Commit 415d23b6 authored by Yadd's avatar Yadd
Browse files

User actions are now registered with 3 functions :

 * log        : normal access to the portal
 * userNotice : authentications, logout,...
 * userError  : bad password,...

A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog
parent f1dd28c8
......@@ -171,6 +171,51 @@ sub abort {
exit;
}
##@method private void startSyslog()
# Open syslog connection.
sub startSyslog {
my $self = shift;
return if ( $self->{_syslog} );
print STDERR "DEBUG : $self->{syslog}\n" . Dumper($self);
use Data::Dumper;
eval "use Sys::Syslog; openlog('lemonldap-ng','ndelay','$self->{syslog}');";
$self->abort( "Unable to use syslog", $@ ) if ($@);
$self->{_syslog} = 1;
}
##@method protected void userLog(string mess, string level)
# 15bis) Log user access and logout.
# @param $mess string to log
# @param $level level of log message
sub userLog {
my ( $self, $mess, $level ) = @_;
if ( $self->{syslog} ) {
$self->startSyslog();
syslog( 'notice', $mess );
}
else {
$self->lmLog( $mess, $level );
}
}
##@method void userNotice(string mess)
# 15bis) Log user errors like "bad password".
# @param $mess string to log
sub userNotice {
my ( $self, $mess ) = @_;
$mess = "Lemonldap::NG portal: $mess";
$self->userLog( $mess, 'notice' );
}
##@method void userError(string mess)
# 15bis) Log user errors like "bad password".
# @param $mess string to log
sub userError {
my ( $self, $mess ) = @_;
$mess = "Lemonldap::NG portal: $mess";
$self->userLog( $mess, 'warn' );
}
1;
__END__
......
......@@ -38,6 +38,8 @@ sub extractFormInfo {
# Does nothing.
# @return Lemonldap::NG::Portal constant
sub authenticate {
$self->userNotice( "Good authentication for "
. $self->{sessionInfo}->{ $self->{whatToTrace} } );
PE_OK;
}
......
......@@ -49,6 +49,8 @@ sub extractFormInfo {
# Does nothing.
# @return Lemonldap::NG::Portal constant
sub authenticate {
$self->userNotice( "Good authentication for "
. $self->{sessionInfo}->{ $self->{whatToTrace} } );
PE_OK;
}
......
......@@ -6,30 +6,13 @@
package Lemonldap::NG::Portal::AuthLDAP;
use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_LDAP; #link protected ldap
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap
use Lemonldap::NG::Portal::_WebForm;
use Lemonldap::NG::Portal::UserDBLDAP; #inherits
our $VERSION = '0.2';
use base qw(Lemonldap::NG::Portal::_WebForm);
## @method private Lemonldap::NG::Portal::_LDAP ldap()
# @return Lemonldap::NG::Portal::_LDAP object
sub ldap {
my $self = shift;
return $self->{ldap} if ( ref( $self->{ldap} ) );
if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self)
and my $mesg = $self->{ldap}->bind )
{
return $self->{ldap} if ( $mesg->code == 0 );
$self->lmLog( "LDAP error : " . $mesg->error, 'error' );
}
else {
$self->lmLog( "LDAP error : $@", 'error' );
}
return 0;
}
*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
*_search = *Lemonldap::NG::Portal::UserDBLDAP::search;
......@@ -99,6 +82,7 @@ sub authenticate {
]->[$pp_error];
}
else {
$self->userError("Bad password for $self->{user}");
return PE_BADCREDENTIALS;
}
}
......@@ -109,9 +93,14 @@ sub authenticate {
else {
my $mesg =
$self->ldap->bind( $self->{dn}, password => $self->{password} );
return PE_BADCREDENTIALS if ( $mesg->code != 0 );
if ( $mesg->code != 0 ) {
$self->userError("Bad password for $self->{user}");
return PE_BADCREDENTIALS;
}
}
$self->{sessionInfo}->{authenticationLevel} = 2;
$self->userNotice( "Good authentication for "
. $self->{sessionInfo}->{ $self->{whatToTrace} } );
PE_OK;
}
......
......@@ -45,6 +45,7 @@ sub extractFormInfo {
return PE_OK;
}
elsif ( $self->{SSLRequire} ) {
$self->userError("No certificate found for $ENV{REMOTE_ADDR}");
return PE_CERTIFICATEREQUIRED;
}
$self->{authFilter} = '';
......@@ -60,6 +61,8 @@ sub authenticate {
if ( $self->{sessionInfo}->{authenticationLevel}
and $self->{sessionInfo}->{authenticationLevel} > 4 )
{
$self->userNotice( "Good authentication for "
. $self->{sessionInfo}->{ $self->{whatToTrace} } );
return PE_OK;
}
return $self->SUPER::authenticate(@_);
......
......@@ -9,8 +9,7 @@ use strict;
use warnings;
require Lemonldap::NG::Common::CGI;
use Lemonldap::NG::Portal::SharedConf;
use Lemonldap::NG::Portal::_LDAP
; #link protected ldap Object used to change passwords only
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap Object used to change passwords only
use XML::LibXML;
use Safe;
......@@ -107,20 +106,6 @@ sub new {
return $self;
}
## @method private Lemonldap::NG::Portal::_LDAP ldap()
# @return object Lemonldap::NG::Portal::_LDAP object
sub ldap {
my $self = shift;
unless ( ref( $self->{ldap} ) ) {
my $mesg = $self->{ldap}->bind
if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self) );
if ( $mesg->code != 0 ) {
return 0;
}
}
return $self->{ldap};
}
## @method string error(string language)
# Return error string
# @param $language optional language to use. Default: browser accepted languages
......
......@@ -330,8 +330,9 @@ sub getRemoteSession {
if ( $@ or not tied(%h) ) {
# Session not available (expired ?)
if($id) {
$self->lmLog( "Session $id isn't yet available ($ENV{REMOTE_ADDR})", 'info' );
if ($id) {
$self->lmLog( "Session $id isn't yet available ($ENV{REMOTE_ADDR})",
'info' );
}
else {
$self->lmLog( "Unable to create new session: $@", 'error' );
......@@ -606,6 +607,7 @@ sub controlExistingSession {
)
{
my $h = $self->getRemoteSession($id) or return PE_OK;
%{ $self->{sessionInfo} } = %$h;
# Logout if required
if ( $self->param('logout') ) {
......@@ -625,15 +627,15 @@ sub controlExistingSession {
@_,
);
$self->{error} = PE_REDIRECT;
$self->userNotice($self->{sessionInfo}->{$self->{whatToTrace}}." has been disconnected");
$self->_subProcess(qw(log autoRedirect));
return PE_FIRSTACCESS;
}
untie(%$h);
$self->{id} = $id;
# A session has been find => calling &existingSession
my ($r);
%{ $self->{sessionInfo} } = %$h;
untie(%$h);
if ( $self->{existingSession} ) {
$r =
&{ $self->{existingSession} }( $self, $id, $self->{sessionInfo} );
......@@ -681,8 +683,6 @@ sub existingSession {
#@return Lemonldap::NG::Portal constant
sub setMacros {
local $self = shift;
$self->abort( __PACKAGE__ . ": Unable to get configuration" )
unless ( $self->getConf(@_) );
$self->safe->share('$self');
while ( my ( $n, $e ) = each( %{ $self->{macros} } ) ) {
$e =~ s/\$(\w+)/\$self->{sessionInfo}->{$1}/g;
......@@ -765,17 +765,10 @@ sub buildCookie {
}
##@method int log()
# 15) Log authentication action.
# By default, nothing is logged. Users actions are logged on applications.
# It's easy to override this in the contructor :
# my $portal = new Lemonldap::NG::Portal ( {
# ...
# log => sub {use Sys::Syslog; syslog;
# openlog("Portal $$", 'ndelay', 'auth');
# syslog('notice', 'User '.$self->{user}.' is authenticated');
# },
# ...
# } );
# 15) Log portal access.
# By default, nothing is logged. Users access are logged by Apache.
# Note that authentications and logout are logged by userLog() and userError()
# logs user errors.
#@return Lemonldap::NG::Portal constant
sub log {
PE_OK;
......@@ -806,7 +799,10 @@ sub autoRedirect {
# Redirection should be made if
# - urldc defined
# - no warnings on ppolicy
if ( $self->{urldc} and !$self->{ppolicy}->{time_before_expiration} and !$self->{ppolicy}->{grace_authentications_remaining} ) {
if ( $self->{urldc}
and !$self->{ppolicy}->{time_before_expiration}
and !$self->{ppolicy}->{grace_authentications_remaining} )
{
$self->updateStatus;
print $self->SUPER::redirect(
-uri => $self->{urldc},
......
......@@ -6,27 +6,10 @@
package Lemonldap::NG::Portal::UserDBLDAP;
use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_LDAP; #link protected ldap
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap
our $VERSION = '0.1';
## @method private Lemonldap::NG::Portal::_LDAP ldap()
# @return Lemonldap::NG::Portal::_LDAP object
sub ldap {
my $self = shift;
return $self->{ldap} if ( ref( $self->{ldap} ) );
if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self)
and my $mesg = $self->{ldap}->bind )
{
return $self->{ldap} if ( $mesg->code == 0 );
$self->lmLog( "LDAP error : " . $mesg->error, 'error' );
}
else {
$self->lmLog( "LDAP error : $@", 'error' );
}
return 0;
}
## @method int userDBInit()
# Does nothing.
# @return Lemonldap::NG::Portal constant
......@@ -72,7 +55,10 @@ sub search {
$self->lmLog( $mesg->error, 'error' );
return PE_LDAPERROR;
}
return PE_BADCREDENTIALS unless ( $self->{entry} = $mesg->entry(0) );
unless ( $self->{entry} = $mesg->entry(0) ) {
$self->userError("$self->{user} was not found in LDAP directory");
return PE_BADCREDENTIALS;
}
$self->{dn} = $self->{entry}->dn();
PE_OK;
}
......
......@@ -5,8 +5,12 @@
# LDAP common functions
package Lemonldap::NG::Portal::_LDAP;
use Net::LDAP;
use base qw(Net::LDAP);
require Net::LDAP;
use Exporter;
use base qw(Exporter Net::LDAP);
use strict;
our @EXPORT = qw(ldap);
our $VERSION = '0.11';
......@@ -82,4 +86,21 @@ sub bind {
return $mesg;
}
## @method protected Lemonldap::NG::Portal::_LDAP ldap()
# @return Lemonldap::NG::Portal::_LDAP object
sub ldap {
my $self = shift;
return $self->{ldap} if ( ref( $self->{ldap} ) );
if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self)
and my $mesg = $self->{ldap}->bind )
{
return $self->{ldap} if ( $mesg->code == 0 );
$self->lmLog( "LDAP error : " . $mesg->error, 'error' );
}
else {
$self->lmLog( "LDAP error : $@", 'error' );
}
return 0;
}
1;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment