From 0967885ecbbb61392b6454defe8ef06f1fa37461 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 22 Aug 2012 18:58:53 +0200 Subject: [PATCH 1/3] Separate enrollment functionality into RealmKerberosMembership interface * And use presence of that interface in RealmKerberos to behave correctly in the absence of enrollment functionality --- service/Makefile.am | 1 + service/realm-kerberos-membership.c | 89 ++++++++++++++++++++ service/realm-kerberos-membership.h | 117 +++++++++++++++++++++++++++ service/realm-kerberos.c | 156 ++++++++++++------------------------ service/realm-kerberos.h | 73 ----------------- service/realm-samba.c | 40 +++++++-- service/realm-sssd-ad.c | 32 +++++--- service/realm-sssd-ipa.c | 68 ---------------- 8 files changed, 312 insertions(+), 264 deletions(-) create mode 100644 service/realm-kerberos-membership.c create mode 100644 service/realm-kerberos-membership.h diff --git a/service/Makefile.am b/service/Makefile.am index 128d7ce..750ebfa 100644 --- a/service/Makefile.am +++ b/service/Makefile.am @@ -28,6 +28,7 @@ realmd_SOURCES = \ realm-ipa-discover.c realm-ipa-discover.h \ realm-kerberos.c realm-kerberos.h \ realm-kerberos-discover.c realm-kerberos-discover.h \ + realm-kerberos-membership.c realm-kerberos-membership.h \ realm-login-name.c realm-login-name.h \ realm-network.c realm-network.h \ realm-packages.c realm-packages.h \ diff --git a/service/realm-kerberos-membership.c b/service/realm-kerberos-membership.c new file mode 100644 index 0000000..c085f59 --- /dev/null +++ b/service/realm-kerberos-membership.c @@ -0,0 +1,89 @@ +/* realmd -- Realm configuration service + * + * Copyright 2012 Red Hat Inc + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published + * by the Free Software Foundation; either version 2 of the licence or (at + * your option) any later version. + * + * See the included COPYING file for more information. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "realm-kerberos-membership.h" + +typedef RealmKerberosMembershipIface RealmKerberosMembershipInterface; +G_DEFINE_INTERFACE (RealmKerberosMembership, realm_kerberos_membership, 0); + +static void +realm_kerberos_membership_default_init (RealmKerberosMembershipIface *iface) +{ + +} + +GVariant * +realm_kerberos_membership_build_supported (RealmKerberosCredential cred_type, + RealmKerberosFlags cred_owner, + ...) +{ + GPtrArray *elements; + GVariant *tuple[2]; + const gchar *string; + GVariant *supported; + va_list va; + + va_start (va, cred_owner); + elements = g_ptr_array_new (); + + while (cred_type != 0) { + if (cred_owner & REALM_KERBEROS_CREDENTIAL_ADMIN) + string = "administrator"; + else if (cred_owner & REALM_KERBEROS_CREDENTIAL_USER) + string = "user"; + else if (cred_owner & REALM_KERBEROS_CREDENTIAL_COMPUTER) + string = "computer"; + else if (cred_owner & REALM_KERBEROS_CREDENTIAL_SECRET) + string = "secret"; + else + g_assert_not_reached (); + + tuple[1] = g_variant_new_string (string); + + switch (cred_type) { + case REALM_KERBEROS_CREDENTIAL_CCACHE: + string = "ccache"; + break; + case REALM_KERBEROS_CREDENTIAL_PASSWORD: + string = "password"; + break; + case REALM_KERBEROS_CREDENTIAL_AUTOMATIC: + string = "automatic"; + break; + default: + g_assert_not_reached (); + break; + } + + tuple[0] = g_variant_new_string (string); + + g_ptr_array_add (elements, g_variant_new_tuple (tuple, 2)); + + cred_type = va_arg (va, RealmKerberosCredential); + if (cred_type != 0) + cred_owner = va_arg (va, RealmKerberosFlags); + } + + va_end (va); + + supported = g_variant_new_array (G_VARIANT_TYPE ("(ss)"), + (GVariant *const *)elements->pdata, + elements->len); + + g_ptr_array_free (elements, TRUE); + g_variant_ref_sink (supported); + return supported; +} diff --git a/service/realm-kerberos-membership.h b/service/realm-kerberos-membership.h new file mode 100644 index 0000000..8605b30 --- /dev/null +++ b/service/realm-kerberos-membership.h @@ -0,0 +1,117 @@ +/* realmd -- Realm configuration service + * + * Copyright 2012 Red Hat Inc + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published + * by the Free Software Foundation; either version 2 of the licence or (at + * your option) any later version. + * + * See the included COPYING file for more information. + * + * Author: Stef Walter + */ + +#include "config.h" + +#ifndef __REALM_KERBEROS_MEMBERSHIP_H__ +#define __REALM_KERBEROS_MEMBERSHIP_H__ + +#include + +#include + +#include "realm-dbus-generated.h" + +G_BEGIN_DECLS + +typedef enum { + REALM_KERBEROS_CREDENTIAL_ADMIN = 1 << 1, + REALM_KERBEROS_CREDENTIAL_USER = 1 << 2, + REALM_KERBEROS_CREDENTIAL_COMPUTER = 1 << 3, + REALM_KERBEROS_CREDENTIAL_SECRET = 1 << 4, +} RealmKerberosFlags; + +typedef enum { + REALM_KERBEROS_CREDENTIAL_CCACHE = 1, + REALM_KERBEROS_CREDENTIAL_PASSWORD, + REALM_KERBEROS_CREDENTIAL_AUTOMATIC, +} RealmKerberosCredential; + +#define REALM_TYPE_KERBEROS_MEMBERSHIP (realm_kerberos_membership_get_type ()) +#define REALM_KERBEROS_MEMBERSHIP(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), REALM_TYPE_KERBEROS_MEMBERSHIP, RealmKerberosMembership)) +#define REALM_IS_KERBEROS_MEMBERSHIP(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), REALM_TYPE_KERBEROS_MEMBERSHIP)) +#define REALM_KERBEROS_MEMBERSHIP_GET_IFACE(inst) (G_TYPE_INSTANCE_GET_INTERFACE ((inst), REALM_TYPE_KERBEROS_MEMBERSHIP, RealmKerberosMembershipIface)) + +typedef struct _RealmKerberosMembership RealmKerberosMembership; +typedef struct _RealmKerberosMembershipIface RealmKerberosMembershipIface; + +struct _RealmKerberosMembershipIface { + GTypeInterface parent_iface; + + void (* enroll_password_async) (RealmKerberosMembership *realm, + const char *name, + const char *password, + RealmKerberosFlags flags, + GVariant *options, + GDBusMethodInvocation *invocation, + GAsyncReadyCallback callback, + gpointer user_data); + + void (* enroll_ccache_async) (RealmKerberosMembership *realm, + GBytes *ccache, + RealmKerberosFlags flags, + GVariant *options, + GDBusMethodInvocation *invocation, + GAsyncReadyCallback callback, + gpointer user_data); + + void (* enroll_automatic_async) (RealmKerberosMembership *realm, + RealmKerberosFlags flags, + GVariant *options, + GDBusMethodInvocation *invocation, + GAsyncReadyCallback callback, + gpointer user_data); + + gboolean (* enroll_finish) (RealmKerberosMembership *realm, + GAsyncResult *result, + GError **error); + + void (* unenroll_password_async) (RealmKerberosMembership *realm, + const char *name, + const char *password, + RealmKerberosFlags flags, + GVariant *options, + GDBusMethodInvocation *invocation, + GAsyncReadyCallback callback, + gpointer user_data); + + void (* unenroll_ccache_async) (RealmKerberosMembership *realm, + GBytes *ccache, + RealmKerberosFlags flags, + GVariant *options, + GDBusMethodInvocation *invocation, + GAsyncReadyCallback callback, + gpointer user_data); + + void (* unenroll_automatic_async) (RealmKerberosMembership *realm, + RealmKerberosFlags flags, + GVariant *options, + GDBusMethodInvocation *invocation, + GAsyncReadyCallback callback, + gpointer user_data); + + gboolean (* unenroll_finish) (RealmKerberosMembership *realm, + GAsyncResult *result, + GError **error); +}; + +GType realm_kerberos_membership_get_type (void) G_GNUC_CONST; + +GVariant * realm_kerberos_membership_build_supported (RealmKerberosCredential cred_type, + RealmKerberosFlags cred_owner, + ...); + +G_END_DECLS + +#endif /* __REALM_KERBEROS_MEMBERSHIP_H__ */ diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c index 8d949c5..59801bb 100644 --- a/service/realm-kerberos.c +++ b/service/realm-kerberos.c @@ -22,6 +22,7 @@ #include "realm-diagnostics.h" #include "realm-errors.h" #include "realm-kerberos.h" +#include "realm-kerberos-membership.h" #include "realm-login-name.h" #include "realm-settings.h" @@ -101,13 +102,13 @@ on_enroll_complete (GObject *source, gpointer user_data) { MethodClosure *closure = user_data; - RealmKerberosClass *klass; + RealmKerberosMembershipIface *iface; GError *error = NULL; - klass = REALM_KERBEROS_GET_CLASS (closure->self); - g_return_if_fail (klass->unenroll_finish != NULL); + iface = REALM_KERBEROS_MEMBERSHIP_GET_IFACE (closure->self); + g_return_if_fail (iface->unenroll_finish != NULL); - (klass->enroll_finish) (closure->self, result, &error); + (iface->enroll_finish) (REALM_KERBEROS_MEMBERSHIP (closure->self), result, &error); enroll_method_reply (closure->invocation, error); g_clear_error (&error); @@ -141,13 +142,13 @@ on_unenroll_complete (GObject *source, gpointer user_data) { MethodClosure *closure = user_data; - RealmKerberosClass *klass; + RealmKerberosMembershipIface *iface; GError *error = NULL; - klass = REALM_KERBEROS_GET_CLASS (closure->self); - g_return_if_fail (klass->unenroll_finish != NULL); + iface = REALM_KERBEROS_MEMBERSHIP_GET_IFACE (closure->self); + g_return_if_fail (iface->unenroll_finish != NULL); - (klass->unenroll_finish) (closure->self, result, &error); + (iface->unenroll_finish) (REALM_KERBEROS_MEMBERSHIP (closure->self), result, &error); unenroll_method_reply (closure->invocation, error); g_clear_error (&error); @@ -162,13 +163,13 @@ enroll_or_unenroll_with_ccache (RealmKerberos *self, GVariant *ccache, gboolean enroll) { - RealmKerberosClass *klass = REALM_KERBEROS_GET_CLASS (self); + RealmKerberosMembershipIface *iface = REALM_KERBEROS_MEMBERSHIP_GET_IFACE (self); const guchar *data; GBytes *bytes; gsize length; - if ((enroll && klass->enroll_ccache_async == NULL) || - (!enroll && klass->unenroll_ccache_async == NULL)) { + if ((enroll && iface && iface->enroll_ccache_async == NULL) || + (!enroll && iface && iface->unenroll_ccache_async == NULL)) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_NOT_SUPPORTED, enroll ? _("Enrolling this realm using a credential cache is not supported") : @@ -194,12 +195,12 @@ enroll_or_unenroll_with_ccache (RealmKerberos *self, g_variant_ref (ccache)); if (enroll) { - g_return_if_fail (klass->enroll_finish != NULL); - (klass->enroll_ccache_async) (self, bytes, flags, options, invocation, + g_return_if_fail (iface->enroll_finish != NULL); + (iface->enroll_ccache_async) (REALM_KERBEROS_MEMBERSHIP (self), bytes, flags, options, invocation, on_enroll_complete, method_closure_new (self, invocation)); } else { - g_return_if_fail (klass->unenroll_finish != NULL); - (klass->unenroll_ccache_async) (self, bytes, flags, options, invocation, + g_return_if_fail (iface->unenroll_finish != NULL); + (iface->unenroll_ccache_async) (REALM_KERBEROS_MEMBERSHIP (self), bytes, flags, options, invocation, on_unenroll_complete, method_closure_new (self, invocation)); } @@ -215,9 +216,9 @@ enroll_or_unenroll_with_password (RealmKerberos *self, const gchar *password, gboolean enroll) { - RealmKerberosClass *klass = REALM_KERBEROS_GET_CLASS (self); + RealmKerberosMembershipIface *iface = REALM_KERBEROS_MEMBERSHIP_GET_IFACE (self); - if (enroll && klass->enroll_password_async == NULL) { + if (enroll && iface && iface->enroll_password_async == NULL) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_NOT_SUPPORTED, enroll ? _("Enrolling this realm using a password is not supported") : @@ -233,13 +234,13 @@ enroll_or_unenroll_with_password (RealmKerberos *self, if (enroll) { - g_return_if_fail (klass->enroll_finish != NULL); - (klass->enroll_password_async) (self, name, password, flags, options, invocation, + g_return_if_fail (iface->enroll_finish != NULL); + (iface->enroll_password_async) (REALM_KERBEROS_MEMBERSHIP (self), name, password, flags, options, invocation, on_enroll_complete, method_closure_new (self, invocation)); } else { - g_return_if_fail (klass->unenroll_finish != NULL); - (klass->unenroll_password_async) (self, name, password, flags, options, invocation, + g_return_if_fail (iface->unenroll_finish != NULL); + (iface->unenroll_password_async) (REALM_KERBEROS_MEMBERSHIP (self), name, password, flags, options, invocation, on_unenroll_complete, method_closure_new (self, invocation)); } } @@ -251,10 +252,10 @@ enroll_or_unenroll_with_automatic (RealmKerberos *self, GDBusMethodInvocation *invocation, gboolean enroll) { - RealmKerberosClass *klass = REALM_KERBEROS_GET_CLASS (self); + RealmKerberosMembershipIface *iface = REALM_KERBEROS_MEMBERSHIP_GET_IFACE (self); - if ((enroll && klass->enroll_automatic_async == NULL) || - (!enroll && klass->unenroll_automatic_async == NULL)) { + if ((enroll && iface && iface->enroll_automatic_async == NULL) || + (!enroll && iface && iface->unenroll_automatic_async == NULL)) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_NOT_SUPPORTED, enroll ? _("Enrolling this realm without credentials is not supported") : @@ -269,12 +270,12 @@ enroll_or_unenroll_with_automatic (RealmKerberos *self, } if (enroll) { - g_return_if_fail (klass->enroll_finish != NULL); - (klass->enroll_automatic_async) (self, flags, options, invocation, + g_return_if_fail (iface->enroll_finish != NULL); + (iface->enroll_automatic_async) (REALM_KERBEROS_MEMBERSHIP (self), flags, options, invocation, on_enroll_complete, method_closure_new (self, invocation)); } else { - g_return_if_fail (klass->enroll_finish != NULL); - (klass->unenroll_automatic_async) (self, flags, options, invocation, + g_return_if_fail (iface->enroll_finish != NULL); + (iface->unenroll_automatic_async) (REALM_KERBEROS_MEMBERSHIP (self), flags, options, invocation, on_unenroll_complete, method_closure_new (self, invocation)); } } @@ -585,27 +586,33 @@ realm_kerberos_init (RealmKerberos *self) self->pv->kerberos_iface = realm_dbus_kerberos_skeleton_new (); g_dbus_object_skeleton_add_interface (skeleton, G_DBUS_INTERFACE_SKELETON (self->pv->kerberos_iface)); - - self->pv->membership_iface = realm_dbus_kerberos_membership_skeleton_new (); - g_signal_connect (self->pv->membership_iface, "handle-join", - G_CALLBACK (handle_join), self); - g_signal_connect (self->pv->membership_iface, "handle-leave", - G_CALLBACK (handle_leave), self); - g_dbus_object_skeleton_add_interface (skeleton, G_DBUS_INTERFACE_SKELETON (self->pv->membership_iface)); } static void realm_kerberos_constructed (GObject *obj) { RealmKerberos *self = REALM_KERBEROS (obj); - static const gchar *supported_interfaces[] = { - REALM_DBUS_KERBEROS_INTERFACE, - REALM_DBUS_KERBEROS_MEMBERSHIP_INTERFACE, - NULL, - }; + const gchar *supported_interfaces[3]; G_OBJECT_CLASS (realm_kerberos_parent_class)->constructed (obj); + if (REALM_IS_KERBEROS_MEMBERSHIP (self)) { + self->pv->membership_iface = realm_dbus_kerberos_membership_skeleton_new (); + g_signal_connect (self->pv->membership_iface, "handle-join", + G_CALLBACK (handle_join), self); + g_signal_connect (self->pv->membership_iface, "handle-leave", + G_CALLBACK (handle_leave), self); + g_dbus_object_skeleton_add_interface (G_DBUS_OBJECT_SKELETON (self), + G_DBUS_INTERFACE_SKELETON (self->pv->membership_iface)); + } + + supported_interfaces[0] = REALM_DBUS_KERBEROS_INTERFACE; + if (self->pv->membership_iface) + supported_interfaces[1] = REALM_DBUS_KERBEROS_MEMBERSHIP_INTERFACE; + else + supported_interfaces[1] = NULL; + supported_interfaces[2] = NULL; + realm_dbus_realm_set_supported_interfaces (self->pv->realm_iface, supported_interfaces); } @@ -660,7 +667,8 @@ realm_kerberos_finalize (GObject *obj) g_object_unref (self->pv->realm_iface); g_object_unref (self->pv->kerberos_iface); - g_object_unref (self->pv->membership_iface); + if (self->pv->membership_iface) + g_object_unref (self->pv->membership_iface); if (self->pv->discovery) g_hash_table_unref (self->pv->discovery); @@ -760,69 +768,6 @@ realm_kerberos_format_login (RealmKerberos *self, return realm_login_name_format (formats[0], user); } -GVariant * -realm_kerberos_build_supported_credentials (RealmKerberosCredential cred_type, - RealmKerberosFlags cred_owner, - ...) -{ - GPtrArray *elements; - GVariant *tuple[2]; - const gchar *string; - GVariant *supported; - va_list va; - - va_start (va, cred_owner); - elements = g_ptr_array_new (); - - while (cred_type != 0) { - if (cred_owner & REALM_KERBEROS_CREDENTIAL_ADMIN) - string = "administrator"; - else if (cred_owner & REALM_KERBEROS_CREDENTIAL_USER) - string = "user"; - else if (cred_owner & REALM_KERBEROS_CREDENTIAL_COMPUTER) - string = "computer"; - else if (cred_owner & REALM_KERBEROS_CREDENTIAL_SECRET) - string = "secret"; - else - g_assert_not_reached (); - - tuple[1] = g_variant_new_string (string); - - switch (cred_type) { - case REALM_KERBEROS_CREDENTIAL_CCACHE: - string = "ccache"; - break; - case REALM_KERBEROS_CREDENTIAL_PASSWORD: - string = "password"; - break; - case REALM_KERBEROS_CREDENTIAL_AUTOMATIC: - string = "automatic"; - break; - default: - g_assert_not_reached (); - break; - } - - tuple[0] = g_variant_new_string (string); - - g_ptr_array_add (elements, g_variant_new_tuple (tuple, 2)); - - cred_type = va_arg (va, RealmKerberosCredential); - if (cred_type != 0) - cred_owner = va_arg (va, RealmKerberosFlags); - } - - va_end (va); - - supported = g_variant_new_array (G_VARIANT_TYPE ("(ss)"), - (GVariant *const *)elements->pdata, - elements->len); - - g_ptr_array_free (elements, TRUE); - g_variant_ref_sink (supported); - return supported; -} - typedef struct { GDBusMethodInvocation *invocation; gchar *principal; @@ -1081,6 +1026,7 @@ realm_kerberos_set_suggested_admin (RealmKerberos *self, const gchar *value) { g_return_if_fail (REALM_IS_KERBEROS (self)); + g_return_if_fail (self->pv->membership_iface != NULL); realm_dbus_kerberos_membership_set_suggested_administrator (self->pv->membership_iface, value); } @@ -1089,6 +1035,7 @@ realm_kerberos_set_supported_join_creds (RealmKerberos *self, GVariant *value) { g_return_if_fail (REALM_IS_KERBEROS (self)); + g_return_if_fail (self->pv->membership_iface != NULL); realm_dbus_kerberos_membership_set_supported_join_credentials (self->pv->membership_iface, value); } @@ -1097,6 +1044,7 @@ realm_kerberos_set_supported_leave_creds (RealmKerberos *self, GVariant *value) { g_return_if_fail (REALM_IS_KERBEROS (self)); + g_return_if_fail (self->pv->membership_iface != NULL); realm_dbus_kerberos_membership_set_supported_leave_credentials (self->pv->membership_iface, value); } diff --git a/service/realm-kerberos.h b/service/realm-kerberos.h index 50b6eaa..b9a08a5 100644 --- a/service/realm-kerberos.h +++ b/service/realm-kerberos.h @@ -32,19 +32,6 @@ typedef enum { REALM_KERBEROS_DENY_ANY_LOGIN = 3, } RealmKerberosLoginPolicy; -typedef enum { - REALM_KERBEROS_CREDENTIAL_ADMIN = 1 << 1, - REALM_KERBEROS_CREDENTIAL_USER = 1 << 2, - REALM_KERBEROS_CREDENTIAL_COMPUTER = 1 << 3, - REALM_KERBEROS_CREDENTIAL_SECRET = 1 << 4, -} RealmKerberosFlags; - -typedef enum { - REALM_KERBEROS_CREDENTIAL_CCACHE = 1, - REALM_KERBEROS_CREDENTIAL_PASSWORD, - REALM_KERBEROS_CREDENTIAL_AUTOMATIC, -} RealmKerberosCredential; - #define REALM_TYPE_KERBEROS (realm_kerberos_get_type ()) #define REALM_KERBEROS(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), REALM_TYPE_KERBEROS, RealmKerberos)) #define REALM_IS_KERBEROS(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), REALM_TYPE_KERBEROS)) @@ -64,62 +51,6 @@ struct _RealmKerberos { struct _RealmKerberosClass { GDBusObjectSkeletonClass parent_class; - void (* enroll_password_async) (RealmKerberos *realm, - const char *name, - const char *password, - RealmKerberosFlags flags, - GVariant *options, - GDBusMethodInvocation *invocation, - GAsyncReadyCallback callback, - gpointer user_data); - - void (* enroll_ccache_async) (RealmKerberos *realm, - GBytes *ccache, - RealmKerberosFlags flags, - GVariant *options, - GDBusMethodInvocation *invocation, - GAsyncReadyCallback callback, - gpointer user_data); - - void (* enroll_automatic_async) (RealmKerberos *realm, - RealmKerberosFlags flags, - GVariant *options, - GDBusMethodInvocation *invocation, - GAsyncReadyCallback callback, - gpointer user_data); - - gboolean (* enroll_finish) (RealmKerberos *realm, - GAsyncResult *result, - GError **error); - - void (* unenroll_password_async) (RealmKerberos *realm, - const char *name, - const char *password, - RealmKerberosFlags flags, - GVariant *options, - GDBusMethodInvocation *invocation, - GAsyncReadyCallback callback, - gpointer user_data); - - void (* unenroll_ccache_async) (RealmKerberos *realm, - GBytes *ccache, - RealmKerberosFlags flags, - GVariant *options, - GDBusMethodInvocation *invocation, - GAsyncReadyCallback callback, - gpointer user_data); - - void (* unenroll_automatic_async) (RealmKerberos *realm, - RealmKerberosFlags flags, - GVariant *options, - GDBusMethodInvocation *invocation, - GAsyncReadyCallback callback, - gpointer user_data); - - gboolean (* unenroll_finish) (RealmKerberos *realm, - GAsyncResult *result, - GError **error); - void (* logins_async) (RealmKerberos *realm, GDBusMethodInvocation *invocation, RealmKerberosLoginPolicy login_policy, @@ -149,10 +80,6 @@ gchar ** realm_kerberos_parse_logins (RealmKerberos *self, gchar * realm_kerberos_format_login (RealmKerberos *self, const gchar *user); -GVariant * realm_kerberos_build_supported_credentials (RealmKerberosCredential cred_type, - RealmKerberosFlags cred_owner, - ...); - void realm_kerberos_kinit_ccache_async (RealmKerberos *self, const gchar *name, const gchar *password, diff --git a/service/realm-samba.c b/service/realm-samba.c index 86d88ab..6789ca7 100644 --- a/service/realm-samba.c +++ b/service/realm-samba.c @@ -21,6 +21,7 @@ #include "realm-discovery.h" #include "realm-errors.h" #include "realm-kerberos.h" +#include "realm-kerberos-membership.h" #include "realm-packages.h" #include "realm-provider.h" #include "realm-samba.h" @@ -49,7 +50,11 @@ enum { PROP_PROVIDER, }; -G_DEFINE_TYPE (RealmSamba, realm_samba, REALM_TYPE_KERBEROS); +static void realm_samba_kerberos_membership_iface (RealmKerberosMembershipIface *iface); + +G_DEFINE_TYPE_WITH_CODE (RealmSamba, realm_samba, REALM_TYPE_KERBEROS, + G_IMPLEMENT_INTERFACE (REALM_TYPE_KERBEROS_MEMBERSHIP, realm_samba_kerberos_membership_iface); +); static void realm_samba_init (RealmSamba *self) @@ -75,7 +80,7 @@ realm_samba_constructed (GObject *obj) * same for enroll/unenroll. We can't accept a ccache, because samba3 needs * to have credentials limited to RC4. */ - supported = realm_kerberos_build_supported_credentials ( + supported = realm_kerberos_membership_build_supported ( REALM_KERBEROS_CREDENTIAL_PASSWORD, REALM_KERBEROS_CREDENTIAL_ADMIN, REALM_KERBEROS_CREDENTIAL_PASSWORD, REALM_KERBEROS_CREDENTIAL_USER, 0); @@ -257,7 +262,7 @@ on_kinit_do_install (GObject *source, } static void -realm_samba_enroll_async (RealmKerberos *realm, +realm_samba_enroll_async (RealmKerberosMembership *membership, const gchar *name, const gchar *password, RealmKerberosFlags flags, @@ -266,6 +271,7 @@ realm_samba_enroll_async (RealmKerberos *realm, GAsyncReadyCallback callback, gpointer user_data) { + RealmKerberos *realm = REALM_KERBEROS (membership); RealmSamba *self = REALM_SAMBA (realm); GSimpleAsyncResult *res; EnrollClosure *enroll; @@ -384,7 +390,7 @@ on_kinit_do_leave (GObject *source, } static void -realm_samba_unenroll_async (RealmKerberos *realm, +realm_samba_unenroll_async (RealmKerberosMembership *membership, const gchar *name, const gchar *password, RealmKerberosFlags flags, @@ -393,6 +399,7 @@ realm_samba_unenroll_async (RealmKerberos *realm, GAsyncReadyCallback callback, gpointer user_data) { + RealmKerberos *realm = REALM_KERBEROS (membership); RealmSamba *self = REALM_SAMBA (realm); GSimpleAsyncResult *res; UnenrollClosure *unenroll; @@ -558,6 +565,18 @@ on_config_changed (RealmIniConfig *config, } static gboolean +realm_samba_membership_generic_finish (RealmKerberosMembership *realm, + GAsyncResult *result, + GError **error) +{ + if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error)) + return FALSE; + + update_properties (REALM_SAMBA (realm)); + return TRUE; +} + +static gboolean realm_samba_generic_finish (RealmKerberos *realm, GAsyncResult *result, GError **error) @@ -620,10 +639,6 @@ realm_samba_class_init (RealmSambaClass *klass) RealmKerberosClass *kerberos_class = REALM_KERBEROS_CLASS (klass); GObjectClass *object_class = G_OBJECT_CLASS (klass); - kerberos_class->enroll_password_async = realm_samba_enroll_async; - kerberos_class->enroll_finish = realm_samba_generic_finish; - kerberos_class->unenroll_password_async = realm_samba_unenroll_async; - kerberos_class->unenroll_finish = realm_samba_generic_finish; kerberos_class->logins_async = realm_samba_logins_async; kerberos_class->logins_finish = realm_samba_generic_finish; @@ -637,6 +652,15 @@ realm_samba_class_init (RealmSambaClass *klass) REALM_TYPE_PROVIDER, G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS)); } +static void +realm_samba_kerberos_membership_iface (RealmKerberosMembershipIface *iface) +{ + iface->enroll_password_async = realm_samba_enroll_async; + iface->enroll_finish = realm_samba_membership_generic_finish; + iface->unenroll_password_async = realm_samba_unenroll_async; + iface->unenroll_finish = realm_samba_membership_generic_finish; +} + RealmKerberos * realm_samba_new (const gchar *name, RealmProvider *provider) diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c index db60a7c..f6fe87c 100644 --- a/service/realm-sssd-ad.c +++ b/service/realm-sssd-ad.c @@ -18,6 +18,7 @@ #include "realm-dbus-constants.h" #include "realm-diagnostics.h" #include "realm-errors.h" +#include "realm-kerberos-membership.h" #include "realm-packages.h" #include "realm-samba-enroll.h" #include "realm-service.h" @@ -39,7 +40,11 @@ typedef struct { RealmSssdClass parent_class; } RealmSssdAdClass; -G_DEFINE_TYPE (RealmSssdAd, realm_sssd_ad, REALM_TYPE_SSSD); +static void realm_sssd_ad_kerberos_membership_iface (RealmKerberosMembershipIface *iface); + +G_DEFINE_TYPE_WITH_CODE (RealmSssdAd, realm_sssd_ad, REALM_TYPE_SSSD, + G_IMPLEMENT_INTERFACE (REALM_TYPE_KERBEROS_MEMBERSHIP, realm_sssd_ad_kerberos_membership_iface); +); static void realm_sssd_ad_init (RealmSssdAd *self) @@ -65,7 +70,7 @@ realm_sssd_ad_constructed (GObject *obj) * same for enroll/unenroll. We can't accept a ccache, because samba3 needs * to have credentials limited to RC4. */ - supported = realm_kerberos_build_supported_credentials ( + supported = realm_kerberos_membership_build_supported ( REALM_KERBEROS_CREDENTIAL_PASSWORD, REALM_KERBEROS_CREDENTIAL_ADMIN, REALM_KERBEROS_CREDENTIAL_PASSWORD, REALM_KERBEROS_CREDENTIAL_USER, 0); @@ -276,7 +281,7 @@ on_kinit_do_install (GObject *source, } static void -realm_sssd_ad_enroll_async (RealmKerberos *realm, +realm_sssd_ad_enroll_async (RealmKerberosMembership *membership, const char *name, const char *password, RealmKerberosFlags flags, @@ -285,6 +290,7 @@ realm_sssd_ad_enroll_async (RealmKerberos *realm, GAsyncReadyCallback callback, gpointer user_data) { + RealmKerberos *realm = REALM_KERBEROS (membership); RealmSssd *sssd = REALM_SSSD (realm); GSimpleAsyncResult *res; EnrollClosure *enroll; @@ -431,7 +437,7 @@ on_kinit_do_leave (GObject *source, } static void -realm_sssd_ad_unenroll_async (RealmKerberos *realm, +realm_sssd_ad_unenroll_async (RealmKerberosMembership *membership, const gchar *name, const gchar *password, RealmKerberosFlags flags, @@ -440,6 +446,7 @@ realm_sssd_ad_unenroll_async (RealmKerberos *realm, GAsyncReadyCallback callback, gpointer user_data) { + RealmKerberos *realm = REALM_KERBEROS (membership); RealmSssd *sssd = REALM_SSSD (realm); GSimpleAsyncResult *res; UnenrollClosure *unenroll; @@ -472,7 +479,7 @@ realm_sssd_ad_unenroll_async (RealmKerberos *realm, } static gboolean -realm_sssd_ad_generic_finish (RealmKerberos *realm, +realm_sssd_ad_generic_finish (RealmKerberosMembership *realm, GAsyncResult *result, GError **error) { @@ -485,13 +492,16 @@ realm_sssd_ad_generic_finish (RealmKerberos *realm, void realm_sssd_ad_class_init (RealmSssdAdClass *klass) { - RealmKerberosClass *kerberos_class = REALM_KERBEROS_CLASS (klass); GObjectClass *object_class = G_OBJECT_CLASS (klass); - object_class->constructed = realm_sssd_ad_constructed; +} - kerberos_class->enroll_password_async = realm_sssd_ad_enroll_async; - kerberos_class->enroll_finish = realm_sssd_ad_generic_finish; - kerberos_class->unenroll_password_async = realm_sssd_ad_unenroll_async; - kerberos_class->unenroll_finish = realm_sssd_ad_generic_finish; + +static void +realm_sssd_ad_kerberos_membership_iface (RealmKerberosMembershipIface *iface) +{ + iface->enroll_password_async = realm_sssd_ad_enroll_async; + iface->enroll_finish = realm_sssd_ad_generic_finish; + iface->unenroll_password_async = realm_sssd_ad_unenroll_async; + iface->unenroll_finish = realm_sssd_ad_generic_finish; } diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c index 02abe83..ed9dee8 100644 --- a/service/realm-sssd-ipa.c +++ b/service/realm-sssd-ipa.c @@ -53,7 +53,6 @@ static void realm_sssd_ipa_constructed (GObject *obj) { RealmKerberos *kerberos = REALM_KERBEROS (obj); - GVariant *supported; G_OBJECT_CLASS (realm_sssd_ipa_parent_class)->constructed (obj); @@ -61,78 +60,11 @@ realm_sssd_ipa_constructed (GObject *obj) REALM_DBUS_OPTION_SERVER_SOFTWARE, REALM_DBUS_IDENTIFIER_FREEIPA, REALM_DBUS_OPTION_CLIENT_SOFTWARE, REALM_DBUS_IDENTIFIER_SSSD, NULL); - - /* - * Each line is a combination of owner and what kind of credentials are supported, - * same for enroll/unenroll. Enroll is not currently implemented: empty. - */ - supported = realm_kerberos_build_supported_credentials (0, 0); - g_variant_ref_sink (supported); - realm_kerberos_set_supported_join_creds (kerberos, supported); - realm_kerberos_set_supported_leave_creds (kerberos, supported); - g_variant_unref (supported); - - realm_kerberos_set_suggested_admin (kerberos, "admin"); -} - -static void -realm_sssd_ipa_enroll_async (RealmKerberos *realm, - GBytes *admin_kerberos_cache, - RealmKerberosFlags flags, - GVariant *options, - GDBusMethodInvocation *invocation, - GAsyncReadyCallback callback, - gpointer user_data) -{ - GSimpleAsyncResult *async; - - async = g_simple_async_result_new (G_OBJECT (realm), callback, user_data, - realm_sssd_ipa_enroll_async); - g_simple_async_result_set_error (async, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, "Enroll not yet supported"); - g_simple_async_result_complete (async); - g_object_unref (async); -} - - -static void -realm_sssd_ipa_unenroll_async (RealmKerberos *realm, - GBytes *admin_kerberos_cache, - RealmKerberosFlags flags, - GVariant *options, - GDBusMethodInvocation *invocation, - GAsyncReadyCallback callback, - gpointer user_data) -{ - GSimpleAsyncResult *async; - - async = g_simple_async_result_new (G_OBJECT (realm), callback, user_data, - realm_sssd_ipa_enroll_async); - g_simple_async_result_set_error (async, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, "Unenroll not yet supported"); - g_simple_async_result_complete (async); - g_object_unref (async); -} - -static gboolean -realm_sssd_ipa_generic_finish (RealmKerberos *realm, - GAsyncResult *result, - GError **error) -{ - if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error)) - return FALSE; - - return TRUE; } void realm_sssd_ipa_class_init (RealmSssdIpaClass *klass) { - RealmKerberosClass *kerberos_class = REALM_KERBEROS_CLASS (klass); GObjectClass *object_class = G_OBJECT_CLASS (klass); - object_class->constructed = realm_sssd_ipa_constructed; - - kerberos_class->enroll_ccache_async = realm_sssd_ipa_enroll_async; - kerberos_class->enroll_finish = realm_sssd_ipa_generic_finish; - kerberos_class->unenroll_ccache_async = realm_sssd_ipa_unenroll_async; - kerberos_class->unenroll_finish = realm_sssd_ipa_generic_finish; } -- 1.7.12