ServerName ht2.dev ServerAdmin wsl_research@websense.com DocumentRoot /var/www/html/ht2 Alias /js /var/www/html/js Alias /images /var/www/html/images Alias /ht2 /var/www/html/ht2 LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so PerlModule Apache2::Reload PerlInitHandler Apache2::Reload PerlModule ModPerl::Registry PerlModule WSL::AuthCookie PerlSetVar AuthCookieDebug 3 PerlSetVar CCAPAuthPath / PerlSetVar CCAPAuthLoginScript /login.cgi AuthName CCAPAuth AuthType WSL::AuthCookie SetHandler perl-script Options +ExecCGI PerlOptions +GlobalRequest +ParseHeaders PerlAuthenHandler WSL::AuthCookie->authenticate PerlAuthzHandler WSL::AuthCookie->authorize Require valid-user AuthName CCAPAuth AuthType WSL::AuthCookie PerlResponseHandler WSL::AuthCookie->login SetHandler perl-script Options +ExecCGI PerlOptions +GlobalRequest +ParseHeaders CustomLog /var/log/apache2/ht2-access.log combined ErrorLog /var/log/apache2/ht2-error.log #### package WSL::AuthCookie; use strict; use warnings; use Carp qw(carp confess); #use CGI; use Data::Dumper; use Net::LDAP; use WSL::Proxy; use Digest::MD5 qw(md5_hex); use Apache2::RequestRec; #use Apache2::Const qw(:common HTTP_FORBIDDEN); use base "Apache2::AuthCookie"; my $cycle = 300; my $secret = "STRbjLab"; sub authen_cred { my ($this, $r, @creds) = @_; carp Dumper(@creds); if ($this->is_authenticated($r, @creds) && $this->is_authorized($r, @creds)) { return $this->make_ticket($r, $creds[0]); } return; } sub authen_ses_key { my ($this, $r, $key) = @_; my $user = $this->check_ticket($r, $key); return $user if $user; return; } # Session summary -- $secret:$username:$expire # Session signatur -- md5_hex(Session summary) # Session key -- join ":", $user, $expire, $signature sub make_ticket { my ($this, $r, $user) = @_; my $expires = time() + $cycle; my $signature = md5_hex("$secret:$user:$expires"); my $key = join(":", $user, $expires, $signature); return $key; } sub check_ticket { my ($this, $r, $key) = @_; my ($user, $expires, $signature) = split(":", $key); my $hash = md5_hex("$secret:$user:$expires"); return undef if $signature ne $hash or $expires < time(); return $user; } #### #!/usr/bin/perl # Render the login form use strict; use warnings; use Carp qw|carp confess|; use Data::Dumper; use Apache2::RequestUtil; my $r; eval{$r = Apache2::RequestUtil->request;} || confess $@; my $prev = $r->prev; my $uri = $prev->uri; my $args = $prev->args; $uri .= "?$args" if $args; my $reason = $prev->subprocess_env('AuthCookieReason'); my $error = ""; if ($reason) { my $details; if ($reason eq "no_cookie") { $details = ""; } elsif ($reason eq "bad_cookie") { $details = "The cookie you presented is invalid. You must login again!"; } elsif ($reason eq "bad_credentials") { $details = "Invalid Username/Password"; } else { $details = $reason; } $error = << "__REASON__";
$details
__REASON__ } print "content-type: text/html\n\n"; my $login_form = << "__LOGIN__"; HT2 - Login
$error
__LOGIN__ print $login_form;