Apache-Authen-Program
view release on metacpan or search on metacpan
# Apache::Authen::Program allows you to call an external program# that performs username/password authentication in Apache.## Copyright (c) 2002-2004 Mark Leighton Fisher, Fisher's Creek Consulting, LLC## This module is free software; you can redistribute it and/or# modify it under the same terms as Perl itself.packageApache::Authen::Program;usestrict;
$Apache::Authen::Program::VERSION='0.93';subhandler {my$request=shift;# Apache request objectmy@args= ();# authentication program argumentsmy$cmd="";# program command stringmy$i= 0;# counter for @argsmy$ofh="";# output file handle for password temp filemy$password="";# password from Basic Authenticationmy$passfile="";# temporary file containing passwordmy$passtype="";# "File" if communicating password by temp filemy$program="";# authentication program filenamemy$response="";# Apache response objectmy$success="";# success string from authentication programmy$username="";# username from Basic Authentication# get password, decline if not Basic Authentication($response,$password) =$request->get_basic_auth_pw;return$responseif$response;# get username$username=$request->connection->user;if($usernameeq"") {$request->note_basic_auth_failure;$request->log_reason("Apache::Authen::Program - No Username Given",$request->uri);returnAUTH_REQUIRED;}# get authentication program, args, and success string$program=$request->dir_config("AuthenProgram");for($i= 1;$i< 10;$i++) {$args[$i] =$request->dir_config("AuthenProgramArg$i");}$success=$request->dir_config("AuthenProgramSuccess");# write temp. password file on request$passtype=$request->dir_config("AuthenProgramPassword");if($passtypeeq"File") {($ofh,$passfile) = tempfile();if(!defined($ofh) ||$ofheq"") {$request->log_reason("Apache::Authen::Program can't create password file",$request->uri);returnSERVER_ERROR;}chmod(0600,$passfile)||$request->log_reason("Apache::Authen::Program can't chmod 0600 password file '$passfile' because: $!",$request->uri);if(!$ofh$password,"\n") {$request->log_reason("Apache::Authen::Program can't write password file '$ofh'",$request->uri);returnSERVER_ERROR;}if(!close($ofh)) {$request->log_reason("Apache::Authen::Program can't close password file '$ofh'",$request->uri);returnSERVER_ERROR;}$password=$passfile;}# execute command, then examine output for success or failure$cmd="$program '$username' '$password' ";$cmd.=join(' ',@args);my@output= `$cmd`;if($passtypeeq"File") {if(!unlink($passfile)) {$request->log_reason("Apache::Authen::Program can't delete password file '$ofh'",$request->uri);}}if(!grep(/$success/,@output)) {$request->note_basic_auth_failure;$request->log_reason("login failure: ".join(' ',@output),$request->uri);returnAUTH_REQUIRED;}unless(@{$request->get_handlers("PerlAuthzHandler") || []}) {
</Directory>These directives can be used in a .htaccess file as well.directive should follow whatever handler youuse.= head1 DESCRIPTIONThis mod_perl module provides a reasonably general mechanismto perform username/password authentication in Apache bycalling an external program. Authentication by an externalprogram is usefulwhena program can perform an authenticationnot supported by any Apache modules (forexample, cross-domainauthentication is not supported by Apache::NTLM orApache::AuthenSmb, but is supported by Samba's smbclientprogram).You must define the program pathname AuthenProgram and thestandard output success string AuthenProgramSuccess.The first two arguments to the program are the username andeither the password or a temporary filewiththe password,depending on whether AuthenProgramPasswordhasthe value"File"."File"forces sending the password to AuthenProgram through atemporary file to avoid placing passwords on the command line wherethey can be seen by ps(1).Additional program arguments can be passed in the variablesAuthenProgramArg1, AuthenProgramArg2, etc. Up to 9 of thesevariables are supported.The examples/ subdirectoryhassample programsfordoingSamba-based SMB authentication (examples/smblogon),Oracle authentication (examples/oralogon), anda simple example (examples/filelogon) that demonstrates communicatingthe password through a temporary file.If you are using this module please let me know, I'm curious how manypeople there are that need this type of functionality.This module was adapted from Apache::AuthenSmb.=head1 DESIGN NOTESThis module trades off speed for flexibility -- it is notrecommended for use when you need to process lots of
Apache::Authen::Program is a mod_perl module that provides areasonably general mechanism to perform username/passwordauthentication in Apache by calling an external program.Authentication by an external program is usefulwhenaprogram can perform an authentication not supported by anyApache modules (forexample, cross-domain authentication isnot supported by Apache::AuthenNTLM or Apache::AuthenSmb, butis supported by Samba's smbclient program).Installing Apache::Authen::Program follows the normal CPANconvention:perl Makefile.PL
examples/filelogon view on Meta::CPAN
#!/www/perl-5.6.1/bin/perl -Tw# Simple authentication with password sent by file.# ------ pragmasusestrict;# ------ define variablesmy$passfile="";# password filemy$password="";# password for $username from $passfilemy$username="";# username to authenticate with# ------ get username and passwordif(scalar(@ARGV) < 2) {die"usage: file-auth username passwordfile\n";}$ARGV[0] =~ m#([^`']+)#;$username= $1;$ARGV[1] =~ m#([^`']+)#;$passfile= $1;open(IFH,$passfile)||die"FAILURE: can't open password file '$passfile' because: $!\n";$password= <IFH>;chomp($password);close(IFH)||die"FAILURE: can't close password file '$passfile' because: $!\n";if(!defined($password) ||$password=~ m/^\s*$/) {die"FAILURE: missing or empty password\n";}# ------ verify username/passwordif($usernameeq"fred"&&$passwordeq"Scooby-Do!2002") {"OK: File login succeeded.\n";}else{"FAILURE: bad username or password.\n";}
examples/oralogon view on Meta::CPAN
# NOTE: Runs in taint mode because it is usually# invoked by other programs (mainly CGIs).# ------ pragmasusestrict;# ------ define variablesmy$database="";# Oracle TNS database namemy@output= ();# output of SQL*Plus commandmy$password="";# password for $usernamemy$sqlplus# Oracle SQL*Plus interactive query program="/www/oracle/u01/app/oracle/product/7.3.4/bin/sqlplus";my$username="";# Oracle username to authenticate with# ------ force secure PATH$ENV{"PATH"} ="/bin:/usr/bin";# ------ extract username + password + databaseif(scalar(@ARGV) < 3) {die"usage: oralogon username password TNSname\n";}$ARGV[0] =~ m#([^`']+)#;$username= $1;$ARGV[1] =~ m#([^`']+)#;$password= $1;$ARGV[2] =~ m#(([a-zA-Z0-9]|-|\+|_|\.)+)#;$database= $1;# ------ run Oracle SQL*Plus, check that authentication succeeded@output=<<`endSQLPLUS`;$sqlplus$username/$password\@$database<<endCMD$passwordquitendCMDendSQLPLUSif(grep(/Connected to:/,@output)) {"OK: Oracle login succeeded.\n";}else{"FAILURE:\n@output\n";}
examples/smblogon view on Meta::CPAN
# NOTE: Runs in taint mode because it is usually# invoked by other programs (mainly CGIs).# ------ pragmasusestrict;# ------ define variablesmy@output= ();# smbclient output linesmy$password="";# $username's passwordmy$server="";# server NetBIOS namemy$share="";# share on $server (cannot be hidden share)my$smbclient# Samba smbclient pathname="/www/bin/smbclient";my$username="";# user ID for access# ------ verify and untaint arguments$ENV{"PATH"} ="/bin:/usr/bin";if(scalar(@ARGV) < 4) {die"usage: smblogon username password server share\n";}$ARGV[0] =~ m#([^`']+)#;$username= $1;$ARGV[1] =~ m#([^`']+)#;$password= $1;$ARGV[2] =~ m#(([a-zA-Z0-9]|-|\+|_|\.)+)#;$server= $1;$ARGV[3] =~ m#(([a-zA-Z0-9]|-|\+|_|\.)+)#;$share= $1;# ------ test ability to logon to local domain@output= `$smbclient//$server/$share'$password'-U'$username'-c''`;if(!grep(/session setup failed/,@output)&&grep(/Domain=.* OS=.* Server=/,@output)) {"OK: SMB login succeeded.\n";exit0;}else{"FAILURE:\n@output";exit1;}
( run in 0.296 second using v1.01-cache-2.11-cpan-3cd7ad12f66 )