --git a/panels/user-accounts/data/org.freedesktop.realmd.xml b/panels/user-accounts/data/org.freedesktop.realmd.xml
index d929d2c..364609a 100644
--- a/panels/user-accounts/data/org.freedesktop.realmd.xml
+++ b/panels/user-accounts/data/org.freedesktop.realmd.xml
@@ -17,7 +17,7 @@
 		 * Each realm is a DBus object and is represeted by a:
 		 *   s: DBus bus name of the realm
 		 *   o: DBus object path of the realm
-		 *   s: DBus interface name, like 'ofr.KerberosRealm' (below)
+		 *   s: DBus interface name, like 'ofr.Kerberos' (below)
 		-->
 		<property name="Realms" type="a(sos)" access="read"/>
 
@@ -53,7 +53,7 @@
 	<!--
 	 * This interface is implemented by Kerberos realms.
 	-->
-	<interface name="org.freedesktop.realmd.KerberosRealm">
+	<interface name="org.freedesktop.realmd.Kerberos">
 
 		<!--
 		 * The kerberos realm name. Usually capitalized.
@@ -66,6 +66,11 @@
 		<property name="Domain" type="s" access="read"/>
 
 		<!--
+		 * The suggested Administrator login name for this realm
+		-->
+		<property name="SuggestedAdministrator" type="s" access="read"/>
+
+		<!--
 		 * The format for user logins when this realm is enrolled.
 		 * This property may not be valid unless machine is enrolled
 		 * in this realm. The format contains a %s where the user name
diff --git a/panels/user-accounts/um-account-dialog.c b/panels/user-accounts/um-account-dialog.c
index 4907426..a6174e9 100644
--- a/panels/user-accounts/um-account-dialog.c
+++ b/panels/user-accounts/um-account-dialog.c
@@ -27,10 +27,18 @@
 #include <gtk/gtk.h>
 
 #include "um-account-dialog.h"
-#include "um-realm-generated.h"
+#include "um-realm-manager.h"
 #include "um-user-manager.h"
 #include "um-utils.h"
 
+static void       on_join_login            (GObject *source,
+                                            GAsyncResult *result,
+                                            gpointer user_data);
+
+static void       on_realm_joined          (GObject *source,
+                                            GAsyncResult *result,
+                                            gpointer user_data);
+
 #define UM_ACCOUNT_DIALOG_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), UM_TYPE_ACCOUNT_DIALOG, \
                                                                     UmAccountDialogClass))
 #define UM_IS_ACCOUNT_DIALOG_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), UM_TYPE_ACCOUNT_DIALOG))
@@ -63,9 +71,18 @@ struct _UmAccountDialog {
 	GtkWidget *enterprise_button;
 	GtkListStore *enterprise_realms;
 	GtkComboBox *enterprise_domain;
-	GtkWidget *enterprise_login;
-	GtkWidget *enterprise_password;
-	UmRealmProvider *realm_provider;
+	GtkEntry *enterprise_domain_entry;
+	gboolean enterprise_domain_chosen;
+	GtkEntry *enterprise_login;
+	GtkEntry *enterprise_password;
+	UmRealmManager *realm_manager;
+	UmRealmKerberos *selected_realm;
+
+	/* Join credential dialog */
+	GtkDialog *join_dialog;
+	GtkLabel *join_domain;
+	GtkEntry *join_name;
+	GtkEntry *join_password;
 };
 
 typedef struct {
@@ -81,18 +98,60 @@ get_account_mode (UmAccountDialog *self)
 }
 
 static void
-action_in_progress (UmAccountDialog *self,
-                    gboolean processing)
+show_error_dialog (UmAccountDialog *self,
+                   GError *error)
 {
-	gtk_widget_set_sensitive (GTK_WIDGET (self->notebook), !processing);
-	gtk_widget_set_sensitive (self->bar, !processing);
-	gtk_dialog_set_response_sensitive (GTK_DIALOG (self), GTK_RESPONSE_OK, !processing);
+	GtkWidget *dialog;
 
-	gtk_widget_set_visible (GTK_WIDGET (self->spinner), processing);
-	if (processing)
-		gtk_spinner_start (self->spinner);
-	else
-		gtk_spinner_stop (self->spinner);
+	dialog = gtk_message_dialog_new (GTK_WINDOW (self),
+	                                 GTK_DIALOG_DESTROY_WITH_PARENT,
+	                                 GTK_MESSAGE_ERROR,
+	                                 GTK_BUTTONS_CLOSE,
+	                                 _("Failed to join domain"));
+
+	gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog),
+	                                          "%s", error->message);
+
+	g_signal_connect (dialog, "response", G_CALLBACK (gtk_widget_destroy), NULL);
+	gtk_window_present (GTK_WINDOW (dialog));
+}
+
+static void
+begin_action (UmAccountDialog *self)
+{
+	gtk_widget_set_sensitive (GTK_WIDGET (self->notebook), FALSE);
+	gtk_widget_set_sensitive (self->bar, FALSE);
+	gtk_dialog_set_response_sensitive (GTK_DIALOG (self), GTK_RESPONSE_OK, FALSE);
+
+	gtk_widget_set_visible (GTK_WIDGET (self->spinner), TRUE);
+	gtk_spinner_start (self->spinner);
+}
+
+static void
+finish_action (UmAccountDialog *self)
+{
+	gtk_widget_set_sensitive (GTK_WIDGET (self->notebook), TRUE);
+	gtk_widget_set_sensitive (self->bar, TRUE);
+	gtk_dialog_set_response_sensitive (GTK_DIALOG (self), GTK_RESPONSE_OK, TRUE);
+
+	gtk_widget_set_visible (GTK_WIDGET (self->spinner), FALSE);
+	gtk_spinner_stop (self->spinner);
+}
+
+static void
+complete_dialog (UmAccountDialog *self,
+                 UmUser *user)
+{
+	g_cancellable_cancel (self->cancellable);
+
+	if (user != NULL) {
+		g_simple_async_result_set_op_res_gpointer (self->async,
+		                                           g_object_ref (user),
+		                                           g_object_unref);
+	}
+
+	g_simple_async_result_complete_in_idle (self->async);
+	gtk_widget_hide (GTK_WIDGET (self));
 }
 
 static gboolean
@@ -127,11 +186,18 @@ enterprise_validate (UmAccountDialog *self)
 	const gchar *name;
 	gboolean valid_name;
 	gboolean valid_domain;
+	GtkTreeIter iter;
 
 	name = gtk_entry_get_text (GTK_ENTRY (self->enterprise_login));
 	valid_name = is_valid_name (name);
 
-	name = gtk_combo_box_text_get_active_text (GTK_COMBO_BOX_TEXT (self->enterprise_domain));
+	if (gtk_combo_box_get_active_iter (self->enterprise_domain, &iter)) {
+		gtk_tree_model_get (gtk_combo_box_get_model (self->enterprise_domain),
+		                    &iter, 0, &name, -1);
+	} else {
+		name = gtk_entry_get_text (self->enterprise_domain_entry);
+	}
+
 	valid_domain = is_valid_name (name);
 
 	/* TODO: More validation here, and also checking of the domain */
@@ -307,14 +373,6 @@ on_name_changed (GtkEditable *editable,
 }
 
 static void
-on_text_changed (GObject *object,
-                 GParamSpec *spec,
-                 gpointer user_data)
-{
-	dialog_validate (UM_ACCOUNT_DIALOG (user_data));
-}
-
-static void
 local_construct (UmAccountDialog *self,
                  GtkBuilder *builder)
 {
@@ -353,34 +411,16 @@ on_create_local_user (GObject         *object,
 	GError *error = NULL;
 	UmUser *user;
 
-	action_in_progress (self, FALSE);
+	finish_action (self);
 
 	if (!um_user_manager_create_user_finish (UM_USER_MANAGER (object), res, &user, &error)) {
-		if (!g_error_matches (error, UM_USER_MANAGER_ERROR, UM_USER_MANAGER_ERROR_PERMISSION_DENIED)) {
-			GtkWidget *dialog;
-
-			dialog = gtk_message_dialog_new (GTK_WINDOW (self),
-			                                 GTK_DIALOG_DESTROY_WITH_PARENT,
-			                                 GTK_MESSAGE_ERROR,
-			                                 GTK_BUTTONS_CLOSE,
-			                                 _("Failed to create user"));
-
-			gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog),
-			                                          "%s", error->message);
-
-			g_signal_connect (G_OBJECT (dialog), "response",
-			                  G_CALLBACK (gtk_widget_destroy), NULL);
-			gtk_window_present (GTK_WINDOW (dialog));
-		}
+		if (!g_error_matches (error, UM_USER_MANAGER_ERROR, UM_USER_MANAGER_ERROR_PERMISSION_DENIED))
+			show_error_dialog (self, error);
 		g_error_free (error);
 		gtk_widget_grab_focus (self->local_name);
 
 	} else {
-		g_simple_async_result_set_op_res_gpointer (self->async,
-		                                           g_object_ref (user),
-		                                           g_object_unref);
-		g_simple_async_result_complete_in_idle (self->async);
-		gtk_widget_hide (GTK_WIDGET (self));
+		complete_dialog (self, user);
 	}
 }
 
@@ -394,13 +434,14 @@ local_add (UmAccountDialog *self)
 	GtkTreeModel *model;
 	GtkTreeIter iter;
 
+	begin_action (self);
+
 	name = gtk_entry_get_text (GTK_ENTRY (self->local_name));
 	username = gtk_combo_box_text_get_active_text (GTK_COMBO_BOX_TEXT (self->local_login));
 	model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->local_account_type));
 	gtk_combo_box_get_active_iter (GTK_COMBO_BOX (self->local_account_type), &iter);
 	gtk_tree_model_get (model, &iter, 1, &account_type, -1);
 
-	action_in_progress (self, TRUE);
 	manager = um_user_manager_ref_default ();
 	um_user_manager_create_user (manager,
 	                             username,
@@ -412,133 +453,315 @@ local_add (UmAccountDialog *self)
 	g_object_unref (manager);
 }
 
-static gboolean
-on_create_enterprise (gpointer data)
+static void
+enterprise_add_realm (UmAccountDialog *self,
+                      UmRealmKerberos *realm)
+{
+	GtkTreeIter iter;
+
+	gtk_list_store_append (self->enterprise_realms, &iter);
+	gtk_list_store_set (self->enterprise_realms, &iter,
+	                    0, um_realm_kerberos_get_domain (realm),
+	                    1, realm,
+	                    -1);
+
+	/* Select the domain if appropriate */
+	if (!self->enterprise_domain_chosen && um_realm_kerberos_get_enrolled (realm))
+		gtk_combo_box_set_active_iter (self->enterprise_domain, &iter);
+
+}
+static void
+on_manager_realm_added (UmRealmManager *manager,
+                        UmRealmKerberos *realm,
+                        gpointer user_data)
 {
-	UmAccountDialog *self = UM_ACCOUNT_DIALOG (data);
-	action_in_progress (self, FALSE);
-	return FALSE;
+	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
+	enterprise_add_realm (self, realm);
 }
 
 static void
-enterprise_add (UmAccountDialog *self)
+enterprise_register_user (UmAccountDialog *self)
 {
-	/* TODO: Implement adding of users */
-	action_in_progress (self, TRUE);
+	UmUser *user = NULL;
 
-	g_timeout_add_seconds_full (G_PRIORITY_DEFAULT, 3, on_create_enterprise,
-	                            g_object_ref (self), g_object_unref);
+	/* TODO: And here is where we register/create the user */
+
+	finish_action (self);
+	complete_dialog (self, user);
 }
 
 static void
-on_realm_proxy_created (GObject *source,
-                        GAsyncResult *result,
-                        gpointer user_data)
+on_join_response (GtkDialog *dialog,
+                  gint response,
+                  gpointer user_data)
+{
+	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
+
+	gtk_widget_hide (GTK_WIDGET (dialog));
+	if (response != GTK_RESPONSE_OK) {
+		finish_action (self);
+		return;
+	}
+
+	/* Prompted for some admin credentials, try to use them to log in */
+	um_realm_login (um_realm_kerberos_get_name (self->selected_realm),
+	                um_realm_kerberos_get_domain (self->selected_realm),
+	                gtk_entry_get_text (self->join_name),
+	                gtk_entry_get_text (self->join_password),
+	                UM_REALM_LOGIN_TO_CREDENTIALS,
+	                self->cancellable,
+	                on_join_login,
+	                g_object_ref (self));
+}
+
+static void
+join_show_prompt (UmAccountDialog *self,
+                  GError *error)
+{
+	const gchar *name;
+
+	gtk_entry_set_text (self->join_password, "");
+	gtk_widget_grab_focus (GTK_WIDGET (self->join_password));
+
+	gtk_label_set_text (self->join_domain,
+	                    um_realm_kerberos_get_domain (self->selected_realm));
+
+	clear_entry_validation_error (self->join_name);
+	clear_entry_validation_error (self->join_password);
+
+	if (error == NULL) {
+		name = um_realm_kerberos_get_suggested_administrator (self->selected_realm);
+		if (name && !g_str_equal (name, "")) {
+			gtk_entry_set_text (self->join_name, name);
+		} else {
+			gtk_widget_grab_focus (GTK_WIDGET (self->join_name));
+		}
+
+	} else if (g_error_matches (error, UM_REALM_ERROR, UM_REALM_ERROR_BAD_PASSWORD)) {
+		set_entry_validation_error (self->join_password, error->message);
+
+	} else {
+		set_entry_validation_error (self->join_name, error->message);
+	}
+
+	gtk_window_set_transient_for (GTK_WINDOW (self->join_dialog), GTK_WINDOW (self));
+	gtk_window_set_modal (GTK_WINDOW (self->join_dialog), TRUE);
+	gtk_window_present (GTK_WINDOW (self->join_dialog));
+
+	/* And now we wait for on_join_response() */
+}
+
+static void
+on_join_login (GObject *source,
+               GAsyncResult *result,
+               gpointer user_data)
 {
 	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
-	UmRealmKerberosRealm *realm;
 	GError *error = NULL;
-	GtkTreeIter iter;
+	GBytes *creds;
 
-	realm = um_realm_kerberos_realm_proxy_new_finish (result, &error);
+	um_realm_login_finish (result, &creds, &error);
 
-	if (error != NULL) {
-		g_warning ("Couldn't create realm proxy: %s", error->message);
+	/* Logged in as admin successfully, use creds to join domain */
+	if (error == NULL) {
+		um_realm_join (self->selected_realm,
+		               creds, self->cancellable, on_realm_joined,
+		               g_object_ref (self));
+		g_bytes_unref (creds);
+
+	/* Couldn't login as admin, show prompt again */
+	} else {
+		join_show_prompt (self, error);
 		g_error_free (error);
-		return;
 	}
 
-	gtk_list_store_append (self->enterprise_realms, &iter);
-	gtk_list_store_set (self->enterprise_realms, &iter,
-	                    0, um_realm_kerberos_realm_get_domain (realm),
-	                    1, realm,
-	                    -1);
+	g_object_unref (self);
+}
 
-	if (um_realm_kerberos_realm_get_enrolled (realm))
-		gtk_combo_box_set_active_iter (self->enterprise_domain, &iter);
+static void
+join_construct (UmAccountDialog *self,
+                GtkBuilder *builder)
+{
+	self->join_dialog = GTK_DIALOG (gtk_builder_get_object (builder, "join-dialog"));
+	self->join_domain = GTK_LABEL (gtk_builder_get_object (builder, "join-domain"));
+	self->join_name = GTK_ENTRY (gtk_builder_get_object (builder, "join-name"));
+	self->join_password = GTK_ENTRY (gtk_builder_get_object (builder, "join-password"));
 
-	g_object_unref (realm);
+	g_signal_connect (self->join_dialog, "response",
+	                  G_CALLBACK (on_join_response), self);
 }
 
 static void
-enterprise_populate_realms (UmAccountDialog *self,
-                            GDBusConnection *connection,
-                            GVariant *realms)
+on_realm_joined (GObject *source,
+                 GAsyncResult *result,
+                 gpointer user_data)
 {
-	GVariantIter iter;
-	const gchar *path;
-	const gchar *name;
-	const gchar *iface;
+	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
+	GError *error = NULL;
 
-	if (realms == NULL)
-		return;
+	um_realm_join_finish (self->selected_realm,
+	                      result, &error);
+
+	/* Yay, joined the domain, register the user locally */
+	if (error == NULL) {
+		enterprise_register_user (self);
 
-	/* We only support kerberos realms */
+	/* Credential failure while joining domain, prompt for admin creds */
+	} else if (g_error_matches (error, UM_REALM_ERROR, UM_REALM_ERROR_BAD_LOGIN) ||
+	           g_error_matches (error, UM_REALM_ERROR, UM_REALM_ERROR_BAD_PASSWORD)) {
+		join_show_prompt (self, NULL);
 
-	g_variant_iter_init (&iter, realms);
-	while (g_variant_iter_loop (&iter, "(&s&o&s)", &name, &path, &iface)) {
-		if (g_str_equal (iface, "org.freedesktop.realmd.KerberosRealm")) {
-			um_realm_kerberos_realm_proxy_new (connection, G_DBUS_PROXY_FLAGS_NONE,
-			                                   name, path, self->cancellable,
-			                                   on_realm_proxy_created, self);
+	/* Other failure */
+	} else {
+		show_error_dialog (self, error);
+		finish_action (self);
+	}
+
+	g_object_unref (self);
+}
+
+static void
+on_realm_login (GObject *source,
+                GAsyncResult *result,
+                gpointer user_data)
+{
+	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
+	GError *error = NULL;
+	GBytes *creds;
+
+	um_realm_login_finish (result, &creds, &error);
+	if (error == NULL) {
+
+		/* Already joined to the domain, just register this user */
+		if (um_realm_kerberos_get_enrolled (self->selected_realm)) {
+			enterprise_register_user (self);
+
+		/* Join the domain, try using the user's creds */
+		} else {
+			um_realm_join (self->selected_realm,
+			               creds,
+			               self->cancellable,
+			               on_realm_joined,
+			               g_object_ref (self));
 		}
+
+		g_bytes_unref (creds);
+
+	/* A problem with the user's login name or password */
+	} else if (g_error_matches (error, UM_REALM_ERROR, UM_REALM_ERROR_BAD_LOGIN)) {
+		set_entry_validation_error (self->enterprise_login, error->message);
+	} else if (g_error_matches (error, UM_REALM_ERROR, UM_REALM_ERROR_BAD_PASSWORD)) {
+		set_entry_validation_error (self->enterprise_password, error->message);
+
+	/* Other login failure */
+	} else {
+		show_error_dialog (self, error);
+		finish_action (self);
 	}
+
+	g_clear_error (&error);
+	g_object_unref (self);
+}
+
+static void
+enterprise_check_login (UmAccountDialog *self)
+{
+	g_assert (self->selected_realm);
+
+	um_realm_login (um_realm_kerberos_get_name (self->selected_realm),
+	                um_realm_kerberos_get_domain (self->selected_realm),
+	                gtk_entry_get_text (self->enterprise_login),
+	                gtk_entry_get_text (self->enterprise_password),
+	                UM_REALM_LOGIN_TO_CREDENTIALS,
+	                self->cancellable,
+	                on_realm_login,
+	                g_object_ref (self));
 }
 
 static void
-on_provider_discover_default (GObject *source,
-                              GAsyncResult *result,
-                              gpointer user_data)
+on_realm_discover_input (GObject *source,
+                         GAsyncResult *result,
+                         gpointer user_data)
 {
 	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
-	GDBusConnection *connection;
 	GError *error = NULL;
-	GVariant *realms;
-	gint relevance;
+	GList *realms;
 
-	um_realm_provider_call_discover_finish (self->realm_provider, &relevance,
-	                                        &realms, result, &error);
+	realms = um_realm_manager_discover_finish (self->realm_manager,
+	                                           result, &error);
+
+	/* Found a realm, log user into domain */
 	if (error == NULL) {
-		connection = g_dbus_proxy_get_connection (G_DBUS_PROXY (self->realm_provider));
-		enterprise_populate_realms (self, connection, realms);
-		g_variant_unref (realms);
+		g_assert (realms != NULL);
+		self->selected_realm = g_object_ref (realms->data);
+		enterprise_check_login (self);
+		g_list_free_full (realms, g_object_unref);
+
+	/* The domain is likely invalid*/
 	} else {
-		g_warning ("Couldn't discover default realm: %s", error->message);
+		finish_action (self);
+		gtk_widget_grab_focus (GTK_WIDGET (self->enterprise_domain_entry));
+		set_entry_validation_error (self->enterprise_domain_entry,
+		                            error->message);
 		g_error_free (error);
 	}
+
+	g_object_unref (self);
+}
+
+static void
+enterprise_add (UmAccountDialog *self)
+{
+	GtkTreeIter iter;
+
+	begin_action (self);
+	g_clear_object (&self->selected_realm);
+
+	/* Already know about this realm, try to login as user */
+	if (gtk_combo_box_get_active_iter (self->enterprise_domain, &iter)) {
+		gtk_tree_model_get (gtk_combo_box_get_model (self->enterprise_domain),
+		                    &iter, 1, &self->selected_realm, -1);
+		enterprise_check_login (self);
+
+	/* Something the user typed, we need to discover realm */
+	} else {
+		um_realm_manager_discover (self->realm_manager,
+		                           gtk_entry_get_text (self->enterprise_domain_entry),
+		                           self->cancellable,
+		                           on_realm_discover_input,
+		                           g_object_ref (self));
+	}
 }
 
 static void
-on_provider_proxy_created (GObject *source,
+on_realm_manager_created (GObject *source,
                            GAsyncResult *result,
                            gpointer user_data)
 {
 	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
-	GDBusConnection *connection;
 	GError *error = NULL;
-	GVariant *realms;
+	GList *realms, *l;
 
-	g_clear_object (&self->realm_provider);
+	g_clear_object (&self->realm_manager);
 
-	self->realm_provider = um_realm_provider_proxy_new_for_bus_finish (result, &error);
+	self->realm_manager = um_realm_manager_new_finish (result, &error);
 	if (error != NULL) {
-		if (!g_error_matches (error, G_DBUS_ERROR, G_DBUS_ERROR_SERVICE_UNKNOWN))
-			g_warning ("Couldn't contact realmd service: %s", error->message);
+		g_warning ("Couldn't contact realmd service: %s", error->message);
 		g_error_free (error);
-	}
-
-	if (!self->realm_provider)
 		return;
-
-	connection = g_dbus_proxy_get_connection (G_DBUS_PROXY (self->realm_provider));
+	}
 
 	/* Lookup all the realm objects */
-	realms = um_realm_provider_get_realms (self->realm_provider);
-	enterprise_populate_realms (self, connection, realms);
+	realms = um_realm_manager_get_realms (self->realm_manager);
+	for (l = realms; l != NULL; l = g_list_next (l))
+		enterprise_add_realm (self, l->data);
+	g_list_free (realms);
+	g_signal_connect (self->realm_manager, "realm-added",
+	                  G_CALLBACK (on_manager_realm_added), self);
 
-	/* When no realms try to discover a sensible default */
-	um_realm_provider_call_discover (self->realm_provider, "", self->cancellable,
-	                                 on_provider_discover_default, self);
+	/* When no realms try to discover a sensible default, triggers realm-added signal */
+	um_realm_manager_discover (self->realm_manager, "", self->cancellable,
+	                           NULL, NULL);
 
 	/* Show the 'Enterprise Login' stuff, and update bar */
 	gtk_widget_show (self->enterprise_button);
@@ -554,22 +777,50 @@ on_realmd_appeared (GDBusConnection *connection,
 	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
 	um_realm_provider_proxy_new (connection, G_DBUS_PROXY_FLAGS_NONE,
 	                             name, "/org/freedesktop/realmd",
-	                             self->cancellable, on_provider_proxy_created, self);
+	                             self->cancellable, on_realm_manager_created, self);
 }
 
 static void
-on_realmd_disappeared (GDBusConnection *connection,
-                       const gchar *name,
+on_realmd_disappeared (GDBusConnection *unused1,
+                       const gchar *unused2,
                        gpointer user_data)
 {
 	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
+
+	if (self->realm_manager) {
+		g_signal_handlers_disconnect_by_func (self->realm_manager,
+		                                      on_manager_realm_added,
+		                                      self);
+		g_object_unref (self->realm_manager);
+		self->realm_manager = NULL;
+	}
+
 	gtk_list_store_clear (self->enterprise_realms);
-	g_clear_object (&self->realm_provider);
 	gtk_widget_hide (self->enterprise_button);
 	bar_update (self, NULL);
 }
 
 static void
+on_domain_changed (GtkComboBox *widget,
+                   gpointer user_data)
+{
+	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
+
+	dialog_validate (self);
+	self->enterprise_domain_chosen = TRUE;
+	clear_entry_validation_error (self->enterprise_domain_entry);
+}
+
+static void
+on_entry_changed (GtkEditable *editable,
+                  gpointer user_data)
+{
+	UmAccountDialog *self = UM_ACCOUNT_DIALOG (user_data);
+	dialog_validate (self);
+	clear_entry_validation_error (GTK_ENTRY (editable));
+}
+
+static void
 enterprise_construct (UmAccountDialog *self,
                       GtkBuilder *builder)
 {
@@ -578,18 +829,19 @@ enterprise_construct (UmAccountDialog *self,
 	self->enterprise_realms = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_OBJECT);
 
 	widget = (GtkWidget *) gtk_builder_get_object (builder, "enterprise-domain");
-	g_signal_connect (widget, "notify::text", G_CALLBACK (on_text_changed), self);
+	g_signal_connect (widget, "changed", G_CALLBACK (on_domain_changed), self);
 	self->enterprise_domain = GTK_COMBO_BOX (widget);
 	gtk_combo_box_set_model (self->enterprise_domain,
 	                         GTK_TREE_MODEL (self->enterprise_realms));
 	gtk_combo_box_set_entry_text_column (self->enterprise_domain, 0);
 
 	widget = (GtkWidget *) gtk_builder_get_object (builder, "enterprise-login");
-	g_signal_connect (widget, "notify::text", G_CALLBACK (on_text_changed), self);
-	self->enterprise_login = widget;
+	g_signal_connect (widget, "changed", G_CALLBACK (on_entry_changed), self);
+	self->enterprise_login = GTK_ENTRY (widget);
 
 	widget = (GtkWidget *) gtk_builder_get_object (builder, "enterprise-password");
-	self->enterprise_password = widget;
+	g_signal_connect (widget, "changed", G_CALLBACK (on_entry_changed), self);
+	self->enterprise_password = GTK_ENTRY (widget);
 
 	/* Initially we hide the 'Enterprise Login' stuff */
 	widget = (GtkWidget *) gtk_builder_get_object (builder, "enterprise-button");
@@ -676,6 +928,8 @@ um_account_dialog_constructed (GObject *obj)
 	enterprise_construct (self, builder);
 
 	bar_construct (self, builder);
+	join_construct (self, builder);
+
 	g_object_unref (builder);
 }
 
@@ -701,10 +955,7 @@ um_account_dialog_response (GtkDialog *dialog,
 		break;
 	case GTK_RESPONSE_CANCEL:
 	case GTK_RESPONSE_DELETE_EVENT:
-		g_cancellable_cancel (self->cancellable);
-		g_simple_async_result_set_op_res_gpointer (self->async, NULL, NULL);
-		g_simple_async_result_complete_in_idle (self->async);
-		gtk_widget_hide (GTK_WIDGET (self));
+		complete_dialog (self, NULL);
 		break;
 	default:
 		g_warn_if_reached ();
@@ -713,14 +964,23 @@ um_account_dialog_response (GtkDialog *dialog,
 }
 
 static void
-um_account_dialog_finalize (GObject *obj)
+um_account_dialog_dispose (GObject *obj)
 {
 	UmAccountDialog *self = UM_ACCOUNT_DIALOG (obj);
 
 	g_cancellable_cancel (self->cancellable);
+	on_realmd_disappeared (NULL, NULL, self);
+
+	G_OBJECT_CLASS (um_account_dialog_parent_class)->dispose (obj);
+}
+
+static void
+um_account_dialog_finalize (GObject *obj)
+{
+	UmAccountDialog *self = UM_ACCOUNT_DIALOG (obj);
+
 	g_object_unref (self->cancellable);
 	g_object_unref (self->enterprise_realms);
-	g_clear_object (&self->realm_provider);
 
 	if (self->realmd_watch)
 		g_bus_unwatch_name (self->realmd_watch);
@@ -735,6 +995,7 @@ um_account_dialog_class_init (UmAccountDialogClass *klass)
 	GtkDialogClass *dialog_class = GTK_DIALOG_CLASS (klass);
 
 	object_class->constructed = um_account_dialog_constructed;
+	object_class->dispose = um_account_dialog_dispose;
 	object_class->finalize = um_account_dialog_finalize;
 
 	dialog_class->response = um_account_dialog_response;
diff --git a/panels/user-accounts/um-realm-manager.c b/panels/user-accounts/um-realm-manager.c
new file mode 100644
index 0000000..9f6f949
--- /dev/null
+++ b/panels/user-accounts/um-realm-manager.c
@@ -0,0 +1,668 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright 2009-2012  Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Written by: Matthias Clasen <mclasen redhat com>
+ *             Stef Walter <stefw gnome org>
+ */
+
+#include "config.h"
+
+#include "um-realm-manager.h"
+
+#include <krb5/krb5.h>
+
+#include <glib.h>
+#include <glib/gi18n.h>
+#include <glib/gstdio.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <fcntl.h>
+
+
+struct _UmRealmManager {
+	UmRealmProviderProxy parent;
+	GHashTable *realms;
+};
+
+typedef struct {
+	UmRealmProviderProxyClass parent_class;
+} UmRealmManagerClass;
+
+enum {
+	REALM_ADDED,
+	NUM_SIGNALS,
+};
+
+static gint signals[NUM_SIGNALS] = { 0, };
+
+G_DEFINE_TYPE (UmRealmManager, um_realm_manager, UM_REALM_TYPE_PROVIDER_PROXY);
+
+GQuark
+um_realm_error_get_quark (void)
+{
+	static GQuark quark = 0;
+	if (quark == 0)
+		quark = g_quark_from_static_string ("um-realm-error");
+	return quark;
+}
+
+typedef struct {
+	UmRealmManager *manager;
+	GList *realms;
+	gint outstanding;
+} LoadClosure;
+
+static void
+load_closure_free (gpointer data)
+{
+	LoadClosure *load = data;
+	g_list_free_full (load->realms, g_object_unref);
+	g_object_unref (load->manager);
+	g_slice_free (LoadClosure, load);
+}
+
+static void
+on_realm_proxy_created (GObject *source,
+                        GAsyncResult *result,
+                        gpointer user_data)
+{
+	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
+	LoadClosure *load = g_simple_async_result_get_op_res_gpointer (async);
+	UmRealmManager *self = load->manager;
+	UmRealmKerberos *realm;
+	UmRealmKerberos *have;
+	GError *error = NULL;
+	GDBusProxy *proxy;
+	GVariant *info;
+
+	realm = um_realm_kerberos_proxy_new_finish (result, &error);
+	if (error == NULL) {
+		proxy = G_DBUS_PROXY (realm);
+		info = g_variant_new ("(sos)",
+		                      g_dbus_proxy_get_name (proxy),
+		                      g_dbus_proxy_get_object_path (proxy),
+		                      g_dbus_proxy_get_interface_name (proxy));
+
+		/* Add it to the manager, unless race */
+		have = g_hash_table_lookup (self->realms, info);
+		if (have == NULL) {
+			g_hash_table_insert (self->realms,
+			                     g_variant_ref_sink (info), realm);
+			g_signal_emit (self, signals[REALM_ADDED], 0, realm);
+
+		} else {
+			g_object_unref (realm);
+			g_variant_unref (info);
+			realm = have;
+		}
+
+		load->realms = g_list_prepend (load->realms, g_object_ref (realm));
+
+	} else {
+		g_simple_async_result_take_error (async, error);
+	}
+
+	if (load->outstanding-- == 1)
+		g_simple_async_result_complete (async);
+
+	g_object_unref (async);
+}
+
+static void
+um_realm_manager_load (UmRealmManager *self,
+                       GVariant *realms,
+                       GCancellable *cancellable,
+                       GAsyncReadyCallback callback,
+                       gpointer user_data)
+{
+	GSimpleAsyncResult *async;
+	GDBusConnection *connection;
+	LoadClosure *load;
+	GVariantIter iter;
+	GVariant *info;
+	UmRealmKerberos *realm;
+	const gchar *path;
+	const gchar *iface;
+	const gchar *name;
+
+	async = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
+	                                   um_realm_manager_load);
+	load = g_slice_new (LoadClosure);
+	load->manager = g_object_ref (self);
+	g_simple_async_result_set_op_res_gpointer (async, load, load_closure_free);
+
+	connection = g_dbus_proxy_get_connection (G_DBUS_PROXY (self));
+
+	g_variant_iter_init (&iter, realms);
+	for (;;) {
+		info = g_variant_iter_next_value (&iter);
+		if (info == NULL)
+			break;
+		realm = g_hash_table_lookup (self->realms, info);
+		if (realm == NULL) {
+			g_variant_get (info, "(&s&o&s)", &name, &path, &iface);
+			if (g_str_equal (iface, "org.freedesktop.realmd.Kerberos")) {
+				um_realm_kerberos_proxy_new (connection,
+				                             G_DBUS_PROXY_FLAGS_NONE,
+				                             name, path, cancellable,
+				                             on_realm_proxy_created,
+				                             g_object_ref (async));
+				load->outstanding++;
+			}
+		} else {
+			load->realms = g_list_prepend (load->realms, g_object_ref (realm));
+		}
+		g_variant_unref (info);
+	}
+
+	if (load->outstanding == 0)
+		g_simple_async_result_complete_in_idle (async);
+}
+
+static GList *
+um_realm_manager_load_finish (UmRealmManager *self,
+                              GAsyncResult *result,
+                              GError **error)
+{
+	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (result);
+	LoadClosure *load;
+	GList *realms;
+
+	if (g_simple_async_result_propagate_error (async, error))
+		return NULL;
+
+	load = g_simple_async_result_get_op_res_gpointer (async);
+	realms = g_list_reverse (load->realms);
+	load->realms = NULL;
+	return realms;
+}
+
+static void
+um_realm_manager_init (UmRealmManager *self)
+{
+	self->realms = g_hash_table_new_full (g_variant_hash, g_variant_equal,
+	                                      (GDestroyNotify)g_variant_unref,
+	                                      g_object_unref);
+}
+
+static void
+um_realm_manager_notify (GObject *obj,
+                         GParamSpec *spec)
+{
+	UmRealmManager *self = UM_REALM_MANAGER (obj);
+	GVariant *realms;
+
+	G_OBJECT_CLASS (um_realm_manager_parent_class)->notify (obj, spec);
+
+	if (g_str_equal (spec->name, "realms")) {
+		realms = um_realm_provider_get_realms (UM_REALM_PROVIDER (self));
+		um_realm_manager_load (self, realms, NULL, NULL, NULL);
+	}
+}
+
+static void
+um_realm_manager_finalize (GObject *obj)
+{
+	UmRealmManager *self = UM_REALM_MANAGER (obj);
+
+	g_hash_table_destroy (self->realms);
+
+	G_OBJECT_CLASS (um_realm_manager_parent_class)->finalize (obj);
+}
+
+static void
+um_realm_manager_class_init (UmRealmManagerClass *klass)
+{
+	GObjectClass *object_class = G_OBJECT_CLASS (klass);
+
+	object_class->notify = um_realm_manager_notify;
+	object_class->finalize = um_realm_manager_finalize;
+
+	signals[REALM_ADDED] = g_signal_new ("realm-added", UM_TYPE_REALM_MANAGER,
+	                                     G_SIGNAL_RUN_FIRST, 0, NULL, NULL,
+	                                     g_cclosure_marshal_generic,
+	                                     G_TYPE_NONE, 1, UM_REALM_TYPE_KERBEROS);
+}
+
+void
+um_realm_manager_new (GCancellable *cancellable,
+                      GAsyncReadyCallback callback,
+                      gpointer user_data)
+{
+	g_async_initable_new_async (UM_TYPE_REALM_MANAGER,
+	                            G_PRIORITY_DEFAULT,
+	                            cancellable, callback, user_data,
+	                            "g-name", "org.freedesktop.realmd",
+	                            "g-bus-type", G_BUS_TYPE_SYSTEM,
+	                            "g-object-path", "/org/freedesktop/realmd",
+	                            "g-interface-name", "org.freedesktop.realmd.Provider",
+	                            NULL);
+}
+
+UmRealmManager *
+um_realm_manager_new_finish (GAsyncResult *result,
+                             GError **error)
+{
+	GObject *self;
+	GObject *source_object;
+
+	source_object = g_async_result_get_source_object (result);
+	self = g_async_initable_new_finish (G_ASYNC_INITABLE (source_object), result, error);
+	g_object_unref (source_object);
+
+	return UM_REALM_MANAGER (self);
+}
+
+typedef struct {
+	GCancellable *cancellable;
+	GList *realms;
+} DiscoverClosure;
+
+static void
+discover_closure_free (gpointer data)
+{
+	DiscoverClosure *discover = data;
+	g_clear_object (&discover->cancellable);
+	g_list_free_full (discover->realms, g_object_unref);
+	g_slice_free (DiscoverClosure, discover);
+}
+
+static void
+on_manager_load (GObject *source,
+                 GAsyncResult *result,
+                 gpointer user_data)
+{
+	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
+	DiscoverClosure *discover = g_simple_async_result_get_op_res_gpointer (async);
+	GError *error = NULL;
+
+	discover->realms = um_realm_manager_load_finish (UM_REALM_MANAGER (source),
+	                                                 result, &error);
+	if (error != NULL)
+		g_simple_async_result_take_error (async, error);
+	g_simple_async_result_complete (async);
+
+	g_object_unref (async);
+}
+
+static void
+on_provider_discover (GObject *source,
+                      GAsyncResult *result,
+                      gpointer user_data)
+{
+	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
+	DiscoverClosure *discover = g_simple_async_result_get_op_res_gpointer (async);
+	UmRealmManager *self = UM_REALM_MANAGER (source);
+	GError *error = NULL;
+	GVariant *realms;
+	gint relevance;
+
+	um_realm_provider_call_discover_finish (UM_REALM_PROVIDER (self),
+	                                        &relevance, &realms, result, &error);
+	if (error == NULL) {
+		um_realm_manager_load (self, realms, discover->cancellable,
+		                       on_manager_load, g_object_ref (async));
+
+	} else {
+		g_simple_async_result_take_error (async, error);
+		g_simple_async_result_complete (async);
+	}
+
+	g_object_unref (async);
+}
+
+void
+um_realm_manager_discover (UmRealmManager *self,
+                           const gchar *input,
+                           GCancellable *cancellable,
+                           GAsyncReadyCallback callback,
+                           gpointer user_data)
+{
+	GSimpleAsyncResult *res;
+	DiscoverClosure *discover;
+
+	g_return_if_fail (UM_IS_REALM_MANAGER (self));
+	g_return_if_fail (input != NULL);
+	g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
+
+	res = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
+	                                 um_realm_manager_discover);
+	discover = g_slice_new0 (DiscoverClosure);
+	discover->cancellable = cancellable ? g_object_ref (cancellable) : NULL;
+	g_simple_async_result_set_op_res_gpointer (res, discover, discover_closure_free);
+
+	um_realm_provider_call_discover (UM_REALM_PROVIDER (self), input, cancellable,
+	                                 on_provider_discover, g_object_ref (res));
+
+	g_object_unref (res);
+}
+
+GList *
+um_realm_manager_discover_finish (UmRealmManager *self,
+                                  GAsyncResult *result,
+                                  GError **error)
+{
+	GSimpleAsyncResult *async;
+	DiscoverClosure *discover;
+	GList *realms;
+
+	g_return_val_if_fail (UM_IS_REALM_MANAGER (self), NULL);
+	g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
+	                      um_realm_manager_discover), NULL);
+	g_return_val_if_fail (error == NULL || *error == NULL, NULL);
+
+	async = G_SIMPLE_ASYNC_RESULT (result);
+	if (g_simple_async_result_propagate_error (async, error))
+		return NULL;
+
+	discover = g_simple_async_result_get_op_res_gpointer (async);
+	if (!discover->realms) {
+		g_set_error (error, UM_REALM_ERROR, UM_REALM_ERROR_FAIL,
+		             _("No such domain or realm found"));
+		return NULL;
+	}
+
+	realms = discover->realms;
+	discover->realms = NULL;
+	return realms;
+}
+
+GList *
+um_realm_manager_get_realms (UmRealmManager *self)
+{
+	g_return_val_if_fail (UM_IS_REALM_MANAGER (self), NULL);
+	return g_hash_table_get_values (self->realms);
+}
+
+void
+um_realm_join (UmRealmKerberos *realm,
+               GBytes *credentials,
+               GCancellable *cancellable,
+               GAsyncReadyCallback callback,
+               gpointer user_data)
+{
+	GVariant *options;
+	GVariant *creds;
+
+	g_return_if_fail (UM_REALM_IS_KERBEROS (realm));
+	g_return_if_fail (credentials != NULL);
+	g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
+
+	creds = g_variant_new_from_data (G_VARIANT_TYPE ("ay"),
+	                                 g_bytes_get_data (credentials, NULL),
+	                                 g_bytes_get_size (credentials),
+	                                 TRUE, (GDestroyNotify)g_bytes_unref, credentials);
+	options = g_variant_new_array (G_VARIANT_TYPE ("{sv}"), NULL, 0);
+
+	um_realm_kerberos_call_enroll_with_credential_cache (realm,
+	                                                     g_variant_ref_sink (creds),
+	                                                     g_variant_ref_sink (options),
+	                                                     cancellable,
+	                                                     callback,
+	                                                     user_data);
+
+	g_variant_unref (options);
+	g_variant_unref (creds);
+}
+
+gboolean
+um_realm_join_finish (UmRealmKerberos *self,
+                      GAsyncResult *result,
+                      GError **error)
+{
+	GError *call_error = NULL;
+	gchar *dbus_error;
+
+	g_return_val_if_fail (UM_REALM_IS_KERBEROS (self), FALSE);
+	g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
+
+	um_realm_kerberos_call_enroll_with_credential_cache_finish (self,
+	                                                            result,
+	                                                            &call_error);
+	if (call_error == NULL)
+		return TRUE;
+
+	dbus_error = g_dbus_error_get_remote_error (call_error);
+	if (dbus_error == NULL) {
+		g_propagate_error (error, call_error);
+		return FALSE;
+	}
+
+	g_dbus_error_strip_remote_error (call_error);
+
+	if (g_str_equal (dbus_error, "org.freedesktop.realmd.Error.AuthFailed")) {
+		g_set_error (error, UM_REALM_ERROR, UM_REALM_ERROR_BAD_LOGIN,
+		             call_error->message);
+		g_error_free (call_error);
+	} else {
+		g_propagate_error (error, call_error);
+	}
+
+	g_free (dbus_error);
+	return FALSE;
+}
+
+typedef struct {
+	gchar *domain;
+	gchar *realm;
+	gchar *user;
+	gchar *password;
+	gboolean unique;
+	GBytes *credentials;
+} LoginClosure;
+
+static void
+login_closure_free (gpointer data)
+{
+	LoginClosure *login = data;
+	g_free (login->domain);
+	g_free (login->realm);
+	g_free (login->user);
+	g_free (login->password);
+	g_bytes_unref (login->credentials);
+	g_slice_free (LoginClosure, login);
+}
+
+static krb5_error_code
+login_perform_kinit (krb5_context k5,
+                     const gchar *realm,
+                     const gchar *login,
+                     const gchar *password,
+                     const gchar *filename)
+{
+	krb5_get_init_creds_opt *opts;
+	krb5_error_code code;
+	krb5_principal principal;
+	krb5_ccache ccache;
+	krb5_creds creds;
+	gchar *name;
+
+	name = g_strdup_printf ("%s %s", login, realm);
+	code = krb5_parse_name (k5, name, &principal);
+	g_free (name);
+
+	if (code != 0)
+		return code;
+
+	if (filename == NULL)
+		code = krb5_cc_default (k5, &ccache);
+	else
+		code = krb5_cc_resolve (k5, filename, &ccache);
+
+	if (code != 0) {
+		krb5_free_principal (k5, principal);
+		return code;
+	}
+
+	code = krb5_get_init_creds_opt_alloc (k5, &opts);
+	g_return_val_if_fail (code == 0, code);
+
+	code = krb5_get_init_creds_opt_set_out_ccache (k5, opts, ccache);
+	g_return_val_if_fail (code == 0, code);
+
+	code = krb5_get_init_creds_password (k5, &creds, principal,
+	                                     (char *)password,
+	                                     NULL, 0, 0, NULL, opts);
+
+	krb5_get_init_creds_opt_free (k5, opts);
+	krb5_cc_close (k5, ccache);
+	krb5_free_principal (k5, principal);
+
+	if (code == 0)
+		krb5_free_cred_contents (k5, &creds);
+
+	return code;
+}
+
+static void
+kinit_thread_func (GSimpleAsyncResult *async,
+                   GObject *object,
+                   GCancellable *cancellable)
+{
+	LoginClosure *login = g_simple_async_result_get_op_res_gpointer (async);
+	krb5_context k5 = NULL;
+	krb5_error_code code;
+	GError *error = NULL;
+	gchar *filename = NULL;
+	gchar *contents;
+	gsize length;
+	gint temp_fd;
+
+	if (login->unique) {
+		filename = g_build_filename (g_get_user_runtime_dir (),
+		                             "um-krb5-creds.XXXXXX", NULL);
+		temp_fd = g_mkstemp_full (filename, O_RDWR, S_IRUSR | S_IWUSR);
+		if (temp_fd == -1) {
+			g_warning ("Couldn't create credential cache file: %s: %s",
+			           filename, g_strerror (errno));
+			g_free (filename);
+			filename = NULL;
+		} else {
+			close (temp_fd);
+		}
+	}
+
+	code = krb5_init_context (&k5);
+	if (code == 0) {
+		code = login_perform_kinit (k5, login->realm, login->user,
+		                            login->password, filename);
+	}
+
+	switch (code) {
+	case 0:
+		if (filename != NULL) {
+			g_file_get_contents (filename, &contents, &length, &error);
+			if (error == NULL) {
+				login->credentials = g_bytes_new_take (contents, length);
+			} else {
+				g_warning ("Couldn't read credential cache: %s", error->message);
+				g_error_free (error);
+			}
+		}
+		break;
+
+	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
+	case KRB5KDC_ERR_CLIENT_REVOKED:
+	case KRB5KDC_ERR_KEY_EXP:
+	case KRB5KDC_ERR_POLICY:
+	case KRB5KDC_ERR_ETYPE_NOSUPP:
+		g_simple_async_result_set_error (async, UM_REALM_ERROR, UM_REALM_ERROR_BAD_LOGIN,
+		                                 _("Cannot log in as %s at the %s domain"),
+		                                 login->user, login->domain);
+		break;
+	case KRB5KDC_ERR_PREAUTH_FAILED:
+		g_simple_async_result_set_error (async, UM_REALM_ERROR, UM_REALM_ERROR_BAD_PASSWORD,
+		                                 _("Invalid password, please try again"));
+		break;
+	default:
+		g_simple_async_result_set_error (async, UM_REALM_ERROR, UM_REALM_ERROR_FAIL,
+		                                 _("Couldn't connect to the %s domain: %s"),
+		                                 login->domain, krb5_get_error_message (k5, code));
+		break;
+	}
+
+	if (filename) {
+		g_unlink (filename);
+		g_free (filename);
+	}
+
+	if (k5)
+		krb5_free_context (k5);
+
+	g_simple_async_result_complete_in_idle (async);
+}
+
+void
+um_realm_login (const gchar *realm,
+                const gchar *domain,
+                const gchar *user,
+                const gchar *password,
+                UmRealmLoginFlags flags,
+                GCancellable *cancellable,
+                GAsyncReadyCallback callback,
+                gpointer user_data)
+{
+	GSimpleAsyncResult *async;
+	LoginClosure *login;
+
+	g_return_if_fail (realm != NULL);
+	g_return_if_fail (user != NULL);
+	g_return_if_fail (password != NULL);
+	g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
+
+	async = g_simple_async_result_new (NULL, callback, user_data,
+	                                   um_realm_login);
+	login = g_slice_new0 (LoginClosure);
+	login->domain = g_strdup (domain ? domain : realm);
+	login->realm = g_strdup (realm);
+	login->user = g_strdup (user);
+	login->password = g_strdup (password);
+	login->unique = (flags & UM_REALM_LOGIN_TO_CREDENTIALS);
+	g_simple_async_result_set_op_res_gpointer (async, login, login_closure_free);
+
+	g_simple_async_result_set_handle_cancellation (async, TRUE);
+	g_simple_async_result_run_in_thread (async, kinit_thread_func,
+	                                     G_PRIORITY_DEFAULT, cancellable);
+
+	g_object_unref (async);
+}
+
+gboolean
+um_realm_login_finish (GAsyncResult *result,
+                       GBytes **credentials,
+                       GError **error)
+{
+	GSimpleAsyncResult *async;
+	LoginClosure *login;
+
+	g_return_val_if_fail (g_simple_async_result_is_valid (result, NULL,
+	                      um_realm_login), FALSE);
+	g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
+
+	async = G_SIMPLE_ASYNC_RESULT (result);
+	if (g_simple_async_result_propagate_error (async, error))
+		return FALSE;
+
+	login = g_simple_async_result_get_op_res_gpointer (async);
+	if (credentials && login->credentials)
+		*credentials = g_bytes_ref (login->credentials);
+
+	return TRUE;
+}
diff --git a/panels/user-accounts/um-realm-manager.h b/panels/user-accounts/um-realm-manager.h
new file mode 100644
index 0000000..8fe2b0c
--- /dev/null
+++ b/panels/user-accounts/um-realm-manager.h
@@ -0,0 +1,96 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright 2012  Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Written by: Stef Walter <stefw gnome org>
+ */
+
+#ifndef __UM_REALM_MANAGER_H__
+#define __UM_REALM_MANAGER_H__
+
+#include "um-realm-generated.h"
+
+G_BEGIN_DECLS
+
+typedef enum {
+	UM_REALM_ERROR_BAD_LOGIN,
+	UM_REALM_ERROR_BAD_PASSWORD,
+	UM_REALM_ERROR_FAIL,
+} UmRealmErrors;
+
+#define UM_REALM_ERROR             (um_realm_error_get_quark ())
+
+GQuark           um_realm_error_get_quark         (void) G_GNUC_CONST;
+
+#define UM_TYPE_REALM_MANAGER      (um_realm_manager_get_type ())
+#define UM_REALM_MANAGER(obj)      (G_TYPE_CHECK_INSTANCE_CAST ((obj), UM_TYPE_REALM_MANAGER, UmRealmManager))
+#define UM_IS_REALM_MANAGER(obj)   (G_TYPE_CHECK_INSTANCE_TYPE ((obj), UM_TYPE_REALM_MANAGER))
+
+typedef struct _UmRealmManager UmRealmManager;
+
+GType            um_realm_manager_get_type        (void) G_GNUC_CONST;
+
+void             um_realm_manager_new             (GCancellable *cancellable,
+                                                   GAsyncReadyCallback callback,
+                                                   gpointer user_data);
+
+UmRealmManager * um_realm_manager_new_finish      (GAsyncResult *result,
+                                                   GError **error);
+
+void             um_realm_manager_discover        (UmRealmManager *self,
+                                                   const gchar *input,
+                                                   GCancellable *cancellable,
+                                                   GAsyncReadyCallback callback,
+                                                   gpointer user_data);
+
+GList *          um_realm_manager_discover_finish (UmRealmManager *self,
+                                                   GAsyncResult *result,
+                                                   GError **error);
+
+GList *          um_realm_manager_get_realms      (UmRealmManager *self);
+
+typedef enum {
+	UM_REALM_LOGIN_TO_CREDENTIALS = 1 << 0,
+} UmRealmLoginFlags;
+
+void             um_realm_login                   (const gchar *realm_name,
+                                                   const gchar *domain,
+                                                   const gchar *login,
+                                                   const gchar *password,
+                                                   UmRealmLoginFlags flags,
+                                                   GCancellable *cancellable,
+                                                   GAsyncReadyCallback callback,
+                                                   gpointer user_data);
+
+gboolean         um_realm_login_finish            (GAsyncResult *result,
+                                                   GBytes **credentials,
+                                                   GError **error);
+
+void             um_realm_join                    (UmRealmKerberos *realm,
+                                                   GBytes *credentials,
+                                                   GCancellable *cancellable,
+                                                   GAsyncReadyCallback callback,
+                                                   gpointer user_data);
+
+gboolean         um_realm_join_finish             (UmRealmKerberos *self,
+                                                   GAsyncResult *result,
+                                                   GError **error);
+
+
+G_END_DECLS
+
+#endif /* __UM_REALM_H__ */



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]