-
Notifications
You must be signed in to change notification settings - Fork 38
/
AuthScripts.pm
executable file
·105 lines (91 loc) · 3.4 KB
/
AuthScripts.pm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# See bottom of file for license and copyright information
package Foswiki::Configure::Checkers::AuthScripts;
use strict;
use warnings;
use Foswiki::Configure::Checker ();
our @ISA = ('Foswiki::Configure::Checker');
sub check {
my $this = shift;
my $msg = '';
if ( $Foswiki::cfg{AuthScripts} ) {
if ( $Foswiki::cfg{LoginManager} eq 'none' ) {
return $this->ERROR(
<<'EOF'
You've asked that some scripts require authentication, but haven't
specified a way for users to log in. Please pick a LoginManager
other than 'none' or clear this setting.
EOF
);
}
if ( $Foswiki::cfg{LoginManager} ne
'Foswiki::LoginManager::TemplateLogin' )
{
$msg .= $this->WARN(
<<"EOF"
You've specified an alternative login manager. It is critical that this list
of scripts be consistent with the scripts protected by the Web Server. Verify that this setting
is consistent with the Apache <code>FilesMatch</code> or <code>LocationMatch</code> or other
configuration used by $Foswiki::cfg{LoginManager}.
EOF
);
}
unless ( $Foswiki::cfg{AuthScripts} =~ m/statistics/ ) {
$msg .= $this->WARN(
<<'EOF'
The statistics script is not protected as a script requiring authorization.
This is not a security issue, but this script can create a significant workload
on the server. It is recommended that this script require authentication.
EOF
);
}
}
my $e2 = _listOpenScripts( $this, $this->getCfg("{ScriptDir}") );
$msg .= $this->NOTE(
'<b>Note:</b>The Following scripts are open to unauthenticated users:<br /> <code>'
. $e2
. '</code>' )
if $e2;
return $msg;
}
sub _listOpenScripts {
my ( $this, $dir ) = @_;
my $unauth = '';
unless ( opendir( D, $dir ) ) {
return $this->ERROR(<<HERE);
Cannot open '$dir' for read ($!) - check it exists, and that permissions are correct.
HERE
}
foreach
my $script ( sort grep { -f "$dir/$_" && /^\w+(\.\w+)?$/ } readdir D )
{
# Verify that scripts are executable
if ( $script !~ /\.cfg$/
&& $script !~ /^configure/
&& $Foswiki::cfg{AuthScripts} !~ m/\b$script\b/ )
{
$unauth .= $script . ' ';
}
}
closedir(D);
return $unauth;
}
1;
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Copyright (C) 2008-2010 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
Additional copyrights apply to some or all of the code in this
file as follows:
Copyright (C) 2000-2006 TWiki Contributors. All Rights Reserved.
TWiki Contributors are listed in the AUTHORS file in the root
of this distribution. NOTE: Please extend that file, not this notice.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version. For
more details read LICENSE in the root of this distribution.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
As per the GPL, removal of this notice is prohibited.