From 5a04d1ff61db779cd1ffc80ebd5ce38edf19314c Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Wed, 23 Mar 2016 12:55:09 +0000 Subject: [PATCH] Import encrypt in header functions (closes: #983) --- .../lib/Lemonldap/NG/Common/Safelib.pm | 4 +-- .../lib/Lemonldap/NG/Handler/Main/Jail.pm | 10 ++++-- .../NG/Handler/Main/SharedVariables.pm | 1 + .../lib/Lemonldap/NG/Manager/Attributes.pm | 35 +++++++++++-------- .../Lemonldap/NG/Manager/Build/Attributes.pm | 18 +++++----- 5 files changed, 41 insertions(+), 27 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm index 6f11edba9..729556658 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm @@ -162,9 +162,7 @@ sub iso2unicode { # @param value Value to check # @return int Number of values that match sub groupMatch { - my $groups = shift; - my $attribute = shift; - my $value = shift; + my ( $groups, $attribute, $value ) = @_; my $match = 0; diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm index 2b0019432..3d0037336 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm @@ -15,8 +15,8 @@ has jail => ( is => 'rw' ); our $VERSION = '2.0.0'; -our $datas; *datas = *Lemonldap::NG::Handler::Main::SharedVariables::datas; +*tsv = *Lemonldap::NG::Handler::Main::SharedVariables::tsv; ## @imethod protected build_jail() # Build and return the security jail used to compile rules and headers. @@ -70,12 +70,18 @@ sub build_jail { &unparsed_uri &args &method &header_in ) ] ); - $self->jail->share_from( __PACKAGE__, [ @t, '&datas' ] ); + $self->jail->share_from( __PACKAGE__, + [ @t, '&tsv', '&datas', '&encrypt' ] ); $self->jail->share_from( 'MIME::Base64', ['&encode_base64'] ); return $self->jail; } +# Import crypto methods for jail +sub encrypt { + return &tsv->{cipher}->encrypt(@_); +} + ## @method reval # Fake reval method if useSafeJail is off sub reval { diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/SharedVariables.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/SharedVariables.pm index 9a339218a..a1f8de0d3 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/SharedVariables.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/SharedVariables.pm @@ -54,6 +54,7 @@ BEGIN { \$_v->{$_} = \$v if(\$v); return \$_v->{$_}; }"; + die $@ if ($@); } } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index ea8b65ae3..a88c754b5 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -28,7 +28,8 @@ sub types { 'encode_base64', 'checkLogonHours', 'date', 'checkDate', 'basic', 'unicode2iso', - 'iso2unicode', 'groupMatch' + 'iso2unicode', 'groupMatch', + 'encrypt' ); push @cf, defined $conf->{'customFunctions'} ? map( { @@ -41,7 +42,7 @@ sub types { $s = "sub $f {1} $s"; } eval "$s $val"; - return $@ ? ( 0, "__badExpression__: $@" ) : 1; + return $@ ? ( 1, "__badExpression__: $@" ) : 1; } }, 'catAndAppList' => { @@ -797,7 +798,8 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'encode_base64', 'checkLogonHours', 'date', 'checkDate', 'basic', 'unicode2iso', - 'iso2unicode', 'groupMatch' + 'iso2unicode', 'groupMatch', + 'encrypt' ); push @cf, defined $conf->{'customFunctions'} ? map( { @@ -810,7 +812,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- $s = "sub $f {1} $s"; } eval $s; - return $@ ? ( 0, "__badExpression__: $@" ) : 1; + return $@ ? ( 1, "__badExpression__: $@" ) : 1; } }, 'type' => 'keyTextContainer' @@ -880,7 +882,8 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'encode_base64', 'checkLogonHours', 'date', 'checkDate', 'basic', 'unicode2iso', - 'iso2unicode', 'groupMatch' + 'iso2unicode', 'groupMatch', + 'encrypt' ); push @cf, defined $conf->{'customFunctions'} ? map( { @@ -893,7 +896,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- $s = "sub $f {1} $s"; } eval "$s $val"; - return $@ ? ( 0, "__badExpression__: $@" ) : 1; + return $@ ? ( 1, "__badExpression__: $@" ) : 1; }, 'test' => sub { 1; @@ -909,7 +912,8 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'encode_base64', 'checkLogonHours', 'date', 'checkDate', 'basic', 'unicode2iso', - 'iso2unicode', 'groupMatch' + 'iso2unicode', 'groupMatch', + 'encrypt' ); push @cf, defined $conf->{'customFunctions'} ? map( { @@ -922,7 +926,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- $s = "sub $f {1} $s"; } eval "$s $val"; - return $@ ? ( 0, "__badExpression__: $@" ) : 1; + return $@ ? ( 1, "__badExpression__: $@" ) : 1; }, 'type' => 'keyTextContainer' }, @@ -1189,7 +1193,8 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'encode_base64', 'checkLogonHours', 'date', 'checkDate', 'basic', 'unicode2iso', - 'iso2unicode', 'groupMatch' + 'iso2unicode', 'groupMatch', + 'encrypt' ); push @cf, defined $conf->{'customFunctions'} ? map( { @@ -1202,7 +1207,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- $s = "sub $f {1} $s"; } eval $s; - return $@ ? ( 0, "__badExpression__: $@" ) : 1; + return $@ ? ( 1, "__badExpression__: $@" ) : 1; } }, 'type' => 'ruleContainer' @@ -1226,7 +1231,8 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'encode_base64', 'checkLogonHours', 'date', 'checkDate', 'basic', 'unicode2iso', - 'iso2unicode', 'groupMatch' + 'iso2unicode', 'groupMatch', + 'encrypt' ); push @cf, defined $conf->{'customFunctions'} ? map( { @@ -1239,7 +1245,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- $s = "sub $f {1} $s"; } eval "$s $val"; - return $@ ? ( 0, "__badExpression__: $@" ) : 1; + return $@ ? ( 1, "__badExpression__: $@" ) : 1; }, 'type' => 'keyTextContainer' }, @@ -1843,7 +1849,8 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- 'encode_base64', 'checkLogonHours', 'date', 'checkDate', 'basic', 'unicode2iso', - 'iso2unicode', 'groupMatch' + 'iso2unicode', 'groupMatch', + 'encrypt' ); push @cf, defined $conf->{'customFunctions'} ? map( { @@ -1856,7 +1863,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0- $s = "sub $f {1} $s"; } eval "$s $val"; - return $@ ? ( 0, "__badExpression__: $@" ) : 1; + return $@ ? ( 1, "__badExpression__: $@" ) : 1; }, 'msgFail' => '__badValue__', 'test' => qr/^\w+$/, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 1290c26bb..13f930224 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -12,9 +12,11 @@ use Regexp::Common qw/URI/; my $perlExpr = sub { my ( $val, $conf ) = @_; - my $s = ''; - my @cf = - qw(encode_base64 checkLogonHours date checkDate basic unicode2iso iso2unicode groupMatch); + my $s = ''; + my @cf = qw( + encode_base64 checkLogonHours date checkDate basic unicode2iso + iso2unicode groupMatch encrypt + ); push @cf, defined $conf->{customFunctions} ? map { my $f = $_; $f =~ s/\w+:://g; ( $f, $_ ) } @@ -24,7 +26,7 @@ my $perlExpr = sub { $s = "sub $f {1} $s"; } eval "$s $val"; - return $@ ? ( 0, "__badExpression__: $@" ) : (1); + return $@ ? ( 1, "__badExpression__: $@" ) : (1); }; my $url = $RE{URI}{HTTP}{ -scheme => "https?" }; @@ -921,7 +923,7 @@ sub attributes { } $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g; my @cf = - qw(encode_base64 checkLogonHours date checkDate basic unicode2iso iso2unicode groupMatch); + qw(encode_base64 checkLogonHours date checkDate basic unicode2iso iso2unicode groupMatch encrypt); push @cf, defined $conf->{customFunctions} ? map { my $f = $_; $f =~ s/\w+:://g; ( $f, $_ ) } @@ -931,7 +933,7 @@ sub attributes { $s = "sub $f {1} $s"; } eval $s; - return $@ ? ( 0, "__badExpression__: $@" ) : (1); + return $@ ? ( 1, "__badExpression__: $@" ) : (1); }, msgFail => '__badExpression__', }, @@ -954,7 +956,7 @@ sub attributes { my ( $val, $conf ) = @_; my $s = $val; my @cf = - qw(encode_base64 checkLogonHours date checkDate basic unicode2iso iso2unicode groupMatch); + qw(encode_base64 checkLogonHours date checkDate basic unicode2iso iso2unicode groupMatch encrypt); push @cf, defined $conf->{customFunctions} ? map { my $f = $_; $f =~ s/\w+:://g; ( $f, $_ ) } @@ -964,7 +966,7 @@ sub attributes { $s = "sub $f {1} $s"; } eval $s; - return $@ ? ( 0, "__badExpression__: $@" ) : (1); + return $@ ? ( 1, "__badExpression__: $@" ) : (1); } }, documentation => 'Virtualhost headers',