gdm: Refactor oVirt to a generic CredentialManager interface

Commit 4cda61a1 added support for pre-authenticated logins in
    oVirt environments. This feature prevents a user from having
    to type their password twice (once to the oVirt management machine,
    and then immediately again in the provisioned guest running gnome-shell).
    That feature is currently oVirt specific, but a similar feature would
    be useful in non-oVirt based virt farm environments.

    Toward that end, this commit generalizes the various aspects of the
    oVirt integration code, so that it can be reused in a subsequent
    commit for adding single sign on support in vmware deployments, too.

    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983

js/gdm/util.js

@@ -24,7 +24,6 @@ Gio._promisify(Gdm.UserVerifierProxy.prototype,
 var PASSWORD_SERVICE_NAME = 'gdm-password';
 var FINGERPRINT_SERVICE_NAME = 'gdm-fingerprint';
 var SMARTCARD_SERVICE_NAME = 'gdm-smartcard';
-var OVIRT_SERVICE_NAME = 'gdm-ovirtcred';
 var FADE_ANIMATION_TIME = 160;
 var CLONE_FADE_ANIMATION_TIME = 250;
 
@@ -160,13 +159,19 @@ var ShellUserVerifier = class {
 
         this._failCounter = 0;
 
-        this._oVirtCredentialsManager = OVirt.getOVirtCredentialsManager();
+        this._credentialManagers = {};
+        this._credentialManagers[OVirt.SERVICE_NAME] = OVirt.getOVirtCredentialsManager();
 
-        if (this._oVirtCredentialsManager.hasToken())
-            this._oVirtUserAuthenticated(this._oVirtCredentialsManager.getToken());
+        for (let service in this._credentialManagers) {
+            if (this._credentialManagers[service].token) {
+                this._onCredentialManagerAuthenticated(this._credentialManagers[service],
+                    this._credentialManagers[service].token);
+            }
 
-        this._oVirtUserAuthenticatedId = this._oVirtCredentialsManager.connect('user-authenticated',
-                                                                               this._oVirtUserAuthenticated.bind(this));
+            this._credentialManagers[service]._authenticatedSignalId =
+                this._credentialManagers[service].connect('user-authenticated',
+                                                          this._onCredentialManagerAuthenticated.bind(this));
+        }
     }
 
     begin(userName, hold) {
@@ -222,8 +227,11 @@ var ShellUserVerifier = class {
         this._smartcardManager.disconnect(this._smartcardRemovedId);
         this._smartcardManager = null;
 
-        this._oVirtCredentialsManager.disconnect(this._oVirtUserAuthenticatedId);
-        this._oVirtCredentialsManager = null;
+        for (let service in this._credentialManagers) {
+            let credentialManager = this._credentialManagers[service];
+            credentialManager.disconnect(credentialManager._authenticatedSignalId);
+            credentialManager = null;
+        }
     }
 
     answerQuery(serviceName, answer) {
@@ -311,9 +319,9 @@ var ShellUserVerifier = class {
             });
     }
 
-    _oVirtUserAuthenticated(_token) {
-        this._preemptingService = OVIRT_SERVICE_NAME;
-        this.emit('ovirt-user-authenticated');
+    _onCredentialManagerAuthenticated(credentialManager, _token) {
+        this._preemptingService = credentialManager.service;
+        this.emit('credential-manager-authenticated');
     }
 
     _checkForSmartcard() {
@@ -490,9 +498,12 @@ var ShellUserVerifier = class {
         if (!this.serviceIsForeground(serviceName))
             return;
 
-        if (serviceName == OVIRT_SERVICE_NAME) {
-            // The only question asked by this service is "Token?"
-            this.answerQuery(serviceName, this._oVirtCredentialsManager.getToken());
+        let token = null;
+        if (this._credentialManagers[serviceName])
+            token = this._credentialManagers[serviceName].token;
+
+        if (token) {
+            this.answerQuery(serviceName, token);
             return;
         }
 
@@ -560,8 +571,10 @@ var ShellUserVerifier = class {
         // If the login failed with the preauthenticated oVirt credentials
         // then discard the credentials and revert to default authentication
         // mechanism.
-        if (this.serviceIsForeground(OVIRT_SERVICE_NAME)) {
-            this._oVirtCredentialsManager.resetToken();
+        let foregroundService = Object.keys(this._credentialManagers).find(service =>
+            this.serviceIsForeground(service));
+        if (foregroundService) {
+            this._credentialManagers[foregroundService].token = null;
             this._preemptingService = null;
             this._verificationFailed(false);
             return;