From 740ad09f9f58d06cc75c36c74dfc7cc9aad0b564 Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Sun, 5 Apr 2009 08:12:16 +0000
Subject: [PATCH] Safelib + LDAPFilter parameter

---
 modules/lemonldap-ng-common/MANIFEST          |  3 +-
 .../lib/Lemonldap/NG/Common/Safelib.pm        | 47 +++++++++++++++++++
 .../t/{10-Common.t => 30-Common-Safelib.t}    |  2 +-
 .../lib/Lemonldap/NG/Handler/Simple.pm        | 11 +++--
 .../lib/Lemonldap/NG/Manager.pm               |  4 ++
 .../lib/Lemonldap/NG/Portal/AuthSSL.pm        |  4 +-
 .../lib/Lemonldap/NG/Portal/Simple.pm         |  5 +-
 .../lib/Lemonldap/NG/Portal/UserDBLDAP.pm     | 14 +++---
 8 files changed, 75 insertions(+), 15 deletions(-)
 create mode 100644 modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm
 rename modules/lemonldap-ng-common/t/{10-Common.t => 30-Common-Safelib.t} (89%)

diff --git a/modules/lemonldap-ng-common/MANIFEST b/modules/lemonldap-ng-common/MANIFEST
index f36def4aa..ed523fe24 100644
--- a/modules/lemonldap-ng-common/MANIFEST
+++ b/modules/lemonldap-ng-common/MANIFEST
@@ -12,6 +12,7 @@ lib/Lemonldap/NG/Common/Conf/DBI.pm
 lib/Lemonldap/NG/Common/Conf/File.pm
 lib/Lemonldap/NG/Common/Conf/SOAP.pm
 lib/Lemonldap/NG/Common/Crypto.pm
+lib/Lemonldap/NG/Common/Safelib.pm
 Makefile.PL
 MANIFEST
 META.yml			Module meta-data (added by MakeMaker)
@@ -22,8 +23,8 @@ t/01-Common-Conf.t
 t/02-Common-Conf-File.t
 t/03-Common-Conf-DBI.t
 t/04-Common-Conf-SOAP.t
-t/10-Common.t
 t/20-Common-CGI.t
+t/30-Common-Safelib
 t/99-pod.t
 tools/apache-session-mysql.sql
 tools/lmConfig.mysql
diff --git a/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm b/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm
new file mode 100644
index 000000000..dea9497a7
--- /dev/null
+++ b/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm
@@ -0,0 +1,47 @@
+package Lemonldap::NG::Common::Safelib;
+
+use strict;
+
+#use AutoLoader qw(AUTOLOAD);
+
+our $VERSION = '0.01';
+
+# Set here all the names of functions that must be available in Safe objects.
+# Not that only functions, not methods, can be written here
+our $functions = [qw()];
+
+1;
+__END__
+
+=head1 NAME
+
+Lemonldap::NG::Common::Safelib - Contains functions that are automatically
+imported in Lemonldap::NG Safe objects to be used in expressions like rules,
+macros,...
+
+=head1 SYNOPSIS
+
+Private module not documented.
+
+=head1 DESCRIPTION
+
+Private module not documented.
+
+=head1 SEE ALSO
+
+L<Lemonldap::NG::Manager>, L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Handler>
+
+=head1 AUTHOR
+
+Xavier Guimard, E<lt>guimard@E<gt>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright (C) 2009 by Xavier Guimard
+
+This library is free software; you can redistribute it and/or modify
+it under the same terms as Perl itself, either Perl version 5.10.0 or,
+at your option, any later version of Perl 5 you may have available.
+
+=cut
+
diff --git a/modules/lemonldap-ng-common/t/10-Common.t b/modules/lemonldap-ng-common/t/30-Common-Safelib.t
similarity index 89%
rename from modules/lemonldap-ng-common/t/10-Common.t
rename to modules/lemonldap-ng-common/t/30-Common-Safelib.t
index 27a3851be..24f1a540f 100644
--- a/modules/lemonldap-ng-common/t/10-Common.t
+++ b/modules/lemonldap-ng-common/t/30-Common-Safelib.t
@@ -6,7 +6,7 @@
 # change 'tests => 1' to 'tests => last_test_to_print';
 
 use Test::More tests => 1;
-BEGIN { use_ok('Lemonldap::NG::Common') }
+BEGIN { use_ok('Lemonldap::NG::Common::Safelib') }
 
 #########################
 
diff --git a/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm b/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm
index 4e61a8229..c4ec786d0 100644
--- a/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm
+++ b/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm
@@ -18,6 +18,7 @@ use strict;
 use MIME::Base64;
 use Exporter 'import';
 use Safe;
+use Lemonldap::NG::Common::Safelib;    #link protected safe Safe object
 require Data::Dumper;
 require POSIX;
 
@@ -355,6 +356,9 @@ sub safe {
             }";
         $class->lmLog( $@, 'error' ) if ($@);
     }
+    $safe->share_from( 'main', ['%ENV'] );
+    $safe->share_from( 'Lemonldap::NG::Common::Safelib',
+        $Lemonldap::NG::Common::Safelib::functions );
     $safe->share( '&encode_base64', '$datas', '&lmSetHeaderIn',
         '$apacheRequest', @t );
     return $safe;
@@ -558,8 +562,8 @@ sub defaultValuesInit {
     $whatToTrace =~ s/\$//g;
     $https = $args->{https} unless defined($https);
     $https = 1 unless defined($https);
-    $args->{securedCookie} = 1 unless defined($args->{securedCookie});
-    $cookieName .= 'http' if($args->{securedCookie} == 2 and $https == 0);
+    $args->{securedCookie} = 1 unless defined( $args->{securedCookie} );
+    $cookieName .= 'http' if ( $args->{securedCookie} == 2 and $https == 0 );
     $port = $args->{port} || 0 unless defined($port);
     $customFunctions = $args->{customFunctions};
     1;
@@ -701,7 +705,8 @@ sub buildPostForm {
             $r->print(
 qq{<html><body onload="document.getElementById('f').submit()"><form id="f" method="post" action="$url"><input type=hidden name="a" value="}
                   . sprintf( "%0" . $count . "d", 1 )
-                  . qq{"/><input type="submit" value="Ok"/></form></body></html>} );
+                  . qq{"/><input type="submit" value="Ok"/></form></body></html>}
+            );
             OK;
         }
     );
diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
index 070742e4e..0652c9978 100644
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
@@ -16,6 +16,7 @@ require Lemonldap::NG::Manager::_Response; #inherits
 require Lemonldap::NG::Manager::_i18n; #inherits
 require Lemonldap::NG::Manager::Help; #inherits
 use Lemonldap::NG::Common::Conf::Constants; #inherits
+use Lemonldap::NG::Common::Safelib;           #link protected safe Safe object
 use LWP::UserAgent;
 use Safe;
 use MIME::Base64;
@@ -45,6 +46,9 @@ sub safe {
         eval "sub $_ {1}";
         $self->lmLog( $@, 'error' ) if ($@);
     }
+    $safe->share_from( 'main', ['%ENV'] );
+    $safe->share_from( 'Lemonldap::NG::Common::Safelib',
+        $Lemonldap::NG::Common::Safelib::functions );
     $safe->share( '&encode_base64', @t );
     return $safe;
 }
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
index bbc75337d..82bb8c417 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSSL.pm
@@ -40,7 +40,7 @@ sub extractFormInfo {
     if ($user) {
         $self->{sessionInfo}->{authenticationLevel} = 5;
         $self->{user} = $user;
-        $self->{authFilter} ||=
+        $self->{AuthLDAPFilter} ||=
           '(&(' . $self->{SSLLDAPField} . "=$user)(objectClass=inetOrgPerson))";
         return PE_OK;
     }
@@ -48,7 +48,7 @@ sub extractFormInfo {
         $self->_sub('userError',"No certificate found for $ENV{REMOTE_ADDR}");
         return PE_CERTIFICATEREQUIRED;
     }
-    $self->{authFilter} = '';
+    $self->{AuthLDAPFilter} = '';
     return $self->SUPER::extractFormInfo(@_);
 }
 
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index 7f9d1b6d6..d1a0ca2c9 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -16,6 +16,7 @@ use Lemonldap::NG::Common::CGI;
 use CGI::Cookie;
 require POSIX;
 use Lemonldap::NG::Portal::_i18n;    #inherits
+use Lemonldap::NG::Common::Safelib;    #link protected safe Safe object
 use Safe;
 
 # Special comments for doxygen
@@ -450,6 +451,8 @@ sub safe {
         $self->lmLog( $@, 'error' ) if ($@);
     }
     $safe->share_from( 'main', ['%ENV'] );
+    $safe->share_from( 'Lemonldap::NG::Common::Safelib',
+        $Lemonldap::NG::Common::Safelib::functions );
     $safe->share( '&encode_base64', @t );
     return $safe;
 }
@@ -1038,7 +1041,7 @@ Creates the ldap filter using $self->{user}. By default :
 
   $self->{filter} = "(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";
 
-If $self->{authFilter} is set, it is used instead of this. This is used by
+If $self->{AuthLDAPFilter} is set, it is used instead of this. This is used by
 Lemonldap::NG::Portal::Auth* modules to overload filter.
 
 =head3 connectLDAP
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBLDAP.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBLDAP.pm
index c2e872892..b2d0f770f 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBLDAP.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBLDAP.pm
@@ -31,12 +31,12 @@ sub getUser {
 # @return Lemonldap::NG::Portal constant
 sub formateFilter {
     my $self = shift;
-    $self->{filter} =
-         $self->{authFilter}
-      || $self->{filter};
-    $self->{filter} =~ s/\$(user|_?password)/$self->{$1}/g;
-    $self->{filter} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
-    $self->{filter} ||= "(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";
+    $self->{LDAPFilter} =
+         $self->{AuthLDAPFilter}
+      || $self->{LDAPFilter};
+    $self->{LDAPFilter} ||= '(&(uid=$user)(objectClass=inetOrgPerson))';
+    $self->{LDAPFilter} =~ s/\$(user|_?password)/$self->{$1}/g;
+    $self->{LDAPFilter} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
     PE_OK;
 }
 
@@ -51,7 +51,7 @@ sub search {
     my $mesg = $self->ldap->search(
         base   => $self->{ldapBase},
         scope  => 'sub',
-        filter => $self->{filter},
+        filter => $self->{LDAPFilter},
     );
     if ( $mesg->code() != 0 ) {
         $self->lmLog( $mesg->error, 'error' );