diff options
Diffstat (limited to 'libs')
-rwxr-xr-x | libs/httpd/host/runluci | 3 | ||||
-rw-r--r-- | libs/httpd/luasrc/httpd/handler/luci.lua | 2 | ||||
-rw-r--r-- | libs/sys/luasrc/sys.lua | 5 | ||||
-rw-r--r-- | libs/web/luasrc/dispatcher.lua | 41 |
4 files changed, 28 insertions, 23 deletions
diff --git a/libs/httpd/host/runluci b/libs/httpd/host/runluci index 6f6cdde3df..d31b3f79c5 100755 --- a/libs/httpd/host/runluci +++ b/libs/httpd/host/runluci @@ -23,6 +23,9 @@ if pcall(require, "uci") and pcall(require, "luci.model.uci") then luci.model.uci.set_confdir(luci.model.uci.confdir_default) end +require("luci.sys") +luci.sys.user.checkpasswd = function() return true end + filehandler = luci.httpd.handler.file.Simple(DOCROOT) vhost:set_default_handler(filehandler) diff --git a/libs/httpd/luasrc/httpd/handler/luci.lua b/libs/httpd/luasrc/httpd/handler/luci.lua index 232883256e..ac3ed78d0a 100644 --- a/libs/httpd/luasrc/httpd/handler/luci.lua +++ b/libs/httpd/luasrc/httpd/handler/luci.lua @@ -32,7 +32,6 @@ end function Luci.handle_head(self, ...) local response, sourceout = self:handle_get(...) - self.running = self.running - 1 return response end @@ -67,7 +66,6 @@ function Luci.handle_get(self, request, sourcein, sinkerr) status = 500 headers["Content-Type"] = "text/plain" local err = {id} - self.running = self.running - 1 return Response( status, headers ), function() return table.remove(err) end end diff --git a/libs/sys/luasrc/sys.lua b/libs/sys/luasrc/sys.lua index b8ec10e0f4..56beafe944 100644 --- a/libs/sys/luasrc/sys.lua +++ b/libs/sys/luasrc/sys.lua @@ -295,10 +295,7 @@ user.getuser = posix.getpasswd function user.checkpasswd(username, password) local account = user.getuser(username) - -- FIXME: detect testing environment - if luci.fs.stat("/etc/shadow") and not luci.fs.access("/etc/shadow", "r") then - return true - elseif account then + if account then if account.passwd == "!" then return true else diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index d9917c2a87..b74c5bdc25 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -33,6 +33,8 @@ require("luci.fs") context = luci.util.threadlocal() +authenticator = {} + -- Index table local index = nil @@ -76,25 +78,20 @@ function error500(message) return false end ---- Render and evaluate the system authentication login form. --- @param default Default username --- @return Authentication status -function sysauth(default) +function authenticator.htmlauth(validator, default) local user = luci.http.formvalue("username") local pass = luci.http.formvalue("password") - if user and luci.sys.user.checkpasswd(user, pass) then - local sid = luci.sys.uniqueid(16) - luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/") - luci.sauth.write(sid, user) - return true - else - require("luci.i18n") - require("luci.template") - context.path = {} - luci.template.render("sysauth", {duser=default, fuser=user}) - return false + if user and validator(user, pass) then + return user end + + require("luci.i18n") + require("luci.template") + context.path = {} + luci.template.render("sysauth", {duser=default, fuser=user}) + return false + end --- Dispatch an HTTP request. @@ -172,13 +169,23 @@ function dispatch(request) if track.sysauth then require("luci.sauth") + local authen = authenticator[track.sysauth_authenticator] local def = (type(track.sysauth) == "string") and track.sysauth local accs = def and {track.sysauth} or track.sysauth local user = luci.sauth.read(luci.http.getcookie("sysauth")) - if not luci.util.contains(accs, user) then - if not sysauth(def) then + if authen then + local user = authen(luci.sys.user.checkpasswd, def) + if not user or not luci.util.contains(accs, user) then + return + else + local sid = luci.sys.uniqueid(16) + luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/") + luci.sauth.write(sid, user) + end + else + luci.http.status(403, "Forbidden") return end end |