dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4ad93eab3e
lemonldap-ng/modules/lemonldap-portal/lib/Lemonldap/Portal/LoginDAC.pm
Clément Oudot 50727aa3f6 Initial import from SF and other sources
2006-12-18 11:32:33 +00:00

294 lines
8.5 KiB
Perl
Executable File
Raw Blame History

package Lemonldap::Portal::LoginDAC;
use strict;
use warnings;
use Lemonldap::Config::Parameters;
use Lemonldap::Portal::Standard;
use Apache2::Const;
use Data::Dumper;
use Template;
use URI::Escape;
use CGI ':cgi-lib';
use Apache::Session::Memorycached;
use MIME::Base64;
use Encode qw(encode);
use Sys::Hostname;
our $VERSION = '3.0.0';
my $client_addr;
my $SessCacheRefreshPeriod;
my $Stack_User;
my $LdapUserAttributes;
my $Major;
my $AccessPolicy;
#my $MyApplicationXmlFile;
my $Ldap_Search_Attributes;
my $MyDomain;
my $LoginPage;
my $RedirectPage;
my $Parameters;
my $Conf_Domain;
my $Login_Url;
my $IpCheck;
my $Ldap_Server;
my $Ldap_Branch_People;
my $Ldap_Dn_Manager;
my $Ldap_Pass_Manager;
my $Ldap_Port;
my @attrs;
my @base;
my $MemcachedServer;
my $CookieName;
my $InactivityTimeout;
my $Encryptionkey;
my $Menu;
my $MemcachedSessionId;
my $SessionParams;
my $DacHostname;
my $Messages = {
1 =>
'Votre connexion a expiré vous devez vous authentifier de nouveau',
2 =>
'Les champs "Identifiant" et "Mot de passe&quot doivent être remplis',
3 => 'Wrong directory manager account or password',
4 => 'n\'a pas été trouvé dans l\'annuaire',
5 => 'Mot de passe erroné',
6 =>
'Votre adresse IP a été modifié. Vous devez vous authentifier de nouveau',
7 => 'Serveral Entries found on ldap server for this user',
8 => 'Bad connection to ldap server',
};
sub default {
my $Entry = shift;
my $Session = shift;
my @ProfilApplicatif = $Entry->get_value('profilapplicatif');
foreach my $Ligne (@ProfilApplicatif) {
my ( $Arg1, $Arg2, $Arg3 ) = ( $Ligne =~ /^(.+?);(.+?);(.+)/ );
$Arg1 =~ s/ //g;
$Session->{$Major}{ lc($Arg1) } = $Arg2;
}
}
sub My_Session {
my $self = shift;
my $AccessRule = shift;
my %Session;
my $Entry = $self->{entry};
$Session{dn} = $Entry->dn();
$self->{dn} = $Entry->dn();
&{ $self->{AccessPolicy} }( $Entry, \%Session );
if ( defined($client_addr) ) {
$Session{'clientIPAdress'} = $client_addr;
}
if ( defined($SessCacheRefreshPeriod) ) {
$Session{'SessExpTime'} = time() + $SessCacheRefreshPeriod;
}
$self->{infosession} = \%Session;
}
sub handler {
my $r = shift;
my $log = $r->log;
my $connexion = $r->dir_config();
my $conf_httpd =
&Lemonldap::Config::Initparam::init_param_httpd( $log, $connexion );
my $conf_xml = {};
if ( defined $conf_httpd->{CONFIGFILE} ) {
$conf_xml = &Lemonldap::Config::Initparam::init_param_xml($conf_httpd);
}
my $Conf = &Lemonldap::Config::Initparam::merge( $conf_httpd, $conf_xml );
$MyDomain = lc( $Conf->{DOMAIN} );
$LoginPage = $Conf->{LOGINPAGE};
$RedirectPage = $Conf->{REDIRECTPAGE};
$Major = $Conf->{ORGANIZATION};
if ( !defined($Major) ) {
$Major = "authz_headers";
}
$Login_Url = $Conf->{PORTAL};
$AccessPolicy = $Conf->{ACCESSPOLICY};
if ( !defined($AccessPolicy) ) {
$AccessPolicy = 'default';
}
$IpCheck = $Conf->{CLIENTIPCHECK};
$SessCacheRefreshPeriod = $Conf->{SESSCACHEREFRESHPERIOD};
$Ldap_Search_Attributes = $Conf->{LDAPSEARCHATTRIBUTES};
$Ldap_Server = $Conf->{LDAP_SERVER};
$Ldap_Branch_People = $Conf->{LDAP_BRANCH_PEOPLE};
$Ldap_Dn_Manager = $Conf->{DNMANAGER};
$Ldap_Pass_Manager = $Conf->{PASSWORDMANAGER};
$Ldap_Port = $Conf->{LDAP_PORT};
$MemcachedSessionId = $Conf->{SESSIONSTORE};
$CookieName = $Conf->{COOKIE};
$InactivityTimeout = $Conf->{INACTIVITYTIMEOUT};
$Encryptionkey = $Conf->{ENCRYPTIONKEY};
$Menu = $Conf->{MENU};
$LdapUserAttributes = $Conf->{LDAPUSERATTRIBUTES};
if ( defined($LdapUserAttributes) ) {
@attrs = split( /\s+/, $LdapUserAttributes );
}
else {
@attrs = ();
}
my @base = split( /\s*:\s*/, $Ldap_Branch_People );
$MemcachedServer = $Conf->{SERVERS};
if ( $Stack_User->{'AlreadyCreated'} ) {
undef $Stack_User->{'error'};
}
else {
$Stack_User = Lemonldap::Portal::Standard->new(
'msg' => $Messages,
'setSessionInfo' => \&My_Session,
'attrs' => \@attrs,
'base' => \@base,
'AccessPolicy' => \&$AccessPolicy
);
$Stack_User->{'AlreadyCreated'} = "true";
$DacHostname = hostname();
}
my $UrlCode;
my $UrlDecode;
my $Erreur;
my %Params = Vars;
my $Data;
my $Template = Template->new( 'ABSOLUTE' => 1 );
my $Retour = $Stack_User->process(
'param' => \%Params,
'server' => $Ldap_Server,
'port' => $Ldap_Port,
'DnManager' => $Ldap_Dn_Manager,
'passwordManager' => $Ldap_Pass_Manager,
'branch' => $Ldap_Branch_People,
'Attributes' => $Ldap_Search_Attributes
);
my $Message = '';
if ($Retour) {
$Message = $Retour->message;
$Erreur = $Retour->error;
}
if ($Erreur) {
if ( $Erreur == 3 ) {
# Wrong directory manager account or password
$log->error( "LemonLDAP: " . $Message );
return Apache2::Const::SERVER_ERROR;
}
if ( $Erreur == 4 || $Erreur == 5 ) {
# If bad login or password, refresh the login page with no information
$log->info( "LemonLDAP: " . $Message );
$Message = '';
}
# Login Page sending
my $Identifiant = $Retour->user;
( $UrlCode, $UrlDecode ) = $Stack_User->getAllRedirection;
$Data = {
'urlc' => $UrlCode,
'urldc' => $UrlDecode,
'message' => $Message,
'identifiant' => $Identifiant,
'ip' => "DAC : " . $DacHostname
};
print CGI::header();
$Template->process( $LoginPage, $Data ) or die( $Template->error() );
}
else {
# Sending Redirect to Generic
my $MyHashSession = $Retour->infoSession;
if ( defined($SessCacheRefreshPeriod) && defined($InactivityTimeout) ) {
$MemcachedServer->{timeout} =
$SessCacheRefreshPeriod + $InactivityTimeout;
}
my %Session;
tie %Session, 'Apache::Session::Memorycached', undef, $MemcachedServer;
foreach ( keys %{$MyHashSession} ) {
$Session{$_} = $MyHashSession->{$_} if $MyHashSession->{$_};
}
if ( defined($SessCacheRefreshPeriod) ) {
$Session{'SessExpTime'} = time() + $SessCacheRefreshPeriod;
}
if ($IpCheck) {
my $connection = $r->connection();
$client_addr = $connection->remote_ip();
$Session{'clientIPAdress'} = $client_addr;
}
my $Session_Id = $Session{'_session_id'};
untie %Session;
# Cookie creation
my $PathCookie = "/";
# Habib Timeout
#Positionnement de la valeur time_end
my $val_test;
if ( defined($InactivityTimeout) && $InactivityTimeout != 0 ) {
my $time_end = time() + $InactivityTimeout;
if ( defined($Encryptionkey) ) {
my $timeout_key = $Encryptionkey;
my $cipher = new Crypt::CBC(
-key => $timeout_key,
-cipher => 'Blowfish',
-iv => 'lemonlda',
-header => 'none'
);
$time_end = $cipher->encrypt_hex($time_end);
}
#Chaine utilise comme separateur entre l'id de session et le time_end
#concatenation des deux valeurs
my $separator = "_";
$val_test = $Session_Id . $separator . $time_end;
}
else {
$val_test = $Session_Id;
}
my $LemonldapCookie = CGI::cookie(
-name => $CookieName,
-value => $val_test,
-domain => "." . $MyDomain,
-path => $PathCookie,
);
$UrlDecode = $Retour->getRedirection();
$UrlDecode = $Menu if ( $UrlDecode eq '' );
$Data = {
'urldc' => $UrlDecode,
'message' => 'Session ' . $Session_Id . $LemonldapCookie
};
print CGI::header(
-Refresh => '0; URL=' . $UrlDecode,
-cookie => $LemonldapCookie
);
}
return Apache2::Const::DONE;
}
1;
Reference in New Issue View Git Blame Copy Permalink