After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 686416 - kerberos: Discover and validate realm before use
kerberos: Discover and validate realm before use
Status: RESOLVED FIXED
Product: gnome-online-accounts
Classification: Core
Component: Kerberos
unspecified
Other All
: Normal normal
: ---
Assigned To: GNOME Online Accounts maintainer(s)
GNOME Online Accounts maintainer(s)
: 686382 (view as bug list)
Depends on: 686410 686415
Blocks:
 
 
Reported: 2012-10-18 22:38 UTC by Stef Walter
Modified: 2014-04-09 13:15 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
kerberos: Discover and validate realm before use (6.18 KB, patch)
2012-10-18 22:38 UTC, Stef Walter
committed Details | Review
goaidentity: drop realm discovery/proxying from identity service (69.58 KB, patch)
2012-10-22 04:15 UTC, Ray Strode [halfline]
committed Details | Review
identity: Remove unused variables (1.89 KB, patch)
2014-04-09 12:47 UTC, Debarshi Ray
committed Details | Review

Description Stef Walter 2012-10-18 22:38:27 UTC
We should use realmd to canonicalize the realm name before using 
it in an identity. Provide feedback to the user whether its incorrect.

This is much easier to do now that realmd is used from GoaKerberosProvider. 
See dependent bug.

I'll attach a rough patch for this.
Comment 1 Stef Walter 2012-10-18 22:38:29 UTC
Created attachment 226780 [details] [review]
kerberos: Discover and validate realm before use
Comment 2 Stef Walter 2012-10-18 22:39:29 UTC
The patch is untested.
Comment 3 Ray Strode [halfline] 2012-10-19 16:20:47 UTC
*** Bug 686382 has been marked as a duplicate of this bug. ***
Comment 4 Debarshi Ray 2012-10-19 17:25:15 UTC
Works for me, but I did not test the patch against bug 686410 with a Samba server.

By the way, why don't we populate the dropdown with available realms when the user clicks the + button? Right now, if I enter the wrong realm/domain (say: fubar.org) then it does not give me any hint as to what the valid realms are.
Comment 5 Ray Strode [halfline] 2012-10-22 04:09:39 UTC
Review of attachment 226780 [details] [review]:

commit message could be a little more descriptive.  Here's what I came up with:

    GoaKerberosProvider now talks directly with realmd
    to get its list of available realms.
    
    Since it talks to realmd directly it now has
    an opportunity to validate what the user is typing,
    and e.g. map domains the user types into realms.
    
    This commit adds that additional discovery logic,
    rather than passing what the user types blindly
    to the identity service.

Otherwise, patch seems to be okay as far as I can tell. I think we should consider reordering the entries so they're in the same order as the user accounts panel, but that's separate.
Comment 6 Ray Strode [halfline] 2012-10-22 04:09:55 UTC
Attachment 226780 [details] pushed as 604354b - kerberos: Discover and validate realm before use
Comment 7 Ray Strode [halfline] 2012-10-22 04:12:47 UTC
(for those not following IRC, comment 4 was addressed there.  We do populate the drop down from realmd, but realmd could use better tricks for guessing available domains in cases the network isn't configured ideally)
Comment 8 Ray Strode [halfline] 2012-10-22 04:15:37 UTC
Created attachment 226956 [details] [review]
goaidentity: drop realm discovery/proxying from identity service

The identity service currently proxies all realmd realms, and
talks to realm to look up passed in realms.  These features are
no longer necessary now that goakerberos provider talks to realmd
directly.

This commit removes that code.

https://bugzilla.gnome.org/show_bug.cgi?id=686416
Comment 9 Debarshi Ray 2014-04-09 12:45:47 UTC
A few unused variables were left behind. Reopening.
Comment 10 Debarshi Ray 2014-04-09 12:47:52 UTC
Created attachment 273889 [details] [review]
identity: Remove unused variables
Comment 11 Debarshi Ray 2014-04-09 13:15:20 UTC
Comment on attachment 273889 [details] [review]
identity: Remove unused variables

Thanks for the review, Ray!