* New feature: 'macros' parameter can be used to add exported variables

calculated with other LDAP attributes. It can be used to simplify rules configuration * Correction of bad use of Safe in portal: groups mechanism was not working well since we use Safe
2007-01-13 19:34:03 +00:00 · 2007-01-13 19:34:03 +00:00 · 23d2343774
parent 6f2a40e4ed
commit 23d2343774
9 changed files with 110 additions and 49 deletions
--- a/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/SharedConf/DBI.pm
+++ b/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/SharedConf/DBI.pm
@ -14,7 +14,7 @@ BEGIN {
    }
 }

-our $VERSION = '0.51';
+our $VERSION = '0.52';

 our @ISA = qw(Lemonldap::NG::Handler::SharedConf);

@ -142,6 +142,8 @@ stored configuration has changed and reload it if it has.
    locationRules text,
    globalStorage text,
    globalStorageOptions text,
+    groups text,
+    macros text,
    exportedHeaders text,
    portal text,
    domain text,
--- a/modules/lemonldap-ng-manager/Changes
+++ b/modules/lemonldap-ng-manager/Changes
@ -1,5 +1,11 @@
 Revision history for Perl extension Lemonldap::NG::Manager.

+0.4   Sat Jan 13 20:23:18 2007
+	- New configuration parameter named 'macros'. It can be used to
+	  declare new attributes (exported vars) calculated with Perl
+	  expressions on variables.
+	  TODO: documentation (but french help is done)
+
 0.3   Thu Jan 4 9:22:34 2007
 	- Help system skeleton and help in french

--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
@ -12,7 +12,7 @@ require Lemonldap::NG::Manager::Help;

 our @ISA = qw(Lemonldap::NG::Manager::Base);

-our $VERSION = '0.3';
+our $VERSION = '0.4';

 sub new {
    my ( $class, $args ) = @_;
@ -129,6 +129,9 @@ sub printXmlConf {
                            text => &exportedVars,
                            item => {},
                        },
+			macros => {
+			    text => &macros,
+			},
                        ldapParameters => {
                            text => &ldapParameters,
                            item => {},
@ -156,17 +159,13 @@ sub printXmlConf {
    };
    my $generalParameters = $tree->{item}->{item}->{generalParameters}->{item};
    my $exportedVars =
-      $tree->{item}->{item}->{generalParameters}->{item}->{exportedVars}
-      ->{item};
+      $tree->{item}->{item}->{generalParameters}->{item}->{exportedVars}->{item};
    my $ldapParameters =
-      $tree->{item}->{item}->{generalParameters}->{item}->{ldapParameters}
-      ->{item};
+      $tree->{item}->{item}->{generalParameters}->{item}->{ldapParameters}->{item};
    my $sessionStorage =
-      $tree->{item}->{item}->{generalParameters}->{item}->{sessionStorage}
-      ->{item};
+      $tree->{item}->{item}->{generalParameters}->{item}->{sessionStorage}->{item};
    my $globalStorageOptions =
-      $tree->{item}->{item}->{generalParameters}->{item}->{sessionStorage}
-      ->{item}->{globalStorageOptions}->{item};
+      $tree->{item}->{item}->{generalParameters}->{item}->{sessionStorage}->{item}->{globalStorageOptions}->{item};
    my $authParams =
      $tree->{item}->{item}->{generalParameters}->{item}->{authParams}->{item};
    $authParams->{authentication} =
@ -215,11 +214,9 @@ sub printXmlConf {
    }

    if ( $config->{globalStorageOptions} ) {
-        $tree->{item}->{item}->{generalParameters}->{item}->{sessionStorage}
-          ->{item}->{globalStorageOptions}->{item} = {};
+        $tree->{item}->{item}->{generalParameters}->{item}->{sessionStorage}->{item}->{globalStorageOptions}->{item} = {};
        $globalStorageOptions =
-          $tree->{item}->{item}->{generalParameters}->{item}->{sessionStorage}
-          ->{item}->{globalStorageOptions}->{item};
+          $tree->{item}->{item}->{generalParameters}->{item}->{sessionStorage}->{item}->{globalStorageOptions}->{item};
        while ( my ( $n, $opt ) = each( %{ $config->{globalStorageOptions} } ) )
        {
            $globalStorageOptions->{$n} = $self->xmlField( "both", $opt, $n );
@ -261,6 +258,13 @@ sub printXmlConf {
            $groups->{$group} = $self->xmlField( 'both', $expr, $group );
        }
    }
+    if ( $config->{macros} ) {
+	$tree->{item}->{item}->{generalParameters}->{item}->{macros}->{item} = {};
+	my $macros = $tree->{item}->{item}->{generalParameters}->{item}->{macros}->{item};
+	while ( my ( $macro, $expr ) = each( %{ $config->{macros} } ) ) {
+	    $macros->{$macro} = $self->xmlField( 'both', $expr, $macro );
+	}
+    }

    print XMLout(
        $tree,
@ -328,20 +332,15 @@ sub upload {
    }
    $config->{cookieName} = $tree->{generalParameters}->{cookieName}->{value};
    $config->{domain}     = $tree->{generalParameters}->{domain}->{value};
-    $config->{globalStorage} =
-      $tree->{generalParameters}->{sessionStorage}->{globalStorage}->{value};
-    while (
-        my ( $v, $h ) = each(
-            %{
-                $tree->{generalParameters}->{sessionStorage}
-                  ->{globalStorageOptions}
-              }
-        )
-      )
-    {
+    $config->{globalStorage} = $tree->{generalParameters}->{sessionStorage}->{globalStorage}->{value};
+    while ( my ( $v, $h ) = each( %{ $tree->{generalParameters}->{sessionStorage}->{globalStorageOptions} })) {
        next unless ( ref($h) );
        $config->{globalStorageOptions}->{ $h->{text} } = $h->{value};
    }
+    while ( my ( $v, $h ) = each( %{ $tree->{generalParameters}->{macros} })) {
+        next unless ( ref($h) );
+	$config->{macros}->{ $h->{text} } = $h->{value};
+    }
    foreach (qw(ldapBase ldapPort ldapServer managerDn managerPassword)) {
        $config->{$_} =
          $tree->{generalParameters}->{ldapParameters}->{$_}->{value};
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Help.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Help.pm
@ -2,7 +2,7 @@ package Lemonldap::NG::Manager::Help;

 use AutoLoader qw(AUTOLOAD);
 use UNIVERSAL qw(can);
-our $VERSION = '0.2';
+our $VERSION = '0.21';

 sub import {
    my ($caller_package) = caller;
@ -18,7 +18,7 @@ sub import {
        }
    }
    $l ||= "en";
-    foreach $h (qw(virtualHosts groups ldap vars storage)) {
+    foreach $h (qw(virtualHosts groups ldap vars storage macros)) {
        *{"${caller_package}::help_$h"} = \&{"help_${h}_$l"};
    }
 }
@ -34,6 +34,12 @@ sub help_virtualHosts_en {
 EOT
 }

+sub help_macros_en {
+    print <<EOT;
+<h3>User Groups</h3>
+EOT
+}
+
 sub help_groups_en {
    print <<EOT;
 <h3>User Groups</h3>
@ -91,6 +97,25 @@ comme suit&nbsp;: <tt>&lt;nom de l'en-t&ecirc;te&gt; =&gt; &lt;expression Perl&g
 EOT
 }

+sub help_macros_fr {
+    print <<EOT;
+<h3>Macros</h3>
+<p> Les macros permettent d'ajouter des variables calculées à partir des
+attributs LDAP (variables exportées). Elles évitent de répéter le même calcul
+plusieurs fois dans la configuration. Exemple&nbsp;:</p>
+<pre>
+    # macros
+    nom_complet => \$givenname . " " . \$surname
+    admin => \$uid eq "foo" or \$uid eq "bar"
+    
+    # test.example.com - En-têtes
+    Nom => \$nom_complet
+    
+    # test.example.com - Règles
+    ^/admin/ => \$admin
+EOT
+}
+
 sub help_groups_fr {
    print <<EOT;
 <h3>Groupes d'utilisateurs</h3>
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_HTML.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_HTML.pm
@ -5,7 +5,7 @@ package Lemonldap::NG::Manager::_HTML;
 # comes for the first time.

 use AutoLoader qw(AUTOLOAD);
-our $VERSION = '0.05';
+our $VERSION = '0.1';

 1;
 __END__
@ -129,6 +129,10 @@ function onNodeSelect(nodeId) {
    }
    help('virtualHosts');
  }
+  else if(nodeIs(nodeId,"macros")){
+    but+=button('Nouvelle macro','newMacro',nodeId);
+    help('macros');
+  }
  else if(nodeIs(nodeId,"groups")){
    but+=button('Nouveau groupe','newGroup',nodeId);
    help('groups');
@ -214,6 +218,10 @@ function newGroup(id){
  newValue('groups','New-group','both','');
 }

+function newMacro(id){
+  newValue('macros','newMacro','both','');
+}
+
 function newVar(id){
  newValue('exportedVars','New-var','both','uid');
 }
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
@ -2,7 +2,7 @@ package Lemonldap::NG::Manager::_i18n;

 use AutoLoader qw(AUTOLOAD);
 use UNIVERSAL qw(can);
-our $VERSION = '0.1';
+our $VERSION = '0.11';

 sub import {
    my ($caller_package) = caller;
@ -40,6 +40,7 @@ sub fr {
        globalStorageOptions => 'Param&egrave;tres du module Apache::Session',
        authParams           => "Param&egrave;tres d'authentification",
        userGroups           => "Groupes d'utilisateurs",
+	macros               => "Macros",
        virtualHosts         => "H&ocirc;tes virtuels",
        authenticationType   => "Type d'authentification",
        securedCookie        => 'Cookie s&eacute;curis&eacute; (SSL)',
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm
@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;

 print STDERR
 "See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
-our $VERSION = "0.52";
+our $VERSION = "0.6";

 1;

--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf.pm
@ -9,14 +9,14 @@ use Safe;
 *EXPORT_TAGS = *Lemonldap::NG::Portal::Simple::EXPORT_TAGS;
 *EXPORT      = *Lemonldap::NG::Portal::Simple::EXPORT;

-our $VERSION = "0.41";
+our $VERSION = "0.42";
 our @ISA     = qw(Lemonldap::NG::Portal::Simple);

 # Secure jail
 our $safe = new Safe;

 ##################
-# OVERLOADED sub #
+# OVERLOADED SUB #
 ##################

 # getConf: all parameters returned by the Lemonldap::NG::Manager::Conf object
@ -35,12 +35,24 @@ sub getConf {
    1;
 }

-# Here is implemented the 'groups' mechanism. See Lemnldap::NG::Portal for
-# more.
-sub setGroups {
-    my $self = shift;
+# Here is implemented the 'macro' mechanism.
+our $self; # Safe cannot share a variable declared with my
+sub setMacros {
+    local $self = shift;
    die __PACKAGE__ . ": Unable to get configuration"
      unless ( $self->getConf(@_) );
+    while ( my($n, $e) = each ( %{ $self->{macros} } ) ) {
+        $e =~ s/\$(\w+)/\$self->{sessionInfo}->{$1}/g;
+        $safe->share( '$self', '&encode_base64' );
+        $self->{sessionInfo}->{$n} = $safe->reval($e);
+    }
+    PE_OK;
+}
+
+# Here is implemented the 'groups' mechanism. See Lemonldap::NG::Portal for
+# more.
+sub setGroups {
+    local $self = shift;
    my $groups;
    foreach ( keys %{ $self->{groups} } ) {
        my $filter = $self->scanexpr( $self->{groups}->{$_} );
@ -79,7 +91,7 @@ sub scanexpr {
    # Perl expressions
    if ( s/^{(.*)}$/$1/ or $_ !~ /^\(.*\)$/ ) {
        s/\$(\w+)/\$self->{sessionInfo}->{$1}/g;
-        $safe->share( '$self', '$result' );
+        $safe->share( '$self', '&encode_base64'  );
        $result = $safe->reval($_);
        return $result ? "1" : "0";
    }
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@ -10,7 +10,7 @@ use warnings;
 use MIME::Base64;
 use CGI;

-our $VERSION = '0.42';
+our $VERSION = '0.5';

 our @ISA = qw(CGI Exporter);

@ -160,16 +160,17 @@ sub redirect {
    }
 }

-###################################
-# MAIN subroutine: call all steps #
-###################################
+###############################################################
+# MAIN subroutine: call all steps until one returns something #
+#                  different than PE_OK                       #
+###############################################################
 sub process {
    my ($self) = @_;
    $self->{error} = PE_OK;
    foreach my $sub
      qw(controlUrlOrigin extractFormInfo formateParams formateFilter
-      connectLDAP bind search setSessionInfo setGroups authenticate store unbind
-      buildCookie log autoRedirect) {
+      connectLDAP bind search setSessionInfo setMacros setGroups authenticate
+      store unbind buildCookie log autoRedirect) {
        if ( $self->{$sub} )
        {
            last if ( $self->{error} = &{ $self->{$sub} }($self) );
@ -193,6 +194,8 @@ sub controlUrlOrigin {
 # TODO: what to do with existing sessions ?
 #       - delete and create a new session
 #       - re-authentication (actual scheme)
+#       - nothing: user is authenticated and process
+#                  returns true
 sub controlExistingSession {
    PE_OK;
 }
@ -290,11 +293,16 @@ sub setSessionInfo {
 }

 # 9. Unused here, but overloaded in SharedConf.pm
+sub setMacros {
+    PE_OK;
+}
+
+# 10. Unused here, but overloaded in SharedConf.pm
 sub setGroups {
    PE_OK;
 }

-# 10. Now, LDAP will not be used by Lemonldap except for LDAP
+# 11. Now, LDAP will not be used by Lemonldap except for LDAP
 #     authentication scheme
 sub unbind {
    my $self = shift;
@ -303,7 +311,7 @@ sub unbind {
    PE_OK;
 }

-# 11. Default authentication: LDAP bind with user credentials
+# 12. Default authentication: LDAP bind with user credentials
 sub authenticate {
    my $self = shift;
    return PE_OK if ( $self->{id} );
@ -315,7 +323,7 @@ sub authenticate {
    PE_OK;
 }

-# 12. Now, the user is authenticated. It's time to store his parameters with
+# 13. Now, the user is authenticated. It's time to store his parameters with
 #     Apache::Session::* module
 sub store {
    my ($self) = @_;
@ -332,7 +340,7 @@ sub store {
    PE_OK;
 }

-# 13. If all is done, we build the Lemonldap::NG cookie
+# 14. If all is done, we build the Lemonldap::NG cookie
 sub buildCookie {
    my $self = shift;
    $self->{cookie} = $self->cookie(
@ -346,7 +354,7 @@ sub buildCookie {
    PE_OK;
 }

-# 14. By default, nothing is logged. Users actions are logged on applications.
+# 15. By default, nothing is logged. Users actions are logged on applications.
 #     It's easy to override this in the contructor :
 #       my $portal = new Lemonldap::NG::Portal ( {
 #                    ...
@ -360,7 +368,7 @@ sub log {
    PE_OK;
 }

-# 15. If the user was redirected to the portal, we will now redirect him
+# 16. If the user was redirected to the portal, we will now redirect him
 #     to the requested URL
 sub autoRedirect {
    my $self = shift;