static gboolean
handle_op (CockpitRealms *object,
GDBusMethodInvocation *invocation,
const gchar *op,
const gchar *arg_name,
GVariant *arg_creds,
GVariant *arg_options)
{
Realms *realms = REALMS (object);
if (!set_invocation (realms, invocation, op, arg_name, arg_creds, arg_options))
return TRUE;
GVariantBuilder discover_options;
g_variant_builder_init (&discover_options, G_VARIANT_TYPE ("a{sv}"));
copy_option (&discover_options, arg_options, "client-software");
copy_option (&discover_options, arg_options, "server-software");
g_variant_builder_add (&discover_options, "{sv}",
"operation", g_variant_new_string (realms->op_id));
g_dbus_proxy_call (realms->realmd,
"Discover",
g_variant_new ("(sa{sv})", arg_name, &discover_options),
G_DBUS_CALL_FLAGS_NONE,
G_MAXINT,
NULL,
on_discover_for_op_done,
realms);
return TRUE;
}
static gboolean
handle_discover (CockpitRealms *object,
GDBusMethodInvocation *invocation,
const gchar *arg_name,
GVariant *arg_options)
{
Realms *realms = REALMS (object);
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_REALM_ADMIN))
return TRUE;
GVariantBuilder discover_options;
g_variant_builder_init (&discover_options, G_VARIANT_TYPE ("a{sv}"));
copy_option (&discover_options, arg_options, "client-software");
copy_option (&discover_options, arg_options, "server-software");
struct DiscoverData *data = g_new0(struct DiscoverData, 1);
data->realms = realms;
data->invocation = invocation;
g_dbus_proxy_call (realms->realmd,
"Discover",
g_variant_new ("(sa{sv})", arg_name, &discover_options),
G_DBUS_CALL_FLAGS_NONE,
G_MAXINT,
NULL,
on_discover_done,
data);
return TRUE;
}
/* Return the shadow shadow tree for the given domain name, and
* if the domain does not yet have a shadow tree, create it. */
struct option *
get_domain_tree(unsigned char *domain_name)
{
struct domain_tree *domain;
int domain_len;
assert(domain_name);
assert(*domain_name);
foreach (domain, domain_trees)
if (!strcasecmp(domain->name, domain_name))
return domain->tree;
domain_len = strlen(domain_name);
/* One byte is reserved for domain in struct domain_tree. */
domain = mem_alloc(sizeof(*domain) + domain_len);
if (!domain) return NULL;
domain->tree = copy_option(config_options, CO_SHALLOW
| CO_NO_LISTBOX_ITEM);
if (!domain->tree) {
mem_free(domain);
return NULL;
}
memcpy(domain->name, domain_name, domain_len + 1);
domain->len = domain_len;
add_to_list(domain_trees, domain);
return domain->tree;
}
/**
* grl_operation_options_copy:
* @options: a #GrlOperationOptions instance
*
* Returns: (transfer full): a new #GrlOperationOptions instance with its values being copies of
* the values of @options.
*
* Since: 0.2.0
*/
GrlOperationOptions *
grl_operation_options_copy (GrlOperationOptions *options)
{
GrlOperationOptions *copy = grl_operation_options_new (options->priv->caps);
copy_option (options, copy, GRL_OPERATION_OPTION_SKIP);
copy_option (options, copy, GRL_OPERATION_OPTION_COUNT);
copy_option (options, copy, GRL_OPERATION_OPTION_RESOLUTION_FLAGS);
copy_option (options, copy, GRL_OPERATION_OPTION_TYPE_FILTER);
g_hash_table_foreach (options->priv->key_filter,
(GHFunc) key_filter_dup,
copy->priv->key_filter);
g_hash_table_foreach (options->priv->key_range_filter,
(GHFunc) key_range_filter_dup,
copy->priv->key_range_filter);
return copy;
}
static void
on_discover_for_op_done (GObject *object,
GAsyncResult *res,
gpointer user_data)
{
Realms *realms = REALMS (user_data);
if (realms->op_cancelled)
{
end_invocation_with_error (realms, COCKPIT_ERROR_CANCELLED,
"Cancelled");
return;
}
GError *error = NULL;
gs_unref_variant GVariant *discover_result = g_dbus_proxy_call_finish (G_DBUS_PROXY (object), res, &error);
if (error)
{
end_invocation_take_gerror (realms, error);
return;
}
gs_free_variant_iter GVariantIter *object_paths = NULL;
g_variant_get (discover_result, "(iao)", NULL, &object_paths);
const gchar *first_object = NULL;
if (!g_variant_iter_next (object_paths, "&o", &first_object))
{
end_invocation_with_error (realms, COCKPIT_ERROR_NO_SUCH_REALM,
"No such realm: %s", realms->op_name);
return;
}
gs_unref_object GDBusProxy *kerberos =
g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
(G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES
| G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS),
NULL,
"org.freedesktop.realmd",
first_object,
"org.freedesktop.realmd.KerberosMembership",
NULL,
&error);
if (error)
{
end_invocation_take_gerror (realms, error);
return;
}
GVariant *creds = translate_kerberos_credentials (realms->op_creds);
GVariantBuilder options;
g_variant_builder_init (&options, G_VARIANT_TYPE ("a{sv}"));
copy_option (&options, realms->op_options, "computer-ou");
g_variant_builder_add (&options, "{sv}",
"operation", g_variant_new_string (realms->op_id));
g_dbus_proxy_call (kerberos,
realms->op,
g_variant_new ("(@(ssv)a{sv})", creds, &options),
G_DBUS_CALL_FLAGS_NONE,
G_MAXINT,
NULL,
on_op_done,
realms);
}
/**
* grl_operation_options_obey_caps:
* @options: a #GrlOperationOptions instance
* @caps: capabilities against which we want to test @options
* @supported_options: (out callee-allocates): if not %NULL, will contain a
* newly-allocated #GrlOperationOptions instance containing all the values of
* @options that match @caps.
* @unsupported_options: (out callee-allocates): if not %NULL, will contain a
* newly-allocated #GrlOperationOptions instance containing all the values of
* @options that do not match @caps.
*
* Check whether @options obey to @caps.
* Optionally provide the options that match (respectively don't match) @caps
* in @supported_options (respectively @unsupported_options).
* This would typically (but not necessarily) be used with a
* #GrlOperationOptions instance that was created with %NULL caps.
*
* Returns: %TRUE if @options obey to @caps, %FALSE otherwise.
*
* Since: 0.2.0
*/
gboolean
grl_operation_options_obey_caps (GrlOperationOptions *options,
GrlCaps *caps,
GrlOperationOptions **supported_options,
GrlOperationOptions **unsupported_options)
{
gboolean ret = TRUE;
GHashTableIter table_iter;
gpointer key_ptr;
GValue *value;
GrlRangeValue *range_value;
if (supported_options) {
*supported_options = grl_operation_options_new (caps);
/* these options are always supported */
copy_option (options, *supported_options, GRL_OPERATION_OPTION_SKIP);
copy_option (options, *supported_options, GRL_OPERATION_OPTION_COUNT);
copy_option (options, *supported_options, GRL_OPERATION_OPTION_RESOLUTION_FLAGS);
}
if (unsupported_options)
*unsupported_options = grl_operation_options_new (NULL);
ret &= check_and_copy_option (options,
caps,
GRL_OPERATION_OPTION_TYPE_FILTER,
supported_options,
unsupported_options);
/* Check filter-by-equal-key */
g_hash_table_iter_init (&table_iter, options->priv->key_filter);
while (g_hash_table_iter_next (&table_iter, &key_ptr, (gpointer *)&value)) {
GrlKeyID key_id = GRLPOINTER_TO_KEYID (key_ptr);
if (grl_caps_is_key_filter (caps, key_id)) {
if (supported_options) {
g_hash_table_insert ((*supported_options)->priv->key_filter,
key_ptr,
grl_g_value_dup (value));
}
} else {
ret = FALSE;
if (unsupported_options) {
g_hash_table_insert ((*unsupported_options)->priv->key_filter,
key_ptr,
grl_g_value_dup (value));
}
}
}
/* Check filter-by-range-key */
g_hash_table_iter_init (&table_iter, options->priv->key_range_filter);
while (g_hash_table_iter_next (&table_iter, &key_ptr, (gpointer *)&range_value)) {
GrlKeyID key_id = GRLPOINTER_TO_KEYID (key_ptr);
if (grl_caps_is_key_range_filter (caps, key_id)) {
if (supported_options) {
g_hash_table_insert ((*supported_options)->priv->key_range_filter,
key_ptr,
grl_range_value_dup (range_value));
}
} else {
ret = FALSE;
if (unsupported_options) {
g_hash_table_insert ((*unsupported_options)->priv->key_range_filter,
key_ptr,
grl_range_value_dup (range_value));
}
}
}
return ret;
}
