1
  
2
  
3
  
4
  
5
  
6
  
7
  
8
  
9
  
10
  
11
  
12
  
13
  
14
  
15
  
16
  
17
  
18
  
19
  
20
  
21
  
22
  
23
  
24
  
25
  
26
  
27
  
28
  
29
  
30
  
31
  
32
  
33
  
34
  
35
  
36
  
37
  
38
  
39
  
40
  
41
  
42
  
43
  
44
  
45
  
46
  
47
  
48
  
49
  
50
  
51
  
52
  
53
  
54
  
55
  
56
  
57
  
58
  
59
  
60
  
61
  
62
  
63
  
64
  
65
  
66
  
67
  
68
  
69
  
70
  
71
  
72
  
73
  
74
  
75
  
76
  
77
  
78
  
79
  
80
  
81
  
82
  
83
  
84
  
85
  
86
  
87
  
88
  
89
  
90
  
91
  
92
  
93
  
94
  
#include <module.h> 
inherit "module"; 
// All roxen modules must inherit module.pike 
 
constant cvs_version = "$Id: auth.pike,v 1.2 2000/11/21 19:01:31 per Exp $"; 
constant module_type = MODULE_AUTH; 
constant module_name = "RefDoc for MODULE_AUTH"; 
constant module_doc = #"This module does nothing, but its inlined documentation 
gets imported into the roxen programmer manual. You definetely don't want to use 
this module in your virtual servers, since anybody with access to your admin 
interface or server configuration file automatically gains access to all your 
passwords. For a budding roxen programmer, the module however does show the 
basics of making an authentication module."; 
 
void create() 
{ 
  defvar("users", Variable.StringList(({}), VAR_INITIAL, "Users and Passwords", 
                                      "A list of username:password pairs the " 
                                      "module should grant access for.")); 
} 
 
array|int auth(array(string) auth, RequestID id) 
//! The auth method of your MODULE_AUTH type module is called when the 
//! browser sent either of the <tt>Authorization</tt> or 
//! <tt>Proxy-Authorization</tt> HTTP headers (see RFC 2617). 
//! 
//! The auth argument passed is calculated as header_content/" ", but 
//! where the second element is base64-decoded (meaning that you won't 
//! need to do so yourself). A typical auth array you might receive 
//! could look like <tt>({ "Basic", "Aladdin:open sesame" })</tt>, 
//! where Aladdin would be the user name the client logged in with, 
//! and "open sesame" his password. 
//! 
//! The three elements in the returned array are, in order: 
//! 
//! o an int(0..1) signifying authentication failure (0) or success (1) 
//! 
//! o a string with the username (authenticated or not) 
//! 
//! o when failed, a string with the password used for the failed 
//!   authentication attempt, otherwise the integer zero. 
//! 
//! See also <ref>Roxen.http_auth_required()</ref> and 
//! <ref>Roxen.http_proxy_auth_required()</ref>. 
{ 
  sscanf(auth[1], "%s:%s", string user, string password); 
  int successful_auth = has_value(query("users"), auth[1]); 
  return ({ 
            successful_auth, 
            user, 
            !successful_auth && password 
          }); 
} 
 
string user_from_uid(int uid, RequestID|void id) 
//! Return the login name of the user with uid `uid'. 
{ 
  return uid->digits(256); // Try 512852583713->digits(256), for instance. :-) 
} 
 
array(string) userlist(RequestID|void id) 
//! Return an array of all valid user names. 
{ 
  return Array.transpose(map(query("users"), `/, ":"))[0][0]; 
} 
 
array(string|int) userinfo(string user, RequestID|void id) 
//! Return /etc/passwd-style user information for the user whose login name is 
//! `user'. The returned array consists of: 
//! 
//! <pre>({ login name, 
//!     crypted password, 
//!     used id, 
//!     group id, 
//!     name, 
//!     homedirectory, 
//!     login shell 
//! })</pre> 
//! 
//! All entries should be strings, except uid and gid, who should be integers. 
{ 
  string passwd, name = "J. Random Hacker", homedir, shell = "/bin/zsh"; 
  int uid, gid; 
  array(string) matching_users = glob(user + ":*", query("users")); 
  if(!sizeof(matching_users)) 
    return 0; 
  sscanf(matching_users[0], "%*s:%s", passwd); 
  sscanf(user, "%"+sizeof(user)+"c", uid); 
  gid = uid; 
  homedir = "/home/" + user; 
  return ({ user, crypt(passwd), uid, gid, name, homedir, shell }); 
}