summaryrefslogtreecommitdiffhomepage
path: root/libs
diff options
context:
space:
mode:
authorSteven Barth <steven@midlink.org>2008-08-10 12:58:05 +0000
committerSteven Barth <steven@midlink.org>2008-08-10 12:58:05 +0000
commitf9fa6d82da4f15473a49822d6d9dfda34144b85e (patch)
treeb5a1593155a67919118e2201c244d239a87ba31f /libs
parent2787a7f68896663647e19a1387195ae18db7d37a (diff)
* libs/web: Reworked authentication
Diffstat (limited to 'libs')
-rwxr-xr-xlibs/httpd/host/runluci3
-rw-r--r--libs/httpd/luasrc/httpd/handler/luci.lua2
-rw-r--r--libs/sys/luasrc/sys.lua5
-rw-r--r--libs/web/luasrc/dispatcher.lua41
4 files changed, 28 insertions, 23 deletions
diff --git a/libs/httpd/host/runluci b/libs/httpd/host/runluci
index 6f6cdde3df..d31b3f79c5 100755
--- a/libs/httpd/host/runluci
+++ b/libs/httpd/host/runluci
@@ -23,6 +23,9 @@ if pcall(require, "uci") and pcall(require, "luci.model.uci") then
luci.model.uci.set_confdir(luci.model.uci.confdir_default)
end
+require("luci.sys")
+luci.sys.user.checkpasswd = function() return true end
+
filehandler = luci.httpd.handler.file.Simple(DOCROOT)
vhost:set_default_handler(filehandler)
diff --git a/libs/httpd/luasrc/httpd/handler/luci.lua b/libs/httpd/luasrc/httpd/handler/luci.lua
index 232883256e..ac3ed78d0a 100644
--- a/libs/httpd/luasrc/httpd/handler/luci.lua
+++ b/libs/httpd/luasrc/httpd/handler/luci.lua
@@ -32,7 +32,6 @@ end
function Luci.handle_head(self, ...)
local response, sourceout = self:handle_get(...)
- self.running = self.running - 1
return response
end
@@ -67,7 +66,6 @@ function Luci.handle_get(self, request, sourcein, sinkerr)
status = 500
headers["Content-Type"] = "text/plain"
local err = {id}
- self.running = self.running - 1
return Response( status, headers ), function() return table.remove(err) end
end
diff --git a/libs/sys/luasrc/sys.lua b/libs/sys/luasrc/sys.lua
index b8ec10e0f4..56beafe944 100644
--- a/libs/sys/luasrc/sys.lua
+++ b/libs/sys/luasrc/sys.lua
@@ -295,10 +295,7 @@ user.getuser = posix.getpasswd
function user.checkpasswd(username, password)
local account = user.getuser(username)
- -- FIXME: detect testing environment
- if luci.fs.stat("/etc/shadow") and not luci.fs.access("/etc/shadow", "r") then
- return true
- elseif account then
+ if account then
if account.passwd == "!" then
return true
else
diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua
index d9917c2a87..b74c5bdc25 100644
--- a/libs/web/luasrc/dispatcher.lua
+++ b/libs/web/luasrc/dispatcher.lua
@@ -33,6 +33,8 @@ require("luci.fs")
context = luci.util.threadlocal()
+authenticator = {}
+
-- Index table
local index = nil
@@ -76,25 +78,20 @@ function error500(message)
return false
end
---- Render and evaluate the system authentication login form.
--- @param default Default username
--- @return Authentication status
-function sysauth(default)
+function authenticator.htmlauth(validator, default)
local user = luci.http.formvalue("username")
local pass = luci.http.formvalue("password")
- if user and luci.sys.user.checkpasswd(user, pass) then
- local sid = luci.sys.uniqueid(16)
- luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
- luci.sauth.write(sid, user)
- return true
- else
- require("luci.i18n")
- require("luci.template")
- context.path = {}
- luci.template.render("sysauth", {duser=default, fuser=user})
- return false
+ if user and validator(user, pass) then
+ return user
end
+
+ require("luci.i18n")
+ require("luci.template")
+ context.path = {}
+ luci.template.render("sysauth", {duser=default, fuser=user})
+ return false
+
end
--- Dispatch an HTTP request.
@@ -172,13 +169,23 @@ function dispatch(request)
if track.sysauth then
require("luci.sauth")
+ local authen = authenticator[track.sysauth_authenticator]
local def = (type(track.sysauth) == "string") and track.sysauth
local accs = def and {track.sysauth} or track.sysauth
local user = luci.sauth.read(luci.http.getcookie("sysauth"))
-
if not luci.util.contains(accs, user) then
- if not sysauth(def) then
+ if authen then
+ local user = authen(luci.sys.user.checkpasswd, def)
+ if not user or not luci.util.contains(accs, user) then
+ return
+ else
+ local sid = luci.sys.uniqueid(16)
+ luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
+ luci.sauth.write(sid, user)
+ end
+ else
+ luci.http.status(403, "Forbidden")
return
end
end