*/
#include "includes.h"
+#include "pwd.h"
#include "web_server/esp/esp.h"
+#include "param/loadparm.h"
+#include "lib/ldb/include/ldb.h"
-/*
- return the type of a variable
+/* try to authenticate the user/password pair against system auth mechanisms
+ returns 0 on success
+ returns -1 on error
+
+ fills in the session structure properly in case of success
+ NOTE: Currently only PAM Auth is supported
*/
-static int esp_typeof(struct EspRequest *ep, int argc, struct MprVar **argv)
+
+static int esp_unixAuth(struct EspRequest *ep, int argc, struct MprVar **argv)
{
- const struct {
- MprType type;
- const char *name;
- } types[] = {
- { MPR_TYPE_UNDEFINED, "undefined" },
- { MPR_TYPE_NULL, "null" },
- { MPR_TYPE_BOOL, "boolean" },
- { MPR_TYPE_CFUNCTION, "function" },
- { MPR_TYPE_FLOAT, "float" },
- { MPR_TYPE_INT, "int" },
- { MPR_TYPE_INT64, "int64" },
- { MPR_TYPE_OBJECT, "object" },
- { MPR_TYPE_FUNCTION, "function" },
- { MPR_TYPE_STRING, "string" },
- { MPR_TYPE_STRING_CFUNCTION, "function" }
- };
- int i;
- const char *type = "unknown";
-
- if (argc != 1) return -1;
-
- for (i=0;i<ARRAY_SIZE(types);i++) {
- if (argv[0]->type == types[i].type) {
- type = types[i].name;
- break;
+ TALLOC_CTX *tmp_ctx = talloc_new(ep);
+ const char *username;
+ const char *password;
+ struct passwd *pwd;
+ int ret;
+
+ if (argc != 2 || argv[0]->type != MPR_TYPE_STRING ||
+ argv[1]->type != MPR_TYPE_STRING) {
+ espError(ep, "unixAuth invalid arguments");
+ ret = -1;
+ goto done;
+ }
+
+ username = mprToString(argv[0]);
+ password = mprToString(argv[1]);
+
+ if (username == NULL || password == NULL) {
+ espError(ep, "unixAuth invalid arguments");
+ ret = -1;
+ goto done;
+ }
+
+ /* TODO: find out how to pass the real client name/address here */
+ if (NT_STATUS_IS_OK(unix_passcheck(tmp_ctx, "client", username, password))) {
+
+ pwd = getpwnam(username);
+ if (!pwd) {
+ espSetReturn(ep, mprCreateIntegerVar(-1));
+ ret = -1;
+ goto done;
+ }
+
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "AUTHENTICATED", mprCreateStringVar("1", 0));
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "USERNAME", mprCreateStringVar(username, 0));
+
+ if (pwd->pw_uid == 0) { /* we are root */
+
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "PRIVILEGE", mprCreateStringVar("ADMIN", 0));
+ } else {
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "PRIVILEGE", mprCreateStringVar("USER", 0));
+ }
+
+ espSetReturn(ep, mprCreateIntegerVar(0));
+ } else {
+ if (mprGetProperty(&ep->variables[ESP_SESSION_OBJ], "AUTHENTICATED", 0) != 0) {
+ mprDeleteProperty(&ep->variables[ESP_SESSION_OBJ], "AUTHENTICATED");
}
+ espSetReturn(ep, mprCreateIntegerVar(-1));
}
- espSetReturnString(ep, type);
- return 0;
+done:
+ talloc_free(tmp_ctx);
+ return ret;
}
-
/*
setup the C functions that be called from ejs
*/
void http_setup_ejs_functions(void)
{
- espDefineStringCFunction(NULL, "lpGet", esp_lpGet, NULL);
- espDefineCFunction(NULL, "typeof", esp_typeof, NULL);
+ espDefineCFunction(NULL, "unixAuth", esp_unixAuth, NULL);
}
git.samba.org / jra / samba / .git / blobdiff