RT-Authen-ExternalAuth-0.25/000755 000766 000024 00000000000 12420030543 016355 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/CHANGES000644 000766 000024 00000024110 12420027776 017364 0ustar00falconestaff000000 000000 0.25 2014-10-16 - Fix a regression causing Charts and Custom Logos to not render properly 0.24 2014-10-09 - No changes since 0.23_01 0.23_01 2014-09-30 - Call core's autohandler/SuccessfulLogin callback after logging in a user. Now code written to run after a core login also runs for external logins. - Convert to UNIX line endings - Fix typos and errors in debug messages - Fix ExternalInfoPriority variable name in example - Check configs at PostLoadCheck time, instead of every auth - Support verifying LDAPS connections - Respect 4.0 "AutoCreate" as well as 4.2 "UserAutocreateDefaultsOnLogin" configs - Packaging updates 0.23 2014-08-14 - Packaging changes only 0.22_01 2014-08-13 - Move main configuration documentation into RT::Authen::ExternalAuth - Remove unnecessary $ExternalServiceUsesSSLorTLS option - Prevent segfaults during server startup when using a LDAPS connection under mod_perl + mod_ssl 0.21 2014-07-01 Kevin Falcone - Fix another bad attr_match_list example - Better documentation about anonymous binds 0.20 2014-04-09 Kevin Falcone - Fix bad attr_match_list example in the synopsis 0.19 2014-04-04 Kevin Falcone - Fix a bug in the ExternalSettings doc example in RT_SiteConfig.pm 0.18 2014-03-07 Kevin Falcone - Remove docs that reference unmerged features (multiple emails) 0.17 2013-07-10 Thomas Sibley - Forbid using RT's internal Users table as an auth service 0.16 2013-06-27 Thomas Sibley - Add new p_check option to DBI authentication module 0.15 2013-05-22 Thomas Sibley - Minor documentation updates to add NAME sections for MetaCPAN 0.14 2013-05-22 Thomas Sibley - Prevent potential session reuse when Apache::Session::File is RT's $WebSessionClass. This is also resolved by RT versions 4.0.13 and 3.8.17 and by the May 2013 security patches. Changes here are purely for correctness/bulletproofing down the road. - Moved much documentation from comments into POD; cleanups are still needed, but this is a good start. 0.13 2013-01-31 Thomas Sibley - Cut down on code by using the core RT::Record->Update method 0.12 2012-10-26 Thomas Sibley - Redirect correctly after login on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches - Added "group_scope" as a configurable option. - Tests: Add to LDAP the base DN under which we search for users/groups 0.11 2012-07-03 Alex Vandiver - Obfuscate passwords in RT's System Configuration page - Set an empty CurrentUser on failure, instead of removing it entirely 0.10_01 2012-02-23 Thomas Sibley - Escape usernames in filter values so special characters don't die 0.10 2012-02-17 Thomas Sibley - Silence confusing log messages when $ExternalInfoPriority is empty 0.09_03 2012-01-27 Thomas Sibley - Fetch the necessary attributes when group_attr_value is used - Test escaping of commas during the group check 0.09_02 2012-01-26 Thomas Sibley - Improved logging inside the LDAP group membership check 0.09_01 2012-01-23 Thomas Sibley - Improved logic when dealing with Disabled/disabling users - Configurable group membership attribute values - Group membership tests 0.09 2011-05-06 Kevin Falcone - compatibility fixes for 3.8.10 and 4.0.0 - author testsuite - updated README 0.08_01 2009-01-20 Mike Peachey - DoAuth method created to inherit the work that used to be performed by the Auth callback for autohandler. - GetAuth reduced to an interface. Its purpose is now just to check what type of service was passed and then call the GetAuth method from the right package. - Authentication now halts and returns with error if ExternalAuthPriority is not set. This prevents a fairly useless compile error and logs an explanation instead. - Information lookup is now bypassed and logged if ExternalInfoPriority is not set, preventing another useless compile error and replacing it with an explanation. - SSO Cookie authentication now available following the integration of RT::Authen::CookieAuth. Methods updated to reflect the availability of this service. - File added to house the cookie grab. While SSO cookies are a function of DBI authentication (at the moment at least) there is no need for DBI.pm to use CGI::Cookie for this one purpose. With the future possibility of futher cookie functions as well, I decided it deserved its own module. - Changed an unless($base) to unless(defined($base)) to allow for the use of a defined, but empty, baseDN so that an LDAP directory may be searched from the root. - CookieAuth settings have been merged into the ExternalAuth settings hash. Example from CookieAuth has been merged in. - 'auth' and 'info' settings have been deprecated and so have been removed from the examples. The function they served has been replaced by the ExternalAuthPriority and ExternalInfoPriority variables. - The override for the IsPassword method has been deprecated and deleted. It is no longer necessary to do password tests as a call to the User object. The equivalent function is now provided by GetAuth in ExternalAuth.pm and is called with an ExternalAuth service name, username and password. Currently, this only needs to be called by DoAuth in ExternalAuth.pm - While RT::Authen::ExternalAuth used to be used to integrate internal RT authentication with an external method as a single operation, this causes a lack of modularity. Now ExternalAuth is only concerned with its own authentication methods and if they fail then RT will decide to do fallback to internal authentication on its own. - Workaround for RT versions 3.8.0 and 3.8.1 removed. RT::Authen::ExternalAuth v0.08 will be officially compatible only with versions 3.8.2 and up. - README: Updated to include basic information on SSO cookies. - Makefile.PL: Updated to reflect the integration of RT::Authen::CookieAuth. 0.08 2009-01-24 Mike Peachey - Added ssl_version to example LDAP config as it is used by the code, but had not been demonstrated. - s/Crypt::MD5::md5_hex/Digest::MD5::md5_hex/ in example DBI config. - Added the ability to provide a static salt to the p_enc_sub however this behavious may be reviewed in future releases to allow integration with better encryption methods. - s/userSupportAccess/disabled/ in example DBI config. - Modified the log message regarding the RT-3.8.[01] plugin bug from error level to debug level and modified the text of the message to be more clear for RT-3.8.2+ users. 0.07_02 2008-12-22 Kevin Falcone - Make the workaround needed for 3.8.1 work on 3.8.2 0.07_01 2008-11-06 Mike Peachey , Kevin Falcone - Complete code refactoring and updates for RT-3.8.x compatability. 0.06_03 2008-10-31 Mike Peachey , Kevin Falcone - Add fix to work around a plugin bug in RT-3.8.0 & RT-3.8.1 preventing User_Vendor.pm overlay being required before RT::User is loaded. - Check the return value from calling RT::User::Create. - Check the return value when loading an autocreated user. - README: Updated to talk about removing old files in local/. - Added error-checking to complain if a an LDAP configuration is in use, but no d_filter has been specified. 0.06_02 2008-10-01 Kevin Falcone - ChangeLog: Updates to previous release. 0.06_01 2008-10-17 Kevin Falcone - Add a patch to be compatible with 3.8 - Upgrade Module::Install::RTx to work better with RT-3.8.x 0.06 2008-11-01 Mike Peachey - A number of clarifications added to the example config comments such as making clear the fact that a valid d_filter is required. 0.05 2008-04-09 Mike Peachey - Typo on line 962 of User_Vendor.pm: s/servicen/service/ - Deprecated $user_autocreated. It was being used to prevent a call to RT::User::UpdateFromExternal in User_Vendor.pm because it was deemed an unecessary expense to set the user's info and then look it up again straight after. However, I have since realised that UpdateFromExternal is the only code doing a check to see if the user has been disabled in the external source and so bypassing it when users are created allows new users to log in once even if they have not been "enabled". I will be doing a small rewrite of this code in the future to abstract the External disable-lookup code from UpdateFromExternal and perhaps remove the function altogether, but for now everything will work fine. 0.04 2008-04-03 Mike Peachey - The example LDAP ExternalSettings configuration did not contain example values for user and pass for RT's connection to an LDAP server. These have now been added. Thanks to Andrew Fay for noticing this one. 0.03 2008-03-31 Mike Peachey - Bug found on lines 94-100 in Auth callback in autohandler. The ELSE block starting on line 95 was assigned to the IF starting on 85 instead of the IF block starting on line 86. This meant that if the user entered at the login screen exists no password would be checked. It was doing this: If session has current user who has an ID If password has already been validated SUCCESS Else Return to autohandler with valid session & implicit auth Else delete session This has now been corrected to this: If session has current user who has an ID If password has already been validated SUCCESS Else Delete session Else return to autohandler with whatever we had before the block 0.02 2008-03-17 Mike Peachey - Bug #1 found on line 446 of User_Vendor.pm; CanonicalizeUserInfo was being called directly, instead of being called on the $self user object. This was causing CanonicalizeUserInfo to shift the e-mail address it was passed into the $self var instead of the $email var. It was therefore returning a blank e-mail address regardless of the input. - User_Vendor.pm: Header comments altered to reflect that the file is part of the RT::Authen::ExternalAuth extension. 0.01 2008-03-13 Mike Peachey - Initial Release RT-Authen-ExternalAuth-0.25/html/000755 000766 000024 00000000000 12420030543 017321 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/inc/000755 000766 000024 00000000000 12420030543 017126 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/lib/000755 000766 000024 00000000000 12420030543 017123 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/LICENSE000644 000766 000024 00000043142 12047047351 017400 0ustar00falconestaff000000 000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. RT-Authen-ExternalAuth-0.25/Makefile.PL000755 000766 000024 00000001057 12401700441 020335 0ustar00falconestaff000000 000000 use inc::Module::Install; RTx('RT-Authen-ExternalAuth'); feature 'SSL LDAP Connections' => -default => 0, recommends('Net::SSLeay' => 0), ; feature 'External LDAP Sources' => -default => 1, recommends('Net::LDAP' => 0), ; feature 'External DBI Sources' => -default => 1, recommends('DBI' => 0), ; feature 'SSO Cookie Sources' => -default => 1, recommends('CGI::Cookie' => 0), ; author_tests('xt'); &auto_install(); repository 'https://github.com/bestpractical/rt-authen-externalauth'; sign; &WriteAll; RT-Authen-ExternalAuth-0.25/MANIFEST000644 000766 000024 00000002057 12420030543 017512 0ustar00falconestaff000000 000000 CHANGES html/Callbacks/ExternalAuth/autohandler/Auth html/Callbacks/ExternalAuth/autohandler/Session html/Callbacks/ExternalAuth/Elements/Header/Head html/Elements/DoAuth inc/Module/AutoInstall.pm inc/Module/Install.pm inc/Module/Install/AuthorTests.pm inc/Module/Install/AutoInstall.pm inc/Module/Install/Base.pm inc/Module/Install/Can.pm inc/Module/Install/Fetch.pm inc/Module/Install/Include.pm inc/Module/Install/Makefile.pm inc/Module/Install/Metadata.pm inc/Module/Install/ReadmeFromPod.pm inc/Module/Install/RTx.pm inc/Module/Install/RTx/Runtime.pm inc/Module/Install/Win32.pm inc/Module/Install/WriteAll.pm inc/unicore/Name.pm inc/YAML/Tiny.pm lib/RT/Authen/ExternalAuth.pm lib/RT/Authen/ExternalAuth/DBI.pm lib/RT/Authen/ExternalAuth/DBI/Cookie.pm lib/RT/Authen/ExternalAuth/LDAP.pm LICENSE Makefile.PL MANIFEST This list of files MANIFEST.SKIP META.yml README xt/ldap.t xt/ldap_escaping.t xt/ldap_group.t xt/ldap_privileged.t xt/obfuscate-password.t xt/sessions.t xt/sqlite.t SIGNATURE Public-key signature (added by MakeMaker) RT-Authen-ExternalAuth-0.25/MANIFEST.SKIP000644 000766 000024 00000002004 12306440474 020262 0ustar00falconestaff000000 000000 #!start included /opt/perlbrew/perls/perl-5.14.1/lib/5.14.1/ExtUtils/MANIFEST.SKIP # Avoid version control files. \bRCS\b \bCVS\b \bSCCS\b ,v$ \B\.svn\b \B\.git\b \B\.gitignore\b \b_darcs\b \B\.cvsignore$ # Avoid VMS specific MakeMaker generated files \bDescrip.MMS$ \bDESCRIP.MMS$ \bdescrip.mms$ # Avoid Makemaker generated and utility files. \bMANIFEST\.bak \bMakefile$ \bblib/ \bMakeMaker-\d \bpm_to_blib\.ts$ \bpm_to_blib$ \bblibdirs\.ts$ # 6.18 through 6.25 generated this # Avoid Module::Build generated and utility files. \bBuild$ \b_build/ \bBuild.bat$ \bBuild.COM$ \bBUILD.COM$ \bbuild.com$ # Avoid temp and backup files. ~$ \.old$ \#$ \b\.# \.bak$ \.tmp$ \.# \.rej$ # Avoid OS-specific files/dirs # Mac OSX metadata \B\.DS_Store # Mac OSX SMB mount metadata files \B\._ # Avoid Devel::Cover and Devel::CoverX::Covered files. \bcover_db\b \bcovered\b # Avoid MYMETA files ^MYMETA\. #!end included /opt/perlbrew/perls/perl-5.14.1/lib/5.14.1/ExtUtils/MANIFEST.SKIP ^xt/tmp/ \.tar\.gz$ \.sw[op]$ ^\.tags RT-Authen-ExternalAuth-0.25/META.yml000644 000766 000024 00000001533 12420030037 017626 0ustar00falconestaff000000 000000 --- abstract: 'RT Authentication using External Sources' author: - 'Best Practical Solutions, LLC ' build_requires: ExtUtils::MakeMaker: 6.59 configure_requires: ExtUtils::MakeMaker: 6.59 distribution_type: module dynamic_config: 1 generated_by: 'Module::Install version 1.12' license: gpl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: 1.4 name: RT-Authen-ExternalAuth no_index: directory: - html - inc - xt recommends: CGI::Cookie: 0 DBI: 0 Net::LDAP: 0 Net::SSLeay: 0 requires: CGI::Cookie: 0 DBI: 0 Net::LDAP: 0 Net::SSLeay: 0 perl: 5.8.3 resources: license: http://opensource.org/licenses/gpl-license.php repository: https://github.com/bestpractical/rt-authen-externalauth version: '0.25' x_module_install_rtx_version: '0.36' x_requires_rt: 4.0.0 RT-Authen-ExternalAuth-0.25/README000644 000766 000024 00000023142 12420030036 017234 0ustar00falconestaff000000 000000 NAME RT::Authen::ExternalAuth - RT Authentication using External Sources DESCRIPTION This module provides the ability to authenticate RT users against one or more external data sources at once. It will also allow information about that user to be loaded from the same, or any other available, source as well as allowing multple redundant servers for each method. The extension currently supports authentication and information from LDAP via the Net::LDAP module, and from any data source that an installed DBI driver is available for. It is also possible to use cookies set by an alternate application for Single Sign-On (SSO) with that application. For example, you may integrate RT with your own website login system so that once users log in to your website, they will be automagically logged in to RT when they access it. INSTALLATION perl Makefile.PL make make install May need root permissions Edit your /opt/rt4/etc/RT_SiteConfig.pm If you are using RT 4.2 or greater, add this line: Plugin('RT::Authen::ExternalAuth'); For RT 4.0, add this line: Set(@Plugins, qw(RT::Authen::ExternalAuth) ); or add RT::Authen::ExternalAuth to your existing @Plugins line. See "CONFIGURATION" for additional configuration to add to your RT_SiteConfig.pm file. UPGRADING If you are upgrading from an earlier version of this extension, you must remove the following files manually: /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm /opt/rt4/local/lib/RT/User_Vendor.pm /opt/rt4/local/lib/RT/Authen/External_Auth.pm Otherwise you will most likely encounter an error about modifying a read only value and be unable to start RT. You may not have all of these files. It depends what versions you are upgrading between. If you are using a vendor packaged RT, your local directories are likely to be somewhere under /usr/local instead of in /opt/rt4 so you will need to visit Configuration -> Tools -> System Configuration to find your plugin root. CONFIGURATION RT::Authen::ExternalAuth provides a lot of flexibility with many configuration options. The following desc these configuration options, and provides a complete example. $ExternalAuthPriority The order in which the services defined in "$ExternalSettings" should be used to authenticate users. Once the user has been authenticated by one service, the rest are skipped. You should remove services you don't use. For example, if you're only using My_LDAP, remove My_MySQL and My_SSO_Cookie. Set($ExternalAuthPriority, [ 'My_LDAP', 'My_MySQL', 'My_SSO_Cookie' ] ); $ExternalInfoPriority When multiple auth services are available, this value defines the order in which the services defined in "$ExternalSettings" should be used to get information about users. This includes RealName, telephone numbers etc, but also whether or not the user should be considered disabled. Once a user record is found, no more services are checked. You CANNOT use a SSO cookie to retrieve information. You should remove services you don't use, but you must define at least one service. Set($ExternalInfoPriority, [ 'My_LDAP', 'My_MySQL', ] ); $AutoCreateNonExternalUsers If this is set to 1, then users should be autocreated by RT as internal users if they fail to authenticate from an external service. This is useful if you have users outside your organization who might interface with RT, perhaps by sending email to a support email address. $ExternalSettings These are the full settings for each external service as a hash of hashes. Note that you may have as many external services as you wish. They will be checked in the order specified in "$ExternalAuthPriority" and "$ExternalInfoPriority" directives above. The outer structure is a key with the authentication option (name of external source). The value is a hash reference with configuration keys and values, for example: Set($ExternalSettings, { My_LDAP => { type => 'ldap', ... other options ... }, My_MySQL => { type => 'db', ... other options ... }, ... other sources ... } ); As shown above, each description should have 'type' defined. The following types are supported: ldap Authenticate against and sync information with LDAP servers. See RT::Authen::ExternalAuth::LDAP for details. db Authenticate against and sync information with external RDBMS, supported by Perl's DBI interface. See RT::Authen::ExternalAuth::DBI for details. cookie Authenticate by cookie. See RT::Authen::ExternalAuth::DBI::Cookie for details. See the modules noted above for configuration options specific to each type. The following apply to all types. attr_match_list The list of RT attributes that uniquely identify a user. These values are used, in order, to find users in the selected authentication source. Each value specified here must have a mapping in the "attr_map" section below. You can remove values you don't expect to match, but we recommend using Name and EmailAddress at a minimum. For example: 'attr_match_list' => [ 'Name', 'EmailAddress', ], You should not use items that can map to multiple users (such as a RealName or building name). attr_map Mapping of RT attributes on to attributes in the external source. Valid keys are attributes of an RT::User . The values are attributes from your authentication source. For example, an LDAP mapping might look like: 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', ... }, Example # Use the below LDAP source for both authentication, as well as user # information Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); # Users created from LDAP should be Privileged; this is a core RT # option. Additionally, this is the 4.2 name for the option; for RT # 4.0, is it named $AutoCreate See the core RT documentation at # http://docs.bestpractical.com/RT_Config#UserAutocreateDefaultsOnLogin # for for further details. Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); # Users should still be autocreated by RT as internal users if they # fail to exist in an external service; this is so requestors (who # are not in LDAP) can still be created when they email in. Set($AutoCreateNonExternalUsers, 1); # Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for # further details and examples Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ldap.example.com', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' => 'ou=Staff,dc=example,dc=com', 'filter' => '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' => [ 'Name', 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co', }, }, } ); AUTHORS Best Practical Solutions, LLC Originally by Mike Peachey (Jennic Ltd.) BUGS All bugs should be reported via email to L or via the web at L. LICENSE AND COPYRIGHT Copyright (c) 2008-2014 by Best Practical Solutions, LLC Copyright (c) 2008 by Jennic Ltd. This is free software, licensed under: The GNU General Public License, Version 2, June 1991 RT-Authen-ExternalAuth-0.25/SIGNATURE000644 000766 000024 00000006674 12420030543 017656 0ustar00falconestaff000000 000000 This file contains message digests of all files listed in MANIFEST, signed via the Module::Signature module, version 0.73. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: % cpansign -v It will check each file's integrity, as well as the signature's validity. If "==> Signature verified OK! <==" is not displayed, the distribution may already have been compromised, and you should not run its Makefile.PL or Build.PL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SHA1 7891accfe8c61a4028dcfd503a78fcf010168e0d CHANGES SHA1 3273dec18766d9445070e6758f2edcb3760599f9 LICENSE SHA1 3d6cfd615add58f44fd4299a8e65117402f87733 MANIFEST SHA1 4f9a3da777764252acf6d92741bcebf505857527 MANIFEST.SKIP SHA1 01f06d5ea214266521f65bd945e3a8a17c7e1100 META.yml SHA1 3bded9dffe91ed80fb28c3eeb633c65eb807d6da Makefile.PL SHA1 b68f1a8f491a00c87e678c6cf31ca95d9cd2f727 README SHA1 33c97c7f30b52fd18e11f6eaf275d21627a89050 html/Callbacks/ExternalAuth/Elements/Header/Head SHA1 3b536ec2292ce8e74cfe96f428048fb1f9589ae8 html/Callbacks/ExternalAuth/autohandler/Auth SHA1 3f6bfd07c642fec5c2553ed97414c82a19b6107a html/Callbacks/ExternalAuth/autohandler/Session SHA1 37172dd7281c5d5f7289ec8a0b08783534068277 html/Elements/DoAuth SHA1 248dabb0dbdd603ecf7374c69e9a51073453e15d inc/Module/AutoInstall.pm SHA1 9b5001bfa9cf8607b3b3935284d9253e0391c9f1 inc/Module/Install.pm SHA1 d001b4b9a48395a8c4134b234a0e1789138427c5 inc/Module/Install/AuthorTests.pm SHA1 4d21888488f7c6a67742343a0be404bb7e1b3e66 inc/Module/Install/AutoInstall.pm SHA1 cab0e564f9bdf658535f683aa197157e06d0dcea inc/Module/Install/Base.pm SHA1 a1559b5b3b40f68efbbd256f4fef85970891b3ae inc/Module/Install/Can.pm SHA1 f15c1ba85f6d52e70c48c64bf0752c90a4ad66f9 inc/Module/Install/Fetch.pm SHA1 d44d96acd20793306dd201030c688e2a7d3083ee inc/Module/Install/Include.pm SHA1 eb48df8bafd07c6a862126d9b274df42b4395742 inc/Module/Install/Makefile.pm SHA1 95c73873c6c3cb7024614c225c53863e1e90c134 inc/Module/Install/Metadata.pm SHA1 6e010ba20a9d0ae23d8d0ff516868c1e571c2d44 inc/Module/Install/RTx.pm SHA1 3fdf4c0cffdb1a2e23e5cd26bf95be553f1f9590 inc/Module/Install/RTx/Runtime.pm SHA1 79f5b4199f622e8b05aac266b0c39f6a85bb303f inc/Module/Install/ReadmeFromPod.pm SHA1 f8b2ae3386f6ba26c33408968a953d450842eade inc/Module/Install/Win32.pm SHA1 f302bc703d76299cff243e5b44cecd61aac27b76 inc/Module/Install/WriteAll.pm SHA1 4e09b598c2626e08cec2bed5e981492fa9e90967 inc/YAML/Tiny.pm SHA1 034d0f3a7401dae4be3eee279258181f51a4ad81 inc/unicore/Name.pm SHA1 224710c4fdd1f34ba229a8cf89f5b948dd3021d4 lib/RT/Authen/ExternalAuth.pm SHA1 43ff178acf0406e2e8b7b7901dcc9422bbb14568 lib/RT/Authen/ExternalAuth/DBI.pm SHA1 71d7b21728c9e4a19599f0caefb7f795e8e210f5 lib/RT/Authen/ExternalAuth/DBI/Cookie.pm SHA1 e8f55c33875bf5927413e77f2c035432ab6d4aea lib/RT/Authen/ExternalAuth/LDAP.pm SHA1 f8945f8859ff7c53e9e0e366f54e6ec483674e83 xt/ldap.t SHA1 9b1656e947f2a59f0251582503d1752dbf1ad85f xt/ldap_escaping.t SHA1 1a4e26ff4a820fc7a856598fa3e38131a6953506 xt/ldap_group.t SHA1 4b0e4614d63ad0d12e51ea44600d8eb6b102fcf7 xt/ldap_privileged.t SHA1 e97f3d74032286ca82fd3c01ea78147010667a89 xt/obfuscate-password.t SHA1 f050c619336def037bccef9e7e4f9baf71b2f3a0 xt/sessions.t SHA1 2c18aacfc5a462553b8e2c30a8ac98d30401386a xt/sqlite.t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlRAMWMACgkQ0+gKWp5CJQodlwCfexLoCwsW6RXs26Ae5tU7pNxg pLEAn0Z2D1Zxm7g2gdU8kAt/1Aof7nhn =HNlM -----END PGP SIGNATURE----- RT-Authen-ExternalAuth-0.25/xt/000755 000766 000024 00000000000 12420030543 017010 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/xt/ldap.t000644 000766 000024 00000005426 12401700441 020124 0ustar00falconestaff000000 000000 use strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth'; use Net::LDAP; use RT::Authen::ExternalAuth; eval { require Net::LDAP::Server::Test; 1; } or do { plan skip_all => 'Unable to test without Net::LDAP::Server::Test'; }; my $ldap_port = 1024 + int rand(10000) + $$ % 1024; ok( my $server = Net::LDAP::Server::Test->new( $ldap_port, auto_schema => 1 ), "spawned test LDAP server on port $ldap_port" ); my $ldap = Net::LDAP->new("localhost:$ldap_port"); $ldap->bind(); my $username = "testuser"; my $base = "dc=bestpractical,dc=com"; my $dn = "uid=$username,$base"; my $entry = { cn => $username, mail => "$username\@invalid.tld", uid => $username, objectClass => 'User', userPassword => 'password', }; $ldap->add( $base ); $ldap->add( $dn, attr => [%$entry] ); RT->Config->Set( ExternalAuthPriority => ['My_LDAP'] ); RT->Config->Set( ExternalInfoPriority => ['My_LDAP'] ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { # AN EXAMPLE DB SERVICE 'My_LDAP' => { 'type' => 'ldap', 'server' => "127.0.0.1:$ldap_port", 'base' => $base, 'filter' => '(objectClass=*)', 'd_filter' => '()', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "test uri login"; { ok( !$m->login( 'fakeuser', 'password' ), 'not logged in with fake user' ); ok( $m->login( 'testuser', 'password' ), 'logged in' ); } diag "test user creation"; { my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'testuser' ); ok($ok,$msg); is($testuser->EmailAddress,'testuser@invalid.tld'); } diag "test form login"; { $m->logout; $m->get_ok( $baseurl, 'base url' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); } is( $m->uri, $baseurl . '/SelfService/' , 'selfservice page' ); diag "test redirect after login"; { $m->logout; $m->get_ok( $baseurl . '/SelfService/Closed.html', 'closed tickets page' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in' ); is( $m->uri, $baseurl . '/SelfService/Closed.html' ); } $ldap->unbind(); $m->get_warnings; RT-Authen-ExternalAuth-0.25/xt/ldap_escaping.t000644 000766 000024 00000006074 12401700441 021775 0ustar00falconestaff000000 000000 use strict; use warnings; use RT::Test tests => undef, testing => 'RT::Authen::ExternalAuth'; use Net::LDAP; use RT::Authen::ExternalAuth; eval { require Net::LDAP::Server::Test; 1; } or do { plan skip_all => 'Unable to test without Net::LDAP::Server::Test'; }; my $ldap_port = 1024 + int rand(10000) + $$ % 1024; ok( my $server = Net::LDAP::Server::Test->new( $ldap_port, auto_schema => 1 ), "spawned test LDAP server on port $ldap_port" ); my $ldap = Net::LDAP->new("localhost:$ldap_port"); $ldap->bind(); my $users_dn = "ou=users,dc=bestpractical,dc=com"; my $group_dn = "cn=test group,ou=groups,dc=bestpractical,dc=com"; $ldap->add($users_dn); $ldap->add( "cn=Smith\\, John,$users_dn", attr => [ cn => 'Smith\\, John', mail => 'jsmith@example.com', uid => 'jsmith', objectClass => 'User', userPassword => 'password', ] ); $ldap->add( "cn=John Doe,$users_dn", attr => [ cn => 'John Doe', mail => 'jdoe@example.com', uid => 'j(doe', objectClass => 'User', userPassword => 'password', ] ); $ldap->add( $group_dn, attr => [ cn => "test group", memberDN => [ "cn=Smith\\, John,$users_dn", "cn=John Doe,$users_dn" ], objectClass => 'Group', ], ); RT->Config->Set( ExternalAuthPriority => ['My_LDAP'] ); RT->Config->Set( ExternalInfoPriority => ['My_LDAP'] ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { 'My_LDAP' => { 'type' => 'ldap', 'server' => "127.0.0.1:$ldap_port", 'base' => $users_dn, 'filter' => '(objectClass=*)', 'd_filter' => '()', 'group' => $group_dn, 'group_attr' => 'memberDN', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "comma in the DN"; { ok( $m->login( 'jsmith', 'password' ), 'logged in' ); my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'jsmith' ); ok($ok,$msg); is($testuser->EmailAddress,'jsmith@example.com'); } diag "paren in the username"; { ok( $m->logout, 'logged out' ); # $m->login chokes on ( in 4.0.5 $m->get_ok($m->rt_base_url . "?user=j(doe;pass=password"); $m->content_like(qr/Logout/i, 'contains logout link'); $m->content_contains('j(doe', 'contains logged in user name'); my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'j(doe' ); ok($ok,$msg); is($testuser->EmailAddress,'jdoe@example.com'); } $ldap->unbind(); undef $m; done_testing; RT-Authen-ExternalAuth-0.25/xt/ldap_group.t000644 000766 000024 00000010626 12401700441 021336 0ustar00falconestaff000000 000000 use strict; use warnings; # This lets us change config during runtime without restarting BEGIN { $ENV{RT_TEST_WEB_HANDLER} = 'inline'; } use RT::Test tests => undef, testing => 'RT::Authen::ExternalAuth'; use Net::LDAP; use RT::Authen::ExternalAuth; eval { require Net::LDAP::Server::Test; 1; } or do { plan skip_all => 'Unable to test without Net::LDAP::Server::Test'; }; my $ldap_port = 1024 + int rand(10000) + $$ % 1024; ok( my $server = Net::LDAP::Server::Test->new( $ldap_port, auto_schema => 1 ), "spawned test LDAP server on port $ldap_port" ); my $ldap = Net::LDAP->new("localhost:$ldap_port"); $ldap->bind(); my $users_dn = "ou=users,dc=bestpractical,dc=com"; my $group_dn = "cn=test group,ou=groups,dc=bestpractical,dc=com"; $ldap->add($users_dn); for (1 .. 3) { my $uid = "testuser$_"; my $entry = { cn => "Test User $_", mail => "$uid\@example.com", uid => $uid, objectClass => 'User', userPassword => 'password', }; $ldap->add( "uid=$uid,$users_dn", attr => [%$entry] ); } $ldap->add( $group_dn, attr => [ cn => "test group", memberDN => [ "uid=testuser1,$users_dn" ], memberUid => [ "testuser2" ], objectClass => 'Group', ], ); $ldap->add( "cn=subgroup,$group_dn", attr => [ cn => "subgroup", memberUid => [ "testuser3" ], objectClass => "group", ], ); #RT->Config->Set( Plugins => 'RT::Authen::ExternalAuth' ); RT->Config->Set( ExternalAuthPriority => ['My_LDAP'] ); RT->Config->Set( ExternalInfoPriority => ['My_LDAP'] ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { 'My_LDAP' => { 'type' => 'ldap', 'server' => "127.0.0.1:$ldap_port", 'base' => $users_dn, 'filter' => '(objectClass=*)', 'd_filter' => '()', 'group' => $group_dn, 'group_attr' => 'memberDN', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "Using DN to match group membership"; diag "test uri login"; { ok( !$m->login( 'fakeuser', 'password' ), 'not logged in with fake user' ); $m->warning_like(qr/FAILED LOGIN for fakeuser/); ok( !$m->login( 'testuser2', 'password' ), 'not logged in with real user not in group' ); $m->warning_like(qr/FAILED LOGIN for testuser2/); ok( $m->login( 'testuser1', 'password' ), 'logged in' ); } diag "test user creation"; { my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'testuser1' ); ok($ok,$msg); is($testuser->EmailAddress,'testuser1@example.com'); } $m->logout; diag "Using uid to match group membership"; RT->Config->Get('ExternalSettings')->{My_LDAP}{group_attr} = 'memberUid'; RT->Config->Get('ExternalSettings')->{My_LDAP}{group_attr_value} = 'uid'; diag "test uri login"; { ok( !$m->login( 'testuser1', 'password' ), 'not logged in with real user not in group' ); $m->warning_like(qr/FAILED LOGIN for testuser1/); ok( $m->login( 'testuser2', 'password' ), 'logged in' ); } $m->logout; diag "Subgroup isn't used with default group_scope of base"; { local $TODO = 'Net::LDAP::Server::Test bug: https://rt.cpan.org/Ticket/Display.html?id=78612' if $Net::LDAP::Server::Test::VERSION <= 0.13; ok( !$m->login( 'testuser3', 'password' ), 'not logged in from subgroup' ); $m->warning_like(qr/FAILED LOGIN for testuser3/); $m->logout; } diag "Using group_scope of sub not base"; RT->Config->Get('ExternalSettings')->{My_LDAP}{group_scope} = 'sub'; diag "test uri login"; { ok( !$m->login( 'testuser1', 'password' ), 'not logged in with real user not in group' ); $m->warning_like(qr/FAILED LOGIN for testuser1/); ok( $m->login( 'testuser2', 'password' ), 'logged in as testuser2' ); $m->logout; ok( $m->login( 'testuser3', 'password' ), 'logged in as testuser3 from subgroup' ); $m->logout; } $ldap->unbind(); undef $m; done_testing; RT-Authen-ExternalAuth-0.25/xt/ldap_privileged.t000644 000766 000024 00000004650 12401700441 022334 0ustar00falconestaff000000 000000 use strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth'; use Net::LDAP; use RT::Authen::ExternalAuth; eval { require Net::LDAP::Server::Test; 1; } or do { plan skip_all => 'Unable to test without Net::LDAP::Server::Test'; }; my $ldap_port = 1024 + int rand(10000) + $$ % 1024; ok( my $server = Net::LDAP::Server::Test->new( $ldap_port, auto_schema => 1 ), "spawned test LDAP server on port $ldap_port" ); my $ldap = Net::LDAP->new("localhost:$ldap_port"); $ldap->bind(); my $username = "testuser"; my $base = "dc=bestpractical,dc=com"; my $dn = "uid=$username,$base"; my $entry = { cn => $username, mail => "$username\@invalid.tld", uid => $username, objectClass => 'User', userPassword => 'password', }; $ldap->add( $base ); $ldap->add( $dn, attr => [%$entry] ); RT->Config->Set( ExternalAuthPriority => ['My_LDAP'] ); RT->Config->Set( ExternalInfoPriority => ['My_LDAP'] ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => { Privileged => 1 } ); RT->Config->Set( ExternalSettings => { # AN EXAMPLE DB SERVICE 'My_LDAP' => { 'type' => 'ldap', 'server' => "127.0.0.1:$ldap_port", 'base' => $base, 'filter' => '(objectClass=*)', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "test uri login"; { ok( !$m->login( 'fakeuser', 'password' ), 'not logged in with fake user' ); ok( $m->login( 'testuser', 'password' ), 'logged in' ); } diag "test user creation"; { my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'testuser' ); ok($ok,$msg); is($testuser->EmailAddress,'testuser@invalid.tld'); } diag "test form login"; { $m->logout; $m->get_ok( $baseurl, 'base url' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); } like( $m->uri, qr!$baseurl/(index\.html)?!, 'privileged home page' ); $ldap->unbind(); $m->get_warnings; RT-Authen-ExternalAuth-0.25/xt/obfuscate-password.t000644 000766 000024 00000001524 12317071227 023023 0ustar00falconestaff000000 000000 use strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth'; RT->Config->Set( ExternalSettings => { 'My_LDAP' => { type => 'ldap', user => 'ldap_bind', pass => 'sekrit', }, 'My_DBI' => { type => 'dbi', user => 'external_db_user', pass => 'nottelling', }, } ); my ($base, $m) = RT::Test->started_ok(); ok( $m->login, 'logged in' ); $m->get_ok('/Admin/Tools/Configuration.html', 'config page'); $m->content_lacks('sekrit', 'external source 1 pass obfuscated'); $m->content_lacks('nottelling', 'external source 2 pass obfuscated'); $m->content_contains('ldap_bind', 'sanity check: we do have external config dumped'); $m->content_contains('external_db_user', 'sanity check: we do have external config dumped'); undef $m; RT-Authen-ExternalAuth-0.25/xt/sessions.t000644 000766 000024 00000006146 12401700441 021052 0ustar00falconestaff000000 000000 use strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth', tests => 'no_declare'; setup_auth_source(); RT->Config->Set("WebSessionClass" => "Apache::Session::File"); { my %sessions; sub sessions_seen_is { local $Test::Builder::Level = $Test::Builder::Level + 1; my ($agent, $expected, $msg) = @_; $msg ||= "$expected sessions seen"; $agent->cookie_jar->scan(sub { $sessions{$_[2]}++ if $_[1] =~ /SID/; }); is scalar keys %sessions, $expected, $msg; } } my ($base, $m) = RT::Test->started_ok(); diag "Login as tom"; { sessions_seen_is($m, 0); $m->get_ok("/"); $m->submit_form( with_fields => { user => 'tom', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); sessions_seen_is($m, 1); $m->get_ok("/NoAuth/Logout.html"); sessions_seen_is($m, 2); } diag "Login as alex"; { $m->get_ok("/"); $m->submit_form( with_fields => { user => 'alex', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); sessions_seen_is($m, 3); $m->get_ok("/NoAuth/Logout.html"); sessions_seen_is($m, 4); } undef $m; done_testing; sub setup_auth_source { require DBI; require File::Temp; require Digest::MD5; require File::Spec; eval { require DBD::SQLite; } or do { plan skip_all => 'Unable to test without DBD::SQLite'; }; my $dir = File::Temp::tempdir( CLEANUP => 1 ); my $dbname = File::Spec->catfile( $dir, 'rtauthtest' ); my $table = 'users'; my $dbh = DBI->connect("dbi:SQLite:$dbname"); my $password = Digest::MD5::md5_hex('password'); my $schema = <<" EOF"; CREATE TABLE users ( username varchar(200) NOT NULL, password varchar(40) NULL, email varchar(16) NULL ); EOF $dbh->do( $schema ); foreach my $user ( qw(tom alex) ){ $dbh->do(<<" SQL"); INSERT INTO $table VALUES ( '$user', '$password', '$user\@invalid.tld'); SQL } RT->Config->Set( ExternalAuthPriority => ['My_SQLite'] ); RT->Config->Set( ExternalInfoPriority => ['My_SQLite'] ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { 'My_SQLite' => { 'type' => 'db', 'database' => $dbname, 'table' => $table, 'dbi_driver' => 'SQLite', 'u_field' => 'username', 'p_field' => 'password', 'p_enc_pkg' => 'Digest::MD5', 'p_enc_sub' => 'md5_hex', 'attr_match_list' => ['Name'], 'attr_map' => { 'Name' => 'username', 'EmailAddress' => 'email', 'ExternalAuthId' => 'username', } }, } ); } RT-Authen-ExternalAuth-0.25/xt/sqlite.t000644 000766 000024 00000006063 12401700441 020503 0ustar00falconestaff000000 000000 use strict; use warnings; use RT::Test testing => 'RT::Authen::ExternalAuth'; use DBI; use File::Temp; use Digest::MD5; use File::Spec; eval { require DBD::SQLite; } or do { plan skip_all => 'Unable to test without DBD::SQLite'; }; my $dir = File::Temp::tempdir( CLEANUP => 1 ); my $dbname = File::Spec->catfile( $dir, 'rtauthtest' ); my $table = 'users'; my $dbh = DBI->connect("dbi:SQLite:$dbname"); my $password = Digest::MD5::md5_hex('password'); my $schema = <<"EOF"; CREATE TABLE users ( username varchar(200) NOT NULL, password varchar(40) NULL, email varchar(16) NULL ); EOF $dbh->do( $schema ); $dbh->do( "INSERT INTO $table VALUES ( 'testuser', '$password', 'testuser\@invalid.tld')" ); RT->Config->Set( ExternalAuthPriority => ['My_SQLite'] ); RT->Config->Set( ExternalInfoPriority => ['My_SQLite'] ); RT->Config->Set( AutoCreateNonExternalUsers => 0 ); RT->Config->Set( AutoCreate => undef ); RT->Config->Set( ExternalSettings => { 'My_SQLite' => { 'type' => 'db', 'database' => $dbname, 'table' => $table, 'dbi_driver' => 'SQLite', 'u_field' => 'username', 'p_field' => 'password', 'p_enc_pkg' => 'Digest::MD5', 'p_enc_sub' => 'md5_hex', 'attr_match_list' => ['Name'], 'attr_map' => { 'Name' => 'username', 'EmailAddress' => 'email', 'ExternalAuthId' => 'username', } }, } ); my ( $baseurl, $m ) = RT::Test->started_ok(); diag "test uri login"; { ok( !$m->login( 'fakeuser', 'password' ), 'not logged in with fake user' ); ok( !$m->login( 'testuser', 'wrongpassword' ), 'not logged in with wrong password' ); ok( $m->login( 'testuser', 'password' ), 'logged in' ); } diag "test user creation"; { my $testuser = RT::User->new($RT::SystemUser); my ($ok,$msg) = $testuser->Load( 'testuser' ); ok($ok,$msg); is($testuser->EmailAddress,'testuser@invalid.tld'); } diag "test form login"; { $m->logout; $m->get_ok( $baseurl, 'base url' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in via form' ); } is( $m->uri, $baseurl . '/SelfService/', 'selfservice page' ); diag "test redirect after login"; { $m->logout; $m->get_ok( $baseurl . '/SelfService/Closed.html', 'closed tickets page' ); $m->submit_form( form_number => 1, fields => { user => 'testuser', pass => 'password', }, ); $m->text_contains( 'Logout', 'logged in' ); is( $m->uri, $baseurl . '/SelfService/Closed.html' ); } diag "test with user and pass in URL"; { $m->logout; $m->get_ok( $baseurl . '/SelfService/Closed.html?user=testuser;pass=password', 'closed tickets page' ); $m->text_contains( 'Logout', 'logged in' ); is( $m->uri, $baseurl . '/SelfService/Closed.html?user=testuser;pass=password' ); } $m->get_warnings; RT-Authen-ExternalAuth-0.25/lib/RT/000755 000766 000024 00000000000 12420030543 017450 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/lib/RT/Authen/000755 000766 000024 00000000000 12420030543 020674 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/lib/RT/Authen/ExternalAuth/000755 000766 000024 00000000000 12420030543 023300 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/lib/RT/Authen/ExternalAuth.pm000644 000766 000024 00000100723 12420027433 023645 0ustar00falconestaff000000 000000 package RT::Authen::ExternalAuth; our $VERSION = '0.25'; =head1 NAME RT::Authen::ExternalAuth - RT Authentication using External Sources =head1 DESCRIPTION This module provides the ability to authenticate RT users against one or more external data sources at once. It will also allow information about that user to be loaded from the same, or any other available, source as well as allowing multple redundant servers for each method. The extension currently supports authentication and information from LDAP via the Net::LDAP module, and from any data source that an installed DBI driver is available for. It is also possible to use cookies set by an alternate application for Single Sign-On (SSO) with that application. For example, you may integrate RT with your own website login system so that once users log in to your website, they will be automagically logged in to RT when they access it. =head1 INSTALLATION =over =item C =item C =item C May need root permissions =item Edit your F If you are using RT 4.2 or greater, add this line: Plugin('RT::Authen::ExternalAuth'); For RT 4.0, add this line: Set(@Plugins, qw(RT::Authen::ExternalAuth) ); or add C to your existing C<@Plugins> line. See L for additional configuration to add to your F file. =back =head1 UPGRADING If you are upgrading from an earlier version of this extension, you must remove the following files manually: /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm /opt/rt4/local/lib/RT/User_Vendor.pm /opt/rt4/local/lib/RT/Authen/External_Auth.pm Otherwise you will most likely encounter an error about modifying a read only value and be unable to start RT. You may not have all of these files. It depends what versions you are upgrading between. If you are using a vendor packaged RT, your local directories are likely to be somewhere under /usr/local instead of in /opt/rt4 so you will need to visit Configuration -> Tools -> System Configuration to find your plugin root. =head1 CONFIGURATION L provides a lot of flexibility with many configuration options. The following desc these configuration options, and provides a complete example. =over 4 =item C<$ExternalAuthPriority> The order in which the services defined in L should be used to authenticate users. Once the user has been authenticated by one service, the rest are skipped. You should remove services you don't use. For example, if you're only using C, remove C and C. Set($ExternalAuthPriority, [ 'My_LDAP', 'My_MySQL', 'My_SSO_Cookie' ] ); =item C<$ExternalInfoPriority> When multiple auth services are available, this value defines the order in which the services defined in L should be used to get information about users. This includes C, telephone numbers etc, but also whether or not the user should be considered disabled. Once a user record is found, no more services are checked. You CANNOT use a SSO cookie to retrieve information. You should remove services you don't use, but you must define at least one service. Set($ExternalInfoPriority, [ 'My_LDAP', 'My_MySQL', ] ); =item C<$AutoCreateNonExternalUsers> If this is set to 1, then users should be autocreated by RT as internal users if they fail to authenticate from an external service. This is useful if you have users outside your organization who might interface with RT, perhaps by sending email to a support email address. =item C<$ExternalSettings> These are the full settings for each external service as a hash of hashes. Note that you may have as many external services as you wish. They will be checked in the order specified in L and L directives above. The outer structure is a key with the authentication option (name of external source). The value is a hash reference with configuration keys and values, for example: Set($ExternalSettings, { My_LDAP => { type => 'ldap', ... other options ... }, My_MySQL => { type => 'db', ... other options ... }, ... other sources ... } ); As shown above, each description should have 'type' defined. The following types are supported: =over 4 =item ldap Authenticate against and sync information with LDAP servers. See L for details. =item db Authenticate against and sync information with external RDBMS, supported by Perl's L interface. See L for details. =item cookie Authenticate by cookie. See L for details. =back See the modules noted above for configuration options specific to each type. The following apply to all types. =over 4 =item attr_match_list The list of RT attributes that uniquely identify a user. These values are used, in order, to find users in the selected authentication source. Each value specified here must have a mapping in the L section below. You can remove values you don't expect to match, but we recommend using C and C at a minimum. For example: 'attr_match_list' => [ 'Name', 'EmailAddress', ], You should not use items that can map to multiple users (such as a C or building name). =item attr_map Mapping of RT attributes on to attributes in the external source. Valid keys are attributes of an L. The values are attributes from your authentication source. For example, an LDAP mapping might look like: 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', ... }, =back =back =head2 Example # Use the below LDAP source for both authentication, as well as user # information Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); # Users created from LDAP should be Privileged; this is a core RT # option. Additionally, this is the 4.2 name for the option; for RT # 4.0, is it named $AutoCreate See the core RT documentation at # http://docs.bestpractical.com/RT_Config#UserAutocreateDefaultsOnLogin # for for further details. Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); # Users should still be autocreated by RT as internal users if they # fail to exist in an external service; this is so requestors (who # are not in LDAP) can still be created when they email in. Set($AutoCreateNonExternalUsers, 1); # Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for # further details and examples Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ldap.example.com', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' => 'ou=Staff,dc=example,dc=com', 'filter' => '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' => [ 'Name', 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co', }, }, } ); =head1 AUTHORS Best Practical Solutions, LLC Emodules@bestpractical.comE Originally by Mike Peachey (Jennic Ltd.) =head1 BUGS All bugs should be reported via email to L or via the web at L. =head1 LICENSE AND COPYRIGHT Copyright (c) 2008-2014 by Best Practical Solutions, LLC Copyright (c) 2008 by Jennic Ltd. This is free software, licensed under: The GNU General Public License, Version 2, June 1991 =cut use RT::Authen::ExternalAuth::LDAP; use RT::Authen::ExternalAuth::DBI; use strict; $RT::Config::META{ExternalSettings} = { Obfuscate => sub { # Ensure passwords are obfuscated on the System Configuration page my ($config, $sources, $user) = @_; # $user is only passed in versions of RT with 3c7db050 my $msg = 'Password not printed'; $msg = $user->loc($msg) if $user and $user->Id; for my $source (values %$sources) { $source->{pass} = $msg; } return $sources; }, PostLoadCheck => sub { my $self = shift; my $settings = shift || {}; my $remove = sub { my ($service) = @_; delete $settings->{$service}; $self->Set( 'ExternalAuthPriority', [ grep { $_ ne $service } @{ $self->Get('ExternalAuthPriority') || [] } ] ); $self->Set( 'ExternalInfoPriority', [ grep { $_ ne $service } @{ $self->Get('ExternalInfoPriority') || [] } ] ); }; for my $service (keys %$settings) { my %conf = %{ $settings->{$service} }; if ($conf{type} !~ /^(ldap|db|cookie)$/) { $RT::Logger->error( "Service '$service' in ExternalInfoPriority is not ldap, db, or cookie; removing." ); $remove->($service); next; } next unless $conf{type} eq 'db'; # Ensure people don't misconfigure DBI auth to point to RT's # Users table; only check server/hostname/table, as # user/pass might be different (root, for instance) no warnings 'uninitialized'; next unless lc $conf{server} eq lc RT->Config->Get('DatabaseHost') and lc $conf{database} eq lc RT->Config->Get('DatabaseName') and lc $conf{table} eq 'users'; $RT::Logger->error( "RT::Authen::ExternalAuth should _not_ be configured with a database auth service ". "that points back to RT's internal Users table. Removing the service '$service'! ". "Please remove it from your config file." ); $remove->($service); } $self->Set( 'ExternalSettings', $settings ); }, }; $RT::Config::META{ExternalAuthPriority} = { PostLoadCheck => sub { my $self = shift; my @values = @{ shift || [] }; if (not @values) { $self->Set( 'ExternalAuthPriority', \@values ); return; } my %settings = %{ $self->Get('ExternalSettings') }; for my $key (grep {not $settings{$_}} @values) { $RT::Logger->error("Removing '$key' from ExternalAuthPriority, as it is not defined in ExternalSettings"); } @values = grep {$settings{$_}} @values; $self->Set( 'ExternalAuthPriority', \@values ); }, }; $RT::Config::META{ExternalInfoPriority} = { PostLoadCheck => sub { my $self = shift; my @values = @{ shift || [] }; if (not @values) { $RT::Logger->debug("ExternalInfoPriority not defined. User information (including user enabled/disabled) cannot be externally-sourced"); $self->Set( 'ExternalInfoPriority', \@values ); return; } my %settings = %{ $self->Get('ExternalSettings') }; for my $key (grep {not $settings{$_}} @values) { $RT::Logger->error("Removing '$key' from ExternalInfoPriority, as it is not defined in ExternalSettings"); } @values = grep {$settings{$_}} @values; for my $key (grep {$settings{$_}{type} eq "cookie"} @values) { $RT::Logger->error("Removing '$key' from ExternalInfoPriority, as cookie authentication cannot be used as an information source"); } @values = grep {$settings{$_}{type} ne "cookie"} @values; $self->Set( 'ExternalInfoPriority', \@values ); }, }; sub DoAuth { my ($session,$given_user,$given_pass) = @_; # Get the prioritised list of external authentication services my @auth_services = @{ RT->Config->Get('ExternalAuthPriority') }; my $settings = RT->Config->Get('ExternalSettings'); return (0, "ExternalAuthPriority not defined, please check your configuration file.") unless @auth_services; # This may be used by single sign-on (SSO) authentication mechanisms for bypassing a password check. my $success = 0; # Should have checked if user is already logged in before calling this function, # but just in case, we'll check too. return (0, "User already logged in!") if ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id); # For each of those services.. foreach my $service (@auth_services) { # Get the full configuration for that service as a hashref my $config = $settings->{$service}; $RT::Logger->debug( "Attempting to use external auth service:", $service); # $username will be the final username we decide to check # This will not necessarily be $given_user my $username = undef; ############################################################# ####################### SSO Check ########################### ############################################################# if ($config->{'type'} eq 'cookie') { # Currently, Cookie authentication is our only SSO method $username = RT::Authen::ExternalAuth::DBI::GetCookieAuth($config); } ############################################################# # If $username is defined, we have a good SSO $username and can # safely bypass the password checking later on; primarily because # it's VERY unlikely we even have a password to check if an SSO succeeded. my $pass_bypass = 0; if(defined($username)) { $RT::Logger->debug("Pass not going to be checked, attempting SSO"); $pass_bypass = 1; } else { # SSO failed and no $user was passed for a login attempt # We only don't return here because the next iteration could be an SSO attempt unless(defined($given_user)) { $RT::Logger->debug("SSO Failed and no user to test with. Nexting"); next; } # We don't have an SSO login, so we will be using the credentials given # on RT's login page to do our authentication. $username = $given_user; # Don't continue unless the service works. # next unless RT::Authen::ExternalAuth::TestConnection($config); # Don't continue unless the $username exists in the external service $RT::Logger->debug("Calling UserExists with \$username ($username) and \$service ($service)"); next unless RT::Authen::ExternalAuth::UserExists($username, $service); } #################################################################### ########## Load / Auto-Create ###################################### #################################################################### # We are now sure that we're talking about a valid RT user. # If the user already exists, load up their info. If they don't # then we need to create the user in RT. # Does user already exist internally to RT? $session->{'CurrentUser'} = RT::CurrentUser->new(); $session->{'CurrentUser'}->Load($username); # Unless we have loaded a valid user with a UserID create one. unless ($session->{'CurrentUser'}->Id) { my $UserObj = RT::User->new($RT::SystemUser); my $create = RT->Config->Get('UserAutocreateDefaultsOnLogin') || RT->Config->Get('AutoCreate'); my ($val, $msg) = $UserObj->Create(%{ref($create) ? $create : {}}, Name => $username, Gecos => $username, ); unless ($val) { $RT::Logger->error( "Couldn't create user $username: $msg" ); next; } $RT::Logger->info( "Autocreated external user", $UserObj->Name, "(", $UserObj->Id, ")"); $RT::Logger->debug("Loading new user (", $username, ") into current session"); $session->{'CurrentUser'}->Load($username); } #################################################################### ########## Authentication ########################################## #################################################################### # If we successfully used an SSO service, then authentication # succeeded. If we didn't then, success is determined by a password # test. $success = 0; if($pass_bypass) { $RT::Logger->debug("Password check bypassed due to SSO method being in use"); $success = 1; } else { $RT::Logger->debug("Password validation required for service - Executing..."); $success = RT::Authen::ExternalAuth::GetAuth($service,$username,$given_pass); } $RT::Logger->debug("Password Validation Check Result: ",$success); # If the password check succeeded then this is our authoritative service # and we proceed to user information update and login. last if $success; } # If we got here and don't have a user loaded we must have failed to # get a full, valid user from an authoritative external source. unless ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) { $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "No User"); } unless($success) { $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "Password Invalid"); } # Otherwise we succeeded. $RT::Logger->debug("Authentication successful. Now updating user information and attempting login."); #################################################################################################### ############################### The following is auth-method agnostic ############################## #################################################################################################### # If we STILL have a completely valid RT user to play with... # and therefore password has been validated... if ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) { # Even if we have JUST created the user in RT, we are going to # reload their information from an external source. This allows us # to be sure that the user the cookie gave us really does exist in # the database, but more importantly, UpdateFromExternal will check # whether the user is disabled or not which we have not been able to # do during auto-create # These are not currently used, but may be used in the future. my $info_updated = 0; my $info_updated_msg = "User info not updated"; if ( @{ RT->Config->Get('ExternalInfoPriority') } ) { # Note that UpdateUserInfo does not care how we authenticated the user # It will look up user info from whatever is specified in $RT::ExternalInfoPriority ($info_updated,$info_updated_msg) = RT::Authen::ExternalAuth::UpdateUserInfo($session->{'CurrentUser'}->Name); } # Now that we definitely have up-to-date user information, # if the user is disabled, kick them out. Now! if ($session->{'CurrentUser'}->UserObj->Disabled) { $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "User account disabled, login denied"); } } # If we **STILL** have a full user and the session hasn't already been deleted # This If/Else is logically unnecessary, but it doesn't hurt to leave it here # just in case. Especially to be a double-check to future modifications. if ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) { $RT::Logger->info( "Successful login for", $session->{'CurrentUser'}->Name, "from", $ENV{'REMOTE_ADDR'}); # Do not delete the session. User stays logged in and # autohandler will not check the password again my $cu = $session->{CurrentUser}; RT::Interface::Web::InstantiateNewSession(); $session->{CurrentUser} = $cu; } else { # Make SURE the session is purged to an empty user. $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "Failed to authenticate externally"); # This will cause autohandler to request IsPassword # which will in turn call IsExternalPassword } return (1, "Successful login"); } sub UpdateUserInfo { my $username = shift; # Prepare for the worst... my $found = 0; my $updated = 0; my $msg = "User NOT updated"; my $user_disabled = RT::Authen::ExternalAuth::UserDisabled($username); my $UserObj = RT::User->new(RT->SystemUser); $UserObj->Load($username); # If user is disabled, set the RT::Principal to disabled and return out of the function. # I think it's a waste of time and energy to update a user's information if they are disabled # and it could be a security risk if they've updated their external information with some # carefully concocted code to try to break RT - worst case scenario, but they have been # denied access after all, don't take any chances. # If someone gives me a good enough reason to do it, # then I'll update all the info for disabled users if ($user_disabled) { unless ( $UserObj->Disabled ) { # Make sure principal is disabled in RT my ($val, $message) = $UserObj->SetDisabled(1); # Log what has happened $RT::Logger->info("User marked as DISABLED (", $username, ") per External Service", "($val, $message)\n"); $msg = "User Disabled"; } return ($updated, $msg); } # Make sure principal is not disabled in RT if ( $UserObj->Disabled ) { my ($val, $message) = $UserObj->SetDisabled(0); unless ( $val ) { $RT::Logger->error("Failed to enable user ($username) per External Service: ".($message||'')); return ($updated, "Failed to enable"); } $RT::Logger->info("User ($username) was disabled, marked as ENABLED ", "per External Service", "($val, $message)\n"); } # Update their info from external service using the username as the lookup key # CanonicalizeUserInfo will work out for itself which service to use # Passing it a service instead could break other RT code my %args = (Name => $username); $UserObj->CanonicalizeUserInfo(\%args); # For each piece of information returned by CanonicalizeUserInfo, # run the Set method for that piece of info to change it for the user my @results = $UserObj->Update( ARGSRef => \%args, AttributesRef => [keys %args], ); $RT::Logger->debug("UPDATED user $username: $_") for @results; # Confirm update success $updated = 1; $RT::Logger->debug( "UPDATED user (", $username, ") from External Service\n"); $msg = 'User updated'; return ($updated, $msg); } sub GetAuth { # Request a username/password check from the specified service # This is only valid for non-SSO services. my ($service,$username,$password) = @_; my $success = 0; # Get the full configuration for that service as a hashref my $config = RT->Config->Get('ExternalSettings')->{$service}; # And then act accordingly depending on what type of service it is. # Right now, there is only code for DBI and LDAP non-SSO services if ($config->{'type'} eq 'db') { $success = RT::Authen::ExternalAuth::DBI::GetAuth($service,$username,$password); $RT::Logger->debug("DBI password validation result:",$success); } elsif ($config->{'type'} eq 'ldap') { $success = RT::Authen::ExternalAuth::LDAP::GetAuth($service,$username,$password); $RT::Logger->debug("LDAP password validation result:",$success); } return $success; } sub UserExists { # Request a username/password check from the specified service # This is only valid for non-SSO services. my ($username,$service) = @_; my $success = 0; # Get the full configuration for that service as a hashref my $config = RT->Config->Get('ExternalSettings')->{$service}; # And then act accordingly depending on what type of service it is. # Right now, there is only code for DBI and LDAP non-SSO services if ($config->{'type'} eq 'db') { $success = RT::Authen::ExternalAuth::DBI::UserExists($username,$service); } elsif ($config->{'type'} eq 'ldap') { $success = RT::Authen::ExternalAuth::LDAP::UserExists($username,$service); } return $success; } sub UserDisabled { my $username = shift; my $user_disabled = 0; my @info_services = @{ RT->Config->Get('ExternalInfoPriority') }; # For each named service in the list # Check to see if the user is found in the external service # If not found, jump to next service # If found, check to see if user is considered disabled by the service # Then update the user's info in RT and return foreach my $service (@info_services) { # Get the external config for this service as a hashref my $config = RT->Config->Get('ExternalSettings')->{$service}; # If it's a DBI config: if ($config->{'type'} eq 'db') { unless(RT::Authen::ExternalAuth::DBI::UserExists($username,$service)) { $RT::Logger->debug("User (", $username, ") doesn't exist in service (", $service, ") - Cannot update information - Skipping..."); next; } $user_disabled = RT::Authen::ExternalAuth::DBI::UserDisabled($username,$service); } elsif ($config->{'type'} eq 'ldap') { unless(RT::Authen::ExternalAuth::LDAP::UserExists($username,$service)) { $RT::Logger->debug("User (", $username, ") doesn't exist in service (", $service, ") - Cannot update information - Skipping..."); next; } $user_disabled = RT::Authen::ExternalAuth::LDAP::UserDisabled($username,$service); } } return $user_disabled; } sub CanonicalizeUserInfo { # Careful, this $args hashref was given to RT::User::CanonicalizeUserInfo and # then transparently passed on to this function. The whole purpose is to update # the original hash as whatever passed it to RT::User is expecting to continue its # code with an update args hash. my $UserObj = shift; my $args = shift; my $found = 0; my %params = (Name => undef, EmailAddress => undef, RealName => undef); $RT::Logger->debug( (caller(0))[3], "called by", caller, "with:", join(", ", map {sprintf("%s: %s", $_, ($args->{$_} ? $args->{$_} : ''))} sort(keys(%$args)))); # Get the list of defined external services my @info_services = @{ RT->Config->Get('ExternalInfoPriority') }; # For each external service... foreach my $service (@info_services) { $RT::Logger->debug( "Attempting to get user info using this external service:", $service); # Get the config for the service so that we know what attrs we can canonicalize my $config = RT->Config->Get('ExternalSettings')->{$service}; # For each attr we've been told to canonicalize in the match list foreach my $rt_attr (@{$config->{'attr_match_list'}}) { # Jump to the next attr in $args if this one isn't in the attr_match_list $RT::Logger->debug( "Attempting to use this canonicalization key:",$rt_attr); unless(defined($args->{$rt_attr})) { $RT::Logger->debug("This attribute (", $rt_attr, ") is null or incorrectly defined in the attr_map for this service (", $service, ")"); next; } # Else, use it as a canonicalization key and lookup the user info my $key = $config->{'attr_map'}->{$rt_attr}; my $value = $args->{$rt_attr}; # Check to see that the key being asked for is defined in the config's attr_map my $valid = 0; my ($attr_key, $attr_value); my $attr_map = $config->{'attr_map'}; while (($attr_key, $attr_value) = each %$attr_map) { $valid = 1 if ($key eq $attr_value); } unless ($valid){ $RT::Logger->debug( "This key (", $key, "is not a valid attribute key (", $service, ")"); next; } # Use an if/elsif structure to do a lookup with any custom code needed # for any given type of external service, or die if no code exists for # the service requested. if($config->{'type'} eq 'ldap'){ ($found, %params) = RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo($service,$key,$value); } elsif ($config->{'type'} eq 'db') { ($found, %params) = RT::Authen::ExternalAuth::DBI::CanonicalizeUserInfo($service,$key,$value); } # Don't Check any more attributes last if $found; } # Don't Check any more services last if $found; } # If found, Canonicalize Email Address and # update the args hash that we were given the hashref for if ($found) { # It's important that we always have a canonical email address if ($params{'EmailAddress'}) { $params{'EmailAddress'} = $UserObj->CanonicalizeEmailAddress($params{'EmailAddress'}); } %$args = (%$args, %params); } $RT::Logger->info( (caller(0))[3], "returning", join(", ", map {sprintf("%s: %s", $_, ($args->{$_} ? $args->{$_} : ''))} sort(keys(%$args)))); ### HACK: The config var below is to overcome the (IMO) bug in ### RT::User::Create() which expects this function to always ### return true or rejects the user for creation. This should be ### a different config var (CreateUncanonicalizedUsers) and ### should be honored in RT::User::Create() return($found || RT->Config->Get('AutoCreateNonExternalUsers')); } { no warnings 'redefine'; *RT::User::CanonicalizeUserInfo = sub { my $self = shift; my $args = shift; return ( CanonicalizeUserInfo( $self, $args ) ); }; } 1; RT-Authen-ExternalAuth-0.25/lib/RT/Authen/ExternalAuth/DBI/000755 000766 000024 00000000000 12420030543 023676 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/lib/RT/Authen/ExternalAuth/DBI.pm000644 000766 000024 00000052405 12414775617 024267 0ustar00falconestaff000000 000000 package RT::Authen::ExternalAuth::DBI; use DBI; use RT::Authen::ExternalAuth::DBI::Cookie; use strict; =head1 NAME RT::Authen::ExternalAuth::DBI - External database source for RT authentication =head1 DESCRIPTION Provides the database implementation for L. =head1 SYNOPSIS Set($ExternalSettings, { 'My_MySQL' => { 'type' => 'db', 'dbi_driver' => 'DBI_DRIVER', 'server' => 'server.domain.tld', 'port' => 'DB_PORT', 'user' => 'DB_USER', 'pass' => 'DB_PASS', 'database' => 'DB_NAME', 'table' => 'USERS_TABLE', 'u_field' => 'username', 'p_field' => 'password', # Example of custom hashed password check #'p_check' => sub { # my ($hash_from_db, $password) = @_; # return $hash_from_db eq function($password); #}, 'p_enc_pkg' => 'Crypt::MySQL', 'p_enc_sub' => 'password', 'p_salt' => 'SALT', 'd_field' => 'disabled', 'd_values' => ['0'], 'attr_match_list' => [ 'Gecos', 'Name', ], 'attr_map' => { 'Name' => 'username', 'EmailAddress' => 'email', 'ExternalAuthId' => 'username', 'Gecos' => 'userID', }, }, } ); =head1 CONFIGURATION DBI-specific options are described here. Shared options are described in the F file included in this distribution. The example in the L lists all available options and they are described below. See the L module for details on debugging connection issues. =over 4 =item dbi_driver The name of the Perl DBI driver to use (e.g. mysql, Pg, SQLite). =item server The server hosting the database. =item port The port to use to connect on (e.g. 3306). =item user The database user for the connection. =item pass The password for the database user. =item database The database name. =item table The database table containing the user information to check against. =item u_field The field in the table that holds usernames =item p_field The field in the table that holds passwords =item p_check Optional. An anonymous subroutine definition used to check the (presumably hashed) passed from the database with the password entered by the user logging in. The subroutine should return true on success and false on failure. The configuration options C and C will be ignored when C is defined. An example, where C is some external hashing function: p_check => sub { my ($hash_from_db, $password) = @_; return $hash_from_db eq FooBar($password); }, Importantly, the C subroutine allows for arbitrarily complex password checking unlike C and C. =item p_enc_pkg, p_enc_sub The Perl package and subroutine used to encrypt passwords from the database. For example, if the passwords are stored using the MySQL v3.23 "PASSWORD" function, then you will need the L C function, but for the MySQL4+ password you will need L's C. Alternatively, you could use L C or any other encryption subroutine you can load in your Perl installation. =item p_salt If p_enc_sub takes a salt as a second parameter then set it here. =item d_field, d_values The field and values in the table that determines if a user should be disabled. For example, if the field is 'user_status' and the values are ['0','1','2','disabled'] then the user will be disabled if their user_status is set to '0','1','2' or the string 'disabled'. Otherwise, they will be considered enabled. =back =cut sub GetAuth { my ($service, $username, $password) = @_; my $config = RT->Config->Get('ExternalSettings')->{$service}; $RT::Logger->debug( "Trying external auth service:",$service); my $db_table = $config->{'table'}; my $db_u_field = $config->{'u_field'}; my $db_p_field = $config->{'p_field'}; my $db_p_check = $config->{'p_check'}; my $db_p_enc_pkg = $config->{'p_enc_pkg'}; my $db_p_enc_sub = $config->{'p_enc_sub'}; my $db_p_salt = $config->{'p_salt'}; # Set SQL query and bind parameters my $query = "SELECT $db_u_field,$db_p_field FROM $db_table WHERE $db_u_field=?"; my @params = ($username); # Uncomment this to trace basic DBI information and drop it in a log for debugging # DBI->trace(1,'/tmp/dbi.log'); # Get DBI handle object (DBH), do SQL query, kill DBH my $dbh = _GetBoundDBIObj($config); return 0 unless $dbh; my $results_hashref = $dbh->selectall_hashref($query,$db_u_field,{},@params); $dbh->disconnect(); my $num_users_returned = scalar keys %$results_hashref; if($num_users_returned != 1) { # FAIL # FAIL because more than one user returned. Users MUST be unique! if ((scalar keys %$results_hashref) > 1) { $RT::Logger->info( $service, "AUTH FAILED", $username, "More than one user with that username!"); } # FAIL because no users returned. Users MUST exist! if ((scalar keys %$results_hashref) < 1) { $RT::Logger->info( $service, "AUTH FAILED", $username, "User not found in database!"); } # Drop out to next external authentication service return 0; } # Get the user's password from the database query result my $pass_from_db = $results_hashref->{$username}->{$db_p_field}; if ( $db_p_check ) { unless ( ref $db_p_check eq 'CODE' ) { $RT::Logger->error( "p_check for $service is not a code" ); return 0; } my $check = 0; local $@; eval { $check = $db_p_check->( $pass_from_db, $password ); 1; } or do { $RT::Logger->error( "p_check for $service failed: $@" ); return 0; }; unless ( $check ) { $RT::Logger->info( "$service AUTH FAILED for $username: Password Incorrect (via p_check)" ); } else { $RT::Logger->info( (caller(0))[3], "External Auth OK (", $service, "):", $username); } return $check; } # This is the encryption package & subroutine passed in by the config file $RT::Logger->debug( "Encryption Package:", $db_p_enc_pkg); $RT::Logger->debug( "Encryption Subroutine:", $db_p_enc_sub); # Use config info to auto-load the perl package needed for password encryption # I know it uses a string eval - but I don't think there's a better way to do this # Jump to next external authentication service on failure eval "require $db_p_enc_pkg" or $RT::Logger->error("AUTH FAILED, Couldn't Load Password Encryption Package. Error: $@") && return 0; my $encrypt = $db_p_enc_pkg->can($db_p_enc_sub); if (defined($encrypt)) { # If the package given can perform the subroutine given, then use it to compare the # password given with the password pulled from the database. # Jump to the next external authentication service if they don't match if(defined($db_p_salt)) { $RT::Logger->debug("Using salt:",$db_p_salt); if(${encrypt}->($password,$db_p_salt) ne $pass_from_db){ $RT::Logger->info( $service, "AUTH FAILED", $username, "Password Incorrect"); return 0; } } else { if(${encrypt}->($password) ne $pass_from_db){ $RT::Logger->info( $service, "AUTH FAILED", $username, "Password Incorrect"); return 0; } } } else { # If the encryption package can't perform the request subroutine, # dump an error and jump to the next external authentication service. $RT::Logger->error($service, "AUTH FAILED", "The encryption package you gave me (", $db_p_enc_pkg, ") does not support the encryption method you specified (", $db_p_enc_sub, ")"); return 0; } # Any other checks you want to add? Add them here. # If we've survived to this point, we're good. $RT::Logger->info( (caller(0))[3], "External Auth OK (", $service, "):", $username); return 1; } sub CanonicalizeUserInfo { my ($service, $key, $value) = @_; my $found = 0; my %params = (Name => undef, EmailAddress => undef, RealName => undef); # Load the config my $config = RT->Config->Get('ExternalSettings')->{$service}; # Figure out what's what my $table = $config->{'table'}; unless ($table) { $RT::Logger->critical( (caller(0))[3], "No table given"); # Drop out to the next external information service return ($found, %params); } unless ($key && $value){ $RT::Logger->critical( (caller(0))[3], " Nothing to look-up given"); # Drop out to the next external information service return ($found, %params); } # "where" refers to WHERE section of SQL query my ($where_key,$where_value) = ("@{[ $key ]}",$value); # Get the list of unique attrs we need my %db_attrs = map {$_ => 1} values(%{$config->{'attr_map'}}); my @attrs = keys(%db_attrs); my $fields = join(',',@attrs); my $query = "SELECT $fields FROM $table WHERE $where_key=?"; my @bind_params = ($where_value); # Uncomment this to trace basic DBI throughput in a log # DBI->trace(1,'/tmp/dbi.log'); my $dbh = _GetBoundDBIObj($config); my $results_hashref = $dbh->selectall_hashref($query,$key,{},@bind_params); $dbh->disconnect(); if ((scalar keys %$results_hashref) != 1) { # If returned users <> 1, we have no single unique user, so prepare to die my $death_msg; if ((scalar keys %$results_hashref) == 0) { # If no user... $death_msg = "No User Found in External Database!"; } else { # If more than one user... $death_msg = "More than one user found in External Database with that unique identifier!"; } # Log the death $RT::Logger->info( (caller(0))[3], "INFO CHECK FAILED", "Key: $key", "Value: $value", $death_msg); # $found remains as 0 # Drop out to next external information service return ($found, %params); } # We haven't dropped out, so DB search must have succeeded with # exactly 1 result. Get the result and set $found to 1 my $result = $results_hashref->{$value}; # Use the result to populate %params for every key we're given in the config foreach my $key (keys(%{$config->{'attr_map'}})) { $params{$key} = ($result->{$config->{'attr_map'}->{$key}})[0]; } $found = 1; return ($found, %params); } sub UserExists { my ($username,$service) = @_; my $config = RT->Config->Get('ExternalSettings')->{$service}; my $table = $config->{'table'}; my $u_field = $config->{'u_field'}; my $query = "SELECT $u_field FROM $table WHERE $u_field=?"; my @bind_params = ($username); # Uncomment this to do a basic trace on DBI information and log it # DBI->trace(1,'/tmp/dbi.log'); # Get DBI Object, do the query, disconnect my $dbh = _GetBoundDBIObj($config); my $results_hashref = $dbh->selectall_hashref($query,$u_field,{},@bind_params); $dbh->disconnect(); my $num_of_results = scalar keys %$results_hashref; if ($num_of_results > 1) { # If more than one result returned, die because we the username field should be unique! $RT::Logger->debug( "Disable Check Failed :: (", $service, ")", $username, "More than one user with that username!"); return 0; } elsif ($num_of_results < 1) { # If 0 or negative integer, no user found or major failure $RT::Logger->debug( "Disable Check Failed :: (", $service, ")", $username, "User not found"); return 0; } # Number of results is exactly one, so we found the user we were looking for return 1; } sub UserDisabled { my ($username,$service) = @_; # FIRST, check that the user exists in the DBI service unless(UserExists($username,$service)) { $RT::Logger->debug("User (",$username,") doesn't exist! - Assuming not disabled for the purposes of disable checking"); return 0; } # Get the necessary config info my $config = RT->Config->Get('ExternalSettings')->{$service}; my $table = $config->{'table'}; my $u_field = $config->{'u_field'}; my $disable_field = $config->{'d_field'}; my $disable_values_list = $config->{'d_values'}; unless ($disable_field) { # If we don't know how to check for disabled users, consider them all enabled. $RT::Logger->debug("No d_field specified for this DBI service (", $service, "), so considering all users enabled"); return 0; } my $query = "SELECT $u_field,$disable_field FROM $table WHERE $u_field=?"; my @bind_params = ($username); # Uncomment this to do a basic trace on DBI information and log it # DBI->trace(1,'/tmp/dbi.log'); # Get DBI Object, do the query, disconnect my $dbh = _GetBoundDBIObj($config); my $results_hashref = $dbh->selectall_hashref($query,$u_field,{},@bind_params); $dbh->disconnect(); my $num_of_results = scalar keys %$results_hashref; if ($num_of_results > 1) { # If more than one result returned, die because we the username field should be unique! $RT::Logger->debug( "Disable Check Failed :: (", $service, ")", $username, "More than one user with that username! - Assuming not disabled"); # Drop out to next service for an info check return 0; } elsif ($num_of_results < 1) { # If 0 or negative integer, no user found or major failure $RT::Logger->debug( "Disable Check Failed :: (", $service, ")", $username, "User not found - Assuming not disabled"); # Drop out to next service for an info check return 0; } else { # otherwise all should be well # $user_db_disable_value = The value for "disabled" returned from the DB my $user_db_disable_value = $results_hashref->{$username}->{$disable_field}; # For each of the values in the (list of values that we consider to mean the user is disabled).. foreach my $disable_value (@{$disable_values_list}){ $RT::Logger->debug( "DB Disable Check:", "User's Val is $user_db_disable_value,", "Checking against: $disable_value"); # If the value from the DB matches a value from the list, the user is disabled. if ($user_db_disable_value eq $disable_value) { return 1; } } # If we've not returned yet, the user can't be disabled return 0; } $RT::Logger->crit("It is seriously not possible to run this code.. what the hell did you do?!"); return 0; } sub GetCookieAuth { $RT::Logger->debug( (caller(0))[3], "Checking Browser Cookies for an Authenticated User"); # Get our cookie and database info... my $config = shift; my $username = undef; my $cookie_name = $config->{'name'}; my $cookie_value = RT::Authen::ExternalAuth::DBI::Cookie::GetCookieVal($cookie_name); unless($cookie_value){ return $username; } # The table mapping usernames to the Username Match Key my $u_table = $config->{'u_table'}; # The username field in that table my $u_field = $config->{'u_field'}; # The field that contains the Username Match Key my $u_match_key = $config->{'u_match_key'}; # The table mapping cookie values to the Cookie Match Key my $c_table = $config->{'c_table'}; # The cookie field in that table - The same as the cookie name if unspecified my $c_field = $config->{'c_field'}; # The field that connects the Cookie Match Key my $c_match_key = $config->{'c_match_key'}; # These are random characters to assign as table aliases in SQL # It saves a lot of garbled code later on my $u_table_alias = "u"; my $c_table_alias = "c"; # $tables will be passed straight into the SQL query # I don't see this as a security issue as only the admin may modify the config file anyway my $tables; # If the tables are the same, then the aliases should be the same # and the match key becomes irrelevant. Ensure this all works out # fine by setting both sides the same. In either case, set an # appropriate value for $tables. if ($u_table eq $c_table) { $u_table_alias = $c_table_alias; $u_match_key = $c_match_key; $tables = "$c_table $c_table_alias"; } else { $tables = "$c_table $c_table_alias, $u_table $u_table_alias"; } my $select_fields = "$u_table_alias.$u_field"; my $where_statement = "$c_table_alias.$c_field = ? AND $c_table_alias.$c_match_key = $u_table_alias.$u_match_key"; my $query = "SELECT $select_fields FROM $tables WHERE $where_statement"; my @params = ($cookie_value); # Use this if you need to debug the DBI SQL process # DBI->trace(1,'/tmp/dbi.log'); my $dbh = _GetBoundDBIObj(RT->Config->Get('ExternalSettings')->{$config->{'db_service_name'}}); my $query_result_arrayref = $dbh->selectall_arrayref($query,{},@params); $dbh->disconnect(); # The log messages say it all here... my $num_rows = scalar @$query_result_arrayref; if ($num_rows < 1) { $RT::Logger->info( "AUTH FAILED", $cookie_name, "Cookie value not found in database.", "User passed an authentication token they were not given by us!", "Is this nefarious activity?"); } elsif ($num_rows > 1) { $RT::Logger->error( "AUTH FAILED", $cookie_name, "Cookie's value is duplicated in the database! This should not happen!!"); } else { $username = $query_result_arrayref->[0][0]; } if ($username) { $RT::Logger->debug( "User (", $username, ") was authenticated by a browser cookie"); } else { $RT::Logger->debug( "No user was authenticated by browser cookie"); } return $username; } # {{{ sub _GetBoundDBIObj sub _GetBoundDBIObj { # Config as hashref. my $config = shift; # Extract the relevant information from the config. my $db_server = $config->{'server'}; my $db_user = $config->{'user'}; my $db_pass = $config->{'pass'}; my $db_database = $config->{'database'}; my $db_port = $config->{'port'}; my $dbi_driver = $config->{'dbi_driver'}; # Use config to create a DSN line for the DBI connection my $dsn; if ( $dbi_driver eq 'SQLite' ) { $dsn = "dbi:$dbi_driver:$db_database"; } else { $dsn = "dbi:$dbi_driver:database=$db_database;host=$db_server;port=$db_port"; } # Now let's get connected my $dbh = DBI->connect($dsn, $db_user, $db_pass,{RaiseError => 1, AutoCommit => 0 }) or die $DBI::errstr; # If we didn't die, return the DBI object handle # and hope it's treated sensibly and correctly # destroyed by the calling code return $dbh; } # }}} 1; RT-Authen-ExternalAuth-0.25/lib/RT/Authen/ExternalAuth/LDAP.pm000644 000766 000024 00000054437 12420026646 024404 0ustar00falconestaff000000 000000 package RT::Authen::ExternalAuth::LDAP; use Net::LDAP qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS); use Net::LDAP::Util qw(ldap_error_name escape_filter_value); use Net::LDAP::Filter; use strict; =head1 NAME RT::Authen::ExternalAuth::LDAP - LDAP source for RT authentication =head1 DESCRIPTION Provides the LDAP implementation for L. =head1 SYNOPSIS Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE 'My_LDAP' => { 'type' => 'ldap', 'server' => 'server.domain.tld', 'user' => 'rt_ldap_username', 'pass' => 'rt_ldap_password', 'base' => 'ou=Organisational Unit,dc=domain,dc=TLD', 'filter' => '(FILTER_STRING)', 'd_filter' => '(FILTER_STRING)', 'group' => 'GROUP_NAME', 'group_attr' => 'GROUP_ATTR', 'tls' => { verify => "require", capath => "/path/to/ca.pem" }, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' }, }, } ); =head1 CONFIGURATION LDAP-specific options are described here. Shared options are described in the F file included in this distribution. The example in the L lists all available options and they are described below. Note that many of these values are specific to LDAP, so you should consult your LDAP documentation for details. =over 4 =item server The server hosting the LDAP or AD service. =item user, pass The username and password RT should use to connect to the LDAP server. If you can bind to your LDAP server anonymously you may be able to omit these options. Many servers do not allow anonymous binds, or restrict what information they can see or how much information they can retrieve. If your server does not allow anonymous binds then you must have a service account created for this extension to function. =item base The LDAP search base. =item filter The filter to use to match RT users. You B specify it and it B be a valid LDAP filter encased in parentheses. For example: filter => '(objectClass=*)', =item d_filter The filter that will only match disabled users. Optional. B be a valid LDAP filter encased in parentheses. For example with Active Directory the following can be used: d_filter => '(userAccountControl:1.2.840.113556.1.4.803:=2)' =item group Does authentication depend on group membership? What group name? =item group_attr What is the attribute for the group object that determines membership? =item group_scope What is the scope of the group search? C, C or C. Optional; defaults to C, which is good enough for most cases. C is appropriate when you have nested groups. =item group_attr_value What is the attribute of the user entry that should be matched against group_attr above? Optional; defaults to C. =item tls Should we try to use TLS to encrypt connections? Either a scalar, for simple enabling, or a hash of values to pass to L. By default, L does B certificate validation! To validate certificates, pass: tls => { verify => 'require', cafile => "/etc/ssl/certs/ca.pem", # Path CA file }, =item net_ldap_args What other args should be passed to Net::LDAP->new($host,@args)? =back =cut sub GetAuth { my ($service, $username, $password) = @_; my $config = RT->Config->Get('ExternalSettings')->{$service}; $RT::Logger->debug( "Trying external auth service:",$service); my $base = $config->{'base'}; my $filter = $config->{'filter'}; my $group = $config->{'group'}; my $group_attr = $config->{'group_attr'}; my $group_attr_val = $config->{'group_attr_value'} || 'dn'; my $group_scope = $config->{'group_scope'} || 'base'; my $attr_map = $config->{'attr_map'}; my @attrs = ('dn'); # Make sure we fetch the user attribute we'll need for the group check push @attrs, $group_attr_val unless lc $group_attr_val eq 'dn'; # Empty parentheses as filters cause Net::LDAP to barf. # We take care of this by using Net::LDAP::Filter, but # there's no harm in fixing this right now. undef $filter if defined $filter and $filter eq "()"; # Now let's get connected my $ldap = _GetBoundLdapObj($config); return 0 unless ($ldap); $filter = Net::LDAP::Filter->new( '(&(' . $attr_map->{'Name'} . '=' . escape_filter_value($username) . ')' . $filter . ')' ); $RT::Logger->debug( "LDAP Search === ", "Base:", $base, "== Filter:", $filter->as_string, "== Attrs:", join(',',@attrs)); my $ldap_msg = $ldap->search( base => $base, filter => $filter, attrs => \@attrs); unless ($ldap_msg->code == LDAP_SUCCESS || $ldap_msg->code == LDAP_PARTIAL_RESULTS) { $RT::Logger->debug( "search for", $filter->as_string, "failed:", ldap_error_name($ldap_msg->code), $ldap_msg->code); # Didn't even get a partial result - jump straight to the next external auth service return 0; } unless ($ldap_msg->count == 1) { $RT::Logger->info( $service, "AUTH FAILED:", $username, "User not found or more than one user found"); # We got no user, or too many users.. jump straight to the next external auth service return 0; } my $ldap_entry = $ldap_msg->first_entry; my $ldap_dn = $ldap_entry->dn; $RT::Logger->debug( "Found LDAP DN:", $ldap_dn); # THIS bind determines success or failure on the password. $ldap_msg = $ldap->bind($ldap_dn, password => $password); unless ($ldap_msg->code == LDAP_SUCCESS) { $RT::Logger->info( $service, "AUTH FAILED", $username, "(can't bind:", ldap_error_name($ldap_msg->code), $ldap_msg->code, ")"); # Could not bind to the LDAP server as the user we found with the password # we were given, therefore the password must be wrong so we fail and # jump straight to the next external auth service return 0; } # The user is authenticated ok, but is there an LDAP Group to check? if ($group) { my $group_val = lc $group_attr_val eq 'dn' ? $ldap_dn : $ldap_entry->get_value($group_attr_val); # Fallback to the DN if the user record doesn't have a value unless (defined $group_val) { $group_val = $ldap_dn; $RT::Logger->debug("Attribute '$group_attr_val' has no value; falling back to '$group_val'"); } # We only need the dn for the actual group since all we care about is existence @attrs = qw(dn); $filter = Net::LDAP::Filter->new("(${group_attr}=" . escape_filter_value($group_val) . ")"); $RT::Logger->debug( "LDAP Search === ", "Base:", $group, "== Scope:", $group_scope, "== Filter:", $filter->as_string, "== Attrs:", join(',',@attrs)); $ldap_msg = $ldap->search( base => $group, filter => $filter, attrs => \@attrs, scope => $group_scope); # And the user isn't a member: unless ($ldap_msg->code == LDAP_SUCCESS || $ldap_msg->code == LDAP_PARTIAL_RESULTS) { $RT::Logger->critical( "Search for", $filter->as_string, "failed:", ldap_error_name($ldap_msg->code), $ldap_msg->code); # Fail auth - jump to next external auth service return 0; } unless ($ldap_msg->count == 1) { $RT::Logger->debug( "LDAP group membership check returned", $ldap_msg->count, "results" ); $RT::Logger->info( $service, "AUTH FAILED:", $username); # Fail auth - jump to next external auth service return 0; } } # Any other checks you want to add? Add them here. # If we've survived to this point, we're good. $RT::Logger->info( (caller(0))[3], "External Auth OK (", $service, "):", $username); return 1; } sub CanonicalizeUserInfo { my ($service, $key, $value) = @_; my $found = 0; my %params = (Name => undef, EmailAddress => undef, RealName => undef); # Load the config my $config = RT->Config->Get('ExternalSettings')->{$service}; # Figure out what's what my $base = $config->{'base'}; my $filter = $config->{'filter'}; # Get the list of unique attrs we need my @attrs = values(%{$config->{'attr_map'}}); # This is a bit confusing and probably broken. Something to revisit.. my $filter_addition = ($key && $value) ? "(". $key . "=". escape_filter_value($value) .")" : ""; if(defined($filter) && ($filter ne "()")) { $filter = Net::LDAP::Filter->new( "(&" . $filter . $filter_addition . ")" ); } else { $RT::Logger->debug( "LDAP Filter invalid or not present."); } unless (defined($base)) { $RT::Logger->critical( (caller(0))[3], "LDAP baseDN not defined"); # Drop out to the next external information service return ($found, %params); } # Get a Net::LDAP object based on the config we provide my $ldap = _GetBoundLdapObj($config); # Jump to the next external information service if we can't get one, # errors should be logged by _GetBoundLdapObj so we don't have to. return ($found, %params) unless ($ldap); # Do a search for them in LDAP $RT::Logger->debug( "LDAP Search === ", "Base:", $base, "== Filter:", $filter->as_string, "== Attrs:", join(',',@attrs)); my $ldap_msg = $ldap->search(base => $base, filter => $filter, attrs => \@attrs); # If we didn't get at LEAST a partial result, just die now. if ($ldap_msg->code != LDAP_SUCCESS and $ldap_msg->code != LDAP_PARTIAL_RESULTS) { $RT::Logger->critical( (caller(0))[3], ": Search for ", $filter->as_string, " failed: ", ldap_error_name($ldap_msg->code), $ldap_msg->code); # $found remains as 0 # Drop out to the next external information service $ldap_msg = $ldap->unbind(); if ($ldap_msg->code != LDAP_SUCCESS) { $RT::Logger->critical( (caller(0))[3], ": Could not unbind: ", ldap_error_name($ldap_msg->code), $ldap_msg->code); } undef $ldap; undef $ldap_msg; return ($found, %params); } else { # If there's only one match, we're good; more than one and # we don't know which is the right one so we skip it. if ($ldap_msg->count == 1) { my $entry = $ldap_msg->first_entry(); foreach my $key (keys(%{$config->{'attr_map'}})) { # XXX TODO: This legacy code wants to be removed since modern # configs will always fall through to the else and the logic is # weird even if you do have the old config. if ($RT::LdapAttrMap and $RT::LdapAttrMap->{$key} eq 'dn') { $params{$key} = $entry->dn(); } else { $params{$key} = ($entry->get_value($config->{'attr_map'}->{$key}))[0]; } } $found = 1; } else { # Drop out to the next external information service $ldap_msg = $ldap->unbind(); if ($ldap_msg->code != LDAP_SUCCESS) { $RT::Logger->critical( (caller(0))[3], ": Could not unbind: ", ldap_error_name($ldap_msg->code), $ldap_msg->code); } undef $ldap; undef $ldap_msg; return ($found, %params); } } $ldap_msg = $ldap->unbind(); if ($ldap_msg->code != LDAP_SUCCESS) { $RT::Logger->critical( (caller(0))[3], ": Could not unbind: ", ldap_error_name($ldap_msg->code), $ldap_msg->code); } undef $ldap; undef $ldap_msg; return ($found, %params); } sub UserExists { my ($username,$service) = @_; $RT::Logger->debug("UserExists params:\nusername: $username , service: $service"); my $config = RT->Config->Get('ExternalSettings')->{$service}; my $base = $config->{'base'}; my $filter = $config->{'filter'}; # While LDAP filters must be surrounded by parentheses, an empty set # of parentheses is an invalid filter and will cause failure # This shouldn't matter since we are now using Net::LDAP::Filter below, # but there's no harm in doing this to be sure undef $filter if defined $filter and $filter eq "()"; if (defined($config->{'attr_map'}->{'Name'})) { # Construct the complex filter $filter = Net::LDAP::Filter->new( '(&' . $filter . '(' . $config->{'attr_map'}->{'Name'} . '=' . escape_filter_value($username) . '))' ); } my $ldap = _GetBoundLdapObj($config); return unless $ldap; my @attrs = values(%{$config->{'attr_map'}}); # Check that the user exists in the LDAP service $RT::Logger->debug( "LDAP Search === ", "Base:", $base, "== Filter:", ($filter ? $filter->as_string : ''), "== Attrs:", join(',',@attrs)); my $user_found = $ldap->search( base => $base, filter => $filter, attrs => \@attrs); if($user_found->count < 1) { # If 0 or negative integer, no user found or major failure $RT::Logger->debug( "User Check Failed :: (", $service, ")", $username, "User not found"); return 0; } elsif ($user_found->count > 1) { # If more than one result returned, die because we the username field should be unique! $RT::Logger->debug( "User Check Failed :: (", $service, ")", $username, "More than one user with that username!"); return 0; } undef $user_found; # If we havent returned now, there must be a valid user. return 1; } sub UserDisabled { my ($username,$service) = @_; # FIRST, check that the user exists in the LDAP service unless(UserExists($username,$service)) { $RT::Logger->debug("User (",$username,") doesn't exist! - Assuming not disabled for the purposes of disable checking"); return 0; } my $config = RT->Config->Get('ExternalSettings')->{$service}; my $base = $config->{'base'}; my $filter = $config->{'filter'}; my $d_filter = $config->{'d_filter'}; my $search_filter; # While LDAP filters must be surrounded by parentheses, an empty set # of parentheses is an invalid filter and will cause failure # This shouldn't matter since we are now using Net::LDAP::Filter below, # but there's no harm in doing this to be sure undef $filter if defined $filter and $filter eq "()"; undef $d_filter if defined $d_filter and $d_filter eq "()"; unless ($d_filter) { # If we don't know how to check for disabled users, consider them all enabled. $RT::Logger->debug("No d_filter specified for this LDAP service (", $service, "), so considering all users enabled"); return 0; } if (defined($config->{'attr_map'}->{'Name'})) { # Construct the complex filter $search_filter = Net::LDAP::Filter->new( '(&' . $filter . $d_filter . '(' . $config->{'attr_map'}->{'Name'} . '=' . escape_filter_value($username) . '))' ); } else { $RT::Logger->debug("You haven't specified an LDAP attribute to match the RT \"Name\" attribute for this service (", $service, "), so it's impossible look up the disabled status of this user (", $username, ") so I'm just going to assume the user is not disabled"); return 0; } my $ldap = _GetBoundLdapObj($config); next unless $ldap; # We only need the UID for confirmation now, # the other information would waste time and bandwidth my @attrs = ('uid'); $RT::Logger->debug( "LDAP Search === ", "Base:", $base, "== Filter:", ($search_filter ? $search_filter->as_string : ''), "== Attrs:", join(',',@attrs)); my $disabled_users = $ldap->search(base => $base, filter => $search_filter, attrs => \@attrs); # If ANY results are returned, # we are going to assume the user should be disabled if ($disabled_users->count) { undef $disabled_users; return 1; } else { undef $disabled_users; return 0; } } # {{{ sub _GetBoundLdapObj sub _GetBoundLdapObj { # Config as hashref my $config = shift; # Figure out what's what my $ldap_server = $config->{'server'}; my $ldap_user = $config->{'user'}; my $ldap_pass = $config->{'pass'}; my $ldap_tls = $config->{'tls'}; $ldap_tls = $ldap_tls ? {} : undef unless ref $ldap_tls; my $ldap_args = $config->{'net_ldap_args'}; my $ldap = new Net::LDAP($ldap_server, @$ldap_args); unless ($ldap) { $RT::Logger->critical( (caller(0))[3], ": Cannot connect to", $ldap_server); return undef; } if ($ldap_tls) { # Thanks to David Narayan for the fault tolerance bits eval { $ldap->start_tls( %{$ldap_tls} ); }; if ($@) { $RT::Logger->critical( (caller(0))[3], "Can't start TLS: ", $@); return; } } my $msg = undef; if (($ldap_user) and ($ldap_pass)) { $msg = $ldap->bind($ldap_user, password => $ldap_pass); } elsif (($ldap_user) and ( ! $ldap_pass)) { $msg = $ldap->bind($ldap_user); } else { $msg = $ldap->bind; } unless ($msg->code == LDAP_SUCCESS) { $RT::Logger->critical( (caller(0))[3], "Can't bind:", ldap_error_name($msg->code), $msg->code); return undef; } else { return $ldap; } } # }}} 1; RT-Authen-ExternalAuth-0.25/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm000644 000766 000024 00000004613 12317071227 025462 0ustar00falconestaff000000 000000 package RT::Authen::ExternalAuth::DBI::Cookie; use CGI::Cookie; use strict; =head1 NAME RT::Authen::ExternalAuth::DBI::Cookie - Database-backed, cookie SSO source for RT authentication =head1 DESCRIPTION Provides the Cookie implementation for L. =head1 SYNOPSIS Set($ExternalSettings, { # An example SSO cookie service 'My_SSO_Cookie' => { 'type' => 'cookie', 'name' => 'loginCookieValue', 'u_table' => 'users', 'u_field' => 'username', 'u_match_key' => 'userID', 'c_table' => 'login_cookie', 'c_field' => 'loginCookieValue', 'c_match_key' => 'loginCookieUserID', 'db_service_name' => 'My_MySQL' }, 'My_MySQL' => { ... }, } ); =head1 CONFIGURATION Cookie-specific options are described here. Shared options are described in the F file included in this distribution. The example in the L lists all available options and they are described below. =over 4 =item name The name of the cookie to be used. =item u_table The users table. =item u_field The username field in the users table. =item u_match_key The field in the users table that uniquely identifies a user and also exists in the cookies table. See c_match_key below. =item c_table The cookies table. =item c_field The field that stores cookie values. =item c_match_key The field in the cookies table that uniquely identifies a user and also exists in the users table. See u_match_key above. =item db_service_name The DB service in this configuration to use to lookup the cookie information. See L. =back =cut # {{{ sub GetCookieVal sub GetCookieVal { # The name of the cookie my $cookie_name = shift; my $cookie_value; # Pull in all cookies from browser within our cookie domain my %cookies = CGI::Cookie->fetch(); # If the cookie is set, get the value, if it's not set, get out now! if (defined $cookies{$cookie_name}) { $cookie_value = $cookies{$cookie_name}->value; $RT::Logger->debug( "Cookie Found", ":: $cookie_name"); } else { $RT::Logger->debug( "Cookie Not Found"); } return $cookie_value; } # }}} 1; RT-Authen-ExternalAuth-0.25/inc/Module/000755 000766 000024 00000000000 12420030543 020353 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/inc/unicore/000755 000766 000024 00000000000 12420030543 020572 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/inc/YAML/000755 000766 000024 00000000000 12420030543 017670 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/inc/YAML/Tiny.pm000644 000766 000024 00000060413 12420030036 021152 0ustar00falconestaff000000 000000 #line 1 use 5.008001; # sane UTF-8 support use strict; use warnings; package YAML::Tiny; BEGIN { $YAML::Tiny::AUTHORITY = 'cpan:ADAMK'; } # git description: v1.61-3-g0a82466 $YAML::Tiny::VERSION = '1.62'; # XXX-INGY is 5.8.1 too old/broken for utf8? # XXX-XDG Lancaster consensus was that it was sufficient until # proven otherwise ##################################################################### # The YAML::Tiny API. # # These are the currently documented API functions/methods and # exports: use Exporter; our @ISA = qw{ Exporter }; our @EXPORT = qw{ Load Dump }; our @EXPORT_OK = qw{ LoadFile DumpFile freeze thaw }; ### # Functional/Export API: sub Dump { return YAML::Tiny->new(@_)->_dump_string; } # XXX-INGY Returning last document seems a bad behavior. # XXX-XDG I think first would seem more natural, but I don't know # that it's worth changing now sub Load { my $self = YAML::Tiny->_load_string(@_); if ( wantarray ) { return @$self; } else { # To match YAML.pm, return the last document return $self->[-1]; } } # XXX-INGY Do we really need freeze and thaw? # XXX-XDG I don't think so. I'd support deprecating them. BEGIN { *freeze = \&Dump; *thaw = \&Load; } sub DumpFile { my $file = shift; return YAML::Tiny->new(@_)->_dump_file($file); } sub LoadFile { my $file = shift; my $self = YAML::Tiny->_load_file($file); if ( wantarray ) { return @$self; } else { # Return only the last document to match YAML.pm, return $self->[-1]; } } ### # Object Oriented API: # Create an empty YAML::Tiny object # XXX-INGY Why do we use ARRAY object? # NOTE: I get it now, but I think it's confusing and not needed. # Will change it on a branch later, for review. # # XXX-XDG I don't support changing it yet. It's a very well-documented # "API" of YAML::Tiny. I'd support deprecating it, but Adam suggested # we not change it until YAML.pm's own OO API is established so that # users only have one API change to digest, not two sub new { my $class = shift; bless [ @_ ], $class; } # XXX-INGY It probably doesn't matter, and it's probably too late to # change, but 'read/write' are the wrong names. Read and Write # are actions that take data from storage to memory # characters/strings. These take the data to/from storage to native # Perl objects, which the terms dump and load are meant. As long as # this is a legacy quirk to YAML::Tiny it's ok, but I'd prefer not # to add new {read,write}_* methods to this API. sub read_string { my $self = shift; $self->_load_string(@_); } sub write_string { my $self = shift; $self->_dump_string(@_); } sub read { my $self = shift; $self->_load_file(@_); } sub write { my $self = shift; $self->_dump_file(@_); } ##################################################################### # Constants # Printed form of the unprintable characters in the lowest range # of ASCII characters, listed by ASCII ordinal position. my @UNPRINTABLE = qw( 0 x01 x02 x03 x04 x05 x06 a b t n v f r x0E x0F x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x1A e x1C x1D x1E x1F ); # Printable characters for escapes my %UNESCAPES = ( 0 => "\x00", z => "\x00", N => "\x85", a => "\x07", b => "\x08", t => "\x09", n => "\x0a", v => "\x0b", f => "\x0c", r => "\x0d", e => "\x1b", '\\' => '\\', ); # XXX-INGY # I(ngy) need to decide if these values should be quoted in # YAML::Tiny or not. Probably yes. # These 3 values have special meaning when unquoted and using the # default YAML schema. They need quotes if they are strings. my %QUOTE = map { $_ => 1 } qw{ null true false }; # The commented out form is simpler, but overloaded the Perl regex # engine due to recursion and backtracking problems on strings # larger than 32,000ish characters. Keep it for reference purposes. # qr/\"((?:\\.|[^\"])*)\"/ my $re_capture_double_quoted = qr/\"([^\\"]*(?:\\.[^\\"]*)*)\"/; my $re_capture_single_quoted = qr/\'([^\']*(?:\'\'[^\']*)*)\'/; # unquoted re gets trailing space that needs to be stripped my $re_capture_unquoted_key = qr/([^:]+(?::+\S(?:[^:]*|.*?(?=:)))*)(?=\s*\:(?:\s+|$))/; my $re_trailing_comment = qr/(?:\s+\#.*)?/; my $re_key_value_separator = qr/\s*:(?:\s+(?:\#.*)?|$)/; ##################################################################### # YAML::Tiny Implementation. # # These are the private methods that do all the work. They may change # at any time. ### # Loader functions: # Create an object from a file sub _load_file { my $class = ref $_[0] ? ref shift : shift; # Check the file my $file = shift or $class->_error( 'You did not specify a file name' ); $class->_error( "File '$file' does not exist" ) unless -e $file; $class->_error( "'$file' is a directory, not a file" ) unless -f _; $class->_error( "Insufficient permissions to read '$file'" ) unless -r _; # Open unbuffered with strict UTF-8 decoding and no translation layers open( my $fh, "<:unix:encoding(UTF-8)", $file ); unless ( $fh ) { $class->_error("Failed to open file '$file': $!"); } # flock if available (or warn if not possible for OS-specific reasons) if ( _can_flock() ) { flock( $fh, Fcntl::LOCK_SH() ) or warn "Couldn't lock '$file' for reading: $!"; } # slurp the contents my $contents = eval { use warnings FATAL => 'utf8'; local $/; <$fh> }; if ( my $err = $@ ) { $class->_error("Error reading from file '$file': $err"); } # close the file (release the lock) unless ( close $fh ) { $class->_error("Failed to close file '$file': $!"); } $class->_load_string( $contents ); } # Create an object from a string sub _load_string { my $class = ref $_[0] ? ref shift : shift; my $self = bless [], $class; my $string = $_[0]; eval { unless ( defined $string ) { die \"Did not provide a string to load"; } # Check if Perl has it marked as characters, but it's internally # inconsistent. E.g. maybe latin1 got read on a :utf8 layer if ( utf8::is_utf8($string) && ! utf8::valid($string) ) { die \<<'...'; Read an invalid UTF-8 string (maybe mixed UTF-8 and 8-bit character set). Did you decode with lax ":utf8" instead of strict ":encoding(UTF-8)"? ... } # Ensure Unicode character semantics, even for 0x80-0xff utf8::upgrade($string); # Check for and strip any leading UTF-8 BOM $string =~ s/^\x{FEFF}//; # Check for some special cases return $self unless length $string; # Split the file into lines my @lines = grep { ! /^\s*(?:\#.*)?\z/ } split /(?:\015{1,2}\012|\015|\012)/, $string; # Strip the initial YAML header @lines and $lines[0] =~ /^\%YAML[: ][\d\.]+.*\z/ and shift @lines; # A nibbling parser my $in_document = 0; while ( @lines ) { # Do we have a document header? if ( $lines[0] =~ /^---\s*(?:(.+)\s*)?\z/ ) { # Handle scalar documents shift @lines; if ( defined $1 and $1 !~ /^(?:\#.+|\%YAML[: ][\d\.]+)\z/ ) { push @$self, $self->_load_scalar( "$1", [ undef ], \@lines ); next; } $in_document = 1; } if ( ! @lines or $lines[0] =~ /^(?:---|\.\.\.)/ ) { # A naked document push @$self, undef; while ( @lines and $lines[0] !~ /^---/ ) { shift @lines; } $in_document = 0; # XXX The final '-+$' is to look for -- which ends up being an # error later. } elsif ( ! $in_document && @$self ) { # only the first document can be explicit die \"YAML::Tiny failed to classify the line '$lines[0]'"; } elsif ( $lines[0] =~ /^\s*\-(?:\s|$|-+$)/ ) { # An array at the root my $document = [ ]; push @$self, $document; $self->_load_array( $document, [ 0 ], \@lines ); } elsif ( $lines[0] =~ /^(\s*)\S/ ) { # A hash at the root my $document = { }; push @$self, $document; $self->_load_hash( $document, [ length($1) ], \@lines ); } else { # Shouldn't get here. @lines have whitespace-only lines # stripped, and previous match is a line with any # non-whitespace. So this clause should only be reachable via # a perlbug where \s is not symmetric with \S # uncoverable statement die \"YAML::Tiny failed to classify the line '$lines[0]'"; } } }; if ( ref $@ eq 'SCALAR' ) { $self->_error(${$@}); } elsif ( $@ ) { $self->_error($@); } return $self; } sub _unquote_single { my ($self, $string) = @_; return '' unless length $string; $string =~ s/\'\'/\'/g; return $string; } sub _unquote_double { my ($self, $string) = @_; return '' unless length $string; $string =~ s/\\"/"/g; $string =~ s{\\([Nnever\\fartz0b]|x([0-9a-fA-F]{2}))} {(length($1)>1)?pack("H2",$2):$UNESCAPES{$1}}gex; return $string; } # Load a YAML scalar string to the actual Perl scalar sub _load_scalar { my ($self, $string, $indent, $lines) = @_; # Trim trailing whitespace $string =~ s/\s*\z//; # Explitic null/undef return undef if $string eq '~'; # Single quote if ( $string =~ /^$re_capture_single_quoted$re_trailing_comment\z/ ) { return $self->_unquote_single($1); } # Double quote. if ( $string =~ /^$re_capture_double_quoted$re_trailing_comment\z/ ) { return $self->_unquote_double($1); } # Special cases if ( $string =~ /^[\'\"!&]/ ) { die \"YAML::Tiny does not support a feature in line '$string'"; } return {} if $string =~ /^{}(?:\s+\#.*)?\z/; return [] if $string =~ /^\[\](?:\s+\#.*)?\z/; # Regular unquoted string if ( $string !~ /^[>|]/ ) { die \"YAML::Tiny found illegal characters in plain scalar: '$string'" if $string =~ /^(?:-(?:\s|$)|[\@\%\`])/ or $string =~ /:(?:\s|$)/; $string =~ s/\s+#.*\z//; return $string; } # Error die \"YAML::Tiny failed to find multi-line scalar content" unless @$lines; # Check the indent depth $lines->[0] =~ /^(\s*)/; $indent->[-1] = length("$1"); if ( defined $indent->[-2] and $indent->[-1] <= $indent->[-2] ) { die \"YAML::Tiny found bad indenting in line '$lines->[0]'"; } # Pull the lines my @multiline = (); while ( @$lines ) { $lines->[0] =~ /^(\s*)/; last unless length($1) >= $indent->[-1]; push @multiline, substr(shift(@$lines), length($1)); } my $j = (substr($string, 0, 1) eq '>') ? ' ' : "\n"; my $t = (substr($string, 1, 1) eq '-') ? '' : "\n"; return join( $j, @multiline ) . $t; } # Load an array sub _load_array { my ($self, $array, $indent, $lines) = @_; while ( @$lines ) { # Check for a new document if ( $lines->[0] =~ /^(?:---|\.\.\.)/ ) { while ( @$lines and $lines->[0] !~ /^---/ ) { shift @$lines; } return 1; } # Check the indent level $lines->[0] =~ /^(\s*)/; if ( length($1) < $indent->[-1] ) { return 1; } elsif ( length($1) > $indent->[-1] ) { die \"YAML::Tiny found bad indenting in line '$lines->[0]'"; } if ( $lines->[0] =~ /^(\s*\-\s+)[^\'\"]\S*\s*:(?:\s+|$)/ ) { # Inline nested hash my $indent2 = length("$1"); $lines->[0] =~ s/-/ /; push @$array, { }; $self->_load_hash( $array->[-1], [ @$indent, $indent2 ], $lines ); } elsif ( $lines->[0] =~ /^\s*\-\s*\z/ ) { shift @$lines; unless ( @$lines ) { push @$array, undef; return 1; } if ( $lines->[0] =~ /^(\s*)\-/ ) { my $indent2 = length("$1"); if ( $indent->[-1] == $indent2 ) { # Null array entry push @$array, undef; } else { # Naked indenter push @$array, [ ]; $self->_load_array( $array->[-1], [ @$indent, $indent2 ], $lines ); } } elsif ( $lines->[0] =~ /^(\s*)\S/ ) { push @$array, { }; $self->_load_hash( $array->[-1], [ @$indent, length("$1") ], $lines ); } else { die \"YAML::Tiny failed to classify line '$lines->[0]'"; } } elsif ( $lines->[0] =~ /^\s*\-(\s*)(.+?)\s*\z/ ) { # Array entry with a value shift @$lines; push @$array, $self->_load_scalar( "$2", [ @$indent, undef ], $lines ); } elsif ( defined $indent->[-2] and $indent->[-1] == $indent->[-2] ) { # This is probably a structure like the following... # --- # foo: # - list # bar: value # # ... so lets return and let the hash parser handle it return 1; } else { die \"YAML::Tiny failed to classify line '$lines->[0]'"; } } return 1; } # Load a hash sub _load_hash { my ($self, $hash, $indent, $lines) = @_; while ( @$lines ) { # Check for a new document if ( $lines->[0] =~ /^(?:---|\.\.\.)/ ) { while ( @$lines and $lines->[0] !~ /^---/ ) { shift @$lines; } return 1; } # Check the indent level $lines->[0] =~ /^(\s*)/; if ( length($1) < $indent->[-1] ) { return 1; } elsif ( length($1) > $indent->[-1] ) { die \"YAML::Tiny found bad indenting in line '$lines->[0]'"; } # Find the key my $key; # Quoted keys if ( $lines->[0] =~ s/^\s*$re_capture_single_quoted$re_key_value_separator// ) { $key = $self->_unquote_single($1); } elsif ( $lines->[0] =~ s/^\s*$re_capture_double_quoted$re_key_value_separator// ) { $key = $self->_unquote_double($1); } elsif ( $lines->[0] =~ s/^\s*$re_capture_unquoted_key$re_key_value_separator// ) { $key = $1; $key =~ s/\s+$//; } elsif ( $lines->[0] =~ /^\s*\?/ ) { die \"YAML::Tiny does not support a feature in line '$lines->[0]'"; } else { die \"YAML::Tiny failed to classify line '$lines->[0]'"; } # Do we have a value? if ( length $lines->[0] ) { # Yes $hash->{$key} = $self->_load_scalar( shift(@$lines), [ @$indent, undef ], $lines ); } else { # An indent shift @$lines; unless ( @$lines ) { $hash->{$key} = undef; return 1; } if ( $lines->[0] =~ /^(\s*)-/ ) { $hash->{$key} = []; $self->_load_array( $hash->{$key}, [ @$indent, length($1) ], $lines ); } elsif ( $lines->[0] =~ /^(\s*)./ ) { my $indent2 = length("$1"); if ( $indent->[-1] >= $indent2 ) { # Null hash entry $hash->{$key} = undef; } else { $hash->{$key} = {}; $self->_load_hash( $hash->{$key}, [ @$indent, length($1) ], $lines ); } } } } return 1; } ### # Dumper functions: # Save an object to a file sub _dump_file { my $self = shift; require Fcntl; # Check the file my $file = shift or $self->_error( 'You did not specify a file name' ); my $fh; # flock if available (or warn if not possible for OS-specific reasons) if ( _can_flock() ) { # Open without truncation (truncate comes after lock) my $flags = Fcntl::O_WRONLY()|Fcntl::O_CREAT(); sysopen( $fh, $file, $flags ); unless ( $fh ) { $self->_error("Failed to open file '$file' for writing: $!"); } # Use no translation and strict UTF-8 binmode( $fh, ":raw:encoding(UTF-8)"); flock( $fh, Fcntl::LOCK_EX() ) or warn "Couldn't lock '$file' for reading: $!"; # truncate and spew contents truncate $fh, 0; seek $fh, 0, 0; } else { open $fh, ">:unix:encoding(UTF-8)", $file; } # serialize and spew to the handle print {$fh} $self->_dump_string; # close the file (release the lock) unless ( close $fh ) { $self->_error("Failed to close file '$file': $!"); } return 1; } # Save an object to a string sub _dump_string { my $self = shift; return '' unless ref $self && @$self; # Iterate over the documents my $indent = 0; my @lines = (); eval { foreach my $cursor ( @$self ) { push @lines, '---'; # An empty document if ( ! defined $cursor ) { # Do nothing # A scalar document } elsif ( ! ref $cursor ) { $lines[-1] .= ' ' . $self->_dump_scalar( $cursor ); # A list at the root } elsif ( ref $cursor eq 'ARRAY' ) { unless ( @$cursor ) { $lines[-1] .= ' []'; next; } push @lines, $self->_dump_array( $cursor, $indent, {} ); # A hash at the root } elsif ( ref $cursor eq 'HASH' ) { unless ( %$cursor ) { $lines[-1] .= ' {}'; next; } push @lines, $self->_dump_hash( $cursor, $indent, {} ); } else { die \("Cannot serialize " . ref($cursor)); } } }; if ( ref $@ eq 'SCALAR' ) { $self->_error(${$@}); } elsif ( $@ ) { $self->_error($@); } join '', map { "$_\n" } @lines; } sub _has_internal_string_value { my $value = shift; my $b_obj = B::svref_2object(\$value); # for round trip problem return $b_obj->FLAGS & B::SVf_POK(); } sub _dump_scalar { my $string = $_[1]; my $is_key = $_[2]; # Check this before checking length or it winds up looking like a string! my $has_string_flag = _has_internal_string_value($string); return '~' unless defined $string; return "''" unless length $string; if (Scalar::Util::looks_like_number($string)) { # keys and values that have been used as strings get quoted if ( $is_key || $has_string_flag ) { return qq['$string']; } else { return $string; } } if ( $string =~ /[\x00-\x09\x0b-\x0d\x0e-\x1f\x7f-\x9f\'\n]/ ) { $string =~ s/\\/\\\\/g; $string =~ s/"/\\"/g; $string =~ s/\n/\\n/g; $string =~ s/[\x85]/\\N/g; $string =~ s/([\x00-\x1f])/\\$UNPRINTABLE[ord($1)]/g; $string =~ s/([\x7f-\x9f])/'\x' . sprintf("%X",ord($1))/ge; return qq|"$string"|; } if ( $string =~ /(?:^[~!@#%&*|>?:,'"`{}\[\]]|^-+$|\s|:\z)/ or $QUOTE{$string} ) { return "'$string'"; } return $string; } sub _dump_array { my ($self, $array, $indent, $seen) = @_; if ( $seen->{refaddr($array)}++ ) { die \"YAML::Tiny does not support circular references"; } my @lines = (); foreach my $el ( @$array ) { my $line = (' ' x $indent) . '-'; my $type = ref $el; if ( ! $type ) { $line .= ' ' . $self->_dump_scalar( $el ); push @lines, $line; } elsif ( $type eq 'ARRAY' ) { if ( @$el ) { push @lines, $line; push @lines, $self->_dump_array( $el, $indent + 1, $seen ); } else { $line .= ' []'; push @lines, $line; } } elsif ( $type eq 'HASH' ) { if ( keys %$el ) { push @lines, $line; push @lines, $self->_dump_hash( $el, $indent + 1, $seen ); } else { $line .= ' {}'; push @lines, $line; } } else { die \"YAML::Tiny does not support $type references"; } } @lines; } sub _dump_hash { my ($self, $hash, $indent, $seen) = @_; if ( $seen->{refaddr($hash)}++ ) { die \"YAML::Tiny does not support circular references"; } my @lines = (); foreach my $name ( sort keys %$hash ) { my $el = $hash->{$name}; my $line = (' ' x $indent) . $self->_dump_scalar($name, 1) . ":"; my $type = ref $el; if ( ! $type ) { $line .= ' ' . $self->_dump_scalar( $el ); push @lines, $line; } elsif ( $type eq 'ARRAY' ) { if ( @$el ) { push @lines, $line; push @lines, $self->_dump_array( $el, $indent + 1, $seen ); } else { $line .= ' []'; push @lines, $line; } } elsif ( $type eq 'HASH' ) { if ( keys %$el ) { push @lines, $line; push @lines, $self->_dump_hash( $el, $indent + 1, $seen ); } else { $line .= ' {}'; push @lines, $line; } } else { die \"YAML::Tiny does not support $type references"; } } @lines; } ##################################################################### # DEPRECATED API methods: # Error storage (DEPRECATED as of 1.57) our $errstr = ''; # Set error sub _error { require Carp; $errstr = $_[1]; $errstr =~ s/ at \S+ line \d+.*//; Carp::croak( $errstr ); } # Retrieve error my $errstr_warned; sub errstr { require Carp; Carp::carp( "YAML::Tiny->errstr and \$YAML::Tiny::errstr is deprecated" ) unless $errstr_warned++; $errstr; } ##################################################################### # Helper functions. Possibly not needed. # Use to detect nv or iv use B; # XXX-INGY Is flock YAML::Tiny's responsibility? # Some platforms can't flock :-( # XXX-XDG I think it is. When reading and writing files, we ought # to be locking whenever possible. People (foolishly) use YAML # files for things like session storage, which has race issues. my $HAS_FLOCK; sub _can_flock { if ( defined $HAS_FLOCK ) { return $HAS_FLOCK; } else { require Config; my $c = \%Config::Config; $HAS_FLOCK = grep { $c->{$_} } qw/d_flock d_fcntl_can_lock d_lockf/; require Fcntl if $HAS_FLOCK; return $HAS_FLOCK; } } # XXX-INGY Is this core in 5.8.1? Can we remove this? # XXX-XDG Scalar::Util 1.18 didn't land until 5.8.8, so we need this ##################################################################### # Use Scalar::Util if possible, otherwise emulate it BEGIN { local $@; if ( eval { require Scalar::Util; Scalar::Util->VERSION(1.18); } ) { *refaddr = *Scalar::Util::refaddr; } else { eval <<'END_PERL'; # Scalar::Util failed to load or too old sub refaddr { my $pkg = ref($_[0]) or return undef; if ( !! UNIVERSAL::can($_[0], 'can') ) { bless $_[0], 'Scalar::Util::Fake'; } else { $pkg = undef; } "$_[0]" =~ /0x(\w+)/; my $i = do { no warnings 'portable'; hex $1 }; bless $_[0], $pkg if defined $pkg; $i; } END_PERL } } 1; # XXX-INGY Doc notes I'm putting up here. Changing the doc when it's wrong # but leaving grey area stuff up here. # # I would like to change Read/Write to Load/Dump below without # changing the actual API names. # # It might be better to put Load/Dump API in the SYNOPSIS instead of the # dubious OO API. # # null and bool explanations may be outdated. __END__ #line 1488 RT-Authen-ExternalAuth-0.25/inc/unicore/Name.pm000644 000766 000024 00000021370 12420030036 022010 0ustar00falconestaff000000 000000 #line 1 # !!!!!!! DO NOT EDIT THIS FILE !!!!!!! # This file is machine-generated by lib/unicore/mktables from the Unicode # database, Version 6.3.0. Any changes made here will be lost! # !!!!!!! INTERNAL PERL USE ONLY !!!!!!! # This file is for internal use by core Perl only. The format and even the # name or existence of this file are subject to change without notice. Don't # use it directly. Use Unicode::UCD to access the Unicode character data # base. package charnames; # This module contains machine-generated tables and code for the # algorithmically-determinable Unicode character names. The following # routines can be used to translate between name and code point and vice versa { # Closure # Matches legal code point. 4-6 hex numbers, If there are 6, the first # two must be 10; if there are 5, the first must not be a 0. Written this # way to decrease backtracking. The first regex allows the code point to # be at the end of a word, but to work properly, the word shouldn't end # with a valid hex character. The second one won't match a code point at # the end of a word, and doesn't have the run-on issue my $run_on_code_point_re = qr/(?^aax: (?: 10[0-9A-F]{4} | [1-9A-F][0-9A-F]{4} | [0-9A-F]{4} ) \b)/; my $code_point_re = qr/(?^aa:\b(?^aax: (?: 10[0-9A-F]{4} | [1-9A-F][0-9A-F]{4} | [0-9A-F]{4} ) \b))/; # In the following hash, the keys are the bases of names which include # the code point in the name, like CJK UNIFIED IDEOGRAPH-4E01. The value # of each key is another hash which is used to get the low and high ends # for each range of code points that apply to the name. my %names_ending_in_code_point = ( 'CJK COMPATIBILITY IDEOGRAPH' => { 'high' => [ 64109, 64217, 195101, ], 'low' => [ 63744, 64112, 194560, ], }, 'CJK UNIFIED IDEOGRAPH' => { 'high' => [ 19893, 40908, 173782, 177972, 178205, ], 'low' => [ 13312, 19968, 131072, 173824, 177984, ], }, ); # The following hash is a copy of the previous one, except is for loose # matching, so each name has blanks and dashes squeezed out my %loose_names_ending_in_code_point = ( 'CJKCOMPATIBILITYIDEOGRAPH' => { 'high' => [ 64109, 64217, 195101, ], 'low' => [ 63744, 64112, 194560, ], }, 'CJKUNIFIEDIDEOGRAPH' => { 'high' => [ 19893, 40908, 173782, 177972, 178205, ], 'low' => [ 13312, 19968, 131072, 173824, 177984, ], }, ); # And the following array gives the inverse mapping from code points to # names. Lowest code points are first my @code_points_ending_in_code_point = ( { 'high' => 19893, 'low' => 13312, 'name' => 'CJK UNIFIED IDEOGRAPH', }, { 'high' => 40908, 'low' => 19968, 'name' => 'CJK UNIFIED IDEOGRAPH', }, { 'high' => 64109, 'low' => 63744, 'name' => 'CJK COMPATIBILITY IDEOGRAPH', }, { 'high' => 64217, 'low' => 64112, 'name' => 'CJK COMPATIBILITY IDEOGRAPH', }, { 'high' => 173782, 'low' => 131072, 'name' => 'CJK UNIFIED IDEOGRAPH', }, { 'high' => 177972, 'low' => 173824, 'name' => 'CJK UNIFIED IDEOGRAPH', }, { 'high' => 178205, 'low' => 177984, 'name' => 'CJK UNIFIED IDEOGRAPH', }, { 'high' => 195101, 'low' => 194560, 'name' => 'CJK COMPATIBILITY IDEOGRAPH', }, , ); # Convert from code point to Jamo short name for use in composing Hangul # syllable names my %Jamo = ( 4352 => 'G', 4353 => 'GG', 4354 => 'N', 4355 => 'D', 4356 => 'DD', 4357 => 'R', 4358 => 'M', 4359 => 'B', 4360 => 'BB', 4361 => 'S', 4362 => 'SS', 4363 => '', 4364 => 'J', 4365 => 'JJ', 4366 => 'C', 4367 => 'K', 4368 => 'T', 4369 => 'P', 4370 => 'H', 4449 => 'A', 4450 => 'AE', 4451 => 'YA', 4452 => 'YAE', 4453 => 'EO', 4454 => 'E', 4455 => 'YEO', 4456 => 'YE', 4457 => 'O', 4458 => 'WA', 4459 => 'WAE', 4460 => 'OE', 4461 => 'YO', 4462 => 'U', 4463 => 'WEO', 4464 => 'WE', 4465 => 'WI', 4466 => 'YU', 4467 => 'EU', 4468 => 'YI', 4469 => 'I', 4520 => 'G', 4521 => 'GG', 4522 => 'GS', 4523 => 'N', 4524 => 'NJ', 4525 => 'NH', 4526 => 'D', 4527 => 'L', 4528 => 'LG', 4529 => 'LM', 4530 => 'LB', 4531 => 'LS', 4532 => 'LT', 4533 => 'LP', 4534 => 'LH', 4535 => 'M', 4536 => 'B', 4537 => 'BS', 4538 => 'S', 4539 => 'SS', 4540 => 'NG', 4541 => 'J', 4542 => 'C', 4543 => 'K', 4544 => 'T', 4545 => 'P', 4546 => 'H', ); # Leading consonant (can be null) my %Jamo_L = ( '' => 11, 'B' => 7, 'BB' => 8, 'C' => 14, 'D' => 3, 'DD' => 4, 'G' => 0, 'GG' => 1, 'H' => 18, 'J' => 12, 'JJ' => 13, 'K' => 15, 'M' => 6, 'N' => 2, 'P' => 17, 'R' => 5, 'S' => 9, 'SS' => 10, 'T' => 16, ); # Vowel my %Jamo_V = ( 'A' => 0, 'AE' => 1, 'E' => 5, 'EO' => 4, 'EU' => 18, 'I' => 20, 'O' => 8, 'OE' => 11, 'U' => 13, 'WA' => 9, 'WAE' => 10, 'WE' => 15, 'WEO' => 14, 'WI' => 16, 'YA' => 2, 'YAE' => 3, 'YE' => 7, 'YEO' => 6, 'YI' => 19, 'YO' => 12, 'YU' => 17, ); # Optional trailing consonant my %Jamo_T = ( 'B' => 17, 'BS' => 18, 'C' => 23, 'D' => 7, 'G' => 1, 'GG' => 2, 'GS' => 3, 'H' => 27, 'J' => 22, 'K' => 24, 'L' => 8, 'LB' => 11, 'LG' => 9, 'LH' => 15, 'LM' => 10, 'LP' => 14, 'LS' => 12, 'LT' => 13, 'M' => 16, 'N' => 4, 'NG' => 21, 'NH' => 6, 'NJ' => 5, 'P' => 26, 'S' => 19, 'SS' => 20, 'T' => 25, ); # Computed re that splits up a Hangul name into LVT or LV syllables my $syllable_re = qr/(|B|BB|C|D|DD|G|GG|H|J|JJ|K|M|N|P|R|S|SS|T)(A|AE|E|EO|EU|I|O|OE|U|WA|WAE|WE|WEO|WI|YA|YAE|YE|YEO|YI|YO|YU)(B|BS|C|D|G|GG|GS|H|J|K|L|LB|LG|LH|LM|LP|LS|LT|M|N|NG|NH|NJ|P|S|SS|T)?/; my $HANGUL_SYLLABLE = "HANGUL SYLLABLE "; my $loose_HANGUL_SYLLABLE = "HANGULSYLLABLE"; # These constants names and values were taken from the Unicode standard, # version 5.1, section 3.12. They are used in conjunction with Hangul # syllables my $SBase = 0xAC00; my $LBase = 0x1100; my $VBase = 0x1161; my $TBase = 0x11A7; my $SCount = 11172; my $LCount = 19; my $VCount = 21; my $TCount = 28; my $NCount = $VCount * $TCount; sub name_to_code_point_special { my ($name, $loose) = @_; # Returns undef if not one of the specially handled names; otherwise # returns the code point equivalent to the input name # $loose is non-zero if to use loose matching, 'name' in that case # must be input as upper case with all blanks and dashes squeezed out. if ((! $loose && $name =~ s/$HANGUL_SYLLABLE//) || ($loose && $name =~ s/$loose_HANGUL_SYLLABLE//)) { return if $name !~ qr/^$syllable_re$/; my $L = $Jamo_L{$1}; my $V = $Jamo_V{$2}; my $T = (defined $3) ? $Jamo_T{$3} : 0; return ($L * $VCount + $V) * $TCount + $T + $SBase; } # Name must end in 'code_point' for this to handle. return if (($loose && $name !~ /^ (.*?) ($run_on_code_point_re) $/x) || (! $loose && $name !~ /^ (.*) ($code_point_re) $/x)); my $base = $1; my $code_point = CORE::hex $2; my $names_ref; if ($loose) { $names_ref = \%loose_names_ending_in_code_point; } else { return if $base !~ s/-$//; $names_ref = \%names_ending_in_code_point; } # Name must be one of the ones which has the code point in it. return if ! $names_ref->{$base}; # Look through the list of ranges that apply to this name to see if # the code point is in one of them. for (my $i = 0; $i < scalar @{$names_ref->{$base}{'low'}}; $i++) { return if $names_ref->{$base}{'low'}->[$i] > $code_point; next if $names_ref->{$base}{'high'}->[$i] < $code_point; # Here, the code point is in the range. return $code_point; } # Here, looked like the name had a code point number in it, but # did not match one of the valid ones. return; } sub code_point_to_name_special { my $code_point = shift; # Returns the name of a code point if algorithmically determinable; # undef if not # If in the Hangul range, calculate the name based on Unicode's # algorithm if ($code_point >= $SBase && $code_point <= $SBase + $SCount -1) { use integer; my $SIndex = $code_point - $SBase; my $L = $LBase + $SIndex / $NCount; my $V = $VBase + ($SIndex % $NCount) / $TCount; my $T = $TBase + $SIndex % $TCount; $name = "$HANGUL_SYLLABLE$Jamo{$L}$Jamo{$V}"; $name .= $Jamo{$T} if $T != $TBase; return $name; } # Look through list of these code points for one in range. foreach my $hash (@code_points_ending_in_code_point) { return if $code_point < $hash->{'low'}; if ($code_point <= $hash->{'high'}) { return sprintf("%s-%04X", $hash->{'name'}, $code_point); } } return; # None found } } # End closure 1; RT-Authen-ExternalAuth-0.25/inc/Module/AutoInstall.pm000644 000766 000024 00000062254 12420030036 023156 0ustar00falconestaff000000 000000 #line 1 package Module::AutoInstall; use strict; use Cwd (); use File::Spec (); use ExtUtils::MakeMaker (); use vars qw{$VERSION}; BEGIN { $VERSION = '1.12'; } # special map on pre-defined feature sets my %FeatureMap = ( '' => 'Core Features', # XXX: deprecated '-core' => 'Core Features', ); # various lexical flags my ( @Missing, @Existing, %DisabledTests, $UnderCPAN, $InstallDepsTarget, $HasCPANPLUS ); my ( $Config, $CheckOnly, $SkipInstall, $AcceptDefault, $TestOnly, $AllDeps, $UpgradeDeps ); my ( $PostambleActions, $PostambleActionsNoTest, $PostambleActionsUpgradeDeps, $PostambleActionsUpgradeDepsNoTest, $PostambleActionsListDeps, $PostambleActionsListAllDeps, $PostambleUsed, $NoTest); # See if it's a testing or non-interactive session _accept_default( $ENV{AUTOMATED_TESTING} or ! -t STDIN ); _init(); sub _accept_default { $AcceptDefault = shift; } sub _installdeps_target { $InstallDepsTarget = shift; } sub missing_modules { return @Missing; } sub do_install { __PACKAGE__->install( [ $Config ? ( UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) : () ], @Missing, ); } # initialize various flags, and/or perform install sub _init { foreach my $arg ( @ARGV, split( /[\s\t]+/, $ENV{PERL_AUTOINSTALL} || $ENV{PERL_EXTUTILS_AUTOINSTALL} || '' ) ) { if ( $arg =~ /^--config=(.*)$/ ) { $Config = [ split( ',', $1 ) ]; } elsif ( $arg =~ /^--installdeps=(.*)$/ ) { __PACKAGE__->install( $Config, @Missing = split( /,/, $1 ) ); exit 0; } elsif ( $arg =~ /^--upgradedeps=(.*)$/ ) { $UpgradeDeps = 1; __PACKAGE__->install( $Config, @Missing = split( /,/, $1 ) ); exit 0; } elsif ( $arg =~ /^--default(?:deps)?$/ ) { $AcceptDefault = 1; } elsif ( $arg =~ /^--check(?:deps)?$/ ) { $CheckOnly = 1; } elsif ( $arg =~ /^--skip(?:deps)?$/ ) { $SkipInstall = 1; } elsif ( $arg =~ /^--test(?:only)?$/ ) { $TestOnly = 1; } elsif ( $arg =~ /^--all(?:deps)?$/ ) { $AllDeps = 1; } } } # overrides MakeMaker's prompt() to automatically accept the default choice sub _prompt { goto &ExtUtils::MakeMaker::prompt unless $AcceptDefault; my ( $prompt, $default ) = @_; my $y = ( $default =~ /^[Yy]/ ); print $prompt, ' [', ( $y ? 'Y' : 'y' ), '/', ( $y ? 'n' : 'N' ), '] '; print "$default\n"; return $default; } # the workhorse sub import { my $class = shift; my @args = @_ or return; my $core_all; print "*** $class version " . $class->VERSION . "\n"; print "*** Checking for Perl dependencies...\n"; my $cwd = Cwd::getcwd(); $Config = []; my $maxlen = length( ( sort { length($b) <=> length($a) } grep { /^[^\-]/ } map { ref($_) ? ( ( ref($_) eq 'HASH' ) ? keys(%$_) : @{$_} ) : '' } map { +{@args}->{$_} } grep { /^[^\-]/ or /^-core$/i } keys %{ +{@args} } )[0] ); # We want to know if we're under CPAN early to avoid prompting, but # if we aren't going to try and install anything anyway then skip the # check entirely since we don't want to have to load (and configure) # an old CPAN just for a cosmetic message $UnderCPAN = _check_lock(1) unless $SkipInstall || $InstallDepsTarget; while ( my ( $feature, $modules ) = splice( @args, 0, 2 ) ) { my ( @required, @tests, @skiptests ); my $default = 1; my $conflict = 0; if ( $feature =~ m/^-(\w+)$/ ) { my $option = lc($1); # check for a newer version of myself _update_to( $modules, @_ ) and return if $option eq 'version'; # sets CPAN configuration options $Config = $modules if $option eq 'config'; # promote every features to core status $core_all = ( $modules =~ /^all$/i ) and next if $option eq 'core'; next unless $option eq 'core'; } print "[" . ( $FeatureMap{ lc($feature) } || $feature ) . "]\n"; $modules = [ %{$modules} ] if UNIVERSAL::isa( $modules, 'HASH' ); unshift @$modules, -default => &{ shift(@$modules) } if ( ref( $modules->[0] ) eq 'CODE' ); # XXX: bugward compatibility while ( my ( $mod, $arg ) = splice( @$modules, 0, 2 ) ) { if ( $mod =~ m/^-(\w+)$/ ) { my $option = lc($1); $default = $arg if ( $option eq 'default' ); $conflict = $arg if ( $option eq 'conflict' ); @tests = @{$arg} if ( $option eq 'tests' ); @skiptests = @{$arg} if ( $option eq 'skiptests' ); next; } printf( "- %-${maxlen}s ...", $mod ); if ( $arg and $arg =~ /^\D/ ) { unshift @$modules, $arg; $arg = 0; } # XXX: check for conflicts and uninstalls(!) them. my $cur = _version_of($mod); if (_version_cmp ($cur, $arg) >= 0) { print "loaded. ($cur" . ( $arg ? " >= $arg" : '' ) . ")\n"; push @Existing, $mod => $arg; $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; } else { if (not defined $cur) # indeed missing { print "missing." . ( $arg ? " (would need $arg)" : '' ) . "\n"; } else { # no need to check $arg as _version_cmp ($cur, undef) would satisfy >= above print "too old. ($cur < $arg)\n"; } push @required, $mod => $arg; } } next unless @required; my $mandatory = ( $feature eq '-core' or $core_all ); if ( !$SkipInstall and ( $CheckOnly or ($mandatory and $UnderCPAN) or $AllDeps or $InstallDepsTarget or _prompt( qq{==> Auto-install the } . ( @required / 2 ) . ( $mandatory ? ' mandatory' : ' optional' ) . qq{ module(s) from CPAN?}, $default ? 'y' : 'n', ) =~ /^[Yy]/ ) ) { push( @Missing, @required ); $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; } elsif ( !$SkipInstall and $default and $mandatory and _prompt( qq{==> The module(s) are mandatory! Really skip?}, 'n', ) =~ /^[Nn]/ ) { push( @Missing, @required ); $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; } else { $DisabledTests{$_} = 1 for map { glob($_) } @tests; } } if ( @Missing and not( $CheckOnly or $UnderCPAN) ) { require Config; my $make = $Config::Config{make}; if ($InstallDepsTarget) { print "*** To install dependencies type '$make installdeps' or '$make installdeps_notest'.\n"; } else { print "*** Dependencies will be installed the next time you type '$make'.\n"; } # make an educated guess of whether we'll need root permission. print " (You may need to do that as the 'root' user.)\n" if eval '$>'; } print "*** $class configuration finished.\n"; chdir $cwd; # import to main:: no strict 'refs'; *{'main::WriteMakefile'} = \&Write if caller(0) eq 'main'; return (@Existing, @Missing); } sub _running_under { my $thing = shift; print <<"END_MESSAGE"; *** Since we're running under ${thing}, I'll just let it take care of the dependency's installation later. END_MESSAGE return 1; } # Check to see if we are currently running under CPAN.pm and/or CPANPLUS; # if we are, then we simply let it taking care of our dependencies sub _check_lock { return unless @Missing or @_; if ($ENV{PERL5_CPANM_IS_RUNNING}) { return _running_under('cpanminus'); } my $cpan_env = $ENV{PERL5_CPAN_IS_RUNNING}; if ($ENV{PERL5_CPANPLUS_IS_RUNNING}) { return _running_under($cpan_env ? 'CPAN' : 'CPANPLUS'); } require CPAN; if ($CPAN::VERSION > '1.89') { if ($cpan_env) { return _running_under('CPAN'); } return; # CPAN.pm new enough, don't need to check further } # last ditch attempt, this -will- configure CPAN, very sorry _load_cpan(1); # force initialize even though it's already loaded # Find the CPAN lock-file my $lock = MM->catfile( $CPAN::Config->{cpan_home}, ".lock" ); return unless -f $lock; # Check the lock local *LOCK; return unless open(LOCK, $lock); if ( ( $^O eq 'MSWin32' ? _under_cpan() : == getppid() ) and ( $CPAN::Config->{prerequisites_policy} || '' ) ne 'ignore' ) { print <<'END_MESSAGE'; *** Since we're running under CPAN, I'll just let it take care of the dependency's installation later. END_MESSAGE return 1; } close LOCK; return; } sub install { my $class = shift; my $i; # used below to strip leading '-' from config keys my @config = ( map { s/^-// if ++$i; $_ } @{ +shift } ); my ( @modules, @installed, @modules_to_upgrade ); while (my ($pkg, $ver) = splice(@_, 0, 2)) { # grep out those already installed if (_version_cmp(_version_of($pkg), $ver) >= 0) { push @installed, $pkg; if ($UpgradeDeps) { push @modules_to_upgrade, $pkg, $ver; } } else { push @modules, $pkg, $ver; } } if ($UpgradeDeps) { push @modules, @modules_to_upgrade; @installed = (); @modules_to_upgrade = (); } return @installed unless @modules; # nothing to do return @installed if _check_lock(); # defer to the CPAN shell print "*** Installing dependencies...\n"; return unless _connected_to('cpan.org'); my %args = @config; my %failed; local *FAILED; if ( $args{do_once} and open( FAILED, '.#autoinstall.failed' ) ) { while () { chomp; $failed{$_}++ } close FAILED; my @newmod; while ( my ( $k, $v ) = splice( @modules, 0, 2 ) ) { push @newmod, ( $k => $v ) unless $failed{$k}; } @modules = @newmod; } if ( _has_cpanplus() and not $ENV{PERL_AUTOINSTALL_PREFER_CPAN} ) { _install_cpanplus( \@modules, \@config ); } else { _install_cpan( \@modules, \@config ); } print "*** $class installation finished.\n"; # see if we have successfully installed them while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { if ( _version_cmp( _version_of($pkg), $ver ) >= 0 ) { push @installed, $pkg; } elsif ( $args{do_once} and open( FAILED, '>> .#autoinstall.failed' ) ) { print FAILED "$pkg\n"; } } close FAILED if $args{do_once}; return @installed; } sub _install_cpanplus { my @modules = @{ +shift }; my @config = _cpanplus_config( @{ +shift } ); my $installed = 0; require CPANPLUS::Backend; my $cp = CPANPLUS::Backend->new; my $conf = $cp->configure_object; return unless $conf->can('conf') # 0.05x+ with "sudo" support or _can_write($conf->_get_build('base')); # 0.04x # if we're root, set UNINST=1 to avoid trouble unless user asked for it. my $makeflags = $conf->get_conf('makeflags') || ''; if ( UNIVERSAL::isa( $makeflags, 'HASH' ) ) { # 0.03+ uses a hashref here $makeflags->{UNINST} = 1 unless exists $makeflags->{UNINST}; } else { # 0.02 and below uses a scalar $makeflags = join( ' ', split( ' ', $makeflags ), 'UNINST=1' ) if ( $makeflags !~ /\bUNINST\b/ and eval qq{ $> eq '0' } ); } $conf->set_conf( makeflags => $makeflags ); $conf->set_conf( prereqs => 1 ); while ( my ( $key, $val ) = splice( @config, 0, 2 ) ) { $conf->set_conf( $key, $val ); } my $modtree = $cp->module_tree; while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { print "*** Installing $pkg...\n"; MY::preinstall( $pkg, $ver ) or next if defined &MY::preinstall; my $success; my $obj = $modtree->{$pkg}; if ( $obj and _version_cmp( $obj->{version}, $ver ) >= 0 ) { my $pathname = $pkg; $pathname =~ s/::/\\W/; foreach my $inc ( grep { m/$pathname.pm/i } keys(%INC) ) { delete $INC{$inc}; } my $rv = $cp->install( modules => [ $obj->{module} ] ); if ( $rv and ( $rv->{ $obj->{module} } or $rv->{ok} ) ) { print "*** $pkg successfully installed.\n"; $success = 1; } else { print "*** $pkg installation cancelled.\n"; $success = 0; } $installed += $success; } else { print << "."; *** Could not find a version $ver or above for $pkg; skipping. . } MY::postinstall( $pkg, $ver, $success ) if defined &MY::postinstall; } return $installed; } sub _cpanplus_config { my @config = (); while ( @_ ) { my ($key, $value) = (shift(), shift()); if ( $key eq 'prerequisites_policy' ) { if ( $value eq 'follow' ) { $value = CPANPLUS::Internals::Constants::PREREQ_INSTALL(); } elsif ( $value eq 'ask' ) { $value = CPANPLUS::Internals::Constants::PREREQ_ASK(); } elsif ( $value eq 'ignore' ) { $value = CPANPLUS::Internals::Constants::PREREQ_IGNORE(); } else { die "*** Cannot convert option $key = '$value' to CPANPLUS version.\n"; } push @config, 'prereqs', $value; } elsif ( $key eq 'force' ) { push @config, $key, $value; } elsif ( $key eq 'notest' ) { push @config, 'skiptest', $value; } else { die "*** Cannot convert option $key to CPANPLUS version.\n"; } } return @config; } sub _install_cpan { my @modules = @{ +shift }; my @config = @{ +shift }; my $installed = 0; my %args; _load_cpan(); require Config; if (CPAN->VERSION < 1.80) { # no "sudo" support, probe for writableness return unless _can_write( MM->catfile( $CPAN::Config->{cpan_home}, 'sources' ) ) and _can_write( $Config::Config{sitelib} ); } # if we're root, set UNINST=1 to avoid trouble unless user asked for it. my $makeflags = $CPAN::Config->{make_install_arg} || ''; $CPAN::Config->{make_install_arg} = join( ' ', split( ' ', $makeflags ), 'UNINST=1' ) if ( $makeflags !~ /\bUNINST\b/ and eval qq{ $> eq '0' } ); # don't show start-up info $CPAN::Config->{inhibit_startup_message} = 1; # set additional options while ( my ( $opt, $arg ) = splice( @config, 0, 2 ) ) { ( $args{$opt} = $arg, next ) if $opt =~ /^(?:force|notest)$/; # pseudo-option $CPAN::Config->{$opt} = $arg; } if ($args{notest} && (not CPAN::Shell->can('notest'))) { die "Your version of CPAN is too old to support the 'notest' pragma"; } local $CPAN::Config->{prerequisites_policy} = 'follow'; while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { MY::preinstall( $pkg, $ver ) or next if defined &MY::preinstall; print "*** Installing $pkg...\n"; my $obj = CPAN::Shell->expand( Module => $pkg ); my $success = 0; if ( $obj and _version_cmp( $obj->cpan_version, $ver ) >= 0 ) { my $pathname = $pkg; $pathname =~ s/::/\\W/; foreach my $inc ( grep { m/$pathname.pm/i } keys(%INC) ) { delete $INC{$inc}; } my $rv = do { if ($args{force}) { CPAN::Shell->force( install => $pkg ) } elsif ($args{notest}) { CPAN::Shell->notest( install => $pkg ) } else { CPAN::Shell->install($pkg) } }; $rv ||= eval { $CPAN::META->instance( 'CPAN::Distribution', $obj->cpan_file, ) ->{install} if $CPAN::META; }; if ( $rv eq 'YES' ) { print "*** $pkg successfully installed.\n"; $success = 1; } else { print "*** $pkg installation failed.\n"; $success = 0; } $installed += $success; } else { print << "."; *** Could not find a version $ver or above for $pkg; skipping. . } MY::postinstall( $pkg, $ver, $success ) if defined &MY::postinstall; } return $installed; } sub _has_cpanplus { return ( $HasCPANPLUS = ( $INC{'CPANPLUS/Config.pm'} or _load('CPANPLUS::Shell::Default') ) ); } # make guesses on whether we're under the CPAN installation directory sub _under_cpan { require Cwd; require File::Spec; my $cwd = File::Spec->canonpath( Cwd::getcwd() ); my $cpan = File::Spec->canonpath( $CPAN::Config->{cpan_home} ); return ( index( $cwd, $cpan ) > -1 ); } sub _update_to { my $class = __PACKAGE__; my $ver = shift; return if _version_cmp( _version_of($class), $ver ) >= 0; # no need to upgrade if ( _prompt( "==> A newer version of $class ($ver) is required. Install?", 'y' ) =~ /^[Nn]/ ) { die "*** Please install $class $ver manually.\n"; } print << "."; *** Trying to fetch it from CPAN... . # install ourselves _load($class) and return $class->import(@_) if $class->install( [], $class, $ver ); print << '.'; exit 1; *** Cannot bootstrap myself. :-( Installation terminated. . } # check if we're connected to some host, using inet_aton sub _connected_to { my $site = shift; return ( ( _load('Socket') and Socket::inet_aton($site) ) or _prompt( qq( *** Your host cannot resolve the domain name '$site', which probably means the Internet connections are unavailable. ==> Should we try to install the required module(s) anyway?), 'n' ) =~ /^[Yy]/ ); } # check if a directory is writable; may create it on demand sub _can_write { my $path = shift; mkdir( $path, 0755 ) unless -e $path; return 1 if -w $path; print << "."; *** You are not allowed to write to the directory '$path'; the installation may fail due to insufficient permissions. . if ( eval '$>' and lc(`sudo -V`) =~ /version/ and _prompt( qq( ==> Should we try to re-execute the autoinstall process with 'sudo'?), ((-t STDIN) ? 'y' : 'n') ) =~ /^[Yy]/ ) { # try to bootstrap ourselves from sudo print << "."; *** Trying to re-execute the autoinstall process with 'sudo'... . my $missing = join( ',', @Missing ); my $config = join( ',', UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) if $Config; return unless system( 'sudo', $^X, $0, "--config=$config", "--installdeps=$missing" ); print << "."; *** The 'sudo' command exited with error! Resuming... . } return _prompt( qq( ==> Should we try to install the required module(s) anyway?), 'n' ) =~ /^[Yy]/; } # load a module and return the version it reports sub _load { my $mod = pop; # method/function doesn't matter my $file = $mod; $file =~ s|::|/|g; $file .= '.pm'; local $@; return eval { require $file; $mod->VERSION } || ( $@ ? undef: 0 ); } # report version without loading a module sub _version_of { my $mod = pop; # method/function doesn't matter my $file = $mod; $file =~ s|::|/|g; $file .= '.pm'; foreach my $dir ( @INC ) { next if ref $dir; my $path = File::Spec->catfile($dir, $file); next unless -e $path; require ExtUtils::MM_Unix; return ExtUtils::MM_Unix->parse_version($path); } return undef; } # Load CPAN.pm and it's configuration sub _load_cpan { return if $CPAN::VERSION and $CPAN::Config and not @_; require CPAN; # CPAN-1.82+ adds CPAN::Config::AUTOLOAD to redirect to # CPAN::HandleConfig->load. CPAN reports that the redirection # is deprecated in a warning printed at the user. # CPAN-1.81 expects CPAN::HandleConfig->load, does not have # $CPAN::HandleConfig::VERSION but cannot handle # CPAN::Config->load # Which "versions expect CPAN::Config->load? if ( $CPAN::HandleConfig::VERSION || CPAN::HandleConfig->can('load') ) { # Newer versions of CPAN have a HandleConfig module CPAN::HandleConfig->load; } else { # Older versions had the load method in Config directly CPAN::Config->load; } } # compare two versions, either use Sort::Versions or plain comparison # return values same as <=> sub _version_cmp { my ( $cur, $min ) = @_; return -1 unless defined $cur; # if 0 keep comparing return 1 unless $min; $cur =~ s/\s+$//; # check for version numbers that are not in decimal format if ( ref($cur) or ref($min) or $cur =~ /v|\..*\./ or $min =~ /v|\..*\./ ) { if ( ( $version::VERSION or defined( _load('version') )) and version->can('new') ) { # use version.pm if it is installed. return version->new($cur) <=> version->new($min); } elsif ( $Sort::Versions::VERSION or defined( _load('Sort::Versions') ) ) { # use Sort::Versions as the sorting algorithm for a.b.c versions return Sort::Versions::versioncmp( $cur, $min ); } warn "Cannot reliably compare non-decimal formatted versions.\n" . "Please install version.pm or Sort::Versions.\n"; } # plain comparison local $^W = 0; # shuts off 'not numeric' bugs return $cur <=> $min; } # nothing; this usage is deprecated. sub main::PREREQ_PM { return {}; } sub _make_args { my %args = @_; $args{PREREQ_PM} = { %{ $args{PREREQ_PM} || {} }, @Existing, @Missing } if $UnderCPAN or $TestOnly; if ( $args{EXE_FILES} and -e 'MANIFEST' ) { require ExtUtils::Manifest; my $manifest = ExtUtils::Manifest::maniread('MANIFEST'); $args{EXE_FILES} = [ grep { exists $manifest->{$_} } @{ $args{EXE_FILES} } ]; } $args{test}{TESTS} ||= 't/*.t'; $args{test}{TESTS} = join( ' ', grep { !exists( $DisabledTests{$_} ) } map { glob($_) } split( /\s+/, $args{test}{TESTS} ) ); my $missing = join( ',', @Missing ); my $config = join( ',', UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) if $Config; $PostambleActions = ( ($missing and not $UnderCPAN) ? "\$(PERL) $0 --config=$config --installdeps=$missing" : "\$(NOECHO) \$(NOOP)" ); my $deps_list = join( ',', @Missing, @Existing ); $PostambleActionsUpgradeDeps = "\$(PERL) $0 --config=$config --upgradedeps=$deps_list"; my $config_notest = join( ',', (UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config}), 'notest', 1 ) if $Config; $PostambleActionsNoTest = ( ($missing and not $UnderCPAN) ? "\$(PERL) $0 --config=$config_notest --installdeps=$missing" : "\$(NOECHO) \$(NOOP)" ); $PostambleActionsUpgradeDepsNoTest = "\$(PERL) $0 --config=$config_notest --upgradedeps=$deps_list"; $PostambleActionsListDeps = '@$(PERL) -le "print for @ARGV" ' . join(' ', map $Missing[$_], grep $_ % 2 == 0, 0..$#Missing); my @all = (@Missing, @Existing); $PostambleActionsListAllDeps = '@$(PERL) -le "print for @ARGV" ' . join(' ', map $all[$_], grep $_ % 2 == 0, 0..$#all); return %args; } # a wrapper to ExtUtils::MakeMaker::WriteMakefile sub Write { require Carp; Carp::croak "WriteMakefile: Need even number of args" if @_ % 2; if ($CheckOnly) { print << "."; *** Makefile not written in check-only mode. . return; } my %args = _make_args(@_); no strict 'refs'; $PostambleUsed = 0; local *MY::postamble = \&postamble unless defined &MY::postamble; ExtUtils::MakeMaker::WriteMakefile(%args); print << "." unless $PostambleUsed; *** WARNING: Makefile written with customized MY::postamble() without including contents from Module::AutoInstall::postamble() -- auto installation features disabled. Please contact the author. . return 1; } sub postamble { $PostambleUsed = 1; my $fragment; $fragment .= <<"AUTO_INSTALL" if !$InstallDepsTarget; config :: installdeps \t\$(NOECHO) \$(NOOP) AUTO_INSTALL $fragment .= <<"END_MAKE"; checkdeps :: \t\$(PERL) $0 --checkdeps installdeps :: \t$PostambleActions installdeps_notest :: \t$PostambleActionsNoTest upgradedeps :: \t$PostambleActionsUpgradeDeps upgradedeps_notest :: \t$PostambleActionsUpgradeDepsNoTest listdeps :: \t$PostambleActionsListDeps listalldeps :: \t$PostambleActionsListAllDeps END_MAKE return $fragment; } 1; __END__ #line 1197 RT-Authen-ExternalAuth-0.25/inc/Module/Install/000755 000766 000024 00000000000 12420030543 021761 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/inc/Module/Install.pm000644 000766 000024 00000030133 12420030036 022314 0ustar00falconestaff000000 000000 #line 1 package Module::Install; # For any maintainers: # The load order for Module::Install is a bit magic. # It goes something like this... # # IF ( host has Module::Install installed, creating author mode ) { # 1. Makefile.PL calls "use inc::Module::Install" # 2. $INC{inc/Module/Install.pm} set to installed version of inc::Module::Install # 3. The installed version of inc::Module::Install loads # 4. inc::Module::Install calls "require Module::Install" # 5. The ./inc/ version of Module::Install loads # } ELSE { # 1. Makefile.PL calls "use inc::Module::Install" # 2. $INC{inc/Module/Install.pm} set to ./inc/ version of Module::Install # 3. The ./inc/ version of Module::Install loads # } use 5.006; use strict 'vars'; use Cwd (); use File::Find (); use File::Path (); use vars qw{$VERSION $MAIN}; BEGIN { # All Module::Install core packages now require synchronised versions. # This will be used to ensure we don't accidentally load old or # different versions of modules. # This is not enforced yet, but will be some time in the next few # releases once we can make sure it won't clash with custom # Module::Install extensions. $VERSION = '1.12'; # Storage for the pseudo-singleton $MAIN = undef; *inc::Module::Install::VERSION = *VERSION; @inc::Module::Install::ISA = __PACKAGE__; } sub import { my $class = shift; my $self = $class->new(@_); my $who = $self->_caller; #------------------------------------------------------------- # all of the following checks should be included in import(), # to allow "eval 'require Module::Install; 1' to test # installation of Module::Install. (RT #51267) #------------------------------------------------------------- # Whether or not inc::Module::Install is actually loaded, the # $INC{inc/Module/Install.pm} is what will still get set as long as # the caller loaded module this in the documented manner. # If not set, the caller may NOT have loaded the bundled version, and thus # they may not have a MI version that works with the Makefile.PL. This would # result in false errors or unexpected behaviour. And we don't want that. my $file = join( '/', 'inc', split /::/, __PACKAGE__ ) . '.pm'; unless ( $INC{$file} ) { die <<"END_DIE" } Please invoke ${\__PACKAGE__} with: use inc::${\__PACKAGE__}; not: use ${\__PACKAGE__}; END_DIE # This reportedly fixes a rare Win32 UTC file time issue, but # as this is a non-cross-platform XS module not in the core, # we shouldn't really depend on it. See RT #24194 for detail. # (Also, this module only supports Perl 5.6 and above). eval "use Win32::UTCFileTime" if $^O eq 'MSWin32' && $] >= 5.006; # If the script that is loading Module::Install is from the future, # then make will detect this and cause it to re-run over and over # again. This is bad. Rather than taking action to touch it (which # is unreliable on some platforms and requires write permissions) # for now we should catch this and refuse to run. if ( -f $0 ) { my $s = (stat($0))[9]; # If the modification time is only slightly in the future, # sleep briefly to remove the problem. my $a = $s - time; if ( $a > 0 and $a < 5 ) { sleep 5 } # Too far in the future, throw an error. my $t = time; if ( $s > $t ) { die <<"END_DIE" } Your installer $0 has a modification time in the future ($s > $t). This is known to create infinite loops in make. Please correct this, then run $0 again. END_DIE } # Build.PL was formerly supported, but no longer is due to excessive # difficulty in implementing every single feature twice. if ( $0 =~ /Build.PL$/i ) { die <<"END_DIE" } Module::Install no longer supports Build.PL. It was impossible to maintain duel backends, and has been deprecated. Please remove all Build.PL files and only use the Makefile.PL installer. END_DIE #------------------------------------------------------------- # To save some more typing in Module::Install installers, every... # use inc::Module::Install # ...also acts as an implicit use strict. $^H |= strict::bits(qw(refs subs vars)); #------------------------------------------------------------- unless ( -f $self->{file} ) { foreach my $key (keys %INC) { delete $INC{$key} if $key =~ /Module\/Install/; } local $^W; require "$self->{path}/$self->{dispatch}.pm"; File::Path::mkpath("$self->{prefix}/$self->{author}"); $self->{admin} = "$self->{name}::$self->{dispatch}"->new( _top => $self ); $self->{admin}->init; @_ = ($class, _self => $self); goto &{"$self->{name}::import"}; } local $^W; *{"${who}::AUTOLOAD"} = $self->autoload; $self->preload; # Unregister loader and worker packages so subdirs can use them again delete $INC{'inc/Module/Install.pm'}; delete $INC{'Module/Install.pm'}; # Save to the singleton $MAIN = $self; return 1; } sub autoload { my $self = shift; my $who = $self->_caller; my $cwd = Cwd::getcwd(); my $sym = "${who}::AUTOLOAD"; $sym->{$cwd} = sub { my $pwd = Cwd::getcwd(); if ( my $code = $sym->{$pwd} ) { # Delegate back to parent dirs goto &$code unless $cwd eq $pwd; } unless ($$sym =~ s/([^:]+)$//) { # XXX: it looks like we can't retrieve the missing function # via $$sym (usually $main::AUTOLOAD) in this case. # I'm still wondering if we should slurp Makefile.PL to # get some context or not ... my ($package, $file, $line) = caller; die <<"EOT"; Unknown function is found at $file line $line. Execution of $file aborted due to runtime errors. If you're a contributor to a project, you may need to install some Module::Install extensions from CPAN (or other repository). If you're a user of a module, please contact the author. EOT } my $method = $1; if ( uc($method) eq $method ) { # Do nothing return; } elsif ( $method =~ /^_/ and $self->can($method) ) { # Dispatch to the root M:I class return $self->$method(@_); } # Dispatch to the appropriate plugin unshift @_, ( $self, $1 ); goto &{$self->can('call')}; }; } sub preload { my $self = shift; unless ( $self->{extensions} ) { $self->load_extensions( "$self->{prefix}/$self->{path}", $self ); } my @exts = @{$self->{extensions}}; unless ( @exts ) { @exts = $self->{admin}->load_all_extensions; } my %seen; foreach my $obj ( @exts ) { while (my ($method, $glob) = each %{ref($obj) . '::'}) { next unless $obj->can($method); next if $method =~ /^_/; next if $method eq uc($method); $seen{$method}++; } } my $who = $self->_caller; foreach my $name ( sort keys %seen ) { local $^W; *{"${who}::$name"} = sub { ${"${who}::AUTOLOAD"} = "${who}::$name"; goto &{"${who}::AUTOLOAD"}; }; } } sub new { my ($class, %args) = @_; delete $INC{'FindBin.pm'}; { # to suppress the redefine warning local $SIG{__WARN__} = sub {}; require FindBin; } # ignore the prefix on extension modules built from top level. my $base_path = Cwd::abs_path($FindBin::Bin); unless ( Cwd::abs_path(Cwd::getcwd()) eq $base_path ) { delete $args{prefix}; } return $args{_self} if $args{_self}; $args{dispatch} ||= 'Admin'; $args{prefix} ||= 'inc'; $args{author} ||= ($^O eq 'VMS' ? '_author' : '.author'); $args{bundle} ||= 'inc/BUNDLES'; $args{base} ||= $base_path; $class =~ s/^\Q$args{prefix}\E:://; $args{name} ||= $class; $args{version} ||= $class->VERSION; unless ( $args{path} ) { $args{path} = $args{name}; $args{path} =~ s!::!/!g; } $args{file} ||= "$args{base}/$args{prefix}/$args{path}.pm"; $args{wrote} = 0; bless( \%args, $class ); } sub call { my ($self, $method) = @_; my $obj = $self->load($method) or return; splice(@_, 0, 2, $obj); goto &{$obj->can($method)}; } sub load { my ($self, $method) = @_; $self->load_extensions( "$self->{prefix}/$self->{path}", $self ) unless $self->{extensions}; foreach my $obj (@{$self->{extensions}}) { return $obj if $obj->can($method); } my $admin = $self->{admin} or die <<"END_DIE"; The '$method' method does not exist in the '$self->{prefix}' path! Please remove the '$self->{prefix}' directory and run $0 again to load it. END_DIE my $obj = $admin->load($method, 1); push @{$self->{extensions}}, $obj; $obj; } sub load_extensions { my ($self, $path, $top) = @_; my $should_reload = 0; unless ( grep { ! ref $_ and lc $_ eq lc $self->{prefix} } @INC ) { unshift @INC, $self->{prefix}; $should_reload = 1; } foreach my $rv ( $self->find_extensions($path) ) { my ($file, $pkg) = @{$rv}; next if $self->{pathnames}{$pkg}; local $@; my $new = eval { local $^W; require $file; $pkg->can('new') }; unless ( $new ) { warn $@ if $@; next; } $self->{pathnames}{$pkg} = $should_reload ? delete $INC{$file} : $INC{$file}; push @{$self->{extensions}}, &{$new}($pkg, _top => $top ); } $self->{extensions} ||= []; } sub find_extensions { my ($self, $path) = @_; my @found; File::Find::find( sub { my $file = $File::Find::name; return unless $file =~ m!^\Q$path\E/(.+)\.pm\Z!is; my $subpath = $1; return if lc($subpath) eq lc($self->{dispatch}); $file = "$self->{path}/$subpath.pm"; my $pkg = "$self->{name}::$subpath"; $pkg =~ s!/!::!g; # If we have a mixed-case package name, assume case has been preserved # correctly. Otherwise, root through the file to locate the case-preserved # version of the package name. if ( $subpath eq lc($subpath) || $subpath eq uc($subpath) ) { my $content = Module::Install::_read($subpath . '.pm'); my $in_pod = 0; foreach ( split /\n/, $content ) { $in_pod = 1 if /^=\w/; $in_pod = 0 if /^=cut/; next if ($in_pod || /^=cut/); # skip pod text next if /^\s*#/; # and comments if ( m/^\s*package\s+($pkg)\s*;/i ) { $pkg = $1; last; } } } push @found, [ $file, $pkg ]; }, $path ) if -d $path; @found; } ##################################################################### # Common Utility Functions sub _caller { my $depth = 0; my $call = caller($depth); while ( $call eq __PACKAGE__ ) { $depth++; $call = caller($depth); } return $call; } # Done in evals to avoid confusing Perl::MinimumVersion eval( $] >= 5.006 ? <<'END_NEW' : <<'END_OLD' ); die $@ if $@; sub _read { local *FH; open( FH, '<', $_[0] ) or die "open($_[0]): $!"; my $string = do { local $/; }; close FH or die "close($_[0]): $!"; return $string; } END_NEW sub _read { local *FH; open( FH, "< $_[0]" ) or die "open($_[0]): $!"; my $string = do { local $/; }; close FH or die "close($_[0]): $!"; return $string; } END_OLD sub _readperl { my $string = Module::Install::_read($_[0]); $string =~ s/(?:\015{1,2}\012|\015|\012)/\n/sg; $string =~ s/(\n)\n*__(?:DATA|END)__\b.*\z/$1/s; $string =~ s/\n\n=\w+.+?\n\n=cut\b.+?\n+/\n\n/sg; return $string; } sub _readpod { my $string = Module::Install::_read($_[0]); $string =~ s/(?:\015{1,2}\012|\015|\012)/\n/sg; return $string if $_[0] =~ /\.pod\z/; $string =~ s/(^|\n=cut\b.+?\n+)[^=\s].+?\n(\n=\w+|\z)/$1$2/sg; $string =~ s/\n*=pod\b[^\n]*\n+/\n\n/sg; $string =~ s/\n*=cut\b[^\n]*\n+/\n\n/sg; $string =~ s/^\n+//s; return $string; } # Done in evals to avoid confusing Perl::MinimumVersion eval( $] >= 5.006 ? <<'END_NEW' : <<'END_OLD' ); die $@ if $@; sub _write { local *FH; open( FH, '>', $_[0] ) or die "open($_[0]): $!"; foreach ( 1 .. $#_ ) { print FH $_[$_] or die "print($_[0]): $!"; } close FH or die "close($_[0]): $!"; } END_NEW sub _write { local *FH; open( FH, "> $_[0]" ) or die "open($_[0]): $!"; foreach ( 1 .. $#_ ) { print FH $_[$_] or die "print($_[0]): $!"; } close FH or die "close($_[0]): $!"; } END_OLD # _version is for processing module versions (eg, 1.03_05) not # Perl versions (eg, 5.8.1). sub _version { my $s = shift || 0; my $d =()= $s =~ /(\.)/g; if ( $d >= 2 ) { # Normalise multipart versions $s =~ s/(\.)(\d{1,3})/sprintf("$1%03d",$2)/eg; } $s =~ s/^(\d+)\.?//; my $l = $1 || 0; my @v = map { $_ . '0' x (3 - length $_) } $s =~ /(\d{1,3})\D?/g; $l = $l . '.' . join '', @v if @v; return $l + 0; } sub _cmp { _version($_[1]) <=> _version($_[2]); } # Cloned from Params::Util::_CLASS sub _CLASS { ( defined $_[0] and ! ref $_[0] and $_[0] =~ m/^[^\W\d]\w*(?:::\w+)*\z/s ) ? $_[0] : undef; } 1; # Copyright 2008 - 2012 Adam Kennedy. RT-Authen-ExternalAuth-0.25/inc/Module/Install/AuthorTests.pm000644 000766 000024 00000002215 12420030036 024601 0ustar00falconestaff000000 000000 #line 1 package Module::Install::AuthorTests; use 5.005; use strict; use Module::Install::Base; use Carp (); #line 16 use vars qw{$VERSION $ISCORE @ISA}; BEGIN { $VERSION = '0.002'; $ISCORE = 1; @ISA = qw{Module::Install::Base}; } #line 42 sub author_tests { my ($self, @dirs) = @_; _add_author_tests($self, \@dirs, 0); } #line 56 sub recursive_author_tests { my ($self, @dirs) = @_; _add_author_tests($self, \@dirs, 1); } sub _wanted { my $href = shift; sub { /\.t$/ and -f $_ and $href->{$File::Find::dir} = 1 } } sub _add_author_tests { my ($self, $dirs, $recurse) = @_; return unless $Module::Install::AUTHOR; my @tests = $self->tests ? (split / /, $self->tests) : 't/*.t'; # XXX: pick a default, later -- rjbs, 2008-02-24 my @dirs = @$dirs ? @$dirs : Carp::confess "no dirs given to author_tests"; @dirs = grep { -d } @dirs; if ($recurse) { require File::Find; my %test_dir; File::Find::find(_wanted(\%test_dir), @dirs); $self->tests( join ' ', @tests, map { "$_/*.t" } sort keys %test_dir ); } else { $self->tests( join ' ', @tests, map { "$_/*.t" } sort @dirs ); } } #line 107 1; RT-Authen-ExternalAuth-0.25/inc/Module/Install/AutoInstall.pm000644 000766 000024 00000004162 12420030036 024556 0ustar00falconestaff000000 000000 #line 1 package Module::Install::AutoInstall; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.12'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } sub AutoInstall { $_[0] } sub run { my $self = shift; $self->auto_install_now(@_); } sub write { my $self = shift; $self->auto_install(@_); } sub auto_install { my $self = shift; return if $self->{done}++; # Flatten array of arrays into a single array my @core = map @$_, map @$_, grep ref, $self->build_requires, $self->requires; my @config = @_; # We'll need Module::AutoInstall $self->include('Module::AutoInstall'); require Module::AutoInstall; my @features_require = Module::AutoInstall->import( (@config ? (-config => \@config) : ()), (@core ? (-core => \@core) : ()), $self->features, ); my %seen; my @requires = map @$_, map @$_, grep ref, $self->requires; while (my ($mod, $ver) = splice(@requires, 0, 2)) { $seen{$mod}{$ver}++; } my @build_requires = map @$_, map @$_, grep ref, $self->build_requires; while (my ($mod, $ver) = splice(@build_requires, 0, 2)) { $seen{$mod}{$ver}++; } my @configure_requires = map @$_, map @$_, grep ref, $self->configure_requires; while (my ($mod, $ver) = splice(@configure_requires, 0, 2)) { $seen{$mod}{$ver}++; } my @deduped; while (my ($mod, $ver) = splice(@features_require, 0, 2)) { push @deduped, $mod => $ver unless $seen{$mod}{$ver}++; } $self->requires(@deduped); $self->makemaker_args( Module::AutoInstall::_make_args() ); my $class = ref($self); $self->postamble( "# --- $class section:\n" . Module::AutoInstall::postamble() ); } sub installdeps_target { my ($self, @args) = @_; $self->include('Module::AutoInstall'); require Module::AutoInstall; Module::AutoInstall::_installdeps_target(1); $self->auto_install(@args); } sub auto_install_now { my $self = shift; $self->auto_install(@_); Module::AutoInstall::do_install(); } 1; RT-Authen-ExternalAuth-0.25/inc/Module/Install/Base.pm000644 000766 000024 00000002147 12420030036 023172 0ustar00falconestaff000000 000000 #line 1 package Module::Install::Base; use strict 'vars'; use vars qw{$VERSION}; BEGIN { $VERSION = '1.12'; } # Suspend handler for "redefined" warnings BEGIN { my $w = $SIG{__WARN__}; $SIG{__WARN__} = sub { $w }; } #line 42 sub new { my $class = shift; unless ( defined &{"${class}::call"} ) { *{"${class}::call"} = sub { shift->_top->call(@_) }; } unless ( defined &{"${class}::load"} ) { *{"${class}::load"} = sub { shift->_top->load(@_) }; } bless { @_ }, $class; } #line 61 sub AUTOLOAD { local $@; my $func = eval { shift->_top->autoload } or return; goto &$func; } #line 75 sub _top { $_[0]->{_top}; } #line 90 sub admin { $_[0]->_top->{admin} or Module::Install::Base::FakeAdmin->new; } #line 106 sub is_admin { ! $_[0]->admin->isa('Module::Install::Base::FakeAdmin'); } sub DESTROY {} package Module::Install::Base::FakeAdmin; use vars qw{$VERSION}; BEGIN { $VERSION = $Module::Install::Base::VERSION; } my $fake; sub new { $fake ||= bless(\@_, $_[0]); } sub AUTOLOAD {} sub DESTROY {} # Restore warning handler BEGIN { $SIG{__WARN__} = $SIG{__WARN__}->(); } 1; #line 159 RT-Authen-ExternalAuth-0.25/inc/Module/Install/Can.pm000644 000766 000024 00000006157 12420030036 023026 0ustar00falconestaff000000 000000 #line 1 package Module::Install::Can; use strict; use Config (); use ExtUtils::MakeMaker (); use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.12'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } # check if we can load some module ### Upgrade this to not have to load the module if possible sub can_use { my ($self, $mod, $ver) = @_; $mod =~ s{::|\\}{/}g; $mod .= '.pm' unless $mod =~ /\.pm$/i; my $pkg = $mod; $pkg =~ s{/}{::}g; $pkg =~ s{\.pm$}{}i; local $@; eval { require $mod; $pkg->VERSION($ver || 0); 1 }; } # Check if we can run some command sub can_run { my ($self, $cmd) = @_; my $_cmd = $cmd; return $_cmd if (-x $_cmd or $_cmd = MM->maybe_command($_cmd)); for my $dir ((split /$Config::Config{path_sep}/, $ENV{PATH}), '.') { next if $dir eq ''; require File::Spec; my $abs = File::Spec->catfile($dir, $cmd); return $abs if (-x $abs or $abs = MM->maybe_command($abs)); } return; } # Can our C compiler environment build XS files sub can_xs { my $self = shift; # Ensure we have the CBuilder module $self->configure_requires( 'ExtUtils::CBuilder' => 0.27 ); # Do we have the configure_requires checker? local $@; eval "require ExtUtils::CBuilder;"; if ( $@ ) { # They don't obey configure_requires, so it is # someone old and delicate. Try to avoid hurting # them by falling back to an older simpler test. return $self->can_cc(); } # Do we have a working C compiler my $builder = ExtUtils::CBuilder->new( quiet => 1, ); unless ( $builder->have_compiler ) { # No working C compiler return 0; } # Write a C file representative of what XS becomes require File::Temp; my ( $FH, $tmpfile ) = File::Temp::tempfile( "compilexs-XXXXX", SUFFIX => '.c', ); binmode $FH; print $FH <<'END_C'; #include "EXTERN.h" #include "perl.h" #include "XSUB.h" int main(int argc, char **argv) { return 0; } int boot_sanexs() { return 1; } END_C close $FH; # Can the C compiler access the same headers XS does my @libs = (); my $object = undef; eval { local $^W = 0; $object = $builder->compile( source => $tmpfile, ); @libs = $builder->link( objects => $object, module_name => 'sanexs', ); }; my $result = $@ ? 0 : 1; # Clean up all the build files foreach ( $tmpfile, $object, @libs ) { next unless defined $_; 1 while unlink; } return $result; } # Can we locate a (the) C compiler sub can_cc { my $self = shift; my @chunks = split(/ /, $Config::Config{cc}) or return; # $Config{cc} may contain args; try to find out the program part while (@chunks) { return $self->can_run("@chunks") || (pop(@chunks), next); } return; } # Fix Cygwin bug on maybe_command(); if ( $^O eq 'cygwin' ) { require ExtUtils::MM_Cygwin; require ExtUtils::MM_Win32; if ( ! defined(&ExtUtils::MM_Cygwin::maybe_command) ) { *ExtUtils::MM_Cygwin::maybe_command = sub { my ($self, $file) = @_; if ($file =~ m{^/cygdrive/}i and ExtUtils::MM_Win32->can('maybe_command')) { ExtUtils::MM_Win32->maybe_command($file); } else { ExtUtils::MM_Unix->maybe_command($file); } } } } 1; __END__ #line 236 RT-Authen-ExternalAuth-0.25/inc/Module/Install/Fetch.pm000644 000766 000024 00000004627 12420030036 023356 0ustar00falconestaff000000 000000 #line 1 package Module::Install::Fetch; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.12'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } sub get_file { my ($self, %args) = @_; my ($scheme, $host, $path, $file) = $args{url} =~ m|^(\w+)://([^/]+)(.+)/(.+)| or return; if ( $scheme eq 'http' and ! eval { require LWP::Simple; 1 } ) { $args{url} = $args{ftp_url} or (warn("LWP support unavailable!\n"), return); ($scheme, $host, $path, $file) = $args{url} =~ m|^(\w+)://([^/]+)(.+)/(.+)| or return; } $|++; print "Fetching '$file' from $host... "; unless (eval { require Socket; Socket::inet_aton($host) }) { warn "'$host' resolve failed!\n"; return; } return unless $scheme eq 'ftp' or $scheme eq 'http'; require Cwd; my $dir = Cwd::getcwd(); chdir $args{local_dir} or return if exists $args{local_dir}; if (eval { require LWP::Simple; 1 }) { LWP::Simple::mirror($args{url}, $file); } elsif (eval { require Net::FTP; 1 }) { eval { # use Net::FTP to get past firewall my $ftp = Net::FTP->new($host, Passive => 1, Timeout => 600); $ftp->login("anonymous", 'anonymous@example.com'); $ftp->cwd($path); $ftp->binary; $ftp->get($file) or (warn("$!\n"), return); $ftp->quit; } } elsif (my $ftp = $self->can_run('ftp')) { eval { # no Net::FTP, fallback to ftp.exe require FileHandle; my $fh = FileHandle->new; local $SIG{CHLD} = 'IGNORE'; unless ($fh->open("|$ftp -n")) { warn "Couldn't open ftp: $!\n"; chdir $dir; return; } my @dialog = split(/\n/, <<"END_FTP"); open $host user anonymous anonymous\@example.com cd $path binary get $file $file quit END_FTP foreach (@dialog) { $fh->print("$_\n") } $fh->close; } } else { warn "No working 'ftp' program available!\n"; chdir $dir; return; } unless (-f $file) { warn "Fetching failed: $@\n"; chdir $dir; return; } return if exists $args{size} and -s $file != $args{size}; system($args{run}) if exists $args{run}; unlink($file) if $args{remove}; print(((!exists $args{check_for} or -e $args{check_for}) ? "done!" : "failed! ($!)"), "\n"); chdir $dir; return !$?; } 1; RT-Authen-ExternalAuth-0.25/inc/Module/Install/Include.pm000644 000766 000024 00000001015 12420030036 023674 0ustar00falconestaff000000 000000 #line 1 package Module::Install::Include; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.12'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } sub include { shift()->admin->include(@_); } sub include_deps { shift()->admin->include_deps(@_); } sub auto_include { shift()->admin->auto_include(@_); } sub auto_include_deps { shift()->admin->auto_include_deps(@_); } sub auto_include_dependent_dists { shift()->admin->auto_include_dependent_dists(@_); } 1; RT-Authen-ExternalAuth-0.25/inc/Module/Install/Makefile.pm000644 000766 000024 00000027437 12420030036 024046 0ustar00falconestaff000000 000000 #line 1 package Module::Install::Makefile; use strict 'vars'; use ExtUtils::MakeMaker (); use Module::Install::Base (); use Fcntl qw/:flock :seek/; use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.12'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } sub Makefile { $_[0] } my %seen = (); sub prompt { shift; # Infinite loop protection my @c = caller(); if ( ++$seen{"$c[1]|$c[2]|$_[0]"} > 3 ) { die "Caught an potential prompt infinite loop ($c[1]|$c[2]|$_[0])"; } # In automated testing or non-interactive session, always use defaults if ( ($ENV{AUTOMATED_TESTING} or -! -t STDIN) and ! $ENV{PERL_MM_USE_DEFAULT} ) { local $ENV{PERL_MM_USE_DEFAULT} = 1; goto &ExtUtils::MakeMaker::prompt; } else { goto &ExtUtils::MakeMaker::prompt; } } # Store a cleaned up version of the MakeMaker version, # since we need to behave differently in a variety of # ways based on the MM version. my $makemaker = eval $ExtUtils::MakeMaker::VERSION; # If we are passed a param, do a "newer than" comparison. # Otherwise, just return the MakeMaker version. sub makemaker { ( @_ < 2 or $makemaker >= eval($_[1]) ) ? $makemaker : 0 } # Ripped from ExtUtils::MakeMaker 6.56, and slightly modified # as we only need to know here whether the attribute is an array # or a hash or something else (which may or may not be appendable). my %makemaker_argtype = ( C => 'ARRAY', CONFIG => 'ARRAY', # CONFIGURE => 'CODE', # ignore DIR => 'ARRAY', DL_FUNCS => 'HASH', DL_VARS => 'ARRAY', EXCLUDE_EXT => 'ARRAY', EXE_FILES => 'ARRAY', FUNCLIST => 'ARRAY', H => 'ARRAY', IMPORTS => 'HASH', INCLUDE_EXT => 'ARRAY', LIBS => 'ARRAY', # ignore '' MAN1PODS => 'HASH', MAN3PODS => 'HASH', META_ADD => 'HASH', META_MERGE => 'HASH', PL_FILES => 'HASH', PM => 'HASH', PMLIBDIRS => 'ARRAY', PMLIBPARENTDIRS => 'ARRAY', PREREQ_PM => 'HASH', CONFIGURE_REQUIRES => 'HASH', SKIP => 'ARRAY', TYPEMAPS => 'ARRAY', XS => 'HASH', # VERSION => ['version',''], # ignore # _KEEP_AFTER_FLUSH => '', clean => 'HASH', depend => 'HASH', dist => 'HASH', dynamic_lib=> 'HASH', linkext => 'HASH', macro => 'HASH', postamble => 'HASH', realclean => 'HASH', test => 'HASH', tool_autosplit => 'HASH', # special cases where you can use makemaker_append CCFLAGS => 'APPENDABLE', DEFINE => 'APPENDABLE', INC => 'APPENDABLE', LDDLFLAGS => 'APPENDABLE', LDFROM => 'APPENDABLE', ); sub makemaker_args { my ($self, %new_args) = @_; my $args = ( $self->{makemaker_args} ||= {} ); foreach my $key (keys %new_args) { if ($makemaker_argtype{$key}) { if ($makemaker_argtype{$key} eq 'ARRAY') { $args->{$key} = [] unless defined $args->{$key}; unless (ref $args->{$key} eq 'ARRAY') { $args->{$key} = [$args->{$key}] } push @{$args->{$key}}, ref $new_args{$key} eq 'ARRAY' ? @{$new_args{$key}} : $new_args{$key}; } elsif ($makemaker_argtype{$key} eq 'HASH') { $args->{$key} = {} unless defined $args->{$key}; foreach my $skey (keys %{ $new_args{$key} }) { $args->{$key}{$skey} = $new_args{$key}{$skey}; } } elsif ($makemaker_argtype{$key} eq 'APPENDABLE') { $self->makemaker_append($key => $new_args{$key}); } } else { if (defined $args->{$key}) { warn qq{MakeMaker attribute "$key" is overriden; use "makemaker_append" to append values\n}; } $args->{$key} = $new_args{$key}; } } return $args; } # For mm args that take multiple space-separated args, # append an argument to the current list. sub makemaker_append { my $self = shift; my $name = shift; my $args = $self->makemaker_args; $args->{$name} = defined $args->{$name} ? join( ' ', $args->{$name}, @_ ) : join( ' ', @_ ); } sub build_subdirs { my $self = shift; my $subdirs = $self->makemaker_args->{DIR} ||= []; for my $subdir (@_) { push @$subdirs, $subdir; } } sub clean_files { my $self = shift; my $clean = $self->makemaker_args->{clean} ||= {}; %$clean = ( %$clean, FILES => join ' ', grep { length $_ } ($clean->{FILES} || (), @_), ); } sub realclean_files { my $self = shift; my $realclean = $self->makemaker_args->{realclean} ||= {}; %$realclean = ( %$realclean, FILES => join ' ', grep { length $_ } ($realclean->{FILES} || (), @_), ); } sub libs { my $self = shift; my $libs = ref $_[0] ? shift : [ shift ]; $self->makemaker_args( LIBS => $libs ); } sub inc { my $self = shift; $self->makemaker_args( INC => shift ); } sub _wanted_t { } sub tests_recursive { my $self = shift; my $dir = shift || 't'; unless ( -d $dir ) { die "tests_recursive dir '$dir' does not exist"; } my %tests = map { $_ => 1 } split / /, ($self->tests || ''); require File::Find; File::Find::find( sub { /\.t$/ and -f $_ and $tests{"$File::Find::dir/*.t"} = 1 }, $dir ); $self->tests( join ' ', sort keys %tests ); } sub write { my $self = shift; die "&Makefile->write() takes no arguments\n" if @_; # Check the current Perl version my $perl_version = $self->perl_version; if ( $perl_version ) { eval "use $perl_version; 1" or die "ERROR: perl: Version $] is installed, " . "but we need version >= $perl_version"; } # Make sure we have a new enough MakeMaker require ExtUtils::MakeMaker; if ( $perl_version and $self->_cmp($perl_version, '5.006') >= 0 ) { # This previous attempted to inherit the version of # ExtUtils::MakeMaker in use by the module author, but this # was found to be untenable as some authors build releases # using future dev versions of EU:MM that nobody else has. # Instead, #toolchain suggests we use 6.59 which is the most # stable version on CPAN at time of writing and is, to quote # ribasushi, "not terminally fucked, > and tested enough". # TODO: We will now need to maintain this over time to push # the version up as new versions are released. $self->build_requires( 'ExtUtils::MakeMaker' => 6.59 ); $self->configure_requires( 'ExtUtils::MakeMaker' => 6.59 ); } else { # Allow legacy-compatibility with 5.005 by depending on the # most recent EU:MM that supported 5.005. $self->build_requires( 'ExtUtils::MakeMaker' => 6.36 ); $self->configure_requires( 'ExtUtils::MakeMaker' => 6.36 ); } # Generate the MakeMaker params my $args = $self->makemaker_args; $args->{DISTNAME} = $self->name; $args->{NAME} = $self->module_name || $self->name; $args->{NAME} =~ s/-/::/g; $args->{VERSION} = $self->version or die <<'EOT'; ERROR: Can't determine distribution version. Please specify it explicitly via 'version' in Makefile.PL, or set a valid $VERSION in a module, and provide its file path via 'version_from' (or 'all_from' if you prefer) in Makefile.PL. EOT if ( $self->tests ) { my @tests = split ' ', $self->tests; my %seen; $args->{test} = { TESTS => (join ' ', grep {!$seen{$_}++} @tests), }; } elsif ( $Module::Install::ExtraTests::use_extratests ) { # Module::Install::ExtraTests doesn't set $self->tests and does its own tests via harness. # So, just ignore our xt tests here. } elsif ( -d 'xt' and ($Module::Install::AUTHOR or $ENV{RELEASE_TESTING}) ) { $args->{test} = { TESTS => join( ' ', map { "$_/*.t" } grep { -d $_ } qw{ t xt } ), }; } if ( $] >= 5.005 ) { $args->{ABSTRACT} = $self->abstract; $args->{AUTHOR} = join ', ', @{$self->author || []}; } if ( $self->makemaker(6.10) ) { $args->{NO_META} = 1; #$args->{NO_MYMETA} = 1; } if ( $self->makemaker(6.17) and $self->sign ) { $args->{SIGN} = 1; } unless ( $self->is_admin ) { delete $args->{SIGN}; } if ( $self->makemaker(6.31) and $self->license ) { $args->{LICENSE} = $self->license; } my $prereq = ($args->{PREREQ_PM} ||= {}); %$prereq = ( %$prereq, map { @$_ } # flatten [module => version] map { @$_ } grep $_, ($self->requires) ); # Remove any reference to perl, PREREQ_PM doesn't support it delete $args->{PREREQ_PM}->{perl}; # Merge both kinds of requires into BUILD_REQUIRES my $build_prereq = ($args->{BUILD_REQUIRES} ||= {}); %$build_prereq = ( %$build_prereq, map { @$_ } # flatten [module => version] map { @$_ } grep $_, ($self->configure_requires, $self->build_requires) ); # Remove any reference to perl, BUILD_REQUIRES doesn't support it delete $args->{BUILD_REQUIRES}->{perl}; # Delete bundled dists from prereq_pm, add it to Makefile DIR my $subdirs = ($args->{DIR} || []); if ($self->bundles) { my %processed; foreach my $bundle (@{ $self->bundles }) { my ($mod_name, $dist_dir) = @$bundle; delete $prereq->{$mod_name}; $dist_dir = File::Basename::basename($dist_dir); # dir for building this module if (not exists $processed{$dist_dir}) { if (-d $dist_dir) { # List as sub-directory to be processed by make push @$subdirs, $dist_dir; } # Else do nothing: the module is already present on the system $processed{$dist_dir} = undef; } } } unless ( $self->makemaker('6.55_03') ) { %$prereq = (%$prereq,%$build_prereq); delete $args->{BUILD_REQUIRES}; } if ( my $perl_version = $self->perl_version ) { eval "use $perl_version; 1" or die "ERROR: perl: Version $] is installed, " . "but we need version >= $perl_version"; if ( $self->makemaker(6.48) ) { $args->{MIN_PERL_VERSION} = $perl_version; } } if ($self->installdirs) { warn qq{old INSTALLDIRS (probably set by makemaker_args) is overriden by installdirs\n} if $args->{INSTALLDIRS}; $args->{INSTALLDIRS} = $self->installdirs; } my %args = map { ( $_ => $args->{$_} ) } grep {defined($args->{$_} ) } keys %$args; my $user_preop = delete $args{dist}->{PREOP}; if ( my $preop = $self->admin->preop($user_preop) ) { foreach my $key ( keys %$preop ) { $args{dist}->{$key} = $preop->{$key}; } } my $mm = ExtUtils::MakeMaker::WriteMakefile(%args); $self->fix_up_makefile($mm->{FIRST_MAKEFILE} || 'Makefile'); } sub fix_up_makefile { my $self = shift; my $makefile_name = shift; my $top_class = ref($self->_top) || ''; my $top_version = $self->_top->VERSION || ''; my $preamble = $self->preamble ? "# Preamble by $top_class $top_version\n" . $self->preamble : ''; my $postamble = "# Postamble by $top_class $top_version\n" . ($self->postamble || ''); local *MAKEFILE; open MAKEFILE, "+< $makefile_name" or die "fix_up_makefile: Couldn't open $makefile_name: $!"; eval { flock MAKEFILE, LOCK_EX }; my $makefile = do { local $/; }; $makefile =~ s/\b(test_harness\(\$\(TEST_VERBOSE\), )/$1'inc', /; $makefile =~ s/( -I\$\(INST_ARCHLIB\))/ -Iinc$1/g; $makefile =~ s/( "-I\$\(INST_LIB\)")/ "-Iinc"$1/g; $makefile =~ s/^(FULLPERL = .*)/$1 "-Iinc"/m; $makefile =~ s/^(PERL = .*)/$1 "-Iinc"/m; # Module::Install will never be used to build the Core Perl # Sometimes PERL_LIB and PERL_ARCHLIB get written anyway, which breaks # PREFIX/PERL5LIB, and thus, install_share. Blank them if they exist $makefile =~ s/^PERL_LIB = .+/PERL_LIB =/m; #$makefile =~ s/^PERL_ARCHLIB = .+/PERL_ARCHLIB =/m; # Perl 5.005 mentions PERL_LIB explicitly, so we have to remove that as well. $makefile =~ s/(\"?)-I\$\(PERL_LIB\)\1//g; # XXX - This is currently unused; not sure if it breaks other MM-users # $makefile =~ s/^pm_to_blib\s+:\s+/pm_to_blib :: /mg; seek MAKEFILE, 0, SEEK_SET; truncate MAKEFILE, 0; print MAKEFILE "$preamble$makefile$postamble" or die $!; close MAKEFILE or die $!; 1; } sub preamble { my ($self, $text) = @_; $self->{preamble} = $text . $self->{preamble} if defined $text; $self->{preamble}; } sub postamble { my ($self, $text) = @_; $self->{postamble} ||= $self->admin->postamble; $self->{postamble} .= $text if defined $text; $self->{postamble} } 1; __END__ #line 544 RT-Authen-ExternalAuth-0.25/inc/Module/Install/Metadata.pm000644 000766 000024 00000043302 12420030036 024036 0ustar00falconestaff000000 000000 #line 1 package Module::Install::Metadata; use strict 'vars'; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.12'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } my @boolean_keys = qw{ sign }; my @scalar_keys = qw{ name module_name abstract version distribution_type tests installdirs }; my @tuple_keys = qw{ configure_requires build_requires requires recommends bundles resources }; my @resource_keys = qw{ homepage bugtracker repository }; my @array_keys = qw{ keywords author }; *authors = \&author; sub Meta { shift } sub Meta_BooleanKeys { @boolean_keys } sub Meta_ScalarKeys { @scalar_keys } sub Meta_TupleKeys { @tuple_keys } sub Meta_ResourceKeys { @resource_keys } sub Meta_ArrayKeys { @array_keys } foreach my $key ( @boolean_keys ) { *$key = sub { my $self = shift; if ( defined wantarray and not @_ ) { return $self->{values}->{$key}; } $self->{values}->{$key} = ( @_ ? $_[0] : 1 ); return $self; }; } foreach my $key ( @scalar_keys ) { *$key = sub { my $self = shift; return $self->{values}->{$key} if defined wantarray and !@_; $self->{values}->{$key} = shift; return $self; }; } foreach my $key ( @array_keys ) { *$key = sub { my $self = shift; return $self->{values}->{$key} if defined wantarray and !@_; $self->{values}->{$key} ||= []; push @{$self->{values}->{$key}}, @_; return $self; }; } foreach my $key ( @resource_keys ) { *$key = sub { my $self = shift; unless ( @_ ) { return () unless $self->{values}->{resources}; return map { $_->[1] } grep { $_->[0] eq $key } @{ $self->{values}->{resources} }; } return $self->{values}->{resources}->{$key} unless @_; my $uri = shift or die( "Did not provide a value to $key()" ); $self->resources( $key => $uri ); return 1; }; } foreach my $key ( grep { $_ ne "resources" } @tuple_keys) { *$key = sub { my $self = shift; return $self->{values}->{$key} unless @_; my @added; while ( @_ ) { my $module = shift or last; my $version = shift || 0; push @added, [ $module, $version ]; } push @{ $self->{values}->{$key} }, @added; return map {@$_} @added; }; } # Resource handling my %lc_resource = map { $_ => 1 } qw{ homepage license bugtracker repository }; sub resources { my $self = shift; while ( @_ ) { my $name = shift or last; my $value = shift or next; if ( $name eq lc $name and ! $lc_resource{$name} ) { die("Unsupported reserved lowercase resource '$name'"); } $self->{values}->{resources} ||= []; push @{ $self->{values}->{resources} }, [ $name, $value ]; } $self->{values}->{resources}; } # Aliases for build_requires that will have alternative # meanings in some future version of META.yml. sub test_requires { shift->build_requires(@_) } sub install_requires { shift->build_requires(@_) } # Aliases for installdirs options sub install_as_core { $_[0]->installdirs('perl') } sub install_as_cpan { $_[0]->installdirs('site') } sub install_as_site { $_[0]->installdirs('site') } sub install_as_vendor { $_[0]->installdirs('vendor') } sub dynamic_config { my $self = shift; my $value = @_ ? shift : 1; if ( $self->{values}->{dynamic_config} ) { # Once dynamic we never change to static, for safety return 0; } $self->{values}->{dynamic_config} = $value ? 1 : 0; return 1; } # Convenience command sub static_config { shift->dynamic_config(0); } sub perl_version { my $self = shift; return $self->{values}->{perl_version} unless @_; my $version = shift or die( "Did not provide a value to perl_version()" ); # Normalize the version $version = $self->_perl_version($version); # We don't support the really old versions unless ( $version >= 5.005 ) { die "Module::Install only supports 5.005 or newer (use ExtUtils::MakeMaker)\n"; } $self->{values}->{perl_version} = $version; } sub all_from { my ( $self, $file ) = @_; unless ( defined($file) ) { my $name = $self->name or die( "all_from called with no args without setting name() first" ); $file = join('/', 'lib', split(/-/, $name)) . '.pm'; $file =~ s{.*/}{} unless -e $file; unless ( -e $file ) { die("all_from cannot find $file from $name"); } } unless ( -f $file ) { die("The path '$file' does not exist, or is not a file"); } $self->{values}{all_from} = $file; # Some methods pull from POD instead of code. # If there is a matching .pod, use that instead my $pod = $file; $pod =~ s/\.pm$/.pod/i; $pod = $file unless -e $pod; # Pull the different values $self->name_from($file) unless $self->name; $self->version_from($file) unless $self->version; $self->perl_version_from($file) unless $self->perl_version; $self->author_from($pod) unless @{$self->author || []}; $self->license_from($pod) unless $self->license; $self->abstract_from($pod) unless $self->abstract; return 1; } sub provides { my $self = shift; my $provides = ( $self->{values}->{provides} ||= {} ); %$provides = (%$provides, @_) if @_; return $provides; } sub auto_provides { my $self = shift; return $self unless $self->is_admin; unless (-e 'MANIFEST') { warn "Cannot deduce auto_provides without a MANIFEST, skipping\n"; return $self; } # Avoid spurious warnings as we are not checking manifest here. local $SIG{__WARN__} = sub {1}; require ExtUtils::Manifest; local *ExtUtils::Manifest::manicheck = sub { return }; require Module::Build; my $build = Module::Build->new( dist_name => $self->name, dist_version => $self->version, license => $self->license, ); $self->provides( %{ $build->find_dist_packages || {} } ); } sub feature { my $self = shift; my $name = shift; my $features = ( $self->{values}->{features} ||= [] ); my $mods; if ( @_ == 1 and ref( $_[0] ) ) { # The user used ->feature like ->features by passing in the second # argument as a reference. Accomodate for that. $mods = $_[0]; } else { $mods = \@_; } my $count = 0; push @$features, ( $name => [ map { ref($_) ? ( ref($_) eq 'HASH' ) ? %$_ : @$_ : $_ } @$mods ] ); return @$features; } sub features { my $self = shift; while ( my ( $name, $mods ) = splice( @_, 0, 2 ) ) { $self->feature( $name, @$mods ); } return $self->{values}->{features} ? @{ $self->{values}->{features} } : (); } sub no_index { my $self = shift; my $type = shift; push @{ $self->{values}->{no_index}->{$type} }, @_ if $type; return $self->{values}->{no_index}; } sub read { my $self = shift; $self->include_deps( 'YAML::Tiny', 0 ); require YAML::Tiny; my $data = YAML::Tiny::LoadFile('META.yml'); # Call methods explicitly in case user has already set some values. while ( my ( $key, $value ) = each %$data ) { next unless $self->can($key); if ( ref $value eq 'HASH' ) { while ( my ( $module, $version ) = each %$value ) { $self->can($key)->($self, $module => $version ); } } else { $self->can($key)->($self, $value); } } return $self; } sub write { my $self = shift; return $self unless $self->is_admin; $self->admin->write_meta; return $self; } sub version_from { require ExtUtils::MM_Unix; my ( $self, $file ) = @_; $self->version( ExtUtils::MM_Unix->parse_version($file) ); # for version integrity check $self->makemaker_args( VERSION_FROM => $file ); } sub abstract_from { require ExtUtils::MM_Unix; my ( $self, $file ) = @_; $self->abstract( bless( { DISTNAME => $self->name }, 'ExtUtils::MM_Unix' )->parse_abstract($file) ); } # Add both distribution and module name sub name_from { my ($self, $file) = @_; if ( Module::Install::_read($file) =~ m/ ^ \s* package \s* ([\w:]+) [\s|;]* /ixms ) { my ($name, $module_name) = ($1, $1); $name =~ s{::}{-}g; $self->name($name); unless ( $self->module_name ) { $self->module_name($module_name); } } else { die("Cannot determine name from $file\n"); } } sub _extract_perl_version { if ( $_[0] =~ m/ ^\s* (?:use|require) \s* v? ([\d_\.]+) \s* ; /ixms ) { my $perl_version = $1; $perl_version =~ s{_}{}g; return $perl_version; } else { return; } } sub perl_version_from { my $self = shift; my $perl_version=_extract_perl_version(Module::Install::_read($_[0])); if ($perl_version) { $self->perl_version($perl_version); } else { warn "Cannot determine perl version info from $_[0]\n"; return; } } sub author_from { my $self = shift; my $content = Module::Install::_read($_[0]); if ($content =~ m/ =head \d \s+ (?:authors?)\b \s* ([^\n]*) | =head \d \s+ (?:licen[cs]e|licensing|copyright|legal)\b \s* .*? copyright .*? \d\d\d[\d.]+ \s* (?:\bby\b)? \s* ([^\n]*) /ixms) { my $author = $1 || $2; # XXX: ugly but should work anyway... if (eval "require Pod::Escapes; 1") { # Pod::Escapes has a mapping table. # It's in core of perl >= 5.9.3, and should be installed # as one of the Pod::Simple's prereqs, which is a prereq # of Pod::Text 3.x (see also below). $author =~ s{ E<( (\d+) | ([A-Za-z]+) )> } { defined $2 ? chr($2) : defined $Pod::Escapes::Name2character_number{$1} ? chr($Pod::Escapes::Name2character_number{$1}) : do { warn "Unknown escape: E<$1>"; "E<$1>"; }; }gex; } elsif (eval "require Pod::Text; 1" && $Pod::Text::VERSION < 3) { # Pod::Text < 3.0 has yet another mapping table, # though the table name of 2.x and 1.x are different. # (1.x is in core of Perl < 5.6, 2.x is in core of # Perl < 5.9.3) my $mapping = ($Pod::Text::VERSION < 2) ? \%Pod::Text::HTML_Escapes : \%Pod::Text::ESCAPES; $author =~ s{ E<( (\d+) | ([A-Za-z]+) )> } { defined $2 ? chr($2) : defined $mapping->{$1} ? $mapping->{$1} : do { warn "Unknown escape: E<$1>"; "E<$1>"; }; }gex; } else { $author =~ s{E}{<}g; $author =~ s{E}{>}g; } $self->author($author); } else { warn "Cannot determine author info from $_[0]\n"; } } #Stolen from M::B my %license_urls = ( perl => 'http://dev.perl.org/licenses/', apache => 'http://apache.org/licenses/LICENSE-2.0', apache_1_1 => 'http://apache.org/licenses/LICENSE-1.1', artistic => 'http://opensource.org/licenses/artistic-license.php', artistic_2 => 'http://opensource.org/licenses/artistic-license-2.0.php', lgpl => 'http://opensource.org/licenses/lgpl-license.php', lgpl2 => 'http://opensource.org/licenses/lgpl-2.1.php', lgpl3 => 'http://opensource.org/licenses/lgpl-3.0.html', bsd => 'http://opensource.org/licenses/bsd-license.php', gpl => 'http://opensource.org/licenses/gpl-license.php', gpl2 => 'http://opensource.org/licenses/gpl-2.0.php', gpl3 => 'http://opensource.org/licenses/gpl-3.0.html', mit => 'http://opensource.org/licenses/mit-license.php', mozilla => 'http://opensource.org/licenses/mozilla1.1.php', open_source => undef, unrestricted => undef, restrictive => undef, unknown => undef, ); sub license { my $self = shift; return $self->{values}->{license} unless @_; my $license = shift or die( 'Did not provide a value to license()' ); $license = __extract_license($license) || lc $license; $self->{values}->{license} = $license; # Automatically fill in license URLs if ( $license_urls{$license} ) { $self->resources( license => $license_urls{$license} ); } return 1; } sub _extract_license { my $pod = shift; my $matched; return __extract_license( ($matched) = $pod =~ m/ (=head \d \s+ L(?i:ICEN[CS]E|ICENSING)\b.*?) (=head \d.*|=cut.*|)\z /xms ) || __extract_license( ($matched) = $pod =~ m/ (=head \d \s+ (?:C(?i:OPYRIGHTS?)|L(?i:EGAL))\b.*?) (=head \d.*|=cut.*|)\z /xms ); } sub __extract_license { my $license_text = shift or return; my @phrases = ( '(?:under )?the same (?:terms|license) as (?:perl|the perl (?:\d )?programming language)' => 'perl', 1, '(?:under )?the terms of (?:perl|the perl programming language) itself' => 'perl', 1, 'Artistic and GPL' => 'perl', 1, 'GNU general public license' => 'gpl', 1, 'GNU public license' => 'gpl', 1, 'GNU lesser general public license' => 'lgpl', 1, 'GNU lesser public license' => 'lgpl', 1, 'GNU library general public license' => 'lgpl', 1, 'GNU library public license' => 'lgpl', 1, 'GNU Free Documentation license' => 'unrestricted', 1, 'GNU Affero General Public License' => 'open_source', 1, '(?:Free)?BSD license' => 'bsd', 1, 'Artistic license 2\.0' => 'artistic_2', 1, 'Artistic license' => 'artistic', 1, 'Apache (?:Software )?license' => 'apache', 1, 'GPL' => 'gpl', 1, 'LGPL' => 'lgpl', 1, 'BSD' => 'bsd', 1, 'Artistic' => 'artistic', 1, 'MIT' => 'mit', 1, 'Mozilla Public License' => 'mozilla', 1, 'Q Public License' => 'open_source', 1, 'OpenSSL License' => 'unrestricted', 1, 'SSLeay License' => 'unrestricted', 1, 'zlib License' => 'open_source', 1, 'proprietary' => 'proprietary', 0, ); while ( my ($pattern, $license, $osi) = splice(@phrases, 0, 3) ) { $pattern =~ s#\s+#\\s+#gs; if ( $license_text =~ /\b$pattern\b/i ) { return $license; } } return ''; } sub license_from { my $self = shift; if (my $license=_extract_license(Module::Install::_read($_[0]))) { $self->license($license); } else { warn "Cannot determine license info from $_[0]\n"; return 'unknown'; } } sub _extract_bugtracker { my @links = $_[0] =~ m#L<( https?\Q://rt.cpan.org/\E[^>]+| https?\Q://github.com/\E[\w_]+/[\w_]+/issues| https?\Q://code.google.com/p/\E[\w_\-]+/issues/list )>#gx; my %links; @links{@links}=(); @links=keys %links; return @links; } sub bugtracker_from { my $self = shift; my $content = Module::Install::_read($_[0]); my @links = _extract_bugtracker($content); unless ( @links ) { warn "Cannot determine bugtracker info from $_[0]\n"; return 0; } if ( @links > 1 ) { warn "Found more than one bugtracker link in $_[0]\n"; return 0; } # Set the bugtracker bugtracker( $links[0] ); return 1; } sub requires_from { my $self = shift; my $content = Module::Install::_readperl($_[0]); my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+(v?[\d\.]+)/mg; while ( @requires ) { my $module = shift @requires; my $version = shift @requires; $self->requires( $module => $version ); } } sub test_requires_from { my $self = shift; my $content = Module::Install::_readperl($_[0]); my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+([\d\.]+)/mg; while ( @requires ) { my $module = shift @requires; my $version = shift @requires; $self->test_requires( $module => $version ); } } # Convert triple-part versions (eg, 5.6.1 or 5.8.9) to # numbers (eg, 5.006001 or 5.008009). # Also, convert double-part versions (eg, 5.8) sub _perl_version { my $v = $_[-1]; $v =~ s/^([1-9])\.([1-9]\d?\d?)$/sprintf("%d.%03d",$1,$2)/e; $v =~ s/^([1-9])\.([1-9]\d?\d?)\.(0|[1-9]\d?\d?)$/sprintf("%d.%03d%03d",$1,$2,$3 || 0)/e; $v =~ s/(\.\d\d\d)000$/$1/; $v =~ s/_.+$//; if ( ref($v) ) { # Numify $v = $v + 0; } return $v; } sub add_metadata { my $self = shift; my %hash = @_; for my $key (keys %hash) { warn "add_metadata: $key is not prefixed with 'x_'.\n" . "Use appopriate function to add non-private metadata.\n" unless $key =~ /^x_/; $self->{values}->{$key} = $hash{$key}; } } ###################################################################### # MYMETA Support sub WriteMyMeta { die "WriteMyMeta has been deprecated"; } sub write_mymeta_yaml { my $self = shift; # We need YAML::Tiny to write the MYMETA.yml file unless ( eval { require YAML::Tiny; 1; } ) { return 1; } # Generate the data my $meta = $self->_write_mymeta_data or return 1; # Save as the MYMETA.yml file print "Writing MYMETA.yml\n"; YAML::Tiny::DumpFile('MYMETA.yml', $meta); } sub write_mymeta_json { my $self = shift; # We need JSON to write the MYMETA.json file unless ( eval { require JSON; 1; } ) { return 1; } # Generate the data my $meta = $self->_write_mymeta_data or return 1; # Save as the MYMETA.yml file print "Writing MYMETA.json\n"; Module::Install::_write( 'MYMETA.json', JSON->new->pretty(1)->canonical->encode($meta), ); } sub _write_mymeta_data { my $self = shift; # If there's no existing META.yml there is nothing we can do return undef unless -f 'META.yml'; # We need Parse::CPAN::Meta to load the file unless ( eval { require Parse::CPAN::Meta; 1; } ) { return undef; } # Merge the perl version into the dependencies my $val = $self->Meta->{values}; my $perl = delete $val->{perl_version}; if ( $perl ) { $val->{requires} ||= []; my $requires = $val->{requires}; # Canonize to three-dot version after Perl 5.6 if ( $perl >= 5.006 ) { $perl =~ s{^(\d+)\.(\d\d\d)(\d*)}{join('.', $1, int($2||0), int($3||0))}e } unshift @$requires, [ perl => $perl ]; } # Load the advisory META.yml file my @yaml = Parse::CPAN::Meta::LoadFile('META.yml'); my $meta = $yaml[0]; # Overwrite the non-configure dependency hashes delete $meta->{requires}; delete $meta->{build_requires}; delete $meta->{recommends}; if ( exists $val->{requires} ) { $meta->{requires} = { map { @$_ } @{ $val->{requires} } }; } if ( exists $val->{build_requires} ) { $meta->{build_requires} = { map { @$_ } @{ $val->{build_requires} } }; } return $meta; } 1; RT-Authen-ExternalAuth-0.25/inc/Module/Install/ReadmeFromPod.pm000644 000766 000024 00000006311 12420030036 025001 0ustar00falconestaff000000 000000 #line 1 package Module::Install::ReadmeFromPod; use 5.006; use strict; use warnings; use base qw(Module::Install::Base); use vars qw($VERSION); $VERSION = '0.22'; sub readme_from { my $self = shift; return unless $self->is_admin; # Input file my $in_file = shift || $self->_all_from or die "Can't determine file to make readme_from"; # Get optional arguments my ($clean, $format, $out_file, $options); my $args = shift; if ( ref $args ) { # Arguments are in a hashref if ( ref($args) ne 'HASH' ) { die "Expected a hashref but got a ".ref($args)."\n"; } else { $clean = $args->{'clean'}; $format = $args->{'format'}; $out_file = $args->{'output_file'}; $options = $args->{'options'}; } } else { # Arguments are in a list $clean = $args; $format = shift; $out_file = shift; $options = \@_; } # Default values; $clean ||= 0; $format ||= 'txt'; # Generate README print "readme_from $in_file to $format\n"; if ($format =~ m/te?xt/) { $out_file = $self->_readme_txt($in_file, $out_file, $options); } elsif ($format =~ m/html?/) { $out_file = $self->_readme_htm($in_file, $out_file, $options); } elsif ($format eq 'man') { $out_file = $self->_readme_man($in_file, $out_file, $options); } elsif ($format eq 'pdf') { $out_file = $self->_readme_pdf($in_file, $out_file, $options); } if ($clean) { $self->clean_files($out_file); } return 1; } sub _readme_txt { my ($self, $in_file, $out_file, $options) = @_; $out_file ||= 'README'; require Pod::Text; my $parser = Pod::Text->new( @$options ); open my $out_fh, '>', $out_file or die "Could not write file $out_file:\n$!\n"; $parser->output_fh( *$out_fh ); $parser->parse_file( $in_file ); close $out_fh; return $out_file; } sub _readme_htm { my ($self, $in_file, $out_file, $options) = @_; $out_file ||= 'README.htm'; require Pod::Html; Pod::Html::pod2html( "--infile=$in_file", "--outfile=$out_file", @$options, ); # Remove temporary files if needed for my $file ('pod2htmd.tmp', 'pod2htmi.tmp') { if (-e $file) { unlink $file or warn "Warning: Could not remove file '$file'.\n$!\n"; } } return $out_file; } sub _readme_man { my ($self, $in_file, $out_file, $options) = @_; $out_file ||= 'README.1'; require Pod::Man; my $parser = Pod::Man->new( @$options ); $parser->parse_from_file($in_file, $out_file); return $out_file; } sub _readme_pdf { my ($self, $in_file, $out_file, $options) = @_; $out_file ||= 'README.pdf'; eval { require App::pod2pdf; } or die "Could not generate $out_file because pod2pdf could not be found\n"; my $parser = App::pod2pdf->new( @$options ); $parser->parse_from_file($in_file); open my $out_fh, '>', $out_file or die "Could not write file $out_file:\n$!\n"; select $out_fh; $parser->output; select STDOUT; close $out_fh; return $out_file; } sub _all_from { my $self = shift; return unless $self->admin->{extensions}; my ($metadata) = grep { ref($_) eq 'Module::Install::Metadata'; } @{$self->admin->{extensions}}; return unless $metadata; return $metadata->{values}{all_from} || ''; } 'Readme!'; __END__ #line 254 RT-Authen-ExternalAuth-0.25/inc/Module/Install/RTx/000755 000766 000024 00000000000 12420030543 022476 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/inc/Module/Install/RTx.pm000644 000766 000024 00000020616 12420030154 023037 0ustar00falconestaff000000 000000 #line 1 package Module::Install::RTx; use 5.008; use strict; use warnings; no warnings 'once'; use Module::Install::Base; use base 'Module::Install::Base'; our $VERSION = '0.36'; use FindBin; use File::Glob (); use File::Basename (); my @DIRS = qw(etc lib html static bin sbin po var); my @INDEX_DIRS = qw(lib bin sbin); sub RTx { my ( $self, $name, $extra_args ) = @_; $extra_args ||= {}; # Set up names my $fname = $name; $fname =~ s!-!/!g; $self->name( $name ) unless $self->name; $self->all_from( "lib/$fname.pm" ) unless $self->version; $self->abstract("$name Extension") unless $self->abstract; unless ( $extra_args->{no_readme_generation} ) { $self->readme_from( "lib/$fname.pm", { options => [ quotes => "none" ] } ); } $self->add_metadata("x_module_install_rtx_version", $VERSION ); # Try to find RT.pm my @prefixes = qw( /opt /usr/local /home /usr /sw /usr/share/request-tracker4); $ENV{RTHOME} =~ s{/RT\.pm$}{} if defined $ENV{RTHOME}; $ENV{RTHOME} =~ s{/lib/?$}{} if defined $ENV{RTHOME}; my @try = $ENV{RTHOME} ? ($ENV{RTHOME}, "$ENV{RTHOME}/lib") : (); while (1) { my @look = @INC; unshift @look, grep {defined and -d $_} @try; push @look, grep {defined and -d $_} map { ( "$_/rt4/lib", "$_/lib/rt4", "$_/lib" ) } @prefixes; last if eval {local @INC = @look; require RT; $RT::LocalLibPath}; warn "Cannot find the location of RT.pm that defines \$RT::LocalPath in: @look\n"; my $given = $self->prompt("Path to directory containing your RT.pm:") or exit; $given =~ s{/RT\.pm$}{}; $given =~ s{/lib/?$}{}; @try = ($given, "$given/lib"); } print "Using RT configuration from $INC{'RT.pm'}:\n"; my $local_lib_path = $RT::LocalLibPath; unshift @INC, $local_lib_path; my $lib_path = File::Basename::dirname( $INC{'RT.pm'} ); unshift @INC, $lib_path; # Set a baseline minimum version unless ( $extra_args->{deprecated_rt} ) { $self->requires_rt('4.0.0'); } # Installation locations my %path; $path{$_} = $RT::LocalPluginPath . "/$name/$_" foreach @DIRS; # Copy RT 4.2.0 static files into NoAuth; insufficient for # images, but good enough for css and js. $path{static} = "$path{html}/NoAuth/" unless $RT::StaticPath; # Delete the ones we don't need delete $path{$_} for grep {not -d "$FindBin::Bin/$_"} keys %path; my %index = map { $_ => 1 } @INDEX_DIRS; $self->no_index( directory => $_ ) foreach grep !$index{$_}, @DIRS; my $args = join ', ', map "q($_)", map { ($_, $path{$_}) } sort keys %path; printf "%-10s => %s\n", $_, $path{$_} for sort keys %path; if ( my @dirs = map { ( -D => $_ ) } grep $path{$_}, qw(bin html sbin etc) ) { my @po = map { ( -o => $_ ) } grep -f, File::Glob::bsd_glob("po/*.po"); $self->postamble(<< ".") if @po; lexicons :: \t\$(NOECHO) \$(PERL) -MLocale::Maketext::Extract::Run=xgettext -e \"xgettext(qw(@dirs @po))\" . } $self->include('Module::Install::RTx::Runtime') if $self->admin; $self->include_deps( 'YAML::Tiny', 0 ) if $self->admin; my $postamble = << "."; install :: \t\$(NOECHO) \$(PERL) -Ilib -I"$local_lib_path" -I"$lib_path" -Iinc -MModule::Install::RTx::Runtime -e"RTxPlugin()" \t\$(NOECHO) \$(PERL) -MExtUtils::Install -e \"install({$args})\" . if ( $path{var} and -d $RT::MasonDataDir ) { my ( $uid, $gid ) = ( stat($RT::MasonDataDir) )[ 4, 5 ]; $postamble .= << "."; \t\$(NOECHO) chown -R $uid:$gid $path{var} . } my %has_etc; if ( File::Glob::bsd_glob("$FindBin::Bin/etc/schema.*") ) { $has_etc{schema}++; } if ( File::Glob::bsd_glob("$FindBin::Bin/etc/acl.*") ) { $has_etc{acl}++; } if ( -e 'etc/initialdata' ) { $has_etc{initialdata}++; } if ( grep { /\d+\.\d+(\.\d+)?.*$/ } glob('etc/upgrade/*.*') ) { $has_etc{upgrade}++; } $self->postamble("$postamble\n"); if ( $path{lib} ) { $self->makemaker_args( INSTALLSITELIB => $path{'lib'} ); $self->makemaker_args( INSTALLARCHLIB => $path{'lib'} ); } else { $self->makemaker_args( PM => { "" => "" }, ); } $self->makemaker_args( INSTALLSITEMAN1DIR => "$RT::LocalPath/man/man1" ); $self->makemaker_args( INSTALLSITEMAN3DIR => "$RT::LocalPath/man/man3" ); $self->makemaker_args( INSTALLSITEARCH => "$RT::LocalPath/man" ); if (%has_etc) { print "For first-time installation, type 'make initdb'.\n"; my $initdb = ''; $initdb .= <<"." if $has_etc{schema}; \t\$(NOECHO) \$(PERL) -Ilib -I"$local_lib_path" -I"$lib_path" -Iinc -MModule::Install::RTx::Runtime -e"RTxDatabase(qw(schema \$(NAME) \$(VERSION)))" . $initdb .= <<"." if $has_etc{acl}; \t\$(NOECHO) \$(PERL) -Ilib -I"$local_lib_path" -I"$lib_path" -Iinc -MModule::Install::RTx::Runtime -e"RTxDatabase(qw(acl \$(NAME) \$(VERSION)))" . $initdb .= <<"." if $has_etc{initialdata}; \t\$(NOECHO) \$(PERL) -Ilib -I"$local_lib_path" -I"$lib_path" -Iinc -MModule::Install::RTx::Runtime -e"RTxDatabase(qw(insert \$(NAME) \$(VERSION)))" . $self->postamble("initdb ::\n$initdb\n"); $self->postamble("initialize-database ::\n$initdb\n"); if ($has_etc{upgrade}) { print "To upgrade from a previous version of this extension, use 'make upgrade-database'\n"; my $upgradedb = qq|\t\$(NOECHO) \$(PERL) -Ilib -I"$local_lib_path" -I"$lib_path" -Iinc -MModule::Install::RTx::Runtime -e"RTxDatabase(qw(upgrade \$(NAME) \$(VERSION)))"\n|; $self->postamble("upgrade-database ::\n$upgradedb\n"); $self->postamble("upgradedb ::\n$upgradedb\n"); } } } sub requires_rt { my ($self,$version) = @_; _load_rt_handle(); if ($self->is_admin) { $self->add_metadata("x_requires_rt", $version); my @sorted = sort RT::Handle::cmp_version $version,'4.0.0'; $self->perl_version('5.008003') if $sorted[0] eq '4.0.0' and (not $self->perl_version or '5.008003' > $self->perl_version); @sorted = sort RT::Handle::cmp_version $version,'4.2.0'; $self->perl_version('5.010001') if $sorted[0] eq '4.2.0' and (not $self->perl_version or '5.010001' > $self->perl_version); } # if we're exactly the same version as what we want, silently return return if ($version eq $RT::VERSION); my @sorted = sort RT::Handle::cmp_version $version,$RT::VERSION; if ($sorted[-1] eq $version) { die <<"EOT"; **** Error: This extension requires RT $version. Your installed version of RT ($RT::VERSION) is too old. EOT } } sub requires_rt_plugin { my $self = shift; my ( $plugin ) = @_; if ($self->is_admin) { my $plugins = $self->Meta->{values}{"x_requires_rt_plugins"} || []; push @{$plugins}, $plugin; $self->add_metadata("x_requires_rt_plugins", $plugins); } my $path = $plugin; $path =~ s{\:\:}{-}g; $path = "$RT::LocalPluginPath/$path/lib"; if ( -e $path ) { unshift @INC, $path; } else { my $name = $self->name; warn <<"EOT"; **** Warning: $name requires that the $plugin plugin be installed and enabled; it does not appear to be installed. EOT } $self->requires(@_); } sub rt_too_new { my ($self,$version,$msg) = @_; my $name = $self->name; $msg ||= <add_metadata("x_rt_too_new", $version) if $self->is_admin; _load_rt_handle(); my @sorted = sort RT::Handle::cmp_version $version,$RT::VERSION; if ($sorted[0] eq $version) { die sprintf($msg,$RT::VERSION,$version); } } # RT::Handle runs FinalizeDatabaseType which calls RT->Config->Get # On 3.8, this dies. On 4.0/4.2 ->Config transparently runs LoadConfig. # LoadConfig requires being able to read RT_SiteConfig.pm (root) so we'd # like to avoid pushing that on users. # Fake up just enough Config to let FinalizeDatabaseType finish, and # anyone later calling LoadConfig will overwrite our shenanigans. sub _load_rt_handle { unless ($RT::Config) { require RT::Config; $RT::Config = RT::Config->new; RT->Config->Set('DatabaseType','mysql'); } require RT::Handle; } 1; __END__ #line 390 RT-Authen-ExternalAuth-0.25/inc/Module/Install/Win32.pm000644 000766 000024 00000003403 12420030036 023216 0ustar00falconestaff000000 000000 #line 1 package Module::Install::Win32; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.12'; @ISA = 'Module::Install::Base'; $ISCORE = 1; } # determine if the user needs nmake, and download it if needed sub check_nmake { my $self = shift; $self->load('can_run'); $self->load('get_file'); require Config; return unless ( $^O eq 'MSWin32' and $Config::Config{make} and $Config::Config{make} =~ /^nmake\b/i and ! $self->can_run('nmake') ); print "The required 'nmake' executable not found, fetching it...\n"; require File::Basename; my $rv = $self->get_file( url => 'http://download.microsoft.com/download/vc15/Patch/1.52/W95/EN-US/Nmake15.exe', ftp_url => 'ftp://ftp.microsoft.com/Softlib/MSLFILES/Nmake15.exe', local_dir => File::Basename::dirname($^X), size => 51928, run => 'Nmake15.exe /o > nul', check_for => 'Nmake.exe', remove => 1, ); die <<'END_MESSAGE' unless $rv; ------------------------------------------------------------------------------- Since you are using Microsoft Windows, you will need the 'nmake' utility before installation. It's available at: http://download.microsoft.com/download/vc15/Patch/1.52/W95/EN-US/Nmake15.exe or ftp://ftp.microsoft.com/Softlib/MSLFILES/Nmake15.exe Please download the file manually, save it to a directory in %PATH% (e.g. C:\WINDOWS\COMMAND\), then launch the MS-DOS command line shell, "cd" to that directory, and run "Nmake15.exe" from there; that will create the 'nmake.exe' file needed by this module. You may then resume the installation process described in README. ------------------------------------------------------------------------------- END_MESSAGE } 1; RT-Authen-ExternalAuth-0.25/inc/Module/Install/WriteAll.pm000644 000766 000024 00000002376 12420030036 024047 0ustar00falconestaff000000 000000 #line 1 package Module::Install::WriteAll; use strict; use Module::Install::Base (); use vars qw{$VERSION @ISA $ISCORE}; BEGIN { $VERSION = '1.12'; @ISA = qw{Module::Install::Base}; $ISCORE = 1; } sub WriteAll { my $self = shift; my %args = ( meta => 1, sign => 0, inline => 0, check_nmake => 1, @_, ); $self->sign(1) if $args{sign}; $self->admin->WriteAll(%args) if $self->is_admin; $self->check_nmake if $args{check_nmake}; unless ( $self->makemaker_args->{PL_FILES} ) { # XXX: This still may be a bit over-defensive... unless ($self->makemaker(6.25)) { $self->makemaker_args( PL_FILES => {} ) if -f 'Build.PL'; } } # Until ExtUtils::MakeMaker support MYMETA.yml, make sure # we clean it up properly ourself. $self->realclean_files('MYMETA.yml'); if ( $args{inline} ) { $self->Inline->write; } else { $self->Makefile->write; } # The Makefile write process adds a couple of dependencies, # so write the META.yml files after the Makefile. if ( $args{meta} ) { $self->Meta->write; } # Experimental support for MYMETA if ( $ENV{X_MYMETA} ) { if ( $ENV{X_MYMETA} eq 'JSON' ) { $self->Meta->write_mymeta_json; } else { $self->Meta->write_mymeta_yaml; } } return 1; } 1; RT-Authen-ExternalAuth-0.25/inc/Module/Install/RTx/Runtime.pm000644 000766 000024 00000004252 12420030036 024457 0ustar00falconestaff000000 000000 #line 1 package Module::Install::RTx::Runtime; use base 'Exporter'; our @EXPORT = qw/RTxDatabase RTxPlugin/; use strict; use File::Basename (); sub _rt_runtime_load { require RT; eval { RT::LoadConfig(); }; if (my $err = $@) { die $err unless $err =~ /^RT couldn't load RT config file/m; my $warn = <can('AddUpgradeHistory'); my $lib_path = File::Basename::dirname($INC{'RT.pm'}); my @args = ( "-Ilib", "-I$RT::LocalLibPath", "-I$lib_path", "$RT::SbinPath/rt-setup-database", "--action" => $action, ($action eq 'upgrade' ? () : ("--datadir" => "etc")), (($action eq 'insert') ? ("--datafile" => "etc/initialdata") : ()), "--dba" => $RT::DatabaseAdmin || $RT::DatabaseUser, "--prompt-for-dba-password" => '', ($has_upgrade ? ("--package" => $name, "--ext-version" => $version) : ()), ); # If we're upgrading against an RT which isn't at least 4.2 (has # AddUpgradeHistory) then pass --package. Upgrades against later RT # releases will pick up --package from AddUpgradeHistory. if ($action eq 'upgrade' and not $has_upgrade) { push @args, "--package" => $name; } print "$^X @args\n"; (system($^X, @args) == 0) or die "...returned with error: $?\n"; } sub RTxPlugin { my ($name) = @_; _rt_runtime_load(); require YAML::Tiny; my $data = YAML::Tiny::LoadFile('META.yml'); my $name = $data->{name}; my @enabled = RT->Config->Get('Plugins'); for my $required (@{$data->{x_requires_rt_plugins} || []}) { next if grep {$required eq $_} @enabled; warn <<"EOT"; **** Warning: $name requires that the $required plugin be installed and enabled; it is not currently in \@Plugins. EOT } } 1; RT-Authen-ExternalAuth-0.25/html/Callbacks/000755 000766 000024 00000000000 12420030543 021200 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/html/Elements/000755 000766 000024 00000000000 12420030543 021075 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/html/Elements/DoAuth000644 000766 000024 00000001611 12420027405 022206 0ustar00falconestaff000000 000000 <%init> # return as quickly as possible if the user is logged in return if $session{CurrentUser} && $session{'CurrentUser'}->id; # It's important to nab the next page from the session before we # potentially blow the session away below. my $next = $session{'NextPage'}->{ $ARGS{'next'} || "" }; $next = $next->{'url'} if ref $next; my ($val,$msg) = RT::Authen::ExternalAuth::DoAuth(\%session,$user,$pass); $RT::Logger->debug("Autohandler called ExternalAuth. Response: ($val, $msg)"); if ( $val ) { $m->callback( %ARGS, CallbackName => 'SuccessfulLogin', CallbackPage => '/autohandler', RedirectTo => \$next ); } # Redirect to the relevant page if the above succeeded RT::Interface::Web::Redirect( $next ) if $val and $next and $m->request_comp->path eq '/NoAuth/Login.html'; # this component should never generate content return; <%ARGS> $user => undef $pass => undef RT-Authen-ExternalAuth-0.25/html/Callbacks/ExternalAuth/000755 000766 000024 00000000000 12420030543 023604 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/html/Callbacks/ExternalAuth/autohandler/000755 000766 000024 00000000000 12420030543 026112 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/html/Callbacks/ExternalAuth/Elements/000755 000766 000024 00000000000 12420030543 025360 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/html/Callbacks/ExternalAuth/Elements/Header/000755 000766 000024 00000000000 12420030543 026550 5ustar00falconestaff000000 000000 RT-Authen-ExternalAuth-0.25/html/Callbacks/ExternalAuth/Elements/Header/Head000644 000766 000024 00000000441 11555314740 027347 0ustar00falconestaff000000 000000 % if ( $session{CurrentUser}->UserObj->__Value('Password') eq '*NO-PASSWORD*') { % } <%INIT> return unless $m->request_comp->path eq '/User/Prefs.html'; return unless $session{CurrentUser} && $session{CurrentUser}->id; RT-Authen-ExternalAuth-0.25/html/Callbacks/ExternalAuth/autohandler/Auth000644 000766 000024 00000000045 12373270767 026762 0ustar00falconestaff000000 000000 %$m->comp('/Elements/DoAuth',%ARGS); RT-Authen-ExternalAuth-0.25/html/Callbacks/ExternalAuth/autohandler/Session000644 000766 000024 00000000046 12373270767 027505 0ustar00falconestaff000000 000000 % $m->comp('/Elements/DoAuth',%ARGS);