This file is indexed.

/usr/share/perl5/LWP/Authen/Wsse.pm is in liblwp-authen-wsse-perl 0.05-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package LWP::Authen::Wsse;
use 5.004;
use strict;
use warnings;
use English qw( -no_match_vars );

$LWP::Authen::Wsse::VERSION = '0.05';

use Digest::SHA  ();
use MIME::Base64 ();

=head1 NAME

LWP::Authen::Wsse - Library for enabling X-WSSE authentication in LWP

=head1 VERSION

This document describes version 0.05 of LWP::Authen::Wsse, released
December 27, 2005.

=head1 SYNOPSIS

    use LWP::UserAgent;
    use HTTP::Request::Common;
    my $url = 'http://www.example.org/protected_page.html';

    # Set up the WSSE client
    my $ua = LWP::UserAgent->new;
    $ua->credentials('example.org', '', 'username', 'password');

    $request = GET $url;
    print "--Performing request now...-----------\n";
    $response = $ua->request($request);
    print "--Done with request-------------------\n";

    if ($response->is_success) {
        print "It worked!->", $response->code, "\n";
    }
    else {
        print "It didn't work!->", $response->code, "\n";
    }

=head1 DESCRIPTION

C<LWP::Authen::Wsse> allows LWP to authenticate against servers that are using
the C<X-WSSE> authentication scheme, as required by the Atom Authentication API.

The module is used indirectly through LWP, rather than including it directly in
your code.  The LWP system will invoke the WSSE authentication when it
encounters the authentication scheme while attempting to retrieve a URL from a
server.

You also need to set the credentials on the UserAgent object like this:

   $ua->credentials('www.company.com:80', '', "username", "password");

Alternatively, you may also subclass B<LWP::UserAgent> and override the 
C<get_basic_credentials()> method.  See L<LWP::UserAgent> for more details.

=cut

use constant WITHOUT_LINEBREAK => q{};

sub authenticate {
    my $class = shift;
    my ( $ua, $proxy, $auth_param, $response, $request, $arg, $size ) = @_;

    my ( $user, $pass ) = $ua->get_basic_credentials(
        $auth_param->{realm}, $request->url, $proxy
    );

    ( defined $user and defined $pass ) or return $response;

    my $now       = $class->now_w3cdtf;
    my $nonce     = $class->make_nonce;
    my $nonce_enc = MIME::Base64::encode_base64( $nonce, WITHOUT_LINEBREAK );
    my $digest    = MIME::Base64::encode_base64(
        Digest::SHA::sha1( $nonce . $now . $pass ), WITHOUT_LINEBREAK
    );

    my $auth_header = ( $proxy ? 'Proxy-Authorization' : 'Authorization' );
    my $wsse_value = 'UsernameToken ' . join( ', ',
        qq(Username="$user"),   qq(PasswordDigest="$digest"),
        qq(Nonce="$nonce_enc"), qq(Created="$now"),
    );

    my $referral = $request->clone;

    # Need to check this isn't a repeated fail!
    my $r = $response;
    my $failed;
    while ($r) {
        my $prev = $r->request->{wsse_user_pass};
        if (    $r->code == 401
            and $prev
            and $prev->[0] eq $user
            and $prev->[1] eq $pass
            and $failed++ )
        {
            # here we know this failed before
            $response->header(
                'Client-Warning' => "Credentials for '$user' failed before" );
            return $response;
        }
        $r = $r->previous;
    }

    $referral->header( $auth_header => 'WSSE profile="UsernameToken"' );
    $referral->header( 'X-WSSE'     => $wsse_value );

    $referral->{wsse_user_pass} = [ $user, $pass ];

    $ua->request( $referral, $arg, $size, $response );
}

sub make_nonce {
    Digest::SHA::sha1( time() . {} . rand() . $PID );
}

sub now_w3cdtf {
    my ( $sec, $min, $hour, $mday, $mon, $year ) = gmtime();
    $mon++;
    $year += 1900;

    sprintf(
        '%04s-%02s-%02sT%02s:%02s:%02sZ',
        $year, $mon, $mday, $hour, $min, $sec,
    );
}

1;

=head1 SEE ALSO

L<LWP>, L<LWP::UserAgent>, L<lwpcook>.

=head1 AUTHORS

Audrey Tang E<lt>audrey@audrey.orgE<gt>

=head1 COPYRIGHT

Copyright 2004, 2005 by Audrey Tang E<lt>audrey@audrey.orgE<gt>.

This program is free software; you can redistribute it and/or 
modify it under the same terms as Perl itself.

See L<http://www.perl.com/perl/misc/Artistic.html>

=cut