Commit e502a3dc authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG::Handler :

 * new feature: Lemonldap::NG::Handler::CGI can be used directly in Perl CGI instead of using a real handler
 * little bugs correction
parent a3cca200
Revision history for Perl extension Lemonldap::NG::Handler.
0.8 Thu Apr 12 7:08:08 2007
- Little bug in unprotect function (Handler::Simple)
- New feature: Lemonldap::NG::Handler::CGI
0.77 Wed Mar 22 7:18:48 2007
- logout system
- $date is now available in rules
......
Changes
example/autoProtectedCGI.pl
example/lmH-apache.conf
example/lmH-apache2.conf
example/MyHandler.pm
lib/Lemonldap/NG/Handler.pm
lib/Lemonldap/NG/Handler/CDA.pm
lib/Lemonldap/NG/Handler/CGI.pm
lib/Lemonldap/NG/Handler/Proxy.pm
lib/Lemonldap/NG/Handler/SharedConf.pm
lib/Lemonldap/NG/Handler/Simple.pm
......@@ -13,6 +15,7 @@ MANIFEST
META.yml Module meta-data (added by MakeMaker)
README
t/Lemonldap-NG-Handler-CDA.t
t/Lemonldap-NG-Handler-CGI.t
t/Lemonldap-NG-Handler-Proxy.t
t/Lemonldap-NG-Handler-SharedConf.t
t/Lemonldap-NG-Handler-Simple.t
......
#!/usr/bin/perl
my $cgi = new Lemonldap::NG::Handler::CGI ( {
localStorage => "Cache::FileCache",
localStorageOptions => {
'namespace' => 'MyNamespace',
'default_expires_in' => 600,
},
configStorage => {
type => 'File',
dirName => '__DIR__/conf',
},
https => 0,
}
);
$cgi->authenticate();
print $cgi->header;
unless( $cgi->authorize ) {
print $cgi->start_html ('Forbidden');
print "You're not authorized to see this page";
print $cgi->end_html;
}
else {
print $cgi->start_html ('Authorized');
print "<h1>Welcome</h1>You're authorized to see this page";
print $cgi->end_html;
}
......@@ -2,7 +2,7 @@ package Lemonldap::NG::Handler;
print STDERR
"See Lemonldap::NG::Handler(3) to know which Lemonldap::NG::Handler::* module to use.";
our $VERSION = "0.77";
our $VERSION = "0.8";
1;
......@@ -310,6 +310,10 @@ directly to protect a single host.
configuration can be centralized. Inherits from
L<Lemonldap::NG::Handler::Vhost> and L<Lemonldap::NG::Handler::Simple>.
=item * L<Lemonldap::NG::Handler::CGI>: if you have only a few Perl CGI to
protect, you can use this module in your CGI instead of protecting it under
L<Lemonldap::NG::Handler::SharedConf>.
=item * L<Lemonldap::NG::Handler::Proxy>: this module isn't used to manage
security but is written to create a reverse-proxy without using mod_proxy. In
some case, mod_proxy does not manage correctly some redirections, that is why
......@@ -326,12 +330,22 @@ download a mod_perl2 backport.
L<Lemonldap::NG::Handler::SharedConf>,
L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Manager>,
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
L<http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation>
=head1 AUTHOR
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
......
......@@ -113,6 +113,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
......
package Lemonldap::NG::Handler::CGI;
use strict;
use CGI;
use CGI::Cookie;
use MIME::Base64;
our @ISA = qw(CGI);
use Lemonldap::NG::Handler::SharedConf qw(:all);
our $VERSION = '0.01';
sub new {
my $class = shift;
my $self = $class->SUPER::new();
$self->{_handler} = bless {}, 'Lemonldap::NG::Handler::_CGI';
$self->_handler->init( @_ );
die "Unable to get configuration" unless $self->_handler->localConfUpdate() == OK;
return $self;
}
sub authenticate {
my $self = shift;
my %cookies = fetch CGI::Cookie;
my $id;
unless( $cookies{$cookieName} and $id = $cookies{$cookieName}->value ) {
return $self->goToPortal();
}
unless ( $datas and $id eq $datas->{_session_id} ) {
unless ( $refLocalStorage and $datas = $refLocalStorage->get($id) ) {
my %h;
eval { tie %h, $globalStorage, $id, $globalStorageOptions; };
if ($@) {
return $self->goToPortal();
}
$datas->{$_} = $h{$_} foreach ( keys %h );
if ($refLocalStorage) {
$refLocalStorage->set( $id, $datas, "10 minutes" );
}
}
}
#return __PACKAGE__->forbidden($uri) unless ( __PACKAGE__->grant($uri) );
return 1;
}
sub authorize {
my $self = shift;
return $self->_handler->grant( $ENV{REQUEST_URI} );
}
sub user {
return $datas;
}
sub group {
my($self, $group) = @_;
return ($datas->{groups} =~ /\b$group\b/)
}
sub goToPortal {
my $self = shift;
my $tmp = encode_base64( $self->_uri );
$tmp =~ s/[\r\n]//sg;
print CGI::redirect( -uri => "$portal?url=$tmp" );
exit;
}
sub _uri {
return 'http'.($https ? 's' : '').'://'.$ENV{SERVER_NAME}.$ENV{REQUEST_URI};
}
sub _handler {
return shift->{_handler};
}
package Lemonldap::NG::Handler::_CGI;
use Lemonldap::NG::Handler::SharedConf qw(:all);
our @ISA = qw(Lemonldap::NG::Handler::SharedConf);
sub lmLog {
my ( $self, $mess, $level ) = @_;
$mess =~ s/^.*HASH[^:]*:/__PACKAGE__/e;
print STDERR "$mess\n" unless( $level eq 'debug' );
}
sub grant {
my ( $self, $uri ) = @_;
my $vhost = $ENV{SERVER_NAME};
for ( my $i = 0 ; $i < $locationCount->{$vhost} ; $i++ ) {
if ( $uri =~ $locationRegexp->{$vhost}->[$i] ) {
return &{ $locationCondition->{$vhost}->[$i] }($datas);
}
}
unless ( $defaultCondition->{$vhost} ) {
$self->lmLog(
"User rejected because VirtualHost \"$vhost\" has no configuration",
'warn'
);
return 0;
}
return &{ $defaultCondition->{$vhost} };
}
1;
__END__
=head1 NAME
Lemonldap::NG::Handler::CGI - Perl extension for using Lemonldap::NG
authentication in Perl CGI without using Lemonldap::NG::Handler
=head1 SYNOPSIS
use Lemonldap::NG::Handler::CGI;
my $cgi = Lemonldap::NG::Handler::CGI->new ( {
# Local storage used for sessions and configuration
localStorage => "Cache::DBFile",
localStorageOptions => {...},
# How to get my configuration
configStorage => {
type => "DBI",
dbiChain => "DBI:mysql:database=lemondb;host=$hostname",
dbiUser => "lemonldap",
dbiPassword => "password",
},
https => 0,
}
);
# Lemonldap::NG cookie validation
$cgi->authenticate();
# Optionnal Lemonldap::NG authorization
$cgi->authorize();
# See CGI(3) for more about writing HTML pages
print $cgi->header;
print $cgi->start_html;
# Since authentication phase, you can use user attributes and macros
my $name = $cgi->user->{cn};
# Instead of using "$cgi->user->{groups} =~ /\badmin\b/", you can use
if( $cgi->group('admin') ) {
# special html code for admins
}
else {
# another HTML code
}
=head1 DESCRIPTION
Lemonldap::NG::Handler provides the protection part of Lemonldap::NG web-SSO
system. It can be used with any system used with Apache (PHP or JSP pages for
example). If you need to protect only few Perl CGI, you can use this library
instead.
Warning, this module must not be used in a Lemonldap::NG::Handler protected
area because it hides Lemonldap::NG cookies.
=head1 SEE ALSO
L<http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation>,
L<CGI>, L<Lemonldap::NG::Handler>, L<Lemonldap::NG::Manager>,
L<Lemonldap::NG::Portal>
=head1 AUTHOR
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2007 by Xavier Guimard
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.8 or,
at your option, any later version of Perl 5 you may have available.
=cut
......@@ -180,6 +180,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
......
......@@ -9,7 +9,7 @@ use Cache::Cache qw($EXPIRES_NEVER);
our @ISA = qw(Lemonldap::NG::Handler::Vhost Lemonldap::NG::Handler::Simple);
our $VERSION = '0.53';
our $VERSION = '0.54';
our $cfgNum = 0;
our $lastReload = 0;
our $reloadTime;
......@@ -32,9 +32,9 @@ BEGIN {
}
*EXPORT_TAGS = *Lemonldap::NG::Handler::Simple::EXPORT_TAGS;
*EXPORT_OK = *Lemonldap::NG::Handler::Simple::EXPORT_OK;
push( @{ $EXPORT_TAGS{$_} }, qw($reloadTime $lastReload) )
push( @{ $EXPORT_TAGS{$_} }, qw($cfgNum $lastReload $reloadTime $childLock $lmConf $localConfig) )
foreach (qw(variables localStorage));
push @EXPORT_OK, qw($reloadTime $lastReload);
push @EXPORT_OK, qw($cfgNum $lastReload $reloadTime $childLock $lmConf $localConfig);
}
# INIT PROCESS
......@@ -259,6 +259,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
......
......@@ -7,7 +7,7 @@ use Exporter 'import';
use Safe;
require POSIX;
our $VERSION = '0.75';
our $VERSION = '0.8';
our %EXPORT_TAGS = (
localStorage =>
......@@ -16,7 +16,7 @@ our %EXPORT_TAGS = (
locationRules => [
qw(
$locationCondition $defaultCondition $locationCount
$locationRegexp $apacheRequest $datas $safe
$locationRegexp $apacheRequest $datas $safe $portal
)
],
import => [ qw( import @EXPORT_OK @EXPORT %EXPORT_TAGS ) ],
......@@ -35,7 +35,7 @@ our %EXPORT_TAGS = (
],
traces => [ qw( $whatToTrace ) ],
apache =>
[ qw( MP lmLog OK REDIRECT FORBIDDEN DONE DECLINED SERVER_ERROR ) ],
[ qw( MP OK REDIRECT FORBIDDEN DONE DECLINED SERVER_ERROR ) ],
);
our @EXPORT_OK = ();
......@@ -116,14 +116,14 @@ BEGIN {
Apache::Constants->import(':common');
Apache::Constants->import(':response');
}
else { # For Test only
else { # For Test or CGI
eval '
sub OK {0}
sub FORBIDDEN {1}
sub REDIRECT {1}
sub OK {1}
sub REDIRECT {2}
sub DECLINED {1}
sub DONE {1}
sub SERVER_ERROR {1}
sub DONE {4}
sub SERVER_ERROR {5}
';
}
*handler = ( MP() == 2 ) ? \&handler_mp2 : \&handler_mp1;
......@@ -135,14 +135,17 @@ sub handler_mp2 : method {
shift->run(@_);
}
sub lmLog($$$) {
sub lmLog {
my ( $class, $mess, $level ) = @_;
if ( MP() == 2 ) {
Apache2::ServerRec->log->$level($mess);
}
else {
elsif ( MP() == 1 ) {
Apache->server->log->$level($mess);
}
else {
print STDERR "$mess\n";
}
}
sub regRemoteIp {
......@@ -156,7 +159,7 @@ sub lmSetHeaderIn {
if ( MP() == 2 ) {
return $r->headers_in->set( $h => $v );
}
else {
elsif ( MP() == 1 ) {
return $r->header_in( $h => $v );
}
}
......@@ -166,7 +169,7 @@ sub lmHeaderIn {
if ( MP() == 2 ) {
return $r->headers_in->{$h};
}
else {
elsif ( MP() == 1 ) {
return $r->header_in($h);
}
}
......@@ -176,7 +179,7 @@ sub lmSetErrHeaderOut {
if ( MP() == 2 ) {
return $r->err_headers_out->set( $h => $v );
}
else {
elsif ( MP() == 1 ) {
return $r->err_header_out( $h => $v );
}
}
......@@ -186,7 +189,7 @@ sub lmSetHeaderOut {
if ( MP() == 2 ) {
return $r->headers_out->set( $h => $v );
}
else {
elsif ( MP() == 1 ) {
return $r->header_out( $h => $v );
}
}
......@@ -196,7 +199,7 @@ sub lmHeaderOut {
if ( MP() == 2 ) {
return $r->headers_out->{$h};
}
else {
elsif ( MP() == 1 ) {
return $r->header_out($h);
}
}
......@@ -258,7 +261,7 @@ sub localInit($$) {
PerlCleanupHandler => sub { return $class->cleanLocalStorage(@_); }
);
}
else {
elsif ( MP() == 1 ) {
Apache->push_handlers(
PerlChildInitHandler => sub { return $class->initLocalStorage(@_); }
);
......@@ -535,7 +538,7 @@ sub cleanLocalStorage {
}
sub unprotect {
DONE;
OK;
}
sub logout ($$) {
......@@ -738,6 +741,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
......
......@@ -4,7 +4,7 @@ use Lemonldap::NG::Handler::Simple qw(:locationRules :headers);
use strict;
use MIME::Base64;
our $VERSION = '0.51';
our $VERSION = '0.52';
# TODO: split locationRules into 2 arrays
sub locationRulesInit {
......@@ -83,6 +83,7 @@ sub grant {
"User rejected because VirtualHost \"$vhost\" has no configuration",
'warn'
);
return 0;
}
return &{ $defaultCondition->{$vhost} };
}
......@@ -144,6 +145,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
......
# Before `make install' is performed this script should be runnable with
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Handler-Proxy.t'
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Handler-CDA.t'
#########################
......
# Before `make install' is performed this script should be runnable with
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Handler-CGI.t'
#########################
# change 'tests => 1' to 'tests => last_test_to_print';
use Test::More tests => 1;
BEGIN { use_ok('Lemonldap::NG::Handler::CGI') };
#########################
# Insert your test code below, the Test::More module is use()ed here so read
# its man page ( perldoc Test::More ) for help writing this test script.
......@@ -686,6 +686,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2006-2007 by Xavier Guimard
......
......@@ -284,6 +284,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2007 by Xavier Guimard
......
......@@ -179,6 +179,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2006-2007 by Xavier Guimard
......
......@@ -224,6 +224,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2007 by Xavier Guimard
......
......@@ -145,6 +145,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2007 by Xavier Guimard
......
......@@ -277,6 +277,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2007 by Xavier Guimard
......
......@@ -302,6 +302,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2005-2007 by Xavier Guimard E<lt>x.guimard@free.frE<gt>
......
......@@ -76,6 +76,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Thomas Chemineau, E<lt>thomas.chemineau@linagora.comE<gt>,
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://forge.objectweb.org/tracker/?group_id=274>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2007 by Thomas Chemineau,
......
......@@ -84,6 +84,16 @@ http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=head1 BUG REPORT