From e3afa5ad3340e2437f994d0996804a238e4dc8db Mon Sep 17 00:00:00 2001 From: Arash Rouhani Date: Sun, 14 Aug 2011 21:24:04 +0200 Subject: [PATCH 1/4] Added process to build depends --- authenticate.cabal | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/authenticate.cabal b/authenticate.cabal index 8dfa684c..c4110511 100644 --- a/authenticate.cabal +++ b/authenticate.cabal @@ -35,7 +35,8 @@ library blaze-builder >= 0.2 && < 0.4, attoparsec >= 0.9 && < 0.10, tls >= 0.7 && < 0.8, - containers + containers, + process >= 1.0.1.1 && < 1.1 exposed-modules: Web.Authenticate.Rpxnow, Web.Authenticate.OpenId, Web.Authenticate.BrowserId, From 0a653feba4bea55705114c4285e118e6dc933b3d Mon Sep 17 00:00:00 2001 From: Arash Rouhani Date: Sun, 14 Aug 2011 21:25:27 +0200 Subject: [PATCH 2/4] Added Kerberos source file and added to modules --- Web/Authenticate/Kerberos.hs | 72 ++++++++++++++++++++++++++++++++++++ authenticate.cabal | 1 + 2 files changed, 73 insertions(+) create mode 100644 Web/Authenticate/Kerberos.hs diff --git a/Web/Authenticate/Kerberos.hs b/Web/Authenticate/Kerberos.hs new file mode 100644 index 00000000..c2c4aa58 --- /dev/null +++ b/Web/Authenticate/Kerberos.hs @@ -0,0 +1,72 @@ +{-# LANGUAGE OverloadedStrings #-} +-- | Module for using a kerberos authentication service. +-- +-- Please note that all configuration should have been done +-- manually on the machine prior to running the code. +-- +-- On linux machines the configuration might be in /etc/krb5.conf. +-- It's worth checking if the Kerberos service provider (e.g. your university) +-- already provide a complete configuration file. +-- +-- Be certain that you can manually login from a shell by typing +-- +-- > kinit username +-- +-- If you fill in your password and the program returns no error code, +-- then your kerberos configuration is setup properly. +-- Only then can this module be of any use. +module Web.Authenticate.Kerberos + ( loginKerberos + , KerberosAuthResult(..) + ) where + +import Data.Text (Text) +import qualified Data.Text as T +import Data.Maybe (fromJust) +import Control.Monad (msum, guard) +import System.Process (readProcessWithExitCode) +import System.Timeout (timeout) +import System.Exit (ExitCode(..)) + +-- | Occurreable results of a Kerberos login +data KerberosAuthResult = Ok + | NoSuchUser + | WrongPassword + | TimeOut + | UnknownError Text + +instance Show KerberosAuthResult where + show Ok = "Login sucessful" + show NoSuchUser = "Wrong username" + show WrongPassword = "Wrong password" + show TimeOut = "kinit respone timeout" + show (UnknownError msg) = "Unkown error: " ++ T.unpack msg + + +-- Given the errcode and stderr, return error-value +interpretError :: Int -> Text -> KerberosAuthResult +interpretError _ errmsg = fromJust . msum $ + ["Client not found in Kerberos database while getting" --> NoSuchUser, + "Preauthentication failed while getting" --> WrongPassword, + Just $ UnknownError errmsg] + where + substr --> kError = guard (substr `T.isInfixOf` errmsg) >> Just kError + +-- | Given the username and password, try login to Kerberos service +loginKerberos :: Text -- ^ Username + -> Text -- ^ Password + -> IO KerberosAuthResult +loginKerberos username password = do + timedFetch <- timeout (10*1000000) fetch + case timedFetch of + Just res -> return res + Nothing -> return TimeOut + where + fetch :: IO KerberosAuthResult + fetch = do + (exitCode, _out, err) <- readProcessWithExitCode + "kinit" [T.unpack username] (T.unpack password) + case exitCode of + ExitSuccess -> return Ok + ExitFailure x -> return $ interpretError x (T.pack err) + diff --git a/authenticate.cabal b/authenticate.cabal index c4110511..f18323ab 100644 --- a/authenticate.cabal +++ b/authenticate.cabal @@ -43,6 +43,7 @@ library Web.Authenticate.OpenId.Providers, Web.Authenticate.OAuth, Web.Authenticate.Facebook + Web.Authenticate.Kerberos other-modules: Web.Authenticate.Internal, OpenId2.Discovery, OpenId2.Normalization, From bb20bd8c67b9606e77ba3940e26833c38cd63cee Mon Sep 17 00:00:00 2001 From: Arash Rouhani Date: Sun, 14 Aug 2011 21:26:31 +0200 Subject: [PATCH 3/4] Updated authors --- authenticate.cabal | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authenticate.cabal b/authenticate.cabal index f18323ab..35163f12 100644 --- a/authenticate.cabal +++ b/authenticate.cabal @@ -2,7 +2,7 @@ name: authenticate version: 0.9.2.2 license: BSD3 license-file: LICENSE -author: Michael Snoyman, Hiromi Ishii +author: Michael Snoyman, Hiromi Ishii, Arash Rouhani maintainer: Michael Snoyman synopsis: Authentication methods for Haskell web applications. description: Focus is on third-party authentication methods, such as OpenID, From 36b2221b812473a8ad53bf4930d6351373118dd5 Mon Sep 17 00:00:00 2001 From: Arash Rouhani Date: Sun, 14 Aug 2011 23:56:12 +0200 Subject: [PATCH 4/4] version bump --- authenticate.cabal | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authenticate.cabal b/authenticate.cabal index 35163f12..74289eb5 100644 --- a/authenticate.cabal +++ b/authenticate.cabal @@ -1,5 +1,5 @@ name: authenticate -version: 0.9.2.2 +version: 0.9.2.3 license: BSD3 license-file: LICENSE author: Michael Snoyman, Hiromi Ishii, Arash Rouhani