*/
#include "includes.h"
+#include "pwd.h"
#include "web_server/esp/esp.h"
#include "param/loadparm.h"
+#include "lib/ldb/include/ldb.h"
-/*
- return the type of a variable
-*/
-static int esp_typeof(struct EspRequest *ep, int argc, struct MprVar **argv)
-{
- const struct {
- MprType type;
- const char *name;
- } types[] = {
- { MPR_TYPE_UNDEFINED, "undefined" },
- { MPR_TYPE_NULL, "null" },
- { MPR_TYPE_BOOL, "boolean" },
- { MPR_TYPE_CFUNCTION, "function" },
- { MPR_TYPE_FLOAT, "float" },
- { MPR_TYPE_INT, "int" },
- { MPR_TYPE_INT64, "int64" },
- { MPR_TYPE_OBJECT, "object" },
- { MPR_TYPE_FUNCTION, "function" },
- { MPR_TYPE_STRING, "string" },
- { MPR_TYPE_STRING_CFUNCTION, "function" }
- };
- int i;
- const char *type = "unknown";
-
- if (argc != 1) return -1;
-
- for (i=0;i<ARRAY_SIZE(types);i++) {
- if (argv[0]->type == types[i].type) {
- type = types[i].name;
- break;
- }
- }
-
- espSetReturnString(ep, type);
- return 0;
-}
+/* try to authenticate the user/password pair against system auth mechanisms
+ returns 0 on success
+ returns -1 on error
-/*
- setup a return of a string list
+ fills in the session structure properly in case of success
+ NOTE: Currently only PAM Auth is supported
*/
-static void esp_returnlist(struct EspRequest *ep,
- const char *name, const char **list)
-{
- struct MprVar var;
- int i;
-
- var = mprCreateObjVar(name, ESP_HASH_SIZE);
- for (i=0;list[i];i++) {
- char idx[16];
- struct MprVar val;
- mprItoa(i, idx, sizeof(idx));
- val = mprCreateStringVar(list[i], 1);
- mprCreateProperty(&var, idx, &val);
- }
- espSetReturn(ep, var);
-}
-/*
- return a list of defined services
-*/
-static int esp_lpServices(struct EspRequest *ep, int argc, char **argv)
+static int esp_unixAuth(struct EspRequest *ep, int argc, struct MprVar **argv)
{
- int i;
- const char **list;
- if (argc != 0) return -1;
-
- for (i=0;i<lp_numservices();i++) {
- list = str_list_add(list, lp_servicename(i));
+ TALLOC_CTX *tmp_ctx = talloc_new(ep);
+ const char *username;
+ const char *password;
+ struct passwd *pwd;
+ int ret;
+
+ if (argc != 2 || argv[0]->type != MPR_TYPE_STRING ||
+ argv[1]->type != MPR_TYPE_STRING) {
+ espError(ep, "unixAuth invalid arguments");
+ ret = -1;
+ goto done;
}
- talloc_steal(ep, list);
- esp_returnlist(ep, "services", list);
- return 0;
-}
+ username = mprToString(argv[0]);
+ password = mprToString(argv[1]);
-/*
- allow access to loadparm variables from inside esp scripts in swat
-
- can be called in 4 ways:
+ if (username == NULL || password == NULL) {
+ espError(ep, "unixAuth invalid arguments");
+ ret = -1;
+ goto done;
+ }
- v = lpGet("type:parm"); gets a parametric variable
- v = lpGet("share", "type:parm"); gets a parametric variable on a share
- v = lpGet("parm"); gets a global variable
- v = lpGet("share", "parm"); gets a share variable
+ /* TODO: find out how to pass the real client name/address here */
+ if (NT_STATUS_IS_OK(unix_passcheck(tmp_ctx, "client", username, password))) {
- the returned variable is a ejs object. It is an array object for lists.
-*/
-static int esp_lpGet(struct EspRequest *ep, int argc, char **argv)
-{
- struct parm_struct *parm = NULL;
- void *parm_ptr = NULL;
- int i;
+ pwd = getpwnam(username);
+ if (!pwd) {
+ espSetReturn(ep, mprCreateIntegerVar(-1));
+ ret = -1;
+ goto done;
+ }
- if (argc < 1) return -1;
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "AUTHENTICATED", mprCreateStringVar("1", 0));
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "USERNAME", mprCreateStringVar(username, 0));
- if (argc == 2) {
- /* its a share parameter */
- int snum = lp_servicenumber(argv[0]);
- if (snum == -1) {
- return -1;
- }
- if (strchr(argv[1], ':')) {
- /* its a parametric option on a share */
- const char *type = talloc_strndup(ep, argv[1], strcspn(argv[1], ":"));
- const char *option = strchr(argv[1], ':') + 1;
- const char *value;
- if (type == NULL || option == NULL) return -1;
- value = lp_get_parametric(snum, type, option);
- if (value == NULL) return -1;
- espSetReturnString(ep, value);
- return 0;
- }
+ if (pwd->pw_uid == 0) { /* we are root */
- parm = lp_parm_struct(argv[1]);
- if (parm == NULL || parm->class == P_GLOBAL) {
- return -1;
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "PRIVILEGE", mprCreateStringVar("ADMIN", 0));
+ } else {
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "PRIVILEGE", mprCreateStringVar("USER", 0));
}
- parm_ptr = lp_parm_ptr(snum, parm);
- } else if (strchr(argv[0], ':')) {
- /* its a global parametric option */
- const char *type = talloc_strndup(ep, argv[0], strcspn(argv[0], ":"));
- const char *option = strchr(argv[0], ':') + 1;
- const char *value;
- if (type == NULL || option == NULL) return -1;
- value = lp_get_parametric(-1, type, option);
- if (value == NULL) return -1;
- espSetReturnString(ep, value);
- return 0;
- } else {
- /* its a global parameter */
- parm = lp_parm_struct(argv[0]);
- if (parm == NULL) return -1;
- parm_ptr = parm->ptr;
- }
-
- if (parm == NULL || parm_ptr == NULL) {
- return -1;
- }
- /* construct and return the right type of ejs object */
- switch (parm->type) {
- case P_STRING:
- case P_USTRING:
- espSetReturnString(ep, *(char **)parm_ptr);
- break;
- case P_BOOL:
- espSetReturn(ep, mprCreateBoolVar(*(BOOL *)parm_ptr));
- break;
- case P_INTEGER:
- espSetReturn(ep, mprCreateIntegerVar(*(int *)parm_ptr));
- break;
- case P_ENUM:
- for (i=0; parm->enum_list[i].name; i++) {
- if (*(int *)parm_ptr == parm->enum_list[i].value) {
- espSetReturnString(ep, parm->enum_list[i].name);
- return 0;
- }
+ espSetReturn(ep, mprCreateIntegerVar(0));
+ } else {
+ if (mprGetProperty(&ep->variables[ESP_SESSION_OBJ], "AUTHENTICATED", 0) != 0) {
+ mprDeleteProperty(&ep->variables[ESP_SESSION_OBJ], "AUTHENTICATED");
}
- return -1;
- case P_LIST:
- esp_returnlist(ep, parm->label, *(const char ***)parm_ptr);
- break;
- case P_SEP:
- return -1;
+ espSetReturn(ep, mprCreateIntegerVar(-1));
}
- return 0;
-}
-
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
/*
setup the C functions that be called from ejs
*/
void http_setup_ejs_functions(void)
{
- espDefineStringCFunction(NULL, "lpGet", esp_lpGet, NULL);
- espDefineStringCFunction(NULL, "lpServices", esp_lpServices, NULL);
- espDefineCFunction(NULL, "typeof", esp_typeof, NULL);
+ espDefineCFunction(NULL, "unixAuth", esp_unixAuth, NULL);
}
git.samba.org / jelmer / samba4-debian.git / blobdiff