diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-05-01 20:49:59 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-05-01 20:49:59 +0000 |
commit | fbda79f377ffbad71b38d2ddf273913dc95ab177 (patch) | |
tree | cac8faf1dc9d33aa5044140b32f0eba8d2cea3b2 /lib | |
parent | 21b0abee37316cd578a984c3de0ec878a8b41f72 (diff) | |
download | acf-core-fbda79f377ffbad71b38d2ddf273913dc95ab177.tar.bz2 acf-core-fbda79f377ffbad71b38d2ddf273913dc95ab177.tar.xz |
Modified roles, logon, and authenticator
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1095 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'lib')
-rw-r--r-- | lib/authenticator-plaintext.lua | 137 | ||||
-rw-r--r-- | lib/roles.lua | 33 |
2 files changed, 94 insertions, 76 deletions
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua index b8cf598..c68ec2b 100644 --- a/lib/authenticator-plaintext.lua +++ b/lib/authenticator-plaintext.lua @@ -57,39 +57,6 @@ pvt.get_id = function(userid, authstruct) return nil end ---- public methods - --- This function returns true or false, and --- if false: the reason for failure -authenticate = function ( self, userid, password ) - password = password or "" - userid = userid or "" - - local t = pvt.parse_authfile(self.conf.confdir .. "/passwd") - - if t == false then - return false, "password file is missing" - else - if userid ~= nil then - local id = pvt.get_id (userid, t) - if id == false or id == nil then - return false, "Userid not found" - end - if id.password ~= password then - return false, "Invalid password" - end - else - return false - end - return true - end -end - -pvt.permission_to_change = function() - --FIXME: Check if user is allowed to change things - return true -end - pvt.weak_password = function(password) -- If password is too short, return false if (#password < 4) then @@ -149,6 +116,35 @@ local validate_settings = function (self, userid, username, password, password_c return true, errormessage end +--- public methods + +-- This function returns true or false, and +-- if false: the reason for failure +authenticate = function ( self, userid, password ) + password = password or "" + userid = userid or "" + + local t = pvt.parse_authfile(self.conf.confdir .. "/passwd") + + if t == false then + return false, "password file is missing" + end + + if userid ~= nil then + local id = pvt.get_id (userid, t) + if id == false or id == nil then + return false, "Userid not found" + end + if id.password ~= fs.md5sum_string(password) then + return false, "Invalid password" + end + else + return false + end + + return true +end + -- This function returns the username and roles -- or false on an error get_userinfo = function ( self, userid ) @@ -183,18 +179,27 @@ list_users = function (self) end end + list_roles = function (self) local output = {"CREATE","UPDATE","DELETE","READ"} return output end -change_settings = function (self, userid, parameter, value) +change_setting = function (self, userid, parameter, value) + local result = true local errormessage = {} - local passwd_path = self.conf.confdir .. "/passwd" - -- We start by checking if user is allowed to do changes - if not (pvt.permission_to_change) then - errormessage.permissions = "No permission to change!" + -- Get the current user info + local userinfo = get_userinfo(self, userid) + if userinfo == nil then + errormessage.userid = "This userid does not exist!" + result = false + end + + -- Check if user entered available commands + if not (userid) or not (parameter) or not (pvt.availablefields(parameter)) or not (value) then + errormessage.userid = "You need to enter valid userid, parameter and value!" + result = false end -- Check if userid already used @@ -202,52 +207,34 @@ change_settings = function (self, userid, parameter, value) for k,v in pairs(list_users(self)) do if (v == value) then errormessage.userid = "This userid already exists!" + result = false end end end - -- Check if user entered available commands - if not (userid) or not (parameter) or not (pvt.availablefields(parameter)) then - errormessage.userid = "You need to enter valid userid, parameter and value!" - end - - -- Check if password is weak - if (parameter == "password") then - local weak_password_result, weak_password_errormessage = pvt.weak_password(value) - if (weak_password_result) then - errormessage.password = weak_password_errormessage + if result == true then + -- Validate parameter + userinfo[parameter] = value + local password, password_confirm + if (parameter == "password") then + userinfo.password = fs.md5sum_string(value) + password = value + password_confirm = value end + result, errormessage = validate_settings(self, username.userid, userinfo.username, password, password_confirm, userinfo.roles) end - -- Return false if some errormessages is set - for k,v in pairs(errormessage) do - return false, errormessage - end - - -- If the parameter is password, then scramble the password - if (parameter == "password") then - value = fs.md5sum_string(value) - end + -- Write the updated user + if (result == true) then + delete_user(self, userid) - local passwdfilecontent = fs.read_file_as_array(passwd_path) - local changes - for k,v in pairs(passwdfilecontent) do - if ( string.match(v, "^".. userid .. ":") ) then - changes = {} - -- Get current values - changes.userid, changes.password, changes.username, changes.roles = - string.match(v, "([^:]*):([^:]*):([^:]*):(.*)") - -- Actually change the value (remove all ':') - changes[parameter] = string.gsub(value, ":", "") - -- Update the table with the new values - passwdfilecontent[k] = changes.userid .. ":" .. changes.password .. ":".. changes.username .. ":" .. changes.roles - end + -- Set path to passwordfile + local passwd_path = self.conf.confdir .. "/passwd" + -- Write the newline into the file + fs.write_line_file(passwd_path, userinfo.userid .. ":" .. userinfo.password .. ":" .. userinfo.username .. ":" .. table.concat(userinfo.roles,",") ) end - - --Write changes to file - fs.write_file(passwd_path, table.concat(passwdfilecontent,"\n")) - return true + return result, errormessage end -- For an existing user, change the settings that are non-nil @@ -278,7 +265,7 @@ change_settings = function (self, userid, username, password, password_confirm, end userinfo.roles = roles or userinfo.roles - -- write the updated user + -- Write the updated user delete_user(self, userid) -- Set path to passwordfile diff --git a/lib/roles.lua b/lib/roles.lua index 806be67..768e96f 100644 --- a/lib/roles.lua +++ b/lib/roles.lua @@ -48,7 +48,7 @@ get_controllers_func = function(self,controller_info) temp1 = {} for a,b in pairs(temp) do local c = string.match(a,"mvc") or string.match(a,"^_") - if c == nil then + if c == nil and type(temp[a])=="function" then temp1[#temp1 +1] = a end end @@ -106,3 +106,34 @@ get_roles_perm = function(startdir,roles) return permissions end +-- Go through the roles files and determine the permissions for the specified role +get_role_perm = function(startdir,role) + permissions = {} + + -- find all of the roles files and add in the master file + local rolesfiles = get_roles_candidates(startdir) + rolesfiles[#rolesfiles + 1] = "/etc/acf/roles" + + for x,file in ipairs(rolesfiles) do + f = fs.read_file_as_array(file) + for y,line in pairs(f) do + if role == string.match(line,"^[%a]+") then + temp = format.string_to_table(string.match(line,"[,%a:]+$"),",") + for z,perm in pairs(temp) do + local control,action = string.match(perm,"(%a+):(%a+)") + if control then + if nil == permissions[control] then + permissions[control] = {} + end + if action and nil == permissions[control][action] then + permissions[control][action] = {} + end + end + end + end + end + end + + return permissions +end + |