d69ba52001-09-03Martin Nilsson // This is a roxen module. Copyright © 2000 - 2001, Roxen IS.
3c28482000-08-28Johan Sundström #include <module.h> inherit "module"; // All roxen modules must inherit module.pike
79ca872000-11-24Per Hedbor // Some defines for the translation system // //<locale-token project="mod_auth">LOCALE</locale-token> #define LOCALE(X,Y) _DEF_LOCALE("mod_auth",X,Y) // end of the locale related stuff
d69ba52001-09-03Martin Nilsson constant cvs_version = "$Id: auth.pike,v 1.7 2001/09/03 18:05:10 nilsson Exp $";
3c28482000-08-28Johan Sundström constant module_type = MODULE_AUTH;
f0d6942001-01-29Per Hedbor LocaleString module_name = LOCALE(1,"RefDoc for MODULE_AUTH"); LocaleString module_doc =
de9ca82000-11-27Per Hedbor  LOCALE(2,"This module does nothing, but its inlined documentation "
79ca872000-11-24Per Hedbor  "gets imported into the roxen programmer manual. You definetely " "don't want to use this module in your virtual servers, since " "anybody with access to your admin interface or server configuration " " file automatically gains access to all yourpasswords. For a " " budding roxen programmer, the module however does show the " " basics of making an authentication module.");
3c28482000-08-28Johan Sundström  void create() {
79ca872000-11-24Per Hedbor  defvar("users", Variable.StringList(({}), VAR_INITIAL,
de9ca82000-11-27Per Hedbor  LOCALE(3,"Users and Passwords"), LOCALE(4,"A list of username:password "
79ca872000-11-24Per Hedbor  "pairs the module should grant "
4d082b2000-12-02Per Hedbor  "access for.")));
3c28482000-08-28Johan Sundström } array|int auth(array(string) auth, RequestID id) //! The auth method of your MODULE_AUTH type module is called when the //! browser sent either of the <tt>Authorization</tt> or //! <tt>Proxy-Authorization</tt> HTTP headers (see RFC 2617). //! //! The auth argument passed is calculated as header_content/" ", but //! where the second element is base64-decoded (meaning that you won't //! need to do so yourself). A typical auth array you might receive //! could look like <tt>({ "Basic", "Aladdin:open sesame" })</tt>, //! where Aladdin would be the user name the client logged in with, //! and "open sesame" his password. //! //! The three elements in the returned array are, in order: //! //! o an int(0..1) signifying authentication failure (0) or success (1) //! //! o a string with the username (authenticated or not) //! //! o when failed, a string with the password used for the failed //! authentication attempt, otherwise the integer zero. //! //! See also <ref>Roxen.http_auth_required()</ref> and //! <ref>Roxen.http_proxy_auth_required()</ref>. { sscanf(auth[1], "%s:%s", string user, string password); int successful_auth = has_value(query("users"), auth[1]); return ({ successful_auth, user, !successful_auth && password }); } string user_from_uid(int uid, RequestID|void id) //! Return the login name of the user with uid `uid'. { return uid->digits(256); // Try 512852583713->digits(256), for instance. :-) } array(string) userlist(RequestID|void id) //! Return an array of all valid user names. { return Array.transpose(map(query("users"), `/, ":"))[0][0]; } array(string|int) userinfo(string user, RequestID|void id) //! Return /etc/passwd-style user information for the user whose login name is //! `user'. The returned array consists of: //! //! <pre>({ login name, //! crypted password, //! used id, //! group id, //! name, //! homedirectory, //! login shell //! })</pre> //! //! All entries should be strings, except uid and gid, who should be integers. {
99e48d2000-11-21Per Hedbor  string passwd, name = "J. Random Hacker", homedir, shell = "/bin/zsh";
3c28482000-08-28Johan Sundström  int uid, gid; array(string) matching_users = glob(user + ":*", query("users")); if(!sizeof(matching_users)) return 0; sscanf(matching_users[0], "%*s:%s", passwd); sscanf(user, "%"+sizeof(user)+"c", uid); gid = uid; homedir = "/home/" + user; return ({ user, crypt(passwd), uid, gid, name, homedir, shell }); }