Apache2-AuthZSympa
view release on metacpan or search on metacpan
lib/Apache2/AuthNSympa.pm view on Meta::CPAN
my $cacheserver = $r->dir_config('MemcachedServer') || "127.0.0.1:11211"; ## cache server
my $exptime = $r->dir_config('CacheExptime') || 1800; ## 30 minutes of cache
my $mail_user;
my $response;
my $result;
my $AuthenType = "";
my $auth_type = lc($r->auth_type());
my $requires = $r->requires;
my $location = $r->location();
# verify if require valid-user is present, if not, authentication is not for this module
for my $entry (@$requires){
my $requirement = $entry->{requirement};
if ($requirement eq 'valid-user' && $auth_type eq 'basic'){
$AuthenType = 'Sympa';
$r->log->debug("Apache2::AuthNSympa : require type '$requirement' for $location ","Sympa");
last;
}else{
$r->log->debug("Apache2::AuthNSympa : require type '$requirement' for $location ","other");
next;
}
lib/Apache2/AuthNSympa.pm view on Meta::CPAN
}
## authentify using SympaSoapServer
unless($soap->login($mail_user,$password)){
$r->note_basic_auth_failure;
return Apache2::Const::DECLINED;
}else{
$response=$soap->login($mail_user,$password);
}
## verify if error during soap service request
if ($soap_error==1){
my ($type_error,$detail) = &traite_soap_error($soap, $soap_res);
if ($type_error eq 'ERROR'){
$r->log_error("Apache2::AuthNSympa : SOAP error $detail while accessing $location");
}else{
$r->log->notice("Apache2::AuthNSympa : $detail ","while accessing $location");
};
$r->note_basic_auth_failure;
return Apache2::Const::HTTP_UNAUTHORIZED;
lib/Apache2/AuthZSympa.pm view on Meta::CPAN
=head1 COMPLETE MODULE RULES LIST
# required to identify the good authentication type
AuthType CAS # can be SSL, Sympa or shibboleth
# URL to query Sympa server SOAP interface, required
PerlSetEnv SympaSoapServer
# lists to verify membership of user, required
require SympaLists list1@mydomain,list2@mydomain
# IP address and port of memcached server if necessary
PerlSetEnv MemcachedServer 192.168.0.1:11211
# Cache expiration time in seconds if memcached server used, default 1800
PerlSetEnv CacheExptime 3600
# LDAP Host for CAS backend
PerlSetEnv LDAPHost ldap.mydomain
lib/Apache2/AuthZSympa.pm view on Meta::CPAN
my $mail_user;
my $response;
my $result;
my $auth_type = lc($r->auth_type);
my $requires = $r->requires;
my $location = $r->location;
# verify if require SympaLists is present
for my $entry (@$requires){
my $requirement;
if ($entry->{requirement} =~ /SympaLists/){
($requirement,$SympaList) = split(/\s+/,$entry->{requirement});
$r->log->debug("Apache2::AuthZSympa : require type '$requirement' for $location with lists $SympaList");
last;
}
}
my @SympaLists = split(/\,/,$SympaList);
lib/Apache2/AuthZSympa.pm view on Meta::CPAN
## verification of ldap directives
my $ldap_host = $r->dir_config('LDAPHost') || "";
if ($ldap_host eq ""){
$r->log->debug("Apache2::AuthZSympa : no LDAPHost, email adress in uid ?");
if ($user =~ /@/){
## if user is emailAddress, don't need ldap to retrieve emailadddress
$r->log->debug("Apache2::AuthZSympa : no need with LDAP, email adress in uid");
$mail_user = $user;
}else{
$r->log_error("Apache2::AuthZSympa : no ldap_host defined for $location, can't verify registrations");
return Apache2::Const::HTTP_UNAUTHORIZED;
}
}
## key for cache (key for email)
my $user_key = md5_hex($r->user.$ldap_host);
## verification first in cache
if (defined $cache->get($user_key)){
$r->log->debug("Apache2::AuthZSympa : retrieve mail from cache for $user_key");
lib/Apache2/AuthZSympa.pm view on Meta::CPAN
$mail_user=$ENV{$ShibMailVar};
if($mail_user eq ""){
$r->log_error("Apache2::AuthZSympa : no mail in var $ShibMailVar");
$r->log->debug("Apache2::AuthZSympa : $ShibMailVar value : $mail_user");
return Apache2::Const::HTTP_UNAUTHORIZED;
}else{
$r->log->debug("Apache2::AuthZSympa : $ShibMailVar value : $mail_user");
}
}else{
$r->log_error("Apache2::AuthZSympa : no user authenticated for $location, can't verify registrations");
return Apache2::Const::HTTP_UNAUTHORIZED;
}
## key generation for cache : md5($mail_user + server name) -> prevents from errors when updating
my $user_key = md5_hex($mail_user.$SympaSoapServer);
## verify subscription first in cache
## if its in the cache as OK for the list, go,
## if its in all the list as not OK, refuse
## else, next step
my %cache_lists;
if (defined $cache){
if (defined $cache->get($user_key)){
%cache_lists = %{$cache->get($user_key)};
}
my $ok=1;
foreach my $list (@SympaLists){
lib/Apache2/AuthZSympa.pm view on Meta::CPAN
$ok = 0;
}
}
}
if ($ok == 0){
my $lists_string = join(", nor in ",@SympaLists);
$r->log->notice("Apache2::AuthZSympa : $location. $mail_user is not registred on server $SympaSoapServer in ",$lists_string);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
}
## if not in cache, verify soap server
foreach my $list (@SympaLists){
$r->log->debug("Apache2::AuthZSympa liste $list");
$soap_error=0;
$list =~ s/\s//g;
$response = $soap->amI($list,'subscriber',$mail_user);
## verify if error during soap service request
if ($soap_error==1){
my ($type_error,$detail) = &traite_soap_error($soap, $soap_res);
if ($type_error eq 'ERROR'){
$r->log_error("Apache2::AuthZSympa : $location, SOAP error $detail (server $SympaSoapServer)");
}else{
$r->log->notice("Apache2::AuthZSympa : $location, $detail (server $SympaSoapServer)");
};
$cache_lists{$list} = 0;
next;
}else{
( run in 0.851 second using v1.01-cache-2.11-cpan-5467b0d2c73 )