static CockpitCreds *
cockpit_auth_session_login_finish (CockpitAuth *self,
GAsyncResult *result,
GHashTable *headers,
CockpitTransport **transport,
GError **error)
{
CockpitCreds *creds;
SessionLoginData *sl;
g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self),
cockpit_auth_session_login_async), NULL);
if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
{
build_gssapi_output_header (headers, NULL);
return NULL;
}
sl = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result));
creds = parse_auth_results (sl, headers, error);
if (!creds)
return NULL;
if (transport)
*transport = cockpit_pipe_transport_new (sl->session_pipe);
return creds;
}
static CockpitCreds *
parse_cockpit_spawn_results (CockpitAuth *self,
AuthData *ad,
GHashTable *headers,
JsonObject **prompt_data,
GError **error)
{
CockpitCreds *creds = NULL;
JsonObject *results = NULL;
const gchar *user;
const gchar *error_str;
results = cockpit_auth_process_parse_result (ad->auth_process,
ad->response_data,
error);
if (results)
{
user = cockpit_auth_process_get_authenticated_user (ad->auth_process, results,
prompt_data, error);
if (user)
{
creds = create_creds_for_spawn_authenticated (self, user, ad,
results,
ad->response_data);
}
else if (g_str_equal (ad->auth_type, "negotiate") &&
cockpit_json_get_string (results, "error", NULL, &error_str))
{
if (g_strcmp0 (error_str, "authentication-unavailable") == 0)
{
gssapi_not_avail = TRUE;
g_debug ("negotiate auth is not available, disabling");
g_clear_error (error);
g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_AUTHENTICATION_FAILED,
"Negotiate authentication not available");
}
}
build_gssapi_output_header (headers, results);
json_object_unref (results);
}
return creds;
}
static CockpitCreds *
parse_auth_results (SessionLoginData *sl,
GHashTable *headers,
GError **error)
{
CockpitCreds *creds = NULL;
GByteArray *buffer;
GError *json_error = NULL;
const gchar *pam_user;
JsonObject *results;
gint64 code = -1;
buffer = cockpit_pipe_get_buffer (sl->auth_pipe);
g_debug ("cockpit-session says: %.*s", (int)buffer->len, (const gchar *)buffer->data);
results = cockpit_json_parse_object ((const gchar *)buffer->data, buffer->len, &json_error);
if (g_error_matches (json_error, JSON_PARSER_ERROR, JSON_PARSER_ERROR_INVALID_DATA))
{
g_message ("got non-utf8 user name from cockpit-session");
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA,
"Login user name is not UTF8 encoded");
g_error_free (json_error);
}
else if (!results)
{
g_warning ("couldn't parse session auth output: %s",
json_error ? json_error->message : NULL);
g_error_free (json_error);
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA,
"Invalid data from session process: no results");
}
else if (!cockpit_json_get_int (results, "result-code", -1, &code) || code < 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA,
"Invalid data from session process: bad PAM result");
}
else if (code == PAM_SUCCESS)
{
if (!cockpit_json_get_string (results, "user", NULL, &pam_user) || !pam_user)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA,
"Invalid data from session process: missing user");
}
else
{
g_debug ("user authenticated as %s", pam_user);
creds = create_creds_for_authenticated (pam_user, sl, results);
}
}
else if (code == PAM_AUTH_ERR || code == PAM_USER_UNKNOWN)
{
g_debug ("authentication failed: %d", (int)code);
g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_AUTHENTICATION_FAILED,
"Authentication failed");
}
else if (code == PAM_PERM_DENIED)
{
g_debug ("permission denied: %d", (int)code);
g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_PERMISSION_DENIED,
"Permission denied");
}
else
{
g_debug ("pam error: %d", (int)code);
g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"%s", pam_strerror (NULL, code));
}
build_gssapi_output_header (headers, results);
if (results)
json_object_unref (results);
return creds;
}
