dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WIP - Append conf. parameters (#1664)

Browse Source
This commit is contained in:
Christophe Maudoux 2019-03-02 23:27:56 +01:00
parent 3bb7f6e664
commit f9db9a0258
4 changed files with 99 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
View File

@ -64,31 +64,35 @@ sub defaultValues {
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
},
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'idSpoofing' => 1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'gpgDb' => '',
'groups' => {},
'handlerInternalCache' => 15,
'hiddenAttributes' => '_password',
'httpOnly' => 1,
'https' => -1,
'idSpoofing' => 1,
'idSpoofingHiddenAttributes' => '_2fDevices _loginHistory',
'idSpoofingPrefix' => 'real_',
'idSpoofingRule' => 1,
'idSpoofingSkipEmptyValues' => 1,
'infoFormMethod' => 'get',
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBGetParameters' => {},
'issuerDBGetPath' => '^/get/',
'issuerDBGetRule' => 1,
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'krbAuthnLevel' => 3,
'krbRemoveDomain' => 1,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapExportedVars' => {
'cn' => 'cn',
'mail' => 'mail',
'uid' => 'uid'

16
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
View File

@ -1199,6 +1199,22 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
'default' => 1,
'type' => 'bool'
},
'idSpoofingHiddenAttributes' => {
'default' => '_2fDevices _loginHistory',
'type' => 'text'
},
'idSpoofingPrefix' => {
'default' => 'real_',
'type' => 'text'
},
'idSpoofingRule' => {
'default' => 1,
'type' => 'boolOrExpr'
},
'idSpoofingSkipEmptyValues' => {
'default' => 1,
'type' => 'bool'
},
'infoFormMethod' => {
'default' => 'get',
'select' => [ {

26
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
View File

@ -443,10 +443,32 @@ sub attributes {
idSpoofing => {
default => 1,
type => 'bool',
documentation => 'Enable Id Spoofing plugin',
documentation => 'Enable IdSpoofing plugin',
flags => 'p',
},
idSpoofingPrefix => {
type => 'text',
default => 'real_',
documentation => 'Prefix to rename real session attributes',
flags => 'p',
},
idSpoofingRule => {
type => 'boolOrExpr',
default => 1,
documentation => 'IdSpoofing activation rule',
},
idSpoofingHiddenAttributes => {
type => 'text',
default => '_2fDevices _loginHistory',
documentation => 'Attributes to skip',
flags => 'p',
},
idSpoofingSkipEmptyValues => {
default => 1,
type => 'bool',
documentation => 'Skip session empty values',
flags => 'p',
},
skipRenewConfirmation => {
type => 'bool',
default => 0,

48
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/IdSpoofing.pm
View File

@ -12,6 +12,11 @@ extends 'Lemonldap::NG::Portal::Main::Plugin';
use constant endAuth => 'run';
sub hAttr {
$_[0]->{conf}->{idSpoofingHiddenAttributes} . ' '
. $_[0]->{conf}->{hiddenAttributes};
}
sub init {1}
# RUNNING METHOD
@ -24,31 +29,36 @@ sub run {
my ( $realSession, $spoofSession ) = ( {}, {} );
my $spk = '';
foreach my $k ( keys %{ $req->{sessionInfo} } ) {
# next unless defined $req->{sessionInfo}->{$k};
$spk = "real_$k";
$realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk");
if ( $self->{conf}->{idSpoofingSkipEmptyValues} ) {
next unless defined $req->{sessionInfo}->{$k};
}
$spk = "$self->{conf}->{idSpoofingPrefix}$k";
unless ( $self->hAttr =~ /\b$k\b/ ) {
$realSession->{$spk} = $req->{sessionInfo}->{$k};
$self->logger->debug("-> Store $k in realSession key: $spk");
}
}
$self->logger->debug( "**** req before " . Data::Dumper::Dumper($req) );
$self->logger->debug( "+++++ realSession " . Data::Dumper::Dumper($realSession) );
$self->logger->debug(
"+++++ realSession " . Data::Dumper::Dumper($realSession) );
$req->{user} = $spoofId;
$spoofSession = $self->_userDatas($req);
$self->logger->debug( "+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) );
$self->logger->debug(
"+++++ spoofSession " . Data::Dumper::Dumper($spoofSession) );
$self->logger->debug( "**** req after " . Data::Dumper::Dumper($req) );
$spoofSession = { %$spoofSession, %$realSession };
$spoofSession = { %$spoofSession, %$realSession };
$self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession " . Data::Dumper::Dumper($spoofSession) );
$self->p->updateSession( $req, $spoofSession );
return PE_OK;
$self->logger->debug( "!!!!!!!!!!!!!!!!!! spoofSession "
. Data::Dumper::Dumper($spoofSession) );
# Main session
#$self->p->updateSession( $req, $spoofSession );
$self->p->updateSession( $req, $spoofSession );
#$self->p->updatePersistentSession( $req, $spoofSession ); #?????
return PE_OK;
}
sub _userDatas {
@ -57,9 +67,11 @@ sub _userDatas {
# Search user in database
$req->steps(
[ 'getUser', 'setSessionInfo',
'setMacros', 'setGroups',
'setPersistentSessionInfo', 'setLocalGroups'
[ 'getUser', 'setSessionInfo',
'setMacros', 'setGroups',
#'setPersistentSessionInfo', 'setLocalGroups'
'setLocalGroups'
]
);
if ( my $error = $self->p->process($req) ) {