static void
on_web_socket_open (WebSocketConnection *connection,
CockpitWebService *self)
{
CockpitSocket *socket;
JsonArray *capabilities;
GBytes *command;
JsonObject *object;
JsonObject *info;
g_info ("New connection to session from %s", cockpit_creds_get_rhost (self->creds));
socket = cockpit_socket_lookup_by_connection (&self->sockets, connection);
g_return_if_fail (socket != NULL);
object = json_object_new ();
json_object_set_string_member (object, "command", "init");
json_object_set_int_member (object, "version", 1);
json_object_set_string_member (object, "channel-seed", socket->id);
json_object_set_string_member (object, "host", "localhost");
json_object_set_string_member (object, "csrf-token", cockpit_creds_get_csrf_token (self->creds));
capabilities = json_array_new ();
json_array_add_string_element (capabilities, "multi");
json_array_add_string_element (capabilities, "credentials");
json_array_add_string_element (capabilities, "binary");
json_object_set_array_member (object, "capabilities", capabilities);
info = json_object_new ();
json_object_set_string_member (info, "version", PACKAGE_VERSION);
json_object_set_string_member (info, "build", COCKPIT_BUILD_INFO);
json_object_set_object_member (object, "system", info);
command = cockpit_json_write_bytes (object);
json_object_unref (object);
web_socket_connection_send (connection, WEB_SOCKET_DATA_TEXT, self->control_prefix, command);
g_bytes_unref (command);
/* Do we have an authorize password? if so tell the frontend */
if (cockpit_creds_get_password (self->creds))
send_socket_hints (self, "credential", "password");
g_signal_connect (connection, "message",
G_CALLBACK (on_web_socket_message), self);
}
static void
send_login_response (CockpitWebResponse *response,
CockpitCreds *creds,
GHashTable *headers)
{
JsonObject *object;
JsonObject *login_data;
GBytes *content;
object = json_object_new ();
json_object_set_string_member (object, "user", cockpit_creds_get_user (creds));
json_object_set_string_member (object, "csrf-token", cockpit_creds_get_csrf_token (creds));
login_data = cockpit_creds_get_login_data (creds);
if (login_data)
json_object_set_object_member (object, "login-data", json_object_ref (login_data));
content = cockpit_json_write_bytes (object);
json_object_unref (object);
g_hash_table_replace (headers, g_strdup ("Content-Type"), g_strdup ("application/json"));
cockpit_web_response_content (response, headers, content, NULL);
g_bytes_unref (content);
}
gboolean
cockpit_handler_external (CockpitWebServer *server,
const gchar *original_path,
const gchar *path,
GIOStream *io_stream,
GHashTable *headers,
GByteArray *input,
CockpitHandlerData *ws)
{
CockpitWebResponse *response = NULL;
CockpitWebService *service = NULL;
const gchar *segment = NULL;
JsonObject *open = NULL;
const gchar *query = NULL;
CockpitCreds *creds;
const gchar *expected;
const gchar *upgrade;
guchar *decoded;
GBytes *bytes;
gsize length;
gsize seglen;
/* The path must start with /cockpit+xxx/channel/csrftoken? or similar */
if (path && path[0])
segment = strchr (path + 1, '/');
if (!segment)
return FALSE;
if (!g_str_has_prefix (segment, "/channel/"))
return FALSE;
segment += 9;
/* Make sure we are authenticated, otherwise 404 */
service = cockpit_auth_check_cookie (ws->auth, path, headers);
if (!service)
return FALSE;
creds = cockpit_web_service_get_creds (service);
g_return_val_if_fail (creds != NULL, FALSE);
expected = cockpit_creds_get_csrf_token (creds);
g_return_val_if_fail (expected != NULL, FALSE);
/* The end of the token */
query = strchr (segment, '?');
if (query)
{
seglen = query - segment;
query += 1;
}
else
{
seglen = strlen (segment);
query = "";
}
/* No such path is valid */
if (strlen (expected) != seglen || memcmp (expected, segment, seglen) != 0)
{
g_message ("invalid csrf token");
return FALSE;
}
decoded = g_base64_decode (query, &length);
if (decoded)
{
bytes = g_bytes_new_take (decoded, length);
if (!cockpit_transport_parse_command (bytes, NULL, NULL, &open))
{
open = NULL;
g_message ("invalid external channel query");
}
g_bytes_unref (bytes);
}
if (!open)
{
response = cockpit_web_response_new (io_stream, original_path, path, NULL, headers);
cockpit_web_response_error (response, 400, NULL, NULL);
g_object_unref (response);
}
else
{
upgrade = g_hash_table_lookup (headers, "Upgrade");
if (upgrade && g_ascii_strcasecmp (upgrade, "websocket") == 0)
{
cockpit_channel_socket_open (service, open, original_path, path, io_stream, headers, input);
}
else
{
response = cockpit_web_response_new (io_stream, original_path, path, NULL, headers);
cockpit_channel_response_open (service, headers, response, open);
g_object_unref (response);
}
json_object_unref (open);
}
g_object_unref (service);
return TRUE;
}
static gboolean
on_handle_stream_external (CockpitWebServer *server,
const gchar *path,
GIOStream *io_stream,
GHashTable *headers,
GByteArray *input,
gpointer user_data)
{
CockpitWebResponse *response;
gboolean handled = FALSE;
const gchar *upgrade;
CockpitCreds *creds;
const gchar *expected;
const gchar *query;
const gchar *segment;
JsonObject *open = NULL;
GBytes *bytes;
guchar *decoded;
gsize length;
gsize seglen;
if (g_str_has_prefix (path, "/cockpit/echosocket"))
{
const gchar *protocols[] = { "cockpit1", NULL };
const gchar *origins[2] = { NULL, NULL };
WebSocketConnection *ws = NULL;
gchar *url;
url = g_strdup_printf ("ws://localhost:%u%s", server_port, path);
origins[0] = g_strdup_printf ("http://localhost:%u", server_port);
ws = web_socket_server_new_for_stream (url, (const gchar **)origins,
protocols, io_stream, headers, input);
g_signal_connect (ws, "message", G_CALLBACK (on_echo_socket_message), NULL);
g_signal_connect (ws, "close", G_CALLBACK (on_echo_socket_close), NULL);
return TRUE;
}
if (!g_str_has_prefix (path, "/cockpit/channel/"))
return FALSE;
/* Remove /cockpit/channel/ part */
segment = path + 17;
if (service)
{
creds = cockpit_web_service_get_creds (service);
g_return_val_if_fail (creds != NULL, FALSE);
expected = cockpit_creds_get_csrf_token (creds);
g_return_val_if_fail (expected != NULL, FALSE);
/* The end of the token */
query = strchr (segment, '?');
if (!query)
query = segment + strlen (segment);
/* No such path is valid */
seglen = query - segment;
if (strlen(expected) == seglen && memcmp (expected, segment, seglen) == 0)
{
decoded = g_base64_decode (query, &length);
if (decoded)
{
bytes = g_bytes_new_take (decoded, length);
if (!cockpit_transport_parse_command (bytes, NULL, NULL, &open))
{
open = NULL;
g_message ("invalid external channel query");
}
g_bytes_unref (bytes);
}
}
if (open)
{
upgrade = g_hash_table_lookup (headers, "Upgrade");
if (upgrade && g_ascii_strcasecmp (upgrade, "websocket") == 0)
{
cockpit_channel_socket_open (service, open, path, io_stream, headers, input);
handled = TRUE;
}
else
{
response = cockpit_web_response_new (io_stream, path, NULL, headers);
cockpit_channel_response_open (service, headers, response, open);
g_object_unref (response);
handled = TRUE;
}
json_object_unref (open);
}
}
return handled;
}