diff options
| author | Derrell Lipman <derrell@samba.org> | 2007-01-07 23:06:50 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:37:13 -0500 |
| commit | 9639836022adcb62c72520f799a89d0f727f224d (patch) | |
| tree | 26f7331426c94f96f502a8bf8641fb88ffad74d4 /services/json_auth.esp | |
| parent | a04a3b8bc21101e6a11bad04c3d5c9655fa606b4 (diff) | |
| download | samba-9639836022adcb62c72520f799a89d0f727f224d.tar.gz samba-9639836022adcb62c72520f799a89d0f727f224d.tar.bz2 samba-9639836022adcb62c72520f799a89d0f727f224d.zip | |
r20600: Web Application Framework
- Add authentication. The Web Application Framework can now be called
directly and it will rqeuire authentication if required, and should re-query
the user to log in when the session expires.
- General clean-up
(This used to be commit 27c5d7dca6fa4e0811c1b8bb52d1db3d1824462c)
Diffstat (limited to 'services/json_auth.esp')
| -rw-r--r-- | services/json_auth.esp | 58 |
1 files changed, 56 insertions, 2 deletions
diff --git a/services/json_auth.esp b/services/json_auth.esp index 0fdd98037d..57fbd7aaac 100644 --- a/services/json_auth.esp +++ b/services/json_auth.esp @@ -1,13 +1,67 @@ <% +libinclude("auth.js"); + /* Return true to allow access; false otherwise */ -function json_authenticate(serviceComponents, method, scriptTransportId) +function json_authenticate(serviceComponents, method, scriptTransportId, error) { - // Don't allow any access via ScriptTransport, for now. + // Don't allow any access via ScriptTransport, for now. There are serious + // potential security exploits that will need to be protected against when + // we do want to allow use of ScriptTransport. -- djl if (scriptTransportId != jsonrpc.Constant.ScriptTransport.NotInUse) { + error.setError(jsonrpc.Constant.ServerError.PermissionDenied, + "Permission denied"); + return false; + } + + // Does the requested method require authentication? + if (! _authentication_required(serviceComponents, method)) + { + // Nope. Let 'em in. + return true; + } + + // Did our session expire? + if (request['SESSION_EXPIRED'] == "True") + { + // Yup. + error.setError(jsonrpc.Constant.ServerError.SessionExpired, + "Session expired"); + error.setInfo(getDomainList()); + return false; + } + + // Are we authenticated? + if (! session.AUTHENTICATED) + { + // Nope. + error.setError(jsonrpc.Constant.ServerError.NotLoggedIn, + "Not logged in"); + error.setInfo(getDomainList()); + return false; + } + + return true; +} + + +/* + * Return true if authentication is required for the specified method; + * false otherwise. + */ +function _authentication_required(serviceComponents, method) +{ + var m = join(".", serviceComponents) + "." + method; + + // See if this method requires authentication + if (m == "samba.system.login" || + m == "samba.system.logout") + { + // Nope. return false; } + // Anything not listed above requires authentication return true; } |