In message <[EMAIL PROTECTED]>, Dan Sully writes:
>I've made a quick port of this to mod_perl 1.99 - surprised to not see it alre
>ady.
One of the reasons I haven't released the Apache::AuthenURL for mod_perl2
is because I haven't figured out how best to distribute my AuthenCache
which is a rewrite of Jason and Chris's code for mp2 stacked handlers.
Adding mp2 support to the mp1 code was giving me headaches so I started
from scratch.
Perhaps I should clean it up and ship it as Apache::AuthenURL::AuthenCache ?
John
[EMAIL PROTECTED]
package Apache::AuthenCache;
use strict;
use mod_perl;
use Apache::Log;
use Apache::Status;
use Apache::Access;
use Apache::Const -compile => qw(HTTP_UNAUTHORIZED OK DECLINED DONE);
use Apache::Module;
use Apache::RequestRec;
use Apache::RequestUtil;
use APR::Table;
use Cache::SharedMemoryCache;
use Date::Format;
use vars qw($VERSION);
my $prefix = "Apache::AuthenCache";
$VERSION = '2.00';
my(%ConfigDefaults) = (
AuthenCache_Encrypted => 'on',
AuthenCache_CacheTime => 'never',
);
sub handler {
my($r) = @_;
return Apache::OK unless $r->is_initial_req;
my($status, $password) = $r->get_basic_auth_pw;
return $status unless $status == Apache::OK;
my $auth_name = $r->auth_name;
my $attribute = {};
while(my($key, $value) = each %ConfigDefaults) {
$value = $r->dir_config($key) || $value;
$key =~ s/^AuthenCache_//;
$attribute->{$key} = lc $value;
}
my $cache = new Cache::SharedMemoryCache(
{ namespace => $auth_name },
default_expires_in => $attribute->{CacheTime},
);
my $user = $r->user;
if (my $cached_password = $cache->get($user)) {
$r->log->debug($prefix, "::handler: using cached password for $user");
if ($attribute->{Encrypted} eq 'on') {
$r->log->debug($prefix, "::handler: encrypting password");
my $salt = substr($cached_password, 0, 2);
$password = crypt($password, $salt);
}
if ($password eq $cached_password) {
return Apache::OK;
}
else {
$r->note_basic_auth_failure;
return Apache::HTTP_UNAUTHORIZED;
}
}
$r->push_handlers(PerlFixupHandler => \&manage_cache);
return Apache::DECLINED;
}
sub manage_cache {
my($r) = @_;
my($status, $password) = $r->get_basic_auth_pw;
my $attribute = {};
while(my($key, $value) = each %ConfigDefaults) {
$value = $r->dir_config($key) || $value;
$key =~ s/^AuthenCache_//;
$attribute->{$key} = $value;
}
my $user = $r->user;
my $auth_name = $r->auth_name;
if ($attribute->{Encrypted} eq 'on') {
$r->log->debug($prefix, "::manage_cache: encrypted password");
my @alphabet = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/');
my $salt = join ('', @alphabet[rand (64), rand (64)]);
$password = crypt($password, $salt);
}
my $cache = new Cache::SharedMemoryCache(
{ namespace => $auth_name },
default_expires_in => $attribute->{CacheTime},
);
$cache->purge;
$cache->set($user, $password, $attribute->{CacheTime});
$r->log->debug($prefix, "::manage_cache: storing user:", $user);
return Apache::OK;
}
Apache::Status->menu_item(
$prefix => "Authentication Cache",
sub {
my $caches = new Cache::SharedMemoryCache;
my(@s) = "";
foreach my $namespace ($caches->get_namespaces) {
my $cache = new Cache::SharedMemoryCache({namespace => $namespace});
push @s, "$namespace";
push @s, "";
push @s, "UsernameCreated AtExpires
At";
foreach my $username ($cache->get_keys) {
my $user = $cache->get_object($username);
my $created_at = ctime $user->get_created_at;
my $expires_at = ($user->get_expires_at eq "never") ? "NEVER" :
ctime $user->get_expires_at;
push @s, "$username", $created_at,
"", $expires_at, "";
}
push @s, "";
}
push @s, "";
return [EMAIL PROTECTED];
},
) if Apache::Module::loaded('Apache::Status');
1;
__END__
=head1 NAME
Apache::AuthenCache - Authentication caching used in conjuction
with a primary authentication module (eg Apache::AuthenURL) and
mod_perl2
=head1 SYNOPSIS
# In your httpd.conf
PerlModule Apache::AuthenCache
# In httpd.conf or .htaccess:
AuthName Name
AuthType Basic
PerlAuthenHandler Apache::AuthenCache
require valid-user
# Optional parameters
PerlSetVar AuthenCache_CacheTime 900 # Default: indefinite
PerlSetVar AuthenCache_Encrypted Off # Default: On
=head1 DESCRIPTION
B implements a caching mechanism in order to
speed up authentication and to reduce the usage of system
resources. It must be used in conjunction with a regular mod_perl2
authentication module. It was designed