* libs/web: Reworked authentication
authorSteven Barth <steven@midlink.org>
Sun, 10 Aug 2008 12:58:05 +0000 (12:58 +0000)
committerSteven Barth <steven@midlink.org>
Sun, 10 Aug 2008 12:58:05 +0000 (12:58 +0000)
libs/httpd/host/runluci
libs/httpd/luasrc/httpd/handler/luci.lua
libs/sys/luasrc/sys.lua
libs/web/luasrc/dispatcher.lua
modules/admin-full/luasrc/controller/admin/index.lua
modules/admin-mini/luasrc/controller/mini/index.lua

index 6f6cdde3df033687f9793f28d8bac6071d3ba954..d31b3f79c5d84e0302eac8d74acd8026cc8c3d2b 100755 (executable)
@@ -23,6 +23,9 @@ if pcall(require, "uci") and pcall(require, "luci.model.uci") then
        luci.model.uci.set_confdir(luci.model.uci.confdir_default)
 end
 
+require("luci.sys")
+luci.sys.user.checkpasswd = function() return true end
+
 
 filehandler = luci.httpd.handler.file.Simple(DOCROOT)
 vhost:set_default_handler(filehandler)
index 232883256e4e295d9931ff5efb4254266f6e9744..ac3ed78d0acdcfef1c2e8a42d1ec3dc763639752 100644 (file)
@@ -32,7 +32,6 @@ end
 
 function Luci.handle_head(self, ...)
        local response, sourceout = self:handle_get(...)
-       self.running = self.running - 1
        return response
 end
 
@@ -67,7 +66,6 @@ function Luci.handle_get(self, request, sourcein, sinkerr)
                        status = 500
                        headers["Content-Type"] = "text/plain"
                        local err = {id}
-                       self.running = self.running - 1
                        return Response( status, headers ), function() return table.remove(err) end
                end
 
index b8ec10e0f4bb2e24f4dfac126188467117a1c417..56beafe94446d398c6ec9d314715530b96f8463f 100644 (file)
@@ -295,10 +295,7 @@ user.getuser = posix.getpasswd
 function user.checkpasswd(username, password)
        local account = user.getuser(username)
 
-       -- FIXME: detect testing environment
-       if luci.fs.stat("/etc/shadow") and not luci.fs.access("/etc/shadow", "r") then
-               return true
-       elseif account then
+       if account then
                if account.passwd == "!" then
                        return true
                else
index d9917c2a87f94c1d825925fa8999b3d6e9b25bb1..b74c5bdc25afff419f909d768a85c6f4829e4584 100644 (file)
@@ -33,6 +33,8 @@ require("luci.fs")
 
 context = luci.util.threadlocal()
 
+authenticator = {}
+
 -- Index table
 local index = nil
 
@@ -76,25 +78,20 @@ function error500(message)
        return false
 end
 
---- Render and evaluate the system authentication login form.
--- @param default      Default username
--- @return                     Authentication status
-function sysauth(default)
+function authenticator.htmlauth(validator, default)
        local user = luci.http.formvalue("username")
        local pass = luci.http.formvalue("password")
        
-       if user and luci.sys.user.checkpasswd(user, pass) then
-               local sid = luci.sys.uniqueid(16)
-               luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
-               luci.sauth.write(sid, user)
-               return true
-       else
-               require("luci.i18n")
-               require("luci.template")
-               context.path = {}
-               luci.template.render("sysauth", {duser=default, fuser=user})
-               return false
+       if user and validator(user, pass) then
+               return user
        end
+       
+       require("luci.i18n")
+       require("luci.template")
+       context.path = {}
+       luci.template.render("sysauth", {duser=default, fuser=user})
+       return false
+       
 end
 
 --- Dispatch an HTTP request.
@@ -172,13 +169,23 @@ function dispatch(request)
        
        if track.sysauth then
                require("luci.sauth")
+               local authen = authenticator[track.sysauth_authenticator]
                local def  = (type(track.sysauth) == "string") and track.sysauth
                local accs = def and {track.sysauth} or track.sysauth
                local user = luci.sauth.read(luci.http.getcookie("sysauth"))
                
-               
                if not luci.util.contains(accs, user) then
-                       if not sysauth(def) then
+                       if authen then
+                               local user = authen(luci.sys.user.checkpasswd, def)
+                               if not user or not luci.util.contains(accs, user) then
+                                       return
+                               else
+                                       local sid = luci.sys.uniqueid(16)
+                                       luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
+                                       luci.sauth.write(sid, user)
+                               end
+                       else
+                               luci.http.status(403, "Forbidden")
                                return
                        end
                end
index 9583f4f91377ed66d38a414d73fbc8c105bf18ec..cab9441d02d45ee887bfa4235dddda253d032926 100644 (file)
@@ -30,6 +30,7 @@ function index()
        page.order   = 10
        page.i18n    = "admin-core"
        page.sysauth = "root"
+       page.sysauth_authenticator = "htmlauth"
        page.ucidata = true
        
        local page  = node("admin", "index")
index fd960bb1bd658ce6f26250c4d56726c832aae1de..a1a29b5cefd58cf87fe61554d13cd574c9b01465 100644 (file)
@@ -29,6 +29,7 @@ function index()
        local page   = entry({"mini"}, alias("mini", "index"), i18n("essentials", "Essentials"), 10)
        page.i18n    = "admin-core"
        page.sysauth = "root"
+       page.sysauth_authenticator = "htmlauth"
        page.ucidata = true
        
        entry({"mini", "index"}, alias("mini", "index", "index"), i18n("overview"), 10)