lemonldap-ng/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm

package Lemonldap::NG::Portal::AuthLDAP;

use Lemonldap::NG::Portal::Simple;

our $VERSION = '0.1';

sub authInit {
}

sub extractFormInfo {
    my $self = shift;
    return PE_FIRSTACCESS
      unless ( $self->param('user') );
    return PE_FORMEMPTY
      unless ( length( $self->{'user'} = $self->param('user') ) > 0
        && length( $self->{'password'} = $self->param('password') ) > 0 );
    PE_OK;
}

sub setAuthSessionInfo {
    PE_OK;
}

sub authenticate {
    my $self = shift;
    $self->unbind();
    my $err;
    return $err unless ( ( $err = $self->connectLDAP ) == PE_OK );
    # Check if we use Ppolicy control
    if ( $self->{ldapPpolicyControl} ) {

        # require Perl module
        eval 'require Net::LDAP::Control::PasswordPolicy';
        if ($@) {
            print STDERR "Module Net::LDAP::Control::PasswordPolicy not found in @INC\n";
            return PE_LDAPERROR;
        }
        no strict 'subs';

        # Create Control object
        my $pp = Net::LDAP::Control::PasswordPolicy->new;

        # Bind with user credentials
        my $mesg = $self->{ldap}->bind(
            $self->{dn},
            password => $self->{password},
            control  => [$pp]
        );

        # Get server control response
        my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");

	# Get expiration warning and graces
	$self->{ppolicy}->{time_before_expiration} = $resp->time_before_expiration;
	$self->{ppolicy}->{grace_authentications_remaining} = $resp->grace_authentications_remaining;

        # Get bind response
        return PE_OK if ( $mesg->code == 0 );

        if ( defined $resp ) {
            my $pp_error = $resp->pp_error;
            if ( defined $pp_error ) {
                return [
                    PE_PP_PASSWORD_EXPIRED,
                    PE_PP_ACCOUNT_LOCKED,
                    PE_PP_CHANGE_AFTER_RESET,
                    PE_PP_PASSWORD_MOD_NOT_ALLOWED,
                    PE_PP_MUST_SUPPLY_OLD_PASSWORD,
                    PE_PP_INSUFFICIENT_PASSWORD_QUALITY,
                    PE_PP_PASSWORD_TOO_SHORT,
                    PE_PP_PASSWORD_TOO_YOUNG,
                    PE_PP_PASSWORD_IN_HISTORY,
                ]->[$pp_error];
            }
            else {
                return PE_BADCREDENTIALS;
            }
        }
        else {
            return PE_LDAPERROR;
        }
    }
    else {
        return PE_BADCREDENTIALS
          unless (
            $self->_bind( $self->{ldap}, $self->{dn}, $self->{password} ) );
    }
    $self->{sessionInfo}->{authenticationLevel} = 2;
    PE_OK;
}

1;
LEMONLDAP::NG : missing file 2008-06-06 14:42:35 +02:00			`package Lemonldap::NG::Portal::AuthLDAP;`

			`use Lemonldap::NG::Portal::Simple;`

			`our $VERSION = '0.1';`

			`sub authInit {`
			`}`

			`sub extractFormInfo {`
			`my $self = shift;`
			`return PE_FIRSTACCESS`
			`unless ( $self->param('user') );`
			`return PE_FORMEMPTY`
			`unless ( length( $self->{'user'} = $self->param('user') ) > 0`
			`&& length( $self->{'password'} = $self->param('password') ) > 0 );`
			`PE_OK;`
			`}`

			`sub setAuthSessionInfo {`
			`PE_OK;`
			`}`

			`sub authenticate {`
			`my $self = shift;`
			`$self->unbind();`
			`my $err;`
			`return $err unless ( ( $err = $self->connectLDAP ) == PE_OK );`
			`# Check if we use Ppolicy control`
			`if ( $self->{ldapPpolicyControl} ) {`

			`# require Perl module`
			`eval 'require Net::LDAP::Control::PasswordPolicy';`
Resolve Ppolicy constant bug #310433 2008-07-18 15:52:11 +02:00			`if ($@) {`
			`print STDERR "Module Net::LDAP::Control::PasswordPolicy not found in @INC\n";`
			`return PE_LDAPERROR;`
LEMONLDAP::NG : complete integration of Password Policy (i18n not done) 2008-08-08 18:19:16 +02:00			`}`
LEMONLDAP::NG : missing file 2008-06-06 14:42:35 +02:00			`no strict 'subs';`

			`# Create Control object`
			`my $pp = Net::LDAP::Control::PasswordPolicy->new;`

			`# Bind with user credentials`
			`my $mesg = $self->{ldap}->bind(`
			`$self->{dn},`
			`password => $self->{password},`
			`control => [$pp]`
			`);`

			`# Get server control response`
Resolve Ppolicy constant bug #310433 2008-07-18 15:52:11 +02:00			`my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");`
LEMONLDAP::NG : missing file 2008-06-06 14:42:35 +02:00
LemonLDAP::NG : pre-release of new Portal::Menu module 2008-09-18 10:34:17 +02:00			`# Get expiration warning and graces`
			`$self->{ppolicy}->{time_before_expiration} = $resp->time_before_expiration;`
			`$self->{ppolicy}->{grace_authentications_remaining} = $resp->grace_authentications_remaining;`

			`# Get bind response`
			`return PE_OK if ( $mesg->code == 0 );`

LEMONLDAP::NG : missing file 2008-06-06 14:42:35 +02:00			`if ( defined $resp ) {`
LemonLDAP::NG : pre-release of new Portal::Menu module 2008-09-18 10:34:17 +02:00			`my $pp_error = $resp->pp_error;`
Resolve bug #310434 2008-06-27 10:49:20 +02:00			`if ( defined $pp_error ) {`
LEMONLDAP::NG : complete integration of Password Policy (i18n not done) 2008-08-08 18:19:16 +02:00			`return [`
			`PE_PP_PASSWORD_EXPIRED,`
			`PE_PP_ACCOUNT_LOCKED,`
			`PE_PP_CHANGE_AFTER_RESET,`
			`PE_PP_PASSWORD_MOD_NOT_ALLOWED,`
			`PE_PP_MUST_SUPPLY_OLD_PASSWORD,`
			`PE_PP_INSUFFICIENT_PASSWORD_QUALITY,`
			`PE_PP_PASSWORD_TOO_SHORT,`
			`PE_PP_PASSWORD_TOO_YOUNG,`
			`PE_PP_PASSWORD_IN_HISTORY,`
			`]->[$pp_error];`
LEMONLDAP::NG : missing file 2008-06-06 14:42:35 +02:00			`}`
			`else {`
			`return PE_BADCREDENTIALS;`
			`}`
			`}`
			`else {`
			`return PE_LDAPERROR;`
			`}`
			`}`
			`else {`
			`return PE_BADCREDENTIALS`
			`unless (`
			`$self->_bind( $self->{ldap}, $self->{dn}, $self->{password} ) );`
			`}`
			`$self->{sessionInfo}->{authenticationLevel} = 2;`
			`PE_OK;`
			`}`

			`1;`