RT-Authen-ExternalAuth-0.17/0000700000175000017500000000000012167334405013765 5ustar tomtomRT-Authen-ExternalAuth-0.17/META.yml0000644000175000017500000000131612167334400015244 0ustar tomtom--- abstract: 'RT Authentication using External Sources' author: - 'Mike Peachey' - 'Mike Peachey ' build_requires: ExtUtils::MakeMaker: 6.36 configure_requires: ExtUtils::MakeMaker: 6.36 distribution_type: module dynamic_config: 1 generated_by: 'Module::Install version 1.06' license: gpl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: 1.4 name: RT-Authen-ExternalAuth no_index: directory: - etc - html - inc - xt recommends: CGI::Cookie: 0 DBI: 0 Net::LDAP: 0 Net::SSLeay: 0 requires: CGI::Cookie: 0 DBI: 0 Net::LDAP: 0 Net::SSLeay: 0 resources: license: http://opensource.org/licenses/gpl-license.php version: 0.17 RT-Authen-ExternalAuth-0.17/lib/0000700000175000017500000000000012167334405014533 5ustar tomtomRT-Authen-ExternalAuth-0.17/lib/RT/0000700000175000017500000000000012167334405015060 5ustar tomtomRT-Authen-ExternalAuth-0.17/lib/RT/Authen/0000700000175000017500000000000012167334405016304 5ustar tomtomRT-Authen-ExternalAuth-0.17/lib/RT/Authen/ExternalAuth/0000700000175000017500000000000012167334405020710 5ustar tomtomRT-Authen-ExternalAuth-0.17/lib/RT/Authen/ExternalAuth/DBI.pm0000644000175000017500000005367312163107705021671 0ustar tomtompackage RT::Authen::ExternalAuth::DBI; use DBI; use RT::Authen::ExternalAuth::DBI::Cookie; use strict; =head1 NAME RT::Authen::ExternalAuth::DBI - External database source for RT authentication =head1 DESCRIPTION Provides the database implementation for L. =head1 SYNOPSIS Set($ExternalSettings, { 'My_MySQL' => { 'type' => 'db', 'dbi_driver' => 'DBI_DRIVER', 'server' => 'server.domain.tld', 'port' => 'DB_PORT', 'user' => 'DB_USER', 'pass' => 'DB_PASS', 'database' => 'DB_NAME', 'table' => 'USERS_TABLE', 'u_field' => 'username', 'p_field' => 'password', # Example of custom hashed password check #'p_check' => sub { # my ($hash_from_db, $password) = @_; # return $hash_from_db eq function($password); #}, 'p_enc_pkg' => 'Crypt::MySQL', 'p_enc_sub' => 'password', 'p_salt' => 'SALT', 'd_field' => 'disabled', 'd_values' => ['0'], 'attr_match_list' => [ 'Gecos', 'Name', ], 'attr_map' => { 'Name' => 'username', 'EmailAddress' => 'email', 'ExternalAuthId' => 'username', 'Gecos' => 'userID', }, }, } ); =head1 CONFIGURATION DBI-specific options are described here. Shared options are described in the F file included in this distribution. The example in the L lists all available options and they are described below. See the L module for details on debugging connection issues. =over 4 =item dbi_driver The name of the Perl DBI driver to use (e.g. mysql, Pg, SQLite). =item server The server hosting the database. =item port The port to use to connect on (e.g. 3306). =item user The database user for the connection. =item pass The password for the database user. =item database The database name. =item table The database table containing the user information to check against. =item u_field The field in the table that holds usernames =item p_field The field in the table that holds passwords =item p_check Optional. An anonymous subroutine definition used to check the (presumably hashed) passed from the database with the password entered by the user logging in. The subroutine should return true on success and false on failure. The configuration options C and C will be ignored when C is defined. An example, where C is some external hashing function: p_check => sub { my ($hash_from_db, $password) = @_; return $hash_from_db eq FooBar($password); }, Importantly, the C subroutine allows for arbitrarily complex password checking unlike C and C. =item p_enc_pkg, p_enc_sub The Perl package and subroutine used to encrypt passwords from the database. For example, if the passwords are stored using the MySQL v3.23 "PASSWORD" function, then you will need the L C function, but for the MySQL4+ password you will need L's C. Alternatively, you could use L C or any other encryption subroutine you can load in your Perl installation. =item p_salt If p_enc_sub takes a salt as a second parameter then set it here. =item d_field, d_values The field and values in the table that determines if a user should be disabled. For example, if the field is 'user_status' and the values are ['0','1','2','disabled'] then the user will be disabled if their user_status is set to '0','1','2' or the string 'disabled'. Otherwise, they will be considered enabled. =back =cut sub GetAuth { my ($service, $username, $password) = @_; my $config = $RT::ExternalSettings->{$service}; $RT::Logger->debug( "Trying external auth service:",$service); my $db_table = $config->{'table'}; my $db_u_field = $config->{'u_field'}; my $db_p_field = $config->{'p_field'}; my $db_p_check = $config->{'p_check'}; my $db_p_enc_pkg = $config->{'p_enc_pkg'}; my $db_p_enc_sub = $config->{'p_enc_sub'}; my $db_p_salt = $config->{'p_salt'}; # Set SQL query and bind parameters my $query = "SELECT $db_u_field,$db_p_field FROM $db_table WHERE $db_u_field=?"; my @params = ($username); # Uncomment this to trace basic DBI information and drop it in a log for debugging # DBI->trace(1,'/tmp/dbi.log'); # Get DBI handle object (DBH), do SQL query, kill DBH my $dbh = _GetBoundDBIObj($config); return 0 unless $dbh; my $results_hashref = $dbh->selectall_hashref($query,$db_u_field,{},@params); $dbh->disconnect(); my $num_users_returned = scalar keys %$results_hashref; if($num_users_returned != 1) { # FAIL # FAIL because more than one user returned. Users MUST be unique! if ((scalar keys %$results_hashref) > 1) { $RT::Logger->info( $service, "AUTH FAILED", $username, "More than one user with that username!"); } # FAIL because no users returned. Users MUST exist! if ((scalar keys %$results_hashref) < 1) { $RT::Logger->info( $service, "AUTH FAILED", $username, "User not found in database!"); } # Drop out to next external authentication service return 0; } # Get the user's password from the database query result my $pass_from_db = $results_hashref->{$username}->{$db_p_field}; if ( $db_p_check ) { unless ( ref $db_p_check eq 'CODE' ) { $RT::Logger->error( "p_check for $service is not a code" ); return 0; } my $check = 0; local $@; eval { $check = $db_p_check->( $pass_from_db, $password ); 1; } or do { $RT::Logger->error( "p_check for $service failed: $@" ); return 0; }; unless ( $check ) { $RT::Logger->info( "$service AUTH FAILED for $username: Password Incorrect (via p_check)" ); } else { $RT::Logger->info( (caller(0))[3], "External Auth OK (", $service, "):", $username); } return $check; } # This is the encryption package & subroutine passed in by the config file $RT::Logger->debug( "Encryption Package:", $db_p_enc_pkg); $RT::Logger->debug( "Encryption Subroutine:", $db_p_enc_sub); # Use config info to auto-load the perl package needed for password encryption # I know it uses a string eval - but I don't think there's a better way to do this # Jump to next external authentication service on failure eval "require $db_p_enc_pkg" or $RT::Logger->error("AUTH FAILED, Couldn't Load Password Encryption Package. Error: $@") && return 0; my $encrypt = $db_p_enc_pkg->can($db_p_enc_sub); if (defined($encrypt)) { # If the package given can perform the subroutine given, then use it to compare the # password given with the password pulled from the database. # Jump to the next external authentication service if they don't match if(defined($db_p_salt)) { $RT::Logger->debug("Using salt:",$db_p_salt); if(${encrypt}->($password,$db_p_salt) ne $pass_from_db){ $RT::Logger->info( $service, "AUTH FAILED", $username, "Password Incorrect"); return 0; } } else { if(${encrypt}->($password) ne $pass_from_db){ $RT::Logger->info( $service, "AUTH FAILED", $username, "Password Incorrect"); return 0; } } } else { # If the encryption package can't perform the request subroutine, # dump an error and jump to the next external authentication service. $RT::Logger->error($service, "AUTH FAILED", "The encryption package you gave me (", $db_p_enc_pkg, ") does not support the encryption method you specified (", $db_p_enc_sub, ")"); return 0; } # Any other checks you want to add? Add them here. # If we've survived to this point, we're good. $RT::Logger->info( (caller(0))[3], "External Auth OK (", $service, "):", $username); return 1; } sub CanonicalizeUserInfo { my ($service, $key, $value) = @_; my $found = 0; my %params = (Name => undef, EmailAddress => undef, RealName => undef); # Load the config my $config = $RT::ExternalSettings->{$service}; # Figure out what's what my $table = $config->{'table'}; unless ($table) { $RT::Logger->critical( (caller(0))[3], "No table given"); # Drop out to the next external information service return ($found, %params); } unless ($key && $value){ $RT::Logger->critical( (caller(0))[3], " Nothing to look-up given"); # Drop out to the next external information service return ($found, %params); } # "where" refers to WHERE section of SQL query my ($where_key,$where_value) = ("@{[ $key ]}",$value); # Get the list of unique attrs we need my %db_attrs = map {$_ => 1} values(%{$config->{'attr_map'}}); my @attrs = keys(%db_attrs); my $fields = join(',',@attrs); my $query = "SELECT $fields FROM $table WHERE $where_key=?"; my @bind_params = ($where_value); # Uncomment this to trace basic DBI throughput in a log # DBI->trace(1,'/tmp/dbi.log'); my $dbh = _GetBoundDBIObj($config); my $results_hashref = $dbh->selectall_hashref($query,$key,{},@bind_params); $dbh->disconnect(); if ((scalar keys %$results_hashref) != 1) { # If returned users <> 1, we have no single unique user, so prepare to die my $death_msg; if ((scalar keys %$results_hashref) == 0) { # If no user... $death_msg = "No User Found in External Database!"; } else { # If more than one user... $death_msg = "More than one user found in External Database with that unique identifier!"; } # Log the death $RT::Logger->info( (caller(0))[3], "INFO CHECK FAILED", "Key: $key", "Value: $value", $death_msg); # $found remains as 0 # Drop out to next external information service return ($found, %params); } # We haven't dropped out, so DB search must have succeeded with # exactly 1 result. Get the result and set $found to 1 my $result = $results_hashref->{$value}; # Use the result to populate %params for every key we're given in the config foreach my $key (keys(%{$config->{'attr_map'}})) { $params{$key} = ($result->{$config->{'attr_map'}->{$key}})[0]; } $found = 1; return ($found, %params); } sub UserExists { my ($username,$service) = @_; my $config = $RT::ExternalSettings->{$service}; my $table = $config->{'table'}; my $u_field = $config->{'u_field'}; my $query = "SELECT $u_field FROM $table WHERE $u_field=?"; my @bind_params = ($username); # Uncomment this to do a basic trace on DBI information and log it # DBI->trace(1,'/tmp/dbi.log'); # Get DBI Object, do the query, disconnect my $dbh = _GetBoundDBIObj($config); my $results_hashref = $dbh->selectall_hashref($query,$u_field,{},@bind_params); $dbh->disconnect(); my $num_of_results = scalar keys %$results_hashref; if ($num_of_results > 1) { # If more than one result returned, die because we the username field should be unique! $RT::Logger->debug( "Disable Check Failed :: (", $service, ")", $username, "More than one user with that username!"); return 0; } elsif ($num_of_results < 1) { # If 0 or negative integer, no user found or major failure $RT::Logger->debug( "Disable Check Failed :: (", $service, ")", $username, "User not found"); return 0; } # Number of results is exactly one, so we found the user we were looking for return 1; } sub UserDisabled { my ($username,$service) = @_; # FIRST, check that the user exists in the DBI service unless(UserExists($username,$service)) { $RT::Logger->debug("User (",$username,") doesn't exist! - Assuming not disabled for the purposes of disable checking"); return 0; } # Get the necessary config info my $config = $RT::ExternalSettings->{$service}; my $table = $config->{'table'}; my $u_field = $config->{'u_field'}; my $disable_field = $config->{'d_field'}; my $disable_values_list = $config->{'d_values'}; unless ($disable_field) { # If we don't know how to check for disabled users, consider them all enabled. $RT::Logger->debug("No d_field specified for this DBI service (", $service, "), so considering all users enabled"); return 0; } my $query = "SELECT $u_field,$disable_field FROM $table WHERE $u_field=?"; my @bind_params = ($username); # Uncomment this to do a basic trace on DBI information and log it # DBI->trace(1,'/tmp/dbi.log'); # Get DBI Object, do the query, disconnect my $dbh = _GetBoundDBIObj($config); my $results_hashref = $dbh->selectall_hashref($query,$u_field,{},@bind_params); $dbh->disconnect(); my $num_of_results = scalar keys %$results_hashref; if ($num_of_results > 1) { # If more than one result returned, die because we the username field should be unique! $RT::Logger->debug( "Disable Check Failed :: (", $service, ")", $username, "More than one user with that username! - Assuming not disabled"); # Drop out to next service for an info check return 0; } elsif ($num_of_results < 1) { # If 0 or negative integer, no user found or major failure $RT::Logger->debug( "Disable Check Failed :: (", $service, ")", $username, "User not found - Assuming not disabled"); # Drop out to next service for an info check return 0; } else { # otherwise all should be well # $user_db_disable_value = The value for "disabled" returned from the DB my $user_db_disable_value = $results_hashref->{$username}->{$disable_field}; # For each of the values in the (list of values that we consider to mean the user is disabled).. foreach my $disable_value (@{$disable_values_list}){ $RT::Logger->debug( "DB Disable Check:", "User's Val is $user_db_disable_value,", "Checking against: $disable_value"); # If the value from the DB matches a value from the list, the user is disabled. if ($user_db_disable_value eq $disable_value) { return 1; } } # If we've not returned yet, the user can't be disabled return 0; } $RT::Logger->crit("It is seriously not possible to run this code.. what the hell did you do?!"); return 0; } sub GetCookieAuth { $RT::Logger->debug( (caller(0))[3], "Checking Browser Cookies for an Authenticated User"); # Get our cookie and database info... my $config = shift; my $username = undef; my $cookie_name = $config->{'name'}; my $cookie_value = RT::Authen::ExternalAuth::DBI::Cookie::GetCookieVal($cookie_name); unless($cookie_value){ return $username; } # The table mapping usernames to the Username Match Key my $u_table = $config->{'u_table'}; # The username field in that table my $u_field = $config->{'u_field'}; # The field that contains the Username Match Key my $u_match_key = $config->{'u_match_key'}; # The table mapping cookie values to the Cookie Match Key my $c_table = $config->{'c_table'}; # The cookie field in that table - The same as the cookie name if unspecified my $c_field = $config->{'c_field'}; # The field that connects the Cookie Match Key my $c_match_key = $config->{'c_match_key'}; # These are random characters to assign as table aliases in SQL # It saves a lot of garbled code later on my $u_table_alias = "u"; my $c_table_alias = "c"; # $tables will be passed straight into the SQL query # I don't see this as a security issue as only the admin may modify the config file anyway my $tables; # If the tables are the same, then the aliases should be the same # and the match key becomes irrelevant. Ensure this all works out # fine by setting both sides the same. In either case, set an # appropriate value for $tables. if ($u_table eq $c_table) { $u_table_alias = $c_table_alias; $u_match_key = $c_match_key; $tables = "$c_table $c_table_alias"; } else { $tables = "$c_table $c_table_alias, $u_table $u_table_alias"; } my $select_fields = "$u_table_alias.$u_field"; my $where_statement = "$c_table_alias.$c_field = ? AND $c_table_alias.$c_match_key = $u_table_alias.$u_match_key"; my $query = "SELECT $select_fields FROM $tables WHERE $where_statement"; my @params = ($cookie_value); # Use this if you need to debug the DBI SQL process # DBI->trace(1,'/tmp/dbi.log'); my $dbh = _GetBoundDBIObj($RT::ExternalSettings->{$config->{'db_service_name'}}); my $query_result_arrayref = $dbh->selectall_arrayref($query,{},@params); $dbh->disconnect(); # The log messages say it all here... my $num_rows = scalar @$query_result_arrayref; if ($num_rows < 1) { $RT::Logger->info( "AUTH FAILED", $cookie_name, "Cookie value not found in database.", "User passed an authentication token they were not given by us!", "Is this nefarious activity?"); } elsif ($num_rows > 1) { $RT::Logger->error( "AUTH FAILED", $cookie_name, "Cookie's value is duplicated in the database! This should not happen!!"); } else { $username = $query_result_arrayref->[0][0]; } if ($username) { $RT::Logger->debug( "User (", $username, ") was authenticated by a browser cookie"); } else { $RT::Logger->debug( "No user was authenticated by browser cookie"); } return $username; } # {{{ sub _GetBoundDBIObj sub _GetBoundDBIObj { # Config as hashref. my $config = shift; # Extract the relevant information from the config. my $db_server = $config->{'server'}; my $db_user = $config->{'user'}; my $db_pass = $config->{'pass'}; my $db_database = $config->{'database'}; my $db_port = $config->{'port'}; my $dbi_driver = $config->{'dbi_driver'}; # Use config to create a DSN line for the DBI connection my $dsn; if ( $dbi_driver eq 'SQLite' ) { $dsn = "dbi:$dbi_driver:$db_database"; } else { $dsn = "dbi:$dbi_driver:database=$db_database;host=$db_server;port=$db_port"; } # Now let's get connected my $dbh = DBI->connect($dsn, $db_user, $db_pass,{RaiseError => 1, AutoCommit => 0 }) or die $DBI::errstr; # If we didn't die, return the DBI object handle # and hope it's treated sensibly and correctly # destroyed by the calling code return $dbh; } # }}} 1; RT-Authen-ExternalAuth-0.17/lib/RT/Authen/ExternalAuth/LDAP.pm0000644000175000017500000005522212163100106021767 0ustar tomtompackage RT::Authen::ExternalAuth::LDAP; use Net::LDAP qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS); use Net::LDAP::Util qw(ldap_error_name escape_filter_value); use Net::LDAP::Filter; use strict; require Net::SSLeay if $RT::ExternalServiceUsesSSLorTLS; =head1 NAME RT::Authen::ExternalAuth::LDAP - LDAP source for RT authentication =head1 DESCRIPTION Provides the LDAP implementation for L. =head1 SYNOPSIS Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE 'My_LDAP' => { 'type' => 'ldap', 'server' => 'server.domain.tld', 'user' => 'rt_ldap_username', 'pass' => 'rt_ldap_password', 'base' => 'ou=Organisational Unit,dc=domain,dc=TLD', 'filter' => '(FILTER_STRING)', 'd_filter' => '(FILTER_STRING)', 'group' => 'GROUP_NAME', 'group_attr' => 'GROUP_ATTR', 'tls' => 0, 'ssl_version' => 3, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 'Address2' ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' }, }, } ); =head1 CONFIGURATION LDAP-specific options are described here. Shared options are described in the F file included in this distribution. The example in the L lists all available options and they are described below. Note that many of these values are specific to LDAP, so you should consult your LDAP documentation for details. =over 4 =item server The server hosting the LDAP or AD service. =item user, pass The username and password RT should use to connect to the LDAP server. If you can bind to your LDAP server anonymously you shouldn't set these options. =item base The LDAP search base. =item filter The filter to use to match RT users. You B specify it and it B be a valid LDAP filter encased in parentheses. For example: filter => '(objectClass=*)', =item d_filter The filter that will only match disabled users. Optional. B be a valid LDAP filter encased in parentheses. For example with Active Directory the following can be used: d_filter => '(userAccountControl:1.2.840.113556.1.4.803:=2)' =item group Does authentication depend on group membership? What group name? =item group_attr What is the attribute for the group object that determines membership? =item group_scope What is the scope of the group search? C, C or C. Optional; defaults to C, which is good enough for most cases. C is appropriate when you have nested groups. =item group_attr_value What is the attribute of the user entry that should be matched against group_attr above? Optional; defaults to C. =item tls Should we try to use TLS to encrypt connections? =item ssl_version SSL Version to provide to Net::SSLeay *if* using SSL. =item net_ldap_args What other args should be passed to Net::LDAP->new($host,@args)? =back =cut sub GetAuth { my ($service, $username, $password) = @_; my $config = $RT::ExternalSettings->{$service}; $RT::Logger->debug( "Trying external auth service:",$service); my $base = $config->{'base'}; my $filter = $config->{'filter'}; my $group = $config->{'group'}; my $group_attr = $config->{'group_attr'}; my $group_attr_val = $config->{'group_attr_value'} || 'dn'; my $group_scope = $config->{'group_scope'} || 'base'; my $attr_map = $config->{'attr_map'}; my @attrs = ('dn'); # Make sure we fetch the user attribute we'll need for the group check push @attrs, $group_attr_val unless lc $group_attr_val eq 'dn'; # Empty parentheses as filters cause Net::LDAP to barf. # We take care of this by using Net::LDAP::Filter, but # there's no harm in fixing this right now. if ($filter eq "()") { undef($filter) }; # Now let's get connected my $ldap = _GetBoundLdapObj($config); return 0 unless ($ldap); $filter = Net::LDAP::Filter->new( '(&(' . $attr_map->{'Name'} . '=' . escape_filter_value($username) . ')' . $filter . ')' ); $RT::Logger->debug( "LDAP Search === ", "Base:", $base, "== Filter:", $filter->as_string, "== Attrs:", join(',',@attrs)); my $ldap_msg = $ldap->search( base => $base, filter => $filter, attrs => \@attrs); unless ($ldap_msg->code == LDAP_SUCCESS || $ldap_msg->code == LDAP_PARTIAL_RESULTS) { $RT::Logger->debug( "search for", $filter->as_string, "failed:", ldap_error_name($ldap_msg->code), $ldap_msg->code); # Didn't even get a partial result - jump straight to the next external auth service return 0; } unless ($ldap_msg->count == 1) { $RT::Logger->info( $service, "AUTH FAILED:", $username, "User not found or more than one user found"); # We got no user, or too many users.. jump straight to the next external auth service return 0; } my $ldap_entry = $ldap_msg->first_entry; my $ldap_dn = $ldap_entry->dn; $RT::Logger->debug( "Found LDAP DN:", $ldap_dn); # THIS bind determines success or failure on the password. $ldap_msg = $ldap->bind($ldap_dn, password => $password); unless ($ldap_msg->code == LDAP_SUCCESS) { $RT::Logger->info( $service, "AUTH FAILED", $username, "(can't bind:", ldap_error_name($ldap_msg->code), $ldap_msg->code, ")"); # Could not bind to the LDAP server as the user we found with the password # we were given, therefore the password must be wrong so we fail and # jump straight to the next external auth service return 0; } # The user is authenticated ok, but is there an LDAP Group to check? if ($group) { my $group_val = lc $group_attr_val eq 'dn' ? $ldap_dn : $ldap_entry->get_value($group_attr_val); # Fallback to the DN if the user record doesn't have a value unless (defined $group_val) { $group_val = $ldap_dn; $RT::Logger->debug("Attribute '$group_attr_val' has no value; falling back to '$group_val'"); } # We only need the dn for the actual group since all we care about is existence @attrs = qw(dn); $filter = Net::LDAP::Filter->new("(${group_attr}=" . escape_filter_value($group_val) . ")"); $RT::Logger->debug( "LDAP Search === ", "Base:", $group, "== Scope:", $group_scope, "== Filter:", $filter->as_string, "== Attrs:", join(',',@attrs)); $ldap_msg = $ldap->search( base => $group, filter => $filter, attrs => \@attrs, scope => $group_scope); # And the user isn't a member: unless ($ldap_msg->code == LDAP_SUCCESS || $ldap_msg->code == LDAP_PARTIAL_RESULTS) { $RT::Logger->critical( "Search for", $filter->as_string, "failed:", ldap_error_name($ldap_msg->code), $ldap_msg->code); # Fail auth - jump to next external auth service return 0; } unless ($ldap_msg->count == 1) { $RT::Logger->debug( "LDAP group membership check returned", $ldap_msg->count, "results" ); $RT::Logger->info( $service, "AUTH FAILED:", $username); # Fail auth - jump to next external auth service return 0; } } # Any other checks you want to add? Add them here. # If we've survived to this point, we're good. $RT::Logger->info( (caller(0))[3], "External Auth OK (", $service, "):", $username); return 1; } sub CanonicalizeUserInfo { my ($service, $key, $value) = @_; my $found = 0; my %params = (Name => undef, EmailAddress => undef, RealName => undef); # Load the config my $config = $RT::ExternalSettings->{$service}; # Figure out what's what my $base = $config->{'base'}; my $filter = $config->{'filter'}; # Get the list of unique attrs we need my @attrs = values(%{$config->{'attr_map'}}); # This is a bit confusing and probably broken. Something to revisit.. my $filter_addition = ($key && $value) ? "(". $key . "=". escape_filter_value($value) .")" : ""; if(defined($filter) && ($filter ne "()")) { $filter = Net::LDAP::Filter->new( "(&" . $filter . $filter_addition . ")" ); } else { $RT::Logger->debug( "LDAP Filter invalid or not present."); } unless (defined($base)) { $RT::Logger->critical( (caller(0))[3], "LDAP baseDN not defined"); # Drop out to the next external information service return ($found, %params); } # Get a Net::LDAP object based on the config we provide my $ldap = _GetBoundLdapObj($config); # Jump to the next external information service if we can't get one, # errors should be logged by _GetBoundLdapObj so we don't have to. return ($found, %params) unless ($ldap); # Do a search for them in LDAP $RT::Logger->debug( "LDAP Search === ", "Base:", $base, "== Filter:", $filter->as_string, "== Attrs:", join(',',@attrs)); my $ldap_msg = $ldap->search(base => $base, filter => $filter, attrs => \@attrs); # If we didn't get at LEAST a partial result, just die now. if ($ldap_msg->code != LDAP_SUCCESS and $ldap_msg->code != LDAP_PARTIAL_RESULTS) { $RT::Logger->critical( (caller(0))[3], ": Search for ", $filter->as_string, " failed: ", ldap_error_name($ldap_msg->code), $ldap_msg->code); # $found remains as 0 # Drop out to the next external information service $ldap_msg = $ldap->unbind(); if ($ldap_msg->code != LDAP_SUCCESS) { $RT::Logger->critical( (caller(0))[3], ": Could not unbind: ", ldap_error_name($ldap_msg->code), $ldap_msg->code); } undef $ldap; undef $ldap_msg; return ($found, %params); } else { # If there's only one match, we're good; more than one and # we don't know which is the right one so we skip it. if ($ldap_msg->count == 1) { my $entry = $ldap_msg->first_entry(); foreach my $key (keys(%{$config->{'attr_map'}})) { # XXX TODO: This legacy code wants to be removed since modern # configs will always fall through to the else and the logic is # weird even if you do have the old config. if ($RT::LdapAttrMap and $RT::LdapAttrMap->{$key} eq 'dn') { $params{$key} = $entry->dn(); } else { $params{$key} = ($entry->get_value($config->{'attr_map'}->{$key}))[0]; } } $found = 1; } else { # Drop out to the next external information service $ldap_msg = $ldap->unbind(); if ($ldap_msg->code != LDAP_SUCCESS) { $RT::Logger->critical( (caller(0))[3], ": Could not unbind: ", ldap_error_name($ldap_msg->code), $ldap_msg->code); } undef $ldap; undef $ldap_msg; return ($found, %params); } } $ldap_msg = $ldap->unbind(); if ($ldap_msg->code != LDAP_SUCCESS) { $RT::Logger->critical( (caller(0))[3], ": Could not unbind: ", ldap_error_name($ldap_msg->code), $ldap_msg->code); } undef $ldap; undef $ldap_msg; return ($found, %params); } sub UserExists { my ($username,$service) = @_; $RT::Logger->debug("UserExists params:\nusername: $username , service: $service"); my $config = $RT::ExternalSettings->{$service}; my $base = $config->{'base'}; my $filter = $config->{'filter'}; # While LDAP filters must be surrounded by parentheses, an empty set # of parentheses is an invalid filter and will cause failure # This shouldn't matter since we are now using Net::LDAP::Filter below, # but there's no harm in doing this to be sure if ($filter eq "()") { undef($filter) }; if (defined($config->{'attr_map'}->{'Name'})) { # Construct the complex filter $filter = Net::LDAP::Filter->new( '(&' . $filter . '(' . $config->{'attr_map'}->{'Name'} . '=' . escape_filter_value($username) . '))' ); } my $ldap = _GetBoundLdapObj($config); return unless $ldap; my @attrs = values(%{$config->{'attr_map'}}); # Check that the user exists in the LDAP service $RT::Logger->debug( "LDAP Search === ", "Base:", $base, "== Filter:", $filter->as_string, "== Attrs:", join(',',@attrs)); my $user_found = $ldap->search( base => $base, filter => $filter, attrs => \@attrs); if($user_found->count < 1) { # If 0 or negative integer, no user found or major failure $RT::Logger->debug( "User Check Failed :: (", $service, ")", $username, "User not found"); return 0; } elsif ($user_found->count > 1) { # If more than one result returned, die because we the username field should be unique! $RT::Logger->debug( "User Check Failed :: (", $service, ")", $username, "More than one user with that username!"); return 0; } undef $user_found; # If we havent returned now, there must be a valid user. return 1; } sub UserDisabled { my ($username,$service) = @_; # FIRST, check that the user exists in the LDAP service unless(UserExists($username,$service)) { $RT::Logger->debug("User (",$username,") doesn't exist! - Assuming not disabled for the purposes of disable checking"); return 0; } my $config = $RT::ExternalSettings->{$service}; my $base = $config->{'base'}; my $filter = $config->{'filter'}; my $d_filter = $config->{'d_filter'}; my $search_filter; # While LDAP filters must be surrounded by parentheses, an empty set # of parentheses is an invalid filter and will cause failure # This shouldn't matter since we are now using Net::LDAP::Filter below, # but there's no harm in doing this to be sure if ($filter eq "()") { undef($filter) }; if ($d_filter eq "()") { undef($d_filter) }; unless ($d_filter) { # If we don't know how to check for disabled users, consider them all enabled. $RT::Logger->debug("No d_filter specified for this LDAP service (", $service, "), so considering all users enabled"); return 0; } if (defined($config->{'attr_map'}->{'Name'})) { # Construct the complex filter $search_filter = Net::LDAP::Filter->new( '(&' . $filter . $d_filter . '(' . $config->{'attr_map'}->{'Name'} . '=' . escape_filter_value($username) . '))' ); } else { $RT::Logger->debug("You haven't specified an LDAP attribute to match the RT \"Name\" attribute for this service (", $service, "), so it's impossible look up the disabled status of this user (", $username, ") so I'm just going to assume the user is not disabled"); return 0; } my $ldap = _GetBoundLdapObj($config); next unless $ldap; # We only need the UID for confirmation now, # the other information would waste time and bandwidth my @attrs = ('uid'); $RT::Logger->debug( "LDAP Search === ", "Base:", $base, "== Filter:", $search_filter->as_string, "== Attrs:", join(',',@attrs)); my $disabled_users = $ldap->search(base => $base, filter => $search_filter, attrs => \@attrs); # If ANY results are returned, # we are going to assume the user should be disabled if ($disabled_users->count) { undef $disabled_users; return 1; } else { undef $disabled_users; return 0; } } # {{{ sub _GetBoundLdapObj sub _GetBoundLdapObj { # Config as hashref my $config = shift; # Figure out what's what my $ldap_server = $config->{'server'}; my $ldap_user = $config->{'user'}; my $ldap_pass = $config->{'pass'}; my $ldap_tls = $config->{'tls'}; my $ldap_ssl_ver = $config->{'ssl_version'}; my $ldap_args = $config->{'net_ldap_args'}; my $ldap = new Net::LDAP($ldap_server, @$ldap_args); unless ($ldap) { $RT::Logger->critical( (caller(0))[3], ": Cannot connect to", $ldap_server); return undef; } if ($ldap_tls) { $Net::SSLeay::ssl_version = $ldap_ssl_ver; # Thanks to David Narayan for the fault tolerance bits eval { $ldap->start_tls; }; if ($@) { $RT::Logger->critical( (caller(0))[3], "Can't start TLS: ", $@); return; } } my $msg = undef; if (($ldap_user) and ($ldap_pass)) { $msg = $ldap->bind($ldap_user, password => $ldap_pass); } elsif (($ldap_user) and ( ! $ldap_pass)) { $msg = $ldap->bind($ldap_user); } else { $msg = $ldap->bind; } unless ($msg->code == LDAP_SUCCESS) { $RT::Logger->critical( (caller(0))[3], "Can't bind:", ldap_error_name($msg->code), $msg->code); return undef; } else { return $ldap; } } # }}} 1; RT-Authen-ExternalAuth-0.17/lib/RT/Authen/ExternalAuth/DBI/0000700000175000017500000000000012167334405021306 5ustar tomtomRT-Authen-ExternalAuth-0.17/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm0000644000175000017500000000461312163100106023054 0ustar tomtompackage RT::Authen::ExternalAuth::DBI::Cookie; use CGI::Cookie; use strict; =head1 NAME RT::Authen::ExternalAuth::DBI::Cookie - Database-backed, cookie SSO source for RT authentication =head1 DESCRIPTION Provides the Cookie implementation for L. =head1 SYNOPSIS Set($ExternalSettings, { # An example SSO cookie service 'My_SSO_Cookie' => { 'type' => 'cookie', 'name' => 'loginCookieValue', 'u_table' => 'users', 'u_field' => 'username', 'u_match_key' => 'userID', 'c_table' => 'login_cookie', 'c_field' => 'loginCookieValue', 'c_match_key' => 'loginCookieUserID', 'db_service_name' => 'My_MySQL' }, 'My_MySQL' => { ... }, } ); =head1 CONFIGURATION Cookie-specific options are described here. Shared options are described in the F file included in this distribution. The example in the L lists all available options and they are described below. =over 4 =item name The name of the cookie to be used. =item u_table The users table. =item u_field The username field in the users table. =item u_match_key The field in the users table that uniquely identifies a user and also exists in the cookies table. See c_match_key below. =item c_table The cookies table. =item c_field The field that stores cookie values. =item c_match_key The field in the cookies table that uniquely identifies a user and also exists in the users table. See u_match_key above. =item db_service_name The DB service in this configuration to use to lookup the cookie information. See L. =back =cut # {{{ sub GetCookieVal sub GetCookieVal { # The name of the cookie my $cookie_name = shift; my $cookie_value; # Pull in all cookies from browser within our cookie domain my %cookies = CGI::Cookie->fetch(); # If the cookie is set, get the value, if it's not set, get out now! if (defined $cookies{$cookie_name}) { $cookie_value = $cookies{$cookie_name}->value; $RT::Logger->debug( "Cookie Found", ":: $cookie_name"); } else { $RT::Logger->debug( "Cookie Not Found"); } return $cookie_value; } # }}} 1; RT-Authen-ExternalAuth-0.17/lib/RT/Authen/ExternalAuth.pm0000644000175000017500000006653312167334346021301 0ustar tomtompackage RT::Authen::ExternalAuth; our $VERSION = '0.17'; =head1 NAME RT::Authen::ExternalAuth - RT Authentication using External Sources =head1 DESCRIPTION A complete package for adding external authentication mechanisms to RT. It currently supports LDAP via Net::LDAP and External Database authentication for any database with an installed DBI driver. It also allows for authenticating cookie information against an external database through the use of the RT-Authen-CookieAuth extension. =head1 UPGRADING If you are upgrading from an earlier version of this extension, you must remove the following files manually: $RTHOME/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm $RTHOME/local/lib/RT/User_Vendor.pm $RTHOME/local/lib/RT/Authen/External_Auth.pm Otherwise you will most likely encounter an error about modifying a read only value and be unable to start RT. You may not have all of these files. It depends what versions you are upgrading between. If you are using a vendor packaged RT, your local directories are likely to be somewhere under /usr/local instead of in $RTHOME so you will need to visit Configuration -> Tools -> System Configuration to find your plugin root. =head2 VERSION NOTES If you are using RT 3.6, you want to use the 0.05 version. If you are using RT 3.8.0 or 3.8.1, you may have trouble using this due to RT bugs related to plugins, but you may be able to use 0.08. 0.08_02 or later will not work on 3.8.0 or 3.8.1 If you are using RT 4.0.0 or greater, you must use at least 0.09 =head1 MORE ABOUT THIS MODULE This module provides the ability to authenticate RT users against one or more external data sources at once. It will also allow information about that user to be loaded from the same, or any other available, source as well as allowing multple redundant servers for each method. The extension currently supports authentication and information from LDAP via the Net::LDAP module, and from any data source that an installed DBI driver is available for. It is also possible to use cookies set by an alternate application for Single Sign-On (SSO) with that application. For example, you may integrate RT with your own website login system so that once users log in to your website, they will be automagically logged in to RT when they access it. It was originally designed and tested against: MySQL v4.1.21-standard MySQL v5.0.22 Windows Active Directory v2003 But it has been designed so that it should work with ANY LDAP service and ANY DBI-drivable database, based upon the configuration given in your $RTHOME/etc/RT_SiteConfig.pm As of v0.08 ExternalAuth also allows you to pull a browser cookie value and test it against a DBI data source allowing the use of cookies for Single Sign-On (SSO) authentication with another application or website login system. This is due to the merging of RT::Authen::ExternalAuth and RT::Authen::CookieAuth. For example, you may integrate RT with your own website login system so that once users log in to your website, they will be automagically logged in to RT when they access it. =head1 INSTALLATION To install this module, run the following commands: perl Makefile.PL make make install If you are using RT 3.8.x, you need to enable this module by adding RT::Authen::ExternalAuth to your @Plugins configuration: Set( @Plugins, qw(RT::Authen::ExternalAuth) ); If you already have a @Plugins line, add RT::Authen::ExternalAuth to the existing list. Adding a second @Plugins line will cause interesting bugs. Once installed, you should view the file: 3.4/3.6 $RTHOME/local/etc/ExternalAuth/RT_SiteConfig.pm 3.8 $RTHOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm Then use the examples provided to prepare your own custom configuration which should be added to your site configuration in $RTHOME/etc/RT_SiteConfig.pm =head1 AUTHOR Mike Peachey Jennic Ltd. zordrak@cpan.org Various Best Practical Developers =head1 COPYRIGHT AND LICENCE Copyright (C) 2008, Jennic Ltd. This software is released under version 2 of the GNU General Public License. The license is distributed with this package in the LICENSE file found in the directory root. =cut use RT::Authen::ExternalAuth::LDAP; use RT::Authen::ExternalAuth::DBI; use strict; # Ensure passwords are obfuscated on the System Configuration page $RT::Config::META{ExternalSettings}->{Obfuscate} = sub { my ($config, $sources, $user) = @_; # XXX $user is never passed from RT as of 4.0.5 :( my $msg = 'Password not printed'; $msg = $user->loc($msg) if $user and $user->Id; for my $source (values %$sources) { $source->{pass} = $msg; } return $sources; }; sub DoAuth { my ($session,$given_user,$given_pass) = @_; unless(defined($RT::ExternalAuthPriority)) { return (0, "ExternalAuthPriority not defined, please check your configuration file."); } my $no_info_check = 0; unless(defined($RT::ExternalInfoPriority)) { $RT::Logger->debug("ExternalInfoPriority not defined. User information (including user enabled/disabled cannot be externally-sourced"); $no_info_check = 1; } # Ensure people don't misconfigure DBI auth to point to RT's Users table for my $service (keys %$RT::ExternalSettings) { my %conf = %{ $RT::ExternalSettings->{$service} }; next unless $conf{type} eq 'db'; # user/pass might be different (root, for instance) no warnings 'uninitialized'; next unless lc $conf{server} eq lc $RT::DatabaseHost and lc $conf{database} eq lc $RT::DatabaseName and lc $conf{table} eq 'users'; $RT::Logger->error( "RT::Authen::ExternalAuth should _not_ be configured with a database auth service ". "that points back to RT's internal Users table. Removing the service '$service'! ". "Please remove it from your config file." ); # Remove it! delete $RT::ExternalSettings->{$service}; @$RT::ExternalAuthPriority = grep { $_ ne $service } @$RT::ExternalAuthPriority if $RT::ExternalAuthPriority; @$RT::ExternalInfoPriority = grep { $_ ne $service } @$RT::ExternalInfoPriority if $RT::ExternalInfoPriority; } # This may be used by single sign-on (SSO) authentication mechanisms for bypassing a password check. my $pass_bypass = 0; my $success = 0; # Should have checked if user is already logged in before calling this function, # but just in case, we'll check too. return (0, "User already logged in!") if ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id); # We don't have a logged in user. Let's try all our available methods in order. # last if success, next if not. # Get the prioritised list of external authentication services my @auth_services = @$RT::ExternalAuthPriority; # For each of those services.. foreach my $service (@auth_services) { $pass_bypass = 0; # Get the full configuration for that service as a hashref my $config = $RT::ExternalSettings->{$service}; $RT::Logger->debug( "Attempting to use external auth service:", $service); # $username will be the final username we decide to check # This will not necessarily be $given_user my $username = undef; ############################################################# ####################### SSO Check ########################### ############################################################# if ($config->{'type'} eq 'cookie') { # Currently, Cookie authentication is our only SSO method $username = RT::Authen::ExternalAuth::DBI::GetCookieAuth($config); } ############################################################# # If $username is defined, we have a good SSO $username and can # safely bypass the password checking later on; primarily because # it's VERY unlikely we even have a password to check if an SSO succeeded. $pass_bypass = 0; if(defined($username)) { $RT::Logger->debug("Pass not going to be checked, attempting SSO"); $pass_bypass = 1; } else { # SSO failed and no $user was passed for a login attempt # We only don't return here because the next iteration could be an SSO attempt unless(defined($given_user)) { $RT::Logger->debug("SSO Failed and no user to test with. Nexting"); next; } # We don't have an SSO login, so we will be using the credentials given # on RT's login page to do our authentication. $username = $given_user; # Don't continue unless the service works. # next unless RT::Authen::ExternalAuth::TestConnection($config); # Don't continue unless the $username exists in the external service $RT::Logger->debug("Calling UserExists with \$username ($username) and \$service ($service)"); next unless RT::Authen::ExternalAuth::UserExists($username, $service); } #################################################################### ########## Load / Auto-Create ###################################### #################################################################### # We are now sure that we're talking about a valid RT user. # If the user already exists, load up their info. If they don't # then we need to create the user in RT. # Does user already exist internally to RT? $session->{'CurrentUser'} = RT::CurrentUser->new(); $session->{'CurrentUser'}->Load($username); # Unless we have loaded a valid user with a UserID create one. unless ($session->{'CurrentUser'}->Id) { my $UserObj = RT::User->new($RT::SystemUser); my ($val, $msg) = $UserObj->Create(%{ref($RT::AutoCreate) ? $RT::AutoCreate : {}}, Name => $username, Gecos => $username, ); unless ($val) { $RT::Logger->error( "Couldn't create user $username: $msg" ); next; } $RT::Logger->info( "Autocreated external user", $UserObj->Name, "(", $UserObj->Id, ")"); $RT::Logger->debug("Loading new user (", $username, ") into current session"); $session->{'CurrentUser'}->Load($username); } #################################################################### ########## Authentication ########################################## #################################################################### # If we successfully used an SSO service, then authentication # succeeded. If we didn't then, success is determined by a password # test. $success = 0; if($pass_bypass) { $RT::Logger->debug("Password check bypassed due to SSO method being in use"); $success = 1; } else { $RT::Logger->debug("Password validation required for service - Executing..."); $success = RT::Authen::ExternalAuth::GetAuth($service,$username,$given_pass); } $RT::Logger->debug("Password Validation Check Result: ",$success); # If the password check succeeded then this is our authoritative service # and we proceed to user information update and login. last if $success; } # If we got here and don't have a user loaded we must have failed to # get a full, valid user from an authoritative external source. unless ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) { $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "No User"); } unless($success) { $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "Password Invalid"); } # Otherwise we succeeded. $RT::Logger->debug("Authentication successful. Now updating user information and attempting login."); #################################################################################################### ############################### The following is auth-method agnostic ############################## #################################################################################################### # If we STILL have a completely valid RT user to play with... # and therefore password has been validated... if ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) { # Even if we have JUST created the user in RT, we are going to # reload their information from an external source. This allows us # to be sure that the user the cookie gave us really does exist in # the database, but more importantly, UpdateFromExternal will check # whether the user is disabled or not which we have not been able to # do during auto-create # These are not currently used, but may be used in the future. my $info_updated = 0; my $info_updated_msg = "User info not updated"; unless($no_info_check) { # Note that UpdateUserInfo does not care how we authenticated the user # It will look up user info from whatever is specified in $RT::ExternalInfoPriority ($info_updated,$info_updated_msg) = RT::Authen::ExternalAuth::UpdateUserInfo($session->{'CurrentUser'}->Name); } # Now that we definitely have up-to-date user information, # if the user is disabled, kick them out. Now! if ($session->{'CurrentUser'}->UserObj->Disabled) { $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "User account disabled, login denied"); } } # If we **STILL** have a full user and the session hasn't already been deleted # This If/Else is logically unnecessary, but it doesn't hurt to leave it here # just in case. Especially to be a double-check to future modifications. if ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) { $RT::Logger->info( "Successful login for", $session->{'CurrentUser'}->Name, "from", $ENV{'REMOTE_ADDR'}); # Do not delete the session. User stays logged in and # autohandler will not check the password again my $cu = $session->{CurrentUser}; RT::Interface::Web::InstantiateNewSession(); $session->{CurrentUser} = $cu; } else { # Make SURE the session is purged to an empty user. $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "Failed to authenticate externally"); # This will cause autohandler to request IsPassword # which will in turn call IsExternalPassword } return (1, "Successful login"); } sub UpdateUserInfo { my $username = shift; # Prepare for the worst... my $found = 0; my $updated = 0; my $msg = "User NOT updated"; my $user_disabled = RT::Authen::ExternalAuth::UserDisabled($username); my $UserObj = RT::User->new($RT::SystemUser); $UserObj->Load($username); # If user is disabled, set the RT::Principal to disabled and return out of the function. # I think it's a waste of time and energy to update a user's information if they are disabled # and it could be a security risk if they've updated their external information with some # carefully concocted code to try to break RT - worst case scenario, but they have been # denied access after all, don't take any chances. # If someone gives me a good enough reason to do it, # then I'll update all the info for disabled users if ($user_disabled) { unless ( $UserObj->Disabled ) { # Make sure principal is disabled in RT my ($val, $message) = $UserObj->SetDisabled(1); # Log what has happened $RT::Logger->info("User marked as DISABLED (", $username, ") per External Service", "($val, $message)\n"); $msg = "User Disabled"; } return ($updated, $msg); } # Make sure principal is not disabled in RT if ( $UserObj->Disabled ) { my ($val, $message) = $UserObj->SetDisabled(0); unless ( $val ) { $RT::Logger->error("Failed to enable user ($username) per External Service: ".($message||'')); return ($updated, "Failed to enable"); } $RT::Logger->info("User ($username) was disabled, marked as ENABLED ", "per External Service", "($val, $message)\n"); } # Update their info from external service using the username as the lookup key # CanonicalizeUserInfo will work out for itself which service to use # Passing it a service instead could break other RT code my %args = (Name => $username); $UserObj->CanonicalizeUserInfo(\%args); # For each piece of information returned by CanonicalizeUserInfo, # run the Set method for that piece of info to change it for the user my @results = $UserObj->Update( ARGSRef => \%args, AttributesRef => [keys %args], ); $RT::Logger->debug("UPDATED user $username: $_") for @results; # Confirm update success $updated = 1; $RT::Logger->debug( "UPDATED user (", $username, ") from External Service\n"); $msg = 'User updated'; return ($updated, $msg); } sub GetAuth { # Request a username/password check from the specified service # This is only valid for non-SSO services. my ($service,$username,$password) = @_; my $success = 0; # Get the full configuration for that service as a hashref my $config = $RT::ExternalSettings->{$service}; # And then act accordingly depending on what type of service it is. # Right now, there is only code for DBI and LDAP non-SSO services if ($config->{'type'} eq 'db') { $success = RT::Authen::ExternalAuth::DBI::GetAuth($service,$username,$password); $RT::Logger->debug("DBI password validation result:",$success); } elsif ($config->{'type'} eq 'ldap') { $success = RT::Authen::ExternalAuth::LDAP::GetAuth($service,$username,$password); $RT::Logger->debug("LDAP password validation result:",$success); } else { $RT::Logger->error("Invalid service type for GetAuth:",$service); } return $success; } sub UserExists { # Request a username/password check from the specified service # This is only valid for non-SSO services. my ($username,$service) = @_; my $success = 0; # Get the full configuration for that service as a hashref my $config = $RT::ExternalSettings->{$service}; # And then act accordingly depending on what type of service it is. # Right now, there is only code for DBI and LDAP non-SSO services if ($config->{'type'} eq 'db') { $success = RT::Authen::ExternalAuth::DBI::UserExists($username,$service); } elsif ($config->{'type'} eq 'ldap') { $success = RT::Authen::ExternalAuth::LDAP::UserExists($username,$service); } else { $RT::Logger->debug("Invalid service type for UserExists:",$service); } return $success; } sub UserDisabled { my $username = shift; my $user_disabled = 0; my @info_services = $RT::ExternalInfoPriority ? @{$RT::ExternalInfoPriority} : (); # For each named service in the list # Check to see if the user is found in the external service # If not found, jump to next service # If found, check to see if user is considered disabled by the service # Then update the user's info in RT and return foreach my $service (@info_services) { # Get the external config for this service as a hashref my $config = $RT::ExternalSettings->{$service}; # If the config doesn't exist, don't bother doing anything, skip to next in list. unless(defined($config)) { $RT::Logger->debug("You haven't defined a configuration for the service named \"", $service, "\" so I'm not going to try to get user information from it. Skipping..."); next; } # If it's a DBI config: if ($config->{'type'} eq 'db') { unless(RT::Authen::ExternalAuth::DBI::UserExists($username,$service)) { $RT::Logger->debug("User (", $username, ") doesn't exist in service (", $service, ") - Cannot update information - Skipping..."); next; } $user_disabled = RT::Authen::ExternalAuth::DBI::UserDisabled($username,$service); } elsif ($config->{'type'} eq 'ldap') { unless(RT::Authen::ExternalAuth::LDAP::UserExists($username,$service)) { $RT::Logger->debug("User (", $username, ") doesn't exist in service (", $service, ") - Cannot update information - Skipping..."); next; } $user_disabled = RT::Authen::ExternalAuth::LDAP::UserDisabled($username,$service); } elsif ($config->{'type'} eq 'cookie') { RT::Logger->error("You cannot use SSO Cookies as an information service."); next; } else { # The type of external service doesn't currently have any methods associated with it. Or it's a typo. RT::Logger->error("Invalid type specification for config %config->{'name'}"); # Drop out to next service in list next; } } return $user_disabled; } sub CanonicalizeUserInfo { # Careful, this $args hashref was given to RT::User::CanonicalizeUserInfo and # then transparently passed on to this function. The whole purpose is to update # the original hash as whatever passed it to RT::User is expecting to continue its # code with an update args hash. my $UserObj = shift; my $args = shift; my $found = 0; my %params = (Name => undef, EmailAddress => undef, RealName => undef); $RT::Logger->debug( (caller(0))[3], "called by", caller, "with:", join(", ", map {sprintf("%s: %s", $_, ($args->{$_} ? $args->{$_} : ''))} sort(keys(%$args)))); # Get the list of defined external services my @info_services = $RT::ExternalInfoPriority ? @{$RT::ExternalInfoPriority} : undef; # For each external service... foreach my $service (@info_services) { $RT::Logger->debug( "Attempting to get user info using this external service:", $service); # Get the config for the service so that we know what attrs we can canonicalize my $config = $RT::ExternalSettings->{$service}; if($config->{'type'} eq 'cookie'){ $RT::Logger->debug("You cannot use SSO cookies as an information service!"); next; } # For each attr we've been told to canonicalize in the match list foreach my $rt_attr (@{$config->{'attr_match_list'}}) { # Jump to the next attr in $args if this one isn't in the attr_match_list $RT::Logger->debug( "Attempting to use this canonicalization key:",$rt_attr); unless(defined($args->{$rt_attr})) { $RT::Logger->debug("This attribute (", $rt_attr, ") is null or incorrectly defined in the attr_map for this service (", $service, ")"); next; } # Else, use it as a canonicalization key and lookup the user info my $key = $config->{'attr_map'}->{$rt_attr}; my $value = $args->{$rt_attr}; # Check to see that the key being asked for is defined in the config's attr_map my $valid = 0; my ($attr_key, $attr_value); my $attr_map = $config->{'attr_map'}; while (($attr_key, $attr_value) = each %$attr_map) { $valid = 1 if ($key eq $attr_value); } unless ($valid){ $RT::Logger->debug( "This key (", $key, "is not a valid attribute key (", $service, ")"); next; } # Use an if/elsif structure to do a lookup with any custom code needed # for any given type of external service, or die if no code exists for # the service requested. if($config->{'type'} eq 'ldap'){ ($found, %params) = RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value); } elsif ($config->{'type'} eq 'db') { ($found, %params) = RT::Authen::ExternalAuth::DBI::CanonicalizeUserInfo($service,$key,$value); } else { $RT::Logger->debug( (caller(0))[3], "does not consider", $service, "a valid information service"); } # Don't Check any more attributes last if $found; } # Don't Check any more services last if $found; } # If found, Canonicalize Email Address and # update the args hash that we were given the hashref for if ($found) { # It's important that we always have a canonical email address if ($params{'EmailAddress'}) { $params{'EmailAddress'} = $UserObj->CanonicalizeEmailAddress($params{'EmailAddress'}); } %$args = (%$args, %params); } $RT::Logger->info( (caller(0))[3], "returning", join(", ", map {sprintf("%s: %s", $_, ($args->{$_} ? $args->{$_} : ''))} sort(keys(%$args)))); ### HACK: The config var below is to overcome the (IMO) bug in ### RT::User::Create() which expects this function to always ### return true or rejects the user for creation. This should be ### a different config var (CreateUncanonicalizedUsers) and ### should be honored in RT::User::Create() return($found || $RT::AutoCreateNonExternalUsers); } { no warnings 'redefine'; *RT::User::CanonicalizeUserInfo = sub { my $self = shift; my $args = shift; return ( CanonicalizeUserInfo( $self, $args ) ); }; } 1; RT-Authen-ExternalAuth-0.17/xt/0000700000175000017500000000000012167334405014420 5ustar tomtomRT-Authen-ExternalAuth-0.17/xt/ldap_group.t0000644000175000017500000001071312163100106016736 0ustar tomtomuse strict; use warnings; # This lets us change config during runtime without restarting BEGIN { $ENV{RT_TEST_WEB_HANDLER} = 'inline'; } use RT::Test tests => undef, testing => 'RT::Authen::ExternalAuth'; use Net::LDAP; use RT::Authen::ExternalAuth; eval { require Net::LDAP::Server::Test; 1; } or do { plan skip_all => 'Unable to test without Net::Server::LDAP::Test'; }; my $ldap_port = 1024 + int rand(10000) + $$ % 1024; ok( my $server = Net::LDAP::Server::Test->new( $ldap_port, auto_schema => 1 ), "spawned test LDAP server on port $ldap_port" ); my $ldap = Net::LDAP->new("localhost:$ldap_port"); $ldap->bind(); my $users_dn = "ou=users,dc=bestpractical,dc=com"; my $group_dn = "cn=test group,ou=groups,dc=bestpractical,dc=com"; $ldap->add($users_dn); for (1 .. 3) { my $uid = "testuser$_"; my $entry = { cn => "Test User $_", mail => "$uid\@example.com", uid => $uid, objectClass => 'User', userPassword => 'password', }; $ldap->add( "uid=$uid,$users_dn", attr => [%$entry] ); } $ldap->add( $group_dn, attr => [ cn => "test group", memberDN => [ "uid=testuser1,$users_dn" ], memberUid => [ "testuser2" ], objectClass => 'Group', ], ); $ldap->add( "cn=subgroup,$group_dn", attr => [ cn => "subgroup", memberUid => [ "testuser3" ], objectClass => "group", ], ); #RT->Config->Set( Plugins => 'RT::Authen::ExternalAuth' ); RT->Config->Set( ExternalAuthPriority => ['My_LDAP'] ); RT->Config->Set( ExternalInfoPriority => ['My_LDAP'] ); RT->Config->Set( ExternalServiceUsesSSLorTLS => 0 ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { 'My_LDAP' => { 'type' => 'ldap', 'server' => "127.0.0.1:$ldap_port", 'base' => $users_dn, 'filter' => '(objectClass=*)', 'd_filter' => '()', 'group' => $group_dn, 'group_attr' => 'memberDN', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "Using DN to match group membership"; diag "test uri login"; { ok( !$m->login( 'fakeuser', 'password' ), 'not logged in with fake user' ); $m->warning_like(qr/FAILED LOGIN for fakeuser/); ok( !$m->login( 'testuser2', 'password' ), 'not logged in with real user not in group' ); $m->warning_like(qr/FAILED LOGIN for testuser2/); ok( $m->login( 'testuser1', 'password' ), 'logged in' ); } diag "test user creation"; { my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'testuser1' ); ok($ok,$msg); is($testuser->EmailAddress,'testuser1@example.com'); } $m->logout; diag "Using uid to match group membership"; RT->Config->Get('ExternalSettings')->{My_LDAP}{group_attr} = 'memberUid'; RT->Config->Get('ExternalSettings')->{My_LDAP}{group_attr_value} = 'uid'; diag "test uri login"; { ok( !$m->login( 'testuser1', 'password' ), 'not logged in with real user not in group' ); $m->warning_like(qr/FAILED LOGIN for testuser1/); ok( $m->login( 'testuser2', 'password' ), 'logged in' ); } $m->logout; diag "Subgroup isn't used with default group_scope of base"; { local $TODO = 'Net::LDAP::Server::Test bug: https://rt.cpan.org/Ticket/Display.html?id=78612' if $Net::LDAP::Server::Test::VERSION <= 0.13; ok( !$m->login( 'testuser3', 'password' ), 'not logged in from subgroup' ); $m->warning_like(qr/FAILED LOGIN for testuser3/); $m->logout; } diag "Using group_scope of sub not base"; RT->Config->Get('ExternalSettings')->{My_LDAP}{group_scope} = 'sub'; diag "test uri login"; { ok( !$m->login( 'testuser1', 'password' ), 'not logged in with real user not in group' ); $m->warning_like(qr/FAILED LOGIN for testuser1/); ok( $m->login( 'testuser2', 'password' ), 'logged in as testuser2' ); $m->logout; ok( $m->login( 'testuser3', 'password' ), 'logged in as testuser3 from subgroup' ); $m->logout; } $ldap->unbind(); undef $m; done_testing; RT-Authen-ExternalAuth-0.17/xt/obfuscate-password.t0000644000175000017500000000152412167334346020440 0ustar tomtomuse strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth'; RT->Config->Set( ExternalSettings => { 'My_LDAP' => { type => 'ldap', user => 'ldap_bind', pass => 'sekrit', }, 'My_DBI' => { type => 'dbi', user => 'external_db_user', pass => 'nottelling', }, } ); my ($base, $m) = RT::Test->started_ok(); ok( $m->login, 'logged in' ); $m->get_ok('/Admin/Tools/Configuration.html', 'config page'); $m->content_lacks('sekrit', 'external source 1 pass obfuscated'); $m->content_lacks('nottelling', 'external source 2 pass obfuscated'); $m->content_contains('ldap_bind', 'sanity check: we do have external config dumped'); $m->content_contains('external_db_user', 'sanity check: we do have external config dumped'); undef $m; RT-Authen-ExternalAuth-0.17/xt/ldap_privileged.t0000644000175000017500000000473512163100106017743 0ustar tomtomuse strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth'; use Net::LDAP; use RT::Authen::ExternalAuth; eval { require Net::LDAP::Server::Test; 1; } or do { plan skip_all => 'Unable to test without Net::Server::LDAP::Test'; }; my $ldap_port = 1024 + int rand(10000) + $$ % 1024; ok( my $server = Net::LDAP::Server::Test->new( $ldap_port, auto_schema => 1 ), "spawned test LDAP server on port $ldap_port" ); my $ldap = Net::LDAP->new("localhost:$ldap_port"); $ldap->bind(); my $username = "testuser"; my $base = "dc=bestpractical,dc=com"; my $dn = "uid=$username,$base"; my $entry = { cn => $username, mail => "$username\@invalid.tld", uid => $username, objectClass => 'User', userPassword => 'password', }; $ldap->add( $base ); $ldap->add( $dn, attr => [%$entry] ); RT->Config->Set( ExternalAuthPriority => ['My_LDAP'] ); RT->Config->Set( ExternalInfoPriority => ['My_LDAP'] ); RT->Config->Set( ExternalServiceUsesSSLorTLS => 0 ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => { Privileged => 1 } ); RT->Config->Set( ExternalSettings => { # AN EXAMPLE DB SERVICE 'My_LDAP' => { 'type' => 'ldap', 'server' => "127.0.0.1:$ldap_port", 'base' => $base, 'filter' => '(objectClass=*)', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "test uri login"; { ok( !$m->login( 'fakeuser', 'password' ), 'not logged in with fake user' ); ok( $m->login( 'testuser', 'password' ), 'logged in' ); } diag "test user creation"; { my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'testuser' ); ok($ok,$msg); is($testuser->EmailAddress,'testuser@invalid.tld'); } diag "test form login"; { $m->logout; $m->get_ok( $baseurl, 'base url' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); } like( $m->uri, qr!$baseurl/(index\.html)?!, 'privileged home page' ); $ldap->unbind(); $m->get_warnings; RT-Authen-ExternalAuth-0.17/xt/ldap.t0000644000175000017500000000551312163100106015524 0ustar tomtomuse strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth'; use Net::LDAP; use RT::Authen::ExternalAuth; eval { require Net::LDAP::Server::Test; 1; } or do { plan skip_all => 'Unable to test without Net::Server::LDAP::Test'; }; my $ldap_port = 1024 + int rand(10000) + $$ % 1024; ok( my $server = Net::LDAP::Server::Test->new( $ldap_port, auto_schema => 1 ), "spawned test LDAP server on port $ldap_port" ); my $ldap = Net::LDAP->new("localhost:$ldap_port"); $ldap->bind(); my $username = "testuser"; my $base = "dc=bestpractical,dc=com"; my $dn = "uid=$username,$base"; my $entry = { cn => $username, mail => "$username\@invalid.tld", uid => $username, objectClass => 'User', userPassword => 'password', }; $ldap->add( $base ); $ldap->add( $dn, attr => [%$entry] ); RT->Config->Set( ExternalAuthPriority => ['My_LDAP'] ); RT->Config->Set( ExternalInfoPriority => ['My_LDAP'] ); RT->Config->Set( ExternalServiceUsesSSLorTLS => 0 ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { # AN EXAMPLE DB SERVICE 'My_LDAP' => { 'type' => 'ldap', 'server' => "127.0.0.1:$ldap_port", 'base' => $base, 'filter' => '(objectClass=*)', 'd_filter' => '()', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "test uri login"; { ok( !$m->login( 'fakeuser', 'password' ), 'not logged in with fake user' ); ok( $m->login( 'testuser', 'password' ), 'logged in' ); } diag "test user creation"; { my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'testuser' ); ok($ok,$msg); is($testuser->EmailAddress,'testuser@invalid.tld'); } diag "test form login"; { $m->logout; $m->get_ok( $baseurl, 'base url' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); } is( $m->uri, $baseurl . '/SelfService/' , 'selfservice page' ); diag "test redirect after login"; { $m->logout; $m->get_ok( $baseurl . '/SelfService/Closed.html', 'closed tickets page' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in' ); is( $m->uri, $baseurl . '/SelfService/Closed.html' ); } $ldap->unbind(); $m->get_warnings; RT-Authen-ExternalAuth-0.17/xt/sqlite.t0000644000175000017500000000615012163100106016103 0ustar tomtomuse strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth'; use DBI; use File::Temp; use Digest::MD5; use File::Spec; eval { require DBD::SQLite; } or do { plan skip_all => 'Unable to test without DBD::SQLite'; }; my $dir = File::Temp::tempdir( CLEANUP => 1 ); my $dbname = File::Spec->catfile( $dir, 'rtauthtest' ); my $table = 'users'; my $dbh = DBI->connect("dbi:SQLite:$dbname"); my $password = Digest::MD5::md5_hex('password'); my $schema = <<"EOF"; CREATE TABLE users ( username varchar(200) NOT NULL, password varchar(40) NULL, email varchar(16) NULL ); EOF $dbh->do( $schema ); $dbh->do( "INSERT INTO $table VALUES ( 'testuser', '$password', 'testuser\@invalid.tld')" ); RT->Config->Set( ExternalAuthPriority => ['My_SQLite'] ); RT->Config->Set( ExternalInfoPriority => ['My_SQLite'] ); RT->Config->Set( ExternalServiceUsesSSLorTLS => 0 ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { 'My_SQLite' => { 'type' => 'db', 'database' => $dbname, 'table' => $table, 'dbi_driver' => 'SQLite', 'u_field' => 'username', 'p_field' => 'password', 'p_enc_pkg' => 'Digest::MD5', 'p_enc_sub' => 'md5_hex', 'attr_match_list' => ['Name'], 'attr_map' => { 'Name' => 'username', 'EmailAddress' => 'email', 'ExternalAuthId' => 'username', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "test uri login"; { ok( !$m->login( 'fakeuser', 'password' ), 'not logged in with fake user' ); ok( !$m->login( 'testuser', 'wrongpassword' ), 'not logged in with wrong password' ); ok( $m->login( 'testuser', 'password' ), 'logged in' ); } diag "test user creation"; { my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'testuser' ); ok($ok,$msg); is($testuser->EmailAddress,'testuser@invalid.tld'); } diag "test form login"; { $m->logout; $m->get_ok( $baseurl, 'base url' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); } is( $m->uri, $baseurl . '/SelfService/', 'selfservice page' ); diag "test redirect after login"; { $m->logout; $m->get_ok( $baseurl . '/SelfService/Closed.html', 'closed tickets page' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in' ); is( $m->uri, $baseurl . '/SelfService/Closed.html' ); } diag "test with user and pass in URL"; { $m->logout; $m->get_ok( $baseurl . '/SelfService/Closed.html?user=testuser;pass=password', 'closed tickets page' ); $m->text_contains( 'Logout', 'logged in' ); is( $m->uri, $baseurl . '/SelfService/Closed.html?user=testuser;pass=password' ); } $m->get_warnings; RT-Authen-ExternalAuth-0.17/xt/ldap_escaping.t0000644000175000017500000000616112163100106017375 0ustar tomtomuse strict; use warnings; use RT::Test tests => undef, testing => 'RT::Authen::ExternalAuth'; use Net::LDAP; use RT::Authen::ExternalAuth; eval { require Net::LDAP::Server::Test; 1; } or do { plan skip_all => 'Unable to test without Net::Server::LDAP::Test'; }; my $ldap_port = 1024 + int rand(10000) + $$ % 1024; ok( my $server = Net::LDAP::Server::Test->new( $ldap_port, auto_schema => 1 ), "spawned test LDAP server on port $ldap_port" ); my $ldap = Net::LDAP->new("localhost:$ldap_port"); $ldap->bind(); my $users_dn = "ou=users,dc=bestpractical,dc=com"; my $group_dn = "cn=test group,ou=groups,dc=bestpractical,dc=com"; $ldap->add($users_dn); $ldap->add( "cn=Smith\\, John,$users_dn", attr => [ cn => 'Smith\\, John', mail => 'jsmith@example.com', uid => 'jsmith', objectClass => 'User', userPassword => 'password', ] ); $ldap->add( "cn=John Doe,$users_dn", attr => [ cn => 'John Doe', mail => 'jdoe@example.com', uid => 'j(doe', objectClass => 'User', userPassword => 'password', ] ); $ldap->add( $group_dn, attr => [ cn => "test group", memberDN => [ "cn=Smith\\, John,$users_dn", "cn=John Doe,$users_dn" ], objectClass => 'Group', ], ); RT->Config->Set( ExternalAuthPriority => ['My_LDAP'] ); RT->Config->Set( ExternalInfoPriority => ['My_LDAP'] ); RT->Config->Set( ExternalServiceUsesSSLorTLS => 0 ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { 'My_LDAP' => { 'type' => 'ldap', 'server' => "127.0.0.1:$ldap_port", 'base' => $users_dn, 'filter' => '(objectClass=*)', 'd_filter' => '()', 'group' => $group_dn, 'group_attr' => 'memberDN', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "comma in the DN"; { ok( $m->login( 'jsmith', 'password' ), 'logged in' ); my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'jsmith' ); ok($ok,$msg); is($testuser->EmailAddress,'jsmith@example.com'); } diag "paren in the username"; { ok( $m->logout, 'logged out' ); # $m->login chokes on ( in 4.0.5 $m->get_ok($m->rt_base_url . "?user=j(doe;pass=password"); $m->content_like(qr/Logout/i, 'contains logout link'); $m->content_contains('j(doe', 'contains logged in user name'); my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'j(doe' ); ok($ok,$msg); is($testuser->EmailAddress,'jdoe@example.com'); } $ldap->unbind(); undef $m; done_testing; RT-Authen-ExternalAuth-0.17/xt/sessions.t0000644000175000017500000000621612163100106016453 0ustar tomtomuse strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth', tests => 'no_declare'; setup_auth_source(); RT->Config->Set("WebSessionClass" => "Apache::Session::File"); { my %sessions; sub sessions_seen_is { local $Test::Builder::Level = $Test::Builder::Level + 1; my ($agent, $expected, $msg) = @_; $msg ||= "$expected sessions seen"; $agent->cookie_jar->scan(sub { $sessions{$_[2]}++ if $_[1] =~ /SID/; }); is scalar keys %sessions, $expected, $msg; } } my ($base, $m) = RT::Test->started_ok(); diag "Login as tom"; { sessions_seen_is($m, 0); $m->get_ok("/"); $m->submit_form( with_fields => { user => 'tom', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); sessions_seen_is($m, 1); $m->get_ok("/NoAuth/Logout.html"); sessions_seen_is($m, 2); } diag "Login as alex"; { $m->get_ok("/"); $m->submit_form( with_fields => { user => 'alex', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); sessions_seen_is($m, 3); $m->get_ok("/NoAuth/Logout.html"); sessions_seen_is($m, 4); } undef $m; done_testing; sub setup_auth_source { require DBI; require File::Temp; require Digest::MD5; require File::Spec; eval { require DBD::SQLite; } or do { plan skip_all => 'Unable to test without DBD::SQLite'; }; my $dir = File::Temp::tempdir( CLEANUP => 1 ); my $dbname = File::Spec->catfile( $dir, 'rtauthtest' ); my $table = 'users'; my $dbh = DBI->connect("dbi:SQLite:$dbname"); my $password = Digest::MD5::md5_hex('password'); my $schema = <<" EOF"; CREATE TABLE users ( username varchar(200) NOT NULL, password varchar(40) NULL, email varchar(16) NULL ); EOF $dbh->do( $schema ); $dbh->do(<<" SQL"); INSERT INTO $table VALUES ( 'tom', '$password', 'tom\@invalid.tld'), ( 'alex', '$password', 'alex\@invalid.tld'); SQL RT->Config->Set( ExternalAuthPriority => ['My_SQLite'] ); RT->Config->Set( ExternalInfoPriority => ['My_SQLite'] ); RT->Config->Set( ExternalServiceUsesSSLorTLS => 0 ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { 'My_SQLite' => { 'type' => 'db', 'database' => $dbname, 'table' => $table, 'dbi_driver' => 'SQLite', 'u_field' => 'username', 'p_field' => 'password', 'p_enc_pkg' => 'Digest::MD5', 'p_enc_sub' => 'md5_hex', 'attr_match_list' => ['Name'], 'attr_map' => { 'Name' => 'username', 'EmailAddress' => 'email', 'ExternalAuthId' => 'username', } }, } ); } RT-Authen-ExternalAuth-0.17/etc/0000700000175000017500000000000012167334405014540 5ustar tomtomRT-Authen-ExternalAuth-0.17/etc/RT_SiteConfig.pm0000644000175000017500000002212712163100106017534 0ustar tomtom=head1 NAME External Authentication Configuration - Sample configs for L =head1 DESCRIPTION L provides a lot of flexibility with many configuration options. This file describes these configuration options and is itself a sample configuration suitable for dropping into your C file and modifying. =over 4 =item C<$ExternalAuthPriority> The order in which the services defined in ExternalSettings should be used to authenticate users. User is authenticated if successfully confirmed by any service - no more services are checked. You should remove services you don't use. For example, if you're only using My_LDAP, remove My_MySQL and My_SSO_Cookie. =cut Set($ExternalAuthPriority, [ 'My_LDAP', 'My_MySQL', 'My_SSO_Cookie' ] ); =item C<$ExternalInfoPriority> When multiple auth services are available, this value defines the order in which the services defined in ExternalSettings should be used to get information about users. This includes RealName, Tel numbers etc, but also whether or not the user should be considered disabled. Once a user record is found, no more services are checked. You CANNOT use a SSO cookie to retrieve information. You should remove services you don't use, but you must define at least one service. =cut Set($ExternalInfoPriority, [ 'My_LDAP', 'My_MySQL', ] ); =item C<$ExternalServiceUsesSSLorTLS> If this is set to true, then the relevant packages will be loaded to use SSL/TLS connections. At the moment, this just means L. =cut Set($ExternalServiceUsesSSLorTLS, 0); =item C<$AutoCreateNonExternalUsers> If this is set to 1, then users should be autocreated by RT as internal users if they fail to authenticate from an external service. This is useful if you have users outside your organization who might interface with RT, perhaps by sending email to a support email address. =cut Set($AutoCreateNonExternalUsers, 0); =item C<$ExternalSettings> These are the full settings for each external service as a HashOfHashes. Note that you may have as many external services as you wish. They will be checked in the order specified in $ExternalAuthPriority and $ExternalInfoPriority directives above. The outer structure is a key with the authentication option (name of external source). The value is a hash reference with configuration keys and values, for example: Set($ExternalSettings, MyLDAP => { type => 'ldap', ... other options ... }, MyMySQL => { type => 'db', ... other options ... }, ... other sources ... ); As shown above, each description should have 'type' defined. The following types are supported: =over 4 =item ldap Authenticate against and sync information with LDAP servers. See L for details. =item db Authenticate against and sync information with external RDBMS, supported by Perl's L interface. See L for details. =item cookie Authenticate by cookie. See L for details. =back See the modules noted above for configuration options specific to each type. The following apply to all types. =over 4 =item attr_match_list The list of RT attributes that uniquely identify a user. These values are used, in order, to find users in the selected authentication source. Each value specified here must have a mapping in the L section below. You can remove values you don't expect to match, but it's recommended to use 'Name' and 'EmailAddress' at minimum. For example: 'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName', ], =item attr_map Mapping of RT attributes on to attributes in the external source. Valid keys are attributes of an L. The values are attributes from your authentication source. For example, an LDAP mapping might look like: 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', ... }, Since version 0.10 it's possible to map one RT field to multiple external attributes, for example: attr_map => { EmailAddress => ['mail', 'alias'], ... }, Note that only one value is stored in RT, so this doesn't enable RT users to have multiple email addresses defined. However, the search will use all of the attributes to try to match a user if the field is defined in the C. On create or update, the original value input by the user, from an email or login attempt, is used as long as it's valid. If user didn't enter a value for that attribute, then the value retrieved from the first external attribute is used. For example, for the following configuration: attr_match_list => ['Name', 'EmailAddress'], attr_map => { Name => 'account', EmailAddress => ['mail', 'alias'], ... }, If a new user sent an email to RT from an email alias, the search would match on the alias and that alias would be set as the user's EmailAddress in RT when the new account is created. However, if a user with an existing RT account with EmailAddress set to the C address, sent mail from C, it would still match. The user's EmailAddress in RT would remain the primary C address. This feature is useful for LDAP configurations where users have a primary institutional email address, but might also use aliases from subdomains or other email services. This prevents RT from creating multiple accounts for the same person. If you want the RT user accounts to always have the primary C address for EmailAddress, you likely want to run L to make sure the user accounts are created with the desired email address set. =back =back =cut Set($ExternalSettings, { # AN EXAMPLE DB SERVICE 'My_MySQL' => { 'type' => 'db', 'server' => 'server.domain.tld', 'database' => 'DB_NAME', 'table' => 'USERS_TABLE', 'user' => 'DB_USER', 'pass' => 'DB_PASS', 'port' => 'DB_PORT', 'dbi_driver' => 'DBI_DRIVER', 'u_field' => 'username', 'p_field' => 'password', 'p_enc_pkg' => 'Crypt::MySQL', 'p_enc_sub' => 'password', 'd_field' => 'disabled', 'd_values' => ['0'], 'attr_match_list' => [ 'Gecos', 'Name', ], 'attr_map' => { 'Name' => 'username', 'EmailAddress' => 'email', 'ExternalAuthId' => 'username', 'Gecos' => 'userID', }, }, # AN EXAMPLE LDAP SERVICE 'My_LDAP' => { 'type' => 'ldap', 'server' => 'server.domain.tld', 'user' => 'rt_ldap_username', 'pass' => 'rt_ldap_password', 'base' => 'ou=Organisational Unit,dc=domain,dc=TLD', 'filter' => '(FILTER_STRING)', 'd_filter' => '(FILTER_STRING)', 'group' => 'GROUP_NAME', 'group_attr' => 'GROUP_ATTR', 'tls' => 0, 'ssl_version' => 3, 'net_ldap_args' => [ version => 3 ], 'group_scope' => 'base', 'group_attr_value' => 'GROUP_ATTR_VALUE', 'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' }, }, # An example SSO cookie service 'My_SSO_Cookie' => { 'type' => 'cookie', 'name' => 'loginCookieValue', 'u_table' => 'users', 'u_field' => 'username', 'u_match_key' => 'userID', 'c_table' => 'login_cookie', 'c_field' => 'loginCookieValue', 'c_match_key' => 'loginCookieUserID', 'db_service_name' => 'My_MySQL' }, } ); 1; RT-Authen-ExternalAuth-0.17/SIGNATURE0000600000175000017500000000642112167334405015256 0ustar tomtomThis file contains message digests of all files listed in MANIFEST, signed via the Module::Signature module, version 0.69. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: % cpansign -v It will check each file's integrity, as well as the signature's validity. If "==> Signature verified OK! <==" is not displayed, the distribution may already have been compromised, and you should not run its Makefile.PL or Build.PL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SHA1 cfe3142cdbf8f86cc03be3f4eb3cd3cae1b06873 ChangeLog SHA1 3273dec18766d9445070e6758f2edcb3760599f9 LICENSE SHA1 98ea631b21f3e3274640e1f31e2007a2a9dc48d0 MANIFEST SHA1 4f9a3da777764252acf6d92741bcebf505857527 MANIFEST.SKIP SHA1 809c99a5cc6b3d2392511b34edf9a0128d1561f8 META.yml SHA1 0ca0d67f090dec04988dc1162ff1ec381b174de0 Makefile.PL SHA1 27ac5a59afa8b9a8692f389004588cf321a44cff README SHA1 562e0a56a45b5bdcd47e852e679607a90b3c764b etc/RT_SiteConfig.pm SHA1 33c97c7f30b52fd18e11f6eaf275d21627a89050 html/Callbacks/ExternalAuth/Elements/Header/Head SHA1 3b536ec2292ce8e74cfe96f428048fb1f9589ae8 html/Callbacks/ExternalAuth/autohandler/Auth SHA1 3f6bfd07c642fec5c2553ed97414c82a19b6107a html/Callbacks/ExternalAuth/autohandler/Session SHA1 860e06bd477cb5faba03e5e023f81551ff0adb30 html/Elements/DoAuth SHA1 06c410f05488c1612ed66b06d3a86b2580581e4a inc/Module/AutoInstall.pm SHA1 8a924add836b60fb23b25c8506d45945e02f42f4 inc/Module/Install.pm SHA1 d001b4b9a48395a8c4134b234a0e1789138427c5 inc/Module/Install/AuthorTests.pm SHA1 61ab1dd37e33ddbe155907ce51df8a3e56ac8bbf inc/Module/Install/AutoInstall.pm SHA1 2d0fad3bf255f8c1e7e1e34eafccc4f595603ddc inc/Module/Install/Base.pm SHA1 f0e01fff7d73cd145fbf22331579918d4628ddb0 inc/Module/Install/Can.pm SHA1 7328966e4fda0c8451a6d3850704da0b84ac1540 inc/Module/Install/Fetch.pm SHA1 66d3d335a03492583a3be121a7d888f63f08412c inc/Module/Install/Include.pm SHA1 b62ca5e2d58fa66766ccf4d64574f9e1a2250b34 inc/Module/Install/Makefile.pm SHA1 1aa925be410bb3bfcd84a16985921f66073cc1d2 inc/Module/Install/Metadata.pm SHA1 5f63805513cf3214069df32f21457c674dda05cc inc/Module/Install/RTx.pm SHA1 dc94326a076aca41452c1d65bf52a255feeb9ef7 inc/Module/Install/ReadmeFromPod.pm SHA1 e4196994fa75e98bdfa2be0bdeeffef66de88171 inc/Module/Install/Win32.pm SHA1 c3a6d0d5b84feb3280622e9599e86247d58b0d18 inc/Module/Install/WriteAll.pm SHA1 1ab671600740a9678f8c6a005af048e778ff1de8 lib/RT/Authen/ExternalAuth.pm SHA1 d333da0857524eead272bfb13b874b6fb221ae89 lib/RT/Authen/ExternalAuth/DBI.pm SHA1 71d7b21728c9e4a19599f0caefb7f795e8e210f5 lib/RT/Authen/ExternalAuth/DBI/Cookie.pm SHA1 42085a2bb6463c71d2ceafe0576cdf06057bf9e9 lib/RT/Authen/ExternalAuth/LDAP.pm SHA1 c303682ddca0d93d4e5f7fed11780accd049d46b xt/ldap.t SHA1 b25dd9decd2d40809666a1b97a1fcfcc7d1bd52d xt/ldap_escaping.t SHA1 b973fa7f2055bcf678fa27ffb9b7e260bda93bc6 xt/ldap_group.t SHA1 4c5256cf749b29a1fe345343d2fd7c6b93b79dfd xt/ldap_privileged.t SHA1 e97f3d74032286ca82fd3c01ea78147010667a89 xt/obfuscate-password.t SHA1 8f2c25091c32c94c4fdd2024195ec1619a762bc0 xt/sessions.t SHA1 c229f65c585595c160ea1e2ab0fa69d6df29b602 xt/sqlite.t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFR3bkFHdv9ZfNcOAcRAn67AJ9pKs6kPWkyMmRb4TeQVhXTNTheoQCgoQzk zgW2lvukxrKDTxPXM0zWbCs= =DlOZ -----END PGP SIGNATURE----- RT-Authen-ExternalAuth-0.17/Makefile.PL0000755000175000017500000000120012163100106015726 0ustar tomtomuse inc::Module::Install; RTx('RT-Authen-ExternalAuth'); license('GPL version 2'); author('Mike Peachey '); all_from('lib/RT/Authen/ExternalAuth.pm'); readme_from; feature 'SSL LDAP Connections' => -default => 0, recommends('Net::SSLeay' => 0), ; feature 'External LDAP Sources' => -default => 1, recommends('Net::LDAP' => 0), ; feature 'External DBI Sources' => -default => 1, recommends('DBI' => 0), ; feature 'SSO Cookie Sources' => -default => 1, recommends('CGI::Cookie' => 0), ; author_tests('xt'); requires_rt('3.8.2'); &auto_install(); sign; &WriteAll; RT-Authen-ExternalAuth-0.17/inc/0000700000175000017500000000000012167334405014536 5ustar tomtomRT-Authen-ExternalAuth-0.17/inc/Module/0000700000175000017500000000000012167334405015763 5ustar tomtomRT-Authen-ExternalAuth-0.17/inc/Module/AutoInstall.pm0000644000175000017500000006216212167334400020574 0ustar tomtom#line 1 package Module::AutoInstall; use strict; use Cwd (); use File::Spec (); use ExtUtils::MakeMaker (); use vars qw{$VERSION}; BEGIN { $VERSION = '1.06'; } # special map on pre-defined feature sets my %FeatureMap = ( '' => 'Core Features', # XXX: deprecated '-core' => 'Core Features', ); # various lexical flags my ( @Missing, @Existing, %DisabledTests, $UnderCPAN, $InstallDepsTarget, $HasCPANPLUS ); my ( $Config, $CheckOnly, $SkipInstall, $AcceptDefault, $TestOnly, $AllDeps, $UpgradeDeps ); my ( $PostambleActions, $PostambleActionsNoTest, $PostambleActionsUpgradeDeps, $PostambleActionsUpgradeDepsNoTest, $PostambleActionsListDeps, $PostambleActionsListAllDeps, $PostambleUsed, $NoTest); # See if it's a testing or non-interactive session _accept_default( $ENV{AUTOMATED_TESTING} or ! -t STDIN ); _init(); sub _accept_default { $AcceptDefault = shift; } sub _installdeps_target { $InstallDepsTarget = shift; } sub missing_modules { return @Missing; } sub do_install { __PACKAGE__->install( [ $Config ? ( UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) : () ], @Missing, ); } # initialize various flags, and/or perform install sub _init { foreach my $arg ( @ARGV, split( /[\s\t]+/, $ENV{PERL_AUTOINSTALL} || $ENV{PERL_EXTUTILS_AUTOINSTALL} || '' ) ) { if ( $arg =~ /^--config=(.*)$/ ) { $Config = [ split( ',', $1 ) ]; } elsif ( $arg =~ /^--installdeps=(.*)$/ ) { __PACKAGE__->install( $Config, @Missing = split( /,/, $1 ) ); exit 0; } elsif ( $arg =~ /^--upgradedeps=(.*)$/ ) { $UpgradeDeps = 1; __PACKAGE__->install( $Config, @Missing = split( /,/, $1 ) ); exit 0; } elsif ( $arg =~ /^--default(?:deps)?$/ ) { $AcceptDefault = 1; } elsif ( $arg =~ /^--check(?:deps)?$/ ) { $CheckOnly = 1; } elsif ( $arg =~ /^--skip(?:deps)?$/ ) { $SkipInstall = 1; } elsif ( $arg =~ /^--test(?:only)?$/ ) { $TestOnly = 1; } elsif ( $arg =~ /^--all(?:deps)?$/ ) { $AllDeps = 1; } } } # overrides MakeMaker's prompt() to automatically accept the default choice sub _prompt { goto &ExtUtils::MakeMaker::prompt unless $AcceptDefault; my ( $prompt, $default ) = @_; my $y = ( $default =~ /^[Yy]/ ); print $prompt, ' [', ( $y ? 'Y' : 'y' ), '/', ( $y ? 'n' : 'N' ), '] '; print "$default\n"; return $default; } # the workhorse sub import { my $class = shift; my @args = @_ or return; my $core_all; print "*** $class version " . $class->VERSION . "\n"; print "*** Checking for Perl dependencies...\n"; my $cwd = Cwd::cwd(); $Config = []; my $maxlen = length( ( sort { length($b) <=> length($a) } grep { /^[^\-]/ } map { ref($_) ? ( ( ref($_) eq 'HASH' ) ? keys(%$_) : @{$_} ) : '' } map { +{@args}->{$_} } grep { /^[^\-]/ or /^-core$/i } keys %{ +{@args} } )[0] ); # We want to know if we're under CPAN early to avoid prompting, but # if we aren't going to try and install anything anyway then skip the # check entirely since we don't want to have to load (and configure) # an old CPAN just for a cosmetic message $UnderCPAN = _check_lock(1) unless $SkipInstall || $InstallDepsTarget; while ( my ( $feature, $modules ) = splice( @args, 0, 2 ) ) { my ( @required, @tests, @skiptests ); my $default = 1; my $conflict = 0; if ( $feature =~ m/^-(\w+)$/ ) { my $option = lc($1); # check for a newer version of myself _update_to( $modules, @_ ) and return if $option eq 'version'; # sets CPAN configuration options $Config = $modules if $option eq 'config'; # promote every features to core status $core_all = ( $modules =~ /^all$/i ) and next if $option eq 'core'; next unless $option eq 'core'; } print "[" . ( $FeatureMap{ lc($feature) } || $feature ) . "]\n"; $modules = [ %{$modules} ] if UNIVERSAL::isa( $modules, 'HASH' ); unshift @$modules, -default => &{ shift(@$modules) } if ( ref( $modules->[0] ) eq 'CODE' ); # XXX: bugward combatability while ( my ( $mod, $arg ) = splice( @$modules, 0, 2 ) ) { if ( $mod =~ m/^-(\w+)$/ ) { my $option = lc($1); $default = $arg if ( $option eq 'default' ); $conflict = $arg if ( $option eq 'conflict' ); @tests = @{$arg} if ( $option eq 'tests' ); @skiptests = @{$arg} if ( $option eq 'skiptests' ); next; } printf( "- %-${maxlen}s ...", $mod ); if ( $arg and $arg =~ /^\D/ ) { unshift @$modules, $arg; $arg = 0; } # XXX: check for conflicts and uninstalls(!) them. my $cur = _version_of($mod); if (_version_cmp ($cur, $arg) >= 0) { print "loaded. ($cur" . ( $arg ? " >= $arg" : '' ) . ")\n"; push @Existing, $mod => $arg; $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; } else { if (not defined $cur) # indeed missing { print "missing." . ( $arg ? " (would need $arg)" : '' ) . "\n"; } else { # no need to check $arg as _version_cmp ($cur, undef) would satisfy >= above print "too old. ($cur < $arg)\n"; } push @required, $mod => $arg; } } next unless @required; my $mandatory = ( $feature eq '-core' or $core_all ); if ( !$SkipInstall and ( $CheckOnly or ($mandatory and $UnderCPAN) or $AllDeps or $InstallDepsTarget or _prompt( qq{==> Auto-install the } . ( @required / 2 ) . ( $mandatory ? ' mandatory' : ' optional' ) . qq{ module(s) from CPAN?}, $default ? 'y' : 'n', ) =~ /^[Yy]/ ) ) { push( @Missing, @required ); $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; } elsif ( !$SkipInstall and $default and $mandatory and _prompt( qq{==> The module(s) are mandatory! Really skip?}, 'n', ) =~ /^[Nn]/ ) { push( @Missing, @required ); $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; } else { $DisabledTests{$_} = 1 for map { glob($_) } @tests; } } if ( @Missing and not( $CheckOnly or $UnderCPAN) ) { require Config; my $make = $Config::Config{make}; if ($InstallDepsTarget) { print "*** To install dependencies type '$make installdeps' or '$make installdeps_notest'.\n"; } else { print "*** Dependencies will be installed the next time you type '$make'.\n"; } # make an educated guess of whether we'll need root permission. print " (You may need to do that as the 'root' user.)\n" if eval '$>'; } print "*** $class configuration finished.\n"; chdir $cwd; # import to main:: no strict 'refs'; *{'main::WriteMakefile'} = \&Write if caller(0) eq 'main'; return (@Existing, @Missing); } sub _running_under { my $thing = shift; print <<"END_MESSAGE"; *** Since we're running under ${thing}, I'll just let it take care of the dependency's installation later. END_MESSAGE return 1; } # Check to see if we are currently running under CPAN.pm and/or CPANPLUS; # if we are, then we simply let it taking care of our dependencies sub _check_lock { return unless @Missing or @_; if ($ENV{PERL5_CPANM_IS_RUNNING}) { return _running_under('cpanminus'); } my $cpan_env = $ENV{PERL5_CPAN_IS_RUNNING}; if ($ENV{PERL5_CPANPLUS_IS_RUNNING}) { return _running_under($cpan_env ? 'CPAN' : 'CPANPLUS'); } require CPAN; if ($CPAN::VERSION > '1.89') { if ($cpan_env) { return _running_under('CPAN'); } return; # CPAN.pm new enough, don't need to check further } # last ditch attempt, this -will- configure CPAN, very sorry _load_cpan(1); # force initialize even though it's already loaded # Find the CPAN lock-file my $lock = MM->catfile( $CPAN::Config->{cpan_home}, ".lock" ); return unless -f $lock; # Check the lock local *LOCK; return unless open(LOCK, $lock); if ( ( $^O eq 'MSWin32' ? _under_cpan() : == getppid() ) and ( $CPAN::Config->{prerequisites_policy} || '' ) ne 'ignore' ) { print <<'END_MESSAGE'; *** Since we're running under CPAN, I'll just let it take care of the dependency's installation later. END_MESSAGE return 1; } close LOCK; return; } sub install { my $class = shift; my $i; # used below to strip leading '-' from config keys my @config = ( map { s/^-// if ++$i; $_ } @{ +shift } ); my ( @modules, @installed ); while ( my ( $pkg, $ver ) = splice( @_, 0, 2 ) ) { # grep out those already installed if ( _version_cmp( _version_of($pkg), $ver ) >= 0 ) { push @installed, $pkg; } else { push @modules, $pkg, $ver; } } if ($UpgradeDeps) { push @modules, @installed; @installed = (); } return @installed unless @modules; # nothing to do return @installed if _check_lock(); # defer to the CPAN shell print "*** Installing dependencies...\n"; return unless _connected_to('cpan.org'); my %args = @config; my %failed; local *FAILED; if ( $args{do_once} and open( FAILED, '.#autoinstall.failed' ) ) { while () { chomp; $failed{$_}++ } close FAILED; my @newmod; while ( my ( $k, $v ) = splice( @modules, 0, 2 ) ) { push @newmod, ( $k => $v ) unless $failed{$k}; } @modules = @newmod; } if ( _has_cpanplus() and not $ENV{PERL_AUTOINSTALL_PREFER_CPAN} ) { _install_cpanplus( \@modules, \@config ); } else { _install_cpan( \@modules, \@config ); } print "*** $class installation finished.\n"; # see if we have successfully installed them while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { if ( _version_cmp( _version_of($pkg), $ver ) >= 0 ) { push @installed, $pkg; } elsif ( $args{do_once} and open( FAILED, '>> .#autoinstall.failed' ) ) { print FAILED "$pkg\n"; } } close FAILED if $args{do_once}; return @installed; } sub _install_cpanplus { my @modules = @{ +shift }; my @config = _cpanplus_config( @{ +shift } ); my $installed = 0; require CPANPLUS::Backend; my $cp = CPANPLUS::Backend->new; my $conf = $cp->configure_object; return unless $conf->can('conf') # 0.05x+ with "sudo" support or _can_write($conf->_get_build('base')); # 0.04x # if we're root, set UNINST=1 to avoid trouble unless user asked for it. my $makeflags = $conf->get_conf('makeflags') || ''; if ( UNIVERSAL::isa( $makeflags, 'HASH' ) ) { # 0.03+ uses a hashref here $makeflags->{UNINST} = 1 unless exists $makeflags->{UNINST}; } else { # 0.02 and below uses a scalar $makeflags = join( ' ', split( ' ', $makeflags ), 'UNINST=1' ) if ( $makeflags !~ /\bUNINST\b/ and eval qq{ $> eq '0' } ); } $conf->set_conf( makeflags => $makeflags ); $conf->set_conf( prereqs => 1 ); while ( my ( $key, $val ) = splice( @config, 0, 2 ) ) { $conf->set_conf( $key, $val ); } my $modtree = $cp->module_tree; while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { print "*** Installing $pkg...\n"; MY::preinstall( $pkg, $ver ) or next if defined &MY::preinstall; my $success; my $obj = $modtree->{$pkg}; if ( $obj and _version_cmp( $obj->{version}, $ver ) >= 0 ) { my $pathname = $pkg; $pathname =~ s/::/\\W/; foreach my $inc ( grep { m/$pathname.pm/i } keys(%INC) ) { delete $INC{$inc}; } my $rv = $cp->install( modules => [ $obj->{module} ] ); if ( $rv and ( $rv->{ $obj->{module} } or $rv->{ok} ) ) { print "*** $pkg successfully installed.\n"; $success = 1; } else { print "*** $pkg installation cancelled.\n"; $success = 0; } $installed += $success; } else { print << "."; *** Could not find a version $ver or above for $pkg; skipping. . } MY::postinstall( $pkg, $ver, $success ) if defined &MY::postinstall; } return $installed; } sub _cpanplus_config { my @config = (); while ( @_ ) { my ($key, $value) = (shift(), shift()); if ( $key eq 'prerequisites_policy' ) { if ( $value eq 'follow' ) { $value = CPANPLUS::Internals::Constants::PREREQ_INSTALL(); } elsif ( $value eq 'ask' ) { $value = CPANPLUS::Internals::Constants::PREREQ_ASK(); } elsif ( $value eq 'ignore' ) { $value = CPANPLUS::Internals::Constants::PREREQ_IGNORE(); } else { die "*** Cannot convert option $key = '$value' to CPANPLUS version.\n"; } push @config, 'prereqs', $value; } elsif ( $key eq 'force' ) { push @config, $key, $value; } elsif ( $key eq 'notest' ) { push @config, 'skiptest', $value; } else { die "*** Cannot convert option $key to CPANPLUS version.\n"; } } return @config; } sub _install_cpan { my @modules = @{ +shift }; my @config = @{ +shift }; my $installed = 0; my %args; _load_cpan(); require Config; if (CPAN->VERSION < 1.80) { # no "sudo" support, probe for writableness return unless _can_write( MM->catfile( $CPAN::Config->{cpan_home}, 'sources' ) ) and _can_write( $Config::Config{sitelib} ); } # if we're root, set UNINST=1 to avoid trouble unless user asked for it. my $makeflags = $CPAN::Config->{make_install_arg} || ''; $CPAN::Config->{make_install_arg} = join( ' ', split( ' ', $makeflags ), 'UNINST=1' ) if ( $makeflags !~ /\bUNINST\b/ and eval qq{ $> eq '0' } ); # don't show start-up info $CPAN::Config->{inhibit_startup_message} = 1; # set additional options while ( my ( $opt, $arg ) = splice( @config, 0, 2 ) ) { ( $args{$opt} = $arg, next ) if $opt =~ /^(?:force|notest)$/; # pseudo-option $CPAN::Config->{$opt} = $arg; } if ($args{notest} && (not CPAN::Shell->can('notest'))) { die "Your version of CPAN is too old to support the 'notest' pragma"; } local $CPAN::Config->{prerequisites_policy} = 'follow'; while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { MY::preinstall( $pkg, $ver ) or next if defined &MY::preinstall; print "*** Installing $pkg...\n"; my $obj = CPAN::Shell->expand( Module => $pkg ); my $success = 0; if ( $obj and _version_cmp( $obj->cpan_version, $ver ) >= 0 ) { my $pathname = $pkg; $pathname =~ s/::/\\W/; foreach my $inc ( grep { m/$pathname.pm/i } keys(%INC) ) { delete $INC{$inc}; } my $rv = do { if ($args{force}) { CPAN::Shell->force( install => $pkg ) } elsif ($args{notest}) { CPAN::Shell->notest( install => $pkg ) } else { CPAN::Shell->install($pkg) } }; $rv ||= eval { $CPAN::META->instance( 'CPAN::Distribution', $obj->cpan_file, ) ->{install} if $CPAN::META; }; if ( $rv eq 'YES' ) { print "*** $pkg successfully installed.\n"; $success = 1; } else { print "*** $pkg installation failed.\n"; $success = 0; } $installed += $success; } else { print << "."; *** Could not find a version $ver or above for $pkg; skipping. . } MY::postinstall( $pkg, $ver, $success ) if defined &MY::postinstall; } return $installed; } sub _has_cpanplus { return ( $HasCPANPLUS = ( $INC{'CPANPLUS/Config.pm'} or _load('CPANPLUS::Shell::Default') ) ); } # make guesses on whether we're under the CPAN installation directory sub _under_cpan { require Cwd; require File::Spec; my $cwd = File::Spec->canonpath( Cwd::cwd() ); my $cpan = File::Spec->canonpath( $CPAN::Config->{cpan_home} ); return ( index( $cwd, $cpan ) > -1 ); } sub _update_to { my $class = __PACKAGE__; my $ver = shift; return if _version_cmp( _version_of($class), $ver ) >= 0; # no need to upgrade if ( _prompt( "==> A newer version of $class ($ver) is required. Install?", 'y' ) =~ /^[Nn]/ ) { die "*** Please install $class $ver manually.\n"; } print << "."; *** Trying to fetch it from CPAN... . # install ourselves _load($class) and return $class->import(@_) if $class->install( [], $class, $ver ); print << '.'; exit 1; *** Cannot bootstrap myself. :-( Installation terminated. . } # check if we're connected to some host, using inet_aton sub _connected_to { my $site = shift; return ( ( _load('Socket') and Socket::inet_aton($site) ) or _prompt( qq( *** Your host cannot resolve the domain name '$site', which probably means the Internet connections are unavailable. ==> Should we try to install the required module(s) anyway?), 'n' ) =~ /^[Yy]/ ); } # check if a directory is writable; may create it on demand sub _can_write { my $path = shift; mkdir( $path, 0755 ) unless -e $path; return 1 if -w $path; print << "."; *** You are not allowed to write to the directory '$path'; the installation may fail due to insufficient permissions. . if ( eval '$>' and lc(`sudo -V`) =~ /version/ and _prompt( qq( ==> Should we try to re-execute the autoinstall process with 'sudo'?), ((-t STDIN) ? 'y' : 'n') ) =~ /^[Yy]/ ) { # try to bootstrap ourselves from sudo print << "."; *** Trying to re-execute the autoinstall process with 'sudo'... . my $missing = join( ',', @Missing ); my $config = join( ',', UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) if $Config; return unless system( 'sudo', $^X, $0, "--config=$config", "--installdeps=$missing" ); print << "."; *** The 'sudo' command exited with error! Resuming... . } return _prompt( qq( ==> Should we try to install the required module(s) anyway?), 'n' ) =~ /^[Yy]/; } # load a module and return the version it reports sub _load { my $mod = pop; # method/function doesn't matter my $file = $mod; $file =~ s|::|/|g; $file .= '.pm'; local $@; return eval { require $file; $mod->VERSION } || ( $@ ? undef: 0 ); } # report version without loading a module sub _version_of { my $mod = pop; # method/function doesn't matter my $file = $mod; $file =~ s|::|/|g; $file .= '.pm'; foreach my $dir ( @INC ) { next if ref $dir; my $path = File::Spec->catfile($dir, $file); next unless -e $path; require ExtUtils::MM_Unix; return ExtUtils::MM_Unix->parse_version($path); } return undef; } # Load CPAN.pm and it's configuration sub _load_cpan { return if $CPAN::VERSION and $CPAN::Config and not @_; require CPAN; # CPAN-1.82+ adds CPAN::Config::AUTOLOAD to redirect to # CPAN::HandleConfig->load. CPAN reports that the redirection # is deprecated in a warning printed at the user. # CPAN-1.81 expects CPAN::HandleConfig->load, does not have # $CPAN::HandleConfig::VERSION but cannot handle # CPAN::Config->load # Which "versions expect CPAN::Config->load? if ( $CPAN::HandleConfig::VERSION || CPAN::HandleConfig->can('load') ) { # Newer versions of CPAN have a HandleConfig module CPAN::HandleConfig->load; } else { # Older versions had the load method in Config directly CPAN::Config->load; } } # compare two versions, either use Sort::Versions or plain comparison # return values same as <=> sub _version_cmp { my ( $cur, $min ) = @_; return -1 unless defined $cur; # if 0 keep comparing return 1 unless $min; $cur =~ s/\s+$//; # check for version numbers that are not in decimal format if ( ref($cur) or ref($min) or $cur =~ /v|\..*\./ or $min =~ /v|\..*\./ ) { if ( ( $version::VERSION or defined( _load('version') )) and version->can('new') ) { # use version.pm if it is installed. return version->new($cur) <=> version->new($min); } elsif ( $Sort::Versions::VERSION or defined( _load('Sort::Versions') ) ) { # use Sort::Versions as the sorting algorithm for a.b.c versions return Sort::Versions::versioncmp( $cur, $min ); } warn "Cannot reliably compare non-decimal formatted versions.\n" . "Please install version.pm or Sort::Versions.\n"; } # plain comparison local $^W = 0; # shuts off 'not numeric' bugs return $cur <=> $min; } # nothing; this usage is deprecated. sub main::PREREQ_PM { return {}; } sub _make_args { my %args = @_; $args{PREREQ_PM} = { %{ $args{PREREQ_PM} || {} }, @Existing, @Missing } if $UnderCPAN or $TestOnly; if ( $args{EXE_FILES} and -e 'MANIFEST' ) { require ExtUtils::Manifest; my $manifest = ExtUtils::Manifest::maniread('MANIFEST'); $args{EXE_FILES} = [ grep { exists $manifest->{$_} } @{ $args{EXE_FILES} } ]; } $args{test}{TESTS} ||= 't/*.t'; $args{test}{TESTS} = join( ' ', grep { !exists( $DisabledTests{$_} ) } map { glob($_) } split( /\s+/, $args{test}{TESTS} ) ); my $missing = join( ',', @Missing ); my $config = join( ',', UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) if $Config; $PostambleActions = ( ($missing and not $UnderCPAN) ? "\$(PERL) $0 --config=$config --installdeps=$missing" : "\$(NOECHO) \$(NOOP)" ); my $deps_list = join( ',', @Missing, @Existing ); $PostambleActionsUpgradeDeps = "\$(PERL) $0 --config=$config --upgradedeps=$deps_list"; my $config_notest = join( ',', (UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config}), 'notest', 1 ) if $Config; $PostambleActionsNoTest = ( ($missing and not $UnderCPAN) ? "\$(PERL) $0 --config=$config_notest --installdeps=$missing" : "\$(NOECHO) \$(NOOP)" ); $PostambleActionsUpgradeDepsNoTest = "\$(PERL) $0 --config=$config_notest --upgradedeps=$deps_list"; $PostambleActionsListDeps = '@$(PERL) -le "print for @ARGV" ' . join(' ', map $Missing[$_], grep $_ % 2 == 0, 0..$#Missing); my @all = (@Missing, @Existing); $PostambleActionsListAllDeps = '@$(PERL) -le "print for @ARGV" ' . join(' ', map $all[$_], grep $_ % 2 == 0, 0..$#all); return %args; } # a wrapper to ExtUtils::MakeMaker::WriteMakefile sub Write { require Carp; Carp::croak "WriteMakefile: Need even number of args" if @_ % 2; if ($CheckOnly) { print << "."; *** Makefile not written in check-only mode. . return; } my %args = _make_args(@_); no strict 'refs'; $PostambleUsed = 0; local *MY::postamble = \&postamble unless defined &MY::postamble; ExtUtils::MakeMaker::WriteMakefile(%args); print << "." unless $PostambleUsed; *** WARNING: Makefile written with customized MY::postamble() without including contents from Module::AutoInstall::postamble() -- auto installation features disabled. Please contact the author. . return 1; } sub postamble { $PostambleUsed = 1; my $fragment; $fragment .= <<"AUTO_INSTALL" if !$InstallDepsTarget; config :: installdeps \t\$(NOECHO) \$(NOOP) AUTO_INSTALL $fragment .= <<"END_MAKE"; checkdeps :: \t\$(PERL) $0 --checkdeps installdeps :: \t$PostambleActions installdeps_notest :: \t$PostambleActionsNoTest upgradedeps :: \t$PostambleActionsUpgradeDeps upgradedeps_notest :: \t$PostambleActionsUpgradeDepsNoTest listdeps :: \t$PostambleActionsListDeps listalldeps :: \t$PostambleActionsListAllDeps END_MAKE return $fragment; } 1; __END__ #line 1193 RT-Authen-ExternalAuth-0.17/inc/Module/Install.pm0000644000175000017500000003013512167334377017753 0ustar tomtom#line 1 package Module::Install; # For any maintainers: # The load order for Module::Install is a bit magic. # It goes something like this... # # IF ( host has Module::Install installed, creating author mode ) { # 1. Makefile.PL calls "use inc::Module::Install" # 2. $INC{inc/Module/Install.pm} set to installed version of inc::Module::Install # 3. The installed version of inc::Module::Install loads # 4. inc::Module::Install calls "require Module::Install" # 5. The ./inc/ version of Module::Install loads # } ELSE { # 1. Makefile.PL calls "use inc::Module::Install" # 2. $INC{inc/Module/Install.pm} set to ./inc/ version of Module::Install # 3. The ./inc/ version of Module::Install loads # } use 5.005; use strict 'vars'; use Cwd (); use File::Find (); use File::Path (); use vars qw{$VERSION $MAIN}; BEGIN { # All Module::Install core packages now require synchronised versions. # This will be used to ensure we don't accidentally load old or # different versions of modules. # This is not enforced yet, but will be some time in the next few # releases once we can make sure it won't clash with custom # Module::Install extensions. $VERSION = '1.06'; # Storage for the pseudo-singleton $MAIN = undef; *inc::Module::Install::VERSION = *VERSION; @inc::Module::Install::ISA = __PACKAGE__; } sub import { my $class = shift; my $self = $class->new(@_); my $who = $self->_caller; #------------------------------------------------------------- # all of the following checks should be included in import(), # to allow "eval 'require Module::Install; 1' to test # installation of Module::Install. (RT #51267) #------------------------------------------------------------- # Whether or not inc::Module::Install is actually loaded, the # $INC{inc/Module/Install.pm} is what will still get set as long as # the caller loaded module this in the documented manner. # If not set, the caller may NOT have loaded the bundled version, and thus # they may not have a MI version that works with the Makefile.PL. This would # result in false errors or unexpected behaviour. And we don't want that. my $file = join( '/', 'inc', split /::/, __PACKAGE__ ) . '.pm'; unless ( $INC{$file} ) { die <<"END_DIE" } Please invoke ${\__PACKAGE__} with: use inc::${\__PACKAGE__}; not: use ${\__PACKAGE__}; END_DIE # This reportedly fixes a rare Win32 UTC file time issue, but # as this is a non-cross-platform XS module not in the core, # we shouldn't really depend on it. See RT #24194 for detail. # (Also, this module only supports Perl 5.6 and above). eval "use Win32::UTCFileTime" if $^O eq 'MSWin32' && $] >= 5.006; # If the script that is loading Module::Install is from the future, # then make will detect this and cause it to re-run over and over # again. This is bad. Rather than taking action to touch it (which # is unreliable on some platforms and requires write permissions) # for now we should catch this and refuse to run. if ( -f $0 ) { my $s = (stat($0))[9]; # If the modification time is only slightly in the future, # sleep briefly to remove the problem. my $a = $s - time; if ( $a > 0 and $a < 5 ) { sleep 5 } # Too far in the future, throw an error. my $t = time; if ( $s > $t ) { die <<"END_DIE" } Your installer $0 has a modification time in the future ($s > $t). This is known to create infinite loops in make. Please correct this, then run $0 again. END_DIE } # Build.PL was formerly supported, but no longer is due to excessive # difficulty in implementing every single feature twice. if ( $0 =~ /Build.PL$/i ) { die <<"END_DIE" } Module::Install no longer supports Build.PL. It was impossible to maintain duel backends, and has been deprecated. Please remove all Build.PL files and only use the Makefile.PL installer. END_DIE #------------------------------------------------------------- # To save some more typing in Module::Install installers, every... # use inc::Module::Install # ...also acts as an implicit use strict. $^H |= strict::bits(qw(refs subs vars)); #------------------------------------------------------------- unless ( -f $self->{file} ) { foreach my $key (keys %INC) { delete $INC{$key} if $key =~ /Module\/Install/; } local $^W; require "$self->{path}/$self->{dispatch}.pm"; File::Path::mkpath("$self->{prefix}/$self->{author}"); $self->{admin} = "$self->{name}::$self->{dispatch}"->new( _top => $self ); $self->{admin}->init; @_ = ($class, _self => $self); goto &{"$self->{name}::import"}; } local $^W; *{"${who}::AUTOLOAD"} = $self->autoload; $self->preload; # Unregister loader and worker packages so subdirs can use them again delete $INC{'inc/Module/Install.pm'}; delete $INC{'Module/Install.pm'}; # Save to the singleton $MAIN = $self; return 1; } sub autoload { my $self = shift; my $who = $self->_caller; my $cwd = Cwd::cwd(); my $sym = "${who}::AUTOLOAD"; $sym->{$cwd} = sub { my $pwd = Cwd::cwd(); if ( my $code = $sym->{$pwd} ) { # Delegate back to parent dirs goto &$code unless $cwd eq $pwd; } unless ($$sym =~ s/([^:]+)$//) { # XXX: it looks like we can't retrieve the missing function # via $$sym (usually $main::AUTOLOAD) in this case. # I'm still wondering if we should slurp Makefile.PL to # get some context or not ... my ($package, $file, $line) = caller; die <<"EOT"; Unknown function is found at $file line $line. Execution of $file aborted due to runtime errors. If you're a contributor to a project, you may need to install some Module::Install extensions from CPAN (or other repository). If you're a user of a module, please contact the author. EOT } my $method = $1; if ( uc($method) eq $method ) { # Do nothing return; } elsif ( $method =~ /^_/ and $self->can($method) ) { # Dispatch to the root M:I class return $self->$method(@_); } # Dispatch to the appropriate plugin unshift @_, ( $self, $1 ); goto &{$self->can('call')}; }; } sub preload { my $self = shift; unless ( $self->{extensions} ) { $self->load_extensions( "$self->{prefix}/$self->{path}", $self ); } my @exts = @{$self->{extensions}}; unless ( @exts ) { @exts = $self->{admin}->load_all_extensions; } my %seen; foreach my $obj ( @exts ) { while (my ($method, $glob) = each %{ref($obj) . '::'}) { next unless $obj->can($method); next if $method =~ /^_/; next if $method eq uc($method); $seen{$method}++; } } my $who = $self->_caller; foreach my $name ( sort keys %seen ) { local $^W; *{"${who}::$name"} = sub { ${"${who}::AUTOLOAD"} = "${who}::$name"; goto &{"${who}::AUTOLOAD"}; }; } } sub new { my ($class, %args) = @_; delete $INC{'FindBin.pm'}; { # to suppress the redefine warning local $SIG{__WARN__} = sub {}; require FindBin; } # ignore the prefix on extension modules built from top level. my $base_path = Cwd::abs_path($FindBin::Bin); unless ( Cwd::abs_path(Cwd::cwd()) eq $base_path ) { delete $args{prefix}; } return $args{_self} if $args{_self}; $args{dispatch} ||= 'Admin'; $args{prefix} ||= 'inc'; $args{author} ||= ($^O eq 'VMS' ? '_author' : '.author'); $args{bundle} ||= 'inc/BUNDLES'; $args{base} ||= $base_path; $class =~ s/^\Q$args{prefix}\E:://; $args{name} ||= $class; $args{version} ||= $class->VERSION; unless ( $args{path} ) { $args{path} = $args{name}; $args{path} =~ s!::!/!g; } $args{file} ||= "$args{base}/$args{prefix}/$args{path}.pm"; $args{wrote} = 0; bless( \%args, $class ); } sub call { my ($self, $method) = @_; my $obj = $self->load($method) or return; splice(@_, 0, 2, $obj); goto &{$obj->can($method)}; } sub load { my ($self, $method) = @_; $self->load_extensions( "$self->{prefix}/$self->{path}", $self ) unless $self->{extensions}; foreach my $obj (@{$self->{extensions}}) { return $obj if $obj->can($method); } my $admin = $self->{admin} or die <<"END_DIE"; The '$method' method does not exist in the '$self->{prefix}' path! Please remove the '$self->{prefix}' directory and run $0 again to load it. END_DIE my $obj = $admin->load($method, 1); push @{$self->{extensions}}, $obj; $obj; } sub load_extensions { my ($self, $path, $top) = @_; my $should_reload = 0; unless ( grep { ! ref $_ and lc $_ eq lc $self->{prefix} } @INC ) { unshift @INC, $self->{prefix}; $should_reload = 1; } foreach my $rv ( $self->find_extensions($path) ) { my ($file, $pkg) = @{$rv}; next if $self->{pathnames}{$pkg}; local $@; my $new = eval { local $^W; require $file; $pkg->can('new') }; unless ( $new ) { warn $@ if $@; next; } $self->{pathnames}{$pkg} = $should_reload ? delete $INC{$file} : $INC{$file}; push @{$self->{extensions}}, &{$new}($pkg, _top => $top ); } $self->{extensions} ||= []; } sub find_extensions { my ($self, $path) = @_; my @found; File::Find::find( sub { my $file = $File::Find::name; return unless $file =~ m!^\Q$path\E/(.+)\.pm\Z!is; my $subpath = $1; return if lc($subpath) eq lc($self->{dispatch}); $file = "$self->{path}/$subpath.pm"; my $pkg = "$self->{name}::$subpath"; $pkg =~ s!/!::!g; # If we have a mixed-case package name, assume case has been preserved # correctly. Otherwise, root through the file to locate the case-preserved # version of the package name. if ( $subpath eq lc($subpath) || $subpath eq uc($subpath) ) { my $content = Module::Install::_read($subpath . '.pm'); my $in_pod = 0; foreach ( split //, $content ) { $in_pod = 1 if /^=\w/; $in_pod = 0 if /^=cut/; next if ($in_pod || /^=cut/); # skip pod text next if /^\s*#/; # and comments if ( m/^\s*package\s+($pkg)\s*;/i ) { $pkg = $1; last; } } } push @found, [ $file, $pkg ]; }, $path ) if -d $path; @found; } ##################################################################### # Common Utility Functions sub _caller { my $depth = 0; my $call = caller($depth); while ( $call eq __PACKAGE__ ) { $depth++; $call = caller($depth); } return $call; } # Done in evals to avoid confusing Perl::MinimumVersion eval( $] >= 5.006 ? <<'END_NEW' : <<'END_OLD' ); die $@ if $@; sub _read { local *FH; open( FH, '<', $_[0] ) or die "open($_[0]): $!"; my $string = do { local $/; }; close FH or die "close($_[0]): $!"; return $string; } END_NEW sub _read { local *FH; open( FH, "< $_[0]" ) or die "open($_[0]): $!"; my $string = do { local $/; }; close FH or die "close($_[0]): $!"; return $string; } END_OLD sub _readperl { my $string = Module::Install::_read($_[0]); $string =~ s/(?:\015{1,2}\012|\015|\012)/\n/sg; $string =~ s/(\n)\n*__(?:DATA|END)__\b.*\z/$1/s; $string =~ s/\n\n=\w+.+?\n\n=cut\b.+?\n+/\n\n/sg; return $string; } sub _readpod { my $string = Module::Install::_read($_[0]); $string =~ s/(?:\015{1,2}\012|\015|\012)/\n/sg; return $string if $_[0] =~ /\.pod\z/; $string =~ s/(^|\n=cut\b.+?\n+)[^=\s].+?\n(\n=\w+|\z)/$1$2/sg; $string =~ s/\n*=pod\b[^\n]*\n+/\n\n/sg; $string =~ s/\n*=cut\b[^\n]*\n+/\n\n/sg; $string =~ s/^\n+//s; return $string; } # Done in evals to avoid confusing Perl::MinimumVersion eval( $] >= 5.006 ? <<'END_NEW' : <<'END_OLD' ); die $@ if $@; sub _write { local *FH; open( FH, '>', $_[0] ) or die "open($_[0]): $!"; foreach ( 1 .. $#_ ) { print FH $_[$_] or die "print($_[0]): $!"; } close FH or die "close($_[0]): $!"; } END_NEW sub _write { local *FH; open( FH, "> $_[0]" ) or die "open($_[0]): $!"; foreach ( 1 .. $#_ ) { print FH $_[$_] or die "print($_[0]): $!"; } close FH or die "close($_[0]): $!"; } END_OLD # _version is for processing module versions (eg, 1.03_05) not # Perl versions (eg, 5.8.1). sub _version ($) { my $s = shift || 0; my $d =()= $s =~ /(\.)/g; if ( $d >= 2 ) { # Normalise multipart versions $s =~ s/(\.)(\d{1,3})/sprintf("$1%03d",$2)/eg; } $s =~ s/^(\d+)\.?//; my $l = $1 || 0; my @v = map { $_ . '0' x (3 - length $_) } $s =~ /(\d{1,3})\D?/g; $l = $l . '.' . join '', @v if @v; return $l + 0; } sub _cmp ($$) { _version($_[1]) <=> _version($_[2]); } # Cloned from Params::Util::_CLASS sub _CLASS ($) { ( defined $_[0] and ! ref $_[0] and $_[0] =~ m/^[^\W\d]\w*(?:::\w+)*\z/s ) ? $_[0] : undef; } 1; # Copyright 2008 - 2012 Adam Kennedy. RT-Authen-ExternalAuth-0.17/inc/Module/Install/0000700000175000017500000000000012167334405017371 5ustar tomtomRT-Authen-ExternalAuth-0.17/inc/Module/Install/Base.pm0000644000175000017500000000214712167334377020627 0ustar tomtom#line 1 package Module::Install::Base; use strict 'vars'; use vars qw{$VERSION}; BEGIN { $VERSION = '1.06'; } # Suspend handler for "redefined" warnings BEGIN { my $w = $SIG{__WARN__}; $SIG{__WARN__} = sub { $w }; } #line 42 sub new { my $class = shift; unless ( defined &{"${class}::call"} ) { *{"${class}::call"} = sub { shift->_top->call(@_) }; } unless ( defined &{"${class}::load"} ) { *{"${class}::load"} = sub { shift->_top->load(@_) }; } bless { @_ }, $class; } #line 61 sub AUTOLOAD { local $@; my $func = eval { shift->_top->autoload } or return; goto &$func; } #line 75 sub _top { $_[0]->{_top}; } #line 90 sub admin { $_[0]->_top->{admin} or Module::Install::Base::FakeAdmin->new; } #line 106 sub is_admin { ! $_[0]->admin->isa('Module::Install::Base::FakeAdmin'); } sub DESTROY {} package Module::Install::Base::FakeAdmin; use vars qw{$VERSION}; BEGIN { $VERSION = $Module::Install::Base::VERSION; } my $fake; sub new { $fake ||= bless(\@_, $_[0]); } sub AUTOLOAD {} sub DESTROY {} # Restore warning handler BEGIN { $SIG{__WARN__} = $SIG{__WARN__}->(); } 1; #line 159 RT-Authen-ExternalAuth-0.17/inc/Module/Install/Can.pm0000644000175000017500000000615712167334400020446 0ustar tomtom#line 1 package Module::Install::Can; use strict; use Config (); use ExtUtils::MakeMaker (); use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } # check if we can load some module ### Upgrade this to not have to load the module if possible sub can_use { my ($self, $mod, $ver) = @_; $mod =~ s{::|\\}{/}g; $mod .= '.pm' unless $mod =~ /\.pm$/i; my $pkg = $mod; $pkg =~ s{/}{::}g; $pkg =~ s{\.pm$}{}i; local $@; eval { require $mod; $pkg->VERSION($ver || 0); 1 }; } # Check if we can run some command sub can_run { my ($self, $cmd) = @_; my $_cmd = $cmd; return $_cmd if (-x $_cmd or $_cmd = MM->maybe_command($_cmd)); for my $dir ((split /$Config::Config{path_sep}/, $ENV{PATH}), '.') { next if $dir eq ''; require File::Spec; my $abs = File::Spec->catfile($dir, $cmd); return $abs if (-x $abs or $abs = MM->maybe_command($abs)); } return; } # Can our C compiler environment build XS files sub can_xs { my $self = shift; # Ensure we have the CBuilder module $self->configure_requires( 'ExtUtils::CBuilder' => 0.27 ); # Do we have the configure_requires checker? local $@; eval "require ExtUtils::CBuilder;"; if ( $@ ) { # They don't obey configure_requires, so it is # someone old and delicate. Try to avoid hurting # them by falling back to an older simpler test. return $self->can_cc(); } # Do we have a working C compiler my $builder = ExtUtils::CBuilder->new( quiet => 1, ); unless ( $builder->have_compiler ) { # No working C compiler return 0; } # Write a C file representative of what XS becomes require File::Temp; my ( $FH, $tmpfile ) = File::Temp::tempfile( "compilexs-XXXXX", SUFFIX => '.c', ); binmode $FH; print $FH <<'END_C'; #include "EXTERN.h" #include "perl.h" #include "XSUB.h" int main(int argc, char **argv) { return 0; } int boot_sanexs() { return 1; } END_C close $FH; # Can the C compiler access the same headers XS does my @libs = (); my $object = undef; eval { local $^W = 0; $object = $builder->compile( source => $tmpfile, ); @libs = $builder->link( objects => $object, module_name => 'sanexs', ); }; my $result = $@ ? 0 : 1; # Clean up all the build files foreach ( $tmpfile, $object, @libs ) { next unless defined $_; 1 while unlink; } return $result; } # Can we locate a (the) C compiler sub can_cc { my $self = shift; my @chunks = split(/ /, $Config::Config{cc}) or return; # $Config{cc} may contain args; try to find out the program part while (@chunks) { return $self->can_run("@chunks") || (pop(@chunks), next); } return; } # Fix Cygwin bug on maybe_command(); if ( $^O eq 'cygwin' ) { require ExtUtils::MM_Cygwin; require ExtUtils::MM_Win32; if ( ! defined(&ExtUtils::MM_Cygwin::maybe_command) ) { *ExtUtils::MM_Cygwin::maybe_command = sub { my ($self, $file) = @_; if ($file =~ m{^/cygdrive/}i and ExtUtils::MM_Win32->can('maybe_command')) { ExtUtils::MM_Win32->maybe_command($file); } else { ExtUtils::MM_Unix->maybe_command($file); } } } } 1; __END__ #line 236 RT-Authen-ExternalAuth-0.17/inc/Module/Install/Fetch.pm0000644000175000017500000000462712167334400020776 0ustar tomtom#line 1 package Module::Install::Fetch; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } sub get_file { my ($self, %args) = @_; my ($scheme, $host, $path, $file) = $args{url} =~ m|^(\w+)://([^/]+)(.+)/(.+)| or return; if ( $scheme eq 'http' and ! eval { require LWP::Simple; 1 } ) { $args{url} = $args{ftp_url} or (warn("LWP support unavailable!\n"), return); ($scheme, $host, $path, $file) = $args{url} =~ m|^(\w+)://([^/]+)(.+)/(.+)| or return; } $|++; print "Fetching '$file' from $host... "; unless (eval { require Socket; Socket::inet_aton($host) }) { warn "'$host' resolve failed!\n"; return; } return unless $scheme eq 'ftp' or $scheme eq 'http'; require Cwd; my $dir = Cwd::getcwd(); chdir $args{local_dir} or return if exists $args{local_dir}; if (eval { require LWP::Simple; 1 }) { LWP::Simple::mirror($args{url}, $file); } elsif (eval { require Net::FTP; 1 }) { eval { # use Net::FTP to get past firewall my $ftp = Net::FTP->new($host, Passive => 1, Timeout => 600); $ftp->login("anonymous", 'anonymous@example.com'); $ftp->cwd($path); $ftp->binary; $ftp->get($file) or (warn("$!\n"), return); $ftp->quit; } } elsif (my $ftp = $self->can_run('ftp')) { eval { # no Net::FTP, fallback to ftp.exe require FileHandle; my $fh = FileHandle->new; local $SIG{CHLD} = 'IGNORE'; unless ($fh->open("|$ftp -n")) { warn "Couldn't open ftp: $!\n"; chdir $dir; return; } my @dialog = split(/\n/, <<"END_FTP"); open $host user anonymous anonymous\@example.com cd $path binary get $file $file quit END_FTP foreach (@dialog) { $fh->print("$_\n") } $fh->close; } } else { warn "No working 'ftp' program available!\n"; chdir $dir; return; } unless (-f $file) { warn "Fetching failed: $@\n"; chdir $dir; return; } return if exists $args{size} and -s $file != $args{size}; system($args{run}) if exists $args{run}; unlink($file) if $args{remove}; print(((!exists $args{check_for} or -e $args{check_for}) ? "done!" : "failed! ($!)"), "\n"); chdir $dir; return !$?; } 1; RT-Authen-ExternalAuth-0.17/inc/Module/Install/Makefile.pm0000644000175000017500000002743712167334377021503 0ustar tomtom#line 1 package Module::Install::Makefile; use strict 'vars'; use ExtUtils::MakeMaker (); use Module::Install::Base (); use Fcntl qw/:flock :seek/; use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } sub Makefile { $_[0] } my %seen = (); sub prompt { shift; # Infinite loop protection my @c = caller(); if ( ++$seen{"$c[1]|$c[2]|$_[0]"} > 3 ) { die "Caught an potential prompt infinite loop ($c[1]|$c[2]|$_[0])"; } # In automated testing or non-interactive session, always use defaults if ( ($ENV{AUTOMATED_TESTING} or -! -t STDIN) and ! $ENV{PERL_MM_USE_DEFAULT} ) { local $ENV{PERL_MM_USE_DEFAULT} = 1; goto &ExtUtils::MakeMaker::prompt; } else { goto &ExtUtils::MakeMaker::prompt; } } # Store a cleaned up version of the MakeMaker version, # since we need to behave differently in a variety of # ways based on the MM version. my $makemaker = eval $ExtUtils::MakeMaker::VERSION; # If we are passed a param, do a "newer than" comparison. # Otherwise, just return the MakeMaker version. sub makemaker { ( @_ < 2 or $makemaker >= eval($_[1]) ) ? $makemaker : 0 } # Ripped from ExtUtils::MakeMaker 6.56, and slightly modified # as we only need to know here whether the attribute is an array # or a hash or something else (which may or may not be appendable). my %makemaker_argtype = ( C => 'ARRAY', CONFIG => 'ARRAY', # CONFIGURE => 'CODE', # ignore DIR => 'ARRAY', DL_FUNCS => 'HASH', DL_VARS => 'ARRAY', EXCLUDE_EXT => 'ARRAY', EXE_FILES => 'ARRAY', FUNCLIST => 'ARRAY', H => 'ARRAY', IMPORTS => 'HASH', INCLUDE_EXT => 'ARRAY', LIBS => 'ARRAY', # ignore '' MAN1PODS => 'HASH', MAN3PODS => 'HASH', META_ADD => 'HASH', META_MERGE => 'HASH', PL_FILES => 'HASH', PM => 'HASH', PMLIBDIRS => 'ARRAY', PMLIBPARENTDIRS => 'ARRAY', PREREQ_PM => 'HASH', CONFIGURE_REQUIRES => 'HASH', SKIP => 'ARRAY', TYPEMAPS => 'ARRAY', XS => 'HASH', # VERSION => ['version',''], # ignore # _KEEP_AFTER_FLUSH => '', clean => 'HASH', depend => 'HASH', dist => 'HASH', dynamic_lib=> 'HASH', linkext => 'HASH', macro => 'HASH', postamble => 'HASH', realclean => 'HASH', test => 'HASH', tool_autosplit => 'HASH', # special cases where you can use makemaker_append CCFLAGS => 'APPENDABLE', DEFINE => 'APPENDABLE', INC => 'APPENDABLE', LDDLFLAGS => 'APPENDABLE', LDFROM => 'APPENDABLE', ); sub makemaker_args { my ($self, %new_args) = @_; my $args = ( $self->{makemaker_args} ||= {} ); foreach my $key (keys %new_args) { if ($makemaker_argtype{$key}) { if ($makemaker_argtype{$key} eq 'ARRAY') { $args->{$key} = [] unless defined $args->{$key}; unless (ref $args->{$key} eq 'ARRAY') { $args->{$key} = [$args->{$key}] } push @{$args->{$key}}, ref $new_args{$key} eq 'ARRAY' ? @{$new_args{$key}} : $new_args{$key}; } elsif ($makemaker_argtype{$key} eq 'HASH') { $args->{$key} = {} unless defined $args->{$key}; foreach my $skey (keys %{ $new_args{$key} }) { $args->{$key}{$skey} = $new_args{$key}{$skey}; } } elsif ($makemaker_argtype{$key} eq 'APPENDABLE') { $self->makemaker_append($key => $new_args{$key}); } } else { if (defined $args->{$key}) { warn qq{MakeMaker attribute "$key" is overriden; use "makemaker_append" to append values\n}; } $args->{$key} = $new_args{$key}; } } return $args; } # For mm args that take multiple space-seperated args, # append an argument to the current list. sub makemaker_append { my $self = shift; my $name = shift; my $args = $self->makemaker_args; $args->{$name} = defined $args->{$name} ? join( ' ', $args->{$name}, @_ ) : join( ' ', @_ ); } sub build_subdirs { my $self = shift; my $subdirs = $self->makemaker_args->{DIR} ||= []; for my $subdir (@_) { push @$subdirs, $subdir; } } sub clean_files { my $self = shift; my $clean = $self->makemaker_args->{clean} ||= {}; %$clean = ( %$clean, FILES => join ' ', grep { length $_ } ($clean->{FILES} || (), @_), ); } sub realclean_files { my $self = shift; my $realclean = $self->makemaker_args->{realclean} ||= {}; %$realclean = ( %$realclean, FILES => join ' ', grep { length $_ } ($realclean->{FILES} || (), @_), ); } sub libs { my $self = shift; my $libs = ref $_[0] ? shift : [ shift ]; $self->makemaker_args( LIBS => $libs ); } sub inc { my $self = shift; $self->makemaker_args( INC => shift ); } sub _wanted_t { } sub tests_recursive { my $self = shift; my $dir = shift || 't'; unless ( -d $dir ) { die "tests_recursive dir '$dir' does not exist"; } my %tests = map { $_ => 1 } split / /, ($self->tests || ''); require File::Find; File::Find::find( sub { /\.t$/ and -f $_ and $tests{"$File::Find::dir/*.t"} = 1 }, $dir ); $self->tests( join ' ', sort keys %tests ); } sub write { my $self = shift; die "&Makefile->write() takes no arguments\n" if @_; # Check the current Perl version my $perl_version = $self->perl_version; if ( $perl_version ) { eval "use $perl_version; 1" or die "ERROR: perl: Version $] is installed, " . "but we need version >= $perl_version"; } # Make sure we have a new enough MakeMaker require ExtUtils::MakeMaker; if ( $perl_version and $self->_cmp($perl_version, '5.006') >= 0 ) { # This previous attempted to inherit the version of # ExtUtils::MakeMaker in use by the module author, but this # was found to be untenable as some authors build releases # using future dev versions of EU:MM that nobody else has. # Instead, #toolchain suggests we use 6.59 which is the most # stable version on CPAN at time of writing and is, to quote # ribasushi, "not terminally fucked, > and tested enough". # TODO: We will now need to maintain this over time to push # the version up as new versions are released. $self->build_requires( 'ExtUtils::MakeMaker' => 6.59 ); $self->configure_requires( 'ExtUtils::MakeMaker' => 6.59 ); } else { # Allow legacy-compatibility with 5.005 by depending on the # most recent EU:MM that supported 5.005. $self->build_requires( 'ExtUtils::MakeMaker' => 6.36 ); $self->configure_requires( 'ExtUtils::MakeMaker' => 6.36 ); } # Generate the MakeMaker params my $args = $self->makemaker_args; $args->{DISTNAME} = $self->name; $args->{NAME} = $self->module_name || $self->name; $args->{NAME} =~ s/-/::/g; $args->{VERSION} = $self->version or die <<'EOT'; ERROR: Can't determine distribution version. Please specify it explicitly via 'version' in Makefile.PL, or set a valid $VERSION in a module, and provide its file path via 'version_from' (or 'all_from' if you prefer) in Makefile.PL. EOT if ( $self->tests ) { my @tests = split ' ', $self->tests; my %seen; $args->{test} = { TESTS => (join ' ', grep {!$seen{$_}++} @tests), }; } elsif ( $Module::Install::ExtraTests::use_extratests ) { # Module::Install::ExtraTests doesn't set $self->tests and does its own tests via harness. # So, just ignore our xt tests here. } elsif ( -d 'xt' and ($Module::Install::AUTHOR or $ENV{RELEASE_TESTING}) ) { $args->{test} = { TESTS => join( ' ', map { "$_/*.t" } grep { -d $_ } qw{ t xt } ), }; } if ( $] >= 5.005 ) { $args->{ABSTRACT} = $self->abstract; $args->{AUTHOR} = join ', ', @{$self->author || []}; } if ( $self->makemaker(6.10) ) { $args->{NO_META} = 1; #$args->{NO_MYMETA} = 1; } if ( $self->makemaker(6.17) and $self->sign ) { $args->{SIGN} = 1; } unless ( $self->is_admin ) { delete $args->{SIGN}; } if ( $self->makemaker(6.31) and $self->license ) { $args->{LICENSE} = $self->license; } my $prereq = ($args->{PREREQ_PM} ||= {}); %$prereq = ( %$prereq, map { @$_ } # flatten [module => version] map { @$_ } grep $_, ($self->requires) ); # Remove any reference to perl, PREREQ_PM doesn't support it delete $args->{PREREQ_PM}->{perl}; # Merge both kinds of requires into BUILD_REQUIRES my $build_prereq = ($args->{BUILD_REQUIRES} ||= {}); %$build_prereq = ( %$build_prereq, map { @$_ } # flatten [module => version] map { @$_ } grep $_, ($self->configure_requires, $self->build_requires) ); # Remove any reference to perl, BUILD_REQUIRES doesn't support it delete $args->{BUILD_REQUIRES}->{perl}; # Delete bundled dists from prereq_pm, add it to Makefile DIR my $subdirs = ($args->{DIR} || []); if ($self->bundles) { my %processed; foreach my $bundle (@{ $self->bundles }) { my ($mod_name, $dist_dir) = @$bundle; delete $prereq->{$mod_name}; $dist_dir = File::Basename::basename($dist_dir); # dir for building this module if (not exists $processed{$dist_dir}) { if (-d $dist_dir) { # List as sub-directory to be processed by make push @$subdirs, $dist_dir; } # Else do nothing: the module is already present on the system $processed{$dist_dir} = undef; } } } unless ( $self->makemaker('6.55_03') ) { %$prereq = (%$prereq,%$build_prereq); delete $args->{BUILD_REQUIRES}; } if ( my $perl_version = $self->perl_version ) { eval "use $perl_version; 1" or die "ERROR: perl: Version $] is installed, " . "but we need version >= $perl_version"; if ( $self->makemaker(6.48) ) { $args->{MIN_PERL_VERSION} = $perl_version; } } if ($self->installdirs) { warn qq{old INSTALLDIRS (probably set by makemaker_args) is overriden by installdirs\n} if $args->{INSTALLDIRS}; $args->{INSTALLDIRS} = $self->installdirs; } my %args = map { ( $_ => $args->{$_} ) } grep {defined($args->{$_} ) } keys %$args; my $user_preop = delete $args{dist}->{PREOP}; if ( my $preop = $self->admin->preop($user_preop) ) { foreach my $key ( keys %$preop ) { $args{dist}->{$key} = $preop->{$key}; } } my $mm = ExtUtils::MakeMaker::WriteMakefile(%args); $self->fix_up_makefile($mm->{FIRST_MAKEFILE} || 'Makefile'); } sub fix_up_makefile { my $self = shift; my $makefile_name = shift; my $top_class = ref($self->_top) || ''; my $top_version = $self->_top->VERSION || ''; my $preamble = $self->preamble ? "# Preamble by $top_class $top_version\n" . $self->preamble : ''; my $postamble = "# Postamble by $top_class $top_version\n" . ($self->postamble || ''); local *MAKEFILE; open MAKEFILE, "+< $makefile_name" or die "fix_up_makefile: Couldn't open $makefile_name: $!"; eval { flock MAKEFILE, LOCK_EX }; my $makefile = do { local $/; }; $makefile =~ s/\b(test_harness\(\$\(TEST_VERBOSE\), )/$1'inc', /; $makefile =~ s/( -I\$\(INST_ARCHLIB\))/ -Iinc$1/g; $makefile =~ s/( "-I\$\(INST_LIB\)")/ "-Iinc"$1/g; $makefile =~ s/^(FULLPERL = .*)/$1 "-Iinc"/m; $makefile =~ s/^(PERL = .*)/$1 "-Iinc"/m; # Module::Install will never be used to build the Core Perl # Sometimes PERL_LIB and PERL_ARCHLIB get written anyway, which breaks # PREFIX/PERL5LIB, and thus, install_share. Blank them if they exist $makefile =~ s/^PERL_LIB = .+/PERL_LIB =/m; #$makefile =~ s/^PERL_ARCHLIB = .+/PERL_ARCHLIB =/m; # Perl 5.005 mentions PERL_LIB explicitly, so we have to remove that as well. $makefile =~ s/(\"?)-I\$\(PERL_LIB\)\1//g; # XXX - This is currently unused; not sure if it breaks other MM-users # $makefile =~ s/^pm_to_blib\s+:\s+/pm_to_blib :: /mg; seek MAKEFILE, 0, SEEK_SET; truncate MAKEFILE, 0; print MAKEFILE "$preamble$makefile$postamble" or die $!; close MAKEFILE or die $!; 1; } sub preamble { my ($self, $text) = @_; $self->{preamble} = $text . $self->{preamble} if defined $text; $self->{preamble}; } sub postamble { my ($self, $text) = @_; $self->{postamble} ||= $self->admin->postamble; $self->{postamble} .= $text if defined $text; $self->{postamble} } 1; __END__ #line 544 RT-Authen-ExternalAuth-0.17/inc/Module/Install/AutoInstall.pm0000644000175000017500000000416212167334400022176 0ustar tomtom#line 1 package Module::Install::AutoInstall; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } sub AutoInstall { $_[0] } sub run { my $self = shift; $self->auto_install_now(@_); } sub write { my $self = shift; $self->auto_install(@_); } sub auto_install { my $self = shift; return if $self->{done}++; # Flatten array of arrays into a single array my @core = map @$_, map @$_, grep ref, $self->build_requires, $self->requires; my @config = @_; # We'll need Module::AutoInstall $self->include('Module::AutoInstall'); require Module::AutoInstall; my @features_require = Module::AutoInstall->import( (@config ? (-config => \@config) : ()), (@core ? (-core => \@core) : ()), $self->features, ); my %seen; my @requires = map @$_, map @$_, grep ref, $self->requires; while (my ($mod, $ver) = splice(@requires, 0, 2)) { $seen{$mod}{$ver}++; } my @build_requires = map @$_, map @$_, grep ref, $self->build_requires; while (my ($mod, $ver) = splice(@build_requires, 0, 2)) { $seen{$mod}{$ver}++; } my @configure_requires = map @$_, map @$_, grep ref, $self->configure_requires; while (my ($mod, $ver) = splice(@configure_requires, 0, 2)) { $seen{$mod}{$ver}++; } my @deduped; while (my ($mod, $ver) = splice(@features_require, 0, 2)) { push @deduped, $mod => $ver unless $seen{$mod}{$ver}++; } $self->requires(@deduped); $self->makemaker_args( Module::AutoInstall::_make_args() ); my $class = ref($self); $self->postamble( "# --- $class section:\n" . Module::AutoInstall::postamble() ); } sub installdeps_target { my ($self, @args) = @_; $self->include('Module::AutoInstall'); require Module::AutoInstall; Module::AutoInstall::_installdeps_target(1); $self->auto_install(@args); } sub auto_install_now { my $self = shift; $self->auto_install(@_); Module::AutoInstall::do_install(); } 1; RT-Authen-ExternalAuth-0.17/inc/Module/Install/AuthorTests.pm0000644000175000017500000000221512167334400022221 0ustar tomtom#line 1 package Module::Install::AuthorTests; use 5.005; use strict; use Module::Install::Base; use Carp (); #line 16 use vars qw{$VERSION $ISCORE @ISA}; BEGIN { $VERSION = '0.002'; $ISCORE = 1; @ISA = qw{Module::Install::Base}; } #line 42 sub author_tests { my ($self, @dirs) = @_; _add_author_tests($self, \@dirs, 0); } #line 56 sub recursive_author_tests { my ($self, @dirs) = @_; _add_author_tests($self, \@dirs, 1); } sub _wanted { my $href = shift; sub { /\.t$/ and -f $_ and $href->{$File::Find::dir} = 1 } } sub _add_author_tests { my ($self, $dirs, $recurse) = @_; return unless $Module::Install::AUTHOR; my @tests = $self->tests ? (split / /, $self->tests) : 't/*.t'; # XXX: pick a default, later -- rjbs, 2008-02-24 my @dirs = @$dirs ? @$dirs : Carp::confess "no dirs given to author_tests"; @dirs = grep { -d } @dirs; if ($recurse) { require File::Find; my %test_dir; File::Find::find(_wanted(\%test_dir), @dirs); $self->tests( join ' ', @tests, map { "$_/*.t" } sort keys %test_dir ); } else { $self->tests( join ' ', @tests, map { "$_/*.t" } sort @dirs ); } } #line 107 1; RT-Authen-ExternalAuth-0.17/inc/Module/Install/ReadmeFromPod.pm0000644000175000017500000000631112167334400022421 0ustar tomtom#line 1 package Module::Install::ReadmeFromPod; use 5.006; use strict; use warnings; use base qw(Module::Install::Base); use vars qw($VERSION); $VERSION = '0.20'; sub readme_from { my $self = shift; return unless $self->is_admin; # Input file my $in_file = shift || $self->_all_from or die "Can't determine file to make readme_from"; # Get optional arguments my ($clean, $format, $out_file, $options); my $args = shift; if ( ref $args ) { # Arguments are in a hashref if ( ref($args) ne 'HASH' ) { die "Expected a hashref but got a ".ref($args)."\n"; } else { $clean = $args->{'clean'}; $format = $args->{'format'}; $out_file = $args->{'output_file'}; $options = $args->{'options'}; } } else { # Arguments are in a list $clean = $args; $format = shift; $out_file = shift; $options = \@_; } # Default values; $clean ||= 0; $format ||= 'txt'; # Generate README print "readme_from $in_file to $format\n"; if ($format =~ m/te?xt/) { $out_file = $self->_readme_txt($in_file, $out_file, $options); } elsif ($format =~ m/html?/) { $out_file = $self->_readme_htm($in_file, $out_file, $options); } elsif ($format eq 'man') { $out_file = $self->_readme_man($in_file, $out_file, $options); } elsif ($format eq 'pdf') { $out_file = $self->_readme_pdf($in_file, $out_file, $options); } if ($clean) { $self->clean_files($out_file); } return 1; } sub _readme_txt { my ($self, $in_file, $out_file, $options) = @_; $out_file ||= 'README'; require Pod::Text; my $parser = Pod::Text->new( @$options ); open my $out_fh, '>', $out_file or die "Could not write file $out_file:\n$!\n"; $parser->output_fh( *$out_fh ); $parser->parse_file( $in_file ); close $out_fh; return $out_file; } sub _readme_htm { my ($self, $in_file, $out_file, $options) = @_; $out_file ||= 'README.htm'; require Pod::Html; Pod::Html::pod2html( "--infile=$in_file", "--outfile=$out_file", @$options, ); # Remove temporary files if needed for my $file ('pod2htmd.tmp', 'pod2htmi.tmp') { if (-e $file) { unlink $file or warn "Warning: Could not remove file '$file'.\n$!\n"; } } return $out_file; } sub _readme_man { my ($self, $in_file, $out_file, $options) = @_; $out_file ||= 'README.1'; require Pod::Man; my $parser = Pod::Man->new( @$options ); $parser->parse_from_file($in_file, $out_file); return $out_file; } sub _readme_pdf { my ($self, $in_file, $out_file, $options) = @_; $out_file ||= 'README.pdf'; eval { require App::pod2pdf; } or die "Could not generate $out_file because pod2pdf could not be found\n"; my $parser = App::pod2pdf->new( @$options ); $parser->parse_from_file($in_file); open my $out_fh, '>', $out_file or die "Could not write file $out_file:\n$!\n"; select $out_fh; $parser->output; select STDOUT; close $out_fh; return $out_file; } sub _all_from { my $self = shift; return unless $self->admin->{extensions}; my ($metadata) = grep { ref($_) eq 'Module::Install::Metadata'; } @{$self->admin->{extensions}}; return unless $metadata; return $metadata->{values}{all_from} || ''; } 'Readme!'; __END__ #line 254 RT-Authen-ExternalAuth-0.17/inc/Module/Install/Win32.pm0000644000175000017500000000340312167334400020636 0ustar tomtom#line 1 package Module::Install::Win32; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } # determine if the user needs nmake, and download it if needed sub check_nmake { my $self = shift; $self->load('can_run'); $self->load('get_file'); require Config; return unless ( $^O eq 'MSWin32' and $Config::Config{make} and $Config::Config{make} =~ /^nmake\b/i and ! $self->can_run('nmake') ); print "The required 'nmake' executable not found, fetching it...\n"; require File::Basename; my $rv = $self->get_file( url => 'http://download.microsoft.com/download/vc15/Patch/1.52/W95/EN-US/Nmake15.exe', ftp_url => 'ftp://ftp.microsoft.com/Softlib/MSLFILES/Nmake15.exe', local_dir => File::Basename::dirname($^X), size => 51928, run => 'Nmake15.exe /o > nul', check_for => 'Nmake.exe', remove => 1, ); die <<'END_MESSAGE' unless $rv; ------------------------------------------------------------------------------- Since you are using Microsoft Windows, you will need the 'nmake' utility before installation. It's available at: http://download.microsoft.com/download/vc15/Patch/1.52/W95/EN-US/Nmake15.exe or ftp://ftp.microsoft.com/Softlib/MSLFILES/Nmake15.exe Please download the file manually, save it to a directory in %PATH% (e.g. C:\WINDOWS\COMMAND\), then launch the MS-DOS command line shell, "cd" to that directory, and run "Nmake15.exe" from there; that will create the 'nmake.exe' file needed by this module. You may then resume the installation process described in README. ------------------------------------------------------------------------------- END_MESSAGE } 1; RT-Authen-ExternalAuth-0.17/inc/Module/Install/WriteAll.pm0000644000175000017500000000237612167334400021467 0ustar tomtom#line 1 package Module::Install::WriteAll; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.06'; @ISA = qw{Module::Install::Base}; $ISCORE = 1; } sub WriteAll { my $self = shift; my %args = ( meta => 1, sign => 0, inline => 0, check_nmake => 1, @_, ); $self->sign(1) if $args{sign}; $self->admin->WriteAll(%args) if $self->is_admin; $self->check_nmake if $args{check_nmake}; unless ( $self->makemaker_args->{PL_FILES} ) { # XXX: This still may be a bit over-defensive... unless ($self->makemaker(6.25)) { $self->makemaker_args( PL_FILES => {} ) if -f 'Build.PL'; } } # Until ExtUtils::MakeMaker support MYMETA.yml, make sure # we clean it up properly ourself. $self->realclean_files('MYMETA.yml'); if ( $args{inline} ) { $self->Inline->write; } else { $self->Makefile->write; } # The Makefile write process adds a couple of dependencies, # so write the META.yml files after the Makefile. if ( $args{meta} ) { $self->Meta->write; } # Experimental support for MYMETA if ( $ENV{X_MYMETA} ) { if ( $ENV{X_MYMETA} eq 'JSON' ) { $self->Meta->write_mymeta_json; } else { $self->Meta->write_mymeta_yaml; } } return 1; } 1; RT-Authen-ExternalAuth-0.17/inc/Module/Install/Metadata.pm0000644000175000017500000004327712167334377021506 0ustar tomtom#line 1 package Module::Install::Metadata; use strict 'vars'; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } my @boolean_keys = qw{ sign }; my @scalar_keys = qw{ name module_name abstract version distribution_type tests installdirs }; my @tuple_keys = qw{ configure_requires build_requires requires recommends bundles resources }; my @resource_keys = qw{ homepage bugtracker repository }; my @array_keys = qw{ keywords author }; *authors = \&author; sub Meta { shift } sub Meta_BooleanKeys { @boolean_keys } sub Meta_ScalarKeys { @scalar_keys } sub Meta_TupleKeys { @tuple_keys } sub Meta_ResourceKeys { @resource_keys } sub Meta_ArrayKeys { @array_keys } foreach my $key ( @boolean_keys ) { *$key = sub { my $self = shift; if ( defined wantarray and not @_ ) { return $self->{values}->{$key}; } $self->{values}->{$key} = ( @_ ? $_[0] : 1 ); return $self; }; } foreach my $key ( @scalar_keys ) { *$key = sub { my $self = shift; return $self->{values}->{$key} if defined wantarray and !@_; $self->{values}->{$key} = shift; return $self; }; } foreach my $key ( @array_keys ) { *$key = sub { my $self = shift; return $self->{values}->{$key} if defined wantarray and !@_; $self->{values}->{$key} ||= []; push @{$self->{values}->{$key}}, @_; return $self; }; } foreach my $key ( @resource_keys ) { *$key = sub { my $self = shift; unless ( @_ ) { return () unless $self->{values}->{resources}; return map { $_->[1] } grep { $_->[0] eq $key } @{ $self->{values}->{resources} }; } return $self->{values}->{resources}->{$key} unless @_; my $uri = shift or die( "Did not provide a value to $key()" ); $self->resources( $key => $uri ); return 1; }; } foreach my $key ( grep { $_ ne "resources" } @tuple_keys) { *$key = sub { my $self = shift; return $self->{values}->{$key} unless @_; my @added; while ( @_ ) { my $module = shift or last; my $version = shift || 0; push @added, [ $module, $version ]; } push @{ $self->{values}->{$key} }, @added; return map {@$_} @added; }; } # Resource handling my %lc_resource = map { $_ => 1 } qw{ homepage license bugtracker repository }; sub resources { my $self = shift; while ( @_ ) { my $name = shift or last; my $value = shift or next; if ( $name eq lc $name and ! $lc_resource{$name} ) { die("Unsupported reserved lowercase resource '$name'"); } $self->{values}->{resources} ||= []; push @{ $self->{values}->{resources} }, [ $name, $value ]; } $self->{values}->{resources}; } # Aliases for build_requires that will have alternative # meanings in some future version of META.yml. sub test_requires { shift->build_requires(@_) } sub install_requires { shift->build_requires(@_) } # Aliases for installdirs options sub install_as_core { $_[0]->installdirs('perl') } sub install_as_cpan { $_[0]->installdirs('site') } sub install_as_site { $_[0]->installdirs('site') } sub install_as_vendor { $_[0]->installdirs('vendor') } sub dynamic_config { my $self = shift; my $value = @_ ? shift : 1; if ( $self->{values}->{dynamic_config} ) { # Once dynamic we never change to static, for safety return 0; } $self->{values}->{dynamic_config} = $value ? 1 : 0; return 1; } # Convenience command sub static_config { shift->dynamic_config(0); } sub perl_version { my $self = shift; return $self->{values}->{perl_version} unless @_; my $version = shift or die( "Did not provide a value to perl_version()" ); # Normalize the version $version = $self->_perl_version($version); # We don't support the really old versions unless ( $version >= 5.005 ) { die "Module::Install only supports 5.005 or newer (use ExtUtils::MakeMaker)\n"; } $self->{values}->{perl_version} = $version; } sub all_from { my ( $self, $file ) = @_; unless ( defined($file) ) { my $name = $self->name or die( "all_from called with no args without setting name() first" ); $file = join('/', 'lib', split(/-/, $name)) . '.pm'; $file =~ s{.*/}{} unless -e $file; unless ( -e $file ) { die("all_from cannot find $file from $name"); } } unless ( -f $file ) { die("The path '$file' does not exist, or is not a file"); } $self->{values}{all_from} = $file; # Some methods pull from POD instead of code. # If there is a matching .pod, use that instead my $pod = $file; $pod =~ s/\.pm$/.pod/i; $pod = $file unless -e $pod; # Pull the different values $self->name_from($file) unless $self->name; $self->version_from($file) unless $self->version; $self->perl_version_from($file) unless $self->perl_version; $self->author_from($pod) unless @{$self->author || []}; $self->license_from($pod) unless $self->license; $self->abstract_from($pod) unless $self->abstract; return 1; } sub provides { my $self = shift; my $provides = ( $self->{values}->{provides} ||= {} ); %$provides = (%$provides, @_) if @_; return $provides; } sub auto_provides { my $self = shift; return $self unless $self->is_admin; unless (-e 'MANIFEST') { warn "Cannot deduce auto_provides without a MANIFEST, skipping\n"; return $self; } # Avoid spurious warnings as we are not checking manifest here. local $SIG{__WARN__} = sub {1}; require ExtUtils::Manifest; local *ExtUtils::Manifest::manicheck = sub { return }; require Module::Build; my $build = Module::Build->new( dist_name => $self->name, dist_version => $self->version, license => $self->license, ); $self->provides( %{ $build->find_dist_packages || {} } ); } sub feature { my $self = shift; my $name = shift; my $features = ( $self->{values}->{features} ||= [] ); my $mods; if ( @_ == 1 and ref( $_[0] ) ) { # The user used ->feature like ->features by passing in the second # argument as a reference. Accomodate for that. $mods = $_[0]; } else { $mods = \@_; } my $count = 0; push @$features, ( $name => [ map { ref($_) ? ( ref($_) eq 'HASH' ) ? %$_ : @$_ : $_ } @$mods ] ); return @$features; } sub features { my $self = shift; while ( my ( $name, $mods ) = splice( @_, 0, 2 ) ) { $self->feature( $name, @$mods ); } return $self->{values}->{features} ? @{ $self->{values}->{features} } : (); } sub no_index { my $self = shift; my $type = shift; push @{ $self->{values}->{no_index}->{$type} }, @_ if $type; return $self->{values}->{no_index}; } sub read { my $self = shift; $self->include_deps( 'YAML::Tiny', 0 ); require YAML::Tiny; my $data = YAML::Tiny::LoadFile('META.yml'); # Call methods explicitly in case user has already set some values. while ( my ( $key, $value ) = each %$data ) { next unless $self->can($key); if ( ref $value eq 'HASH' ) { while ( my ( $module, $version ) = each %$value ) { $self->can($key)->($self, $module => $version ); } } else { $self->can($key)->($self, $value); } } return $self; } sub write { my $self = shift; return $self unless $self->is_admin; $self->admin->write_meta; return $self; } sub version_from { require ExtUtils::MM_Unix; my ( $self, $file ) = @_; $self->version( ExtUtils::MM_Unix->parse_version($file) ); # for version integrity check $self->makemaker_args( VERSION_FROM => $file ); } sub abstract_from { require ExtUtils::MM_Unix; my ( $self, $file ) = @_; $self->abstract( bless( { DISTNAME => $self->name }, 'ExtUtils::MM_Unix' )->parse_abstract($file) ); } # Add both distribution and module name sub name_from { my ($self, $file) = @_; if ( Module::Install::_read($file) =~ m/ ^ \s* package \s* ([\w:]+) \s* ; /ixms ) { my ($name, $module_name) = ($1, $1); $name =~ s{::}{-}g; $self->name($name); unless ( $self->module_name ) { $self->module_name($module_name); } } else { die("Cannot determine name from $file\n"); } } sub _extract_perl_version { if ( $_[0] =~ m/ ^\s* (?:use|require) \s* v? ([\d_\.]+) \s* ; /ixms ) { my $perl_version = $1; $perl_version =~ s{_}{}g; return $perl_version; } else { return; } } sub perl_version_from { my $self = shift; my $perl_version=_extract_perl_version(Module::Install::_read($_[0])); if ($perl_version) { $self->perl_version($perl_version); } else { warn "Cannot determine perl version info from $_[0]\n"; return; } } sub author_from { my $self = shift; my $content = Module::Install::_read($_[0]); if ($content =~ m/ =head \d \s+ (?:authors?)\b \s* ([^\n]*) | =head \d \s+ (?:licen[cs]e|licensing|copyright|legal)\b \s* .*? copyright .*? \d\d\d[\d.]+ \s* (?:\bby\b)? \s* ([^\n]*) /ixms) { my $author = $1 || $2; # XXX: ugly but should work anyway... if (eval "require Pod::Escapes; 1") { # Pod::Escapes has a mapping table. # It's in core of perl >= 5.9.3, and should be installed # as one of the Pod::Simple's prereqs, which is a prereq # of Pod::Text 3.x (see also below). $author =~ s{ E<( (\d+) | ([A-Za-z]+) )> } { defined $2 ? chr($2) : defined $Pod::Escapes::Name2character_number{$1} ? chr($Pod::Escapes::Name2character_number{$1}) : do { warn "Unknown escape: E<$1>"; "E<$1>"; }; }gex; } elsif (eval "require Pod::Text; 1" && $Pod::Text::VERSION < 3) { # Pod::Text < 3.0 has yet another mapping table, # though the table name of 2.x and 1.x are different. # (1.x is in core of Perl < 5.6, 2.x is in core of # Perl < 5.9.3) my $mapping = ($Pod::Text::VERSION < 2) ? \%Pod::Text::HTML_Escapes : \%Pod::Text::ESCAPES; $author =~ s{ E<( (\d+) | ([A-Za-z]+) )> } { defined $2 ? chr($2) : defined $mapping->{$1} ? $mapping->{$1} : do { warn "Unknown escape: E<$1>"; "E<$1>"; }; }gex; } else { $author =~ s{E}{<}g; $author =~ s{E}{>}g; } $self->author($author); } else { warn "Cannot determine author info from $_[0]\n"; } } #Stolen from M::B my %license_urls = ( perl => 'http://dev.perl.org/licenses/', apache => 'http://apache.org/licenses/LICENSE-2.0', apache_1_1 => 'http://apache.org/licenses/LICENSE-1.1', artistic => 'http://opensource.org/licenses/artistic-license.php', artistic_2 => 'http://opensource.org/licenses/artistic-license-2.0.php', lgpl => 'http://opensource.org/licenses/lgpl-license.php', lgpl2 => 'http://opensource.org/licenses/lgpl-2.1.php', lgpl3 => 'http://opensource.org/licenses/lgpl-3.0.html', bsd => 'http://opensource.org/licenses/bsd-license.php', gpl => 'http://opensource.org/licenses/gpl-license.php', gpl2 => 'http://opensource.org/licenses/gpl-2.0.php', gpl3 => 'http://opensource.org/licenses/gpl-3.0.html', mit => 'http://opensource.org/licenses/mit-license.php', mozilla => 'http://opensource.org/licenses/mozilla1.1.php', open_source => undef, unrestricted => undef, restrictive => undef, unknown => undef, ); sub license { my $self = shift; return $self->{values}->{license} unless @_; my $license = shift or die( 'Did not provide a value to license()' ); $license = __extract_license($license) || lc $license; $self->{values}->{license} = $license; # Automatically fill in license URLs if ( $license_urls{$license} ) { $self->resources( license => $license_urls{$license} ); } return 1; } sub _extract_license { my $pod = shift; my $matched; return __extract_license( ($matched) = $pod =~ m/ (=head \d \s+ L(?i:ICEN[CS]E|ICENSING)\b.*?) (=head \d.*|=cut.*|)\z /xms ) || __extract_license( ($matched) = $pod =~ m/ (=head \d \s+ (?:C(?i:OPYRIGHTS?)|L(?i:EGAL))\b.*?) (=head \d.*|=cut.*|)\z /xms ); } sub __extract_license { my $license_text = shift or return; my @phrases = ( '(?:under )?the same (?:terms|license) as (?:perl|the perl (?:\d )?programming language)' => 'perl', 1, '(?:under )?the terms of (?:perl|the perl programming language) itself' => 'perl', 1, 'Artistic and GPL' => 'perl', 1, 'GNU general public license' => 'gpl', 1, 'GNU public license' => 'gpl', 1, 'GNU lesser general public license' => 'lgpl', 1, 'GNU lesser public license' => 'lgpl', 1, 'GNU library general public license' => 'lgpl', 1, 'GNU library public license' => 'lgpl', 1, 'GNU Free Documentation license' => 'unrestricted', 1, 'GNU Affero General Public License' => 'open_source', 1, '(?:Free)?BSD license' => 'bsd', 1, 'Artistic license 2\.0' => 'artistic_2', 1, 'Artistic license' => 'artistic', 1, 'Apache (?:Software )?license' => 'apache', 1, 'GPL' => 'gpl', 1, 'LGPL' => 'lgpl', 1, 'BSD' => 'bsd', 1, 'Artistic' => 'artistic', 1, 'MIT' => 'mit', 1, 'Mozilla Public License' => 'mozilla', 1, 'Q Public License' => 'open_source', 1, 'OpenSSL License' => 'unrestricted', 1, 'SSLeay License' => 'unrestricted', 1, 'zlib License' => 'open_source', 1, 'proprietary' => 'proprietary', 0, ); while ( my ($pattern, $license, $osi) = splice(@phrases, 0, 3) ) { $pattern =~ s#\s+#\\s+#gs; if ( $license_text =~ /\b$pattern\b/i ) { return $license; } } return ''; } sub license_from { my $self = shift; if (my $license=_extract_license(Module::Install::_read($_[0]))) { $self->license($license); } else { warn "Cannot determine license info from $_[0]\n"; return 'unknown'; } } sub _extract_bugtracker { my @links = $_[0] =~ m#L<( https?\Q://rt.cpan.org/\E[^>]+| https?\Q://github.com/\E[\w_]+/[\w_]+/issues| https?\Q://code.google.com/p/\E[\w_\-]+/issues/list )>#gx; my %links; @links{@links}=(); @links=keys %links; return @links; } sub bugtracker_from { my $self = shift; my $content = Module::Install::_read($_[0]); my @links = _extract_bugtracker($content); unless ( @links ) { warn "Cannot determine bugtracker info from $_[0]\n"; return 0; } if ( @links > 1 ) { warn "Found more than one bugtracker link in $_[0]\n"; return 0; } # Set the bugtracker bugtracker( $links[0] ); return 1; } sub requires_from { my $self = shift; my $content = Module::Install::_readperl($_[0]); my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+(v?[\d\.]+)/mg; while ( @requires ) { my $module = shift @requires; my $version = shift @requires; $self->requires( $module => $version ); } } sub test_requires_from { my $self = shift; my $content = Module::Install::_readperl($_[0]); my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+([\d\.]+)/mg; while ( @requires ) { my $module = shift @requires; my $version = shift @requires; $self->test_requires( $module => $version ); } } # Convert triple-part versions (eg, 5.6.1 or 5.8.9) to # numbers (eg, 5.006001 or 5.008009). # Also, convert double-part versions (eg, 5.8) sub _perl_version { my $v = $_[-1]; $v =~ s/^([1-9])\.([1-9]\d?\d?)$/sprintf("%d.%03d",$1,$2)/e; $v =~ s/^([1-9])\.([1-9]\d?\d?)\.(0|[1-9]\d?\d?)$/sprintf("%d.%03d%03d",$1,$2,$3 || 0)/e; $v =~ s/(\.\d\d\d)000$/$1/; $v =~ s/_.+$//; if ( ref($v) ) { # Numify $v = $v + 0; } return $v; } sub add_metadata { my $self = shift; my %hash = @_; for my $key (keys %hash) { warn "add_metadata: $key is not prefixed with 'x_'.\n" . "Use appopriate function to add non-private metadata.\n" unless $key =~ /^x_/; $self->{values}->{$key} = $hash{$key}; } } ###################################################################### # MYMETA Support sub WriteMyMeta { die "WriteMyMeta has been deprecated"; } sub write_mymeta_yaml { my $self = shift; # We need YAML::Tiny to write the MYMETA.yml file unless ( eval { require YAML::Tiny; 1; } ) { return 1; } # Generate the data my $meta = $self->_write_mymeta_data or return 1; # Save as the MYMETA.yml file print "Writing MYMETA.yml\n"; YAML::Tiny::DumpFile('MYMETA.yml', $meta); } sub write_mymeta_json { my $self = shift; # We need JSON to write the MYMETA.json file unless ( eval { require JSON; 1; } ) { return 1; } # Generate the data my $meta = $self->_write_mymeta_data or return 1; # Save as the MYMETA.yml file print "Writing MYMETA.json\n"; Module::Install::_write( 'MYMETA.json', JSON->new->pretty(1)->canonical->encode($meta), ); } sub _write_mymeta_data { my $self = shift; # If there's no existing META.yml there is nothing we can do return undef unless -f 'META.yml'; # We need Parse::CPAN::Meta to load the file unless ( eval { require Parse::CPAN::Meta; 1; } ) { return undef; } # Merge the perl version into the dependencies my $val = $self->Meta->{values}; my $perl = delete $val->{perl_version}; if ( $perl ) { $val->{requires} ||= []; my $requires = $val->{requires}; # Canonize to three-dot version after Perl 5.6 if ( $perl >= 5.006 ) { $perl =~ s{^(\d+)\.(\d\d\d)(\d*)}{join('.', $1, int($2||0), int($3||0))}e } unshift @$requires, [ perl => $perl ]; } # Load the advisory META.yml file my @yaml = Parse::CPAN::Meta::LoadFile('META.yml'); my $meta = $yaml[0]; # Overwrite the non-configure dependency hashs delete $meta->{requires}; delete $meta->{build_requires}; delete $meta->{recommends}; if ( exists $val->{requires} ) { $meta->{requires} = { map { @$_ } @{ $val->{requires} } }; } if ( exists $val->{build_requires} ) { $meta->{build_requires} = { map { @$_ } @{ $val->{build_requires} } }; } return $meta; } 1; RT-Authen-ExternalAuth-0.17/inc/Module/Install/Include.pm0000644000175000017500000000101512167334400021314 0ustar tomtom#line 1 package Module::Install::Include; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.06'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } sub include { shift()->admin->include(@_); } sub include_deps { shift()->admin->include_deps(@_); } sub auto_include { shift()->admin->auto_include(@_); } sub auto_include_deps { shift()->admin->auto_include_deps(@_); } sub auto_include_dependent_dists { shift()->admin->auto_include_dependent_dists(@_); } 1; RT-Authen-ExternalAuth-0.17/inc/Module/Install/RTx.pm0000644000175000017500000001533512167334377020475 0ustar tomtom#line 1 package Module::Install::RTx; use 5.008; use strict; use warnings; no warnings 'once'; use Module::Install::Base; use base 'Module::Install::Base'; our $VERSION = '0.31'; use FindBin; use File::Glob (); use File::Basename (); my @DIRS = qw(etc lib html static bin sbin po var); my @INDEX_DIRS = qw(lib bin sbin); sub RTx { my ( $self, $name ) = @_; my $original_name = $name; my $RTx = 'RTx'; $RTx = $1 if $name =~ s/^(\w+)-//; my $fname = $name; $fname =~ s!-!/!g; $self->name("$RTx-$name") unless $self->name; $self->all_from( -e "$name.pm" ? "$name.pm" : "lib/$RTx/$fname.pm" ) unless $self->version; $self->abstract("RT $name Extension") unless $self->abstract; my @prefixes = (qw(/opt /usr/local /home /usr /sw )); my $prefix = $ENV{PREFIX}; @ARGV = grep { /PREFIX=(.*)/ ? ( ( $prefix = $1 ), 0 ) : 1 } @ARGV; if ($prefix) { $RT::LocalPath = $prefix; $INC{'RT.pm'} = "$RT::LocalPath/lib/RT.pm"; } else { local @INC = ( $ENV{RTHOME} ? ( $ENV{RTHOME}, "$ENV{RTHOME}/lib" ) : (), @INC, map { ( "$_/rt4/lib", "$_/lib/rt4", "$_/rt3/lib", "$_/lib/rt3", "$_/lib" ) } grep $_, @prefixes ); until ( eval { require RT; $RT::LocalPath } ) { warn "Cannot find the location of RT.pm that defines \$RT::LocalPath in: @INC\n"; $_ = $self->prompt("Path to directory containing your RT.pm:") or exit; $_ =~ s/\/RT\.pm$//; push @INC, $_, "$_/rt3/lib", "$_/lib/rt3", "$_/lib"; } } my $lib_path = File::Basename::dirname( $INC{'RT.pm'} ); my $local_lib_path = "$RT::LocalPath/lib"; print "Using RT configuration from $INC{'RT.pm'}:\n"; unshift @INC, "$RT::LocalPath/lib" if $RT::LocalPath; unshift @INC, $lib_path; $RT::LocalVarPath ||= $RT::VarPath; $RT::LocalPoPath ||= $RT::LocalLexiconPath; $RT::LocalHtmlPath ||= $RT::MasonComponentRoot; $RT::LocalStaticPath ||= $RT::StaticPath; $RT::LocalLibPath ||= "$RT::LocalPath/lib"; my $with_subdirs = $ENV{WITH_SUBDIRS}; @ARGV = grep { /WITH_SUBDIRS=(.*)/ ? ( ( $with_subdirs = $1 ), 0 ) : 1 } @ARGV; my %subdirs; %subdirs = map { $_ => 1 } split( /\s*,\s*/, $with_subdirs ) if defined $with_subdirs; unless ( keys %subdirs ) { $subdirs{$_} = 1 foreach grep -d "$FindBin::Bin/$_", @DIRS; } # If we're running on RT 3.8 with plugin support, we really wany # to install libs, mason templates and po files into plugin specific # directories my %path; if ( $RT::LocalPluginPath ) { die "Because of bugs in RT 3.8.0 this extension can not be installed.\n" ."Upgrade to RT 3.8.1 or newer.\n" if $RT::VERSION =~ /^3\.8\.0/; $path{$_} = $RT::LocalPluginPath . "/$original_name/$_" foreach @DIRS; } else { foreach ( @DIRS ) { no strict 'refs'; my $varname = "RT::Local" . ucfirst($_) . "Path"; $path{$_} = ${$varname} || "$RT::LocalPath/$_"; } $path{$_} .= "/$name" for grep $path{$_}, qw(etc po var); } my %index = map { $_ => 1 } @INDEX_DIRS; $self->no_index( directory => $_ ) foreach grep !$index{$_}, @DIRS; my $args = join ', ', map "q($_)", map { ($_, $path{$_}) } grep $subdirs{$_}, keys %path; print "./$_\t=> $path{$_}\n" for sort keys %subdirs; if ( my @dirs = map { ( -D => $_ ) } grep $subdirs{$_}, qw(bin html sbin) ) { my @po = map { ( -o => $_ ) } grep -f, File::Glob::bsd_glob("po/*.po"); $self->postamble(<< ".") if @po; lexicons :: \t\$(NOECHO) \$(PERL) -MLocale::Maketext::Extract::Run=xgettext -e \"xgettext(qw(@dirs @po))\" . } my $postamble = << "."; install :: \t\$(NOECHO) \$(PERL) -MExtUtils::Install -e \"install({$args})\" . if ( $subdirs{var} and -d $RT::MasonDataDir ) { my ( $uid, $gid ) = ( stat($RT::MasonDataDir) )[ 4, 5 ]; $postamble .= << "."; \t\$(NOECHO) chown -R $uid:$gid $path{var} . } my %has_etc; if ( File::Glob::bsd_glob("$FindBin::Bin/etc/schema.*") ) { $has_etc{schema}++; } if ( File::Glob::bsd_glob("$FindBin::Bin/etc/acl.*") ) { $has_etc{acl}++; } if ( -e 'etc/initialdata' ) { $has_etc{initialdata}++; } $self->postamble("$postamble\n"); unless ( $subdirs{'lib'} ) { $self->makemaker_args( PM => { "" => "" }, ); } else { $self->makemaker_args( INSTALLSITELIB => $path{'lib'} ); $self->makemaker_args( INSTALLARCHLIB => $path{'lib'} ); } $self->makemaker_args( INSTALLSITEMAN1DIR => "$RT::LocalPath/man/man1" ); $self->makemaker_args( INSTALLSITEMAN3DIR => "$RT::LocalPath/man/man3" ); $self->makemaker_args( INSTALLSITEARCH => "$RT::LocalPath/man" ); if (%has_etc) { $self->load('RTxInitDB'); print "For first-time installation, type 'make initdb'.\n"; my $initdb = ''; $initdb .= <<"." if $has_etc{schema}; \t\$(NOECHO) \$(PERL) -Ilib -I"$local_lib_path" -I"$lib_path" -Minc::Module::Install -e"RTxInitDB(qw(schema \$(NAME) \$(VERSION)))" . $initdb .= <<"." if $has_etc{acl}; \t\$(NOECHO) \$(PERL) -Ilib -I"$local_lib_path" -I"$lib_path" -Minc::Module::Install -e"RTxInitDB(qw(acl \$(NAME) \$(VERSION)))" . $initdb .= <<"." if $has_etc{initialdata}; \t\$(NOECHO) \$(PERL) -Ilib -I"$local_lib_path" -I"$lib_path" -Minc::Module::Install -e"RTxInitDB(qw(insert \$(NAME) \$(VERSION)))" . $self->postamble("initdb ::\n$initdb\n"); $self->postamble("initialize-database ::\n$initdb\n"); } } # stolen from RT::Handle so we work on 3.6 (cmp_versions came in with 3.8) { my %word = ( a => -4, alpha => -4, b => -3, beta => -3, pre => -2, rc => -1, head => 9999, ); sub cmp_version($$) { my ($a, $b) = (@_); my @a = grep defined, map { /^[0-9]+$/? $_ : /^[a-zA-Z]+$/? $word{$_}|| -10 : undef } split /([^0-9]+)/, $a; my @b = grep defined, map { /^[0-9]+$/? $_ : /^[a-zA-Z]+$/? $word{$_}|| -10 : undef } split /([^0-9]+)/, $b; @a > @b ? push @b, (0) x (@a-@b) : push @a, (0) x (@b-@a); for ( my $i = 0; $i < @a; $i++ ) { return $a[$i] <=> $b[$i] if $a[$i] <=> $b[$i]; } return 0; }} sub requires_rt { my ($self,$version) = @_; # if we're exactly the same version as what we want, silently return return if ($version eq $RT::VERSION); my @sorted = sort cmp_version $version,$RT::VERSION; if ($sorted[-1] eq $version) { # should we die? warn "\nWarning: prerequisite RT $version not found. Your installed version of RT ($RT::VERSION) is too old.\n\n"; } } 1; __END__ #line 329 RT-Authen-ExternalAuth-0.17/MANIFEST.SKIP0000644000175000017500000000200412163100106015652 0ustar tomtom #!start included /opt/perlbrew/perls/perl-5.14.1/lib/5.14.1/ExtUtils/MANIFEST.SKIP # Avoid version control files. \bRCS\b \bCVS\b \bSCCS\b ,v$ \B\.svn\b \B\.git\b \B\.gitignore\b \b_darcs\b \B\.cvsignore$ # Avoid VMS specific MakeMaker generated files \bDescrip.MMS$ \bDESCRIP.MMS$ \bdescrip.mms$ # Avoid Makemaker generated and utility files. \bMANIFEST\.bak \bMakefile$ \bblib/ \bMakeMaker-\d \bpm_to_blib\.ts$ \bpm_to_blib$ \bblibdirs\.ts$ # 6.18 through 6.25 generated this # Avoid Module::Build generated and utility files. \bBuild$ \b_build/ \bBuild.bat$ \bBuild.COM$ \bBUILD.COM$ \bbuild.com$ # Avoid temp and backup files. ~$ \.old$ \#$ \b\.# \.bak$ \.tmp$ \.# \.rej$ # Avoid OS-specific files/dirs # Mac OSX metadata \B\.DS_Store # Mac OSX SMB mount metadata files \B\._ # Avoid Devel::Cover and Devel::CoverX::Covered files. \bcover_db\b \bcovered\b # Avoid MYMETA files ^MYMETA\. #!end included /opt/perlbrew/perls/perl-5.14.1/lib/5.14.1/ExtUtils/MANIFEST.SKIP ^xt/tmp/ \.tar\.gz$ \.sw[op]$ ^\.tags RT-Authen-ExternalAuth-0.17/README0000644000175000017500000001045012167334400014652 0ustar tomtomNAME RT::Authen::ExternalAuth - RT Authentication using External Sources DESCRIPTION A complete package for adding external authentication mechanisms to RT. It currently supports LDAP via Net::LDAP and External Database authentication for any database with an installed DBI driver. It also allows for authenticating cookie information against an external database through the use of the RT-Authen-CookieAuth extension. UPGRADING If you are upgrading from an earlier version of this extension, you must remove the following files manually: $RTHOME/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm $RTHOME/local/lib/RT/User_Vendor.pm $RTHOME/local/lib/RT/Authen/External_Auth.pm Otherwise you will most likely encounter an error about modifying a read only value and be unable to start RT. You may not have all of these files. It depends what versions you are upgrading between. If you are using a vendor packaged RT, your local directories are likely to be somewhere under /usr/local instead of in $RTHOME so you will need to visit Configuration -> Tools -> System Configuration to find your plugin root. VERSION NOTES If you are using RT 3.6, you want to use the 0.05 version. If you are using RT 3.8.0 or 3.8.1, you may have trouble using this due to RT bugs related to plugins, but you may be able to use 0.08. 0.08_02 or later will not work on 3.8.0 or 3.8.1 If you are using RT 4.0.0 or greater, you must use at least 0.09 MORE ABOUT THIS MODULE This module provides the ability to authenticate RT users against one or more external data sources at once. It will also allow information about that user to be loaded from the same, or any other available, source as well as allowing multple redundant servers for each method. The extension currently supports authentication and information from LDAP via the Net::LDAP module, and from any data source that an installed DBI driver is available for. It is also possible to use cookies set by an alternate application for Single Sign-On (SSO) with that application. For example, you may integrate RT with your own website login system so that once users log in to your website, they will be automagically logged in to RT when they access it. It was originally designed and tested against: MySQL v4.1.21-standard MySQL v5.0.22 Windows Active Directory v2003 But it has been designed so that it should work with ANY LDAP service and ANY DBI-drivable database, based upon the configuration given in your $RTHOME/etc/RT_SiteConfig.pm As of v0.08 ExternalAuth also allows you to pull a browser cookie value and test it against a DBI data source allowing the use of cookies for Single Sign-On (SSO) authentication with another application or website login system. This is due to the merging of RT::Authen::ExternalAuth and RT::Authen::CookieAuth. For example, you may integrate RT with your own website login system so that once users log in to your website, they will be automagically logged in to RT when they access it. INSTALLATION To install this module, run the following commands: perl Makefile.PL make make install If you are using RT 3.8.x, you need to enable this module by adding RT::Authen::ExternalAuth to your @Plugins configuration: Set( @Plugins, qw(RT::Authen::ExternalAuth) ); If you already have a @Plugins line, add RT::Authen::ExternalAuth to the existing list. Adding a second @Plugins line will cause interesting bugs. Once installed, you should view the file: 3.4/3.6 $RTHOME/local/etc/ExternalAuth/RT_SiteConfig.pm 3.8 $RTHOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm Then use the examples provided to prepare your own custom configuration which should be added to your site configuration in $RTHOME/etc/RT_SiteConfig.pm AUTHOR Mike Peachey Jennic Ltd. zordrak@cpan.org Various Best Practical Developers COPYRIGHT AND LICENCE Copyright (C) 2008, Jennic Ltd. This software is released under version 2 of the GNU General Public License. The license is distributed with this package in the LICENSE file found in the directory root. RT-Authen-ExternalAuth-0.17/MANIFEST0000644000175000017500000000177712167334405015144 0ustar tomtomChangeLog etc/RT_SiteConfig.pm html/Callbacks/ExternalAuth/autohandler/Auth html/Callbacks/ExternalAuth/autohandler/Session html/Callbacks/ExternalAuth/Elements/Header/Head html/Elements/DoAuth inc/Module/AutoInstall.pm inc/Module/Install.pm inc/Module/Install/AuthorTests.pm inc/Module/Install/AutoInstall.pm inc/Module/Install/Base.pm inc/Module/Install/Can.pm inc/Module/Install/Fetch.pm inc/Module/Install/Include.pm inc/Module/Install/Makefile.pm inc/Module/Install/Metadata.pm inc/Module/Install/ReadmeFromPod.pm inc/Module/Install/RTx.pm inc/Module/Install/Win32.pm inc/Module/Install/WriteAll.pm lib/RT/Authen/ExternalAuth.pm lib/RT/Authen/ExternalAuth/DBI.pm lib/RT/Authen/ExternalAuth/DBI/Cookie.pm lib/RT/Authen/ExternalAuth/LDAP.pm LICENSE Makefile.PL MANIFEST This list of files MANIFEST.SKIP META.yml README xt/ldap.t xt/ldap_escaping.t xt/ldap_group.t xt/ldap_privileged.t xt/obfuscate-password.t xt/sessions.t xt/sqlite.t SIGNATURE Public-key signature (added by MakeMaker) RT-Authen-ExternalAuth-0.17/html/0000700000175000017500000000000012167334405014731 5ustar tomtomRT-Authen-ExternalAuth-0.17/html/Elements/0000700000175000017500000000000012167334405016505 5ustar tomtomRT-Authen-ExternalAuth-0.17/html/Elements/DoAuth0000644000175000017500000000146712163100106017617 0ustar tomtom<%once> my $loaded_user = 0; <%init> use RT::Authen::ExternalAuth; my ($val,$msg); unless($session{'CurrentUser'} && $session{'CurrentUser'}->Id) { # It's important to nab the next page from the session before we # potentially blow the session away below. my $next = $session{'NextPage'}->{ $ARGS{'next'} || "" }; $next = $next->{'url'} if ref $next; ($val,$msg) = RT::Authen::ExternalAuth::DoAuth(\%session,$user,$pass); $RT::Logger->debug("Autohandler called ExternalAuth. Response: ($val, $msg)"); # 3.8.9 doesn't redirect to the specified page if request has one. RT::Interface::Web::Redirect( $next ) if $val and $next and $m->request_comp->path eq '/NoAuth/Login.html'; } return; <%ARGS> $user => undef $pass => undef $menu => undef RT-Authen-ExternalAuth-0.17/html/Callbacks/0000700000175000017500000000000012167334405016610 5ustar tomtomRT-Authen-ExternalAuth-0.17/html/Callbacks/ExternalAuth/0000700000175000017500000000000012167334405021214 5ustar tomtomRT-Authen-ExternalAuth-0.17/html/Callbacks/ExternalAuth/Elements/0000700000175000017500000000000012167334405022770 5ustar tomtomRT-Authen-ExternalAuth-0.17/html/Callbacks/ExternalAuth/Elements/Header/0000700000175000017500000000000012167334405024160 5ustar tomtomRT-Authen-ExternalAuth-0.17/html/Callbacks/ExternalAuth/Elements/Header/Head0000644000175000017500000000044111710320466024750 0ustar tomtom% if ( $session{CurrentUser}->UserObj->__Value('Password') eq '*NO-PASSWORD*') { % } <%INIT> return unless $m->request_comp->path eq '/User/Prefs.html'; return unless $session{CurrentUser} && $session{CurrentUser}->id; RT-Authen-ExternalAuth-0.17/html/Callbacks/ExternalAuth/autohandler/0000700000175000017500000000000012167334405023522 5ustar tomtomRT-Authen-ExternalAuth-0.17/html/Callbacks/ExternalAuth/autohandler/Auth0000644000175000017500000000004511710320466024352 0ustar tomtom%$m->comp('/Elements/DoAuth',%ARGS); RT-Authen-ExternalAuth-0.17/html/Callbacks/ExternalAuth/autohandler/Session0000644000175000017500000000004612163100106025063 0ustar tomtom% $m->comp('/Elements/DoAuth',%ARGS); RT-Authen-ExternalAuth-0.17/LICENSE0000644000175000017500000004314211621316461015004 0ustar tomtom GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. RT-Authen-ExternalAuth-0.17/ChangeLog0000644000175000017500000003064412167334346015564 0ustar tomtom0.17 2013-07-10 Thomas Sibley * Forbid using RT's internal Users table as an auth service 0.16 2013-06-27 Thomas Sibley * Add new p_check option to DBI authentication module 0.15 2013-05-22 Thomas Sibley * Minor documentation updates to add NAME sections for MetaCPAN 0.14 2013-05-22 Thomas Sibley * Prevent potential session reuse when Apache::Session::File is RT's $WebSessionClass. This is also resolved by RT versions 4.0.13 and 3.8.17 and by the May 2013 security patches. Changes here are purely for correctness/bulletproofing down the road. * Moved much documentation from comments into POD; cleanups are still needed, but this is a good start. 0.13 2013-01-31 Thomas Sibley * Cut down on code by using the core RT::Record->Update method 0.12 2012-10-26 Thomas Sibley * Redirect correctly after login on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches * Added "group_scope" as a configurable option. * Tests: Add to LDAP the base DN under which we search for users/groups 0.11 2012-07-03 Alex Vandiver * Obfuscate passwords in RT's System Configuration page * Set an empty CurrentUser on failure, instead of removing it entirely 0.10_01 2012-02-23 Thomas Sibley * Escape usernames in filter values so special characters don't die 0.10 2012-02-17 Thomas Sibley * Silence confusing log messages when $ExternalInfoPriority is empty 0.09_03 2012-01-27 Thomas Sibley * Fetch the necessary attributes when group_attr_value is used * Test escaping of commas during the group check 0.09_02 2012-01-26 Thomas Sibley * Improved logging inside the LDAP group membership check 0.09_01 2012-01-23 Thomas Sibley * Improved logic when dealing with Disabled/disabling users * Configurable group membership attribute values * Group membership tests 0.09 2011-05-06 Kevin Falcone * compatibility fixes for 3.8.10 and 4.0.0 * author testsuite * updated README v0.08_01 2011-02-18 Kevin Falcone * Testing prerelase for 0.09, since 0.09_01 never made it to CPAN * Upgrade Module::Install * Remove and then replace a requires('RT') since Module::Install::RTx now handles that * Fix the features/recommends to work with modern MI * Use CSS to hide password box for ExternalAuth users so they don't think they can change their password via RT * Fix for 3.8.9/4.0.0 to work with new Login infrastructure NEVER RELEASED v0.09_01 2009-03-28 Mike Peachey * Makefile.PL Removed RT requirement since most RT installs are not done via CPAN and therefore CPAN installation fails dependency checking. * ChangeLog Added entry for v0.09_01 v0.08 2009-01-24 Mike Peachey * lib/RT/Authen/ExternalAuth.pm Version updated to 0.08 * ChangeLog Added entry for v0.08 * etc/RT_SiteConfig.pm Added ssl_version to example LDAP config as it is used by the code, but had not been demonstrated. s/Crypt::MD5::md5_hex/Digest::MD5::md5_hex/ in example DBI config. Added the ability to provide a static salt to the p_enc_sub however this behavious may be reviewed in future releases to allow integration with better encryption methods. s/userSupportAccess/disabled/ in example DBI config. * html/Callbacks/ExternalAuth/autohandler/Auth Modified the log message regarding the RT-3.8.[01] plugin bug from error level to debug level and modified the text of the message to be more clear for RT-3.8.2+ users. v0.08_01 2009-01-20 Mike Peachey * ChangeLog Added entry for v0.08_01 Tabs-to-spaces conversion made where needed. * lib/RT/Authen/ExternalAuth.pm Version updated to 0.08_01 DoAuth method created to inherit the work that used to be performed by the Auth callback for autohandler. GetAuth reduced to an interface. Its purpose is now just to check what type of service was passed and then call the GetAuth method from the right package. Authentication now halts and returns with error if ExternalAuthPriority is not set. This prevents a fairly useless compile error and logs an explanation instead. Information lookup is now bypassed and logged if ExternalInfoPriority is not set, preventing another useless compile error and replacing it with an explanation. SSO Cookie authentication now available following the integration of RT::Authen::CookieAuth. Methods updated to reflect the availability of this service. * lib/RT/Authen/ExternalAuth/DBI/Cookie.pm File added to house the cookie grab. While SSO cookies are a function of DBI authentication (at the moment at least) there is no need for DBI.pm to use CGI::Cookie for this one purpose. With the future possibility of futher cookie functions as well, I decided it deserved its own module. * lib/RT/Authen/ExternalAuth/LDAP.pm Changed an unless($base) to unless(defined($base)) to allow for the use of a defined, but empty, baseDN so that an LDAP directory may be searched from the root. * etc/RT_SiteConfig.pm CookieAuth settings have been merged into the ExternalAuth settings hash. Example from CookieAuth has been merged in. 'auth' and 'info' settings have been deprecated and so have been removed from the examples. The function they served has been replaced by the ExternalAuthPriority and ExternalInfoPriority variables. * lib/RT/Authen/User_Vendor.pm The override for the IsPassword method has been deprecated and deleted. It is no longer necessary to do password tests as a call to the User object. The equivalent function is now provided by GetAuth in ExternalAuth.pm and is called with an ExternalAuth service name, username and password. Currently, this only needs to be called by DoAuth in ExternalAuth.pm While RT::Authen::ExternalAuth used to be used to integrate internal RT authentication with an external method as a single operation, this causes a lack of modularity. Now ExternalAuth is only concerned with its own authentication methods and if they fail then RT will decide to do fallback to internal authentication on its own. * html/Callbacks/ExternalAuth/autohandler/Auth Workaround for RT versions 3.8.0 and 3.8.1 removed. RT::Authen::ExternalAuth v0.08 will be officially compatible only with versions 3.8.2 and up. All functionality has been replaced by a call to ExternalAuth.pm's DoAuth method. This is permitted by the passing of a reference to the current session variable. DoAuth simply modifies that variable as necessary to perform its function. Any data returned is purely informational. * README Updated to include basic information on SSO cookies. * Makefile.PL Updated to reflect the integration of RT::Authen::CookieAuth. v0.07_02 2008-12-22 Kevin Falcone * html/Callbacks/ExternalAuth/autohandler/Auth Make the workaround needed for 3.8.1 work on 3.8.2 v0.07_01 2008-11-06 Mike Peachey Kevin Falcone * ALL Complete code refactoring and updates for RT-3.8.x compatability. v0.06 2008-11-01 Mike Peachey * README A few minor tweaks. * lib/RT/Authen/ExternalAuth.pm Version updated to 0.06 * etc/RT_SiteConfig.pm A number of clarifications added to the example config comments such as making clear the fact that a valid d_filter is required. v0.06_03 2008-10-31 Mike Peachey Kevin Falcone * html/Callbacks/ExternalAuth/autohandler/Auth Add fix to work around a plugin bug in RT-3.8.0 & RT-3.8.1 preventing User_Vendor.pm overlay being required before RT::User is loaded. Check the return value from calling RT::User::Create. Check the return value when loading an autocreated user. * README Updated to talk about removing old files in local/. * lib/RT/Authen/User_Vendor.pm Added error-checking to complain if a an LDAP configuration is in use, but no d_filter has been specified. * lib/RT/Authen/ExternalAuth.pm Version updated to 0.06_03. * ChangeLog General clean-up. v0.06_02 2008-10-01 Kevin Falcone * ChangeLog Updates to previous release. * lib/RT/Authen/ExternalAuth.pm Version updated to 0.06_02. v0.06_01 2008-10-17 Kevin Falcone * lib/RT/Authen/User_Vendor.pm Add a patch to be compatible with 3.8 * Upgrade Module::Install::RTx to work better with RT-3.8.x v0.05 2008-04-09 Mike Peachey * lib/RT/Authen/User_Vendor.pm Typo on line 962. s/servicen/service/ * html/Callbacks/ExternalAuth/autohandler/Auth Deprecated $user_autocreated. It was being used to prevent a call to RT::User::UpdateFromExternal in User_Vendor.pm because it was deemed an unecessary expense to set the user's info and then look it up again straight after. However, I have since realised that UpdateFromExternal is the only code doing a check to see if the user has been disabled in the external source and so bypassing it when users are created allows new users to log in once even if they have not been "enabled". I will be doing a small rewrite of this code in the future to abstract the External disable-lookup code from UpdateFromExternal and perhaps remove the function altogether, but for now everything will work fine. * ChangeLog I did it again. I added a / on the front of the path to ExternalAuth.pm. What a plonker! * lib/RT/Authen/ExternalAuth.pm Version updated to 0.05 v0.04 2008-04-03 Mike Peachey * etc/RT_SiteConfig.pm The example LDAP ExternalSettings configuration did not contain example values for user and pass for RT's connection to an LDAP server. These have now been added. Thanks to Andrew Fay for noticing this one. * ChangeLog Removed a "/" from the start of the ExternalAuth.pm file line in 0.03 * lib/RT/Authen/ExternalAuth.pm Version updated to 0.04 v0.03 2008-03-31 Mike Peachey * html/Callbacks/ExternalAuth/autohandler/Auth Bug found on lines 94-100. The ELSE block starting on line 95 was assigned to the IF starting on 85 instead of the IF block starting on line 86. This meant that if the user entered at the login screen exists no password would be checked. It was doing this: If session has current user who has an ID If password has already been validated SUCCESS Else Return to autohandler with valid session & implicit auth Else delete session This has now been corrected to this: If session has current user who has an ID If password has already been validated SUCCESS Else Delete session Else return to autohandler with whatever we had before the block * lib/RT/Authen/ExternalAuth.pm Version updated to 0.03 v0.02 2008-03-17 Mike Peachey * lib/RT/User_Vendor.pm Bug #1 found on line 446. CanonicalizeUserInfo was being called directly, instead of being called on the $self user object. This was causing CanonicalizeUserInfo to shift the e-mail address it was passed into the $self var instead of the $email var. It was therefore returning a blank e-mail address regardless of the input. * lib/RT/User_Vendor.pm Header comments altered to reflect that the file is part of the RT::Authen::ExternalAuth extension. * /lib/RT/Authen/ExternalAuth.pm Version updated to 0.02 v0.01 2008-03-13 Mike Peachey * Initial Release