File Coverage

blib/lib/Apache/DBILogin.pm

Criterion	Covered	Total	%
statement	11	13	84.6
branch			n/a
condition	1	2	50.0
subroutine	4	4	100.0
pod			n/a
total	16	19	84.2

line	stmt	cond	sub	time	code
1					package Apache::DBILogin;
2
3	1		1	35350	use strict;
	1			3
	1			43
4
5	1		1	6	use vars qw($VERSION);
	1			2
	1			77
6					$VERSION = '2.06';
7
8					# setting the constants to help identify which version of mod_perl
9					# is installed
10	1	50	1	5	use constant MP2 => eval { require mod_perl2; 1 } \|\| 0;
	1			7
	1			1
11
12					# test for the version of mod_perl, and use the appropriate libraries
13					BEGIN {
14	1		1	3	if (MP2) {
15					require Apache2::Access;
16					require Apache2::Connection;
17					require Apache2::Const;
18					require Apache2::Log;
19					require Apache2::RequestRec;
20					require Apache2::RequestUtil;
21					require APR::Table;
22					Apache2::Const->import(-compile => 'HTTP_FORBIDDEN', 'HTTP_UNAUTHORIZED',
23					'HTTP_INTERNAL_SERVER_ERROR', 'OK');
24					} else {
25	1			4337	require mod_perl;
26	0				require Apache::Constants;
27	0				Apache::Constants->import('HTTP_FORBIDDEN', 'HTTP_UNAUTHORIZED',
28					'HTTP_INTERNAL_SERVER_ERROR', 'OK');
29					}
30					}
31
32					use DBI;
33
34					my(%Config) = (
35					'Auth_DBI_data_source' => '',
36					'Auth_DBI_authz_command' => '',
37					'DBILogin_Oracle_authz_command' => '',
38					);
39					my $prefix = "Apache::DBILogin";
40
41					sub authen {
42					my $r = shift @_;
43
44					my ($res, $sent_pwd) = $r->get_basic_auth_pw;
45					return $res if ( $res ); #decline if not Basic
46
47					return (MP2 ? Apache2::Const::OK : Apache::Constants::OK)
48					unless $r->is_initial_req;
49
50					my($key,$val);
51					my $attr = {};
52					while(($key,$val) = each %Config) {
53					$val = $r->dir_config($key) \|\| $val;
54					$key =~ s/^Auth_DBI_//;
55					$attr->{$key} = $val;
56					}
57
58					return test_authen($r, $attr, $sent_pwd);
59					}
60
61					sub test_authen {
62					my($r, $attr, $sent_pwd) = @_;
63
64					my $user = MP2 ? $r->user : $r->connection->user;
65
66					unless ( $attr->{data_source} ) {
67					$r->log_reason("$prefix is missing the source parameter for database connect", $r->uri);
68					return MP2 ? Apache2::Const::HTTP_INTERNAL_SERVER_ERROR : Apache::Constants::HTTP_INTERNAL_SERVER_ERROR;
69					}
70
71					my $dbh = DBI->connect($attr->{data_source}, $user, $sent_pwd, { AutoCommit=>0, RaiseError=>0 });
72					unless( defined $dbh ) {
73					$r->log_reason("user $user: $DBI::errstr", $r->uri);
74					$r->note_basic_auth_failure;
75					return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
76					}
77
78					# to be removed in next version
79					if ( $attr->{authz_command} ) {
80					unless( defined ($dbh->do($attr->{authz_command})) ) {
81					$r->log_reason("user $user: $DBI::errstr", $r->uri);
82					$r->note_basic_auth_failure;
83					return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
84					}
85					}
86
87					$dbh->disconnect;
88					$r->headers_in->{'Modperl_DBILogin_Password'} = $sent_pwd;
89					$r->headers_in->{'Modperl_Password'} = $sent_pwd;
90					$r->headers_in->{'Modperl_DBILogin_data_source'} = $attr->{data_source};
91					return MP2 ? Apache2::Const::OK : Apache::Constants::OK;
92					}
93
94					sub authz {
95					my $r = shift @_;
96
97					my ($res, $sent_pwd) = $r->get_basic_auth_pw;
98					return $res if ( $res ); #decline if not Basic
99
100					return (MP2 ? Apache2::Const::OK : Apache::Constants::OK)
101					unless $r->is_initial_req;
102
103					my $user = MP2 ? $r->user : $r->connection->user;
104
105					my($key,$val);
106					my $attr = {};
107					while(($key,$val) = each %Config) {
108					$val = $r->dir_config($key) \|\| $val;
109					$key =~ s/^Auth_DBI_//;
110					$attr->{$key} = $val;
111					}
112
113					return test_authz($r, $attr, $sent_pwd);
114					}
115
116					sub test_authz {
117					my($r, $attr, $sent_pwd) = @_;
118
119					my $user = MP2 ? $r->user : $r->connection->user;
120
121					unless ( $attr->{data_source} ) {
122					$r->log_reason("$prefix is missing the source parameter for database connect", $r->uri);
123					return MP2 ? Apache2::Const::HTTP_INTERNAL_SERVER_ERROR : Apache::Constants::HTTP_INTERNAL_SERVER_ERROR;
124					}
125
126					my $dbh = DBI->connect($attr->{data_source}, $user, $sent_pwd, {AutoCommit=>0, RaiseError=>0});
127					unless( defined $dbh ) {
128					$r->log_reason("user $user: $DBI::errstr", $r->uri);
129					return MP2 ? Apache2::Const::HTTP_INTERNAL_SERVER_ERROR : Apache::Constants::HTTP_INTERNAL_SERVER_ERROR;
130					}
131
132					my $authz_result = MP2 ? Apache2::Const::HTTP_FORBIDDEN : Apache::Constants::HTTP_FORBIDDEN;
133					my $sth;
134					foreach my $requirement ( @{$r->requires} ) {
135					my $require = $requirement->{requirement};
136					if ( $require eq "valid-user" ) {
137					$authz_result = MP2 ? Apache2::Const::OK : Apache::Constants::OK;
138					} elsif ( $require =~ s/^user\s+// ) {
139					foreach my $valid_user (split /\s+/, $require) {
140					if ( $user eq $valid_user ) {
141					$authz_result = MP2 ? Apache2::Const::OK : Apache::Constants::OK;
142					last;
143					}
144					}
145					if ( $authz_result != (MP2 ? Apache2::Const::OK : Apache::Constants::OK) ) {
146					my $explaination = <
147
148					Unauthorized
149
150					Unauthorized
151					User must be one of these required users: $require
152
153
154					END
155					$r->custom_response(MP2 ? Apache2::Const::HTTP_FORBIDDEN : Apache::Constants::HTTP_FORBIDDEN, $explaination);
156					$r->log_reason("user $user: not authorized", $r->uri);
157					}
158					} elsif ( $require =~ s/^group\s+// ) {
159					foreach my $group (split /\s+/, $require) {
160					$authz_result = is_member($r, $dbh, $group);
161					last if ( $authz_result == (MP2 ? Apache2::Const::OK : Apache::Constants::OK) );
162					if ( $authz_result == (MP2 ? Apache2::Const::HTTP_INTERNAL_SERVER_ERROR : Apache::Constants::HTTP_INTERNAL_SERVER_ERROR) ) {
163					$r->log_reason("user $user: $@", $r->uri);
164					return MP2 ? Apache2::Const::HTTP_INTERNAL_SERVER_ERROR : Apache::Constants::HTTP_INTERNAL_SERVER_ERROR;
165					}
166					}
167					if ( $authz_result == (MP2 ? Apache2::Const::HTTP_FORBIDDEN : Apache::Constants::HTTP_FORBIDDEN) ) {
168					my $explaination = <
169
170					Unauthorized
171
172					Unauthorized
173					User must be member of one of these required groups: $require
174
175
176					END
177					$r->custom_response(MP2 ? Apache2::Const::HTTP_FORBIDDEN : Apache::Constants::HTTP_FORBIDDEN, $explaination);
178					$r->log_reason("user $user: not authorized", $r->uri);
179					}
180					}
181					}
182
183					$dbh->disconnect;
184					return $authz_result;
185					}
186
187					1;
188
189					__END__

File Coverage

Unauthorized

Unauthorized