Commit 87b4250d authored by Yadd's avatar Yadd

LEMONLDAP::NG : propagation from build to branches


git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/branches/lemonldap-ng_version_0_9@252 1dbb9719-a921-0410-b57f-c3a383c2c641
parent fce3d205
......@@ -10,17 +10,15 @@ require POSIX;
our $VERSION = '0.85';
our %EXPORT_TAGS = (
localStorage =>
[ qw( $localStorage $localStorageOptions $refLocalStorage ) ],
globalStorage => [ qw( $globalStorage $globalStorageOptions ) ],
localStorage => [qw( $localStorage $localStorageOptions $refLocalStorage )],
globalStorage => [qw( $globalStorage $globalStorageOptions )],
locationRules => [
qw(
$locationCondition $defaultCondition $locationCount
$locationRegexp $apacheRequest $datas $safe $portal
$logout
)
],
import => [ qw( import @EXPORT_OK @EXPORT %EXPORT_TAGS ) ],
import => [qw( import @EXPORT_OK @EXPORT %EXPORT_TAGS )],
headers => [
qw(
$forgeHeaders lmHeaderIn lmSetHeaderIn lmHeaderOut
......@@ -28,9 +26,8 @@ our %EXPORT_TAGS = (
$https $port
)
],
traces => [ qw( $whatToTrace ) ],
apache =>
[ qw( MP OK REDIRECT FORBIDDEN DONE DECLINED SERVER_ERROR ) ],
traces => [qw( $whatToTrace )],
apache => [qw( MP OK REDIRECT FORBIDDEN DONE DECLINED SERVER_ERROR )],
);
our @EXPORT_OK = ();
......@@ -50,7 +47,7 @@ our (
$globalStorage, $globalStorageOptions, $localStorage,
$localStorageOptions, $whatToTrace, $https,
$refLocalStorage, $safe, $cookieSecured,
$logout, $port
$port
);
##########################################
......@@ -124,10 +121,16 @@ BEGIN {
}
sub handler_mp1 ($$) { shift->run(@_) }
sub handler_mp2 : method { shift->run(@_); }
sub handler_mp2 : method {
shift->run(@_);
}
sub logout_mp1 ($$) { shift->unlog(@_) }
sub logout_mp2 : method { shift->unlog(@_); }
sub logout_mp2 : method {
shift->unlog(@_);
}
sub lmLog {
my ( $class, $mess, $level ) = @_;
......@@ -314,16 +317,17 @@ sub conditionSub {
if ( $cond =~ /^accept$/i );
return sub { 0 }
if ( $cond =~ /^deny$/i );
if ( $cond =~ /^logout(?:_sso)?(?:\s+(.*))?$/i ) {
my $url = $1 || $class->encodeUrl ( "/" );
return sub { $logout = $url; return 0 }
if ( $cond =~ /^logout(?:_sso)?(?:\s+(.*))$/i ) {
my $url = $1;
return sub { $datas->{_logout} = $url; return 0 }
}
if( MP() == 2 ) {
if ( MP() == 2 ) {
if ( $cond =~ /^logout_app(?:\s+(.*))?$/i ) {
my $u = $1;
eval 'use Apache2::Filter' unless($INC{"Apache2/Filter.pm"});
eval 'use Apache2::Filter' unless ( $INC{"Apache2/Filter.pm"} );
return sub {
$apacheRequest->add_output_filter(sub {
$apacheRequest->add_output_filter(
sub {
return $class->redirectFilter( $u, @_ );
}
);
......@@ -331,13 +335,18 @@ sub conditionSub {
};
}
elsif ( $cond =~ /^logout_app_sso(?:\s+(.*))?$/i ) {
eval 'use Apache2::Filter' unless($INC{"Apache2/Filter.pm"});
my $u = encode_base64($1);
$u =~ s/[\r\n]//g;
eval 'use Apache2::Filter' unless ( $INC{"Apache2/Filter.pm"} );
my $u = $1;
return sub {
$class->localUnlog;
$apacheRequest->add_output_filter(sub {
return $class->redirectFilter( "$portal?url=$u&logout=1", @_ );
$apacheRequest->add_output_filter(
sub {
return $class->redirectFilter(
"$portal?url="
. $class->encodeUrl($u)
. "&logout=1",
@_
);
}
);
1;
......@@ -433,14 +442,14 @@ sub grant {
# forbidden : used to reject non authorizated requests
sub forbidden {
my $class = shift;
if( $logout ) {
$apacheRequest->headers_out->set(
'Location' => "$portal?url=$logout"
);
return REDIRECT;
if ( $datas->{_logout} ) {
return $class->goToPortal( $datas->{_logout}, 'logout=1' );
}
$class->lmLog(
'The user "' . $datas->{$whatToTrace} . '" was reject when he tried to access to ' . shift,
'The user "'
. $datas->{$whatToTrace}
. '" was reject when he tried to access to '
. shift,
'notice'
);
return FORBIDDEN;
......@@ -457,17 +466,20 @@ sub hideCookie {
sub encodeUrl {
my ( $class, $url ) = @_;
my $u = $url;
if ( $url !~ m#^https?://# ) {
my $portString = $port || $apacheRequest->get_server_port();
$portString =
( $https && $portString == 443 ) ? ''
: ( !$https && $portString == 80 ) ? ''
: ':' . $portString;
my $u =
encode_base64( "http"
$u = "http"
. ( $https ? "s" : "" ) . "://"
. $apacheRequest->get_server_name()
. $portString
. $url );
. $url;
}
$u = encode_base64($u);
$u =~ s/[\r\n\s]//sg;
return $u;
}
......@@ -481,15 +493,16 @@ sub goToPortal() {
. " to portal (url was $url)",
'debug'
);
my $urlc_init = $class->encodeUrl ( $url );
lmSetHeaderOut( $apacheRequest, 'Location' => "$portal?url=$urlc_init" . ( $arg ? "&$arg" : "" ) );
my $urlc_init = $class->encodeUrl($url);
lmSetHeaderOut( $apacheRequest,
'Location' => "$portal?url=$urlc_init" . ( $arg ? "&$arg" : "" ) );
return REDIRECT;
}
# Fetch $id
sub fetchId() {
my $t = lmHeaderIn( $apacheRequest, 'Cookie' );
return ($t =~ /$cookieName=([^; ]+);?/o ) ? $1: 0;
return ( $t =~ /$cookieName=([^; ]+);?/o ) ? $1 : 0;
}
# MAIN SUBROUTINE called by Apache (using PerlHeaderParserHandler option)
......@@ -498,7 +511,8 @@ sub run ($$) {
( $class, $apacheRequest ) = @_;
return DECLINED unless ( $apacheRequest->is_initial_req );
my $uri = $apacheRequest->uri . ( $apacheRequest->args ? "?" . $apacheRequest->args : "" );
my $uri = $apacheRequest->uri
. ( $apacheRequest->args ? "?" . $apacheRequest->args : "" );
# AUTHENTICATION
# I - recover the cookie
......@@ -538,7 +552,8 @@ sub run ($$) {
# ACCOUNTING
# 1 - Inform Apache
$apacheRequest->connection->user( $datas->{$whatToTrace} ) if( $datas->{$whatToTrace} );
$apacheRequest->connection->user( $datas->{$whatToTrace} )
if ( $datas->{$whatToTrace} );
# AUTHORIZATION
return $class->forbidden($uri) unless ( $class->grant($uri) );
......@@ -586,13 +601,13 @@ sub unprotect {
sub localUnlog {
my $class = shift;
if( my $id = $class->fetchId ) {
if ( my $id = $class->fetchId ) {
# Delete Apache thread datas
if ( $id eq $datas->{_session_id} ) {
$datas = {};
}
# Delete Apache local cache
if( $refLocalStorage and $refLocalStorage->get($id) ) {
if ( $refLocalStorage and $refLocalStorage->get($id) ) {
$refLocalStorage->remove($id);
}
}
......@@ -600,8 +615,7 @@ sub localUnlog {
sub unlog ($$) {
my $class;
$logout = 0;
($class, $apacheRequest ) = @_;
( $class, $apacheRequest ) = @_;
$class->localUnlog;
return $class->goToPortal( '/', 'logout=1' );
}
......@@ -610,13 +624,15 @@ sub redirectFilter {
my $class = shift;
my $url = shift;
my $f = shift;
unless ($f->ctx) {
unless ( $f->ctx ) {
# Here, we can use Apache2 functions instead of lmSetHeaderOut because
# this function is used only with Apache2.
$f->r->status(REDIRECT);
$f->r->status_line("302 Temporary Moved");
$f->r->err_headers_out->set('Location' => $url);
$f->r->err_headers_out->set( 'Location' => $url );
$f->ctx(1);
}
while ($f->read(my $buffer, 1024)) {
while ( $f->read( my $buffer, 1024 ) ) {
}
return REDIRECT;
}
......
......@@ -1359,8 +1359,10 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
=head1 AUTHOR
=encoding utf8
Clement Oudot, E<lt>coudot@linagora.comE<gt>
Mikael Ates, E<lt>mikael.ates@univ-st-etienne.frE<gt>
Mikaël Ates, E<lt>mikael.ates@univ-st-etienne.frE<gt>
Thomas Chemineau, E<lt>tchemineau@linagora.comE<gt>
=head1 BUG REPORT
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment