line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package CGI::Builder::Auth::RealmDef; |
2
|
4
|
|
|
4
|
|
901
|
use Carp; |
|
4
|
|
|
|
|
5
|
|
|
4
|
|
|
|
|
316
|
|
3
|
|
|
|
|
|
|
|
4
|
4
|
|
|
4
|
|
22
|
use strict; |
|
4
|
|
|
|
|
6
|
|
|
4
|
|
|
|
|
126
|
|
5
|
4
|
|
|
4
|
|
747
|
use CGI::Builder::Auth::RealmManager; |
|
4
|
|
|
|
|
6
|
|
|
4
|
|
|
|
|
244
|
|
6
|
4
|
|
|
4
|
|
20
|
use vars qw($VERSION); |
|
4
|
|
|
|
|
9
|
|
|
4
|
|
|
|
|
267
|
|
7
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
$VERSION = $CGI::Builder::Auth::Realm::VERSION = 1.52; |
9
|
|
|
|
|
|
|
|
10
|
4
|
|
|
4
|
|
8387
|
use overload '""'=>\&name; |
|
4
|
|
|
|
|
5072
|
|
|
4
|
|
|
|
|
38
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
sub new { |
13
|
12
|
|
|
12
|
|
21
|
my ($class,$name) = @_; |
14
|
12
|
|
|
|
|
43
|
return bless { 'name' => $name },$class; |
15
|
|
|
|
|
|
|
} |
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
sub userdb { |
18
|
18
|
|
|
18
|
|
23
|
my $self = shift; |
19
|
18
|
|
33
|
|
|
99
|
return $self->{users} || $self->{userfile}; |
20
|
|
|
|
|
|
|
} |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
sub groupdb { |
23
|
10
|
|
|
10
|
|
14
|
my $self = shift; |
24
|
10
|
|
33
|
|
|
56
|
return $self->{groups} || $self->{groupfile}; |
25
|
|
|
|
|
|
|
} |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
# backwards compatability only |
28
|
0
|
|
|
0
|
|
0
|
sub userfile { return &userdb; } |
29
|
0
|
|
|
0
|
|
0
|
sub groupfile { return &groupdb; } |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
sub mode { |
32
|
3
|
|
50
|
3
|
|
29
|
return shift->{mode} || 0644; |
33
|
|
|
|
|
|
|
} |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
sub database { |
36
|
1
|
|
50
|
1
|
|
11
|
return shift->{database} || "www\@localhost"; |
37
|
|
|
|
|
|
|
} |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
# |
40
|
|
|
|
|
|
|
# added by John Porter: |
41
|
|
|
|
|
|
|
# |
42
|
|
|
|
|
|
|
sub dblogin { |
43
|
1
|
|
|
1
|
|
4
|
return shift->{dblogin}; |
44
|
|
|
|
|
|
|
} |
45
|
|
|
|
|
|
|
sub dbpassword { |
46
|
1
|
|
|
1
|
|
3
|
return shift->{dbpassword}; |
47
|
|
|
|
|
|
|
} |
48
|
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
sub fields { |
50
|
1
|
|
|
1
|
|
5
|
return shift->{fields}; |
51
|
|
|
|
|
|
|
} |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
sub usertype { |
54
|
18
|
|
|
18
|
|
23
|
my $self = shift; |
55
|
18
|
|
33
|
|
|
113
|
return $self->{usertype} || $self->{type}; |
56
|
|
|
|
|
|
|
} |
57
|
|
|
|
|
|
|
|
58
|
|
|
|
|
|
|
sub grouptype { |
59
|
5
|
|
|
5
|
|
7
|
my $self = shift; |
60
|
5
|
|
33
|
|
|
38
|
return $self->{grouptype} || $self->{type}; |
61
|
|
|
|
|
|
|
} |
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
sub authentication { |
64
|
10
|
|
100
|
10
|
|
87
|
return shift->{'authentication'} || 'Basic'; |
65
|
|
|
|
|
|
|
} |
66
|
|
|
|
|
|
|
|
67
|
|
|
|
|
|
|
sub driver { |
68
|
0
|
|
0
|
0
|
|
0
|
return shift->{'driver'} || 'mSQL'; |
69
|
|
|
|
|
|
|
} |
70
|
|
|
|
|
|
|
|
71
|
|
|
|
|
|
|
sub server { |
72
|
4
|
|
50
|
4
|
|
48
|
return shift->{'server'} || 'apache'; |
73
|
|
|
|
|
|
|
} |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
sub crypt { |
76
|
9
|
|
|
9
|
|
23
|
my $self = shift; |
77
|
9
|
50
|
|
|
|
22
|
return $self->{'crypt'} if $self->{'crypt'}; |
78
|
9
|
50
|
|
|
|
520
|
return 'crypt' if lc($self->authentication) eq 'basic'; |
79
|
0
|
0
|
|
|
|
0
|
return 'MD5' if lc($self->authentication) eq 'digest'; |
80
|
0
|
|
|
|
|
0
|
return 'crypt'; # default currently |
81
|
|
|
|
|
|
|
} |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
sub name { |
84
|
185
|
|
|
185
|
|
443
|
return shift->{'name'}; |
85
|
|
|
|
|
|
|
} |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
# return a pointer to an associative array with mSQL info. |
88
|
|
|
|
|
|
|
# it will contain the keys: |
89
|
|
|
|
|
|
|
# host name of the database host |
90
|
|
|
|
|
|
|
# database name of the database |
91
|
|
|
|
|
|
|
# dblogin |
92
|
|
|
|
|
|
|
# dbpassword |
93
|
|
|
|
|
|
|
# usertable name of the table that user/passwd/other info is in |
94
|
|
|
|
|
|
|
# grouptable name of the table containing user/group pairs |
95
|
|
|
|
|
|
|
# userfield name of the user field (both tables) |
96
|
|
|
|
|
|
|
# groupuserfield |
97
|
|
|
|
|
|
|
# groupfield name of the group field (group table only) |
98
|
|
|
|
|
|
|
# passwdfield name of the password field (user table only) |
99
|
|
|
|
|
|
|
# userfield_len length of the user field |
100
|
|
|
|
|
|
|
# groupfield_len length of the group field |
101
|
|
|
|
|
|
|
# passwdfield_len length of the password field |
102
|
|
|
|
|
|
|
sub SQLdata { |
103
|
1
|
|
|
1
|
|
3
|
my $self = shift; |
104
|
1
|
50
|
|
|
|
5
|
return undef unless $self->usertype=~/sql/i; |
105
|
1
|
|
|
|
|
87
|
my ($u,$g) = ($self->split_parms($self->userdb),$self->split_parms($self->groupdb)); |
106
|
1
|
|
|
|
|
2
|
my %result; |
107
|
1
|
|
|
|
|
7
|
@result{qw(database host)} = split('@',$self->database); |
108
|
1
|
|
50
|
|
|
5
|
$result{host} ||= 'localhost'; |
109
|
|
|
|
|
|
|
# |
110
|
|
|
|
|
|
|
# Do what Lincoln didn't: |
111
|
1
|
|
|
|
|
5
|
$result{dblogin} = $self->dblogin; |
112
|
1
|
|
|
|
|
4
|
$result{dbpassword} = $self->dbpassword; |
113
|
|
|
|
|
|
|
# |
114
|
1
|
|
50
|
|
|
6
|
$result{usertable} = $u->{table} || 'users'; |
115
|
1
|
|
|
|
|
12
|
$result{grouptable} = $g->{table}; # no default |
116
|
1
|
|
50
|
|
|
8
|
$result{userfield} = $u->{uid} || $g->{uid} || 'users'; |
117
|
1
|
|
50
|
|
|
8
|
$result{groupuserfield} = $g->{uid} || $u->{uid} || 'users'; |
118
|
1
|
|
|
|
|
3
|
$result{groupfield} = $g->{group}; |
119
|
1
|
|
50
|
|
|
7
|
$result{passwdfield} = $u->{password} || 'password'; |
120
|
1
|
|
50
|
|
|
14
|
$result{userfield_len} = $u->{uid_len} || $u->{user_len} || 12; |
121
|
1
|
|
50
|
|
|
5
|
$result{groupfield_len} = $g->{group_len} || 20; |
122
|
1
|
|
33
|
|
|
11
|
$result{passwdfield_len}= $u->{password_len} || |
123
|
|
|
|
|
|
|
(lc($self->authentication) eq 'digest' ? 32 + 3 + length($self->name) + $result{userfield_len} : 13); |
124
|
1
|
|
|
|
|
16
|
return \%result; |
125
|
|
|
|
|
|
|
} |
126
|
|
|
|
|
|
|
|
127
|
|
|
|
|
|
|
sub connect { |
128
|
3
|
|
|
3
|
|
6
|
my $self = shift; |
129
|
3
|
|
|
|
|
16
|
my ($writable,$mode,$server) = rearrange([[qw(WRITABLE WRITE MODIFY)],qw(MODE SERVER)],@_); |
130
|
|
|
|
|
|
|
|
131
|
3
|
|
33
|
|
|
22
|
return new CGI::Builder::Auth::RealmManager(-realm => $self, |
|
|
|
50
|
|
|
|
|
132
|
|
|
|
|
|
|
-writable => $writable, |
133
|
|
|
|
|
|
|
'-mode' => $mode || $self->mode, |
134
|
|
|
|
|
|
|
'-server' => $server || $self->server || 'apache'); |
135
|
|
|
|
|
|
|
} |
136
|
|
|
|
|
|
|
|
137
|
|
|
|
|
|
|
# A utility routine |
138
|
|
|
|
|
|
|
sub split_parms { |
139
|
2
|
|
|
2
|
|
5
|
my($self,$j) = @_; |
140
|
2
|
|
|
|
|
31
|
my($junk,%p) = split(/\s*(\w+)=/,$j); |
141
|
2
|
|
|
|
|
8
|
foreach (keys %p) { |
142
|
6
|
|
|
|
|
21
|
$p{$_}=~s/^"//; |
143
|
6
|
|
|
|
|
17
|
$p{$_}=~s/"$//; |
144
|
6
|
100
|
|
|
|
25
|
if ($p{$_}=~/:[a-zA-Z]?(\d+)$/) { |
145
|
4
|
|
|
|
|
19
|
$p{$_}=$`; |
146
|
4
|
|
|
|
|
60
|
$p{"${_}_len"}=$1; |
147
|
|
|
|
|
|
|
} |
148
|
|
|
|
|
|
|
} |
149
|
2
|
|
|
|
|
10
|
\%p; |
150
|
|
|
|
|
|
|
} |
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------------------- |
153
|
|
|
|
|
|
|
package CGI::Builder::Auth::Realm; |
154
|
|
|
|
|
|
|
|
155
|
4
|
|
|
4
|
|
4597
|
use strict; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
155
|
|
156
|
4
|
|
|
4
|
|
20
|
use CGI::Builder::Auth::RealmManager; |
|
4
|
|
|
|
|
6
|
|
|
4
|
|
|
|
|
222
|
|
157
|
4
|
|
|
4
|
|
19
|
use Carp; |
|
4
|
|
|
|
|
19
|
|
|
4
|
|
|
|
|
4540
|
|
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
*dbm = \&connect; |
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
my %CACHE; |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
my %VALID_DIRECTIVES = ( |
164
|
|
|
|
|
|
|
'dblogin' =>1, |
165
|
|
|
|
|
|
|
'dbpassword' =>1, |
166
|
|
|
|
|
|
|
'users' =>1, # file or table of user/passwd info |
167
|
|
|
|
|
|
|
'groups' =>1, # file or table of user/group info |
168
|
|
|
|
|
|
|
'database' =>1, # database name (SQL only) |
169
|
|
|
|
|
|
|
'fields' =>1, # other fields (SQL only) |
170
|
|
|
|
|
|
|
'type' =>1, # db type (text|NDBM|DB|mSQL|SQL) |
171
|
|
|
|
|
|
|
'driver' =>1, # SQL db driver type [mSQL] |
172
|
|
|
|
|
|
|
'usertype' =>1, # override db type for users only |
173
|
|
|
|
|
|
|
'grouptype' =>1, # override db type for groups only |
174
|
|
|
|
|
|
|
'default' =>1, # set default realm |
175
|
|
|
|
|
|
|
'authentication' =>1, # authentication scheme (Basic|Digest) |
176
|
|
|
|
|
|
|
'server' =>1, # server type (Apache|NCSA|Netscape) |
177
|
|
|
|
|
|
|
'mode' =>1, # mode for newly-created text & DBM files |
178
|
|
|
|
|
|
|
'crypt' =>1, # override encryption, backward compatability only |
179
|
|
|
|
|
|
|
'userfile' =>1, # synonyms for backward compatability only |
180
|
|
|
|
|
|
|
'groupfile' =>1, # synonyms for backward compatability only |
181
|
|
|
|
|
|
|
); |
182
|
|
|
|
|
|
|
|
183
|
|
|
|
|
|
|
# Security realm parsing utility -- high level interface to Doug MacEachern's |
184
|
|
|
|
|
|
|
# HTTPD utilities. |
185
|
|
|
|
|
|
|
|
186
|
|
|
|
|
|
|
# Pass the location of the configuration file. |
187
|
|
|
|
|
|
|
sub new { |
188
|
3
|
|
|
3
|
1
|
36
|
my $class = shift; |
189
|
3
|
|
|
|
|
18
|
my ($config_file) = rearrange([[qw(CONFIG CONFIG_FILE)]],@_); |
190
|
|
|
|
|
|
|
|
191
|
3
|
100
|
66
|
|
|
32
|
if ($CACHE{$config_file} && -C $config_file == $CACHE{$config_file}{ctime}) { |
192
|
1
|
|
|
|
|
7
|
return $CACHE{$config_file}{obj}; |
193
|
|
|
|
|
|
|
} |
194
|
|
|
|
|
|
|
|
195
|
2
|
|
|
|
|
24
|
my $self = { config_file => $config_file, }; |
196
|
|
|
|
|
|
|
|
197
|
2
|
|
|
|
|
4
|
my($realm,$realm_name,$directive,$value,$default_realm,$first_realm); |
198
|
2
|
50
|
|
|
|
77
|
open(CONF,$config_file) || croak "Couldn't open $config_file: $!"; |
199
|
2
|
|
|
|
|
51
|
while () { |
200
|
94
|
|
|
|
|
97
|
chomp; |
201
|
94
|
|
|
|
|
106
|
s/\#.*$//; # get rid of all comments |
202
|
|
|
|
|
|
|
|
203
|
94
|
100
|
|
|
|
188
|
if (//i) { |
204
|
12
|
50
|
|
|
|
25
|
croak "Syntax error in $config_file, line $.: Missing directive.\n" |
205
|
|
|
|
|
|
|
if $realm; |
206
|
12
|
50
|
|
|
|
30
|
croak "Syntax error in $config_file, line $.: directive without realm name.\n" |
207
|
|
|
|
|
|
|
unless $1; |
208
|
12
|
|
|
|
|
38
|
$realm = new CGI::Builder::Auth::RealmDef($realm_name = $1); |
209
|
12
|
100
|
|
|
|
23
|
$first_realm = $realm unless $first_realm; |
210
|
12
|
|
|
|
|
45
|
next; |
211
|
|
|
|
|
|
|
} |
212
|
|
|
|
|
|
|
|
213
|
82
|
100
|
|
|
|
151
|
if (/<\/Realm\s*>/i) { |
214
|
12
|
50
|
|
|
|
21
|
croak "Syntax error in $config_file, line $.: seen without preceding directive.\n" |
215
|
|
|
|
|
|
|
unless $realm; |
216
|
12
|
50
|
33
|
|
|
28
|
croak "Incomplete definition for realm $realm. Need Users and Type directives at line $.\n" |
217
|
|
|
|
|
|
|
unless $realm->userdb && $realm->usertype; |
218
|
12
|
|
|
|
|
32
|
$self->{realms}->{$realm_name}=$realm; |
219
|
12
|
|
|
|
|
11
|
undef $realm; |
220
|
12
|
|
|
|
|
13
|
undef $realm_name; |
221
|
12
|
|
|
|
|
58
|
next; |
222
|
|
|
|
|
|
|
} |
223
|
|
|
|
|
|
|
|
224
|
70
|
100
|
|
|
|
306
|
next unless ($directive,$value) = /(\w+)\s*(.*)/; |
225
|
60
|
50
|
|
|
|
182
|
croak "Syntax error in $config_file, line $.: $directive directive without preceding tag.\n" |
226
|
|
|
|
|
|
|
unless $realm; |
227
|
|
|
|
|
|
|
|
228
|
60
|
|
|
|
|
69
|
$directive=~tr/A-Z/a-z/; |
229
|
60
|
50
|
|
|
|
139
|
croak "Unknown directive \"$directive\" at line $.\n" |
230
|
|
|
|
|
|
|
unless $VALID_DIRECTIVES{$directive}; |
231
|
|
|
|
|
|
|
|
232
|
60
|
50
|
|
|
|
140
|
$realm->{$directive} = $directive =~ /file/ ? untaint($value) : $value; |
233
|
60
|
100
|
|
|
|
186
|
if ($directive eq 'default') { |
234
|
2
|
50
|
|
|
|
7
|
croak "More than one Default directive defined at $config_file, line $.\n" |
235
|
|
|
|
|
|
|
if $default_realm; |
236
|
2
|
|
|
|
|
13
|
$default_realm = $realm_name; |
237
|
|
|
|
|
|
|
} |
238
|
|
|
|
|
|
|
|
239
|
|
|
|
|
|
|
} |
240
|
2
|
|
|
|
|
18
|
close CONF; |
241
|
|
|
|
|
|
|
|
242
|
2
|
|
33
|
|
|
8
|
$self->{default_realm}=$default_realm || $first_realm; |
243
|
2
|
|
|
|
|
563
|
bless $self,$class; |
244
|
2
|
|
|
|
|
32
|
$CACHE{$config_file}{ctime} = -C $config_file; |
245
|
2
|
|
|
|
|
11
|
return $CACHE{$config_file}{obj} = $self; |
246
|
|
|
|
|
|
|
} |
247
|
|
|
|
|
|
|
|
248
|
|
|
|
|
|
|
sub connect { |
249
|
2
|
|
|
2
|
1
|
3
|
my $self = shift; |
250
|
2
|
|
|
|
|
11
|
my ($writable,$realm,$mode) = rearrange([[qw(WRITABLE WRITE MODIFY)],qw(REALM MODE)],@_); |
251
|
2
|
|
|
|
|
8
|
my $r = $self->realm($realm); |
252
|
2
|
50
|
|
|
|
7
|
die "Unknown realm $realm" unless ref($r); |
253
|
2
|
|
|
|
|
2
|
my(@p); |
254
|
2
|
100
|
|
|
|
6
|
push(@p,'-writable'=>$writable) if $writable; |
255
|
2
|
50
|
|
|
|
5
|
push(@p,'-mode'=>$mode) if $mode; |
256
|
2
|
|
|
|
|
6
|
return $r->connect(@p); |
257
|
|
|
|
|
|
|
} |
258
|
|
|
|
|
|
|
|
259
|
|
|
|
|
|
|
sub exists { |
260
|
0
|
|
|
0
|
1
|
0
|
my $self = shift; |
261
|
0
|
|
|
|
|
0
|
my ($realm) = rearrange(['REALM'],@_); |
262
|
0
|
|
|
|
|
0
|
return defined($self->{realms}->{$realm}); |
263
|
|
|
|
|
|
|
} |
264
|
|
|
|
|
|
|
|
265
|
|
|
|
|
|
|
sub list { |
266
|
0
|
|
|
0
|
1
|
0
|
my $self = shift; |
267
|
0
|
|
|
|
|
0
|
return sort keys %{$self->{realms}}; |
|
0
|
|
|
|
|
0
|
|
268
|
|
|
|
|
|
|
} |
269
|
|
|
|
|
|
|
|
270
|
|
|
|
|
|
|
sub realm { |
271
|
6
|
|
|
6
|
1
|
11
|
my $self = shift; |
272
|
6
|
|
|
|
|
27
|
my ($realm) = rearrange(['REALM'],@_); |
273
|
6
|
|
33
|
|
|
19
|
$realm ||= $self->{default_realm}; |
274
|
6
|
|
|
|
|
24
|
return $self->{realms}->{$realm}; |
275
|
|
|
|
|
|
|
} |
276
|
|
|
|
|
|
|
|
277
|
|
|
|
|
|
|
sub untaint { |
278
|
0
|
|
|
0
|
0
|
|
my $taint = shift; |
279
|
0
|
0
|
0
|
|
|
|
croak('Relative paths are not allowed in password and/or group file definitions') |
280
|
|
|
|
|
|
|
if $taint =~ /\.\./ or $taint !~ m|^/|; |
281
|
0
|
|
|
|
|
|
$taint =~ m!(/[a-zA-Z/0-9._-]+)!; |
282
|
0
|
|
|
|
|
|
return $1; |
283
|
|
|
|
|
|
|
} |
284
|
|
|
|
|
|
|
|
285
|
|
|
|
|
|
|
sub DESTROY { |
286
|
0
|
|
|
0
|
|
|
my $self = shift; |
287
|
|
|
|
|
|
|
} |
288
|
|
|
|
|
|
|
|
289
|
|
|
|
|
|
|
|
290
|
|
|
|
|
|
|
1; |
291
|
|
|
|
|
|
|
|
292
|
|
|
|
|
|
|
__END__ |