File Coverage

blib/lib/CGI/Application/Plugin/Authorization/Driver/ActiveDirectory.pm
Criterion Covered Total %
statement 15 40 37.5
branch 0 12 0.0
condition n/a
subroutine 5 6 83.3
pod 1 1 100.0
total 21 59 35.5


line stmt bran cond sub pod time code
1             package CGI::Application::Plugin::Authorization::Driver::ActiveDirectory;
2              
3 1     1   23360 use strict;
  1         2  
  1         32  
4 1     1   6 use warnings;
  1         1  
  1         27  
5              
6 1     1   4 use base qw(CGI::Application::Plugin::Authorization::Driver);
  1         5  
  1         997  
7 1     1   3998 use Net::LDAP;
  1         237058  
  1         10  
8              
9             our $VERSION = '0.01';
10              
11             =head1 NAME
12              
13             CGI::Application::Plugin::Authorization::Driver::ActiveDirectory - ActiveDirectory Authorization driver
14              
15              
16             =head1 SYNOPSIS
17              
18             use base qw(CGI::Application);
19             use CGI::Application::Plugin::Authorization;
20              
21             __PACKAGE__->authz->config(
22             DRIVER => [ 'ActiveDirectory',
23             HOST => 'ad.foo.org',
24             BINDDN => 'myself',
25             BINDPW => 'mypass',
26             PRINCIPAL => 'foo.org',
27             ],
28             );
29              
30              
31             =head1 METHODS
32              
33             =head2 authorize_user
34              
35             This method accepts a username followed by a list of group names and will return
36             true if the user belongs to at least one of the groups.
37              
38             =cut
39              
40             sub authorize_user {
41 0     0 1   my $self = shift;
42 0           my $username = shift;
43 0           my @groups = @_;
44              
45             # verify that all the options are OK
46 0           my @_options = $self->options;
47 0 0         die "The ActiveDirectory driver requires a hash of options" if @_options % 2;
48 0           my %options = @_options;
49              
50 1     1   158 use Net::LDAP;
  1         2  
  1         3  
51 0 0         my $ldap = Net::LDAP->new($options{HOST}) or die "$@";
52              
53 0           my $mesg = $ldap->bind(
54             $options{BINDDN}.'@'.$options{PRINCIPAL},
55             password => $options{BINDPW},
56             );
57 0 0         $mesg->code && die $mesg->error; #die if error
58            
59 0           my $search_base = join(',',map("DC=".$_,split /\./, $options{PRINCIPAL}));
60 0           $mesg = $ldap->search( # perform a search
61             base => $search_base,
62             filter => "(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=$username))",
63             );
64 0 0         $mesg->code && die $mesg->error; #die if error
65              
66 0           foreach my $entry ($mesg->entries) {
67 0           my @ad_groups = @{$entry->get_value('memberOf', asref => 1)};
  0            
68 0           foreach my $ad_group (@ad_groups) {
69 0           my @tmp_arr = split /,/, $ad_group;
70 0           my $tmp_string = shift @tmp_arr;
71 0 0         if($tmp_string =~ /^CN=(.*)$/i)
72             {
73             #here we have clear AD group name in $1
74 0           my $clear_ad_group = $1;
75 0           foreach my $group (@groups) {
76 0 0         if($group eq $clear_ad_group)
77             {
78 0           $ldap->unbind;
79 0           return 1; #authorized
80             }
81             }
82             }
83             }
84             }
85              
86 0           return 0; #unauthorized if we r here
87             }
88              
89              
90             =head1 SEE ALSO
91              
92             L, L, perl(1)
93              
94              
95             =head1 LICENCE AND COPYRIGHT
96              
97             Copyright (c) 2010, Dmitry Sukhanov . All rights reserved.
98              
99             This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
100              
101              
102             =head1 DISCLAIMER OF WARRANTY
103              
104             BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.
105              
106             IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
107              
108             =cut
109              
110             1;