62 |
62 |
# RedmineDbWhereClause "and members.role_id IN (1,2)"
|
63 |
63 |
## Optional credentials cache size
|
64 |
64 |
# RedmineCacheCredsMax 50
|
|
65 |
## Optional database_cipher_key
|
|
66 |
# RedmineDatabaseCipherKey "SecretKeyFromConfigurationYML"
|
65 |
67 |
</Location>
|
66 |
68 |
|
67 |
69 |
To be able to browse repository inside redmine, you must add something
|
... | ... | |
197 |
199 |
use Apache2::Const qw(:common :override :cmd_how);
|
198 |
200 |
use APR::Pool ();
|
199 |
201 |
use APR::Table ();
|
|
202 |
use Crypt::CBC;
|
|
203 |
use MIME::Base64;
|
200 |
204 |
|
201 |
205 |
# use Apache2::Directive qw();
|
202 |
206 |
|
... | ... | |
233 |
237 |
req_override => OR_AUTHCFG,
|
234 |
238 |
args_how => TAKE1,
|
235 |
239 |
},
|
|
240 |
{
|
|
241 |
name => 'RedmineDatabaseCipherKey',
|
|
242 |
req_override => OR_AUTHCFG,
|
|
243 |
args_how => TAKE1,
|
|
244 |
},
|
236 |
245 |
);
|
237 |
246 |
|
238 |
247 |
sub RedmineDSN {
|
... | ... | |
486 |
495 |
$bind_as =~ s/\$login/$redmine_user/g;
|
487 |
496 |
$bind_pw = $redmine_pass
|
488 |
497 |
}
|
|
498 |
|
|
499 |
if(defined $cfg->{RedmineDatabaseCipherKey}) {
|
|
500 |
$bind_pw = decrypt_text($bind_pw, $cfg->{RedmineDatabaseCipherKey});
|
|
501 |
}
|
|
502 |
|
489 |
503 |
my $ldap = Authen::Simple::LDAP->new(
|
490 |
504 |
host => ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]:$rowldap[1]" : $rowldap[0],
|
491 |
505 |
port => $rowldap[1],
|
... | ... | |
541 |
555 |
return DBI->connect($cfg->{RedmineDSN}, $cfg->{RedmineDbUser}, $cfg->{RedmineDbPass});
|
542 |
556 |
}
|
543 |
557 |
|
|
558 |
sub RedmineDatabaseCipherKey {
|
|
559 |
my ($self, $parms, $arg) = @_;
|
|
560 |
|
|
561 |
if ($arg) {
|
|
562 |
$self->{RedmineDatabaseCipherKey} = $arg;
|
|
563 |
}
|
|
564 |
}
|
|
565 |
|
|
566 |
sub decrypt_text {
|
|
567 |
my $text = shift;
|
|
568 |
my $key = shift;
|
|
569 |
|
|
570 |
die "text needed" unless defined $text;
|
|
571 |
die "key needed" unless defined $key;
|
|
572 |
|
|
573 |
if ((length $key > 0) and ($text =~ /\Aaes-256-cbc:(.+)\Z/)) {
|
|
574 |
my ($e, $iv) = split /--/, $1;
|
|
575 |
|
|
576 |
$e = decode_base64($e);
|
|
577 |
$iv = decode_base64($iv);
|
|
578 |
$key = substr Digest::SHA::sha256_hex($key), 0, 32;
|
|
579 |
|
|
580 |
my $cipher = Crypt::CBC->new(
|
|
581 |
-cipher => 'Rijndael',
|
|
582 |
-key => $key,
|
|
583 |
-iv => $iv,
|
|
584 |
-literal_key => 1,
|
|
585 |
-padding => 'standard',
|
|
586 |
-header => 'none',
|
|
587 |
-blocksize => 16,
|
|
588 |
-keysize => 32
|
|
589 |
);
|
|
590 |
|
|
591 |
$cipher->decrypt($e);
|
|
592 |
} else {
|
|
593 |
$text;
|
|
594 |
}
|
|
595 |
}
|
|
596 |
|
544 |
597 |
1;
|