| 62 |
62 |
# RedmineDbWhereClause "and members.role_id IN (1,2)"
|
| 63 |
63 |
## Optional credentials cache size
|
| 64 |
64 |
# RedmineCacheCredsMax 50
|
|
65 |
## Optional database_cipher_key
|
|
66 |
# RedmineDatabaseCipherKey "SecretKeyFromConfigurationYML"
|
| 65 |
67 |
</Location>
|
| 66 |
68 |
|
| 67 |
69 |
To be able to browse repository inside redmine, you must add something
|
| ... | ... | |
| 188 |
190 |
use Digest::SHA;
|
| 189 |
191 |
# optional module for LDAP authentication
|
| 190 |
192 |
my $CanUseLDAPAuth = eval("use Authen::Simple::LDAP; 1");
|
|
193 |
# optional modules for decrypting ciphered LDAP bind passwords
|
|
194 |
my $CanUseCiphering = eval("use Crypt::CBC; use MIME::Base64; 1");
|
| 191 |
195 |
|
| 192 |
196 |
use Apache2::Module;
|
| 193 |
197 |
use Apache2::Access;
|
| ... | ... | |
| 233 |
237 |
req_override => OR_AUTHCFG,
|
| 234 |
238 |
args_how => TAKE1,
|
| 235 |
239 |
},
|
|
240 |
{
|
|
241 |
name => 'RedmineDatabaseCipherKey',
|
|
242 |
req_override => OR_AUTHCFG,
|
|
243 |
args_how => TAKE1,
|
|
244 |
},
|
| 236 |
245 |
);
|
| 237 |
246 |
|
| 238 |
247 |
sub RedmineDSN {
|
| ... | ... | |
| 486 |
495 |
$bind_as =~ s/\$login/$redmine_user/g;
|
| 487 |
496 |
$bind_pw = $redmine_pass
|
| 488 |
497 |
}
|
|
498 |
|
|
499 |
if((defined $cfg->{RedmineDatabaseCipherKey}) and $CanUseCiphering) {
|
|
500 |
$bind_pw = decrypt_text($bind_pw, $cfg->{RedmineDatabaseCipherKey});
|
|
501 |
}
|
|
502 |
|
| 489 |
503 |
my $ldap = Authen::Simple::LDAP->new(
|
| 490 |
504 |
host => ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]:$rowldap[1]" : $rowldap[0],
|
| 491 |
505 |
port => $rowldap[1],
|
| ... | ... | |
| 541 |
555 |
return DBI->connect($cfg->{RedmineDSN}, $cfg->{RedmineDbUser}, $cfg->{RedmineDbPass});
|
| 542 |
556 |
}
|
| 543 |
557 |
|
|
558 |
sub RedmineDatabaseCipherKey {
|
|
559 |
my ($self, $parms, $arg) = @_;
|
|
560 |
|
|
561 |
if ($arg) {
|
|
562 |
$self->{RedmineDatabaseCipherKey} = $arg;
|
|
563 |
}
|
|
564 |
}
|
|
565 |
|
|
566 |
sub decrypt_text {
|
|
567 |
my $text = shift;
|
|
568 |
my $key = shift;
|
|
569 |
|
|
570 |
die "text needed" unless defined $text;
|
|
571 |
die "key needed" unless defined $key;
|
|
572 |
|
|
573 |
if ((length $key > 0) and ($text =~ /\Aaes-256-cbc:(.+)\Z/)) {
|
|
574 |
my ($e, $iv) = split /--/, $1;
|
|
575 |
|
|
576 |
$e = decode_base64($e);
|
|
577 |
$iv = decode_base64($iv);
|
|
578 |
$key = substr Digest::SHA::sha256_hex($key), 0, 32;
|
|
579 |
|
|
580 |
my $cipher = Crypt::CBC->new(
|
|
581 |
-cipher => 'Rijndael',
|
|
582 |
-key => $key,
|
|
583 |
-iv => $iv,
|
|
584 |
-literal_key => 1,
|
|
585 |
-padding => 'standard',
|
|
586 |
-header => 'none',
|
|
587 |
-blocksize => 16,
|
|
588 |
-keysize => 32
|
|
589 |
);
|
|
590 |
|
|
591 |
$cipher->decrypt($e);
|
|
592 |
} else {
|
|
593 |
$text;
|
|
594 |
}
|
|
595 |
}
|
|
596 |
|
| 544 |
597 |
1;
|