Apache-AuthenNISPlus

 view release on metacpan or  search on metacpan

AuthenNISPlus.pm  view on Meta::CPAN

my $self="Apache::AuthenNISPlus";

sub handler {

   # get request object
   my $r = shift;

   # service only the first internal request
   return OK unless $r->is_initial_req;

   # get password user entered in browser
   my ($res, $sent_pwd) = $r->get_basic_auth_pw;

   # decline if not basic
   return $res if $res;

   # get user name
   my $name = $r->connection->user;

   # blank user name would cause problems
   unless($name){

AuthenNISPlus.pm  view on Meta::CPAN

      $r->log_reason($self . ': no username supplied', $r->uri);
      return AUTH_REQUIRED;
   }

   # load apache config vars
   my $dir_config = $r->dir_config;   

   # get passwd table name
   my $passwd_table = $dir_config->get('NISPlus_Passwd_Table');

   # get user password entry
   my $pwd_table = Net::NISPlus::Table->new($passwd_table);
   unless ($pwd_table){
      $r->note_basic_auth_failure;
      $r->log_reason($self . ': cannot get nis+ passwd table', $r->uri);
      return AUTH_REQUIRED;
   }

   my $pwd = '';
   my $group = '';
   # look for name match

AuthenNISPlus.pm  view on Meta::CPAN

      );
      return AUTH_REQUIRED;
   }

   # stash group id lookup for authorization check 
   $r->notes($name . 'Group', $group);

   unless(crypt($sent_pwd, $pwd) eq $pwd) {
      $r->note_basic_auth_failure;
      $r->log_reason(
         $self . ': user ' . $name . ' password does not match ' . 
         $passwd_table, $r->uri
      );
      return AUTH_REQUIRED;
   }
   $r->push_handlers(PerlAuthzHandler => \&authz);
   return OK;
}

sub authz {
 

TODO  view on Meta::CPAN

o Consult nis+ groups table (and /etc/groups?) to see if user is in
  additional groups besides the one specified in the password record
  (thanks to Joseph Sonnier for suggestion).