diff options
| author | Ray Strode <halfline@gmail.com> | 2023-02-23 20:41:30 +0000 |
|---|---|---|
| committer | Ray Strode <halfline@gmail.com> | 2023-02-23 20:41:30 +0000 |
| commit | d7e5d1dd79efcc6f764cd61e9249831d9160aa8a (patch) | |
| tree | a9e0fb614c8c30ff51497dcb1efdae5bd94ebe3d | |
| parent | c08eeeabc7fa996857524a457b63b85d31660db2 (diff) | |
| parent | 41820ba179c91d1d5452b303884b542d708a4911 (diff) | |
| download | gnome-online-accounts-d7e5d1dd79efcc6f764cd61e9249831d9160aa8a.tar.gz | |
Merge branch 'support-tardy-or-crashy-identity-service' into 'master'
Catch more cases where ticket reinitialization is broken
See merge request GNOME/gnome-online-accounts!120
| -rw-r--r-- | src/goaidentity/goaidentityservice.c | 20 | ||||
| -rw-r--r-- | src/goaidentity/goakerberosidentity.c | 72 | ||||
| -rw-r--r-- | src/goaidentity/goakerberosidentitymanager.c | 21 |
3 files changed, 51 insertions, 62 deletions
diff --git a/src/goaidentity/goaidentityservice.c b/src/goaidentity/goaidentityservice.c index a25de41..7c2e389 100644 --- a/src/goaidentity/goaidentityservice.c +++ b/src/goaidentity/goaidentityservice.c @@ -1469,11 +1469,9 @@ on_identity_expiring (GoaIdentityManager *identity_manager, ensure_account_credentials (self, object); g_clear_object (&object); } - static void -on_identity_expired (GoaIdentityManager *identity_manager, - GoaIdentity *identity, - GoaIdentityService *self) +handle_identity_expired (GoaIdentityService *self, + GoaIdentity *identity) { const char *principal; GoaObject *object; @@ -1492,6 +1490,14 @@ on_identity_expired (GoaIdentityManager *identity_manager, } static void +on_identity_expired (GoaIdentityManager *identity_manager, + GoaIdentity *identity, + GoaIdentityService *self) +{ + handle_identity_expired (self, identity); +} + +static void on_sign_out_for_account_change_done (GoaIdentityService *self, GAsyncResult *result) { @@ -1705,6 +1711,12 @@ on_identities_listed (GoaIdentityManager *manager, g_object_unref (object); g_free (object_path); + + /* Treat identities that started out expired as if they just expired, in case + * the identity service is started long after goa-daemon + */ + if (!goa_identity_is_signed_in (identity)) + handle_identity_expired (self, identity); } out: diff --git a/src/goaidentity/goakerberosidentity.c b/src/goaidentity/goakerberosidentity.c index b5cbcec..e4f09e1 100644 --- a/src/goaidentity/goakerberosidentity.c +++ b/src/goaidentity/goakerberosidentity.c @@ -576,7 +576,7 @@ queue_notify (GoaKerberosIdentity *self, request->idle_id = idle_id; request->property_name = property_name; - *idle_id = g_idle_add_full (G_PRIORITY_DEFAULT_IDLE, + *idle_id = g_idle_add_full (G_PRIORITY_DEFAULT, (GSourceFunc) on_notify_queued, request, @@ -886,6 +886,10 @@ verify_identity (GoaKerberosIdentity *self, VerificationLevel best_verification_level = VERIFICATION_LEVEL_UNVERIFIED; GHashTableIter iter; + G_LOCK (identity_lock); + old_verification_level = self->cached_verification_level; + G_UNLOCK (identity_lock); + if (self->active_credentials_cache_name != NULL) { G_LOCK (identity_lock); @@ -924,10 +928,6 @@ verify_identity (GoaKerberosIdentity *self, } G_LOCK (identity_lock); - old_verification_level = self->cached_verification_level; - G_UNLOCK (identity_lock); - - G_LOCK (identity_lock); g_hash_table_iter_init (&iter, self->credentials_caches); while (g_hash_table_iter_next (&iter, (gpointer *) &name, (gpointer*) &credentials_cache)) { @@ -1055,31 +1055,21 @@ out: if (best_verification_level != old_verification_level) { + G_LOCK (identity_lock); + self->cached_verification_level = best_verification_level; + queue_notify (self, &self->is_signed_in_idle_id, "is-signed-in"); + G_UNLOCK (identity_lock); + if (old_verification_level == VERIFICATION_LEVEL_SIGNED_IN && best_verification_level == VERIFICATION_LEVEL_EXISTS) { - G_LOCK (identity_lock); - self->cached_verification_level = best_verification_level; - G_UNLOCK (identity_lock); - g_signal_emit (G_OBJECT (self), signals[EXPIRED], 0); } else if (old_verification_level == VERIFICATION_LEVEL_EXISTS && best_verification_level == VERIFICATION_LEVEL_SIGNED_IN) { - G_LOCK (identity_lock); - self->cached_verification_level = best_verification_level; - G_UNLOCK (identity_lock); - g_signal_emit (G_OBJECT (self), signals[UNEXPIRED], 0); } - else - { - G_LOCK (identity_lock); - self->cached_verification_level = best_verification_level; - G_UNLOCK (identity_lock); - } - queue_notify (self, &self->is_signed_in_idle_id, "is-signed-in"); } default_principal = get_default_principal (self); @@ -1780,7 +1770,6 @@ done: void goa_kerberos_identity_refresh (GoaKerberosIdentity *self) { - VerificationLevel old_verification_level, new_verification_level; g_autofree char *preauth_identity_source = NULL; g_autoptr (GError) error = NULL; @@ -1788,11 +1777,13 @@ goa_kerberos_identity_refresh (GoaKerberosIdentity *self) self->identifier, self->active_credentials_cache_name); - G_LOCK (identity_lock); - old_verification_level = self->cached_verification_level; - G_UNLOCK (identity_lock); + verify_identity (self, &preauth_identity_source, &error); - new_verification_level = verify_identity (self, &preauth_identity_source, &error); + if (error != NULL) + { + g_debug ("GoaKerberosIdentity: Could not verify identity %s: %s", self->identifier, error->message); + return; + } G_LOCK (identity_lock); if (g_strcmp0 (self->preauth_identity_source, preauth_identity_source) != 0) @@ -1801,37 +1792,6 @@ goa_kerberos_identity_refresh (GoaKerberosIdentity *self) self->preauth_identity_source = g_steal_pointer (&preauth_identity_source); } G_UNLOCK (identity_lock); - - if (new_verification_level != old_verification_level) - { - if ((old_verification_level == VERIFICATION_LEVEL_SIGNED_IN) && - new_verification_level == VERIFICATION_LEVEL_EXISTS) - { - G_LOCK (identity_lock); - self->cached_verification_level = new_verification_level; - G_UNLOCK (identity_lock); - - g_signal_emit (G_OBJECT (self), signals[EXPIRED], 0); - } - else if (old_verification_level == VERIFICATION_LEVEL_EXISTS && - new_verification_level == VERIFICATION_LEVEL_SIGNED_IN) - { - G_LOCK (identity_lock); - self->cached_verification_level = new_verification_level; - G_UNLOCK (identity_lock); - - g_signal_emit (G_OBJECT (self), signals[UNEXPIRED], 0); - } - else - { - G_LOCK (identity_lock); - self->cached_verification_level = new_verification_level; - G_UNLOCK (identity_lock); - } - G_LOCK (identity_lock); - queue_notify (self, &self->is_signed_in_idle_id, "is-signed-in"); - G_UNLOCK (identity_lock); - } } gboolean diff --git a/src/goaidentity/goakerberosidentitymanager.c b/src/goaidentity/goakerberosidentitymanager.c index f2d0157..e6bcd29 100644 --- a/src/goaidentity/goakerberosidentitymanager.c +++ b/src/goaidentity/goakerberosidentitymanager.c @@ -282,11 +282,28 @@ identity_signal_work_free (IdentitySignalWork *work) } static void +do_identity_signal_expired_work (IdentitySignalWork *work) +{ + GoaKerberosIdentityManager *self = work->manager; + GoaIdentity *identity = work->identity; + + g_debug ("GoaKerberosIdentityManager: identity expired"); + _goa_identity_manager_emit_identity_expired (GOA_IDENTITY_MANAGER (self), identity); +} + +static void on_identity_expired (GoaIdentity *identity, GoaKerberosIdentityManager *self) { - _goa_identity_manager_emit_identity_expired (GOA_IDENTITY_MANAGER (self), - identity); + IdentitySignalWork *work; + + work = identity_signal_work_new (self, identity); + goa_kerberos_identify_manager_send_to_context (g_main_context_default (), + (GSourceFunc) + do_identity_signal_expired_work, + work, + (GDestroyNotify) + identity_signal_work_free); } static void |