#include "scripting/ejs/smbcalls.h"
#include "lib/events/events.h"
#include "lib/messaging/irpc.h"
+#include "libcli/security/security.h"
static int ejs_doauth(MprVarHandle eid,
TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username,
struct auth_context *auth_context;
struct MprVar *session_info_obj;
NTSTATUS nt_status;
+ bool set;
struct smbcalls_context *c;
struct event_context *ev;
goto done;
}
+ if (security_token_has_nt_authenticated_users(session_info->security_token)) {
+ mprSetPropertyValue(auth, "user_class", mprString("USER"));
+ set = true;
+ }
+
+ if (security_token_has_builtin_administrators(session_info->security_token)) {
+ mprSetPropertyValue(auth, "user_class", mprString("ADMINISTRATOR"));
+ set = true;
+ }
+
+ if (security_token_is_system(session_info->security_token)) {
+ mprSetPropertyValue(auth, "user_class", mprString("SYSTEM"));
+ set = true;
+ }
+
+ if (security_token_is_anonymous(session_info->security_token)) {
+ mprSetPropertyValue(auth, "report", mprString("Anonymous login not permitted"));
+ mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
+ goto done;
+ }
+
+ if (!set) {
+ mprSetPropertyValue(auth, "report", mprString("Session Info generation failed"));
+ mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
+ }
+
session_info_obj = mprInitObject(eid, "session_info", 0, NULL);
mprSetPtrChild(session_info_obj, "session_info", session_info);
mprSetPropertyValue(auth, "username", mprString(server_info->account_name));
mprSetPropertyValue(auth, "domain", mprString(server_info->domain_name));
+ if (security_token_is_system(session_info->security_token)) {
+ mprSetPropertyValue(auth, "report", mprString("SYSTEM"));
+ }
+
+ if (security_token_is_anonymous(session_info->security_token)) {
+ mprSetPropertyValue(auth, "report", mprString("ANONYMOUS"));
+ }
+
+ if (security_token_has_builtin_administrators(session_info->security_token)) {
+ mprSetPropertyValue(auth, "report", mprString("ADMINISTRATOR"));
+ }
+
+ if (security_token_has_nt_authenticated_users(session_info->security_token)) {
+ mprSetPropertyValue(auth, "report", mprString("USER"));
+ }
+
+
done:
return 0;
}
var i;
var lp = loadparm_init();
-if (lp.get("realm") == "") {
- lp.set("realm", lp.get("workgroup") + ".example.com");
-}
+if (session.authinfo.user_class == "ADMINISTRATOR"
+ || session.authinfo.user_class == "SYSTEM") {
-var subobj = provision_guess();
-/* Don't supply default password for web interface */
-subobj.ADMINPASS = "";
+ if (lp.get("realm") == "") {
+ lp.set("realm", lp.get("workgroup") + ".example.com");
+ }
-f.add("REALM", "DNS Domain Name");
-f.add("DOMAIN", "NetBIOS Domain Name");
-f.add("HOSTNAME", "Hostname");
-f.add("ADMINPASS", "Administrator Password", "password");
-f.add("CONFIRM", "Confirm Password", "password");
-f.add("DOMAINSID", "Domain SID");
-f.add("HOSTIP", "Host IP");
-f.add("DEFAULTSITE", "Default Site");
-f.submit[0] = "Provision";
-f.submit[1] = "Cancel";
+ var subobj = provision_guess();
+ /* Don't supply default password for web interface */
+ subobj.ADMINPASS = "";
-if (form['submit'] == "Cancel") {
- redirect("/");
-}
+ f.add("REALM", "DNS Domain Name");
+ f.add("DOMAIN", "NetBIOS Domain Name");
+ f.add("HOSTNAME", "Hostname");
+ f.add("ADMINPASS", "Administrator Password", "password");
+ f.add("CONFIRM", "Confirm Password", "password");
+ f.add("DOMAINSID", "Domain SID");
+ f.add("HOSTIP", "Host IP");
+ f.add("DEFAULTSITE", "Default Site");
+ f.submit[0] = "Provision";
+ f.submit[1] = "Cancel";
-if (form['submit'] == "Provision") {
- for (r in form) {
- subobj[r] = form[r];
+ if (form['submit'] == "Cancel") {
+ redirect("/");
}
-}
-for (i=0;i<f.element.length;i++) {
- f.element[i].value = subobj[f.element[i].name];
-}
+ if (form['submit'] == "Provision") {
+ for (r in form) {
+ subobj[r] = form[r];
+ }
+ }
-if (form['submit'] == "Provision") {
+ for (i=0;i<f.element.length;i++) {
+ f.element[i].value = subobj[f.element[i].name];
+ }
- /* overcome an initially blank smb.conf */
- lp.set("realm", subobj.REALM);
- lp.set("workgroup", subobj.DOMAIN);
- lp.reload();
- var goodpass = (subobj.CONFIRM == subobj.ADMINPASS);
+ if (form['submit'] == "Provision") {
+
+ /* overcome an initially blank smb.conf */
+ lp.set("realm", subobj.REALM);
+ lp.set("workgroup", subobj.DOMAIN);
+ lp.reload();
+ var goodpass = (subobj.CONFIRM == subobj.ADMINPASS);
- if (!goodpass) {
- write("<h3>Passwords don't match. Please try again.</h3>");
- f.display();
- } else if (subobj.ADMINPASS == "") {
- write("<h3>You must choose an administrator password. Please try again.</h3>");
- f.display();
- } else if (!provision_validate(subobj, writefln)) {
- f.display();
- } else {
- var paths = provision_default_paths(subobj);
- if (!provision(subobj, writefln, false, paths,
- session.authinfo.session_info, session.authinfo.credentials, false)) {
- writefln("Provision failed!");
- } else if (!provision_dns(subobj, writefln, paths,
- session.authinfo.session_info, session.authinfo.credentials)) {
- writefln("DNS Provision failed!");
+ if (!goodpass) {
+ write("<h3>Passwords don't match. Please try again.</h3>");
+ f.display();
+ } else if (subobj.ADMINPASS == "") {
+ write("<h3>You must choose an administrator password. Please try again.</h3>");
+ f.display();
+ } else if (!provision_validate(subobj, writefln)) {
+ f.display();
} else {
- writefln("Provision Complete!");
+ var paths = provision_default_paths(subobj);
+ if (!provision(subobj, writefln, false, paths,
+ session.authinfo.session_info, session.authinfo.credentials, false)) {
+ writefln("Provision failed!");
+ } else if (!provision_dns(subobj, writefln, paths,
+ session.authinfo.session_info, session.authinfo.credentials)) {
+ writefln("DNS Provision failed!");
+ } else {
+ writefln("Provision Complete!");
+ }
}
+ } else {
+ f.display();
}
} else {
- f.display();
+ redirect("/");
}
+
%>
git.samba.org / jra / samba / .git / commitdiff