dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into manager-SFA-module

Browse Source
This commit is contained in:
Christophe Maudoux 2018-03-14 22:09:45 +01:00
commit e3b839ee95
33 changed files with 188 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
COPYING
View File

@ -13,7 +13,7 @@ Copyright: 2005-2018, Xavier Guimard <x.guimard@free.fr>
2012-2015, David Coutadeur <david.coutadeur@gmail.com>
2018, Christophe Maudoux <chrmdx@gmail.com>
2006-2015, LINAGORA <info@linagora.com>
2015-2017, Savoir-faire Linux <contac@savoirfairelinux.com>
2015-2018, Savoir-faire Linux <contac@savoirfairelinux.com>
License: GPL-2+
Files: lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/PAM.pm

6
RELEASE
View File

@ -21,6 +21,12 @@ Before release
--------------
- Update documentation:
$ ./script/parameters-for-wiki.pl >/tmp/prmlist.txt
Replace https://lemonldap-ng.org/documentation/X.X/parameterlist by
/tmp/prmlist.txt content
$ make documentation
- Translate documentation

1
TODO-2.0.md
View File

@ -1,3 +1,4 @@
* Minimal authn level system (choice only)
* (2ndF/OTP mail)
* Combination/Choice for password (using session data)

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Cli.pm
View File

@ -46,7 +46,7 @@ Log : $conf->{cfgLog}
sub updateCache {
my $self = shift;
my $conf = $self->confAccess->getConf( { noCache => 1, raw => 1 } );
my $conf = $self->confAccess->getConf( { noCache => 2 } );
die "Must not be launched as root" unless ($>);
print STDERR
qq{Cache updated to configuration $conf->{cfgNum} for user $>\n};

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm
View File

@ -200,7 +200,7 @@ sub getConf {
# Store modified configuration in cache
$self->setLocalConf($r)
if ( $self->{refLocalStorage}
and not( $args->{noCache} or $args->{raw} ) );
and not( $args->{noCache} == 1 or $args->{raw} ) );
}
}

2
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/RESTServer.pm
View File

@ -211,7 +211,7 @@ sub virtualHosts {
}
return $self->sendJSONresponse( $req, $resp );
}
elsif ( $query =~ /^vhost(?:(?:Aliase|Http)s|Maintenance|Port|Type)$/ ) {
elsif ( $query =~ qr/^$virtualHostKeys$/o ) {
$self->logger->debug("Query for $vh/$query key");
# TODO: verify how this is done actually

7
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm
View File

@ -98,10 +98,11 @@ sub unserialize {
unless ( utf8::is_utf8($v) ) {
$v = encode( 'UTF-8', $v );
}
$conf->{$k} =
( $v =~ /./
$conf->{$k} = (
$v =~ /./
? eval { from_json( $v, { allow_nonref => 1 } ) }
: {} );
: {}
);
if ($@) {
$Lemonldap::NG::Common::Conf::msg .=
"Unable to decode $k, switching to old format.\n";

8
lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
View File

@ -90,8 +90,12 @@ sub init {
$self->defaultRoute( $working[0]->defaultRoute );
# Find out more glyphicones at https://www.w3schools.com/icons/bootstrap_icons_glyphicons.asp
my $linksIcons =
{ 'conf' => 'cog', 'sessions' => 'duplicate', 'notifications' => 'bell', '2ndFA' => 'wrench' };
my $linksIcons = {
'conf' => 'cog',
'sessions' => 'duplicate',
'notifications' => 'bell',
'2ndFA' => 'wrench'
};
$self->links( [] );
for ( my $i = 0 ; $i < @links ; $i++ ) {

4
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
View File

@ -62,7 +62,6 @@ sub addRoutes {
$self->{hiddenAttributes} //= "_password";
}
###################
# II. 2FA METHODS #
###################
@ -84,7 +83,7 @@ sub delete2FAKey {
return $self->deleteTOTPKey( $req, $session, $skey );
}
else {
return $self->sendError( $req, undef, 666 );
return $self->sendError( $req, undef, 400 );
}
}
@ -95,7 +94,6 @@ sub add2FAKey {
eval 'use Crypt::U2F::Server::Simple';
if ($@) {
$self->error("Can't load U2F library: $@");
return 0;
}

60
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -227,7 +227,7 @@ sub attributes {
},
localStorageOptions => {
type => 'keyTextContainer',
documentation => 'Local cache',
documentation => 'Local cache parameters',
flags => 'hmp',
},
cfgNum => {
@ -824,7 +824,7 @@ sub attributes {
localSessionStorage => {
type => 'PerlModule',
default => 'Cache::FileCache',
documentation => 'Sessions cache module',
documentation => 'Local sessions cache module',
},
localSessionStorageOptions => {
type => 'keyTextContainer',
@ -1411,8 +1411,12 @@ sub attributes {
},
# CAS IDP
casAttr => { type => 'text', },
casAttributes => { type => 'keyTextContainer', },
casAttr =>
{ type => 'text', documentation => 'Pivot attribute for CAS', },
casAttributes => {
type => 'keyTextContainer',
documentation => 'CAS exported attributes',
},
casAccessControlPolicy => {
type => 'select',
select => [
@ -1423,9 +1427,13 @@ sub attributes {
default => 'none',
documentation => 'CAS access control policy',
},
casStorage => { type => 'PerlModule', },
casStorage => {
type => 'PerlModule',
documentation => 'Apache::Session module to store CAS user data',
},
casStorageOptions => {
type => 'keyTextContainer',
documentation => 'Apache::Session module parameters',
},
issuerDBCASActivation => {
default => 0,
@ -1444,7 +1452,10 @@ sub attributes {
},
# Partners
casAppMetaDataOptions => { type => 'subContainer', },
casAppMetaDataOptions => {
type => 'subContainer',
documentation => 'Root of CAS app options',
},
casAppMetaDataExportedVars => {
type => 'keyTextContainer',
default => { cn => 'cn', mail => 'mail', uid => 'uid', },
@ -1605,8 +1616,14 @@ sub attributes {
type => 'bool',
documentation => 'SAML force metadata UTF8 conversion',
},
samlStorage => { type => 'PerlModule', },
samlStorageOptions => { type => 'keyTextContainer', },
samlStorage => {
type => 'PerlModule',
documentation => 'Apache::Session module to store SAML user data',
},
samlStorageOptions => {
type => 'keyTextContainer',
documentation => 'Apache::Session module parameters',
},
samlAuthnContextMapPassword => {
type => 'int',
default => 2,
@ -2231,9 +2248,12 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => 'find',
documentation => '"deref" param of Net::LDAP::search()',
},
mailLDAPFilter => { type => 'text', },
LDAPFilter => { type => 'text', },
AuthLDAPFilter => { type => 'text', },
mailLDAPFilter =>
{ type => 'text', documentation => 'LDAP filter for mail search' },
LDAPFilter =>
{ type => 'text', documentation => 'Default LDAP filter' },
AuthLDAPFilter =>
{ type => 'text', documentation => 'LDAP filter for auth search' },
ldapGroupRecursive => {
default => 0,
type => 'bool',
@ -2312,7 +2332,10 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => { cn => 'cn', mail => 'mail', uid => 'uid', },
documentation => 'CAS exported variables',
},
casSrvMetaDataOptions => { type => 'subContainer', },
casSrvMetaDataOptions => {
type => 'subContainer',
documentation => 'Root of CAS server options',
},
casSrvMetaDataOptionsGateway => { type => 'bool', },
casSrvMetaDataOptionsProxiedServices => {
type => 'keyTextContainer',
@ -2385,7 +2408,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
ns =>
'http://auth.example.com/Lemonldap/NG/Common/PSGI/SOAPService',
},
documentation => 'Demo exported variables',
documentation => 'Apache::Session module parameters',
},
# Proxy
@ -2649,6 +2672,7 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
{ k => 'Custom', v => 'customModule' },
]
],
documentation => 'Hash list of Choice strings',
},
# Combination
@ -2831,8 +2855,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
default => 0,
documentation => 'OpenID Connect allow hybrid flow',
},
oidcStorage => { type => 'PerlModule', },
oidcStorageOptions => { type => 'keyTextContainer', },
oidcStorage => {
type => 'PerlModule',
documentation => 'Apache::Session module to store OIDC user data',
},
oidcStorageOptions => {
type => 'keyTextContainer',
documentation => 'Apache::Session module parameters',
},
# OpenID Connect metadata nodes
oidcOPMetaDataNodes => {

23
lemonldap-ng-manager/site/coffee/manager.coffee
View File

@ -342,16 +342,7 @@ llapp.controller 'TreeCtrl', [
$scope.showModal('prompt.html', name).then ->
n= $scope.result
if n
node = $scope.addTemplateNode n, 'virtualHost'
delete node.nodes[0].cnodes
node.nodes[0].nodes = [
id: "virtualHosts/new__#{n}/locationRules/default",
type: "rule",
title: "default",
comment: "",
re: "default",
data: "deny"
]
$scope.addTemplateNode n, 'virtualHost'
$scope.duplicateVhost = ->
name = if $scope.domain then ".#{$scope.domain.data}" else '.example.com'
@ -398,10 +389,22 @@ llapp.controller 'TreeCtrl', [
title: name
type: type
nodes: templates type, "new__#{name}"
setDefault t.nodes
cs.$modelValue.nodes.push t
cs.expand()
return t
setDefault = (node) ->
for n in node
if n.cnodes and n.default
delete n.cnodes
n._nodes = n.default
if n._nodes
setDefault n._nodes
else if n.default or n.default == 0
n.data = n.default
node
_getAll = (node) ->
d = $q.defer()
d2 = $q.defer()

36
lemonldap-ng-manager/site/htdocs/static/js/manager.js
View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.10.0
// Generated by CoffeeScript 1.12.7
/*
LemonLDAP::NG Manager client
@ -23,7 +23,7 @@ This file contains:
llapp.controller('TreeCtrl', [
'$scope', '$http', '$location', '$q', '$uibModal', '$translator', '$cookies', '$htmlParams', function($scope, $http, $location, $q, $uibModal, $translator, $cookies, $htmlParams) {
var _checkSaveResponse, _download, _getAll, _stoggle, c, id, pathEvent, readError, setHelp;
var _checkSaveResponse, _download, _getAll, _stoggle, c, id, pathEvent, readError, setDefault, setHelp;
$scope.links = window.links;
$scope.menu = $htmlParams.menu;
$scope.menulinks = window.menulinks;
@ -405,21 +405,10 @@ This file contains:
field: 'hostname'
};
return $scope.showModal('prompt.html', name).then(function() {
var n, node;
var n;
n = $scope.result;
if (n) {
node = $scope.addTemplateNode(n, 'virtualHost');
delete node.nodes[0].cnodes;
return node.nodes[0].nodes = [
{
id: "virtualHosts/new__" + n + "/locationRules/default",
type: "rule",
title: "default",
comment: "",
re: "default",
data: "deny"
}
];
return $scope.addTemplateNode(n, 'virtualHost');
}
});
};
@ -479,10 +468,27 @@ This file contains:
type: type,
nodes: templates(type, "new__" + name)
};
setDefault(t.nodes);
cs.$modelValue.nodes.push(t);
cs.expand();
return t;
};
setDefault = function(node) {
var len, n, o;
for (o = 0, len = node.length; o < len; o++) {
n = node[o];
if (n.cnodes && n["default"]) {
delete n.cnodes;
n._nodes = n["default"];
}
if (n._nodes) {
setDefault(n._nodes);
} else if (n["default"] || n["default"] === 0) {
n.data = n["default"];
}
}
return node;
};
_getAll = function(node) {
var d, d2;
d = $q.defer();

2
lemonldap-ng-manager/site/htdocs/static/js/manager.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
lemonldap-ng-manager/site/htdocs/static/js/sessions.js
View File

@ -1,4 +1,4 @@
// Generated by CoffeeScript 1.9.3
// Generated by CoffeeScript 1.12.7
/*
* Session explorer

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/REST.pm
View File

@ -106,10 +106,11 @@ sub verify {
# Prepare args
my $args;
foreach my $k ( keys %{ $self->{vrfyAttrs} } ) {
$args->{$k} =
( $k eq 'code'
$args->{$k} = (
$k eq 'code'
? $code
: $req->sessionInfo->{ $self->{vrfyAttrs}->{$k} } );
: $req->sessionInfo->{ $self->{vrfyAttrs}->{$k} }
);
}
# Launch REST request

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/TOTP.pm
View File

@ -140,21 +140,13 @@ sub selfRegister {
# Get or generate master key
elsif ( $action eq 'unregister' ) {
$self->p->updatePersistentSession( $req,
{ _totp2fSecret => '' }
);
$self->p->updatePersistentSession( $req, { _totp2fSecret => '' } );
$self->userLogger->notice('TOTP unregistration succeed');
return [ 200, [ 'Content-Type' => 'application/json' ],
['{"result":1}'] ];
}
}
1;

7
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
View File

@ -82,10 +82,8 @@ sub run {
}
);
$self->userLogger->notice('U2F key unregistration succeed');
return [
200, [ 'Content-Type' => 'application/json' ],
['{"result":1}']
];
return [ 200, [ 'Content-Type' => 'application/json' ],
['{"result":1}'] ];
my $err = Crypt::U2F::Server::Simple::lastError();
$self->userLogger->warn("U2F Unregistration failed: $err");
return $self->p->sendError( $req, $err, 200 );
@ -117,6 +115,7 @@ sub run {
}
my $res =
( $req->datas->{crypter}->authenticationVerify($resp) ? 1 : 0 );
#$self->userLogger->notice("res=$res");
return [
200, [ 'Content-Type' => 'application/json' ],

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
View File

@ -85,6 +85,7 @@ sub verify {
return $self->fail($req);
}
$self->logger->debug("Get challenge: $challenge");
#eval { $challenge = JSON::from_json($challenge)->{challenge} };
if ( not $req->datas->{crypter}->setChallenge($challenge) ) {
$self->logger->error(

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Combination.pm
View File

@ -177,8 +177,7 @@ sub try {
# On error, restart authentication with next scheme
if ( $res > PE_OK ) {
$self->logger->info(
qq'Scheme "$name" returned $res, trying next');
$self->logger->info(qq'Scheme "$name" returned $res, trying next');
$req->datas->{dataKeep}->{combinationTry}++;
$req->steps( [ @{ $req->datas->{combinationSteps} } ] );
$req->continue(1);

11
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
View File

@ -33,6 +33,13 @@ sub init {
sub extractFormInfo {
my ( $self, $req ) = @_;
if ( $req->datas->{_krbUser} ) {
$self->logger->debug( 'Kerberos ticket already validated for '
. $req->datas->{_krbUser} );
return PE_OK;
}
my $auth = $req->env->{HTTP_AUTHORIZATION};
unless ($auth) {
@ -138,7 +145,7 @@ sub extractFormInfo {
return PE_ERROR;
}
$self->userLogger->notice("$client_name authentified by Kerberos");
$req->{_krbUser} = $client_name;
$req->datas->{_krbUser} = $client_name;
if ( $self->conf->{krbRemoveDomain} ) {
$client_name =~ s/^(.*)@.*$/$1/;
}
@ -157,7 +164,7 @@ sub authLogout {
sub setAuthSessionInfo {
my ( $self, $req ) = @_;
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{krbAuthnLevel};
$req->{sessionInfo}->{_krbUser} = $req->{_krbUser};
$req->{sessionInfo}->{_krbUser} = $req->datas->{_krbUser};
PE_OK;
}

10
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
View File

@ -901,7 +901,7 @@ sub token {
unless ($codeSession) {
$self->logger->error("Unable to find OIDC session $code");
$self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
# Check we have the same redirect_uri value
@ -909,7 +909,7 @@ sub token {
{
$self->userLogger->error( "Provided redirect_uri is different from "
. $codeSession->{redirect_uri} );
$self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
# Get user identifier
@ -921,7 +921,7 @@ sub token {
$self->userLogger->error(
"Unable to find user session linked to OIDC session $code");
$codeSession->remove();
$self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
my $user_id_attribute =
@ -947,7 +947,7 @@ sub token {
$self->userLogger->error(
"Unable to create OIDC session for access_token");
$codeSession->remove();
$self->p->sendError( $req, 'invalid_request', 400 );
return $self->p->sendError( $req, 'invalid_request', 400 );
}
my $access_token = $accessTokenSession->id;
@ -1102,7 +1102,7 @@ sub registration {
# Check dynamic registration is allowed
unless ( $self->conf->{oidcServiceAllowDynamicRegistration} ) {
$self->logger->error("Dynamic registration is not allowed");
$self->p->sendError( $req, 'server_error' );
return $self->p->sendError( $req, 'server_error' );
}
# Get client metadata

1
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
View File

@ -97,6 +97,7 @@ sub bind {
unless ($self->ldap
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
{
$self->ldap->DESTROY if ( $self->ldap );
$self->ldap( $self->newLdap );
}
return undef unless ( $self->ldap );

14
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenID/SREG.pm
View File

@ -189,13 +189,21 @@ sub sregHook {
# For optional parameters: checkboxes are displayed
foreach my $k (@opt) {
utf8::decode( $msg{opt}->{$k} );
push @mopt,{k=>$k,m=>$msg{opt}->{$k},c=>( $ag{$k} ? 'checked' : '' )};
push @mopt,
{
k => $k,
m => $msg{opt}->{$k},
c => ( $ag{$k} ? 'checked' : '' )
};
}
$req->datas->{_openIdTrustExtMsg} .= $self->loadTemplate('openIdTrust',params => {
$req->datas->{_openIdTrustExtMsg} .= $self->loadTemplate(
'openIdTrust',
params => {
required => \@mreq,
optional => \@mopt,
});
}
);
$self->logger->debug('Building validation form');
return ( 0, $prm );

3
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/AutoSignin.pm
View File

@ -24,7 +24,8 @@ sub init {
if ( my $rules = $self->conf->{autoSigninRules} ) {
my $safe = Safe->new;
foreach my $id ( sort keys %$rules ) {
my $sub = $safe->reval('sub{my($env)=@_;return ('.$rules->{$id}.')}');
my $sub =
$safe->reval( 'sub{my($env)=@_;return (' . $rules->{$id} . ')}' );
if ($@) {
$self->error( 'Bad Autologin rule "' . $rules->{$id} . ': $@' );
return 0;

8
lemonldap-ng-portal/t/30-SAML-ReAuth-with-choice.t
View File

@ -24,8 +24,12 @@ SKIP: {
skip 'DBD::SQLite not found', $maintests;
}
my $dbh = DBI->connect("dbi:SQLite:dbname=t/userdb.db");
$dbh->do('CREATE TABLE users (user text,password text,name text,uid text,cn text,mail text)');
$dbh->do("INSERT INTO users VALUES ('dwho','dwho','Doctor who','dwho','Doctor who','dwho\@badwolf.org')");
$dbh->do(
'CREATE TABLE users (user text,password text,name text,uid text,cn text,mail text)'
);
$dbh->do(
"INSERT INTO users VALUES ('dwho','dwho','Doctor who','dwho','Doctor who','dwho\@badwolf.org')"
);
# Initialization
ok( $issuer = issuer(), 'Issuer portal' );

1
lemonldap-ng-portal/t/36-Combination-Kerberos-or-Demo.t
View File

@ -41,6 +41,7 @@ SKIP: {
ok( $res = $client->_get( '/', accept => 'text/html' ), 'Simple access' );
ok( $res->[2]->[0] =~ /script.*kerberos\.js/s, 'Found Kerberos JS' );
my ( $host, $url, $query ) = expectForm( $res, '#' );
# TODO
}
count($maintests);

2
scripts/parameters-for-wiki.pl
View File

@ -7,7 +7,7 @@ require './lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm';
require './lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm';
my $rmg =
"^(?:(?:$Lemonldap::NG::Common::Conf::ReConstants::virtualHostKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::casAppMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::casSrvMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::oidcOPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::oidcRPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::samlIDPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::samlSPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::specialNodeKeys)|(.*Options))\$";
"^(?:(?:$Lemonldap::NG::Common::Conf::ReConstants::virtualHostKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::casAppMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::casSrvMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::oidcOPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::oidcRPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::samlIDPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::samlSPMetaDataNodeKeys)|(?:$Lemonldap::NG::Common::Conf::ReConstants::specialNodeKeys))\$";
$rmg = qr/$rmg/;
my $ignore = qr/^(?:virtualHosts)$/;