* libs/web: Reworked authentication

libs/httpd/host/runluci

@@ -23,6 +23,9 @@ if pcall(require, "uci") and pcall(require, "luci.model.uci") then
 	luci.model.uci.set_confdir(luci.model.uci.confdir_default)
 end
 
+require("luci.sys")
+luci.sys.user.checkpasswd = function() return true end
+
 
 filehandler = luci.httpd.handler.file.Simple(DOCROOT)
 vhost:set_default_handler(filehandler)

libs/httpd/luasrc/httpd/handler/luci.lua

@@ -32,7 +32,6 @@ end
 
 function Luci.handle_head(self, ...)
 	local response, sourceout = self:handle_get(...)
-	self.running = self.running - 1
 	return response
 end
 
@@ -67,7 +66,6 @@ function Luci.handle_get(self, request, sourcein, sinkerr)
 			status = 500
 			headers["Content-Type"] = "text/plain"
 			local err = {id}
-			self.running = self.running - 1
 			return Response( status, headers ), function() return table.remove(err) end
 		end
 

libs/sys/luasrc/sys.lua

@@ -295,10 +295,7 @@ user.getuser = posix.getpasswd
 function user.checkpasswd(username, password)
 	local account = user.getuser(username)
 
-	-- FIXME: detect testing environment
-	if luci.fs.stat("/etc/shadow") and not luci.fs.access("/etc/shadow", "r") then
-		return true
-	elseif account then
+	if account then
 		if account.passwd == "!" then
 			return true
 		else

libs/web/luasrc/dispatcher.lua

@@ -33,6 +33,8 @@ require("luci.fs")
 
 context = luci.util.threadlocal()
 
+authenticator = {}
+
 -- Index table
 local index = nil
 
@@ -76,25 +78,20 @@ function error500(message)
 	return false
 end
 
---- Render and evaluate the system authentication login form.
--- @param default	Default username
--- @return			Authentication status
-function sysauth(default)
+function authenticator.htmlauth(validator, default)
 	local user = luci.http.formvalue("username")
 	local pass = luci.http.formvalue("password")
 	
-	if user and luci.sys.user.checkpasswd(user, pass) then
-		local sid = luci.sys.uniqueid(16)
-		luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
-		luci.sauth.write(sid, user)
-		return true
-	else
+	if user and validator(user, pass) then
+		return user
+	end
+	
 	require("luci.i18n")
 	require("luci.template")
 	context.path = {}
 	luci.template.render("sysauth", {duser=default, fuser=user})
 	return false
-	end
+	
 end
 
 --- Dispatch an HTTP request.
@@ -172,13 +169,23 @@ function dispatch(request)
 	
 	if track.sysauth then
 		require("luci.sauth")
+		local authen = authenticator[track.sysauth_authenticator]
 		local def  = (type(track.sysauth) == "string") and track.sysauth
 		local accs = def and {track.sysauth} or track.sysauth
 		local user = luci.sauth.read(luci.http.getcookie("sysauth"))
 		
-		
 		if not luci.util.contains(accs, user) then
-			if not sysauth(def) then
+			if authen then
+				local user = authen(luci.sys.user.checkpasswd, def)
+				if not user or not luci.util.contains(accs, user) then
+					return
+				else
+					local sid = luci.sys.uniqueid(16)
+					luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
+					luci.sauth.write(sid, user)
+				end
+			else
+				luci.http.status(403, "Forbidden")
 				return
 			end
 		end

modules/admin-full/luasrc/controller/admin/index.lua

@@ -30,6 +30,7 @@ function index()
 	page.order   = 10
 	page.i18n    = "admin-core"
 	page.sysauth = "root"
+	page.sysauth_authenticator = "htmlauth"
 	page.ucidata = true
 	
 	local page  = node("admin", "index")

modules/admin-mini/luasrc/controller/mini/index.lua

@@ -29,6 +29,7 @@ function index()
 	local page   = entry({"mini"}, alias("mini", "index"), i18n("essentials", "Essentials"), 10)
 	page.i18n    = "admin-core"
 	page.sysauth = "root"
+	page.sysauth_authenticator = "htmlauth"
 	page.ucidata = true
 	
 	entry({"mini", "index"}, alias("mini", "index", "index"), i18n("overview"), 10)