static void
cockpit_auth_remote_login_async (CockpitAuth *self,
GHashTable *headers,
const gchar *remote_peer,
GAsyncReadyCallback callback,
gpointer user_data)
{
GSimpleAsyncResult *task;
CockpitCreds *creds = NULL;
RemoteLoginData *rl;
const gchar *password;
GBytes *input;
gchar *type = NULL;
gchar *user = NULL;
task = g_simple_async_result_new (G_OBJECT (self), callback, user_data,
cockpit_auth_remote_login_async);
input = cockpit_auth_parse_authorization (headers, &type);
if (type && input && g_str_equal (type, "basic"))
{
password = parse_basic_auth_password (input, &user);
if (password && user)
{
creds = cockpit_creds_new (user,
COCKPIT_CRED_PASSWORD, password,
COCKPIT_CRED_RHOST, remote_peer,
NULL);
}
g_free (user);
}
if (creds)
{
rl = g_new0 (RemoteLoginData, 1);
rl->creds = creds;
rl->transport = g_object_new (COCKPIT_TYPE_SSH_TRANSPORT,
"host", "127.0.0.1",
"port", cockpit_ws_specific_ssh_port,
"command", cockpit_ws_bridge_program,
"creds", creds,
"ignore-key", TRUE,
NULL);
g_simple_async_result_set_op_res_gpointer (task, rl, remote_login_data_free);
g_signal_connect (rl->transport, "result", G_CALLBACK (on_remote_login_done), g_object_ref (task));
}
else
{
g_simple_async_result_set_error (task, COCKPIT_ERROR, COCKPIT_ERROR_AUTHENTICATION_FAILED,
"Basic authentication required");
g_simple_async_result_complete_in_idle (task);
}
g_free (type);
g_object_unref (task);
}
static CockpitCreds *
create_creds_for_spawn_authenticated (CockpitAuth *self,
const gchar *user,
AuthData *ad,
JsonObject *results,
const gchar *raw_data)
{
const gchar *password = NULL;
const gchar *gssapi_creds = NULL;
CockpitCreds *creds = NULL;
gchar *csrf_token;
/*
* Dig the password out of the authorization header, rather than having
* passing it back and forth possibly leaking it.
*/
if (g_str_equal (ad->auth_type, "basic") ||
g_str_equal (ad->auth_type, SSH_SECTION))
{
password = parse_basic_auth_password (ad->authorization, NULL);
}
if (!cockpit_json_get_string (results, "gssapi-creds", NULL, &gssapi_creds))
{
g_warning ("received bad gssapi-creds");
gssapi_creds = NULL;
}
csrf_token = cockpit_auth_nonce (self);
creds = cockpit_creds_new (user,
ad->application,
COCKPIT_CRED_LOGIN_DATA, raw_data,
COCKPIT_CRED_PASSWORD, password,
COCKPIT_CRED_RHOST, ad->remote_peer,
COCKPIT_CRED_GSSAPI, gssapi_creds,
COCKPIT_CRED_CSRF_TOKEN, csrf_token,
NULL);
g_free (csrf_token);
return creds;
}
static CockpitCreds *
create_creds_for_authenticated (const char *user,
SessionLoginData *sl,
JsonObject *results)
{
const gchar *fullname = NULL;
const gchar *password = NULL;
const gchar *gssapi_creds = NULL;
/*
* Dig the password out of the authorization header, rather than having
* cockpit-session pass it back and forth possibly leaking it.
*/
if (g_str_equal (sl->auth_type, "basic"))
password = parse_basic_auth_password (sl->authorization, NULL);
if (!cockpit_json_get_string (results, "gssapi-creds", NULL, &gssapi_creds))
{
g_warning ("received bad gssapi-creds from cockpit-session");
gssapi_creds = NULL;
}
if (!cockpit_json_get_string (results, "full-name", NULL, &fullname))
{
g_warning ("received bad full-name from cockpit-session");
fullname = NULL;
}
/* TODO: Try to avoid copying password */
return cockpit_creds_new (user,
sl->application,
COCKPIT_CRED_FULLNAME, fullname,
COCKPIT_CRED_PASSWORD, password,
COCKPIT_CRED_RHOST, sl->remote_peer,
COCKPIT_CRED_GSSAPI, gssapi_creds,
NULL);
}
