From 097aa719985923fd551c2c68a63ebca3609031ca Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Wed, 6 Nov 2013 16:58:43 -0500
Subject: [PATCH] kerberos: don't crash if keyring credentials disappear
It's possible to make gnome-online-accounts crash by:
1) creating a kerberos account in control-center
2) deleting the stored credentials from gnome keyring using seahorse
3) running kdestroy in the terminal to make the sign in button show up
in the control-center panel
4) clicking sign in
This is because the provider makes the assumption that there will always
be stored credentials when signing in interactively, which is incorrect
in the above scenario (because of step 2).
This commit hardens the get_ticket_sync function against credentials
disappearing.
https://bugzilla.gnome.org/show_bug.cgi?id=711572
---
src/goabackend/goakerberosprovider.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/src/goabackend/goakerberosprovider.c b/src/goabackend/goakerberosprovider.c
index e795856..fbe0364 100644
--- a/src/goabackend/goakerberosprovider.c
+++ b/src/goabackend/goakerberosprovider.c
@@ -668,97 +668,101 @@ look_up_identity (GoaKerberosProvider *self,
operation_result);
}
static void
on_account_signed_in (GoaProvider *provider,
GAsyncResult *result,
SignInRequest *request)
{
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result),
&request->error))
{
g_main_loop_quit (request->loop);
return;
}
g_main_loop_quit (request->loop);
}
static gboolean
get_ticket_sync (GoaKerberosProvider *self,
GoaObject *object,
gboolean is_interactive,
GCancellable *cancellable,
GError **error)
{
GVariant *credentials;
GError *lookup_error;
GoaAccount *account;
const char *identifier;
const char *password;
- gboolean has_password;
SignInRequest request;
gboolean ret;
ret = FALSE;
account = goa_object_peek_account (object);
identifier = goa_account_get_identity (account);
password = NULL;
lookup_error = NULL;
credentials = goa_utils_lookup_credentials_sync (GOA_PROVIDER (self),
object,
cancellable,
&lookup_error);
if (credentials == NULL && !is_interactive)
{
if (lookup_error != NULL)
g_propagate_error (error, lookup_error);
else
g_set_error (error,
GOA_ERROR,
GOA_ERROR_NOT_AUTHORIZED,
_("Could not find saved credentials for principal `%s' in keyring"), identifier);
goto out;
}
-
- has_password = g_variant_lookup (credentials, "password", "&s", &password);
- if (!has_password && !is_interactive)
+ else if (credentials != NULL)
{
- g_set_error (error,
- GOA_ERROR,
- GOA_ERROR_NOT_AUTHORIZED,
- _("Did not find password for principal `%s' in credentials"),
- identifier);
- goto out;
+ gboolean has_password;
+
+ has_password = g_variant_lookup (credentials, "password", "&s", &password);
+
+ if (!has_password && !is_interactive)
+ {
+ g_set_error (error,
+ GOA_ERROR,
+ GOA_ERROR_NOT_AUTHORIZED,
+ _("Did not find password for principal `%s' in credentials"),
+ identifier);
+ goto out;
+ }
}
memset (&request, 0, sizeof (SignInRequest));
request.loop = g_main_loop_new (g_main_context_get_thread_default (), FALSE);
request.error = NULL;
sign_in_identity (self,
identifier,
password,
cancellable,
(GAsyncReadyCallback)
on_account_signed_in,
&request);
g_main_loop_run (request.loop);
g_main_loop_unref (request.loop);
if (request.error != NULL)
{
g_propagate_error (error, request.error);
goto out;
}
ret = TRUE;
out:
if (credentials != NULL)
g_variant_unref (credentials);
return ret;
}
--
1.8.3.1