CockpitWebService *
cockpit_auth_check_cookie (CockpitAuth *self,
const gchar *path,
GHashTable *in_headers)
{
CockpitAuthenticated *authenticated;
authenticated = authenticated_for_headers (self, path, in_headers);
if (authenticated)
{
g_debug ("received %s credential cookie for user '%s'",
cockpit_creds_get_application (authenticated->creds),
cockpit_creds_get_user (authenticated->creds));
return g_object_ref (authenticated->service);
}
else
{
g_debug ("received unknown/invalid credential cookie");
return NULL;
}
}
static void
cockpit_channel_inject_perform (CockpitChannelInject *inject,
CockpitWebResponse *response,
CockpitTransport *transport)
{
static const gchar *marker = "<head>";
CockpitWebFilter *filter;
CockpitCreds *creds;
const gchar *application;
const gchar *checksum;
const gchar *host;
GString *str;
GBytes *base;
str = g_string_new ("");
if (!inject->service)
return;
creds = cockpit_web_service_get_creds (inject->service);
application = cockpit_creds_get_application (creds);
checksum = cockpit_web_service_get_checksum (inject->service, transport);
if (checksum)
{
g_string_printf (str, "\n <base href=\"/%s/$%s%s\">", application, checksum, inject->base_path);
}
else
{
host = cockpit_web_service_get_host (inject->service, transport);
g_string_printf (str, "\n <base href=\"/%s/@%s%s\">", application, host, inject->base_path);
}
base = g_string_free_to_bytes (str);
filter = cockpit_web_inject_new (marker, base, 1);
g_bytes_unref (base);
cockpit_web_response_add_filter (response, filter);
g_object_unref (filter);
}
static gboolean
redirect_to_checksum_path (CockpitWebService *service,
CockpitWebResponse *response,
const gchar *checksum,
const gchar *path)
{
CockpitCreds *creds;
gchar *location;
const gchar *body;
GBytes *bytes;
gboolean ret;
gsize length;
creds = cockpit_web_service_get_creds (service);
location = g_strdup_printf ("/%s/$%s%s",
cockpit_creds_get_application (creds),
checksum, path);
body = "<html><head><title>Temporary redirect</title></head>"
"<body>Access via checksum</body></html>";
length = strlen (body);
cockpit_web_response_headers (response, 307, "Temporary Redirect", length,
"Content-Type", "text/html",
"Location", location,
NULL);
g_free (location);
bytes = g_bytes_new_static (body, length);
ret = cockpit_web_response_queue (response, bytes);
if (ret)
cockpit_web_response_complete (response);
g_bytes_unref (bytes);
return ret;
}
JsonObject *
cockpit_auth_login_finish (CockpitAuth *self,
GAsyncResult *result,
CockpitAuthFlags flags,
GHashTable *out_headers,
GError **error)
{
CockpitAuthClass *klass = COCKPIT_AUTH_GET_CLASS (self);
CockpitAuthenticated *authenticated;
CockpitTransport *transport = NULL;
JsonObject *prompt_data = NULL;
CockpitCreds *creds;
gchar *cookie_b64 = NULL;
gchar *cookie_name = NULL;
gchar *header;
gchar *id;
g_return_val_if_fail (klass->login_finish != NULL, FALSE);
creds = klass->login_finish (self, result, out_headers,
&prompt_data, &transport, error);
self->startups--;
if (creds == NULL)
return prompt_data;
id = cockpit_auth_nonce (self);
authenticated = g_new0 (CockpitAuthenticated, 1);
authenticated->cookie = g_strdup_printf ("v=2;k=%s", id);
authenticated->creds = creds;
authenticated->service = cockpit_web_service_new (creds, transport);
authenticated->auth = self;
authenticated->idling_sig = g_signal_connect (authenticated->service, "idling",
G_CALLBACK (on_web_service_idling), authenticated);
authenticated->destroy_sig = g_signal_connect (authenticated->service, "destroy",
G_CALLBACK (on_web_service_destroy), authenticated);
if (transport)
g_object_unref (transport);
g_object_weak_ref (G_OBJECT (authenticated->service),
on_web_service_gone, authenticated);
/* Start off in the idling state, and begin a timeout during which caller must do something else */
on_web_service_idling (authenticated->service, authenticated);
g_hash_table_insert (self->authenticated, authenticated->cookie, authenticated);
g_debug ("sending %s credential id '%s' for user '%s'", id,
cockpit_creds_get_application (creds),
cockpit_creds_get_user (creds));
g_free (id);
if (out_headers)
{
gboolean force_secure = !(flags & COCKPIT_AUTH_COOKIE_INSECURE);
cookie_name = application_cookie_name (cockpit_creds_get_application (creds));
cookie_b64 = g_base64_encode ((guint8 *)authenticated->cookie, strlen (authenticated->cookie));
header = g_strdup_printf ("%s=%s; Path=/; %s HttpOnly",
cookie_name, cookie_b64,
force_secure ? " Secure;" : "");
g_free (cookie_b64);
g_free (cookie_name);
g_hash_table_insert (out_headers, g_strdup ("Set-Cookie"), header);
}
g_info ("logged in user: %s", cockpit_creds_get_user (authenticated->creds));
return cockpit_creds_to_json (creds);
}
