HT2 - Login

ServerName ht2.dev ServerAdmin wsl_research@websense.com DocumentRoot /var/www/html/ht2 Alias /js /var/www/html/js Alias /images /var/www/html/images Alias /ht2 /var/www/html/ht2 LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so PerlModule Apache2::Reload PerlInitHandler Apache2::Reload PerlModule ModPerl::Registry PerlModule WSL::AuthCookie PerlSetVar AuthCookieDebug 3 PerlSetVar CCAPAuthPath / PerlSetVar CCAPAuthLoginScript /login.cgi AuthName CCAPAuth AuthType WSL::AuthCookie SetHandler perl-script Options +ExecCGI PerlOptions +GlobalRequest +ParseHeaders PerlAuthenHandler WSL::AuthCookie->authenticate PerlAuthzHandler WSL::AuthCookie->authorize Require valid-user AuthName CCAPAuth AuthType WSL::AuthCookie PerlResponseHandler WSL::AuthCookie->login SetHandler perl-script Options +ExecCGI PerlOptions +GlobalRequest +ParseHeaders CustomLog /var/log/apache2/ht2-access.log combined ErrorLog /var/log/apache2/ht2-error.log ##

##

package WSL::AuthCookie;

use strict;
use warnings;

use Carp qw(carp confess);
#use CGI;
use Data::Dumper;
use Net::LDAP;
use WSL::Proxy;
use Digest::MD5 qw(md5_hex);
use Apache2::RequestRec;
#use Apache2::Const qw(:common HTTP_FORBIDDEN);

use base "Apache2::AuthCookie";

my $cycle = 300;
my $secret = "STRbjLab";

sub authen_cred
{
    my ($this, $r, @creds) = @_;

    carp Dumper(@creds);
    if ($this->is_authenticated($r, @creds)
        && $this->is_authorized($r, @creds))
    {
        return $this->make_ticket($r, $creds[0]);
    }

    return;
}

sub authen_ses_key
{
    my ($this, $r, $key) = @_;

    my $user = $this->check_ticket($r, $key);
    return $user if $user;

    return;
}

# Session summary -- $secret:$username:$expire
# Session signatur -- md5_hex(Session summary)
# Session key -- join ":", $user, $expire, $signature
sub make_ticket
{
    my ($this, $r, $user) = @_;
    my $expires = time() + $cycle;
    my $signature = md5_hex("$secret:$user:$expires");
    my $key = join(":", $user, $expires, $signature);
    return $key;
}

sub check_ticket
{
    my ($this, $r, $key) = @_;
    my ($user, $expires, $signature) = split(":", $key);
    my $hash = md5_hex("$secret:$user:$expires");
    return undef if $signature ne $hash
                    or $expires < time();

    return $user;
}


##

##

#!/usr/bin/perl

# Render the login form

use strict;
use warnings;

use Carp qw|carp confess|;
use Data::Dumper;
use Apache2::RequestUtil;

my $r;
eval{$r = Apache2::RequestUtil->request;} || confess $@;
my $prev = $r->prev;
my $uri = $prev->uri;
my $args = $prev->args;
$uri .= "?$args" if $args;
my $reason = $prev->subprocess_env('AuthCookieReason');
my $error = "";
if ($reason)
{
    my $details;
    if ($reason eq "no_cookie")
    {
        $details = "";
    }
    elsif ($reason eq "bad_cookie")
    {
        $details = "The cookie you presented is invalid. You must login again!";
    }
    elsif ($reason eq "bad_credentials")
    {
        $details = "Invalid Username/Password";
    }
    else
    {
        $details = $reason;
    }

    $error = << "__REASON__";
      
        $details
      
__REASON__
}

print "content-type: text/html\n\n";

my $login_form = << "__LOGIN__";


  
    HT2 - Login
    
  
  
    
      $error
      
        
          
        
        
          
            
              
                Username:
                
                  
                
              
              
                Password:
                
                  
                
              
              
                
              
            
          
          
            
          
        
      
    
  

__LOGIN__

print $login_form;