Commit 809f820c authored by yun341's avatar yun341

gdm: Refactor oVirt to a generic CredentialManager interface

    Commit 4cda61a1 added support for pre-authenticated logins in
    oVirt environments. This feature prevents a user from having
    to type their password twice (once to the oVirt management machine,
    and then immediately again in the provisioned guest running gnome-shell).
    That feature is currently oVirt specific, but a similar feature would
    be useful in non-oVirt based virt farm environments.

    Toward that end, this commit generalizes the various aspects of the
    oVirt integration code, so that it can be reused in a subsequent
    commit for adding single sign on support in vmware deployments, too.

    Closes: #1983
parent 75235624
......@@ -71,7 +71,7 @@ var AuthPrompt = GObject.registerClass({
this._userVerifier.connect('verification-complete', this._onVerificationComplete.bind(this));
this._userVerifier.connect('reset', this._onReset.bind(this));
this._userVerifier.connect('smartcard-status-changed', this._onSmartcardStatusChanged.bind(this));
this._userVerifier.connect('ovirt-user-authenticated', this._onOVirtUserAuthenticated.bind(this));
this._userVerifier.connect('credential-manager-authenticated', this._onCredentialManagerAuthenticated.bind(this));
this.smartcardDetected = this._userVerifier.smartcardDetected;
this.connect('destroy', this._onDestroy.bind(this));
......@@ -242,7 +242,7 @@ var AuthPrompt = GObject.registerClass({
this.emit('prompted');
}
_onOVirtUserAuthenticated() {
_onCredentialManagerAuthenticated() {
if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED)
this.reset();
}
......
// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
/* exported CredentialManager */
class CredentialManager {
constructor(service) {
this._token = null;
this._service = service;
this._authenticatedSignalId = null;
}
get token() {
return this._token;
}
set token(t) {
this._token = t;
if (this._token)
this.emit('user-authenticated', this._token);
}
get service() {
return this._service;
}
}
......@@ -3,6 +3,9 @@
const Gio = imports.gi.Gio;
const Signals = imports.signals;
const Credential = imports.gdm.credentialManager;
var SERVICE_NAME = 'gdm-ovirtcred';
const OVirtCredentialsIface = `
<node>
......@@ -28,30 +31,14 @@ function OVirtCredentials() {
return self;
}
var OVirtCredentialsManager = class {
var OVirtCredentialsManager = class OVirtCredentialsManager extends Credential.CredentialManager {
constructor() {
this._token = null;
super(SERVICE_NAME);
this._credentials = new OVirtCredentials();
this._credentials.connectSignal('UserAuthenticated',
this._onUserAuthenticated.bind(this));
}
_onUserAuthenticated(proxy, sender, [token]) {
this._token = token;
this.emit('user-authenticated', token);
}
hasToken() {
return this._token != null;
}
getToken() {
return this._token;
}
resetToken() {
this._token = null;
(proxy, sender, [token]) => {
this.token = token;
});
}
};
Signals.addSignalMethods(OVirtCredentialsManager.prototype);
......
......@@ -24,7 +24,6 @@ Gio._promisify(Gdm.UserVerifierProxy.prototype,
var PASSWORD_SERVICE_NAME = 'gdm-password';
var FINGERPRINT_SERVICE_NAME = 'gdm-fingerprint';
var SMARTCARD_SERVICE_NAME = 'gdm-smartcard';
var OVIRT_SERVICE_NAME = 'gdm-ovirtcred';
var FADE_ANIMATION_TIME = 160;
var CLONE_FADE_ANIMATION_TIME = 250;
......@@ -160,13 +159,19 @@ var ShellUserVerifier = class {
this._failCounter = 0;
this._oVirtCredentialsManager = OVirt.getOVirtCredentialsManager();
this._credentialManagers = {};
this._credentialManagers[OVirt.SERVICE_NAME] = OVirt.getOVirtCredentialsManager();
if (this._oVirtCredentialsManager.hasToken())
this._oVirtUserAuthenticated(this._oVirtCredentialsManager.getToken());
for (let service in this._credentialManagers) {
if (this._credentialManagers[service].token) {
this._onCredentialManagerAuthenticated(this._credentialManagers[service],
this._credentialManagers[service].token);
}
this._oVirtUserAuthenticatedId = this._oVirtCredentialsManager.connect('user-authenticated',
this._oVirtUserAuthenticated.bind(this));
this._credentialManagers[service]._authenticatedSignalId =
this._credentialManagers[service].connect('user-authenticated',
this._onCredentialManagerAuthenticated.bind(this));
}
}
begin(userName, hold) {
......@@ -222,8 +227,11 @@ var ShellUserVerifier = class {
this._smartcardManager.disconnect(this._smartcardRemovedId);
this._smartcardManager = null;
this._oVirtCredentialsManager.disconnect(this._oVirtUserAuthenticatedId);
this._oVirtCredentialsManager = null;
for (let service in this._credentialManagers) {
let credentialManager = this._credentialManagers[service];
credentialManager.disconnect(credentialManager._authenticatedSignalId);
credentialManager = null;
}
}
answerQuery(serviceName, answer) {
......@@ -311,9 +319,9 @@ var ShellUserVerifier = class {
});
}
_oVirtUserAuthenticated(_token) {
this._preemptingService = OVIRT_SERVICE_NAME;
this.emit('ovirt-user-authenticated');
_onCredentialManagerAuthenticated(credentialManager, _token) {
this._preemptingService = credentialManager.service;
this.emit('credential-manager-authenticated');
}
_checkForSmartcard() {
......@@ -490,9 +498,12 @@ var ShellUserVerifier = class {
if (!this.serviceIsForeground(serviceName))
return;
if (serviceName == OVIRT_SERVICE_NAME) {
// The only question asked by this service is "Token?"
this.answerQuery(serviceName, this._oVirtCredentialsManager.getToken());
let token = null;
if (this._credentialManagers[serviceName])
token = this._credentialManagers[serviceName].token;
if (token) {
this.answerQuery(serviceName, token);
return;
}
......@@ -560,8 +571,10 @@ var ShellUserVerifier = class {
// If the login failed with the preauthenticated oVirt credentials
// then discard the credentials and revert to default authentication
// mechanism.
if (this.serviceIsForeground(OVIRT_SERVICE_NAME)) {
this._oVirtCredentialsManager.resetToken();
let foregroundService = Object.keys(this._credentialManagers).find(service =>
this.serviceIsForeground(service));
if (foregroundService) {
this._credentialManagers[foregroundService].token = null;
this._preemptingService = null;
this._verificationFailed(false);
return;
......
......@@ -6,6 +6,7 @@
<file>gdm/fingerprint.js</file>
<file>gdm/loginDialog.js</file>
<file>gdm/oVirt.js</file>
<file>gdm/credentialManager.js</file>
<file>gdm/realmd.js</file>
<file>gdm/util.js</file>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment