diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST index a881b9095..2e8ce07c4 100644 --- a/lemonldap-ng-portal/MANIFEST +++ b/lemonldap-ng-portal/MANIFEST @@ -49,7 +49,6 @@ lib/Lemonldap/NG/Portal/AuthOpenID.pm lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm lib/Lemonldap/NG/Portal/AuthRadius.pm lib/Lemonldap/NG/Portal/AuthSAML.pm -lib/Lemonldap/NG/Portal/AuthSSL.pm lib/Lemonldap/NG/Portal/AuthTwitter.pm lib/Lemonldap/NG/Portal/AuthWebID.pm lib/Lemonldap/NG/Portal/AuthYubikey.pm diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm deleted file mode 100644 index a49b3a41a..000000000 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm +++ /dev/null @@ -1,208 +0,0 @@ -##@file -# SSL authentication backend file - -##@class -# SSL authentication backend class -package Lemonldap::NG::Portal::AuthSSL; - -use strict; -use Lemonldap::NG::Portal::Simple; -use Lemonldap::NG::Portal::AuthNull; - -our $VERSION = '2.0.0'; -our @ISA = qw(Lemonldap::NG::Portal::AuthNull); - -## @apmethod int authInit() -# Check if SSL environment variables are set. -# @return Lemonldap::NG::Portal constant -sub authInit { - my $self = shift; - $self->{SSLVar} ||= 'SSL_CLIENT_S_DN_Email'; - PE_OK; -} - -## @apmethod int extractFormInfo() -# Read username in SSL environment variables, or return an error -# @return Lemonldap::NG::Portal constant -sub extractFormInfo { - my $self = shift; - my $user = $self->https ? $ENV{ $self->{SSLVar} } : 0; - if ($user) { - $self->{user} = $user; - return PE_OK; - } - elsif ( $ENV{SSL_CLIENT_S_DN} ) { - $self->_sub( 'userError', - "$self->{SSLVar} was not found in user certificate" ); - return PE_BADCERTIFICATE; - } - else { - $self->_sub( 'userError', 'No certificate found' ); - return PE_CERTIFICATEREQUIRED; - } -} - -## @apmethod int setAuthSessionInfo() -# Set _user and authenticationLevel. -# @return Lemonldap::NG::Portal constant -sub setAuthSessionInfo { - my $self = shift; - - # Store user certificate login for basic rules - $self->{sessionInfo}->{'_user'} = $self->{'user'}; - - $self->{sessionInfo}->{authenticationLevel} = $self->{SSLAuthnLevel}; - PE_OK; -} - -## @apmethod int authenticate() -# Just test that SSL authentication has been done: job is done in -# extractFormInfo() -# @return Lemonldap::NG::Portal constant -sub authenticate { - my $self = shift; - return ( $self->{user} and $ENV{ $self->{SSLVar} } ) - ? PE_OK - : PE_ERROR; -} - -## @method string getDisplayType -# @return display type -sub getDisplayType { - return "logo"; -} - -1; - -__END__ - -=head1 NAME - -=encoding utf8 - -Lemonldap::NG::Portal::AuthSSL - Perl extension for building Lemonldap::NG -compatible portals with SSL authentication. - -=head1 SYNOPSIS - -With Lemonldap::NG::Portal::SharedConf, set authentication field to "SSL" in -configuration database. - -With Lemonldap::NG::Portal::Simple: - - use Lemonldap::NG::Portal::Simple; - my $portal = new Lemonldap::NG::Portal::Simple( - domain => 'example.com', - globalStorage => 'Apache::Session::MySQL', - globalStorageOptions => { - DataSource => 'dbi:mysql:database', - UserName => 'db_user', - Password => 'db_password', - TableName => 'sessions', - }, - ldapServer => 'ldap.domaine.com', - securedCookie => 1, - authentication => 'SSL', - - # SSLVar: field to search in client certificate - # default: SSL_CLIENT_S_DN_Email the mail address - SSLVar => 'SSL_CLIENT_S_DN_CN', - ); - - if($portal->process()) { - # Write here the menu with CGI methods. This page is displayed ONLY IF - # the user was not redirected here. - print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3)) - print "..."; - - # or redirect the user to the menu - print $portal->redirect( -uri => 'https://portal/menu'); - } - else { - # If the user enters here, IT MEANS THAT YOUR SSL PARAMETERS ARE BAD - print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3)) - print "

Unable to work

"; - print "This server isn't well configured. Contact your administrator."; - print ""; - } - -Modify your httpd.conf: - - - SSLVerifyClient optional # or 'require' if login/password are disabled - SSLOptions +StdEnvVars - - -=head1 DESCRIPTION - -This library just overload few methods of Lemonldap::NG::Portal::Simple to use -Apache SSLv3 mechanism: we've just to verify that -C<$ENV{SSL_CLIENT_S_DN_Email}> exists. So remenber to export SSL variables -to CGI. - -If SSL is used, authenticationLevel is set to 5. You can use this parameter in -L rules to force users to use certificates in some -applications: - - virtualHost1 => { - 'default' => '$authenticationLevel > 5 and $uid = "jeff"', - }, - -Note that you can use Apache SSL environment variables in "exported variables". - -See L for usage and other methods. - -=head1 SEE ALSO - -L, L, -L - -=head1 AUTHOR - -=over - -=item Clement Oudot, Eclem.oudot@gmail.comE - -=item François-Xavier Deltombe, Efxdeltombe@gmail.com.E - -=item Xavier Guimard, Ex.guimard@free.frE - -=back - -=head1 BUG REPORT - -Use OW2 system to report bug or ask for features: -L - -=head1 DOWNLOAD - -Lemonldap::NG is available at -L - -=head1 COPYRIGHT AND LICENSE - -=over - -=item Copyright (C) 2006-2010 by Xavier Guimard, Ex.guimard@free.frE - -=item Copyright (C) 2012-2013 by François-Xavier Deltombe, Efxdeltombe@gmail.com.E - -=item Copyright (C) 2006-2012 by Clement Oudot, Eclem.oudot@gmail.comE - -=back - -This library is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see L. - -=cut - diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm index 36c680d16..0e522fcde 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm @@ -7,6 +7,29 @@ our $VERSION = '2.0.0'; package Lemonldap::NG::Portal::Main; use strict; +has skinRules => ( is => 'rw' ); + +sub displayInit { + my ($self) = @_; + $self->skinRules( [] ); + if ( $self->conf->{portalSkinRules} ) { + foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) { + my $sub = HANDLER->buildSub( HANDLER->substitute($skinRule) ); + if ($sub) { + push @{ $self->skinRules }, + [ $self->conf->{portalSkinRules}->{$skinRule}, $sub ]; + } + else { + $self->lmLog( + qq(Skin rule "$skinRule" returns an error: ) + . HANDLER->tsv->{jail}->error, + 'error' + ); + } + } + } +} + # Call portal process and set template parameters # @return template name and template parameters sub display { @@ -376,12 +399,10 @@ sub getSkin { $req->{sessionInfo}->{ipAddr} ||= $req->remote_ip; # Load specific skin from skinRules - if ( $self->conf->{portalSkinRules} ) { - foreach my $skinRule ( sort keys %{ $self->conf->{portalSkinRules} } ) { - if ( HANDLER->tsv->{jail}->reval($skinRule) ) { - $skin = $self->conf->{portalSkinRules}->{$skinRule}; - $self->lmLog( "Skin $skin selected from skin rule", 'debug' ); - } + foreach my $rule ( @{ $self->skinRules } ) { + if ( $rule->[1]->( $req->sessionInfo ) ) { + $skin = $rule->[0]; + $self->lmLog( "Skin $skin selected from skin rule", 'debug' ); } } @@ -433,7 +454,8 @@ sub mkSessionArray { . 'DateIP address'; $tmp .= "" . $self->conf->{sessionDataToRemember}->{$_} . "" foreach ( keys %{ $self->conf->{sessionDataToRemember} } ); - $tmp .= 'Error message' if ($displayError); + $tmp .= 'Error message' + if ($displayError); $tmp .= ''; foreach my $session (@$sessions) { diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm index 2a9b1b356..34bf85e23 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm @@ -251,6 +251,7 @@ sub reloadConf { } $self->menu( $self->loadPlugin('::Main::Menu') ); + $self->displayInit; 1; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm index 9d5177a65..319bafe66 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm @@ -138,6 +138,7 @@ sub deleteSession { 'debug' ); } + # TODO # Collect logout services and build hidden iFrames #if ( $self->{logoutServices} and %{ $self->{logoutServices} } ) { @@ -267,9 +268,10 @@ sub setSessionInfo { if $self->conf->{timeoutActivity}; } - # Get environment variables matching exportedVars + # Get environment variables matching exportedVars (works only with HTTP_* + # and SSL_*: see Main/Request.pm) foreach ( keys %{ $self->conf->{exportedVars} } ) { - if ( my $tmp = $ENV{ $self->conf->{exportedVars}->{$_} } ) { + if ( my $tmp = $req->{ $self->conf->{exportedVars}->{$_} } ) { $tmp =~ s/[\r\n]/ /gs; $req->{sessionInfo}->{$_} = $tmp; }