- In VirtualHost context, PerlInitHandler is an alias for
PerlPostReadRequestHandler. So by encoding characters (%40 for 'a'), users can bypass some restrictions. Now PerlInitHandler is replaced by PerlHeaderParserHandler, so Lemonldap::NG is called after URI translation phase. - Correction of a bug in internal redirections: now internal redirections are not examined: for example, http://test.example.com/ is internaly redirected to /index.pl, but only the first request (/) is tested.
This commit is contained in:
parent
90522e3e96
commit
fcf0dbaaac
|
@ -1,5 +1,16 @@
|
|||
Revision history for Perl extension Lemonldap::NG::Handler.
|
||||
|
||||
0.73 Thu Jan 4 15:34:22 2007
|
||||
- In VirtualHost context, PerlInitHandler is an alias for
|
||||
PerlPostReadRequestHandler. So by encoding characters (%40 for 'a'),
|
||||
users can bypass some restrictions.
|
||||
Now PerlInitHandler is replaced by PerlHeaderParserHandler, so
|
||||
Lemonldap::NG is called after URI translation phase.
|
||||
- Correction of a bug in internal redirections: now internal
|
||||
redirections are not examined: for example, http://test.example.com/
|
||||
is internaly redirected to /index.pl, but only the first request (/)
|
||||
is tested.
|
||||
|
||||
0.72 Thu Jan 4 9:24:18 2007
|
||||
- Correction in apache-1.3 configuration example file
|
||||
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
ServerName test.example.com
|
||||
|
||||
PerlRequire __DIR__/handler/MyHandler.pm
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
<Location /reload>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from 127.0.0.0/8
|
||||
PerlInitHandler My::Package->refresh
|
||||
PerlHeaderParserHandler My::Package->refresh
|
||||
</Location>
|
||||
|
||||
# Just to make example running (index.pl display authenticated user)
|
||||
|
|
|
@ -3,12 +3,12 @@ PerlOptions +GlobalRequest
|
|||
|
||||
ServerName test.example.com
|
||||
PerlRequire __DIR__/handler/MyHandler.pm
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
<Location /reload>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from 127.0.0.0/8
|
||||
PerlInitHandler My::Package->refresh
|
||||
PerlHeaderParserHandler My::Package->refresh
|
||||
</Location>
|
||||
|
||||
# Just to make example running (index.pl display authenticated user)
|
||||
|
|
|
@ -2,7 +2,7 @@ package Lemonldap::NG::Handler;
|
|||
|
||||
print STDERR
|
||||
"See Lemonldap::NG::Handler(3) to know which Lemonldap::NG::Handler::* module to use.";
|
||||
our $VERSION = "0.72";
|
||||
our $VERSION = "0.73";
|
||||
|
||||
1;
|
||||
|
||||
|
@ -45,10 +45,10 @@ Call your package in /apache-dir/conf/httpd.conf:
|
|||
# Load your package
|
||||
PerlRequire /My/File
|
||||
# TOTAL PROTECTION
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
# OR SELECTED AREA
|
||||
<Location /protected-area>
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
</Location>
|
||||
|
||||
The configuration is loaded only at Apache start. Create an URI to force
|
||||
|
@ -59,7 +59,7 @@ configuration reload, so you don't need to restart Apache at each change:
|
|||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from my.manager.com
|
||||
PerlInitHandler My::Package->refresh
|
||||
PerlHeaderParserHandler My::Package->refresh
|
||||
</Location>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
|
|
@ -9,7 +9,7 @@ use Cache::Cache qw($EXPIRES_NEVER);
|
|||
|
||||
our @ISA = qw(Lemonldap::NG::Handler::Vhost Lemonldap::NG::Handler::Simple);
|
||||
|
||||
our $VERSION = '0.51';
|
||||
our $VERSION = '0.52';
|
||||
our $cfgNum = 0;
|
||||
our $lastReload = 0;
|
||||
our $reloadTime;
|
||||
|
@ -166,10 +166,10 @@ Call your package in /apache-dir/conf/httpd.conf :
|
|||
|
||||
PerlRequire MyFile
|
||||
# TOTAL PROTECTION
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
# OR SELECTED AREA
|
||||
<Location /protected-area>
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
</Location>
|
||||
|
||||
The configuration is loaded only at Apache start. Create an URI to force
|
||||
|
@ -180,7 +180,7 @@ configuration reload, so you don't need to restart Apache at each change :
|
|||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from my.manager.com
|
||||
PerlInitHandler My::Package->refresh
|
||||
PerlHeaderParserHandler My::Package->refresh
|
||||
</Location>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
|
|
@ -14,7 +14,7 @@ BEGIN {
|
|||
}
|
||||
}
|
||||
|
||||
our $VERSION = '0.5';
|
||||
our $VERSION = '0.51';
|
||||
|
||||
our @ISA = qw(Lemonldap::NG::Handler::SharedConf);
|
||||
|
||||
|
@ -92,10 +92,10 @@ Call your package in /apache-dir/conf/httpd.conf :
|
|||
|
||||
PerlRequire MyFile
|
||||
# TOTAL PROTECTION
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
# OR SELECTED AREA
|
||||
<Location /protected-area>
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
</Location>
|
||||
|
||||
The configuration is loaded only at Apache start. Create an URI to force
|
||||
|
@ -106,7 +106,7 @@ configuration reload, so you don't need to restart Apache at each change :
|
|||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from my.manager.com
|
||||
PerlInitHandler My::Package->refresh
|
||||
PerlHeaderParserHandler My::Package->refresh
|
||||
</Location>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
|
|
@ -6,7 +6,7 @@ use MIME::Base64;
|
|||
use Exporter 'import';
|
||||
use Safe;
|
||||
|
||||
our $VERSION = '0.72';
|
||||
our $VERSION = '0.73';
|
||||
|
||||
our %EXPORT_TAGS = (
|
||||
localStorage =>
|
||||
|
@ -247,8 +247,9 @@ sub localInit($$) {
|
|||
# performances.
|
||||
no strict;
|
||||
if ( MP() == 2 ) {
|
||||
Apache->push_handlers( PerlChildInitHandler =>
|
||||
sub { return $class->initLocalStorage( $_[1], $_[0] ); } );
|
||||
Apache->push_handlers(
|
||||
PerlChildInitHandler => sub { return $class->initLocalStorage( $_[1], $_[0] ); }
|
||||
);
|
||||
Apache->push_handlers(
|
||||
PerlCleanupHandler => sub { return $class->cleanLocalStorage(@_); }
|
||||
);
|
||||
|
@ -404,6 +405,8 @@ sub forbidden {
|
|||
|
||||
# hideCookie : hide Lemonldap cookie to the protected application
|
||||
sub hideCookie {
|
||||
my $class = shift;
|
||||
$class->lmLog( "$class: removing cookie", 'debug' );
|
||||
my $tmp = lmHeaderIn( $apacheRequest, 'Cookie' );
|
||||
$tmp =~ s/$cookieName[^;]*;?//o;
|
||||
lmSetHeaderIn( $apacheRequest, 'Cookie' => $tmp );
|
||||
|
@ -428,22 +431,18 @@ sub goToPortal() {
|
|||
return REDIRECT;
|
||||
}
|
||||
|
||||
# MAIN SUBROUTINE called by Apache (using PerlInitHandler option)
|
||||
# MAIN SUBROUTINE called by Apache (using PerlHeaderParserHandler option)
|
||||
sub run ($$) {
|
||||
my $class;
|
||||
( $class, $apacheRequest ) = @_;
|
||||
|
||||
my $uri =
|
||||
$apacheRequest->uri
|
||||
. ( $apacheRequest->args ? "?" . $apacheRequest->args : "" );
|
||||
return DECLINED unless ( $apacheRequest->is_initial_req );
|
||||
my $uri = $apacheRequest->uri . ( $apacheRequest->args ? "?" . $apacheRequest->args : "" );
|
||||
|
||||
# AUTHENTICATION
|
||||
# I - recover the cookie
|
||||
my $id;
|
||||
unless ( ($id) =
|
||||
( lmHeaderIn( $apacheRequest, 'Cookie' ) =~ /$cookieName=([^; ]+);?/o )
|
||||
)
|
||||
{
|
||||
unless ( ($id) = ( lmHeaderIn( $apacheRequest, 'Cookie' ) =~ /$cookieName=([^; ]+);?/o ) ) {
|
||||
$class->lmLog( "$class: No cookie found", 'info' );
|
||||
return $class->goToPortal($uri);
|
||||
}
|
||||
|
@ -495,7 +494,7 @@ sub run ($$) {
|
|||
|
||||
# SECURITY
|
||||
# Hide Lemonldap cookie
|
||||
hideCookie;
|
||||
$class->hideCookie;
|
||||
OK;
|
||||
}
|
||||
|
||||
|
@ -596,10 +595,10 @@ Call your package in <apache-directory>/conf/httpd.conf
|
|||
|
||||
PerlRequire MyFile
|
||||
# TOTAL PROTECTION
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
# OR SELECTED AREA
|
||||
<Location /protected-area>
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
</Location>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
|
|
@ -4,7 +4,7 @@ use Lemonldap::NG::Handler::Simple qw(:locationRules :headers);
|
|||
use strict;
|
||||
use MIME::Base64;
|
||||
|
||||
our $VERSION = '0.5';
|
||||
our $VERSION = '0.51';
|
||||
|
||||
sub locationRulesInit {
|
||||
my ( $class, $args ) = @_;
|
||||
|
@ -122,7 +122,7 @@ Create your own package:
|
|||
Call your package in <apache-directory>/conf/httpd.conf
|
||||
|
||||
PerlRequire MyFile
|
||||
PerlInitHandler My::Package
|
||||
PerlHeaderParserHandler My::Package
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
|
Loading…
Reference in New Issue