<VirtualHost ht2.dev>
ServerName ht2.dev
ServerAdmin wsl_research@websense.com
DocumentRoot /var/www/html/ht2
Alias /js /var/www/html/js
Alias /images /var/www/html/images
Alias /ht2 /var/www/html/ht2
LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so
PerlModule Apache2::Reload
PerlInitHandler Apache2::Reload
PerlModule ModPerl::Registry
PerlModule WSL::AuthCookie
PerlSetVar AuthCookieDebug 3
PerlSetVar CCAPAuthPath /
PerlSetVar CCAPAuthLoginScript /login.cgi
<Location /ht2>
AuthName CCAPAuth
AuthType WSL::AuthCookie
SetHandler perl-script
Options +ExecCGI
PerlOptions +GlobalRequest +ParseHeaders
PerlAuthenHandler WSL::AuthCookie->authenticate
PerlAuthzHandler WSL::AuthCookie->authorize
Require valid-user
</Location>
<Files LOGIN>
AuthName CCAPAuth
AuthType WSL::AuthCookie
PerlResponseHandler WSL::AuthCookie->login
SetHandler perl-script
Options +ExecCGI
PerlOptions +GlobalRequest +ParseHeaders
</Files>
CustomLog /var/log/apache2/ht2-access.log combined
ErrorLog /var/log/apache2/ht2-error.log
</VirtualHost>
And I create the subclass of Apache2::AuthCookie by override its methods of authen_cred and anthen_ses_key.
package WSL::AuthCookie;
use strict;
use warnings;
use Carp qw(carp confess);
#use CGI;
use Data::Dumper;
use Net::LDAP;
use WSL::Proxy;
use Digest::MD5 qw(md5_hex);
use Apache2::RequestRec;
#use Apache2::Const qw(:common HTTP_FORBIDDEN);
use base "Apache2::AuthCookie";
my $cycle = 300;
my $secret = "STRbjLab";
sub authen_cred
{
my ($this, $r, @creds) = @_;
carp Dumper(@creds);
if ($this->is_authenticated($r, @creds)
&& $this->is_authorized($r, @creds))
{
return $this->make_ticket($r, $creds[0]);
}
return;
}
sub authen_ses_key
{
my ($this, $r, $key) = @_;
my $user = $this->check_ticket($r, $key);
return $user if $user;
return;
}
# Session summary -- $secret:$username:$expire
# Session signatur -- md5_hex(Session summary)
# Session key -- join ":", $user, $expire, $signature
sub make_ticket
{
my ($this, $r, $user) = @_;
my $expires = time() + $cycle;
my $signature = md5_hex("$secret:$user:$expires");
my $key = join(":", $user, $expires, $signature);
return $key;
}
sub check_ticket
{
my ($this, $r, $key) = @_;
my ($user, $expires, $signature) = split(":", $key);
my $hash = md5_hex("$secret:$user:$expires");
return undef if $signature ne $hash
or $expires < time();
return $user;
}
Then I write a login script to generate the login html.
#!/usr/bin/perl
# Render the login form
use strict;
use warnings;
use Carp qw|carp confess|;
use Data::Dumper;
use Apache2::RequestUtil;
my $r;
eval{$r = Apache2::RequestUtil->request;} || confess $@;
my $prev = $r->prev;
my $uri = $prev->uri;
my $args = $prev->args;
$uri .= "?$args" if $args;
my $reason = $prev->subprocess_env('AuthCookieReason');
my $error = "";
if ($reason)
{
my $details;
if ($reason eq "no_cookie")
{
$details = "";
}
elsif ($reason eq "bad_cookie")
{
$details = "The cookie you presented is invalid. You must logi
+n again!";
}
elsif ($reason eq "bad_credentials")
{
$details = "Invalid Username/Password";
}
else
{
$details = $reason;
}
$error = << "__REASON__";
<div class="alert alert-error">
$details
</div>
__REASON__
}
print "content-type: text/html\n\n";
my $login_form = << "__LOGIN__";
<!DOCTYPE html>
<html>
<head>
<title>HT2 - Login</title>
<link href="/login.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="container">
$error
<div class="modal">
<div class="modal-header" style="text-align:center">
<img width="350px" height="86px" src="img/security_labs_logo
+_350.png"/>
</div>
<form class="form-horizontal" method="POST" action="/login">
<fieldset>
<div class="modal-body">
<div class="control-group">
<label class="control-label" for="username">Username:<
+/label>
<div class="controls">
<input class="input" id="username" name="credential_
+0" autofocus="autofocus" type="text">
</div>
</div>
<div class="control-group">
<label class="control-label" for="password">Password:<
+/label>
<div class="controls">
<input class="input" id="password" name="credential_
+1" type="password">
</div>
</div>
<div class="hidden">
<input class="input" id="destination" name="destinatio
+n" type="text" value="$uri">
</div>
</div>
</fieldset>
<div class="modal-footer">
<button type="submit" class="btn btn-primary">
<i class="icon-lock icon-white"></i>
Login
</button>
</div>
</form>
</div>
</div>
</body>
</html>
__LOGIN__
print $login_form;
But after all these efforts I just get a error. Annoying!
Anything wrong???
Any ideas??? |