r7238: Add pam auth support in swat
authorSimo Sorce <idra@samba.org>
Fri, 3 Jun 2005 14:17:18 +0000 (14:17 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:17:30 +0000 (13:17 -0500)
(This used to be commit 8a98572a3b5dba58181dc402dbebae5452656012)

source4/scripting/config.mk
source4/scripting/ejs/smbcalls.c
swat/login.esp

index a6c4f73..078c042 100644 (file)
@@ -4,7 +4,7 @@
 OBJ_FILES = \
                scripting/ejs/smbcalls.o \
                scripting/ejs/mprutil.o
-REQUIRED_SUBSYSTEMS = EJS LIBBASIC
+REQUIRED_SUBSYSTEMS = AUTH EJS LIBBASIC
 # End SUBSYSTEM SMBCALLS
 #######################
 
index fc2c16a..8a02111 100644 (file)
@@ -25,6 +25,7 @@
 #include "param/loadparm.h"
 #include "lib/ldb/include/ldb.h"
 #include "librpc/gen_ndr/ndr_nbt.h"
+#include "auth/auth.h"
 
 /*
   return the type of a variable
@@ -298,6 +299,85 @@ static int ejs_resolve_name(MprVarHandle eid, int argc, struct MprVar **argv)
        return -1;
 }
 
+static int ejs_userAuth(MprVarHandle eid, int argc, char **argv)
+{
+       struct auth_usersupplied_info *user_info = NULL;
+       struct auth_serversupplied_info *server_info = NULL;
+       struct auth_context *auth_context;
+       TALLOC_CTX *tmp_ctx;
+       struct MprVar auth;
+       NTSTATUS nt_status;
+       DATA_BLOB pw_blob;
+       int ret;
+
+       if (argc != 3 || *argv[0] == 0 || *argv[2] == 0) {
+               ejsSetErrorMsg(eid, "userAuth invalid arguments");
+               return -1;
+       }
+
+       tmp_ctx = talloc_new(mprMemCtx());      
+       auth = mprCreateObjVar("auth", MPR_DEFAULT_HASH_SIZE);
+
+       if (strcmp("System User", argv[2]) == 0) {
+               const char *auth_unix[] = { "unix", NULL };
+
+               nt_status = auth_context_create(tmp_ctx, auth_unix, &auth_context);
+               if (!NT_STATUS_IS_OK(nt_status)) {
+                       mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+                       mprSetPropertyValue(&auth, "report", mprCreateStringVar("Auth System Failure", 0));
+                       goto done;
+               }
+
+               pw_blob = data_blob(argv[1], strlen(argv[1])),
+               make_user_info(tmp_ctx, argv[0], argv[0],
+                                       argv[2], argv[2],
+                                       "foowks", "fooip",
+                                       NULL, NULL,
+                                       NULL, NULL,
+                                       &pw_blob, False,
+                                       0x05, &user_info);
+               nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
+               if (!NT_STATUS_IS_OK(nt_status)) {
+                       mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+                       mprSetPropertyValue(&auth, "report", mprCreateStringVar("Login Failed", 0));
+                       goto done;
+               }
+
+               mprSetPropertyValue(&auth, "result", mprCreateBoolVar(server_info->authenticated));
+               mprSetPropertyValue(&auth, "username", mprCreateStringVar(server_info->account_name, 0));
+               mprSetPropertyValue(&auth, "domain", mprCreateStringVar(server_info->domain_name, 0));
+
+       }  else {
+               mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+               mprSetPropertyValue(&auth, "report", mprCreateStringVar("Unknown Domain", 0));
+       }
+
+done:
+       ejsSetReturnValue(eid, auth);
+       talloc_free(tmp_ctx);
+       return 0;
+}
+
+static int ejs_domain_list(MprVarHandle eid, int argc, char **argv)
+{
+       struct MprVar list;
+       struct MprVar dom;
+
+       if (argc != 0) {
+               ejsSetErrorMsg(eid, "domList invalid arguments");
+               return -1;
+       }
+
+       list = mprCreateObjVar("list", MPR_DEFAULT_HASH_SIZE);
+       dom = mprCreateStringVar("System User", 1);
+       mprCreateProperty(&list, "0", &dom);
+
+       ejsSetReturnValue(eid, list);
+
+       return 0;
+}
+
+
 /*
   setup the C functions that be called from ejs
 */
@@ -308,4 +388,6 @@ void smb_setup_ejs_functions(void)
        ejsDefineCFunction(-1, "typeof", ejs_typeof, NULL, MPR_VAR_SCRIPT_HANDLE);
        ejsDefineCFunction(-1, "ldbSearch", ejs_ldbSearch, NULL, MPR_VAR_SCRIPT_HANDLE);
        ejsDefineCFunction(-1, "resolveName", ejs_resolve_name, NULL, MPR_VAR_SCRIPT_HANDLE);
+       ejsDefineStringCFunction(-1, "getDomainList", ejs_domain_list, NULL, MPR_VAR_SCRIPT_HANDLE);
+       ejsDefineStringCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE);
 }
index 873ff2f..f118eab 100644 (file)
@@ -6,12 +6,15 @@ if (request['SESSION_EXPIRED'] == "True") {
    write("<b>Your session has expired - please authenticate again<br /></b>\n");
 }
 
-var f = FormObj("login", 2, 1);
+var f = FormObj("login", 3, 1);
 f.element[0].label = "Username";
 f.element[0].value = form['Username'];
 f.element[1].label = "Password";
 f.element[1].value = form['Password'];
 f.element[1].type  = "password";
+f.element[2].label = "Domain";
+f.element[2].type  = "select";
+f.element[2].list  = getDomainList();
 f.submit[0] = "Login";
 
 display_form(f);
@@ -19,20 +22,28 @@ display_form(f);
 
 <%
        if (request.REQUEST_METHOD == "POST") {
-               /* for now just authenticate everyone */
-               session.AUTHENTICATED = true;
-               session.authinfo = new Object();
-
-               session.authinfo.username = form.Username;
-
-               /* if the user was asking for the login page, then now
-                  redirect them to the main page. Otherwise just
-                  redirect them to the current page, which will now
-                  show its true content */
-               if (request.REQUEST_URI == "/login.esp") {
-                  redirect(session_uri("/"));
+
+               auth = userAuth(form.Username, form.Password, form.Domain);
+               if (auth.result) {
+
+                       /* for now just authenticate everyone */
+                       session.AUTHENTICATED = true;
+                       session.authinfo = new Object();
+
+                       session.authinfo.username = auth.username;
+                       session.authinfo.domain = auth.domain;
+
+                       /* if the user was asking for the login page, then now
+                          redirect them to the main page. Otherwise just
+                          redirect them to the current page, which will now
+                          show its true content */
+                       if (request.REQUEST_URI == "/login.esp") {
+                          redirect(session_uri("/"));
+                       } else {
+                          redirect(session_uri(request.REQUEST_URI));
+                       }
                } else {
-                  redirect(session_uri(request.REQUEST_URI));
+                       write("<b>Login failed - please try again<br /></b>\n");
                }
        }
 %>