gboolean
cockpit_handler_deauthorize (CockpitWebServer *server,
CockpitWebServerRequestType reqtype,
const gchar *path,
GHashTable *headers,
GBytes *input,
CockpitWebResponse *response,
CockpitHandlerData *ws)
{
CockpitWebService *service;
CockpitCreds *creds;
const gchar *body;
GBytes *bytes;
service = cockpit_auth_check_cookie (ws->auth, headers);
if (!service)
{
cockpit_web_response_error (response, 401, NULL, "Unauthorized");
return TRUE;
}
/* Poison the creds, so they no longer work for new reauthorization */
creds = cockpit_web_service_get_creds (service);
cockpit_creds_poison (creds);
g_object_unref (service);
body ="<html><head><title>Deauthorized</title></head>"
"<body>Deauthorized</body></html>";
bytes = g_bytes_new_static (body, strlen (body));
cockpit_web_response_content (response, NULL, bytes, NULL);
g_bytes_unref (bytes);
return TRUE;
}
static void
cockpit_creds_free (gpointer data)
{
CockpitCreds *creds = data;
cockpit_creds_poison (creds);
g_list_free_full (creds->bytes, (GDestroyNotify)g_bytes_unref);
g_free (creds->user);
g_free (creds->application);
g_free (creds->rhost);
g_free (creds->gssapi_creds);
g_free (creds->csrf_token);
if (creds->krb5_ctx)
{
if (creds->krb5_ccache)
krb5_cc_destroy (creds->krb5_ctx, creds->krb5_ccache);
if (creds->krb5_ccache_name)
krb5_free_string (creds->krb5_ctx, creds->krb5_ccache_name);
krb5_free_context (creds->krb5_ctx);
}
if (creds->login_data)
json_object_unref (creds->login_data);
g_free (creds);
}
static void
cockpit_authenticated_free (gpointer data)
{
CockpitAuthenticated *authenticated = data;
GObject *object;
if (authenticated->timeout_tag)
g_source_remove (authenticated->timeout_tag);
g_free (authenticated->cookie);
cockpit_creds_poison (authenticated->creds);
cockpit_creds_unref (authenticated->creds);
if (authenticated->service)
{
if (authenticated->idling_sig)
g_signal_handler_disconnect (authenticated->service, authenticated->idling_sig);
if (authenticated->destroy_sig)
g_signal_handler_disconnect (authenticated->service, authenticated->destroy_sig);
object = G_OBJECT (authenticated->service);
g_object_weak_unref (object, on_web_service_gone, authenticated);
g_object_run_dispose (object);
g_object_unref (authenticated->service);
}
g_free (authenticated);
}
static gboolean
process_logout (CockpitWebService *self,
JsonObject *options)
{
gboolean disconnect;
if (!cockpit_json_get_bool (options, "disconnect", FALSE, &disconnect))
{
g_warning ("received 'logout' command with invalid 'disconnect' field");
return FALSE;
}
/* Makes the credentials unusable */
cockpit_creds_poison (self->creds);
/* Destroys our web service, disconnects everything */
if (disconnect)
{
g_info ("Logging out session from %s", cockpit_creds_get_rhost (self->creds));
g_object_run_dispose (G_OBJECT (self));
}
else
{
g_info ("Deauthorizing session from %s", cockpit_creds_get_rhost (self->creds));
}
send_socket_hints (self, "credential", "none");
return TRUE;
}
