Redmine

Hi everyone,

i've written an small server-daemon-tool called RRD (Redmine Repository Daemon), which allows authentication of users against the Redmine core without any database dependencies.
The tool accesses the Redmine functions directly via RoR (ruby-based-daemon) and provides a simple socket interface, which in turn can be accessed by an ApachePerlModule (or anything you like).

Overview:

Apache->PerlModule(RedmineRRD.pm) -> unixsocket -> RRD -> Redmine

in short:

• repository login should be a little bit faster than with the Redmine.pm module
• supports all authentication methods which redmine supports (LDAP, OpenID, plugins etc.)
• allows dynamic access control (without changes to the database)
• a little bit more DRYer than Redmine.pm
• no maintenance on database changes / no "wrong file version" problems
• should work with older versions of redmine (not recommend)

The daemon has still room for improvements and should be checked for possible security flaws (RFC ;) ) but it works - it can be tested alone on the command line using socat (with terminal commands - press <ENTER> for command list or type help for more).
socat - UNIX-CONNECT:/tmp/redmine_repository_daemon

For the impatient users - here are the quick installation instructions for use with Redmine and Apache2 (USE AT YOUR OWN RISK):

earlier configured, Redmine.pm authentication assumed...

1. download appended redmine_repo_auth-0.82.tar.gz
2. extract file
   tar -xzf redmine_repo_auth-0.82.tar.gz
3. copy "RedmineRRD.pm" to your perl-module-directory (same procedure as with Redmine.pm, Debian example)
   cp RedmineRRD.pm /usr/lib/perl5/Apache2
4. copy "rrd"-file to your redmine installation in the subdirectory script e.g. /var/www/redmine/script
   cp rrd /var/www/redmine/script/
5. Adapt your Apache configuration:
   1. Change the line with (add RRD)
      

      PerlLoadModule Apache::Authn::Redmine
      

      
      to
      

      PerlLoadModule Apache::Authn::RedmineRRD
      

   2. Change the line with (insert RRD)
      

      PerlAccessHandler Apache::Authn::Redmine::access_handler
      

      
      to
      

      PerlAccessHandler Apache::Authn::RedmineRRD::access_handler
      

   3. Change the line with (insert RRD)
      

      PerlAuthenHandler Apache::Authn::Redmine::authen_handler
      

      
      to
      

      PerlAuthenHandler Apache::Authn::RedmineRRD::authen_handler
      

   4. Add the following line before RedmineDSN...
      

      Redmine_RRD_SOCKET "/tmp/redmine_repository_daemon" 
      

   5. comment out (#) or delete the lines with RedmineDSN..., RedmineDbUser... and RedmineDbPass...
6. restart Apache (apachectl restart)
7. to test the rrd you can simply start the daemon from the redmine directory (as the same user as Apache is running e.g. www-data for Debian, if you run it as root (not recommend) ensure the owner-rights of the socket-file (/tmp/redmine_repository_daemon) are set correctly -> adapt the 'user-settings' within the rrd script in this case)
   

   cd /var/www/redmine
   sudo -u www-data ruby script/rrd
   

8. the repository should now be accessible according to your role/right settings in redmine (you can quit the rrd-server with CTRL-C)

if it works you can put the rrd into your startup files (depending on your linux distribution) e.g. /etc/rc.local (Debian) like this (before exit ;))

cd /var/www/redmine
sudo -u www-data /usr/bin/ruby script/rrd &

Thats it! - happy testing ;)

PS: would make a nice addition to the redmine package :)
PS2: tested with Redmine 2.3.0
PS3: should work with all repositories, which can be served with Apache (e.g. git, svn, hg etc.) - git and svn are tested...
PS4: the rrd supports logging and chown for the socket -> see source code section "user settings"