File Coverage

blib/lib/Apache2/AuthenNIS.pm

Criterion	Covered	Total	%
statement	10	12	83.3
branch			n/a
condition			n/a
subroutine	4	4	100.0
pod			n/a
total	14	16	87.5

line	stmt	sub	time	code
1				package Apache2::AuthenNIS;
2
3	1	1	25953	use warnings;
	1		3
	1		34
4	1	1	6	use strict;
	1		2
	1		34
5	1	1	963	use Net::NIS;
	1		6603
	1		142
6	1	1	457	use mod_perl2;
	0
	0
7
8				BEGIN {
9				require Apache2::Const;
10				require Apache2::Access;
11				require Apache2::Connection;
12				require Apache2::Log;
13				require Apache2::RequestRec;
14				require Apache2::RequestUtil;
15				Apache2::Const->import(
16				'-compile' => 'HTTP_UNAUTHORIZED',
17				'OK', 'HTTP_INTERNAL_SERVER_ERROR', 'DECLINED'
18				);
19				}
20
21				=head1 NAME
22
23				Apache2::AuthenNIS - mod_perl2 NIS Authentication module
24
25				=head1 VERSION
26
27				Version 0.14
28
29				=cut
30
31				our $VERSION = '0.15';
32
33
34				=head1 SYNOPSIS
35
36
37				# This is the standard authentication stuff
38				AuthName "Foo Bar Authentication"
39				AuthType Basic
40
41				PerlAuthenHandler Apache::AuthenNIS
42
43				# Set if you want to allow an alternate method of authentication
44				PerlSetVar AllowAlternateAuth yes \| no
45
46				# Standard require stuff, NIS users or groups, and
47				# "valid-user" all work OK
48				require user username1 username2 ...
49				require valid-user
50
51				# The following is actually only needed when authorizing
52				# against NIS groups. This is a separate module.
53				PerlAuthzHandler Apache::AuthzNIS
54
55
56
57				These directives can also be used in the directive or in
58				an .htaccess file.
59
60				=head1 DESCRIPTION
61
62				This perl module is designed to work with mod_perl2 and the Net::NIS
63				module by Rik Haris (B). Version 0.13 of
64				Apache::AuthenNIS was renamed and modified to use mod_perl2. That module
65				was a direct adaptation of Michael Parker's (B)
66				Apache::AuthenSmb module.
67
68				The module uses Net::NIS::yp_match to retrieve the "passwd" entry from the
69				passwd.byname map, using the supplied username as the search key. It then
70				uses crypt() to verify that the supplied password matches the retrieved
71				hashed password.
72
73
74				=head2 Parameters
75
76				=over 4
77
78				=item PerlSetVar AllowAlternateAuth
79
80				This attribute allows you to set an alternative method of authentication
81				(Basically, this allows you to mix authentication methods, if you don't have
82				all users in the NIS database). It does this by returning a DECLINE and checking
83				for the next handler, which could be another authentication, such as
84				Apache-AuthenNTLM or basic authentication.
85
86				=back
87
88
89				=head2 Functions
90
91				=over 4
92
93				=item handler
94
95				This is the mod_perl2 handler function.
96
97				=cut
98
99				sub handler {
100				my $r = shift;
101				my( $res, $sent_pwd ) = $r->get_basic_auth_pw;
102				return $res if $res; #decline if not Basic
103
104				my $name = $r->user;
105
106				my $allowaltauth = $r->dir_config( 'AllowAlternateAuth' ) \|\| "no";
107
108				my $domain = Net::NIS::yp_get_default_domain();
109				unless( $domain ) {
110				$r->note_basic_auth_failure;
111				$r->log_error( __PACKAGE__, " - cannot obtain NIS domain", $r->uri );
112				return Apache2::Const::HTTP_INTERNAL_SERVER_ERROR;
113				}
114
115				if ( $name eq q() ) {
116				$r->note_basic_auth_failure;
117				$r->log_error( __PACKAGE__, " - no username given", $r->uri );
118				return Apache2::Const::HTTP_UNAUTHORIZED;
119				}
120
121				my( $status, $entry ) = Net::NIS::yp_match( $domain, "passwd.byname", $name );
122
123				if ( $status ) {
124				if ( lc( $allowaltauth ) eq "yes" && $status == 5 ) {
125				return Apache2::Const::DECLINED;
126				}
127				else {
128				my $error_msg = Net::NIS::yperr_string( $status );
129				$r->note_basic_auth_failure;
130				$r->log_error( __PACKAGE__, " - user $name: yp_match: status ",
131				"$status, $error_msg", $r->uri );
132				return Apache2::Const::HTTP_UNAUTHORIZED;
133				}
134				}
135
136				my( $user, $hash, $uid, $gid, $gecos, $dir, $shell ) = split( /:/, $entry );
137
138				if ( crypt( $sent_pwd, $hash ) eq $hash ) {
139				return Apache2::Const::OK;
140				} else {
141				if ( lc( $allowaltauth ) eq "yes" ) {
142				return Apache2::Const::DECLINED;
143				}
144				else {
145				$r->note_basic_auth_failure;
146				$r->log_error( __PACKAGE__, " - user $name: bad password", $r->uri );
147				return Apache2::Const::HTTP_UNAUTHORIZED;
148				}
149				}
150
151				return Apache2::Const::OK;
152				}
153
154				=back
155
156
157				=head1 INSTALLATION
158
159				To install this module, run the following commands:
160
161				perl Build.PL
162				./Build
163				./Build test
164				./Build install
165
166
167				=head1 AUTHOR
168
169				Demetrios E. Paneras, C<< >>
170
171				Ported to mod_perl by Shannon Eric Peevey, C<< >>
172
173				Ported to mod_perl2 by Nguon Hao Ching, C<< >>
174
175
176				=head1 BUGS
177
178				Please report any bugs or feature requests to
179				C, or through the web interface at
180				L. I will be
181				notified, and then you'll automatically be notified of progress on your bug as
182				I make changes.
183
184
185				=head1 SUPPORT & DOCUMENTATION
186
187				You can find documentation for this module with the perldoc command.
188
189				perldoc Apache2::AuthenNIS
190
191
192				You can also look for information at:
193
194				=over 4
195
196				=item * RT: CPAN's request tracker
197
198				L
199
200				=item * AnnoCPAN: Annotated CPAN documentation
201
202				L
203
204				=item * CPAN Ratings
205
206				L
207
208				=item * Search CPAN
209
210				L
211
212				=back
213
214
215				=head1 COPYRIGHT & LICENSE
216
217				Copyright (c) 1998 Demetrios E. Paneras, MIT Media Laboratory.
218
219				This program is free software; you can redistribute it and/or modify it
220				under the same terms as Perl itself.
221
222
223				=cut
224
225				1; # End of Apache2::AuthenNIS