* libs/web: Reworked authentication

author Steven Barth <steven@midlink.org>

Sun, 10 Aug 2008 12:58:05 +0000 (12:58 +0000)

committer Steven Barth <steven@midlink.org>

Sun, 10 Aug 2008 12:58:05 +0000 (12:58 +0000)
author Steven Barth <steven@midlink.org>
Sun, 10 Aug 2008 12:58:05 +0000 (12:58 +0000)
committer Steven Barth <steven@midlink.org>
Sun, 10 Aug 2008 12:58:05 +0000 (12:58 +0000)
diff --git a/libs/httpd/host/runluci b/libs/httpd/host/runluci

index 6f6cdde3df033687f9793f28d8bac6071d3ba954..d31b3f79c5d84e0302eac8d74acd8026cc8c3d2b 100755 (executable)
--- a/libs/httpd/host/runluci
+++ b/libs/httpd/host/runluci
@@ -23,6 +23,9 @@ if pcall(require, "uci") and pcall(require, "luci.model.uci") then
         luci.model.uci.set_confdir(luci.model.uci.confdir_default)
  end
  
+require("luci.sys")
+luci.sys.user.checkpasswd = function() return true end
+
  
  filehandler = luci.httpd.handler.file.Simple(DOCROOT)
  vhost:set_default_handler(filehandler)
diff --git a/libs/httpd/luasrc/httpd/handler/luci.lua b/libs/httpd/luasrc/httpd/handler/luci.lua

index 232883256e4e295d9931ff5efb4254266f6e9744..ac3ed78d0acdcfef1c2e8a42d1ec3dc763639752 100644 (file)
--- a/libs/httpd/luasrc/httpd/handler/luci.lua
+++ b/libs/httpd/luasrc/httpd/handler/luci.lua
@@ -32,7 +32,6 @@ end
  
  function Luci.handle_head(self, ...)
         local response, sourceout = self:handle_get(...)
-       self.running = self.running - 1
         return response
  end
  
@@ -67,7 +66,6 @@ function Luci.handle_get(self, request, sourcein, sinkerr)
                         status = 500
                         headers["Content-Type"] = "text/plain"
                         local err = {id}
-                       self.running = self.running - 1
                         return Response( status, headers ), function() return table.remove(err) end
                 end
  
diff --git a/libs/sys/luasrc/sys.lua b/libs/sys/luasrc/sys.lua

index b8ec10e0f4bb2e24f4dfac126188467117a1c417..56beafe94446d398c6ec9d314715530b96f8463f 100644 (file)
--- a/libs/sys/luasrc/sys.lua
+++ b/libs/sys/luasrc/sys.lua
@@ -295,10 +295,7 @@ user.getuser = posix.getpasswd
  function user.checkpasswd(username, password)
         local account = user.getuser(username)
  
-       -- FIXME: detect testing environment
-       if luci.fs.stat("/etc/shadow") and not luci.fs.access("/etc/shadow", "r") then
-               return true
-       elseif account then
+       if account then
                 if account.passwd == "!" then
                         return true
                 else
diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua

index d9917c2a87f94c1d825925fa8999b3d6e9b25bb1..b74c5bdc25afff419f909d768a85c6f4829e4584 100644 (file)
--- a/libs/web/luasrc/dispatcher.lua
+++ b/libs/web/luasrc/dispatcher.lua
@@ -33,6 +33,8 @@ require("luci.fs")
  
  context = luci.util.threadlocal()
  
+authenticator = {}
+
  -- Index table
  local index = nil
  
@@ -76,25 +78,20 @@ function error500(message)
         return false
  end
  
---- Render and evaluate the system authentication login form.
--- @param default      Default username
--- @return                     Authentication status
-function sysauth(default)
+function authenticator.htmlauth(validator, default)
         local user = luci.http.formvalue("username")
         local pass = luci.http.formvalue("password")
         
-       if user and luci.sys.user.checkpasswd(user, pass) then
-               local sid = luci.sys.uniqueid(16)
-               luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
-               luci.sauth.write(sid, user)
-               return true
-       else
-               require("luci.i18n")
-               require("luci.template")
-               context.path = {}
-               luci.template.render("sysauth", {duser=default, fuser=user})
-               return false
+       if user and validator(user, pass) then
+               return user
         end
+       
+       require("luci.i18n")
+       require("luci.template")
+       context.path = {}
+       luci.template.render("sysauth", {duser=default, fuser=user})
+       return false
+       
  end
  
  --- Dispatch an HTTP request.
@@ -172,13 +169,23 @@ function dispatch(request)
         
         if track.sysauth then
                 require("luci.sauth")
+               local authen = authenticator[track.sysauth_authenticator]
                 local def  = (type(track.sysauth) == "string") and track.sysauth
                 local accs = def and {track.sysauth} or track.sysauth
                 local user = luci.sauth.read(luci.http.getcookie("sysauth"))
                 
-               
                 if not luci.util.contains(accs, user) then
-                       if not sysauth(def) then
+                       if authen then
+                               local user = authen(luci.sys.user.checkpasswd, def)
+                               if not user or not luci.util.contains(accs, user) then
+                                       return
+                               else
+                                       local sid = luci.sys.uniqueid(16)
+                                       luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
+                                       luci.sauth.write(sid, user)
+                               end
+                       else
+                               luci.http.status(403, "Forbidden")
                                 return
                         end
                 end
diff --git a/modules/admin-full/luasrc/controller/admin/index.lua b/modules/admin-full/luasrc/controller/admin/index.lua

index 9583f4f91377ed66d38a414d73fbc8c105bf18ec..cab9441d02d45ee887bfa4235dddda253d032926 100644 (file)
--- a/modules/admin-full/luasrc/controller/admin/index.lua
+++ b/modules/admin-full/luasrc/controller/admin/index.lua
@@ -30,6 +30,7 @@ function index()
         page.order   = 10
         page.i18n    = "admin-core"
         page.sysauth = "root"
+       page.sysauth_authenticator = "htmlauth"
         page.ucidata = true
         
         local page  = node("admin", "index")
diff --git a/modules/admin-mini/luasrc/controller/mini/index.lua b/modules/admin-mini/luasrc/controller/mini/index.lua

index fd960bb1bd658ce6f26250c4d56726c832aae1de..a1a29b5cefd58cf87fe61554d13cd574c9b01465 100644 (file)
--- a/modules/admin-mini/luasrc/controller/mini/index.lua
+++ b/modules/admin-mini/luasrc/controller/mini/index.lua
@@ -29,6 +29,7 @@ function index()
         local page   = entry({"mini"}, alias("mini", "index"), i18n("essentials", "Essentials"), 10)
         page.i18n    = "admin-core"
         page.sysauth = "root"
+       page.sysauth_authenticator = "htmlauth"
         page.ucidata = true
         
         entry({"mini", "index"}, alias("mini", "index", "index"), i18n("overview"), 10)
author	Steven Barth <steven@midlink.org>
	Sun, 10 Aug 2008 12:58:05 +0000 (12:58 +0000)
committer	Steven Barth <steven@midlink.org>
	Sun, 10 Aug 2008 12:58:05 +0000 (12:58 +0000)
libs/httpd/host/runluci		patch \| blob \| history
libs/httpd/luasrc/httpd/handler/luci.lua		patch \| blob \| history
libs/sys/luasrc/sys.lua		patch \| blob \| history
libs/web/luasrc/dispatcher.lua		patch \| blob \| history
modules/admin-full/luasrc/controller/admin/index.lua		patch \| blob \| history
modules/admin-mini/luasrc/controller/mini/index.lua		patch \| blob \| history