Commit 2d2edb61 authored by Yadd's avatar Yadd

Merge experimental branch (#960)

Also update version to 2.0
parent b7e249b4
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "llng-fastcgi-server 1"
.TH llng-fastcgi-server 1 "2016-02-20" "perl v5.22.1" "User Contributed Perl Documentation"
.TH llng-fastcgi-server 1 "2016-03-08" "perl v5.22.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -5,7 +5,6 @@ use strict;
use warnings;
use POSIX;
use Getopt::Std;
use Lemonldap::NG::Handler::SharedConf;
our %opts;
my %_apps;
......@@ -75,9 +74,8 @@ my $app = sub {
};
# Hook for customFunctions initialization
use Lemonldap::NG::Handler::API::PSGI::Server;
$Lemonldap::NG::Handler::API::mode = 'PSGI::Server';
Lemonldap::NG::Handler::SharedConf->init();
use Lemonldap::NG::Handler::PSGI::API;
Lemonldap::NG::Handler::PSGI::API->init();
my $server = Plack::Runner->new();
$server->parse_options(
......
......@@ -10,7 +10,7 @@ build_requires:
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 1
generated_by: 'ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter version 2.150005'
generated_by: 'ExtUtils::MakeMaker version 7.0401, CPAN::Meta::Converter version 2.150005'
license: open_source
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
......@@ -44,5 +44,5 @@ requires:
Net::CIDR::Lite: '0'
SOAP::Lite: '0'
Storable: '0'
version: v1.9.1
version: v2.0.0
x_serialization_backend: 'CPAN::Meta::YAML version 0.012'
package Lemonldap::NG::Common;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
use strict;
......
......@@ -15,7 +15,7 @@ use Lemonldap::NG::Common::Apache::Session::Serialize::JSON;
use Lemonldap::NG::Common::Apache::Session::Store;
use Lemonldap::NG::Common::Apache::Session::Lock;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
sub _load {
my ( $backend, $func ) = @_;
......
......@@ -11,7 +11,7 @@ package Lemonldap::NG::Common::Apache::Session::Generate::SHA256;
use strict;
use Digest::SHA qw(sha256 sha256_hex sha256_base64);
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
sub generate {
my $session = shift;
......
......@@ -8,7 +8,7 @@ package Lemonldap::NG::Common::Apache::Session::SOAP;
use strict;
use SOAP::Lite;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
#parameter proxy Url of SOAP service
#parameter proxyOptions SOAP::Lite options
......
......@@ -3,7 +3,7 @@ package Lemonldap::NG::Common::Apache::Session::Serialize::JSON;
use strict;
use JSON;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
sub serialize {
my $session = shift;
......
package Lemonldap::NG::Common::Apache::Session::Store;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
sub new {
my $class = shift;
......
......@@ -17,7 +17,7 @@ use Net::CIDR::Lite;
#parameter syslog Indicates syslog facility for logging user actions
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our $_SUPER;
our @ISA;
......
......@@ -11,7 +11,7 @@ use SOAP::Transport::HTTP;
use base qw(SOAP::Transport::HTTP::Server);
use bytes;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
## @method protected void DESTROY()
# Call SOAP::Trace::objects().
......
......@@ -7,7 +7,7 @@ package Lemonldap::NG::Common::CGI::SOAPService;
require SOAP::Lite;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
## @cmethod Lemonldap::NG::Common::CGI::SOAPService new(object obj,string @func)
# Constructor
......
......@@ -6,7 +6,7 @@
package Lemonldap::NG::Common::Captcha;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
use strict;
use Lemonldap::NG::Common::Session;
......
......@@ -23,7 +23,7 @@ use Config::IniFiles;
#inherits Lemonldap::NG::Common::Conf::SOAP
#inherits Lemonldap::NG::Common::Conf::LDAP
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our $msg = '';
our $iniObj;
......
......@@ -5,7 +5,7 @@ use utf8;
use JSON;
use Lemonldap::NG::Common::Conf::_DBI;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our @ISA = qw(Lemonldap::NG::Common::Conf::_DBI);
sub store {
......
......@@ -5,7 +5,7 @@ use strict;
use Exporter 'import';
use base qw(Exporter);
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
# CONSTANTS
......
......@@ -5,7 +5,7 @@ use utf8;
use Lemonldap::NG::Common::Conf::Serializer;
use Lemonldap::NG::Common::Conf::_DBI;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our @ISA = qw(Lemonldap::NG::Common::Conf::_DBI);
sub store {
......
# This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand
package Lemonldap::NG::Common::Conf::DefaultValues;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
sub defaultValues {
return {
......
......@@ -5,7 +5,7 @@ use Lemonldap::NG::Common::Conf::Constants; #inherits
use JSON;
use Encode;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our $initDone;
sub Lemonldap::NG::Common::Conf::_lock {
......
......@@ -12,7 +12,7 @@ use Lemonldap::NG::Common::Conf::Constants; #inherits
use Lemonldap::NG::Common::Conf::Serializer;
use Encode;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
BEGIN {
*Lemonldap::NG::Common::Conf::ldap = \&ldap;
......
......@@ -5,7 +5,7 @@ use utf8;
use strict;
use Lemonldap::NG::Common::Conf::Serializer;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our $initDone;
sub prereq {
......
......@@ -5,7 +5,7 @@ use utf8;
use Lemonldap::NG::Common::Conf::Serializer;
use Lemonldap::NG::Common::Conf::_DBI;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our @ISA = qw(Lemonldap::NG::Common::Conf::_DBI);
sub store {
......
......@@ -17,7 +17,7 @@ use XML::Simple;
use Safe;
use Encode;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
## @cmethod Lemonldap::NG::Common::Conf::SAML::Metadata new(hashRef args)
# Class constructor.
......
......@@ -4,7 +4,7 @@ use strict;
use utf8;
use SOAP::Lite;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
#parameter proxy Url of SOAP service
#parameter proxyOptions SOAP::Lite parameters
......
......@@ -6,7 +6,7 @@ use Encode;
use JSON;
use Lemonldap::NG::Common::Conf::Constants;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
BEGIN {
*Lemonldap::NG::Common::Conf::normalize = \&normalize;
......
......@@ -5,7 +5,7 @@ use utf8;
use DBI;
use Lemonldap::NG::Common::Conf::Constants; #inherits
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our @ISA = qw(Lemonldap::NG::Common::Conf::Constants);
our ( @EXPORT, %EXPORT_TAGS );
......
......@@ -14,7 +14,7 @@ use MIME::Base64;
use Digest::MD5 qw(md5);
use bytes;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our $msg;
......
......@@ -15,7 +15,7 @@ use Scalar::Util 'weaken';
#inherits Lemonldap::NG::Common::Notification::DBI
#inherits Lemonldap::NG::Common::Notification::File
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our ( $msg, $parser );
## @cmethod Lemonldap::NG::Common::Notification new(hashref storage)
......
......@@ -10,7 +10,7 @@ use Time::Local;
use DBI;
use utf8;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
## @method boolean prereq()
# Check if DBI parameters are set.
......
......@@ -8,7 +8,7 @@ package Lemonldap::NG::Common::Notification::File;
use strict;
use MIME::Base64;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
## @method boolean prereq()
# Check if parameters are set and if storage directory exists.
......
......@@ -12,7 +12,7 @@ use MIME::Base64;
use Net::LDAP;
use utf8;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
## @method boolean prereq()
# Check if LDAP parameters are set.
......
......@@ -6,7 +6,7 @@ use JSON;
use Lemonldap::NG::Common::PSGI::Constants;
use Lemonldap::NG::Common::PSGI::Request;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our $_json = JSON->new->allow_nonref;
......
......@@ -4,7 +4,7 @@ use strict;
use Exporter 'import';
use base qw(Exporter);
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
# CONSTANTS
......
......@@ -5,7 +5,7 @@ use Mouse;
use JSON;
use URI::Escape;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
# http :// server / path ? query # fragment
# m|(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?|;
......
......@@ -4,7 +4,7 @@ use Mouse;
use Lemonldap::NG::Common::PSGI;
use Lemonldap::NG::Common::PSGI::Constants;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
extends 'Lemonldap::NG::Common::PSGI';
......
......@@ -10,7 +10,7 @@ use base qw(Safe);
use constant SAFEWRAP => ( Safe->can("wrap_code_ref") ? 1 : 0 );
use Scalar::Util 'weaken';
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
our $self; # Safe cannot share a variable declared with my
......
......@@ -11,7 +11,7 @@ use MIME::Base64;
#use AutoLoader qw(AUTOLOAD);
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
# Set here all the names of functions that must be available in Safe objects.
# Not that only functions, not methods, can be written here
......
......@@ -6,7 +6,7 @@
package Lemonldap::NG::Common::Session;
our $VERSION = '1.9.1';
our $VERSION = '2.0.0';
use Mouse;
use Lemonldap::NG::Common::Apache::Session;
......
......@@ -5,35 +5,34 @@ example/MyHandlerLog4Perl.pm
example/scripts/purgeLocalCache
example/scripts/purgeLocalCache.cron.d
lib/Lemonldap/NG/Handler.pm
lib/Lemonldap/NG/Handler/API.pm
lib/Lemonldap/NG/Handler/API/ApacheMP1.pm
lib/Lemonldap/NG/Handler/API/ApacheMP2.pm
lib/Lemonldap/NG/Handler/ApacheMP2.pm
lib/Lemonldap/NG/Handler/API/CGI.pm
lib/Lemonldap/NG/Handler/API/ExperimentalNginx.pm
lib/Lemonldap/NG/Handler/API/PSGI.pm
lib/Lemonldap/NG/Handler/API/PSGI/Server.pm
lib/Lemonldap/NG/Handler/AuthBasic.pm
lib/Lemonldap/NG/Handler/CGI.pm
lib/Lemonldap/NG/Handler/Main.pm
lib/Lemonldap/NG/Handler/Main/Init.pm
lib/Lemonldap/NG/Handler/Main/Jail.pm
lib/Lemonldap/NG/Handler/Main/Logger.pm
lib/Lemonldap/NG/Handler/Main/Reload.pm
lib/Lemonldap/NG/Handler/Main/Run.pm
lib/Lemonldap/NG/Handler/Main/SharedVariables.pm
lib/Lemonldap/NG/Handler/Menu.pm
lib/Lemonldap/NG/Handler/Nginx.pm
lib/Lemonldap/NG/Handler/PSGI.pm
lib/Lemonldap/NG/Handler/PSGI/API.pm
lib/Lemonldap/NG/Handler/PSGI/API/Server.pm
lib/Lemonldap/NG/Handler/PSGI/Base.pm
lib/Lemonldap/NG/Handler/PSGI/Router.pm
lib/Lemonldap/NG/Handler/PSGI/Server.pm
lib/Lemonldap/NG/Handler/Reload.pm
lib/Lemonldap/NG/Handler/SecureToken.pm
lib/Lemonldap/NG/Handler/SharedConf.pm
lib/Lemonldap/NG/Handler/Specific/AuthBasic.pm
lib/Lemonldap/NG/Handler/Specific/SecureToken.pm
lib/Lemonldap/NG/Handler/Specific/ZimbraPreAuth.pm
lib/Lemonldap/NG/Handler/Status.pm
lib/Lemonldap/NG/Handler/ZimbraPreAuth.pm
Makefile.PL
MANIFEST This list of files
META.yml
README
t/01-Lemonldap-NG-Handler-Main.t
t/02-Lemonldap-NG-Handler-Main-Portal.t
t/05-Lemonldap-NG-Handler-Reload.t
t/10-Lemonldap-NG-Handler-SharedConf.t
t/12-Lemonldap-NG-Handler-Jail.t
......
......@@ -14,7 +14,7 @@ build_requires:
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 1
generated_by: 'ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter version 2.150005'
generated_by: 'ExtUtils::MakeMaker version 7.0401, CPAN::Meta::Converter version 2.150005'
license: open_source
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
......@@ -37,5 +37,5 @@ requires:
Lemonldap::NG::Common: v1.9.0
Mouse: '0'
URI: '0'
version: v1.9.1
version: v2.0.0
x_serialization_backend: 'CPAN::Meta::YAML version 0.012'
## @file
# Handler module
## @class
# Handler module
package Lemonldap::NG::Handler;
our $VERSION = '1.9.1';
use Lemonldap::NG::Handler::SharedConf;
@ISA = qw(Lemonldap::NG::Handler::SharedConf);
sub handler {
my ( $class, $request ) = ( __PACKAGE__, shift );
Lemonldap::NG::Handler::API->newRequest($request);
$class->run();
}
sub logout {
my ( $class, $request ) = ( __PACKAGE__, shift );
Lemonldap::NG::Handler::API->newRequest($request);
$class->unlog();
}
use base 'Lemonldap::NG::Handler::ApacheMP2';
sub status($$) {
my ( $class, $request ) = @_;
Lemonldap::NG::Handler::API->newRequest($request);
$class->SUPER::status();
}
__PACKAGE__->init();
our $VERSION = '2.0.0';
1;
......@@ -40,294 +14,15 @@ __END__
=head1 NAME
Lemonldap::NG::Handler - The Apache protection module part of
Lemonldap::NG Web-SSO system.
=head1 SYNOPSIS
=head2 Configure Apache
Call Handler in /apache-dir/conf/httpd.conf:
# Load your package
PerlRequire /My/File
# TOTAL PROTECTION
PerlHeaderParserHandler Lemonldap::NG::Handler::DefaultHandler
# OR SELECTED AREA
<Location /protected-area>
PerlHeaderParserHandler Lemonldap::NG::Handler::DefaultHandler
</Location>
The configuration is loaded only at Apache start. Create an URI to force
configuration reload, so you don't need to restart Apache at each change:
# /apache-dir/conf/httpd.conf
<Location /location/that/I/ve/choosed>
Order deny,allow
Deny from all
Allow from my.manager.com
PerlHeaderParserHandler Lemonldap::NG::Handler::DefaultHandler->refresh
</Location>
To display the status page, add something like this :
<Location /status>
Order deny,allow
Allow from 10.1.1.0/24
Deny from all
PerlHeaderParserHandler Lemonldap::NG::Handler::DefaultHandler->status
</Location>
Lemonldap::NG::Handler - The Apache protection module part of Lemonldap::NG Web-SSO system.
=head1 DESCRIPTION
Lemonldap::NG is a modular Web-SSO based on Apache::Session modules. It
simplifies the build of a protected area with a few changes in the application.
It manages both authentication and authorization and provides headers for
accounting. So you can have a full AAA protection for your web space as
described below.
The Apache module part works both with Apache 1.3.x and 2.x ie mod_perl 1 and 2
but B<not with mod_perl 1.99>.
=head2 Authentication, Authorization, Accounting
=head3 B<Authentication>
If a user isn't authenticated and attempts to connect to an area protected by a
Lemonldap::NG compatible handler, he is redirected to a portal. The portal
authenticates user with a ldap bind by default, but you can also use another
authentication sheme like using x509 user certificates (see
L<Lemonldap::NG::Portal::AuthSSL> for more).
Lemonldap::NG use session cookies generated by L<Apache::Session> so as secure
as a 128-bit random cookie. You may use the C<securedCookie> options of
L<Lemonldap::NG::Portal> to avoid session hijacking.
You have to manage life of sessions by yourself since Lemonldap::NG knows
nothing about the L<Apache::Session> module you've choosed, but it's very easy
using a simple cron script because L<Lemonldap::NG::Portal> stores the start
time in the C<_utime> field.
By default, a session stay 10 minutes in the local storage, so in the worth
case, a user is authorized 10 minutes after he lost his rights.
=head3 B<Authorization>
Authorization is controlled only by handlers because the portal knows nothing
about the way the user will choose. When configuring your Web-SSO, you have to:
=over
=item * choose the ldap attributes you want to use to manage accounting and
authorization (see C<exportedHeaders> parameter in L<Lemonldap::NG::Portal>
documentation).
=item * create Perl expressions to define user groups (using ldap attributes)