2006-10-06 15:36:07 +00:00
<%
2007-01-07 23:06:50 +00:00
libinclude("auth.js");
2006-10-06 15:36:07 +00:00
/* Return true to allow access; false otherwise */
2007-01-07 23:06:50 +00:00
function json_authenticate(serviceComponents, method, scriptTransportId, error)
2006-10-06 15:36:07 +00:00
{
2007-01-07 23:06:50 +00:00
// Don't allow any access via ScriptTransport, for now. There are serious
// potential security exploits that will need to be protected against when
// we do want to allow use of ScriptTransport. -- djl
2007-01-05 19:29:45 +00:00
if (scriptTransportId != jsonrpc.Constant.ScriptTransport.NotInUse)
{
2007-01-07 23:06:50 +00:00
error.setError(jsonrpc.Constant.ServerError.PermissionDenied,
"Permission denied");
return false;
}
// Does the requested method require authentication?
if (! _authentication_required(serviceComponents, method))
{
// Nope. Let 'em in.
return true;
}
// Did our session expire?
if (request['SESSION_EXPIRED'] == "True")
{
// Yup.
error.setError(jsonrpc.Constant.ServerError.SessionExpired,
"Session expired");
error.setInfo(getDomainList());
return false;
}
// Are we authenticated?
if (! session.AUTHENTICATED)
{
// Nope.
error.setError(jsonrpc.Constant.ServerError.NotLoggedIn,
"Not logged in");
error.setInfo(getDomainList());
return false;
}
return true;
}
/*
* Return true if authentication is required for the specified method;
* false otherwise.
*/
function _authentication_required(serviceComponents, method)
{
var m = join(".", serviceComponents) + "." + method;
// See if this method requires authentication
if (m == "samba.system.login" ||
m == "samba.system.logout")
{
// Nope.
2007-01-05 19:29:45 +00:00
return false;
}
2007-01-07 23:06:50 +00:00
// Anything not listed above requires authentication
2006-10-06 15:36:07 +00:00
return true;
}
/*
* Local Variables:
* mode: c
* End:
*/
%>
