static void cockpit_auth_remote_login_async (CockpitAuth *self, GHashTable *headers, const gchar *remote_peer, GAsyncReadyCallback callback, gpointer user_data) { GSimpleAsyncResult *task; CockpitCreds *creds = NULL; RemoteLoginData *rl; const gchar *password; GBytes *input; gchar *type = NULL; gchar *user = NULL; task = g_simple_async_result_new (G_OBJECT (self), callback, user_data, cockpit_auth_remote_login_async); input = cockpit_auth_parse_authorization (headers, &type); if (type && input && g_str_equal (type, "basic")) { password = parse_basic_auth_password (input, &user); if (password && user) { creds = cockpit_creds_new (user, COCKPIT_CRED_PASSWORD, password, COCKPIT_CRED_RHOST, remote_peer, NULL); } g_free (user); } if (creds) { rl = g_new0 (RemoteLoginData, 1); rl->creds = creds; rl->transport = g_object_new (COCKPIT_TYPE_SSH_TRANSPORT, "host", "127.0.0.1", "port", cockpit_ws_specific_ssh_port, "command", cockpit_ws_bridge_program, "creds", creds, "ignore-key", TRUE, NULL); g_simple_async_result_set_op_res_gpointer (task, rl, remote_login_data_free); g_signal_connect (rl->transport, "result", G_CALLBACK (on_remote_login_done), g_object_ref (task)); } else { g_simple_async_result_set_error (task, COCKPIT_ERROR, COCKPIT_ERROR_AUTHENTICATION_FAILED, "Basic authentication required"); g_simple_async_result_complete_in_idle (task); } g_free (type); g_object_unref (task); }
static CockpitCreds * create_creds_for_spawn_authenticated (CockpitAuth *self, const gchar *user, AuthData *ad, JsonObject *results, const gchar *raw_data) { const gchar *password = NULL; const gchar *gssapi_creds = NULL; CockpitCreds *creds = NULL; gchar *csrf_token; /* * Dig the password out of the authorization header, rather than having * passing it back and forth possibly leaking it. */ if (g_str_equal (ad->auth_type, "basic") || g_str_equal (ad->auth_type, SSH_SECTION)) { password = parse_basic_auth_password (ad->authorization, NULL); } if (!cockpit_json_get_string (results, "gssapi-creds", NULL, &gssapi_creds)) { g_warning ("received bad gssapi-creds"); gssapi_creds = NULL; } csrf_token = cockpit_auth_nonce (self); creds = cockpit_creds_new (user, ad->application, COCKPIT_CRED_LOGIN_DATA, raw_data, COCKPIT_CRED_PASSWORD, password, COCKPIT_CRED_RHOST, ad->remote_peer, COCKPIT_CRED_GSSAPI, gssapi_creds, COCKPIT_CRED_CSRF_TOKEN, csrf_token, NULL); g_free (csrf_token); return creds; }
static CockpitCreds * create_creds_for_authenticated (const char *user, SessionLoginData *sl, JsonObject *results) { const gchar *fullname = NULL; const gchar *password = NULL; const gchar *gssapi_creds = NULL; /* * Dig the password out of the authorization header, rather than having * cockpit-session pass it back and forth possibly leaking it. */ if (g_str_equal (sl->auth_type, "basic")) password = parse_basic_auth_password (sl->authorization, NULL); if (!cockpit_json_get_string (results, "gssapi-creds", NULL, &gssapi_creds)) { g_warning ("received bad gssapi-creds from cockpit-session"); gssapi_creds = NULL; } if (!cockpit_json_get_string (results, "full-name", NULL, &fullname)) { g_warning ("received bad full-name from cockpit-session"); fullname = NULL; } /* TODO: Try to avoid copying password */ return cockpit_creds_new (user, sl->application, COCKPIT_CRED_FULLNAME, fullname, COCKPIT_CRED_PASSWORD, password, COCKPIT_CRED_RHOST, sl->remote_peer, COCKPIT_CRED_GSSAPI, gssapi_creds, NULL); }