static gchar *
get_remote_address (GIOStream *io)
{
GSocketAddress *remote = NULL;
GSocketConnection *connection = NULL;
GIOStream *base;
gchar *result = NULL;
if (G_IS_TLS_CONNECTION (io))
{
g_object_get (io, "base-io-stream", &base, NULL);
if (G_IS_SOCKET_CONNECTION (base))
connection = g_object_ref (base);
g_object_unref (base);
}
else if (G_IS_SOCKET_CONNECTION (io))
{
connection = g_object_ref (io);
}
if (connection)
remote = g_socket_connection_get_remote_address (connection, NULL);
if (remote && G_IS_INET_SOCKET_ADDRESS (remote))
result = g_inet_address_to_string (g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (remote)));
if (remote)
g_object_unref (remote);
if (connection)
g_object_unref (connection);
return result;
}
gboolean
cockpit_handler_logout (CockpitWebServer *server,
CockpitWebServerRequestType reqtype,
const gchar *path,
GHashTable *headers,
GBytes *input,
CockpitWebResponse *response,
CockpitHandlerData *ws)
{
GIOStream *io_stream;
GHashTable *out_headers;
const gchar *body;
gboolean secure;
GBytes *content;
io_stream = cockpit_web_response_get_stream (response);
secure = !G_IS_SOCKET_CONNECTION (io_stream);
out_headers = cockpit_web_server_new_table ();
cockpit_auth_logout (ws->auth, headers, secure, out_headers);
body ="<html><head><title>Logged out</title></head>"
"<body>Logged out</body></html>";
content = g_bytes_new_static (body, strlen (body));
cockpit_web_response_content (response, out_headers, content, NULL);
g_bytes_unref (content);
g_hash_table_unref (out_headers);
return TRUE;
}
static void
on_login_complete (GObject *object,
GAsyncResult *result,
gpointer user_data)
{
LoginResponse *lr = user_data;
GError *error = NULL;
CockpitWebService *service;
GIOStream *io_stream;
io_stream = cockpit_web_response_get_stream (lr->response);
service = cockpit_auth_login_finish (COCKPIT_AUTH (object), result,
!G_IS_SOCKET_CONNECTION (io_stream),
lr->headers, &error);
if (error)
{
cockpit_web_response_gerror (lr->response, lr->headers, error);
login_response_free (lr);
g_error_free (error);
}
else
{
cockpit_web_service_modules (service, "localhost", on_login_modules, lr);
g_object_unref (service);
}
}
static void
on_login_complete (GObject *object,
GAsyncResult *result,
gpointer user_data)
{
CockpitWebResponse *response = user_data;
GError *error = NULL;
CockpitWebService *service;
CockpitAuthFlags flags = 0;
CockpitCreds *creds;
GHashTable *headers;
GIOStream *io_stream;
io_stream = cockpit_web_response_get_stream (response);
if (G_IS_SOCKET_CONNECTION (io_stream))
flags |= COCKPIT_AUTH_COOKIE_INSECURE;
headers = cockpit_web_server_new_table ();
service = cockpit_auth_login_finish (COCKPIT_AUTH (object), result, flags, headers, &error);
if (error)
{
cockpit_web_response_gerror (response, headers, error);
g_error_free (error);
}
else
{
creds = cockpit_web_service_get_creds (service);
send_login_response (response, creds, headers);
g_object_unref (service);
}
g_hash_table_unref (headers);
g_object_unref (response);
}
static void
g_tls_client_connection_gnutls_constructed (GObject *object)
{
GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object);
GSocketConnection *base_conn;
GSocketAddress *remote_addr;
GInetAddress *iaddr;
guint port;
/* Create a TLS session ID. We base it on the IP address since
* different hosts serving the same hostname/service will probably
* not share the same session cache. We base it on the
* server-identity because at least some servers will fail (rather
* than just failing to resume the session) if we don't.
* (https://bugs.launchpad.net/bugs/823325)
*/
g_object_get (G_OBJECT (gnutls), "base-io-stream", &base_conn, NULL);
if (G_IS_SOCKET_CONNECTION (base_conn))
{
remote_addr = g_socket_connection_get_remote_address (base_conn, NULL);
if (G_IS_INET_SOCKET_ADDRESS (remote_addr))
{
GInetSocketAddress *isaddr = G_INET_SOCKET_ADDRESS (remote_addr);
const gchar *server_hostname;
gchar *addrstr, *session_id;
iaddr = g_inet_socket_address_get_address (isaddr);
port = g_inet_socket_address_get_port (isaddr);
addrstr = g_inet_address_to_string (iaddr);
server_hostname = get_server_identity (gnutls);
session_id = g_strdup_printf ("%s/%s/%d", addrstr,
server_hostname ? server_hostname : "",
port);
gnutls->priv->session_id = g_bytes_new_take (session_id, strlen (session_id));
g_free (addrstr);
}
g_object_unref (remote_addr);
}
g_object_unref (base_conn);
if (G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->constructed)
G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->constructed (object);
}
