r12746: An initial version of the kludge_acls module.

This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:

- SYSTEM and Administrators can read all.

- Users and anonymous cannot read passwords, can read everything else

- list of 'password' attributes is hard-coded

Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)

Andrew Bartlett
(This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)

1 files changed, 17 insertions, 0 deletions

diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c
index 8ef04bec97..3ec376f4fe 100644
--- a/source4/scripting/ejs/smbcalls_auth.c
+++ b/source4/scripting/ejs/smbcalls_auth.c
@@ -158,9 +158,26 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv)
 }
 
 /*
+  initialise credentials ejs object
+*/
+static int ejs_system_session(MprVarHandle eid, int argc, struct MprVar **argv)
+{
+	struct MprVar *obj = mprInitObject(eid, "session_info", argc, argv);
+	struct auth_session_info *session_info = system_session(mprMemCtx());
+
+	if (session_info == NULL) {
+		return -1;
+	}
+
+	mprSetPtrChild(obj, "session_info", session_info);
+	return 0;
+}
+
+/*
   setup C functions that be called from ejs
 */
 void smb_setup_ejs_auth(void)
 {
 	ejsDefineCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE);
+	ejsDefineCFunction(-1, "system_session", ejs_system_session, NULL, MPR_VAR_SCRIPT_HANDLE);
 }