Apache-SecSess
view release on metacpan or search on metacpan
SecSess/DBI.pm view on Meta::CPAN
my $rec = $self->get_user_record($uid);
unless ($rec) { return undef; }
return $rec->{name};
}
## get UNIX-style password hash
sub get_pwhash {
my $self = shift;
my($uid) = @_;
return $self->get_stored_token($uid, 'unixpw');
}
## get stored token
sub get_stored_token {
my $self = shift;
my($uid, $authid) = @_;
my($uasth, $token);
# set up DB query statement
$self->refresh_dbh;
SecSess/DBI.pm view on Meta::CPAN
## valid a user/password against database
sub validate_user_pass {
my $self = shift;
my($uid, $pw) = @_;
## this little extra step is necessary for crypt() to work
unless ($uid && $pw) { return 'empty'; }
my $pwhash = $self->get_pwhash($uid);
return $self->validate_stored_token($uid, crypt($pw, $pwhash), 'unixpw');
}
## validate a general stored token (eg, password, PIN, etc)
sub validate_stored_token {
my $self = shift;
my($uid, $token, $authid) = @_;
my($status);
unless ($uid) { return 'empty'; } # empty uid argument
$status = $self->get_user_status($uid);
SecSess/DBI.pm view on Meta::CPAN
@salt = ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand(64), rand(64)];
$hash = crypt($pw, join('', @salt));
# prepare set statement
$self->refresh_dbh;
$sth = $self->{dbh}->prepare(<<'ENDSQL');
UPDATE userauthen
SET token = ?
WHERE usrid = ? AND authid = ?
ENDSQL
$sth->execute($self->dbquote($hash), $uid, 'unixpw');
$sth->finish;
}
## return list of groups to which user belongs
sub get_groups {
my $self = shift;
my($uid) = @_;
my($h);
unless ($h = $self->get_groups_hash($uid)) { return undef; }
return keys %$h;
%groups = (
admin => 'Administrative privileges',
transact => 'Transaction privileges',
confidential => 'Sensitivity privilege: confidential data',
secret => 'Sensitivity privilege: secret data',
topsecret => 'Sensitivity privilege: top secret data',
super => 'Sensitivity privilege: all data',
);
%authens = ( # authid => [<description>, <maximum failure count>]
unixpw => ['Unix password crypt', 100],
x509email => ['X.509 certificate (signed by us)', 0],
pin => ['Personal Identity Number (PIN)', 10]
);
%users = (
bob => { name => 'Col. Robert Bobtight', group => 'bob',
groups => [qw(super admin transact confidential secret topsecret)],
unixpw => crypt('sekret', 'Mq'),
x509email => 'bob@acme.com',
pin => '0918'
},
guest => { name => 'Guest Account', group => 'guest',
unixpw => crypt('johnanon', '4C')
}
);
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Process into tables
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
#
demo/httpdconf/httpd.sec1.conf view on Meta::CPAN
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerType is either inetd, or standalone. Inetd mode is only supported on
# Unix platforms.
#
ServerType standalone
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
demo/httpdconf/httpd.sec1.conf view on Meta::CPAN
# no two invocations of Apache share the same scoreboard file.
#
ScoreBoardFile /usr/local/apache/logs/httpd.scoreboard
#
# In the standard configuration, the server will process httpd.conf (this
# file, specified by the -f command line option), srm.conf, and access.conf
# in that order. The latter two files are now distributed empty, as it is
# recommended that all directives be kept in a single file for simplicity.
# The commented-out values below are the built-in defaults. You can have the
# server ignore these files altogether by using "/dev/null" (for Unix) or
# "nul" (for Win32) for the arguments to the directives.
#
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
( run in 0.658 second using v1.01-cache-2.11-cpan-39bf76dae61 )