Apache-AuthenSmb
view release on metacpan or search on metacpan
AuthenSmb.pm view on Meta::CPAN
# is installed
use constant MP2 => ($mod_perl::VERSION >= 1.99);
# test for the version of mod_perl, and use the appropriate libraries
BEGIN {
if (MP2) {
require Apache::Const;
require Apache::Access;
require Apache::Connection;
require Apache::Log;
require Apache::RequestRec;
require Apache::RequestUtil;
Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK');
} else {
require Apache::Constants;
Apache::Constants->import('HTTP_UNAUTHORIZED','OK');
}
}
##################### end modperl code ######################
sub handler {
my $r = shift;
my($res, $sent_pwd) = $r->get_basic_auth_pw;
return $res if $res; #decline if not Basic
my $name = MP2 ? $r->user : $r->connection->user;
my $pdc = $r->dir_config('myPDC');
my $bdc = $r->dir_config('myBDC') || $pdc;
my $domain = $r->dir_config('myDOMAIN') || "WORKGROUP";
if ($name eq "") {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("Apache::AuthenSmb - No Username Given", $r->uri) :
$r->log_reason("Apache::AuthenSmb - No Username Given", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED :
Apache::Constants::HTTP_UNAUTHORIZED;
}
if (!$pdc) {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("Apache::AuthenSmb - Configuration error, no PDC", $r->uri) :
$r->log_reason("Apache::AuthenSmb - Configuration error, no PDC", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED :
Apache::Constants::HTTP_UNAUTHORIZED;
}
## Parse $name's with Domain\Username
if ($name =~ m|(\w+)[\\/](.+)|) {
($domain,$name) = ($1,$2);
}
my $return = Authen::Smb::authen($name,
$sent_pwd,
$pdc,
$bdc,
$domain);
unless($return == 0) {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $name: password mismatch", $r->uri) :
$r->log_reason("user $name: password mismatch", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED :
Apache::Constants::HTTP_UNAUTHORIZED;
}
unless (@{ $r->get_handlers("PerlAuthzHandler") || []}) {
$r->push_handlers(PerlAuthzHandler => \&authz);
}
return MP2 ? Apache::OK :
Apache::Constants::OK;
}
sub authz {
my $r = shift;
my $requires = $r->requires;
return (MP2 ? Apache::OK : Apache::Constants::OK) unless $requires;
my $name = MP2 ? $r->user : $r->connection->user;
my $error = ""; # Holds error message
my $authz_username = $r->dir_config('authzUsername') || 'username';
# Convert 'domain/username' to 'domain\username'
$name =~ s|/|\\| if $name =~ m|/|;
if ($authz_username eq 'domain\username') {
if ($name !~ m/\\/) {
#If we authzUsername is set to 'domain\username' and $name
#is not of the form domain\username, then we prepend the domain
$name = $r->dir_config('myDOMAIN') . '\\' . $name;
}
}
else {
#If authzUsername is set to 'username' and $name has if the
#form domain\username, then set $name = 'username'
$name = $1 if $name =~ m/\w+\\(.+)/;
}
for my $req (@$requires) {
my($require, @rest) = split /\s+/, $req->{requirement};
#ok if user is one of these users
if ($require eq "user") {
return (MP2 ? Apache::OK : Apache::Constants::OK) if grep $name eq $_, @rest;
}
#ok if user is simply authenticated
elsif ($require eq "valid-user") {
return MP2 ? Apache::OK :
Apache::Constants::OK;
}
#ok if user is in the
elsif ($require eq 'group') {
unless ($r->dir_config('groupFile')) {
$error = 'Apache::AuthenSmb - Configuration error: no groupFile' . $r->uri;
$r->note_basic_auth_failure;
MP2 ? $r->log_error($error) : $r->log_reason($error);
return MP2 ? Apache::HTTP_UNAUTHORIZED :
Apache::Constants::HTTP_UNAUTHORIZED;
}
( run in 0.544 second using v1.01-cache-2.11-cpan-bbb979687b5 )