Apache-AuthenSmb

 view release on metacpan or  search on metacpan

AuthenSmb.pm  view on Meta::CPAN

# is installed
use constant MP2 => ($mod_perl::VERSION >= 1.99);

# test for the version of mod_perl, and use the appropriate libraries
BEGIN {
        if (MP2) {
                require Apache::Const;
                require Apache::Access;
                require Apache::Connection;
                require Apache::Log;
                require Apache::RequestRec;
                require Apache::RequestUtil;
                Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK');
        } else {
                require Apache::Constants;
                Apache::Constants->import('HTTP_UNAUTHORIZED','OK');
        }
}
##################### end modperl code ######################

sub handler {
    my $r = shift;
    my($res, $sent_pwd) = $r->get_basic_auth_pw;
    return $res if $res; #decline if not Basic

    my $name = MP2 ? $r->user : $r->connection->user;

    my $pdc = $r->dir_config('myPDC');
    my $bdc = $r->dir_config('myBDC') || $pdc;
    my $domain = $r->dir_config('myDOMAIN') || "WORKGROUP";

    if ($name eq "") {
	$r->note_basic_auth_failure;
        MP2 ? $r->log_error("Apache::AuthenSmb - No Username Given", $r->uri) : 
	       $r->log_reason("Apache::AuthenSmb - No Username Given", $r->uri);
        return MP2 ? Apache::HTTP_UNAUTHORIZED : 
		     Apache::Constants::HTTP_UNAUTHORIZED;
    }

    if (!$pdc) {
	$r->note_basic_auth_failure;
        MP2 ? $r->log_error("Apache::AuthenSmb - Configuration error, no PDC", $r->uri) : 
	      $r->log_reason("Apache::AuthenSmb - Configuration error, no PDC", $r->uri);
         return MP2 ? Apache::HTTP_UNAUTHORIZED : 
	 	      Apache::Constants::HTTP_UNAUTHORIZED;
    }

    ## Parse $name's with Domain\Username 
    if ($name =~ m|(\w+)[\\/](.+)|) {
        ($domain,$name) = ($1,$2);
    }

    my $return = Authen::Smb::authen($name,
			     $sent_pwd,
			     $pdc,
			     $bdc,
			     $domain);

    unless($return == 0) {
	$r->note_basic_auth_failure;
	MP2 ? $r->log_error("user $name: password mismatch", $r->uri) : 
	       $r->log_reason("user $name: password mismatch", $r->uri);
	 return MP2 ? Apache::HTTP_UNAUTHORIZED : 
	 	      Apache::Constants::HTTP_UNAUTHORIZED;
    }

    unless (@{ $r->get_handlers("PerlAuthzHandler") || []}) {
	$r->push_handlers(PerlAuthzHandler => \&authz);
    }

    return MP2 ? Apache::OK : 
    		 Apache::Constants::OK;
}

sub authz {
    my $r = shift;
    my $requires = $r->requires;
    return (MP2 ? Apache::OK : Apache::Constants::OK) unless $requires;

    my $name  = MP2 ? $r->user : $r->connection->user;
    my $error = ""; # Holds error message
    my $authz_username = $r->dir_config('authzUsername') || 'username';

    # Convert 'domain/username' to 'domain\username'
    $name =~ s|/|\\| if $name =~ m|/|;

    if ($authz_username eq 'domain\username') {
        if ($name !~ m/\\/) {
            #If we authzUsername is set to 'domain\username' and $name
            #is not of the form domain\username, then we prepend the domain 
            $name = $r->dir_config('myDOMAIN') . '\\' . $name;
        }
    }
    else {
       #If authzUsername is set to 'username' and $name has if the
       #form domain\username, then set $name = 'username'
       $name = $1 if $name =~ m/\w+\\(.+)/;
    }

    for my $req (@$requires) {
        my($require, @rest) = split /\s+/, $req->{requirement};

	#ok if user is one of these users
	if ($require eq "user") {
	    return (MP2 ? Apache::OK : Apache::Constants::OK) if grep $name eq $_, @rest;
	}
	#ok if user is simply authenticated
	elsif ($require eq "valid-user") {
	    return MP2 ? Apache::OK : 
	    		 Apache::Constants::OK;
	}
        #ok if user is in the 
        elsif ($require eq 'group') {
           unless ($r->dir_config('groupFile')) {
              $error = 'Apache::AuthenSmb - Configuration error: no groupFile' . $r->uri;

	      $r->note_basic_auth_failure;
              MP2 ? $r->log_error($error) : $r->log_reason($error);

              return MP2 ? Apache::HTTP_UNAUTHORIZED : 
	                   Apache::Constants::HTTP_UNAUTHORIZED;
           }



( run in 0.544 second using v1.01-cache-2.11-cpan-bbb979687b5 )