dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

perl tidy

Browse Source
This commit is contained in:
David COUTADEUR 2017-06-23 09:57:07 +00:00
parent 6533b0a36b
commit 80f5d06e82
20 changed files with 3678 additions and 3525 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm
View File

@ -212,7 +212,9 @@ sub getConf {
# Create cipher object # Create cipher object
unless ( $args->{raw} ) { unless ( $args->{raw} ) {
eval { $res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} ); }; eval {
$res->{cipher} = Lemonldap::NG::Common::Crypto->new( $res->{key} );
};
if ($@) { if ($@) {
$msg .= "Bad key: $@. \n"; $msg .= "Bad key: $@. \n";
} }

48
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View File

@ -50,7 +50,8 @@ sub defaultValues {
'globalStorage' => 'Apache::Session::File', 'globalStorage' => 'Apache::Session::File',
'globalStorageOptions' => { 'globalStorageOptions' => {
'Directory' => '/var/lib/lemonldap-ng/sessions/', 'Directory' => '/var/lib/lemonldap-ng/sessions/',
'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', 'generateModule' =>
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
}, },
'groups' => {}, 'groups' => {},
@ -173,24 +174,33 @@ sub defaultValues {
'registerTimeout' => 0, 'registerTimeout' => 0,
'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP', 'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP',
'remoteGlobalStorageOptions' => { 'remoteGlobalStorageOptions' => {
'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', 'ns' =>
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
'proxy' => 'http://auth.example.com/sessions' 'proxy' => 'http://auth.example.com/sessions'
}, },
'requireToken' => 1, 'requireToken' => 1,
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'samlAuthnContextMapKerberos' => 4, 'samlAuthnContextMapKerberos' => 4,
'samlAuthnContextMapPassword' => 2, 'samlAuthnContextMapPassword' => 2,
'samlAuthnContextMapPasswordProtectedTransport' => 3, 'samlAuthnContextMapPasswordProtectedTransport' => 3,
'samlAuthnContextMapTLSClient' => 5, 'samlAuthnContextMapTLSClient' => 5,
'samlEntityID' => '#PORTAL#/saml/metadata', 'samlEntityID' => '#PORTAL#/saml/metadata',
'samlIdPResolveCookie' => 'lemonldapidp', 'samlIdPResolveCookie' => 'lemonldapidp',
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' =>
'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' =>
'samlIDPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', 'samlIDPSSODescriptorSingleLogoutServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1, 'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1,
'samlMetadataForceUTF8' => 1, 'samlMetadataForceUTF8' => 1,
'samlNameIDFormatMapEmail' => 'mail', 'samlNameIDFormatMapEmail' => 'mail',
@ -201,13 +211,19 @@ sub defaultValues {
'samlOrganizationName' => 'Example', 'samlOrganizationName' => 'Example',
'samlOrganizationURL' => 'http://www.example.com', 'samlOrganizationURL' => 'http://www.example.com',
'samlRelayStateTimeout' => 600, 'samlRelayStateTimeout' => 600,
'samlSPSSODescriptorArtifactResolutionServiceArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', 'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' =>
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
'samlSPSSODescriptorAuthnRequestsSigned' => 1, 'samlSPSSODescriptorAuthnRequestsSigned' => 1,
'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' =>
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
'samlSPSSODescriptorSingleLogoutServiceSOAP' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
'samlSPSSODescriptorSingleLogoutServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
'samlSPSSODescriptorWantAssertionsSigned' => 1, 'samlSPSSODescriptorWantAssertionsSigned' => 1,
'securedCookie' => 0, 'securedCookie' => 0,
'slaveAuthnLevel' => 2, 'slaveAuthnLevel' => 2,

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm
View File

@ -475,7 +475,7 @@ sub _casMetaDataNodes {
# Return all exported attributes if asked # Return all exported attributes if asked
if ( $query =~ if ( $query =~
/^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices)$/ /^(?:cas${type}MetaDataExportedVars|casSrvMetaDataOptionsProxiedServices)$/
) )
{ {
my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {}; my $pk = eval { $self->getConfKey( $req, $query )->{$partner} } // {};

3
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm
View File

@ -105,7 +105,8 @@ sub unset_header_in {
my $h = shift; my $h = shift;
my $h2 = lc $h; my $h2 = lc $h;
$h2 =~ s/-/_/g; $h2 =~ s/-/_/g;
$request->env->{'psgi.r'}->headers_in->unset($h) if ( $h1 eq $h2 ); $request->env->{'psgi.r'}->headers_in->unset($h)
if ( $h1 eq $h2 );
return 1; return 1;
} }
); );

6
lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
View File

@ -104,10 +104,12 @@ sub init {
} }
$self->menuLinks( [] ); $self->menuLinks( [] );
if ( my $portal = if (
my $portal =
$conf->{cfgNum} $conf->{cfgNum}
? Lemonldap::NG::Handler::PSGI::Main->tsv->{portal}->() ? Lemonldap::NG::Handler::PSGI::Main->tsv->{portal}->()
: $conf->{portal} ) : $conf->{portal}
)
{ {
push @{ $self->menuLinks }, push @{ $self->menuLinks },
{ {

296
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -22,12 +22,16 @@ sub types {
'boolOrExpr' => { 'boolOrExpr' => {
'msgFail' => '__notAValidPerlExpression__', 'msgFail' => '__notAValidPerlExpression__',
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = ''; my $s = '';
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval "$s $val"; eval "$s $val";
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
} }
}, },
'catAndAppList' => { 'catAndAppList' => {
@ -43,7 +47,8 @@ sub types {
'hostname' => { 'hostname' => {
'form' => 'text', 'form' => 'text',
'msgFail' => '__badHostname__', 'msgFail' => '__badHostname__',
'test' => qr/(?^:^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$)/ 'test' =>
qr/(?^:^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))?$)/
}, },
'int' => { 'int' => {
'msgFail' => '__notAnInteger__', 'msgFail' => '__notAnInteger__',
@ -63,10 +68,13 @@ sub types {
'lmAttrOrMacro' => { 'lmAttrOrMacro' => {
'form' => 'text', 'form' => 'text',
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
return 1 if defined $$conf{'macros'}{$val} or $val eq '_timezone'; return 1
foreach $_ (keys %$conf) { if defined $$conf{'macros'}{$val}
return 1 if $_ =~ /exportedvars$/i and defined $$conf{$_}{$val}; or $val eq '_timezone';
foreach $_ ( keys %$conf ) {
return 1
if $_ =~ /exportedvars$/i and defined $$conf{$_}{$val};
} }
return 1, "__unknownAttrOrMacro__: $val"; return 1, "__unknownAttrOrMacro__: $val";
} }
@ -117,10 +125,10 @@ sub types {
'test' => sub { 'test' => sub {
eval { eval {
do { do {
qr/$_[0]/ qr/$_[0]/;
} }
}; };
return $@ ? (0, "__badRegexp__: $@") : 1; return $@ ? ( 0, "__badRegexp__: $@" ) : 1;
} }
}, },
'PerlModule' => { 'PerlModule' => {
@ -145,17 +153,26 @@ sub types {
}, },
'RSAPrivateKey' => { 'RSAPrivateKey' => {
'test' => sub { 'test' => sub {
return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); return $_[0] =~
m[^(?:(?:\-+\s*BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:RSA\s+)PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
} }
}, },
'RSAPublicKey' => { 'RSAPublicKey' => {
'test' => sub { 'test' => sub {
return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); return $_[0] =~
m[^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
} }
}, },
'RSAPublicKeyOrCertificate' => { 'RSAPublicKeyOrCertificate' => {
'test' => sub { 'test' => sub {
return $_[0] =~ m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s ? 1 : (1, '__badPemEncoding__'); return $_[0] =~
m[^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$]s
? 1
: ( 1, '__badPemEncoding__' );
} }
}, },
'rule' => { 'rule' => {
@ -190,8 +207,12 @@ sub types {
}, },
'select' => { 'select' => {
'test' => sub { 'test' => sub {
my $test = grep({$_ eq $_[0];} map({$$_{'k'};} @{$_[2]{'select'};})); my $test =
return $test ? 1 : (1, "Invalid value '$_[0]' for this select"); grep( { $_ eq $_[0]; }
map( { $$_{'k'}; } @{ $_[2]{'select'}; } ) );
return $test
? 1
: ( 1, "Invalid value '$_[0]' for this select" );
} }
}, },
'subContainer' => { 'subContainer' => {
@ -213,7 +234,8 @@ sub types {
'url' => { 'url' => {
'form' => 'text', 'form' => 'text',
'msgFail' => '__badUrl__', 'msgFail' => '__badUrl__',
'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/ 'test' =>
qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/
} }
}; };
} }
@ -621,12 +643,16 @@ sub attributes {
}, },
'casAppMetaDataOptionsRule' => { 'casAppMetaDataOptionsRule' => {
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = ''; my $s = '';
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval "$s $val"; eval "$s $val";
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}, },
'type' => 'text' 'type' => 'text'
}, },
@ -676,7 +702,8 @@ sub attributes {
}, },
'casSrvMetaDataOptionsUrl' => { 'casSrvMetaDataOptionsUrl' => {
'msgFail' => '__badUrl__', 'msgFail' => '__badUrl__',
'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, 'test' =>
qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/,
'type' => 'text' 'type' => 'text'
}, },
'casStorage' => { 'casStorage' => {
@ -962,7 +989,8 @@ sub attributes {
'domain' => { 'domain' => {
'default' => 'example.com', 'default' => 'example.com',
'msgFail' => '__badDomainName__', 'msgFail' => '__badDomainName__',
'test' => qr/(?^:^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$)/, 'test' =>
qr/(?^:^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?))?$)/,
'type' => 'text' 'type' => 'text'
}, },
'exportedAttr' => { 'exportedAttr' => {
@ -970,17 +998,22 @@ sub attributes {
}, },
'exportedHeaders' => { 'exportedHeaders' => {
'keyMsgFail' => '__badHostname__', 'keyMsgFail' => '__badHostname__',
'keyTest' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, 'keyTest' =>
qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/,
'test' => { 'test' => {
'keyMsgFail' => '__badHeaderName__', 'keyMsgFail' => '__badHeaderName__',
'keyTest' => qr/(?^:^(?=[^\-])[\w\-]+(?<=[^-])$)/, 'keyTest' => qr/(?^:^(?=[^\-])[\w\-]+(?<=[^-])$)/,
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = $val; my $s = $val;
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval $s; eval $s;
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
} }
}, },
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
@ -1041,19 +1074,24 @@ sub attributes {
'globalStorageOptions' => { 'globalStorageOptions' => {
'default' => { 'default' => {
'Directory' => '/var/lib/lemonldap-ng/sessions/', 'Directory' => '/var/lib/lemonldap-ng/sessions/',
'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256', 'generateModule' =>
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/' 'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
}, },
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
}, },
'grantSessionRules' => { 'grantSessionRules' => {
'keyTest' => sub { 'keyTest' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = ''; my $s = '';
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval "$s $val"; eval "$s $val";
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}, },
'test' => sub { 'test' => sub {
1; 1;
@ -1063,12 +1101,16 @@ sub attributes {
'groups' => { 'groups' => {
'default' => {}, 'default' => {},
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = ''; my $s = '';
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval "$s $val"; eval "$s $val";
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}, },
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
}, },
@ -1121,15 +1163,20 @@ sub attributes {
'issuerDBGetParameters' => { 'issuerDBGetParameters' => {
'default' => {}, 'default' => {},
'keyMsgFail' => '__badHostname__', 'keyMsgFail' => '__badHostname__',
'keyTest' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, 'keyTest' =>
qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/,
'test' => { 'test' => {
'keyMsgFail' => '__badKeyName__', 'keyMsgFail' => '__badKeyName__',
'keyTest' => qr/(?^:^(?=[^\-])[\w\-]+(?<=[^-])$)/, 'keyTest' => qr/(?^:^(?=[^\-])[\w\-]+(?<=[^-])$)/,
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
return 1 if defined $$conf{'macros'}{$val} or $val eq '_timezone'; return 1
foreach $_ (keys %$conf) { if defined $$conf{'macros'}{$val}
return 1 if $_ =~ /exportedvars$/i and defined $$conf{$_}{$val}; or $val eq '_timezone';
foreach $_ ( keys %$conf ) {
return 1
if $_ =~ /exportedvars$/i
and defined $$conf{$_}{$val};
} }
return 1, "__unknownAttrOrMacro__: $val"; return 1, "__unknownAttrOrMacro__: $val";
} }
@ -1309,9 +1356,11 @@ sub attributes {
'default' => 'ldap://localhost', 'default' => 'ldap://localhost',
'test' => sub { 'test' => sub {
my $l = shift(); my $l = shift();
my(@s) = split(/[\s,]+/, $l, 0); my (@s) = split( /[\s,]+/, $l, 0 );
foreach my $s (@s) { foreach my $s (@s) {
return 0, qq[__badLdapUri__: "$s"] unless $s =~ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$]o; return 0, qq[__badLdapUri__: "$s"]
unless $s =~
m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?::\d{1,5})?/?.*)$]o;
} }
return 1; return 1;
}, },
@ -1352,29 +1401,36 @@ sub attributes {
'default' => 'deny' 'default' => 'deny'
}, },
'keyMsgFail' => '__badHostname__', 'keyMsgFail' => '__badHostname__',
'keyTest' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, 'keyTest' =>
qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/,
'test' => { 'test' => {
'keyMsgFail' => '__badRegexp__', 'keyMsgFail' => '__badRegexp__',
'keyTest' => sub { 'keyTest' => sub {
eval { eval {
do { do {
qr/$_[0]/ qr/$_[0]/;
} }
}; };
return $@ ? 0 : 1; return $@ ? 0 : 1;
}, },
'msgFail' => '__badExpression__', 'msgFail' => '__badExpression__',
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = $val; my $s = $val;
if ($s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*//) { if ( $s =~ s/^logout(?:_(?:sso|app(?:_sso)?))?\s*// ) {
return $s =~ m[^(?:https?://.*)?$] ? 1 : (0, '__badUrl__'); return $s =~ m[^(?:https?://.*)?$]
? 1
: ( 0, '__badUrl__' );
} }
$s =~ s/\b(accept|deny|unprotect|skip)\b/1/g; $s =~ s/\b(accept|deny|unprotect|skip)\b/1/g;
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval $s; eval $s;
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
} }
}, },
'type' => 'ruleContainer' 'type' => 'ruleContainer'
@ -1398,12 +1454,16 @@ sub attributes {
'keyMsgFail' => '__badMacroName__', 'keyMsgFail' => '__badMacroName__',
'keyTest' => qr/(?^:^[_a-zA-Z][a-zA-Z0-9_]*$)/, 'keyTest' => qr/(?^:^[_a-zA-Z][a-zA-Z0-9_]*$)/,
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = ''; my $s = '';
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval "$s $val"; eval "$s $val";
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}, },
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
}, },
@ -1472,7 +1532,8 @@ sub attributes {
'nginxCustomHandlers' => { 'nginxCustomHandlers' => {
'keyTest' => qr/(?^:^\w+$)/, 'keyTest' => qr/(?^:^\w+$)/,
'msgFail' => '__badPerlPackageName__', 'msgFail' => '__badPerlPackageName__',
'test' => qr/(?^:^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$)/, 'test' =>
qr/(?^:^[a-zA-Z][a-zA-Z0-9]*(?:::[a-zA-Z][a-zA-Z0-9]*)*$)/,
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
}, },
'noAjaxHook' => { 'noAjaxHook' => {
@ -1741,12 +1802,16 @@ sub attributes {
}, },
'oidcRPMetaDataOptionsRule' => { 'oidcRPMetaDataOptionsRule' => {
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = ''; my $s = '';
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval "$s $val"; eval "$s $val";
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}, },
'type' => 'text' 'type' => 'text'
}, },
@ -2039,7 +2104,8 @@ sub attributes {
'v' => 'Anse' 'v' => 'Anse'
}, },
{ {
'k' => '1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg', 'k' =>
'1280px-Autumn-clear-water-waterfall-landscape_-_Virginia_-_ForestWander.jpg',
'v' => 'Waterfall' 'v' => 'Waterfall'
}, },
{ {
@ -2047,7 +2113,8 @@ sub attributes {
'v' => 'Snowed Trees' 'v' => 'Snowed Trees'
}, },
{ {
'k' => '1280px-Cedar_Breaks_National_Monument_partially.jpg', 'k' =>
'1280px-Cedar_Breaks_National_Monument_partially.jpg',
'v' => 'National Monument' 'v' => 'National Monument'
}, },
{ {
@ -2064,12 +2131,16 @@ sub attributes {
'portalSkinRules' => { 'portalSkinRules' => {
'keyMsgFail' => '__badSkinRule__', 'keyMsgFail' => '__badSkinRule__',
'keyTest' => sub { 'keyTest' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = ''; my $s = '';
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval "$s $val"; eval "$s $val";
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}, },
'msgFail' => '__badValue__', 'msgFail' => '__badValue__',
'test' => qr/(?^:^\w+$)/, 'test' => qr/(?^:^\w+$)/,
@ -2085,7 +2156,8 @@ sub attributes {
}, },
'post' => { 'post' => {
'keyMsgFail' => '__badHostname__', 'keyMsgFail' => '__badHostname__',
'keyTest' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, 'keyTest' =>
qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/,
'test' => sub { 'test' => sub {
1; 1;
}, },
@ -2176,9 +2248,11 @@ sub attributes {
'type' => 'int' 'type' => 'int'
}, },
'reloadUrls' => { 'reloadUrls' => {
'keyTest' => qr/(?^:^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$)/, 'keyTest' =>
qr/(?^:^(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?$)/,
'msgFail' => '__badUrl__', 'msgFail' => '__badUrl__',
'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, 'test' =>
qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/,
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
}, },
'remoteCookieName' => { 'remoteCookieName' => {
@ -2190,7 +2264,8 @@ sub attributes {
}, },
'remoteGlobalStorageOptions' => { 'remoteGlobalStorageOptions' => {
'default' => { 'default' => {
'ns' => 'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService', 'ns' =>
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
'proxy' => 'http://auth.example.com/sessions' 'proxy' => 'http://auth.example.com/sessions'
}, },
'type' => 'keyTextContainer' 'type' => 'keyTextContainer'
@ -2223,7 +2298,8 @@ sub attributes {
'type' => 'url' 'type' => 'url'
}, },
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => { 'samlAttributeAuthorityDescriptorAttributeServiceSOAP' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlAuthnContextMapKerberos' => { 'samlAuthnContextMapKerberos' => {
@ -2248,17 +2324,20 @@ sub attributes {
}, },
'samlCommonDomainCookieDomain' => { 'samlCommonDomainCookieDomain' => {
'msgFail' => '__badDomainName__', 'msgFail' => '__badDomainName__',
'test' => qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/, 'test' =>
qr/(?^:^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)$)/,
'type' => 'text' 'type' => 'text'
}, },
'samlCommonDomainCookieReader' => { 'samlCommonDomainCookieReader' => {
'msgFail' => '__badUrl__', 'msgFail' => '__badUrl__',
'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, 'test' =>
qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/,
'type' => 'text' 'type' => 'text'
}, },
'samlCommonDomainCookieWriter' => { 'samlCommonDomainCookieWriter' => {
'msgFail' => '__badUrl__', 'msgFail' => '__badUrl__',
'test' => qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/, 'test' =>
qr/(?^:(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::(?:(?:[0-9]*)))?(?:\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:\/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+\$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?](?:(?:(?:[;\/?:@&=+\$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?))/,
'type' => 'text' 'type' => 'text'
}, },
'samlEntityID' => { 'samlEntityID' => {
@ -2482,21 +2561,24 @@ sub attributes {
my @msg; my @msg;
my $res = 1; my $res = 1;
my %entityIds; my %entityIds;
foreach my $idpId (keys %$v) { foreach my $idpId ( keys %$v ) {
unless ($$v{$idpId}{'samlIDPMetaDataXML'} =~ /entityID="(.+?)"/is) { unless ( $$v{$idpId}{'samlIDPMetaDataXML'} =~
/entityID="(.+?)"/is )
{
push @msg, "$idpId SAML metadata has ne EntityID"; push @msg, "$idpId SAML metadata has ne EntityID";
$res = 0; $res = 0;
next; next;
} }
my $eid = $1; my $eid = $1;
if (defined $entityIds{$eid}) { if ( defined $entityIds{$eid} ) {
push @msg, "$idpId and $entityIds{$eid} have the same SAML EntityID"; push @msg,
"$idpId and $entityIds{$eid} have the same SAML EntityID";
$res = 0; $res = 0;
next; next;
} }
$entityIds{$eid} = $idpId; $entityIds{$eid} = $idpId;
} }
return $res, join(', ', @msg); return $res, join( ', ', @msg );
}, },
'type' => 'file' 'type' => 'file'
}, },
@ -2505,31 +2587,38 @@ sub attributes {
'type' => 'text' 'type' => 'text'
}, },
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => { 'samlIDPSSODescriptorArtifactResolutionServiceArtifact' => {
'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', 'default' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
'type' => 'samlAssertion' 'type' => 'samlAssertion'
}, },
'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => { 'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => { 'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlIDPSSODescriptorSingleLogoutServiceSOAP' => { 'samlIDPSSODescriptorSingleLogoutServiceSOAP' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => { 'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => { 'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => { 'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlIDPSSODescriptorWantAuthnRequestsSigned' => { 'samlIDPSSODescriptorWantAuthnRequestsSigned' => {
@ -2708,12 +2797,16 @@ sub attributes {
}, },
'samlSPMetaDataOptionsRule' => { 'samlSPMetaDataOptionsRule' => {
'test' => sub { 'test' => sub {
my($val, $conf) = @_; my ( $val, $conf ) = @_;
my $s = ''; my $s = '';
BEGIN {${^WARNING_BITS} = "TUUU\025UUUUUQUU\001"} BEGIN { ${^WARNING_BITS} = "TUUU\025UUUUUQUU\001" }
eval "$s $val"; eval "$s $val";
my $err = join('', grep({$_ =~ /Undefined subroutine/ ? () : $_;} split(/\n/, $@, 0))); my $err = join(
return $err ? (1, "__badExpression__: $err") : 1; '',
grep( { $_ =~ /Undefined subroutine/ ? () : $_; }
split( /\n/, $@, 0 ) )
);
return $err ? ( 1, "__badExpression__: $err" ) : 1;
}, },
'type' => 'text' 'type' => 'text'
}, },
@ -2733,15 +2826,18 @@ sub attributes {
'type' => 'file' 'type' => 'file'
}, },
'samlSPSSODescriptorArtifactResolutionServiceArtifact' => { 'samlSPSSODescriptorArtifactResolutionServiceArtifact' => {
'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact', 'default' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
'type' => 'samlAssertion' 'type' => 'samlAssertion'
}, },
'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => { 'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' => {
'default' => '1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact', 'default' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact',
'type' => 'samlAssertion' 'type' => 'samlAssertion'
}, },
'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => { 'samlSPSSODescriptorAssertionConsumerServiceHTTPPost' => {
'default' => '0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost', 'default' =>
'0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost',
'type' => 'samlAssertion' 'type' => 'samlAssertion'
}, },
'samlSPSSODescriptorAuthnRequestsSigned' => { 'samlSPSSODescriptorAuthnRequestsSigned' => {
@ -2749,15 +2845,18 @@ sub attributes {
'type' => 'bool' 'type' => 'bool'
}, },
'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => { 'samlSPSSODescriptorSingleLogoutServiceHTTPPost' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => { 'samlSPSSODescriptorSingleLogoutServiceHTTPRedirect' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlSPSSODescriptorSingleLogoutServiceSOAP' => { 'samlSPSSODescriptorSingleLogoutServiceSOAP' => {
'default' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;', 'default' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
'type' => 'samlService' 'type' => 'samlService'
}, },
'samlSPSSODescriptorWantAssertionsSigned' => { 'samlSPSSODescriptorWantAssertionsSigned' => {
@ -2854,7 +2953,8 @@ sub attributes {
}, },
'SMTPServer' => { 'SMTPServer' => {
'default' => '', 'default' => '',
'test' => qr/(?^:^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$)/, 'test' =>
qr/(?^:^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+))(?::\d+)?)?$)/,
'type' => 'text' 'type' => 'text'
}, },
'SMTPTLS' => { 'SMTPTLS' => {

3
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -372,7 +372,8 @@ sub attributes {
portalErrorOnMailNotFound => { portalErrorOnMailNotFound => {
type => 'bool', type => 'bool',
default => 0, default => 0,
documentation => 'Show error if mail is not found in password reset process', documentation =>
'Show error if mail is not found in password reset process',
}, },
portalOpenLinkInNewWindow => { portalOpenLinkInNewWindow => {
type => 'bool', type => 'bool',

7
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
View File

@ -172,7 +172,8 @@ sub tree {
title => 'dbiPassword', title => 'dbiPassword',
help => 'authdbi.html#password', help => 'authdbi.html#password',
form => 'simpleInputContainer', form => 'simpleInputContainer',
nodes => ['dbiAuthPasswordHash', nodes => [
'dbiAuthPasswordHash',
{ {
title => 'dbiDynamicHash', title => 'dbiDynamicHash',
help => 'authdbi.html#password', help => 'authdbi.html#password',
@ -180,8 +181,8 @@ sub tree {
nodes => [ nodes => [
'dbiDynamicHashEnabled', 'dbiDynamicHashEnabled',
'dbiDynamicHashValidSchemes', 'dbiDynamicHashValidSchemes',
'dbiDynamicHashValidSaltedSchemes', 'dbiDynamicHashValidSaltedSchemes',
'dbiDynamicHashNewPasswordScheme' 'dbiDynamicHashNewPasswordScheme'
] ]
} }
] ]

9
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Parser.pm
View File

@ -473,10 +473,13 @@ sub _scanNodes {
} }
} }
elsif ( $target =~ elsif ( $target =~
/^(?:$casSrvMetaDataNodeKeys|$casAppMetaDataNodeKeys)/o ) /^(?:$casSrvMetaDataNodeKeys|$casAppMetaDataNodeKeys)/o
)
{ {
$self->set( $optKey, [ $oldName, $key ], $self->set(
$target, $leaf->{data} ); $optKey, [ $oldName, $key ],
$target, $leaf->{data}
);
} }
else { else {
push @{ $self->errors }, push @{ $self->errors },

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Conf/Tests.pm
View File

@ -315,8 +315,8 @@ sub tests {
my %entityIds; my %entityIds;
foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) { foreach my $spId ( keys %{ $conf->{samlSPMetaDataXML} } ) {
unless ( unless (
$conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} $conf->{samlSPMetaDataXML}->{$spId}->{samlSPMetaDataXML} =~
=~ /entityID=(['"])(.+?)\1/si ) /entityID=(['"])(.+?)\1/si )
{ {
push @msg, "$spId SAML metadata has no EntityID"; push @msg, "$spId SAML metadata has no EntityID";
$res = 0; $res = 0;

2
lemonldap-ng-manager/site/htdocs/static/struct.json
View File

File diff suppressed because one or more lines are too long

18
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
View File

@ -78,7 +78,8 @@ sub extractFormInfo {
# another backend (Combination) # another backend (Combination)
# switch to another backend # switch to another backend
elsif ( defined $req->param('kerberos') ) { elsif ( defined $req->param('kerberos') ) {
$self->userLogger->warn('Kerberos authentication has failed, back to portal'); $self->userLogger->warn(
'Kerberos authentication has failed, back to portal');
return PE_BADCREDENTIALS; return PE_BADCREDENTIALS;
} }
@ -110,16 +111,11 @@ sub extractFormInfo {
$ENV{KRB5_KTNAME} = $self->keytab; $ENV{KRB5_KTNAME} = $self->keytab;
my $gss_client_name; my $gss_client_name;
my $status = GSSAPI::Context::accept( my $status = GSSAPI::Context::accept(
my $server_context, my $server_context, GSS_C_NO_CREDENTIAL,
GSS_C_NO_CREDENTIAL, $data, GSS_C_NO_CHANNEL_BINDINGS,
$data, $gss_client_name, undef,
GSS_C_NO_CHANNEL_BINDINGS, my $gss_output_token, my $out_flags,
$gss_client_name, my $out_time, my $gss_delegated_cred
undef,
my $gss_output_token,
my $out_flags,
my $out_time,
my $gss_delegated_cred
); );
unless ($status) { unless ($status) {
$self->logger->error('Unable to accept security context'); $self->logger->error('Unable to accept security context');

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/CAS.pm
View File

@ -331,7 +331,7 @@ sub validateST {
my $proxy_url; my $proxy_url;
if (%$proxied) { if (%$proxied) {
$proxy_url = $self->p->fullUrl($req); $proxy_url = $self->p->fullUrl($req);
die if($proxy_url =~ /casProxy=1/); die if ( $proxy_url =~ /casProxy=1/ );
$proxy_url .= ( $proxy_url =~ /\?/ ? '&' : '?' ) . 'casProxy=1'; $proxy_url .= ( $proxy_url =~ /\?/ ? '&' : '?' ) . 'casProxy=1';
if ( $self->conf->{authChoiceParam} if ( $self->conf->{authChoiceParam}
and my $tmp = $req->param( $self->conf->{authChoiceParam} ) ) and my $tmp = $req->param( $self->conf->{authChoiceParam} ) )

118
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/DBI.pm
View File

@ -98,10 +98,9 @@ sub get_password {
my @rows = (); my @rows = ();
eval { eval {
my $sth = $dbh->prepare( my $sth =
"SELECT $passwordCol FROM $table WHERE $loginCol=?" $dbh->prepare( "SELECT $passwordCol FROM $table WHERE $loginCol=?" );
); $sth->execute($user);
$sth->execute( $user);
@rows = $sth->fetchrow_array(); @rows = $sth->fetchrow_array();
}; };
if ($@) { if ($@) {
@ -110,11 +109,11 @@ sub get_password {
} }
if ( @rows == 1 ) { if ( @rows == 1 ) {
$self->logger->debug( "Successfully got password from database" ); $self->logger->debug("Successfully got password from database");
return $rows[0]; return $rows[0];
} }
else { else {
$self->userLogger->warn( "Unable to check password for $user" ); $self->userLogger->warn("Unable to check password for $user");
return ""; return "";
} }
} }
@ -128,6 +127,7 @@ sub get_password {
# @param password the password to hash # @param password the password to hash
# @return hashed password # @return hashed password
sub hash_password_from_database { sub hash_password_from_database {
# Remark: database function must get hexadecimal input # Remark: database function must get hexadecimal input
# and send back hexadecimal output # and send back hexadecimal output
my $self = shift; my $self = shift;
@ -146,13 +146,17 @@ sub hash_password_from_database {
@rows = $sth->fetchrow_array(); @rows = $sth->fetchrow_array();
}; };
if ($@) { if ($@) {
$self->lmLog( "DBI error while hashing with '$dbmethod' hash function: $@", 'error' ); $self->lmLog(
$self->userLogger->warn( "Unable to check password" ); "DBI error while hashing with '$dbmethod' hash function: $@",
'error' );
$self->userLogger->warn("Unable to check password");
return ""; return "";
} }
if ( @rows == 1 ) { if ( @rows == 1 ) {
$self->logger->debug( "Successfully hashed password with $dbmethod hash function in database" ); $self->logger->debug(
"Successfully hashed password with $dbmethod hash function in database"
);
# convert salt to binary # convert salt to binary
my $dbsaltb = pack 'H*', $dbsalt; my $dbsaltb = pack 'H*', $dbsalt;
@ -160,14 +164,14 @@ sub hash_password_from_database {
# convert result to binary # convert result to binary
my $res = pack 'H*', $rows[0]; my $res = pack 'H*', $rows[0];
return encode_base64($res . $dbsaltb ,''); return encode_base64( $res . $dbsaltb, '' );
} }
else { else {
$self->userLogger->warn( "Unable to check password with '$dbmethod'" ); $self->userLogger->warn("Unable to check password with '$dbmethod'");
return ""; return "";
} }
# Return encode_base64(SQL_METHOD(password + salt) + salt) # Return encode_base64(SQL_METHOD(password + salt) + salt)
} }
## @method protected Lemonldap::NG::Portal::_DBI get_salt(string dbhash) ## @method protected Lemonldap::NG::Portal::_DBI get_salt(string dbhash)
@ -200,9 +204,9 @@ sub get_salt {
sub gen_salt { sub gen_salt {
my $self = shift; my $self = shift;
my $dbsalt; my $dbsalt;
my @set = ('0' ..'9', 'A' .. 'F'); my @set = ( '0' .. '9', 'A' .. 'F' );
$dbsalt = join '' => map $set[rand @set], 1 .. 16; $dbsalt = join '' => map $set[ rand @set ], 1 .. 16;
return $dbsalt; return $dbsalt;
} }
@ -225,9 +229,11 @@ sub dynamic_hash_password {
my $table = shift; my $table = shift;
my $loginCol = shift; my $loginCol = shift;
my $passwordCol = shift; my $passwordCol = shift;
# Authorized hash schemes and salted hash schemes # Authorized hash schemes and salted hash schemes
my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes}; my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes};
my @validSaltedSchemes = split / /, $self->conf->{dbiDynamicHashValidSaltedSchemes}; my @validSaltedSchemes = split / /,
$self->conf->{dbiDynamicHashValidSaltedSchemes};
my $dbhash; # hash currently stored in database my $dbhash; # hash currently stored in database
my $dbscheme; # current hash scheme stored in database my $dbscheme; # current hash scheme stored in database
@ -236,8 +242,9 @@ sub dynamic_hash_password {
my $hash; # hash to compute from user password my $hash; # hash to compute from user password
# Search hash from database # Search hash from database
$self->logger->debug( "Hash scheme is to be found in database" ); $self->logger->debug("Hash scheme is to be found in database");
$dbhash = $self->get_password($dbh, $user, $table, $loginCol, $passwordCol); $dbhash =
$self->get_password( $dbh, $user, $table, $loginCol, $passwordCol );
# Get the scheme # Get the scheme
$dbscheme = $dbhash; $dbscheme = $dbhash;
@ -245,14 +252,16 @@ sub dynamic_hash_password {
$dbscheme = "" if $dbscheme eq $dbhash; $dbscheme = "" if $dbscheme eq $dbhash;
# no hash scheme => assume clear text # no hash scheme => assume clear text
if($dbscheme eq "") { if ( $dbscheme eq "" ) {
$self->logger->info( "Password has no hash scheme" ); $self->logger->info("Password has no hash scheme");
return "?"; return "?";
} }
# salted hash scheme # salted hash scheme
elsif(grep( /^$dbscheme$/, @validSaltedSchemes )) { elsif ( grep( /^$dbscheme$/, @validSaltedSchemes ) ) {
$self->logger->info( "Valid salted hash scheme: $dbscheme found for user $user" ); $self->logger->info(
"Valid salted hash scheme: $dbscheme found for user $user");
# extract non salted hash scheme # extract non salted hash scheme
$dbmethod = $dbscheme; $dbmethod = $dbscheme;
@ -260,29 +269,36 @@ sub dynamic_hash_password {
# extract the salt # extract the salt
$dbsalt = $self->get_salt($dbhash); $dbsalt = $self->get_salt($dbhash);
$self->logger->debug( "Get salt from password: $dbsalt"); $self->logger->debug("Get salt from password: $dbsalt");
# Hash password with given hash scheme and salt # Hash password with given hash scheme and salt
$hash = $self->hash_password_from_database($dbh, $dbmethod, $dbsalt, $password); $hash =
$self->hash_password_from_database( $dbh, $dbmethod, $dbsalt,
$password );
$hash = "{$dbscheme}$hash"; $hash = "{$dbscheme}$hash";
return "'$hash'"; return "'$hash'";
} }
# static hash scheme # static hash scheme
elsif(grep( /^$dbscheme$/, @validSchemes )) { elsif ( grep( /^$dbscheme$/, @validSchemes ) ) {
$self->logger->info( "Valid hash scheme: $dbscheme found for user $user" ); $self->logger->info(
"Valid hash scheme: $dbscheme found for user $user");
# Hash given password with given hash scheme and no salt # Hash given password with given hash scheme and no salt
$hash = $self->hash_password_from_database($dbh, $dbscheme, "", $password); $hash =
$self->hash_password_from_database( $dbh, $dbscheme, "", $password );
$hash = "{$dbscheme}$hash"; $hash = "{$dbscheme}$hash";
return "'$hash'"; return "'$hash'";
} }
# no valid hash scheme # no valid hash scheme
else { else {
$self->lmLog( "No valid hash scheme: $dbscheme for user $user", 'error' ); $self->lmLog( "No valid hash scheme: $dbscheme for user $user",
$self->userLogger->warn( "Unable to check password for $user" ); 'error' );
$self->userLogger->warn("Unable to check password for $user");
return ""; return "";
} }
@ -302,23 +318,27 @@ sub dynamic_hash_new_password {
my $user = shift; my $user = shift;
my $password = shift; my $password = shift;
my $dbscheme = $self->conf->{dbiDynamicHashNewPasswordScheme} || ""; my $dbscheme = $self->conf->{dbiDynamicHashNewPasswordScheme} || "";
# Authorized hash schemes and salted hash schemes # Authorized hash schemes and salted hash schemes
my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes}; my @validSchemes = split / /, $self->conf->{dbiDynamicHashValidSchemes};
my @validSaltedSchemes = split / /, $self->conf->{dbiDynamicHashValidSaltedSchemes}; my @validSaltedSchemes = split / /,
$self->conf->{dbiDynamicHashValidSaltedSchemes};
my $dbmethod; # static hash method corresponding to a database function my $dbmethod; # static hash method corresponding to a database function
my $dbsalt; # salt to generate for new hashed password my $dbsalt; # salt to generate for new hashed password
my $hash; # hash to compute from user password my $hash; # hash to compute from user password
# no hash scheme => assume clear text # no hash scheme => assume clear text
if($dbscheme eq "") { if ( $dbscheme eq "" ) {
$self->logger->info( "No hash scheme selected, storing password in clear text" ); $self->logger->info(
"No hash scheme selected, storing password in clear text");
return "?"; return "?";
} }
# salted hash scheme # salted hash scheme
elsif(grep( /^$dbscheme$/, @validSaltedSchemes )) { elsif ( grep( /^$dbscheme$/, @validSaltedSchemes ) ) {
$self->logger->info( "Selected salted hash scheme: $dbscheme" ); $self->logger->info("Selected salted hash scheme: $dbscheme");
# extract non salted hash scheme # extract non salted hash scheme
$dbmethod = $dbscheme; $dbmethod = $dbscheme;
@ -326,29 +346,35 @@ sub dynamic_hash_new_password {
# generate the salt # generate the salt
$dbsalt = $self->gen_salt(); $dbsalt = $self->gen_salt();
$self->logger->debug( "Generated salt: $dbsalt" ); $self->logger->debug("Generated salt: $dbsalt");
# Hash given password with given hash scheme and salt # Hash given password with given hash scheme and salt
$hash = $self->hash_password_from_database($dbh, $dbmethod, $dbsalt, $password); $hash =
$self->hash_password_from_database( $dbh, $dbmethod, $dbsalt,
$password );
$hash = "{$dbscheme}$hash"; $hash = "{$dbscheme}$hash";
return "'$hash'"; return "'$hash'";
} }
# static hash scheme # static hash scheme
elsif(grep( /^$dbscheme$/, @validSchemes )) { elsif ( grep( /^$dbscheme$/, @validSchemes ) ) {
$self->logger->info( "Selected hash scheme: $dbscheme" ); $self->logger->info("Selected hash scheme: $dbscheme");
# Hash given password with given hash scheme and no salt # Hash given password with given hash scheme and no salt
$hash = $self->hash_password_from_database($dbh, $dbscheme, "", $password); $hash =
$self->hash_password_from_database( $dbh, $dbscheme, "", $password );
$hash = "{$dbscheme}$hash"; $hash = "{$dbscheme}$hash";
return "'$hash'"; return "'$hash'";
} }
# no valid hash scheme # no valid hash scheme
else { else {
$self->lmLog( "No selected hash scheme: $dbscheme is invalid", 'error' ); $self->lmLog( "No selected hash scheme: $dbscheme is invalid",
$self->userLogger->warn( "Unable to store password for $user" ); 'error' );
$self->userLogger->warn("Unable to store password for $user");
return ""; return "";
} }
@ -374,15 +400,17 @@ sub check_password {
my $passwordsql; my $passwordsql;
if ( $dynamicHash == 1 ) { if ( $dynamicHash == 1 ) {
# Dynamic password hashes # Dynamic password hashes
$passwordsql = $passwordsql =
$self->dynamic_hash_password( $self->dbh, $user, $password, $table, $loginCol, $passwordCol ); $self->dynamic_hash_password( $self->dbh, $user, $password, $table,
$loginCol, $passwordCol );
} }
else else {
{
# Static Password hashes # Static Password hashes
$passwordsql = $passwordsql =
$self->hash_password_for_select( "?", $self->conf->{dbiAuthPasswordHash} ); $self->hash_password_for_select( "?",
$self->conf->{dbiAuthPasswordHash} );
} }
my @rows = (); my @rows = ();
@ -391,7 +419,7 @@ sub check_password {
"SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql" "SELECT $loginCol FROM $table WHERE $loginCol=? AND $passwordCol=$passwordsql"
); );
$sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/; $sth->execute( $user, $password ) if $passwordsql =~ /.*\?.*/;
$sth->execute( $user ) unless $passwordsql =~ /.*\?.*/; $sth->execute($user) unless $passwordsql =~ /.*\?.*/;
@rows = $sth->fetchrow_array(); @rows = $sth->fetchrow_array();
}; };
if ($@) { if ($@) {

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/DBI.pm
View File

@ -29,14 +29,16 @@ sub modifyPassword {
my $passwordsql; my $passwordsql;
if ( $dynamicHash == 1 ) { if ( $dynamicHash == 1 ) {
# Dynamic password hashes # Dynamic password hashes
$passwordsql = $passwordsql =
$self->dynamic_hash_new_password( $self->dbh, $req->user, $pwd, $table, $userCol, $passwordCol ); $self->dynamic_hash_new_password( $self->dbh, $req->user, $pwd,
$table, $userCol, $passwordCol );
} }
else else {
{
# Static Password hash # Static Password hash
$passwordsql = $self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} ); $passwordsql =
$self->hash_password( "?", $self->conf->{dbiAuthPasswordHash} );
} }
eval { eval {

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Null.pm
View File

@ -10,12 +10,12 @@ extends 'Lemonldap::NG::Portal::Password::Base';
our $VERSION = '2.0.0'; our $VERSION = '2.0.0';
sub init {1} sub init { 1 }
sub confirm {1} sub confirm { 1 }
sub modifyPassword { sub modifyPassword {
PE_PASSWORD_OK PE_PASSWORD_OK;
} }
1; 1;

4
lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
View File

@ -86,9 +86,9 @@ expectAuthenticatedAs( $res, 'french' );
ok( $res = $sp->_get("/sessions/global/$spId"), 'Get UTF-8' ); ok( $res = $sp->_get("/sessions/global/$spId"), 'Get UTF-8' );
expectOK($res); expectOK($res);
ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' ) ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
or print STDERR $@; or print STDERR $@;
ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
or explain( $res, 'cn => Frédéric Accents' ); or explain( $res, 'cn => Frédéric Accents' );
count(3); count(3);
# Logout initiated by SP # Logout initiated by SP

1
lemonldap-ng-portal/t/35-REST-sessions-with-REST-server.t
View File

@ -67,6 +67,7 @@ ok( $res->{_session_id} eq $spId, ' Good ID' )
or explain( $res, "_session_id => $spId" ); or explain( $res, "_session_id => $spId" );
ok( $res->{uid} eq 'french', ' Uid is french' ) ok( $res->{uid} eq 'french', ' Uid is french' )
or explain( $res, 'uid => french' ); or explain( $res, 'uid => french' );
#ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' ) #ok( $res->{cn} eq 'Frédéric Accents', 'UTF-8 values' )
# or explain( $res->{cn}, 'Frédéric Accents' ); # or explain( $res->{cn}, 'Frédéric Accents' );
count(4); count(4);