worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

* perltidy

Browse Source 
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()
environments/ppa-mbqj77/deployments/1
Xavier Guimard 16 years ago
parent bf488752b4
commit 655fd9e526
10 changed files with 156 additions and 116 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm
  2. 3
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
  3. 3
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm
  4. 26
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/PasswordDBLDAP.pm
  5. 95
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
  6. 3
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SOAP.pm
  7. 8
      modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_WebForm.pm

4
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm
Unescape View File

@ -20,10 +20,6 @@ use base qw(Lemonldap::NG::Portal::_WebForm);
# Load Net::LDAP::Control::PasswordPolicy if needed
# @return Lemonldap::NG::Portal constant
sub authInit {
my $self = shift;
if ( $self->{ldapPpolicyControl} and not $self->ldap->loadPP()) {
return PE_LDAPERROR;
}
PE_OK;
}

3
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
Unescape View File

@ -45,7 +45,8 @@ sub extractFormInfo {
return PE_OK;
}
elsif ( $self->{SSLRequire} ) {
$self->_sub('userError',"No certificate found for $ENV{REMOTE_ADDR}");
$self->_sub( 'userError',
"No certificate found for $ENV{REMOTE_ADDR}" );
return PE_CERTIFICATEREQUIRED;
}
$self->{AuthLDAPFilter} = '';

3
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm
Unescape View File

@ -300,7 +300,8 @@ sub _displayApplication {
|| "" );
# Display application
$html .= "<li title=\"$appid\" class=\"appname\"><span>"
$html .=
"<li title=\"$appid\" class=\"appname\"><span>"
. ( $appuri ? "<a href=\"$appuri\">$appname</a>" : "<a>$appname</a>" )
. "</span>\n";
my @appnodes = $app->findnodes("application");

26
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/PasswordDBLDAP.pm
Unescape View File

@ -14,14 +14,10 @@ our $VERSION = '0.2';
*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
*_search = *Lemonldap::NG::Portal::UserDBLDAP::search;
## @apmethod int apasswordDBInit()
## @apmethod int passwordDBInit()
# Load Net::LDAP::Control::PasswordPolicy if needed
# @return Lemonldap::NG::Portal constant
sub passwordDBInit {
my $self = shift;
if ( $self->{ldapPpolicyControl} and not $self->ldap->loadPP()) {
return PE_LDAPERROR;
}
PE_OK;
}
@ -47,7 +43,10 @@ sub modifyPassword {
$self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );
# Call the modify password method
return $self->ldap->userModifyPassword( $self->{dn}, $self->{newpassword}, $self->{confirmpassword}, $self->{oldpassword} );
return $self->ldap->userModifyPassword(
$self->{dn}, $self->{newpassword},
$self->{confirmpassword}, $self->{oldpassword}
);
PE_OK;
}
@ -91,16 +90,20 @@ sub resetPasswordByMail {
$self->lmLog( "Generated password: " . $password, 'debug' );
# Call the modify password method
my $pe_error = $self->ldap->userModifyPassword( $self->{dn}, $password, $password );
my $pe_error =
$self->ldap->userModifyPassword( $self->{dn}, $password, $password );
return $pe_error unless ( $pe_error == PE_PASSWORD_OK );
# If Password Policy, set the PwdReset flag
if ( $self->{ldapPpolicyControl} ) {
my $result = $self->ldap->modify( $self->{dn}, replace => { 'pwdReset' => 'TRUE' } );
my $result =
$self->ldap->modify( $self->{dn},
replace => { 'pwdReset' => 'TRUE' } );
unless ( $result->code == 0 ) {
$self->lmLog("LDAP modify pwdReset error: ".$result->code,'error');
$self->lmLog( "LDAP modify pwdReset error: " . $result->code,
'error' );
return PE_LDAPERROR;
}
@ -122,14 +125,15 @@ sub resetPasswordByMail {
Type => "TEXT",
Data => $self->{mailBody},
);
$self->{SMTPServer} ? $message->send("smtp",$self->{SMTPServer}) : $message->send();
$self->{SMTPServer}
? $message->send( "smtp", $self->{SMTPServer} )
: $message->send();
};
if ($@) {
$self->lmLog( "Send message failed: $@", 'error' );
return PE_ERROR;
}
PE_PASSWORD_OK;
}
1;

95
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
Unescape View File

@ -121,10 +121,7 @@ sub userBind {
my $pp = Net::LDAP::Control::PasswordPolicy->new();
# Bind with user credentials
my $mesg = $self->bind(
@_,
control => [$pp]
);
my $mesg = $self->bind( @_, control => [$pp] );
# Get server control response
my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
@ -137,7 +134,8 @@ sub userBind {
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
$self->{portal}->_sub( 'userError', "Password policy error $pp_error for $self->{portal}->{user}" );
$self->{portal}->_sub( 'userError',
"Password policy error $pp_error for $self->{portal}->{user}" );
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
@ -148,20 +146,21 @@ sub userBind {
PE_PP_PASSWORD_TOO_SHORT,
PE_PP_PASSWORD_TOO_YOUNG,
PE_PP_PASSWORD_IN_HISTORY,
]->[$pp_error];
]->[$pp_error]
or PE_ERROR;
}
elsif ( $mesg->code == 0 ) {
return PE_OK;
}
}
else {
my $mesg =
$self->bind( @_ );
my $mesg = $self->bind(@_);
if ( $mesg->code == 0 ) {
return PE_OK;
}
}
$self->{portal}->_sub( 'userError', "Bad password for $self->{portal}->{user}" );
$self->{portal}
->_sub( 'userError', "Bad password for $self->{portal}->{user}" );
return PE_BADCREDENTIALS;
}
@ -185,66 +184,92 @@ sub userModifyPassword {
if ( !$self->{portal}->{ldapPpolicyControl} ) {
if ( $self->{portal}->{ldapSetPassword} ) {
# Use SetPassword extended operation
use Net::LDAP::Extension::SetPassword;
$mesg = ( $oldpassword )
? $self->set_password( user => $dn,
$mesg =
($oldpassword)
? $self->set_password(
user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword )
: $self->set_password( user => $dn,
newpassword => $newpassword );
newpassword => $newpassword
)
: $self->set_password(
user => $dn,
newpassword => $newpassword
);
# Catch the "Unwilling to perform" error
return PE_BADOLDPASSWORD if ( $mesg->code == 53 );
} else {
}
else {
if ($oldpassword) {
# Check old password with a bind
$mesg = $self->bind( $dn, password => $oldpassword );
return PE_BADOLDPASSWORD if ( $mesg->code != 0 );
# Rebind as Manager
$self->bind();
}
# Use standard modification
$mesg = $self->modify( $dn,
replace => { userPassword => $newpassword } );
$mesg =
$self->modify( $dn, replace => { userPassword => $newpassword } );
}
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
return PE_LDAPERROR unless ( $mesg->code == 0 );
$self->{portal}->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
$self->{portal}
->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
return PE_PASSWORD_OK;
}
else {
# Create Control object
my $pp = Net::LDAP::Control::PasswordPolicy->new;
if ( $self->{portal}->{ldapSetPassword} ) {
# Use SetPassword extended operation
# Warning: need a patch on Perl-LDAP
# See http://groups.google.com/group/perl.ldap/browse_thread/thread/5703a41ccb17b221/377a68f872cc2bb4?lnk=gst&q=setpassword#377a68f872cc2bb4
use Net::LDAP::Extension::SetPassword;
$mesg = ( $oldpassword )
? $self->set_password( user => $dn,
$mesg =
($oldpassword)
? $self->set_password(
user => $dn,
oldpasswd => $oldpassword,
newpassword => $newpassword,
control => [$pp] )
: $self->set_password( user => $dn,
control => [$pp]
)
: $self->set_password(
user => $dn,
newpassword => $newpassword,
control => [$pp] );
control => [$pp]
);
# Catch the "Unwilling to perform" error
return PE_BADOLDPASSWORD if ( $mesg->code == 53 );
} else {
}
else {
if ($oldpassword) {
# Check old password with a bind
$mesg = $self->bind( $dn, password => $oldpassword );
return PE_BADOLDPASSWORD if ( $mesg->code != 0 );
# Rebind as Manager
$self->bind();
}
# Use standard modification
$mesg = $self->modify( $dn,
$mesg = $self->modify(
$dn,
replace => { userPassword => $newpassword },
control => [$pp] );
control => [$pp]
);
}
# Get server control response
@ -253,14 +278,17 @@ sub userModifyPassword {
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
if ( $mesg->code == 0 ) {
$self->{portal}->_sub( 'userNotice', "Password changed $self->{portal}->{user}" );
$self->{portal}->_sub( 'userNotice',
"Password changed $self->{portal}->{user}" );
return PE_PASSWORD_OK;
}
if ( defined $resp ) {
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
$self->{portal}->_sub( 'userError', "Password policy error $pp_error for $self->{portal}->{user}" );
$self->{portal}->_sub( 'userError',
"Password policy error $pp_error for $self->{portal}->{user}"
);
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
@ -288,9 +316,18 @@ sub ldap {
if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self)
and my $mesg = $self->{ldap}->bind )
{
return $self->{ldap} if ( $mesg->code == 0 );
if ( $mesg->code != 0 ) {
$self->lmLog( "LDAP error: " . $mesg->error, 'error' );
}
else {
if ( $self->{ldapPpolicyControl} and not $self->{ldap}->loadPP() ) {
$self->lmLog("LDAP password policy error");
}
else {
return $self->{ldap};
}
}
}
else {
$self->lmLog( "LDAP error: $@", 'error' );
}

3
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SOAP.pm
Unescape View File

@ -20,7 +20,8 @@ sub startSoapServices {
$self->{CustomSOAPServices} ||= {};
# TODO: insert here the SAML SOAP functions
$self->{CustomSOAPServices}->{'/SAMLAuthority'} = '' if($self->{SAMLIssuer});
$self->{CustomSOAPServices}->{'/SAMLAuthority'} = ''
if ( $self->{SAMLIssuer} );
if (
$ENV{PATH_INFO}
and my $tmp = {

8
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_WebForm.pm
Unescape View File

@ -27,15 +27,15 @@ sub extractFormInfo {
return PE_FORMEMPTY
unless (
(
(
length( $self->{'user'} = $self->param('user') ) > 0
)
( length( $self->{'user'} = $self->param('user') ) > 0 )
&& (
(
length( $self->{'password'} = $self->param('password') ) > 0
)
|| (
length($self->{'newpassword'} = $self->param('newpassword') ) > 0
length(
$self->{'newpassword'} = $self->param('newpassword')
) > 0
)
)
)

Write Preview
Loading…
Cancel
Save