diff options
author | Simo Sorce <idra@samba.org> | 2005-06-03 14:17:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:17:30 -0500 |
commit | 266c37e5dc97879e30e790cd87d2ec1f43907477 (patch) | |
tree | 8748f0a03380193c91e9bc2151b5ce97da7f8269 | |
parent | 98a18d670475aedccbce28f43c1dd01da8cb517e (diff) | |
download | samba-266c37e5dc97879e30e790cd87d2ec1f43907477.tar.gz samba-266c37e5dc97879e30e790cd87d2ec1f43907477.tar.bz2 samba-266c37e5dc97879e30e790cd87d2ec1f43907477.zip |
r7238: Add pam auth support in swat
(This used to be commit 8a98572a3b5dba58181dc402dbebae5452656012)
-rw-r--r-- | source4/scripting/config.mk | 2 | ||||
-rw-r--r-- | source4/scripting/ejs/smbcalls.c | 82 | ||||
-rw-r--r-- | swat/login.esp | 39 |
3 files changed, 108 insertions, 15 deletions
diff --git a/source4/scripting/config.mk b/source4/scripting/config.mk index a6c4f73430..078c04297e 100644 --- a/source4/scripting/config.mk +++ b/source4/scripting/config.mk @@ -4,7 +4,7 @@ OBJ_FILES = \ scripting/ejs/smbcalls.o \ scripting/ejs/mprutil.o -REQUIRED_SUBSYSTEMS = EJS LIBBASIC +REQUIRED_SUBSYSTEMS = AUTH EJS LIBBASIC # End SUBSYSTEM SMBCALLS ####################### diff --git a/source4/scripting/ejs/smbcalls.c b/source4/scripting/ejs/smbcalls.c index fc2c16a456..8a02111bd5 100644 --- a/source4/scripting/ejs/smbcalls.c +++ b/source4/scripting/ejs/smbcalls.c @@ -25,6 +25,7 @@ #include "param/loadparm.h" #include "lib/ldb/include/ldb.h" #include "librpc/gen_ndr/ndr_nbt.h" +#include "auth/auth.h" /* return the type of a variable @@ -298,6 +299,85 @@ static int ejs_resolve_name(MprVarHandle eid, int argc, struct MprVar **argv) return -1; } +static int ejs_userAuth(MprVarHandle eid, int argc, char **argv) +{ + struct auth_usersupplied_info *user_info = NULL; + struct auth_serversupplied_info *server_info = NULL; + struct auth_context *auth_context; + TALLOC_CTX *tmp_ctx; + struct MprVar auth; + NTSTATUS nt_status; + DATA_BLOB pw_blob; + int ret; + + if (argc != 3 || *argv[0] == 0 || *argv[2] == 0) { + ejsSetErrorMsg(eid, "userAuth invalid arguments"); + return -1; + } + + tmp_ctx = talloc_new(mprMemCtx()); + auth = mprCreateObjVar("auth", MPR_DEFAULT_HASH_SIZE); + + if (strcmp("System User", argv[2]) == 0) { + const char *auth_unix[] = { "unix", NULL }; + + nt_status = auth_context_create(tmp_ctx, auth_unix, &auth_context); + if (!NT_STATUS_IS_OK(nt_status)) { + mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(&auth, "report", mprCreateStringVar("Auth System Failure", 0)); + goto done; + } + + pw_blob = data_blob(argv[1], strlen(argv[1])), + make_user_info(tmp_ctx, argv[0], argv[0], + argv[2], argv[2], + "foowks", "fooip", + NULL, NULL, + NULL, NULL, + &pw_blob, False, + 0x05, &user_info); + nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); + if (!NT_STATUS_IS_OK(nt_status)) { + mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(&auth, "report", mprCreateStringVar("Login Failed", 0)); + goto done; + } + + mprSetPropertyValue(&auth, "result", mprCreateBoolVar(server_info->authenticated)); + mprSetPropertyValue(&auth, "username", mprCreateStringVar(server_info->account_name, 0)); + mprSetPropertyValue(&auth, "domain", mprCreateStringVar(server_info->domain_name, 0)); + + } else { + mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(&auth, "report", mprCreateStringVar("Unknown Domain", 0)); + } + +done: + ejsSetReturnValue(eid, auth); + talloc_free(tmp_ctx); + return 0; +} + +static int ejs_domain_list(MprVarHandle eid, int argc, char **argv) +{ + struct MprVar list; + struct MprVar dom; + + if (argc != 0) { + ejsSetErrorMsg(eid, "domList invalid arguments"); + return -1; + } + + list = mprCreateObjVar("list", MPR_DEFAULT_HASH_SIZE); + dom = mprCreateStringVar("System User", 1); + mprCreateProperty(&list, "0", &dom); + + ejsSetReturnValue(eid, list); + + return 0; +} + + /* setup the C functions that be called from ejs */ @@ -308,4 +388,6 @@ void smb_setup_ejs_functions(void) ejsDefineCFunction(-1, "typeof", ejs_typeof, NULL, MPR_VAR_SCRIPT_HANDLE); ejsDefineCFunction(-1, "ldbSearch", ejs_ldbSearch, NULL, MPR_VAR_SCRIPT_HANDLE); ejsDefineCFunction(-1, "resolveName", ejs_resolve_name, NULL, MPR_VAR_SCRIPT_HANDLE); + ejsDefineStringCFunction(-1, "getDomainList", ejs_domain_list, NULL, MPR_VAR_SCRIPT_HANDLE); + ejsDefineStringCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE); } diff --git a/swat/login.esp b/swat/login.esp index 873ff2f6a6..f118eab1a2 100644 --- a/swat/login.esp +++ b/swat/login.esp @@ -6,12 +6,15 @@ if (request['SESSION_EXPIRED'] == "True") { write("<b>Your session has expired - please authenticate again<br /></b>\n"); } -var f = FormObj("login", 2, 1); +var f = FormObj("login", 3, 1); f.element[0].label = "Username"; f.element[0].value = form['Username']; f.element[1].label = "Password"; f.element[1].value = form['Password']; f.element[1].type = "password"; +f.element[2].label = "Domain"; +f.element[2].type = "select"; +f.element[2].list = getDomainList(); f.submit[0] = "Login"; display_form(f); @@ -19,20 +22,28 @@ display_form(f); <% if (request.REQUEST_METHOD == "POST") { - /* for now just authenticate everyone */ - session.AUTHENTICATED = true; - session.authinfo = new Object(); - - session.authinfo.username = form.Username; - - /* if the user was asking for the login page, then now - redirect them to the main page. Otherwise just - redirect them to the current page, which will now - show its true content */ - if (request.REQUEST_URI == "/login.esp") { - redirect(session_uri("/")); + + auth = userAuth(form.Username, form.Password, form.Domain); + if (auth.result) { + + /* for now just authenticate everyone */ + session.AUTHENTICATED = true; + session.authinfo = new Object(); + + session.authinfo.username = auth.username; + session.authinfo.domain = auth.domain; + + /* if the user was asking for the login page, then now + redirect them to the main page. Otherwise just + redirect them to the current page, which will now + show its true content */ + if (request.REQUEST_URI == "/login.esp") { + redirect(session_uri("/")); + } else { + redirect(session_uri(request.REQUEST_URI)); + } } else { - redirect(session_uri(request.REQUEST_URI)); + write("<b>Login failed - please try again<br /></b>\n"); } } %> |