CockpitWebService * cockpit_auth_check_cookie (CockpitAuth *self, const gchar *path, GHashTable *in_headers) { CockpitAuthenticated *authenticated; authenticated = authenticated_for_headers (self, path, in_headers); if (authenticated) { g_debug ("received %s credential cookie for user '%s'", cockpit_creds_get_application (authenticated->creds), cockpit_creds_get_user (authenticated->creds)); return g_object_ref (authenticated->service); } else { g_debug ("received unknown/invalid credential cookie"); return NULL; } }
static void cockpit_channel_inject_perform (CockpitChannelInject *inject, CockpitWebResponse *response, CockpitTransport *transport) { static const gchar *marker = "<head>"; CockpitWebFilter *filter; CockpitCreds *creds; const gchar *application; const gchar *checksum; const gchar *host; GString *str; GBytes *base; str = g_string_new (""); if (!inject->service) return; creds = cockpit_web_service_get_creds (inject->service); application = cockpit_creds_get_application (creds); checksum = cockpit_web_service_get_checksum (inject->service, transport); if (checksum) { g_string_printf (str, "\n <base href=\"/%s/$%s%s\">", application, checksum, inject->base_path); } else { host = cockpit_web_service_get_host (inject->service, transport); g_string_printf (str, "\n <base href=\"/%s/@%s%s\">", application, host, inject->base_path); } base = g_string_free_to_bytes (str); filter = cockpit_web_inject_new (marker, base, 1); g_bytes_unref (base); cockpit_web_response_add_filter (response, filter); g_object_unref (filter); }
static gboolean redirect_to_checksum_path (CockpitWebService *service, CockpitWebResponse *response, const gchar *checksum, const gchar *path) { CockpitCreds *creds; gchar *location; const gchar *body; GBytes *bytes; gboolean ret; gsize length; creds = cockpit_web_service_get_creds (service); location = g_strdup_printf ("/%s/$%s%s", cockpit_creds_get_application (creds), checksum, path); body = "<html><head><title>Temporary redirect</title></head>" "<body>Access via checksum</body></html>"; length = strlen (body); cockpit_web_response_headers (response, 307, "Temporary Redirect", length, "Content-Type", "text/html", "Location", location, NULL); g_free (location); bytes = g_bytes_new_static (body, length); ret = cockpit_web_response_queue (response, bytes); if (ret) cockpit_web_response_complete (response); g_bytes_unref (bytes); return ret; }
JsonObject * cockpit_auth_login_finish (CockpitAuth *self, GAsyncResult *result, CockpitAuthFlags flags, GHashTable *out_headers, GError **error) { CockpitAuthClass *klass = COCKPIT_AUTH_GET_CLASS (self); CockpitAuthenticated *authenticated; CockpitTransport *transport = NULL; JsonObject *prompt_data = NULL; CockpitCreds *creds; gchar *cookie_b64 = NULL; gchar *cookie_name = NULL; gchar *header; gchar *id; g_return_val_if_fail (klass->login_finish != NULL, FALSE); creds = klass->login_finish (self, result, out_headers, &prompt_data, &transport, error); self->startups--; if (creds == NULL) return prompt_data; id = cockpit_auth_nonce (self); authenticated = g_new0 (CockpitAuthenticated, 1); authenticated->cookie = g_strdup_printf ("v=2;k=%s", id); authenticated->creds = creds; authenticated->service = cockpit_web_service_new (creds, transport); authenticated->auth = self; authenticated->idling_sig = g_signal_connect (authenticated->service, "idling", G_CALLBACK (on_web_service_idling), authenticated); authenticated->destroy_sig = g_signal_connect (authenticated->service, "destroy", G_CALLBACK (on_web_service_destroy), authenticated); if (transport) g_object_unref (transport); g_object_weak_ref (G_OBJECT (authenticated->service), on_web_service_gone, authenticated); /* Start off in the idling state, and begin a timeout during which caller must do something else */ on_web_service_idling (authenticated->service, authenticated); g_hash_table_insert (self->authenticated, authenticated->cookie, authenticated); g_debug ("sending %s credential id '%s' for user '%s'", id, cockpit_creds_get_application (creds), cockpit_creds_get_user (creds)); g_free (id); if (out_headers) { gboolean force_secure = !(flags & COCKPIT_AUTH_COOKIE_INSECURE); cookie_name = application_cookie_name (cockpit_creds_get_application (creds)); cookie_b64 = g_base64_encode ((guint8 *)authenticated->cookie, strlen (authenticated->cookie)); header = g_strdup_printf ("%s=%s; Path=/; %s HttpOnly", cookie_name, cookie_b64, force_secure ? " Secure;" : ""); g_free (cookie_b64); g_free (cookie_name); g_hash_table_insert (out_headers, g_strdup ("Set-Cookie"), header); } g_info ("logged in user: %s", cockpit_creds_get_user (authenticated->creds)); return cockpit_creds_to_json (creds); }