[gnome-settings-daemon/wip/identity: 2/2] flb
- From: Ray Strode <halfline src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-settings-daemon/wip/identity: 2/2] flb
- Date: Fri, 8 Jun 2012 18:32:41 +0000 (UTC)
commit a52f0f0a72af9ac1e38535e0b4d44614b414fbd9
Author: Ray Strode <rstrode redhat com>
Date: Mon Jun 4 07:22:45 2012 -0400
flb
configure.ac | 1 +
data/Makefile.am | 1 +
...tings-daemon.plugins.identity.gschema.xml.in.in | 14 +
plugins/identity/Makefile.am | 102 ++
plugins/identity/gsd-alarm.c | 94 +-
plugins/identity/gsd-identity-manager.c | 40 +-
plugins/identity/gsd-identity-manager.h | 22 +-
plugins/identity/gsd-identity.h | 1 +
plugins/identity/gsd-kerberos-identity-manager.c | 1314 ++++++++++++++++++++
plugins/identity/gsd-kerberos-identity-manager.h | 61 +
plugins/identity/gsd-kerberos-identity.c | 939 ++++++++++++++
plugins/identity/gsd-kerberos-identity.h | 85 ++
plugins/identity/identity.gnome-settings-plugin.in | 8 +
plugins/identity/test-identity.c | 6 +
14 files changed, 2651 insertions(+), 37 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index aae00a2..afce3a3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -509,6 +509,7 @@ data/org.gnome.settings-daemon.plugins.gschema.xml.in
data/org.gnome.settings-daemon.plugins.xsettings.gschema.xml.in
data/org.gnome.settings-daemon.plugins.keyboard.gschema.xml.in
data/org.gnome.settings-daemon.plugins.power.gschema.xml.in
+data/org.gnome.settings-daemon.plugins.identity.gschema.xml.in
data/org.gnome.settings-daemon.plugins.color.gschema.xml.in
data/org.gnome.settings-daemon.plugins.media-keys.gschema.xml.in
data/org.gnome.settings-daemon.peripherals.gschema.xml.in
diff --git a/data/Makefile.am b/data/Makefile.am
index 5fc9f64..1ea31ec 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -12,6 +12,7 @@ gsettings_SCHEMAS = \
org.gnome.settings-daemon.plugins.keyboard.gschema.xml \
org.gnome.settings-daemon.plugins.power.gschema.xml \
org.gnome.settings-daemon.plugins.color.gschema.xml \
+ org.gnome.settings-daemon.plugins.identity.gschema.xml \
org.gnome.settings-daemon.plugins.media-keys.gschema.xml \
org.gnome.settings-daemon.plugins.xsettings.gschema.xml \
org.gnome.settings-daemon.plugins.housekeeping.gschema.xml \
diff --git a/data/org.gnome.settings-daemon.plugins.identity.gschema.xml.in.in b/data/org.gnome.settings-daemon.plugins.identity.gschema.xml.in.in
new file mode 100644
index 0000000..caa5a4c
--- /dev/null
+++ b/data/org.gnome.settings-daemon.plugins.identity.gschema.xml.in.in
@@ -0,0 +1,14 @@
+<schemalist>
+ <schema gettext-domain="@GETTEXT_PACKAGE@" id="org.gnome.settings-daemon.plugins.identity" path="/org/gnome/settings-daemon/plugins/identity/">
+ <key name="active" type="b">
+ <default>true</default>
+ <_summary>Activation of this plugin</_summary>
+ <_description>Whether this plugin would be activated by gnome-settings-daemon or not</_description>
+ </key>
+ <key name="priority" type="i">
+ <default>1</default>
+ <_summary>Priority to use for this plugin</_summary>
+ <_description>Priority to use for this plugin in gnome-settings-daemon startup queue</_description>
+ </key>
+ </schema>
+</schemalist>
diff --git a/plugins/identity/Makefile.am b/plugins/identity/Makefile.am
new file mode 100644
index 0000000..68a5d23
--- /dev/null
+++ b/plugins/identity/Makefile.am
@@ -0,0 +1,102 @@
+plugin_name = identity
+
+plugin_LTLIBRARIES = \
+ libidentity.la
+
+libidentity_la_SOURCES = \
+ gsd-identity-plugin.h \
+ gsd-identity-plugin.c \
+ gsd-alarm.h \
+ gsd-alarm.c \
+ gsd-identity.h \
+ gsd-identity.c \
+ gsd-kerberos-identity.c \
+ gsd-identity-manager.h \
+ gsd-identity-manager-private.h \
+ gsd-identity-manager.c \
+ gsd-kerberos-identity-manager.h \
+ gsd-kerberos-identity-manager.c
+
+libidentity_la_CPPFLAGS = \
+ -I$(top_srcdir)/gnome-settings-daemon \
+ -DGNOME_SETTINGS_LOCALEDIR=\""$(datadir)/locale"\" \
+ -DSYSCONFDIR=\""$(sysconfdir)"\" \
+ -DLIBDIR=\""$(libdir)"\" \
+ -DGSD_SMARTCARD_MANAGER_NSS_DB=\""$(NSS_DATABASE)"\" \
+ $(AM_CPPFLAGS)
+
+libidentity_la_CFLAGS = \
+ $(PLUGIN_CFLAGS) \
+ $(SETTINGS_PLUGIN_CFLAGS) \
+ $(GNOME_CFLAGS) \
+ $(KRB5_CFLAGS) \
+ $(AM_CFLAGS)
+
+libidentity_la_LDFLAGS = \
+ $(GSD_PLUGIN_LDFLAGS)
+
+libidentity_la_LIBADD = \
+ $(SETTINGS_PLUGIN_LIBS) \
+ $(KRB5_LIBS)
+
+noinst_PROGRAMS = \
+ test-identity
+
+test_identity_SOURCES = \
+ gsd-alarm.h \
+ gsd-alarm.c \
+ gsd-identity.h \
+ gsd-identity.c \
+ gsd-kerberos-identity.c \
+ gsd-identity-manager.h \
+ gsd-identity-manager-private.h \
+ gsd-identity-manager.c \
+ gsd-kerberos-identity-manager.h \
+ gsd-kerberos-identity-manager.c \
+ test-identity.c \
+ $(NULL)
+
+test_identity_CPPFLAGS = \
+ -I$(top_srcdir)/data/ \
+ -I$(top_srcdir)/gnome-settings-daemon \
+ -I$(top_srcdir)/plugins/common \
+ -I$(top_srcdir)/plugins/media-keys/cut-n-paste \
+ -DBINDIR=\"$(bindir)\" \
+ -DPIXMAPDIR=\""$(pkgdatadir)"\" \
+ -DGTKBUILDERDIR=\""$(pkgdatadir)"\" \
+ -DGNOME_SETTINGS_LOCALEDIR=\""$(datadir)/locale"\" \
+ $(AM_CPPFLAGS)
+
+test_identity_CFLAGS = \
+ $(PLUGIN_CFLAGS) \
+ $(SETTINGS_PLUGIN_CFLAGS) \
+ $(GNOME_CFLAGS) \
+ $(KRB5_CFLAGS) \
+ $(AM_CFLAGS)
+
+test_identity_LDFLAGS = \
+ $(GSD_PLUGIN_LDFLAGS)
+
+test_identity_LDADD = \
+ $(top_builddir)/gnome-settings-daemon/libgsd.la \
+ $(top_builddir)/plugins/common/libcommon.la \
+ $(top_builddir)/plugins/media-keys/cut-n-paste/libgvc.la \
+ $(SETTINGS_DAEMON_LIBS) \
+ $(SETTINGS_PLUGIN_LIBS) \
+ $(KRB5_LIBS)
+
+ GSD_INTLTOOL_PLUGIN_RULE@
+
+plugin_in_files = \
+ identity.gnome-settings-plugin.in
+
+plugin_DATA = $(plugin_in_files:.gnome-settings-plugin.in=.gnome-settings-plugin)
+
+EXTRA_DIST = \
+ $(plugin_in_files)
+
+CLEANFILES = \
+ $(plugin_DATA)
+
+DISTCLEANFILES = \
+ $(plugin_DATA)
diff --git a/plugins/identity/gsd-alarm.c b/plugins/identity/gsd-alarm.c
index c5f67af..d66ebb8 100644
--- a/plugins/identity/gsd-alarm.c
+++ b/plugins/identity/gsd-alarm.c
@@ -25,6 +25,9 @@
#include "gsd-alarm.h"
+#define TFD_TIMER_CANCEL_ON_SET (1 << 1)
+#define HAVE_TIMERFD
+
#ifdef HAVE_TIMERFD
#include <sys/timerfd.h>
#endif
@@ -85,6 +88,7 @@ clear_scheduled_immediate_wakeup (GsdAlarm *self)
{
if (self->priv->immediate_wakeup_source != NULL) {
g_source_destroy (self->priv->immediate_wakeup_source);
+ g_source_unref (self->priv->immediate_wakeup_source);
self->priv->immediate_wakeup_source = NULL;
}
}
@@ -101,6 +105,7 @@ clear_scheduled_timer_wakeups (GsdAlarm *self)
}
g_source_destroy (self->priv->timer.source);
+ g_source_unref (self->priv->timer.source);
self->priv->timer.source = NULL;
error = NULL;
@@ -123,8 +128,11 @@ clear_scheduled_timer_wakeups (GsdAlarm *self)
static void
clear_scheduled_timeout_wakeups (GsdAlarm *self)
{
- g_source_destroy (self->priv->timeout.source);
- self->priv->timeout.source = NULL;
+ if (self->priv->timeout.source != NULL) {
+ g_source_destroy (self->priv->timeout.source);
+ g_source_unref (self->priv->timeout.source);
+ self->priv->timeout.source = NULL;
+ }
}
static void
@@ -146,6 +154,10 @@ clear_scheduled_wakeups (GsdAlarm *self)
}
if (self->priv->cancellable != NULL) {
+ if (!g_cancellable_is_cancelled (self->priv->cancellable)) {
+ g_cancellable_cancel (self->priv->cancellable);
+ }
+
g_object_unref (self->priv->cancellable);
self->priv->cancellable = NULL;
}
@@ -287,9 +299,13 @@ fire_or_rearm_alarm (GsdAlarm *self)
}
static gboolean
-on_immediate_wakeup_source_ready (gpointer user_data)
+on_immediate_wakeup_source_ready (GsdAlarm *self)
{
- GsdAlarm *self = GSD_ALARM (user_data);
+ g_return_val_if_fail (self->priv->type != GSD_ALARM_TYPE_UNSCHEDULED, FALSE);
+
+ if (g_cancellable_is_cancelled (self->priv->cancellable)) {
+ return FALSE;
+ }
fire_or_rearm_alarm (self);
@@ -299,12 +315,18 @@ on_immediate_wakeup_source_ready (gpointer user_data)
#ifdef HAVE_TIMERFD
static gboolean
on_timer_source_ready (GObject *stream,
- gpointer user_data)
+ GsdAlarm *self)
{
- GsdAlarm *self = GSD_ALARM (user_data);
gint64 number_of_fires;
gssize bytes_read;
+ g_return_val_if_fail (GSD_IS_ALARM (self), FALSE);
+ g_return_val_if_fail (self->priv->type == GSD_ALARM_TYPE_TIMER, FALSE);
+
+ if (g_cancellable_is_cancelled (self->priv->cancellable)) {
+ return FALSE;
+ }
+
bytes_read = g_pollable_input_stream_read_nonblocking (G_POLLABLE_INPUT_STREAM (stream),
&number_of_fires,
sizeof (gint64),
@@ -331,8 +353,12 @@ schedule_wakeups_with_timerfd (GsdAlarm *self)
struct itimerspec timer_spec;
int fd;
int result;
+ static gboolean seen_before = FALSE;
- g_debug ("GsdAlarm: trying to use kernel timer");
+ if (!seen_before) {
+ g_debug ("GsdAlarm: trying to use kernel timer");
+ seen_before = TRUE;
+ }
fd = timerfd_create (CLOCK_REALTIME, TFD_CLOEXEC | TFD_NONBLOCK);
@@ -362,8 +388,9 @@ schedule_wakeups_with_timerfd (GsdAlarm *self)
g_source_set_callback (self->priv->timer.source,
(GSourceFunc)
on_timer_source_ready,
- self,
- NULL);
+ g_object_ref (self),
+ (GDestroyNotify)
+ g_object_unref);
g_source_attach (self->priv->timer.source,
self->priv->context);
@@ -375,12 +402,22 @@ schedule_wakeups_with_timerfd (GsdAlarm *self)
}
static gboolean
-on_timeout_source_ready (gpointer user_data)
+on_timeout_source_ready (GsdAlarm *self)
{
- GsdAlarm *self = GSD_ALARM (user_data);
+ g_return_val_if_fail (GSD_IS_ALARM (self), FALSE);
+ g_return_val_if_fail (self->priv->type != GSD_ALARM_TYPE_UNSCHEDULED, FALSE);
+ g_return_val_if_fail (self->priv->type == GSD_ALARM_TYPE_TIMEOUT, FALSE);
+
+ if (g_cancellable_is_cancelled (self->priv->cancellable)) {
+ return FALSE;
+ }
fire_or_rearm_alarm (self);
+ if (g_cancellable_is_cancelled (self->priv->cancellable)) {
+ return FALSE;
+ }
+
schedule_wakeups_with_timeout_source (self);
return FALSE;
@@ -392,6 +429,7 @@ schedule_wakeups_with_timeout_source (GsdAlarm *self)
GDateTime *now;
GTimeSpan time_span;
guint interval;
+
self->priv->type = GSD_ALARM_TYPE_TIMEOUT;
now = g_date_time_new_now_local ();
@@ -409,8 +447,9 @@ schedule_wakeups_with_timeout_source (GsdAlarm *self)
g_source_set_callback (self->priv->timeout.source,
(GSourceFunc)
on_timeout_source_ready,
- self,
- NULL);
+ g_object_ref (self),
+ (GDestroyNotify)
+ g_object_unref);
g_source_attach (self->priv->timeout.source,
self->priv->context);
@@ -424,7 +463,12 @@ schedule_wakeups (GsdAlarm *self)
wakeup_scheduled = schedule_wakeups_with_timerfd (self);
if (!wakeup_scheduled) {
- g_debug ("GsdAlarm: falling back to polling timeout\n");
+ static gboolean seen_before = FALSE;
+
+ if (!seen_before) {
+ g_debug ("GsdAlarm: falling back to polling timeout\n");
+ seen_before = TRUE;
+ }
schedule_wakeups_with_timeout_source (self);
}
}
@@ -437,27 +481,29 @@ schedule_immediate_wakeup (GsdAlarm *self)
g_source_set_callback (self->priv->immediate_wakeup_source,
(GSourceFunc)
on_immediate_wakeup_source_ready,
- self,
- NULL);
-
+ g_object_ref (self),
+ (GDestroyNotify)
+ g_object_unref);
g_source_attach (self->priv->immediate_wakeup_source,
self->priv->context);
}
void
-gsd_alarm_set (GsdAlarm *self,
- GDateTime *time,
- GCancellable *cancellable)
+gsd_alarm_set (GsdAlarm *self,
+ GDateTime *time,
+ GCancellable *cancellable)
{
+ if (g_cancellable_is_cancelled (cancellable)) {
+ return;
+ }
+
if (self->priv->cancellable != NULL) {
if (!g_cancellable_is_cancelled (self->priv->cancellable)) {
g_cancellable_cancel (cancellable);
}
- if (self->priv->cancellable != NULL) {
- g_object_unref (self->priv->cancellable);
- self->priv->cancellable = NULL;
- }
+ g_object_unref (self->priv->cancellable);
+ self->priv->cancellable = NULL;
}
if (cancellable == NULL) {
diff --git a/plugins/identity/gsd-identity-manager.c b/plugins/identity/gsd-identity-manager.c
index 9b87c3a..706fa67 100644
--- a/plugins/identity/gsd-identity-manager.c
+++ b/plugins/identity/gsd-identity-manager.c
@@ -89,9 +89,9 @@ gsd_identity_manager_error_quark (void)
void
gsd_identity_manager_list_identities (GsdIdentityManager *self,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
{
GSD_IDENTITY_MANAGER_GET_IFACE (self)->list_identities (self,
cancellable,
@@ -101,8 +101,8 @@ gsd_identity_manager_list_identities (GsdIdentityManager *self,
GList *
gsd_identity_manager_list_identities_finish (GsdIdentityManager *self,
- GAsyncResult *result,
- GError **error)
+ GAsyncResult *result,
+ GError **error)
{
return GSD_IDENTITY_MANAGER_GET_IFACE (self)->list_identities_finish (self,
result,
@@ -110,26 +110,44 @@ gsd_identity_manager_list_identities_finish (GsdIdentityManager *self,
}
void
+gsd_identity_manager_renew_identity (GsdIdentityManager *self,
+ GsdIdentity *identity,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GSD_IDENTITY_MANAGER_GET_IFACE (self)->renew_identity (self, identity, cancellable, callback, user_data);
+}
+
+void
+gsd_identity_manager_renew_identity_finish (GsdIdentityManager *self,
+ GAsyncResult *result,
+ GError **error)
+{
+ GSD_IDENTITY_MANAGER_GET_IFACE (self)->renew_identity_finish (self, result, error);
+}
+
+void
gsd_identity_manager_sign_identity_out (GsdIdentityManager *self,
GsdIdentity *identity,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
{
GSD_IDENTITY_MANAGER_GET_IFACE (self)->sign_identity_out (self, identity, cancellable, callback, user_data);
}
void
gsd_identity_manager_sign_identity_out_finish (GsdIdentityManager *self,
- GAsyncResult *result,
- GError **error)
+ GAsyncResult *result,
+ GError **error)
{
GSD_IDENTITY_MANAGER_GET_IFACE (self)->sign_identity_out_finish (self, result, error);
}
char *
gsd_identity_manager_name_identity (GsdIdentityManager *self,
- GsdIdentity *identity)
+ GsdIdentity *identity)
{
return GSD_IDENTITY_MANAGER_GET_IFACE (self)->name_identity (self,
identity);
diff --git a/plugins/identity/gsd-identity-manager.h b/plugins/identity/gsd-identity-manager.h
index 0b2adda..9a68f03 100644
--- a/plugins/identity/gsd-identity-manager.h
+++ b/plugins/identity/gsd-identity-manager.h
@@ -68,6 +68,15 @@ struct _GsdIdentityManagerInterface
GAsyncResult *result,
GError **error);
+ void (* renew_identity) (GsdIdentityManager *identity_manager,
+ GsdIdentity *identity,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+ void (* renew_identity_finish) (GsdIdentityManager *identity_manager,
+ GAsyncResult *result,
+ GError **error);
+
void (* sign_identity_out) (GsdIdentityManager *identity_manager,
GsdIdentity *identity,
GCancellable *cancellable,
@@ -104,8 +113,17 @@ void gsd_identity_manager_sign_identity_out (GsdIdentityManager *iden
GAsyncReadyCallback callback,
gpointer user_data);
void gsd_identity_manager_sign_identity_out_finish (GsdIdentityManager *identity_manager,
- GAsyncResult *result,
- GError **error);
+ GAsyncResult *result,
+ GError **error);
+
+void gsd_identity_manager_renew_identity (GsdIdentityManager *identity_manager,
+ GsdIdentity *identity,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data);
+void gsd_identity_manager_renew_identity_finish (GsdIdentityManager *identity_manager,
+ GAsyncResult *result,
+ GError **error);
char *gsd_identity_manager_name_identity (GsdIdentityManager *identity_manager,
GsdIdentity *identity);
diff --git a/plugins/identity/gsd-identity.h b/plugins/identity/gsd-identity.h
index d5c7e86..9b925b8 100644
--- a/plugins/identity/gsd-identity.h
+++ b/plugins/identity/gsd-identity.h
@@ -49,6 +49,7 @@ struct _GsdIdentityInterface
enum _GsdIdentityError {
GSD_IDENTITY_ERROR_VERIFYING,
+ GSD_IDENTITY_ERROR_RENEWING,
GSD_IDENTITY_ERROR_ERASING
};
diff --git a/plugins/identity/gsd-kerberos-identity-manager.c b/plugins/identity/gsd-kerberos-identity-manager.c
new file mode 100644
index 0000000..93b3bed
--- /dev/null
+++ b/plugins/identity/gsd-kerberos-identity-manager.c
@@ -0,0 +1,1314 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Authors: Ray Strode
+ */
+
+#include "config.h"
+
+#include "gsd-kerberos-identity-manager.h"
+#include "gsd-identity-manager.h"
+#include "gsd-identity-manager-private.h"
+#include "gsd-kerberos-identity.h"
+
+#include <string.h>
+
+#include <glib/gi18n.h>
+#include <gio/gio.h>
+
+#include <krb5.h>
+
+struct _GsdKerberosIdentityManagerPrivate
+{
+ GHashTable *identities;
+ GHashTable *expired_identities;
+ GHashTable *identities_by_realm;
+ GAsyncQueue *pending_operations;
+ GCancellable *scheduler_cancellable;
+
+ krb5_context kerberos_context;
+ GFileMonitor *credentials_cache_monitor;
+ gulong credentials_cache_changed_signal_id;
+
+ GMutex scheduler_job_lock;
+ GCond scheduler_job_unblocked;
+ gboolean is_blocking_scheduler_job;
+
+ volatile int pending_refresh_count;
+};
+
+typedef enum
+{
+ OPERATION_TYPE_REFRESH,
+ OPERATION_TYPE_LIST,
+ OPERATION_TYPE_RENEW,
+ OPERATION_TYPE_SIGN_OUT
+} OperationType;
+
+typedef struct
+{
+ GCancellable *cancellable;
+ GsdKerberosIdentityManager *manager;
+ OperationType type;
+ GSimpleAsyncResult *result;
+ GIOSchedulerJob *job;
+ GsdIdentity *identity;
+} Operation;
+
+typedef struct
+{
+ GsdKerberosIdentityManager *manager;
+ GsdIdentity *identity;
+} IdentitySignalWork;
+
+static void identity_manager_interface_init (GsdIdentityManagerInterface *interface);
+static void initable_interface_init (GInitableIface *interface);
+static void schedule_next_operation (GsdKerberosIdentityManager *self);
+
+static void on_identity_expired (GsdIdentity *identity, gpointer user_data);
+
+G_DEFINE_TYPE_WITH_CODE (GsdKerberosIdentityManager,
+ gsd_kerberos_identity_manager,
+ G_TYPE_OBJECT,
+ G_IMPLEMENT_INTERFACE (GSD_TYPE_IDENTITY_MANAGER,
+ identity_manager_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ initable_interface_init));
+
+static Operation *
+operation_new (GsdKerberosIdentityManager *self,
+ GCancellable *cancellable,
+ OperationType type,
+ GSimpleAsyncResult *result)
+{
+ Operation *operation;
+
+ operation = g_slice_new (Operation);
+
+ operation->manager = self;
+ operation->type = type;
+
+ if (cancellable == NULL) {
+ cancellable = g_cancellable_new ();
+ } else {
+ g_object_ref (cancellable);
+ }
+ operation->cancellable = cancellable;
+
+ if (result != NULL) {
+ g_object_ref (result);
+ }
+ operation->result = result;
+
+ operation->identity = NULL;
+
+ return operation;
+}
+
+static void
+operation_free (Operation *operation)
+{
+ g_object_unref (operation->cancellable);
+
+ if (operation->identity != NULL) {
+ g_object_unref (operation->identity);
+ }
+
+ if (operation->result != NULL) {
+ g_object_unref (operation->result);
+ }
+
+ g_slice_free (Operation, operation);
+}
+
+static void
+schedule_refresh (GsdKerberosIdentityManager *self)
+{
+ Operation *operation;
+
+ g_atomic_int_inc (&self->priv->pending_refresh_count);
+
+ operation = operation_new (self, NULL, OPERATION_TYPE_REFRESH, NULL);
+ g_async_queue_push (self->priv->pending_operations, operation);
+}
+
+static IdentitySignalWork *
+identity_signal_work_new (GsdKerberosIdentityManager *self,
+ GsdIdentity *identity)
+{
+ IdentitySignalWork *work;
+
+ work = g_slice_new (IdentitySignalWork);
+ work->manager = self;
+ work->identity = g_object_ref (identity);
+
+ return work;
+}
+
+static void
+identity_signal_work_free (IdentitySignalWork *work)
+{
+ g_object_unref (work->identity);
+ g_slice_free (IdentitySignalWork, work);
+}
+
+static void
+stop_watching_for_identity_expiration (GsdKerberosIdentityManager *self,
+ GsdIdentity *identity)
+{
+ g_signal_handlers_disconnect_by_func (G_OBJECT (identity),
+ G_CALLBACK (on_identity_expired),
+ self);
+}
+
+static void
+on_identity_expired (GsdIdentity *identity,
+ gpointer user_data)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (user_data);
+ const char *identifier;
+
+ stop_watching_for_identity_expiration (self, identity);
+
+ identifier = gsd_identity_get_identifier (identity);
+ g_hash_table_replace (self->priv->expired_identities,
+ g_strdup (identifier),
+ identity);
+ _gsd_identity_manager_emit_identity_expired (GSD_IDENTITY_MANAGER (self), identity);
+}
+
+static void
+on_identity_unexpired (GsdIdentity *identity,
+ gpointer user_data)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (user_data);
+
+ /* If an identity is now unexpired, that means some sort of weird
+ * clock skew happened and we should just do a full refresh, since it's
+ * probably affected more than one identity
+ */
+ schedule_refresh (self);
+}
+
+static void
+on_identity_renewed (GsdIdentityManager *self,
+ GAsyncResult *result)
+{
+ GError *error;
+
+ error = NULL;
+ gsd_identity_manager_renew_identity_finish (GSD_IDENTITY_MANAGER (self),
+ result,
+ &error);
+
+ if (error != NULL) {
+ g_debug ("GsdKerberosIdentityManager: could not renew identity: %s",
+ error->message);
+ g_error_free (error);
+ }
+}
+
+static void
+on_identity_needs_renewal (GsdIdentity *identity,
+ GsdKerberosIdentityManager *self)
+{
+ g_debug ("GsdKerberosIdentityManager: identity needs renewal");
+ gsd_identity_manager_renew_identity (GSD_IDENTITY_MANAGER (self),
+ identity,
+ NULL,
+ (GAsyncReadyCallback)
+ on_identity_renewed,
+ NULL);
+}
+
+static void
+on_identity_needs_refresh (GsdIdentity *identity,
+ GsdKerberosIdentityManager *self)
+{
+ schedule_refresh (self);
+}
+
+static void
+watch_for_identity_expiration (GsdKerberosIdentityManager *self,
+ GsdIdentity *identity)
+{
+ g_signal_handlers_disconnect_by_func (G_OBJECT (identity),
+ G_CALLBACK (on_identity_expired),
+ self);
+ g_signal_connect (G_OBJECT (identity),
+ "expired",
+ G_CALLBACK (on_identity_expired),
+ self);
+
+ g_signal_handlers_disconnect_by_func (G_OBJECT (identity),
+ G_CALLBACK (on_identity_unexpired),
+ self);
+ g_signal_connect (G_OBJECT (identity),
+ "unexpired",
+ G_CALLBACK (on_identity_unexpired),
+ self);
+
+ g_signal_handlers_disconnect_by_func (G_OBJECT (identity),
+ G_CALLBACK (on_identity_needs_renewal),
+ self);
+ g_signal_connect (G_OBJECT (identity),
+ "needs-renewal",
+ G_CALLBACK (on_identity_needs_renewal),
+ self);
+
+ g_signal_handlers_disconnect_by_func (G_OBJECT (identity),
+ G_CALLBACK (on_identity_needs_refresh),
+ self);
+ g_signal_connect (G_OBJECT (identity),
+ "needs-refresh",
+ G_CALLBACK (on_identity_needs_refresh),
+ self);
+}
+
+static void
+do_identity_signal_removed_work (IdentitySignalWork *work)
+{
+ GsdKerberosIdentityManager *self = work->manager;
+ GsdIdentity *identity = work->identity;
+
+ stop_watching_for_identity_expiration (self, identity);
+ _gsd_identity_manager_emit_identity_removed (GSD_IDENTITY_MANAGER (self), identity);
+}
+
+static void
+do_identity_signal_renamed_work (IdentitySignalWork *work)
+{
+ GsdKerberosIdentityManager *self = work->manager;
+ GsdIdentity *identity = work->identity;
+
+ _gsd_identity_manager_emit_identity_renamed (GSD_IDENTITY_MANAGER (self), identity);
+}
+
+static void
+do_identity_signal_added_work (IdentitySignalWork *work)
+{
+ GsdKerberosIdentityManager *self = work->manager;
+ GsdIdentity *identity = work->identity;
+
+ watch_for_identity_expiration (self, identity);
+ _gsd_identity_manager_emit_identity_added (GSD_IDENTITY_MANAGER (self), identity);
+}
+
+static void
+do_identity_signal_renewed_work (IdentitySignalWork *work)
+{
+ GsdKerberosIdentityManager *self = work->manager;
+ GsdIdentity *identity = work->identity;
+
+ watch_for_identity_expiration (self, identity);
+ _gsd_identity_manager_emit_identity_renewed (GSD_IDENTITY_MANAGER (self), identity);
+}
+
+static void
+remove_identity (GsdKerberosIdentityManager *self,
+ Operation *operation,
+ GsdIdentity *identity)
+{
+
+ IdentitySignalWork *work;
+ const char *identifier;
+ char *name;
+ GList *other_identities = NULL;
+
+ identifier = gsd_identity_get_identifier (identity);
+ name = gsd_kerberos_identity_get_realm_name (GSD_KERBEROS_IDENTITY (identity));
+
+ if (name != NULL) {
+ other_identities = g_hash_table_lookup (self->priv->identities_by_realm,
+ name);
+ g_hash_table_remove (self->priv->identities_by_realm, name);
+
+ other_identities = g_list_remove (other_identities, identity);
+ }
+
+
+ if (other_identities != NULL) {
+ g_hash_table_replace (self->priv->identities_by_realm,
+ g_strdup (name),
+ other_identities);
+ }
+ g_free (name);
+
+ work = identity_signal_work_new (self, identity);
+ g_hash_table_remove (self->priv->expired_identities,
+ identifier);
+ g_hash_table_remove (self->priv->identities,
+ identifier);
+
+ g_io_scheduler_job_send_to_mainloop (operation->job,
+ (GSourceFunc)
+ do_identity_signal_removed_work,
+ work,
+ (GDestroyNotify)
+ identity_signal_work_free);
+ /* If there's only one identity for this realm now, then we can
+ * rename that identity to just the realm name
+ */
+ if (other_identities != NULL && other_identities->next == NULL) {
+ GsdIdentity *other_identity = other_identities->data;
+
+ work = identity_signal_work_new (self, other_identity);
+
+ g_io_scheduler_job_send_to_mainloop (operation->job,
+ (GSourceFunc)
+ do_identity_signal_renamed_work,
+ work,
+ (GDestroyNotify)
+ identity_signal_work_free);
+ }
+}
+
+static void
+drop_stale_identities (GsdKerberosIdentityManager *self,
+ Operation *operation,
+ GHashTable *known_identities)
+{
+ GList *stale_identity_ids;
+ GList *node;
+
+ stale_identity_ids = g_hash_table_get_keys (self->priv->identities);
+
+ node = stale_identity_ids;
+ while (node != NULL) {
+ GsdIdentity *identity;
+ const char *identifier = node->data;
+
+ identity = g_hash_table_lookup (known_identities, identifier);
+ if (identity == NULL) {
+ identity = g_hash_table_lookup (self->priv->identities,
+ identifier);
+
+ if (identity != NULL) {
+ remove_identity (self, operation, identity);
+ }
+ }
+ node = node->next;
+ }
+ g_list_free (stale_identity_ids);
+}
+
+static void
+update_identity (GsdKerberosIdentityManager *self,
+ Operation *operation,
+ GsdIdentity *identity,
+ GsdIdentity *new_identity)
+{
+
+ gboolean is_expired;
+
+ is_expired = g_hash_table_remove (self->priv->expired_identities,
+ gsd_identity_get_identifier (identity));
+
+ gsd_kerberos_identity_update (GSD_KERBEROS_IDENTITY (identity),
+ GSD_KERBEROS_IDENTITY (new_identity));
+
+ if (is_expired) {
+ IdentitySignalWork *work;
+
+ /* if it was expired before, send out a renewel signal */
+ work = identity_signal_work_new (self, identity);
+ g_io_scheduler_job_send_to_mainloop (operation->job,
+ (GSourceFunc)
+ do_identity_signal_renewed_work,
+ work,
+ (GDestroyNotify)
+ identity_signal_work_free);
+ }
+}
+
+static void
+add_identity (GsdKerberosIdentityManager *self,
+ Operation *operation,
+ GsdIdentity *identity,
+ const char *identifier)
+{
+ IdentitySignalWork *work;
+
+ g_hash_table_replace (self->priv->identities,
+ g_strdup (identifier),
+ g_object_ref (identity));
+
+ if (!gsd_identity_is_signed_in (identity)) {
+ g_hash_table_replace (self->priv->expired_identities,
+ g_strdup (identifier),
+ identity);
+ }
+
+ work = identity_signal_work_new (self, identity);
+ g_io_scheduler_job_send_to_mainloop (operation->job,
+ (GSourceFunc)
+ do_identity_signal_added_work,
+ work,
+ (GDestroyNotify)
+ identity_signal_work_free);
+}
+
+static void
+refresh_identity (GsdKerberosIdentityManager *self,
+ Operation *operation,
+ GHashTable *refreshed_identities,
+ GsdIdentity *identity)
+{
+ const char *identifier;
+ GsdIdentity *old_identity;
+
+ identifier = gsd_identity_get_identifier (identity);
+
+ if (identifier == NULL) {
+ return;
+ }
+ old_identity = g_hash_table_lookup (self->priv->identities, identifier);
+
+ if (old_identity != NULL) {
+ update_identity (self, operation, old_identity, identity);
+
+ /* Reuse the old identity, so any object data set up on it doesn't
+ * disappear spurriously
+ */
+ identifier = gsd_identity_get_identifier (old_identity);
+ identity = old_identity;
+ } else {
+ add_identity (self, operation, identity, identifier);
+ }
+
+ /* Track refreshed identities so we can emit removals when we're done fully
+ * enumerating the collection of credential caches
+ */
+ g_hash_table_replace (refreshed_identities,
+ g_strdup (identifier),
+ g_object_ref (identity));
+}
+
+static gboolean
+refresh_identities (GsdKerberosIdentityManager *self,
+ Operation *operation)
+{
+ krb5_error_code error_code;
+ krb5_ccache cache;
+ krb5_cccol_cursor cursor;
+ const char *error_message;
+ GHashTable *refreshed_identities;
+
+ /* If we have more refreshes queued up, don't bother doing this one
+ */
+ if (!g_atomic_int_dec_and_test (&self->priv->pending_refresh_count)) {
+ return FALSE;
+ }
+
+ g_debug ("GsdKerberosIdentityManager: Refreshing identities");
+ refreshed_identities = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+ (GDestroyNotify)
+ g_free,
+ (GDestroyNotify)
+ g_object_unref);
+ error_code = krb5_cccol_cursor_new (self->priv->kerberos_context, &cursor);
+
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("GsdKerberosIdentityManager: Error looking up available credential caches: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ goto done;
+ }
+
+ error_code = krb5_cccol_cursor_next (self->priv->kerberos_context,
+ cursor,
+ &cache);
+
+ while (error_code == 0 && cache != NULL) {
+ GsdIdentity *identity;
+
+ identity = gsd_kerberos_identity_new (self->priv->kerberos_context,
+ cache);
+
+ if (identity != NULL) {
+ refresh_identity (self, operation, refreshed_identities, identity);
+ }
+
+ krb5_cc_close (self->priv->kerberos_context, cache);
+ error_code = krb5_cccol_cursor_next (self->priv->kerberos_context,
+ cursor,
+ &cache);
+ }
+
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("GsdKerberosIdentityManager: Error iterating over available credential caches: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ }
+
+ krb5_cccol_cursor_free (self->priv->kerberos_context, &cursor);
+done:
+ drop_stale_identities (self, operation, refreshed_identities);
+ g_hash_table_unref (refreshed_identities);
+
+ return TRUE;
+}
+
+static int
+identity_sort_func (GsdIdentity *a,
+ GsdIdentity *b)
+{
+ return g_strcmp0 (gsd_identity_get_identifier (a),
+ gsd_identity_get_identifier (b));
+}
+
+static void
+free_identity_list (GList *list)
+{
+ g_list_foreach (list, (GFunc) g_object_unref, NULL);
+ g_list_free (list);
+}
+
+static void
+list_identities (GsdKerberosIdentityManager *self,
+ Operation *operation)
+{
+ GList *identities;
+
+ g_debug ("GsdKerberosIdentityManager: Listing identities");
+ identities = g_hash_table_get_values (self->priv->identities);
+
+ identities = g_list_sort (identities,
+ (GCompareFunc)
+ identity_sort_func);
+
+ g_list_foreach (identities, (GFunc) g_object_ref, NULL);
+ g_simple_async_result_set_op_res_gpointer (operation->result,
+ identities,
+ (GDestroyNotify)
+ free_identity_list);
+}
+
+static void
+renew_identity (GsdKerberosIdentityManager *self,
+ Operation *operation)
+{
+ GError *error;
+ gboolean was_renewed;
+ char *identity_name;
+
+ identity_name = gsd_kerberos_identity_get_principal_name (GSD_KERBEROS_IDENTITY (operation->identity));
+ g_debug ("GsdKerberosIdentityManager: renewing identity %s", identity_name);
+ g_free (identity_name);
+
+ error = NULL;
+ was_renewed = gsd_kerberos_identity_renew (GSD_KERBEROS_IDENTITY (operation->identity),
+ &error);
+
+ if (!was_renewed) {
+ g_debug ("GsdKerberosIdentityManager: could not renew identity: %s",
+ error->message);
+
+ g_simple_async_result_set_from_error (operation->result,
+ error);
+ }
+
+ g_simple_async_result_set_op_res_gboolean (operation->result,
+ was_renewed);
+}
+
+static void
+sign_out_identity (GsdKerberosIdentityManager *self,
+ Operation *operation)
+{
+ GError *error;
+ gboolean was_signed_out;
+ char *identity_name;
+
+ identity_name = gsd_kerberos_identity_get_principal_name (GSD_KERBEROS_IDENTITY (operation->identity));
+ g_debug ("GsdKerberosIdentityManager: signing out identity %s", identity_name);
+ g_free (identity_name);
+
+ error = NULL;
+ was_signed_out = gsd_kerberos_identity_erase (GSD_KERBEROS_IDENTITY (operation->identity),
+ &error);
+
+ if (!was_signed_out) {
+ g_debug ("GsdKerberosIdentityManager: could not sign out identity: %s",
+ error->message);
+ g_error_free (error);
+ }
+}
+
+static void
+block_scheduler_job (GsdKerberosIdentityManager *self)
+{
+ g_mutex_lock (&self->priv->scheduler_job_lock);
+ while (self->priv->is_blocking_scheduler_job) {
+ g_cond_wait (&self->priv->scheduler_job_unblocked, &self->priv->scheduler_job_lock);
+ }
+ self->priv->is_blocking_scheduler_job = TRUE;
+ g_mutex_unlock (&self->priv->scheduler_job_lock);
+}
+
+static void
+stop_blocking_scheduler_job (GsdKerberosIdentityManager *self)
+{
+ g_mutex_lock (&self->priv->scheduler_job_lock);
+ self->priv->is_blocking_scheduler_job = FALSE;
+ g_cond_signal (&self->priv->scheduler_job_unblocked);
+ g_mutex_unlock (&self->priv->scheduler_job_lock);
+}
+
+static void
+wait_for_scheduler_job_to_become_unblocked (GsdKerberosIdentityManager *self)
+{
+ g_mutex_lock (&self->priv->scheduler_job_lock);
+ while (self->priv->is_blocking_scheduler_job) {
+ g_cond_wait (&self->priv->scheduler_job_unblocked, &self->priv->scheduler_job_lock);
+ }
+ g_mutex_unlock (&self->priv->scheduler_job_lock);
+}
+
+static void
+on_job_cancelled (GCancellable *cancellable,
+ GsdKerberosIdentityManager *self)
+{
+ stop_blocking_scheduler_job (self);
+}
+
+static gboolean
+on_job_scheduled (GIOSchedulerJob *job,
+ GCancellable *cancellable,
+ GsdKerberosIdentityManager *self)
+{
+ g_assert (cancellable != NULL);
+
+ g_cancellable_connect (cancellable,
+ G_CALLBACK (on_job_cancelled),
+ self,
+ NULL);
+
+ while (!g_cancellable_is_cancelled (cancellable)) {
+ Operation *operation;
+ gboolean processed_operation;
+ GError *error = NULL;
+
+ operation = g_async_queue_pop (self->priv->pending_operations);
+
+ if (operation->result != NULL &&
+ g_cancellable_set_error_if_cancelled (operation->cancellable, &error)) {
+ g_simple_async_result_take_error (operation->result,
+ error);
+ g_simple_async_result_complete_in_idle (operation->result);
+ g_object_unref (operation->result);
+ operation->result = NULL;
+ continue;
+ }
+
+ operation->job = job;
+
+ switch (operation->type) {
+ case OPERATION_TYPE_REFRESH:
+ processed_operation = refresh_identities (operation->manager, operation);
+ break;
+ case OPERATION_TYPE_LIST:
+ list_identities (operation->manager, operation);
+ processed_operation = TRUE;
+
+ /* We want to block refreshes (and their associated "added"
+ * and "removed" signals) until the caller has had
+ * a chance to look at the batch of
+ * results we already processed
+ */
+ g_assert (operation->result != NULL);
+
+ g_debug ("GsdKerberosIdentityManager: Blocking until identities list processed");
+ block_scheduler_job (self);
+ g_object_weak_ref (G_OBJECT (operation->result),
+ (GWeakNotify)
+ stop_blocking_scheduler_job,
+ self);
+ g_debug ("GsdKerberosIdentityManager: Continuing");
+ break;
+ case OPERATION_TYPE_RENEW:
+ renew_identity (operation->manager, operation);
+ processed_operation = TRUE;
+ break;
+ case OPERATION_TYPE_SIGN_OUT:
+ sign_out_identity (operation->manager, operation);
+ processed_operation = TRUE;
+ break;
+ }
+
+ operation->job = NULL;
+
+ if (operation->result != NULL) {
+ g_simple_async_result_complete_in_idle (operation->result);
+ g_object_unref (operation->result);
+ operation->result = NULL;
+ }
+ operation_free (operation);
+
+ wait_for_scheduler_job_to_become_unblocked (self);
+
+ /* Don't bother saying "Waiting for next operation" if this operation
+ * was a no-op, since the debug spew probably already says the message
+ */
+ if (processed_operation) {
+ g_debug ("GsdKerberosIdentityManager: Waiting for next operation");
+ }
+ }
+
+ return FALSE;
+}
+
+static void
+schedule_next_operation (GsdKerberosIdentityManager *self)
+{
+}
+
+static void
+gsd_kerberos_identity_manager_list_identities (GsdIdentityManager *manager,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (manager);
+ GSimpleAsyncResult *result;
+ Operation *operation;
+
+ result = g_simple_async_result_new (G_OBJECT (self),
+ callback,
+ user_data,
+ gsd_kerberos_identity_manager_list_identities);
+
+ operation = operation_new (self,
+ cancellable,
+ OPERATION_TYPE_LIST,
+ result);
+ g_object_unref (result);
+
+ g_async_queue_push (self->priv->pending_operations, operation);
+
+ schedule_next_operation (self);
+}
+
+static GList *
+gsd_kerberos_identity_manager_list_identities_finish (GsdIdentityManager *manager,
+ GAsyncResult *result,
+ GError **error)
+{
+ GList *identities;
+
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
+ error)) {
+ return NULL;
+ }
+
+ identities = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
+
+ return identities;
+
+}
+
+static void
+gsd_kerberos_identity_manager_renew_identity (GsdIdentityManager *manager,
+ GsdIdentity *identity,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (manager);
+ GSimpleAsyncResult *result;
+ Operation *operation;
+
+ result = g_simple_async_result_new (G_OBJECT (self),
+ callback,
+ user_data,
+ gsd_kerberos_identity_manager_renew_identity);
+ operation = operation_new (self,
+ cancellable,
+ OPERATION_TYPE_RENEW,
+ result);
+ g_object_unref (result);
+
+ operation->identity = g_object_ref (identity);
+
+ g_async_queue_push (self->priv->pending_operations, operation);
+
+ schedule_next_operation (self);
+}
+
+static void
+gsd_kerberos_identity_manager_renew_identity_finish (GsdIdentityManager *self,
+ GAsyncResult *result,
+ GError **error)
+{
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
+ error)) {
+ return;
+ }
+
+ return;
+}
+
+static void
+gsd_kerberos_identity_manager_sign_identity_out (GsdIdentityManager *manager,
+ GsdIdentity *identity,
+ GCancellable *cancellable,
+ GAsyncReadyCallback callback,
+ gpointer user_data)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (manager);
+ GSimpleAsyncResult *result;
+ Operation *operation;
+
+ result = g_simple_async_result_new (G_OBJECT (self),
+ callback,
+ user_data,
+ gsd_kerberos_identity_manager_sign_identity_out);
+ operation = operation_new (self,
+ cancellable,
+ OPERATION_TYPE_SIGN_OUT,
+ result);
+ g_object_unref (result);
+
+ operation->identity = g_object_ref (identity);
+
+ g_async_queue_push (self->priv->pending_operations, operation);
+
+ schedule_next_operation (self);
+}
+
+static void
+gsd_kerberos_identity_manager_sign_identity_out_finish (GsdIdentityManager *self,
+ GAsyncResult *result,
+ GError **error)
+{
+ if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
+ error)) {
+ return;
+ }
+
+ return;
+}
+
+static char *
+gsd_kerberos_identity_manager_name_identity (GsdIdentityManager *manager,
+ GsdIdentity *identity)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (manager);
+ char *name;
+ GList *other_identities;
+ gboolean other_identity_needs_rename;
+
+ name = gsd_kerberos_identity_get_realm_name (GSD_KERBEROS_IDENTITY (identity));
+
+ if (name == NULL) {
+ return NULL;
+ }
+
+ other_identities = g_hash_table_lookup (self->priv->identities_by_realm,
+ name);
+
+ /* If there was already exactly one identity for this realm before,
+ * then it was going by just the realm name, so we need to rename it
+ * to use the full principle name
+ */
+ if (other_identities != NULL &&
+ other_identities->next == NULL &&
+ other_identities->data != identity) {
+ other_identity_needs_rename = TRUE;
+ }
+
+ other_identities = g_list_remove (other_identities, identity);
+ other_identities = g_list_prepend (other_identities, identity);
+
+ g_hash_table_replace (self->priv->identities_by_realm,
+ g_strdup (name),
+ other_identities);
+
+ if (other_identities->next != NULL) {
+ g_free (name);
+ name = gsd_kerberos_identity_get_principal_name (GSD_KERBEROS_IDENTITY (identity));
+ if (other_identity_needs_rename) {
+ GsdIdentity *other_identity = other_identities->next->data;
+
+ _gsd_identity_manager_emit_identity_renamed (GSD_IDENTITY_MANAGER (self),
+ other_identity);
+ }
+ }
+
+ return name;
+}
+
+static void
+identity_manager_interface_init (GsdIdentityManagerInterface *interface)
+{
+ interface->renew_identity = gsd_kerberos_identity_manager_renew_identity;
+ interface->renew_identity_finish = gsd_kerberos_identity_manager_renew_identity_finish;
+ interface->list_identities = gsd_kerberos_identity_manager_list_identities;
+ interface->list_identities_finish = gsd_kerberos_identity_manager_list_identities_finish;
+ interface->sign_identity_out = gsd_kerberos_identity_manager_sign_identity_out;
+ interface->sign_identity_out_finish = gsd_kerberos_identity_manager_sign_identity_out_finish;
+ interface->name_identity = gsd_kerberos_identity_manager_name_identity;
+}
+
+static void
+on_credentials_cache_changed (GFileMonitor *monitor,
+ GFile *file,
+ GFile *other_file,
+ GFileMonitorEvent *event_type,
+ gpointer user_data)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (user_data);
+
+ schedule_refresh (self);
+}
+
+static gboolean
+monitor_credentials_cache (GsdKerberosIdentityManager *self,
+ GError **error)
+{
+ krb5_ccache default_cache;
+ const char *cache_type;
+ const char *cache_path;
+ GFile *file;
+ GFileMonitor *monitor;
+ krb5_error_code error_code;
+ GError *monitoring_error;
+
+ error_code = krb5_cc_default (self->priv->kerberos_context,
+ &default_cache);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_set_error_literal (error,
+ GSD_IDENTITY_MANAGER_ERROR,
+ GSD_IDENTITY_MANAGER_ERROR_MONITORING,
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+
+ return FALSE;
+ }
+
+ cache_type = krb5_cc_get_type (self->priv->kerberos_context,
+ default_cache);
+ g_assert (cache_type != NULL);
+
+ if (strcmp (cache_type, "FILE") != 0 &&
+ strcmp (cache_type, "DIR") != 0) {
+ g_set_error (error,
+ GSD_IDENTITY_MANAGER_ERROR,
+ GSD_IDENTITY_MANAGER_ERROR_MONITORING,
+ "Only 'FILE' and 'DIR' credential cache types are really supported, not '%s'",
+ cache_type);
+ return FALSE;
+ }
+
+ /* If we're using a FILE type credential cache, then the
+ * default cache file is the only cache we care about,
+ * and its path is what we want to monitor.
+ *
+ * If we're using a DIR type credential cache, then the default
+ * cache file is one of many possible cache files, all in the
+ * same directory. We want to monitor that directory.
+ */
+ cache_path = krb5_cc_get_name (self->priv->kerberos_context,
+ default_cache);
+
+ /* The cache name might have a : in front of it.
+ * FIXME: figure out if that behavior is by design, or some
+ * odd bug.
+ */
+ if (cache_path[0] == ':') {
+ cache_path++;
+ }
+
+ file = g_file_new_for_path (cache_path);
+
+ monitoring_error = NULL;
+ if (strcmp (cache_type, "FILE") == 0) {
+ monitor = g_file_monitor_file (file,
+ G_FILE_MONITOR_NONE,
+ NULL,
+ &monitoring_error);
+ } else if (strcmp (cache_type, "DIR") == 0) {
+ GFile *directory;
+
+ directory = g_file_get_parent (file);
+ monitor = g_file_monitor_directory (directory,
+ G_FILE_MONITOR_NONE,
+ NULL,
+ &monitoring_error);
+ g_object_unref (directory);
+
+ } else {
+ g_assert_not_reached ();
+ }
+ g_object_unref (file);
+
+ if (monitor == NULL) {
+ g_propagate_error (error, monitoring_error);
+ return FALSE;
+ }
+
+ self->priv->credentials_cache_changed_signal_id = g_signal_connect (G_OBJECT (monitor),
+ "changed",
+ G_CALLBACK (on_credentials_cache_changed),
+ self);
+ self->priv->credentials_cache_monitor = monitor;
+
+ return TRUE;
+}
+
+static void
+stop_watching_credentials_cache (GsdKerberosIdentityManager *self)
+{
+ if (!g_file_monitor_is_cancelled (self->priv->credentials_cache_monitor)) {
+ g_file_monitor_cancel (self->priv->credentials_cache_monitor);
+ }
+ g_object_unref (self->priv->credentials_cache_monitor);
+ self->priv->credentials_cache_monitor = NULL;
+}
+
+static gboolean
+gsd_kerberos_identity_manager_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (initable);
+ krb5_error_code error_code;
+ GError *monitoring_error;
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error)) {
+ return FALSE;
+ }
+
+ error_code = krb5_init_context (&self->priv->kerberos_context);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_set_error_literal (error,
+ GSD_IDENTITY_MANAGER_ERROR,
+ GSD_IDENTITY_MANAGER_ERROR_INITIALIZING,
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+
+ return FALSE;
+ }
+
+ monitoring_error = NULL;
+ if (!monitor_credentials_cache (self, &monitoring_error)) {
+ g_warning ("GsdKerberosIdentityManager: Could not monitor credentials: %s",
+ monitoring_error->message);
+ g_error_free (monitoring_error);
+ }
+
+ schedule_refresh (self);
+
+ return TRUE;
+}
+
+static void
+initable_interface_init (GInitableIface *interface)
+{
+ interface->init = gsd_kerberos_identity_manager_initable_init;
+}
+
+static void
+gsd_kerberos_identity_manager_init (GsdKerberosIdentityManager *self)
+{
+ self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
+ GSD_TYPE_KERBEROS_IDENTITY_MANAGER,
+ GsdKerberosIdentityManagerPrivate);
+ self->priv->identities = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+ (GDestroyNotify)
+ g_free,
+ (GDestroyNotify)
+ g_object_unref);
+ self->priv->expired_identities = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+ (GDestroyNotify)
+ g_free,
+ NULL);
+
+ self->priv->identities_by_realm = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+ (GDestroyNotify)
+ g_free,
+ NULL);
+ self->priv->pending_operations = g_async_queue_new ();
+
+ g_mutex_init (&self->priv->scheduler_job_lock);
+ g_cond_init (&self->priv->scheduler_job_unblocked);
+
+ self->priv->scheduler_cancellable = g_cancellable_new ();
+ g_io_scheduler_push_job ((GIOSchedulerJobFunc)
+ on_job_scheduled,
+ self,
+ NULL,
+ G_PRIORITY_DEFAULT,
+ self->priv->scheduler_cancellable);
+
+}
+
+static void
+cancel_pending_operations (GsdKerberosIdentityManager *self)
+{
+ Operation *operation;
+
+ operation = g_async_queue_try_pop (self->priv->pending_operations);
+ while (operation != NULL) {
+ if (!g_cancellable_is_cancelled (operation->cancellable)) {
+ g_cancellable_cancel (operation->cancellable);
+ }
+ operation_free (operation);
+ operation = g_async_queue_try_pop (self->priv->pending_operations);
+ }
+}
+
+static void
+gsd_kerberos_identity_manager_dispose (GObject *object)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (object);
+
+ if (self->priv->identities_by_realm != NULL) {
+ g_hash_table_unref (self->priv->identities_by_realm);
+ self->priv->identities_by_realm = NULL;
+ }
+
+ if (self->priv->expired_identities != NULL) {
+ g_hash_table_unref (self->priv->expired_identities);
+ self->priv->expired_identities = NULL;
+ }
+
+ if (self->priv->identities != NULL) {
+ g_hash_table_unref (self->priv->identities);
+ self->priv->identities = NULL;
+ }
+
+ if (self->priv->credentials_cache_monitor != NULL) {
+ stop_watching_credentials_cache (self);
+ }
+
+ if (self->priv->pending_operations != NULL) {
+ cancel_pending_operations (self);
+ g_async_queue_unref (self->priv->pending_operations);
+ self->priv->pending_operations = NULL;
+ }
+
+ if (self->priv->scheduler_cancellable != NULL) {
+ if (!g_cancellable_is_cancelled (self->priv->scheduler_cancellable)) {
+ g_cancellable_cancel (self->priv->scheduler_cancellable);
+ }
+
+ g_object_unref (self->priv->scheduler_cancellable);
+ self->priv->scheduler_cancellable = NULL;
+ }
+
+ G_OBJECT_CLASS (gsd_kerberos_identity_manager_parent_class)->dispose (object);
+}
+
+static void
+gsd_kerberos_identity_manager_finalize (GObject *object)
+{
+ GsdKerberosIdentityManager *self = GSD_KERBEROS_IDENTITY_MANAGER (object);
+
+ g_cond_clear (&self->priv->scheduler_job_unblocked);
+ krb5_free_context (self->priv->kerberos_context);
+
+ G_OBJECT_CLASS (gsd_kerberos_identity_manager_parent_class)->finalize (object);
+}
+
+static void
+gsd_kerberos_identity_manager_class_init (GsdKerberosIdentityManagerClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+
+ object_class->dispose = gsd_kerberos_identity_manager_dispose;
+ object_class->finalize = gsd_kerberos_identity_manager_finalize;
+
+ g_type_class_add_private (klass, sizeof (GsdKerberosIdentityManagerPrivate));
+}
+
+GsdIdentityManager *
+gsd_kerberos_identity_manager_new (void)
+{
+ GObject *object;
+ GError *error;
+ object = g_object_new (GSD_TYPE_KERBEROS_IDENTITY_MANAGER, NULL);
+
+ error = NULL;
+ if (!g_initable_init (G_INITABLE (object), NULL, &error)) {
+ g_warning ("Could not create kerberos identity manager: %s",
+ error->message);
+ g_error_free (error);
+ g_object_unref (object);
+ return NULL;
+ }
+
+ return GSD_IDENTITY_MANAGER (object);
+}
+
+static void
+on_identities_listed (GsdIdentityManager *manager,
+ GAsyncResult *result)
+{
+ GList *identities, *node;
+ GError *error;
+
+ error = NULL;
+ identities = gsd_identity_manager_list_identities_finish (manager,
+ result,
+ &error);
+
+ if (identities == NULL) {
+ if (error != NULL) {
+ g_warning ("GsdUserPanel: Could not list identities: %s",
+ error->message);
+ g_error_free (error);
+ }
+
+ return;
+ }
+
+ node = identities;
+ while (node != NULL) {
+ GsdIdentity *identity = GSD_IDENTITY (node->data);
+
+ if (gsd_identity_is_signed_in (identity)) {
+ }
+
+ node = node->next;
+ }
+}
+
+void
+gsd_kerberos_identity_manager_start_test (GsdKerberosIdentityManager *manager,
+ GError **error)
+{
+ gsd_identity_manager_list_identities (GSD_IDENTITY_MANAGER (manager),
+ NULL,
+ (GAsyncReadyCallback)
+ on_identities_listed,
+ NULL);
+}
diff --git a/plugins/identity/gsd-kerberos-identity-manager.h b/plugins/identity/gsd-kerberos-identity-manager.h
new file mode 100644
index 0000000..67271ed
--- /dev/null
+++ b/plugins/identity/gsd-kerberos-identity-manager.h
@@ -0,0 +1,61 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Authors: Ray Strode
+ */
+
+#ifndef __GSD_KERBEROS_IDENTITY_MANAGER_H__
+#define __GSD_KERBEROS_IDENTITY_MANAGER_H__
+
+#include <glib.h>
+#include <glib-object.h>
+#include <gio/gio.h>
+
+#include "gsd-identity-manager.h"
+
+G_BEGIN_DECLS
+
+#define GSD_TYPE_KERBEROS_IDENTITY_MANAGER (gsd_kerberos_identity_manager_get_type ())
+#define GSD_KERBEROS_IDENTITY_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_CAST (obj, GSD_TYPE_KERBEROS_IDENTITY_MANAGER, GsdKerberosIdentityManager))
+#define GSD_KERBEROS_IDENTITY_MANAGER_CLASS(cls) (G_TYPE_CHECK_CLASS_CAST (cls, GSD_TYPE_KERBEROS_IDENTITY_MANAGER, GsdKerberosIdentityManagerClass))
+#define GSD_IS_KERBEROS_IDENTITY_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_TYPE (obj, GSD_TYPE_KERBEROS_IDENTITY_MANAGER))
+#define GSD_IS_KERBEROS_IDENTITY_MANAGER_CLASS(obj) (G_TYPE_CHECK_CLASS_TYPE (obj, GSD_TYPE_KERBEROS_IDENTITY_MANAGER))
+#define GSD_KERBEROS_IDENTITY_MANAGER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GSD_TYPE_KERBEROS_IDENTITY_MANAGER, GsdKerberosIdentityManagerClass))
+
+typedef struct _GsdKerberosIdentityManager GsdKerberosIdentityManager;
+typedef struct _GsdKerberosIdentityManagerClass GsdKerberosIdentityManagerClass;
+typedef struct _GsdKerberosIdentityManagerPrivate GsdKerberosIdentityManagerPrivate; struct _GsdKerberosIdentityManager
+{
+ GObject parent_instance;
+ GsdKerberosIdentityManagerPrivate *priv;
+};
+
+struct _GsdKerberosIdentityManagerClass
+{
+ GObjectClass parent_class;
+};
+
+GType gsd_kerberos_identity_manager_get_type (void);
+GsdIdentityManager* gsd_kerberos_identity_manager_new (void);
+
+void gsd_kerberos_identity_manager_start_test (GsdKerberosIdentityManager *manager,
+ GError **error);
+G_END_DECLS
+
+#endif /* __GSD_KERBEROS_IDENTITY_MANAGER_H__ */
diff --git a/plugins/identity/gsd-kerberos-identity.c b/plugins/identity/gsd-kerberos-identity.c
new file mode 100644
index 0000000..4b847a3
--- /dev/null
+++ b/plugins/identity/gsd-kerberos-identity.c
@@ -0,0 +1,939 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Author: Ray Strode
+ */
+
+#include "config.h"
+
+#include "gsd-identity.h"
+#include "gsd-kerberos-identity.h"
+#include "gsd-alarm.h"
+
+#include <string.h>
+#include <glib/gi18n.h>
+#include <gio/gio.h>
+
+struct _GsdKerberosIdentityPrivate
+{
+ krb5_context kerberos_context;
+ krb5_ccache credentials_cache;
+
+ char *identifier;
+ char *cached_principal_name;
+ char *cached_realm_name;
+ GsdAlarm *expiration_alarm;
+ GCancellable *expiration_alarm_cancellable;
+ krb5_timestamp expiration_time;
+
+ GsdAlarm *renewal_alarm;
+ GCancellable *renewal_alarm_cancellable;
+
+ GRecMutex updates_lock;
+};
+
+typedef enum
+{
+ VERIFICATION_LEVEL_UNVERIFIED,
+ VERIFICATION_LEVEL_ERROR,
+ VERIFICATION_LEVEL_EXISTS,
+ VERIFICATION_LEVEL_SIGNED_IN
+} VerificationLevel;
+
+enum {
+ EXPIRED,
+ UNEXPIRED,
+ NEEDS_RENEWAL,
+ NEEDS_REFRESH,
+ NUMBER_OF_SIGNALS,
+};
+
+static guint signals[NUMBER_OF_SIGNALS] = { 0 };
+
+static void identity_interface_init (GsdIdentityInterface *interface);
+static void initable_interface_init (GInitableIface *interface);
+static void set_expiration_and_renewal_alarms (GsdKerberosIdentity *self);
+
+G_DEFINE_TYPE_WITH_CODE (GsdKerberosIdentity,
+ gsd_kerberos_identity,
+ G_TYPE_OBJECT,
+ G_IMPLEMENT_INTERFACE (GSD_TYPE_IDENTITY,
+ identity_interface_init)
+ G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+ initable_interface_init));
+
+static void
+gsd_kerberos_identity_dispose (GObject *object)
+{
+ GsdKerberosIdentity *self = GSD_KERBEROS_IDENTITY (object);
+
+ if (self->priv->renewal_alarm_cancellable != NULL) {
+ if (!g_cancellable_is_cancelled (self->priv->renewal_alarm_cancellable)) {
+ g_cancellable_cancel (self->priv->renewal_alarm_cancellable);
+ }
+ g_object_unref (self->priv->renewal_alarm_cancellable);
+ self->priv->renewal_alarm_cancellable = NULL;
+ }
+
+ if (self->priv->renewal_alarm != NULL) {
+ g_object_unref (self->priv->renewal_alarm);
+ self->priv->renewal_alarm = NULL;
+ }
+
+ if (self->priv->expiration_alarm_cancellable != NULL) {
+ if (!g_cancellable_is_cancelled (self->priv->expiration_alarm_cancellable)) {
+ g_cancellable_cancel (self->priv->expiration_alarm_cancellable);
+ }
+ g_object_unref (self->priv->expiration_alarm_cancellable);
+ self->priv->expiration_alarm_cancellable = NULL;
+ }
+
+ if (self->priv->expiration_alarm != NULL) {
+ g_object_unref (self->priv->expiration_alarm);
+ self->priv->expiration_alarm = NULL;
+ }
+}
+
+static void
+gsd_kerberos_identity_finalize (GObject *object)
+{
+ GsdKerberosIdentity *self = GSD_KERBEROS_IDENTITY (object);
+
+ g_free (self->priv->identifier);
+ self->priv->identifier = NULL;
+
+ if (self->priv->credentials_cache != NULL) {
+ krb5_cc_close (self->priv->kerberos_context, self->priv->credentials_cache);
+ }
+
+ G_OBJECT_CLASS (gsd_kerberos_identity_parent_class)->finalize (object);
+}
+
+static void
+gsd_kerberos_identity_class_init (GsdKerberosIdentityClass *klass)
+{
+ GObjectClass *object_class;
+
+ object_class = G_OBJECT_CLASS (klass);
+
+ object_class->dispose = gsd_kerberos_identity_dispose;
+ object_class->finalize = gsd_kerberos_identity_finalize;
+
+ g_type_class_add_private (klass, sizeof (GsdKerberosIdentityPrivate));
+
+ signals[EXPIRED] = g_signal_new ("expired",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
+ signals[UNEXPIRED] = g_signal_new ("unexpired",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
+ signals[NEEDS_RENEWAL] = g_signal_new ("needs-renewal",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
+ signals[NEEDS_REFRESH] = g_signal_new ("needs-refresh",
+ G_TYPE_FROM_CLASS (klass),
+ G_SIGNAL_RUN_LAST,
+ 0,
+ NULL, NULL, NULL,
+ G_TYPE_NONE, 0);
+}
+
+static void
+gsd_kerberos_identity_init (GsdKerberosIdentity *self)
+{
+ self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
+ GSD_TYPE_KERBEROS_IDENTITY,
+ GsdKerberosIdentityPrivate);
+ self->priv->expiration_alarm = gsd_alarm_new ();
+ self->priv->renewal_alarm = gsd_alarm_new ();
+
+ g_rec_mutex_init (&self->priv->updates_lock);
+}
+
+static char *
+get_principal_name (GsdKerberosIdentity *self,
+ gboolean for_display)
+{
+ krb5_principal principal;
+ krb5_error_code error_code;
+ char *unparsed_name;
+ char *principal_name;
+ int flags;
+
+ if (self->priv->credentials_cache == NULL) {
+ return NULL;
+ }
+
+ error_code = krb5_cc_get_principal (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &principal);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("GsdKerberosIdentity: Error looking up principal identity in credential cache: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return NULL;
+ }
+
+ if (for_display) {
+ flags = KRB5_PRINCIPAL_UNPARSE_DISPLAY;
+ } else {
+ flags = 0;
+ }
+
+ error_code = krb5_unparse_name_flags (self->priv->kerberos_context,
+ principal,
+ flags,
+ &unparsed_name);
+
+ if (error_code != 0) {
+ const char *error_message;
+
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("GsdKerberosIdentity: Error parsing principal identity name: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return NULL;
+ }
+
+ principal_name = g_strdup (unparsed_name);
+ krb5_free_unparsed_name (self->priv->kerberos_context, unparsed_name);
+
+ return principal_name;
+}
+
+char *
+gsd_kerberos_identity_get_principal_name (GsdKerberosIdentity *self)
+{
+ char *principal_name;
+
+ if (self->priv->cached_principal_name == NULL) {
+ self->priv->cached_principal_name = get_principal_name (self, TRUE);
+ }
+ principal_name = g_strdup (self->priv->cached_principal_name);
+
+ return principal_name;
+}
+
+static char *
+get_realm_name (GsdKerberosIdentity *self)
+{
+ krb5_principal principal;
+ krb5_error_code error_code;
+ krb5_data *realm;
+ char *realm_name;
+
+ if (self->priv->credentials_cache == NULL) {
+ return NULL;
+ }
+
+ error_code = krb5_cc_get_principal (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &principal);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("GsdKerberosIdentity: Error looking up principal identity in credential cache: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return NULL;
+ }
+
+ realm = krb5_princ_realm (self->priv->kerberos_context,
+ principal);
+ realm_name = g_strndup (realm->data, realm->length);
+ krb5_free_principal (self->priv->kerberos_context, principal);
+
+ return realm_name;
+}
+
+char *
+gsd_kerberos_identity_get_realm_name (GsdKerberosIdentity *self)
+{
+ char *realm_name;
+
+ if (self->priv->cached_realm_name == NULL) {
+ self->priv->cached_realm_name = get_realm_name (self);
+ }
+ realm_name = g_strdup (self->priv->cached_realm_name);
+
+ return realm_name;
+}
+
+static const char *
+gsd_kerberos_identity_get_identifier (GsdIdentity *identity)
+{
+ GsdKerberosIdentity *self = GSD_KERBEROS_IDENTITY (identity);
+
+ if (self->priv->identifier == NULL) {
+ self->priv->identifier = get_principal_name (self, FALSE);
+ }
+
+ return self->priv->identifier;
+}
+
+static gboolean
+credentials_validate_existence (GsdKerberosIdentity *self,
+ krb5_principal principal,
+ krb5_creds *credentials)
+{
+ /* Checks if default principal associated with the cache has a valid
+ * ticket granting ticket in the passed in credentials
+ */
+
+ if (krb5_is_config_principal (self->priv->kerberos_context,
+ credentials->server)) {
+ return FALSE;
+ }
+
+ /* looking for the krbtgt / REALM pair, so it should be exactly 2 items */
+ if (krb5_princ_size (self->priv->kerberos_context,
+ credentials->server) != 2) {
+ return FALSE;
+ }
+
+ if (!krb5_realm_compare (self->priv->kerberos_context,
+ credentials->server,
+ principal)) {
+ /* credentials are from some other realm */
+ return FALSE;
+ }
+
+ if (strncmp (credentials->server->data[0].data,
+ KRB5_TGS_NAME,
+ credentials->server->data[0].length) != 0) {
+ /* credentials aren't for ticket granting */
+ return FALSE;
+ }
+
+ if (credentials->server->data[1].length != principal->realm.length ||
+ memcmp (credentials->server->data[1].data,
+ principal->realm.data,
+ principal->realm.length) != 0) {
+ /* credentials are for some other realm */
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+static krb5_timestamp
+get_current_time (GsdKerberosIdentity *self)
+{
+ krb5_timestamp current_time;
+ krb5_error_code error_code;
+
+ error_code = krb5_timeofday (self->priv->kerberos_context,
+ ¤t_time);
+
+ if (error_code != 0) {
+ const char *error_message;
+
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_warning ("GsdKerberosIdentity: Error getting current time: %s", error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return 0;
+ }
+
+ return current_time;
+}
+
+static gboolean
+credentials_are_expired (GsdKerberosIdentity *self,
+ krb5_creds *credentials)
+{
+ krb5_timestamp current_time;
+
+ current_time = get_current_time (self);
+
+ self->priv->expiration_time = MAX (credentials->times.endtime,
+ self->priv->expiration_time);
+
+ if (credentials->times.endtime <= current_time) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+static VerificationLevel
+verify_identity (GsdKerberosIdentity *self,
+ GError **error)
+{
+ krb5_principal principal;
+ const char *error_message;
+ krb5_cc_cursor cursor;
+ krb5_creds credentials;
+ krb5_error_code error_code;
+ VerificationLevel verification_level;
+
+ if (self->priv->credentials_cache == NULL) {
+ return VERIFICATION_LEVEL_UNVERIFIED;
+ }
+
+ error_code = krb5_cc_get_principal (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &principal);
+
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ if (error_code == KRB5_CC_END) {
+ return VERIFICATION_LEVEL_UNVERIFIED;
+ }
+
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_VERIFYING,
+ _("Could not find identity in credential cache: %s"),
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+
+ return VERIFICATION_LEVEL_ERROR;
+ }
+
+ error_code = krb5_cc_start_seq_get (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &cursor);
+ if (error_code != 0) {
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_VERIFYING,
+ _("Could not find identity credentials in cache: %s"),
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+
+ verification_level = VERIFICATION_LEVEL_ERROR;
+ goto out;
+ }
+
+ verification_level = VERIFICATION_LEVEL_UNVERIFIED;
+
+ error_code = krb5_cc_next_cred (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &cursor,
+ &credentials);
+
+ while (error_code == 0) {
+ if (credentials_validate_existence (self, principal, &credentials)) {
+ if (!credentials_are_expired (self, &credentials)) {
+ verification_level = VERIFICATION_LEVEL_SIGNED_IN;
+ g_debug ("GsdKerberosIdentity: credentials good");
+ } else {
+ verification_level = VERIFICATION_LEVEL_EXISTS;
+ g_debug ("GsdKerberosIdentity: credentials expired");
+ }
+ }
+
+ error_code = krb5_cc_next_cred (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &cursor,
+ &credentials);
+ }
+
+ if (error_code != KRB5_CC_END) {
+ verification_level = VERIFICATION_LEVEL_ERROR;
+
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_VERIFYING,
+ _("Could not sift through identity credentials in cache: %s"),
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ goto out;
+ }
+
+ error_code = krb5_cc_end_seq_get (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &cursor);
+
+ if (error_code != 0) {
+ verification_level = VERIFICATION_LEVEL_ERROR;
+
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_VERIFYING,
+ _("Could not finish up sifting through identity credentials in cache: %s"),
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ goto out;
+ }
+out:
+ krb5_free_principal (self->priv->kerberos_context, principal);
+ return verification_level;
+}
+
+static gboolean
+gsd_kerberos_identity_is_signed_in (GsdIdentity *identity)
+{
+ GsdKerberosIdentity *self = GSD_KERBEROS_IDENTITY (identity);
+ VerificationLevel verification_level;
+
+ verification_level = verify_identity (self, NULL);
+
+ return verification_level == VERIFICATION_LEVEL_SIGNED_IN;
+}
+
+static void
+identity_interface_init (GsdIdentityInterface *interface)
+{
+ interface->get_identifier = gsd_kerberos_identity_get_identifier;
+ interface->is_signed_in = gsd_kerberos_identity_is_signed_in;
+}
+
+static void
+on_expiration_alarm_fired (GsdAlarm *alarm,
+ GsdKerberosIdentity *self)
+{
+ VerificationLevel verification_level;
+
+ g_return_if_fail (GSD_IS_ALARM (alarm));
+ g_return_if_fail (GSD_IS_KERBEROS_IDENTITY (self));
+
+ g_signal_emit (G_OBJECT (self), signals[NEEDS_REFRESH], 0);
+#if 0
+ verification_level = verify_identity (self, NULL);
+
+ if (verification_level != VERIFICATION_LEVEL_SIGNED_IN) {
+ g_signal_emit (G_OBJECT (self), signals[EXPIRED], 0);
+ }
+
+ if (verification_level != VERIFICATION_LEVEL_SIGNED_IN) {
+ set_expiration_and_renewal_alarms (self);
+ }
+#endif
+
+}
+
+static void
+on_expiration_alarm_rearmed (GsdAlarm *alarm,
+ GsdKerberosIdentity *self)
+{
+ VerificationLevel verification_level;
+
+ g_return_if_fail (GSD_IS_ALARM (alarm));
+ g_return_if_fail (GSD_IS_KERBEROS_IDENTITY (self));
+
+ g_signal_emit (G_OBJECT (self), signals[NEEDS_REFRESH], 0);
+#if 0
+ verification_level = verify_identity (self, NULL);
+
+ if (verification_level == VERIFICATION_LEVEL_SIGNED_IN) {
+ g_signal_emit (G_OBJECT (self), signals[UNEXPIRED], 0);
+ }
+
+ if (verification_level == VERIFICATION_LEVEL_SIGNED_IN) {
+ set_expiration_and_renewal_alarms (self);
+ }
+#endif
+}
+
+static void
+on_renewal_alarm_fired (GsdAlarm *alarm,
+ GsdKerberosIdentity *self)
+{
+ VerificationLevel verification_level;
+
+ g_return_if_fail (GSD_IS_ALARM (alarm));
+ g_return_if_fail (GSD_IS_KERBEROS_IDENTITY (self));
+
+ if (self->priv->renewal_alarm_cancellable != NULL) {
+ g_object_unref (self->priv->renewal_alarm_cancellable);
+ self->priv->renewal_alarm_cancellable = NULL;
+ }
+
+ g_debug ("GsdKerberosIdentity: renewal alarm fired");
+ g_signal_emit (G_OBJECT (self), signals[NEEDS_RENEWAL], 0);
+#if 0
+ verification_level = verify_identity (self, NULL);
+
+ if (verification_level == VERIFICATION_LEVEL_SIGNED_IN) {
+ g_signal_emit (G_OBJECT (self), signals[NEEDS_RENEWAL], 0);
+ } else {
+ g_debug ("GsdKerberosIdentity: not signed in so not renewing");
+ }
+
+ if (verification_level == VERIFICATION_LEVEL_SIGNED_IN) {
+ set_expiration_and_renewal_alarms (self);
+ }
+#endif
+}
+
+static void
+on_renewal_alarm_rearmed (GsdAlarm *alarm,
+ GsdKerberosIdentity *self)
+{
+ VerificationLevel verification_level;
+
+ g_return_if_fail (GSD_IS_ALARM (alarm));
+ g_return_if_fail (GSD_IS_KERBEROS_IDENTITY (self));
+
+#if 0
+ G_LOCK (gsd_kerberos_identity_updates_lock);
+ verification_level = verify_identity (self, NULL);
+ G_UNLOCK (gsd_kerberos_identity_updates_lock);
+
+ if (verification_level == VERIFICATION_LEVEL_SIGNED_IN) {
+ set_expiration_and_renewal_alarms (self);
+ }
+#endif
+}
+
+static void
+set_expiration_and_renewal_alarms (GsdKerberosIdentity *self)
+{
+ GDateTime *now;
+ GDateTime *expiration_time;
+ GDateTime *renewal_time;
+ GTimeSpan time_span_until_expiration;
+
+ now = g_date_time_new_now_local ();
+ expiration_time = g_date_time_new_from_unix_local (self->priv->expiration_time);
+ time_span_until_expiration = g_date_time_difference (expiration_time, now);
+ renewal_time = g_date_time_add (expiration_time,
+ - (time_span_until_expiration / 2));
+
+ g_signal_handlers_disconnect_by_func (G_OBJECT (self->priv->expiration_alarm),
+ G_CALLBACK (on_expiration_alarm_fired),
+ self);
+ g_signal_handlers_disconnect_by_func (G_OBJECT (self->priv->renewal_alarm),
+ G_CALLBACK (on_renewal_alarm_fired),
+ self);
+ g_signal_connect (G_OBJECT (self->priv->expiration_alarm),
+ "fired",
+ G_CALLBACK (on_expiration_alarm_fired),
+ self);
+ g_signal_connect (G_OBJECT (self->priv->renewal_alarm),
+ "fired",
+ G_CALLBACK (on_renewal_alarm_fired),
+ self);
+ g_signal_handlers_disconnect_by_func (G_OBJECT (self->priv->expiration_alarm),
+ G_CALLBACK (on_expiration_alarm_rearmed),
+ self);
+ g_signal_handlers_disconnect_by_func (G_OBJECT (self->priv->renewal_alarm),
+ G_CALLBACK (on_renewal_alarm_rearmed),
+ self);
+ g_signal_connect (G_OBJECT (self->priv->expiration_alarm),
+ "rearmed",
+ G_CALLBACK (on_expiration_alarm_rearmed),
+ self);
+ g_signal_connect (G_OBJECT (self->priv->renewal_alarm),
+ "rearmed",
+ G_CALLBACK (on_renewal_alarm_rearmed),
+ self);
+
+ if (self->priv->expiration_alarm_cancellable != NULL) {
+ g_object_unref (self->priv->expiration_alarm_cancellable);
+ self->priv->expiration_alarm_cancellable = NULL;
+ }
+
+ if (self->priv->renewal_alarm_cancellable != NULL) {
+ g_object_unref (self->priv->renewal_alarm_cancellable);
+ self->priv->renewal_alarm_cancellable = NULL;
+ }
+
+ self->priv->expiration_alarm_cancellable = g_cancellable_new ();
+ gsd_alarm_set (self->priv->expiration_alarm,
+ expiration_time,
+ self->priv->expiration_alarm_cancellable);
+ g_date_time_unref (expiration_time);
+
+ self->priv->renewal_alarm_cancellable = g_cancellable_new ();
+ gsd_alarm_set (self->priv->renewal_alarm,
+ renewal_time,
+ self->priv->renewal_alarm_cancellable);
+ g_date_time_unref (renewal_time);
+}
+
+static gboolean
+gsd_kerberos_identity_initable_init (GInitable *initable,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GsdKerberosIdentity *self = GSD_KERBEROS_IDENTITY (initable);
+ GError *verification_error;
+ VerificationLevel verification_level;
+
+ if (g_cancellable_set_error_if_cancelled (cancellable, error)) {
+ return FALSE;
+ }
+
+ verification_error = NULL;
+ verification_level = verify_identity (self, &verification_error);
+
+ switch (verification_level) {
+ case VERIFICATION_LEVEL_EXISTS:
+ set_expiration_and_renewal_alarms (self);
+ return TRUE;
+
+ case VERIFICATION_LEVEL_SIGNED_IN:
+ set_expiration_and_renewal_alarms (self);
+ return TRUE;
+
+ case VERIFICATION_LEVEL_ERROR:
+ g_propagate_error (error, verification_error);
+ return FALSE;
+
+ case VERIFICATION_LEVEL_UNVERIFIED:
+ default:
+ {
+ const char *name;
+
+ name = krb5_cc_get_name (self->priv->kerberos_context,
+ self->priv->credentials_cache);
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_VERIFYING,
+ _("No associated identification found%s%s"),
+ name != NULL? " for credentials cache " : "",
+ name != NULL? name : "");
+ return FALSE;
+ }
+ }
+}
+
+static void
+initable_interface_init (GInitableIface *interface)
+{
+ interface->init = gsd_kerberos_identity_initable_init;
+}
+
+void
+gsd_kerberos_identity_update (GsdKerberosIdentity *self,
+ GsdKerberosIdentity *new_identity)
+{
+ char *new_principal_name;
+ VerificationLevel verification_level;
+
+ if (self->priv->credentials_cache != NULL) {
+ krb5_cc_close (self->priv->kerberos_context, self->priv->credentials_cache);
+ }
+ krb5_cc_dup (new_identity->priv->kerberos_context,
+ new_identity->priv->credentials_cache,
+ &self->priv->credentials_cache);
+
+ if (!g_cancellable_is_cancelled (self->priv->renewal_alarm_cancellable)) {
+ g_cancellable_cancel (self->priv->renewal_alarm_cancellable);
+ }
+
+ if (!g_cancellable_is_cancelled (self->priv->expiration_alarm_cancellable)) {
+ g_cancellable_cancel (self->priv->expiration_alarm_cancellable);
+ }
+
+ new_principal_name = get_principal_name (self, FALSE);
+ if (g_strcmp0 (self->priv->identifier, new_principal_name) != 0) {
+ g_free (self->priv->identifier);
+ self->priv->identifier = new_principal_name;
+ } else {
+ g_free (new_principal_name);
+ }
+
+ g_free (self->priv->cached_realm_name);
+ self->priv->cached_realm_name = get_realm_name (self);
+
+ g_free (self->priv->cached_principal_name);
+ self->priv->cached_principal_name = get_principal_name (self, TRUE);
+
+ verification_level = verify_identity (self, NULL);
+
+ if (verification_level == VERIFICATION_LEVEL_SIGNED_IN ||
+ verification_level == VERIFICATION_LEVEL_EXISTS) {
+ set_expiration_and_renewal_alarms (self);
+ }
+}
+
+gboolean
+gsd_kerberos_identity_renew (GsdKerberosIdentity *self,
+ GError **error)
+{
+ krb5_error_code error_code = 0;
+ krb5_principal principal;
+ krb5_creds new_credentials;
+ gboolean renewed = FALSE;
+ char *name = NULL;
+
+ if (self->priv->credentials_cache == NULL) {
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_RENEWING,
+ _("Could not renew identitys: Not signed in"));
+ goto out;
+ }
+
+
+ error_code = krb5_cc_get_principal (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &principal);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+ if (error_code == 22)
+ raise(SIGABRT);
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_RENEWING,
+ _("Could not renew identity: %s"), error_message);
+
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ goto out;
+ }
+
+ name = gsd_kerberos_identity_get_principal_name (self);
+
+ error_code = krb5_get_renewed_creds (self->priv->kerberos_context,
+ &new_credentials,
+ principal,
+ self->priv->credentials_cache,
+ NULL);
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_RENEWING,
+ _("Could not get new credentials to renew identity %s: %s"),
+ name,
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ krb5_free_principal (self->priv->kerberos_context, principal);
+ goto out;
+ }
+
+ error_code = krb5_cc_initialize (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ principal);
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_RENEWING,
+ _("Could not reinitialize credentials cache to renew identity %s: %s"),
+ name,
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ krb5_free_principal (self->priv->kerberos_context, principal);
+ krb5_free_cred_contents (self->priv->kerberos_context, &new_credentials);
+ goto out;
+ }
+
+ krb5_free_principal (self->priv->kerberos_context, principal);
+
+ error_code = krb5_cc_store_cred (self->priv->kerberos_context,
+ self->priv->credentials_cache,
+ &new_credentials);
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_RENEWING,
+ _("Could not store new credentials in credentials cache to renew identity %s: %s"),
+ name,
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ krb5_free_cred_contents (self->priv->kerberos_context, &new_credentials);
+ goto out;
+ }
+ krb5_free_cred_contents (self->priv->kerberos_context, &new_credentials);
+
+ g_debug ("GsdKerberosIdentity: identity %s renewed\n", name);
+ renewed = TRUE;
+out:
+ g_free (name);
+
+ return renewed;
+}
+
+gboolean
+gsd_kerberos_identity_erase (GsdKerberosIdentity *self,
+ GError **error)
+{
+ krb5_error_code error_code = 0;
+
+ if (self->priv->credentials_cache != NULL) {
+ error_code = krb5_cc_destroy (self->priv->kerberos_context,
+ self->priv->credentials_cache);
+ self->priv->credentials_cache = NULL;
+ }
+
+ if (error_code != 0) {
+ const char *error_message;
+ error_message = krb5_get_error_message (self->priv->kerberos_context, error_code);
+
+ g_set_error (error,
+ GSD_IDENTITY_ERROR,
+ GSD_IDENTITY_ERROR_ERASING,
+ _("Could not erase identity: %s"),
+ error_message);
+ krb5_free_error_message (self->priv->kerberos_context, error_message);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+GsdIdentity *
+gsd_kerberos_identity_new (krb5_context context,
+ krb5_ccache cache)
+{
+ GsdKerberosIdentity *self;
+ GError *error;
+
+ self = GSD_KERBEROS_IDENTITY (g_object_new (GSD_TYPE_KERBEROS_IDENTITY, NULL));
+
+ krb5_cc_dup (context,
+ cache,
+ &self->priv->credentials_cache);
+ self->priv->kerberos_context = context;
+
+ error = NULL;
+ if (!g_initable_init (G_INITABLE (self), NULL, &error)) {
+ const char *name;
+
+ name = krb5_cc_get_name (context,
+ cache);
+ g_debug ("Could not build identity%s%s: %s",
+ name != NULL? " from credentials cache " : "",
+ name != NULL? name : "",
+ error->message);
+ g_error_free (error);
+ g_object_unref (self);
+ return NULL;
+ }
+
+ return GSD_IDENTITY (self);
+}
diff --git a/plugins/identity/gsd-kerberos-identity.h b/plugins/identity/gsd-kerberos-identity.h
new file mode 100644
index 0000000..32d77fd
--- /dev/null
+++ b/plugins/identity/gsd-kerberos-identity.h
@@ -0,0 +1,85 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Authors: Ray Strode
+ */
+
+#ifndef __GSD_KERBEROS_IDENTITY_H__
+#define __GSD_KERBEROS_IDENTITY_H__
+
+#include <glib.h>
+#include <glib-object.h>
+
+#include <krb5.h>
+
+G_BEGIN_DECLS
+
+#define GSD_TYPE_KERBEROS_IDENTITY (gsd_kerberos_identity_get_type ())
+#define GSD_KERBEROS_IDENTITY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GSD_TYPE_KERBEROS_IDENTITY, GsdKerberosIdentity))
+#define GSD_KERBEROS_IDENTITY_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GSD_TYPE_KERBEROS_IDENTITY, GsdKerberosIdentityClass))
+#define GSD_IS_KERBEROS_IDENTITY(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GSD_TYPE_KERBEROS_IDENTITY))
+#define GSD_IS_KERBEROS_IDENTITY_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GSD_TYPE_KERBEROS_IDENTITY))
+#define GSD_KERBEROS_IDENTITY_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), GSD_TYPE_KERBEROS_IDENTITY, GsdKerberosIdentityClass))
+
+typedef struct _GsdKerberosIdentity GsdKerberosIdentity;
+typedef struct _GsdKerberosIdentityClass GsdKerberosIdentityClass;
+typedef struct _GsdKerberosIdentityPrivate GsdKerberosIdentityPrivate;
+typedef enum _GsdKerberosIdentityDescriptionLevel GsdKerberosIdentityDescriptionLevel;
+
+enum _GsdKerberosIdentityDescriptionLevel
+{
+ GSD_KERBEROS_IDENTITY_DESCRIPTION_REALM,
+ GSD_KERBEROS_IDENTITY_DESCRIPTION_USERNAME_AND_REALM,
+ GSD_KERBEROS_IDENTITY_DESCRIPTION_USERNAME_ROLE_AND_REALM
+};
+
+struct _GsdKerberosIdentity
+{
+ GObject parent;
+
+ GsdKerberosIdentityPrivate *priv;
+};
+
+struct _GsdKerberosIdentityClass
+{
+ GObjectClass parent_class;
+};
+
+GType gsd_kerberos_identity_get_type (void);
+
+void gsd_kerberos_identity_lock (void);
+void gsd_kerberos_identity_unlock (void);
+GsdIdentity *gsd_kerberos_identity_new (krb5_context kerberos_context,
+ krb5_ccache cache);
+
+void gsd_kerberos_identity_update (GsdKerberosIdentity *identity,
+ GsdKerberosIdentity *new_identity);
+gboolean gsd_kerberos_identity_renew (GsdKerberosIdentity *self,
+ GError **error);
+gboolean gsd_kerberos_identity_erase (GsdKerberosIdentity *self,
+ GError **error);
+
+char *gsd_kerberos_identity_get_principal_name (GsdKerberosIdentity *self);
+char *gsd_kerberos_identity_get_realm_name (GsdKerberosIdentity *self);
+
+void gsd_kerberos_identity_block_updates (GsdKerberosIdentity *identity);
+void gsd_kerberos_identity_stop_blocking_updates (GsdKerberosIdentity *identity);
+G_END_DECLS
+
+#endif /* __GSD_KERBEROS_IDENTITY_H__ */
diff --git a/plugins/identity/identity.gnome-settings-plugin.in b/plugins/identity/identity.gnome-settings-plugin.in
new file mode 100644
index 0000000..1511abd
--- /dev/null
+++ b/plugins/identity/identity.gnome-settings-plugin.in
@@ -0,0 +1,8 @@
+[GNOME Settings Plugin]
+Module=identity
+IAge=0
+_Name=Identity
+_Description=Identity plugin
+Authors=Ray Strode
+Copyright=Copyright  2012 Red Hat, Inc.
+Website=
diff --git a/plugins/identity/test-identity.c b/plugins/identity/test-identity.c
new file mode 100644
index 0000000..039d03b
--- /dev/null
+++ b/plugins/identity/test-identity.c
@@ -0,0 +1,6 @@
+#define NEW gsd_kerberos_identity_manager_new
+#define START gsd_kerberos_identity_manager_start_test
+#define MANAGER GsdKerberosIdentityManager
+#include "gsd-kerberos-identity-manager.h"
+
+#include "test-plugin.h"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
