Mercurial > hg > soundsoftware-site

annotate extra/soundsoftware/SoundSoftware.pm @ 732:897bc2b63bfe feature_318

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Overhaul SoundSoftware authentication manager to handle HTTPS redirects itself and also to avoid info leakage for nonexistent projects
author Chris Cannam
date Fri, 04 Nov 2011 10:28:40 +0000
parents a2192366d309
children c7a731db96e5
rev   line source
Chris@7 1 package Apache::Authn::SoundSoftware;
Chris@7 2
Chris@7 3 =head1 Apache::Authn::SoundSoftware
Chris@7 4
Chris@7 5 SoundSoftware - a mod_perl module for Apache authentication against a
Chris@7 6 Redmine database and optional LDAP implementing the access control
Chris@7 7 rules required for the SoundSoftware.ac.uk repository site.
Chris@7 8
Chris@7 9 =head1 SYNOPSIS
Chris@7 10
Chris@7 11 This module is closely based on the Redmine.pm authentication module
Chris@7 12 provided with Redmine. It is intended to be used for authentication
Chris@7 13 in front of a repository service such as hgwebdir.
Chris@7 14
Chris@7 15 Requirements:
Chris@7 16
Chris@7 17 1. Clone/pull from repo for public project: Any user, no
Chris@7 18 authentication required
Chris@7 19
Chris@7 20 2. Clone/pull from repo for private project: Project members only
Chris@7 21
Chris@7 22 3. Push to repo for public project: "Permitted" users only (this
Chris@8 23 probably means project members who are also identified in the hgrc web
Chris@8 24 section for the repository and so will be approved by hgwebdir?)
Chris@7 25
Chris@8 26 4. Push to repo for private project: "Permitted" users only (as above)
Chris@7 27
chris@300 28 5. Push to any repo that is tracking an external repo: Refused always
chris@300 29
Chris@7 30 =head1 INSTALLATION
Chris@7 31
Chris@7 32 Debian/ubuntu:
Chris@7 33
Chris@7 34 apt-get install libapache-dbi-perl libapache2-mod-perl2 \
Chris@7 35 libdbd-mysql-perl libauthen-simple-ldap-perl libio-socket-ssl-perl
Chris@7 36
Chris@7 37 Note that LDAP support is hardcoded "on" in this script (it is
Chris@7 38 optional in the original Redmine.pm).
Chris@7 39
Chris@7 40 =head1 CONFIGURATION
Chris@7 41
Chris@7 42 ## This module has to be in your perl path
Chris@7 43 ## eg: /usr/local/lib/site_perl/Apache/Authn/SoundSoftware.pm
Chris@7 44 PerlLoadModule Apache::Authn::SoundSoftware
Chris@7 45
Chris@7 46 # Example when using hgwebdir
Chris@7 47 ScriptAlias / "/var/hg/hgwebdir.cgi/"
Chris@7 48
Chris@7 49 <Location />
Chris@7 50 AuthName "Mercurial"
Chris@7 51 AuthType Basic
Chris@7 52 Require valid-user
Chris@7 53 PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
Chris@7 54 PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
Chris@7 55 SoundSoftwareDSN "DBI:mysql:database=redmine;host=localhost"
Chris@7 56 SoundSoftwareDbUser "redmine"
Chris@7 57 SoundSoftwareDbPass "password"
Chris@7 58 Options +ExecCGI
Chris@7 59 AddHandler cgi-script .cgi
Chris@7 60 ## Optional where clause (fulltext search would be slow and
Chris@7 61 ## database dependant).
Chris@7 62 # SoundSoftwareDbWhereClause "and members.role_id IN (1,2)"
Chris@8 63 ## Optional prefix for local repository URLs
Chris@8 64 # SoundSoftwareRepoPrefix "/var/hg/"
Chris@7 65 </Location>
Chris@7 66
Chris@7 67 See the original Redmine.pm for further configuration notes.
Chris@7 68
Chris@7 69 =cut
Chris@7 70
Chris@7 71 use strict;
Chris@7 72 use warnings FATAL => 'all', NONFATAL => 'redefine';
Chris@7 73
Chris@7 74 use DBI;
Chris@7 75 use Digest::SHA1;
Chris@7 76 use Authen::Simple::LDAP;
Chris@7 77 use Apache2::Module;
Chris@7 78 use Apache2::Access;
Chris@7 79 use Apache2::ServerRec qw();
Chris@7 80 use Apache2::RequestRec qw();
Chris@7 81 use Apache2::RequestUtil qw();
Chris@7 82 use Apache2::Const qw(:common :override :cmd_how);
Chris@7 83 use APR::Pool ();
Chris@7 84 use APR::Table ();
Chris@7 85
Chris@7 86 my @directives = (
Chris@7 87 {
Chris@7 88 name => 'SoundSoftwareDSN',
Chris@7 89 req_override => OR_AUTHCFG,
Chris@7 90 args_how => TAKE1,
Chris@7 91 errmsg => 'Dsn in format used by Perl DBI. eg: "DBI:Pg:dbname=databasename;host=my.db.server"',
Chris@7 92 },
Chris@7 93 {
Chris@7 94 name => 'SoundSoftwareDbUser',
Chris@7 95 req_override => OR_AUTHCFG,
Chris@7 96 args_how => TAKE1,
Chris@7 97 },
Chris@7 98 {
Chris@7 99 name => 'SoundSoftwareDbPass',
Chris@7 100 req_override => OR_AUTHCFG,
Chris@7 101 args_how => TAKE1,
Chris@7 102 },
Chris@7 103 {
Chris@7 104 name => 'SoundSoftwareDbWhereClause',
Chris@7 105 req_override => OR_AUTHCFG,
Chris@7 106 args_how => TAKE1,
Chris@7 107 },
Chris@7 108 {
Chris@8 109 name => 'SoundSoftwareRepoPrefix',
Chris@7 110 req_override => OR_AUTHCFG,
Chris@7 111 args_how => TAKE1,
Chris@7 112 },
Chris@732 113 {
Chris@732 114 name => 'SoundSoftwareSslRequired',
Chris@732 115 req_override => OR_AUTHCFG,
Chris@732 116 args_how => TAKE1,
Chris@732 117 },
Chris@7 118 );
Chris@7 119
Chris@7 120 sub SoundSoftwareDSN {
Chris@8 121 my ($self, $parms, $arg) = @_;
Chris@8 122 $self->{SoundSoftwareDSN} = $arg;
Chris@8 123 my $query = "SELECT
chris@301 124 hashed_password, salt, auth_source_id, permissions
Chris@7 125 FROM members, projects, users, roles, member_roles
Chris@7 126 WHERE
Chris@7 127 projects.id=members.project_id
Chris@7 128 AND member_roles.member_id=members.id
Chris@7 129 AND users.id=members.user_id
Chris@7 130 AND roles.id=member_roles.role_id
Chris@7 131 AND users.status=1
Chris@7 132 AND login=?
Chris@7 133 AND identifier=? ";
Chris@8 134 $self->{SoundSoftwareQuery} = trim($query);
Chris@7 135 }
Chris@7 136
Chris@7 137 sub SoundSoftwareDbUser { set_val('SoundSoftwareDbUser', @_); }
Chris@7 138 sub SoundSoftwareDbPass { set_val('SoundSoftwareDbPass', @_); }
Chris@7 139 sub SoundSoftwareDbWhereClause {
Chris@8 140 my ($self, $parms, $arg) = @_;
Chris@8 141 $self->{SoundSoftwareQuery} = trim($self->{SoundSoftwareQuery}.($arg ? $arg : "")." ");
Chris@7 142 }
Chris@7 143
Chris@8 144 sub SoundSoftwareRepoPrefix {
Chris@8 145 my ($self, $parms, $arg) = @_;
Chris@8 146 if ($arg) {
Chris@8 147 $self->{SoundSoftwareRepoPrefix} = $arg;
Chris@8 148 }
Chris@7 149 }
Chris@7 150
Chris@732 151 sub SoundSoftwareSslRequired { set_val('SoundSoftwareSslRequired', @_); }
Chris@732 152
Chris@7 153 sub trim {
Chris@8 154 my $string = shift;
Chris@8 155 $string =~ s/\s{2,}/ /g;
Chris@8 156 return $string;
Chris@7 157 }
Chris@7 158
Chris@7 159 sub set_val {
Chris@8 160 my ($key, $self, $parms, $arg) = @_;
Chris@8 161 $self->{$key} = $arg;
Chris@7 162 }
Chris@7 163
Chris@7 164 Apache2::Module::add(__PACKAGE__, \@directives);
Chris@7 165
Chris@7 166
Chris@7 167 my %read_only_methods = map { $_ => 1 } qw/GET PROPFIND REPORT OPTIONS/;
Chris@7 168
Chris@7 169 sub access_handler {
Chris@8 170 my $r = shift;
Chris@7 171
Chris@517 172 print STDERR "SoundSoftware.pm:$$: In access handler at " . scalar localtime() . "\n";
Chris@7 173
Chris@8 174 unless ($r->some_auth_required) {
Chris@8 175 $r->log_reason("No authentication has been configured");
Chris@8 176 return FORBIDDEN;
Chris@8 177 }
Chris@7 178
Chris@8 179 my $method = $r->method;
Chris@7 180
Chris@517 181 print STDERR "SoundSoftware.pm:$$: Method: $method, uri " . $r->uri . ", location " . $r->location . "\n";
Chris@517 182 print STDERR "SoundSoftware.pm:$$: Accept: " . $r->headers_in->{Accept} . "\n";
Chris@7 183
Chris@8 184 my $dbh = connect_database($r);
Chris@152 185 unless ($dbh) {
Chris@517 186 print STDERR "SoundSoftware.pm:$$: Database connection failed!: " . $DBI::errstr . "\n";
Chris@152 187 return FORBIDDEN;
Chris@152 188 }
Chris@152 189
chris@300 190 print STDERR "Connected to db, dbh is " . $dbh . "\n";
Chris@7 191
Chris@8 192 my $project_id = get_project_identifier($dbh, $r);
chris@300 193
Chris@732 194 # We want to delegate most of the work to the authentication
Chris@732 195 # handler (to ensure that user is asked to login even for
Chris@732 196 # nonexistent projects -- so they can't tell whether a private
Chris@732 197 # project exists or not without authenticating). So
Chris@732 198 #
Chris@732 199 # * if the project is public
Chris@732 200 # - if the method is read-only
Chris@732 201 # + set handler to OK, no auth needed
Chris@732 202 # - if the method is not read-only
Chris@732 203 # + if the repo is read-only, return forbidden
Chris@732 204 # + else require auth
Chris@732 205 # * if the project is not public or does not exist
Chris@732 206 # + require auth
Chris@732 207 #
Chris@732 208 # If we are requiring auth and are not currently https, and
Chris@732 209 # https is required, then we must return a redirect to https
Chris@732 210 # instead of an OK.
chris@300 211
Chris@8 212 my $status = get_project_status($dbh, $project_id, $r);
Chris@732 213 my $readonly = project_repo_is_readonly($dbh, $project_id, $r);
Chris@7 214
Chris@8 215 $dbh->disconnect();
Chris@8 216 undef $dbh;
Chris@7 217
Chris@732 218 if ($status == 1) { # public
Chris@732 219
Chris@732 220 print STDERR "SoundSoftware.pm:$$: Project is public\n";
Chris@732 221
Chris@732 222 if (!defined $read_only_methods{$method}) {
Chris@732 223
Chris@732 224 print STDERR "SoundSoftware.pm:$$: Method is not read-only\n";
Chris@732 225
Chris@732 226 if ($readonly) {
Chris@732 227 print STDERR "SoundSoftware.pm:$$: Project repo is read-only, refusing access\n";
Chris@732 228 return FORBIDDEN;
Chris@732 229 } else {
Chris@732 230 print STDERR "SoundSoftware.pm:$$: Project repo is read-write, auth required\n";
Chris@732 231 # fall through, this is the normal case
Chris@732 232 }
Chris@732 233
Chris@732 234 } else {
Chris@732 235 # Public project, read-only method -- this is the only
Chris@732 236 # case we can decide for certain to accept in this function
Chris@732 237 print STDERR "SoundSoftware.pm:$$: Method is read-only, no restriction here\n";
Chris@732 238 $r->set_handlers(PerlAuthenHandler => [\&OK]);
Chris@732 239 return OK;
Chris@732 240 }
Chris@732 241
Chris@732 242 } else { # status != 1, i.e. nonexistent or private -- equivalent here
Chris@732 243
Chris@732 244 print STDERR "SoundSoftware.pm:$$: Project is private or nonexistent, auth required\n";
Chris@732 245 # fall through
Chris@8 246 }
Chris@7 247
Chris@732 248 if ($cfg->{SoundSoftwareSslRequired} eq "on") {
Chris@732 249 if ($r->dir_config('HTTPS') eq "on") {
Chris@732 250 return OK;
Chris@732 251 } else {
Chris@732 252 my $redir_to = "https://" . $r->hostname() . $r->unparsed_uri();
Chris@732 253 print STDERR "SoundSoftware.pm:$$: Need to switch to HTTPS, redirecting to $redir_to\n";
Chris@732 254 $r->header_out(Location => $redir_to);
Chris@732 255 return REDIRECT;
Chris@732 256 }
Chris@732 257 } else if ($cfg->{SoundSoftwareSslRequired} eq "off") {
Chris@732 258 return OK;
Chris@732 259 } else {
Chris@732 260 print STDERR "WARNING: SoundSoftware.pm:$$: SoundSoftwareSslRequired should be either 'on' or 'off'\n";
Chris@732 261 return OK;
Chris@732 262 }
Chris@7 263 }
Chris@7 264
Chris@7 265 sub authen_handler {
Chris@8 266 my $r = shift;
Chris@8 267
Chris@517 268 print STDERR "SoundSoftware.pm:$$: In authentication handler at " . scalar localtime() . "\n";
Chris@7 269
Chris@8 270 my $dbh = connect_database($r);
Chris@152 271 unless ($dbh) {
Chris@517 272 print STDERR "SoundSoftware.pm:$$: Database connection failed!: " . $DBI::errstr . "\n";
Chris@152 273 return AUTH_REQUIRED;
Chris@152 274 }
Chris@8 275
Chris@8 276 my $project_id = get_project_identifier($dbh, $r);
Chris@8 277 my $realm = get_realm($dbh, $project_id, $r);
Chris@8 278 $r->auth_name($realm);
Chris@8 279
Chris@8 280 my ($res, $redmine_pass) = $r->get_basic_auth_pw();
Chris@8 281 unless ($res == OK) {
Chris@8 282 $dbh->disconnect();
Chris@8 283 undef $dbh;
Chris@8 284 return $res;
Chris@8 285 }
Chris@8 286
Chris@517 287 print STDERR "SoundSoftware.pm:$$: User is " . $r->user . ", got password\n";
Chris@8 288
Chris@732 289 my $status = get_project_status($dbh, $project_id, $r);
Chris@732 290 if ($status == 0) {
Chris@732 291 # nonexistent, behave like private project you aren't a member of
Chris@732 292 print STDERR "SoundSoftware.pm:$$: Project doesn't exist, not permitted\n";
Chris@732 293 $dbh->disconnect();
Chris@732 294 undef $dbh;
Chris@732 295 $r->note_auth_failure();
Chris@732 296 return AUTH_REQUIRED;
Chris@732 297 }
Chris@732 298
Chris@8 299 my $permitted = is_permitted($dbh, $project_id, $r->user, $redmine_pass, $r);
Chris@8 300
Chris@8 301 $dbh->disconnect();
Chris@8 302 undef $dbh;
Chris@8 303
Chris@8 304 if ($permitted) {
Chris@8 305 return OK;
Chris@8 306 } else {
Chris@517 307 print STDERR "SoundSoftware.pm:$$: Not permitted\n";
Chris@8 308 $r->note_auth_failure();
Chris@8 309 return AUTH_REQUIRED;
Chris@8 310 }
Chris@7 311 }
Chris@7 312
Chris@7 313 sub get_project_status {
Chris@8 314 my $dbh = shift;
Chris@7 315 my $project_id = shift;
Chris@7 316 my $r = shift;
Chris@8 317
Chris@8 318 if (!defined $project_id or $project_id eq '') {
Chris@8 319 return 0; # nonexistent
Chris@8 320 }
Chris@7 321
Chris@7 322 my $sth = $dbh->prepare(
Chris@7 323 "SELECT is_public FROM projects WHERE projects.identifier = ?;"
Chris@7 324 );
Chris@7 325
Chris@7 326 $sth->execute($project_id);
Chris@8 327 my $ret = 0; # nonexistent
Chris@7 328 if (my @row = $sth->fetchrow_array) {
Chris@7 329 if ($row[0] eq "1" || $row[0] eq "t") {
Chris@7 330 $ret = 1; # public
Chris@7 331 } else {
Chris@8 332 $ret = 2; # private
Chris@7 333 }
Chris@7 334 }
Chris@7 335 $sth->finish();
Chris@7 336 undef $sth;
Chris@7 337
Chris@7 338 $ret;
Chris@7 339 }
Chris@7 340
chris@300 341 sub project_repo_is_readonly {
chris@300 342 my $dbh = shift;
chris@300 343 my $project_id = shift;
chris@300 344 my $r = shift;
chris@300 345
chris@300 346 if (!defined $project_id or $project_id eq '') {
chris@300 347 return 0; # nonexistent
chris@300 348 }
chris@300 349
chris@300 350 my $sth = $dbh->prepare(
chris@300 351 "SELECT repositories.is_external FROM repositories, projects WHERE projects.identifier = ? AND repositories.project_id = projects.id;"
chris@300 352 );
chris@300 353
chris@300 354 $sth->execute($project_id);
chris@300 355 my $ret = 0; # nonexistent
chris@300 356 if (my @row = $sth->fetchrow_array) {
chris@301 357 if (defined($row[0]) && ($row[0] eq "1" || $row[0] eq "t")) {
chris@300 358 $ret = 1; # read-only (i.e. external)
chris@300 359 } else {
chris@300 360 $ret = 0; # read-write
chris@300 361 }
chris@300 362 }
chris@300 363 $sth->finish();
chris@300 364 undef $sth;
chris@300 365
chris@300 366 $ret;
chris@300 367 }
chris@300 368
Chris@8 369 sub is_permitted {
Chris@8 370 my $dbh = shift;
Chris@8 371 my $project_id = shift;
Chris@8 372 my $redmine_user = shift;
Chris@8 373 my $redmine_pass = shift;
Chris@8 374 my $r = shift;
Chris@7 375
Chris@8 376 my $pass_digest = Digest::SHA1::sha1_hex($redmine_pass);
Chris@7 377
Chris@8 378 my $cfg = Apache2::Module::get_config
Chris@8 379 (__PACKAGE__, $r->server, $r->per_dir_config);
Chris@7 380
Chris@8 381 my $query = $cfg->{SoundSoftwareQuery};
Chris@8 382 my $sth = $dbh->prepare($query);
Chris@8 383 $sth->execute($redmine_user, $project_id);
Chris@7 384
Chris@8 385 my $ret;
chris@301 386 while (my ($hashed_password, $salt, $auth_source_id, $permissions) = $sth->fetchrow_array) {
Chris@7 387
Chris@8 388 # Test permissions for this user before we verify credentials
Chris@8 389 # -- if the user is not permitted this action anyway, there's
Chris@8 390 # not much point in e.g. contacting the LDAP
Chris@7 391
Chris@8 392 my $method = $r->method;
Chris@7 393
Chris@8 394 if ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/)
Chris@8 395 || $permissions =~ /:commit_access/) {
Chris@8 396
Chris@8 397 # User would be permitted this action, if their
Chris@8 398 # credentials checked out -- test those now
Chris@8 399
Chris@8 400 print STDERR "SoundSoftware.pm: User $redmine_user has required role, checking credentials\n";
Chris@8 401
Chris@8 402 unless ($auth_source_id) {
chris@301 403 my $salted_password = Digest::SHA1::sha1_hex($salt.$pass_digest);
chris@301 404 if ($hashed_password eq $salted_password) {
Chris@8 405 print STDERR "SoundSoftware.pm: User $redmine_user authenticated via password\n";
Chris@8 406 $ret = 1;
Chris@8 407 last;
Chris@8 408 }
Chris@8 409 } else {
Chris@8 410 my $sthldap = $dbh->prepare(
Chris@8 411 "SELECT host,port,tls,account,account_password,base_dn,attr_login FROM auth_sources WHERE id = ?;"
Chris@8 412 );
Chris@8 413 $sthldap->execute($auth_source_id);
Chris@8 414 while (my @rowldap = $sthldap->fetchrow_array) {
Chris@8 415 my $ldap = Authen::Simple::LDAP->new(
Chris@8 416 host => ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0],
Chris@8 417 port => $rowldap[1],
Chris@8 418 basedn => $rowldap[5],
Chris@8 419 binddn => $rowldap[3] ? $rowldap[3] : "",
Chris@8 420 bindpw => $rowldap[4] ? $rowldap[4] : "",
Chris@8 421 filter => "(".$rowldap[6]."=%s)"
Chris@8 422 );
Chris@8 423 if ($ldap->authenticate($redmine_user, $redmine_pass)) {
Chris@517 424 print STDERR "SoundSoftware.pm:$$: User $redmine_user authenticated via LDAP\n";
Chris@8 425 $ret = 1;
Chris@8 426 }
Chris@8 427 }
Chris@8 428 $sthldap->finish();
Chris@8 429 undef $sthldap;
Chris@8 430 }
Chris@8 431 } else {
Chris@517 432 print STDERR "SoundSoftware.pm:$$: User $redmine_user lacks required role for this project\n";
Chris@8 433 }
Chris@7 434 }
Chris@7 435
Chris@8 436 $sth->finish();
Chris@8 437 undef $sth;
Chris@8 438
Chris@8 439 $ret;
Chris@7 440 }
Chris@7 441
Chris@7 442 sub get_project_identifier {
Chris@8 443 my $dbh = shift;
Chris@7 444 my $r = shift;
Chris@7 445
Chris@7 446 my $location = $r->location;
Chris@7 447 my ($repo) = $r->uri =~ m{$location/*([^/]+)};
Chris@10 448
Chris@10 449 return $repo if (!$repo);
Chris@10 450
Chris@7 451 $repo =~ s/[^a-zA-Z0-9\._-]//g;
Chris@7 452
Chris@8 453 # The original Redmine.pm returns the string just calculated as
Chris@8 454 # the project identifier. That won't do for us -- we may have
Chris@8 455 # (and in fact already do have, in our test instance) projects
Chris@8 456 # whose repository names differ from the project identifiers.
Chris@8 457
Chris@8 458 # This is a rather fundamental change because it means that almost
Chris@8 459 # every request needs more than one database query -- which
Chris@8 460 # prompts us to start passing around $dbh instead of connecting
Chris@8 461 # locally within each function as is done in Redmine.pm.
Chris@8 462
Chris@7 463 my $sth = $dbh->prepare(
Chris@7 464 "SELECT projects.identifier FROM projects, repositories WHERE repositories.project_id = projects.id AND repositories.url LIKE ?;"
Chris@7 465 );
Chris@7 466
Chris@8 467 my $cfg = Apache2::Module::get_config
Chris@8 468 (__PACKAGE__, $r->server, $r->per_dir_config);
Chris@8 469
Chris@8 470 my $prefix = $cfg->{SoundSoftwareRepoPrefix};
Chris@8 471 if (!defined $prefix) { $prefix = '%/'; }
Chris@8 472
Chris@7 473 my $identifier = '';
Chris@7 474
Chris@8 475 $sth->execute($prefix . $repo);
Chris@7 476 my $ret = 0;
Chris@7 477 if (my @row = $sth->fetchrow_array) {
Chris@7 478 $identifier = $row[0];
Chris@7 479 }
Chris@7 480 $sth->finish();
Chris@7 481 undef $sth;
Chris@7 482
Chris@517 483 print STDERR "SoundSoftware.pm:$$: Repository '$repo' belongs to project '$identifier'\n";
Chris@7 484
Chris@7 485 $identifier;
Chris@7 486 }
Chris@7 487
Chris@8 488 sub get_realm {
Chris@8 489 my $dbh = shift;
Chris@8 490 my $project_id = shift;
Chris@8 491 my $r = shift;
Chris@8 492
Chris@8 493 my $sth = $dbh->prepare(
Chris@8 494 "SELECT projects.name FROM projects WHERE projects.identifier = ?;"
Chris@8 495 );
Chris@8 496
Chris@8 497 my $name = $project_id;
Chris@8 498
Chris@8 499 $sth->execute($project_id);
Chris@8 500 my $ret = 0;
Chris@8 501 if (my @row = $sth->fetchrow_array) {
Chris@8 502 $name = $row[0];
Chris@8 503 }
Chris@8 504 $sth->finish();
Chris@8 505 undef $sth;
Chris@8 506
Chris@8 507 # be timid about characters not permitted in auth realm and revert
Chris@8 508 # to project identifier if any are found
Chris@8 509 if ($name =~ m/[^\w\d\s\._-]/) {
Chris@8 510 $name = $project_id;
Chris@8 511 }
Chris@8 512
Chris@8 513 my $realm = '"Mercurial repository for ' . "'$name'" . '"';
Chris@8 514
Chris@8 515 $realm;
Chris@8 516 }
Chris@8 517
Chris@7 518 sub connect_database {
Chris@7 519 my $r = shift;
Chris@7 520
Chris@8 521 my $cfg = Apache2::Module::get_config
Chris@8 522 (__PACKAGE__, $r->server, $r->per_dir_config);
Chris@8 523
Chris@8 524 return DBI->connect($cfg->{SoundSoftwareDSN},
Chris@152 525 $cfg->{SoundSoftwareDbUser},
Chris@152 526 $cfg->{SoundSoftwareDbPass});
Chris@7 527 }
Chris@7 528
Chris@7 529 1;