Re: Apache::AuthenCache for mod_perl 1.99

2004-09-13 Thread Stas Bekman 
Dan Sully wrote:
I've made a quick port of this to mod_perl 1.99 - surprised to not see 
it already.

Attached a diff and the full module.
-D

# $Id: AuthenCache.pm,v 1.6 2001/01/03 19:17:56 cgilmore Exp $
#
# Author  : Jason Bodnar, Christian Gilmore
Dan, you probably want to CC the authors, in case they are not listening 
here... so it'll end up on CPAN... Thanks.

--
__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Apache::AuthenCache for mod_perl 1.99

2004-09-13 Thread Dan Sully 
* Stas Bekman <[EMAIL PROTECTED]> shaped the electrons to say...
Dan, you probably want to CC the authors, in case they are not listening 
here... so it'll end up on CPAN... Thanks.
Already done - we'll see if they're listening elsewhere.
-D
--
"A good messenger expects to get shot." --Larry Wall
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Apache::AuthenCache for mod_perl 1.99

2004-09-13 Thread John D Groenveld 
In message <[EMAIL PROTECTED]>, Dan Sully writes:
>I've made a quick port of this to mod_perl 1.99 - surprised to not see it alre
>ady.

One of the reasons I haven't released the Apache::AuthenURL for mod_perl2 
is because I haven't figured out how best to distribute my AuthenCache
which is a rewrite of Jason and Chris's code for mp2 stacked handlers.

Adding mp2 support to the mp1 code was giving me headaches so I started
from scratch.

Perhaps I should clean it up and ship it as Apache::AuthenURL::AuthenCache ?

John
[EMAIL PROTECTED]

package Apache::AuthenCache;

use strict;

use mod_perl;
use Apache::Log;
use Apache::Status;
use Apache::Access;
use Apache::Const -compile => qw(HTTP_UNAUTHORIZED OK DECLINED DONE);
use Apache::Module;
use Apache::RequestRec;
use Apache::RequestUtil;
use APR::Table;

use Cache::SharedMemoryCache;
use Date::Format;

use vars qw($VERSION);

my $prefix = "Apache::AuthenCache";
$VERSION = '2.00';

my(%ConfigDefaults) = (
AuthenCache_Encrypted => 'on',
AuthenCache_CacheTime => 'never',
);


sub handler {
my($r) = @_;

return Apache::OK unless $r->is_initial_req;
 
my($status, $password) = $r->get_basic_auth_pw;
return $status unless $status == Apache::OK;
 
my $auth_name = $r->auth_name;

my $attribute = {};
while(my($key, $value) = each %ConfigDefaults) {
$value = $r->dir_config($key) || $value;
$key =~ s/^AuthenCache_//;
$attribute->{$key} = lc $value;
}

my $cache = new Cache::SharedMemoryCache(
{ namespace => $auth_name },
default_expires_in => $attribute->{CacheTime},
);

my $user = $r->user;

if (my $cached_password = $cache->get($user)) {
$r->log->debug($prefix, "::handler: using cached password for $user");

if ($attribute->{Encrypted} eq 'on') {
$r->log->debug($prefix, "::handler: encrypting password");
my $salt = substr($cached_password, 0, 2);
$password = crypt($password, $salt);
}

if ($password eq $cached_password) {
return Apache::OK;
}
else {
$r->note_basic_auth_failure;
return Apache::HTTP_UNAUTHORIZED;
}
}
$r->push_handlers(PerlFixupHandler => \&manage_cache);
return Apache::DECLINED;
}

sub manage_cache {
my($r) = @_;

my($status, $password) = $r->get_basic_auth_pw;

my $attribute = {};
while(my($key, $value) = each %ConfigDefaults) {
$value = $r->dir_config($key) || $value;
$key =~ s/^AuthenCache_//;
$attribute->{$key} = $value;
}

my $user = $r->user;

my $auth_name = $r->auth_name;

if ($attribute->{Encrypted} eq 'on') {
$r->log->debug($prefix, "::manage_cache: encrypted password");
my @alphabet = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/');
my $salt = join ('', @alphabet[rand (64), rand (64)]);
$password = crypt($password, $salt);
}

my $cache = new Cache::SharedMemoryCache(
{ namespace => $auth_name },
default_expires_in => $attribute->{CacheTime},
);

$cache->purge;

$cache->set($user, $password, $attribute->{CacheTime});

$r->log->debug($prefix, "::manage_cache: storing user:", $user);

return Apache::OK;
}

Apache::Status->menu_item(
$prefix => "Authentication Cache",
sub {
my $caches = new Cache::SharedMemoryCache;
my(@s) = "";
foreach my $namespace ($caches->get_namespaces) {
my $cache = new Cache::SharedMemoryCache({namespace => $namespace});
push @s, "$namespace";
push @s, "";
push @s, "UsernameCreated AtExpires 
At";
foreach my $username ($cache->get_keys) {
my $user = $cache->get_object($username);
my $created_at = ctime $user->get_created_at;
my $expires_at = ($user->get_expires_at eq "never") ? "NEVER" :
 ctime $user->get_expires_at;
push @s, "$username", $created_at,
 "", $expires_at, "";
}
push @s, "";
}
push @s, "";
return [EMAIL PROTECTED];
},
) if Apache::Module::loaded('Apache::Status');

1;

__END__

=head1 NAME

Apache::AuthenCache - Authentication caching used in conjuction
with a primary authentication module (eg Apache::AuthenURL) and
mod_perl2

=head1 SYNOPSIS

 # In your httpd.conf
 PerlModule Apache::AuthenCache

 # In httpd.conf or .htaccess:
 AuthName Name
 AuthType Basic

 PerlAuthenHandler Apache::AuthenCache 
 
 require valid-user

 # Optional parameters
 PerlSetVar AuthenCache_CacheTime 900 # Default: indefinite
 PerlSetVar AuthenCache_Encrypted Off # Default: On

=head1 DESCRIPTION

B implements a caching mechanism in order to
speed up authentication and to reduce the usage of system
resources. It must be used in conjunction with a regular mod_perl2
authentication module. It was designed