blob: 57fbd7aaacda0a48652a445100800b5379c6dae7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
<%
libinclude("auth.js");
/* Return true to allow access; false otherwise */
function json_authenticate(serviceComponents, method, scriptTransportId, error)
{
// Don't allow any access via ScriptTransport, for now. There are serious
// potential security exploits that will need to be protected against when
// we do want to allow use of ScriptTransport. -- djl
if (scriptTransportId != jsonrpc.Constant.ScriptTransport.NotInUse)
{
error.setError(jsonrpc.Constant.ServerError.PermissionDenied,
"Permission denied");
return false;
}
// Does the requested method require authentication?
if (! _authentication_required(serviceComponents, method))
{
// Nope. Let 'em in.
return true;
}
// Did our session expire?
if (request['SESSION_EXPIRED'] == "True")
{
// Yup.
error.setError(jsonrpc.Constant.ServerError.SessionExpired,
"Session expired");
error.setInfo(getDomainList());
return false;
}
// Are we authenticated?
if (! session.AUTHENTICATED)
{
// Nope.
error.setError(jsonrpc.Constant.ServerError.NotLoggedIn,
"Not logged in");
error.setInfo(getDomainList());
return false;
}
return true;
}
/*
* Return true if authentication is required for the specified method;
* false otherwise.
*/
function _authentication_required(serviceComponents, method)
{
var m = join(".", serviceComponents) + "." + method;
// See if this method requires authentication
if (m == "samba.system.login" ||
m == "samba.system.logout")
{
// Nope.
return false;
}
// Anything not listed above requires authentication
return true;
}
/*
* Local Variables:
* mode: c
* End:
*/
%>
|
