Commit ba664313 authored by sympa-authors's avatar sympa-authors
Browse files

New feature: first step to provide per-robot auth.conf


git-svn-id: https://subversion.renater.fr/sympa/trunk@3474 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
parent 02ef1592
2006-01-11 17:50 sympa-authors
* src/vrobot.txt: Update
2006-01-09 11:41 sympa-authors
* src/Conf.pm: [requested by F.Jammes] Fix: in auth.conf, allow
white spaces in the list of hosts
2006-01-09 09:17 sympa-authors
* wwsympa/Auth.pm: [F.Jammes] Fix: wrong variable used in do_log()
2006-01-09 08:41 sympa-authors
* src/vrobot.txt: updated
2006-01-05 17:53 sympa-authors
* doc/sympa.tex.tpl, src/List.pm, src/vrobot.txt: Changes:
include_list parameter can now refer to list@dom. Migrating
existing list using include_list. Also adapted some scenario
conditions to full vrobots
2006-01-05 15:23 sympa-authors
* src/Commands.pm, src/Ldap.pm, src/List.pm, src/sympa.pl,
src/task_manager.pl, src/tools.pl, src/vrobot.txt,
src/etc/script/arc2webarc.pl, wwsympa/archived.pl,
wwsympa/wwsympa.fcgi: Change: now use List::get_list_id() and
List::get_list_address()
2006-01-04 14:16 sympa-authors
* soap/sympasoap.pm, src/Archive.pm, src/Commands.pm,
src/Family.pm, src/List.pm, src/alias_manager.pl, src/sympa.pl,
src/task_manager.pl, src/tools.pl, src/vrobot.txt,
wwsympa/bounced.pl, wwsympa/wwsympa.fcgi: Fix some vrobot-related
problems
2006-01-03 16:58 sympa-authors
* .version: Preparing 5.2a.2
2006-01-03 16:54 sympa-authors
* src/vrobot.txt: Updated
* src/vrobot.txt, ChangeLog: Updated
2006-01-03 16:46 sympa-authors
......
......@@ -135,6 +135,7 @@ sub login {
my $passwd = shift;
my $http_host = $ENV{'SERVER_NAME'};
my $robot = $ENV{'SYMPA_ROBOT'};
&Log::do_log('notice', 'login(%s)', $email);
#foreach my $k (keys %ENV) {
......@@ -151,7 +152,7 @@ sub login {
## Authentication of the sender
## Set an env var to find out if in a SOAP context
$ENV{'SYMPA_SOAP'} = 1;
my $user = &Auth::check_auth($email,$passwd);
my $user = &Auth::check_auth($robot, $email,$passwd);
unless($user){
&do_log('notice', "SOAP : login authentication failed");
......@@ -194,8 +195,8 @@ sub casLogin {
## Validate the CAS ST against all known CAS servers defined in auth.conf
## CAS server response will include the user's NetID
my ($user, @proxies, $email, $cas_id);
foreach my $service_id (0..$#{$Conf{'auth_services'}}){
my $auth_service = $Conf{'auth_services'}[$service_id];
foreach my $service_id (0..$#{$Conf{'auth_services'}{$robot}}){
my $auth_service = $Conf{'auth_services'}{$robot}[$service_id];
next unless ($auth_service->{'auth_type'} eq 'cas'); ## skip non CAS entries
my $cas = new CAS(casUrl => $auth_service->{'base_url'},
......
......@@ -321,8 +321,19 @@ sub load {
}
my @array = &_load_auth();
$Conf{'auth_services'} = [@array];
my $robots_conf = &load_robots ;
$Conf{'robots'} = $robots_conf ;
foreach my $robot (keys %{$Conf{'robots'}}) {
my $config;
unless ($config = &tools::get_filename('etc', 'auth.conf', $robot)) {
&do_log('err',"_load_auth: Unable to find auth.conf");
next;
}
$Conf{'auth_services'}{$robot} = &_load_auth($config);
}
if ($Conf{'ldap_export_name'}) {
##Export
......@@ -374,9 +385,6 @@ sub load {
$Conf{'sympa'} = "$Conf{'email'}\@$Conf{'host'}";
$Conf{'request'} = "$Conf{'email'}-request\@$Conf{'host'}";
my $robots_conf = &load_robots ;
$Conf{'robots'} = $robots_conf ;
return 1;
}
......@@ -589,11 +597,8 @@ sub checkfiles {
sub _load_auth {
my $config;
unless ($config = &tools::get_filename('etc', 'auth.conf', $Conf{'domain'})) {
do_log('err',"_load_auth: Unable to find auth.conf");
return undef;
}
my $config = shift;
&do_log('notice', 'Conf::_load_auth(%s)', $config);
my $line_num = 0;
my $config_err = 0;
......@@ -755,7 +760,7 @@ sub _load_auth {
}
close(IN);
return @paragraphs;
return \@paragraphs;
}
......
......@@ -39,6 +39,7 @@ use report;
## authentication : via email or uid
sub check_auth{
my $robot = shift;
my $auth = shift; ## User email or UID
my $pwd = shift; ## Password
&do_log('debug', 'Auth::check_auth(%s)', $auth);
......@@ -46,11 +47,11 @@ use report;
my ($canonic, $user);
if( &tools::valid_email($auth)) {
return &authentication($auth,$pwd);
return &authentication($robot, $auth,$pwd);
}else{
## This is an UID
if ($canonic = &ldap_authentication($auth,$pwd,'uid_filter')){
if ($canonic = &ldap_authentication($robot, $auth,$pwd,'uid_filter')){
unless($user = &List::get_user_db($canonic)){
$user = {'email' => $canonic};
......@@ -70,7 +71,7 @@ use report;
sub authentication {
my ($email,$pwd) = @_;
my ($robot, $email,$pwd) = @_;
my ($user,$canonic);
&do_log('debug', 'Auth::authentication(%s)', $email);
......@@ -86,7 +87,7 @@ sub authentication {
foreach my $auth_service (@{$Conf{'auth_services'}}){
foreach my $auth_service (@{$Conf{'auth_services'}{$robot}}){
next if ($email !~ /$auth_service->{'regexp'}/i);
next if (($email =~ /$auth_service->{'negative_regexp'}/i)&&($auth_service->{'negative_regexp'}));
if ($auth_service->{'auth_type'} eq 'user_table') {
......@@ -99,7 +100,7 @@ sub authentication {
};
}
}elsif($auth_service->{'auth_type'} eq 'ldap') {
if ($canonic = &ldap_authentication($email,$pwd,'email_filter')){
if ($canonic = &ldap_authentication($robot, $email,$pwd,'email_filter')){
unless($user = &List::get_user_db($canonic)){
$user = {'email' => $canonic};
}
......@@ -114,7 +115,7 @@ sub authentication {
## If web context and password has never been changed
## Then prompt user
unless ($ENV{'SYMPA_SOAP'}) {
foreach my $auth_service (@{$Conf{'auth_services'}}){
foreach my $auth_service (@{$Conf{'auth_services'}{$robot}}){
next unless ($email !~ /$auth_service->{'regexp'}/i);
next unless (($email =~ /$auth_service->{'negative_regexp'}/i)&&($auth_service->{'negative_regexp'}));
if ($auth_service->{'auth_type'} eq 'user_table') {
......@@ -136,7 +137,7 @@ sub authentication {
sub ldap_authentication {
my ($auth,$pwd,$whichfilter) = @_;
my ($robot, $auth,$pwd,$whichfilter) = @_;
my ($cnx, $mesg, $host,$ldap_passwd,$ldap_anonymous);
&do_log('debug2','Auth::ldap_authentication(%s,%s,%s)', $auth,$pwd,$whichfilter);
......@@ -145,7 +146,7 @@ sub ldap_authentication {
}
## No LDAP entry is defined in auth.conf
if ($#{$Conf{'auth_services'}} < 0) {
if ($#{$Conf{'auth_services'}{$robot}} < 0) {
&do_log('notice', 'Skipping empty auth.conf');
return undef;
}
......@@ -168,7 +169,7 @@ sub ldap_authentication {
}
require Net::LDAP::Message;
foreach my $ldap (@{$Conf{'auth_services'}}){
foreach my $ldap (@{$Conf{'auth_services'}{$robot}}){
# only ldap service are to be applied here
next unless ($ldap->{'auth_type'} eq 'ldap');
......
......@@ -640,7 +640,7 @@ if ($wwsconf->{'use_fast_cgi'}) {
foreach my $auth (keys %{$Conf{'generic_sso_id'}}) {
&do_log('debug', "Generic SSO authentication service $auth");
$param->{'sso'}{$auth} = $Conf{'auth_services'}[$Conf{'generic_sso_id'}{$auth}]{'service_name'};
$param->{'sso'}{$auth} = $Conf{'auth_services'}{$robot}[$Conf{'generic_sso_id'}{$auth}]{'service_name'};
}
$param->{'sso_number'} = $Conf{'cas_number'} + $Conf{'generic_sso_number'};
......@@ -730,7 +730,7 @@ if ($wwsconf->{'use_fast_cgi'}) {
if ($in{'checked_cas'} =~ /^(\d+)\,?/) {
my $cas_id = $1;
my $ticket = $in{'ticket'};
my $cas_server = $Conf{'auth_services'}[$cas_id]{'cas_server'};
my $cas_server = $Conf{'auth_services'}{$robot}[$cas_id]{'cas_server'};
my $service_url = &wwslib::get_my_url();
$service_url =~ s/\&ticket\=.+$//;
......@@ -758,7 +758,7 @@ if ($wwsconf->{'use_fast_cgi'}) {
}else{
# user not taggued as not using cas
do_log ('debug',"no cas ticket detected");
foreach my $auth_service (@{$Conf{'auth_services'}}){
foreach my $auth_service (@{$Conf{'auth_services'}{$robot}}){
# skip auth services not related to cas
next unless ($auth_service->{'auth_type'} eq 'cas');
next unless ($auth_service->{'non_blocking_redirection'} eq 'on');
......@@ -1838,7 +1838,7 @@ sub prepare_report_user {
##authentication of the sender
my $data;
unless($data = &Auth::check_auth($in{'email'},$in{'passwd'})){
unless($data = &Auth::check_auth($robot, $in{'email'},$in{'passwd'})){
&report::reject_report_web('intern_quiet','',{},$param->{'action'},'');
# &List::db_log('wwsympa',$in{'email'},'null',$ip,'login','',$robot,'','failed');
&do_log('notice', "Authentication failed\n");
......@@ -1923,7 +1923,7 @@ sub do_sso_login {
## This is a CAS service
if (defined (my $cas_id = $Conf{'cas_id'}{$in{'auth_service_name'}})) {
my $cas_server = $Conf{'auth_services'}[$cas_id]{'cas_server'};
my $cas_server = $Conf{'auth_services'}{$robot}[$cas_id]{'cas_server'};
my $path = '';
if ($param->{'nomenu'}) {
......@@ -1966,11 +1966,11 @@ sub do_sso_login {
}
my $email;
if (defined $Conf{'auth_services'}[$sso_id]{'email_http_header'}) {
$email = lc($ENV{$Conf{'auth_services'}[$sso_id]{'email_http_header'}});
if (defined $Conf{'auth_services'}{$robot}[$sso_id]{'email_http_header'}) {
$email = lc($ENV{$Conf{'auth_services'}{$robot}[$sso_id]{'email_http_header'}});
}else {
unless (defined $Conf{'auth_services'}[$sso_id]{'ldap_host'} &&
defined $Conf{'auth_services'}[$sso_id]{'ldap_get_email_by_uid_filter'}) {
unless (defined $Conf{'auth_services'}{$robot}[$sso_id]{'ldap_host'} &&
defined $Conf{'auth_services'}{$robot}[$sso_id]{'ldap_get_email_by_uid_filter'}) {
&report::reject_report_web('intern','auth_conf_no_identified_user',{},$param->{'action'},'','',$robot);
&wwslog('err','do_sso_login: auth.conf error : either email_http_header or ldap_host/ldap_get_email_by_uid_filter entries should be defined');
return 'home';
......@@ -1981,7 +1981,7 @@ sub do_sso_login {
unless ($email) {
&report::reject_report_web('intern_quiet','no_identified_user',{},$param->{'action'},'');
&wwslog('err','do_sso_login: user could not be identified, no %s HTTP header set', $Conf{'auth_services'}[$sso_id]{'email_http_header'});
&wwslog('err','do_sso_login: user could not be identified, no %s HTTP header set', $Conf{'auth_services'}{$robot}[$sso_id]{'email_http_header'});
return 'home';
}
......@@ -1989,7 +1989,7 @@ sub do_sso_login {
$param->{'auth'} = 'generic_sso';
&wwslog('notice', 'User identified as %s', $email);
my $prefix = $Conf{'auth_services'}[$sso_id]{'http_header_prefix'};
my $prefix = $Conf{'auth_services'}{$robot}[$sso_id]{'http_header_prefix'};
my @sso_attr;
foreach my $k (keys %ENV) {
......@@ -2147,7 +2147,7 @@ sub do_sso_login_succeeded {
## List all LDAP servers first
my @ldap_servers;
foreach my $ldap (@{$Conf{'auth_services'}}){
foreach my $ldap (@{$Conf{'auth_services'}{$robot}}){
next unless ($ldap->{'auth_type'} eq 'ldap');
push @ldap_servers, $ldap;
......@@ -2311,9 +2311,9 @@ sub do_redirect {
$param->{'lang'} = $param->{'cookie_lang'} = &cookielib::check_lang_cookie($ENV{'HTTP_COOKIE'}) || $list->{'admin'}{'lang'} || &Conf::get_robot_conf($robot, 'lang');
my $cas_id = &cookielib::get_cas_server($ENV{'HTTP_COOKIE'});
if (defined $cas_id && (defined $Conf{'auth_services'}[$cas_id])) {
if (defined $cas_id && (defined $Conf{'auth_services'}{$robot}[$cas_id])) {
# this user was logged using CAS
my $cas_server = $Conf{'auth_services'}[$cas_id]{'cas_server'};
my $cas_server = $Conf{'auth_services'}{$robot}[$cas_id]{'cas_server'};
$in{'action'} = 'redirect';
my $return_url = &wwslib::get_my_url();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment