From cc07eae1075abb7e506087493a9da21c4a9a1bff Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Thu, 11 Dec 2008 17:02:02 +0000 Subject: [PATCH] LEMONLDAP::NG : customFunctions are now shared in macros, groups, headers and rules --- .../lib/Lemonldap/NG/Manager.pm | 41 +++++++++++++------ .../lib/Lemonldap/NG/Portal/Menu.pm | 1 + .../lib/Lemonldap/NG/Portal/Simple.pm | 37 ++++++++++++++--- 3 files changed, 60 insertions(+), 19 deletions(-) diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm index 1b2b9aad9..f5a7c0b5b 100644 --- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm +++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm @@ -20,6 +20,28 @@ our @ISA; our $VERSION = '0.87'; +# Secure jail +our $safe; + +##@method private object safe() +# Provide the security jail. +#@return Safe object +sub safe { + my $self = shift; + return $safe if ($safe); + $safe = new Safe; + my @t = + $self->{customFunctions} ? split( /\s+/, $self->{customFunctions} ) : (); + foreach (@t) { + s/^.*:://; + next if ( $self->can($_) ); + eval "sub $_ {1}"; + print STDERR $@ if ($@); + } + $safe->share( '&encode_base64', @t ); + return $safe; +} + sub new { my ( $class, $args ) = @_; my $self; @@ -544,14 +566,7 @@ sub checkConf { } # Load and check macros - my $safe = new Safe; - my @t = split /\s+/, $self->{customFunctions}; - foreach(@t) { - s/^.*:://; - eval "sub $_ {1}"; - } - $safe->share('&encode_base64', @t); - $safe->reval($expr); + $self->safe->reval($expr); if ($@) { $result = 0; $response->error( &txt_unknownErrorInVars . " ($@)" ); @@ -572,7 +587,7 @@ sub checkConf { # Test macro values; $expr .= "my \$$k = $v;"; - $safe->reval($expr); + $self->safe->reval($expr); if ($@) { $response->error( &txt_macro . " $k : " . &txt_syntaxError . " : $@" ); @@ -604,7 +619,7 @@ sub checkConf { } # Test boolean expression - $safe->reval( $expr . "\$groups = '$k' if($v);" ); + $self->safe->reval( $expr . "\$groups = '$k' if($v);" ); if ($@) { $response->error( &txt_group . " $k " . &txt_syntaxError ); $result = 0; @@ -627,7 +642,7 @@ sub checkConf { # Test regular expressions unless ( $reg eq 'default' ) { $reg =~ s/#/\\#/g; - $safe->reval( $expr . "my \$r = qr#$reg#;" ); + $self->safe->reval( $expr . "my \$r = qr#$reg#;" ); if ($@) { $response->error( &txt_rule . " $vh -> \"$reg\" : " . &txt_syntaxError ); @@ -645,7 +660,7 @@ sub checkConf { . &txt_containsAnAssignment ); } - $safe->reval( $expr . "my \$r=1 if($v);" ); + $self->safe->reval( $expr . "my \$r=1 if($v);" ); if ($@) { $response->error( &txt_rule . " $vh -> \"$reg\" : " . &txt_syntaxError ); @@ -683,7 +698,7 @@ sub checkConf { } # Perl expression - $safe->reval( $expr . "my \$r = $v;" ); + $self->safe->reval( $expr . "my \$r = $v;" ); if ($@) { $response->error( &txt_header . " $vh -> $header " . &txt_syntaxError ); diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm index ff0492c2c..1794034e6 100755 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm @@ -18,6 +18,7 @@ sub _safe { my $self = shift; return $self->{_safe} if ( $self->{_safe} ); $self->{_safe} = new Safe; + $self->{customFunctions} ||= $self->{portalObject}->{customFunctions}; my @t = $self->{customFunctions} ? split( /\s+/, $self->{customFunctions} ) : (); foreach (@t) { diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm index a8afe577b..7b53f5914 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm @@ -75,7 +75,7 @@ our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], ); our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); # Secure jail -our $safe = new Safe; +our $safe; our $self; # Safe cannot share a variable declared with my ## @cmethod new($args) @@ -86,7 +86,7 @@ sub new { binmode( STDOUT, ":utf8" ); my $class = shift; return $class if ( ref($class) ); - our $self = $class->SUPER::new(); + $self = $class->SUPER::new(); $self->getConf(@_) or $self->abort( "Configuration error", "Unable to get configuration: $Lemonldap::NG::Common::Conf::msg" ); @@ -361,6 +361,33 @@ sub get_url { return $self->param('url'); } +##@method private object safe() +# Provide the security jail. +#@return Safe object +sub safe { + my $self = shift; + return $safe if ($safe); + $safe = new Safe; + my @t = + $self->{customFunctions} ? split( /\s+/, $self->{customFunctions} ) : (); + foreach (@t) { + my $sub = $_; + unless (/::/) { + $sub = ref($self) . "::$_"; + } + else { + s/^.*:://; + } + next if ( $self->can($_) ); + eval "sub $_ { + return $sub( '$self->{portal}', \@_ ); + }"; + print STDERR $@ if ($@); + } + $safe->share( '$self', '&encode_base64', @t ); + return $safe; +} + #################### # SOAP subroutines # #################### @@ -571,8 +598,7 @@ sub setMacros { unless ( $self->getConf(@_) ); while ( my ( $n, $e ) = each( %{ $self->{macros} } ) ) { $e =~ s/\$(\w+)/\$self->{sessionInfo}->{$1}/g; - $safe->share( '$self', '&encode_base64' ); - $self->{sessionInfo}->{$n} = $safe->reval($e); + $self->{sessionInfo}->{$n} = $self->safe->reval($e); } PE_OK; } @@ -590,8 +616,7 @@ sub setGroups { $expr =~ s/\$(\w+)/\$self->{sessionInfo}->{$1}/g; # TODO : custom Functions - $safe->share( '$self', '&encode_base64' ); - $groups .= "$group " if ( $safe->reval($expr) ); + $groups .= "$group " if ( $self->safe->reval($expr) ); } if ( $self->{ldapGroupBase} ) { my $mesg = $self->{ldap}->search(