diff options
author | Jérémy Bobbio <lunar@debian.org> | 2009-04-30 00:21:37 +0200 |
---|---|---|
committer | Jérémy Bobbio <lunar@debian.org> | 2009-04-30 00:21:37 +0200 |
commit | 0a6879a1398369093ee92ae66dce33a66cd28aa4 (patch) | |
tree | e90bebd37baea72e90883874dc87a1eab955f789 /doc/plugins/passwordauth | |
parent | 22421218d2bd976d3b634f1d9f2ba743420add3b (diff) |
passwordauth/discussion: Document an attempt of using Apache::AuthenHook for a restricted wiki
Diffstat (limited to 'doc/plugins/passwordauth')
-rw-r--r-- | doc/plugins/passwordauth/discussion.mdwn | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/doc/plugins/passwordauth/discussion.mdwn b/doc/plugins/passwordauth/discussion.mdwn index 672970c21..0fe70de5f 100644 --- a/doc/plugins/passwordauth/discussion.mdwn +++ b/doc/plugins/passwordauth/discussion.mdwn @@ -77,3 +77,75 @@ as the script handler, or only on `mod_perl` to be installed and loaded. * [http://www.openfusion.com.au/labs/mod_auth_tkt/](mod_auth_tkt) along with CPAN's `Apache::AuthTkt` --[[intrigeri]] + + I've more or less managed to implement something based on `mod_perl` and + `Apache::AuthenHook`, respectively in Debian packages `libapache2-mod-perl2` + and `libapache-authenhook-perl`. + + In the Apache VirtualHost configuration, I have added the following: + + PerlLoadModule Apache::AuthenHook + PerlModule My::IkiWikiBasicProvider + + <Location /test/> + AuthType Basic + AuthName "wiki" + AuthBasicProvider My::IkiWikiBasicProvider + Require valid-user + ErrorDocument 401 /test/ikiwiki.cgi?do=signin + </Location> + <LocationMatch "^/test/(ikiwiki\.cgi$|.*\.css$|wikiicons/)"> + Satisfy any + </LocationMatch> + + The perl module lies in `/etc/apache2/My/IkiWikiBasicProvider.pm`: + + package My::IkiWikiBasicProvider; + + use warnings; + use strict; + use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED); + use Storable; + use Authen::Passphrase; + + sub userinfo_retrieve () { + my $userinfo=eval{ Storable::lock_retrieve("/var/lib/ikiwiki/test/.ikiwiki/userdb") }; + return $userinfo; + } + + sub handler { + my ($r, $user, $password) = @_; + my $field = "password"; + + if (! defined $password || ! length $password) { + return Apache2::Const::DECLINED; + } + my $userinfo = userinfo_retrieve(); + if (! length $user || ! defined $userinfo || + ! exists $userinfo->{$user} || ! ref $userinfo->{$user}) { + return Apache2::Const::DECLINED; + } + my $ret=0; + if (exists $userinfo->{$user}->{"crypt".$field}) { + error $@ if $@; + my $p = Authen::Passphrase->from_crypt($userinfo->{$user}->{"crypt".$field}); + $ret=$p->match($password); + } + elsif (exists $userinfo->{$user}->{$field}) { + $ret=$password eq $userinfo->{$user}->{$field}; + } + if ($ret) { + return Apache2::Const::OK; + } + return Apache2::Const::DECLINED; + } + + 1; + + This setup also allows people with the master password to create their own + account. + + I'm not really fluent in Perl, and all this can probably be improved (*or + might destroy your computer as it is* and YMMV). + + -- [[Lunar]] |