diff options
Diffstat (limited to 'src/realmd/LMI_RealmdKerberosRealmProvider.c')
-rw-r--r-- | src/realmd/LMI_RealmdKerberosRealmProvider.c | 627 |
1 files changed, 627 insertions, 0 deletions
diff --git a/src/realmd/LMI_RealmdKerberosRealmProvider.c b/src/realmd/LMI_RealmdKerberosRealmProvider.c new file mode 100644 index 0000000..5dc90d2 --- /dev/null +++ b/src/realmd/LMI_RealmdKerberosRealmProvider.c @@ -0,0 +1,627 @@ +#include <konkret/konkret.h> +#include "LMI_RealmdKerberosRealm.h" +#include "globals.h" +#include "rdcp_error.h" +#include "rdcp_dbus.h" +#include "rdcp_util.h" +#include "rdcp_realmdrealm.h" + +static const CMPIBroker* _cb = NULL; + +CMPIStatus LMI_RealmdKerberosRealmRef_InitFromDBusPath( + LMI_RealmdKerberosRealmRef* self, + const CMPIBroker* cb, + const char* ns, + const char* dbus_path) +{ + CMPIStatus status; + + CMSetStatus(&status, CMPI_RC_OK); + + LMI_RealmdRealmInitKeys(LMI_RealmdKerberosRealmRef, self, dbus_path); + + return status; +} + +CMPIStatus LMI_RealmdKerberosRealm_InitFromDBusPath( + LMI_RealmdKerberosRealm* self, + const CMPIBroker* cb, + const char* ns, + const char* dbus_path) +{ + CMPIStatus status; + GError *g_error = NULL; + GVariant *realm_props = NULL; + GVariant *kerberos_props = NULL; + GVariant *kerberos_membership_props = NULL; + + CMSetStatus(&status, CMPI_RC_OK); + + if (!rdcp_dbus_initialize(&g_error)) { + return handle_g_error(&g_error, _cb, &status, CMPI_RC_ERR_FAILED, "rdcp_dbus_initialize failed"); + } + + GET_DBUS_PROPERIES_OR_EXIT(realm_props, dbus_path, + REALM_DBUS_REALM_INTERFACE, &status); + GET_DBUS_PROPERIES_OR_EXIT(kerberos_props, dbus_path, + REALM_DBUS_KERBEROS_INTERFACE, &status); + + LMI_RealmdRealmInitKeys(LMI_RealmdKerberosRealm, self, dbus_path); + LMI_InitFromDBusRealmProps(LMI_RealmdKerberosRealm, self, realm_props); + LMI_InitFromDBusKerberosRealmProps(LMI_RealmdKerberosRealm, self, kerberos_props); + + if (SupportsDBusInterface(realm_props, REALM_DBUS_KERBEROS_MEMBERSHIP_INTERFACE)) { + GET_DBUS_PROPERIES_OR_EXIT(kerberos_membership_props, dbus_path, + REALM_DBUS_KERBEROS_MEMBERSHIP_INTERFACE, &status); + + LMI_InitFromDBusKerberosMembershipProps(LMI_RealmdKerberosRealm, self, + kerberos_membership_props); + } + + exit: + G_VARIANT_FREE(realm_props); + G_VARIANT_FREE(kerberos_props); + G_VARIANT_FREE(kerberos_membership_props); + + return status; +} + + +static void LMI_RealmdKerberosRealmInitialize() +{ +} + +static CMPIStatus LMI_RealmdKerberosRealmCleanup( + CMPIInstanceMI* mi, + const CMPIContext* cc, + CMPIBoolean term) +{ + CMReturn(CMPI_RC_OK); +} + +static CMPIStatus LMI_RealmdKerberosRealmEnumInstanceNames( + CMPIInstanceMI* mi, + const CMPIContext* cc, + const CMPIResult* cr, + const CMPIObjectPath* cop) +{ + return KDefaultEnumerateInstanceNames( + _cb, mi, cc, cr, cop); +} + +static CMPIStatus LMI_RealmdKerberosRealmEnumInstances( + CMPIInstanceMI* mi, + const CMPIContext* cc, + const CMPIResult* cr, + const CMPIObjectPath* cop, + const char** properties) +{ + CMPIStatus status; + GError *g_error = NULL; + GVariant *provider_props = NULL; + GVariant *realm_props = NULL; + GVariantIter *iter = NULL; + gchar *realm_obj_path; + const char *name_space = KNameSpace(cop); + + CMSetStatus(&status, CMPI_RC_OK); + + if (!rdcp_dbus_initialize(&g_error)) { + return handle_g_error(&g_error, _cb, &status, CMPI_RC_ERR_FAILED, + "rdcp_dbus_initialize failed"); + } + + GET_DBUS_PROPERIES_OR_EXIT(provider_props, REALM_DBUS_SERVICE_PATH, + REALM_DBUS_PROVIDER_INTERFACE, &status); + + g_variant_lookup(provider_props, "Realms", "ao", &iter); + while (g_variant_iter_next(iter, "&o", &realm_obj_path)) { + LMI_RealmdKerberosRealm realmd_realm; + + GET_DBUS_PROPERIES_OR_EXIT(realm_props, realm_obj_path, + REALM_DBUS_REALM_INTERFACE, &status); + if (!SupportsDBusInterface(realm_props, REALM_DBUS_KERBEROS_INTERFACE)) { + G_VARIANT_FREE(realm_props); + continue; + } + G_VARIANT_FREE(realm_props); + + status = LMI_RealmdKerberosRealm_InitFromDBusPath(&realmd_realm, _cb, + name_space, realm_obj_path); + if (status.rc != CMPI_RC_OK) { + goto exit; + } + + KReturnInstance(cr, realmd_realm); + } + + exit: + G_VARIANT_ITER_FREE(iter); + G_VARIANT_FREE(provider_props); + G_VARIANT_FREE(realm_props); + + return status; +} + +static CMPIStatus LMI_RealmdKerberosRealmGetInstance( + CMPIInstanceMI* mi, + const CMPIContext* cc, + const CMPIResult* cr, + const CMPIObjectPath* cop, + const char** properties) +{ + return KDefaultGetInstance( + _cb, mi, cc, cr, cop, properties); +} + +static CMPIStatus LMI_RealmdKerberosRealmCreateInstance( + CMPIInstanceMI* mi, + const CMPIContext* cc, + const CMPIResult* cr, + const CMPIObjectPath* cop, + const CMPIInstance* ci) +{ + CMReturn(CMPI_RC_ERR_NOT_SUPPORTED); +} + +static CMPIStatus LMI_RealmdKerberosRealmModifyInstance( + CMPIInstanceMI* mi, + const CMPIContext* cc, + const CMPIResult* cr, + const CMPIObjectPath* cop, + const CMPIInstance* ci, + const char** properties) +{ + CMReturn(CMPI_RC_ERR_NOT_SUPPORTED); +} + +static CMPIStatus LMI_RealmdKerberosRealmDeleteInstance( + CMPIInstanceMI* mi, + const CMPIContext* cc, + const CMPIResult* cr, + const CMPIObjectPath* cop) +{ + CMReturn(CMPI_RC_ERR_NOT_SUPPORTED); +} + +static CMPIStatus LMI_RealmdKerberosRealmExecQuery( + CMPIInstanceMI* mi, + const CMPIContext* cc, + const CMPIResult* cr, + const CMPIObjectPath* cop, + const char* lang, + const char* query) +{ + CMReturn(CMPI_RC_ERR_NOT_SUPPORTED); +} + +CMInstanceMIStub( + LMI_RealmdKerberosRealm, + LMI_RealmdKerberosRealm, + _cb, + LMI_RealmdKerberosRealmInitialize()) + +static CMPIStatus LMI_RealmdKerberosRealmMethodCleanup( + CMPIMethodMI* mi, + const CMPIContext* cc, + CMPIBoolean term) +{ + CMReturn(CMPI_RC_OK); +} + +static CMPIStatus LMI_RealmdKerberosRealmInvokeMethod( + CMPIMethodMI* mi, + const CMPIContext* cc, + const CMPIResult* cr, + const CMPIObjectPath* cop, + const char* meth, + const CMPIArgs* in, + CMPIArgs* out) +{ + return LMI_RealmdKerberosRealm_DispatchMethod( + _cb, mi, cc, cr, cop, meth, in, out); +} + +CMMethodMIStub( + LMI_RealmdKerberosRealm, + LMI_RealmdKerberosRealm, + _cb, + LMI_RealmdKerberosRealmInitialize()) + +KUint32 LMI_RealmdKerberosRealm_ChangeLoginPolicy( + const CMPIBroker* cb, + CMPIMethodMI* mi, + const CMPIContext* context, + const LMI_RealmdKerberosRealmRef* self, + const KString* LoginPolicy, + const KStringA* PermittedAdd, + const KStringA* PermittedRemove, + CMPIStatus* status) +{ + KUint32 result = KUINT32_INIT; + + KSetStatus(status, ERR_NOT_SUPPORTED); + return result; +} + +KUint32 LMI_RealmdKerberosRealm_Deconfigure( + const CMPIBroker* cb, + CMPIMethodMI* mi, + const CMPIContext* context, + const LMI_RealmdKerberosRealmRef* self, + CMPIStatus* status) +{ + KUint32 result = KUINT32_INIT; + + KSetStatus(status, ERR_NOT_SUPPORTED); + return result; +} + +KEXTERN KUint32 LMI_RealmdKerberosRealm_Join( + const CMPIBroker* cb, + CMPIMethodMI* mi, + const CMPIContext* context, + const LMI_RealmdKerberosRealmRef* self, + const KUint32* Type, + const KUint32* Owner, + const KString* Name, + const KString* Password, + const KUint8A* Data, + const KStringA* OptionNames, + const KStringA* OptionValues, + CMPIStatus* status) +{ + GError *g_error = NULL; + KUint32 result = KUINT32_INIT; + const char *cred_type = NULL; + const char *cred_owner = NULL; + gchar *data = NULL; + gsize data_len; + gchar *dbus_path = NULL; + GVariant *credentials = NULL; + GVariant *data_variant = NULL; + GVariant *options = NULL; + + KUint32_Set(&result, LMI_REALMD_RESULT_SUCCESS); + CMSetStatus(status, CMPI_RC_OK); + + if (!rdcp_dbus_initialize(&g_error)) { + handle_g_error(&g_error, _cb, status, CMPI_RC_ERR_FAILED, "rdcp_dbus_initialize failed"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if (!Type->exists || Type->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, "Type parameter absent"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if (!Owner->exists || Owner->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, "Owner parameter absent"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if (!dbus_path_from_instance_id(self->InstanceID.chars, &dbus_path, &g_error)) { + handle_g_error(&g_error, cb, status, CMPI_RC_ERR_FAILED, + "dbus_path_from_instance_id() failed"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + switch(Owner->value) { + case LMI_RealmdKerberosRealm_SupportedJoinCredentialOwners_administrator: + case LMI_RealmdKerberosRealm_SupportedJoinCredentialOwners_user: + case LMI_RealmdKerberosRealm_SupportedJoinCredentialOwners_computer: + case LMI_RealmdKerberosRealm_SupportedJoinCredentialOwners_none: + break; + default: + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, "Invalid Owner parameter"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + cred_type = SupportedJoinCredentialTypes_enum_to_name(Type->value); + cred_owner = SupportedJoinCredentialOwners_enum_to_name(Owner->value); + + switch(Type->value) { + case LMI_RealmdKerberosRealm_SupportedJoinCredentialTypes_ccache: + if ((Name->exists && !Name->null) || (Password->exists && !Password->null)) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Name & Password parameters must be NULL when Type is ccache"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + if (!Data->exists || Data->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Data parameter must be provided when Type is ccache"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if ((data = get_data_from_KUint8A(Data, &data_len)) == NULL) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_FAILED, + "unabled to allocate memory"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + data_variant = g_variant_new_from_data(G_VARIANT_TYPE ("ay"), + data, data_len, + TRUE, g_free, (gpointer) data); + + credentials = g_variant_new("(ssv)", cred_type, cred_owner, data_variant); + break; + case LMI_RealmdKerberosRealm_SupportedJoinCredentialTypes_password: + if (!Name->exists || Name->null || !Password->exists || Password->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Name & Password parameters must be provided when Type is password"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + if (Data->exists && !Data->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Data parameter must be NULL when Type is password"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + credentials = g_variant_new("(ssv)", cred_type, cred_owner, + g_variant_new("(ss)", Name->chars, Password->chars)); + + break; + case LMI_RealmdKerberosRealm_SupportedJoinCredentialTypes_secrect: + if ((Name->exists && !Name->null) || (Password->exists && !Password->null)) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Name & Password parameters must be NULL when Type is secret"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + if (!Data->exists || Data->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Data parameter must be provided when Type is secret"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if ((data = get_data_from_KUint8A(Data, &data_len)) == NULL) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_FAILED, + "unabled to allocate memory"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + credentials = g_variant_new("(ssv)", cred_type, cred_owner, + g_variant_new_fixed_array(G_VARIANT_TYPE_BYTE, + data, data_len, 1)); + break; + case LMI_RealmdKerberosRealm_SupportedJoinCredentialTypes_automatic: + if ((Name->exists && !Name->null) || (Password->exists && !Password->null) || + (Data->exists && !Data->null)) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Name, Password & Data parameters must be NULL when Type is secret"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + credentials = g_variant_new ("(ssv)", cred_type, cred_owner, + g_variant_new_string ("")); + + break; + default: + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, "Invalid Type parameter"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + + if (!build_g_variant_options_from_KStringA(OptionNames, OptionValues, &options, &g_error)) { + handle_g_error(&g_error, cb, status, CMPI_RC_ERR_FAILED, + "failed to convert options to gvariant"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if (!dbus_join_call(system_bus, dbus_path, credentials, options, &g_error)) { + handle_g_error(&g_error, cb, status, CMPI_RC_ERR_FAILED, "dbus_join_call() failed"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + + exit: + + g_free(data); + G_VARIANT_FREE(credentials); + G_VARIANT_FREE(data_variant); + G_VARIANT_FREE(options); + + return result; +} + +KEXTERN KUint32 LMI_RealmdKerberosRealm_Leave( + const CMPIBroker* cb, + CMPIMethodMI* mi, + const CMPIContext* context, + const LMI_RealmdKerberosRealmRef* self, + const KUint32* Type, + const KUint32* Owner, + const KString* Name, + const KString* Password, + const KUint8A* Data, + const KStringA* OptionNames, + const KStringA* OptionValues, + CMPIStatus* status) +{ + GError *g_error = NULL; + KUint32 result = KUINT32_INIT; + const char *cred_type = NULL; + const char *cred_owner = NULL; + gchar *data = NULL; + gsize data_len; + gchar *dbus_path = NULL; + GVariant *credentials = NULL; + GVariant *data_variant = NULL; + GVariant *options = NULL; + + KUint32_Set(&result, LMI_REALMD_RESULT_SUCCESS); + CMSetStatus(status, CMPI_RC_OK); + + if (!rdcp_dbus_initialize(&g_error)) { + handle_g_error(&g_error, _cb, status, CMPI_RC_ERR_FAILED, "rdcp_dbus_initialize failed"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if (!Type->exists || Type->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, "Type parameter absent"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if (!Owner->exists || Owner->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, "Owner parameter absent"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if (!dbus_path_from_instance_id(self->InstanceID.chars, &dbus_path, &g_error)) { + handle_g_error(&g_error, cb, status, CMPI_RC_ERR_FAILED, + "dbus_path_from_instance_id() failed"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + switch(Owner->value) { + case LMI_RealmdKerberosRealm_SupportedLeaveCredentialOwners_administrator: + case LMI_RealmdKerberosRealm_SupportedLeaveCredentialOwners_user: + case LMI_RealmdKerberosRealm_SupportedLeaveCredentialOwners_computer: + case LMI_RealmdKerberosRealm_SupportedLeaveCredentialOwners_none: + break; + default: + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, "Invalid Owner parameter"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + cred_type = SupportedLeaveCredentialTypes_enum_to_name(Type->value); + cred_owner = SupportedLeaveCredentialOwners_enum_to_name(Owner->value); + + switch(Type->value) { + case LMI_RealmdKerberosRealm_SupportedLeaveCredentialTypes_ccache: + if ((Name->exists && !Name->null) || (Password->exists && !Password->null)) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Name & Password parameters must be NULL when Type is ccache"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + if (!Data->exists || Data->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Data parameter must be provided when Type is ccache"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if ((data = get_data_from_KUint8A(Data, &data_len)) == NULL) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_FAILED, + "unabled to allocate memory"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + data_variant = g_variant_new_from_data(G_VARIANT_TYPE ("ay"), + data, data_len, + TRUE, g_free, (gpointer) data); + + credentials = g_variant_new("(ssv)", cred_type, cred_owner, data_variant); + break; + case LMI_RealmdKerberosRealm_SupportedLeaveCredentialTypes_password: + if (!Name->exists || Name->null || !Password->exists || Password->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Name & Password parameters must be provided when Type is password"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + if (Data->exists && !Data->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Data parameter must be NULL when Type is password"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + credentials = g_variant_new("(ssv)", cred_type, cred_owner, + g_variant_new("(ss)", Name->chars, Password->chars)); + + break; + case LMI_RealmdKerberosRealm_SupportedLeaveCredentialTypes_secrect: + if ((Name->exists && !Name->null) || (Password->exists && !Password->null)) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Name & Password parameters must be NULL when Type is secret"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + if (!Data->exists || Data->null) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Data parameter must be provided when Type is secret"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if ((data = get_data_from_KUint8A(Data, &data_len)) == NULL) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_FAILED, + "unabled to allocate memory"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + credentials = g_variant_new("(ssv)", cred_type, cred_owner, + g_variant_new_fixed_array(G_VARIANT_TYPE_BYTE, + data, data_len, 1)); + break; + case LMI_RealmdKerberosRealm_SupportedLeaveCredentialTypes_automatic: + if ((Name->exists && !Name->null) || (Password->exists && !Password->null) || + (Data->exists && !Data->null)) { + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, + "Name, Password & Data parameters must be NULL when Type is secret"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + credentials = g_variant_new ("(ssv)", cred_type, cred_owner, + g_variant_new_string ("")); + + break; + default: + CMSetStatusWithChars(cb, status, CMPI_RC_ERR_INVALID_PARAMETER, "Invalid Type parameter"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + + if (!build_g_variant_options_from_KStringA(OptionNames, OptionValues, &options, &g_error)) { + handle_g_error(&g_error, cb, status, CMPI_RC_ERR_FAILED, + "failed to convert options to gvariant"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + if (!dbus_leave_call(system_bus, dbus_path, credentials, options, &g_error)) { + handle_g_error(&g_error, cb, status, CMPI_RC_ERR_FAILED, "dbus_leave_call() failed"); + KUint32_Set(&result, LMI_REALMD_RESULT_FAILED); + goto exit; + } + + + exit: + + g_free(data); + G_VARIANT_FREE(credentials); + G_VARIANT_FREE(data_variant); + G_VARIANT_FREE(options); + + return result; +} + + +KONKRET_REGISTRATION( + "root/cimv2", + "LMI_RealmdKerberosRealm", + "LMI_RealmdKerberosRealm", + "instance method"); |