Sympa Handler:
* Read sympa secret from configuration * Add mail session key parameter * Install Sympa Handler * Closes #55
This commit is contained in:
Clément Oudot
parent
d1b4541a4d
commit
b1c87f1e49
|
|
@ -360,6 +360,7 @@ install_handler_site: install_conf_dir
|
|||
@install -v -d ${RHANDLERDIR}
|
||||
@cp --remove-destination ${SRCHANDLERDIR}/example/MyHandler.pm ${RHANDLERDIR}
|
||||
@cp --remove-destination ${SRCHANDLERDIR}/example/MyHandlerZimbra.pm ${RHANDLERDIR}
|
||||
@cp --remove-destination ${SRCHANDLERDIR}/example/MyHandlerSympa.pm ${RHANDLERDIR}
|
||||
@cp --remove-destination ${SRCHANDLERDIR}/example/MyUpdateCookieHandler.pm ${RHANDLERDIR}
|
||||
@rm -rf $$(find $(RHANDLERDIR) -type d -name .svn)
|
||||
|
||||
|
|
@ -608,6 +609,7 @@ default-diff:
|
|||
@$(DIFF) lemonldap-ng-handler/lib/Lemonldap/NG/Handler /usr/local/share/perl/5.10.0/Lemonldap/NG/Handler ||true
|
||||
@$(DIFF) lemonldap-ng-handler/example/MyHandler.pm $(LMPREFIX)/handler/MyHandler.pm ||true
|
||||
@$(DIFF) lemonldap-ng-handler/example/MyHandlerZimbra.pm $(LMPREFIX)/handler/MyHandlerZimbra.pm ||true
|
||||
@$(DIFF) lemonldap-ng-handler/example/MyHandlerSympa.pm $(LMPREFIX)/handler/MyHandlerSympa.pm ||true
|
||||
@# Common
|
||||
@$(DIFF) lemonldap-ng-common/lib/Lemonldap/NG/Common /usr/local/share/perl/5.10.0/Lemonldap/NG/Common ||true
|
||||
@$(DIFF) lemonldap-ng-common/lib/Lemonldap/NG/Common.pm /usr/local/share/perl/5.10.0/Lemonldap/NG/Common.pm ||true
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ example/autoProtectedCGI.pl
|
|||
example/menu.pl
|
||||
example/MyHandler.pm
|
||||
example/MyHandlerLog4Perl.pm
|
||||
example/MyHandlerSympa.pm
|
||||
example/MyHandlerZimbra.pm
|
||||
example/MyUpdateCookieHandler.pm
|
||||
lib/Lemonldap/NG/Handler.pm
|
||||
|
|
|
|||
16
modules/lemonldap-ng-handler/example/MyHandlerSympa.pm
Normal file
16
modules/lemonldap-ng-handler/example/MyHandlerSympa.pm
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
# Handler for Sympa autologin
|
||||
|
||||
package My::Sympa;
|
||||
|
||||
# Load Sympa Handler
|
||||
use Lemonldap::NG::Handler::SympaAutoLogin;
|
||||
@ISA = qw(Lemonldap::NG::Handler::SympaAutoLogin);
|
||||
|
||||
__PACKAGE__->init(
|
||||
{
|
||||
|
||||
# See Lemonldap::NG::Handler
|
||||
}
|
||||
);
|
||||
|
||||
1;
|
||||
|
|
@ -1,3 +1,10 @@
|
|||
##@file
|
||||
# Sympa autologin
|
||||
|
||||
##@class
|
||||
# Sympa autologin
|
||||
#
|
||||
# Build Sympa cookie and send it to Sympa
|
||||
package Lemonldap::NG::Handler::SympaAutoLogin;
|
||||
|
||||
use strict;
|
||||
|
|
@ -5,25 +12,70 @@ use Lemonldap::NG::Handler::SharedConf qw(:all);
|
|||
our @ISA = qw(Lemonldap::NG::Handler::SharedConf);
|
||||
use Digest::MD5;
|
||||
|
||||
our $VERSION = '0.11';
|
||||
our $VERSION = '0.2';
|
||||
|
||||
open S, '/etc/lemonldap-ng/sympa.secret'
|
||||
# Shared variables
|
||||
our ( $sympaSecret, $sympaMailKey );
|
||||
|
||||
## @imethod protected void defaultValuesInit(hashRef args)
|
||||
# Overload defaultValuesInit
|
||||
# @param $args reference to the configuration hash
|
||||
sub defaultValuesInit {
|
||||
my ( $class, $args ) = splice @_;
|
||||
|
||||
# Sympa secret should be in configuration
|
||||
$sympaSecret = $args->{'sympaSecret'} || $sympaSecret;
|
||||
|
||||
# If not, try to read it from /etc/lemonldap-ng/sympa.secret
|
||||
if ( !$sympaSecret and -r '/etc/lemonldap-ng/sympa.secret' ) {
|
||||
open S, '/etc/lemonldap-ng/sympa.secret'
|
||||
or die "Unable to open /etc/lemonldap-ng/sympa.secret";
|
||||
our $sympaSecret = join( '', <S> );
|
||||
close S;
|
||||
$sympaSecret =~ s/[\r\n]//g;
|
||||
$sympaSecret = join( '', <S> );
|
||||
close S;
|
||||
$sympaSecret =~ s/[\r\n]//g;
|
||||
}
|
||||
|
||||
# Sympa mail key
|
||||
$sympaMailKey = $args->{'sympaMailKey'} || $sympaMailKey || "mail";
|
||||
|
||||
# Display found values in debug mode
|
||||
$class->lmLog( "sympaSecret: $sympaSecret", 'debug' );
|
||||
$class->lmLog( "sympaMailKey: $sympaMailKey", 'debug' );
|
||||
|
||||
# Delete Sympa parameters
|
||||
delete $args->{'sympaSecret'};
|
||||
delete $args->{'sympaMailKey'};
|
||||
|
||||
# Call main subroutine
|
||||
return $class->SUPER::defaultValuesInit($args);
|
||||
}
|
||||
|
||||
## @rmethod Apache2::Const run(Apache2::RequestRec r)
|
||||
# Overload main run method
|
||||
# @param r Current request
|
||||
# @return Apache2::Const value (OK, FORBIDDEN, REDIRECT or SERVER_ERROR)
|
||||
sub run {
|
||||
my $class = shift;
|
||||
my $r = $_[0];
|
||||
my $ret = $class->SUPER::run(@_);
|
||||
|
||||
# Continue only if user is authorized
|
||||
return $ret unless ( $ret == OK );
|
||||
|
||||
# Fail if no sympaSecret
|
||||
unless ($sympaSecret) {
|
||||
$class->lmLog( "No Sympa secret configured", 'error' );
|
||||
return SERVER_ERROR;
|
||||
}
|
||||
|
||||
# Mail value
|
||||
my $mail = $datas->{$sympaMailKey};
|
||||
|
||||
# Building Sympa cookie
|
||||
my $tmp = new Digest::MD5;
|
||||
$tmp->reset;
|
||||
$tmp->add( $datas->{mail} . $sympaSecret );
|
||||
my $str =
|
||||
"sympauser=$datas->{mail}:" . substr( unpack( "H*", $tmp->digest ), -8 );
|
||||
$tmp->add( $mail . $sympaSecret );
|
||||
my $str = "sympauser=$mail:" . substr( unpack( "H*", $tmp->digest ), -8 );
|
||||
|
||||
# Get cookie header, removing Sympa cookie if exists (avoid security
|
||||
# problems) and set the new value
|
||||
|
|
@ -37,6 +89,7 @@ sub run {
|
|||
}
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
|
||||
=head1 NAME
|
||||
|
|
@ -44,39 +97,43 @@ __END__
|
|||
=encoding utf8
|
||||
|
||||
Lemonldap::NG::Handler::SympaAutoLogin - Perl extension to generate Sympa cookie
|
||||
for users authenticated by Lemonldap::NG
|
||||
for users authenticated by LemonLDAP::NG
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
package My::Package;
|
||||
package My::Sympa;
|
||||
use Lemonldap::NG::Handler::SympaAutoLogin;
|
||||
@ISA = qw(Lemonldap::NG::Handler::SharedConf);
|
||||
@ISA = qw(Lemonldap::NG::Handler::SympaAutoLogin);
|
||||
|
||||
__PACKAGE__->init ( {
|
||||
|
||||
# Sympa parameters
|
||||
sympaSecret => 'XXXX',
|
||||
sympaMailKey => 'mail',
|
||||
|
||||
# See Lemonldap::NG::Handler for more
|
||||
# Local storage used for sessions and configuration
|
||||
localStorage => "Cache::DBFile",
|
||||
localStorageOptions => {...},
|
||||
# How to get my configuration
|
||||
configStorage => {
|
||||
type => "DBI",
|
||||
dbiChain => "DBI:mysql:database=lemondb;host=$hostname",
|
||||
dbiUser => "lemonldap",
|
||||
dbiPassword => "password",
|
||||
}
|
||||
# Uncomment this to activate status module
|
||||
# status => 1,
|
||||
} );
|
||||
1;
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
Lemonldap::NG::Handler::SympaAutoLogin is a special Lemonldap::NG handler that
|
||||
generates Sympa cookie for authenticated users. Use it instead of classic
|
||||
Lemonldap::NG::Handler to protect your Sympa web server. You have to set a
|
||||
header called "mail" in the Lemonldap::NG manager for this virtul host and to
|
||||
store Sympa secret (cookie parameter on Sympa configuration file) ina file
|
||||
called /etc/lemonldap-ng/sympa.secret. It has just to be readable by root (the
|
||||
owner that launch Apache).
|
||||
Lemonldap::NG::Handler to protect your Sympa web server. You have to set the
|
||||
configuration key containing user email (parameter sympaMailKey) and to
|
||||
store Sympa secret (cookie parameter on Sympa configuration file) in the
|
||||
corresponding configuration parameter (sympaSecret)
|
||||
|
||||
Edit you Sympa vhost configuration like this:
|
||||
|
||||
<VirtualHost *>
|
||||
ServerName sympa.example.com
|
||||
|
||||
# Load Sympa Handler
|
||||
PerlRequire __HANDLERDIR__/MyHandlerSympa.pm
|
||||
PerlHeaderParserHandler My::Sympa
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
=head2 EXPORT
|
||||
|
||||
|
|
@ -89,6 +146,7 @@ L<Lemonldap::NG::Handler>
|
|||
=head1 AUTHOR
|
||||
|
||||
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
||||
Clement Oudot, E<lt>clement@oodo.netE<gt>
|
||||
|
||||
=head1 COPYRIGHT AND LICENSE
|
||||
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ sub defaultValuesInit {
|
|||
## @rmethod Apache2::Const run(Apache2::RequestRec r)
|
||||
# Overload main run method
|
||||
# @param r Current request
|
||||
# @return Apache2::Const value (OK, FORBIDDEN, REDIRECT or SERVER_ERROR
|
||||
# @return Apache2::Const value (OK, FORBIDDEN, REDIRECT or SERVER_ERROR)
|
||||
sub run {
|
||||
my $class = shift;
|
||||
my $r = $_[0];
|
||||
|
|
|
|||
|
|
@ -520,7 +520,7 @@ sub struct {
|
|||
},
|
||||
|
||||
specialHandlers => {
|
||||
_nodes => [qw(zimbraHandler)],
|
||||
_nodes => [qw(zimbraHandler sympaHandler)],
|
||||
|
||||
# Zimbra
|
||||
zimbraHandler => {
|
||||
|
|
@ -533,6 +533,13 @@ sub struct {
|
|||
zimbraUrl => 'text:/zimbraUrl',
|
||||
zimbraSsoUrl => 'text:/zimbraSsoUrl',
|
||||
},
|
||||
|
||||
# Sympa
|
||||
sympaHandler => {
|
||||
_nodes => [qw(sympaSecret sympaMailKey)],
|
||||
sympaSecret => 'text:/sympaSecret',
|
||||
sympaMailKey => 'text:/sympaMailKey',
|
||||
},
|
||||
},
|
||||
|
||||
},
|
||||
|
|
@ -1202,6 +1209,10 @@ sub testStruct {
|
|||
zimbraUrl => $testNotDefined,
|
||||
zimbraSsoUrl => $testNotDefined,
|
||||
|
||||
# Sympa
|
||||
sympaSecret => $testNotDefined,
|
||||
sympaMailKey => $testNotDefined,
|
||||
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -187,6 +187,9 @@ sub en {
|
|||
SSLRequire => 'SSL Required',
|
||||
SSLVar => 'Extracted certificate field',
|
||||
storePassword => 'Store user password in session datas',
|
||||
sympaHandler => 'Sympa',
|
||||
sympaMailKey => 'Mail session key',
|
||||
sympaSecret => 'Shared secret',
|
||||
syntaxError => 'Syntax Error',
|
||||
syslog => 'Syslog facility',
|
||||
timeout => 'Sessions timeout',
|
||||
|
|
@ -448,6 +451,9 @@ sub fr {
|
|||
SSLVar => 'Champ extrait du certificat',
|
||||
storePassword =>
|
||||
"Stocke le mot-de-passe de l'utilisateur dans les données de session",
|
||||
sympaHandler => 'Sympa',
|
||||
sympaMailKey => 'Clé de session pour le mail',
|
||||
sympaSecret => 'Secret partagé',
|
||||
syntaxError => 'Erreur de syntaxe',
|
||||
syslog => 'Facilité syslog',
|
||||
timeout => 'Durée de vie maximale des sessions',
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user