aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am14
-rw-r--r--src/Makefile.in30
-rw-r--r--src/ka-applet-priv.h5
-rw-r--r--src/ka-applet.c28
-rw-r--r--src/ka-dbus.c273
-rw-r--r--src/ka-dbus.h12
-rw-r--r--src/ka-dbus.xml30
-rw-r--r--src/ka-dialog.c1514
-rw-r--r--src/ka-pwdialog.c403
-rw-r--r--src/ka-pwdialog.h21
-rw-r--r--src/ka-tickets.c147
-rw-r--r--src/ka-tickets.h18
12 files changed, 1294 insertions, 1201 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index fb64219..65d2a92 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -66,7 +66,6 @@ krb5_auth_dialog_CPPFLAGS = \
krb5_auth_dialog_CFLAGS = \
$(GMODULE_CFLAGS) \
$(GTK_CFLAGS) \
- $(DBUS_CFLAGS) \
$(GCONF_CFLAGS) \
$(KRB5_CFLAGS) \
$(NETWORK_MANAGER_CFLAGS) \
@@ -81,23 +80,12 @@ krb5_auth_dialog_LDADD = \
$(LIBCAP) \
$(KRB5_LIBS) \
$(LIBNOTIFY_LIBS) \
- $(DBUS_LIBS) \
$(GCONF_LIBS) \
$(GIO_LIBS) \
$(GMODULE_LIBS) \
$(GTK_LIBS) \
$(NULL)
-BUILT_SOURCES = \
- ka-dbus-glue.h \
- $(NULL)
-
-ka-dbus-glue.h: $(srcdir)/ka-dbus.xml
- dbus-binding-tool \
- --mode=glib-server \
- --prefix=krb5_auth_dialog \
- $< > $@
-
AM_CPPFLAGS = \
-I $(top_srcdir)/secmem/ \
$(DISABLE_DEPRECATED) \
@@ -113,14 +101,12 @@ EXTRA_DIST = \
$(schema_in_files) \
$(autostart_in_files) \
$(service_in_files) \
- $(srcdir)/ka-dbus.xml \
krb5-auth-dialog.1.in \
$(NULL)
CLEANFILES = $(schema_DATA) $(service_DATA)
DISTCLEANFILES = \
krb5-auth-dialog.desktop \
- ka-dbus-glue.h \
$(NULL)
install-data-local: $(schema_DATA)
diff --git a/src/Makefile.in b/src/Makefile.in
index 12cb8fa..f2e9f97 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -74,7 +74,7 @@ krb5_auth_dialog_DEPENDENCIES = $(top_builddir)/secmem/libsecmem.a \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_$(V))
am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
am__v_lt_0 = --silent
@@ -161,8 +161,6 @@ CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DATADIRNAME = @DATADIRNAME@
-DBUS_CFLAGS = @DBUS_CFLAGS@
-DBUS_LIBS = @DBUS_LIBS@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@
@@ -377,7 +375,6 @@ krb5_auth_dialog_CPPFLAGS = \
krb5_auth_dialog_CFLAGS = \
$(GMODULE_CFLAGS) \
$(GTK_CFLAGS) \
- $(DBUS_CFLAGS) \
$(GCONF_CFLAGS) \
$(KRB5_CFLAGS) \
$(NETWORK_MANAGER_CFLAGS) \
@@ -392,17 +389,12 @@ krb5_auth_dialog_LDADD = \
$(LIBCAP) \
$(KRB5_LIBS) \
$(LIBNOTIFY_LIBS) \
- $(DBUS_LIBS) \
$(GCONF_LIBS) \
$(GIO_LIBS) \
$(GMODULE_LIBS) \
$(GTK_LIBS) \
$(NULL)
-BUILT_SOURCES = \
- ka-dbus-glue.h \
- $(NULL)
-
AM_CPPFLAGS = \
-I $(top_srcdir)/secmem/ \
$(DISABLE_DEPRECATED) \
@@ -417,18 +409,15 @@ EXTRA_DIST = \
$(schema_in_files) \
$(autostart_in_files) \
$(service_in_files) \
- $(srcdir)/ka-dbus.xml \
krb5-auth-dialog.1.in \
$(NULL)
CLEANFILES = $(schema_DATA) $(service_DATA)
DISTCLEANFILES = \
krb5-auth-dialog.desktop \
- ka-dbus-glue.h \
$(NULL)
-all: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) all-am
+all: all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
@@ -1003,15 +992,13 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
-check: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) check-am
+check: check-am
all-am: Makefile $(PROGRAMS) $(MANS) $(DATA)
installdirs:
for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(autostartdir)" "$(DESTDIR)$(desktopdir)" "$(DESTDIR)$(pkgdatadir)" "$(DESTDIR)$(schemadir)" "$(DESTDIR)$(servicedir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
-install: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) install-am
+install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
@@ -1038,7 +1025,6 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
- -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
clean: clean-am
clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
@@ -1115,7 +1101,7 @@ uninstall-am: uninstall-autostartDATA uninstall-binPROGRAMS \
uninstall-man: uninstall-man1
-.MAKE: all check install install-am install-strip
+.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
clean-generic clean-libtool ctags distclean distclean-compile \
@@ -1142,12 +1128,6 @@ uninstall-man: uninstall-man1
$(service_DATA): $(service_in_files) Makefile
sed -e "s|\@BINDIR\@|$(bindir)|" $< > $@
-ka-dbus-glue.h: $(srcdir)/ka-dbus.xml
- dbus-binding-tool \
- --mode=glib-server \
- --prefix=krb5_auth_dialog \
- $< > $@
-
install-data-local: $(schema_DATA)
@GCONF_SCHEMAS_INSTALL_TRUE@ if test -z "$(DESTDIR)" ; then \
@GCONF_SCHEMAS_INSTALL_TRUE@ for p in $^ ; do \
diff --git a/src/ka-applet-priv.h b/src/ka-applet-priv.h
index a64848c..bd55996 100644
--- a/src/ka-applet-priv.h
+++ b/src/ka-applet-priv.h
@@ -42,6 +42,8 @@ G_BEGIN_DECLS
KA_SIGNAL_COUNT
} KaAppletSignalNumber;
+extern const gchar *ka_signal_names[];
+
/* public functions */
gboolean ka_applet_get_show_trayicon (const KaApplet *self);
void ka_applet_set_tgt_renewable (KaApplet *self, gboolean renewable);
@@ -53,8 +55,11 @@ void ka_applet_signal_emit (KaApplet *self, KaAppletSignalNumber signum,
krb5_timestamp expiry);
void ka_applet_set_msg (KaApplet *self, const char *msg);
+
/* create the applet */
KaApplet *ka_applet_create (void);
+/* destroy the applet */
+void ka_applet_destroy (KaApplet *self);
/* update tooltip and icon */
int ka_applet_update_status (KaApplet *self, krb5_timestamp expiry);
diff --git a/src/ka-applet.c b/src/ka-applet.c
index 7de9204..2d4981e 100644
--- a/src/ka-applet.c
+++ b/src/ka-applet.c
@@ -51,6 +51,14 @@ enum {
KA_PROP_TGT_RENEWABLE,
};
+
+const gchar *ka_signal_names[KA_SIGNAL_COUNT] = {
+ "krb-tgt-acquired",
+ "krb-tgt-renewed",
+ "krb-tgt-expired",
+};
+
+
struct _KaApplet {
GObject parent;
@@ -252,12 +260,6 @@ ka_applet_class_init (KaAppletClass *klass)
{
GObjectClass *object_class = G_OBJECT_CLASS (klass);
GParamSpec *pspec;
-
- const gchar *signalNames[KA_SIGNAL_COUNT] = {
- "krb-tgt-acquired",
- "krb-tgt-renewed",
- "krb-tgt-expired"
- };
int i;
object_class->dispose = ka_applet_dispose;
@@ -320,7 +322,7 @@ ka_applet_class_init (KaAppletClass *klass)
for (i = 0; i < KA_SIGNAL_COUNT; i++) {
guint signalId;
- signalId = g_signal_new (signalNames[i], G_OBJECT_CLASS_TYPE (klass),
+ signalId = g_signal_new (ka_signal_names[i], G_OBJECT_CLASS_TYPE (klass),
G_SIGNAL_RUN_LAST, 0, NULL, NULL,
ka_closure_VOID__STRING_UINT,
G_TYPE_NONE, 2, /* number of parameters */
@@ -707,8 +709,7 @@ ka_applet_cb_quit (GtkMenuItem *menuitem G_GNUC_UNUSED, gpointer user_data)
{
KaApplet *applet = KA_APPLET (user_data);
- g_object_unref (applet);
- gtk_main_quit ();
+ ka_applet_destroy (applet);
}
@@ -978,6 +979,15 @@ ka_ns_check_persistence (KaApplet *self)
}
+/* destroy the applet and quit */
+void
+ka_applet_destroy (KaApplet* applet)
+{
+ g_object_unref (applet);
+ gtk_main_quit ();
+}
+
+
/* create the tray icon applet */
KaApplet *
ka_applet_create ()
diff --git a/src/ka-dbus.c b/src/ka-dbus.c
index f8a00d6..4a7be2c 100644
--- a/src/ka-dbus.c
+++ b/src/ka-dbus.c
@@ -1,6 +1,6 @@
/* Krb5 Auth Applet -- Acquire and release kerberos tickets
*
- * (C) 2008,2009 Guido Guenther <agx@sigxcpu.org>
+ * (C) 2008,2009,2011 Guido Guenther <agx@sigxcpu.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -20,100 +20,227 @@
#include "config.h"
-#include <dbus/dbus-glib.h>
#include "ka-applet-priv.h"
#include "ka-dialog.h"
#include "ka-dbus.h"
-#include "ka-dbus-glue.h"
-static DBusGConnection *session;
+static guint dbus_owner_id;
+static GDBusConnection *dbus_connection;
+static const char *dbus_object_path = "/org/gnome/KrbAuthDialog";
+static const char *dbus_interface_name = "org.gnome.KrbAuthDialog";
+static GDBusNodeInfo *introspection_data;
+
gboolean
ka_dbus_acquire_tgt (KaApplet *applet,
- const gchar *principal, DBusGMethodInvocation *context)
+ const gchar *principal)
{
- gboolean success;
+ gboolean success;
- KA_DEBUG("Getting TGT for '%s'", principal);
- success = ka_check_credentials(applet, principal);
- dbus_g_method_return(context, success);
- return TRUE;
+ KA_DEBUG ("Getting TGT for '%s'", principal);
+ success = ka_check_credentials (applet, principal);
+ return success;
}
gboolean
-ka_dbus_destroy_ccache(KaApplet* applet, DBusGMethodInvocation *context)
+ka_dbus_destroy_ccache (KaApplet *applet)
{
- gboolean success;
+ gboolean success;
- KA_DEBUG("Destroying ticket cache");
- success = ka_destroy_ccache (applet);
- dbus_g_method_return(context, success);
- return TRUE;
+ KA_DEBUG ("Destroying ticket cache");
+ success = ka_destroy_ccache (applet);
+ return success;
}
-gboolean
-ka_dbus_service(KaApplet* applet)
+static const gchar ka_dbus_introspection_xml[] =
+ "<node>"
+ " <interface name='org.gnome.KrbAuthDialog'>"
+ " <method name='acquireTgt'>"
+ " <arg type='s' name='principal' direction='in' />"
+ " <arg type='b' name='success' direction='out'/>"
+ " </method>"
+ " <method name='destroyCCache'>"
+ " <arg type='b' name='success' direction='out'/>"
+ " </method>"
+ " <signal name='krb_tgt_acquired'>"
+ " <arg type='s' name='principal' direction ='out'/>"
+ " <arg type='u' name='expiry' direction ='out'/>"
+ " </signal>"
+ " <signal name='krb_tgt_renewed'>"
+ " <arg type='s' name='principal' direction ='out'/>"
+ " <arg type='u' name='expiry' direction ='out'/>"
+ " </signal>"
+ " <signal name='krb_tgt_expired'>"
+ " <arg type='s' name='principal' direction ='out'/>"
+ " <arg type='u' name='expiry' direction ='out'/>"
+ " </signal>"
+ " </interface>"
+ "</node>";
+
+
+static void
+ka_dbus_handle_method_call (GDBusConnection *connection G_GNUC_UNUSED,
+ const gchar *sender G_GNUC_UNUSED,
+ const gchar *object_path G_GNUC_UNUSED,
+ const gchar *interface_name G_GNUC_UNUSED,
+ const gchar *method_name,
+ GVariant *parameters,
+ GDBusMethodInvocation *invocation,
+ gpointer user_data)
{
- dbus_g_connection_register_g_object (session,
- "/org/gnome/KrbAuthDialog",
- G_OBJECT(applet));
- return TRUE;
+ KaApplet *applet = user_data;
+ gboolean ret;
+
+ g_warn_if_fail (applet != NULL);
+
+ if (g_strcmp0 (method_name, "acquireTgt") == 0) {
+ const char *principal;
+
+ g_variant_get (parameters, "(s)", &principal);
+ ret = ka_dbus_acquire_tgt (applet, principal);
+ g_dbus_method_invocation_return_value (invocation,
+ g_variant_new("(b)", ret));
+ } else if (g_strcmp0 (method_name, "destroyCCache") == 0) {
+ ret = ka_dbus_destroy_ccache (applet);
+ g_dbus_method_invocation_return_value (invocation,
+ g_variant_new("(b)", ret));
+ }
+}
+
+static gchar* ka_dbus_signal_name (const gchar *name)
+{
+ gchar *c;
+ gchar *signal_name = g_strdup(name);
+
+ /* The DBus signal names use underscores */
+ for (c = signal_name; *c != '\0'; c++ ) {
+ if (*c == '-')
+ *c = '_';
+ }
+
+ return signal_name;
+}
+
+/* Emit DBus signals */
+static void
+ka_dbus_signal_cb (gpointer *applet G_GNUC_UNUSED,
+ gchar *princ,
+ guint when, gpointer user_data)
+{
+ GError *error = NULL;
+ gchar *signal_name;
+
+ signal_name = ka_dbus_signal_name(user_data);
+ if (!g_dbus_connection_emit_signal (dbus_connection,
+ NULL,
+ dbus_object_path,
+ dbus_interface_name,
+ signal_name,
+ g_variant_new ("(su)",
+ princ,
+ when),
+ &error)) {
+ g_warning ("Failed to emit DBus signal %s: %s",
+ signal_name,
+ error->message);
+ g_clear_error (&error);
+ }
+ g_free (signal_name);
+}
+
+
+static void
+ka_dbus_connect_signals(KaApplet *applet)
+{
+ int i;
+
+ for (i = 0; i < KA_SIGNAL_COUNT; i++) {
+ g_signal_connect (applet, ka_signal_names[i],
+ G_CALLBACK (ka_dbus_signal_cb),
+ (gpointer)ka_signal_names[i]);
+ }
+}
+
+
+static const GDBusInterfaceVTable interface_vtable =
+{
+ .method_call = ka_dbus_handle_method_call,
+};
+
+
+static void
+ka_dbus_on_name_acquired (GDBusConnection *connection,
+ const gchar *name G_GNUC_UNUSED,
+ gpointer user_data)
+{
+ KaApplet *applet = user_data;
+ guint id;
+
+ introspection_data = g_dbus_node_info_new_for_xml (
+ ka_dbus_introspection_xml,
+ NULL);
+
+ id = g_dbus_connection_register_object (connection,
+ "/org/gnome/KrbAuthDialog",
+ introspection_data->interfaces[0],
+ &interface_vtable,
+ applet,
+ NULL, /* user_data_free_func */
+ NULL); /* GError** */
+ if (!id)
+ g_error ("Failed to regiester DBus object");
+ ka_dbus_connect_signals (applet);
+
+ dbus_connection = connection;
+}
+
+
+static void
+ka_dbus_on_name_lost (GDBusConnection *connection G_GNUC_UNUSED,
+ const gchar *name G_GNUC_UNUSED,
+ gpointer user_data)
+{
+ KaApplet *applet = user_data;
+
+ g_warning ("Cannot acquire DBUS name");
+ ka_applet_destroy (applet);
+}
+
+
+void
+ka_dbus_disconnect ()
+{
+ if (introspection_data) {
+ g_dbus_node_info_unref (introspection_data);
+ introspection_data = NULL;
+ }
+
+ if (dbus_owner_id) {
+ g_bus_unown_name (dbus_owner_id);
+ dbus_owner_id = 0;
+ }
+ dbus_connection = NULL;
}
gboolean
-ka_dbus_connect(unsigned int* status)
+ka_dbus_connect (KaApplet *applet)
{
- guint request_name_reply;
- unsigned int flags;
- DBusGProxy *bus_proxy;
- GError *error = NULL;
-
- /* Connect to the session bus so we get exit-on-disconnect semantics. */
- session = dbus_g_bus_get(DBUS_BUS_SESSION, &error);
- if (session == NULL) {
- g_error ("couldn't connect to session bus: %s", (error) ? error->message : "(null)");
- *status = 1;
- g_clear_error (&error);
- return FALSE;
- }
- flags = DBUS_NAME_FLAG_DO_NOT_QUEUE;
- bus_proxy = dbus_g_proxy_new_for_name (session,
- "org.freedesktop.DBus",
- "/org/freedesktop/DBus",
- "org.freedesktop.DBus");
-
- dbus_g_object_type_install_info(KA_TYPE_APPLET,
- &dbus_glib_krb5_auth_dialog_object_info);
-
- if (!dbus_g_proxy_call (bus_proxy,
- "RequestName",
- &error,
- G_TYPE_STRING,
- "org.gnome.KrbAuthDialog",
- G_TYPE_UINT,
- flags,
- G_TYPE_INVALID,
- G_TYPE_UINT,
- &request_name_reply,
- G_TYPE_INVALID)) {
- g_warning ("Failed to invoke RequestName: %s",
- error->message);
- }
- g_clear_error (&error);
- g_object_unref (bus_proxy);
-
- if (request_name_reply == DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER
- || request_name_reply == DBUS_REQUEST_NAME_REPLY_ALREADY_OWNER)
- ;
- else if (request_name_reply == DBUS_REQUEST_NAME_REPLY_EXISTS
- || request_name_reply == DBUS_REQUEST_NAME_REPLY_IN_QUEUE) {
- *status = 0;
- return FALSE;
- } else {
- g_assert_not_reached();
- }
- return TRUE;
+ g_return_val_if_fail (applet != 0, FALSE);
+
+ dbus_owner_id = g_bus_own_name (G_BUS_TYPE_SESSION,
+ "org.gnome.KrbAuthDialog",
+ G_BUS_NAME_OWNER_FLAGS_ALLOW_REPLACEMENT,
+ NULL,
+ ka_dbus_on_name_acquired,
+ ka_dbus_on_name_lost,
+ applet,
+ NULL);
+ return TRUE;
}
+
+/*
+ * vim:ts=4:sts=4:sw=4:et:
+ */
diff --git a/src/ka-dbus.h b/src/ka-dbus.h
index 23828b7..41b30d7 100644
--- a/src/ka-dbus.h
+++ b/src/ka-dbus.h
@@ -22,16 +22,12 @@
#define KA_DBUS_H
#include <glib.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
#include "ka-applet-priv.h"
-gboolean ka_dbus_connect(unsigned int* status);
-gboolean ka_dbus_service(KaApplet* applet);
+gboolean ka_dbus_connect (KaApplet *applet);
+void ka_dbus_disconnect (void);
gboolean ka_dbus_acquire_tgt (KaApplet *applet,
- const gchar *principal,
- DBusGMethodInvocation *context);
-gboolean ka_dbus_destroy_ccache(KaApplet* applet,
- DBusGMethodInvocation *context);
+ const gchar *principal);
+gboolean ka_dbus_destroy_ccache (KaApplet *applet);
#endif /* KA_DBUS_H */
diff --git a/src/ka-dbus.xml b/src/ka-dbus.xml
deleted file mode 100644
index 9d6b1a4..0000000
--- a/src/ka-dbus.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<node name="/org/gnome/KrbAuthDialog">
- <interface name="org.gnome.KrbAuthDialog">
- <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="KaApplet"/>
- <method name="acquireTgt">
- <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="ka_dbus_acquire_tgt"/>
- <annotation name="org.freedesktop.DBus.GLib.Async" value="true"/>
- <arg type="s" name="principal" direction="in" />
- <arg type="b" name="success" direction="out"/>
- </method>
- <method name="destroyCCache">
- <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="ka_dbus_destroy_ccache"/>
- <annotation name="org.freedesktop.DBus.GLib.Async" value="true"/>
- <arg type="b" name="success" direction="out"/>
- </method>
- <signal name="krb_tgt_acquired">
- <arg type="s" name="principal" direction ="out"/>
- <arg type="u" name="expiry" direction ="out"/>
- </signal>
- <signal name="krb_tgt_renewed">
- <arg type="s" name="principal" direction ="out"/>
- <arg type="u" name="expiry" direction ="out"/>
- </signal>
- <signal name="krb_tgt_expired">
- <arg type="s" name="principal" direction ="out"/>
- <arg type="u" name="expiry" direction ="out"/>
- </signal>
- </interface>
-</node>
diff --git a/src/ka-dialog.c b/src/ka-dialog.c
index 3114f49..5b11621 100644
--- a/src/ka-dialog.c
+++ b/src/ka-dialog.c
@@ -47,7 +47,7 @@
#endif
#ifdef HAVE_HX509_ERR_H
-# include <hx509_err.h>
+#include <hx509_err.h>
#endif
static krb5_context kcontext;
@@ -59,9 +59,10 @@ static gboolean invalid_auth;
static gboolean always_run;
static gboolean is_online = TRUE;
-static int grab_credentials (KaApplet* applet);
-static int ka_renew_credentials (KaApplet* applet);
-static gboolean ka_get_tgt_from_ccache (krb5_context context, krb5_creds *creds);
+static int grab_credentials (KaApplet *applet);
+static int ka_renew_credentials (KaApplet *applet);
+static gboolean ka_get_tgt_from_ccache (krb5_context context,
+ krb5_creds *creds);
#ifdef ENABLE_NETWORK_MANAGER
NMClient *nm_client;
@@ -69,82 +70,82 @@ NMClient *nm_client;
/* YAY for different Kerberos implementations */
static int
-get_cred_forwardable(krb5_creds *creds)
+get_cred_forwardable (krb5_creds *creds)
{
#if defined(HAVE_KRB5_CREDS_TICKET_FLAGS) && defined(TKT_FLG_FORWARDABLE)
- return creds->ticket_flags & TKT_FLG_FORWARDABLE;
+ return creds->ticket_flags & TKT_FLG_FORWARDABLE;
#elif defined(HAVE_KRB5_CREDS_FLAGS_B_FORWARDABLE)
- return creds->flags.b.forwardable;
+ return creds->flags.b.forwardable;
#elif defined(HAVE_KRB5_CREDS_FLAGS) && defined(KDC_OPT_FORWARDABLE)
- return creds->flags & KDC_OPT_FORWARDABLE;
+ return creds->flags & KDC_OPT_FORWARDABLE;
#endif
}
static int
-get_cred_renewable(krb5_creds *creds)
+get_cred_renewable (krb5_creds *creds)
{
#if defined(HAVE_KRB5_CREDS_TICKET_FLAGS) && defined(TKT_FLG_RENEWABLE)
- return creds->ticket_flags & TKT_FLG_RENEWABLE;
+ return creds->ticket_flags & TKT_FLG_RENEWABLE;
#elif defined(HAVE_KRB5_CREDS_FLAGS_B_RENEWABLE)
- return creds->flags.b.renewable;
+ return creds->flags.b.renewable;
#elif defined(HAVE_KRB5_CREDS_FLAGS) && defined(KDC_OPT_RENEWABLE)
- return creds->flags & KDC_OPT_RENEWABLE;
+ return creds->flags & KDC_OPT_RENEWABLE;
#endif
}
static krb5_error_code
-get_renewed_creds(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_ccache ccache,
- char *in_tkt_service)
+get_renewed_creds (krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_ccache ccache, char *in_tkt_service)
{
#ifdef HAVE_KRB5_GET_RENEWED_CREDS
- return krb5_get_renewed_creds (context, creds, client, ccache, in_tkt_service);
+ return krb5_get_renewed_creds (context, creds, client, ccache,
+ in_tkt_service);
#else
- return 1; /* XXX is there something better to return? */
+ return 1; /* XXX is there something better to return? */
#endif
}
static int
-get_cred_proxiable(krb5_creds *creds)
+get_cred_proxiable (krb5_creds *creds)
{
#if defined(HAVE_KRB5_CREDS_TICKET_FLAGS) && defined(TKT_FLG_PROXIABLE)
- return creds->ticket_flags & TKT_FLG_PROXIABLE;
+ return creds->ticket_flags & TKT_FLG_PROXIABLE;
#elif defined(HAVE_KRB5_CREDS_FLAGS_B_PROXIABLE)
- return creds->flags.b.proxiable;
+ return creds->flags.b.proxiable;
#elif defined(HAVE_KRB5_CREDS_FLAGS) && defined(KDC_OPT_PROXIABLE)
- return creds->flags & KDC_OPT_PROXIABLE;
+ return creds->flags & KDC_OPT_PROXIABLE;
#endif
}
static size_t
-get_principal_realm_length(krb5_principal p)
+get_principal_realm_length (krb5_principal p)
{
#if defined(HAVE_KRB5_PRINCIPAL_REALM_AS_STRING)
- return strlen(p->realm);
+ return strlen (p->realm);
#elif defined(HAVE_KRB5_PRINCIPAL_REALM_AS_DATA)
- return p->realm.length;
+ return p->realm.length;
#endif
}
static const char *
-get_principal_realm_data(krb5_principal p)
+get_principal_realm_data (krb5_principal p)
{
#if defined(HAVE_KRB5_PRINCIPAL_REALM_AS_STRING)
- return p->realm;
+ return p->realm;
#elif defined(HAVE_KRB5_PRINCIPAL_REALM_AS_DATA)
- return p->realm.data;
+ return p->realm.data;
#endif
}
static void
-ka_krb5_free_error_message(krb5_context context, const char* msg)
+ka_krb5_free_error_message (krb5_context context, const char *msg)
{
#if defined(HAVE_KRB5_FREE_ERROR_MESSAGE)
- krb5_free_error_message(context, msg);
+ krb5_free_error_message (context, msg);
#elif defined(HAVE_KRB5_FREE_ERROR_STRING)
- krb5_free_error_string(context, (char *) msg);
+ krb5_free_error_string (context, (char *) msg);
#else
# error No way to free error string.
#endif
@@ -154,32 +155,33 @@ ka_krb5_free_error_message(krb5_context context, const char* msg)
* Returns a descriptive error message or kerberos related error
* returned pointer must be freed using g_free().
*/
-static char*
-ka_get_error_message(krb5_context context, krb5_error_code err)
+static char *
+ka_get_error_message (krb5_context context, krb5_error_code err)
{
- char *msg = NULL;
+ char *msg = NULL;
+
#if defined(HAVE_KRB5_GET_ERROR_MESSAGE)
- const char *krberr;
+ const char *krberr;
- krberr = krb5_get_error_message(context, err);
- msg = g_strdup(krberr);
- ka_krb5_free_error_message(context, krberr);
+ krberr = krb5_get_error_message (context, err);
+ msg = g_strdup (krberr);
+ ka_krb5_free_error_message (context, krberr);
#else
# error No detailed error message information
#endif
- if (msg == NULL)
- msg = g_strdup(_("unknown error"));
- return msg;
+ if (msg == NULL)
+ msg = g_strdup (_("unknown error"));
+ return msg;
}
static void
-ka_krb5_cc_clear_mcred(krb5_creds* mcred)
+ka_krb5_cc_clear_mcred (krb5_creds *mcred)
{
#if defined HAVE_KRB5_CC_CLEAR_MCRED
- krb5_cc_clear_mcred(mcred);
+ krb5_cc_clear_mcred (mcred);
#else
- memset(mcred, 0, sizeof(krb5_creds));
+ memset (mcred, 0, sizeof (krb5_creds));
#endif
}
@@ -189,181 +191,177 @@ ka_krb5_cc_clear_mcred(krb5_creds* mcred)
/* log a kerberos error messge */
static void
-ka_log_error_message(const char* prefix, krb5_context context, krb5_error_code err)
+ka_log_error_message (const char *prefix, krb5_context context,
+ krb5_error_code err)
{
- char *errmsg = ka_get_error_message(context, err);
+ char *errmsg = ka_get_error_message (context, err);
- g_warning("%s: %s", prefix, errmsg);
- g_free (errmsg);
+ g_warning ("%s: %s", prefix, errmsg);
+ g_free (errmsg);
}
static gboolean
-credentials_expiring_real (KaApplet* applet)
+credentials_expiring_real (KaApplet *applet)
{
- krb5_creds my_creds;
- krb5_timestamp now;
- gboolean retval = FALSE;
-
- memset(&my_creds, 0, sizeof(my_creds));
- ka_applet_set_tgt_renewable(applet, FALSE);
- if (!ka_get_tgt_from_ccache (kcontext, &my_creds)) {
- creds_expiry = 0;
- retval = TRUE;
- goto out;
- }
-
- /* copy principal from cache if any */
- if (krb5_principal_compare (kcontext, my_creds.client, kprincipal)) {
- krb5_free_principal(kcontext, kprincipal);
- krb5_copy_principal(kcontext, my_creds.client, &kprincipal);
- }
- creds_expiry = my_creds.times.endtime;
- if ((krb5_timeofday(kcontext, &now) == 0) &&
- (now + ka_applet_get_pw_prompt_secs(applet) > my_creds.times.endtime))
- retval = TRUE;
-
- /* If our creds are expiring, determine whether they are renewable.
- * If the expiry is already at the renew_till time, don't consider
- * credentials renewable */
- if (retval && get_cred_renewable(&my_creds)
- && my_creds.times.renew_till > now
- && my_creds.times.renew_till > creds_expiry) {
- ka_applet_set_tgt_renewable(applet, TRUE);
- }
-
-out:
- krb5_free_cred_contents (kcontext, &my_creds);
- ka_applet_update_status(applet, creds_expiry);
- return retval;
+ krb5_creds my_creds;
+ krb5_timestamp now;
+ gboolean retval = FALSE;
+
+ memset (&my_creds, 0, sizeof (my_creds));
+ ka_applet_set_tgt_renewable (applet, FALSE);
+ if (!ka_get_tgt_from_ccache (kcontext, &my_creds)) {
+ creds_expiry = 0;
+ retval = TRUE;
+ goto out;
+ }
+
+ /* copy principal from cache if any */
+ if (krb5_principal_compare (kcontext, my_creds.client, kprincipal)) {
+ krb5_free_principal (kcontext, kprincipal);
+ krb5_copy_principal (kcontext, my_creds.client, &kprincipal);
+ }
+ creds_expiry = my_creds.times.endtime;
+ if ((krb5_timeofday (kcontext, &now) == 0) &&
+ (now + ka_applet_get_pw_prompt_secs (applet) >
+ my_creds.times.endtime))
+ retval = TRUE;
+
+ /* If our creds are expiring, determine whether they are renewable.
+ * If the expiry is already at the renew_till time, don't consider
+ * credentials renewable */
+ if (retval && get_cred_renewable (&my_creds)
+ && my_creds.times.renew_till > now
+ && my_creds.times.renew_till > creds_expiry) {
+ ka_applet_set_tgt_renewable (applet, TRUE);
+ }
+
+ out:
+ krb5_free_cred_contents (kcontext, &my_creds);
+ ka_applet_update_status (applet, creds_expiry);
+ return retval;
}
/* time in seconds the tgt will be still valid */
int
-ka_tgt_valid_seconds()
+ka_tgt_valid_seconds ()
{
- krb5_timestamp now;
+ krb5_timestamp now;
- if (krb5_timeofday(kcontext, &now))
- return 0;
+ if (krb5_timeofday (kcontext, &now))
+ return 0;
- return (creds_expiry - now);
+ return (creds_expiry - now);
}
/* return credential cache filename, strip "FILE:" prefix if necessary */
-static const char*
+static const char *
ka_ccache_filename (void)
{
- const gchar *name;
-
- name = krb5_cc_default_name (kcontext);
- if (g_str_has_prefix (name, "FILE:"))
- return strchr(name,':')+1;
- else if (g_str_has_prefix (name, "SCC:"))
- g_warning ("Cannot monitor sqlite based cache '%s'", name);
- else
- g_warning ("Unsupported cache type for '%s'", name);
- return NULL;
+ const gchar *name;
+
+ name = krb5_cc_default_name (kcontext);
+ if (g_str_has_prefix (name, "FILE:"))
+ return strchr (name, ':') + 1;
+ else if (g_str_has_prefix (name, "SCC:"))
+ g_warning ("Cannot monitor sqlite based cache '%s'", name);
+ else
+ g_warning ("Unsupported cache type for '%s'", name);
+ return NULL;
}
static void
ka_format_time (time_t t, gchar *ts, size_t len)
{
- g_strlcpy(ts, ctime(&t)+ 4, len);
- ts[15] = 0;
+ g_strlcpy (ts, ctime (&t) + 4, len);
+ ts[15] = 0;
}
/* fill in service tickets data */
gboolean
-ka_get_service_tickets (GtkListStore *tickets)
+ka_get_service_tickets (GtkListStore * tickets)
{
- krb5_cc_cursor cursor;
- krb5_creds creds;
- krb5_error_code ret;
- GtkTreeIter iter;
- krb5_ccache ccache;
- char *name;
- krb5_timestamp sec;
- gchar start_time[128], end_time[128], end_time_markup[256];
- gboolean retval = FALSE;
-
- gtk_list_store_clear(tickets);
-
- krb5_timeofday (kcontext, &sec);
- ret = krb5_cc_default (kcontext, &ccache);
- g_return_val_if_fail (!ret, FALSE);
-
- ret = krb5_cc_start_seq_get (kcontext, ccache, &cursor);
- if (ret) {
- ka_log_error_message("krb5_cc_start_seq_get", kcontext, ret);
-
- /* if the file doesn't exist, it's not an error if we can't
- * parse it */
- if (!g_file_test(ka_ccache_filename (),
- G_FILE_TEST_EXISTS))
- retval = TRUE;
- goto out;
- }
-
- while ((ret = krb5_cc_next_cred (kcontext,
- ccache,
- &cursor,
- &creds)) == 0) {
- gboolean renewable, proxiable, forwardable;
-
- if (creds.times.starttime)
- ka_format_time(creds.times.starttime, start_time,
- sizeof(start_time));
- else
- ka_format_time(creds.times.authtime, start_time,
- sizeof(start_time));
-
- ka_format_time(creds.times.endtime, end_time,
- sizeof(end_time));
- if (creds.times.endtime > sec)
- strcpy(end_time_markup, end_time);
- else
- g_snprintf(end_time_markup, sizeof(end_time_markup),
- "%s <span foreground=\"red\" style=\"italic\">(%s)</span>",
- end_time, _("Expired"));
-
- forwardable = get_cred_forwardable(&creds);
- renewable = get_cred_renewable(&creds);
- proxiable = get_cred_proxiable(&creds);
-
- ret = krb5_unparse_name (kcontext, creds.server, &name);
- if (!ret) {
- gtk_list_store_append(tickets, &iter);
- gtk_list_store_set(tickets, &iter,
- PRINCIPAL_COLUMN, name,
- START_TIME_COLUMN, start_time,
- END_TIME_COLUMN, end_time_markup,
- FORWARDABLE_COLUMN, forwardable,
- RENEWABLE_COLUMN, renewable,
- PROXIABLE_COLUMN, proxiable,
- -1);
- free(name);
- } else
- ka_log_error_message("krb5_unparse_name", kcontext, ret);
- krb5_free_cred_contents (kcontext, &creds);
- }
- if(ret != KRB5_CC_END)
- ka_log_error_message("krb5_cc_get_next", kcontext, ret);
-
- ret = krb5_cc_end_seq_get (kcontext, ccache, &cursor);
- if (ret)
- ka_log_error_message("krb5_cc_end_seq_get", kcontext, ret);
-
- retval = TRUE;
-out:
- ret = krb5_cc_close (kcontext, ccache);
- g_return_val_if_fail (!ret, FALSE);
-
- return retval;
+ krb5_cc_cursor cursor;
+ krb5_creds creds;
+ krb5_error_code ret;
+ GtkTreeIter iter;
+ krb5_ccache ccache;
+ char *name;
+ krb5_timestamp sec;
+ gchar start_time[128], end_time[128], end_time_markup[256];
+ gboolean retval = FALSE;
+
+ gtk_list_store_clear (tickets);
+
+ krb5_timeofday (kcontext, &sec);
+ ret = krb5_cc_default (kcontext, &ccache);
+ g_return_val_if_fail (!ret, FALSE);
+
+ ret = krb5_cc_start_seq_get (kcontext, ccache, &cursor);
+ if (ret) {
+ ka_log_error_message ("krb5_cc_start_seq_get", kcontext, ret);
+
+ /* if the file doesn't exist, it's not an error if we can't
+ * parse it */
+ if (!g_file_test (ka_ccache_filename (), G_FILE_TEST_EXISTS))
+ retval = TRUE;
+ goto out;
+ }
+
+ while ((ret = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) {
+ gboolean renewable, proxiable, forwardable;
+
+ if (creds.times.starttime)
+ ka_format_time (creds.times.starttime, start_time,
+ sizeof (start_time));
+ else
+ ka_format_time (creds.times.authtime, start_time,
+ sizeof (start_time));
+
+ ka_format_time (creds.times.endtime, end_time, sizeof (end_time));
+ if (creds.times.endtime > sec)
+ strcpy (end_time_markup, end_time);
+ else
+ g_snprintf (end_time_markup, sizeof (end_time_markup),
+ "%s <span foreground=\"red\" style=\"italic\">(%s)</span>",
+ end_time, _("Expired"));
+
+ forwardable = get_cred_forwardable (&creds);
+ renewable = get_cred_renewable (&creds);
+ proxiable = get_cred_proxiable (&creds);
+
+ ret = krb5_unparse_name (kcontext, creds.server, &name);
+ if (!ret) {
+ gtk_list_store_append (tickets, &iter);
+ gtk_list_store_set (tickets, &iter,
+ PRINCIPAL_COLUMN, name,
+ START_TIME_COLUMN, start_time,
+ END_TIME_COLUMN, end_time_markup,
+ FORWARDABLE_COLUMN, forwardable,
+ RENEWABLE_COLUMN, renewable,
+ PROXIABLE_COLUMN, proxiable, -1);
+ free (name);
+ } else
+ ka_log_error_message ("krb5_unparse_name", kcontext, ret);
+ krb5_free_cred_contents (kcontext, &creds);
+ }
+ if (ret != KRB5_CC_END)
+ ka_log_error_message ("krb5_cc_get_next", kcontext, ret);
+
+ ret = krb5_cc_end_seq_get (kcontext, ccache, &cursor);
+ if (ret)
+ ka_log_error_message ("krb5_cc_end_seq_get", kcontext, ret);
+
+ retval = TRUE;
+ out:
+ ret = krb5_cc_close (kcontext, ccache);
+ g_return_val_if_fail (!ret, FALSE);
+
+ return retval;
}
@@ -371,17 +369,17 @@ out:
static gboolean
krb5_auth_dialog_do_updates (gpointer data)
{
- KaApplet* applet = KA_APPLET(data);
- KaPwDialog* pwdialog = ka_applet_get_pwdialog(applet);
+ KaApplet *applet = KA_APPLET (data);
+ KaPwDialog *pwdialog = ka_applet_get_pwdialog (applet);
- g_return_val_if_fail (pwdialog != NULL, FALSE);
- /* Update creds_expiry and close the applet if we got the creds by other means (e.g. kinit) */
- if (!credentials_expiring_real(applet))
- ka_pwdialog_hide(pwdialog, FALSE);
+ g_return_val_if_fail (pwdialog != NULL, FALSE);
+ /* Update creds_expiry and close the applet if we got the creds by other means (e.g. kinit) */
+ if (!credentials_expiring_real (applet))
+ ka_pwdialog_hide (pwdialog, FALSE);
- /* Update the expiry information in the dialog */
- ka_pwdialog_status_update (pwdialog);
- return TRUE;
+ /* Update the expiry information in the dialog */
+ ka_pwdialog_status_update (pwdialog);
+ return TRUE;
}
@@ -390,95 +388,97 @@ auth_dialog_prompter (krb5_context ctx G_GNUC_UNUSED,
void *data,
const char *name G_GNUC_UNUSED,
const char *banner G_GNUC_UNUSED,
- int num_prompts,
- krb5_prompt prompts[])
+ int num_prompts, krb5_prompt prompts[])
{
- KaApplet *applet = KA_APPLET(data);
- KaPwDialog *pwdialog = ka_applet_get_pwdialog(applet);
- krb5_error_code errcode;
- int i;
-
- errcode = KRB5KRB_ERR_GENERIC;
- canceled = FALSE;
- canceled_creds_expiry = 0;
-
- if (banner && !num_prompts)
- ka_applet_set_msg (applet, banner);
-
- for (i = 0; i < num_prompts; i++) {
- const gchar *password = NULL;
- int password_len = 0;
- int response;
- guint32 source_id;
-
- errcode = KRB5_LIBOS_CANTREADPWD;
-
- source_id = g_timeout_add_seconds (5, (GSourceFunc)krb5_auth_dialog_do_updates, applet);
- ka_pwdialog_setup (pwdialog, (gchar *) prompts[i].prompt, invalid_auth);
- response = ka_pwdialog_run (pwdialog);
- switch (response)
- {
- case GTK_RESPONSE_OK:
- password = ka_pwdialog_get_password(pwdialog);
- password_len = strlen (password);
- break;
- case GTK_RESPONSE_DELETE_EVENT:
- case GTK_RESPONSE_CANCEL:
- canceled = TRUE;
- break;
- case GTK_RESPONSE_NONE:
- break;
- default:
- g_warning ("Unknown Response: %d", response);
- g_assert_not_reached ();
- }
- g_source_remove (source_id);
-
- if (!password)
- goto cleanup;
- if (password_len+1 > prompts[i].reply->length) {
- g_warning("Password too long %d/%d", password_len+1, prompts[i].reply->length);
- goto cleanup;
- }
-
- memcpy(prompts[i].reply->data, (char *) password, password_len + 1);
- prompts[i].reply->length = password_len;
- errcode = 0;
- }
-cleanup:
- ka_pwdialog_hide (pwdialog, TRUE);
- /* Reset this, so we know the next time we get a TRUE value, it is accurate. */
- invalid_auth = FALSE;
-
- return errcode;
+ KaApplet *applet = KA_APPLET (data);
+ KaPwDialog *pwdialog = ka_applet_get_pwdialog (applet);
+ krb5_error_code errcode;
+ int i;
+
+ errcode = KRB5KRB_ERR_GENERIC;
+ canceled = FALSE;
+ canceled_creds_expiry = 0;
+
+ if (banner && !num_prompts)
+ ka_applet_set_msg (applet, banner);
+
+ for (i = 0; i < num_prompts; i++) {
+ const gchar *password = NULL;
+ int password_len = 0;
+ int response;
+ guint32 source_id;
+
+ errcode = KRB5_LIBOS_CANTREADPWD;
+
+ source_id =
+ g_timeout_add_seconds (5,
+ (GSourceFunc) krb5_auth_dialog_do_updates,
+ applet);
+ ka_pwdialog_setup (pwdialog, (gchar *) prompts[i].prompt,
+ invalid_auth);
+ response = ka_pwdialog_run (pwdialog);
+ switch (response) {
+ case GTK_RESPONSE_OK:
+ password = ka_pwdialog_get_password (pwdialog);
+ password_len = strlen (password);
+ break;
+ case GTK_RESPONSE_DELETE_EVENT:
+ case GTK_RESPONSE_CANCEL:
+ canceled = TRUE;
+ break;
+ case GTK_RESPONSE_NONE:
+ break;
+ default:
+ g_warning ("Unknown Response: %d", response);
+ g_assert_not_reached ();
+ }
+ g_source_remove (source_id);
+
+ if (!password)
+ goto cleanup;
+ if (password_len + 1 > prompts[i].reply->length) {
+ g_warning ("Password too long %d/%d", password_len + 1,
+ prompts[i].reply->length);
+ goto cleanup;
+ }
+
+ memcpy (prompts[i].reply->data, (char *) password, password_len + 1);
+ prompts[i].reply->length = password_len;
+ errcode = 0;
+ }
+ cleanup:
+ ka_pwdialog_hide (pwdialog, TRUE);
+ /* Reset this, so we know the next time we get a TRUE value, it is accurate. */
+ invalid_auth = FALSE;
+
+ return errcode;
}
#ifdef ENABLE_NETWORK_MANAGER
static void
-ka_nm_client_state_changed_cb (NMClient *client,
- GParamSpec *pspec G_GNUC_UNUSED,
- gpointer data)
+ka_nm_client_state_changed_cb (NMClient * client,
+ GParamSpec *pspec G_GNUC_UNUSED, gpointer data)
{
- NMState state;
- gboolean *online = (gboolean*) data;
+ NMState state;
+ gboolean *online = (gboolean *) data;
- state = nm_client_get_state(client);
+ state = nm_client_get_state (client);
switch (state) {
- case NM_STATE_UNKNOWN:
- case NM_STATE_ASLEEP:
- case NM_STATE_CONNECTING:
- KA_DEBUG("Network state: %d", state);
- /* do nothing */
- break;
- case NM_STATE_DISCONNECTED:
- KA_DEBUG("Network disconnected");
- *online = FALSE;
- break;
- case NM_STATE_CONNECTED:
- KA_DEBUG("Network connected");
- *online = TRUE;
- break;
+ case NM_STATE_UNKNOWN:
+ case NM_STATE_ASLEEP:
+ case NM_STATE_CONNECTING:
+ KA_DEBUG ("Network state: %d", state);
+ /* do nothing */
+ break;
+ case NM_STATE_DISCONNECTED:
+ KA_DEBUG ("Network disconnected");
+ *online = FALSE;
+ break;
+ case NM_STATE_CONNECTED:
+ KA_DEBUG ("Network connected");
+ *online = TRUE;
+ break;
}
}
#endif
@@ -487,18 +487,18 @@ ka_nm_client_state_changed_cb (NMClient *client,
static gboolean
credentials_expiring (gpointer *data)
{
- KaApplet* applet = KA_APPLET(data);
+ KaApplet *applet = KA_APPLET (data);
- KA_DEBUG("Checking expiry <%ds", ka_applet_get_pw_prompt_secs(applet));
- if (credentials_expiring_real (applet) && is_online) {
- KA_DEBUG("Expiry @ %ld", creds_expiry);
+ KA_DEBUG ("Checking expiry <%ds", ka_applet_get_pw_prompt_secs (applet));
+ if (credentials_expiring_real (applet) && is_online) {
+ KA_DEBUG ("Expiry @ %ld", creds_expiry);
- if (!ka_renew_credentials (applet))
- KA_DEBUG("Credentials renewed");
- }
- ka_applet_update_status(applet, creds_expiry);
+ if (!ka_renew_credentials (applet))
+ KA_DEBUG ("Credentials renewed");
+ }
+ ka_applet_update_status (applet, creds_expiry);
- return TRUE;
+ return TRUE;
}
@@ -506,7 +506,7 @@ credentials_expiring (gpointer *data)
static gboolean
credentials_expiring_once (gpointer *data)
{
- credentials_expiring(data);
+ credentials_expiring (data);
return FALSE;
}
@@ -515,122 +515,117 @@ credentials_expiring_once (gpointer *data)
* set ticket options by looking at krb5.conf and gconf
*/
static void
-ka_set_ticket_options(KaApplet* applet, krb5_context context,
- krb5_get_init_creds_opt *out,
- const char* pk_userid G_GNUC_UNUSED,
- const char* pk_anchors G_GNUC_UNUSED)
+ka_set_ticket_options (KaApplet *applet, krb5_context context,
+ krb5_get_init_creds_opt * out,
+ const char *pk_userid G_GNUC_UNUSED,
+ const char *pk_anchors G_GNUC_UNUSED)
{
- gboolean flag;
+ gboolean flag;
+
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_DEFAULT_FLAGS
- krb5_get_init_creds_opt_set_default_flags(context, PACKAGE,
- krb5_principal_get_realm(context, kprincipal), out);
+ krb5_get_init_creds_opt_set_default_flags (context, PACKAGE,
+ krb5_principal_get_realm
+ (context, kprincipal), out);
#endif
- g_object_get(applet, "tgt-forwardable", &flag, NULL);
- if (flag)
- krb5_get_init_creds_opt_set_forwardable(out, flag);
- g_object_get(applet, "tgt-proxiable", &flag, NULL);
- if (flag)
- krb5_get_init_creds_opt_set_proxiable(out, flag);
- g_object_get(applet, "tgt-renewable", &flag, NULL);
- if (flag) {
- krb5_deltat r = 3600*24*30; /* 1 month */
- krb5_get_init_creds_opt_set_renew_life (out, r);
- }
-
+ g_object_get (applet, "tgt-forwardable", &flag, NULL);
+ if (flag)
+ krb5_get_init_creds_opt_set_forwardable (out, flag);
+ g_object_get (applet, "tgt-proxiable", &flag, NULL);
+ if (flag)
+ krb5_get_init_creds_opt_set_proxiable (out, flag);
+ g_object_get (applet, "tgt-renewable", &flag, NULL);
+ if (flag) {
+ krb5_deltat r = 3600 * 24 * 30; /* 1 month */
+
+ krb5_get_init_creds_opt_set_renew_life (out, r);
+ }
#if ENABLE_PKINIT && HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PA
- /* pkinit optins for MIT Kerberos */
- if (pk_userid && strlen(pk_userid)) {
- KA_DEBUG("pkinit with '%s'", pk_userid);
- krb5_get_init_creds_opt_set_pa(context, out,
- "X509_user_identity", pk_userid);
- if (pk_anchors && strlen(pk_anchors)) {
- KA_DEBUG("pkinit anchors '%s'", pk_anchors);
- krb5_get_init_creds_opt_set_pa(context, out,
- "X509_anchors", pk_anchors);
- }
- }
+ /* pkinit optins for MIT Kerberos */
+ if (pk_userid && strlen (pk_userid)) {
+ KA_DEBUG ("pkinit with '%s'", pk_userid);
+ krb5_get_init_creds_opt_set_pa (context, out,
+ "X509_user_identity", pk_userid);
+ if (pk_anchors && strlen (pk_anchors)) {
+ KA_DEBUG ("pkinit anchors '%s'", pk_anchors);
+ krb5_get_init_creds_opt_set_pa (context, out,
+ "X509_anchors", pk_anchors);
+ }
+ }
#endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PA */
}
#if ENABLE_PKINIT && HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PKINIT
static krb5_error_code
-ka_auth_heimdal_pkinit(KaApplet* applet, krb5_creds* creds,
- const char* pk_userid, const char* pk_anchors)
+ka_auth_heimdal_pkinit (KaApplet *applet, krb5_creds *creds,
+ const char *pk_userid, const char *pk_anchors)
{
- krb5_get_init_creds_opt *opts = NULL;
- krb5_error_code retval;
- const char* pkinit_anchors = NULL;
-
- KA_DEBUG("pkinit with '%s'", pk_userid);
- if (pk_anchors && strlen (pk_anchors)) {
- pkinit_anchors = pk_anchors;
- KA_DEBUG("pkinit anchors '%s'", pkinit_anchors);
- }
-
- if ((retval = krb5_get_init_creds_opt_alloc (kcontext, &opts)))
- goto out;
-
- ka_set_ticket_options (applet, kcontext, opts, NULL, NULL);
- retval = krb5_get_init_creds_opt_set_pkinit(kcontext, opts,
- kprincipal,
- pk_userid,
- pkinit_anchors,
- NULL,
- NULL,
- 0, /* pk_use_enc_key */
- auth_dialog_prompter,
- applet, /* data */
- NULL); /* passwd */
- KA_DEBUG("pkinit returned with %d", retval);
- if (retval)
- goto out;
-
- retval = krb5_get_init_creds_password(kcontext, creds, kprincipal,
- NULL, auth_dialog_prompter, applet,
- 0, NULL, opts);
-out:
- if (opts)
- krb5_get_init_creds_opt_free(kcontext, opts);
- return retval;
+ krb5_get_init_creds_opt *opts = NULL;
+ krb5_error_code retval;
+ const char *pkinit_anchors = NULL;
+
+ KA_DEBUG ("pkinit with '%s'", pk_userid);
+ if (pk_anchors && strlen (pk_anchors)) {
+ pkinit_anchors = pk_anchors;
+ KA_DEBUG ("pkinit anchors '%s'", pkinit_anchors);
+ }
+
+ if ((retval = krb5_get_init_creds_opt_alloc (kcontext, &opts)))
+ goto out;
+
+ ka_set_ticket_options (applet, kcontext, opts, NULL, NULL);
+ retval = krb5_get_init_creds_opt_set_pkinit (kcontext, opts, kprincipal, pk_userid, pkinit_anchors, NULL, NULL, 0, /* pk_use_enc_key */
+ auth_dialog_prompter, applet, /* data */
+ NULL); /* passwd */
+ KA_DEBUG ("pkinit returned with %d", retval);
+ if (retval)
+ goto out;
+
+ retval = krb5_get_init_creds_password (kcontext, creds, kprincipal,
+ NULL, auth_dialog_prompter, applet,
+ 0, NULL, opts);
+ out:
+ if (opts)
+ krb5_get_init_creds_opt_free (kcontext, opts);
+ return retval;
}
#endif /* ! ENABLE_PKINIT */
static krb5_error_code
-ka_auth_password(KaApplet* applet, krb5_creds* creds,
- const char* pk_userid, const char* pk_anchors)
+ka_auth_password (KaApplet *applet, krb5_creds *creds,
+ const char *pk_userid, const char *pk_anchors)
{
- krb5_error_code retval;
- krb5_get_init_creds_opt *opts = NULL;
-
- if ((retval = krb5_get_init_creds_opt_alloc (kcontext, &opts)))
- goto out;
- ka_set_ticket_options (applet, kcontext, opts,
- pk_userid, pk_anchors);
-
- retval = krb5_get_init_creds_password(kcontext, creds, kprincipal,
- NULL, auth_dialog_prompter, applet,
- 0, NULL, opts);
-out:
- if (opts)
- krb5_get_init_creds_opt_free(kcontext, opts);
- return retval;
+ krb5_error_code retval;
+ krb5_get_init_creds_opt *opts = NULL;
+
+ if ((retval = krb5_get_init_creds_opt_alloc (kcontext, &opts)))
+ goto out;
+ ka_set_ticket_options (applet, kcontext, opts, pk_userid, pk_anchors);
+
+ retval = krb5_get_init_creds_password (kcontext, creds, kprincipal,
+ NULL, auth_dialog_prompter, applet,
+ 0, NULL, opts);
+ out:
+ if (opts)
+ krb5_get_init_creds_opt_free (kcontext, opts);
+ return retval;
}
static krb5_error_code
-ka_parse_name(KaApplet* applet, krb5_context krbcontext, krb5_principal* kprinc)
+ka_parse_name (KaApplet *applet, krb5_context krbcontext,
+ krb5_principal * kprinc)
{
- krb5_error_code ret;
- gchar *principal = NULL;
+ krb5_error_code ret;
+ gchar *principal = NULL;
- if (*kprinc != NULL)
- krb5_free_principal(krbcontext, *kprinc);
+ if (*kprinc != NULL)
+ krb5_free_principal (krbcontext, *kprinc);
- g_object_get(applet, "principal", &principal, NULL);
- ret = krb5_parse_name(krbcontext, principal, kprinc);
+ g_object_get (applet, "principal", &principal, NULL);
+ ret = krb5_parse_name (krbcontext, principal, kprinc);
- g_free(principal);
- return ret;
+ g_free (principal);
+ return ret;
}
@@ -639,208 +634,206 @@ ka_parse_name(KaApplet* applet, krb5_context krbcontext, krb5_principal* kprinc)
*
* caller needs to free the returned result using g_free();
*/
-char*
+char *
ka_unparse_name ()
{
- char *princ, *gprinc = NULL;
- krb5_error_code err;
+ char *princ, *gprinc = NULL;
+ krb5_error_code err;
- if (!kprincipal)
- goto out;
+ if (!kprincipal)
+ goto out;
- if ((err = krb5_unparse_name (kcontext, kprincipal, &princ))) {
- ka_log_error_message(__func__, kcontext, err);
- goto out;
- }
+ if ((err = krb5_unparse_name (kcontext, kprincipal, &princ))) {
+ ka_log_error_message (__func__, kcontext, err);
+ goto out;
+ }
- gprinc = g_strdup (princ);
- free (princ);
-out:
- return gprinc;
+ gprinc = g_strdup (princ);
+ free (princ);
+ out:
+ return gprinc;
}
static void
-ccache_changed_cb (GFileMonitor *monitor G_GNUC_UNUSED,
- GFile *file,
- GFile *other_file G_GNUC_UNUSED,
- GFileMonitorEvent event_type,
- gpointer data)
+ccache_changed_cb (GFileMonitor * monitor G_GNUC_UNUSED,
+ GFile * file,
+ GFile * other_file G_GNUC_UNUSED,
+ GFileMonitorEvent event_type, gpointer data)
{
- KaApplet *applet = KA_APPLET(data);
- gchar *ccache_name = g_file_get_path(file);
-
- switch (event_type) {
- case G_FILE_MONITOR_EVENT_DELETED:
- case G_FILE_MONITOR_EVENT_CREATED:
- case G_FILE_MONITOR_EVENT_CHANGED:
- KA_DEBUG ("%s changed", ccache_name);
- credentials_expiring ((gpointer)applet);
- break;
- default:
- KA_DEBUG ("%s unhandled event: %d", ccache_name, event_type);
- }
- g_free (ccache_name);
+ KaApplet *applet = KA_APPLET (data);
+ gchar *ccache_name = g_file_get_path (file);
+
+ switch (event_type) {
+ case G_FILE_MONITOR_EVENT_DELETED:
+ case G_FILE_MONITOR_EVENT_CREATED:
+ case G_FILE_MONITOR_EVENT_CHANGED:
+ KA_DEBUG ("%s changed", ccache_name);
+ credentials_expiring ((gpointer) applet);
+ break;
+ default:
+ KA_DEBUG ("%s unhandled event: %d", ccache_name, event_type);
+ }
+ g_free (ccache_name);
}
-static GFileMonitor*
-monitor_ccache(KaApplet *applet)
+static GFileMonitor *
+monitor_ccache (KaApplet *applet)
{
- const gchar *ccache_name;
- GFile *ccache;
- GFileMonitor *monitor = NULL;
- GError *err = NULL;
-
- ccache_name = ka_ccache_filename ();
- g_return_val_if_fail (ccache_name != NULL, FALSE);
-
- ccache = g_file_new_for_path (ccache_name);
- monitor = g_file_monitor_file (ccache, G_FILE_MONITOR_NONE, NULL, &err);
- g_assert ((!monitor && err) || (monitor && !err));
- if (!monitor) {
- /* cache disappeared? */
- if (err->code == G_FILE_ERROR_NOENT)
- credentials_expiring ((gpointer)applet);
- else
- g_warning ("Failed to monitor %s: %s", ccache_name, err->message);
- } else {
- /* g_file_monitor_set_rate_limit(monitor, 10*1000); */
- g_signal_connect (monitor, "changed", G_CALLBACK (ccache_changed_cb), applet);
- KA_DEBUG ("Monitoring %s", ccache_name);
- }
- g_object_unref (ccache);
- g_clear_error (&err);
- return monitor;
+ const gchar *ccache_name;
+ GFile *ccache;
+ GFileMonitor *monitor = NULL;
+ GError *err = NULL;
+
+ ccache_name = ka_ccache_filename ();
+ g_return_val_if_fail (ccache_name != NULL, FALSE);
+
+ ccache = g_file_new_for_path (ccache_name);
+ monitor = g_file_monitor_file (ccache, G_FILE_MONITOR_NONE, NULL, &err);
+ g_assert ((!monitor && err) || (monitor && !err));
+ if (!monitor) {
+ /* cache disappeared? */
+ if (err->code == G_FILE_ERROR_NOENT)
+ credentials_expiring ((gpointer) applet);
+ else
+ g_warning ("Failed to monitor %s: %s", ccache_name, err->message);
+ } else {
+ /* g_file_monitor_set_rate_limit(monitor, 10*1000); */
+ g_signal_connect (monitor, "changed", G_CALLBACK (ccache_changed_cb),
+ applet);
+ KA_DEBUG ("Monitoring %s", ccache_name);
+ }
+ g_object_unref (ccache);
+ g_clear_error (&err);
+ return monitor;
}
/* grab credentials interactively */
static int
-grab_credentials (KaApplet* applet)
+grab_credentials (KaApplet *applet)
{
- krb5_error_code retval = KRB5_KDC_UNREACH;
- krb5_creds my_creds;
- krb5_ccache ccache;
- gchar *pk_userid = NULL;
- gchar *pk_anchors = NULL;
- gchar *errmsg = NULL;
- gboolean pw_auth = TRUE;
-
- memset(&my_creds, 0, sizeof(my_creds));
-
- retval = ka_parse_name(applet, kcontext, &kprincipal);
- if (retval)
- goto out2;
-
- retval = krb5_cc_default (kcontext, &ccache);
- if (retval)
- goto out2;
-
- g_object_get(applet, "pk-userid", &pk_userid,
- "pk-anchors", &pk_anchors,
- NULL);
+ krb5_error_code retval = KRB5_KDC_UNREACH;
+ krb5_creds my_creds;
+ krb5_ccache ccache;
+ gchar *pk_userid = NULL;
+ gchar *pk_anchors = NULL;
+ gchar *errmsg = NULL;
+ gboolean pw_auth = TRUE;
+
+ memset (&my_creds, 0, sizeof (my_creds));
+
+ retval = ka_parse_name (applet, kcontext, &kprincipal);
+ if (retval)
+ goto out2;
+
+ retval = krb5_cc_default (kcontext, &ccache);
+ if (retval)
+ goto out2;
+
+ g_object_get (applet, "pk-userid", &pk_userid,
+ "pk-anchors", &pk_anchors, NULL);
#if ENABLE_PKINIT && HAVE_HX509_ERR_H && HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PKINIT
- /* pk_userid set: try pkinit */
- if (pk_userid && strlen(pk_userid)) {
- retval = ka_auth_heimdal_pkinit(applet, &my_creds,
- pk_userid, pk_anchors);
- /* other error than: "no token found" - no need to try password auth: */
- if (retval != HX509_PKCS11_NO_TOKEN && retval != HX509_PKCS11_NO_SLOT)
- pw_auth = FALSE;
- }
+ /* pk_userid set: try pkinit */
+ if (pk_userid && strlen (pk_userid)) {
+ retval = ka_auth_heimdal_pkinit (applet, &my_creds,
+ pk_userid, pk_anchors);
+ /* other error than: "no token found" - no need to try password auth: */
+ if (retval != HX509_PKCS11_NO_TOKEN && retval != HX509_PKCS11_NO_SLOT)
+ pw_auth = FALSE;
+ }
#endif /* ENABLE_PKINIT */
- if (pw_auth)
- retval = ka_auth_password(applet, &my_creds,
- pk_userid, pk_anchors);
-
- creds_expiry = my_creds.times.endtime;
- if (canceled)
- canceled_creds_expiry = creds_expiry;
- if (retval) {
- switch (retval) {
- case KRB5KDC_ERR_PREAUTH_FAILED:
- case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ if (pw_auth)
+ retval = ka_auth_password (applet, &my_creds, pk_userid, pk_anchors);
+
+ creds_expiry = my_creds.times.endtime;
+ if (canceled)
+ canceled_creds_expiry = creds_expiry;
+ if (retval) {
+ switch (retval) {
+ case KRB5KDC_ERR_PREAUTH_FAILED:
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
#ifdef HAVE_HX509_ERR_H
- case HX509_PKCS11_LOGIN:
-#endif /* Invalid password/pin, try again. */
- invalid_auth = TRUE;
- break;
- default:
- errmsg = ka_get_error_message(kcontext, retval);
- KA_DEBUG("Auth failed with %d: %s", retval,
- errmsg);
- g_free(errmsg);
- break;
- }
- goto out;
- }
- retval = krb5_cc_initialize(kcontext, ccache, kprincipal);
- if (retval)
- goto out;
-
- retval = krb5_cc_store_cred(kcontext, ccache, &my_creds);
- if (retval)
- goto out;
-out:
- krb5_free_cred_contents (kcontext, &my_creds);
- krb5_cc_close (kcontext, ccache);
-out2:
- g_free(pk_userid);
- return retval;
+ case HX509_PKCS11_LOGIN:
+#endif /* Invalid password/pin, try again. */
+ invalid_auth = TRUE;
+ break;
+ default:
+ errmsg = ka_get_error_message (kcontext, retval);
+ KA_DEBUG ("Auth failed with %d: %s", retval, errmsg);
+ g_free (errmsg);
+ break;
+ }
+ goto out;
+ }
+ retval = krb5_cc_initialize (kcontext, ccache, kprincipal);
+ if (retval)
+ goto out;
+
+ retval = krb5_cc_store_cred (kcontext, ccache, &my_creds);
+ if (retval)
+ goto out;
+ out:
+ krb5_free_cred_contents (kcontext, &my_creds);
+ krb5_cc_close (kcontext, ccache);
+ out2:
+ g_free (pk_userid);
+ return retval;
}
/* try to renew the credentials noninteractively */
static int
-ka_renew_credentials (KaApplet* applet)
+ka_renew_credentials (KaApplet *applet)
{
- krb5_error_code retval;
- krb5_creds my_creds;
- krb5_ccache ccache;
-
- memset(&my_creds, 0, sizeof(my_creds));
- if (kprincipal == NULL) {
- retval = ka_parse_name(applet, kcontext, &kprincipal);
- if (retval)
- return retval;
- }
-
- retval = krb5_cc_default (kcontext, &ccache);
- if (retval)
- return retval;
-
- retval = ka_get_tgt_from_ccache (kcontext, &my_creds);
- if (!retval) {
- krb5_free_cred_contents (kcontext, &my_creds);
- krb5_cc_close (kcontext, ccache);
- return -1;
- }
-
- if (ka_applet_get_tgt_renewable(applet)) {
- krb5_free_cred_contents (kcontext, &my_creds);
- retval = get_renewed_creds (kcontext, &my_creds, kprincipal, ccache, NULL);
- if (retval)
- goto out;
-
- retval = krb5_cc_initialize(kcontext, ccache, kprincipal);
- if(retval) {
- ka_log_error_message("krb5_cc_initialize", kcontext, retval);
- goto out;
- }
- retval = krb5_cc_store_cred(kcontext, ccache, &my_creds);
- if (retval) {
- ka_log_error_message("krb5_cc_store_cred", kcontext, retval);
- goto out;
- }
- ka_applet_signal_emit (applet, KA_SIGNAL_RENEWED_TGT,
- my_creds.times.endtime);
- }
-out:
- if (!retval)
- creds_expiry = my_creds.times.endtime;
- krb5_free_cred_contents (kcontext, &my_creds);
- krb5_cc_close (kcontext, ccache);
- return retval;
+ krb5_error_code retval;
+ krb5_creds my_creds;
+ krb5_ccache ccache;
+
+ memset (&my_creds, 0, sizeof (my_creds));
+ if (kprincipal == NULL) {
+ retval = ka_parse_name (applet, kcontext, &kprincipal);
+ if (retval)
+ return retval;
+ }
+
+ retval = krb5_cc_default (kcontext, &ccache);
+ if (retval)
+ return retval;
+
+ retval = ka_get_tgt_from_ccache (kcontext, &my_creds);
+ if (!retval) {
+ krb5_free_cred_contents (kcontext, &my_creds);
+ krb5_cc_close (kcontext, ccache);
+ return -1;
+ }
+
+ if (ka_applet_get_tgt_renewable (applet)) {
+ krb5_free_cred_contents (kcontext, &my_creds);
+ retval =
+ get_renewed_creds (kcontext, &my_creds, kprincipal, ccache, NULL);
+ if (retval)
+ goto out;
+
+ retval = krb5_cc_initialize (kcontext, ccache, kprincipal);
+ if (retval) {
+ ka_log_error_message ("krb5_cc_initialize", kcontext, retval);
+ goto out;
+ }
+ retval = krb5_cc_store_cred (kcontext, ccache, &my_creds);
+ if (retval) {
+ ka_log_error_message ("krb5_cc_store_cred", kcontext, retval);
+ goto out;
+ }
+ ka_applet_signal_emit (applet, KA_SIGNAL_RENEWED_TGT,
+ my_creds.times.endtime);
+ }
+ out:
+ if (!retval)
+ creds_expiry = my_creds.times.endtime;
+ krb5_free_cred_contents (kcontext, &my_creds);
+ krb5_cc_close (kcontext, ccache);
+ return retval;
}
@@ -849,77 +842,77 @@ out:
static gboolean
ka_get_tgt_from_ccache (krb5_context context, krb5_creds *creds)
{
- krb5_ccache ccache;
- krb5_creds pattern;
- krb5_principal principal;
- gboolean ret = FALSE;
-
- ka_krb5_cc_clear_mcred(&pattern);
-
- if (krb5_cc_default(context, &ccache))
- return FALSE;
-
- if (krb5_cc_get_principal(context, ccache, &principal))
- goto out;
-
- if (krb5_build_principal_ext(context, &pattern.server,
- get_principal_realm_length(principal),
- get_principal_realm_data(principal),
- KRB5_TGS_NAME_SIZE,
- KRB5_TGS_NAME,
- get_principal_realm_length(principal),
- get_principal_realm_data(principal), 0)) {
- goto out_free_princ;
- }
- pattern.client = principal;
- if (!krb5_cc_retrieve_cred(context, ccache, 0, &pattern, creds))
- ret = TRUE;
-
- krb5_free_principal(context, pattern.server);
-out_free_princ:
- krb5_free_principal(context, principal);
-out:
- krb5_cc_close(context, ccache);
- return ret;
+ krb5_ccache ccache;
+ krb5_creds pattern;
+ krb5_principal principal;
+ gboolean ret = FALSE;
+
+ ka_krb5_cc_clear_mcred (&pattern);
+
+ if (krb5_cc_default (context, &ccache))
+ return FALSE;
+
+ if (krb5_cc_get_principal (context, ccache, &principal))
+ goto out;
+
+ if (krb5_build_principal_ext (context, &pattern.server,
+ get_principal_realm_length (principal),
+ get_principal_realm_data (principal),
+ KRB5_TGS_NAME_SIZE,
+ KRB5_TGS_NAME,
+ get_principal_realm_length (principal),
+ get_principal_realm_data (principal), 0)) {
+ goto out_free_princ;
+ }
+ pattern.client = principal;
+ if (!krb5_cc_retrieve_cred (context, ccache, 0, &pattern, creds))
+ ret = TRUE;
+
+ krb5_free_principal (context, pattern.server);
+ out_free_princ:
+ krb5_free_principal (context, principal);
+ out:
+ krb5_cc_close (context, ccache);
+ return ret;
}
static gboolean
-using_krb5(void)
+using_krb5 (void)
{
- krb5_error_code err;
- gboolean have_tgt = FALSE;
- krb5_creds creds;
-
- err = krb5_init_context(&kcontext);
- if (err)
- return FALSE;
-
- have_tgt = ka_get_tgt_from_ccache(kcontext, &creds);
- if (have_tgt) {
- krb5_copy_principal(kcontext, creds.client, &kprincipal);
- krb5_free_cred_contents (kcontext, &creds);
- }
- return have_tgt;
+ krb5_error_code err;
+ gboolean have_tgt = FALSE;
+ krb5_creds creds;
+
+ err = krb5_init_context (&kcontext);
+ if (err)
+ return FALSE;
+
+ have_tgt = ka_get_tgt_from_ccache (kcontext, &creds);
+ if (have_tgt) {
+ krb5_copy_principal (kcontext, creds.client, &kprincipal);
+ krb5_free_cred_contents (kcontext, &creds);
+ }
+ return have_tgt;
}
gboolean
ka_destroy_ccache (KaApplet *applet)
{
- krb5_ccache ccache;
- const char* cache;
- krb5_error_code ret;
+ krb5_ccache ccache;
+ const char *cache;
+ krb5_error_code ret;
- cache = krb5_cc_default_name(kcontext);
- ret = krb5_cc_resolve(kcontext, cache, &ccache);
- ret = krb5_cc_destroy (kcontext, ccache);
+ cache = krb5_cc_default_name (kcontext);
+ ret = krb5_cc_resolve (kcontext, cache, &ccache);
+ ret = krb5_cc_destroy (kcontext, ccache);
- credentials_expiring_real(applet);
+ credentials_expiring_real (applet);
- if (ret)
- return FALSE;
- else
- return TRUE;
+ if (ret)
+ return FALSE;
+ else
+ return TRUE;
}
@@ -928,101 +921,104 @@ ka_destroy_ccache (KaApplet *applet)
* principal: requested principal - if empty use default
*/
gboolean
-ka_check_credentials (KaApplet *applet, const char* newprincipal)
+ka_check_credentials (KaApplet *applet, const char *newprincipal)
{
- gboolean success = FALSE;
- int retval;
- char* principal;
-
- g_object_get(applet, "principal", &principal, NULL);
-
- if (strlen(newprincipal)) {
- krb5_principal knewprinc;
-
- /* no ticket cache: is requested princ the one from our config? */
- if (!kprincipal && g_strcmp0(principal, newprincipal)) {
- KA_DEBUG("Requested principal %s not %s", principal, newprincipal);
- goto out;
- }
-
- /* ticket cache: check if the requested principal is the one we have */
- retval = krb5_parse_name(kcontext, newprincipal, &knewprinc);
- if (retval) {
- g_warning ("Cannot parse principal '%s'", newprincipal);
- goto out;
- }
- if (kprincipal && !krb5_principal_compare (kcontext, kprincipal, knewprinc)) {
- KA_DEBUG("Current Principal '%s' not '%s'", principal, newprincipal);
- krb5_free_principal(kcontext, knewprinc);
- goto out;
- }
- krb5_free_principal(kcontext, knewprinc);
- }
-
- if (credentials_expiring_real (applet)) {
- if (!is_online)
- success = FALSE;
- else
- success = ka_grab_credentials (applet);
- } else
- success = TRUE;
-out:
- g_free (principal);
- return success;
+ gboolean success = FALSE;
+ int retval;
+ char *principal;
+
+ g_object_get (applet, "principal", &principal, NULL);
+
+ if (strlen (newprincipal)) {
+ krb5_principal knewprinc;
+
+ /* no ticket cache: is requested princ the one from our config? */
+ if (!kprincipal && g_strcmp0 (principal, newprincipal)) {
+ KA_DEBUG ("Requested principal %s not %s", principal,
+ newprincipal);
+ goto out;
+ }
+
+ /* ticket cache: check if the requested principal is the one we have */
+ retval = krb5_parse_name (kcontext, newprincipal, &knewprinc);
+ if (retval) {
+ g_warning ("Cannot parse principal '%s'", newprincipal);
+ goto out;
+ }
+ if (kprincipal
+ && !krb5_principal_compare (kcontext, kprincipal, knewprinc)) {
+ KA_DEBUG ("Current Principal '%s' not '%s'", principal,
+ newprincipal);
+ krb5_free_principal (kcontext, knewprinc);
+ goto out;
+ }
+ krb5_free_principal (kcontext, knewprinc);
+ }
+
+ if (credentials_expiring_real (applet)) {
+ if (!is_online)
+ success = FALSE;
+ else
+ success = ka_grab_credentials (applet);
+ } else
+ success = TRUE;
+ out:
+ g_free (principal);
+ return success;
}
/* initiate grabbing of credentials (e.g. on leftclick of tray icon) */
gboolean
-ka_grab_credentials (KaApplet* applet)
+ka_grab_credentials (KaApplet *applet)
{
- int retval;
- int success = FALSE;
- KaPwDialog *pwdialog = ka_applet_get_pwdialog(applet);
-
- ka_pwdialog_set_persist(pwdialog, TRUE);
- do {
- retval = grab_credentials (applet);
- if (invalid_auth)
- continue;
- if (canceled)
- break;
- if (retval) {
- gchar *errmsg;
-
- errmsg = ka_get_error_message(kcontext, retval);
- ka_pwdialog_error(pwdialog, errmsg);
- g_free (errmsg);
- break;
- } else {
- success = TRUE;
- break;
- }
- } while(TRUE);
-
- ka_pwdialog_set_persist(pwdialog, FALSE);
- credentials_expiring_real(applet);
-
- return success;
+ int retval;
+ int success = FALSE;
+ KaPwDialog *pwdialog = ka_applet_get_pwdialog (applet);
+
+ ka_pwdialog_set_persist (pwdialog, TRUE);
+ do {
+ retval = grab_credentials (applet);
+ if (invalid_auth)
+ continue;
+ if (canceled)
+ break;
+ if (retval) {
+ gchar *errmsg;
+
+ errmsg = ka_get_error_message (kcontext, retval);
+ ka_pwdialog_error (pwdialog, errmsg);
+ g_free (errmsg);
+ break;
+ } else {
+ success = TRUE;
+ break;
+ }
+ } while (TRUE);
+
+ ka_pwdialog_set_persist (pwdialog, FALSE);
+ credentials_expiring_real (applet);
+
+ return success;
}
static void
ka_secmem_init (void)
{
- /* Initialize secure memory. 1 is too small, so the default size
- will be used. */
- secmem_init (1);
- secmem_set_flags (SECMEM_WARN);
- drop_privs ();
-
- if (atexit (secmem_term))
- g_error("Couln't register atexit handler");
+ /* Initialize secure memory. 1 is too small, so the default size
+ will be used. */
+ secmem_init (1);
+ secmem_set_flags (SECMEM_WARN);
+ drop_privs ();
+
+ if (atexit (secmem_term))
+ g_error ("Couln't register atexit handler");
}
static void
-ka_nm_shutdown(void)
+ka_nm_shutdown (void)
{
#ifdef ENABLE_NETWORK_MANAGER
if (nm_client) {
@@ -1034,18 +1030,18 @@ ka_nm_shutdown(void)
static gboolean
-ka_nm_init(void)
+ka_nm_init (void)
{
#ifdef ENABLE_NETWORK_MANAGER
- nm_client = nm_client_new();
+ nm_client = nm_client_new ();
if (!nm_client) {
g_warning ("Could not initialize nm-client");
} else {
- g_signal_connect(nm_client, "notify::state",
- G_CALLBACK(ka_nm_client_state_changed_cb),
- &is_online);
- /* Set initial state */
- ka_nm_client_state_changed_cb(nm_client, NULL, &is_online);
+ g_signal_connect (nm_client, "notify::state",
+ G_CALLBACK (ka_nm_client_state_changed_cb),
+ &is_online);
+ /* Set initial state */
+ ka_nm_client_state_changed_cb (nm_client, NULL, &is_online);
}
#endif /* ENABLE_NETWORK_MANAGER */
return TRUE;
@@ -1055,64 +1051,70 @@ ka_nm_init(void)
int
main (int argc, char *argv[])
{
- KaApplet *applet;
- GOptionContext *context;
- GError *error = NULL;
-
- guint status = 0;
- gboolean run_auto = FALSE, run_always = FALSE;
-
- const char *help_msg = "Run '" PACKAGE " --help' to see a full list of available command line options";
- const GOptionEntry options [] = {
- {"auto", 'a', 0, G_OPTION_ARG_NONE, &run_auto,
- "Only run if an initialized ccache is found", NULL},
- /* accepted for compatibility only */
- {"always", 'A', 0, G_OPTION_ARG_NONE, &run_always,
- "Always run (default)", NULL},
- { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL }
- };
- GFileMonitor *monitor = NULL;
-
- context = g_option_context_new ("- Kerberos 5 credential checking");
- g_option_context_add_main_entries (context, options, NULL);
- g_option_context_add_group (context, gtk_get_option_group (TRUE));
- g_option_context_parse (context, &argc, &argv, &error);
-
- if (error) {
- g_print ("%s\n%s\n",
- error->message,
- help_msg);
- g_clear_error (&error);
- return 1;
- }
- g_option_context_free (context);
-
- textdomain (PACKAGE);
- bind_textdomain_codeset (PACKAGE, "UTF-8");
- bindtextdomain (PACKAGE, LOCALE_DIR);
- ka_secmem_init();
-
- if (!ka_dbus_connect (&status))
- exit(status);
-
- always_run = !run_auto;
- if (using_krb5 () || always_run) {
- g_set_application_name (KA_NAME);
-
- applet = ka_applet_create ();
- if (!applet)
- return 1;
- ka_nm_init();
-
- g_timeout_add_seconds (CREDENTIAL_CHECK_INTERVAL, (GSourceFunc)credentials_expiring, applet);
- g_idle_add ((GSourceFunc)credentials_expiring_once, applet);
- monitor = monitor_ccache (applet);
-
- ka_dbus_service(applet);
- gtk_main ();
- }
- ka_nm_shutdown();
- if (monitor)
- g_object_unref (monitor);
- return 0;
+ KaApplet *applet;
+ GOptionContext *context;
+ GError *error = NULL;
+
+ gboolean run_auto = FALSE, run_always = FALSE;
+
+ const char *help_msg =
+ "Run '" PACKAGE
+ " --help' to see a full list of available command line options";
+ const GOptionEntry options[] = {
+ {"auto", 'a', 0, G_OPTION_ARG_NONE, &run_auto,
+ "Only run if an initialized ccache is found", NULL},
+ /* accepted for compatibility only */
+ {"always", 'A', 0, G_OPTION_ARG_NONE, &run_always,
+ "Always run (default)", NULL},
+ {NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL}
+ };
+ GFileMonitor *monitor = NULL;
+
+ context = g_option_context_new ("- Kerberos 5 credential checking");
+ g_option_context_add_main_entries (context, options, NULL);
+ g_option_context_add_group (context, gtk_get_option_group (TRUE));
+ g_option_context_parse (context, &argc, &argv, &error);
+
+ if (error) {
+ g_print ("%s\n%s\n", error->message, help_msg);
+ g_clear_error (&error);
+ return 1;
+ }
+ g_option_context_free (context);
+
+ textdomain (PACKAGE);
+ bind_textdomain_codeset (PACKAGE, "UTF-8");
+ bindtextdomain (PACKAGE, LOCALE_DIR);
+ ka_secmem_init ();
+
+ always_run = !run_auto;
+ if (using_krb5 () || always_run) {
+ g_set_application_name (KA_NAME);
+
+ applet = ka_applet_create ();
+ if (!applet)
+ return 1;
+
+ if (!ka_dbus_connect (applet)) {
+ ka_applet_destroy (applet);
+ return 1;
+ }
+ ka_nm_init ();
+
+ g_timeout_add_seconds (CREDENTIAL_CHECK_INTERVAL,
+ (GSourceFunc) credentials_expiring, applet);
+ g_idle_add ((GSourceFunc) credentials_expiring_once, applet);
+ monitor = monitor_ccache (applet);
+
+ gtk_main ();
+ }
+ ka_dbus_disconnect ();
+ ka_nm_shutdown ();
+ if (monitor)
+ g_object_unref (monitor);
+ return 0;
}
+
+/*
+ * vim:ts=4:sts=4:sw=4:et:
+ */
diff --git a/src/ka-pwdialog.c b/src/ka-pwdialog.c
index 0570ac2..49ed2e4 100644
--- a/src/ka-pwdialog.c
+++ b/src/ka-pwdialog.c
@@ -28,281 +28,298 @@
#include "ka-entry-buffer.h"
struct _KaPwDialog {
- GObject parent;
+ GObject parent;
- KaPwDialogPrivate *priv;
+ KaPwDialogPrivate *priv;
};
struct _KaPwDialogClass {
- GObjectClass parent;
+ GObjectClass parent;
};
-G_DEFINE_TYPE(KaPwDialog, ka_pwdialog, G_TYPE_OBJECT);
-
-struct _KaPwDialogPrivate
-{
- /* The password dialog */
- GtkWidget* dialog; /* the password dialog itself */
- GtkWidget* status_label; /* the wrong password/timeout label */
- GtkWidget* krb_label; /* krb5 passwort prompt label */
- GtkWidget* pw_entry; /* password entry field */
- gboolean persist; /* don't hide the dialog when creds are still valid */
- gboolean grabbed; /* keyboard grabbed? */
- GtkWidget* error_dialog; /* error dialog */
+G_DEFINE_TYPE (KaPwDialog, ka_pwdialog, G_TYPE_OBJECT);
+
+struct _KaPwDialogPrivate {
+ /* The password dialog */
+ GtkWidget *dialog; /* the password dialog itself */
+ GtkWidget *status_label; /* the wrong password/timeout label */
+ GtkWidget *krb_label; /* krb5 passwort prompt label */
+ GtkWidget *pw_entry; /* password entry field */
+ gboolean persist; /* don't hide the dialog when creds are still valid */
+ gboolean grabbed; /* keyboard grabbed? */
+ GtkWidget *error_dialog; /* error dialog */
};
static void
-ka_pwdialog_init(KaPwDialog *pwdialog)
+ka_pwdialog_init (KaPwDialog *pwdialog)
{
- pwdialog->priv = G_TYPE_INSTANCE_GET_PRIVATE(pwdialog,
- KA_TYPE_PWDIALOG,
- KaPwDialogPrivate);
+ pwdialog->priv = G_TYPE_INSTANCE_GET_PRIVATE (pwdialog,
+ KA_TYPE_PWDIALOG,
+ KaPwDialogPrivate);
}
static void
-ka_pwdialog_finalize(GObject *object)
+ka_pwdialog_finalize (GObject *object)
{
- KaPwDialog* pwdialog = KA_PWDIALOG (object);
- GObjectClass *parent_class = G_OBJECT_CLASS (ka_pwdialog_parent_class);
+ KaPwDialog *pwdialog = KA_PWDIALOG (object);
+ GObjectClass *parent_class = G_OBJECT_CLASS (ka_pwdialog_parent_class);
- gtk_widget_destroy (pwdialog->priv->error_dialog);
- pwdialog->priv->error_dialog = NULL;
+ gtk_widget_destroy (pwdialog->priv->error_dialog);
+ pwdialog->priv->error_dialog = NULL;
- if (parent_class->finalize != NULL)
- parent_class->finalize (object);
+ if (parent_class->finalize != NULL)
+ parent_class->finalize (object);
}
static void
-ka_pwdialog_class_init(KaPwDialogClass *klass)
+ka_pwdialog_class_init (KaPwDialogClass * klass)
{
- GObjectClass *object_class = G_OBJECT_CLASS(klass);
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
- object_class->finalize = ka_pwdialog_finalize;
- g_type_class_add_private(klass, sizeof(KaPwDialogPrivate));
+ object_class->finalize = ka_pwdialog_finalize;
+ g_type_class_add_private (klass, sizeof (KaPwDialogPrivate));
}
-static KaPwDialog*
-ka_pwdialog_new(void)
+static KaPwDialog *
+ka_pwdialog_new (void)
{
- return g_object_new (KA_TYPE_PWDIALOG, NULL);
+ return g_object_new (KA_TYPE_PWDIALOG, NULL);
}
static gboolean
-grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data)
+grab_keyboard (GtkWidget *win, GdkEvent * event, gpointer data)
{
- KaPwDialog* pwdialog = KA_PWDIALOG(data);
-
- GdkGrabStatus status;
- if (!pwdialog->priv->grabbed) {
- status = gdk_keyboard_grab (gtk_widget_get_window (win),
- FALSE, gdk_event_get_time (event));
- if (status == GDK_GRAB_SUCCESS)
- pwdialog->priv->grabbed = TRUE;
- else
- g_message ("could not grab keyboard: %d", (int)status);
- }
- return FALSE;
+ KaPwDialog *pwdialog = KA_PWDIALOG (data);
+
+ GdkGrabStatus status;
+
+ if (!pwdialog->priv->grabbed) {
+ status = gdk_keyboard_grab (gtk_widget_get_window (win),
+ FALSE, gdk_event_get_time (event));
+ if (status == GDK_GRAB_SUCCESS)
+ pwdialog->priv->grabbed = TRUE;
+ else
+ g_message ("could not grab keyboard: %d", (int) status);
+ }
+ return FALSE;
}
static gboolean
ungrab_keyboard (GtkWidget *win G_GNUC_UNUSED,
- GdkEvent *event,
- gpointer data)
+ GdkEvent * event, gpointer data)
{
- KaPwDialog* pwdialog = KA_PWDIALOG(data);
+ KaPwDialog *pwdialog = KA_PWDIALOG (data);
- if (pwdialog->priv->grabbed)
- gdk_keyboard_ungrab (gdk_event_get_time (event));
- pwdialog->priv->grabbed = FALSE;
- return FALSE;
+ if (pwdialog->priv->grabbed)
+ gdk_keyboard_ungrab (gdk_event_get_time (event));
+ pwdialog->priv->grabbed = FALSE;
+ return FALSE;
}
static gboolean
-window_state_changed (GtkWidget *win, GdkEventWindowState *event, gpointer data)
+window_state_changed (GtkWidget *win, GdkEventWindowState *event,
+ gpointer data)
{
- GdkWindowState state = gdk_window_get_state (gtk_widget_get_window (win));
+ GdkWindowState state = gdk_window_get_state (gtk_widget_get_window (win));
- if (state & GDK_WINDOW_STATE_WITHDRAWN ||
- state & GDK_WINDOW_STATE_ICONIFIED ||
- state & GDK_WINDOW_STATE_FULLSCREEN ||
- state & GDK_WINDOW_STATE_MAXIMIZED)
- ungrab_keyboard (win, (GdkEvent*)event, data);
- else
- grab_keyboard (win, (GdkEvent*)event, data);
+ if (state & GDK_WINDOW_STATE_WITHDRAWN ||
+ state & GDK_WINDOW_STATE_ICONIFIED ||
+ state & GDK_WINDOW_STATE_FULLSCREEN ||
+ state & GDK_WINDOW_STATE_MAXIMIZED)
+ ungrab_keyboard (win, (GdkEvent *) event, data);
+ else
+ grab_keyboard (win, (GdkEvent *) event, data);
- return FALSE;
+ return FALSE;
}
gint
-ka_pwdialog_run(KaPwDialog* self)
+ka_pwdialog_run (KaPwDialog *self)
{
- GtkWidget *dialog = self->priv->dialog;
-
- /* cleanup old error dialog, if present (e.g. user didn't acknowledge
- * the error but clicked the tray icon again) */
- if (self->priv->error_dialog)
- gtk_widget_hide (self->priv->error_dialog);
-
- /* make sure we pop up on top */
- gtk_window_set_keep_above (GTK_WINDOW (dialog), TRUE);
-
- /*
- * grab the keyboard so that people don't accidentally type their
- * passwords in other windows.
- */
- g_signal_connect (dialog, "map-event", G_CALLBACK (grab_keyboard), self);
- g_signal_connect (dialog, "unmap-event", G_CALLBACK (ungrab_keyboard), self);
- g_signal_connect (dialog, "window-state-event", G_CALLBACK (window_state_changed), self);
-
- gtk_widget_grab_focus (self->priv->pw_entry);
- gtk_widget_show(dialog);
- return gtk_dialog_run (GTK_DIALOG(dialog));
+ GtkWidget *dialog = self->priv->dialog;
+
+ /* cleanup old error dialog, if present (e.g. user didn't acknowledge
+ * the error but clicked the tray icon again) */
+ if (self->priv->error_dialog)
+ gtk_widget_hide (self->priv->error_dialog);
+
+ /* make sure we pop up on top */
+ gtk_window_set_keep_above (GTK_WINDOW (dialog), TRUE);
+
+ /*
+ * grab the keyboard so that people don't accidentally type their
+ * passwords in other windows.
+ */
+ g_signal_connect (dialog, "map-event", G_CALLBACK (grab_keyboard), self);
+ g_signal_connect (dialog, "unmap-event", G_CALLBACK (ungrab_keyboard),
+ self);
+ g_signal_connect (dialog, "window-state-event",
+ G_CALLBACK (window_state_changed), self);
+
+ gtk_widget_grab_focus (self->priv->pw_entry);
+ gtk_widget_show (dialog);
+ return gtk_dialog_run (GTK_DIALOG (dialog));
}
void
-ka_pwdialog_error(KaPwDialog* self, const char *msg)
+ka_pwdialog_error (KaPwDialog *self, const char *msg)
{
- GtkWidget *dialog = self->priv->error_dialog;
-
- gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog),
- _("Couldn't acquire kerberos ticket: '%s'"),
- _(msg));
- gtk_widget_show (GTK_WIDGET(dialog));
- gtk_dialog_run (GTK_DIALOG(dialog));
- gtk_widget_hide(dialog);
+ GtkWidget *dialog = self->priv->error_dialog;
+
+ gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog),
+ _
+ ("Couldn't acquire kerberos ticket: '%s'"),
+ _(msg));
+ gtk_widget_show (GTK_WIDGET (dialog));
+ gtk_dialog_run (GTK_DIALOG (dialog));
+ gtk_widget_hide (dialog);
}
void
-ka_pwdialog_set_persist (KaPwDialog* pwdialog, gboolean persist)
+ka_pwdialog_set_persist (KaPwDialog *pwdialog, gboolean persist)
{
- pwdialog->priv->persist = persist;
+ pwdialog->priv->persist = persist;
}
void
-ka_pwdialog_hide (const KaPwDialog* pwdialog, gboolean force)
+ka_pwdialog_hide (const KaPwDialog *pwdialog, gboolean force)
{
- KA_DEBUG("PW Dialog persist: %d", pwdialog->priv->persist);
- if (!pwdialog->priv->persist || force)
- gtk_widget_hide(pwdialog->priv->dialog);
+ KA_DEBUG ("PW Dialog persist: %d", pwdialog->priv->persist);
+ if (!pwdialog->priv->persist || force)
+ gtk_widget_hide (pwdialog->priv->dialog);
}
-const gchar*
-ka_pwdialog_get_password(KaPwDialog *pwdialog)
+const gchar *
+ka_pwdialog_get_password (KaPwDialog *pwdialog)
{
- return gtk_entry_get_text (GTK_ENTRY(pwdialog->priv->pw_entry));
+ return gtk_entry_get_text (GTK_ENTRY (pwdialog->priv->pw_entry));
}
gboolean
-ka_pwdialog_status_update (KaPwDialog* pwdialog)
+ka_pwdialog_status_update (KaPwDialog *pwdialog)
{
- gchar *expiry_text;
- gchar *expiry_markup;
- int minutes_left = ka_tgt_valid_seconds() / 60;
-
- g_return_val_if_fail (pwdialog != NULL, FALSE);
- if (minutes_left > 0) {
- expiry_text = g_strdup_printf (ngettext("Your credentials expire in %d minute",
- "Your credentials expire in %d minutes",
- minutes_left), minutes_left);
- } else {
- expiry_text = g_strdup_printf ("<span foreground=\"red\">%s</span>",
- _("Your credentials have expired"));
- }
- expiry_markup = g_strdup_printf ("<span size=\"smaller\" style=\"italic\">%s</span>", expiry_text);
- gtk_label_set_markup (GTK_LABEL(pwdialog->priv->status_label), expiry_markup);
- g_free (expiry_text);
- g_free (expiry_markup);
-
- return TRUE;
+ gchar *expiry_text;
+ gchar *expiry_markup;
+ int minutes_left = ka_tgt_valid_seconds () / 60;
+
+ g_return_val_if_fail (pwdialog != NULL, FALSE);
+ if (minutes_left > 0) {
+ expiry_text =
+ g_strdup_printf (ngettext
+ ("Your credentials expire in %d minute",
+ "Your credentials expire in %d minutes",
+ minutes_left), minutes_left);
+ } else {
+ expiry_text = g_strdup_printf ("<span foreground=\"red\">%s</span>",
+ _("Your credentials have expired"));
+ }
+ expiry_markup =
+ g_strdup_printf ("<span size=\"smaller\" style=\"italic\">%s</span>",
+ expiry_text);
+ gtk_label_set_markup (GTK_LABEL (pwdialog->priv->status_label),
+ expiry_markup);
+ g_free (expiry_text);
+ g_free (expiry_markup);
+
+ return TRUE;
}
void
-ka_pwdialog_setup (KaPwDialog* pwdialog, const gchar *krb5prompt,
+ka_pwdialog_setup (KaPwDialog *pwdialog, const gchar *krb5prompt,
gboolean invalid_auth)
{
- KaPwDialogPrivate *priv = pwdialog->priv;
- gchar *wrong_markup = NULL;
- gchar *prompt;
- int pw4len;
-
- if (krb5prompt == NULL) {
- prompt = g_strdup (_("Please enter your Kerberos password:"));
- } else {
- /* Kerberos's prompts are a mess, and basically impossible to
- * translate. There's basically no way short of doing a lot of
- * string parsing to translate them. The most common prompt is
- * "Password for $uid:". We special case that one at least. We
- * cannot do any of the fancier strings (like challenges),
- * though. */
- pw4len = strlen ("Password for ");
- if (strncmp (krb5prompt, "Password for ", pw4len) == 0) {
- gchar *uid = (gchar *) (krb5prompt + pw4len);
- prompt = g_strdup_printf (_("Please enter the password for '%s':"), uid);
- } else {
- prompt = g_strdup (krb5prompt);
- }
- }
-
- /* Clear the password entry field */
- gtk_entry_set_text (GTK_ENTRY (priv->pw_entry), "");
-
- /* Use the prompt label that krb5 provides us */
- gtk_label_set_text (GTK_LABEL (priv->krb_label), prompt);
-
- /* Add our extra message hints */
- if (invalid_auth) {
- wrong_markup = g_strdup_printf ("<span size=\"smaller\" style=\"italic\">%s</span>",
- _("The password you entered is invalid"));
- gtk_label_set_markup (GTK_LABEL (priv->status_label), wrong_markup);
- } else
- ka_pwdialog_status_update (pwdialog);
-
- g_free(wrong_markup);
- g_free (prompt);
+ KaPwDialogPrivate *priv = pwdialog->priv;
+ gchar *wrong_markup = NULL;
+ gchar *prompt;
+ int pw4len;
+
+ if (krb5prompt == NULL) {
+ prompt = g_strdup (_("Please enter your Kerberos password:"));
+ } else {
+ /* Kerberos's prompts are a mess, and basically impossible to
+ * translate. There's basically no way short of doing a lot of
+ * string parsing to translate them. The most common prompt is
+ * "Password for $uid:". We special case that one at least. We
+ * cannot do any of the fancier strings (like challenges),
+ * though. */
+ pw4len = strlen ("Password for ");
+ if (strncmp (krb5prompt, "Password for ", pw4len) == 0) {
+ gchar *uid = (gchar *) (krb5prompt + pw4len);
+
+ prompt =
+ g_strdup_printf (_("Please enter the password for '%s':"),
+ uid);
+ } else {
+ prompt = g_strdup (krb5prompt);
+ }
+ }
+
+ /* Clear the password entry field */
+ gtk_entry_set_text (GTK_ENTRY (priv->pw_entry), "");
+
+ /* Use the prompt label that krb5 provides us */
+ gtk_label_set_text (GTK_LABEL (priv->krb_label), prompt);
+
+ /* Add our extra message hints */
+ if (invalid_auth) {
+ wrong_markup =
+ g_strdup_printf
+ ("<span size=\"smaller\" style=\"italic\">%s</span>",
+ _("The password you entered is invalid"));
+ gtk_label_set_markup (GTK_LABEL (priv->status_label), wrong_markup);
+ } else
+ ka_pwdialog_status_update (pwdialog);
+
+ g_free (wrong_markup);
+ g_free (prompt);
}
-static GtkWidget*
-ka_error_dialog_new(void)
+static GtkWidget *
+ka_error_dialog_new (void)
{
- GtkWidget *dialog = gtk_message_dialog_new (
- NULL, GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
- _("%s Error"), KA_NAME);
- gtk_window_set_title(GTK_WINDOW(dialog), _(KA_NAME));
- gtk_window_set_skip_taskbar_hint(GTK_WINDOW(dialog), FALSE);
- return dialog;
+ GtkWidget *dialog =
+ gtk_message_dialog_new (NULL, GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
+ _("%s Error"), KA_NAME);
+
+ gtk_window_set_title (GTK_WINDOW (dialog), _(KA_NAME));
+ gtk_window_set_skip_taskbar_hint (GTK_WINDOW (dialog), FALSE);
+ return dialog;
}
-KaPwDialog*
-ka_pwdialog_create(GtkBuilder* xml)
+KaPwDialog *
+ka_pwdialog_create (GtkBuilder *xml)
{
- KaPwDialog *pwdialog = ka_pwdialog_new();
- KaEntryBuffer *buffer = ka_entry_buffer_new ();
- KaPwDialogPrivate *priv = pwdialog->priv;
- GtkWidget *entry_hbox = NULL;
-
- priv->dialog = GTK_WIDGET (gtk_builder_get_object (xml, "krb5_dialog"));
- priv->status_label = GTK_WIDGET (gtk_builder_get_object (xml, "krb5_status_label"));
- priv->krb_label = GTK_WIDGET (gtk_builder_get_object (xml, "krb5_message_label"));
- priv->pw_entry = GTK_WIDGET (gtk_entry_new_with_buffer (GTK_ENTRY_BUFFER(buffer)));
- gtk_entry_set_visibility(GTK_ENTRY(priv->pw_entry), FALSE);
- g_object_unref (buffer);
- priv->error_dialog = ka_error_dialog_new();
-
- entry_hbox = GTK_WIDGET (gtk_builder_get_object (xml, "entry_hbox"));
- gtk_container_add (GTK_CONTAINER (entry_hbox), priv->pw_entry);
- gtk_entry_set_activates_default (GTK_ENTRY (priv->pw_entry), TRUE);
- gtk_widget_show (priv->pw_entry);
-
- return pwdialog;
+ KaPwDialog *pwdialog = ka_pwdialog_new ();
+ KaEntryBuffer *buffer = ka_entry_buffer_new ();
+ KaPwDialogPrivate *priv = pwdialog->priv;
+ GtkWidget *entry_hbox = NULL;
+
+ priv->dialog = GTK_WIDGET (gtk_builder_get_object (xml, "krb5_dialog"));
+ priv->status_label =
+ GTK_WIDGET (gtk_builder_get_object (xml, "krb5_status_label"));
+ priv->krb_label =
+ GTK_WIDGET (gtk_builder_get_object (xml, "krb5_message_label"));
+ priv->pw_entry =
+ GTK_WIDGET (gtk_entry_new_with_buffer (GTK_ENTRY_BUFFER (buffer)));
+ gtk_entry_set_visibility (GTK_ENTRY (priv->pw_entry), FALSE);
+ g_object_unref (buffer);
+ priv->error_dialog = ka_error_dialog_new ();
+
+ entry_hbox = GTK_WIDGET (gtk_builder_get_object (xml, "entry_hbox"));
+ gtk_container_add (GTK_CONTAINER (entry_hbox), priv->pw_entry);
+ gtk_entry_set_activates_default (GTK_ENTRY (priv->pw_entry), TRUE);
+ gtk_widget_show (priv->pw_entry);
+
+ return pwdialog;
}
diff --git a/src/ka-pwdialog.h b/src/ka-pwdialog.h
index 1c244f8..ff518dc 100644
--- a/src/ka-pwdialog.h
+++ b/src/ka-pwdialog.h
@@ -28,7 +28,6 @@
#include "config.h"
G_BEGIN_DECLS
-
#define KA_TYPE_PWDIALOG (ka_pwdialog_get_type ())
#define KA_PWDIALOG(obj) \
(G_TYPE_CHECK_INSTANCE_CAST ((obj), KA_TYPE_PWDIALOG, KaPwDialog))
@@ -40,26 +39,26 @@ G_BEGIN_DECLS
(G_TYPE_CHECK_CLASS_TYPE ((klass), KA_TYPE_PWDIALOG))
#define KA_PWDIALOG_GET_CLASS(obj) \
(G_TYPE_INSTANCE_GET_CLASS ((obj), KA_TYPE_PWDIALOG, KaPwDialogClass))
-
-typedef struct _KaPwDialog KaPwDialog;
-typedef struct _KaPwDialogClass KaPwDialogClass;
+ typedef struct _KaPwDialog KaPwDialog;
+typedef struct _KaPwDialogClass KaPwDialogClass;
typedef struct _KaPwDialogPrivate KaPwDialogPrivate;
GType ka_pwdialog_get_type (void);
/* public functions */
-KaPwDialog* ka_pwdialog_create(GtkBuilder *xml);
+KaPwDialog *ka_pwdialog_create (GtkBuilder *xml);
+
/* setup everything for the next prompting */
-void ka_pwdialog_setup (KaPwDialog* pwdialog, const gchar *krb5prompt,
+void ka_pwdialog_setup (KaPwDialog *pwdialog, const gchar *krb5prompt,
gboolean invalid_auth);
-gint ka_pwdialog_run(KaPwDialog *pwdialog);
-void ka_pwdialog_hide(const KaPwDialog *pwdialog, gboolean force);
-void ka_pwdialog_set_persist(KaPwDialog *pwdialog, gboolean persist);
+gint ka_pwdialog_run (KaPwDialog *pwdialog);
+void ka_pwdialog_hide (const KaPwDialog *pwdialog, gboolean force);
+void ka_pwdialog_set_persist (KaPwDialog *pwdialog, gboolean persist);
void ka_pwdialog_error (KaPwDialog *pwdialog, const char *msg);
+
/* update the expiry information in the status entry */
gboolean ka_pwdialog_status_update (KaPwDialog *pwdialog);
-const gchar* ka_pwdialog_get_password(KaPwDialog *dialog);
+const gchar *ka_pwdialog_get_password (KaPwDialog *dialog);
G_END_DECLS
-
#endif
diff --git a/src/ka-tickets.c b/src/ka-tickets.c
index 8734546..c7d9ea7 100644
--- a/src/ka-tickets.c
+++ b/src/ka-tickets.c
@@ -27,89 +27,90 @@
#include "ka-dialog.h"
static GtkListStore *tickets;
-static GtkWidget *tickets_dialog;
+static GtkWidget *tickets_dialog;
-GtkWidget*
-ka_tickets_dialog_create(GtkBuilder *xml)
+GtkWidget *
+ka_tickets_dialog_create (GtkBuilder *xml)
{
- GtkCellRenderer *text_renderer, *toggle_renderer;
- GtkTreeViewColumn *column;
- GtkTreeView *tickets_view;
+ GtkCellRenderer *text_renderer, *toggle_renderer;
+ GtkTreeViewColumn *column;
+ GtkTreeView *tickets_view;
- tickets = gtk_list_store_new (N_COLUMNS,
- G_TYPE_STRING,
- G_TYPE_STRING,
- G_TYPE_STRING,
- G_TYPE_BOOLEAN,
- G_TYPE_BOOLEAN,
- G_TYPE_BOOLEAN);
+ tickets = gtk_list_store_new (N_COLUMNS,
+ G_TYPE_STRING,
+ G_TYPE_STRING,
+ G_TYPE_STRING,
+ G_TYPE_BOOLEAN,
+ G_TYPE_BOOLEAN, G_TYPE_BOOLEAN);
- tickets_dialog = GTK_WIDGET (gtk_builder_get_object (xml, "krb5_tickets_dialog"));
- tickets_view = GTK_TREE_VIEW (gtk_builder_get_object (xml, "krb5_tickets_treeview"));
- gtk_tree_view_set_model(GTK_TREE_VIEW(tickets_view), GTK_TREE_MODEL(tickets));
+ tickets_dialog =
+ GTK_WIDGET (gtk_builder_get_object (xml, "krb5_tickets_dialog"));
+ tickets_view =
+ GTK_TREE_VIEW (gtk_builder_get_object (xml, "krb5_tickets_treeview"));
+ gtk_tree_view_set_model (GTK_TREE_VIEW (tickets_view),
+ GTK_TREE_MODEL (tickets));
- text_renderer = gtk_cell_renderer_text_new();
- toggle_renderer = gtk_cell_renderer_toggle_new();
+ text_renderer = gtk_cell_renderer_text_new ();
+ toggle_renderer = gtk_cell_renderer_toggle_new ();
- column = gtk_tree_view_column_new_with_attributes(_("Principal"),
- text_renderer,
- "text",
- PRINCIPAL_COLUMN,
- NULL);
- gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
- column = gtk_tree_view_column_new_with_attributes(_("Start Time"),
- text_renderer,
- "text",
- START_TIME_COLUMN,
- NULL);
- gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
- column = gtk_tree_view_column_new_with_attributes(_("End Time"),
- text_renderer,
- "markup",
- END_TIME_COLUMN,
- NULL);
- gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
- column = gtk_tree_view_column_new_with_attributes(_("Fwd"),
- toggle_renderer,
- "active",
- FORWARDABLE_COLUMN,
- NULL);
- gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
- column = gtk_tree_view_column_new_with_attributes(_("Proxy"),
- toggle_renderer,
- "active",
- PROXIABLE_COLUMN,
- NULL);
- gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
- column = gtk_tree_view_column_new_with_attributes(_("Renew"),
- toggle_renderer,
- "active",
- RENEWABLE_COLUMN,
- NULL);
- gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
- return tickets_dialog;
+ column = gtk_tree_view_column_new_with_attributes (_("Principal"),
+ text_renderer,
+ "text",
+ PRINCIPAL_COLUMN,
+ NULL);
+ gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
+ column = gtk_tree_view_column_new_with_attributes (_("Start Time"),
+ text_renderer,
+ "text",
+ START_TIME_COLUMN,
+ NULL);
+ gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
+ column = gtk_tree_view_column_new_with_attributes (_("End Time"),
+ text_renderer,
+ "markup",
+ END_TIME_COLUMN, NULL);
+ gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
+ column = gtk_tree_view_column_new_with_attributes (_("Fwd"),
+ toggle_renderer,
+ "active",
+ FORWARDABLE_COLUMN,
+ NULL);
+ gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
+ column = gtk_tree_view_column_new_with_attributes (_("Proxy"),
+ toggle_renderer,
+ "active",
+ PROXIABLE_COLUMN,
+ NULL);
+ gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
+ column = gtk_tree_view_column_new_with_attributes (_("Renew"),
+ toggle_renderer,
+ "active",
+ RENEWABLE_COLUMN,
+ NULL);
+ gtk_tree_view_append_column (GTK_TREE_VIEW (tickets_view), column);
+ return tickets_dialog;
}
void
-ka_tickets_dialog_run()
+ka_tickets_dialog_run ()
{
- if (ka_get_service_tickets(tickets)) {
- gtk_window_present(GTK_WINDOW(tickets_dialog));
- gtk_dialog_run(GTK_DIALOG(tickets_dialog));
- gtk_widget_hide(tickets_dialog);
- } else {
- GtkWidget *message_dialog;
+ if (ka_get_service_tickets (tickets)) {
+ gtk_window_present (GTK_WINDOW (tickets_dialog));
+ gtk_dialog_run (GTK_DIALOG (tickets_dialog));
+ gtk_widget_hide (tickets_dialog);
+ } else {
+ GtkWidget *message_dialog;
- message_dialog = gtk_message_dialog_new (NULL,
- GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_MESSAGE_ERROR,
- GTK_BUTTONS_CLOSE,
- _("Error displaying service ticket information"));
- gtk_window_set_resizable (GTK_WINDOW (message_dialog), FALSE);
+ message_dialog = gtk_message_dialog_new (NULL,
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+ _
+ ("Error displaying service ticket information"));
+ gtk_window_set_resizable (GTK_WINDOW (message_dialog), FALSE);
- g_signal_connect (message_dialog, "response",
- G_CALLBACK (gtk_widget_destroy),
- NULL);
- gtk_widget_show (message_dialog);
- }
+ g_signal_connect (message_dialog, "response",
+ G_CALLBACK (gtk_widget_destroy), NULL);
+ gtk_widget_show (message_dialog);
+ }
}
diff --git a/src/ka-tickets.h b/src/ka-tickets.h
index a1002f5..2a8aa3f 100644
--- a/src/ka-tickets.h
+++ b/src/ka-tickets.h
@@ -22,18 +22,18 @@
#define KA_TICKETS_H
enum ticket_columns {
- PRINCIPAL_COLUMN,
- START_TIME_COLUMN,
- END_TIME_COLUMN,
- FORWARDABLE_COLUMN,
- RENEWABLE_COLUMN,
- PROXIABLE_COLUMN,
- N_COLUMNS
+ PRINCIPAL_COLUMN,
+ START_TIME_COLUMN,
+ END_TIME_COLUMN,
+ FORWARDABLE_COLUMN,
+ RENEWABLE_COLUMN,
+ PROXIABLE_COLUMN,
+ N_COLUMNS
};
-GtkWidget* ka_tickets_dialog_create(GtkBuilder *xml);
-void ka_tickets_dialog_run(void);
+GtkWidget *ka_tickets_dialog_create (GtkBuilder *xml);
+void ka_tickets_dialog_run (void);
#endif
bgstack15