Commit 6af2a2c6 authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : New feature: configurations management (next; last, previous, delete)

parent 95221d4a
......@@ -168,8 +168,8 @@ else for a complete install:
See prereq in §1.1.2
2.3 - LEMONLDAP INSTALLATION
----------------------------
2.3 - LEMONLDAP::NG INSTALLATION
--------------------------------
2.3.1 - Database configuration
......@@ -202,7 +202,7 @@ example with MySQL:
dbiPassword => "mypass",
} );
Securise Manager access with Apache: Lemonldap does not securise the manager
Securise Manager access with Apache: Lemonldap::NG does not securise the manager
itself yet:
SSLEngine On
......
......@@ -2,10 +2,8 @@ Lemonldap::NG TODO
------------------
TODO list for Lemonldap::NG development
- Priority: High Status: In progress Created: 2007\04\21 13-13-25
Buttons to manage configurations (delete, next, previous, last,...)
- Priority: Low Status: N/A Created: 2007\05\03 11-40-36
Delete buttons in virtualHosts if 'read"-"only'
- Priority: Low Status: N/A Created: 2007\05\03 11-40-36
Delete buttons in virtualHosts if 'read"-"only'
- Priority: Normal Status: Planning Created: 2007\05\03 12-28-30
Modify example to use nameVirtualHost instead of 127.0.0.x adresses
- Priority: Normal Status: In progress Created: 2007\05\03 10-41-36
......
......@@ -40,7 +40,7 @@ foreach(keys %$headers) {
</tr>\n"
}
print '</table>
<p>Note that lemonldap cookie is hidden. So that application developpers can
<p>Note that Lemonldap::NG cookie is hidden. So that application developpers can
not spoof sessions.</p>
<p>You can access to any information (IP address or LDAP attribute) by customizing
exported headers with the
......
......@@ -9,6 +9,7 @@ lemonldap-ng (0.8.1.2) unstable; urgency=low
* New debian structure: lemonldap-ng is splitted in 5 packages, default
configuration file has moved to /var/lib/lemonldap-ng/conf/ and first
configuration file is managed by debconf
* Buttons to manage configurations in manager (next, previous, last, delete)
-- Xavier Guimard <x.guimard@free.fr> Thu, 03 May 2007 10:39:51 +0200
......
......@@ -37,9 +37,9 @@ authenticates user with a ldap bind by default, but you can also use another
authentication sheme like using x509 user certificates (see
Lemonldap::NG::Portal::AuthSSL(3) for more).</p>
<p>Lemonldap use session cookies generated by Apache::Session so as secure as a
128-bit random cookie. You may use the securedCookie options to avoid session
hijacking.</p>
<p>Lemonldap::NG use session cookies generated by Apache::Session so as secure
as a 128-bit random cookie. You may use the securedCookie options to avoid
session hijacking.</p>
<p>You have to manage life of sessions by yourself since Lemonldap::NG knows
nothing about the L<Apache::Session> module you've choosed, but it's very easy
......
......@@ -54,7 +54,7 @@ authenticates user with a ldap bind by default, but you can also use another
authentication sheme like using x509 user certificates (see
Lemonldap::NG::Portal::AuthSSL(3) for more).
Lemonldap use session cookies generated by Apache::Session so as secure as a
Lemonldap::NG use session cookies generated by Apache::Session so as secure as a
128-bit random cookie. You may use the securedCookie options to avoid session
hijacking.
......
......@@ -96,8 +96,8 @@ authenticates user with a ldap bind by default, but you can also use another
authentication sheme like using x509 user certificates (see
L<Lemonldap::NG::Portal::AuthSSL> for more).
Lemonldap use session cookies generated by L<Apache::Session> so as secure as a
128-bit random cookie. You may use the C<securedCookie> options of
Lemonldap::NG use session cookies generated by L<Apache::Session> so as secure
as a 128-bit random cookie. You may use the C<securedCookie> options of
L<Lemonldap::NG::Portal> to avoid session hijacking.
You have to manage life of sessions by yourself since Lemonldap::NG knows
......
......@@ -417,7 +417,7 @@ sub forbidden {
return FORBIDDEN;
}
# hideCookie : hide Lemonldap cookie to the protected application
# hideCookie : hide Lemonldap::NG cookie to the protected application
sub hideCookie {
my $class = shift;
$class->lmLog( "$class: removing cookie", 'debug' );
......@@ -521,7 +521,7 @@ sub run ($$) {
$class->sendHeaders;
# SECURITY
# Hide Lemonldap cookie
# Hide Lemonldap::NG cookie
$class->hideCookie;
OK;
}
......@@ -695,7 +695,7 @@ method itself.
=item B<cookieName> (default: lemon)
Name of the cookie used by the Lemonldap infrastructure.
Name of the cookie used by the Lemonldap::NG infrastructure.
=item B<portal> (required)
......
......@@ -9,6 +9,7 @@ Revision history for Perl extension Lemonldap::NG::Manager.
- whatToTrace parameter in configuration interface
- Fix tree bug when an hash ref is not defined
- More tests
- Next and previous conf
0.61 Thu Mar 29 21:45:44 2007
- configuration is checked before saving
......
......@@ -53,7 +53,7 @@ authenticates user with a ldap bind by default, but you can also use another
authentication sheme like using x509 user certificates (see
Lemonldap::NG::Portal::AuthSSL(3) for more).
Lemonldap use session cookies generated by Apache::Session so as secure as a
Lemonldap::NG use session cookies generated by Apache::Session so as secure as a
128-bit random cookie. You may use the securedCookie options to avoid session
hijacking.
......
......@@ -100,11 +100,27 @@ sub print_help {
eval { no strict "refs"; &{"help_$chap"} };
}
# Delete subroutine
sub print_delete {
my $self = shift;
print $self->header;
Lemonldap::NG::Manager::Help::import( $ENV{HTTP_ACCEPT_LANGUAGE} )
unless ( $self->can('help_groups') );
if ( $self->config->delete ( $self->param ( 'cfgNum' ) ) ) {
print &txt_configurationDeleted;
}
else {
print &txt_configurationNotDeleted;
}
exit;
}
# Configuration download subroutines
sub print_conf {
my $self = shift;
print $self->header( -type => "text/xml", '-Cache-Control' => 'private' );
$self->printXmlConf;
$self->printXmlConf( { cfgNum => $self->param ( 'cfgNum' ), } );
exit;
}
......@@ -118,7 +134,7 @@ sub default {
sub printXmlConf {
my $self = shift;
print XMLout(
$self->buildTree,
$self->buildTree( @_ ),
#XMLDecl => "<?xml version='1.0' encoding='iso-8859-1'?>",
RootName => 'tree',
KeyAttr => { item => 'id', username => 'name' },
......@@ -128,7 +144,7 @@ sub printXmlConf {
sub buildTree {
my $self = shift;
my $config = $self->config->getConf();
my $config = $self->config->getConf( @_ );
$config = $self->default unless ($config);
my $tree = {
id => '0',
......
......@@ -65,6 +65,10 @@ sub getConf {
my ( $self, $args ) = @_;
$args->{cfgNum} ||= $self->lastCfg;
return undef unless $args->{cfgNum};
if ( $args->{cfgNum}<0 ) {
my @a = $self->available();
$args->{cfgNum} = ( @a + $args->{cfgNum} >0 ) ? ( $a[ $#a + $args->{cfgNum} ] ) : $a[0];
}
my $fields = $self->load( $args->{cfgNum}, $args->{fields} );
my $conf;
while ( my ( $k, $v ) = each(%$fields) ) {
......@@ -111,6 +115,13 @@ sub load {
return &{$_[0]->{type}.'::load'}(@_);
}
sub delete {
my($self, $c) = @_;
my @a = $self->available();
return 0 unless ( @a + $c >0 );
return &{$self->{type}.'::delete'}( $self, $a[ $#a + $c ] );
}
1;
__END__
......
......@@ -6,7 +6,7 @@ use Storable qw(freeze thaw);
use MIME::Base64;
use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = 0.13;
our $VERSION = 0.14;
sub prereq {
my $self = shift;
......@@ -106,6 +106,11 @@ sub load {
return $row;
}
sub delete {
my ( $self, $cfgNum ) = @_;
$self->dbh->do( "DELETE from " . $self->{dbiTable} . " WHERE cfgNum=$cfgNum" );
}
sub logError {
my $self = shift;
print STDERR "Database error: " . $self->dbh->errstr . "\n";
......
......@@ -3,7 +3,7 @@ package Lemonldap::NG::Manager::Conf::File;
use strict;
use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = 0.21;
our $VERSION = 0.22;
sub prereq {
my $self = shift;
......@@ -96,4 +96,9 @@ sub load {
return $f;
}
sub delete {
my ( $self, $cfgNum ) = @_;
unlink ( $self->{dirName} . "/lmConf-$cfgNum" );
}
__END__
......@@ -54,7 +54,7 @@ sub help_authParams_fr {
<h3>Param&egrave;tres d'authentification</h3>
<dl>
<dt> Type d'authentification </dt>
<dd> Le sch&eacute;ma classique d'authentification Lemonldap;;NG consiste &agrave; utiliser une
<dd> Le sch&eacute;ma classique d'authentification Lemonldap::NG consiste &agrave; utiliser une
authentification par LDAP. Vous pouvez changer ceci en "SSL" par exemple.</dd>
<dt> Portail </dt>
......@@ -277,7 +277,7 @@ corresponding parameters&nbsp;:</p>
<ul>
<li>Module =&gt; Apache::Session::File, <br>options :
<ul>
<li> Directory =&gt; /var/cache/lemonldap</li>
<li> Directory =&gt; /var/lib/lemonldap-ng/sessions</li>
</ul>
</li>
<li>Module =&gt; Apache::Session::MySQL, <br>options :
......@@ -307,7 +307,7 @@ indiquer les param&egrave;tres correspondants &agrave; ce module&nbsp;:</p>
<ul>
<li>Module =&gt; Apache::Session::File, <br>options :
<ul>
<li> Directory =&gt; /var/cache/lemonldap</li>
<li> Directory =&gt; /var/lib/lemonldap-ng/sessions</li>
</ul>
</li>
<li>Module =&gt; Apache::Session::MySQL, <br>options :
......
......@@ -8,7 +8,7 @@ use AutoLoader qw(AUTOLOAD);
require Lemonldap::NG::Manager::_i18n;
use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = '0.26';
our $VERSION = '0.27';
# TODO: Delete buttons in headers and rules if 'read-only'
......@@ -81,15 +81,18 @@ sub javascript {
newRule newHeader httpHeaders waitingResult unknownError
configurationWasChanged configLoaded warningConfNotApplied
applyConf prevConf lastConf nextConf deleteVirtualHost
areYouSure syntaxError)) {
areYouSure syntaxError deleteConf confirmDeleteConf)) {
$text{$_} = &{"txt_$_"};
$text{$_} =~s/'/\\'/g;
}
print qq#
function loadConf() {
function loadConf(n) {
document.body.style.cursor='wait';
document.getElementById('treeBox').innerHTML='';
tree=new dhtmlXTreeObject(document.getElementById('treeBox'),"100%","100%",0);
tree.setImagePath("$self->{dhtmlXTreeImageLocation}");
tree.setXMLAutoLoading("$ENV{SCRIPT_NAME}?lmQuery=conf");
tree.loadXML("$ENV{SCRIPT_NAME}?lmQuery=conf");
tree.loadXML("$ENV{SCRIPT_NAME}?lmQuery=conf&cfgNum="+n);
tree.setOnClickHandler(onNodeSelect);
tree.selectItem('virtualHosts',true,false);
document.getElementById('help').innerHTML='<h3>$text{configLoaded}</h3>';
......@@ -106,9 +109,7 @@ window.onload=function(){
s3=new xSplitter('idSplitter3',0,0,w,h,true,4,w/4,w/8,true,4,null,s32);
X.addEventListener(window,'resize',win_onresize,false);
document.getElementById('help').innerHTML='<h3>$text{waitingResult}</h3>';
tree=new dhtmlXTreeObject(document.getElementById('treeBox'),"100%","100%",0);
tree.setImagePath("$self->{dhtmlXTreeImageLocation}");
loadConf();
loadConf(0);
};
function win_onresize(){
......@@ -201,9 +202,10 @@ function onNodeSelect(nodeId) {
}
if(tree.getUserData(nodeId,"modif")=='both') but+=button('$text{deleteNode}','deleteNode',nodeId);
but+=button('$text{saveConf}','saveConf',nodeId);
/*if(nodeId == 'root') but+=button('$text{prevConf}','prevConf',nodeId)
if(nodeId == 'root') but+=button('$text{prevConf}','prevConf',nodeId)
+button('$text{nextConf}','nextConf',nodeId)
+button('$text{lastConf}','lastConf',nodeId);*/
+button('$text{lastConf}','lastConf',nodeId)
+button('$text{deleteConf}','deleteConf',nodeId);
#;
if( $self->{applyConfFile} ) {
print "but+=button('$text{applyConf}','applyConf',nodeId);";
......@@ -368,10 +370,35 @@ function applyConf(){
xhr_object.send(null);
}
var previous = 0;
function prevConf(){
previous--;
loadConf(previous);
}
function nextConf(){
if(previous<0){
previous++;
loadConf(previous);
}
}
function lastConf(){
previous=0;
loadConf(0);
}
function deleteConf(){
if(!(confirm('$text{confirmDeleteConf}'))) return 0;
previous=0;
xhr_object.open('GET', "$ENV{SCRIPT_NAME}?lmQuery=delete&cfgNum="+previous,true);
xhr_object.onreadystatechange = function() {
if(xhr_object.readyState == 4){
document.getElementById('help').innerHTML=xhr_object.responseText;
loadConf(0);
}
}
xhr_object.send(null);
}
function ec(s){
......
......@@ -90,6 +90,10 @@ sub fr {
areYouSure => 'Etes vous sur ?',
syntaxError => 'Erreur de syntaxe, configuration refus&eacute;e. Consultez les journaux du serveur web.',
whatToTrace => "Donn&eacute;e &agrave; inscrire dans les journaux d'Apache",
deleteConf => 'Effacer',
confirmDeleteConf => "Vous allez effacer cette configuration. Confirmez-vous ?",
configurationDeleted => 'Configuration &eacute;ffac&eacute;e',
configurationNotDeleted => 'Configuration non &eacute;ffac&eacute;e',
};
}
......@@ -149,5 +153,9 @@ sub en {
areYouSure => 'Are you sure ?',
syntaxError => 'Syntax error, configuration refused. See web server logs for more.',
whatToTrace => "Attribute to use in Apache's logs",
deleteConf => 'Delete',
confirmDeleteConf => "You're going to delete configuration. Do you confirm ?",
configurationDeleted => 'Configuration deleted',
configurationNotDeleted => 'Configuration not deleted',
};
}
......@@ -80,7 +80,7 @@ my $portal = Lemonldap::NG::Portal::CDA->new(
authenticate => sub { PE_OK },
# If no Lemonldap::NG protected application is in the same domaine than
# the portal, it is recommended to not set a lemonldap cookie in the
# the portal, it is recommended to not set a lemonldap::NG cookie in the
# other domain :
# Lemonldap::NG::Handler protect its cookie from remote application
# (to avoid developers to spoof an identity), but the master SSO
......
......@@ -79,11 +79,11 @@ authenticates user with a ldap bind by default, but you can also use another
authentication sheme like using x509 user certificates (see
L<Lemonldap::NG::Portal::AuthSSL> for more).
Lemonldap use session cookies generated by L<Apache::Session> so as secure as a
Lemonldap::NG use session cookies generated by L<Apache::Session> so as secure as a
128-bit random cookie. You may use the C<securedCookie> options of
L<Lemonldap::NG::Portal> to avoid session hijacking.
You have to manage life of sessions by yourself since Lemonldap knows nothing
You have to manage life of sessions by yourself since Lemonldap::NG knows nothing
about the L<Apache::Session> module you've choosed, but it's very easy using a
simple cron script because L<Lemonldap::NG::Portal> stores the start time in the
C<_utime> field.
......@@ -203,7 +203,7 @@ variable Apache has to use (C<$uid> by default).
The real accounting has to be done by the application itself which knows the
result of SQL transaction for example.
Lemonldap can export http headers either using a proxy or protecting directly
Lemonldap::NG can export http headers either using a proxy or protecting directly
the application. By default, the C<User-Auth> field is used but you can change
it using the C<exportedHeaders> parameters (stored in the configuration
database). This parameters contains an associative array:
......@@ -320,7 +320,7 @@ This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
at your option, any later version of Perl 5 you may have available.
Lemonldap was originaly written by Eric German who decided to publish him in
Lemonldap::NG was originaly written by Eric German who decided to publish him in
2003 under the terms of the GNU General Public License version 2.
Lemonldap::NG is a complete rewrite of Lemonldap and is able to have different
policies in a same Apache virtual host.
......
......@@ -100,7 +100,7 @@ sub error {
return &Lemonldap::NG::Portal::_i18n::error( $self->{error}, $ENV{HTTP_ACCEPT_LANGUAGE} );
}
# Private sub used to bind to LDAP server both with Lemonldap account and user
# Private sub used to bind to LDAP server both with Lemonldap::NG account and user
# credentials if LDAP authentication is used
sub _bind {
my ( $ldap, $dn, $password ) = @_;
......@@ -276,7 +276,7 @@ sub connectLDAP {
PE_OK;
}
# 6. LDAP bind with Lemonldap account or anonymous unless defined
# 6. LDAP bind with Lemonldap::NG account or anonymous unless defined
sub bind {
my $self = shift;
$self->connectLDAP unless ( $self->{ldap} );
......@@ -338,7 +338,7 @@ sub setGroups {
PE_OK;
}
# 11. Now, LDAP will not be used by Lemonldap except for LDAP
# 11. Now, LDAP will not be used by Lemonldap::NG except for LDAP
# authentication scheme
sub unbind {
my $self = shift;
......@@ -520,7 +520,7 @@ default, anonymous bind is used.
=item * securedCookie: set it to 1 if you want to protect user cookies
=item * cookieName: name of the cookie used by Lemonldap (lemon by default)
=item * cookieName: name of the cookie used by Lemonldap::NG (lemon by default)
=item * domain: cookie domain. You may have to give it else the SSO will work
only on your server.
......@@ -543,13 +543,13 @@ be set to:
=head2 Methods that can be overloaded
All the functions above can be overloaded to adapt Lemonldap to your
All the functions above can be overloaded to adapt Lemonldap::NG to your
environment. They MUST return one of the exported constants (see above)
and are called in this order by process().
=head3 controlUrlOrigin
If the user was redirected by a Lemonldap NG handler, stores the url that will be
If the user was redirected by a Lemonldap::NG handler, stores the url that will be
used to redirect the user after authentication.
=head3 controlExistingSession
......@@ -620,7 +620,7 @@ Disconnects from the LDAP server.
=head3 buildCookie
Creates the Lemonldap cookie.
Creates the Lemonldap::NG cookie.
=head3 log
......@@ -647,11 +647,11 @@ Non-object method used to bind to the ldap server.
=head3 header
Overloads the CGI::header method to add Lemonldap cookie.
Overloads the CGI::header method to add Lemonldap::NG cookie.
=head3 redirect
Overloads the CGI::redirect method to add Lemonldap cookie.
Overloads the CGI::redirect method to add Lemonldap::NG cookie.
=head2 EXPORT
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment