static CockpitCreds * cockpit_auth_session_login_finish (CockpitAuth *self, GAsyncResult *result, GHashTable *headers, CockpitTransport **transport, GError **error) { CockpitCreds *creds; SessionLoginData *sl; g_return_val_if_fail (g_simple_async_result_is_valid (result, G_OBJECT (self), cockpit_auth_session_login_async), NULL); if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error)) { build_gssapi_output_header (headers, NULL); return NULL; } sl = g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (result)); creds = parse_auth_results (sl, headers, error); if (!creds) return NULL; if (transport) *transport = cockpit_pipe_transport_new (sl->session_pipe); return creds; }
static CockpitCreds * parse_cockpit_spawn_results (CockpitAuth *self, AuthData *ad, GHashTable *headers, JsonObject **prompt_data, GError **error) { CockpitCreds *creds = NULL; JsonObject *results = NULL; const gchar *user; const gchar *error_str; results = cockpit_auth_process_parse_result (ad->auth_process, ad->response_data, error); if (results) { user = cockpit_auth_process_get_authenticated_user (ad->auth_process, results, prompt_data, error); if (user) { creds = create_creds_for_spawn_authenticated (self, user, ad, results, ad->response_data); } else if (g_str_equal (ad->auth_type, "negotiate") && cockpit_json_get_string (results, "error", NULL, &error_str)) { if (g_strcmp0 (error_str, "authentication-unavailable") == 0) { gssapi_not_avail = TRUE; g_debug ("negotiate auth is not available, disabling"); g_clear_error (error); g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_AUTHENTICATION_FAILED, "Negotiate authentication not available"); } } build_gssapi_output_header (headers, results); json_object_unref (results); } return creds; }
static CockpitCreds * parse_auth_results (SessionLoginData *sl, GHashTable *headers, GError **error) { CockpitCreds *creds = NULL; GByteArray *buffer; GError *json_error = NULL; const gchar *pam_user; JsonObject *results; gint64 code = -1; buffer = cockpit_pipe_get_buffer (sl->auth_pipe); g_debug ("cockpit-session says: %.*s", (int)buffer->len, (const gchar *)buffer->data); results = cockpit_json_parse_object ((const gchar *)buffer->data, buffer->len, &json_error); if (g_error_matches (json_error, JSON_PARSER_ERROR, JSON_PARSER_ERROR_INVALID_DATA)) { g_message ("got non-utf8 user name from cockpit-session"); g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "Login user name is not UTF8 encoded"); g_error_free (json_error); } else if (!results) { g_warning ("couldn't parse session auth output: %s", json_error ? json_error->message : NULL); g_error_free (json_error); g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "Invalid data from session process: no results"); } else if (!cockpit_json_get_int (results, "result-code", -1, &code) || code < 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "Invalid data from session process: bad PAM result"); } else if (code == PAM_SUCCESS) { if (!cockpit_json_get_string (results, "user", NULL, &pam_user) || !pam_user) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "Invalid data from session process: missing user"); } else { g_debug ("user authenticated as %s", pam_user); creds = create_creds_for_authenticated (pam_user, sl, results); } } else if (code == PAM_AUTH_ERR || code == PAM_USER_UNKNOWN) { g_debug ("authentication failed: %d", (int)code); g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_AUTHENTICATION_FAILED, "Authentication failed"); } else if (code == PAM_PERM_DENIED) { g_debug ("permission denied: %d", (int)code); g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_PERMISSION_DENIED, "Permission denied"); } else { g_debug ("pam error: %d", (int)code); g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_FAILED, "%s", pam_strerror (NULL, code)); } build_gssapi_output_header (headers, results); if (results) json_object_unref (results); return creds; }