2006-12-18 12:32:33 +01:00
|
|
|
package Lemonldap::NG::Portal::SharedConf;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Lemonldap::NG::Portal::Simple qw(:all);
|
2008-11-17 17:59:56 +01:00
|
|
|
use Lemonldap::NG::Common::Conf;
|
2006-12-30 22:22:28 +01:00
|
|
|
use Safe;
|
2006-12-18 12:32:33 +01:00
|
|
|
|
|
|
|
*EXPORT_OK = *Lemonldap::NG::Portal::Simple::EXPORT_OK;
|
|
|
|
*EXPORT_TAGS = *Lemonldap::NG::Portal::Simple::EXPORT_TAGS;
|
|
|
|
*EXPORT = *Lemonldap::NG::Portal::Simple::EXPORT;
|
|
|
|
|
2007-01-13 20:34:03 +01:00
|
|
|
our $VERSION = "0.42";
|
2006-12-18 12:32:33 +01:00
|
|
|
our @ISA = qw(Lemonldap::NG::Portal::Simple);
|
|
|
|
|
2006-12-30 22:22:28 +01:00
|
|
|
# Secure jail
|
|
|
|
our $safe = new Safe;
|
|
|
|
|
2007-01-11 07:42:57 +01:00
|
|
|
##################
|
2007-01-13 20:34:03 +01:00
|
|
|
# OVERLOADED SUB #
|
2007-01-11 07:42:57 +01:00
|
|
|
##################
|
|
|
|
|
2008-11-17 17:59:56 +01:00
|
|
|
# getConf: all parameters returned by the Lemonldap::NG::Common::Conf object
|
2007-01-11 07:42:57 +01:00
|
|
|
# are copied in $self
|
2008-11-17 17:59:56 +01:00
|
|
|
# See Lemonldap::NG::Common::Conf(3) for more
|
2006-12-18 12:32:33 +01:00
|
|
|
sub getConf {
|
|
|
|
my $self = shift;
|
2007-02-28 23:36:19 +01:00
|
|
|
my %args;
|
|
|
|
if ( ref( $_[0] ) ) {
|
|
|
|
%args = %{ $_[0] };
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
%args = @_;
|
|
|
|
}
|
|
|
|
%$self = ( %$self, %args );
|
2008-04-10 11:40:16 +02:00
|
|
|
|
2008-04-10 11:34:21 +02:00
|
|
|
# For better performance the Portal can use the configuration stored in
|
|
|
|
# the local file system by the handlers. This can be used when
|
|
|
|
# configuration is not local (type DBI or SOAP)
|
2008-04-10 11:40:16 +02:00
|
|
|
my $tmp = 0;
|
2008-04-10 11:34:21 +02:00
|
|
|
if ( $self->{useLocalCachedConf} and $self->{localStorage} ) {
|
2008-04-10 11:40:16 +02:00
|
|
|
$tmp = $self->localGetConf();
|
|
|
|
}
|
|
|
|
unless ($tmp) {
|
|
|
|
$self->{lmConf} =
|
2008-11-17 17:59:56 +01:00
|
|
|
Lemonldap::NG::Common::Conf->new( $self->{configStorage} )
|
2008-04-10 11:40:16 +02:00
|
|
|
unless $self->{lmConf};
|
|
|
|
return 0 unless ( ref( $self->{lmConf} ) );
|
|
|
|
$tmp = $self->{lmConf}->getConf;
|
|
|
|
return 0 unless $tmp;
|
2008-04-10 11:34:21 +02:00
|
|
|
}
|
2008-04-10 11:40:16 +02:00
|
|
|
|
2007-02-28 23:36:19 +01:00
|
|
|
# Local configuration prepends global
|
|
|
|
$self->{$_} = $args{$_} || $tmp->{$_} foreach ( keys %$tmp );
|
2006-12-19 21:55:23 +01:00
|
|
|
1;
|
2006-12-18 12:32:33 +01:00
|
|
|
}
|
|
|
|
|
2008-04-10 11:34:21 +02:00
|
|
|
sub localGetConf {
|
|
|
|
my $self = shift;
|
|
|
|
$self->{_refLocalStorage} ||= $self->localStorageObject;
|
|
|
|
return $self->{_refLocalStorage}->get('conf');
|
|
|
|
}
|
|
|
|
|
|
|
|
sub localStorageObject {
|
|
|
|
my $self = shift;
|
2008-04-10 11:40:16 +02:00
|
|
|
eval "use " . $self->{localStorage};
|
2008-04-10 11:34:21 +02:00
|
|
|
if ($@) {
|
2008-10-07 22:15:48 +02:00
|
|
|
print STDERR "Unable to load "
|
|
|
|
. $self->{localStorage}
|
|
|
|
. ", local configuration cache is disabled: $@\n";
|
2008-04-10 11:40:16 +02:00
|
|
|
return 0;
|
2008-04-10 11:34:21 +02:00
|
|
|
}
|
|
|
|
my $refLocalStorage;
|
|
|
|
eval '$refLocalStorage = new '
|
|
|
|
. $self->{localStorage}
|
|
|
|
. '($self->{localStorageOptions});';
|
|
|
|
if ($@) {
|
|
|
|
print STDERR "Unable to access to local configuration storage : $@\n";
|
2008-04-10 11:40:16 +02:00
|
|
|
return 0;
|
2008-04-10 11:34:21 +02:00
|
|
|
}
|
|
|
|
return $refLocalStorage;
|
|
|
|
}
|
|
|
|
|
2007-01-13 20:34:03 +01:00
|
|
|
# Here is implemented the 'macro' mechanism.
|
2008-04-10 11:40:16 +02:00
|
|
|
our $self; # Safe cannot share a variable declared with my
|
|
|
|
|
2007-01-13 20:34:03 +01:00
|
|
|
sub setMacros {
|
|
|
|
local $self = shift;
|
2006-12-18 12:32:33 +01:00
|
|
|
die __PACKAGE__ . ": Unable to get configuration"
|
|
|
|
unless ( $self->getConf(@_) );
|
2008-04-10 11:40:16 +02:00
|
|
|
while ( my ( $n, $e ) = each( %{ $self->{macros} } ) ) {
|
2007-01-13 20:34:03 +01:00
|
|
|
$e =~ s/\$(\w+)/\$self->{sessionInfo}->{$1}/g;
|
|
|
|
$safe->share( '$self', '&encode_base64' );
|
|
|
|
$self->{sessionInfo}->{$n} = $safe->reval($e);
|
|
|
|
}
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Here is implemented the 'groups' mechanism. See Lemonldap::NG::Portal for
|
|
|
|
# more.
|
|
|
|
sub setGroups {
|
|
|
|
local $self = shift;
|
2006-12-18 12:32:33 +01:00
|
|
|
my $groups;
|
|
|
|
foreach ( keys %{ $self->{groups} } ) {
|
|
|
|
my $filter = $self->scanexpr( $self->{groups}->{$_} );
|
|
|
|
next if ( $filter eq "0" );
|
|
|
|
if ( $filter eq "1" ) {
|
|
|
|
$groups .= "$_ ";
|
|
|
|
next;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$filter = "(&(uid=" . $self->{user} . ")$filter)";
|
|
|
|
}
|
|
|
|
my $mesg = $self->{ldap}->search(
|
|
|
|
base => $self->{ldapBase},
|
|
|
|
filter => $filter,
|
|
|
|
attrs => ["uid"],
|
|
|
|
);
|
|
|
|
if ( $mesg->code() != 0 ) {
|
|
|
|
print STDERR $mesg->error . "\n$filter\n";
|
|
|
|
return PE_LDAPERROR;
|
|
|
|
}
|
|
|
|
my $entry = $mesg->entry(0);
|
|
|
|
if ($entry) {
|
|
|
|
$groups .= "$_ ";
|
|
|
|
}
|
2007-11-07 17:06:26 +01:00
|
|
|
}
|
|
|
|
if ( $self->{ldapGroupBase} ) {
|
|
|
|
my $mesg = $self->{ldap}->search(
|
|
|
|
base => $self->{ldapGroupBase},
|
2008-10-07 22:15:48 +02:00
|
|
|
filter => "(|(member="
|
|
|
|
. $self->{dn}
|
|
|
|
. ")(uniqueMember="
|
|
|
|
. $self->{dn} . "))",
|
2008-04-10 11:40:16 +02:00
|
|
|
attrs => ["cn"],
|
2007-11-07 17:06:26 +01:00
|
|
|
);
|
|
|
|
if ( $mesg->code() == 0 ) {
|
2008-04-10 11:40:16 +02:00
|
|
|
foreach my $entry ( $mesg->all_entries ) {
|
2007-11-07 17:06:26 +01:00
|
|
|
my @values = $entry->get_value("cn");
|
|
|
|
$groups .= $values[0] . " ";
|
|
|
|
}
|
|
|
|
}
|
2006-12-18 12:32:33 +01:00
|
|
|
}
|
|
|
|
$self->{sessionInfo}->{groups} = $groups;
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2007-01-11 07:42:57 +01:00
|
|
|
# Internal sub used to replace Perl expressions in 'groups' rules.
|
2006-12-18 12:32:33 +01:00
|
|
|
sub scanexpr {
|
|
|
|
my $self = shift;
|
|
|
|
local $_ = shift;
|
2006-12-30 22:22:28 +01:00
|
|
|
my $result;
|
2006-12-18 12:32:33 +01:00
|
|
|
|
|
|
|
# Perl expressions
|
2006-12-30 22:22:28 +01:00
|
|
|
if ( s/^{(.*)}$/$1/ or $_ !~ /^\(.*\)$/ ) {
|
2006-12-18 12:32:33 +01:00
|
|
|
s/\$(\w+)/\$self->{sessionInfo}->{$1}/g;
|
2008-04-10 11:40:16 +02:00
|
|
|
$safe->share( '$self', '&encode_base64' );
|
2006-12-30 22:22:28 +01:00
|
|
|
$result = $safe->reval($_);
|
|
|
|
return $result ? "1" : "0";
|
2006-12-18 12:32:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Simple LDAP expression
|
|
|
|
unless (/[^\\][\({]/) {
|
|
|
|
return $_;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Node
|
|
|
|
my $brackets = 0;
|
|
|
|
my $exprCount = 0;
|
|
|
|
my $tmp;
|
|
|
|
my $subexpr;
|
|
|
|
my $esc = 0;
|
2006-12-30 22:22:28 +01:00
|
|
|
$result = "";
|
2006-12-18 12:32:33 +01:00
|
|
|
my $cond = substr $_, 1, 1;
|
|
|
|
my $or = ( $cond eq '|' );
|
|
|
|
|
|
|
|
for ( my $i = 2 ; $i < ( length($_) - 1 ) ; $i++ ) {
|
|
|
|
$tmp = substr $_, $i, 1;
|
|
|
|
$subexpr .= $tmp;
|
|
|
|
if ($esc) {
|
|
|
|
$esc = 0;
|
|
|
|
next;
|
|
|
|
}
|
|
|
|
$esc++ if ( $tmp eq "\\" );
|
|
|
|
$brackets++ if ( $tmp =~ /^[\({]$/ );
|
|
|
|
$brackets-- if ( $tmp =~ /^[\)}]$/ );
|
|
|
|
unless ($brackets) {
|
|
|
|
$subexpr = $self->scanexpr($subexpr);
|
|
|
|
if ( $subexpr eq "1" ) {
|
|
|
|
return "1" if ($or);
|
|
|
|
}
|
|
|
|
elsif ( $subexpr eq "0" ) {
|
|
|
|
return "0" unless ($or);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$exprCount++;
|
2006-12-30 22:22:28 +01:00
|
|
|
$result .= $subexpr;
|
2006-12-18 12:32:33 +01:00
|
|
|
}
|
|
|
|
$subexpr = '';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
die "Incorrect expression" if $brackets;
|
2006-12-30 22:22:28 +01:00
|
|
|
return $result if ( $result eq "0" or $result eq "1" );
|
|
|
|
return $result if ( $exprCount == 1 );
|
|
|
|
return "($cond$result)";
|
2006-12-18 12:32:33 +01:00
|
|
|
}
|
|
|
|
|
2007-10-27 08:02:02 +02:00
|
|
|
# With SharedConf, $locationRules contains a hash table with virtual hosts as
|
|
|
|
# keys. So we can use it to know all protected virtual hosts.
|
|
|
|
sub getProtectedSites {
|
|
|
|
my $self = shift;
|
|
|
|
my @tab = ();
|
|
|
|
return ( keys %{ $self->{locationRules} } )
|
|
|
|
if ( ref $self->{locationRules} );
|
|
|
|
return ();
|
|
|
|
}
|
|
|
|
|
2006-12-18 12:32:33 +01:00
|
|
|
1;
|
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
Lemonldap::NG::Portal::SharedConf - Module for building Lemonldap::NG
|
|
|
|
compatible portals using a central configuration database.
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2006-12-24 09:37:27 +01:00
|
|
|
use Lemonldap::NG::Portal::SharedConf;
|
|
|
|
my $portal = new Lemonldap::NG::Portal::SharedConf( {
|
|
|
|
configStorage => {
|
|
|
|
type => 'DBI',
|
|
|
|
dbiChain => "dbi:mysql:...",
|
|
|
|
dbiUser => "lemonldap",
|
|
|
|
dbiPassword => "password",
|
|
|
|
dbiTable => "lmConfig",
|
|
|
|
},
|
|
|
|
} );
|
2006-12-18 12:32:33 +01:00
|
|
|
|
|
|
|
if($portal->process()) {
|
|
|
|
# Write here the menu with CGI methods. This page is displayed ONLY IF
|
|
|
|
# the user was not redirected here.
|
2008-06-06 05:51:39 +02:00
|
|
|
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see L<CGI(3)>)
|
2006-12-18 12:32:33 +01:00
|
|
|
print "...";
|
|
|
|
|
|
|
|
# or redirect the user to the menu
|
|
|
|
print $portal->redirect( -uri => 'https://portal/menu');
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
# Write here the html form used to authenticate with CGI methods.
|
|
|
|
# $portal->error returns the error message if athentification failed
|
|
|
|
# Warning: by defaut, input names are "user" and "password"
|
2008-06-06 05:51:39 +02:00
|
|
|
print $portal->header('text/html; charset=utf8'); # DON'T FORGET THIS (see L<CGI(3)>)
|
2006-12-18 12:32:33 +01:00
|
|
|
print "...";
|
|
|
|
print '<form method="POST">';
|
|
|
|
# In your form, the following value is required for redirection
|
|
|
|
print '<input type="hidden" name="url" value="'.$portal->param('url').'">';
|
|
|
|
# Next, login and password
|
|
|
|
print 'Login : <input name="user"><br>';
|
|
|
|
print 'Password : <input name="password" type="password" autocomplete="off">';
|
|
|
|
print '<input type="submit" value="go" />';
|
|
|
|
print '</form>';
|
|
|
|
}
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
Lemonldap::NG::Portal::SharedConf is the base module for building Lemonldap::NG
|
|
|
|
compatible portals using a central database configuration. You have to use by
|
|
|
|
inheritance.
|
|
|
|
|
2006-12-24 09:37:27 +01:00
|
|
|
See L<Lemonldap::NG::Portal::SharedConf> for a complete example.
|
2006-12-18 12:32:33 +01:00
|
|
|
|
|
|
|
=head1 METHODS
|
|
|
|
|
|
|
|
Same as L<Lemonldap::NG::Portal::Simple>, but Lemonldap::NG::Portal::SharedConf
|
|
|
|
adds a new sub:
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item * scanexpr: used by setGroups to read combined LDAP and Perl expressions.
|
|
|
|
See L<Lemonldap::NG::Portal> for more.
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head3 Args
|
|
|
|
|
|
|
|
Lemonldap::NG::Portal::SharedConf use the same arguments than
|
|
|
|
L<Lemonldap::NG::Portal::Simple>, but you can set them either using local
|
|
|
|
variables passed to C<new()> or using variables issued from the database.
|
|
|
|
|
|
|
|
=head2 EXPORT
|
|
|
|
|
|
|
|
=head3 Constants
|
|
|
|
|
|
|
|
Same as L<Lemonldap::NG::Portal::Simple>.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2006-12-24 09:37:27 +01:00
|
|
|
L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Portal::SharedConf>,
|
2007-04-02 21:13:05 +02:00
|
|
|
L<Lemonldap::NG::Handler>, L<Lemonldap::NG::Manager>,
|
|
|
|
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
|
2006-12-18 12:32:33 +01:00
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
2007-11-21 15:03:22 +01:00
|
|
|
Xavier Guimard, E<lt>x.guimard@free.frE<gt>,
|
|
|
|
Thomas Chemineau, E<lt>thomas.chemineau@linagora.comE<gt>
|
2006-12-18 12:32:33 +01:00
|
|
|
|
2007-04-14 15:12:11 +02:00
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
|
|
|
L<http://forge.objectweb.org/tracker/?group_id=274>
|
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
2006-12-18 12:32:33 +01:00
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
2007-11-21 15:03:22 +01:00
|
|
|
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt> and
|
|
|
|
Thomas Chemineau, E<lt>thomas.chemineau@linagora.comE<gt>
|
2006-12-18 12:32:33 +01:00
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
it under the same terms as Perl itself, either Perl version 5.8.4 or,
|
|
|
|
at your option, any later version of Perl 5 you may have available.
|
|
|
|
|
|
|
|
=cut
|