Line |
Branch |
Exec |
Source |
1 |
|
|
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- |
2 |
|
|
* |
3 |
|
|
* Copyright 2009-2012 Red Hat, Inc. |
4 |
|
|
* |
5 |
|
|
* This program is free software; you can redistribute it and/or modify |
6 |
|
|
* it under the terms of the GNU General Public License as published by |
7 |
|
|
* the Free Software Foundation; either version 2 of the License, or |
8 |
|
|
* (at your option) any later version. |
9 |
|
|
* |
10 |
|
|
* This program is distributed in the hope that it will be useful, |
11 |
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 |
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 |
|
|
* GNU General Public License for more details. |
14 |
|
|
* |
15 |
|
|
* You should have received a copy of the GNU General Public License |
16 |
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>. |
17 |
|
|
* |
18 |
|
|
* Written by: Stef Walter <stefw@gnome.org> |
19 |
|
|
*/ |
20 |
|
|
|
21 |
|
|
#include "config.h" |
22 |
|
|
|
23 |
|
|
#include "cc-realm-manager.h" |
24 |
|
|
|
25 |
|
|
#include <krb5/krb5.h> |
26 |
|
|
|
27 |
|
|
#include <glib.h> |
28 |
|
|
#include <glib/gi18n.h> |
29 |
|
|
#include <glib/gstdio.h> |
30 |
|
|
|
31 |
|
|
#include <sys/types.h> |
32 |
|
|
#include <sys/stat.h> |
33 |
|
|
#include <errno.h> |
34 |
|
|
#include <fcntl.h> |
35 |
|
|
|
36 |
|
|
|
37 |
|
|
struct _CcRealmManager { |
38 |
|
|
CcRealmObjectManagerClient parent_instance; |
39 |
|
|
|
40 |
|
|
CcRealmProvider *provider; |
41 |
|
|
guint diagnostics_sig; |
42 |
|
|
}; |
43 |
|
|
|
44 |
|
|
enum { |
45 |
|
|
REALM_ADDED, |
46 |
|
|
NUM_SIGNALS, |
47 |
|
|
}; |
48 |
|
|
|
49 |
|
|
static gint signals[NUM_SIGNALS] = { 0, }; |
50 |
|
|
|
51 |
|
✗ |
G_DEFINE_TYPE (CcRealmManager, cc_realm_manager, CC_REALM_TYPE_OBJECT_MANAGER_CLIENT); |
52 |
|
|
|
53 |
|
|
GQuark |
54 |
|
✗ |
cc_realm_error_get_quark (void) |
55 |
|
|
{ |
56 |
|
|
static GQuark quark = 0; |
57 |
|
✗ |
if (quark == 0) |
58 |
|
✗ |
quark = g_quark_from_static_string ("cc-realm-error"); |
59 |
|
✗ |
return quark; |
60 |
|
|
} |
61 |
|
|
|
62 |
|
|
static gboolean |
63 |
|
✗ |
is_realm_with_kerberos_and_membership (gpointer object) |
64 |
|
|
{ |
65 |
|
✗ |
g_autoptr(GDBusInterface) kerberos_interface = NULL; |
66 |
|
✗ |
g_autoptr(GDBusInterface) kerberos_membership_interface = NULL; |
67 |
|
|
|
68 |
|
✗ |
if (!G_IS_DBUS_OBJECT (object)) |
69 |
|
✗ |
return FALSE; |
70 |
|
|
|
71 |
|
✗ |
kerberos_interface = g_dbus_object_get_interface (object, "org.freedesktop.realmd.Kerberos"); |
72 |
|
✗ |
if (kerberos_interface == NULL) |
73 |
|
✗ |
return FALSE; |
74 |
|
|
|
75 |
|
✗ |
kerberos_membership_interface = g_dbus_object_get_interface (object, "org.freedesktop.realmd.KerberosMembership"); |
76 |
|
✗ |
if (kerberos_membership_interface == NULL) |
77 |
|
✗ |
return FALSE; |
78 |
|
|
|
79 |
|
✗ |
return TRUE; |
80 |
|
|
} |
81 |
|
|
|
82 |
|
|
static void |
83 |
|
✗ |
on_interface_added (CcRealmManager *self, |
84 |
|
|
GDBusObject *object, |
85 |
|
|
GDBusInterface *interface) |
86 |
|
|
{ |
87 |
|
✗ |
g_dbus_proxy_set_default_timeout (G_DBUS_PROXY (interface), G_MAXINT); |
88 |
|
✗ |
} |
89 |
|
|
|
90 |
|
|
static void |
91 |
|
✗ |
on_object_added (CcRealmManager *self, |
92 |
|
|
GDBusObject *object) |
93 |
|
|
{ |
94 |
|
|
GList *interfaces, *l; |
95 |
|
|
|
96 |
|
✗ |
interfaces = g_dbus_object_get_interfaces (object); |
97 |
|
✗ |
for (l = interfaces; l != NULL; l = g_list_next (l)) |
98 |
|
✗ |
on_interface_added (self, object, l->data); |
99 |
|
✗ |
g_list_free_full (interfaces, g_object_unref); |
100 |
|
|
|
101 |
|
✗ |
if (is_realm_with_kerberos_and_membership (object)) { |
102 |
|
✗ |
g_debug ("Saw realm: %s", g_dbus_object_get_object_path (object)); |
103 |
|
✗ |
g_signal_emit (self, signals[REALM_ADDED], 0, object); |
104 |
|
|
} |
105 |
|
✗ |
} |
106 |
|
|
|
107 |
|
|
static void |
108 |
|
✗ |
cc_realm_manager_init (CcRealmManager *self) |
109 |
|
|
{ |
110 |
|
✗ |
g_signal_connect (self, "object-added", G_CALLBACK (on_object_added), NULL); |
111 |
|
✗ |
g_signal_connect (self, "interface-added", G_CALLBACK (on_interface_added), NULL); |
112 |
|
✗ |
} |
113 |
|
|
|
114 |
|
|
static void |
115 |
|
✗ |
cc_realm_manager_dispose (GObject *obj) |
116 |
|
|
{ |
117 |
|
✗ |
CcRealmManager *self = CC_REALM_MANAGER (obj); |
118 |
|
|
GDBusConnection *connection; |
119 |
|
|
|
120 |
|
✗ |
g_clear_object (&self->provider); |
121 |
|
|
|
122 |
|
✗ |
if (self->diagnostics_sig) { |
123 |
|
✗ |
connection = g_dbus_object_manager_client_get_connection (G_DBUS_OBJECT_MANAGER_CLIENT (self)); |
124 |
|
✗ |
if (connection != NULL) |
125 |
|
✗ |
g_dbus_connection_signal_unsubscribe (connection, self->diagnostics_sig); |
126 |
|
✗ |
self->diagnostics_sig = 0; |
127 |
|
|
} |
128 |
|
|
|
129 |
|
✗ |
G_OBJECT_CLASS (cc_realm_manager_parent_class)->dispose (obj); |
130 |
|
✗ |
} |
131 |
|
|
|
132 |
|
|
static void |
133 |
|
✗ |
cc_realm_manager_class_init (CcRealmManagerClass *klass) |
134 |
|
|
{ |
135 |
|
✗ |
GObjectClass *object_class = G_OBJECT_CLASS (klass); |
136 |
|
|
|
137 |
|
✗ |
object_class->dispose = cc_realm_manager_dispose; |
138 |
|
|
|
139 |
|
✗ |
signals[REALM_ADDED] = g_signal_new ("realm-added", CC_TYPE_REALM_MANAGER, |
140 |
|
|
G_SIGNAL_RUN_FIRST, 0, NULL, NULL, |
141 |
|
|
g_cclosure_marshal_generic, |
142 |
|
|
G_TYPE_NONE, 1, CC_REALM_TYPE_OBJECT); |
143 |
|
✗ |
} |
144 |
|
|
|
145 |
|
|
static void |
146 |
|
✗ |
on_realm_diagnostics (GDBusConnection *connection, |
147 |
|
|
const gchar *sender_name, |
148 |
|
|
const gchar *object_path, |
149 |
|
|
const gchar *interface_name, |
150 |
|
|
const gchar *signal_name, |
151 |
|
|
GVariant *parameters, |
152 |
|
|
gpointer user_data) |
153 |
|
|
{ |
154 |
|
|
const gchar *message; |
155 |
|
|
const gchar *unused; |
156 |
|
|
|
157 |
|
✗ |
if (g_variant_is_of_type (parameters, G_VARIANT_TYPE ("(ss)"))) { |
158 |
|
|
/* Data is already formatted appropriately for stderr */ |
159 |
|
✗ |
g_variant_get (parameters, "(&s&s)", &message, &unused); |
160 |
|
✗ |
g_printerr ("%s", message); |
161 |
|
|
} |
162 |
|
✗ |
} |
163 |
|
|
|
164 |
|
|
static void |
165 |
|
✗ |
on_provider_new (GObject *source, |
166 |
|
|
GAsyncResult *result, |
167 |
|
|
gpointer user_data) |
168 |
|
|
{ |
169 |
|
✗ |
g_autoptr(GTask) task = G_TASK (user_data); |
170 |
|
✗ |
CcRealmManager *manager = g_task_get_task_data (task); |
171 |
|
✗ |
GError *error = NULL; |
172 |
|
|
|
173 |
|
✗ |
manager->provider = cc_realm_provider_proxy_new_finish (result, &error); |
174 |
|
✗ |
if (error == NULL) { |
175 |
|
✗ |
g_dbus_proxy_set_default_timeout (G_DBUS_PROXY (manager->provider), -1); |
176 |
|
✗ |
g_debug ("Created realm manager"); |
177 |
|
✗ |
g_task_return_pointer (task, g_object_ref (manager), g_object_unref); |
178 |
|
|
} else { |
179 |
|
✗ |
g_task_return_error (task, error); |
180 |
|
|
} |
181 |
|
✗ |
} |
182 |
|
|
|
183 |
|
|
static void |
184 |
|
✗ |
on_manager_new (GObject *source, |
185 |
|
|
GAsyncResult *result, |
186 |
|
|
gpointer user_data) |
187 |
|
|
{ |
188 |
|
✗ |
g_autoptr(GTask) task = G_TASK (user_data); |
189 |
|
|
CcRealmManager *manager; |
190 |
|
|
GDBusConnection *connection; |
191 |
|
✗ |
GError *error = NULL; |
192 |
|
|
GObject *object; |
193 |
|
|
guint sig; |
194 |
|
|
|
195 |
|
✗ |
object = g_async_initable_new_finish (G_ASYNC_INITABLE (source), result, &error); |
196 |
|
✗ |
if (error == NULL) { |
197 |
|
✗ |
manager = CC_REALM_MANAGER (object); |
198 |
|
✗ |
connection = g_dbus_object_manager_client_get_connection (G_DBUS_OBJECT_MANAGER_CLIENT (object)); |
199 |
|
|
|
200 |
|
✗ |
g_debug ("Connected to realmd"); |
201 |
|
|
|
202 |
|
✗ |
sig = g_dbus_connection_signal_subscribe (connection, |
203 |
|
|
"org.freedesktop.realmd", |
204 |
|
|
"org.freedesktop.realmd.Service", |
205 |
|
|
"Diagnostics", |
206 |
|
|
NULL, |
207 |
|
|
NULL, |
208 |
|
|
G_DBUS_SIGNAL_FLAGS_NONE, |
209 |
|
|
on_realm_diagnostics, |
210 |
|
|
NULL, |
211 |
|
|
NULL); |
212 |
|
✗ |
manager->diagnostics_sig = sig; |
213 |
|
|
|
214 |
|
✗ |
g_task_set_task_data (task, manager, g_object_unref); |
215 |
|
|
|
216 |
|
✗ |
cc_realm_provider_proxy_new (connection, |
217 |
|
|
G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES, |
218 |
|
|
"org.freedesktop.realmd", |
219 |
|
|
"/org/freedesktop/realmd", |
220 |
|
|
g_task_get_cancellable (task), |
221 |
|
|
on_provider_new, task); |
222 |
|
✗ |
g_steal_pointer (&task); |
223 |
|
|
} else { |
224 |
|
✗ |
g_task_return_error (task, error); |
225 |
|
|
} |
226 |
|
✗ |
} |
227 |
|
|
|
228 |
|
|
void |
229 |
|
✗ |
cc_realm_manager_new (GCancellable *cancellable, |
230 |
|
|
GAsyncReadyCallback callback, |
231 |
|
|
gpointer user_data) |
232 |
|
|
{ |
233 |
|
|
GTask *task; |
234 |
|
|
|
235 |
|
✗ |
g_debug ("Connecting to realmd..."); |
236 |
|
|
|
237 |
|
✗ |
task = g_task_new (NULL, cancellable, callback, user_data); |
238 |
|
✗ |
g_task_set_source_tag (task, cc_realm_manager_new); |
239 |
|
|
|
240 |
|
✗ |
g_async_initable_new_async (CC_TYPE_REALM_MANAGER, G_PRIORITY_DEFAULT, |
241 |
|
|
cancellable, on_manager_new, task, |
242 |
|
|
"flags", G_DBUS_OBJECT_MANAGER_CLIENT_FLAGS_NONE, |
243 |
|
|
"name", "org.freedesktop.realmd", |
244 |
|
|
"bus-type", G_BUS_TYPE_SYSTEM, |
245 |
|
|
"object-path", "/org/freedesktop/realmd", |
246 |
|
|
"get-proxy-type-func", cc_realm_object_manager_client_get_proxy_type, |
247 |
|
|
NULL); |
248 |
|
✗ |
} |
249 |
|
|
|
250 |
|
|
CcRealmManager * |
251 |
|
✗ |
cc_realm_manager_new_finish (GAsyncResult *result, |
252 |
|
|
GError **error) |
253 |
|
|
{ |
254 |
|
✗ |
g_return_val_if_fail (g_task_is_valid (result, NULL), NULL); |
255 |
|
✗ |
g_return_val_if_fail (g_async_result_is_tagged (result, cc_realm_manager_new), NULL); |
256 |
|
|
|
257 |
|
✗ |
return g_task_propagate_pointer (G_TASK (result), error); |
258 |
|
|
} |
259 |
|
|
|
260 |
|
|
static void |
261 |
|
✗ |
realms_free (gpointer data) |
262 |
|
|
{ |
263 |
|
✗ |
g_list_free_full (data, g_object_unref); |
264 |
|
✗ |
} |
265 |
|
|
|
266 |
|
|
static void |
267 |
|
✗ |
on_provider_discover (GObject *source, |
268 |
|
|
GAsyncResult *result, |
269 |
|
|
gpointer user_data) |
270 |
|
|
{ |
271 |
|
✗ |
g_autoptr(GTask) task = G_TASK (user_data); |
272 |
|
✗ |
CcRealmManager *manager = g_task_get_source_object (task); |
273 |
|
✗ |
GError *error = NULL; |
274 |
|
✗ |
gboolean no_membership = FALSE; |
275 |
|
|
gchar **realms; |
276 |
|
|
gint relevance; |
277 |
|
|
gint i; |
278 |
|
✗ |
GList *kerberos_realms = NULL; |
279 |
|
|
|
280 |
|
✗ |
cc_realm_provider_call_discover_finish (CC_REALM_PROVIDER (source), &relevance, |
281 |
|
|
&realms, result, &error); |
282 |
|
✗ |
if (error == NULL) { |
283 |
|
✗ |
for (i = 0; realms[i]; i++) { |
284 |
|
✗ |
g_autoptr(GDBusObject) object = NULL; |
285 |
|
|
|
286 |
|
✗ |
object = g_dbus_object_manager_get_object (G_DBUS_OBJECT_MANAGER (manager), realms[i]); |
287 |
|
✗ |
if (object == NULL) { |
288 |
|
✗ |
g_warning ("Realm is not in object manager: %s", realms[i]); |
289 |
|
|
} else { |
290 |
|
✗ |
if (is_realm_with_kerberos_and_membership (object)) { |
291 |
|
✗ |
g_debug ("Discovered realm: %s", realms[i]); |
292 |
|
✗ |
kerberos_realms = g_list_prepend (kerberos_realms, g_steal_pointer (&object)); |
293 |
|
|
} else { |
294 |
|
✗ |
g_debug ("Realm does not support kerberos membership: %s", realms[i]); |
295 |
|
✗ |
no_membership = TRUE; |
296 |
|
|
} |
297 |
|
|
} |
298 |
|
|
} |
299 |
|
✗ |
g_strfreev (realms); |
300 |
|
|
|
301 |
|
✗ |
if (!kerberos_realms && no_membership) { |
302 |
|
✗ |
g_task_return_new_error (task, CC_REALM_ERROR, CC_REALM_ERROR_GENERIC, |
303 |
|
✗ |
_("Cannot automatically join this type of domain")); |
304 |
|
✗ |
} else if (!kerberos_realms) { |
305 |
|
✗ |
g_task_return_new_error (task, CC_REALM_ERROR, CC_REALM_ERROR_GENERIC, |
306 |
|
✗ |
_("No such domain or realm found")); |
307 |
|
|
} else { |
308 |
|
✗ |
kerberos_realms = g_list_reverse (kerberos_realms); |
309 |
|
✗ |
g_task_return_pointer (task, kerberos_realms, realms_free); |
310 |
|
|
} |
311 |
|
|
} else { |
312 |
|
✗ |
g_task_return_error (task, error); |
313 |
|
|
} |
314 |
|
✗ |
} |
315 |
|
|
|
316 |
|
|
void |
317 |
|
✗ |
cc_realm_manager_discover (CcRealmManager *self, |
318 |
|
|
const gchar *input, |
319 |
|
|
GCancellable *cancellable, |
320 |
|
|
GAsyncReadyCallback callback, |
321 |
|
|
gpointer user_data) |
322 |
|
|
{ |
323 |
|
|
GTask *task; |
324 |
|
|
GVariant *options; |
325 |
|
|
|
326 |
|
✗ |
g_return_if_fail (CC_IS_REALM_MANAGER (self)); |
327 |
|
✗ |
g_return_if_fail (input != NULL); |
328 |
|
✗ |
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); |
329 |
|
|
|
330 |
|
✗ |
g_debug ("Discovering realms for: %s", input); |
331 |
|
|
|
332 |
|
✗ |
task = g_task_new (G_OBJECT (self), cancellable, callback, user_data); |
333 |
|
✗ |
g_task_set_source_tag (task, cc_realm_manager_discover); |
334 |
|
|
|
335 |
|
✗ |
options = g_variant_new_array (G_VARIANT_TYPE ("{sv}"), NULL, 0); |
336 |
|
|
|
337 |
|
✗ |
cc_realm_provider_call_discover (self->provider, input, options, cancellable, |
338 |
|
|
on_provider_discover, task); |
339 |
|
|
} |
340 |
|
|
|
341 |
|
|
GList * |
342 |
|
✗ |
cc_realm_manager_discover_finish (CcRealmManager *self, |
343 |
|
|
GAsyncResult *result, |
344 |
|
|
GError **error) |
345 |
|
|
{ |
346 |
|
✗ |
g_return_val_if_fail (CC_IS_REALM_MANAGER (self), NULL); |
347 |
|
✗ |
g_return_val_if_fail (g_task_is_valid (result, G_OBJECT (self)), NULL); |
348 |
|
✗ |
g_return_val_if_fail (g_async_result_is_tagged (result, cc_realm_manager_discover), NULL); |
349 |
|
✗ |
g_return_val_if_fail (error == NULL || *error == NULL, NULL); |
350 |
|
|
|
351 |
|
✗ |
return g_task_propagate_pointer (G_TASK (result), error); |
352 |
|
|
} |
353 |
|
|
|
354 |
|
|
GList * |
355 |
|
✗ |
cc_realm_manager_get_realms (CcRealmManager *self) |
356 |
|
|
{ |
357 |
|
|
GList *objects; |
358 |
|
✗ |
GList *realms = NULL; |
359 |
|
|
GList *l; |
360 |
|
|
|
361 |
|
✗ |
g_return_val_if_fail (CC_IS_REALM_MANAGER (self), NULL); |
362 |
|
|
|
363 |
|
✗ |
objects = g_dbus_object_manager_get_objects (G_DBUS_OBJECT_MANAGER (self)); |
364 |
|
✗ |
for (l = objects; l != NULL; l = g_list_next (l)) { |
365 |
|
✗ |
if (is_realm_with_kerberos_and_membership (l->data)) |
366 |
|
✗ |
realms = g_list_prepend (realms, g_object_ref (l->data)); |
367 |
|
|
} |
368 |
|
|
|
369 |
|
✗ |
g_list_free_full (objects, g_object_unref); |
370 |
|
✗ |
return realms; |
371 |
|
|
} |
372 |
|
|
|
373 |
|
|
static void |
374 |
|
✗ |
string_replace (GString *string, |
375 |
|
|
const gchar *find, |
376 |
|
|
const gchar *replace) |
377 |
|
|
{ |
378 |
|
|
const gchar *at; |
379 |
|
|
gssize pos; |
380 |
|
|
|
381 |
|
✗ |
at = strstr (string->str, find); |
382 |
|
✗ |
if (at != NULL) { |
383 |
|
✗ |
pos = at - string->str; |
384 |
|
✗ |
g_string_erase (string, pos, strlen (find)); |
385 |
|
✗ |
g_string_insert (string, pos, replace); |
386 |
|
|
} |
387 |
|
✗ |
} |
388 |
|
|
|
389 |
|
|
gchar * |
390 |
|
✗ |
cc_realm_calculate_login (CcRealmCommon *realm, |
391 |
|
|
const gchar *username) |
392 |
|
|
{ |
393 |
|
|
const gchar *const *formats; |
394 |
|
|
|
395 |
|
✗ |
formats = cc_realm_common_get_login_formats (realm); |
396 |
|
✗ |
if (formats[0] != NULL) { |
397 |
|
✗ |
GString *string = g_string_new (formats[0]); |
398 |
|
✗ |
string_replace (string, "%U", username); |
399 |
|
✗ |
string_replace (string, "%D", cc_realm_common_get_name (realm)); |
400 |
|
✗ |
return g_string_free (string, FALSE); |
401 |
|
|
} |
402 |
|
|
|
403 |
|
✗ |
return NULL; |
404 |
|
|
} |
405 |
|
|
|
406 |
|
|
gboolean |
407 |
|
✗ |
cc_realm_is_configured (CcRealmObject *realm) |
408 |
|
|
{ |
409 |
|
✗ |
g_autoptr(CcRealmCommon) common = NULL; |
410 |
|
|
const gchar *configured; |
411 |
|
✗ |
gboolean is = FALSE; |
412 |
|
|
|
413 |
|
✗ |
common = cc_realm_object_get_common (realm); |
414 |
|
✗ |
if (common != NULL) { |
415 |
|
✗ |
configured = cc_realm_common_get_configured (common); |
416 |
|
✗ |
is = configured != NULL && !g_str_equal (configured, ""); |
417 |
|
|
} |
418 |
|
|
|
419 |
|
✗ |
return is; |
420 |
|
|
} |
421 |
|
|
|
422 |
|
|
static const gchar * |
423 |
|
✗ |
find_supported_credentials (CcRealmKerberosMembership *membership, |
424 |
|
|
const gchar *owner) |
425 |
|
|
{ |
426 |
|
|
const gchar *cred_owner; |
427 |
|
|
const gchar *cred_type; |
428 |
|
|
GVariant *supported; |
429 |
|
|
GVariantIter iter; |
430 |
|
|
|
431 |
|
✗ |
supported = cc_realm_kerberos_membership_get_supported_join_credentials (membership); |
432 |
|
✗ |
g_return_val_if_fail (supported != NULL, NULL); |
433 |
|
|
|
434 |
|
✗ |
g_variant_iter_init (&iter, supported); |
435 |
|
✗ |
while (g_variant_iter_loop (&iter, "(&s&s)", &cred_type, &cred_owner)) { |
436 |
|
✗ |
if (g_str_equal (owner, cred_owner)) { |
437 |
|
✗ |
if (g_str_equal (cred_type, "ccache") || |
438 |
|
✗ |
g_str_equal (cred_type, "password")) { |
439 |
|
✗ |
return g_intern_string (cred_type); |
440 |
|
|
} |
441 |
|
|
} |
442 |
|
|
} |
443 |
|
|
|
444 |
|
✗ |
return NULL; |
445 |
|
|
} |
446 |
|
|
|
447 |
|
|
static void |
448 |
|
✗ |
join_cb (GObject *source, |
449 |
|
|
GAsyncResult *result, |
450 |
|
|
gpointer user_data) |
451 |
|
|
{ |
452 |
|
✗ |
g_autoptr(GTask) task = G_TASK (user_data); |
453 |
|
✗ |
g_autoptr(GError) call_error = NULL; |
454 |
|
✗ |
g_autofree gchar *dbus_error = NULL; |
455 |
|
|
|
456 |
|
✗ |
if (cc_realm_kerberos_membership_call_join_finish (CC_REALM_KERBEROS_MEMBERSHIP (source), result, &call_error)) { |
457 |
|
✗ |
g_debug ("Completed Join() method call"); |
458 |
|
|
|
459 |
|
✗ |
g_task_return_boolean (task, TRUE); |
460 |
|
✗ |
return; |
461 |
|
|
} |
462 |
|
|
|
463 |
|
✗ |
dbus_error = g_dbus_error_get_remote_error (call_error); |
464 |
|
✗ |
if (dbus_error == NULL) { |
465 |
|
✗ |
g_debug ("Join() failed because of %s", call_error->message); |
466 |
|
✗ |
g_task_return_error (task, g_steal_pointer (&call_error)); |
467 |
|
✗ |
return; |
468 |
|
|
} |
469 |
|
|
|
470 |
|
✗ |
g_dbus_error_strip_remote_error (call_error); |
471 |
|
|
|
472 |
|
✗ |
if (g_str_equal (dbus_error, "org.freedesktop.realmd.Error.AuthenticationFailed")) { |
473 |
|
✗ |
g_debug ("Join() failed because of invalid/insufficient credentials"); |
474 |
|
✗ |
g_task_return_new_error (task, CC_REALM_ERROR, CC_REALM_ERROR_BAD_LOGIN, "%s", call_error->message); |
475 |
|
✗ |
} else if (g_str_equal (dbus_error, "org.freedesktop.realmd.Error.BadHostname")) { |
476 |
|
✗ |
g_debug ("Join() failed because of invalid/conflicting host name"); |
477 |
|
✗ |
g_task_return_new_error (task, CC_REALM_ERROR, CC_REALM_ERROR_BAD_HOSTNAME, "%s", call_error->message); |
478 |
|
|
} else { |
479 |
|
✗ |
g_debug ("Join() failed because of %s", call_error->message); |
480 |
|
✗ |
g_task_return_error (task, g_steal_pointer (&call_error)); |
481 |
|
|
} |
482 |
|
|
} |
483 |
|
|
|
484 |
|
|
static gboolean |
485 |
|
✗ |
realm_join_as_owner (CcRealmObject *realm, |
486 |
|
|
const gchar *owner, |
487 |
|
|
const gchar *login, |
488 |
|
|
const gchar *password, |
489 |
|
|
GBytes *credentials, |
490 |
|
|
GCancellable *cancellable, |
491 |
|
|
GAsyncReadyCallback callback, |
492 |
|
|
gpointer user_data) |
493 |
|
|
{ |
494 |
|
✗ |
g_autoptr(CcRealmKerberosMembership) membership = NULL; |
495 |
|
|
GVariant *contents; |
496 |
|
|
GVariant *options; |
497 |
|
|
GVariant *option; |
498 |
|
|
GVariant *creds; |
499 |
|
|
const gchar *type; |
500 |
|
|
GTask *task; |
501 |
|
|
|
502 |
|
✗ |
membership = cc_realm_object_get_kerberos_membership (realm); |
503 |
|
✗ |
g_return_val_if_fail (membership != NULL, FALSE); |
504 |
|
|
|
505 |
|
✗ |
type = find_supported_credentials (membership, owner); |
506 |
|
✗ |
if (type == NULL) { |
507 |
|
✗ |
g_debug ("Couldn't find supported credential type for owner: %s", owner); |
508 |
|
✗ |
return FALSE; |
509 |
|
|
} |
510 |
|
|
|
511 |
|
✗ |
if (g_str_equal (type, "ccache")) { |
512 |
|
✗ |
g_debug ("Using a kerberos credential cache to join the realm"); |
513 |
|
✗ |
contents = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), |
514 |
|
|
g_bytes_get_data (credentials, NULL), |
515 |
|
|
g_bytes_get_size (credentials), |
516 |
|
|
TRUE, (GDestroyNotify)g_bytes_unref, credentials); |
517 |
|
|
|
518 |
|
✗ |
} else if (g_str_equal (type, "password")) { |
519 |
|
✗ |
g_debug ("Using a user/password to join the realm"); |
520 |
|
✗ |
contents = g_variant_new ("(ss)", login, password); |
521 |
|
|
|
522 |
|
|
} else { |
523 |
|
✗ |
g_assert_not_reached (); |
524 |
|
|
} |
525 |
|
|
|
526 |
|
✗ |
creds = g_variant_new ("(ssv)", type, owner, contents); |
527 |
|
✗ |
option = g_variant_new ("{sv}", "manage-system", g_variant_new_boolean (FALSE)); |
528 |
|
✗ |
options = g_variant_new_array (G_VARIANT_TYPE ("{sv}"), &option, 1); |
529 |
|
|
|
530 |
|
✗ |
g_debug ("Calling the Join() method with %s credentials", owner); |
531 |
|
|
|
532 |
|
✗ |
task = g_task_new (realm, cancellable, callback, user_data); |
533 |
|
✗ |
cc_realm_kerberos_membership_call_join (membership, creds, options, |
534 |
|
|
cancellable, join_cb, task); |
535 |
|
|
|
536 |
|
✗ |
return TRUE; |
537 |
|
|
} |
538 |
|
|
|
539 |
|
|
gboolean |
540 |
|
✗ |
cc_realm_join_as_user (CcRealmObject *realm, |
541 |
|
|
const gchar *login, |
542 |
|
|
const gchar *password, |
543 |
|
|
GBytes *credentials, |
544 |
|
|
GCancellable *cancellable, |
545 |
|
|
GAsyncReadyCallback callback, |
546 |
|
|
gpointer user_data) |
547 |
|
|
{ |
548 |
|
✗ |
g_return_val_if_fail (CC_REALM_IS_OBJECT (realm), FALSE); |
549 |
|
✗ |
g_return_val_if_fail (credentials != NULL, FALSE); |
550 |
|
✗ |
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); |
551 |
|
✗ |
g_return_val_if_fail (login != NULL, FALSE); |
552 |
|
✗ |
g_return_val_if_fail (password != NULL, FALSE); |
553 |
|
✗ |
g_return_val_if_fail (credentials != NULL, FALSE); |
554 |
|
|
|
555 |
|
✗ |
return realm_join_as_owner (realm, "user", login, password, |
556 |
|
|
credentials, cancellable, callback, user_data); |
557 |
|
|
} |
558 |
|
|
|
559 |
|
|
gboolean |
560 |
|
✗ |
cc_realm_join_as_admin (CcRealmObject *realm, |
561 |
|
|
const gchar *login, |
562 |
|
|
const gchar *password, |
563 |
|
|
GBytes *credentials, |
564 |
|
|
GCancellable *cancellable, |
565 |
|
|
GAsyncReadyCallback callback, |
566 |
|
|
gpointer user_data) |
567 |
|
|
{ |
568 |
|
✗ |
g_return_val_if_fail (CC_REALM_IS_OBJECT (realm), FALSE); |
569 |
|
✗ |
g_return_val_if_fail (credentials != NULL, FALSE); |
570 |
|
✗ |
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); |
571 |
|
✗ |
g_return_val_if_fail (login != NULL, FALSE); |
572 |
|
✗ |
g_return_val_if_fail (password != NULL, FALSE); |
573 |
|
✗ |
g_return_val_if_fail (credentials != NULL, FALSE); |
574 |
|
|
|
575 |
|
✗ |
return realm_join_as_owner (realm, "administrator", login, password, credentials, |
576 |
|
|
cancellable, callback, user_data); |
577 |
|
|
} |
578 |
|
|
|
579 |
|
|
gboolean |
580 |
|
✗ |
cc_realm_join_finish (CcRealmObject *realm, |
581 |
|
|
GAsyncResult *result, |
582 |
|
|
GError **error) |
583 |
|
|
{ |
584 |
|
✗ |
g_return_val_if_fail (CC_REALM_IS_OBJECT (realm), FALSE); |
585 |
|
✗ |
g_return_val_if_fail (error == NULL || *error == NULL, FALSE); |
586 |
|
|
|
587 |
|
✗ |
return g_task_propagate_boolean (G_TASK (result), error); |
588 |
|
|
} |
589 |
|
|
|
590 |
|
|
typedef struct { |
591 |
|
|
gchar *domain; |
592 |
|
|
gchar *realm; |
593 |
|
|
gchar *user; |
594 |
|
|
gchar *password; |
595 |
|
|
} LoginClosure; |
596 |
|
|
|
597 |
|
|
static void |
598 |
|
✗ |
login_closure_free (gpointer data) |
599 |
|
|
{ |
600 |
|
✗ |
LoginClosure *login = data; |
601 |
|
✗ |
g_clear_pointer (&login->domain, g_free); |
602 |
|
✗ |
g_clear_pointer (&login->realm, g_free); |
603 |
|
✗ |
g_clear_pointer (&login->user, g_free); |
604 |
|
✗ |
g_clear_pointer (&login->password, g_free); |
605 |
|
✗ |
g_slice_free (LoginClosure, login); |
606 |
|
✗ |
} |
607 |
|
|
|
608 |
|
|
static krb5_error_code |
609 |
|
✗ |
login_perform_kinit (krb5_context k5, |
610 |
|
|
const gchar *realm, |
611 |
|
|
const gchar *login, |
612 |
|
|
const gchar *password, |
613 |
|
|
const gchar *filename) |
614 |
|
|
{ |
615 |
|
|
krb5_get_init_creds_opt *opts; |
616 |
|
|
krb5_error_code code; |
617 |
|
|
krb5_principal principal; |
618 |
|
|
krb5_ccache ccache; |
619 |
|
|
krb5_creds creds; |
620 |
|
✗ |
g_autofree gchar *name = NULL; |
621 |
|
|
|
622 |
|
✗ |
name = g_strdup_printf ("%s@%s", login, realm); |
623 |
|
✗ |
code = krb5_parse_name (k5, name, &principal); |
624 |
|
|
|
625 |
|
✗ |
if (code != 0) { |
626 |
|
✗ |
g_debug ("Couldn't parse principal name: %s: %s", |
627 |
|
|
name, krb5_get_error_message (k5, code)); |
628 |
|
✗ |
return code; |
629 |
|
|
} |
630 |
|
|
|
631 |
|
✗ |
g_debug ("Using principal name to kinit: %s", name); |
632 |
|
|
|
633 |
|
✗ |
if (filename == NULL) |
634 |
|
✗ |
code = krb5_cc_default (k5, &ccache); |
635 |
|
|
else |
636 |
|
✗ |
code = krb5_cc_resolve (k5, filename, &ccache); |
637 |
|
|
|
638 |
|
✗ |
if (code != 0) { |
639 |
|
✗ |
krb5_free_principal (k5, principal); |
640 |
|
✗ |
g_debug ("Couldn't open credential cache: %s: %s", |
641 |
|
|
filename ? filename : "<default>", |
642 |
|
|
krb5_get_error_message (k5, code)); |
643 |
|
✗ |
return code; |
644 |
|
|
} |
645 |
|
|
|
646 |
|
✗ |
code = krb5_get_init_creds_opt_alloc (k5, &opts); |
647 |
|
✗ |
g_return_val_if_fail (code == 0, code); |
648 |
|
|
|
649 |
|
✗ |
code = krb5_get_init_creds_opt_set_out_ccache (k5, opts, ccache); |
650 |
|
✗ |
g_return_val_if_fail (code == 0, code); |
651 |
|
|
|
652 |
|
✗ |
code = krb5_get_init_creds_password (k5, &creds, principal, |
653 |
|
|
(char *)password, |
654 |
|
|
NULL, 0, 0, NULL, opts); |
655 |
|
|
|
656 |
|
✗ |
krb5_get_init_creds_opt_free (k5, opts); |
657 |
|
✗ |
krb5_cc_close (k5, ccache); |
658 |
|
✗ |
krb5_free_principal (k5, principal); |
659 |
|
|
|
660 |
|
✗ |
if (code == 0) { |
661 |
|
✗ |
g_debug ("kinit succeeded"); |
662 |
|
✗ |
krb5_free_cred_contents (k5, &creds); |
663 |
|
|
} else { |
664 |
|
✗ |
g_debug ("kinit failed: %s", krb5_get_error_message (k5, code)); |
665 |
|
|
} |
666 |
|
|
|
667 |
|
✗ |
return code; |
668 |
|
|
} |
669 |
|
|
|
670 |
|
|
static void |
671 |
|
✗ |
kinit_thread_func (GTask *t, |
672 |
|
|
gpointer object, |
673 |
|
|
gpointer task_data, |
674 |
|
|
GCancellable *cancellable) |
675 |
|
|
{ |
676 |
|
✗ |
g_autoptr(GTask) task = t; |
677 |
|
✗ |
LoginClosure *login = task_data; |
678 |
|
✗ |
krb5_context k5 = NULL; |
679 |
|
|
krb5_error_code code; |
680 |
|
✗ |
g_autofree gchar *filename = NULL; |
681 |
|
|
gchar *contents; |
682 |
|
|
gsize length; |
683 |
|
|
gint temp_fd; |
684 |
|
|
|
685 |
|
✗ |
filename = g_build_filename (g_get_user_runtime_dir (), |
686 |
|
|
"um-krb5-creds.XXXXXX", NULL); |
687 |
|
✗ |
temp_fd = g_mkstemp_full (filename, O_RDWR, S_IRUSR | S_IWUSR); |
688 |
|
✗ |
if (temp_fd == -1) { |
689 |
|
✗ |
g_warning ("Couldn't create credential cache file: %s: %s", |
690 |
|
|
filename, g_strerror (errno)); |
691 |
|
✗ |
g_clear_pointer (&filename, g_free); |
692 |
|
|
} else { |
693 |
|
✗ |
close (temp_fd); |
694 |
|
|
} |
695 |
|
|
|
696 |
|
✗ |
code = krb5_init_context (&k5); |
697 |
|
✗ |
if (code == 0) { |
698 |
|
✗ |
code = login_perform_kinit (k5, login->realm, login->user, |
699 |
|
✗ |
login->password, filename); |
700 |
|
|
} |
701 |
|
|
|
702 |
|
✗ |
switch (code) { |
703 |
|
✗ |
case 0: |
704 |
|
✗ |
if (filename != NULL) { |
705 |
|
✗ |
g_autoptr(GError) error = NULL; |
706 |
|
|
|
707 |
|
✗ |
if (g_file_get_contents (filename, &contents, &length, &error)) { |
708 |
|
✗ |
g_debug ("Read in credential cache: %s", filename); |
709 |
|
|
} else { |
710 |
|
✗ |
g_warning ("Couldn't read credential cache: %s: %s", |
711 |
|
|
filename, error->message); |
712 |
|
|
} |
713 |
|
|
|
714 |
|
✗ |
g_task_return_pointer (task, g_bytes_new_take (contents, length), (GDestroyNotify) g_bytes_unref); |
715 |
|
|
} |
716 |
|
✗ |
break; |
717 |
|
|
|
718 |
|
✗ |
case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: |
719 |
|
|
case KRB5KDC_ERR_POLICY: |
720 |
|
✗ |
g_task_return_new_error (task, CC_REALM_ERROR, CC_REALM_ERROR_BAD_LOGIN, |
721 |
|
✗ |
_("Cannot log in as %s at the %s domain"), |
722 |
|
|
login->user, login->domain); |
723 |
|
✗ |
break; |
724 |
|
✗ |
case KRB5KDC_ERR_PREAUTH_FAILED: |
725 |
|
|
case KRB5KRB_AP_ERR_BAD_INTEGRITY: |
726 |
|
✗ |
g_task_return_new_error (task, CC_REALM_ERROR, CC_REALM_ERROR_BAD_PASSWORD, |
727 |
|
✗ |
_("Invalid password, please try again")); |
728 |
|
✗ |
break; |
729 |
|
✗ |
case KRB5_PREAUTH_FAILED: |
730 |
|
|
case KRB5KDC_ERR_KEY_EXP: |
731 |
|
|
case KRB5KDC_ERR_CLIENT_REVOKED: |
732 |
|
|
case KRB5KDC_ERR_ETYPE_NOSUPP: |
733 |
|
|
case KRB5_PROG_ETYPE_NOSUPP: |
734 |
|
✗ |
g_task_return_new_error (task, CC_REALM_ERROR, CC_REALM_ERROR_CANNOT_AUTH, |
735 |
|
✗ |
_("Cannot log in as %s at the %s domain"), |
736 |
|
|
login->user, login->domain); |
737 |
|
✗ |
break; |
738 |
|
✗ |
default: |
739 |
|
✗ |
g_task_return_new_error (task, CC_REALM_ERROR, CC_REALM_ERROR_GENERIC, |
740 |
|
✗ |
_("Couldn’t connect to the %s domain: %s"), |
741 |
|
|
login->domain, krb5_get_error_message (k5, code)); |
742 |
|
✗ |
break; |
743 |
|
|
} |
744 |
|
|
|
745 |
|
✗ |
if (filename) { |
746 |
|
✗ |
g_unlink (filename); |
747 |
|
✗ |
g_debug ("Deleted credential cache: %s", filename); |
748 |
|
|
} |
749 |
|
|
|
750 |
|
✗ |
if (k5) |
751 |
|
✗ |
krb5_free_context (k5); |
752 |
|
✗ |
} |
753 |
|
|
|
754 |
|
|
void |
755 |
|
✗ |
cc_realm_login (CcRealmObject *realm, |
756 |
|
|
const gchar *user, |
757 |
|
|
const gchar *password, |
758 |
|
|
GCancellable *cancellable, |
759 |
|
|
GAsyncReadyCallback callback, |
760 |
|
|
gpointer user_data) |
761 |
|
|
{ |
762 |
|
|
GTask *task; |
763 |
|
|
LoginClosure *login; |
764 |
|
✗ |
g_autoptr(CcRealmKerberos) kerberos = NULL; |
765 |
|
|
|
766 |
|
✗ |
g_return_if_fail (CC_REALM_IS_OBJECT (realm)); |
767 |
|
✗ |
g_return_if_fail (user != NULL); |
768 |
|
✗ |
g_return_if_fail (password != NULL); |
769 |
|
✗ |
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); |
770 |
|
|
|
771 |
|
✗ |
kerberos = cc_realm_object_get_kerberos (realm); |
772 |
|
✗ |
g_return_if_fail (kerberos != NULL); |
773 |
|
|
|
774 |
|
✗ |
task = g_task_new (NULL, cancellable, callback, user_data); |
775 |
|
✗ |
g_task_set_source_tag (task, cc_realm_login); |
776 |
|
|
|
777 |
|
✗ |
login = g_slice_new0 (LoginClosure); |
778 |
|
✗ |
login->domain = g_strdup (cc_realm_kerberos_get_domain_name (kerberos)); |
779 |
|
✗ |
login->realm = g_strdup (cc_realm_kerberos_get_realm_name (kerberos)); |
780 |
|
✗ |
login->user = g_strdup (user); |
781 |
|
✗ |
login->password = g_strdup (password); |
782 |
|
✗ |
g_task_set_task_data (task, login, login_closure_free); |
783 |
|
|
|
784 |
|
✗ |
g_task_set_return_on_cancel (task, TRUE); |
785 |
|
✗ |
g_task_run_in_thread (task, kinit_thread_func); |
786 |
|
|
} |
787 |
|
|
|
788 |
|
|
GBytes * |
789 |
|
✗ |
cc_realm_login_finish (GAsyncResult *result, |
790 |
|
|
GError **error) |
791 |
|
|
{ |
792 |
|
✗ |
g_return_val_if_fail (g_task_is_valid (result, NULL), FALSE); |
793 |
|
✗ |
g_return_val_if_fail (g_async_result_is_tagged (result, cc_realm_login), FALSE); |
794 |
|
✗ |
g_return_val_if_fail (error == NULL || *error == NULL, FALSE); |
795 |
|
|
|
796 |
|
✗ |
return g_task_propagate_pointer (G_TASK (result), error); |
797 |
|
|
} |
798 |
|
|
|