Apache2-AuthenDBMCache
1 match

 view release on metacpan or  search on metacpan

AuthenDBMCache.pm  view on Meta::CPAN 

    $now=time();

    foreach $key (keys %DBM) {
	delete $DBM{$key} if $DBM{$key} < $now;
    }

    dbmclose(%DBM);

}

# squish userid, password, config and realm into a hash

sub Digest {
    use Digest::MD5;

    my ($string)=Digest::MD5->md5_hex(@_);
    $string=~ s/[^0-9a-zA-Z]//g;
    return($string);
}

# handler: hook into Apache2/mod_perl2 API

sub handler {
  my $r = shift;
  my $tmp;

  # Get response and password

  my($status, $passwd) = $r->get_basic_auth_pw;
  return Apache2::Const::OK unless $r->is_initial_req;
  return $status unless ($status == Apache2::Const::OK); # e.g. HTTP_UNAUTHORIZED
  # Get configuration... are we debugging?

  my $debug = (lc($r->dir_config('AuthenDBMCache_Debug')) eq 'on');
  $cache=$tmp if ($tmp = $r->dir_config('AuthenDBMCache_file'));

  # Get username and Realm

  my $realm = lc($r->auth_name);
  my $user  = lc($r->user);
  return Apache2::Const::DECLINED  unless ($user);

  # Get all parameters -- current config (to limit cache poison).

  my $config=$r->dir_config(); $config=join(":",%$config);

  # construct a unique key for userid/realm/config/password

  my $key   = Digest("$user $realm $config $passwd");

  $r->log->debug("handler: user=$user") if $debug;

  # if there is an expiration date for that key

  if (my $exp = GetCache("$key")) {
      if ($exp < time()) {
	  $r->log->debug("handler: user cache stale") if $debug;
	  $r->push_handlers(PerlFixupHandler => \&manage_cache);
	  return Apache2::Const::DECLINED;
      }

      # Hash hasn't expired, password is ok, clear the stacked handlers

      $r->log->debug("handler: $user cache hit") if $debug;
      $r->set_handlers(PerlAuthenHandler => undef);
      return Apache2::Const::OK;
  }

  # that key is not in cache

  $r->log->debug("handler: user cache miss") if $debug;
  $r->push_handlers(PerlFixupHandler => \&manage_cache);

AuthenDBMCache.pm  view on Meta::CPAN 

sub manage_cache {
  my $r = shift;
  my $tmp;

  # Get configuration

  my $ttl   = $r->dir_config('AuthenDBMCache_TTL') || 3600;
  my $debug = (lc($r->dir_config('AuthenDBMCache_Debug')) eq 'on');
  $cache=$tmp if ($tmp = $r->dir_config('AuthenDBMCache_file'));

  # Get response and password

  my ($status, $passwd) = $r->get_basic_auth_pw;

  # Get username and Realm

  my $realm = lc($r->auth_name);
  my $user  = lc($r->user);
  return Apache2::Const::DECLINED  unless ($user);

  # Get all parameters -- current config

  my $config=$r->dir_config(); $config=join(":",%$config);

  # construct a unique key for userid/realm/config/password

  my $key   = Digest("$user $realm $config $passwd");

  $r->log->debug("manage_cache: user=$user") if $debug;

  # Add the key to the cache with an expiration date

  SetCache("$key",time() + $ttl);

  $r->log->debug("manage_cache: $user cache add") if $debug;

AuthenDBMCache.pm  view on Meta::CPAN 


B<Apache2::AuthenDBMCache> implements a caching mechanism in order to
speed up authentication and to reduce the usage of system
resources. It must be used in conjunction with a regular mod_perl2
authentication module (we use it to accelerate AuthenURL and AuthenMSAD
methods but it can be used with any perl authentication module).

When a authorization request is received this handler uses a DBM data
base cache to answer the request. Each entry in the cache is indexed
by a key which is a hash of user name, the authentication "realm", the
authentication parameters and the password. The value at the key is an
expiration date. If the supplied user name and password hash to a key
which exists and has not expired then the handler returns OK and
clears the downstream Authen handlers from the stack. Otherwise, it
returns DECLINED and allows the next PerlAuthenHandler in the stack to
be called.

After the primary authentication handler completes with an OK,
AuthenDBMCache adds the new hash to the cache with an appropriate
expiration date.

=head1 CONFIGURATION OPTIONS

AuthenDBMCache.pm  view on Meta::CPAN 

expired -- you can clear the entire cache periodically (ie. remove the
file or clear it with /dev/null) or use the
B<Apache2::AuthenDBMCache::ExpireCache> function to clear entries in
the cache.

A caching mechanism is vulnerable to cache-poisoning -- we have made
an effort to prevent that but you should be cautious. Especially on
multi-user systems with users who aren't trustworthy.

The cache is not indexed by "userid" and the key is a one way hash
that includes the userid, password and more -- that is intentional. We
don't want bad guys cracking passwords out of the cache.

=head1 SEE ALSO

httpd(8), mod_perl2(1), Digest::MD5

=head1 AUTHORS

Reg Quinton E<lt>reggers@uwaterloo.caE<gt> from AuthenCache by Jason Bodnar
and Christian Gilmore.



( run in 1.849 second using v1.01-cache-2.11-cpan-49f99fa48dc )