r12746: An initial version of the kludge_acls module.

This should be replaced with real ACLs, which tridge is working on.
In the meantime, the rules are very simple:

- SYSTEM and Administrators can read all.

- Users and anonymous cannot read passwords, can read everything else

- list of 'password' attributes is hard-coded

Most of the difficult work in this was fighting with the C/js
interface to add a system_session() all, as it still doesn't get on
with me :-)

Andrew Bartlett

source/scripting/ejs/smbcalls_auth.c

@@ -157,10 +157,27 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv)
 	return 0;
 }
 
+/*
+  initialise credentials ejs object
+*/
+static int ejs_system_session(MprVarHandle eid, int argc, struct MprVar **argv)
+{
+	struct MprVar *obj = mprInitObject(eid, "session_info", argc, argv);
+	struct auth_session_info *session_info = system_session(mprMemCtx());
+
+	if (session_info == NULL) {
+		return -1;
+	}
+
+	mprSetPtrChild(obj, "session_info", session_info);
+	return 0;
+}
+
 /*
   setup C functions that be called from ejs
 */
 void smb_setup_ejs_auth(void)
 {
 	ejsDefineCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE);
+	ejsDefineCFunction(-1, "system_session", ejs_system_session, NULL, MPR_VAR_SCRIPT_HANDLE);
 }