Commit 8231de79 authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : Single logout (portal and handler) and restricted manager are...

LEMONLDAP::NG : Single logout (portal and handler) and restricted manager are finished (TODO: single logout doc)

git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/trunk@84 1dbb9719-a921-0410-b57f-c3a383c2c641
parent 5689c866
......@@ -5,10 +5,10 @@ WriteMakefile(
NAME => 'Lemonldap::NG::Handler',
VERSION_FROM => 'lib/Lemonldap/NG/Handler.pm',
PREREQ_PM => {
'Apache::Session' => 0,
'LWP::UserAgent' => 0,
'Cache::Cache' => 0,
'Lemonldap::NG::Manager' => 0.4,
'Apache::Session' => 0,
'LWP::UserAgent' => 0,
'Cache::Cache' => 0,
'Lemonldap::NG::Manager' => 0.4,
}, # e.g., Module::Name => 1.1
($] >= 5.005 ? ## Add these new keywords supported since 5.005
(ABSTRACT_FROM => 'lib/Lemonldap/NG/Handler.pm', # retrieve abstract from module
......
......@@ -308,7 +308,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
......
......@@ -181,7 +181,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
......
......@@ -282,6 +282,7 @@ sub globalInit {
# - regexp is used to test URIs
# - test contains an expression used to grant the user
# TODO: split locationRules into 2 arrays
sub locationRulesInit {
my ( $class, $args ) = @_;
$locationCount = 0;
......@@ -437,6 +438,12 @@ sub goToPortal() {
return REDIRECT;
}
# Fetch $id
sub fetchId() {
my $t = lmHeaderIn( $apacheRequest, 'Cookie' );
return ($t =~ /$cookieName=([^; ]+);?/o ) ? $1: 0;
}
# MAIN SUBROUTINE called by Apache (using PerlHeaderParserHandler option)
sub run ($$) {
my $class;
......@@ -448,7 +455,7 @@ sub run ($$) {
# AUTHENTICATION
# I - recover the cookie
my $id;
unless ( ($id) = ( lmHeaderIn( $apacheRequest, 'Cookie' ) =~ /$cookieName=([^; ]+);?/o ) ) {
unless ( $id = $class->fetchId ) {
$class->lmLog( "$class: No cookie found", 'info' );
return $class->goToPortal($uri);
}
......@@ -532,8 +539,17 @@ sub unprotect {
sub logout ($$) {
my $class;
($class, $apacheRequest ) = @_;
my $uri = $apacheRequest->uri . ( $apacheRequest->args ? "?" . $apacheRequest->args : "" );
return $class->goToPortal( $uri, 'logout=1' );
if( my $id = $class->fetchId ) {
# Delete Apache thread datas
if ( $id eq $datas->{_session_id} ) {
$datas = {};
}
# Delete Apache local cache
if( $refLocalStorage and $refLocalStorage->get($id) ) {
$refLocalStorage->remove($id);
}
}
return $class->goToPortal( '/', 'logout=1' );
}
1;
......@@ -554,9 +570,9 @@ Create your own package:
our @ISA = qw(Lemonldap::NG::Handler::Simple);
__PACKAGE__->init ({
locationRules => {
locationRules => {
default => '$ou =~ /brh/'
},
},
globalStorage => 'Apache::Session::MySQL',
globalStorageOptions => {
DataSource => 'dbi:mysql:database=dbname;host=127.0.0.1',
......
......@@ -6,6 +6,7 @@ use MIME::Base64;
our $VERSION = '0.51';
# TODO: split locationRules into 2 arrays
sub locationRulesInit {
my ( $class, $args ) = @_;
foreach my $vhost ( keys %{ $args->{locationRules} } ) {
......
Revision history for Perl extension Lemonldap::NG::Manager.
0.512 Tue Mar 13 7:57:30
0.6 Sat Mar 17 22:13:08 2007
- New feature : restricted version of Manager. Only choosen virtual hosts
are displayed.
0.512 Tue Mar 13 7:57:30 2007
- New feature in Manager : "Delete VHost" button (Closes: #306761 /
forge.objectweb.org)
0.511 Sun Mar 11 8:24:32
0.511 Sun Mar 11 8:24:32 2007
- Bug correction: lock does not work with File.pm
(Closes: #306760 / forge.objectweb.org)
0.51 Fri Mar 9 7:16:42
0.51 Fri Mar 9 7:16:42 2007
- Bug corrections issued from test in real life.
- More help in english
......
......@@ -12,7 +12,7 @@ WriteMakefile(
'LWP::UserAgent' => 0,
}, # e.g., Module::Name => 1.1
EXE_FILES => [
'scripts/lmConfig_File2MySQL',
'scripts/lmConfig_File2MySQL',
],
($] >= 5.005 ? ## Add these new keywords supported since 5.005
(ABSTRACT_FROM => 'lib/Lemonldap/NG/Manager.pm', # retrieve abstract from module
......
......@@ -9,7 +9,7 @@ my $h = new Lemonldap::NG::Manager(
dirName => "__DIR__/conf/",
},
dhtmlXTreeImageLocation => "/imgs/",
applyConfFile => '__DIR__/manager/apply.conf',
applyConfFile => '__DIR__/manager/apply.conf',
# jsFile => /path/to/lemonldap-ng-manager.js,
}
......
......@@ -13,7 +13,7 @@ use LWP::UserAgent;
our @ISA = qw(Lemonldap::NG::Manager::Base);
our $VERSION = '0.511';
our $VERSION = '0.6';
sub new {
my ( $class, $args ) = @_;
......@@ -242,6 +242,7 @@ sub buildTree {
if ( $config->{locationRules} ) {
$tree->{item}->{item}->{virtualHosts}->{item} = {};
my $virtualHost = $tree->{item}->{item}->{virtualHosts}->{item};
# TODO: split locationRules into 2 arrays
while ( my ( $host, $rules ) = each( %{ $config->{locationRules} } ) ) {
$virtualHost->{$host} = $self->xmlField( "text", 'i', $host );
my ( $ih, $ir ) =
......@@ -311,6 +312,12 @@ sub print_upload {
}
sub upload {
my $self = shift;
my $config = $self->tree2conf(@_);
return $self->config->saveConf($config);
}
sub tree2conf {
my ( $self, $tree ) = @_;
$tree = XMLin($$tree);
my $config = {};
......@@ -330,6 +337,7 @@ sub upload {
$lr = $h->{$_} if ( $_ =~ /locationRules/ );
$eh = $h->{$_} if ( $_ =~ /exportedHeaders/ );
}
# TODO: split locationRules into 2 arrays
LR: foreach my $r ( values(%$lr) ) {
next LR unless ( ref($r) );
$config->{locationRules}->{$vh}->{ $r->{text} } = $r->{value};
......@@ -368,7 +376,7 @@ sub upload {
next unless ( ref($h) );
$config->{exportedVars}->{$h->{text}} = $h->{value};
}
return $self->config->saveConf($config);
return $config;
}
# Apply subroutines
......@@ -575,7 +583,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2006 by Xavier Guimard
Copyright (C) 2006-2007 by Xavier Guimard
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.8 or,
......
......@@ -167,27 +167,27 @@ access to Lemonldap::NG Web-SSO sessions via SOAP.
our @ISA = qw(Lemonldap::NG::Handler::Simple);
__PACKAGE__->init ({
globalStorage => 'Lemonldap::NG::Manager::Apache::Session::SOAP',
globalStorageOptions => {
proxy => 'http://manager/cgi-bin/soapserver.pl',
proxyOptions => {
timeout => 5,
},
},
globalStorage => 'Lemonldap::NG::Manager::Apache::Session::SOAP',
globalStorageOptions => {
proxy => 'http://manager/cgi-bin/soapserver.pl',
proxyOptions => {
timeout => 5,
},
},
configStorage => {
... # See Lemonldap::NG::Handler
... # See Lemonldap::NG::Handler
=item * With Lemonldap::NG::Portal
use Lemonldap::NG::Portal::SharedConf;
my $portal = new Lemonldap::NG::Portal::SharedConf (
globalStorage => 'Lemonldap::NG::Manager::Apache::Session::SOAP',
globalStorageOptions => {
proxy => 'http://manager/cgi-bin/soapserver.pl',
proxyOptions => {
timeout => 5,
},
},
globalStorage => 'Lemonldap::NG::Manager::Apache::Session::SOAP',
globalStorageOptions => {
proxy => 'http://manager/cgi-bin/soapserver.pl',
proxyOptions => {
timeout => 5,
},
},
configStorage => {
... # See Lemonldap::NG::Portal
......
......@@ -26,7 +26,8 @@ sub header_public {
my $year = $5;
my $cm = $2;
if ( my $ref = $ENV{HTTP_IF_MODIFIED_SINCE} ) {
# TODO: Remove TODO_ for stable releases
if ( my $ref = $ENV{TODO_HTTP_IF_MODIFIED_SINCE} ) {
my %month = (
jan => 0,
feb => 1,
......@@ -100,7 +101,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
Copyright (C) 2006-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
......
......@@ -177,7 +177,7 @@ Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2006 by Xavier Guimard
Copyright (C) 2006-2007 by Xavier Guimard
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.8 or,
......
......@@ -9,13 +9,15 @@ our $VERSION = '0.1';
# CONSTANTS
use constant CONFIG_WAS_CHANGED => -1;
use constant UNKNOWN_ERROR => -2;
use constant DATABASE_LOCKED => -3;
use constant UNKNOWN_ERROR => -2;
use constant DATABASE_LOCKED => -3;
use constant UPLOAD_DENIED => -4;
our %EXPORT_TAGS = ( 'all' => [ qw(
CONFIG_WAS_CHANGED
UNKNOWN_ERROR
DATABASE_LOCKED
UPLOAD_DENIED
) ] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
......
......@@ -33,8 +33,6 @@ sub lastCfg {
return $avail[$#avail];
}
# TODO: LOCK
sub lock {
my $self = shift;
if( $self->isLocked ) {
......@@ -52,7 +50,7 @@ sub lock {
sub isLocked {
my $self = shift;
-e $self->{dirName} . "/lmConf.lock";
-e $self->{dirName} . "/lmConf.lock";
}
sub unlock {
......
......@@ -5,14 +5,15 @@ use strict;
use Lemonldap::NG::Manager;
use Lemonldap::NG::Manager::Conf::Constants;
our @ISA=qw(Lemonldap::NG::Manager);
our $VERSION = "0.01";
our @ISA = qw(Lemonldap::NG::Manager);
our $VERSION = "0.1";
sub new {
my ( $class, $args ) = @_;
my $self = $class->SUPER::new($args);
unless( $self->{read} ) {
print STDERR qq#Warning, "read" parameter is not set, nothing will be displayed\n#;
unless ( $self->{read} ) {
print STDERR
qq#Warning, "read" parameter is not set, nothing will be displayed\n#;
}
return $self;
}
......@@ -20,23 +21,80 @@ sub new {
sub buildTree {
my $self = shift;
my $tree = $self->SUPER::buildTree();
# TODO: purge tree
# Display only VirtualHosts
delete $tree->{item}->{item}->{groups};
delete $tree->{item}->{item}->{generalParameters};
my $vh = $tree->{item}->{item}->{virtualHosts}->{item};
# Display only authorized virtual hosts
foreach my $k ( keys %$vh ) {
unless ( grep { $_ eq $k } @{ $self->{read} } ) {
delete $vh->{$k};
next;
}
# and suppress write possibilities
unless ( grep { $_ eq $k } @{ $self->{write} } ) {
foreach ( @{ $vh->{$k}->{userdata} } ) {
$_->{content} = 'none' if ( $_->{name} eq 'modif' );
}
foreach my $type ( keys( %{ $vh->{$k}->{item} } ) ) {
foreach my $i ( keys( %{ $vh->{$k}->{item}->{$type}->{item} } ) ) {
foreach ( @{ $vh->{$k}->{item}->{$type}->{item}->{$i}->{userdata} } ) {
$_->{content} = 'ro' if ( $_->{name} eq 'modif' );
}
}
}
}
}
return $tree;
}
# TODO: restrict upload
sub upload {
UNKNOWN_ERROR;
my $self = shift;
print STDERR "1\n";
return UPLOAD_DENIED unless ( @{ $self->{write} } );
# Convert new config
my $newConfig = $self->tree2conf(@_);
# Load current config
my $config = $self->config->getConf();
# Compare new and old config
return CONFIG_WAS_CHANGED
unless ( $config->{cfgNum} == $newConfig->{cfgNum} );
# Merge config
foreach my $vh ( @{ $self->{write} } ) {
if ( $newConfig->{locationRules}->{$vh} ) {
$config->{locationRules}->{$vh} =
$newConfig->{locationRules}->{$vh};
delete $newConfig->{locationRules}->{$vh};
}
if ( $newConfig->{exportedHeaders}->{$vh} ) {
$config->{exportedHeaders}->{$vh} =
$newConfig->{exportedHeaders}->{$vh};
delete $newConfig->{exportedHeaders}->{$vh};
}
}
# return UPLOAD_DENIED
# if ( %{ $newConfig->{exportedHeaders} }
# or %{ $newConfig->{locationRules} } );
# and save config
return $self->config->saveConf($config);
}
1;
__END__
=head1 NAME
Lemonldap::NG::Manager::Restricted - Experimental restricted version of
Lemonldap::NG::Manager
Lemonldap::NG::Manager::Restricted - Restricted version of
Lemonldap::NG::Manager to show only parts of protected virtual hosts.
=head1 SYNOPSIS
......@@ -51,14 +109,32 @@ Lemonldap::NG::Manager
# uncomment this only if lemonldap-ng-manager.js is not in the same
# directory than your script.
# jsFile => /path/to/lemonldap-ng-manager.js,
read => [ 'test.example.com', 'test2.example.com' ],
write => [ 'test.example.com' ],
}
) or die "Unable to start, see Apache logs";
$h->doall();
=head1 DESCRIPTION
This module is in development. It will be usable to restrict access to
configuration for example only to a single virtual host.
This module can be used to give access to a part of the Lemonldap::NG Web-SSO
configuration. You can use it to simply show or give write access to some of
the protected vortual hosts.
=head2 PARAMETERS
Lemonldap::NG::Manager::Restricted works like L<Lemonldap::NG::Manager> but
uses 2 new parameters in the constructor:
=over
=item * read : an array reference to the list of authorized virtual host to
display,
=item * write : an array reference to the list of virtual hosts that can been
updated.
=back
=head1 SEE ALSO
......
......@@ -102,9 +102,9 @@ our $config;
our $authorizedFunc = 'get';
sub newsession {
return 0 unless( $authorizedFunc =~ /\bnew\b/ );
my( $class, $args ) = @_;
$args ||= {};
return 0 unless( $authorizedFunc =~ /\bnew\b/ );
my( $class, $args ) = @_;
$args ||= {};
my %h;
eval {
tie %h, $config->{realSessionStorage}, undef, $config->{realSessionStorageOptions};
......@@ -119,10 +119,10 @@ sub newsession {
}
sub get {
print STDERR "get\n";
return 0 unless( $authorizedFunc =~ /\bget\b/ );
my( $class, $id ) = @_;
my %h;
print STDERR "get\n";
return 0 unless( $authorizedFunc =~ /\bget\b/ );
my( $class, $id ) = @_;
my %h;
eval {
tie %h, $config->{realSessionStorage}, $id, $config->{realSessionStorageOptions};
};
......@@ -135,9 +135,9 @@ sub get {
}
sub set {
return 0 unless( $authorizedFunc =~ /\bset\b/ );
return 0 unless( $authorizedFunc =~ /\bset\b/ );
my( $class, $id, $args ) = @_;
my %h;
my %h;
eval {
tie %h, $config->{realSessionsStorage}, undef, $config->{realSessionsStorageOptions};
};
......
......@@ -8,8 +8,11 @@ use AutoLoader qw(AUTOLOAD);
require Lemonldap::NG::Manager::_i18n;
use Lemonldap::NG::Manager::Conf::Constants;
our $VERSION = '0.23';
our $VERSION = '0.24';
# TODO: Delete buttons in headers and rules if 'read-only'
# TODO: Display errors in saveConf
1;
__END__
......@@ -78,7 +81,7 @@ sub javascript {
newRule newHeader httpHeaders waitingResult unknownError
configurationWasChanged configLoaded warningConfNotApplied
applyConf prevConf lastConf nextConf deleteVirtualHost
areYouSure)) {
areYouSure)) {
$text{$_} = &{"txt_$_"};
$text{$_} =~s/'/\\'/g;
}
......@@ -134,6 +137,15 @@ function onNodeSelect(nodeId) {
k=tree.getItemText(nodeId);
v='<textarea cols=40 rows=2 onChange="tree.setUserData('+"'"+nodeId+"'"+','+"'"+'value'+"'"+',this.value)">'+tree.getUserData(nodeId,'value')+'</textarea>';
//v='<input size=80 name="value" value="'+tree.getUserData(nodeId,'value')+'" onChange="tree.setUserData('+"'"+nodeId+"'"+','+"'"+'value'+"'"+',this.value)">';
break;
case 'ro':
k=tree.getItemText(nodeId);
v='<p>'+tree.getUserData(nodeId,'value')+'</p>';
break;
case 'none':
k=tree.getItemText(nodeId);
v='<p>&nbsp;</p>';
break;
}
document.getElementById('formulaire').style.display='block';
document.getElementById('name').innerHTML = k;
......@@ -143,7 +155,7 @@ function onNodeSelect(nodeId) {
document.getElementById('formulaire').style.display='none';
}
var but='';
if(nodeIs(nodeId,"virtualHosts")){
if(nodeIs(nodeId,"virtualHosts") && tree.getUserData(nodeId,"modif") != "none" && tree.getUserData(nodeId,"modif") != 'ro' ){
but+=button('$text{newVirtualHost}','newVirtualHost',nodeId);
if(nodeIs(nodeId,"virtualHost")){
but+=button('$text{deleteVirtualHost}','deleteVirtualHost',nodeId);
......@@ -311,11 +323,11 @@ function saveConf(){
document.getElementById('help').innerHTML='<h3>$text{confSaved} : '+r+'</h3>$text{warningConfNotApplied}';
}
else if(r<0) {
var txt='<h3>$text{saveFailure}: ';
if(r==#.CONFIG_WAS_CHANGED.qq#) {
var txt='<h3>$text{saveFailure}: ';
if(r==#.CONFIG_WAS_CHANGED.qq#) {
txt+='$text{configurationWasChanged}';
}
document.getElementById('help').innerHTML=txt+'</h3>';
}
document.getElementById('help').innerHTML=txt+'</h3>';
}
else document.getElementById('help').innerHTML='<h3>$text{unknownError}</h3>';
}
......
......@@ -84,10 +84,10 @@ sub fr {
prevConf => 'Pr&eacute;c&eacute;dente',
nextConf => 'Suivante',
lastConf => 'Derni&egrave;re',
deleteVirtualHost => "Supprimer l'h&ocirc;te virtuel",
deleteVirtualHost => "Supprimer l'h&ocirc;te virtuel",
# Attention: ici, &Ecirc; ne sera pas interprt par Firefox (msgBox)
areYouSure => 'Etes vous sur ?',
areYouSure => 'Etes vous sur ?',
};
}
......@@ -143,7 +143,7 @@ sub en {
prevConf => 'Previous',
nextConf => 'Next',
lastConf => 'Last',
deleteVirtualHost => 'Delete virtual host',
areYouSure => 'Are you sure ?',
deleteVirtualHost => 'Delete virtual host',
areYouSure => 'Are you sure ?',
};
}
......@@ -14,6 +14,7 @@ MANIFEST
META.yml Module meta-data (added by MakeMaker)
README
t/Lemonldap-NG-Portal-AuthCAS.t
t/Lemonldap-NG-Portal-AuthLA.t
t/Lemonldap-NG-Portal-AuthSSL.t
t/Lemonldap-NG-Portal-CDA.t
t/Lemonldap-NG-Portal-SharedConf.t
......
......@@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;
print STDERR
"See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
our $VERSION = "0.64";
our $VERSION = "0.7";
1;
......
......@@ -182,7 +182,7 @@ Clement Oudot, E<lt>coudot@linagora.comE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
Copyright (C) 2007 by Clement Oudot, E<lt>coudot@linagora.comE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.4 or,
......
......@@ -12,7 +12,7 @@ use CGI;
use CGI::Cookie;
use Lemonldap::NG::Portal::_i18n;
our $VERSION = '0.63';
our $VERSION = '0.7';
our @ISA = qw(CGI Exporter);
......@@ -185,9 +185,14 @@ sub controlExistingSession {
return PE_OK;
}
# Logout if required
# Logout if required
# TODO: logout documentation
if($self->param('logout')) {
# Delete session in global storage
tied(%h)->delete;
# Delete cookie
$self->{id} = "";
$self->buildCookie();
return PE_FIRSTACCESS;
}
# A session has been find => calling &existingSession
......
# Before `make install' is performed this script should be runnable with
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Manager.t'
#########################
# change 'tests => 1' to 'tests => last_test_to_print';
use Test::More tests => 1;
# SOAP::Lite is not required, so Lemonldap::NG::Manager::Conf::SOAP may
# not run.
SKIP: {
eval { require lasso };
skip "lasso is not installed, so Lemonldap::NG::Portal::AuthLA will not be useable", 1 if($@);
use_ok('Lemonldap::NG::Portal::AuthLA');
}
#########################
# Insert your test code below, the Test::More module is use()ed here so read
# its man page ( perldoc Test::More ) for help writing this test script.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment