Commit 3e2322fe authored by Yadd's avatar Yadd
Browse files
parent ab0b6e71
...@@ -11,10 +11,11 @@ use strict; ...@@ -11,10 +11,11 @@ use strict;
use AutoLoader 'AUTOLOAD'; use AutoLoader 'AUTOLOAD';
use Apache::Session; use Apache::Session;
use base qw(Apache::Session); use base qw(Apache::Session);
use Lemonldap::NG::Common::Apache::Session::Serialize::JSON;
use Lemonldap::NG::Common::Apache::Session::Store; use Lemonldap::NG::Common::Apache::Session::Store;
use Lemonldap::NG::Common::Apache::Session::Lock; use Lemonldap::NG::Common::Apache::Session::Lock;
our $VERSION = '1.4.4'; our $VERSION = '1.5.99';
sub _load { sub _load {
my $backend = shift; my $backend = shift;
...@@ -34,7 +35,6 @@ sub populate { ...@@ -34,7 +35,6 @@ sub populate {
$self = $self->$backend(@_); $self = $self->$backend(@_);
} }
if ( $self->{args}->{jsonSerialize} ) { if ( $self->{args}->{jsonSerialize} ) {
require Lemonldap::NG::Common::Apache::Session::Serialize::JSON;
$self->{serialize} = $self->{serialize} =
\&Lemonldap::NG::Common::Apache::Session::Serialize::JSON::serialize; \&Lemonldap::NG::Common::Apache::Session::Serialize::JSON::serialize;
$self->{unserialize} = $self->{unserialize} =
......
#######################################################
#
# Lemonldap::NG::Common::Apache::Session::Serialize::JSON
# Serializes session objects using JSON
# Copyright(c) 2015 Xavier Guimard (x.guimard@free.fr)
# Distribute under the GPL2 License
#
#######################################################
package Lemonldap::NG::Common::Apache::Session::Serialize::JSON; package Lemonldap::NG::Common::Apache::Session::Serialize::JSON;
use strict; use strict;
...@@ -35,6 +26,8 @@ sub unserialize { ...@@ -35,6 +26,8 @@ sub unserialize {
=head1 NAME =head1 NAME
=encoding utf8
Lemonldap::NG::Common::Apache::Session::Serialize::JSON - Use JSON to zip up data Lemonldap::NG::Common::Apache::Session::Serialize::JSON - Use JSON to zip up data
=head1 SYNOPSIS =head1 SYNOPSIS
...@@ -50,11 +43,54 @@ This module fulfills the serialization interface of Apache::Session. ...@@ -50,11 +43,54 @@ This module fulfills the serialization interface of Apache::Session.
It serializes the data in the session object by use of JSON C<encode_json> It serializes the data in the session object by use of JSON C<encode_json>
and C<decode_json>. The serialized data is UTF-8 text. and C<decode_json>. The serialized data is UTF-8 text.
=head1 AUTHOR
This module was written by Xavier Guimard <x.guimard@free.fr> using other
Apache::Session serializer written by Jeffrey William Baker <jwbaker@acm.org>.
=head1 SEE ALSO =head1 SEE ALSO
L<JSON>, L<Apache::Session> L<JSON>, L<Apache::Session>
=head1 AUTHORS
=over
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
=item François-Xavier Deltombe, E<lt>fxdeltombe@gmail.com.E<gt>
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=item Thomas Chemineau, E<lt>thomas.chemineau@gmail.comE<gt>
=back
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://jira.ow2.org>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
=over
=item Copyright (C) 2015 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=back
This library is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see L<http://www.gnu.org/licenses/>.
=cut
...@@ -10,7 +10,9 @@ package Lemonldap::NG::Common::Conf; ...@@ -10,7 +10,9 @@ package Lemonldap::NG::Common::Conf;
use strict; use strict;
no strict 'refs'; no strict 'refs';
use Lemonldap::NG::Common::Conf::Constants; #inherits use Lemonldap::NG::Common::Conf::Constants; #inherits
use Lemonldap::NG::Common::Conf::Attributes; #inherits
# TODO: don't import this big file, use a proxy
use Lemonldap::NG::Common::Conf::DefaultValues; #inherits
use Lemonldap::NG::Common::Crypto use Lemonldap::NG::Common::Crypto
; #link protected cipher Object "cypher" in configuration hash ; #link protected cipher Object "cypher" in configuration hash
use Config::IniFiles; use Config::IniFiles;
...@@ -20,7 +22,7 @@ use Config::IniFiles; ...@@ -20,7 +22,7 @@ use Config::IniFiles;
#inherits Lemonldap::NG::Common::Conf::SOAP #inherits Lemonldap::NG::Common::Conf::SOAP
#inherits Lemonldap::NG::Common::Conf::LDAP #inherits Lemonldap::NG::Common::Conf::LDAP
our $VERSION = '1.4.4'; our $VERSION = '1.5.99';
our $msg = ''; our $msg = '';
our $iniObj; our $iniObj;
...@@ -108,12 +110,12 @@ sub new { ...@@ -108,12 +110,12 @@ sub new {
# @param $conf Lemonldap::NG configuration hashRef # @param $conf Lemonldap::NG configuration hashRef
# @return Number of the saved configuration, 0 if case of error. # @return Number of the saved configuration, 0 if case of error.
sub saveConf { sub saveConf {
my ( $self, $conf ) = @_; my ( $self, $conf, %args ) = @_;
my $last = $self->lastCfg; my $last = $self->lastCfg;
# If configuration was modified, return an error # If configuration was modified, return an error
if ( not $self->{force} ) { if ( not $args{force} ) {
return CONFIG_WAS_CHANGED if ( $conf->{cfgNum} != $last ); return CONFIG_WAS_CHANGED if ( $conf->{cfgNum} != $last );
return DATABASE_LOCKED if ( $self->isLocked() or not $self->lock() ); return DATABASE_LOCKED if ( $self->isLocked() or not $self->lock() );
} }
...@@ -169,24 +171,31 @@ sub getConf { ...@@ -169,24 +171,31 @@ sub getConf {
else { else {
eval { $r = $self->{refLocalStorage}->get('conf') } if ($>); eval { $r = $self->{refLocalStorage}->get('conf') } if ($>);
$msg = "Warn: $@" if ($@); $msg = "Warn: $@" if ($@);
if ( ref($r) and $r->{cfgNum} == $args->{cfgNum} ) { if ( ref($r)
and $r->{cfgNum}
and $args->{cfgNum}
and $r->{cfgNum} == $args->{cfgNum} )
{
$msg .= $msg .=
"Configuration unchanged, get configuration from cache.\n"; "Configuration unchanged, get configuration from cache.\n";
$args->{noCache} = 1; $args->{noCache} = 1;
} }
else { else {
$r = $self->getDBConf($args); $r = $self->getDBConf($args);
return undef unless ( ref($r) ); return undef unless ( $r->{cfgNum} );
# Adapt some values before storing in local cache # TODO: default values may not be set here
# Get default values unless ( $args->{raw} ) {
my $confAttributes =
Lemonldap::NG::Common::Conf::Attributes->new();
my @attributes = $confAttributes->meta()->get_attribute_list(); # Adapt some values before storing in local cache
# Get default values
my $defaultValues =
Lemonldap::NG::Common::Conf::DefaultValues
->defaultValues();
foreach my $name (@attributes) { foreach my $k ( keys %$defaultValues ) {
$r->{$name} //= $confAttributes->$name; $r->{$k} //= $defaultValues->{$k};
}
} }
# Convert old option useXForwardedForIP into trustedProxies # Convert old option useXForwardedForIP into trustedProxies
...@@ -211,15 +220,20 @@ sub getConf { ...@@ -211,15 +220,20 @@ sub getConf {
# Store modified configuration in cache # Store modified configuration in cache
$self->setLocalConf($r) $self->setLocalConf($r)
if ( $self->{refLocalStorage} and not( $args->{noCache} ) ); if ( $self->{refLocalStorage}
and not( $args->{noCache} or $args->{raw} ) );
} }
} }
# Create cipher object # Create cipher object
eval { $r->{cipher} = Lemonldap::NG::Common::Crypto->new( $r->{key} ); }; unless ( $args->{raw} ) {
if ($@) { eval {
$msg .= "Bad key: $@. \n"; $r->{cipher} = Lemonldap::NG::Common::Crypto->new( $r->{key} );
};
if ($@) {
$msg .= "Bad key: $@. \n";
}
} }
# Return configuration hash # Return configuration hash
...@@ -345,7 +359,8 @@ sub getDBConf { ...@@ -345,7 +359,8 @@ sub getDBConf {
: $a[0]; : $a[0];
} }
my $conf = $self->load( $args->{cfgNum} ); my $conf = $self->load( $args->{cfgNum} );
$msg .= "Get configuration $conf->{cfgNum}.\n"; $msg .= "Get configuration $conf->{cfgNum}.\n"
if ( defined $conf->{cfgNum} );
$self->setLocalConf($conf) $self->setLocalConf($conf)
if ( ref($conf) if ( ref($conf)
and $self->{refLocalStorage} and $self->{refLocalStorage}
...@@ -418,7 +433,7 @@ sub load { ...@@ -418,7 +433,7 @@ sub load {
sub delete { sub delete {
my ( $self, $c ) = @_; my ( $self, $c ) = @_;
my @a = $self->available(); my @a = $self->available();
return 0 unless ( grep {$_ eq $c} @a ); return 0 unless ( grep { $_ eq $c } @a );
return &{ $self->{type} . '::delete' }( $self, $c ); return &{ $self->{type} . '::delete' }( $self, $c );
} }
......
# This file is generated by scripts/jsongenerator.pl. Don't modify it by hand
package Lemonldap::NG::Common::Conf::DefaultValues;
our $VERSION = '1.5.99';
sub defaultValues {
return {
'activeTimer' => 1,
'apacheAuthnLevel' => 4,
'applicationList' => {
'default' => {
'catname' => 'Default category',
'type' => 'category'
}
},
'authentication' => 'Demo',
'browserIdAuthnLevel' => 1,
'captcha_login_enabled' => 0,
'captcha_mail_enabled' => 0,
'captcha_register_enabled' => 1,
'captcha_size' => 6,
'captchaStorage' => 'Apache::Session::File',
'captchaStorageOptions' => {
'Directory' => '/var/lib/lemonldap-ng/captcha/'
},
'CAS_authnLevel' => 1,
'CAS_pgtFile' => '/tmp/pgt.txt',
'casAccessControlPolicy' => 'none',
'cda' => 0,
'cfgNum' => 0,
'checkXSS' => 1,
'confirmFormMethod' => 'post',
'cookieName' => 'lemonldap',
'dbiAuthnLevel' => 2,
'dbiExportedVars' => {},
'demoExportedVars' => {
'cn' => 'cn',
'mail' => 'mail',
'uid' => 'uid'
},
'domain' => 'example.com',
'exportedVars' => {
'UA' => 'HTTP_USER_AGENT'
},
'facebookAuthnLevel' => 1,
'facebookExportedVars' => {},
'failedLoginNumber' => 5,
'globalStorage' => 'Apache::Session::File',
'globalStorageOptions' => {
'Directory' => '/var/lib/lemonldap-ng/sessions/',
'generateModule' =>
'Lemonldap::NG::Common::Apache::Session::Generate::SHA256',
'LockDirectory' => '/var/lib/lemonldap-ng/sessions/lock/'
},
'googleAuthnLevel' => 1,
'googleExportedVars' => {},
'groups' => {},
'hiddenAttributes' => '_password',
'hideOldPassword' => 0,
'httpOnly' => 1,
'https' => 0,
'infoFormMethod' => 'get',
'issuerDBCASActivation' => 0,
'issuerDBCASPath' => '^/cas/',
'issuerDBCASRule' => 1,
'issuerDBOpenIDActivation' => 0,
'issuerDBOpenIDConnectActivation' => '0',
'issuerDBOpenIDConnectPath' => '^/oauth2/',
'issuerDBOpenIDConnectRule' => 1,
'issuerDBOpenIDPath' => '^/openidserver/',
'issuerDBOpenIDRule' => 1,
'issuerDBSAMLActivation' => 0,
'issuerDBSAMLPath' => '^/saml/',
'issuerDBSAMLRule' => 1,
'jsRedirect' => 0,
'ldapAuthnLevel' => 2,
'ldapBase' => 'dc=example,dc=com',
'ldapChangePasswordAsUser' => 0,
'ldapExportedVars' => {
'cn' => 'cn',
'mail' => 'mail',
'uid' => 'uid'
},
'ldapGroupAttributeName' => 'member',
'ldapGroupAttributeNameGroup' => 'dn',
'ldapGroupAttributeNameSearch' => 'cn',
'ldapGroupAttributeNameUser' => 'dn',
'ldapGroupObjectClass' => 'groupOfNames',
'ldapGroupRecursive' => 0,
'ldapPasswordResetAttribute' => 'pwdReset',
'ldapPasswordResetAttributeValue' => 'TRUE',
'ldapPort' => 389,
'ldapPpolicyControl' => 0,
'ldapPwdEnc' => 'utf-8',
'ldapServer' => 'ldap://localhost',
'ldapSetPassword' => 0,
'ldapTimeout' => 120,
'ldapUsePasswordResetAttribute' => 1,
'ldapVersion' => 3,
'localSessionStorage' => 'Cache::FileCache',
'localSessionStorageOptions' => {
'cache_depth' => 3,
'cache_root' => '/tmp',
'default_expires_in' => 600,
'directory_umask' => '007',
'namespace' => 'lemonldap-ng-sessions'
},
'locationRules' => {
'default' => 'deny'
},
'loginHistoryEnabled' => 1,
'logoutServices' => {},
'macros' => {},
'mailCharset' => 'utf-8',
'mailConfirmSubject' => '[LemonLDAP::NG] Password reset confirmation',
'mailFrom' => 'noreply@example.com',
'mailOnPasswordChange' => 0,
'mailSessionKey' => 'mail',
'mailSubject' => '[LemonLDAP::NG] Your new password',
'mailTimeout' => 0,
'mailUrl' => 'http://auth.example.com/mail.pl',
'maintenance' => 0,
'managerDn' => '',
'managerPassword' => '',
'multiValuesSeparator' => '; ',
'notification' => 0,
'notificationStorage' => 'File',
'notificationStorageOptions' => {
'dirName' => '/var/lib/lemonldap-ng/notifications'
},
'notificationWildcard' => 'allusers',
'notifyDeleted' => 1,
'notifyOther' => 0,
'nullAuthnLevel' => 2,
'oidcAuthnLevel' => 1,
'oidcRPCallbackGetParam' => 'openidconnectcallback',
'oidcRPStateTimeout' => 600,
'oidcServiceMetaDataAuthnContext' => {
'loa-1' => 1,
'loa-2' => 2,
'loa-3' => 3,
'loa-4' => 4,
'loa-5' => 5
},
'oidcServiceMetaDataAuthorizeURI' => 'authorize',
'oidcServiceMetaDataEndSessionURI' => 'logout',
'oidcServiceMetaDataJWKSURI' => 'jwks',
'oidcServiceMetaDataRegistrationURI' => 'register',
'oidcServiceMetaDataTokenURI' => 'token',
'oidcServiceMetaDataUserInfoURI' => 'userinfo',
'openIdAuthnLevel' => 1,
'openIdExportedVars' => {},
'openIdIDPList' => '0;',
'openIdSPList' => '0;',
'openIdSreg_email' => 'mail',
'openIdSreg_fullname' => 'cn',
'openIdSreg_nickname' => 'uid',
'openIdSreg_timezone' => '_timezone',
'passwordDB' => 'Demo',
'portal' => 'http://auth.example.com/',
'portalAntiFrame' => 1,
'portalAutocomplete' => 0,
'portalCheckLogins' => 1,
'portalDisplayAppslist' => 1,
'portalDisplayChangePassword' => '$_auth =~ /^(LDAP|DBI|Demo)$/',
'portalDisplayLoginHistory' => 1,
'portalDisplayLogout' => 1,
'portalDisplayRegister' => 1,
'portalDisplayResetPassword' => 1,
'portalForceAuthn' => 0,
'portalForceAuthnInterval' => 0,
'portalOpenLinkInNewWindow' => 0,
'portalPingInterval' => 60000,
'portalRequireOldPassword' => 1,
'portalSkin' => 'bootstrap',
'portalUserAttr' => '_user',
'protection' => 'none',
'radiusAuthnLevel' => 3,
'randomPasswordRegexp' => '[A-Z]{3}[a-z]{5}.\\d{2}',
'redirectFormMethod' => 'get',
'registerConfirmSubject' =>
'[LemonLDAP::NG] Account register confirmation',
'registerDB' => 'Demo',
'registerDoneSubject' => '[LemonLDAP::NG] Your new account',
'registerTimeout' => 0,
'registerUrl' => 'http://auth.example.com/register.pl',
'remoteGlobalStorage' => 'Lemonldap::NG::Common::Apache::Session::SOAP',
'remoteGlobalStorageOptions' => {
'ns' =>
'http://auth.example.com/Lemonldap/NG/Common/CGI/SOAPService',
'proxy' => 'http://auth.example.com/index.pl/sessions'
},
'samlAttributeAuthorityDescriptorAttributeServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;',
'samlAuthnContextMapKerberos' => 4,
'samlAuthnContextMapPassword' => 2,
'samlAuthnContextMapPasswordProtectedTransport' => 3,
'samlAuthnContextMapTLSClient' => 5,
'samlCommonDomainCookieActivation' => 0,
'samlEntityID' => '#PORTAL#/saml/metadata',
'samlIDPMetaDataExportedAttributes' => ';;;',
'samlIDPMetaDataOptionsAdaptSessionUtime' => 0,
'samlIDPMetaDataOptionsAllowLoginFromIDP' => 0,
'samlIDPMetaDataOptionsAllowProxiedAuthn' => 0,
'samlIDPMetaDataOptionsCheckConditions' => 0,
'samlIDPMetaDataOptionsCheckSLOMessageSignature' => 0,
'samlIDPMetaDataOptionsCheckSSOMessageSignature' => 0,
'samlIDPMetaDataOptionsEncryptionMode' => 'none',
'samlIDPMetaDataOptionsForceAuthn' => 0,
'samlIDPMetaDataOptionsForceUTF8' => 0,
'samlIDPMetaDataOptionsIsPassive' => 0,
'samlIDPMetaDataOptionsNameIDFormat' => '',
'samlIDPMetaDataOptionsRequestedAuthnContext' => '',
'samlIDPMetaDataOptionsSignSLOMessage' => -1,
'samlIDPMetaDataOptionsSignSSOMessage' => -1,
'samlIDPMetaDataOptionsSSOBinding' => '',
'samlIdPResolveCookie' => 'lemonldapidp',
'samlIDPSSODescriptorArtifactResolutionServiceArtifact' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
'samlIDPSSODescriptorSingleLogoutServiceHTTPPost' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
'samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn',
'samlIDPSSODescriptorSingleLogoutServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;',
'samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;',
'samlIDPSSODescriptorSingleSignOnServiceHTTPPost' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;',
'samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect' =>
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;',
'samlIDPSSODescriptorSingleSignOnServiceSOAP' =>
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;',
'samlIDPSSODescriptorWantAuthnRequestsSigned' => 1,
'samlMetadataForceUTF8' => 1,
'samlNameIDFormatMapEmail' => 'mail',
'samlNameIDFormatMapKerberos' => 'uid',
'samlNameIDFormatMapWindows' => 'uid',
'samlNameIDFormatMapX509' => 'mail',
'samlOrganizationDisplayName' => 'Example',
'samlOrganizationName' => 'Example',
'samlOrganizationURL' => 'http://www.example.com',
'samlRelayStateTimeout' => 600,
'samlServicePrivateKeyEnc' => '',
'samlServicePrivateKeySig' => '',
'samlServicePrivateKeySigPwd' => '',
'samlServicePublicKeyEnc' => '',
'samlServicePublicKeySig' => '',
'samlSPMetaDataExportedAttributes' => ';;;',
'samlSPMetaDataOptionsCheckSLOMessageSignature' => 0,
'samlSPMetaDataOptionsCheckSSOMessageSignature' => 0,
'samlSPMetaDataOptionsEnableIDPInitiatedURL' => 0,
'samlSPMetaDataOptionsEncryptionMode' => 'none',
'samlSPMetaDataOptionsNameIDFormat' => '',
'samlSPMetaDataOptionsNotOnOrAfterTimeout' => 72000,
'samlSPMetaDataOptionsOneTimeUse' => 0,
'samlSPMetaDataOptionsSessionNotOnOrAfterTimeout' => 72000,
'samlSPMetaDataOptionsSignSLOMessage' => -1,
'samlSPMetaDataOptionsSignSSOMessage' => -1,
'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',
'samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact' =>
'1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact