Double session mechanism : 2 cookies are generated, 1 secured, the other not.
Handlers detects automatically the cookie to choose.
This commit is contained in:
Xavier Guimard
parent
d23ca2b2ba
commit
b0b971b241
|
|
@ -4,6 +4,8 @@ lemonldap-ng (0.9.4) unstable; urgency=low
|
|||
* Session timeout is in seconds and not in minutes in Manager/Help.pm
|
||||
(Closes: #312339)
|
||||
* Notification system
|
||||
* Missing dependency in Debian package (Closes: #521959 / bugs.debian.org)
|
||||
* Double session mechanism (1 secured and the other not)
|
||||
|
||||
-- Xavier Guimard <x.guimard@free.fr> Sun, 08 Feb 2009 20:12:17 +0100
|
||||
|
||||
|
|
|
|||
|
|
@ -40,9 +40,9 @@ our (
|
|||
$cookieName, $portal, $datas,
|
||||
$globalStorage, $globalStorageOptions, $localStorage,
|
||||
$localStorageOptions, $whatToTrace, $https,
|
||||
$refLocalStorage, $safe, $cookieSecured,
|
||||
$port, $statusPipe, $statusOut,
|
||||
$customFunctions, $transform,
|
||||
$refLocalStorage, $safe, $port,
|
||||
$statusPipe, $statusOut, $customFunctions,
|
||||
$transform,
|
||||
);
|
||||
|
||||
##########################################
|
||||
|
|
@ -65,8 +65,7 @@ BEGIN {
|
|||
headers => [
|
||||
qw(
|
||||
$forgeHeaders lmHeaderIn lmSetHeaderIn lmHeaderOut
|
||||
lmSetHeaderOut lmSetErrHeaderOut $cookieName $cookieSecured
|
||||
$https $port
|
||||
lmSetHeaderOut lmSetErrHeaderOut $cookieName $https $port
|
||||
)
|
||||
],
|
||||
log => [qw(lmSetApacheUser)],
|
||||
|
|
@ -557,11 +556,11 @@ sub defaultValuesInit {
|
|||
|
||||
# Other values
|
||||
$cookieName = $args->{cookieName} || $cookieName || 'lemonldap';
|
||||
$cookieSecured = $args->{cookieSecured} || $cookieSecured || 0;
|
||||
$whatToTrace = $args->{whatToTrace} || $whatToTrace || 'uid';
|
||||
$whatToTrace =~ s/\$//g;
|
||||
$https = $args->{https} unless defined($https);
|
||||
$https = 1 unless defined($https);
|
||||
$cookieName .= 'http' if($args->{securedCookie} == 2 and $https == 0);
|
||||
$port = $args->{port} || 0 unless defined($port);
|
||||
$customFunctions = $args->{customFunctions};
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -60,7 +60,9 @@ inherits from Lemonldap::NG::Portal::SharedConf.</dd>
|
|||
<dt> Secured cookie (SSL) </dt>
|
||||
<dd> An authenticated user is known by his cookie. If all (virtual) hosts use
|
||||
HTTPS, set this value to 1 so the cookie will be protected and will not be
|
||||
transmitted unless https is used.</dd>
|
||||
transmitted unless https is used. You can also set it to generate 2 cookies,
|
||||
1 secure and the other not. Handlers detects if they are in https mode or not
|
||||
and will choose the good cookie.</dd>
|
||||
</dl>
|
||||
EOT
|
||||
}
|
||||
|
|
@ -95,7 +97,11 @@ utilisant Lemonldap::NG::Portal::SharedConf.</dd>
|
|||
tous les hôtes virtuels de votre domaine son protégés par
|
||||
SSL, mettez cette option à 1, ainsi le cookie ne sera
|
||||
présenté par le navigateur qu'aux sites protégés,
|
||||
ce qui évite un vol de session.</dd>
|
||||
ce qui évite un vol de session. Vous pouvez également mettre cette
|
||||
valeur à 2 pour générer 2 cookies, l'un
|
||||
sécurisé et l'autre non. Les agents (handlers) détectent
|
||||
automatiquement s'il sont en mode https ou non et choisissent le bon cookie.
|
||||
</dd>
|
||||
</dl>
|
||||
EOT
|
||||
}
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ sub process {
|
|||
sub {
|
||||
my $entry = shift;
|
||||
my $id = shift;
|
||||
next if($entry->{_httpSessionType});
|
||||
push
|
||||
@{ $byUid->{ $entry->{$whatToTrace} }->{ $entry->{ipAddr} } },
|
||||
{ id => $id, _utime => $entry->{_utime} };
|
||||
|
|
@ -108,6 +109,7 @@ sub process {
|
|||
sub {
|
||||
my $entry = shift;
|
||||
my $id = shift;
|
||||
next if($entry->{_httpSessionType});
|
||||
if ( $entry->{ipAddr} =~ /^$reip$/ ) {
|
||||
push @{ $byUid->{ $entry->{ipAddr} }
|
||||
->{ $entry->{$whatToTrace} } },
|
||||
|
|
@ -149,6 +151,7 @@ sub process {
|
|||
sub {
|
||||
my $entry = shift;
|
||||
my $id = shift;
|
||||
next if($entry->{_httpSessionType});
|
||||
if ( $entry->{$whatToTrace} =~ /^$reuser$/ ) {
|
||||
push @{ $byUid->{ $entry->{$whatToTrace} } },
|
||||
{ id => $id, _utime => $entry->{_utime} };
|
||||
|
|
@ -185,9 +188,16 @@ sub process {
|
|||
}
|
||||
else {
|
||||
my $uid = $h{uid};
|
||||
if($h{_httpSession}) {
|
||||
my %h2;
|
||||
eval { tie %h2, $globalStorage, $h{_httpSession}, $globalStorageOptions; tied(%h2)->delete(); };
|
||||
if ($@) {
|
||||
print "<strong>Error : $@</strong><br/>";
|
||||
}
|
||||
}
|
||||
eval { tied(%h)->delete(); };
|
||||
if ($@) {
|
||||
print "<strong>Error : $@</strong>\n";
|
||||
print "<strong>Error : $@</strong><br/>";
|
||||
}
|
||||
else {
|
||||
print "<strong>Session effacée ($uid)</strong>";
|
||||
|
|
@ -236,6 +246,7 @@ sub process {
|
|||
sub {
|
||||
my $entry = shift;
|
||||
my $id = shift;
|
||||
next if($entry->{_httpSessionType});
|
||||
if ( $entry->{ipAddr} eq $ip ) {
|
||||
push @{ $byUser->{ $entry->{$whatToTrace} } },
|
||||
{ id => $id, _utime => $entry->{_utime} };
|
||||
|
|
@ -264,6 +275,7 @@ sub process {
|
|||
sub {
|
||||
my $entry = shift;
|
||||
my $id = shift;
|
||||
next if($entry->{_httpSessionType});
|
||||
if ( $entry->{$whatToTrace} eq $uid ) {
|
||||
push @{ $byIp->{ $entry->{ipAddr} } },
|
||||
{ id => $id, _utime => $entry->{_utime} };
|
||||
|
|
@ -292,6 +304,7 @@ sub process {
|
|||
$globalStorageOptions,
|
||||
sub {
|
||||
my $entry = shift;
|
||||
next if($entry->{_httpSessionType});
|
||||
$entry->{$whatToTrace} =~ /^$letter/ or return undef;
|
||||
$byUid->{ $entry->{$whatToTrace} }++;
|
||||
},
|
||||
|
|
@ -319,6 +332,7 @@ sub process {
|
|||
$globalStorageOptions,
|
||||
sub {
|
||||
my $entry = shift;
|
||||
next if($entry->{_httpSessionType});
|
||||
$entry->{ipAddr} =~ /^$repartial(\d+)/ or return undef;
|
||||
$byIp->{$1}++;
|
||||
$count++;
|
||||
|
|
@ -358,6 +372,7 @@ sub process {
|
|||
$globalStorageOptions,
|
||||
sub {
|
||||
my $entry = shift;
|
||||
next if($entry->{_httpSessionType});
|
||||
$entry->{$whatToTrace} =~ /^(\w)/ or return undef;
|
||||
$byUid->{$1}++;
|
||||
$count++;
|
||||
|
|
|
|||
|
|
@ -703,10 +703,18 @@ sub store {
|
|||
# Now, user is authenticated => inform Apache
|
||||
$self->setApacheUser( $self->{sessionInfo}->{ $self->{whatToTrace} } );
|
||||
|
||||
$self->{sessionInfo}->{_utime} = time();
|
||||
if ( $self->{securedCookie} == 2 ) {
|
||||
my $h2 = $self->getApacheSession(undef);
|
||||
$h2->{$_} = $self->{sessionInfo}->{$_}
|
||||
foreach ( keys %{ $self->{sessionInfo} } );
|
||||
$self->{sessionInfo}->{_httpSession} = $h2->{_session_id};
|
||||
$h2->{_httpSessionType} = 1;
|
||||
untie %$h2;
|
||||
}
|
||||
my $h = $self->getApacheSession(undef) or return PE_APACHESESSIONERROR;
|
||||
$h->{$_} = $self->{sessionInfo}->{$_}
|
||||
foreach ( keys %{ $self->{sessionInfo} } );
|
||||
$h->{_utime} = time();
|
||||
untie %$h;
|
||||
PE_OK;
|
||||
}
|
||||
|
|
@ -725,6 +733,17 @@ sub buildCookie {
|
|||
-secure => $self->{securedCookie},
|
||||
@_,
|
||||
);
|
||||
if ( $self->{securedCookie} == 2 ) {
|
||||
push @{ $self->{cookie} },
|
||||
$self->cookie(
|
||||
-name => $self->{cookieName}."http",
|
||||
-value => $self->{sessionInfo}->{_httpSession},
|
||||
-domain => $self->{domain},
|
||||
-path => "/",
|
||||
-secure => 0,
|
||||
@_,
|
||||
);
|
||||
}
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue