gboolean cockpit_handler_deauthorize (CockpitWebServer *server, CockpitWebServerRequestType reqtype, const gchar *path, GHashTable *headers, GBytes *input, CockpitWebResponse *response, CockpitHandlerData *ws) { CockpitWebService *service; CockpitCreds *creds; const gchar *body; GBytes *bytes; service = cockpit_auth_check_cookie (ws->auth, headers); if (!service) { cockpit_web_response_error (response, 401, NULL, "Unauthorized"); return TRUE; } /* Poison the creds, so they no longer work for new reauthorization */ creds = cockpit_web_service_get_creds (service); cockpit_creds_poison (creds); g_object_unref (service); body ="<html><head><title>Deauthorized</title></head>" "<body>Deauthorized</body></html>"; bytes = g_bytes_new_static (body, strlen (body)); cockpit_web_response_content (response, NULL, bytes, NULL); g_bytes_unref (bytes); return TRUE; }
static void cockpit_creds_free (gpointer data) { CockpitCreds *creds = data; cockpit_creds_poison (creds); g_list_free_full (creds->bytes, (GDestroyNotify)g_bytes_unref); g_free (creds->user); g_free (creds->application); g_free (creds->rhost); g_free (creds->gssapi_creds); g_free (creds->csrf_token); if (creds->krb5_ctx) { if (creds->krb5_ccache) krb5_cc_destroy (creds->krb5_ctx, creds->krb5_ccache); if (creds->krb5_ccache_name) krb5_free_string (creds->krb5_ctx, creds->krb5_ccache_name); krb5_free_context (creds->krb5_ctx); } if (creds->login_data) json_object_unref (creds->login_data); g_free (creds); }
static void cockpit_authenticated_free (gpointer data) { CockpitAuthenticated *authenticated = data; GObject *object; if (authenticated->timeout_tag) g_source_remove (authenticated->timeout_tag); g_free (authenticated->cookie); cockpit_creds_poison (authenticated->creds); cockpit_creds_unref (authenticated->creds); if (authenticated->service) { if (authenticated->idling_sig) g_signal_handler_disconnect (authenticated->service, authenticated->idling_sig); if (authenticated->destroy_sig) g_signal_handler_disconnect (authenticated->service, authenticated->destroy_sig); object = G_OBJECT (authenticated->service); g_object_weak_unref (object, on_web_service_gone, authenticated); g_object_run_dispose (object); g_object_unref (authenticated->service); } g_free (authenticated); }
static gboolean process_logout (CockpitWebService *self, JsonObject *options) { gboolean disconnect; if (!cockpit_json_get_bool (options, "disconnect", FALSE, &disconnect)) { g_warning ("received 'logout' command with invalid 'disconnect' field"); return FALSE; } /* Makes the credentials unusable */ cockpit_creds_poison (self->creds); /* Destroys our web service, disconnects everything */ if (disconnect) { g_info ("Logging out session from %s", cockpit_creds_get_rhost (self->creds)); g_object_run_dispose (G_OBJECT (self)); } else { g_info ("Deauthorizing session from %s", cockpit_creds_get_rhost (self->creds)); } send_socket_hints (self, "credential", "none"); return TRUE; }