shell: Don't allow connections to remote machines via URLs...

...when the host switcher is disabled. Instead, redirect them to localhost. This requires us to really delay the initial navigation until after host_switcher_enabled has been initialized. The tests that use multiple machines add those machines by navigating to their URL and then logging into them via the trouble shooting dialog. Those tests have to explicitly enable the host switcher for this to continue to work.
cockpit-project · Aug 2, 2024 · ddb2f64 · ddb2f64
1 parent c495f90
commit ddb2f64
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 22 deletions.
diff --git a/pkg/shell/indexes.jsx b/pkg/shell/indexes.jsx
@@ -102,24 +102,17 @@ function MachinesIndex(index_options, machines, loader) {
     }).catch(exc => console.log(exc));
 
     /* Host switcher enabled? */
-    let host_switcher_enabled = false;
+    let host_switcher_enabled = null;
     read_os_release().then(os_release => {
-        const enabled = os_release && get_manifest_config_matchlist(
-            "shell", "host_switcher", false,
-            [os_release.PLATFORM_ID, os_release.VERSION_CODENAME]);
-        if (enabled) {
-            host_switcher_enabled = true;
-            update_machines();
-        }
+        if (!os_release)
+            host_switcher_enabled = false;
+        else
+            host_switcher_enabled = get_manifest_config_matchlist(
+                "shell", "host_switcher", false,
+                [os_release.PLATFORM_ID, os_release.VERSION_CODENAME]);
+        on_ready();
     });
 
-    /* Navigation */
-    let ready = false;
-    function on_ready() {
-        ready = true;
-        index.ready();
-    }
-
     function preload_frames () {
         for (const m of machines.list)
             index.preload_frames(m, m.manifests);
@@ -145,8 +138,18 @@ function MachinesIndex(index_options, machines, loader) {
         });
     });
 
-    if (machines.ready)
-        on_ready();
+    /* Navigation */
+    let ready = false;
+    function on_ready() {
+        console.log("READY?", JSON.stringify({ machines: machines.ready, host_switcher_enabled }));
+        if (machines.ready && host_switcher_enabled !== null) {
+            console.log("READY");
+            ready = true;
+            index.ready();
+        }
+    }
+
+    on_ready();
 
     function show_disconnected() {
         if (!ready) {
@@ -185,8 +188,19 @@ function MachinesIndex(index_options, machines, loader) {
         if (watchdog_problem || troubleshooting_opened)
             return;
 
+        if (!ready)
+            return;
+
         if (!state)
             state = index.retrieve_state();
+
+        // Force a redirect to localhost when the host switcher is
+        // disabled. That way, people won't accidentally connect to
+        // remote machines via URL bookmarks or similar that point to
+        // them.
+        if (!host_switcher_enabled)
+            state.host = "localhost";
+
         let machine = machines.lookup(state.host);
 
         /* No such machine */

diff --git a/test/common/testlib.py b/test/common/testlib.py
@@ -1776,6 +1776,11 @@ def tearDown(self) -> None:
 
         shutil.rmtree(self.tmpdir, ignore_errors=True)
 
+    def enable_multihost(self, machine: testvm.Machine) -> None:
+        if not self.multihost_enabled:
+            machine.write("/etc/cockpit/shell.override.json",
+                          '{ "config": { "host_switcher": true } }')
+
     def login_and_go(
         self,
         path: str | None = None,

diff --git a/test/verify/check-shell-host-switching b/test/verify/check-shell-host-switching
@@ -115,11 +115,6 @@ class TestHostSwitching(testlib.MachineCase, HostSwitcherHelpers):
         self.allow_restart_journal_messages()
         self.allow_hostkey_messages()
 
-    def enable_multihost(self, machine):
-        if not self.multihost_enabled:
-            machine.write("/etc/cockpit/shell.override.json",
-                          '{ "config": { "host_switcher": true } }')
-
     def testBasic(self):
         b = self.browser
         m1 = self.machines["machine1"]

diff --git a/test/verify/check-shell-multi-machine b/test/verify/check-shell-multi-machine
@@ -134,6 +134,7 @@ class TestMultiMachineAdd(testlib.MachineCase):
         # and failing to load sofware updates breaks pixel tests in release builds
         self.setup_provisioned_hosts(disable_preload=True)
         self.setup_ssh_auth()
+        self.enable_multihost(self.machine)
 
     def testBasic(self):
         b = self.browser
@@ -250,6 +251,7 @@ class TestMultiMachine(testlib.MachineCase):
         self.allow_journal_messages("sudo: unable to resolve host machine1: .*")
 
         self.setup_provisioned_hosts(disable_preload=True)
+        self.enable_multihost(self.machine)
 
     def checkDirectLogin(self, root='/', known_host=False):
         b = self.browser

diff --git a/test/verify/check-shell-multi-os b/test/verify/check-shell-multi-os
@@ -33,6 +33,7 @@ class TestRHEL8(testlib.MachineCase):
 
         stock_m = self.machines['stock']
         stock_m.execute("hostnamectl set-hostname stock")
+        self.enable_multihost(dev_m)
 
         # Wait for connectivity between the two
         stock_m.execute("ping -q -w5 -c5 10.111.113.1")

diff --git a/test/verify/check-superuser b/test/verify/check-superuser
@@ -405,6 +405,7 @@ class TestSuperuserDashboard(testlib.MachineCase):
     def test(self):
         b = self.browser
         self.setup_provisioned_hosts()
+        self.enable_multihost(self.machine)
 
         self.login_and_go()
         b.go("/@10.111.113.2")

diff --git a/test/verify/check-system-realms b/test/verify/check-system-realms
@@ -495,6 +495,7 @@ class TestRealms(testlib.MachineCase):
         self.op_admin_password = "#realms-op-admin-password"
         self.domain_sel = "#system_information_domain_button"
         self.machine.execute("hostnamectl set-hostname x0.cockpit.lan")
+        self.enable_multihost(self.machine)
 
         # realmd times out on inactivity, which occasionally races with the proxy
         self.allow_journal_messages("couldn't get all properties of org.freedesktop.realmd.Service.*org.freedesktop.DBus.Error.NoReply: Remote peer disconnected")
@@ -989,6 +990,7 @@ class TestKerberos(testlib.MachineCase):
     def setUp(self):
         super().setUp()
         maybe_setup_fake_chrony(self.machine)
+        self.enable_multihost(self.machine)
 
     def configure_kerberos(self, keytab):
         self.machines["services"].execute("/root/run-freeipa")

diff --git a/test/verify/check-system-shutdown-restart b/test/verify/check-system-shutdown-restart
@@ -38,6 +38,8 @@ class TestShutdownRestart(testlib.MachineCase):
         m2 = self.machines['machine2']
         b2 = self.new_browser(m2)
 
+        self.enable_multihost(m2)
+
         m.start_cockpit()
 
         self.login_and_go("/system")