Result:
found more than 505 distributions - search limited to the first 2001 files matching your query
( run in 0.938 )
Apache-AuthenNISPlus
view release on metacpan or search on metacpan
AuthenNISPlus.pm view on Meta::CPAN
my $r = shift;
# service only the first internal request
return OK unless $r->is_initial_req;
# get password user entered in browser
my ($res, $sent_pwd) = $r->get_basic_auth_pw;
# decline if not basic
return $res if $res;
AuthenNISPlus.pm view on Meta::CPAN
my $dir_config = $r->dir_config;
# get passwd table name
my $passwd_table = $dir_config->get('NISPlus_Passwd_Table');
# get user password entry
my $pwd_table = Net::NISPlus::Table->new($passwd_table);
unless ($pwd_table){
$r->note_basic_auth_failure;
$r->log_reason($self . ': cannot get nis+ passwd table', $r->uri);
return AUTH_REQUIRED;
AuthenNISPlus.pm view on Meta::CPAN
$r->notes($name . 'Group', $group);
unless(crypt($sent_pwd, $pwd) eq $pwd) {
$r->note_basic_auth_failure;
$r->log_reason(
$self . ': user ' . $name . ' password does not match ' .
$passwd_table, $r->uri
);
return AUTH_REQUIRED;
}
$r->push_handlers(PerlAuthzHandler => \&authz);
Apache-AuthenNTLM
view release on metacpan or search on metacpan
AuthenNTLM.pm view on Meta::CPAN
print STDERR "[$$] AuthenNTLM: Verify user $self->{username} via smb server\n" if ($debug) ;
if ($self -> {basic})
{
$rc = Authen::Smb::Valid_User_Auth ($self -> {smbhandle}, $self->{username}, $self -> {password}) ;
}
else
{
$rc = Authen::Smb::Valid_User_Auth ($self -> {smbhandle}, $self->{username}, $self -> {usernthash}, 1, $self->{userdomain}) ;
}
AuthenNTLM.pm view on Meta::CPAN
$self -> {smbhandle} = undef ;
$self -> {lock} = undef ;
if ($rc == &Authen::Smb::NTV_LOGON_ERROR)
{
MP2 ? $r->log_error("Wrong password/user (rc=$rc/$errno/$smberr): $self->{userdomain}\\$self->{username} for " . $r -> uri) : $r->log_reason("Wrong password/user (rc=$rc/$errno/$smberr): $self->{userdomain}\\$self->{username} for " . $r -> ur...
print STDERR "[$$] AuthenNTLM: rc = $rc ntlmhash = $self->{usernthash}\n" if ($debug) ;
return ;
}
if ($rc)
AuthenNTLM.pm view on Meta::CPAN
sub get_basic
{
my ($self, $r, $data) = @_ ;
($self -> {username}, $self -> {password}) = split (/:/, $data) ;
my ($domain, $username) = split (/\\|\//, $self -> {username}) ;
if ($username)
{
$self -> {domain} = $domain ;
AuthenNTLM.pm view on Meta::CPAN
The purpose of this module is to perform a user authentication via Microsoft's
NTLM protocol. This protocol is supported by all versions of the Internet
Explorer and is mainly useful for intranets. Depending on your preferences
setting IE will supply your windows logon credentials to the web server
when the server asks for NTLM authentication. This saves the user to type in
his/her password again.
The NTLM protocol performs a challenge/response to exchange a random number
(nonce) and get back a md4 hash, which is built from the user's password
and the nonce. This makes sure that no password goes over the wire in plain text.
The main advantage of the Perl implementation is, that it can be easily extended
to verify the user/password against other sources than a windows domain controller.
The defaultf implementation is to go to the domain controller for the given domain
and verify the user. If you want to verify the user against another source, you
can inherit from Apache::AuthenNTLM and override it's methods.
To support users that aren't using Internet Explorer, Apache::AuthenNTLM can
AuthenNTLM.pm view on Meta::CPAN
=item $self -> {username}
The username
=item $self -> {password}
The password when doing basic authentication
=item $self -> {usernthash}
The md4 hash when doing ntlm authentication
Apache-AuthenPasswd
view release on metacpan or search on metacpan
AuthenPasswd.pm view on Meta::CPAN
if(crypt($sent_pwd, $passwd) eq $passwd) {
return MP2 ? Apache::OK : Apache::Constants::OK;
} else {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("Apache::AuthenPasswd - user $name: bad password", $r->uri) : $r->log_reason("Apache::AuthenPasswd - user $name: bad password", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
return MP2 ? Apache::OK : Apache::Constants::OK;
}
AuthenPasswd.pm view on Meta::CPAN
= head1 DESCRIPTION
**************** NOTICE *********************
Please, please, realize that this module will
only work with passwords that are stored in
/etc/passwd. Most systems use shadow
passwords now, and the call that this module
uses to access the password ONLY checks for
the password in the /etc/passwd file. Also,
the call that is needed to access passwords
in /etc/shadow cannot be called by anyone
other than root, so, (unless you are crazy
enough to run apache as root), you will not
be able to access /etc/shadow.
For more info on shadow passwords:
http://www.tldp.org/HOWTO/Shadow-Password-HOWTO.html
For alternatives that can access /etc/shadow from
apache:
http://mod-auth-shadow.sourceforge.net/
AuthenPasswd.pm view on Meta::CPAN
adaptation (i.e. I modified the code) of Michael Parker's
(B<parker@austx.tandem.com>) Apache::AuthenSmb module.
The module uses getpwnam to retrieve the B<passwd> entry from the
B</etc/passwd> file, using the supplied username as the search key. It
then uses B<crypt()> to verify that the supplied password matches the
retrieved hashed password.
= head2 Apache::AuthenPasswd vs. Apache::AuthzPasswd
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenPasswd with the B<require user> and B<require valid-user>
directives. In the /etc/passwd and /etc/group context I consider B<require
group> to be an "authorization" concern. I.e., group authorization
consists of establishing whether the already authenticated user is a member
of one of the indicated groups in the B<require group> directive. This
Apache-AuthenPasswdSrv
view release on metacpan or search on metacpan
AuthenPasswdSrv.pm view on Meta::CPAN
=head1 DESCRIPTION
B<Apache::AuthenPasswdSrv> is a mod_perl Authentication handler that
checks a users credentials against a domain socket server. The included
server, B<passwd_srv.pl>, checks a username and password against an NIS
database using Net::NIS and ypmatch. This release is very alpha. The
server protocol is not documented and transaction format will change.
The system has been running under light load at my office for about a
month now, and no problems are know with the current release.
AuthenPasswdSrv.pm view on Meta::CPAN
Break out module configuration into PerlSetVar statements.
=item B<NIS Server Configuration>
Figure out MakeMaker enough to auto-configure paths in password server.
=item B<Documentation>
Write up Server Protocol documentation.
Write a better POD file for the module.
=item B<Module/Server Structure>
Build class structure for password service client.
Add security so client/server can be used with standard IP sockets.
Build class structure for server.
Build other example servers.
=back
Apache-AuthenProgram
view release on metacpan or search on metacpan
AuthenProgram.pm view on Meta::CPAN
# Apache::AuthenProgram allows you to call an external program
# that performs username/password authentication in Apache.
#
# Copyright (c) October 7, 2002 Mark Leighton Fisher, Thomson Inc.
#
# This module is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
AuthenProgram.pm view on Meta::CPAN
sub handler {
my $request = shift; # Apache request object
my @args = (); # authentication program arguments
my $cmd = ""; # program command string
my $i = 0; # counter for @args
my $ofh = ""; # output file handle for password temp file
my $password = ""; # password from Basic Authentication
my $passfile = ""; # temporary file containing password
my $passtype = ""; # "File" if communicating password by temp file
my $program = ""; # authentication program filename
my $response = ""; # Apache response object
my $success = ""; # success string from authentication program
my $username = ""; # username from Basic Authentication
# get password, decline if not Basic Authentication
($response, $password) = $request->get_basic_auth_pw;
return $response if $response;
# get username
$username = $request->connection->user;
if ($username eq "") {
AuthenProgram.pm view on Meta::CPAN
for ($i = 1; $i < 10; $i++) {
$args[$i] = $request->dir_config("AuthenProgramArg$i");
}
$success = $request->dir_config("AuthenProgramSuccess");
# write temp. password file on request
$passtype = $request->dir_config("AuthenProgramPassword");
if ($passtype eq "File") {
($ofh, $passfile) = tempfile();
if (!defined($ofh) || $ofh eq "") {
$request->log_reason("Apache::AuthenProgram can't create password file",
$request->uri);
return SERVER_ERROR;
}
chmod(0600, $passfile)
|| $request->log_reason(
"Apache::AuthenProgram can't chmod 0600 password file '$passfile' because: $!",
$request->uri);
if (!print $ofh $password,"\n") {
$request->log_reason("Apache::AuthenProgram can't write password file '$ofh'",
$request->uri);
return SERVER_ERROR;
}
if (!close($ofh)) {
$request->log_reason("Apache::AuthenProgram can't close password file '$ofh'",
$request->uri);
return SERVER_ERROR;
}
$password = $passfile;
}
# execute command, then examine output for success or failure
$cmd = "$program '$username' '$password' ";
$cmd .= join(' ', @args);
my @output = `$cmd`;
if ($passtype eq "File") {
if (!unlink($passfile)) {
$request->log_reason("Apache::AuthenProgram can't delete password file '$ofh'",
$request->uri);
}
}
if (!grep(/$success/, @output)) {
$request->note_basic_auth_failure;
AuthenProgram.pm view on Meta::CPAN
directive should follow whatever handler you use.
= head1 DESCRIPTION
This mod_perl module provides a reasonably general mechanism
to perform username/password authentication in Apache by
calling an external program. Authentication by an external
program is useful when a program can perform an authentication
not supported by any Apache modules (for example, cross-domain
authentication is not supported by Apache::NTLM or
Apache::AuthenSmb, but is supported by Samba's smbclient
program).
You must define the program pathname AuthenProgram and the
standard output success string AuthenProgramSuccess.
The first two arguments to the program are the username and
either the password or a temporary file with the password,
depending on whether AuthenProgramPassword has the value "File".
"File" forces sending the password to AuthenProgram through a
temporary file to avoid placing passwords on the command line where
they can be seen by ps(1).
Additional program arguments can be passed in the variables
AuthenProgramArg1, AuthenProgramArg2, etc. Up to 9 of these
variables are supported.
The examples/ subdirectory has sample programs for doing
Samba-based SMB authentication (examples/smblogon),
Oracle authentication (examples/oralogon), and
a simple example (examples/filelogon) that demonstrates communicating
the password through a temporary file.
If you are using this module please let me know, I'm curious how many
people there are that need this type of functionality.
This module was adapted from Apache::AuthenSmb.
Apache-AuthenRadius
view release on metacpan or search on metacpan
AuthenRadius.pm view on Meta::CPAN
# authentication modules for IE5 and Radiator
# http://www.open.com.au/radiator
# http://www.open.com.au/radkey
#
# For Digest Requires Authen::Radius, at least version 0.06 which
# can handle passwords longer than 16 bytes
use strict;
use warnings;
use Authen::Radius;
use Net::hostent;
AuthenRadius.pm view on Meta::CPAN
# Continue only if the first request.
return OK() unless $r->is_initial_req();
my $reqs_arr = $r->requires() || return OK();
# Grab the password, or return if HTTP_UNAUTHORIZED
my($res,$pass) = $r->get_basic_auth_pw();
return $res if $res;
# Get the user name.
my $user = MP2 ? $r->user() : $r->connection->user();
# Sanity for usernames and passwords.
if (length $user > 64 or $user =~ /[^A-Za-z0-9@_-.]/) {
$r->log_error("Apache::AuthenRadius username too long or contains illegal characters", $r->uri());
$r->note_basic_auth_failure();
return AUTH_REQUIRED();
}
if (length $pass > 256) {
$r->log_error("Apache::AuthenRadius password too long", $r->uri());
$r->note_basic_auth_failure();
return AUTH_REQUIRED();
}
return _authen_radius($r, $user, $pass);
AuthenRadius.pm view on Meta::CPAN
);
return AUTH_REQUIRED();
}
# Send the entire Authorization header as the password
# let the radius server figure it out
my $pass = $auth;
# Sanity for usernames and passwords.
if (length $user > 64) {
$r->log_error("Apache::AuthenRadius username too long or contains illegal characters", $r->uri());
return AUTH_REQUIRED();
}
if (length $pass > 256) {
$r->log_error("Apache::AuthenRadius password too long", $r->uri());
return AUTH_REQUIRED();
}
return _authen_radius($r, $user, $pass);
}
AuthenRadius.pm view on Meta::CPAN
For Digest authentication, this is the algorithm to use. Defaults to 'MD5'.
For Basic authentication, it is ignored. If Digest authentication is set,
unauthenticated requests will be sent a Digest challenge, including a nonce.
Authenticated requests will have the nonce checked against
Auth_Radius_nonce_lifetime, then the whole Authentication header sent as the
password to RADIUS.
=item * Auth_Radius_appendToUsername
Appends a string to the end of the user name that is sent to RADIUS. This
would normally be in the form of a realm (i.e. @some.realm.com) This is useful
AuthenRadius.pm view on Meta::CPAN
when making mod_perl:
perl Makefile.PL PERL_AUTHEN=1
For Digest authentication, you will need Authen::Radius version
0.06 or better. Version 0.05 only permits 16 byte passwords
=head1 SEE ALSO
L<Apache>, L<mod_perl>, L<Authen::Radius>
Apache-AuthenSecurID
view release on metacpan or search on metacpan
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
PIN :
</b>
</font>
</td>
<td>
<input type=password name=pin1>
<input type=hidden name=type value=pin>
<input type=hidden name=alphanumeric value=$alphanumeric>
<input type=hidden name=min_pin_len value=$min_pin_len>
<input type=hidden name=max_pin_len value=$max_pin_len>
<input type=hidden name=a value=$uri>
Auth/Auth.pm view on Meta::CPAN
PIN ( Again ) :
</b>
</font>
</td>
<td>
<input type=password name=pin2>
</td>
</tr>
};
if ( $pin1 != $pin2 ) {
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Next Token Code :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=next>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
PIN :
</b>
</font>
</td>
<td>
<input type=password name=pin1>
<input type=hidden name=type value=pin>
<input type=hidden name=a value=$uri>
<input type=hidden name=alphanumeric value=$$info{alphanumeric}>
<input type=hidden name=min_pin_len value=$$info{min_pin_len}>
<input type=hidden name=max_pin_len value=$$info{max_pin_len}>
Auth/Auth.pm view on Meta::CPAN
PIN ( Again ) :
</b>
</font>
</td>
<td>
<input type=password name=pin2>
</td>
</tr>
};
} else {
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Auth/Auth.pm view on Meta::CPAN
Passcode :
</b>
</font>
</td>
<td>
<input type=password name=passcode>
<input type=hidden name=type value=check>
<input type=hidden name=a value=$uri>
</td>
</tr>
};
Apache-AuthenSmb
view release on metacpan or search on metacpan
AuthenSmb.pm view on Meta::CPAN
$bdc,
$domain);
unless($return == 0) {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $name: password mismatch", $r->uri) :
$r->log_reason("user $name: password mismatch", $r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED :
Apache::Constants::HTTP_UNAUTHORIZED;
}
unless (@{ $r->get_handlers("PerlAuthzHandler") || []}) {
Apache-AuthenURL
view release on metacpan or search on metacpan
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
sub handler {
my($r) = @_;
my($status, $password) = $r->get_basic_auth_pw;
return Apache2::Const::OK unless $r->is_initial_req;
return $status unless ($status == Apache2::Const::OK);
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
default_expires_in => $attribute->{CacheTime},
);
my $user = $r->user;
if (my $cached_password = $cache->get($user)) {
$r->log->debug($prefix, "::handler: using cached password for $user");
if (length($password) == 0 and $attribute->{NoPasswd} eq 'off') {
$r->log->debug($prefix, "::handler: no password sent, failing");
$r->note_basic_auth_failure;
return Apache2::Const::HTTP_UNAUTHORIZED;
}
if ($attribute->{Encrypted} eq 'on') {
$r->log->debug($prefix, "::handler: encrypt password for check");
my $salt = substr($cached_password, 0, 2);
$password = crypt($password, $salt);
}
if ($password eq $cached_password) {
$r->log->debug($prefix, "::handler: passwords match");
return Apache2::Const::OK;
}
else {
$r->note_basic_auth_failure;
return Apache2::Const::HTTP_UNAUTHORIZED;
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
}
sub manage_cache {
my($r) = @_;
my($status, $password) = $r->get_basic_auth_pw;
my $attribute = {};
while(my($key, $value) = each %ConfigDefaults) {
$value = $r->dir_config($key) || $value;
$key =~ s/^AuthenCache_//;
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
my $user = $r->user;
my $auth_name = $r->auth_name;
if ($attribute->{Encrypted} eq 'on') {
$r->log->debug($prefix, "::manage_cache: encrypt password for storage");
my @alphabet = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/');
my $salt = join ('', @alphabet[rand (64), rand (64)]);
$password = crypt($password, $salt);
}
my $cache = new Cache::SharedMemoryCache(
{ namespace => $auth_name },
default_expires_in => $attribute->{CacheTime},
);
$cache->purge;
$cache->set($user, $password, $attribute->{CacheTime});
$r->log->debug($prefix, "::manage_cache: storing user:", $user);
return Apache2::Const::OK;
}
lib/Apache/AuthenURL/Cache.pm view on Meta::CPAN
This directive contains the number of seconds before the cache is
expired. Default is an indefinite time limit.
=item B<AuthenCache_Encrypted>
If this directive is set to 'Off', passwords are not encrypted.
Default is 'On', ie passwords use standard Unix crypt.
=back
=item B<AuthenCache_NoPasswd>
If this directive is set to 'On', passwords may be zero length.
Default is 'Off', ie passwords may not be zero length.
=back
=head1 PREREQUISITES
Apache-AuthzNIS
view release on metacpan or search on metacpan
AuthzNIS.pm view on Meta::CPAN
valid-user> directives.
= head2 Apache::AuthenNIS vs. Apache::AuthzNIS
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenNIS with the B<require user> and B<require valid-user>
directives. In the NIS context I consider B<require group> to be an
"authorization" concern. I.e., Group authorization consists of
establishing whether the already authenticated user is a member of one of
the indicated groups in the B<require group> directive. This process may
Apache-AuthzNetLDAP
view release on metacpan or search on metacpan
AuthzNetLDAP.pm view on Meta::CPAN
#first we connect to the LDAP server
my $ldap = new Net::LDAP($ldapserver, port => $ldapport);
#initial bind as user in Apache config
my $mesg = $ldap->bind($binddn, password=>$bindpwd);
#each error message has an LDAP error code
if (my $error = $mesg->code())
{
$r->note_basic_auth_failure;
AuthzNetLDAP.pm view on Meta::CPAN
based on LDAP attributes.
=head1 SYNOPSIS
PerlSetVar BindDN "cn=Directory Manager"
PerlSetVar BindPWD "password"
PerlSetVar BaseDN "ou=people,o=unt.edu"
PerlSetVar LDAPServer ldap.unt.edu
PerlSetVar LDAPPort 389
PerlSetVar UIDAttr uid
#PerlSetVar UIDAttr mail
AuthzNetLDAP.pm view on Meta::CPAN
Is this true? I just thought, that you might want to only authorize a user, instead of authenticate...)
If you are using an authentication module, then the following lines will not need to be duplicated:
PerlSetVar BindDN "cn=Directory Manager"
PerlSetVar BindPWD "password"
PerlSetVar BaseDN "ou=people,o=unt.edu"
PerlSetVar LDAPServer ldap.unt.edu
PerlSetVar LDAPPort 389
PerlSetVar UIDAttr uid
#PerlSetVar UIDAttr mail
Apache-AuthzPasswd
view release on metacpan or search on metacpan
AuthzPasswd.pm view on Meta::CPAN
authorized user. Defaults to "no".
= head2 Apache::AuthenPasswd vs. Apache::AuthzPasswd
I've taken "authentication" to be meaningful only in terms of a user and
password combination, not group membership. This means that you can use
Apache::AuthenPasswd with the B<require user> and B<require valid-user>
directives. In the /etc/passwd and /etc/group context I consider B<require
group> to be an "authorization" concern. I.e., group authorization
consists of establishing whether the already authenticated user is a member
of one of the indicated groups in the B<require group> directive. This
Apache-AuthzUserDir
view release on metacpan or search on metacpan
AuthzUserDir.pm view on Meta::CPAN
my $user = $r->connection->user;
unless($user and $sent_pw) {
$r->note_basic_auth_failure;
$r->log_reason("Both a username and password must be provided", $r->filename);
return AUTH_REQUIRED;
}
my($file,$userdir_user);
$file = $r->uri;
Apache-AutoLogin
view release on metacpan or search on metacpan
AutoLogin.pm view on Meta::CPAN
}
# Let's get the authorization headers out of the client's request
my $credentials='';
my $user='';
my $password='';
my $auth_header=$r->headers_in->get('Authorization');
if (defined $auth_header)
{
$credentials =(split / /, $auth_header)[-1];
($user, $password) = split /:/, MIME::Base64::decode($credentials),2;
}
$log->info("header $user from $client_identifier");
# Look for any cookies
AutoLogin.pm view on Meta::CPAN
unless ($cookiejar{$auth_name}) {
$log->info("Client $client_identifier has no cookie");
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
# DECLINED zur?ckgeben, damit Apache weitermacht.
return DECLINED;
}
# Get the credentials out of the cookie
my %auth_cookie=$cookiejar{$auth_name}->value;
my $decrypted_string=decrypt_aes(decode_base64($auth_cookie{Basic}),$encryption_key);
my ($c_user,$c_password,$c_client_ip,$c_date)=split (/:/, $decrypted_string , 4);
# Check if the client has furnished any valid information
if ($decrypted_string ne '')
{
AutoLogin.pm view on Meta::CPAN
# Check if the cookie hasn't expired
if (time()>$c_date)
{
$log->info("Cookie has expired");
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
return DECLINED;
}
# Check if the cookie comes from the host it was issued to
if ($client_identifier ne $c_client_ip)
{
$log->info("Cookie for $c_user has not been set for $client_identifier but for $c_client_ip");
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
return DECLINED;
}
}
else
{
$log->info("Client $client_identifier has furnished an invalid cookie.");
}
# If the client sent any http authentication credentials lets write them to a cookie
if ($user ne '' && $password ne '') {
setCookie($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key);
}
# Else write the credentials within the cookie into the http header
else {
# But only if there IS something in the cookie!
if ($decrypted_string ne '' and $c_user ne '' and $c_password ne '') {
my $credentials=MIME::Base64::encode(join(":",$c_user,$c_password));
$r->headers_in->set(Authorization => "Basic $credentials");
}
}
# Return DECLINED
AutoLogin.pm view on Meta::CPAN
}
## sets the cookie
sub setCookie {
my ($r,$user,$password,$client_identifier,$cookie_lifetime,$encryption_key)=@_;
my $auth_name=$r->dir_config('AutoLoginAuthName');
my $log=$r->server->log;
my $auth_cookie = Apache::Cookie->new ($r,
-name => $auth_name,
-value => {Basic => encode_base64(encrypt_aes(join (":",$user,$password,$client_identifier,(time()+60*60*24*$cookie_lifetime)),$encryption_key))},
-path => "/",
-expires => "+".$cookie_lifetime."d"
);
$auth_cookie->bake;
AutoLogin.pm view on Meta::CPAN
=head2 Security aspects
The cookie itself is AES256 encrypted using Crypt::Rjindael and features a md5 checksum of the data. Furthermore, some information about the client the cookie was issued for is stored as well (IP address, user-agent, hostname), which should make it m...
Anyways, although cracking of the cookie is almost unfeasable with todays computing powers, be aware that this module is for convenience only. It does not give you any additional security (well a bit perhaps) over traditional basic authentication, wh...
Although the cookie can be regarded as secure, the security of it's use stands and falls with the security of the computer it is stored on. If your users do not have personal accounts on their computers, forget about using it.
=head1 Apache configuration directives
Apache-AxKit-Plugin-AddXSLParams-Request
view release on metacpan or search on metacpan
# verbose URI parameters
if ( grep { $_ eq 'VerboseURI' } @allowed_groups ) {
my $parsed_uri = $r->parsed_uri;
my @uri_methods = qw( scheme hostinfo user password hostname port path rpath query fragment );
foreach my $method ( @uri_methods ) {
my $value = $parsed_uri->$method();
$cgi->parms->set('request.uri.' . $method => $value ) if length $value > 0;
}
=item * hostinfo
=item * user
=item * password
=item * hostname
=item * port
Apache-AxKit-Plugin-Session
view release on metacpan or search on metacpan
lib/AxKit/XSP/Auth.pm view on Meta::CPAN
}
$type->set_permission_set($subr,@set);
EOC
}
sub random_password : XSP_expr XSP_attribOrChild(lang,signs,numbers,minlen,maxlen)
{
return 'Crypt::GeneratePassword::word(int($attr_minlen)||7,int($attr_maxlen)||7,$attr_lang,int($attr_signs),(defined $attr_numbers?int($attr_numbers):2))';
}
# This may not work on win32 nor with crypt() implementations without
# MD5 support. Considered experimental for that reason.
sub encrypt_password : XSP_captureContent XSP_expr
{
return 'crypt($_,AxKit::XSP::Auth::makeSalt())';
}
sub password_matches : XSP_attribOrChild(clear,encrypted) XSP_expr
{
return << 'EOF';
($attr_clear && $attr_encrypted && crypt($attr_clear,$attr_encrypted) eq $attr_encrypted?1:0);
EOF
}
lib/AxKit/XSP/Auth.pm view on Meta::CPAN
=head1 DESCRIPTION
The XSP session taglib provides authorization management to XSP pages. It
allows you to view, check and modify access permissions for users (logging
in and out) and the effective permissions of an object (file, directory or
subtarget). Moreover, it provides utilities for password handling.
This taglib works in conjunction with Apache::AxKit::Plugin::Session,
which does all the hard work. There are several configuration variants
available, see the man page for details.
lib/AxKit/XSP/Auth.pm view on Meta::CPAN
This tag checks if the current user is allowed to access a resource and aborts the current
page if not. It takes a target specification like get-permission and a reason code and
message list like deny-permission.
=head3 C<<random-password>>
This tag returns a random password suitable for sending it to users. It consists of
6 letters or digits, both upper and lower case. There are some checks made to make
sure it doesn't contain an offensive word.
=head3 C<<encrypt-password>>
This tag encrypts its contents as a password and inserts the result.
=head3 C<<password-matches>>
This tag checks if a password matches an encrypted password. Pass the passes in child
tags or attributes named 'clear' and 'encrypted'. Returns 1 or 0.
=head3 C<<get-reason>>
This tag returns a symbolic value which describes the last auth error. This can be used
Apache-AxKit-Provider-OpenOffice
view release on metacpan or search on metacpan
dtds/form.mod view on Meta::CPAN
Contributor(s): _______________________________________
-->
<!ENTITY % controls "form:text|form:textarea|form:fixed-text|form:file|
form:password|form:formatted-text|form:button|form:image|
form:checkbox|form:radio|form:listbox|form:combobox|form:frame|
form:hidden|form:image-frame|form:grid|form:generic-control">
<!ENTITY % name "form:name CDATA #IMPLIED">
<!ENTITY % service-name "form:service-name CDATA #IMPLIED">
dtds/form.mod view on Meta::CPAN
%title;
%value;
%convert-empty;
%data-field;>
<!ELEMENT form:password (form:properties?, office:events?)>
<!ATTLIST form:password %disabled;
%max-length;
%printable;
%tab-index;
%tab-stop;
%title;
%value;
%convert-empty;>
<!ATTLIST form:password form:echo-char CDATA "*">
<!ELEMENT form:file (form:properties?, office:events?)>
<!ATTLIST form:file %current-value;
%disabled;
%max-length;
Apache-BruteWatch
view release on metacpan or search on metacpan
lib/Apache/BruteWatch.pm view on Meta::CPAN
$VERSION = qw($Revision: 1.13 $) [1];
=head1 NAME
Apache::BruteWatch - Watch the Apache logs and notify of bruteforce password attacks
=head1 VERSION
$Revision: 1.13 $
lib/Apache/BruteWatch.pm view on Meta::CPAN
PerlLogHandler Apache::BruteWatch
PerlSetVar BruteDatabase DBI:mysql:brutelog
PerlSetVar BruteDataUser username
PerlSetVar BruteDataPassword password
PerlSetVar BruteMaxTries 10
PerlSetVar BruteMaxTime 30
PerlSetVar BruteNotify rbowen@example.com
PerlSetVar BruteForgive 300
=head1 DESCRIPTION
C<mod_perl> log handler for warning you when someone is attempting a
brute-force password attack on your web site.
=head1 Variables
The following variables can be set in your Apache configuration file:
lib/Apache/BruteWatch.pm view on Meta::CPAN
The database username
=head2 BruteDataPassword
The database password
=head2 BruteMaxTries and BruteMaxTime
Allow this many failed attempts in this much time. After that,
notification will be sent. Time is in seconds.
lib/Apache/BruteWatch.pm view on Meta::CPAN
my $message = qq~
Apache::BruteWatch
It appears that the username $username is under a brute-force
password attack.
~;
my %mail = (
To => $notify,
From => $notify,
Apache-Bwlog
view release on metacpan or search on metacpan
{
my $r = shift;
my $Bwlog_mysql_database = $r->dir_config("Bwlog_mysql_database");
my $Bwlog_mysql_server = $r->dir_config("Bwlog_mysql_server");
my $Bwlog_mysql_user = $r->dir_config("Bwlog_mysql_user");
my $Bwlog_mysql_password = $r->dir_config("Bwlog_mysql_password");
return DBI->connect("DBI:mysql:$Bwlog_mysql_database:$Bwlog_mysql_server", $Bwlog_mysql_user, $Bwlog_mysql_password);
}
sub read_shm_hash
{
## Since the sharelite module doesn't support var types, we are going to store a structure to read/write our hash back and forth.
Valid types are currently "file" and "mysql". The mysql portion requires the directives
described below.
=item * PerlSetVar Bwlog_mysql_user
=item * PerlSetVar Bwlog_mysql_password
=item * PerlSetVar Bwlog_mysql_server
=item * PerlSetVar Bwlog_mysql_database
httpd.conf Example.
PerlLogHandler Apache::Bwlog
PerlSetVar Bwlog_mysql_user bw_user
PerlSetVar Bwlog_mysql_password bw_password
PerlSetVar Bwlog_mysql_server 127.0.0.1
PerlSetVar Bwlog_mysql_database bw_logger
PerlSetVar Bwlog_mysql_tablename bw_log
PerlSetVar Bwlog active
Apache-CIPP
view release on metacpan or search on metacpan
# configuration for the database named 'zyn'
# (please refer to the DBI documentation for details)
PerlSetVar db_zyn_data_source dbi:mysql:zyn
PerlSetVar db_zyn_user my_username1
PerlSetVar db_zyn_password my_password1
PerlSetVar db_zyn_auto_commit 1
# configuration for the database named 'foo'
PerlSetVar db_foo_data_source dbi:Oracle:foo
PerlSetVar db_foo_user my_username2
PerlSetVar db_foo_password my_password2
PerlSetVar db_foo_auto_commit 0
</Location>
=head1 DESCRIPTION
Apache-Centipaid
view release on metacpan or search on metacpan
Centipaid.pm view on Meta::CPAN
AuthType custom
PerlAuthenHandler Apache::Centipaid
require valid-user
PerlSetVar acct account_name
PerlSetVar pass receipt_password
PerlSetVar amount 0.01
PerlSetVar duration 1d
PerlSetVar access /pay_path
PerlSetVar domain your.domain.name
PerlSetVar lang en
Centipaid.pm view on Meta::CPAN
If the rececipt is valid, then the information is stored locally. The
information stored included the ip of the client (for optional enforcment
of payment tied to ip), amount paid, date of transaction, expiry date,
and the zone the payment covers. And since centipaid micropayment system
is designed to allow users to pay without having to provide username,
password or any other payment information other than the recipt
number, it makes the process easy to manage and neither the payer or
payee have to worry about financial information falling into the wrong
hands.
B<How do we track payments?>
Centipaid.pm view on Meta::CPAN
The account number is issued by ceentipaid.com
for a given domain name. This number is unique
and it determines who gets paid.
=item B<pass> receipt_password
The password is used only in socket authetication.
It does not grant the owner any special access
except to be able to query the receipt server for
a given receipt number.
=item B<amount> 0.5
Centipaid.pm view on Meta::CPAN
access to read/write to the database defined in
dbname.
=item B<dbpass> pass
This should be the password of the user that has
access to read/write to the database defined in
dbname.
=back
Apache-ConfigParser
view release on metacpan or search on metacpan
t/httpd02.conf view on Meta::CPAN
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
< Files ~ "^\.ht" >
Order allow,deny
Deny from all
t/httpd02.conf view on Meta::CPAN
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
Apache-ContentHandler
view release on metacpan or search on metacpan
ContentHandler.pm view on Meta::CPAN
$self->{noprint} = 0;
$self->{error_email} = 'root';
$self->{dbi_driver} = '';
$self->{dbi_user} = '';
$self->{dbi_password} = '';
}
=item * $val = $self->arg($key)
Returns a CGI/mod_perl parameter for the key $key.
ContentHandler.pm view on Meta::CPAN
}
=item * $s = $hc->dbi
Returns a DBI connection. Override _init and add values for
dbi_driver, dbi_user, and dbi_password to make this connection.
=cut
sub dbi {
my $self = shift;
unless (defined $self->{dbi}) {
$self->{dbi} = DBI->connect($self->{dbi_driver},
$self->{dbi_user},
$self->{dbi_password});
if ($self->{dbi}) {
$self->{dbi}->do('SET DateStyle = \'ISO\'') ||
print '<H2>', $DBI::errstr, "</H2>\n";
} else {
Apache-CryptHash
view release on metacpan or search on metacpan
CryptHash.pm view on Meta::CPAN
sub init() {
my ($proto, $crypt) = @_;
my $class = ref($proto) || $proto;
my $self = {};
$self->{NAME} = 'Secret'; # default header name
$self->{CRYPT} = $crypt || do { # default password is hostname
require Sys::Hostname; # 'no, NO' turns encryption off
&Sys::Hostname::hostname;
};
bless ($self, $class);
return $self;
CryptHash.pm view on Meta::CPAN
Return the md5 base 64 hash of input string.
=item C<checkMAC>
$c = Apache::CryptHash->init('some password');
$c->checkMAC(\%state, \@mac_keys)
Does a comparison of the MAC in the B<%state> vs the calculated value based
on B<@mac_keys> and returns a boolean result.
Apache-CustomKeywords
view release on metacpan or search on metacpan
lib/Apache/CustomKeywords.pm view on Meta::CPAN
=back
=head1 NOTE
If you put C<:> or C<@> as a query in Location: box, MSIE recognizes
it as protocol or authentication password stuff, hence this module
might not work.
=head1 TODO
=over 4
Apache-DBI-Cache
view release on metacpan or search on metacpan
lib/Apache/DBI/Cache/mysql.pm view on Meta::CPAN
sub { # Idx generator $ctx
my ($dsn, $user, $passwd, $attr)=@_;
$Apache::DBI::Cache::LOG->(3, "mysql plugin: got dsn=$dsn");
$attr={%{$attr||{}},
'user' => $user,
'password' => $passwd,
};
DBD::mysql->_OdbcParse($dsn, $attr,
['database', 'host', 'port']);
if( exists $attr->{host} ) {
$attr->{port}=3306 unless( exists $attr->{port} );
lib/Apache/DBI/Cache/mysql.pm view on Meta::CPAN
map( {length $attr->{$_}
? $_."=".$attr->{$_}
: ()} (qw/host port/)));
my $ctx={};
$ctx->{database}=$attr->{database} if( length $attr->{database} );
($user, $passwd)=delete @{$attr}{qw/user password host port database/};
$Apache::DBI::Cache::LOG->(3, "mysql plugin: returning dsn=$dsn");
return ($dsn, $user, $passwd, $attr, $ctx);
},
sub { # connection reinit: issue 'use db'
Apache-DBI
view release on metacpan or search on metacpan
lib/Apache/AuthDBI.pm view on Meta::CPAN
# configuration attributes, defaults will be overwritten with values
# from .htaccess.
my %Config = (
'Auth_DBI_data_source' => '',
'Auth_DBI_username' => '',
'Auth_DBI_password' => '',
'Auth_DBI_pwd_table' => '',
'Auth_DBI_uid_field' => '',
'Auth_DBI_pwd_field' => '',
'Auth_DBI_pwd_whereclause' => '',
'Auth_DBI_grp_table' => '',
lib/Apache/AuthDBI.pm view on Meta::CPAN
'Auth_DBI_log_field' => '',
'Auth_DBI_log_string' => '',
'Auth_DBI_authoritative' => 'on',
'Auth_DBI_nopasswd' => 'off',
'Auth_DBI_encrypted' => 'on',
'Auth_DBI_encryption_salt' => 'password',
#Using Two (or more) Methods Will Allow for Fallback to older Methods
'Auth_DBI_encryption_method'=> 'sha1hex/md5/crypt',
'Auth_DBI_uidcasesensitive' => 'on',
'Auth_DBI_pwdcasesensitive' => 'on',
'Auth_DBI_placeholder' => 'off',
lib/Apache/AuthDBI.pm view on Meta::CPAN
# initialized during authentication, eventually re-used for authorization.
my $Attr = {};
# global cache: all records are put into one string.
# record separator is a newline. Field separator is $;.
# every record is a list of id, time of last access, password, groups
#(authorization only).
# the id is a comma separated list of user_id, data_source, pwd_table,
# uid_field.
# the first record is a timestamp, which indicates the last run of the
# CleanupHandler followed by the child counter.
lib/Apache/AuthDBI.pm view on Meta::CPAN
return MP2 ? Apache2::Const::OK() : Apache::Constants::OK()
unless $r->is_initial_req; # only the first internal request
debug (2, "REQUEST:" . $r->as_string);
# here the dialog pops up and asks you for username and password
my ($res, $passwd_sent) = $r->get_basic_auth_pw;
{
no warnings qw(uninitialized);
debug (2, "$prefix get_basic_auth_pw: res = >$res<, password sent = >$passwd_sent<");
}
return $res if $res; # e.g. HTTP_UNAUTHORIZED
# get username
my $user_sent = $r->user;
lib/Apache/AuthDBI.pm view on Meta::CPAN
}
# parse connect attributes, which may be tilde separated lists
my @data_sources = split /~/, $Attr->{data_source};
my @usernames = split /~/, $Attr->{username};
my @passwords = split /~/, $Attr->{password};
# use ENV{DBI_DSN} if not defined
$data_sources[0] = '' unless $data_sources[0];
# obtain the id for the cache
# remove any embedded attributes, because of trouble with regexps
lib/Apache/AuthDBI.pm view on Meta::CPAN
# do we want Windows-like case-insensitivity?
$user_sent = lc $user_sent if $Attr->{uidcasesensitive} eq "off";
$passwd_sent = lc $passwd_sent if $Attr->{pwdcasesensitive} eq "off";
# check whether the user is cached but consider that the password
# possibly has changed
my $passwd = '';
if ($CacheTime) { # do we use the cache ?
if ($SHMID) { # do we keep the cache in shared memory ?
semop($SEMID, $obtain_lock)
lib/Apache/AuthDBI.pm view on Meta::CPAN
my @passwds_to_check =
&get_passwds_to_check(
$Attr,
user_sent => $user_sent,
passwd_sent => $passwd_sent,
password => $passwd_cached
);
debug(2, "$prefix " . scalar(@passwds_to_check) . " passwords to check");
foreach my $passwd_to_check (@passwds_to_check) {
# match cached password with password sent
$passwd = $passwd_cached if $passwd_to_check eq $passwd_cached;
last if $passwd;
}
}
}
lib/Apache/AuthDBI.pm view on Meta::CPAN
# found in cache
if ($passwd) {
debug(2, "$prefix passwd found in cache");
}
else {
# password not cached or changed
debug (2, "$prefix passwd not found in cache");
# connect to database, use all data_sources until the connect succeeds
for (my $j = 0; $j <= $#data_sources; $j++) {
last if (
$dbh = DBI->connect(
$data_sources[$j],
$usernames[$j],
$passwords[$j]
)
);
}
unless ($dbh) {
$r->log_reason(
lib/Apache/AuthDBI.pm view on Meta::CPAN
$dbh->disconnect;
return MP2 ? Apache2::Const::SERVER_ERROR() :
Apache::Constants::SERVER_ERROR();
}
my $password;
$sth->execute();
$sth->bind_columns(\$password);
my $cnt = 0;
while ($sth->fetch()) {
$password =~ s/ +$// if $password;
$passwd .= "$password$;";
$cnt++;
}
chop $passwd if $passwd;
# so we can distinguish later on between no password and empty password
undef $passwd if 0 == $cnt;
if ($sth->err) {
$dbh->disconnect;
return MP2 ? Apache2::Const::SERVER_ERROR() :
lib/Apache/AuthDBI.pm view on Meta::CPAN
}
$r->subprocess_env(REMOTE_PASSWORDS => $passwd);
debug(2, "$prefix passwd = >$passwd<");
# check if password is needed
unless ($passwd) { # not found in database
# if authoritative insist that user is in database
if ($Attr->{authoritative} eq 'on') {
$r->log_reason("$prefix password for user $user_sent not found", $r->uri);
$r->note_basic_auth_failure;
return MP2 ? Apache2::Const::AUTH_REQUIRED() :
Apache::Constants::AUTH_REQUIRED();
}
else {
lib/Apache/AuthDBI.pm view on Meta::CPAN
return MP2 ? Apache2::Const::DECLINED() :
Apache::Constants::DECLINED();
}
}
# allow any password if nopasswd = on and the retrieved password is empty
if ($Attr->{nopasswd} eq 'on' && !$passwd) {
return MP2 ? Apache2::Const::OK() : Apache::Constants::OK();
}
# if nopasswd is off, reject user
unless ($passwd_sent && $passwd) {
$r->log_reason("$prefix user $user_sent: empty password(s) rejected", $r->uri);
$r->note_basic_auth_failure;
return MP2 ? Apache2::Const::AUTH_REQUIRED() :
Apache::Constants::AUTH_REQUIRED();
}
# compare passwords
my $found = 0;
foreach my $password (split /$;/, $passwd) {
# compare all the passwords using as many encryption methods
# in fallback as needed
my @passwds_to_check =
&get_passwds_to_check(
$Attr,
user_sent => $user_sent,
passwd_sent => $passwd_sent,
password => $password
);
debug (2, "$prefix " . scalar(@passwds_to_check) . " passwords to check");
foreach my $passwd_to_check (@passwds_to_check) {
debug(
2,
"$prefix user $user_sent: Password after Preparation " .
">$passwd_to_check< - trying for a match with >$password<"
);
if ($passwd_to_check eq $password) {
$found = 1;
$r->subprocess_env(REMOTE_PASSWORD => $password);
debug (
2,
"$prefix user $user_sent: Password from Web Server " .
">$passwd_sent< - Password after Preparation >$passwd_to_check< - " .
"password match for >$password<"
);
# update timestamp and cache userid/password if CacheTime
# is configured
if ($CacheTime) { # do we use the cache ?
if ($SHMID) { # do we keep the cache in shared memory ?
semop($SEMID, $obtain_lock)
or warn "$prefix semop failed \n";
shmread($SHMID, $Cache, 0, $SHMSIZE)
or warn "$prefix shmread failed \n";
substr($Cache, index($Cache, "\0")) = '';
}
# update timestamp and password or append new record
my $now = time;
if (!($Cache =~ s/$ID$;\d+$;.*$;(.*)\n/$ID$;$now$;$password$;$1\n/)) {
$Cache .= "$ID$;$now$;$password$;\n";
}
if ($SHMID) { # write cache to shared memory
shmwrite($SHMID, $Cache, 0, $SHMSIZE)
or warn "$prefix shmwrite failed \n";
lib/Apache/AuthDBI.pm view on Meta::CPAN
last;
}
}
#if the passwd matched (encrypted or otherwise), don't check the
# myriad other passwords that may or may not exist
last if $found > 0 ;
}
unless ($found) {
$r->log_reason("$prefix user $user_sent: password mismatch", $r->uri);
$r->note_basic_auth_failure;
return MP2 ? Apache2::Const::AUTH_REQUIRED() :
Apache::Constants::AUTH_REQUIRED();
}
lib/Apache/AuthDBI.pm view on Meta::CPAN
my $connect;
for (my $j = 0; $j <= $#data_sources; $j++) {
if ($dbh = DBI->connect(
$data_sources[$j],
$usernames[$j],
$passwords[$j]
)) {
$connect = 1;
last;
}
}
lib/Apache/AuthDBI.pm view on Meta::CPAN
debug (2, "$prefix return OK\n");
return MP2 ? Apache2::Const::OK() : Apache::Constants::OK();
}
#Encrypts a password in all supported/requested methods and passes back
#array for comparison
sub get_passwds_to_check {
my $Attr = shift;
my %params = @_;
lib/Apache/AuthDBI.pm view on Meta::CPAN
}
#CRYPT
if ($Attr->{encryption_method} =~ /(^|\/)crypt($|\/)/i) {
$salt = $Attr->{encryption_salt} eq 'userid' ?
$params{'user_sent'} : $params{'password'};
#Bug Fix in v0.94 (marked as 0.93 in file. salt was NOT being sent
# to crypt) - KAM - 06-16-2005
push @passwds_to_check, crypt($params{'passwd_sent'}, $salt);
}
lib/Apache/AuthDBI.pm view on Meta::CPAN
# from the authentication
# parse connect attributes, which may be tilde separated lists
my @data_sources = split /~/, $Attr->{data_source};
my @usernames = split /~/, $Attr->{username};
my @passwords = split /~/, $Attr->{password};
# use ENV{DBI_DSN} if not defined
$data_sources[0] = '' unless $data_sources[0];
# if not configured decline
unless ($Attr->{pwd_table} && $Attr->{uid_field} && $Attr->{grp_field}) {
lib/Apache/AuthDBI.pm view on Meta::CPAN
my $connect;
for (my $j = 0; $j <= $#data_sources; $j++) {
if ($dbh = DBI->connect(
$data_sources[$j],
$usernames[$j],
$passwords[$j]
)) {
$connect = 1;
last;
}
}
lib/Apache/AuthDBI.pm view on Meta::CPAN
PerlAuthenHandler Apache::AuthDBI::authen
PerlAuthzHandler Apache::AuthDBI::authz
PerlSetVar Auth_DBI_data_source dbi:driver:dsn
PerlSetVar Auth_DBI_username db_username
PerlSetVar Auth_DBI_password db_password
#DBI->connect($data_source, $username, $password)
PerlSetVar Auth_DBI_pwd_table users
PerlSetVar Auth_DBI_uid_field username
PerlSetVar Auth_DBI_pwd_field password
# authentication: SELECT pwd_field FROM pwd_table WHERE uid_field=$user
PerlSetVar Auth_DBI_grp_field groupname
# authorization: SELECT grp_field FROM pwd_table WHERE uid_field=$user
require valid-user
lib/Apache/AuthDBI.pm view on Meta::CPAN
http://dbi.perl.org/
Authentication:
For the given username the password is looked up in the cache. If the cache
is not configured or if the user is not found in the cache, or if the given
password does not match the cached password, it is requested from the database.
If the username does not exist and the authoritative directive is set to 'on',
the request is rejected. If the authoritative directive is set to 'off', the
control is passed on to next module in line.
If the password from the database for the given username is empty and the
nopasswd directive is set to 'off', the request is rejected. If the nopasswd
directive is set to 'on', any password is accepted.
Finally the passwords (multiple passwords per userid are allowed) are
retrieved from the database. The result is put into the environment variable
REMOTE_PASSWORDS. Then it is compared to the password given. If the encrypted
directive is set to 'on', the given password is encrypted using perl's crypt()
function before comparison. If the encrypted directive is set to 'off' the
plain-text passwords are compared.
If this comparison fails the request is rejected, otherwise the request is
accepted and the password is put into the environment variable REMOTE_PASSWORD.
The SQL-select used for retrieving the passwords is as follows:
SELECT pwd_field FROM pwd_table WHERE uid_field = user
If a pwd_whereclause exists, it is appended to the SQL-select.
lib/Apache/AuthDBI.pm view on Meta::CPAN
UPDATE pwd_table SET log_field = log_string WHERE uid_field = user
Authorization:
When the authorization handler is called, the authentication has already been
done. This means, that the given username/password has been validated.
The handler analyzes and processes the requirements line by line. The request
is accepted if the first requirement is fulfilled.
In case of 'valid-user' the request is accepted.
lib/Apache/AuthDBI.pm view on Meta::CPAN
If a grp_whereclause exists, it is appended to the SQL-select.
Cache:
The module maintains an optional cash for all passwords/groups. See the
method setCacheTime(n) on how to enable the cache. Every server has it's
own cache. Optionally the cache can be put into a shared memory segment,
so that it can be shared among all servers. See the CONFIGURATION section
on how to enable the usage of shared memory.
lib/Apache/AuthDBI.pm view on Meta::CPAN
=item * Auth_DBI_data_source (Authentication and Authorization)
The data_source value has the syntax 'dbi:driver:dsn'. This parameter is
passed to the database driver for processing during connect. The data_source
parameter (as well as the username and the password parameters) may be a
tilde ('~') separated list of several data_sources. All of these triples will
be used until a successful connect is made. This way several backup-servers
can be configured. if you want to use the environment variable DBI_DSN
instead of a data_source, do not specify this parameter at all.
lib/Apache/AuthDBI.pm view on Meta::CPAN
The username argument is passed to the database driver for processing during
connect. This parameter may be a tilde ('~') separated list.
See the data_source parameter above for the usage of a list.
=item * Auth_DBI_password (Authentication and Authorization)
The password argument is passed to the database driver for processing during
connect. This parameter may be a tilde ('~') separated list.
See the data_source parameter above for the usage of a list.
=item * Auth_DBI_pwd_table (Authentication and Authorization)
Contains at least the fields with the username and the (possibly encrypted)
password. The username should be unique.
=item * Auth_DBI_uid_field (Authentication and Authorization)
Field name containing the username in the Auth_DBI_pwd_table.
=item * Auth_DBI_pwd_field (Authentication only)
Field name containing the password in the Auth_DBI_pwd_table.
=item * Auth_DBI_pwd_whereclause (Authentication only)
Use this option for specifying more constraints to the SQL-select.
lib/Apache/AuthDBI.pm view on Meta::CPAN
is set to 'off', control is passed on to any other authentication modules. Be
sure you know what you are doing when you decide to switch it off.
=item * Auth_DBI_nopasswd < on / off > (Authentication only)
Default is 'off'. When set 'on' the password comparison is skipped if the
password retrieved from the database is empty, i.e. allow any password.
This is 'off' by default to ensure that an empty Auth_DBI_pwd_field does not
allow people to log in with a random password. Be sure you know what you are
doing when you decide to switch it on.
=item * Auth_DBI_encrypted < on / off > (Authentication only)
Default is 'on'. When set to 'on', the password retrieved from the database
is assumed to be crypted. Hence the incoming password will be crypted before
comparison. When this directive is set to 'off', the comparison is done
directly with the plain-text entered password.
=item *
Auth_DBI_encryption_method < sha1hex/md5hex/crypt > (Authentication only)
Default is blank. When set to one or more encryption method, the password
retrieved from the database is assumed to be crypted. Hence the incoming
password will be crypted before comparison. The method supports falling
back so specifying 'sha1hex/md5hex' would allow for a site that is upgrading
to sha1 to support both methods. sha1 is the recommended method.
=item * Auth_DBI_encryption_salt < password / userid > (Authentication only)
When crypting the given password AuthDBI uses per default the password
selected from the database as salt. Setting this parameter to 'userid',
the module uses the userid as salt.
=item *
Auth_DBI_uidcasesensitive < on / off > (Authentication and Authorization)
Default is 'on'. When set 'off', the entered userid is converted to lower case.
Also the userid in the password select-statement is converted to lower case.
=item * Auth_DBI_pwdcasesensitive < on / off > (Authentication only)
Default is 'on'. When set 'off', the entered password is converted to lower
case.
=item * Auth_DBI_placeholder < on / off > (Authentication and Authorization)
Default is 'off'. When set 'on', the select statement is prepared using a
lib/Apache/AuthDBI.pm view on Meta::CPAN
Apache::AuthDBI->setCacheTime(0);
This configures the lifetime in seconds for the entries in the cache.
Default is 0, which turns off the cache. When set to any value n > 0, the
passwords/groups of all users will be cached for at least n seconds. After
finishing the request, a special handler skips through the cache and deletes
all outdated entries (entries, which are older than the CacheTime).
Apache::AuthDBI->setCleanupTime(-1);
lib/Apache/AuthDBI.pm view on Meta::CPAN
It still recommened that you use the latest version of Apache::DBI because Apache::DBI
versions less than 1.00 are NO longer supported.
=head1 SECURITY
In some cases it is more secure not to put the username and the password in
the .htaccess file. The following example shows a solution to this problem:
httpd.conf:
<Perl>
my($uid,$pwd) = My::dbi_pwd_fetch();
$Location{'/foo/bar'}->{PerlSetVar} = [
[ Auth_DBI_username => $uid ],
[ Auth_DBI_password => $pwd ],
];
</Perl>
=head1 SEE ALSO
Apache-DBILogConfig
view release on metacpan or search on metacpan
DBILogConfig.pm view on Meta::CPAN
$r->subprocess_env; # Setup the environment
# Connect to the database
my $source = $r->dir_config('DBILogConfig_data_source');
my $username = $r->dir_config('DBILogConfig_username');
my $password = $r->dir_config('DBILogConfig_password');
my $dbh = DBI->connect($source, $username, $password);
unless ($dbh) {
$r->log_error("Apache::DBILogConfig could not connect to $source - $DBI::errstr");
return DECLINED;
} # End unless
$r->warn("DBILogConfig: Connected to $source as $username");
DBILogConfig.pm view on Meta::CPAN
# In httpd.conf
PerlLogHandler Apache::DBILogConfig
PerlSetVar DBILogConfig_data_source DBI:Informix:log_data
PerlSetVar DBILogConfig_username informix
PerlSetVar DBILogConfig_password informix
PerlSetVar DBILogConfig_table mysite_log
PerlSetVar DBILogConfig_log_format "%b=bytes_sent %f=filename %h=remote_host %r=request %s=status"
=head1 DESCRIPTION
DBILogConfig.pm view on Meta::CPAN
=item DBILogConfig_username
Username passed to the database driver when connecting
=item DBILogConfig_password
Password passed to the database driver when connecting
=item DBILogConfig_table
Apache-DBILogger
view release on metacpan or search on metacpan
DBILogger.pm view on Meta::CPAN
$$dbhref->disconnect;
$r->log_error("Reconnecting to DBI server");
$$dbhref = DBI->connect($r->dir_config("DBILogger_data_source"), $r->dir_config("DBILogger_username"), $r->dir_config("DBILogger_password"));
unless ($$dbhref) {
$r->log_error("Apache::DBILogger could not connect to ".$r->dir_config("DBILogger_data_source")." - ".$DBI::errstr);
return DECLINED;
}
DBILogger.pm view on Meta::CPAN
$data{user} = $user;
}
$data{usertrack} = $r->notes('cookie') || '';
my $dbh = DBI->connect($r->dir_config("DBILogger_data_source"), $r->dir_config("DBILogger_username"), $r->dir_config("DBILogger_password"));
unless ($dbh) {
$r->log_error("Apache::DBILogger could not connect to ".$r->dir_config("DBILogger_data_source")." - ".$DBI::errstr);
return DECLINED;
}
DBILogger.pm view on Meta::CPAN
# Place this in your Apache's httpd.conf file
PerlLogHandler Apache::DBILogger
PerlSetVar DBILogger_data_source DBI:mysql:httpdlog
PerlSetVar DBILogger_username httpduser
PerlSetVar DBILogger_password secret
PerlSetvar DBILogger_table requests
Create a database with a table named B<requests> like this:
CREATE TABLE requests (
Apache-DBILogin
view release on metacpan or search on metacpan
DBILogin.pm view on Meta::CPAN
DBA_ROLE_PRIVS, but under Oracle that requires explicit privilege.
Documentation patches for other databases are welcome.
=head1 ENVIRONMENT
Applications may access the clear text password as well as the data_source
via the environment variables B<HTTP_MODPERL_DBILOGIN_PASSWORD> and
B<HTTP_MODPERL_DBILOGIN_DATA_SOURCE>.
#!/usr/bin/perl -wT
use strict;
use CGI;
use DBI;
my $name = $ENV{REMOTE_USER};
my $password = $ENV{HTTP_MODPERL_DBILOGIN_PASSWORD};
my $data_source = $ENV{HTTP_MODPERL_DBILOGIN_DATA_SOURCE};
my $dbh = DBI->connect($data_source, $name, $password)
or die "$DBI::err: $DBI::errstr\n";
...
=head1 SECURITY
( run in 0.938 second using v1.01-cache-2.11-cpan-49f99fa48dc )