LEMONLDAP::NG : Better Debian structure and debconf management

build/lemonldap-ng/Makefile

@@ -81,8 +81,8 @@ manager_clean:
 	rm -vf manager*
 
 example: all
-	mkdir -p example/portal example/manager example/handler example/conf
-	chmod 1777 example/conf
+	mkdir -p ${EXAMPLEDIRBUILD}/portal ${EXAMPLEDIRBUILD}/manager ${EXAMPLEDIRBUILD}/handler ${EXAMPLEDIRBUILD}/conf
+	chmod 1777 ${EXAMPLEDIRBUILD}/conf
 	cp -a ${HANDLERDIR}/example/* ${EXAMPLEDIRBUILD}/handler
 	cp -a ${PORTALDIR}/example/* ${EXAMPLEDIRBUILD}/portal
 	cp -a ${MANAGERDIR}/example/* ${EXAMPLEDIRBUILD}/manager

build/lemonldap-ng/TODO

@@ -12,3 +12,7 @@ Simplified manager interface fo rules:
  * simple combobox to choose groups
 - Priority: Low	Status: Planning	Created: 2007\04\23 21-26-18
 TLS in LDAP connection. SSL works, but start_tls cannot yet be called.
+- Priority: Normal	Status: Planning	Created: 2007\05\01 08-59-18
+Time"-"out system
+- Priority: Normal	Status: In progress	Created: 2007\05\01 08-59-46
+Debconf : LDAP parameters + session directory

build/lemonldap-ng/debian/README.Debian

@@ -1,4 +1,54 @@
 lemonldap-ng for Debian
 -----------------------
 
- -- Xavier Guimard <x.guimard@free.fr>  Sun, 17 Dec 2006 17:46:47 +0100
+Topics:
+ 1 - Configuration storage
+ 2 - Portal installation
+ 3 - Manager installation
+ 4 - Area protection
+
+
+I - LEMONLDAP::NG CONFIGURATION STORAGE
+---------------------------------------
+Package: liblemonldap-ng-conf-perl
+
+Lemonldap::NG configuration is stored by default in /var/lib/lemonldap-ng/conf.
+Modify /etc/lemonldap-ng/storage.conf to change configuration storage.
+
+1.1 - Migrating from 'File' to 'DBI'
+
+To use DBI mechanism to store configuration, you have to create database. An
+example is given for MySQL in the file
+/usr/share/doc/liblemonldap-ng-conf-perl/examples/lmConfig.mysql.
+If you have a running configuration, use this to populate SQL database :
+
+  perl /usr/share/lemonldap-ng/bin/lmConfig_File2MySQL \
+         /var/lib/lemonldap-ng/conf/lmConf-<last-number>
+
+
+II - LEMONLDAP::NG PORTAL INSTALLATION
+--------------------------------------
+Package: liblemonldap-ng-portal-perl
+
+liblemonldap-ng-portal-perl installs files named portal-apache.conf and
+portal-apache2.conf in /etc/lemonldap-ng/. Include it in apache configuration
+and personalize files in /var/lib/lemonldap-ng/portal.
+
+
+III - LEMONLDAP::NG MANAGER INSTALLATION
+----------------------------------------
+Package: liblemonldap-ng-manager-perl
+
+liblemonldap-ng-manager-perl installs files named manager-apache.conf and
+manager-apache2.conf in /etc/lemonldap-ng/. Include it in apache configuration
+and personalize files in /var/lib/lemonldap-ng/manager.
+
+
+IV - LEMONLDAP::NG AREA PROTECTION
+----------------------------------
+Package: liblemonldap-ng-handler-perl
+
+liblemonldap-ng-handler-perl installs a file named MyHandler.pm in
+/var/lib/lemonldap-ng/handler/. See handler-apache.conf or handler-apache2.conf
+in /usr/share/doc/liblemonldap-ng-handler-perl/examples/ to know how to use it.
+

build/lemonldap-ng/debian/changelog

@@ -5,10 +5,11 @@ lemonldap-ng (0.8.1.2) unstable; urgency=low
   * New: port is now checked in portal redirection
   * Different configurations can now be used on the same server at the same
     time
-  * New debian structure: lemonldap-ng is splitted in 5 packages and default
-    configuration file has moved to /var/lib/lemonldap-ng/conf/
+  * New debian structure: lemonldap-ng is splitted in 5 packages, default
+    configuration file has moved to /var/lib/lemonldap-ng/conf/ and first
+    configuration file is managed by debconf
 
- -- Xavier Guimard <x.guimard@free.fr>  Sun, 29 Apr 2007 14:00:39 +0200
+ -- Xavier Guimard <x.guimard@free.fr>  Tue, 01 May 2007 16:18:47 +0200
 
 lemonldap-ng (0.8.1.1) unstable; urgency=low
 

build/lemonldap-ng/debian/configStorage.pm

@@ -0,0 +1,21 @@
+#!/usr/bin/perl
+
+package Lemonldap::NG::Conf;
+
+our $configStorage;
+
+BEGIN {
+    open F, '/etc/lemonldap-ng/storage.conf' or die "/etc/lemonldap-ng/storage.conf: $!";
+    while(<F>) {
+	next if(/^\s*$/ or /^\s*#/);
+	chomp;
+	/^\s*([\w]+)[\s=:]+(["']?)([\S].*[\S])\2.*$/ or next;
+	$configStorage->{$1} = $3;
+	my $k = $1;
+	if($configStorage->{$k} =~ /^([{\[]).*[}\]]$/) {
+	    eval "\$configStorage->{$k} = $configStorage->{$k}";
+	}
+    }
+    close F;
+}
+1;

build/lemonldap-ng/debian/control

@@ -14,12 +14,12 @@ Description: Lemonldap::NG Web-SSO system
 
 Package: liblemonldap-ng-handler-perl
 Architecture: all
-Depends: libapache-session-perl, libwww-perl, libcache-cache-perl, liblemonldap-ng-manager-conf-perl
+Depends: libapache-session-perl, libwww-perl, libcache-cache-perl, liblemonldap-ng-conf-perl
 Description: Lemonldap::NG apache module part
  Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
  or directly on application apache servers.
 
-Package: liblemonldap-ng-manager-conf-perl
+Package: liblemonldap-ng-conf-perl
 Architecture: all
 Depends: libdbi-perl
 Recommends: libsoap-lite-perl
@@ -29,7 +29,7 @@ Description: Lemonldap::NG apache manager part
 
 Package: liblemonldap-ng-manager-perl
 Architecture: all
-Depends: libxml-simple-perl, liblemonldap-ng-manager-conf-perl
+Depends: libxml-simple-perl, liblemonldap-ng-conf-perl
 Recommends: libcache-cache-perl, libapache-session-perl, libsoap-lite-perl
 Description: Lemonldap::NG apache manager part
  Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies
@@ -37,7 +37,7 @@ Description: Lemonldap::NG apache manager part
 
 Package: liblemonldap-ng-portal-perl
 Architecture: all
-Depends: libapache-session-perl, libnet-ldap-perl, liblemonldap-ng-manager-conf-perl
+Depends: libapache-session-perl, libnet-ldap-perl, liblemonldap-ng-conf-perl
 Recommends: liblasso-perl
 Description: Lemonldap::NG apache authentication portal part
  Lemonldap::NG is a complete Web-SSO system that can run with reverse-proxies

build/lemonldap-ng/debian/dirs

@@ -1 +0,0 @@
-usr/share

build/lemonldap-ng/debian/handler-apache.conf

@@ -0,0 +1,20 @@
+<VirtualHost *>
+	ServerName protected.example.com
+	PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
+
+	# Area protection
+	PerlHeaderParserHandler My::Package
+
+	# Configuration reload mechanism
+	<Location /reload>
+		Order deny,allow
+		Deny from all
+		Allow from 127.0.0.0/8
+		PerlHeaderParserHandler My::Package->refresh
+	</Location>
+
+	# Optional interception of the logout URL
+	<Location /logout>
+		PerlHeaderParserHandler My::Package->logout
+	</Location>
+</VirtualHost>

build/lemonldap-ng/debian/handler-apache2.conf

@@ -0,0 +1,21 @@
+PerlOptions +GlobalRequest
+<VirtualHost *>
+	ServerName protected.example.com
+	PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
+
+	# Area protection
+	PerlHeaderParserHandler My::Package
+
+	# Configuration reload mechanism
+	<Location /reload>
+		Order deny,allow
+		Deny from all
+		Allow from 127.0.0.0/8
+		PerlHeaderParserHandler My::Package->refresh
+	</Location>
+
+	# Optional interception of the logout URL
+	<Location /logout>
+		PerlHeaderParserHandler My::Package->logout
+	</Location>
+</VirtualHost>

build/lemonldap-ng/debian/lemonldap-ng.docs

@@ -1,3 +1,4 @@
+debian/README.Debian
 doc/*
 README
 INSTALL

build/lemonldap-ng/debian/lemonldap-ng.examples

@@ -1 +1 @@
-example/*
+debian/tmp/var/lib/lemonldap-ng/test.pl

build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.conffiles

@@ -0,0 +1 @@
+/etc/lemonldap-ng/storage.conf

build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.config

@@ -0,0 +1,25 @@
+#!/bin/sh 
+
+set -e
+. /usr/share/debconf/confmodule
+
+db_input high liblemonldap-ng-conf-perl/newDirInfo || true
+
+db_input medium liblemonldap-ng-conf-perl/domain || true
+
+db_input medium liblemonldap-ng-conf-perl/ldapServer || true
+
+db_input medium liblemonldap-ng-conf-perl/ldapPort || true
+
+db_input medium liblemonldap-ng-conf-perl/ldapBase || true
+
+db_input medium liblemonldap-ng-conf-perl/managerDn || true
+
+db_input medium liblemonldap-ng-conf-perl/managerPassword || true
+
+db_input medium liblemonldap-ng-conf-perl/portal || true
+
+db_input medium liblemonldap-ng-conf-perl/howto || true
+
+db_go || true
+

build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.dirs

@@ -0,0 +1,4 @@
+/etc/lemonldap-ng
+/usr/share
+/usr/share/lemonldap-ng/bin
+/var/lib/lemonldap-ng

build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.docs

@@ -0,0 +1,2 @@
+debian/README.Debian
+

build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.examples

@@ -0,0 +1,3 @@
+debian/tmp/var/lib/lemonldap-ng/apache-session-mysql.sql
+debian/tmp/var/lib/lemonldap-ng/lmConfig.mysql
+debian/tmp/var/lib/lemonldap-ng/conf

build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.install

@@ -0,0 +1,7 @@
+debian/tmp/usr/share/perl5/Lemonldap/NG/Manager/Conf*
+debian/tmp/usr/share/man/man3/Lemonldap::NG::Manager::Conf*
+debian/tmp/usr/share/man/man1/lmConfig_File2MySQL.1p
+debian/tmp/usr/bin/lmConfig* /usr/share/lemonldap-ng/bin
+debian/configStorage.pm /usr/share/lemonldap-ng
+debian/storage.conf /etc/lemonldap-ng
+debian/tmp/var/lib/lemonldap-ng/conf /var/lib/lemonldap-ng

build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.postinst

@@ -0,0 +1,21 @@
+#!/bin/bash
+# Maintainer: #DEBHELPER#
+
+. /usr/share/debconf/confmodule
+
+FIRSTCONFFILE=/var/lib/lemonldap-ng/conf/lmConf-1
+
+if [ "$1" == "configure" ]
+then
+    chown -R www-data.www-data /var/lib/lemonldap-ng/conf
+    chmod 750 /var/lib/lemonldap-ng/conf
+    chmod 640 /var/lib/lemonldap-ng/conf/*
+    chgrp www-data /etc/lemonldap-ng/storage.conf
+    chmod 640 /etc/lemonldap-ng/storage.conf
+
+    for i in domain ldapServer ldapPort ldapBase managerDn managerPassword portal; do
+        db_get liblemonldap-ng-conf-perl/$i || true
+	perl -000 -i -pe "s#^$i(\\n\\s+)('?)[^\\n]*?('?)\$#$i\${1}\${2}$RET\${3}#m" $FIRSTCONFFILE
+    done
+fi
+exit 0

build/lemonldap-ng/debian/liblemonldap-ng-conf-perl.templates

@@ -0,0 +1,92 @@
+Template: liblemonldap-ng-conf-perl/newDirInfo
+Type: note
+Description: Lemonldap::NG default configuration directory has moved to /var/lib/lemondap-ng/conf/
+Description-fr: Le répertoire de configuration par défaut est maintenant /var/lib/lemondap-ng/conf/
+
+Template: liblemonldap-ng-conf-perl/ldapServer
+Type: string
+Default: localhost
+Description: LDAP server
+ Set here name or IP address of the LDAP server that has to be used by
+ Lemonldap::NG.
+ You can modify this value later using the Lemonldap::NG manager.
+Description-fr: Serveur LDAP
+ Indiquez ici le nom ou l'adresse IP du serveur LDAP que Lemonldap::NG utilisera.
+ Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
+ Lemonldap::NG.
+
+Template: liblemonldap-ng-conf-perl/domain
+Type: string
+Default: example.com
+Description: Lemonldap::NG DNS domain
+ Set here the main domain protected by Lemonldap::NG.
+ You can modify this value later using the Lemonldap::NG manager.
+Description-fr: Domaine DNS de Lemonldap::NG
+ Indiquez ici le domaine principal protégé par lemonldap::NG.
+ Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
+ Lemonldap::NG.
+
+Template: liblemonldap-ng-conf-perl/portal
+Type: string
+Default: http://auth.example.com/
+Description: Lemonldap::NG portal
+ Set here the Lemonldap::NG portal URL.
+ You can modify this value later using the Lemonldap::NG manager.
+Description-fr: Port du serveur LDAP
+ Indiquez ici l'URL du portail Lemonldap::NG.
+ Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
+ Lemonldap::NG.
+
+Template: liblemonldap-ng-conf-perl/ldapPort
+Type: string
+Default: 389
+Description: LDAP server port
+ Set here the port used by the LDAP server.
+ You can modify this value later using the Lemonldap::NG manager.
+Description-fr: Port du serveur LDAP
+ Indiquez ici le numéro du port du serveur LDAP.
+ Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
+ Lemonldap::NG.
+
+Template: liblemonldap-ng-conf-perl/ldapBase
+Type: string
+Default: dc=example,dc=com
+Description: LDAP search base
+ Set here the search base to use in LDAP queries.
+ You can modify this value later using the Lemonldap::NG manager.
+Description-fr: Base de recherche LDAP
+ Indiquez ici la base de recherche des requêtes LDAP.
+ Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
+ Lemonldap::NG.
+
+Template: liblemonldap-ng-conf-perl/managerDn
+Type: string
+Description: LDAP account
+ Set here the account that Lemonldap::NG has to use for its LDAP requests.
+ Leaving it blank causes Lemonldap::NG to use anonymous connections.
+ You can modify this value later using the Lemonldap::NG manager.
+Description-fr: Compte LDAP
+ Indiquez ici le compte que Lemonldap::NG doit utiliser pour ses requêtes
+ LDAP. Laissez le champ vide pour utiliser des connexions anonymes.
+ Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
+ Lemonldap::NG.
+
+Template: liblemonldap-ng-conf-perl/managerPassword
+Type: string
+Description: LDAP password
+ Set here the password for the Lemonldap::NG LDAP account.
+ You can modify this value later using the Lemonldap::NG manager.
+Description-fr: Mot de passe LDAP
+ Indiquez ici le mot de passe du compte LDAP de Lemonldap::NG.
+ Vous pourrez modifier cette valeur ultérieurement dans le gestionnaire
+ Lemonldap::NG.
+
+Template: liblemonldap-ng-conf-perl/howto
+Type: note
+Description: Lemonldap::NG is ready
+ Lemonldap::NG is ready to work. See
+ /usr/share/liblemonldap-ng-conf-perl/README.Debian to see how to activate it.
+Description-fr: Lemonldap::NG est prêt
+ Lemonldap::NG est prêt à fonctionner. Reportez-vous au fichier
+ /usr/share/liblemonldap-ng-conf-perl/README.Debian pour voir comment l'activer
+

build/lemonldap-ng/debian/liblemonldap-ng-handler-perl.dirs

@@ -0,0 +1,3 @@
+/usr/share
+/var/lib/lemonldap-ng/handler
+/var/lib/lemonldap-ng/sessions

build/lemonldap-ng/debian/liblemonldap-ng-handler-perl.docs

@@ -0,0 +1,2 @@
+debian/README.Debian
+

build/lemonldap-ng/debian/liblemonldap-ng-handler-perl.examples

@@ -1 +1,3 @@
-example/handler/
+debian/tmp/var/lib/lemonldap-ng/handler/autoProtectedCGI.pl
+debian/tmp/var/lib/lemonldap-ng/handler/MyHandler*.pm
+debian/handler-apache*.conf

build/lemonldap-ng/debian/liblemonldap-ng-handler-perl.postinst

@@ -0,0 +1,20 @@
+#!/bin/bash
+# Maintainer: #DEBHELPER#
+
+. /usr/share/debconf/confmodule
+
+EXAMPLEHANDLERFILE=/usr/share/doc/liblemonldap-ng-handler-perl/examples/MyHandler.pm
+HANDLERFILE=/var/lib/lemonldap-ng/handler/MyHandler.pm
+SESSIONSDIR=/var/lib/lemonldap-ng/sessions
+
+if [ "$1" == "configure" ]
+then
+    [ -e $HANDLERFILE ] || \
+	perl -000 -pe 's/(configStorage\s*=>\s*){[^}]+}/$1\$Lemonldap::NG::Conf::configStorage/;
+			s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \
+		$EXAMPLEHANDLERFILE >$HANDLERFILE
+    chmod 770 $SESSIONSDIR;
+    chown www-data.www-data $SESSIONSDIR;
+fi
+
+

build/lemonldap-ng/debian/liblemonldap-ng-manager-conf-perl.config

@@ -1,7 +0,0 @@
-#!/bin/sh 
-
-set -e
-. /usr/share/debconf/confmodule
-db_input high liblemonldap-ng-manager-conf-perl/newDirInfo || true
-db_go || true
-

build/lemonldap-ng/debian/liblemonldap-ng-manager-conf-perl.dirs

@@ -1,2 +0,0 @@
-/var/lib/lemonldap-ng
-

build/lemonldap-ng/debian/liblemonldap-ng-manager-conf-perl.examples

@@ -1,3 +0,0 @@
-example/conf/
-example/apache-session-mysql.sql
-example/lmConfig.mysql

build/lemonldap-ng/debian/liblemonldap-ng-manager-conf-perl.install

@@ -1,5 +0,0 @@
-debian/tmp/usr/share/perl5/Lemonldap/NG/Manager/Conf*
-debian/tmp/usr/share/man/man3/Lemonldap::NG::Manager::Conf*
-debian/tmp/usr/share/man/man1/lmConfig_File2MySQL.1p
-debian/tmp/usr/bin/lmConfig*
-example/conf /var/lib/lemonldap-ng/

build/lemonldap-ng/debian/liblemonldap-ng-manager-conf-perl.postinst

@@ -1,10 +0,0 @@
-#!/bin/bash
-# Maintainer: #DEBHELPER#
-
-. /usr/share/debconf/confmodule
-
-if [ "$1" == "configure" ]
-then
-    chown -R www-data /var/lib/lemonldap-ng/conf
-fi
-

build/lemonldap-ng/debian/liblemonldap-ng-manager-conf-perl.templates

@@ -1,5 +0,0 @@
-Template: liblemonldap-ng-manager-conf-perl/newDirInfo
-Type: note
-Description: Lemonldap::NG default configuration directory has moved to /var/lib/lemondap-ng/conf/
-Description-fr: Le répertoire de configuration par défaut est maintenant /var/lib/lemondap-ng/conf/
-

build/lemonldap-ng/debian/liblemonldap-ng-manager-perl.conffiles

@@ -0,0 +1,3 @@
+/etc/lemonldap-ng/apply.conf
+/etc/lemonldap-ng/manager-apache.conf
+/etc/lemonldap-ng/manager-apache2.conf

build/lemonldap-ng/debian/liblemonldap-ng-manager-perl.dirs

@@ -0,0 +1,3 @@
+/etc/lemonldap-ng
+/usr/share/lemonldap-ng/bin
+/var/lib/lemonldap-ng/manager

build/lemonldap-ng/debian/liblemonldap-ng-manager-perl.docs

@@ -0,0 +1,2 @@
+debian/README.Debian
+

build/lemonldap-ng/debian/liblemonldap-ng-manager-perl.examples

@@ -1 +1,4 @@
-example/manager
+debian/tmp/var/lib/lemonldap-ng/manager/apply.conf
+debian/tmp/var/lib/lemonldap-ng/manager/index.pl
+debian/tmp/var/lib/lemonldap-ng/manager/lmConfig.mysql
+debian/tmp/var/lib/lemonldap-ng/manager/soapserver.pl

build/lemonldap-ng/debian/liblemonldap-ng-manager-perl.install

@@ -11,3 +11,8 @@ debian/tmp/usr/share/man/man3/Lemonldap::NG::Manager.3pm
 debian/tmp/usr/share/man/man3/Lemonldap::NG::Manager::SOAPServer.3pm
 debian/tmp/usr/share/man/man3/Lemonldap::NG::Manager::Apache::Session::SOAP.3pm
 debian/tmp/usr/share/man/man3/Lemonldap::NG::Manager::Restricted.3pm
+debian/tmp/var/lib/lemonldap-ng/manager/apply.conf /etc/lemonldap-ng
+debian/manager-apache*.conf /etc/lemonldap-ng
+debian/tmp/var/lib/lemonldap-ng/manager/imgs
+debian/tmp/var/lib/lemonldap-ng/manager/lemonldap-ng-manager.js
+debian/tmp/var/lib/lemonldap-ng/manager/scripts/lmConfigEditor /usr/share/lemonldap-ng/bin

build/lemonldap-ng/debian/liblemonldap-ng-manager-perl.postinst

@@ -0,0 +1,21 @@
+#!/bin/bash
+# Maintainer: #DEBHELPER#
+
+. /usr/share/debconf/confmodule
+
+EXAMPLEMANAGERFILE=/usr/share/doc/liblemonldap-ng-manager-perl/examples/index.pl
+MANAGERFILE=/var/lib/lemonldap-ng/manager/index.pl
+
+if [ "$1" == "configure" ]
+then
+    [ -e $MANAGERFILE ] || \
+	perl -000 -pe 's/(configStorage\s*=>\s*){[^}]+}/$1\$Lemonldap::NG::Conf::configStorage/;
+			s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;
+			s#(applyConfFile\s*=>\s*)(['"'"'"]).*?\2#$1$2/etc/lemonldap-ng/apply.conf$2#' \
+		$EXAMPLEMANAGERFILE >$MANAGERFILE
+    chmod +x $MANAGERFILE
+    chgrp www-data /etc/lemonldap-ng/apply.conf
+    chmod 640 /etc/lemonldap-ng/apply.conf
+fi
+
+

build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.conffiles

@@ -0,0 +1,2 @@
+/etc/lemonldap-ng/portal-apache.conf
+/etc/lemonldap-ng/portal-apache2.conf

build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.cron.d

@@ -0,0 +1,4 @@
+#
+# Regular cron jobs for the Lemonldap::NG portal
+#
+*/10 *	* * *	www-data	test -x /usr/share/lemonldap-ng/bin/purgeCentralCache

build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.dirs

@@ -0,0 +1,4 @@
+/etc/lemonldap-ng
+/usr/share/lemonldap-ng/bin
+/var/lib/lemonldap-ng/portal
+/var/lib/lemonldap-ng/sessions

build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.docs

@@ -0,0 +1,2 @@
+debian/README.Debian
+

build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.examples

@@ -1 +1 @@
-example/portal
+debian/tmp/var/lib/lemonldap-ng/portal/*

build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.install

@@ -1,3 +1,4 @@
 debian/tmp/usr/share/perl5/Lemonldap/NG/Portal*
 debian/tmp/usr/share/perl5/auto/Lemonldap/NG/Portal
 debian/tmp/usr/share/man/man3/Lemonldap::NG::Portal*
+debian/portal-apache*.conf /etc/lemonldap-ng

build/lemonldap-ng/debian/liblemonldap-ng-portal-perl.postinst

@@ -0,0 +1,29 @@
+#!/bin/bash
+# Maintainer: #DEBHELPER#
+
+. /usr/share/debconf/confmodule
+
+EXAMPLEPORTALFILE=/usr/share/doc/liblemonldap-ng-portal-perl/examples/index.pl
+PORTALFILE=/var/lib/lemonldap-ng/portal/index.pl
+EXAMPLECLEANERFILE=/usr/share/doc/liblemonldap-ng-portal-perl/examples/scripts/purgeCentralCache
+CLEANERFILE=/usr/share/lemonldap-ng/bin/purgeCentralCache
+SESSIONSDIR=/var/lib/lemonldap-ng/sessions
+
+if [ "$1" == "configure" ]
+then
+    [ -e $PORTALFILE ] || \
+	perl -000 -pe 's/(configStorage\s*=>\s*){[^}]+}/$1\$Lemonldap::NG::Conf::configStorage/;
+			s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \
+		$EXAMPLEPORTALFILE >$PORTALFILE
+    [ -e $CLEANERFILE ] || \
+	perl -000 -pe 's/(configStorage\s*=>\s*){[^}]+}/$1\$Lemonldap::NG::Conf::configStorage/;
+			s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \
+		$EXAMPLECLEANERFILE >$CLEANERFILE
+    chmod +x $PORTALFILE
+    chmod +x $CLEANERFILE
+    chmod 770 $SESSIONSDIR;
+    chown www-data.www-data $SESSIONSDIR;
+fi
+
+
+

build/lemonldap-ng/debian/manager-apache.conf

@@ -0,0 +1,24 @@
+<VirtualHost *>
+    ServerName manager.example.com
+
+    # DocumentRoot
+    DocumentRoot /var/lib/lemonldap-ng/manager
+    <Directory /var/lib/lemonldap-ng/manager>
+	Order deny,allow
+	Deny from all
+	Allow from 127.0.0.0/8
+	Options +ExecCGI
+    </Directory>
+
+    # Manager must be interpreted by Perl
+    <Files *.pl>
+	SetHandler perl-script
+	PerlHandler Apache::Registry
+    </Files>
+
+    <IfModule mod_dir.c>
+	DirectoryIndex index.pl index.html
+    </IfModule>
+
+</VirtualHost>
+

build/lemonldap-ng/debian/manager-apache2.conf

@@ -0,0 +1,24 @@
+<VirtualHost *>
+    ServerName manager.example.com
+
+    # DocumentRoot
+    DocumentRoot /var/lib/lemonldap-ng/manager
+    <Directory /var/lib/lemonldap-ng/manager>
+	Order deny,allow
+	Deny from all
+	Allow from 127.0.0.0/8
+	Options +ExecCGI
+    </Directory>
+
+    # Manager must be interpreted by Perl
+    <Files *.pl>
+	SetHandler perl-script
+	PerlResponseHandler ModPerl::Registry
+    </Files>
+
+    <IfModule mod_dir.c>
+	DirectoryIndex index.pl index.html
+    </IfModule>
+
+</VirtualHost>
+

build/lemonldap-ng/debian/portal-apache.conf

@@ -0,0 +1,23 @@
+<VirtualHost *>
+    ServerName auth.example.com
+
+    # DocumentRoot
+    DocumentRoot /var/lib/lemonldap-ng/portal
+    <Directory /var/lib/lemonldap-ng/portal>
+	Order allow,deny
+	Allow from all
+	Options +ExecCGI
+    </Directory>
+
+    # Portal must be interpreted by Perl
+    <Files *.pl>
+	SetHandler perl-script
+	PerlHandler Apache::Registry
+    </Files>
+
+    <IfModule mod_dir.c>
+	DirectoryIndex index.pl index.html
+    </IfModule>
+
+</VirtualHost>
+

build/lemonldap-ng/debian/portal-apache2.conf

@@ -0,0 +1,23 @@
+<VirtualHost *>
+    ServerName auth.example.com
+
+    # DocumentRoot
+    DocumentRoot /var/lib/lemonldap-ng/portal
+    <Directory /var/lib/lemonldap-ng/portal>
+	Order allow,deny
+	Allow from all
+	Options +ExecCGI
+    </Directory>
+
+    # Portal must be interpreted by Perl
+    <Files *.pl>
+	SetHandler perl-script
+	PerlResponseHandler ModPerl::Registry
+    </Files>
+
+    <IfModule mod_dir.c>
+	DirectoryIndex index.pl index.html
+    </IfModule>
+
+</VirtualHost>
+

build/lemonldap-ng/debian/rules

@@ -49,8 +49,12 @@ install: build
 	# Add here commands to install the package into debian/lemonldap-ng.
 	$(MAKE) test
 	$(MAKE) install DESTDIR=$(CURDIR)/debian/tmp PREFIX=/usr
-	$(MAKE) example EXAMPLEDIR=/usr/share/doc/lemonldap-ng/examples/ EXAMPLECONFDIR=/var/lib/lemonldap-ng/conf
-
+	$(MAKE) example EXAMPLEDIRBUILD=debian/tmp/var/lib/lemonldap-ng EXAMPLEDIR=/var/lib/lemonldap-ng/ EXAMPLECONFDIR=/var/lib/lemonldap-ng/conf
+	cp debian/tmp/var/lib/lemonldap-ng/handler/MyHandler.pm debian/tmp/var/lib/lemonldap-ng/handler/MyHandler-Debian.pm
+	mv debian/tmp/var/lib/lemonldap-ng/index.pl debian/tmp/var/lib/lemonldap-ng/test.pl
+	perl -000 -i -pe 's/(new\s*\(\s*){[^}]+}/$$1\$$Lemonldap::NG::Conf::configStorage/; s#^use#\nrequire "/usr/share/lemonldap-ng/configStorage.pm";\nuse#m;' \
+			debian/tmp/var/lib/lemonldap-ng/manager/scripts/lmConfigEditor \
+			debian/tmp/var/lib/lemonldap-ng/handler/MyHandler-Debian.pm
 
 # Build architecture-independent files here.
 binary-indep: build install
@@ -62,7 +66,12 @@ binary-arch: build install
 	dh_testroot
 	dh_installchangelogs 
 	dh_installdocs
+	mkdir debian/tmp/var/lib/lemonldap-ng/protected
+	cp _example/index.pl debian/tmp/var/lib/lemonldap-ng/protected
+	find debian/tmp/var/lib/lemonldap-ng -type f -perm /111 -exec chmod -x {} \;
+	chmod +x debian/tmp/var/lib/lemonldap-ng/manager/scripts/lmConfigEditor
 	dh_installexamples
+	find debian/lemonldap-ng -type f -exec perl -i -pe 's#__DIR__/?#'/var/lib/lemonldap-ng'#g;s#__CONFDIR__/?#'/var/lib/lemonldap-ng/conf'#g;' {} \;
 	dh_install
 #	dh_installmenu
 	dh_installdebconf	
@@ -72,13 +81,12 @@ binary-arch: build install
 #	dh_installmime
 #	dh_python
 #	dh_installinit
-#	dh_installcron
+	dh_installcron
 #	dh_installinfo
 	dh_installman
 	dh_link
 	dh_strip
 	dh_compress
-	gunzip $(CURDIR)/debian/lemonldap-ng/usr/share/doc/lemonldap-ng/examples/manager/lemonldap-ng-manager.js.gz
 	dh_fixperms
 #	dh_perl
 #	dh_makeshlibs

build/lemonldap-ng/debian/storage.conf

@@ -0,0 +1,28 @@
+#
+# This file contains parameters used by Lemonldap::NG to find its configuration
+#
+#
+# 1 - Type
+#
+# You can use one of the following:
+# * File: you have to set 'dirName' parameter. Example:
+#           type = File
+#           dirName = /var/lib/lemonldap-ng/conf
+#
+# * DBI : you have to set 'dbiChain' (required) and 'dbiUser' and 'dbiPassword'
+#         if needed. Example:
+#           type        = DBI
+#           dbiChain    = DBI:mysql:database=lemonldap-ng,host=1.2.3.4
+#           dbiUser     = lemonldap
+#           dbiPassword = password
+#
+# * SOAP: SOAP configuration access is a sort of proxy: the SOAP server that
+#         runs Lemonldap::NG::Manager::SOAPServer is configured to use the real
+#         session storage type (DBI or File for example).
+#         You have to set 'proxy' parameter. Example
+#           type         = SOAP
+#           proxy        = https://manager.example.com/soapmanager.pl
+#           proxyOptions = { timeout => 5 }
+
+type    = File
+dirName = /var/lib/lemonldap-ng/conf

modules/lemonldap-ng-handler/example/MyHandler.pm

@@ -7,6 +7,9 @@ __PACKAGE__->init ( {
     localStorageOptions => {
               'namespace'          => 'MyNamespace',
               'default_expires_in' => 600,
+	      'directory_umask'    => '007',
+	      'cache_root'         => '/tmp',
+	      'cache_depth'        => 5,
     },
 
     configStorage       => {

modules/lemonldap-ng-manager/MANIFEST

@@ -44,16 +44,16 @@ example/imgs/plus5.gif
 example/imgs/plus_ar.gif
 example/imgs/tombs.gif
 example/imgs/tombs_mag.gif
+example/index.pl
 example/lemonldap-ng-manager.js
 example/lmConfig.mysql
-example/index.pl
-example/scripts/lmSessionDump
 example/scripts/lmConfigEditor
+example/scripts/lmSessionDump
 example/soapserver.pl
 lib/Lemonldap/NG/Manager.pm
-lib/Lemonldap/NG/Manager/Apache/Session/SOAP.pm
 lib/Lemonldap/NG/Manager/_HTML.pm
 lib/Lemonldap/NG/Manager/_i18n.pm
+lib/Lemonldap/NG/Manager/Apache/Session/SOAP.pm
 lib/Lemonldap/NG/Manager/Base.pm
 lib/Lemonldap/NG/Manager/Conf.pm
 lib/Lemonldap/NG/Manager/Conf/Constants.pm
@@ -68,11 +68,11 @@ MANIFEST
 META.yml			Module meta-data (added by MakeMaker)
 README
 scripts/lmConfig_File2MySQL
-TODO
-t/Lemonldap-NG-Manager.t
-t/Lemonldap-NG-Manager_en.t
-t/Lemonldap-NG-Manager_fr.t
-t/Lemonldap-NG-Manager-Conf.t
 t/Lemonldap-NG-Manager-Conf-DBI.t
 t/Lemonldap-NG-Manager-Conf-File.t
 t/Lemonldap-NG-Manager-Conf-SOAP.t
+t/Lemonldap-NG-Manager-Conf.t
+t/Lemonldap-NG-Manager.t
+t/Lemonldap-NG-Manager_en.t
+t/Lemonldap-NG-Manager_fr.t
+TODO

modules/lemonldap-ng-portal/MANIFEST

@@ -1,5 +1,7 @@
 Changes
 example/index.pl
+example/scripts/purgeCentralCache
+example/scripts/purgeCentralCache.cron.d
 example/slavePortal.pl
 lib/Lemonldap/NG/Portal.pm
 lib/Lemonldap/NG/Portal/_i18n.pm

modules/lemonldap-ng-portal/example/scripts/purgeCentralCache

@@ -0,0 +1,88 @@
+#!/usr/bin/perl
+
+# Cleaner for Lemonldap::NG : removes old sessions from Apache::Session
+#
+# This module is written to be used by cron to clean old sessions from
+# Apache::Session.
+#
+# WARNING: only Apache::Session::File and Apache::Session::MySQL can be used
+#          here
+
+BEGIN {
+
+    sub Apache::Session::get_all_sessions {
+        return 0;
+    }
+
+    sub Apache::Session::MySQL::get_all_sessions {
+        my $class = shift;
+        my $args  = shift;
+        my $dbh =
+          DBI->connect( $args->{DataSource}, $args->{UserName},
+            $args->{Password} )
+          or die("$!$@");
+        my $sth = $dbh->prepare('SELECT id from sessions');
+        $sth->execute;
+        my @res;
+        while ( my @row = $sth->fetchrow_array ) {
+            push @res, @row;
+        }
+        return @res;
+    }
+
+    sub Apache::Session::File::get_all_sessions {
+        my $class = shift;
+        my $args  = shift;
+        $args->{Directory} ||= '/tmp';
+        unless ( opendir DIR, $args->{Directory} ) {
+            die "Cannot open directory $args->{Directory}\n";
+        }
+        my @t =
+          grep { -f "$args->{Directory}/$_" and /^[A-Za-z0-9@\-]+$/ }
+          readdir(DIR);
+        closedir DIR;
+        return @t;
+    }
+}
+
+use Lemonldap::NG::Manager::Conf;
+use Lemonldap::NG::Manager::Conf::Constants;
+use strict;
+use DBI;
+
+my $lmconf = Lemonldap::NG::Manager::Conf->new(
+    {
+        type    => 'File',
+        dirName => '__CONFDIR__',
+    }
+);
+
+my $conf = $lmconf->getConf or die "Unable to get configuration ($!)";
+
+my $tmp = $conf->{globalStorage};
+
+eval "use $tmp";
+die $@ if ($@);
+
+$conf->{globalStorageOptions}->{timeout} ||= 7200;
+
+my @t = $tmp->get_all_sessions( $conf->{globalStorageOptions} );
+
+for my $id (@t) {
+    my %h;
+    eval { tie %h, $tmp, $id, $conf->{globalStorageOptions} };
+    if ($@) {
+        next;
+    }
+    else {
+        if ( time - $h{_utime} > $conf->{globalStorageOptions}->{timeout} ) {
+            tied(%h)->delete;
+        }
+        else {
+            untie %h;
+        }
+    }
+}
+
+1;
+

modules/lemonldap-ng-portal/example/scripts/purgeCentralCache.cron.d

@@ -0,0 +1,4 @@
+#
+# Regular cron jobs for the Lemonldap::NG portal
+#
+*/10 *	* * *	www-data	test -x /usr/share/lemonldap-ng/bin/purgeCentralCache