Commit 9ab04631 authored by Yadd's avatar Yadd

Auth::Kerberos skeleton (#707)

parent 289930e2
......@@ -19,6 +19,7 @@ lib/Lemonldap/NG/Portal/Auth/Custom.pm
lib/Lemonldap/NG/Portal/Auth/DBI.pm
lib/Lemonldap/NG/Portal/Auth/Demo.pm
lib/Lemonldap/NG/Portal/Auth/Facebook.pm
lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
lib/Lemonldap/NG/Portal/Auth/LDAP.pm
lib/Lemonldap/NG/Portal/Auth/Null.pm
lib/Lemonldap/NG/Portal/Auth/OpenID.pm
......
package Lemonldap::NG::Portal::Auth::Kerberos;
use strict;
use Mouse;
use GSSAPI;
use MIME::Base64;
use Lemonldap::NG::Portal::Main::Constants qw(
PE_ERROR
PE_OK
PE_SENDRESPONSE
);
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Portal::Auth::Base';
# INITIALIZATION
sub init {
my ($self) = @_;
}
sub extractFormInfo {
my ( $self, $req ) = @_;
my $auth = $req->env->{HTTP_AUTHORIZATION};
unless ($auth) {
$req->response(
[
410,
[ 'WWW-Authenticate' => 'Negotiate' ],
['Authentication required']
]
);
return PE_SENDRESPONSE;
}
if ( $auth !~ /^Negotiate (.*)$/ ) {
$self->userLogger->error('Bad authorization header');
$req->response( [ 403, [], ['Forbidden'] ] );
return PE_SENDRESPONSE;
}
my $data;
eval { $data = MIME::Base64::decode($1) };
if ($@) {
$self->userLogger->error( 'Bad authorization header: ' . $@ );
return PE_ERROR;
}
my $server_context;
my $status = GSSAPI::Context::accept(
$server_context,
GSS_C_NO_CREDENTIAL,
$data,
GSS_C_NO_CHANNEL_BINDINGS,
my $gss_client_name,
my $out_mech,
my $gss_output_token,
my $out_flags,
my $out_time,
my $gss_delegated_cred
);
unless ($status) {
$self->logger->error('Unable to accept security context');
return PE_ERROR;
}
my $client_name;
$status = $gss_client_name->display($client_name);
unless ($status) {
$self->logger->error('Unable to display KRB client name');
return PE_ERROR;
}
$req->user($client_name);
return PE_OK;
}
sub authenticate {
PE_OK;
}
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{SSLAuthnLevel};
PE_OK;
}
sub getDisplayType {
return "logo";
}
1;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment