Apache-AuthzPasswd
view release on metacpan or search on metacpan
AuthzPasswd.pm view on Meta::CPAN
package Apache::AuthzPasswd;
use strict;
use mod_perl;
$Apache::AuthzPasswd::VERSION = '0.12';
# setting the constants to help identify which version of mod_perl
# is installed
use constant MP2 => ($mod_perl::VERSION >= 1.99);
# test for the version of mod_perl, and use the appropriate libraries
BEGIN {
if (MP2) {
require Apache::Const;
require Apache::Access;
require Apache::Connection;
require Apache::Log;
require Apache::RequestRec;
require Apache::RequestUtil;
require APR::Table;
Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','HTTP_INTERNAL_SERVER_ERROR','OK');
} else {
# require Apache::Log;
require Apache::Constants;
Apache::Constants->import('HTTP_UNAUTHORIZED','HTTP_INTERNAL_SERVER_ERROR','OK');
}
}
sub handler {
my $r = shift;
my $requires = $r->requires;
return MP2 ? Apache::OK : Apache::Constants::OK unless $requires;
my $name = MP2 ? $r->user : $r->connection->user;
my $setremotegroup = $r->dir_config('SetRemoteGroup') || "no";
for my $req (@$requires) {
my($require, @list) = split /\s+/, $req->{requirement};
#ok if user is one of these users
if ($require eq "user") {
return MP2 ? Apache::OK : Apache::Constants::OK if grep $name eq $_, @list;
}
#ok if user is simply authenticated
elsif ($require eq "valid-user") {
return MP2 ? Apache::OK : Apache::Constants::OK;
}
elsif ($require eq "group") {
# Get users primary group's gid
my $ugid= [ getpwnam($name) ]->[3];
foreach my $thisgroup (@list) {
# Then check if the user is member of the group
my ($group, $passwd, $gid, $members) = getgrnam $thisgroup;
unless($group) {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("Apache::AuthzPasswd - group: $thisgroup unknown", $r->uri) : $r->log_reason("Apache::AuthzPasswd - group: $thisgroup unknown", $r->uri);
return MP2 ? Apache::HTTP_INTERNAL_SERVER_ERROR : Apache::Constants::HTTP_INTERNAL_SERVER_ERROR;
}
if($ugid == $gid || $members =~ /\b$name\b/) {
if($setremotegroup eq "yes") {
$r->log->debug("Setting REMOTE_GROUP to $group");
my $x = $r->subprocess_env(REMOTE_GROUP => $group);
}
return MP2 ? Apache::OK : Apache::Constants::OK;
}
}
}
}
$r->note_basic_auth_failure;
MP2 ? $r->log_error("Apache::AuthzPasswd - user $name: not authorized", $r->uri) : $r->log_reason("Apache::AuthzPasswd - user $name: not authorized", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
1;
__END__
=head1 NAME
Apache::AuthzPasswd - mod_perl /etc/group Group Authorization module
=head1 SYNOPSIS
<Directory /foo/bar>
# This is the standard authentication stuff
AuthName "Foo Bar Authentication"
AuthType Basic
# The following is needed when you will authenticate
# via /etc/passwd as well as authorize via /etc/group.
# Apache::AuthenPasswd is a separate module.
PerlAuthenHandler Apache::AuthenPasswd
# Set REMOTE_GROUP CGI env variable to authorized
# group. Defaults to no.
PerlSetVar SetRemoteGroup yes || no
# Standard require stuff, users, groups and
# "valid-user" all work OK
require user username1 username2 ...
require group groupname1 groupname2 ...
require valid-user
PerlAuthzHandler Apache::AuthzPasswd
</Directory>
These directives can also be used in the <Location> directive or in
an .htaccess file.
= head1 DESCRIPTION
For starters, this module could just as well be named Apache::AuthzGroup,
since it has nothing to do with /etc/passwd, but rather works with
/etc/group. However, I prefer this name in order to maintain the
association with Apache::AuthenPasswd, since chances are they will be used
together.
( run in 1.857 second using v1.01-cache-2.11-cpan-ceb78f64989 )