Apache-AuthCookieDBI
view release on metacpan or search on metacpan
AuthCookieDBI.pm view on Meta::CPAN
our $VERSION = 2.10;
use Apache;
use Apache::AuthCookie;
use Apache::DBI;
use Apache::Constants;
use Apache::File;
use Digest::MD5 qw( md5_hex );
use Date::Calc qw( Today_and_Now Add_Delta_DHMS );
# Also uses Crypt::CBC if you're using encrypted cookies.
use base qw( Apache::AuthCookie );
my $EMPTY_STRING = q{};
#===============================================================================
# F U N C T I O N D E C L A R A T I O N S
#===============================================================================
#===============================================================================
# P A C K A G E G L O B A L S
#===============================================================================
use vars qw( %CIPHERS );
# Stores Cipher::CBC objects in $CIPHERS{ idea:AuthName },
# $CIPHERS{ des:AuthName } etc.
use vars qw( %SECRET_KEYS );
# Stores secret keys for MD5 checksums and encryption for each auth realm in
# $SECRET_KEYS{ AuthName }.
#===============================================================================
# S E R V E R S T A R T I N I T I A L I Z A T I O N
#===============================================================================
AuthCookieDBI.pm view on Meta::CPAN
protection of the password in transport; use SSL for that. It can be 'none',
'des', 'idea', 'blowfish', or 'blowfish_pp'.
This is not required and defaults to 'none'.
=cut
$c{DBI_encryptiontype} = _dir_config_var( $r, 'DBI_EncryptionType' )
|| 'none';
# If we used encryption we need to pull in Crypt::CBC.
if ( $c{DBI_encryptiontype} ne 'none' ) {
require Crypt::CBC;
}
=item C<WhatEverDBI_SessionLifetime>
How long tickets are good for after being issued. Note that presently
Apache::AuthCookie does not set a client-side expire time, which means that
most clients will only keep the cookie until the user quits the browser.
However, if you wish to force people to log in again sooner than that, set
this value. This can be 'forever' or a life time specified as:
AuthCookieDBI.pm view on Meta::CPAN
# Now we add this hash to the end of the public part.
my $session_key = "$public_part:$hash";
# Now we encrypt this and return it.
my $encrypted_session_key;
if ( $c{DBI_encryptiontype} eq 'none' ) {
$encrypted_session_key = $session_key;
}
elsif ( lc $c{DBI_encryptiontype} eq 'des' ) {
$CIPHERS{"des:$auth_name"} ||= Crypt::CBC->new( $secret_key, 'DES' );
$encrypted_session_key =
$CIPHERS{"des:$auth_name"}->encrypt_hex($session_key);
}
elsif ( lc $c{DBI_encryptiontype} eq 'idea' ) {
$CIPHERS{"idea:$auth_name"} ||= Crypt::CBC->new( $secret_key, 'IDEA' );
$encrypted_session_key =
$CIPHERS{"idea:$auth_name"}->encrypt_hex($session_key);
}
elsif ( lc $c{DBI_encryptiontype} eq 'blowfish' ) {
$CIPHERS{"blowfish:$auth_name"} ||=
Crypt::CBC->new( $secret_key, 'Blowfish' );
$encrypted_session_key =
$CIPHERS{"blowfish:$auth_name"}->encrypt_hex($session_key);
}
return $encrypted_session_key;
}
#-------------------------------------------------------------------------------
# Take a session key and check that it is still valid; if so, return the user.
AuthCookieDBI.pm view on Meta::CPAN
$r->uri
);
return;
}
# Get the cipher from the cache, or create a new one if the
# cached cipher hasn't been created, & decrypt the session key.
my $cipher;
if ( lc $c{DBI_encryptiontype} eq 'des' ) {
$cipher = $CIPHERS{"des:$auth_name"} ||=
Crypt::CBC->new( $secret_key, 'DES' );
}
elsif ( lc $c{DBI_encryptiontype} eq 'idea' ) {
$cipher = $CIPHERS{"idea:$auth_name"} ||=
Crypt::CBC->new( $secret_key, 'IDEA' );
}
elsif ( lc $c{DBI_encryptiontype} eq 'blowfish' ) {
$cipher = $CIPHERS{"blowfish:$auth_name"} ||=
Crypt::CBC->new( $secret_key, 'Blowfish' );
}
elsif ( lc $c{DBI_encryptiontype} eq 'blowfish_pp' ) {
$cipher = $CIPHERS{"blowfish_pp:$auth_name"} ||=
Crypt::CBC->new( $secret_key, 'Blowfish_PP' );
}
else {
$r->log_reason(
"Apache::AuthCookieDBI: unknown encryption type $c{ DBI_encryptiontype } for auth realm $auth_name",
$r->uri
);
return;
}
$session_key = $cipher->decrypt_hex($encrypted_session_key);
}
( run in 0.531 second using v1.01-cache-2.11-cpan-e1769b4cff6 )