shell: Make it all reacty

doc/guide/Makefile-guide.am

@@ -21,6 +21,7 @@ GUIDE_INCLUDES = \
 	doc/guide/cockpit-session.xml \
 	doc/guide/cockpit-spawn.xml \
 	doc/guide/cockpit-util.xml \
+	doc/guide/multi-host.xml \
 	doc/guide/authentication.xml \
 	doc/guide/embedding.xml \
 	doc/guide/feature-firewall.xml \

doc/guide/cockpit-guide.xml

@@ -27,6 +27,7 @@
     <xi:include href="https.xml"/>
     <xi:include href="listen.xml"/>
     <xi:include href="startup.xml"/>
+    <xi:include href="multi-host.xml"/>
     <xi:include href="authentication.xml"/>
     <xi:include href="sso.xml"/>
     <xi:include href="cert-authentication.xml"/>

doc/guide/multi-host.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+<chapter id="multi-host">
+  <title>
+    Managing multiple hosts at the same time
+  </title>
+
+  <para>
+    Cockpit allows you to access multiple hosts in a single session,
+    by establishing SSH connections to other hosts. This is quite
+    similar to logging into these other hosts using the "ssh" command
+    on the command line, with one very important difference:
+  </para>
+  <para>
+    Code from the local host and all the remote hosts run at the same
+    time, in the same browser context.  They are not sufficiently
+    isolated from each other in the browser. All code effectively has
+    the same privileges as the primary session on the local host.
+  </para>
+  <para>
+    Thus, <emphasis>you should only only connect to remote hosts that
+    you trust</emphasis>. You must be sure that none of the hosts that
+    you connect to will cause Cockpit to load malicious JavaScript
+    code into your browser.
+  </para>
+  <para>
+    Going forward, Cockpit will try to provide sufficient isolation to
+    make it safe to manage multiple hosts in a single Cockpit
+    session. But until we get there, Cockpit will at least warn you
+    before connecting to more than one host. It is also possible to
+    disable multiple hosts entirely, and some operating systems do
+    this already by default.
+  </para>
+  <para>
+    You can prevent loading of JavaScript, HTML, etc from more than
+    one host by adding this to <filename>cockpit.conf</filename>:
+  </para>
+  <programlisting>
+    [WebService]
+    AllowMultiHost=false
+  </programlisting>
+  <para>
+    When you allow multiple hosts in a single Cockpit session by
+    setting <code>AllowMultiHost</code> to true, then the user will be
+    warned once per session, before connecting to the second host.  If
+    that is still too much, you can switch it off completely by adding
+    the following to <filename>cockpit.conf</filename>:
+  </para>
+  <programlisting>
+    [Session]
+    WarnBeforeConnecting=false
+  </programlisting>
+</chapter>

doc/man/cockpit.conf.xml

@@ -271,6 +271,18 @@ IdleTimeout=15
           <para>When not specified, there is no idle timeout by default.</para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><option>WarnBeforeConnecting</option></term>
+        <listitem>
+          <para>Whether to warn before connecting to remote hosts from the Shell. Defaults to true</para>
+          <informalexample>
+<programlisting language="ini">
+[Session]
+WarnBeforeConnecting=false
+</programlisting>
+          </informalexample>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

files.js

@@ -28,7 +28,7 @@ const info = {
         "playground/remote.tsx",
 
         "selinux/selinux.js",
-        "shell/shell.js",
+        "shell/shell.jsx",
         "sosreport/sosreport.jsx",
         "static/login.js",
         "storaged/storaged.jsx",

pkg/lib/cockpit/_internal/transport.ts

@@ -54,8 +54,10 @@ class Transport extends EventEmitter<{ ready(): void }> {
 
         /* See if we should communicate via parent */
         if (window.parent !== window && window.name.indexOf("cockpit1:") === 0) {
+            console.log("PARENT SOCKET");
             this.#ws = new ParentWebSocket(window.parent);
         } else {
+            console.log("REAL SOCKET");
             const ws_loc = calculate_url();
             transport_debug("connecting to " + ws_loc);
             this.#ws = new WebSocket(ws_loc, "cockpit1");

pkg/shell/active-pages-modal.jsx

@@ -29,20 +29,21 @@ import { useInit } from "hooks";
 
 const _ = cockpit.gettext;
 
-export const ActivePagesDialog = ({ dialogResult, frames }) => {
+export const ActivePagesDialog = ({ dialogResult, state }) => {
     function get_pages() {
         const result = [];
-        for (const address in frames.iframes) {
-            for (const component in frames.iframes[address]) {
-                const iframe = frames.iframes[address][component];
+        for (const n in state.frames) {
+            const f = state.frames[n];
+            if (f) {
+                const active = state.last_fullpath_for_host(f.host) == f.fullpath;
                 result.push({
-                    frame: iframe,
-                    component,
-                    address,
-                    name: iframe.getAttribute("name"),
-                    active: iframe.getAttribute("data-active") === 'true',
-                    selected: iframe.getAttribute("data-active") === 'true',
-                    displayName: address === "localhost" ? "/" + component : address + ":/" + component
+                    frame: f,
+                    component: f.fullpath,
+                    address: f.host,
+                    name: f.name,
+                    active,
+                    selected: active,
+                    displayName: f.host === "localhost" ? "/" + f.fullpath : f.host + ":/" + f.fullpath,
                 });
             }
         }
@@ -61,8 +62,9 @@ export const ActivePagesDialog = ({ dialogResult, frames }) => {
 
     function onRemove() {
         pages.forEach(element => {
-            if (element.selected)
-                frames.remove(element.host, element.component);
+            if (element.selected) {
+                state.remove_frame(element.name);
+            }
         });
         dialogResult.resolve();
     }