summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2005-06-03 14:17:18 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:17:30 -0500
commit266c37e5dc97879e30e790cd87d2ec1f43907477 (patch)
tree8748f0a03380193c91e9bc2151b5ce97da7f8269
parent98a18d670475aedccbce28f43c1dd01da8cb517e (diff)
downloadsamba-266c37e5dc97879e30e790cd87d2ec1f43907477.tar.gz
samba-266c37e5dc97879e30e790cd87d2ec1f43907477.tar.bz2
samba-266c37e5dc97879e30e790cd87d2ec1f43907477.zip
r7238: Add pam auth support in swat
(This used to be commit 8a98572a3b5dba58181dc402dbebae5452656012)
-rw-r--r--source4/scripting/config.mk2
-rw-r--r--source4/scripting/ejs/smbcalls.c82
-rw-r--r--swat/login.esp39
3 files changed, 108 insertions, 15 deletions
diff --git a/source4/scripting/config.mk b/source4/scripting/config.mk
index a6c4f73430..078c04297e 100644
--- a/source4/scripting/config.mk
+++ b/source4/scripting/config.mk
@@ -4,7 +4,7 @@
OBJ_FILES = \
scripting/ejs/smbcalls.o \
scripting/ejs/mprutil.o
-REQUIRED_SUBSYSTEMS = EJS LIBBASIC
+REQUIRED_SUBSYSTEMS = AUTH EJS LIBBASIC
# End SUBSYSTEM SMBCALLS
#######################
diff --git a/source4/scripting/ejs/smbcalls.c b/source4/scripting/ejs/smbcalls.c
index fc2c16a456..8a02111bd5 100644
--- a/source4/scripting/ejs/smbcalls.c
+++ b/source4/scripting/ejs/smbcalls.c
@@ -25,6 +25,7 @@
#include "param/loadparm.h"
#include "lib/ldb/include/ldb.h"
#include "librpc/gen_ndr/ndr_nbt.h"
+#include "auth/auth.h"
/*
return the type of a variable
@@ -298,6 +299,85 @@ static int ejs_resolve_name(MprVarHandle eid, int argc, struct MprVar **argv)
return -1;
}
+static int ejs_userAuth(MprVarHandle eid, int argc, char **argv)
+{
+ struct auth_usersupplied_info *user_info = NULL;
+ struct auth_serversupplied_info *server_info = NULL;
+ struct auth_context *auth_context;
+ TALLOC_CTX *tmp_ctx;
+ struct MprVar auth;
+ NTSTATUS nt_status;
+ DATA_BLOB pw_blob;
+ int ret;
+
+ if (argc != 3 || *argv[0] == 0 || *argv[2] == 0) {
+ ejsSetErrorMsg(eid, "userAuth invalid arguments");
+ return -1;
+ }
+
+ tmp_ctx = talloc_new(mprMemCtx());
+ auth = mprCreateObjVar("auth", MPR_DEFAULT_HASH_SIZE);
+
+ if (strcmp("System User", argv[2]) == 0) {
+ const char *auth_unix[] = { "unix", NULL };
+
+ nt_status = auth_context_create(tmp_ctx, auth_unix, &auth_context);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+ mprSetPropertyValue(&auth, "report", mprCreateStringVar("Auth System Failure", 0));
+ goto done;
+ }
+
+ pw_blob = data_blob(argv[1], strlen(argv[1])),
+ make_user_info(tmp_ctx, argv[0], argv[0],
+ argv[2], argv[2],
+ "foowks", "fooip",
+ NULL, NULL,
+ NULL, NULL,
+ &pw_blob, False,
+ 0x05, &user_info);
+ nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+ mprSetPropertyValue(&auth, "report", mprCreateStringVar("Login Failed", 0));
+ goto done;
+ }
+
+ mprSetPropertyValue(&auth, "result", mprCreateBoolVar(server_info->authenticated));
+ mprSetPropertyValue(&auth, "username", mprCreateStringVar(server_info->account_name, 0));
+ mprSetPropertyValue(&auth, "domain", mprCreateStringVar(server_info->domain_name, 0));
+
+ } else {
+ mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+ mprSetPropertyValue(&auth, "report", mprCreateStringVar("Unknown Domain", 0));
+ }
+
+done:
+ ejsSetReturnValue(eid, auth);
+ talloc_free(tmp_ctx);
+ return 0;
+}
+
+static int ejs_domain_list(MprVarHandle eid, int argc, char **argv)
+{
+ struct MprVar list;
+ struct MprVar dom;
+
+ if (argc != 0) {
+ ejsSetErrorMsg(eid, "domList invalid arguments");
+ return -1;
+ }
+
+ list = mprCreateObjVar("list", MPR_DEFAULT_HASH_SIZE);
+ dom = mprCreateStringVar("System User", 1);
+ mprCreateProperty(&list, "0", &dom);
+
+ ejsSetReturnValue(eid, list);
+
+ return 0;
+}
+
+
/*
setup the C functions that be called from ejs
*/
@@ -308,4 +388,6 @@ void smb_setup_ejs_functions(void)
ejsDefineCFunction(-1, "typeof", ejs_typeof, NULL, MPR_VAR_SCRIPT_HANDLE);
ejsDefineCFunction(-1, "ldbSearch", ejs_ldbSearch, NULL, MPR_VAR_SCRIPT_HANDLE);
ejsDefineCFunction(-1, "resolveName", ejs_resolve_name, NULL, MPR_VAR_SCRIPT_HANDLE);
+ ejsDefineStringCFunction(-1, "getDomainList", ejs_domain_list, NULL, MPR_VAR_SCRIPT_HANDLE);
+ ejsDefineStringCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE);
}
diff --git a/swat/login.esp b/swat/login.esp
index 873ff2f6a6..f118eab1a2 100644
--- a/swat/login.esp
+++ b/swat/login.esp
@@ -6,12 +6,15 @@ if (request['SESSION_EXPIRED'] == "True") {
write("<b>Your session has expired - please authenticate again<br /></b>\n");
}
-var f = FormObj("login", 2, 1);
+var f = FormObj("login", 3, 1);
f.element[0].label = "Username";
f.element[0].value = form['Username'];
f.element[1].label = "Password";
f.element[1].value = form['Password'];
f.element[1].type = "password";
+f.element[2].label = "Domain";
+f.element[2].type = "select";
+f.element[2].list = getDomainList();
f.submit[0] = "Login";
display_form(f);
@@ -19,20 +22,28 @@ display_form(f);
<%
if (request.REQUEST_METHOD == "POST") {
- /* for now just authenticate everyone */
- session.AUTHENTICATED = true;
- session.authinfo = new Object();
-
- session.authinfo.username = form.Username;
-
- /* if the user was asking for the login page, then now
- redirect them to the main page. Otherwise just
- redirect them to the current page, which will now
- show its true content */
- if (request.REQUEST_URI == "/login.esp") {
- redirect(session_uri("/"));
+
+ auth = userAuth(form.Username, form.Password, form.Domain);
+ if (auth.result) {
+
+ /* for now just authenticate everyone */
+ session.AUTHENTICATED = true;
+ session.authinfo = new Object();
+
+ session.authinfo.username = auth.username;
+ session.authinfo.domain = auth.domain;
+
+ /* if the user was asking for the login page, then now
+ redirect them to the main page. Otherwise just
+ redirect them to the current page, which will now
+ show its true content */
+ if (request.REQUEST_URI == "/login.esp") {
+ redirect(session_uri("/"));
+ } else {
+ redirect(session_uri(request.REQUEST_URI));
+ }
} else {
- redirect(session_uri(request.REQUEST_URI));
+ write("<b>Login failed - please try again<br /></b>\n");
}
}
%>