worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

* perltidy

Browse Source 
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()
environments/ppa-mbqj77/deployments/1
Xavier Guimard 16 years ago
parent bf488752b4
commit 655fd9e526
10 changed files with 156 additions and 116 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm
  2. 8
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthMulti.pm
  3. 3
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
  4. 29
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm
  5. 70
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/PasswordDBLDAP.pm
  6. 4
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
  7. 8
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBMulti.pm
  8. 127
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
  9. 7
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SOAP.pm
  10. 12
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_WebForm.pm

4
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm
Unescape View File

@ -20,10 +20,6 @@ use base qw(Lemonldap::NG::Portal::_WebForm);
# Load Net::LDAP::Control::PasswordPolicy if needed
# @return Lemonldap::NG::Portal constant
sub authInit {
my $self = shift;
if ( $self->{ldapPpolicyControl} and not $self->ldap->loadPP()) {
return PE_LDAPERROR;
}
PE_OK;
}

8
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthMulti.pm
Unescape View File

@ -6,22 +6,22 @@ our $VERSION = '0.1';
sub authInit {
my $self = shift;
return $self->_multi->try('authInit',0);
return $self->_multi->try( 'authInit', 0 );
}
sub extractFormInfo {
my $self = shift;
return $self->_multi->try('extractFormInfo',0);
return $self->_multi->try( 'extractFormInfo', 0 );
}
sub setAuthSessionInfo {
my $self = shift;
return $self->_multi->try('setAuthSessionInfo',0);
return $self->_multi->try( 'setAuthSessionInfo', 0 );
}
sub authenticate {
my $self = shift;
return $self->_multi->try('authenticate',0);
return $self->_multi->try( 'authenticate', 0 );
}
1;

3
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
Unescape View File

@ -45,7 +45,8 @@ sub extractFormInfo {
return PE_OK;
}
elsif ( $self->{SSLRequire} ) {
$self->_sub('userError',"No certificate found for $ENV{REMOTE_ADDR}");
$self->_sub( 'userError',
"No certificate found for $ENV{REMOTE_ADDR}" );
return PE_CERTIFICATEREQUIRED;
}
$self->{AuthLDAPFilter} = '';

29
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm
Unescape View File

@ -11,9 +11,9 @@ require Lemonldap::NG::Common::CGI;
use Lemonldap::NG::Portal::SharedConf;
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap Object used to change passwords only
use XML::LibXML;
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
use Safe;
use Lemonldap::NG::Portal::PasswordDBLDAP; #inherits
use Lemonldap::NG::Portal::PasswordDBLDAP; #inherits
#inherits Net::LDAP::Control::PasswordPolicy
@ -217,7 +217,7 @@ sub appslistDescription {
# @return XML root element object
sub _getXML {
my $self = shift;
return $self->{_xml} if($self->{_xml});
return $self->{_xml} if ( $self->{_xml} );
# Parse XML file
my $parser = XML::LibXML->new();
@ -300,9 +300,10 @@ sub _displayApplication {
|| "" );
# Display application
$html .= "<li title=\"$appid\" class=\"appname\"><span>"
. ($appuri ? "<a href=\"$appuri\">$appname</a>" : "<a>$appname</a>")
. "</span>\n";
$html .=
"<li title=\"$appid\" class=\"appname\"><span>"
. ( $appuri ? "<a href=\"$appuri\">$appname</a>" : "<a>$appname</a>" )
. "</span>\n";
my @appnodes = $app->findnodes("application");
if (@appnodes) {
$html .= "<ul>";
@ -355,9 +356,9 @@ sub _displayDescription {
# @param $root XML root element
# @return XML_string
sub _filterXML {
my $self = shift;
my $self = shift;
my ($root) = @_;
my @cat = $root->getElementsByTagName('category');
my @cat = $root->getElementsByTagName('category');
foreach my $cat (@cat) {
$self->_filterApp($cat);
}
@ -369,11 +370,11 @@ sub _filterXML {
}
sub _filterApp {
my($self,$node)=@_;
my ( $self, $node ) = @_;
my @apps = $node->getChildrenByTagName('application');
my $tag = 0;
foreach(@apps) {
my $stag = $self->_filterApp($_);
my $tag = 0;
foreach (@apps) {
my $stag = $self->_filterApp($_);
my $appdisplay = $_->getChildrenByTagName('display')->string_value();
my $appuri =
$self->_userParam( $_->getChildrenByTagName('uri')->string_value() );
@ -389,8 +390,8 @@ sub _filterApp {
# Check grant function if display is "auto" (this is the default)
unless ( $self->_grant($appuri) ) {
if($stag) {
eval {$_->getChildrenByTagName('uri')->unbindNode() };
if ($stag) {
eval { $_->getChildrenByTagName('uri')->unbindNode() };
$tag++;
}
else {

70
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/PasswordDBLDAP.pm
Unescape View File

@ -14,14 +14,10 @@ our $VERSION = '0.2';
*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
*_search = *Lemonldap::NG::Portal::UserDBLDAP::search;
## @apmethod int apasswordDBInit()
## @apmethod int passwordDBInit()
# Load Net::LDAP::Control::PasswordPolicy if needed
# @return Lemonldap::NG::Portal constant
sub passwordDBInit {
my $self = shift;
if ( $self->{ldapPpolicyControl} and not $self->ldap->loadPP()) {
return PE_LDAPERROR;
}
PE_OK;
}
@ -44,10 +40,13 @@ sub modifyPassword {
return $tmp if ($tmp);
}
$self->lmLog("Modify password request for ".$self->{dn},'debug');
$self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );
# Call the modify password method
return $self->ldap->userModifyPassword( $self->{dn}, $self->{newpassword}, $self->{confirmpassword}, $self->{oldpassword} );
return $self->ldap->userModifyPassword(
$self->{dn}, $self->{newpassword},
$self->{confirmpassword}, $self->{oldpassword}
);
PE_OK;
}
@ -70,65 +69,70 @@ sub resetPasswordByMail {
return $tmp if ($tmp);
}
$self->lmLog("Reset password request for ".$self->{dn},'debug');
$self->lmLog( "Reset password request for " . $self->{dn}, 'debug' );
# Check the required modules before changing password
eval {require String::Random};
eval { require String::Random };
if ($@) {
$self->lmLog("Module String::Random not found in @INC",'error' );
$self->lmLog( "Module String::Random not found in @INC", 'error' );
return PE_ERROR;
}
eval {require MIME::Lite};
eval { require MIME::Lite };
if ($@) {
$self->lmLog("Module MIME::Lite not found in @INC",'error' );
$self->lmLog( "Module MIME::Lite not found in @INC", 'error' );
return PE_ERROR;
}
# Generate a complex password
my $random = new String::Random;
my $password = $random->randregex( $self->{randomPasswordRegexp} );
my $random = new String::Random;
my $password = $random->randregex( $self->{randomPasswordRegexp} );
$self->lmLog("Generated password: ".$password,'debug');
$self->lmLog( "Generated password: " . $password, 'debug' );
# Call the modify password method
my $pe_error = $self->ldap->userModifyPassword( $self->{dn}, $password, $password );
my $pe_error =
$self->ldap->userModifyPassword( $self->{dn}, $password, $password );
return $pe_error unless ($pe_error == PE_PASSWORD_OK);
return $pe_error unless ( $pe_error == PE_PASSWORD_OK );
# If Password Policy, set the PwdReset flag
if ( $self->{ldapPpolicyControl} ) {
my $result = $self->ldap->modify( $self->{dn}, replace => { 'pwdReset' => 'TRUE' } );
my $result =
$self->ldap->modify( $self->{dn},
replace => { 'pwdReset' => 'TRUE' } );
unless ( $result->code == 0) {
$self->lmLog("LDAP modify pwdReset error: ".$result->code,'error');
unless ( $result->code == 0 ) {
$self->lmLog( "LDAP modify pwdReset error: " . $result->code,
'error' );
return PE_LDAPERROR;
}
$self->lmLog("pwdReset set to TRUE",'debug');
$self->lmLog( "pwdReset set to TRUE", 'debug' );
}
# Send new password by mail
$self->{mailBody} =~ s/\$password/$password/g;
$self->{mailBody} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
$self->lmLog("SMTP From ".$self->{mailFrom},'debug');
$self->lmLog("SMTP To ".$self->{mail},'debug');
$self->lmLog("SMTP Subject ".$self->{mailSubject},'debug');
$self->lmLog("SMTP Body ".$self->{mailBody},'debug');
$self->lmLog( "SMTP From " . $self->{mailFrom}, 'debug' );
$self->lmLog( "SMTP To " . $self->{mail}, 'debug' );
$self->lmLog( "SMTP Subject " . $self->{mailSubject}, 'debug' );
$self->lmLog( "SMTP Body " . $self->{mailBody}, 'debug' );
eval {
my $message = MIME::Lite->new(
From => $self->{mailFrom},
To => $self->{mail},
From => $self->{mailFrom},
To => $self->{mail},
Subject => $self->{mailSubject},
Type => "TEXT",
Data => $self->{mailBody},
Type => "TEXT",
Data => $self->{mailBody},
);
$self->{SMTPServer} ? $message->send("smtp",$self->{SMTPServer}) : $message->send();
$self->{SMTPServer}
? $message->send( "smtp", $self->{SMTPServer} )
: $message->send();
};
if ($@) {
$self->lmLog("Send message failed: $@",'error');
$self->lmLog( "Send message failed: $@", 'error' );
return PE_ERROR;
}
}
PE_PASSWORD_OK;
}

4
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
Unescape View File

@ -505,7 +505,7 @@ sub _deleteSession {
my ( $self, $h ) = @_;
if ( my $id2 = $h->{_httpSession} ) {
my $h2 = $self->getApacheSession($id2);
eval {tied(%$h2)->delete()};
eval { tied(%$h2)->delete() };
$self->lmLog( $@, 'error' ) if ($@);
# Delete cookie
@ -521,7 +521,7 @@ sub _deleteSession {
);
}
my $r;
eval {$r = tied(%$h)->delete()};
eval { $r = tied(%$h)->delete() };
$self->lmLog( $@, 'error' ) if ($@);
# Delete cookie

8
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBMulti.pm
Unescape View File

@ -6,22 +6,22 @@ our $VERSION = '0.1';
sub userDBInit {
my $self = shift;
return $self->_multi->try('userDBInit',1);
return $self->_multi->try( 'userDBInit', 1 );
}
sub getUser {
my $self = shift;
return $self->_multi->try('getUser',1);
return $self->_multi->try( 'getUser', 1 );
}
sub setSessionInfo {
my $self = shift;
return $self->_multi->try('setSessionInfo',1);
return $self->_multi->try( 'setSessionInfo', 1 );
}
sub setGroups {
my $self = shift;
return $self->_multi->try('setGroups',1);
return $self->_multi->try( 'setGroups', 1 );
}
1;

127
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
Unescape View File

@ -41,9 +41,9 @@ sub new {
}
$self = Net::LDAP->new(
\@servers,
onerror => undef,
onerror => undef,
( $portal->{ldapPort} ? ( port => $portal->{ldapPort} ) : () ),
);
);
unless ($self) {
$portal->lmLog( $@, 'error' );
return 0;
@ -98,7 +98,7 @@ sub loadPP {
return 1 if ($ppLoaded);
# require Perl module
eval {require Net::LDAP::Control::PasswordPolicy};
eval { require Net::LDAP::Control::PasswordPolicy };
if ($@) {
$self->{portal}->lmLog(
"Module Net::LDAP::Control::PasswordPolicy not found in @INC",
@ -121,10 +121,7 @@ sub userBind {
my $pp = Net::LDAP::Control::PasswordPolicy->new();
# Bind with user credentials
my $mesg = $self->bind(
@_,
control => [$pp]
);
my $mesg = $self->bind( @_, control => [$pp] );
# Get server control response
my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
@ -137,7 +134,8 @@ sub userBind {
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
$self->{portal}->_sub( 'userError', "Password policy error $pp_error for $self->{portal}->{user}" );
$self->{portal}->_sub( 'userError',
"Password policy error $pp_error for $self->{portal}->{user}" );
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
@ -148,20 +146,21 @@ sub userBind {
PE_PP_PASSWORD_TOO_SHORT,
PE_PP_PASSWORD_TOO_YOUNG,
PE_PP_PASSWORD_IN_HISTORY,
]->[$pp_error];
]->[$pp_error]
or PE_ERROR;
}
elsif ( $mesg->code == 0 ) {
return PE_OK;
}
}
else {
my $mesg =
$self->bind( @_ );
my $mesg = $self->bind(@_);
if ( $mesg->code == 0 ) {
return PE_OK;
}
}
$self->{portal}->_sub( 'userError', "Bad password for $self->{portal}->{user}" );
$self->{portal}
->_sub( 'userError', "Bad password for $self->{portal}->{user}" );
return PE_BADCREDENTIALS;
}
@ -183,68 +182,94 @@ sub userModifyPassword {
# First case: no ppolicy
if ( !$self->{portal}->{ldapPpolicyControl} ) {
if ( $self->{portal}->{ldapSetPassword} ) {
if ( $self->{portal}->{ldapSetPassword} ) {
# Use SetPassword extended operation
use Net::LDAP::Extension::SetPassword;
$mesg = ( $oldpassword )
? $self->set_password( user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword )
: $self->set_password( user => $dn,
newpassword => $newpassword );
$mesg =
($oldpassword)
? $self->set_password(
user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword
)
: $self->set_password(
user => $dn,
newpassword => $newpassword
);
# Catch the "Unwilling to perform" error
return PE_BADOLDPASSWORD if ( $mesg->code == 53 );
} else {
if ( $oldpassword ) {
}
else {
if ($oldpassword) {
# Check old password with a bind
$mesg = $self->bind ($dn, password => $oldpassword);
$mesg = $self->bind( $dn, password => $oldpassword );
return PE_BADOLDPASSWORD if ( $mesg->code != 0 );
# Rebind as Manager
$self->bind();
}
# Use standard modification
$mesg = $self->modify( $dn,
replace => { userPassword => $newpassword } );
$mesg =
$self->modify( $dn, replace => { userPassword => $newpassword } );
}
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
return PE_LDAPERROR unless ( $mesg->code == 0 );
$self->{portal}->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
$self->{portal}
->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
return PE_PASSWORD_OK;
}
else {
# Create Control object
my $pp = Net::LDAP::Control::PasswordPolicy->new;
if ( $self->{portal}->{ldapSetPassword} ) {
if ( $self->{portal}->{ldapSetPassword} ) {
# Use SetPassword extended operation
# Warning: need a patch on Perl-LDAP
# See http://groups.google.com/group/perl.ldap/browse_thread/thread/5703a41ccb17b221/377a68f872cc2bb4?lnk=gst&q=setpassword#377a68f872cc2bb4
use Net::LDAP::Extension::SetPassword;
$mesg = ( $oldpassword )
? $self->set_password( user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword,
control => [$pp] )
: $self->set_password( user => $dn,
newpassword => $newpassword,
control => [$pp] );
$mesg =
($oldpassword)
? $self->set_password(
user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword,
control => [$pp]
)
: $self->set_password(
user => $dn,
newpassword => $newpassword,
control => [$pp]
);
# Catch the "Unwilling to perform" error
return PE_BADOLDPASSWORD if ( $mesg->code == 53 );
} else {
if ( $oldpassword ) {
}
else {
if ($oldpassword) {
# Check old password with a bind
$mesg = $self->bind($dn, password => $oldpassword);
$mesg = $self->bind( $dn, password => $oldpassword );
return PE_BADOLDPASSWORD if ( $mesg->code != 0 );
# Rebind as Manager
$self->bind();
}
# Use standard modification
$mesg = $self->modify( $dn,
replace => { userPassword => $newpassword },
control => [$pp] );
$mesg = $self->modify(
$dn,
replace => { userPassword => $newpassword },
control => [$pp]
);
}
# Get server control response
@ -253,14 +278,17 @@ sub userModifyPassword {
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
if ( $mesg->code == 0 ) {
$self->{portal}->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
$self->{portal}->_sub( 'userNotice',
"Password changed $self->{portal}->{user}" );
return PE_PASSWORD_OK;
}
if ( defined $resp ) {
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
$self->{portal}->_sub( 'userError', "Password policy error $pp_error for $self->{portal}->{user}" );
$self->{portal}->_sub( 'userError',
"Password policy error $pp_error for $self->{portal}->{user}"
);
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
@ -288,8 +316,17 @@ sub ldap {
if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self)
and my $mesg = $self->{ldap}->bind )
{
return $self->{ldap} if ( $mesg->code == 0 );
$self->lmLog( "LDAP error: " . $mesg->error, 'error' );
if ( $mesg->code != 0 ) {
$self->lmLog( "LDAP error: " . $mesg->error, 'error' );
}
else {
if ( $self->{ldapPpolicyControl} and not $self->{ldap}->loadPP() ) {
$self->lmLog("LDAP password policy error");
}
else {
return $self->{ldap};
}
}
}
else {
$self->lmLog( "LDAP error: $@", 'error' );

7
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SOAP.pm
Unescape View File

@ -20,15 +20,16 @@ sub startSoapServices {
$self->{CustomSOAPServices} ||= {};
# TODO: insert here the SAML SOAP functions
$self->{CustomSOAPServices}->{'/SAMLAuthority'} = '' if($self->{SAMLIssuer});
$self->{CustomSOAPServices}->{'/SAMLAuthority'} = ''
if ( $self->{SAMLIssuer} );
if (
$ENV{PATH_INFO}
and my $tmp = {
%{$self->{CustomSOAPServices}},
%{ $self->{CustomSOAPServices} },
'/sessions' => 'getAttributes',
'/adminSessions' => 'getAttributes setAttributes '
. 'newSession deleteSession get_key_from_all_sessions',
'/config' => 'getConfig lastCfg'
'/config' => 'getConfig lastCfg'
}->{ $ENV{PATH_INFO} }
)
{

12
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_WebForm.pm
Unescape View File

@ -27,15 +27,15 @@ sub extractFormInfo {
return PE_FORMEMPTY
unless (
(
(
length( $self->{'user'} = $self->param('user') ) > 0
)
( length( $self->{'user'} = $self->param('user') ) > 0 )
&& (
(
length( $self->{'password'} = $self->param('password') ) > 0
)
|| (
length($self->{'newpassword'} = $self->param('newpassword') ) > 0
length(
$self->{'newpassword'} = $self->param('newpassword')
) > 0
)
)
)
@ -43,7 +43,7 @@ sub extractFormInfo {
);
$self->{'oldpassword'} = $self->param('oldpassword');
$self->{'confirmpassword'} = $self->param('confirmpassword');
$self->{'timezone'} = $self->param('timezone');
$self->{'timezone'} = $self->param('timezone');
PE_OK;
}
@ -68,7 +68,7 @@ sub setAuthSessionInfo {
# Store user timezone
$self->{sessionInfo}->{'_timezone'} = $self->{'timezone'};
PE_OK;
}

Write Preview
Loading…
Cancel
Save