[gnome-online-accounts] kerberos: Discover and validate realm before use
- From: Ray Strode <halfline src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-online-accounts] kerberos: Discover and validate realm before use
- Date: Mon, 22 Oct 2012 04:09:49 +0000 (UTC)
commit 604354ba5b8a30b20613f0bcf9bc0c28757b1853
Author: Stef Walter <stefw gnome org>
Date: Sun Oct 21 23:40:07 2012 -0400
kerberos: Discover and validate realm before use
GoaKerberosProvider now talks directly with realmd
to get its list of available realms.
Since it talks to realmd directly it now has
an opportunity to validate what the user is typing,
and e.g. map domains the user types into realms.
This commit adds that additional discovery logic,
rather than passing what the user types blindly
to the identity service.
https://bugzilla.gnome.org/show_bug.cgi?id=686416
src/goabackend/goakerberosprovider.c | 138 ++++++++++++++++++++++++++++++++++
1 files changed, 138 insertions(+), 0 deletions(-)
---
diff --git a/src/goabackend/goakerberosprovider.c b/src/goabackend/goakerberosprovider.c
index e36f68a..221ea17 100644
--- a/src/goabackend/goakerberosprovider.c
+++ b/src/goabackend/goakerberosprovider.c
@@ -121,6 +121,67 @@ translate_error (GError **error)
g_dbus_error_strip_remote_error (*error);
}
+static gboolean
+query_tooltip (GtkWidget *widget,
+ gint x,
+ gint y,
+ gboolean keyboard_mode,
+ GtkTooltip *tooltip,
+ gpointer user_data)
+{
+ gchar *tip;
+
+ if (GTK_ENTRY_ICON_SECONDARY == gtk_entry_get_icon_at_pos (GTK_ENTRY (widget), x, y))
+ {
+ tip = gtk_entry_get_icon_tooltip_text (GTK_ENTRY (widget),
+ GTK_ENTRY_ICON_SECONDARY);
+ gtk_tooltip_set_text (tooltip, tip);
+ g_free (tip);
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+static void
+icon_released (GtkEntry *entry,
+ GtkEntryIconPosition pos,
+ GdkEvent *event,
+ gpointer user_data)
+{
+ GtkSettings *settings;
+ gint timeout;
+
+ settings = gtk_widget_get_settings (GTK_WIDGET (entry));
+
+ g_object_get (settings, "gtk-tooltip-timeout", &timeout, NULL);
+ g_object_set (settings, "gtk-tooltip-timeout", 1, NULL);
+ gtk_tooltip_trigger_tooltip_query (gtk_widget_get_display (GTK_WIDGET (entry)));
+ g_object_set (settings, "gtk-tooltip-timeout", timeout, NULL);
+}
+
+static void
+set_entry_validation_error (GtkEntry *entry,
+ GError *error)
+{
+ translate_error (&error);
+ gtk_entry_set_icon_from_icon_name (entry, GTK_ENTRY_ICON_SECONDARY,
+ "dialog-error-symbolic");
+ gtk_entry_set_icon_activatable (entry, GTK_ENTRY_ICON_SECONDARY, TRUE);
+ g_signal_connect (entry, "icon-release", G_CALLBACK (icon_released), FALSE);
+ g_signal_connect (entry, "query-tooltip", G_CALLBACK (query_tooltip), NULL);
+ g_object_set (entry, "has-tooltip", TRUE, NULL);
+ gtk_entry_set_icon_tooltip_text (entry, GTK_ENTRY_ICON_SECONDARY,
+ error->message);
+}
+
+static void
+clear_entry_validation_error (GtkEntry *entry)
+{
+ g_object_set (entry, "has-tooltip", FALSE, NULL);
+ gtk_entry_set_icon_from_pixbuf (entry, GTK_ENTRY_ICON_SECONDARY, NULL);
+}
+
static void
on_identity_signed_in (GoaIdentityServiceManager *manager,
GAsyncResult *result,
@@ -1050,6 +1111,7 @@ create_account_details_ui (GoaKerberosProvider *self,
request->realm_store,
&request->realm_combo_box,
&request->realm_entry);
+ g_signal_connect (request->realm_entry, "changed", G_CALLBACK (clear_entry_validation_error), NULL);
gtk_combo_box_set_entry_text_column (GTK_COMBO_BOX (request->realm_combo_box), 0);
add_entry (grid1, grid2, _("User_name"), &request->username);
@@ -1354,6 +1416,55 @@ release_realmd (GDBusProxy *proxy)
}
}
+static void
+on_discover_realm (GObject *source,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ SignInRequest *request = user_data;
+ GError *error = NULL;
+ gchar **realm_paths = NULL;
+ GDBusObject *object = NULL;
+ GoaRealmKerberos *kerberos = NULL;
+ gint unused;
+
+ goa_realm_provider_call_discover_finish (request->realm_provider, &unused,
+ &realm_paths, result, &error);
+
+ if (error == NULL && realm_paths)
+ {
+ if (realm_paths[0])
+ object = g_dbus_object_manager_get_object (request->realm_manager,
+ realm_paths[0]);
+ if (object)
+ {
+ kerberos = goa_realm_object_get_kerberos (GOA_REALM_OBJECT (object));
+ g_object_unref (object);
+ }
+ g_strfreev (realm_paths);
+ }
+
+ g_clear_error (&request->error);
+
+ if (kerberos)
+ {
+ gtk_entry_set_text (GTK_ENTRY (request->realm_entry),
+ goa_realm_kerberos_get_realm_name (kerberos));
+ g_object_unref (kerberos);
+ }
+ else if (error)
+ {
+ request->error = error;
+ }
+ else
+ {
+ g_set_error (&request->error, G_IO_ERROR, G_IO_ERROR_FAILED,
+ _("The domain is not valid"));
+ }
+
+ g_main_loop_quit (request->loop);
+}
+
static GoaObject *
add_account (GoaProvider *provider,
GoaClient *client,
@@ -1373,6 +1484,7 @@ add_account (GoaProvider *provider,
gchar *principal;
gchar *principal_for_display;
gint response;
+ GVariant *options;
object = NULL;
principal = NULL;
@@ -1400,6 +1512,32 @@ start_over:
}
realm = get_realm (&request);
+
+ /* Would have been set by dialog above, otherwise no realmd */
+ if (request.realm_provider && request.realm_manager)
+ {
+ options = g_variant_new_array (G_VARIANT_TYPE ("{sv}"), NULL, 0);
+ goa_realm_provider_call_discover (request.realm_provider, realm, options,
+ request.cancellable, on_discover_realm,
+ &request);
+ g_free (realm);
+
+ goa_spinner_button_start (GOA_SPINNER_BUTTON (request.spinner_button));
+ g_main_loop_run (request.loop);
+ goa_spinner_button_stop (GOA_SPINNER_BUTTON (request.spinner_button));
+
+ if (request.error)
+ {
+ set_entry_validation_error (GTK_ENTRY (request.realm_entry), request.error);
+ g_clear_error (&request.error);
+ goto start_over;
+ }
+
+ /* The realm was updated by on_discover_realm */
+ clear_entry_validation_error (GTK_ENTRY (request.realm_entry));
+ realm = get_realm (&request);
+ }
+
username = gtk_entry_get_text (GTK_ENTRY (request.username));
g_free (principal);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
