##@file # Sympa autologin ##@class # Sympa autologin # # Build Sympa cookie and send it to Sympa package Lemonldap::NG::Handler::SympaAutoLogin; use strict; use Lemonldap::NG::Handler::SharedConf qw(:all); use base qw(Lemonldap::NG::Handler::SharedConf); use Digest::MD5; our $VERSION = '1.1.2'; # Shared variables our ( $sympaSecret, $sympaMailKey ); ## @imethod protected void defaultValuesInit(hashRef args) # Overload defaultValuesInit # @param $args reference to the configuration hash sub defaultValuesInit { my ( $class, $args ) = splice @_; # Sympa secret should be in configuration $sympaSecret = $args->{'sympaSecret'} || $sympaSecret; # If not, try to read it from /etc/lemonldap-ng/sympa.secret if ( !$sympaSecret and -r '/etc/lemonldap-ng/sympa.secret' ) { open S, '/etc/lemonldap-ng/sympa.secret' or die("Unable to open /etc/lemonldap-ng/sympa.secret"); $sympaSecret = join( '', ); close S; $sympaSecret =~ s/[\r\n]//g; } # Sympa mail key $sympaMailKey = $args->{'sympaMailKey'} || $sympaMailKey || "mail"; # Display found values in debug mode $class->lmLog( "sympaSecret: $sympaSecret", 'debug' ); $class->lmLog( "sympaMailKey: $sympaMailKey", 'debug' ); # Delete Sympa parameters delete $args->{'sympaSecret'}; delete $args->{'sympaMailKey'}; # Call main subroutine return $class->SUPER::defaultValuesInit($args); } ## @rmethod Apache2::Const run(Apache2::RequestRec r) # Overload main run method # @param r Current request # @return Apache2::Const value (OK, FORBIDDEN, REDIRECT or SERVER_ERROR) sub run { my $class = shift; my $r = $_[0]; my $ret = $class->SUPER::run(@_); # Continue only if user is authorized return $ret unless ( $ret == OK ); # Fail if no sympaSecret return $class->abort("No Sympa secret configured") unless ($sympaSecret); # Mail value my $mail = $datas->{$sympaMailKey}; # Building Sympa cookie my $tmp = new Digest::MD5; $tmp->reset; $tmp->add( $mail . $sympaSecret ); my $str = "sympauser=$mail:" . substr( unpack( "H*", $tmp->digest ), -8 ); # Get cookie header, removing Sympa cookie if exists (avoid security # problems) and set the new value $tmp = lmHeaderIn( $r, 'Cookie' ); $tmp =~ s/\bsympauser=[^,;]*[,;]?//; $tmp .= $tmp ? ";$str" : $str; $class->lmSetHeaderIn( $r, 'Cookie' => $tmp ); # Return SUPER::run() result return $ret; } 1; __END__ =head1 NAME =encoding utf8 Lemonldap::NG::Handler::SympaAutoLogin - Perl extension to generate Sympa cookie for users authenticated by LemonLDAP::NG =head1 SYNOPSIS package My::Sympa; use Lemonldap::NG::Handler::SympaAutoLogin; @ISA = qw(Lemonldap::NG::Handler::SympaAutoLogin); __PACKAGE__->init ( { # Sympa parameters sympaSecret => 'XXXX', sympaMailKey => 'mail', # See Lemonldap::NG::Handler for more } ); 1; =head1 DESCRIPTION Lemonldap::NG::Handler::SympaAutoLogin is a special Lemonldap::NG handler that generates Sympa cookie for authenticated users. Use it instead of classic Lemonldap::NG::Handler to protect your Sympa web server. You have to set the configuration key containing user email (parameter sympaMailKey) and to store Sympa secret (cookie parameter on Sympa configuration file) in the corresponding configuration parameter (sympaSecret) Edit you Sympa vhost configuration like this: ServerName sympa.example.com # Load Sympa Handler PerlRequire __HANDLERDIR__/MyHandlerSympa.pm PerlHeaderParserHandler My::Sympa =head2 EXPORT See L =head1 SEE ALSO L =head1 AUTHOR =over =item Clement Oudot, Eclem.oudot@gmail.comE =item Xavier Guimard, Ex.guimard@free.frE =back =head1 BUG REPORT Use OW2 system to report bug or ask for features: L =head1 DOWNLOAD Lemonldap::NG is available at L =head1 COPYRIGHT AND LICENSE =over =item Copyright (C) 2009, 2010 by Xavier Guimard, Ex.guimard@free.frE =item Copyright (C) 2010, 2011, 2012 by Clement Oudot, Eclem.oudot@gmail.comE =back This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see L. =cut