2025-03-09 08:58:35 +03:00 · 2005-06-03 14:17:18 +00:00 · 2005-06-03 14:17:18 +00:00 · 8a98572a3b
commit 8a98572a3b
parent d630e654b6
3 changed files with 106 additions and 13 deletions
--- a/source/scripting/config.mk
+++ b/source/scripting/config.mk
@ -4,7 +4,7 @@
 OBJ_FILES = \
 		scripting/ejs/smbcalls.o \
 		scripting/ejs/mprutil.o
-REQUIRED_SUBSYSTEMS = EJS LIBBASIC
+REQUIRED_SUBSYSTEMS = AUTH EJS LIBBASIC
 # End SUBSYSTEM SMBCALLS
 #######################

--- a/source/scripting/ejs/smbcalls.c
+++ b/source/scripting/ejs/smbcalls.c
@ -25,6 +25,7 @@
 #include "param/loadparm.h"
 #include "lib/ldb/include/ldb.h"
 #include "librpc/gen_ndr/ndr_nbt.h"
+#include "auth/auth.h"

 /*
  return the type of a variable
@ -298,6 +299,85 @@ static int ejs_resolve_name(MprVarHandle eid, int argc, struct MprVar **argv)
 	return -1;
 }

+static int ejs_userAuth(MprVarHandle eid, int argc, char **argv)
+{
+	struct auth_usersupplied_info *user_info = NULL;
+	struct auth_serversupplied_info *server_info = NULL;
+	struct auth_context *auth_context;
+	TALLOC_CTX *tmp_ctx;
+	struct MprVar auth;
+	NTSTATUS nt_status;
+	DATA_BLOB pw_blob;
+	int ret;
+
+	if (argc != 3 || *argv[0] == 0 || *argv[2] == 0) {
+		ejsSetErrorMsg(eid, "userAuth invalid arguments");
+		return -1;
+	}
+
+ 	tmp_ctx = talloc_new(mprMemCtx());	
+	auth = mprCreateObjVar("auth", MPR_DEFAULT_HASH_SIZE);
+
+	if (strcmp("System User", argv[2]) == 0) {
+		const char *auth_unix[] = { "unix", NULL };
+
+		nt_status = auth_context_create(tmp_ctx, auth_unix, &auth_context);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+			mprSetPropertyValue(&auth, "report", mprCreateStringVar("Auth System Failure", 0));
+			goto done;
+		}
+
+		pw_blob = data_blob(argv[1], strlen(argv[1])),
+		make_user_info(tmp_ctx, argv[0], argv[0],
+					argv[2], argv[2],
+					"foowks", "fooip",
+					NULL, NULL,
+					NULL, NULL,
+					&pw_blob, False,
+					0x05, &user_info);
+		nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
+		if (!NT_STATUS_IS_OK(nt_status)) {
+			mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+			mprSetPropertyValue(&auth, "report", mprCreateStringVar("Login Failed", 0));
+			goto done;
+		}
+
+		mprSetPropertyValue(&auth, "result", mprCreateBoolVar(server_info->authenticated));
+		mprSetPropertyValue(&auth, "username", mprCreateStringVar(server_info->account_name, 0));
+		mprSetPropertyValue(&auth, "domain", mprCreateStringVar(server_info->domain_name, 0));
+
+	}  else {
+		mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False));
+		mprSetPropertyValue(&auth, "report", mprCreateStringVar("Unknown Domain", 0));
+	}
+
+done:
+	ejsSetReturnValue(eid, auth);
+	talloc_free(tmp_ctx);
+	return 0;
+}
+
+static int ejs_domain_list(MprVarHandle eid, int argc, char **argv)
+{
+	struct MprVar list;
+	struct MprVar dom;
+
+	if (argc != 0) {
+		ejsSetErrorMsg(eid, "domList invalid arguments");
+		return -1;
+	}
+
+	list = mprCreateObjVar("list", MPR_DEFAULT_HASH_SIZE);
+	dom = mprCreateStringVar("System User", 1);
+	mprCreateProperty(&list, "0", &dom);
+
+	ejsSetReturnValue(eid, list);
+
+	return 0;
+}
+
+
 /*
  setup the C functions that be called from ejs
 */
@ -308,4 +388,6 @@ void smb_setup_ejs_functions(void)
 	ejsDefineCFunction(-1, "typeof", ejs_typeof, NULL, MPR_VAR_SCRIPT_HANDLE);
 	ejsDefineCFunction(-1, "ldbSearch", ejs_ldbSearch, NULL, MPR_VAR_SCRIPT_HANDLE);
 	ejsDefineCFunction(-1, "resolveName", ejs_resolve_name, NULL, MPR_VAR_SCRIPT_HANDLE);
+	ejsDefineStringCFunction(-1, "getDomainList", ejs_domain_list, NULL, MPR_VAR_SCRIPT_HANDLE);
+	ejsDefineStringCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE);
 }
--- a/swat/login.esp
+++ b/swat/login.esp
@ -6,12 +6,15 @@ if (request['SESSION_EXPIRED'] == "True") {
   write("<b>Your session has expired - please authenticate again<br /></b>\n");
 }

-var f = FormObj("login", 2, 1);
+var f = FormObj("login", 3, 1);
 f.element[0].label = "Username";
 f.element[0].value = form['Username'];
 f.element[1].label = "Password";
 f.element[1].value = form['Password'];
 f.element[1].type  = "password";
+f.element[2].label = "Domain";
+f.element[2].type  = "select";
+f.element[2].list  = getDomainList();
 f.submit[0] = "Login";

 display_form(f);
@ -19,20 +22,28 @@ display_form(f);

 <%
 	if (request.REQUEST_METHOD == "POST") {
-		/* for now just authenticate everyone */
-		session.AUTHENTICATED = true;
-		session.authinfo = new Object();

-		session.authinfo.username = form.Username;
+		auth = userAuth(form.Username, form.Password, form.Domain);
+		if (auth.result) {

-		/* if the user was asking for the login page, then now
-		   redirect them to the main page. Otherwise just
-		   redirect them to the current page, which will now
-		   show its true content */
-		if (request.REQUEST_URI == "/login.esp") {
-		   redirect(session_uri("/"));
+			/* for now just authenticate everyone */
+			session.AUTHENTICATED = true;
+			session.authinfo = new Object();
+
+			session.authinfo.username = auth.username;
+			session.authinfo.domain = auth.domain;
+
+			/* if the user was asking for the login page, then now
+			   redirect them to the main page. Otherwise just
+			   redirect them to the current page, which will now
+			   show its true content */
+			if (request.REQUEST_URI == "/login.esp") {
+			   redirect(session_uri("/"));
+			} else {
+			   redirect(session_uri(request.REQUEST_URI));
+			}
 		} else {
-		   redirect(session_uri(request.REQUEST_URI));
+			write("<b>Login failed - please try again<br /></b>\n");
 		}
 	}
 %>