From 7e671ae37f6c951d4db18c446eed52685200b2e0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 11 Sep 2008 16:47:45 +0200
Subject: rename swat => swat2, so that we don't conflict with samba3

metze
(This used to be commit bf852a3dbeee8900fa36978f08a5cdceabcbd926)
---
 swat2/scripting/preauth.esp | 48 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 swat2/scripting/preauth.esp

(limited to 'swat2/scripting/preauth.esp')

diff --git a/swat2/scripting/preauth.esp b/swat2/scripting/preauth.esp
new file mode 100644
index 0000000000..e6d04faf8d
--- /dev/null
+++ b/swat2/scripting/preauth.esp
@@ -0,0 +1,48 @@
+<%
+include("/scripting/common.js");
+
+/* this script is called on every web request. If it produces any
+   output at all then that output is returned and the requested page
+   is not given or processed.
+*/ 
+
+/*
+  check if a uri is one of the 'always allowed' pages, even when not logged in
+  This allows the login page to use the same style sheets and images
+*/
+function always_allowed(uri) {
+	var str = string_init();
+
+        /* allow jsonrpc-based applications to do their own authentication */
+        var s = str.split('/', uri);
+        if (s[0] == "" && s[1] == 'index.html') {
+                return true;
+        }
+
+	var s = str.split('.', uri);
+	if (s.length < 2) {
+		return false;
+	}
+
+	var ext = s[s.length-1];
+	var allowed = new Array("ico", "gif", "png","css", "js");
+	for (i in allowed) {
+		if (allowed[i] == ext) {
+			return true;
+		}
+	}
+	return false;
+}
+
+
+if (server['SERVER_PROTOCOL'] == "http" &&
+    server['TLS_SUPPORT'] == "True") {
+	write("redirect to https");
+        redirect("https://" + headers['HOST'] + request['REQUEST_URI']);
+} else if (always_allowed(request['REQUEST_URI']) != true && 
+	   session['AUTHENTICATED'] == undefined) {
+	/* present the login page */
+	include("/login.esp");
+}
+
+%>
-- 
cgit