Menu
▾
▴
[Stud-cvs] stud booking,1.32,1.33 admin_booking,1.28,1.29 StudIni.pm,1.9,1.10 ClubDb.pm,1.24,1.25
|
From: Peter B. <mr_...@us...> - 2005-10-31 11:18:07
|
Update of /cvsroot/stud/stud In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18393 Modified Files: booking admin_booking StudIni.pm ClubDb.pm Log Message: RFE:1220361. Added LDAP support for validating users. Index: StudIni.pm =================================================================== RCS file: /cvsroot/stud/stud/StudIni.pm,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** StudIni.pm 23 May 2003 22:11:47 -0000 1.9 --- StudIni.pm 31 Oct 2005 11:17:57 -0000 1.10 *************** *** 15,19 **** # #@author Peter Backman ! #@version 2.1.0 package StudIni; --- 15,19 ---- # #@author Peter Backman ! #@version 2.4.0 package StudIni; *************** *** 62,65 **** --- 62,77 ---- my $DB_DSN = "DBI:mysql:database="; + # Method for Authentication + # Possible alternatives + # getpwnam, LDAP + my $AUTHENTICATION_METHOD = "getpwnam"; + + # LDAP settings + # See Net::LDAP for more information + # Used if $AUTHENTICATION_METHOD = "LDAP" + my $LDAP_SERVER = 'LDAP SERVER'; + my $LDAP_BASE = "LDAP BASE"; + my $LDAP_FILTER = "LDAP FILTER"; + # # Public part *************** *** 128,130 **** --- 140,169 ---- } + #* + # Gets authentication method. + #@return Authentication method + sub getAuthMethod () { + return $AUTHENTICATION_METHOD; + } + + #* + # Gets LDAP server. + #@return LDAP server. + sub getLDAPServer () { + return $LDAP_SERVER; + } + + #* + # Gets LDAP base. + #@return LDAP base. + sub getLDAPBase () { + return $LDAP_BASE; + } + + #* + # Gets LDAP filter. + #@return LDAP filter. + sub getLDAPFilter () { + return $LDAP_FILTER; + } 1; Index: admin_booking =================================================================== RCS file: /cvsroot/stud/stud/admin_booking,v retrieving revision 1.28 retrieving revision 1.29 diff -C2 -d -r1.28 -r1.29 *** admin_booking 14 Jan 2004 18:46:35 -0000 1.28 --- admin_booking 31 Oct 2005 11:17:57 -0000 1.29 *************** *** 8,12 **** # #@author Gunnar Strand ! #@version 2.2.3 use strict; --- 8,12 ---- # #@author Gunnar Strand ! #@version 2.4.0 use strict; *************** *** 28,32 **** my $default_background = StudIni::getImgPath()."back_admin.gif"; ! my $version = "2.3.0"; my $q = new CGI(); --- 28,32 ---- my $default_background = StudIni::getImgPath()."back_admin.gif"; ! my $version = "2.4.0"; my $q = new CGI(); *************** *** 1431,1438 **** } ! unless ($user && getpwnam($user) && ! (!$$global_settings{least_user_id} || ! ($$global_settings{least_user_id} <= getpwnam($user)))) { ! user_error("No valid user id was given."); return; } --- 1431,1436 ---- } ! if ($_ = $db->authenticate_user($user)) { ! user_error($_); return; } *************** *** 1486,1490 **** $q->textfield(-name => "full_name", -value => iff($$settings{full_name}, ! (split(',', (getpwnam($user))[6]))[0]), -override => 1, -size => 50, --- 1484,1488 ---- $q->textfield(-name => "full_name", -value => iff($$settings{full_name}, ! $db->getFullName($user)), -override => 1, -size => 50, *************** *** 1615,1620 **** my ($settings, $salt, $password); ! unless ($$data{user} && getpwnam($$data{user})) { ! user_error("No or illegal user id was given."); return; } --- 1613,1619 ---- my ($settings, $salt, $password); ! ! if ($_ = $db->authenticate_user($$data{user})) { ! user_error($_); return; } *************** *** 1686,1691 **** # Id must exist on system ! unless ($user && getpwnam($user)) { ! logg("Authorization failed for user '$user'. Id does not exist on system!"); return 0; } --- 1685,1690 ---- # Id must exist on system ! if ($_ = $db->authenticate_user($user)) { ! logg("Authorization failed for user '$user'. Error: $_"); return 0; } *************** *** 1769,1774 **** my ($info, $dummy); ! unless ($user && getpwnam($user) && $password && ! $administrator && getpwnam($administrator)) { user_error("<b>You did not give at least these data</b>\n<ul>", "- Valid user id<br>", --- 1768,1773 ---- my ($info, $dummy); ! unless (!$db->authenticate_user($user) && $password && ! !$db->authenticate_user($administrator)) { user_error("<b>You did not give at least these data</b>\n<ul>", "- Valid user id<br>", Index: ClubDb.pm =================================================================== RCS file: /cvsroot/stud/stud/ClubDb.pm,v retrieving revision 1.24 retrieving revision 1.25 diff -C2 -d -r1.24 -r1.25 *** ClubDb.pm 11 Oct 2005 13:00:19 -0000 1.24 --- ClubDb.pm 31 Oct 2005 11:17:57 -0000 1.25 *************** *** 38,42 **** # #@author Gunnar Strand ! #@version 2.3.1 package ClubDb; --- 38,42 ---- # #@author Gunnar Strand ! #@version 2.4.0 package ClubDb; *************** *** 48,51 **** --- 48,53 ---- Add_Delta_Days Today); + use Net::LDAP; + my $dbh; *************** *** 1721,1724 **** --- 1723,1819 ---- #* + # Checks whether the specified user exists. + #@param $user The user id + #@return undef if authentication suceeded otherwise an error string + sub authenticate_user ( $$ ) { + my ($self, $user) = @_; + + if (StudIni::getAuthMethod() eq "getpwnam") { + my $global_settings; + unless ($global_settings = $self->get_global_settings) { + internal_error($self->{errstr}); + return "User validation failed: $self->{errstr}"; + } + + unless ($user && getpwnam($user) && (!$$global_settings{least_user_id} || $$global_settings{least_user_id} <= getpwnam($user))) { + return "User $user is not a valid user id.\n"; + } + } + elsif (StudIni::getAuthMethod() eq "LDAP") { + my $ldap = Net::LDAP->new(StudIni::getLDAPServer()) or die "$@"; + my $mesg = $ldap->bind ; # an anonymous bind + my $ldf = StudIni::getLDAPFilter(); + $mesg = $ldap->search( # perform a search + base => StudIni::getLDAPBase(), + filter => "&(cn=$user) $ldf", + attrs => ['username', 'fullName', 'telephoneNumber', 'l'] + ); + if ($mesg->code) { + $mesg = $ldap->unbind; # take down session + return "User validation failed. Error fetching information from LDAP server: $mesg->code.\n"; + } + + unless ($mesg->entries) { + return "User $user not a valid user on LDAP server.\n"; + } + + $mesg = $ldap->unbind; # take down session + + } + else { + return "User validation faild. Unknown validation method: " . StudIni::getAuthMethod() .".\n"; + } + + return; + } + + #* + # Get full user name + #@param $user User id + #@return User name if exists or "No Name" + sub getFullName ( $ ) { + my ($self, $user) = @_; + my $settings; + + unless ($settings = $self->get_user_settings($user)) { + internal_error($self->{ERRSTR}); + return "No Name"; + } + + if ($$settings{full_name}) { + return $$settings{full_name}; + } + + if (StudIni::getAuthMethod() eq "getpwnam") { + return (iff((getpwnam($user))[6], "No Name")); + } + + elsif (StudIni::getAuthMethod() eq "LDAP") { + my $ldap = Net::LDAP->new(StudIni::getLDAPServer()) or die "$@"; + my $mesg = $ldap->bind ; # an anonymous bind + my $ldf = StudIni::getLDAPFilter(); + + $mesg = $ldap->search( # perform a search + base => StudIni::getLDAPBase(), + filter => "&(cn=$user) $ldf", + attrs => ['fullName'] + ); + + if ($mesg->code) { + $mesg = $ldap->unbind; # take down session + return "No Name"; + } + + foreach my $entry ($mesg->entries) { + my $retStr = $entry->get_value("fullName"); + $mesg = $ldap->unbind; # take down session + return $retStr; + } + $mesg = $ldap->unbind; # take down session + return "No Name"; + } + } + + #* # Tests if a user has super user privileges #@param $user User id *************** *** 2038,2040 **** --- 2133,2142 ---- } + #* + # Returns first argument if it is true, else returns second + sub iff ($$) { + return ($#_ < 1 ? $_[0] : + ($_[0] ? $_[0] : $_[1])); + } + 1; Index: booking =================================================================== RCS file: /cvsroot/stud/stud/booking,v retrieving revision 1.32 retrieving revision 1.33 diff -C2 -d -r1.32 -r1.33 *** booking 11 Oct 2005 10:16:37 -0000 1.32 --- booking 31 Oct 2005 11:17:57 -0000 1.33 *************** *** 38,42 **** use ClubDb; ! my $version = "2.4.0b"; my $q = new CGI(); --- 38,42 ---- use ClubDb; ! my $version = "2.4.0"; my $q = new CGI(); *************** *** 890,895 **** } ! unless (getpwnam($user) && $$global_settings{least_user_id} <= getpwnam($user)) { ! user_error("User $user is not a valid user id.\n"); return; } --- 890,895 ---- } ! if ($_ = $db->authenticate_user($user)) { ! user_error($_); return; } *************** *** 1073,1078 **** ($$globals{user_page_string} ? ("<a href=" . sprintf($$globals{user_page_string}, $user) . ">" . ! iff($$settings{full_name}, iff((getpwnam($user))[6], "No Name")) . "</a>") : ! iff($$settings{full_name}, iff((getpwnam($user))[6], "No Name"))), " ($user)</td>", "<td>$start_date</td><td>$end_date</td></tr>\n</table><p>", --- 1073,1077 ---- ($$globals{user_page_string} ? ("<a href=" . sprintf($$globals{user_page_string}, $user) . ">" . ! $db->getFullName($user) . "</a>") : $db->getFullName($user)), " ($user)</td>", "<td>$start_date</td><td>$end_date</td></tr>\n</table><p>", |
