From 00aceaf624d8e5da2a8f3df161d52599aae2ac41 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Sat, 28 Jun 2008 16:03:54 +0000 Subject: [PATCH] * libs/web: Switched from HTTP-Basic-Auth to Session-Auth * Updated Makefiles for better testing environment integration * Fixed libs/sgi-luci --- Makefile | 4 ++ i18n/english/luasrc/i18n/default.en.lua | 1 + i18n/english/luasrc/i18n/sysauth.en.lua | 3 + i18n/german/luasrc/i18n/default.de.lua | 2 + i18n/german/luasrc/i18n/sysauth.de.lua | 3 + libs/core/luasrc/fs.lua | 3 + libs/core/luasrc/sys.lua | 16 +++-- libs/sgi-cgi/ipkg/postinst | 10 --- libs/sgi-cgi/luasrc/sgi/cgi.lua | 2 +- libs/sgi-luci/root/usr/bin/luci-httpd | 6 +- libs/web/luasrc/dispatcher.lua | 77 +++++++++++----------- libs/web/luasrc/http.lua | 15 +++-- libs/web/luasrc/i18n.lua | 4 +- libs/web/luasrc/sauth.lua | 11 ++-- modules/admin-core/luasrc/view/sysauth.htm | 26 ++++++++ .../luasrc/view/themes/fledermaus/header.htm | 2 +- .../luasrc/view/themes/openwrt.org/header.htm | 2 +- 17 files changed, 116 insertions(+), 71 deletions(-) create mode 100644 i18n/english/luasrc/i18n/sysauth.en.lua create mode 100644 i18n/german/luasrc/i18n/sysauth.de.lua delete mode 100755 libs/sgi-cgi/ipkg/postinst create mode 100644 modules/admin-core/luasrc/view/sysauth.htm diff --git a/Makefile b/Makefile index 8ce59c268..8ac0ac664 100644 --- a/Makefile +++ b/Makefile @@ -35,10 +35,14 @@ hostcopy: ln -s .$(LUCI_MODULEDIR) host/luci runboa: host + export LUA_PATH="`pwd`/host$(LUCI_MODULEDIR);;" + export LUA_CPATH="`pwd`/host$(LUCI_LIBRARYDIR);;" libs/sgi-webuci/host/buildconfig.sh `pwd`/host > host/etc/boa/boa.conf ./host/usr/bin/boa -c ./host/etc/boa -d runluci: luahost + export LUA_PATH="`pwd`/host$(LUCI_MODULEDIR);;" + export LUA_CPATH="`pwd`/host$(LUCI_LIBRARYDIR);;" libs/httpd/host/runluci host$(HTDOCS) hostclean: clean diff --git a/i18n/english/luasrc/i18n/default.en.lua b/i18n/english/luasrc/i18n/default.en.lua index 92ee1625f..593c11ea3 100644 --- a/i18n/english/luasrc/i18n/default.en.lua +++ b/i18n/english/luasrc/i18n/default.en.lua @@ -46,6 +46,7 @@ key = "Key" language = "Language" limit = "Limit" load = "Load" +login = "Login" macaddress = "MAC-Address" manpage = "see '%s' manpage" diff --git a/i18n/english/luasrc/i18n/sysauth.en.lua b/i18n/english/luasrc/i18n/sysauth.en.lua new file mode 100644 index 000000000..a87774a86 --- /dev/null +++ b/i18n/english/luasrc/i18n/sysauth.en.lua @@ -0,0 +1,3 @@ +sysauth_head = "Authorization Required" +sysauth_prompt = "Please enter your username and password." +sysauth_failed = "Invalid username and/or password! Please try again." diff --git a/i18n/german/luasrc/i18n/default.de.lua b/i18n/german/luasrc/i18n/default.de.lua index 8fd96d5b2..0eec9cf83 100644 --- a/i18n/german/luasrc/i18n/default.de.lua +++ b/i18n/german/luasrc/i18n/default.de.lua @@ -40,6 +40,8 @@ ipaddress = "IP-Adresse" legend = "Legende" library = "Bibliothek" +load = "Last" +login = "Anmelden" key = "Schlüssel" diff --git a/i18n/german/luasrc/i18n/sysauth.de.lua b/i18n/german/luasrc/i18n/sysauth.de.lua new file mode 100644 index 000000000..c01a4b918 --- /dev/null +++ b/i18n/german/luasrc/i18n/sysauth.de.lua @@ -0,0 +1,3 @@ +sysauth_head = "Autorisation benötigt" +sysauth_prompt = "Bitte Benutzernamen und Passwort eingeben." +sysauth_failed = "Ungültiger Benutzername und/oder ungültiges Passwort! Bitte nocheinmal versuchen." diff --git a/libs/core/luasrc/fs.lua b/libs/core/luasrc/fs.lua index 5c1f2a051..415e8e567 100644 --- a/libs/core/luasrc/fs.lua +++ b/libs/core/luasrc/fs.lua @@ -28,6 +28,9 @@ module("luci.fs", package.seeall) require("posix") +-- Access +access = posix.access + -- Glob glob = posix.glob diff --git a/libs/core/luasrc/sys.lua b/libs/core/luasrc/sys.lua index 54c4e0613..540a636fb 100644 --- a/libs/core/luasrc/sys.lua +++ b/libs/core/luasrc/sys.lua @@ -285,10 +285,18 @@ user = {} user.getuser = posix.getpasswd -- checks whether a string matches the password of a certain system user -function user.checkpasswd(user, password) - local account = user.getuser(user) - if posix.crypt and account then - return (account.passwd == posix.crypt(account.passwd, password)) +function user.checkpasswd(username, password) + local account = user.getuser(username) + + -- FIXME: detect testing environment + if luci.fs.isfile("/etc/shadow") and not luci.fs.access("/etc/shadow", "r") then + return true + elseif account then + if account.passwd == "!" then + return true + else + return (account.passwd == posix.crypt(account.passwd, password)) + end end end diff --git a/libs/sgi-cgi/ipkg/postinst b/libs/sgi-cgi/ipkg/postinst deleted file mode 100755 index d8780c2e7..000000000 --- a/libs/sgi-cgi/ipkg/postinst +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -PATTERNS='/cgi-bin/luci/admin:root:$p$root' - -for i in $PATTERNS -do - grep "$i" ${IPKG_INSTROOT}/etc/httpd.conf >/dev/null 2>/dev/null || echo "$i" >> ${IPKG_INSTROOT}/etc/httpd.conf -done - -[ -n "${IPKG_INSTROOT}" ] || /etc/init.d/httpd restart - diff --git a/libs/sgi-cgi/luasrc/sgi/cgi.lua b/libs/sgi-cgi/luasrc/sgi/cgi.lua index 8ba4c54a3..5555e4a05 100644 --- a/libs/sgi-cgi/luasrc/sgi/cgi.lua +++ b/libs/sgi-cgi/luasrc/sgi/cgi.lua @@ -47,7 +47,7 @@ function run() print(id) break; end - + if id == 1 then io.write("Status: " .. tostring(data1) .. " " .. data2 .. "\n") elseif id == 2 then diff --git a/libs/sgi-luci/root/usr/bin/luci-httpd b/libs/sgi-luci/root/usr/bin/luci-httpd index 7f2ee50fa..091e38b21 100755 --- a/libs/sgi-luci/root/usr/bin/luci-httpd +++ b/libs/sgi-luci/root/usr/bin/luci-httpd @@ -27,7 +27,5 @@ vhost:set_handler("/luci", lucihandler) io.stderr:write("Starting LuCI HTTPD on port " .. PORT .. "...\n") io.stderr:write("Point your browser to http://localhost:" .. PORT .. "/luci\n") -daemon = luci.httpd.Daemon() ---daemon.debug = true -daemon:register(serversocket, server:create_daemon_handlers()) -daemon:run() +luci.httpd.register(serversocket, server:create_daemon_handlers()) +luci.httpd.run() diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index 5bf3fc1d6..989eb4402 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -43,18 +43,6 @@ function build_url(...) return luci.http.getenv("SCRIPT_NAME") .. "/" .. table.concat(arg, "/") end --- Prints an error message or renders the "error401" template if available -function error401(message) - message = message or "Unauthorized" - - require("luci.template") - if not luci.util.copcall(luci.template.render, "error401") then - luci.http.prepare_content("text/plain") - luci.http.write(message) - end - return false -end - -- Sends a 404 error code and renders the "error404" template if available function error404(message) luci.http.status(404, "Not Found") @@ -80,6 +68,25 @@ function error500(message) return false end +-- Renders an authorization form +function sysauth(default) + local user = luci.http.formvalue("username") + local pass = luci.http.formvalue("password") + + if user and luci.sys.user.checkpasswd(user, pass) then + local sid = luci.sys.uniqueid(16) + luci.http.header("Set-Cookie", "sysauth=" .. sid) + luci.sauth.write(sid, user) + return true + else + require("luci.i18n") + require("luci.template") + context.path = {} + luci.template.render("sysauth", {duser=default, fuser=user}) + return false + end +end + -- Creates a request object for dispatching function httpdispatch(request) luci.http.context.request = request @@ -119,34 +126,9 @@ function dispatch(request) end end - if track.sysauth then - local accs = track.sysauth - accs = (type(accs) == "string") and {accs} or accs - - --[[ - local function sysauth(user, password) - return (luci.util.contains(accs, user) - and luci.sys.user.checkpasswd(user, password)) - end - - if not luci.http.basic_auth(sysauth) then - error401() - return - end - ]]-- - end - if track.i18n then require("luci.i18n").loadc(track.i18n) end - - if track.setgroup then - luci.sys.process.setgroup(track.setgroup) - end - - if track.setuser then - luci.sys.process.setuser(track.setuser) - end -- Init template engine local tpl = require("luci.template") @@ -159,6 +141,27 @@ function dispatch(request) viewns.resource = luci.config.main.resourcebase viewns.REQUEST_URI = luci.http.getenv("SCRIPT_NAME") .. (luci.http.getenv("PATH_INFO") or "") + if track.sysauth then + require("luci.sauth") + local def = (type(track.sysauth) == "string") and track.sysauth + local accs = def and {track.sysauth} or track.sysauth + local user = luci.sauth.read(luci.http.getcookie("sysauth")) + + + if not luci.util.contains(accs, user) then + if not sysauth(def) then + return + end + end + end + + if track.setgroup then + luci.sys.process.setgroup(track.setgroup) + end + + if track.setuser then + luci.sys.process.setuser(track.setuser) + end if c and type(c.target) == "function" then context.dispatched = c diff --git a/libs/web/luasrc/http.lua b/libs/web/luasrc/http.lua index 37050e478..f37d67343 100644 --- a/libs/web/luasrc/http.lua +++ b/libs/web/luasrc/http.lua @@ -51,13 +51,13 @@ function Request.__init__(self, env, sourcein, sinkerr) self.parsed_input = false end -function Request.formvalue(self, name, default) +function Request.formvalue(self, name) if not self.parsed_input then self:_parse_input() end if name then - return self.message.params[name] and tostring(self.message.params[name]) or default + return self.message.params[name] else return self.message.params end @@ -84,7 +84,7 @@ end function Request.getcookie(self, name) local c = string.gsub(";" .. (self:getenv("HTTP_COOKIE") or "") .. ";", "%s*;%s*", ";") local p = ";" .. name .. "=(.-);" - local i, j, value = cookies:find(p) + local i, j, value = c:find(p) return value and urldecode(value) end @@ -130,6 +130,10 @@ function formvaluetable(...) return context.request:formvaluetable(...) end +function getcookie(...) + return context.request:getcookie(...) +end + function getvalue(...) return context.request:getvalue(...) end @@ -147,9 +151,6 @@ function setfilehandler(...) end function header(key, value) - if not context.status then - status() - end if not context.headers then context.headers = {} end @@ -187,7 +188,7 @@ function write(content) end function redirect(url) - header("Status", "302 Found") + status(302, "Found") header("Location", url) close() end diff --git a/libs/web/luasrc/i18n.lua b/libs/web/luasrc/i18n.lua index 35ad0965d..2c2bb2e1a 100644 --- a/libs/web/luasrc/i18n.lua +++ b/libs/web/luasrc/i18n.lua @@ -71,10 +71,10 @@ function setlanguage(lang) end -- Returns the i18n-value defined by "key" or if there is no such: "default" -function translate(key, default) +function translate(key, def) return (table[context.lang] and table[context.lang][key]) or (table[default] and table[default][key]) - or default + or def end -- Translate shourtcut with sprintf/string.format inclusion diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua index 724e22d20..d838f84f6 100644 --- a/libs/web/luasrc/sauth.lua +++ b/libs/web/luasrc/sauth.lua @@ -19,7 +19,7 @@ require("luci.config") luci.config.sauth = luci.config.sauth or {} sessionpath = luci.config.sauth.sessionpath -sessiontime = luci.config.sauth.sessiontime +sessiontime = tonumber(luci.config.sauth.sessiontime) function clean() @@ -30,7 +30,7 @@ function clean() return nil end - for i, file in files do + for i, file in pairs(files) do local fname = sessionpath .. "/" .. file local stat = luci.fs.stat(fname) if stat and stat.type == "regular" and stat.atime + sessiontime < now then @@ -41,11 +41,14 @@ end function prepare() luci.fs.mkdir(sessionpath) - luci.fs.chmod(sessionpath, "a-rwx,u+rw") + luci.fs.chmod(sessionpath, "a-rwx,u+rwx") end function read(id) - cleansessions() + if not id then + return + end + clean() return luci.fs.readfile(sessionpath .. "/" .. id) end diff --git a/modules/admin-core/luasrc/view/sysauth.htm b/modules/admin-core/luasrc/view/sysauth.htm new file mode 100644 index 000000000..4e5367a86 --- /dev/null +++ b/modules/admin-core/luasrc/view/sysauth.htm @@ -0,0 +1,26 @@ +<%+header%> +<% luci.i18n.loadc("sysauth") %> +

<%:sysauth_head%>

+

<%:sysauth_prompt%>

+<% if fuser then %> +
<%:sysauth_failed%>
+
+<% end %> +
+
+
+
<%:username%>
+
+
+
+
<%:password%>
+
+
+
+
+ + +
+
+
+<%+footer%> \ No newline at end of file diff --git a/themes/fledermaus/luasrc/view/themes/fledermaus/header.htm b/themes/fledermaus/luasrc/view/themes/fledermaus/header.htm index 9f27f98b8..f1343a0e1 100644 --- a/themes/fledermaus/luasrc/view/themes/fledermaus/header.htm +++ b/themes/fledermaus/luasrc/view/themes/fledermaus/header.htm @@ -26,7 +26,7 @@ require("luci.http").prepare_content("text/html") <% if node and node.css then %><% end %> - LuCI - Lua Configuration Interface - <%=node.title%> + LuCI - Lua Configuration Interface - <%=(node and node.title)%>