svn commit: samba r7238 - in branches/SAMBA_4_0: source/scripting source/scripting/ejs swat

idra at samba.org idra at samba.org
Fri Jun 3 14:17:19 GMT 2005 

Author: idra
Date: 2005-06-03 14:17:18 +0000 (Fri, 03 Jun 2005)
New Revision: 7238

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7238

Log:

Add pam auth support in swat


Modified:
   branches/SAMBA_4_0/source/scripting/config.mk
   branches/SAMBA_4_0/source/scripting/ejs/smbcalls.c
   branches/SAMBA_4_0/swat/login.esp


Changeset:
Modified: branches/SAMBA_4_0/source/scripting/config.mk
===================================================================
--- branches/SAMBA_4_0/source/scripting/config.mk	2005-06-03 14:15:06 UTC (rev 7237)
+++ branches/SAMBA_4_0/source/scripting/config.mk	2005-06-03 14:17:18 UTC (rev 7238)
@@ -4,7 +4,7 @@
 OBJ_FILES = \
 		scripting/ejs/smbcalls.o \
 		scripting/ejs/mprutil.o
-REQUIRED_SUBSYSTEMS = EJS LIBBASIC
+REQUIRED_SUBSYSTEMS = AUTH EJS LIBBASIC
 # End SUBSYSTEM SMBCALLS
 #######################
 

Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls.c
===================================================================
--- branches/SAMBA_4_0/source/scripting/ejs/smbcalls.c	2005-06-03 14:15:06 UTC (rev 7237)
+++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls.c	2005-06-03 14:17:18 UTC (rev 7238)
@@ -25,6 +25,7 @@
 #include "param/loadparm.h"
 #include "lib/ldb/include/ldb.h"
 #include "librpc/gen_ndr/ndr_nbt.h"
+#include "auth/auth.h"
 
 /*
   return the type of a variable
@@ -298,6 +299,85 @@
 	return -1;
 }
 
+static int ejs_userAuth(MprVarHandle eid, int argc, char **argv)
+{
+	struct auth_usersupplied_info *user_info = NULL;
+	struct auth_serversupplied_info *server_info = NULL;
+	struct auth_context *auth_context;
+	TALLOC_CTX *tmp_ctx;
+	struct MprVar auth;
+	NTSTATUS nt_status;
+	DATA_BLOB pw_blob;
+	int ret;
+
+	if (argc != 3 || *argv[0] == 0 || *argv[2] == 0) {
+		ejsSetErrorMsg(eid, "userAuth invalid arguments");
+		return -1;
+	}
+
+ 	tmp_ctx = talloc_new(mprMemCtx());	
+	auth = mprCreateObjVar("auth", MPR_DEFAULT_HASH_SIZE);
+
+	if (strcmp("System User", argv[2]) == 0) {
+		const char *auth_unix[] = { "unix", NULL };
+
+		nt_status = auth_context_create(tmp_ctx, auth_unix, &auth_context);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+			mprSetPropertyValue(&auth, "report", mprCreateStringVar("Auth System Failure", 0));
+			goto done;
+		}
+
+		pw_blob = data_blob(argv[1], strlen(argv[1])),
+		make_user_info(tmp_ctx, argv[0], argv[0],
+					argv[2], argv[2],
+					"foowks", "fooip",
+					NULL, NULL,
+					NULL, NULL,
+					&pw_blob, False,
+					0x05, &user_info);
+		nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+			mprSetPropertyValue(&auth, "report", mprCreateStringVar("Login Failed", 0));
+			goto done;
+		}
+
+		mprSetPropertyValue(&auth, "result", mprCreateBoolVar(server_info->authenticated));
+		mprSetPropertyValue(&auth, "username", mprCreateStringVar(server_info->account_name, 0));
+		mprSetPropertyValue(&auth, "domain", mprCreateStringVar(server_info->domain_name, 0));
+
+	}  else {
+		mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+		mprSetPropertyValue(&auth, "report", mprCreateStringVar("Unknown Domain", 0));
+	}
+
+done:
+	ejsSetReturnValue(eid, auth);
+	talloc_free(tmp_ctx);
+	return 0;
+}
+
+static int ejs_domain_list(MprVarHandle eid, int argc, char **argv)
+{
+	struct MprVar list;
+	struct MprVar dom;
+
+	if (argc != 0) {
+		ejsSetErrorMsg(eid, "domList invalid arguments");
+		return -1;
+	}
+
+	list = mprCreateObjVar("list", MPR_DEFAULT_HASH_SIZE);
+	dom = mprCreateStringVar("System User", 1);
+	mprCreateProperty(&list, "0", &dom);
+
+	ejsSetReturnValue(eid, list);
+
+	return 0;
+}
+
+
 /*
   setup the C functions that be called from ejs
 */
@@ -308,4 +388,6 @@
 	ejsDefineCFunction(-1, "typeof", ejs_typeof, NULL, MPR_VAR_SCRIPT_HANDLE);
 	ejsDefineCFunction(-1, "ldbSearch", ejs_ldbSearch, NULL, MPR_VAR_SCRIPT_HANDLE);
 	ejsDefineCFunction(-1, "resolveName", ejs_resolve_name, NULL, MPR_VAR_SCRIPT_HANDLE);
+	ejsDefineStringCFunction(-1, "getDomainList", ejs_domain_list, NULL, MPR_VAR_SCRIPT_HANDLE);
+	ejsDefineStringCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE);
 }

Modified: branches/SAMBA_4_0/swat/login.esp
===================================================================
--- branches/SAMBA_4_0/swat/login.esp	2005-06-03 14:15:06 UTC (rev 7237)
+++ branches/SAMBA_4_0/swat/login.esp	2005-06-03 14:17:18 UTC (rev 7238)
@@ -6,12 +6,15 @@
    write("<b>Your session has expired - please authenticate again<br /></b>\n");
 }
 
-var f = FormObj("login", 2, 1);
+var f = FormObj("login", 3, 1);
 f.element[0].label = "Username";
 f.element[0].value = form['Username'];
 f.element[1].label = "Password";
 f.element[1].value = form['Password'];
 f.element[1].type  = "password";
+f.element[2].label = "Domain";
+f.element[2].type  = "select";
+f.element[2].list  = getDomainList();
 f.submit[0] = "Login";
 
 display_form(f);
@@ -19,20 +22,28 @@
 
 <%
 	if (request.REQUEST_METHOD == "POST") {
-		/* for now just authenticate everyone */
-		session.AUTHENTICATED = true;
-		session.authinfo = new Object();
 
-		session.authinfo.username = form.Username;
+		auth = userAuth(form.Username, form.Password, form.Domain);
+		if (auth.result) {
 
-		/* if the user was asking for the login page, then now
-		   redirect them to the main page. Otherwise just
-		   redirect them to the current page, which will now
-		   show its true content */
-		if (request.REQUEST_URI == "/login.esp") {
-		   redirect(session_uri("/"));
+			/* for now just authenticate everyone */
+			session.AUTHENTICATED = true;
+			session.authinfo = new Object();
+
+			session.authinfo.username = auth.username;
+			session.authinfo.domain = auth.domain;
+
+			/* if the user was asking for the login page, then now
+			   redirect them to the main page. Otherwise just
+			   redirect them to the current page, which will now
+			   show its true content */
+			if (request.REQUEST_URI == "/login.esp") {
+			   redirect(session_uri("/"));
+			} else {
+			   redirect(session_uri(request.REQUEST_URI));
+			}
 		} else {
-		   redirect(session_uri(request.REQUEST_URI));
+			write("<b>Login failed - please try again<br /></b>\n");
 		}
 	}
 %>

More information about the samba-cvs mailing list