From f9fa6d82da4f15473a49822d6d9dfda34144b85e Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Sun, 10 Aug 2008 12:58:05 +0000 Subject: [PATCH] * libs/web: Reworked authentication --- libs/httpd/host/runluci | 3 ++ libs/httpd/luasrc/httpd/handler/luci.lua | 2 - libs/sys/luasrc/sys.lua | 5 +-- libs/web/luasrc/dispatcher.lua | 41 +++++++++++-------- .../luasrc/controller/admin/index.lua | 1 + .../luasrc/controller/mini/index.lua | 1 + 6 files changed, 30 insertions(+), 23 deletions(-) diff --git a/libs/httpd/host/runluci b/libs/httpd/host/runluci index 6f6cdde3df..d31b3f79c5 100755 --- a/libs/httpd/host/runluci +++ b/libs/httpd/host/runluci @@ -23,6 +23,9 @@ if pcall(require, "uci") and pcall(require, "luci.model.uci") then luci.model.uci.set_confdir(luci.model.uci.confdir_default) end +require("luci.sys") +luci.sys.user.checkpasswd = function() return true end + filehandler = luci.httpd.handler.file.Simple(DOCROOT) vhost:set_default_handler(filehandler) diff --git a/libs/httpd/luasrc/httpd/handler/luci.lua b/libs/httpd/luasrc/httpd/handler/luci.lua index 232883256e..ac3ed78d0a 100644 --- a/libs/httpd/luasrc/httpd/handler/luci.lua +++ b/libs/httpd/luasrc/httpd/handler/luci.lua @@ -32,7 +32,6 @@ end function Luci.handle_head(self, ...) local response, sourceout = self:handle_get(...) - self.running = self.running - 1 return response end @@ -67,7 +66,6 @@ function Luci.handle_get(self, request, sourcein, sinkerr) status = 500 headers["Content-Type"] = "text/plain" local err = {id} - self.running = self.running - 1 return Response( status, headers ), function() return table.remove(err) end end diff --git a/libs/sys/luasrc/sys.lua b/libs/sys/luasrc/sys.lua index b8ec10e0f4..56beafe944 100644 --- a/libs/sys/luasrc/sys.lua +++ b/libs/sys/luasrc/sys.lua @@ -295,10 +295,7 @@ user.getuser = posix.getpasswd function user.checkpasswd(username, password) local account = user.getuser(username) - -- FIXME: detect testing environment - if luci.fs.stat("/etc/shadow") and not luci.fs.access("/etc/shadow", "r") then - return true - elseif account then + if account then if account.passwd == "!" then return true else diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index d9917c2a87..b74c5bdc25 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -33,6 +33,8 @@ require("luci.fs") context = luci.util.threadlocal() +authenticator = {} + -- Index table local index = nil @@ -76,25 +78,20 @@ function error500(message) return false end ---- Render and evaluate the system authentication login form. --- @param default Default username --- @return Authentication status -function sysauth(default) +function authenticator.htmlauth(validator, default) local user = luci.http.formvalue("username") local pass = luci.http.formvalue("password") - if user and luci.sys.user.checkpasswd(user, pass) then - local sid = luci.sys.uniqueid(16) - luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/") - luci.sauth.write(sid, user) - return true - else - require("luci.i18n") - require("luci.template") - context.path = {} - luci.template.render("sysauth", {duser=default, fuser=user}) - return false + if user and validator(user, pass) then + return user end + + require("luci.i18n") + require("luci.template") + context.path = {} + luci.template.render("sysauth", {duser=default, fuser=user}) + return false + end --- Dispatch an HTTP request. @@ -172,13 +169,23 @@ function dispatch(request) if track.sysauth then require("luci.sauth") + local authen = authenticator[track.sysauth_authenticator] local def = (type(track.sysauth) == "string") and track.sysauth local accs = def and {track.sysauth} or track.sysauth local user = luci.sauth.read(luci.http.getcookie("sysauth")) - if not luci.util.contains(accs, user) then - if not sysauth(def) then + if authen then + local user = authen(luci.sys.user.checkpasswd, def) + if not user or not luci.util.contains(accs, user) then + return + else + local sid = luci.sys.uniqueid(16) + luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/") + luci.sauth.write(sid, user) + end + else + luci.http.status(403, "Forbidden") return end end diff --git a/modules/admin-full/luasrc/controller/admin/index.lua b/modules/admin-full/luasrc/controller/admin/index.lua index 9583f4f913..cab9441d02 100644 --- a/modules/admin-full/luasrc/controller/admin/index.lua +++ b/modules/admin-full/luasrc/controller/admin/index.lua @@ -30,6 +30,7 @@ function index() page.order = 10 page.i18n = "admin-core" page.sysauth = "root" + page.sysauth_authenticator = "htmlauth" page.ucidata = true local page = node("admin", "index") diff --git a/modules/admin-mini/luasrc/controller/mini/index.lua b/modules/admin-mini/luasrc/controller/mini/index.lua index fd960bb1bd..a1a29b5cef 100644 --- a/modules/admin-mini/luasrc/controller/mini/index.lua +++ b/modules/admin-mini/luasrc/controller/mini/index.lua @@ -29,6 +29,7 @@ function index() local page = entry({"mini"}, alias("mini", "index"), i18n("essentials", "Essentials"), 10) page.i18n = "admin-core" page.sysauth = "root" + page.sysauth_authenticator = "htmlauth" page.ucidata = true entry({"mini", "index"}, alias("mini", "index", "index"), i18n("overview"), 10) -- 2.30.2