Apache2-AuthenSmb
view release on metacpan or search on metacpan
AuthenSmb.pm view on Meta::CPAN
package Apache2::AuthenSmb;
use strict;
use Authen::Smb;
use Apache::Htgroup;
$Apache2::AuthenSmb::VERSION = '0.01';
use mod_perl2 ;
use Apache2::Access;
use Apache2::Connection;
use Apache2::Log;
use Apache2::RequestRec;
use Apache2::RequestUtil;
use Apache2::Const -compile => qw(HTTP_UNAUTHORIZED OK);
sub handler {
my $r = shift;
my($res, $sent_pwd) = $r->get_basic_auth_pw;
return $res if $res; #decline if not Basic
my $name = $r->user;
my $pdc = $r->dir_config('myPDC');
my $bdc = $r->dir_config('myBDC') || $pdc;
my $domain = $r->dir_config('myDOMAIN') || "WORKGROUP";
if ($name eq "") {
$r->note_basic_auth_failure;
$r->log_error("Apache2::AuthenSmb - No Username Given", $r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
if (!$pdc) {
$r->note_basic_auth_failure;
$r->log_error("Apache2::AuthenSmb - Configuration error, no PDC", $r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
## Parse $name's with Domain\Username
if ($name =~ m|(\w+)[\\/](.+)|) {
($domain,$name) = ($1,$2);
}
my $return = Authen::Smb::authen($name,
$sent_pwd,
$pdc,
$bdc,
$domain);
unless($return == 0) {
$r->note_basic_auth_failure;
$r->log_error("user $name: password mismatch", $r->uri);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
unless (@{ $r->get_handlers("PerlAuthzHandler") || []}) {
$r->push_handlers(PerlAuthzHandler => \&authz);
}
return Apache2::Const::OK;
}
sub authz {
my $r = shift;
my $requires = $r->requires;
return Apache2::Const::OK unless $requires;
my $name = $r->user;
my $error = ""; # Holds error message
my $authz_username = $r->dir_config('authzUsername') || 'username';
# Convert 'domain/username' to 'domain\username'
$name =~ s|/|\\| if $name =~ m|/|;
if ($authz_username eq 'domain\username') {
if ($name !~ m/\\/) {
#If we authzUsername is set to 'domain\username' and $name
#is not of the form domain\username, then we prepend the domain
$name = $r->dir_config('myDOMAIN') . '\\' . $name;
}
}
else {
#If authzUsername is set to 'username' and $name has if the
#form domain\username, then set $name = 'username'
$name = $1 if $name =~ m/\w+\\(.+)/;
}
for my $req (@$requires) {
my($require, @rest) = split /\s+/, $req->{requirement};
#ok if user is one of these users
if ($require eq "user") {
return Apache2::Const::OK if grep $name eq $_, @rest;
}
#ok if user is simply authenticated
elsif ($require eq "valid-user") {
return Apache2::Const::OK;
}
#ok if user is in the
elsif ($require eq 'group') {
unless ($r->dir_config('groupFile')) {
$error = 'Apache2::AuthenSmb - Configuration error: no groupFile' . $r->uri;
$r->note_basic_auth_failure;
$r->log_error($error);
return Apache2::Const::HTTP_UNAUTHORIZED;
}
unless (-e $r->dir_config('groupFile')) {
$error = 'Apache2::AuthenSmb - groupFile: ' . $r->dir_config('groupFile') . ' does not exist!';
$r->log_error($error);
( run in 1.671 second using v1.01-cache-2.11-cpan-98e64b0badf )