Commit 7fdab965 authored by Yadd's avatar Yadd
Browse files

LEMONLDAP::NG : grant system in Menu.pm (not yet tested)

parent b1498320
......@@ -21,6 +21,10 @@ II - LEMONLDAP::NG PORTAL INSTALLATION
--------------------------------------
Package: liblemonldap-ng-portal-perl
WARNING : since version 0.9.3, login form template has change. You have to
change your /var/lib/lemonldap-ng/portal/index.pl file using
/usr/share/doc/liblemonldap-ng-portal-perl/example/index_skin-Debian.pl
liblemonldap-ng-portal-perl installs files named portal-apache.conf and
portal-apache2.conf in /etc/lemonldap-ng/. Include it in apache configuration
and configure it (virtual host has to be adapt). You can also customize
......
......@@ -3,9 +3,9 @@ package Lemonldap::NG::Portal::Menu;
use strict;
use warnings;
use Exporter 'import';
use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Handler::Simple;
use Lemonldap::NG::Portal::SharedConf;
use XML::LibXML;
use Safe;
our $VERSION = '0.01';
......@@ -23,7 +23,7 @@ sub new {
$self->Lemonldap::NG::Portal::Simple::getConf(@_) or die "Unable to get configuration";
# Portal is required
die("Portal object required") unless ( $self->{portalobject} );
die("Portal object required") unless ( $self->{portalObject} );
# Default values
$self->{apps}->{xmlfile} ||= 'apps-list.xml';
......@@ -40,9 +40,9 @@ sub new {
# Gest POST data
my ($newpassword, $confirmpassword, $oldpassword) = (
$self->{portalobject}->param('newpassword'),
$self->{portalobject}->param('confirmpassword'),
$self->{portalobject}->param('oldpassword')
$self->{portalObject}->param('newpassword'),
$self->{portalObject}->param('confirmpassword'),
$self->{portalObject}->param('oldpassword')
);
# Change password (only if newpassword submitted)
......@@ -287,17 +287,6 @@ sub _hideEmptyCategory {
return;
}
# _grant
# Check user's authorization
sub _grant {
my $self = shift;
my ($uri) = @_;
# TODO: implement grant function to behave like the Handler one
return 1;
}
# _changePassword
# Change user's password
sub _changePassword {
......@@ -309,18 +298,18 @@ sub _changePassword {
return PE_PASSWORD_MISMATCH unless ($newpassword eq $confirmpassword);
# Connect to LDAP
$err = &Lemonldap::NG::Portal::Simple::connectLDAP( $self->{portalobject} );
$err = &Lemonldap::NG::Portal::Simple::connectLDAP( $self->{portalObject} );
return $err unless ( $err eq PE_OK );
# Bind with Manager
$err = &Lemonldap::NG::Portal::Simple::bind( $self->{portalobject} );
$err = &Lemonldap::NG::Portal::Simple::bind( $self->{portalObject} );
return $err unless ( $err eq PE_OK );
my $ldap = $self->{portalobject}->{ldap};
my $dn = &Lemonldap::NG::Portal::Simple::getSessionInfo( $self->{portalobject}, "dn");
my $ldap = $self->{portalObject}->{ldap};
my $dn = &Lemonldap::NG::Portal::Simple::getSessionInfo( $self->{portalObject}, "dn");
# First case: no ppolicy
if ( !$self->{portalobject}->{ldapPpolicyControl} ) {
if ( !$self->{portalObject}->{ldapPpolicyControl} ) {
my $mesg = $ldap->modify($dn, replace => { userPassword => $newpassword } );
......@@ -378,19 +367,86 @@ sub _ppolicyWarning {
my $self = shift;
# Grace
if (defined $self->{portalobject}->{ppolicy}->{grace_authentications_remaining} ) {
return ( PE_PP_GRACE, $self->{portalobject}->{ppolicy}->{grace_authentications_remaining} );
if (defined $self->{portalObject}->{ppolicy}->{grace_authentications_remaining} ) {
return ( PE_PP_GRACE, $self->{portalObject}->{ppolicy}->{grace_authentications_remaining} );
}
# Expiration warning
if (defined $self->{portalobject}->{ppolicy}->{time_before_expiration} ) {
return ( PE_PP_EXP_WARNING, $self->{portalobject}->{ppolicy}->{time_before_expiration} );
if (defined $self->{portalObject}->{ppolicy}->{time_before_expiration} ) {
return ( PE_PP_EXP_WARNING, $self->{portalObject}->{ppolicy}->{time_before_expiration} );
}
# Return PE_OK
return ( PE_OK, undef);
}
### ACCESS CONTROL DISPLAY SYSTEM
our($defaultCondition,$locationCondition,$locationRegexp,$cfgNum)=(undef,undef,undef,0);
my $safe = new Safe;
$safe->share( '&encode_base64' );
# _grant
# Check user's authorization
sub _grant {
my $self = shift;
my ($uri) = @_;
my $vhost = ( $uri =~ s#^(?:https?://)?([^/]*)/#/# );
$self->_compileRules() if ( $cfgNum != $self->{portalObject}->{cfgNum} );
return -1 unless ( defined ( $defaultCondition->{$vhost} ) );
for ( my $i = 0 ; $i < @{ $locationRegexp->{$vhost} } ; $i++ ) {
if ( $uri =~ $locationRegexp->{$vhost}->[$i] ) {
return &{ $locationCondition->{$vhost}->[$i] }($self);
}
}
unless ( $defaultCondition->{$vhost} ) {
print STDERR "VirtualHost \"$vhost\" has no configuration";
return 0;
}
return &{ $defaultCondition->{$vhost} }($self);
return 1;
}
sub _compileRules {
my $self = @_;
foreach my $vhost ( keys %{ $self->{portalObject}->{locationRules} } ) {
my $i = 0;
foreach ( keys %{ $self->{locationRules}->{$vhost} } ) {
if ( $_ eq 'default' ) {
$defaultCondition->{$vhost} =
$self->conditionSub(
$self->{locationRules}->{$vhost}->{$_} );
}
else {
$locationCondition->{$vhost}->[$i] =
$self->conditionSub( $self->{locationRules}->{$vhost}->{$_} );
$locationRegexp->{$vhost}->[$i] = qr/$_/;
$i++;
}
}
# Default police
$defaultCondition->{$vhost} = $self->conditionSub('accept')
unless ( $self->{defaultCondition}->{$vhost} );
}
$cfgNum = $self->{portalObject}->{cfgNum};
1;
}
sub conditionSub {
my ( $class, $cond ) = @_;
return sub { 1 }
if ( $cond =~ /^accept$/i );
return sub { 0 }
if ( $cond =~ /^(?:deny$|logout)/i );
$cond =~ s/\$date/&POSIX::strftime("%Y%m%d%H%M%S",localtime())/e;
$cond =~ s/\$(\w+)/\$self->{portalObject}->{sessionInfo}->{$1}/g;
my $sub;
$sub = $safe->reval("sub {my \$self = shift; return ( $cond )}");
return $sub;
}
1;
__END__
......@@ -404,7 +460,7 @@ Lemonldap::NG::Portal::Menu - Enhanced menu to display to authenticated users
use Lemonldap::NG::Portal::Menu;
my $menu = Lemonldap::NG::Portal::Menu->new(
{
portalobject => $portal,
portalObject => $portal,
apps => {
xmlfile => "/var/lib/lemonldap-ng/conf/apps-list.xml",
imgpath => "apps/",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment