From f56890a5733b3c57d088b52bf91a77c44976ca99 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Mon, 2 Jun 2008 17:49:27 +0000 Subject: [PATCH] * Added native basic authentication support * Cleanups --- libs/cbi/luasrc/cbi.lua | 13 ++++++----- libs/core/luasrc/sys.lua | 8 +++++++ libs/sgi-haserl/luasrc/sgi/haserl.lua | 6 +++++ libs/sgi-webuci/luasrc/sgi/webuci.lua | 15 +++++++++++++ libs/sgi-webuci/root/usr/lib/boa/luci.lua | 2 ++ libs/web/luasrc/dispatcher.lua | 26 ++++++++++++++++++++++ .../admin-core/luasrc/controller/admin/index.lua | 11 ++++----- 7 files changed, 71 insertions(+), 10 deletions(-) diff --git a/libs/cbi/luasrc/cbi.lua b/libs/cbi/luasrc/cbi.lua index 42b58ce0b..178c46f03 100644 --- a/libs/cbi/luasrc/cbi.lua +++ b/libs/cbi/luasrc/cbi.lua @@ -579,11 +579,6 @@ function AbstractValue.render(self, s, scope) if not self.optional or self:cfgvalue(s) or self:formcreated(s) then scope = scope or {} scope.section = s - - -- fixup size for MultiValue fields - if instanceof(self, MultiValue) and self.widget == "select" and not self.size then - self.size = #self.vallist - end Node.render(self, scope) end @@ -741,6 +736,14 @@ function MultiValue.__init__(self, ...) self.delimiter = " " end +function MultiValue.render(self, ...) + if self.widget == "select" and not self.size then + self.size = #self.vallist + end + + AbstractValue.render(self, ...) +end + function MultiValue.value(self, key, val) val = val or key table.insert(self.keylist, tostring(key)) diff --git a/libs/core/luasrc/sys.lua b/libs/core/luasrc/sys.lua index 6d03f59db..80d702b94 100644 --- a/libs/core/luasrc/sys.lua +++ b/libs/core/luasrc/sys.lua @@ -263,6 +263,14 @@ end user = {} -- returns user information to a given uid user.getuser = posix.getpasswd + +-- checks whether a string matches the password of a certain system user +function user.checkpasswd(user, password) + local account = user.getuser(user) + if posix.crypt and account then + return (account.passwd == posix.crypt(account.passwd, password)) + end +end -- Changes the user password of given user function user.setpasswd(user, pwd) diff --git a/libs/sgi-haserl/luasrc/sgi/haserl.lua b/libs/sgi-haserl/luasrc/sgi/haserl.lua index f3994b5c8..35bc1c902 100644 --- a/libs/sgi-haserl/luasrc/sgi/haserl.lua +++ b/libs/sgi-haserl/luasrc/sgi/haserl.lua @@ -29,6 +29,12 @@ require("luci.fs") -- Environment Table luci.http.env = ENV +-- Enforces user authentification +function luci.http.basic_auth(verify_callback, realm) + -- Dummy for Haserl + return true +end + -- Returns the main dispatcher URL function luci.http.dispatcher() return luci.http.env.SCRIPT_NAME or "" diff --git a/libs/sgi-webuci/luasrc/sgi/webuci.lua b/libs/sgi-webuci/luasrc/sgi/webuci.lua index 2beff6907..1ad067c6b 100644 --- a/libs/sgi-webuci/luasrc/sgi/webuci.lua +++ b/libs/sgi-webuci/luasrc/sgi/webuci.lua @@ -33,6 +33,21 @@ function initenv(env, vars) luci.http.vars = vars end +-- Enforces user authentification +function luci.http.basic_auth(verify_callback, realm) + local user = luci.http.env.auth_user + local pass = luci.http.env.auth_password + realm = realm or "" + + if not user or not verify_callback(user, pass) then + luci.http.status("401", "Unauthorized") + luci.http.header("WWW-Authenticate", string.format('Basic realm="%s"', realm)) + return false + else + return true + end +end + -- Returns the main dispatcher URL function luci.http.dispatcher() return luci.http.env.SCRIPT_NAME or "" diff --git a/libs/sgi-webuci/root/usr/lib/boa/luci.lua b/libs/sgi-webuci/root/usr/lib/boa/luci.lua index 2ea6ba4cb..e34bd5e2d 100644 --- a/libs/sgi-webuci/root/usr/lib/boa/luci.lua +++ b/libs/sgi-webuci/root/usr/lib/boa/luci.lua @@ -38,6 +38,8 @@ function init(path) luci.sys.net.routes = function() return {} end luci.sys.wifi.getiwconfig = function() return {} end luci.sys.wifi.iwscan = function() return {} end + + luci.sys.user.checkpasswd = function() return true end end end diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index feda28d51..cd481622b 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -58,6 +58,18 @@ function build_url(...) return luci.http.dispatcher() .. "/" .. table.concat(arg, "/") end +-- Prints an error message or renders the "error401" template if available +function error401(message) + message = message or "Unauthorized" + + require("luci.template") + if not pcall(luci.template.render, "error401") then + luci.http.prepare_content("text/plain") + print(message) + end + return false +end + -- Sends a 404 error code and renders the "error404" template if available function error404(message) luci.http.status(404, "Not Found") @@ -115,6 +127,20 @@ function dispatch() end end + if track.sysauth then + local accs = track.sysauth + accs = (type(accs) == "string") and {accs} or accs + + local function sysauth(user, password) + return (luci.util.contains(accs, user) + and luci.sys.user.checkpasswd(user, password)) + end + + if not luci.http.basic_auth(sysauth) then + error401() + return + end + end if track.i18n then require("luci.i18n").loadc(track.i18n) diff --git a/modules/admin-core/luasrc/controller/admin/index.lua b/modules/admin-core/luasrc/controller/admin/index.lua index 51f60bd83..a6c57c6b0 100644 --- a/modules/admin-core/luasrc/controller/admin/index.lua +++ b/modules/admin-core/luasrc/controller/admin/index.lua @@ -11,11 +11,12 @@ function index() entry({"about"}, template("about")).i18n = "admin-core" - local page = node("admin") - page.target = alias("admin", "index") - page.title = i18n("administration", "Administration") - page.order = 10 - page.i18n = "admin-core" + local page = node("admin") + page.target = alias("admin", "index") + page.title = i18n("administration", "Administration") + page.order = 10 + page.i18n = "admin-core" + page.sysauth = "root" local page = node("admin", "index") page.target = template("admin_index/index") -- 2.11.0