Commit b1c87f1e authored by Clément OUDOT's avatar Clément OUDOT

Sympa Handler:

* Read sympa secret from configuration
* Add mail session key parameter
* Install Sympa Handler
* Closes #55
parent d1b4541a
......@@ -360,6 +360,7 @@ install_handler_site: install_conf_dir
@install -v -d ${RHANDLERDIR}
@cp --remove-destination ${SRCHANDLERDIR}/example/MyHandler.pm ${RHANDLERDIR}
@cp --remove-destination ${SRCHANDLERDIR}/example/MyHandlerZimbra.pm ${RHANDLERDIR}
@cp --remove-destination ${SRCHANDLERDIR}/example/MyHandlerSympa.pm ${RHANDLERDIR}
@cp --remove-destination ${SRCHANDLERDIR}/example/MyUpdateCookieHandler.pm ${RHANDLERDIR}
@rm -rf $$(find $(RHANDLERDIR) -type d -name .svn)
......@@ -608,6 +609,7 @@ default-diff:
@$(DIFF) lemonldap-ng-handler/lib/Lemonldap/NG/Handler /usr/local/share/perl/5.10.0/Lemonldap/NG/Handler ||true
@$(DIFF) lemonldap-ng-handler/example/MyHandler.pm $(LMPREFIX)/handler/MyHandler.pm ||true
@$(DIFF) lemonldap-ng-handler/example/MyHandlerZimbra.pm $(LMPREFIX)/handler/MyHandlerZimbra.pm ||true
@$(DIFF) lemonldap-ng-handler/example/MyHandlerSympa.pm $(LMPREFIX)/handler/MyHandlerSympa.pm ||true
@# Common
@$(DIFF) lemonldap-ng-common/lib/Lemonldap/NG/Common /usr/local/share/perl/5.10.0/Lemonldap/NG/Common ||true
@$(DIFF) lemonldap-ng-common/lib/Lemonldap/NG/Common.pm /usr/local/share/perl/5.10.0/Lemonldap/NG/Common.pm ||true
......
......@@ -3,6 +3,7 @@ example/autoProtectedCGI.pl
example/menu.pl
example/MyHandler.pm
example/MyHandlerLog4Perl.pm
example/MyHandlerSympa.pm
example/MyHandlerZimbra.pm
example/MyUpdateCookieHandler.pm
lib/Lemonldap/NG/Handler.pm
......
# Handler for Sympa autologin
package My::Sympa;
# Load Sympa Handler
use Lemonldap::NG::Handler::SympaAutoLogin;
@ISA = qw(Lemonldap::NG::Handler::SympaAutoLogin);
__PACKAGE__->init(
{
# See Lemonldap::NG::Handler
}
);
1;
##@file
# Sympa autologin
##@class
# Sympa autologin
#
# Build Sympa cookie and send it to Sympa
package Lemonldap::NG::Handler::SympaAutoLogin;
use strict;
......@@ -5,25 +12,70 @@ use Lemonldap::NG::Handler::SharedConf qw(:all);
our @ISA = qw(Lemonldap::NG::Handler::SharedConf);
use Digest::MD5;
our $VERSION = '0.11';
our $VERSION = '0.2';
# Shared variables
our ( $sympaSecret, $sympaMailKey );
## @imethod protected void defaultValuesInit(hashRef args)
# Overload defaultValuesInit
# @param $args reference to the configuration hash
sub defaultValuesInit {
my ( $class, $args ) = splice @_;
open S, '/etc/lemonldap-ng/sympa.secret'
# Sympa secret should be in configuration
$sympaSecret = $args->{'sympaSecret'} || $sympaSecret;
# If not, try to read it from /etc/lemonldap-ng/sympa.secret
if ( !$sympaSecret and -r '/etc/lemonldap-ng/sympa.secret' ) {
open S, '/etc/lemonldap-ng/sympa.secret'
or die "Unable to open /etc/lemonldap-ng/sympa.secret";
our $sympaSecret = join( '', <S> );
close S;
$sympaSecret =~ s/[\r\n]//g;
$sympaSecret = join( '', <S> );
close S;
$sympaSecret =~ s/[\r\n]//g;
}
# Sympa mail key
$sympaMailKey = $args->{'sympaMailKey'} || $sympaMailKey || "mail";
# Display found values in debug mode
$class->lmLog( "sympaSecret: $sympaSecret", 'debug' );
$class->lmLog( "sympaMailKey: $sympaMailKey", 'debug' );
# Delete Sympa parameters
delete $args->{'sympaSecret'};
delete $args->{'sympaMailKey'};
# Call main subroutine
return $class->SUPER::defaultValuesInit($args);
}
## @rmethod Apache2::Const run(Apache2::RequestRec r)
# Overload main run method
# @param r Current request
# @return Apache2::Const value (OK, FORBIDDEN, REDIRECT or SERVER_ERROR)
sub run {
my $class = shift;
my $r = $_[0];
my $ret = $class->SUPER::run(@_);
# Continue only if user is authorized
return $ret unless ( $ret == OK );
# Fail if no sympaSecret
unless ($sympaSecret) {
$class->lmLog( "No Sympa secret configured", 'error' );
return SERVER_ERROR;
}
# Mail value
my $mail = $datas->{$sympaMailKey};
# Building Sympa cookie
my $tmp = new Digest::MD5;
$tmp->reset;
$tmp->add( $datas->{mail} . $sympaSecret );
my $str =
"sympauser=$datas->{mail}:" . substr( unpack( "H*", $tmp->digest ), -8 );
$tmp->add( $mail . $sympaSecret );
my $str = "sympauser=$mail:" . substr( unpack( "H*", $tmp->digest ), -8 );
# Get cookie header, removing Sympa cookie if exists (avoid security
# problems) and set the new value
......@@ -37,6 +89,7 @@ sub run {
}
1;
__END__
=head1 NAME
......@@ -44,39 +97,43 @@ __END__
=encoding utf8
Lemonldap::NG::Handler::SympaAutoLogin - Perl extension to generate Sympa cookie
for users authenticated by Lemonldap::NG
for users authenticated by LemonLDAP::NG
=head1 SYNOPSIS
package My::Package;
package My::Sympa;
use Lemonldap::NG::Handler::SympaAutoLogin;
@ISA = qw(Lemonldap::NG::Handler::SharedConf);
@ISA = qw(Lemonldap::NG::Handler::SympaAutoLogin);
__PACKAGE__->init ( {
# Sympa parameters
sympaSecret => 'XXXX',
sympaMailKey => 'mail',
# See Lemonldap::NG::Handler for more
# Local storage used for sessions and configuration
localStorage => "Cache::DBFile",
localStorageOptions => {...},
# How to get my configuration
configStorage => {
type => "DBI",
dbiChain => "DBI:mysql:database=lemondb;host=$hostname",
dbiUser => "lemonldap",
dbiPassword => "password",
}
# Uncomment this to activate status module
# status => 1,
} );
1;
=head1 DESCRIPTION
Lemonldap::NG::Handler::SympaAutoLogin is a special Lemonldap::NG handler that
generates Sympa cookie for authenticated users. Use it instead of classic
Lemonldap::NG::Handler to protect your Sympa web server. You have to set a
header called "mail" in the Lemonldap::NG manager for this virtul host and to
store Sympa secret (cookie parameter on Sympa configuration file) ina file
called /etc/lemonldap-ng/sympa.secret. It has just to be readable by root (the
owner that launch Apache).
Lemonldap::NG::Handler to protect your Sympa web server. You have to set the
configuration key containing user email (parameter sympaMailKey) and to
store Sympa secret (cookie parameter on Sympa configuration file) in the
corresponding configuration parameter (sympaSecret)
Edit you Sympa vhost configuration like this:
<VirtualHost *>
ServerName sympa.example.com
# Load Sympa Handler
PerlRequire __HANDLERDIR__/MyHandlerSympa.pm
PerlHeaderParserHandler My::Sympa
</VirtualHost>
=head2 EXPORT
......@@ -89,6 +146,7 @@ L<Lemonldap::NG::Handler>
=head1 AUTHOR
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
Clement Oudot, E<lt>clement@oodo.netE<gt>
=head1 COPYRIGHT AND LICENSE
......
......@@ -58,7 +58,7 @@ sub defaultValuesInit {
## @rmethod Apache2::Const run(Apache2::RequestRec r)
# Overload main run method
# @param r Current request
# @return Apache2::Const value (OK, FORBIDDEN, REDIRECT or SERVER_ERROR
# @return Apache2::Const value (OK, FORBIDDEN, REDIRECT or SERVER_ERROR)
sub run {
my $class = shift;
my $r = $_[0];
......
......@@ -520,7 +520,7 @@ sub struct {
},
specialHandlers => {
_nodes => [qw(zimbraHandler)],
_nodes => [qw(zimbraHandler sympaHandler)],
# Zimbra
zimbraHandler => {
......@@ -533,6 +533,13 @@ sub struct {
zimbraUrl => 'text:/zimbraUrl',
zimbraSsoUrl => 'text:/zimbraSsoUrl',
},
# Sympa
sympaHandler => {
_nodes => [qw(sympaSecret sympaMailKey)],
sympaSecret => 'text:/sympaSecret',
sympaMailKey => 'text:/sympaMailKey',
},
},
},
......@@ -1202,6 +1209,10 @@ sub testStruct {
zimbraUrl => $testNotDefined,
zimbraSsoUrl => $testNotDefined,
# Sympa
sympaSecret => $testNotDefined,
sympaMailKey => $testNotDefined,
};
}
......
......@@ -187,6 +187,9 @@ sub en {
SSLRequire => 'SSL Required',
SSLVar => 'Extracted certificate field',
storePassword => 'Store user password in session datas',
sympaHandler => 'Sympa',
sympaMailKey => 'Mail session key',
sympaSecret => 'Shared secret',
syntaxError => 'Syntax Error',
syslog => 'Syslog facility',
timeout => 'Sessions timeout',
......@@ -448,6 +451,9 @@ sub fr {
SSLVar => 'Champ extrait du certificat',
storePassword =>
"Stocke le mot-de-passe de l'utilisateur dans les données de session",
sympaHandler => 'Sympa',
sympaMailKey => 'Clé de session pour le mail',
sympaSecret => 'Secret partagé',
syntaxError => 'Erreur de syntaxe',
syslog => 'Facilité syslog',
timeout => 'Durée de vie maximale des sessions',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment