Skip to content

Commit

Permalink
WIP - inform login page about present cookies
Browse files Browse the repository at this point in the history
  • Loading branch information
mvollmer committed Aug 7, 2024
1 parent 0e27614 commit 2d267b8
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 18 deletions.
23 changes: 7 additions & 16 deletions pkg/static/login.js
Original file line number Diff line number Diff line change
Expand Up @@ -343,28 +343,22 @@ import "./login.scss";
// end up on the login page, we are about to load resources
// from two machines into the same browser origin.

const cur_machine = window.localStorage.getItem("current-machine");

// Protect against outdated cur_machine values.
if (cur_machine == "localhost" && !window.location.pathname.startsWith("/="))
return;
if (cur_machine && cur_machine != "localhost" && window.location.pathname.startsWith("/=" + cur_machine))
return;
const logged_into = environment["logged-into"];
const cur_machine = logged_into.length > 0 ? logged_into[0] : null;

function redirect_to_current_machine() {
if (cur_machine == "localhost")
if (cur_machine === ".")
login_reload("/");
else
login_reload("/=" + cur_machine);
}

environment.page.allow_multi_host = true; // XXX

if (cur_machine) {
if (!environment.page.allow_multi_host)
redirect_to_current_machine();
else {
id("multihost-message").textContent = format(_("You are already connected to '$0' in this browser session. Connecting to other hosts will allow them to execute arbitrary code on each other. Please be careful."), cur_machine);
id("multihost-message").textContent = format(_("You are already connected to '$0' in this browser session. Connecting to other hosts will allow them to execute arbitrary code on each other. Please be careful."),
cur_machine == "." ? "localhost" : cur_machine);
id("multihost-get-me-there").addEventListener("click", redirect_to_current_machine);
show('#multihost-warning');
}
Expand Down Expand Up @@ -442,7 +436,6 @@ import "./login.scss";
oauth_auto_login();
}
} else if (logout_intent) {
window.localStorage.removeItem("current-machine");
show_login(logout_reason);
} else if (need_host()) {
show_login();
Expand Down Expand Up @@ -1018,7 +1011,7 @@ import "./login.scss";
}
}

function setup_localstorage (response, machine) {
function setup_localstorage (response) {
/* Clear anything not prefixed with
* different application from sessionStorage
*/
Expand Down Expand Up @@ -1051,8 +1044,6 @@ import "./login.scss";
const ca_cert_url = environment.CACertUrl;
if (ca_cert_url)
window.sessionStorage.setItem('CACertUrl', ca_cert_url);

window.localStorage.setItem('current-machine', machine || "localhost");
}

function run(response) {
Expand All @@ -1079,7 +1070,7 @@ import "./login.scss";
*/
clear_storage(window.sessionStorage, application, false);

setup_localstorage(response, machine);
setup_localstorage(response);
login_reload(wanted);
}

Expand Down
10 changes: 10 additions & 0 deletions src/ws/cockpitauth.c
Original file line number Diff line number Diff line change
Expand Up @@ -1706,3 +1706,13 @@ cockpit_auth_empty_cookie_value (const gchar *path, gboolean secure)

return cookie_line;
}

gchar *
cockpit_auth_cookie_name (const gchar *path)
{
gchar *application = cockpit_auth_parse_application (path, NULL);
gchar *cookie = application_cookie_name (application);
g_free (application);

return cookie;
}
2 changes: 2 additions & 0 deletions src/ws/cockpitauth.h
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,8 @@ gchar * cockpit_auth_parse_application (const gchar *path,
gchar * cockpit_auth_empty_cookie_value (const gchar *path,
gboolean secure);

gchar * cockpit_auth_cookie_name (const gchar *path);

G_END_DECLS

#endif
46 changes: 44 additions & 2 deletions src/ws/cockpithandlers.c
Original file line number Diff line number Diff line change
Expand Up @@ -277,8 +277,48 @@ add_page_to_environment (JsonObject *object,
json_object_set_object_member (object, "page", page);
}

static void
add_logged_into_to_environment (JsonObject *object,
const gchar *path,
GHashTable *request_headers)
{
gchar *h = g_hash_table_lookup (request_headers, "Cookie");
if (!h)
return;

g_autofree gchar *self_cookie = cockpit_auth_cookie_name (path);

JsonArray *logged_into = json_array_new ();

while (*h) {
const gchar *start = h;
while (*h && *h != '=')
h++;
const gchar *equal = h;
while (*h && *h != ';')
h++;
if (*h)
h++;
while (*h && *h == ' ')
h++;

if (g_str_has_prefix (equal, "=deleted"))
continue;

g_autofree gchar *name = g_strndup (start, equal - start);
if (g_str_equal (name, self_cookie))
;
else if (g_str_equal (name, "cockpit"))
json_array_add_string_element(logged_into, ".");
else if (g_str_has_prefix (name, "machine-cockpit+"))
json_array_add_string_element(logged_into, name + strlen("machine-cockpit+"));
}

json_object_set_array_member (object, "logged-into", logged_into);
}

static GBytes *
build_environment (GHashTable *os_release)
build_environment (GHashTable *os_release, const gchar *path, GHashTable *request_headers)
{
/*
* We don't include entirety of os-release into the
Expand Down Expand Up @@ -310,6 +350,7 @@ build_environment (GHashTable *os_release)
json_object_set_boolean_member (object, "is_cockpit_client", is_cockpit_client);

add_page_to_environment (object, is_cockpit_client);
add_logged_into_to_environment (object, path, request_headers);

hostname = g_malloc0 (HOST_NAME_MAX + 1);
gethostname (hostname, HOST_NAME_MAX);
Expand Down Expand Up @@ -386,7 +427,7 @@ send_login_html (CockpitWebResponse *response,
GBytes *po_bytes;
CockpitWebFilter *filter3 = NULL;

environment = build_environment (ws->os_release);
environment = build_environment (ws->os_release, path, headers);
filter = cockpit_web_inject_new (marker, environment, 1);
g_bytes_unref (environment);
cockpit_web_response_add_filter (response, filter);
Expand Down Expand Up @@ -455,6 +496,7 @@ send_login_html (CockpitWebResponse *response,
"Content-Security-Policy", content_security_policy,
"Set-Cookie", cookie_line,
NULL);
cockpit_web_response_set_cache_type (response, COCKPIT_WEB_RESPONSE_NO_CACHE);
if (cockpit_web_response_queue (response, bytes))
cockpit_web_response_complete (response);

Expand Down

0 comments on commit 2d267b8

Please sign in to comment.