summaryrefslogtreecommitdiff
path: root/source4/web_server/calls.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/web_server/calls.c')
-rw-r--r--source4/web_server/calls.c71
1 files changed, 70 insertions, 1 deletions
diff --git a/source4/web_server/calls.c b/source4/web_server/calls.c
index fc23a113fe..ab20c38193 100644
--- a/source4/web_server/calls.c
+++ b/source4/web_server/calls.c
@@ -21,11 +21,11 @@
*/
#include "includes.h"
+#include "pwd.h"
#include "web_server/esp/esp.h"
#include "param/loadparm.h"
#include "lib/ldb/include/ldb.h"
-
/*
add an indexed array element to a property
*/
@@ -378,6 +378,74 @@ failed:
return -1;
}
+/* try to authenticate the user/password pair against system auth mechanisms
+ returns 0 on success
+ returns -1 on error
+
+ fills in the session structure properly in case of success
+ NOTE: Currently only PAM Auth is supported
+*/
+
+static int esp_unixAuth(struct EspRequest *ep, int argc, struct MprVar **argv)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(ep);
+ const char *username;
+ const char *password;
+ struct passwd *pwd;
+ int ret;
+
+ if (argc != 2 || argv[0]->type != MPR_TYPE_STRING ||
+ argv[1]->type != MPR_TYPE_STRING) {
+ espError(ep, "unixAuth invalid arguments");
+ ret = -1;
+ goto done;
+ }
+
+ username = mprToString(argv[0]);
+ password = mprToString(argv[1]);
+
+ if (username == NULL || password == NULL) {
+ espError(ep, "unixAuth invalid arguments");
+ ret = -1;
+ goto done;
+ }
+
+ /* TODO: find out how to pass the real client name/address here */
+ if (NT_STATUS_IS_OK(unix_passcheck(tmp_ctx, "client", username, password))) {
+
+ pwd = getpwnam(username);
+ if (!pwd) {
+ espSetReturn(ep, mprCreateIntegerVar(-1));
+ ret = -1;
+ goto done;
+ }
+
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "AUTHENTICATED", mprCreateStringVar("1", 0));
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "USERNAME", mprCreateStringVar(username, 0));
+
+ if (pwd->pw_uid == 0) { /* we are root */
+
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "PRIVILEGE", mprCreateStringVar("ADMIN", 0));
+ } else {
+ mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
+ "PRIVILEGE", mprCreateStringVar("USER", 0));
+ }
+
+ espSetReturn(ep, mprCreateIntegerVar(0));
+ } else {
+ if (mprGetProperty(&ep->variables[ESP_SESSION_OBJ], "AUTHENTICATED", 0) != 0) {
+ mprDeleteProperty(&ep->variables[ESP_SESSION_OBJ], "AUTHENTICATED");
+ }
+ espSetReturn(ep, mprCreateIntegerVar(-1));
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
/*
setup the C functions that be called from ejs
@@ -388,4 +456,5 @@ void http_setup_ejs_functions(void)
espDefineStringCFunction(NULL, "lpServices", esp_lpServices, NULL);
espDefineCFunction(NULL, "typeof", esp_typeof, NULL);
espDefineCFunction(NULL, "ldbSearch", esp_ldbSearch, NULL);
+ espDefineCFunction(NULL, "unixAuth", esp_unixAuth, NULL);
}
generated by cgit (git 2.34.1) at 2024-07-31 16:43:04 +0000