From fbda79f377ffbad71b38d2ddf273913dc95ab177 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Thu, 1 May 2008 20:49:59 +0000 Subject: Modified roles, logon, and authenticator git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1095 ab2d0c66-481e-0410-8bed-d214d4d58bed --- lib/authenticator-plaintext.lua | 137 ++++++++++++++++++---------------------- 1 file changed, 62 insertions(+), 75 deletions(-) (limited to 'lib/authenticator-plaintext.lua') diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua index b8cf598..c68ec2b 100644 --- a/lib/authenticator-plaintext.lua +++ b/lib/authenticator-plaintext.lua @@ -57,39 +57,6 @@ pvt.get_id = function(userid, authstruct) return nil end ---- public methods - --- This function returns true or false, and --- if false: the reason for failure -authenticate = function ( self, userid, password ) - password = password or "" - userid = userid or "" - - local t = pvt.parse_authfile(self.conf.confdir .. "/passwd") - - if t == false then - return false, "password file is missing" - else - if userid ~= nil then - local id = pvt.get_id (userid, t) - if id == false or id == nil then - return false, "Userid not found" - end - if id.password ~= password then - return false, "Invalid password" - end - else - return false - end - return true - end -end - -pvt.permission_to_change = function() - --FIXME: Check if user is allowed to change things - return true -end - pvt.weak_password = function(password) -- If password is too short, return false if (#password < 4) then @@ -149,6 +116,35 @@ local validate_settings = function (self, userid, username, password, password_c return true, errormessage end +--- public methods + +-- This function returns true or false, and +-- if false: the reason for failure +authenticate = function ( self, userid, password ) + password = password or "" + userid = userid or "" + + local t = pvt.parse_authfile(self.conf.confdir .. "/passwd") + + if t == false then + return false, "password file is missing" + end + + if userid ~= nil then + local id = pvt.get_id (userid, t) + if id == false or id == nil then + return false, "Userid not found" + end + if id.password ~= fs.md5sum_string(password) then + return false, "Invalid password" + end + else + return false + end + + return true +end + -- This function returns the username and roles -- or false on an error get_userinfo = function ( self, userid ) @@ -183,18 +179,27 @@ list_users = function (self) end end + list_roles = function (self) local output = {"CREATE","UPDATE","DELETE","READ"} return output end -change_settings = function (self, userid, parameter, value) +change_setting = function (self, userid, parameter, value) + local result = true local errormessage = {} - local passwd_path = self.conf.confdir .. "/passwd" - -- We start by checking if user is allowed to do changes - if not (pvt.permission_to_change) then - errormessage.permissions = "No permission to change!" + -- Get the current user info + local userinfo = get_userinfo(self, userid) + if userinfo == nil then + errormessage.userid = "This userid does not exist!" + result = false + end + + -- Check if user entered available commands + if not (userid) or not (parameter) or not (pvt.availablefields(parameter)) or not (value) then + errormessage.userid = "You need to enter valid userid, parameter and value!" + result = false end -- Check if userid already used @@ -202,52 +207,34 @@ change_settings = function (self, userid, parameter, value) for k,v in pairs(list_users(self)) do if (v == value) then errormessage.userid = "This userid already exists!" + result = false end end end - -- Check if user entered available commands - if not (userid) or not (parameter) or not (pvt.availablefields(parameter)) then - errormessage.userid = "You need to enter valid userid, parameter and value!" - end - - -- Check if password is weak - if (parameter == "password") then - local weak_password_result, weak_password_errormessage = pvt.weak_password(value) - if (weak_password_result) then - errormessage.password = weak_password_errormessage + if result == true then + -- Validate parameter + userinfo[parameter] = value + local password, password_confirm + if (parameter == "password") then + userinfo.password = fs.md5sum_string(value) + password = value + password_confirm = value end + result, errormessage = validate_settings(self, username.userid, userinfo.username, password, password_confirm, userinfo.roles) end - -- Return false if some errormessages is set - for k,v in pairs(errormessage) do - return false, errormessage - end - - -- If the parameter is password, then scramble the password - if (parameter == "password") then - value = fs.md5sum_string(value) - end + -- Write the updated user + if (result == true) then + delete_user(self, userid) - local passwdfilecontent = fs.read_file_as_array(passwd_path) - local changes - for k,v in pairs(passwdfilecontent) do - if ( string.match(v, "^".. userid .. ":") ) then - changes = {} - -- Get current values - changes.userid, changes.password, changes.username, changes.roles = - string.match(v, "([^:]*):([^:]*):([^:]*):(.*)") - -- Actually change the value (remove all ':') - changes[parameter] = string.gsub(value, ":", "") - -- Update the table with the new values - passwdfilecontent[k] = changes.userid .. ":" .. changes.password .. ":".. changes.username .. ":" .. changes.roles - end + -- Set path to passwordfile + local passwd_path = self.conf.confdir .. "/passwd" + -- Write the newline into the file + fs.write_line_file(passwd_path, userinfo.userid .. ":" .. userinfo.password .. ":" .. userinfo.username .. ":" .. table.concat(userinfo.roles,",") ) end - - --Write changes to file - fs.write_file(passwd_path, table.concat(passwdfilecontent,"\n")) - return true + return result, errormessage end -- For an existing user, change the settings that are non-nil @@ -278,7 +265,7 @@ change_settings = function (self, userid, username, password, password_confirm, end userinfo.roles = roles or userinfo.roles - -- write the updated user + -- Write the updated user delete_user(self, userid) -- Set path to passwordfile -- cgit v1.2.3