* libs/web: Switched from HTTP-Basic-Auth to Session-Auth

* Updated Makefiles for better testing environment integration * Fixed libs/sgi-luci
2008-06-28 16:03:54 +00:00 · 2008-06-28 16:03:54 +00:00 · 00aceaf624
commit 00aceaf624
parent 7f56bf9475
17 changed files with 116 additions and 71 deletions
--- a/4
+++ b/4
@ -35,10 +35,14 @@ hostcopy:
 	ln -s .$(LUCI_MODULEDIR) host/luci

 runboa: host
+	export LUA_PATH="`pwd`/host$(LUCI_MODULEDIR);;"
+	export LUA_CPATH="`pwd`/host$(LUCI_LIBRARYDIR);;"
 	libs/sgi-webuci/host/buildconfig.sh `pwd`/host  > host/etc/boa/boa.conf
 	./host/usr/bin/boa -c ./host/etc/boa -d

 runluci: luahost
+	export LUA_PATH="`pwd`/host$(LUCI_MODULEDIR);;"
+	export LUA_CPATH="`pwd`/host$(LUCI_LIBRARYDIR);;"
 	libs/httpd/host/runluci host$(HTDOCS)

 hostclean: clean
--- a/i18n/english/luasrc/i18n/default.en.lua
+++ b/i18n/english/luasrc/i18n/default.en.lua
@ -46,6 +46,7 @@ key = "Key"
 language = "Language"
 limit = "Limit"
 load = "Load"
+login = "Login"

 macaddress = "MAC-Address"
 manpage = "see '%s' manpage"
--- a/i18n/english/luasrc/i18n/sysauth.en.lua
+++ b/i18n/english/luasrc/i18n/sysauth.en.lua
@ -0,0 +1,3 @@
+sysauth_head = "Authorization Required"
+sysauth_prompt = "Please enter your username and password."
+sysauth_failed = "Invalid username and/or password! Please try again."
--- a/i18n/german/luasrc/i18n/default.de.lua
+++ b/i18n/german/luasrc/i18n/default.de.lua
@ -40,6 +40,8 @@ ipaddress = "IP-Adresse"

 legend = "Legende"
 library = "Bibliothek"
+load = "Last"
+login = "Anmelden"

 key = "Schlüssel"

--- a/i18n/german/luasrc/i18n/sysauth.de.lua
+++ b/i18n/german/luasrc/i18n/sysauth.de.lua
@ -0,0 +1,3 @@
+sysauth_head = "Autorisation benötigt"
+sysauth_prompt = "Bitte Benutzernamen und Passwort eingeben."
+sysauth_failed = "Ungültiger Benutzername und/oder ungültiges Passwort! Bitte nocheinmal versuchen."
--- a/libs/core/luasrc/fs.lua
+++ b/libs/core/luasrc/fs.lua
@ -28,6 +28,9 @@ module("luci.fs", package.seeall)

 require("posix")

+-- Access
+access = posix.access
+
 -- Glob
 glob = posix.glob

--- a/libs/core/luasrc/sys.lua
+++ b/libs/core/luasrc/sys.lua
@ -285,10 +285,18 @@ user = {}
 user.getuser = posix.getpasswd

 -- checks whether a string matches the password of a certain system user
-function user.checkpasswd(user, password)
-	local account = user.getuser(user)
-	if posix.crypt and account then
-		return (account.passwd == posix.crypt(account.passwd, password))
+function user.checkpasswd(username, password)
+	local account = user.getuser(username)
+	
+	-- FIXME: detect testing environment
+	if luci.fs.isfile("/etc/shadow") and not luci.fs.access("/etc/shadow", "r") then
+		return true
+	elseif account then
+		if account.passwd == "!" then
+			return true
+		else
+			return (account.passwd == posix.crypt(account.passwd, password))
+		end
 	end
 end
 	
--- a/libs/sgi-cgi/ipkg/postinst
+++ b/libs/sgi-cgi/ipkg/postinst
@ -1,10 +0,0 @@
-#!/bin/sh
-PATTERNS='/cgi-bin/luci/admin:root:$p$root'
-
-for i in $PATTERNS
-do
-	grep "$i" ${IPKG_INSTROOT}/etc/httpd.conf >/dev/null 2>/dev/null || echo "$i" >> ${IPKG_INSTROOT}/etc/httpd.conf
-done 
-
-[ -n "${IPKG_INSTROOT}" ] || /etc/init.d/httpd restart
-
--- a/libs/sgi-cgi/luasrc/sgi/cgi.lua
+++ b/libs/sgi-cgi/luasrc/sgi/cgi.lua
@ -47,7 +47,7 @@ function run()
 			print(id)
 			break;
 		end
-		
+
 		if id == 1 then
 			io.write("Status: " .. tostring(data1) .. " " .. data2 .. "\n")
 		elseif id == 2 then
--- a/libs/sgi-luci/root/usr/bin/luci-httpd
+++ b/libs/sgi-luci/root/usr/bin/luci-httpd
@ -27,7 +27,5 @@ vhost:set_handler("/luci", lucihandler)
 io.stderr:write("Starting LuCI HTTPD on port " .. PORT .. "...\n")
 io.stderr:write("Point your browser to http://localhost:" .. PORT .. "/luci\n")

-daemon = luci.httpd.Daemon()
--daemon.debug = true
-daemon:register(serversocket, server:create_daemon_handlers())
-daemon:run()
+luci.httpd.register(serversocket, server:create_daemon_handlers())
+luci.httpd.run()
--- a/libs/web/luasrc/dispatcher.lua
+++ b/libs/web/luasrc/dispatcher.lua
@ -43,18 +43,6 @@ function build_url(...)
 	return luci.http.getenv("SCRIPT_NAME") .. "/" .. table.concat(arg, "/")
 end

-- Prints an error message or renders the "error401" template if available
-function error401(message)
-	message = message or "Unauthorized"
-
-	require("luci.template")
-	if not luci.util.copcall(luci.template.render, "error401") then
-		luci.http.prepare_content("text/plain")
-		luci.http.write(message)
-	end
-	return false
-end
-
 -- Sends a 404 error code and renders the "error404" template if available
 function error404(message)
 	luci.http.status(404, "Not Found")
@ -80,6 +68,25 @@ function error500(message)
 	return false
 end

+-- Renders an authorization form
+function sysauth(default)
+	local user = luci.http.formvalue("username")
+	local pass = luci.http.formvalue("password")
+	
+	if user and luci.sys.user.checkpasswd(user, pass) then
+		local sid = luci.sys.uniqueid(16)
+		luci.http.header("Set-Cookie", "sysauth=" .. sid)
+		luci.sauth.write(sid, user)
+		return true
+	else
+		require("luci.i18n")
+		require("luci.template")
+		context.path = {}
+		luci.template.render("sysauth", {duser=default, fuser=user})
+		return false
+	end
+end
+
 -- Creates a request object for dispatching
 function httpdispatch(request)
 	luci.http.context.request = request
@ -119,34 +126,9 @@ function dispatch(request)
 		end
 	end

-	if track.sysauth then
-		local accs = track.sysauth
-		accs = (type(accs) == "string") and {accs} or accs
-		
-		--[[
-		local function sysauth(user, password)
-			return (luci.util.contains(accs, user)
-				and luci.sys.user.checkpasswd(user, password)) 
-		end
-		
-		if not luci.http.basic_auth(sysauth) then
-			error401()
-			return
-		end
-		]]--
-	end
-
 	if track.i18n then
 		require("luci.i18n").loadc(track.i18n)
 	end
-
-	if track.setgroup then
-		luci.sys.process.setgroup(track.setgroup)
-	end
-
-	if track.setuser then
-		luci.sys.process.setuser(track.setuser)
-	end
 	
 	-- Init template engine
 	local tpl = require("luci.template")
@ -159,6 +141,27 @@ function dispatch(request)
 	viewns.resource    = luci.config.main.resourcebase
 	viewns.REQUEST_URI = luci.http.getenv("SCRIPT_NAME") .. (luci.http.getenv("PATH_INFO") or "")
 	
+	if track.sysauth then
+		require("luci.sauth")
+		local def  = (type(track.sysauth) == "string") and track.sysauth
+		local accs = def and {track.sysauth} or track.sysauth
+		local user = luci.sauth.read(luci.http.getcookie("sysauth"))
+		
+		
+		if not luci.util.contains(accs, user) then
+			if not sysauth(def) then
+				return
+			end
+		end
+	end
+
+	if track.setgroup then
+		luci.sys.process.setgroup(track.setgroup)
+	end
+
+	if track.setuser then
+		luci.sys.process.setuser(track.setuser)
+	end

 	if c and type(c.target) == "function" then
 		context.dispatched = c
--- a/libs/web/luasrc/http.lua
+++ b/libs/web/luasrc/http.lua
@ -51,13 +51,13 @@ function Request.__init__(self, env, sourcein, sinkerr)
 	self.parsed_input = false
 end

-function Request.formvalue(self, name, default)
+function Request.formvalue(self, name)
 	if not self.parsed_input then
 		self:_parse_input()
 	end
 	
 	if name then
-		return self.message.params[name] and tostring(self.message.params[name]) or default
+		return self.message.params[name]
 	else
 		return self.message.params
 	end
@ -84,7 +84,7 @@ end
 function Request.getcookie(self, name)
  local c = string.gsub(";" .. (self:getenv("HTTP_COOKIE") or "") .. ";", "%s*;%s*", ";")
  local p = ";" .. name .. "=(.-);"
-  local i, j, value = cookies:find(p)
+  local i, j, value = c:find(p)
  return value and urldecode(value)
 end

@ -130,6 +130,10 @@ function formvaluetable(...)
 	return context.request:formvaluetable(...)
 end

+function getcookie(...)
+	return context.request:getcookie(...)
+end
+
 function getvalue(...)
 	return context.request:getvalue(...)
 end
@ -147,9 +151,6 @@ function setfilehandler(...)
 end

 function header(key, value)
-	if not context.status then
-		status()
-	end
 	if not context.headers then
 		context.headers = {}
 	end
@ -187,7 +188,7 @@ function write(content)
 end

 function redirect(url)
-	header("Status", "302 Found")
+	status(302, "Found")
 	header("Location", url)
 	close()
 end
--- a/libs/web/luasrc/i18n.lua
+++ b/libs/web/luasrc/i18n.lua
@ -71,10 +71,10 @@ function setlanguage(lang)
 end

 -- Returns the i18n-value defined by "key" or if there is no such: "default"
-function translate(key, default)
+function translate(key, def)
 	return (table[context.lang] and table[context.lang][key])
 		or (table[default] and table[default][key])
-		or default
+		or def
 end

 -- Translate shourtcut with sprintf/string.format inclusion
--- a/libs/web/luasrc/sauth.lua
+++ b/libs/web/luasrc/sauth.lua
@ -19,7 +19,7 @@ require("luci.config")

 luci.config.sauth = luci.config.sauth or {}
 sessionpath = luci.config.sauth.sessionpath
-sessiontime = luci.config.sauth.sessiontime
+sessiontime = tonumber(luci.config.sauth.sessiontime)


 function clean()
@ -30,7 +30,7 @@ function clean()
 		return nil
 	end
 	
-	for i, file in files do
+	for i, file in pairs(files) do
 		local fname = sessionpath .. "/" .. file
 		local stat = luci.fs.stat(fname)
 		if stat and stat.type == "regular" and stat.atime + sessiontime < now then
@ -41,11 +41,14 @@ end

 function prepare()
 	luci.fs.mkdir(sessionpath)
-	luci.fs.chmod(sessionpath, "a-rwx,u+rw")
+	luci.fs.chmod(sessionpath, "a-rwx,u+rwx")
 end

 function read(id)
-	cleansessions()
+	if not id then
+		return
+	end
+	clean()
 	return luci.fs.readfile(sessionpath .. "/" .. id)
 end

--- a/modules/admin-core/luasrc/view/sysauth.htm
+++ b/modules/admin-core/luasrc/view/sysauth.htm
@ -0,0 +1,26 @@
+<%+header%>
+<% luci.i18n.loadc("sysauth") %>
+<h1><%:sysauth_head%></h1>
+<p><%:sysauth_prompt%></p>
+<% if fuser then %>
+<div class="error"><%:sysauth_failed%></div>
+<br />
+<% end %>
+<form method="post" action="<%=REQUEST_URI%>">
+		<div class="cbi-section-node">
+			<div class="cbi-value">
+				<div class="cbi-value-title"><%:username%></div>
+				<div class="cbi-value-field"><input type="text" name="username" value="<%=duser%>" /></div>
+			</div>
+			<div class="cbi-value">
+				<div class="cbi-value-title"><%:password%></div>
+				<div class="cbi-value-field"><input type="password" name="password" /></div>
+			</div>
+			<br />
+			<div>
+				<input type="submit" value="<%:login%>" />
+				<input type="reset" value="<%:reset%>" />
+			</div>
+		</div>
+</form>
+<%+footer%>
--- a/themes/fledermaus/luasrc/view/themes/fledermaus/header.htm
+++ b/themes/fledermaus/luasrc/view/themes/fledermaus/header.htm
@ -26,7 +26,7 @@ require("luci.http").prepare_content("text/html")
 	<% if node and node.css then %><link rel="stylesheet" type="text/css" href="<%=resource%>/<%=node.css%>" /><% end %>
 	<meta http-equiv="content-type" content="text/xhtml+xml; charset=utf-8" />
 	<meta http-equiv="content-script-type" content="text/javascript" />
-	<title>LuCI - Lua Configuration Interface - <%=node.title%></title>
+	<title>LuCI - Lua Configuration Interface - <%=(node and node.title)%></title>
 </head>
 <body>
 <div id="header">
--- a/themes/openwrt.org/luasrc/view/themes/openwrt.org/header.htm
+++ b/themes/openwrt.org/luasrc/view/themes/openwrt.org/header.htm
@ -26,7 +26,7 @@ require("luci.http").prepare_content("text/html")
 	<% if node and node.css then %><link rel="stylesheet" type="text/css" href="<%=resource%>/<%=node.css%>" /><% end %>
 	<meta http-equiv="content-type" content="text/xhtml+xml; charset=utf-8" />
 	<meta http-equiv="content-script-type" content="text/javascript" />
-	<title>LuCI - Lua Configuration Interface - <%=node.title%></title>
+	<title>LuCI - Lua Configuration Interface - <%=(node and node.title)%></title>
 </head>
 <body>
 <div id="header">