Commit 88dd1201 authored by Xavier Guimard's avatar Xavier Guimard

Remove local-only parameters (#1160)

parent d25f7061
......@@ -34,6 +34,35 @@
; Warning: this can allow malicious code in custom functions or rules
;useSafeJail = 0
; LOGGING
;
; 1 - Defined logging level
; Set here one of error, warn, notice, info or debug
logLevel = warn
; Note that this has no effect for Apache2 logging: Apache LogLevel is used
; instead
;
; 2 - Change logger
; By default, logging is set to:
; - Lemonldap::NG::Common::Logger::Apache2 for ApacheMP2 handlers
; - Lemonldap::NG::Common::Logger::Syslog for FastCGI (Nginx)
; - Lemonldap::NG::Common::Logger::Std for PSGI applications (manager,
; portal,...) when they are not
; launched by FastCGI server
; Std is redirected to the web server logs for Apache. For Nginx, only if
; request failed
; You can overload this in this section (for all) or in another section if
; you want to change logger for specified app.
;
; LLNG uses 2 loggers: 1 for technical logs (logger), 1 for user actions
; (userLogger)
;logger = Lemonldap::NG::Common::Logger::Syslog
;userLogger = Lemonldap::NG::Common::Logger::Syslog
;
; For Syslog logging, you can also overwrite facilities. Default values:
;syslogFacility = daemon
;userSyslogFacility = auth
[configuration]
; GLOBAL CONFIGURATION ACCESS TYPE
......@@ -270,9 +299,6 @@ useRedirectOnError = 1
; * none : no protection
protection = manager
; logLevel. Set here one of error, warn, notice, info or debug
logLevel = warn
; staticPrefix: relative (or URL) location of static HTML components
staticPrefix = __MANAGERSTATICDIR__
;
......
......@@ -23,7 +23,7 @@ use constant HANDLERSECTION => "handler";
use constant MANAGERSECTION => "manager";
use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
use constant APPLYSECTION => "apply";
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wpSslOpt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|c(?:as(?:StorageOption|Attribute)|ombModule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/;
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wpSslOpt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va))r|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|c(?:as(?:StorageOption|Attribute)|ombModule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CAS_proxiedService|macro)s|o(?:idc(?:RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node)|S(?:erviceMetaDataAuthnContext|torageOptions))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:uthChoiceModules|pplicationList)|v(?:hostOptions|irtualHost))$/;
our @sessionTypes = ( 'remoteGlobal', 'cas', 'global', 'localSession', 'persistent', 'saml', 'oidc' );
......
......@@ -226,18 +226,11 @@ sub defaultValues {
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;',
'samlSPSSODescriptorWantAssertionsSigned' => 1,
'securedCookie' => 0,
'secureTokenAllowOnError' => 1,
'secureTokenAttribute' => 'uid',
'secureTokenExpiration' => 60,
'secureTokenHeader' => 'Auth-Token',
'secureTokenMemcachedServers' => '127.0.0.1:11211',
'secureTokenUrls' => '.*',
'slaveAuthnLevel' => 2,
'slaveExportedVars' => {},
'SMTPServer' => '',
'SSLAuthnLevel' => 5,
'successLoginNumber' => 5,
'syslog' => '',
'timeout' => 72000,
'timeoutActivity' => 0,
'timeoutActivityInterval' => 60,
......@@ -251,8 +244,7 @@ sub defaultValues {
'webIDExportedVars' => {},
'whatToTrace' => 'uid',
'yubikeyAuthnLevel' => 3,
'yubikeyPublicIDSize' => 12,
'zimbraBy' => ''
'yubikeyPublicIDSize' => 12
};
}
......
......@@ -20,7 +20,7 @@ our $specialNodeHash = {
};
our $doubleHashKeys = 'issuerDBGetParameters';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wpSslOpt)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|c(?:as(?:StorageOption|Attribute)|ombModule)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
our $simpleHashKeys = '(?:(?:l(?:o(?:calSessionStorageOption|goutService)|dapExportedVar|wpSslOpt)|(?:(?:d(?:emo|bi)|facebook|webID)E|e)xportedVar|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|c(?:as(?:StorageOption|Attribute)|ombModule)|p(?:ersistentStorageOption|ortalSkinRule)|re(?:moteGlobalStorageOption|loadUrl)|notificationStorageOption|CAS_proxiedService|macro)s|o(?:idcS(?:erviceMetaDataAuthnContext|torageOptions)|penIdExportedVars)|s(?:(?:amlStorageOption|laveExportedVar)s|essionDataToRemember)|a(?:uthChoiceModules|pplicationList))';
our $specialNodeKeys = '(?:(?:saml(?:ID|S)|oidc[OR])PMetaDataNode|virtualHost)s';
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|S(?:toreIDToken|cope)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:I(?:DToken(?:Expiration|SignAlg)|con)|(?:RedirectUri|ExtraClaim)s|AccessTokenExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|UserIDAttr)|ExportedVars)';
......
package Lemonldap::NG::Common::Logger::Std;
use strict;
sub new {
no warnings 'redefine';
my $level = $_[1]->{logLevel} || 'info';
......
package Lemonldap::NG::Common::Logger::Syslog;
use strict;
use Sys::Syslog qw(:standard);
sub new {
my ( $class, $conf, %args ) = @_;
my $level = $conf->{logLevel} || 'info';
my $self = bless {}, $class;
if ( $args{user} ) {
$self->{facility} = $conf->{userSyslogFacility} || 'auth';
}
else {
$self->{facility} = $conf->{syslogFacility} || 'daemon';
}
openlog( 'LLNG', 'cons,pid,ndelay', $self->{facility} );
no warnings 'redefine';
my $show = 1;
foreach (qw(error warn notice info debug)) {
if ($show) {
my $name = $_;
$name = 'warning' if ( $_ eq 'warn' );
eval qq'sub $_ {syslog("$name|\$[0]->{facility}",\$_[1])}';
}
else {
eval qq'sub $_ {1}';
}
$show = 0 if ( $level eq $_ );
}
die "unknown level $level" if ($show);
return $self;
}
1;
......@@ -49,8 +49,8 @@ sub run {
my $secureTokenAttribute = $localConfig->{secureTokenAttribute} || 'uid';
my $secureTokenUrls = $localConfig->{'secureTokenUrls'} || ['.*'];
my $secureTokenHeader = $localConfig->{secureTokenHeader} || 'Auth-Token';
my $secureTokenAllowOnError = 1
unless defined $localConfig->{'secureTokenAllowOnError'};
my $secureTokenAllowOnError = $localConfig->{'secureTokenAllowOnError'}
// 1;
# Force some parameters to be array references
foreach (qw/secureTokenMemcachedServers secureTokenUrls/) {
......
......@@ -2774,13 +2774,6 @@ qr/^(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-
'default' => 5,
'type' => 'int'
},
'syslog' => {
'default' => '',
'msgFail' =>
'__authorizedValues__: auth, authpriv, daemon, local0-7, user',
'test' => qr/^(?:auth|authpriv|daemon|local\d|user)?$/,
'type' => 'text'
},
'timeout' => {
'default' => 72000,
'test' => sub {
......
......@@ -324,14 +324,6 @@ sub attributes {
type => 'text',
documentation => 'Prefix of static files for HTML templates',
},
syslog => {
type => 'text',
test => qr/^(?:auth|authpriv|daemon|local\d|user)?$/,
msgFail =>
'__authorizedValues__: auth, authpriv, daemon, local0-7, user',
default => '',
documentation => 'Syslog facility',
},
multiValuesSeparator => {
type => 'authParamsText',
default => '; ',
......@@ -1198,54 +1190,6 @@ sub attributes {
openIdSreg_dob => { type => 'lmAttrOrMacro', },
openIdSPList => { type => 'blackWhiteList', default => '0;' },
# Zimbra
zimbraPreAuthKey => { type => 'text', },
zimbraAccountKey => { type => 'text', },
zimbraBy => {
type => 'select',
select => [
{ k => '', v => '' },
{ k => 'name', v => 'User name' },
{ k => 'id', v => 'User id' },
{ k => 'foreignPrincipal', v => 'Foreign principal' },
],
default => '',
},
zimbraUrl => { type => 'text', },
zimbraSsoUrl => { type => 'text', },
# Secure Token
secureTokenMemcachedServers => {
type => 'text',
default => '127.0.0.1:11211',
documentation => 'Secure Token Handler memcached servers',
},
secureTokenExpiration => {
type => 'int',
default => 60,
documentation => 'Secure Token Handler token expiration',
},
secureTokenAttribute => {
type => 'text',
default => 'uid',
documentation => 'Secure Token Handler attribute to store',
},
secureTokenUrls => {
type => 'pcre',
default => '.*',
documentation =>
'Secure Token Handler regular expression to match protected URL',
},
secureTokenHeader => {
type => 'text',
default => 'Auth-Token',
documentation => 'Secure Token Handler header name',
},
secureTokenAllowOnError => {
default => 1,
type => 'bool',
documentation => 'Secure Token Handler allow request on error',
},
#########
## SAML #
#########
......
......@@ -440,8 +440,7 @@ sub tree {
help => 'logs.html',
form => 'simpleInputContainer',
nodes => [
'syslog', 'trustedProxies',
'whatToTrace', 'hiddenAttributes'
'trustedProxies', 'whatToTrace', 'hiddenAttributes'
]
},
{
......@@ -629,36 +628,6 @@ sub tree {
form => 'simpleInputContainer',
nodes => [ 'jsRedirect', 'noAjaxHook' ]
},
{
title => 'specialHandlers',
nodes => [
{
title => 'zimbraHandler',
help => 'applications/zimbra.html',
form => 'simpleInputContainer',
nodes => [
'zimbraPreAuthKey',
'zimbraAccountKey',
'zimbraBy',
'zimbraUrl',
'zimbraSsoUrl'
]
},
{
title => 'secureTokenHandler',
help => 'securetoken.html',
form => 'simpleInputContainer',
nodes => [
'secureTokenMemcachedServers',
'secureTokenExpiration',
'secureTokenAttribute',
'secureTokenUrls',
'secureTokenHeader',
'secureTokenAllowOnError'
]
}
]
},
'nginxCustomHandlers',
'logoutServices',
'multiValuesSeparator',
......
......@@ -1004,10 +1004,6 @@
"title": "issuerParams"
}, {
"_nodes": [{
"default": "",
"id": "syslog",
"title": "syslog"
}, {
"default": "",
"id": "trustedProxies",
"title": "trustedProxies"
......
......@@ -1146,11 +1146,6 @@
"title": "logParams",
"type": "simpleInputContainer",
"nodes": [{
"default": "",
"id": "syslog",
"title": "syslog",
"data": ""
}, {
"default": "",
"id": "trustedProxies",
"title": "trustedProxies",
......
......@@ -1157,11 +1157,6 @@
"title": "logParams",
"type": "simpleInputContainer",
"nodes": [{
"default": "",
"id": "syslog",
"title": "syslog",
"data": ""
}, {
"default": "",
"id": "trustedProxies",
"title": "trustedProxies",
......
......@@ -1146,11 +1146,6 @@
"title": "logParams",
"type": "simpleInputContainer",
"nodes": [{
"default": "",
"id": "syslog",
"title": "syslog",
"data": ""
}, {
"default": "",
"id": "trustedProxies",
"title": "trustedProxies",
......
......@@ -1640,21 +1640,14 @@
},
{
"_nodes": [{
"default": "",
"id": "syslog",
"title": "syslog"
},
{
"default": "",
"id": "trustedProxies",
"title": "trustedProxies"
},
{
}, {
"default": "uid",
"id": "whatToTrace",
"title": "whatToTrace"
},
{
}, {
"default": "_password",
"id": "hiddenAttributes",
"title": "hiddenAttributes"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment