| blob | 57fbd7aaacda0a48652a445100800b5379c6dae7 |
1 <%
2 libinclude("auth.js");
4 /* Return true to allow access; false otherwise */
5 function json_authenticate(serviceComponents, method, scriptTransportId, error)
6 {
7 // Don't allow any access via ScriptTransport, for now. There are serious
8 // potential security exploits that will need to be protected against when
9 // we do want to allow use of ScriptTransport. -- djl
10 if (scriptTransportId != jsonrpc.Constant.ScriptTransport.NotInUse)
11 {
12 error.setError(jsonrpc.Constant.ServerError.PermissionDenied,
13 "Permission denied");
14 return false;
15 }
17 // Does the requested method require authentication?
18 if (! _authentication_required(serviceComponents, method))
19 {
20 // Nope. Let 'em in.
21 return true;
22 }
24 // Did our session expire?
25 if (request['SESSION_EXPIRED'] == "True")
26 {
27 // Yup.
28 error.setError(jsonrpc.Constant.ServerError.SessionExpired,
29 "Session expired");
30 error.setInfo(getDomainList());
31 return false;
32 }
34 // Are we authenticated?
35 if (! session.AUTHENTICATED)
36 {
37 // Nope.
38 error.setError(jsonrpc.Constant.ServerError.NotLoggedIn,
39 "Not logged in");
40 error.setInfo(getDomainList());
41 return false;
42 }
44 return true;
45 }
48 /*
49 * Return true if authentication is required for the specified method;
50 * false otherwise.
51 */
52 function _authentication_required(serviceComponents, method)
53 {
54 var m = join(".", serviceComponents) + "." + method;
56 // See if this method requires authentication
57 if (m == "samba.system.login" ||
58 m == "samba.system.logout")
59 {
60 // Nope.
61 return false;
62 }
64 // Anything not listed above requires authentication
65 return true;
66 }
68 /*
69 * Local Variables:
70 * mode: c
71 * End:
72 */
73 %>