diff options
Diffstat (limited to 'libs')
-rw-r--r-- | libs/cbi/luasrc/cbi.lua | 13 | ||||
-rw-r--r-- | libs/core/luasrc/sys.lua | 8 | ||||
-rw-r--r-- | libs/sgi-haserl/luasrc/sgi/haserl.lua | 6 | ||||
-rw-r--r-- | libs/sgi-webuci/luasrc/sgi/webuci.lua | 15 | ||||
-rw-r--r-- | libs/sgi-webuci/root/usr/lib/boa/luci.lua | 2 | ||||
-rw-r--r-- | libs/web/luasrc/dispatcher.lua | 26 |
6 files changed, 65 insertions, 5 deletions
diff --git a/libs/cbi/luasrc/cbi.lua b/libs/cbi/luasrc/cbi.lua index 42b58ce0b..178c46f03 100644 --- a/libs/cbi/luasrc/cbi.lua +++ b/libs/cbi/luasrc/cbi.lua @@ -579,11 +579,6 @@ function AbstractValue.render(self, s, scope) if not self.optional or self:cfgvalue(s) or self:formcreated(s) then scope = scope or {} scope.section = s - - -- fixup size for MultiValue fields - if instanceof(self, MultiValue) and self.widget == "select" and not self.size then - self.size = #self.vallist - end Node.render(self, scope) end @@ -741,6 +736,14 @@ function MultiValue.__init__(self, ...) self.delimiter = " " end +function MultiValue.render(self, ...) + if self.widget == "select" and not self.size then + self.size = #self.vallist + end + + AbstractValue.render(self, ...) +end + function MultiValue.value(self, key, val) val = val or key table.insert(self.keylist, tostring(key)) diff --git a/libs/core/luasrc/sys.lua b/libs/core/luasrc/sys.lua index 6d03f59db..80d702b94 100644 --- a/libs/core/luasrc/sys.lua +++ b/libs/core/luasrc/sys.lua @@ -263,6 +263,14 @@ end user = {} -- returns user information to a given uid user.getuser = posix.getpasswd + +-- checks whether a string matches the password of a certain system user +function user.checkpasswd(user, password) + local account = user.getuser(user) + if posix.crypt and account then + return (account.passwd == posix.crypt(account.passwd, password)) + end +end -- Changes the user password of given user function user.setpasswd(user, pwd) diff --git a/libs/sgi-haserl/luasrc/sgi/haserl.lua b/libs/sgi-haserl/luasrc/sgi/haserl.lua index f3994b5c8..35bc1c902 100644 --- a/libs/sgi-haserl/luasrc/sgi/haserl.lua +++ b/libs/sgi-haserl/luasrc/sgi/haserl.lua @@ -29,6 +29,12 @@ require("luci.fs") -- Environment Table luci.http.env = ENV +-- Enforces user authentification +function luci.http.basic_auth(verify_callback, realm) + -- Dummy for Haserl + return true +end + -- Returns the main dispatcher URL function luci.http.dispatcher() return luci.http.env.SCRIPT_NAME or "" diff --git a/libs/sgi-webuci/luasrc/sgi/webuci.lua b/libs/sgi-webuci/luasrc/sgi/webuci.lua index 2beff6907..1ad067c6b 100644 --- a/libs/sgi-webuci/luasrc/sgi/webuci.lua +++ b/libs/sgi-webuci/luasrc/sgi/webuci.lua @@ -33,6 +33,21 @@ function initenv(env, vars) luci.http.vars = vars end +-- Enforces user authentification +function luci.http.basic_auth(verify_callback, realm) + local user = luci.http.env.auth_user + local pass = luci.http.env.auth_password + realm = realm or "" + + if not user or not verify_callback(user, pass) then + luci.http.status("401", "Unauthorized") + luci.http.header("WWW-Authenticate", string.format('Basic realm="%s"', realm)) + return false + else + return true + end +end + -- Returns the main dispatcher URL function luci.http.dispatcher() return luci.http.env.SCRIPT_NAME or "" diff --git a/libs/sgi-webuci/root/usr/lib/boa/luci.lua b/libs/sgi-webuci/root/usr/lib/boa/luci.lua index 2ea6ba4cb..e34bd5e2d 100644 --- a/libs/sgi-webuci/root/usr/lib/boa/luci.lua +++ b/libs/sgi-webuci/root/usr/lib/boa/luci.lua @@ -38,6 +38,8 @@ function init(path) luci.sys.net.routes = function() return {} end luci.sys.wifi.getiwconfig = function() return {} end luci.sys.wifi.iwscan = function() return {} end + + luci.sys.user.checkpasswd = function() return true end end end diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index feda28d51..cd481622b 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -58,6 +58,18 @@ function build_url(...) return luci.http.dispatcher() .. "/" .. table.concat(arg, "/") end +-- Prints an error message or renders the "error401" template if available +function error401(message) + message = message or "Unauthorized" + + require("luci.template") + if not pcall(luci.template.render, "error401") then + luci.http.prepare_content("text/plain") + print(message) + end + return false +end + -- Sends a 404 error code and renders the "error404" template if available function error404(message) luci.http.status(404, "Not Found") @@ -115,6 +127,20 @@ function dispatch() end end + if track.sysauth then + local accs = track.sysauth + accs = (type(accs) == "string") and {accs} or accs + + local function sysauth(user, password) + return (luci.util.contains(accs, user) + and luci.sys.user.checkpasswd(user, password)) + end + + if not luci.http.basic_auth(sysauth) then + error401() + return + end + end if track.i18n then require("luci.i18n").loadc(track.i18n) |