oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cleaned up pluggable auth.

Browse source
This commit is contained in:
JT Smith 2002-12-05 00:42:48 +00:00
parent 96587791c0
commit ee10a590d8
8 changed files with 539 additions and 328 deletions
Download patch file Download diff file Expand all files Collapse all files

160
lib/WebGUI/Authentication/LDAP.pm
View file

@ -33,48 +33,13 @@ my %ldapStatusCode = ( 0=>'success (0)', 1=>'Operations Error (1)', 2=>'Protocol
68=>'Entry Already Exists (68)', 69=>'Object Class Mods Prohibited (69)',
71=>'Affects Multiple DSAs (71)', 80=>'other (80)');
#-------------------------------------------------------------------
sub hasBadUserData {
my($uri, $port, %args, $ldap, $auth, $error, $search, $connectDN);
$uri = URI->new($session{setting}{ldapURL});
if ($uri->port < 1) {
$port = 389;
} else {
$port = $uri->port;
}
%args = (port => $port);
$ldap = Net::LDAP->new($uri->host, %args) or $error .= WebGUI::International::get(79);
return $error if ($error);
$ldap->bind;
$search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{loginId});
if (defined $search->entry(0)) {
$connectDN = "cn=".$search->entry(0)->get_value("cn");
$ldap->unbind;
$ldap = Net::LDAP->new($uri->host, %args) or $error .= WebGUI::International::get(79);
$auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{ldapPassword});
if ($auth->code == 48 || $auth->code == 49) {
$error = '<li>'.WebGUI::International::get(68);
WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{loginId});
} elsif ($auth->code > 0) {
$error = '<li>LDAP error "'.$ldapStatusCode{$auth->code}.'" occured. '.WebGUI::International::get(69);
WebGUI::ErrorHandler::warn("LDAP error: ".$ldapStatusCode{$auth->code});
}
$ldap->unbind;
} else {
$error = '<li>'.WebGUI::International::get(68);
WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId});
}
return $error;
}
#-------------------------------------------------------------------
sub validateUser {
sub authenticate {
my ($userId, $password, $userData, $uri, $port, %args, $ldap, $auth, $result);
($userId, $password) = @_;
$userId = $_[0]->[0];
my $identifier = $_[0]->[1];
$userData = WebGUI::Authentication::getParams($userId, 'LDAP');
$uri = URI->new($userData->{ldapURL});
if ($uri->port < 1) {
$port = 389;
@ -84,11 +49,9 @@ sub validateUser {
%args = (port => $port);
$ldap = Net::LDAP->new($uri->host, %args) or $result = WebGUI::International::get(79);
return $result if $result;
$auth = $ldap->bind(dn=>$$userData{connectDN}, password=>$session{form}{identifier});
$auth = $ldap->bind(dn=>$$userData{connectDN}, password=>$identifier);
if ($auth->code == 48 || $auth->code == 49) {
$result = WebGUI::International::get(68);
WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information.");
} elsif ($auth->code > 0) {
$result .= 'LDAP error "'.$ldapStatusCode{$auth->code}.'" occured.';
$result .= WebGUI::International::get(69);
@ -100,28 +63,22 @@ sub validateUser {
return $result;
}
#-------------------------------------------------------------------------
# Below are the subs that create and save the forms used for inputting
# config data for this auth module. The 'form' and 'save' subs of each
# from are so related that I've grouped by function. Apart from the
# 'save' and 'form' stuff the subs are still in alphabetical order though.
#-------------------------------------------------------------------------
#-------------------------------------------------------------------
sub formAddUser {
sub adminForm {
my $userData = WebGUI::Authentication::getParams($_[0],'LDAP');
my $ldapURL = $session{form}{ldapURL} || $userData->{ldapURL} || $session{setting}{ldapURL};
my $connectDN = $session{form}{connectDN} || $userData->{connectDN};
my $f;
$f = WebGUI::HTMLForm->new;
$f->readOnly("<b>LDAP Authentication Options</b>");
$f->url("ldapURL",WebGUI::International::get(165),$session{setting}{ldapURL});
$f->text("connectDN",WebGUI::International::get(166),$session{form}{connectDN});
$f->readOnly('<b>'.optionsLabel().'</b>');
$f->url("ldapURL",WebGUI::International::get(165),$ldapURL);
$f->text("connectDN",WebGUI::International::get(166),$connectDN);
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub saveAddUser {
WebGUI::Authentication::saveParams($session{form}{uid},'LDAP',
sub adminFormSave {
WebGUI::Authentication::saveParams($_[0],'LDAP',
{
connectDN => $session{form}{connectDN},
ldapURL => $session{form}{ldapURL}
@ -129,50 +86,94 @@ sub saveAddUser {
}
#-------------------------------------------------------------------
sub formCreateAccount {
my $f;
sub adminFormValidate {
return "";
}
#-------------------------------------------------------------------
sub optionsLabel {
return "LDAP Authentication Options";
}
#-------------------------------------------------------------------
sub registrationForm {
my $f;
$f = WebGUI::HTMLForm->new;
$f->text("ldapId",$session{setting}{ldapIdName});
$f->password("ldapPassword",$session{setting}{ldapPasswordName});
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub saveCreateAccount {
sub registrationFormSave {
my($uri, $port, %args, $ldap, $auth, $search, $connectDN, $uid);
my $uid = shift;
$uri = URI->new($session{setting}{ldapURL});
if ($uri->port < 1) {
$port = 389;
} else {
$port = $uri->port;
}
%args = (port => $port);
$ldap = Net::LDAP->new($uri->host, %args);
$ldap->bind;
$search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{loginId});
$search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{ldapId});
if (defined $search->entry(0)) {
$connectDN = "cn=".$search->entry(0)->get_value("cn");
}
$ldap->unbind;
WebGUI::Authentication::saveParams($uid,'LDAP',
{
connectDN => $connectDN,
ldapURL => $session{setting}{ldapURL}
});
return $session{form}{ldapId};
}
#-------------------------------------------------------------------
sub formEditUserSettings {
my $f;
sub registrationFormValidate {
my ($uri, $error, $ldap, $port, $search, $auth, $connectDN);
$uri = URI->new($session{setting}{ldapURL});
if ($uri->port < 1) {
$port = 389;
} else {
$port = $uri->port;
}
if ($ldap = Net::LDAP->new($uri->host, {port=>$port})) {
if ($ldap->bind) {
$search = $ldap->search (base=>$uri->dn,filter=>$session{setting}{ldapId}."=".$session{form}{ldapId});
if (defined $search->entry(0)) {
$connectDN = "cn=".$search->entry(0)->get_value("cn");
$ldap->unbind;
$ldap = Net::LDAP->new($uri->host, {port=>$port}) or $error .= WebGUI::International::get(79);
$auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{ldapPassword});
if ($auth->code == 48 || $auth->code == 49) {
$error .= '<li>'.WebGUI::International::get(68);
WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId});
} elsif ($auth->code > 0) {
$error .= '<li>LDAP error "'.$ldapStatusCode{$auth->code}.'" occured. '
.WebGUI::International::get(69);
WebGUI::ErrorHandler::warn("LDAP error: ".$ldapStatusCode{$auth->code});
}
$ldap->unbind;
} else {
$error .= '<li>'.WebGUI::International::get(68);
WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId});
}
} else {
$error = WebGUI::International::get(79);
}
} else {
$error = WebGUI::International::get(79);
}
return $error;
}
#-------------------------------------------------------------------
sub settingsForm {
my $f;
$f = WebGUI::HTMLForm->new;
$f->readOnly('<b>LDAP Authentication Options</b>');
$f->readOnly('<b>'.optionsLabel().'</b>');
$f->url("ldapURL",WebGUI::International::get(120),$session{setting}{ldapURL});
$f->text("ldapId",WebGUI::International::get(121),$session{setting}{ldapId});
$f->text("ldapIdName",WebGUI::International::get(122),$session{setting}{ldapIdName});
@ -181,26 +182,17 @@ sub formEditUserSettings {
}
#-------------------------------------------------------------------
sub formEditUser {
my ($f, $userData);
$userData = WebGUI::Authentication::getParams($session{form}{uid}, 'LDAP');
$f = WebGUI::HTMLForm->new;
$f->readOnly('<b>LDAP Authentication Options</b>');
$f->url("ldapURL",WebGUI::International::get(165),$$userData{ldapURL});
$f->text("connectDN",WebGUI::International::get(166),$$userData{connectDN});
return $f->printRowsOnly;
sub userForm {
return "";
}
#-------------------------------------------------------------------
sub saveEditUser {
WebGUI::Authentication::saveParams($session{form}{uid},'LDAP',
{
connectDN => $session{form}{connectDN},
ldapURL => $session{form}{ldapURL}
});
sub userFormSave {
}
#-------------------------------------------------------------------
sub userFormValidate {
return "";
}
1;

112
lib/WebGUI/Authentication/SMB.pm.disabled
View file

@ -24,26 +24,10 @@ my %smbError = (
);
#-------------------------------------------------------------------
sub hasBadUserData {
my ($pdc, $bdc, $ntDomain, $smbLogin, $smb, $error);
$pdc = $session{setting}{smbPDC};
$bdc = $session{setting}{smbBDC};
$ntDomain = $session{setting}{smbDomain};
$smbLogin = $session{form}{loginId};
$smb = Authen::Smb::authen($smbLogin, $session{form}{smbPassword}, $pdc, $bdc, $ntDomain);
if ($smb > 0) {
$error = '<li>'. $smbError{$smb} . "pdc: $pdc, bdc: $bdc, domain: $ntDomain";
}
return $error;
}
#-------------------------------------------------------------------
sub validateUser {
sub authenticate {
my ($uid, $password, $userData, $smb, $result);
($uid, $password) = @_;
$userId = $_[0]->[0];
$password = $_[0]->[1];
$userData = WebGUI::Authentication::getParams($uid, 'SMB');
$smb = Authen::Smb::authen($userData->{smbLogin}, $password, $userData->{smbPDC}, $userData->{smbBDC}, $userData->{smbDomain});
@ -56,28 +40,25 @@ sub validateUser {
return $result;
}
#-------------------------------------------------------------------------
# Below are the subs that create and save the forms used for inputting
# config data for this auth module. The 'form' and 'save' subs of each
# from are so related that I've grouped by function. Apart from the
# 'save' and 'form' stuff the subs are still in alphabetical order though.
#-------------------------------------------------------------------------
#-------------------------------------------------------------------
sub formAddUser {
sub adminForm {
my $userData = WebGUI::Authentication::getParams($_[0], 'SMB');
my $pdc = $session{form}{smbPDC} || $userData->{smbPDC} || $session{setting}{smbPDC};
my $bdc = $session{form}{smbBDC} || $userData->{smbBDC} || $session{setting}{smbBDC};
my $domain = $session{form}{smbDomain} || $userData->{smbDomain} || $session{setting}{smbDomain};
my $login = $session{form}{smbLogin} || $userData->{smbLogin};
my $f;
$f = WebGUI::HTMLForm->new;
$f->readOnly("<b>SMB Authentication Options</b>");
$f->text("smbPDC","PDC",$session{setting}{smbPDC});
$f->text("smbBDC","BDC",$session{setting}{smbBDC});
$f->text("smbDomain","NT Domain",$session{setting}{smbDomain});
$f->text("smbLogin","NT Login name",'');
$f->readOnly('<b>'.optionsLabel().'</b>');
$f->text("smbPDC","PDC",$pdc);
$f->text("smbBDC","BDC",$bdc);
$f->text("smbDomain","NT Domain",$domain);
$f->text("smbLogin","NT Login name",$login);
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub saveAddUser {
sub adminFormSave {
WebGUI::Authentication::saveParams($session{form}{uid},'SMB',
{
smbPDC => $session{form}{smbPDC},
@ -88,19 +69,22 @@ sub saveAddUser {
}
#-------------------------------------------------------------------
sub formCreateAccount {
my $f;
sub optionsLabel {
return "SMB Authentication Options";
}
#-------------------------------------------------------------------
sub registrationForm {
my $f;
$f = WebGUI::HTMLForm->new;
$f->text("loginId","NT Login Id");
$f->password("smbPassword","NT Password");
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub saveCreateAccount {
sub registrationFormSave {
my $uid;
$uid = shift;
WebGUI::Authentication::saveParams($uid,'SMB',
{
@ -112,42 +96,44 @@ sub saveCreateAccount {
}
#-------------------------------------------------------------------
sub formEditUserSettings {
my $f;
sub registrationFormValidate {
my ($pdc, $bdc, $ntDomain, $smbLogin, $smb, $error);
$pdc = $session{setting}{smbPDC};
$bdc = $session{setting}{smbBDC};
$ntDomain = $session{setting}{smbDomain};
$smbLogin = $session{form}{loginId};
$smb = Authen::Smb::authen($smbLogin, $session{form}{smbPassword}, $pdc, $bdc, $ntDomain);
if ($smb > 0) {
$error = '<li>'. $smbError{$smb} . "pdc: $pdc, bdc: $bdc, domain: $ntDomain";
}
return $error;
}
#-------------------------------------------------------------------
sub settingsForm {
my $f;
$f = WebGUI::HTMLForm->new;
$f->readOnly("<b>SMB Authentication Options</b>");
$f->readOnly('<b>'.optionsLabel().'</b>');
$f->text("smbPDC","PDC",$session{setting}{smbPDC});
$f->text("smbBDC","BDC",$session{setting}{smbBDC});
$f->text("smbDomain","NT Domain",$session{setting}{smbDomain});
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub formEditUser {
my ($f, $userData);
$userData = WebGUI::Authentication::getParams($session{form}{uid}, 'SMB');
$f = WebGUI::HTMLForm->new;
$f->readOnly("<b>SMB Authentication Options</b>");
$f->text("smbPDC","PDC",$$userData{smbPDC});
$f->text("smbBDC","BDC",$$userData{smbBDC});
$f->text("smbDomain","NT Domain",$$userData{smbDomain});
$f->text("smbLogin","NT Login name",$$userData{smbLogin});
return $f->printRowsOnly;
sub userForm {
return "";
}
#-------------------------------------------------------------------
sub saveEditUser {
WebGUI::Authentication::saveParams($session{form}{uid},'SMB',
{
smbPDC => $session{form}{smbPDC},
smbBDC => $session{form}{smbBDC},
smbDomain => $session{form}{smbDomain},
smbLogin => $session{form}{smbLogin}
});
sub userFormSave {
}
#-------------------------------------------------------------------
sub userFormValidate {
return "";
}
1;

146
lib/WebGUI/Authentication/WebGUI.pm
View file

@ -10,100 +10,114 @@ package WebGUI::Authentication::WebGUI;
# http://www.plainblack.com info@plainblack.com
#-------------------------------------------------------------------
use Digest::MD5;
use strict;
use WebGUI::Session;
use WebGUI::Authentication;
use WebGUI::HTMLForm;
use Digest::MD5;
#-------------------------------------------------------------------
sub hasBadUserData {
return WebGUI::Operation::Account::_hasBadPassword($session{form}{identifier1},$session{form}{identifier2});
}
#-------------------------------------------------------------------
sub validateUser {
sub authenticate {
my ($userId, $identifier, $userData, $success);
($userId, $identifier) = @_;
$userId = $_[0]->[0];
$identifier = $_[0]->[1];
$userData = WebGUI::Authentication::getParams($userId, 'WebGUI');
if ((Digest::MD5::md5_base64($identifier) eq $$userData{identifier}) && ($identifier ne "")) {
$success = 1;
} else {
$success = WebGUI::International::get(68);
WebGUI::ErrorHandler::security("login to account ".$session{form}{username}." with invalid information.");
}
return $success;
}
#-------------------------------------------------------------------------
# Below are the subs that create and save the forms used for inputting
# config data for this auth module. The 'form' and 'save' subs of each
# from are so related that I've grouped by function. Apart from the
# 'save' and 'form' stuff the subs are still in alphabetical order though.
#-------------------------------------------------------------------------
#-------------------------------------------------------------------
sub formAddUser {
sub adminForm {
my $f;
$f = WebGUI::HTMLForm->new;
$f->readOnly("<b>WebGUI Authentication options</b>");
$f->password("identifier",WebGUI::International::get(51));
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub saveAddUser {
my $encryptedPassword;
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier});
WebGUI::Authentication::saveParams($session{form}{uid},'WebGUI',{identifier => $encryptedPassword});
}
#-------------------------------------------------------------------
sub formCreateAccount {
my $f;
$f = WebGUI::HTMLForm->new;
$f->password("identifier1",WebGUI::International::get(51));
$f->password("identifier2",WebGUI::International::get(55));
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub saveCreateAccount {
my ($encryptedPassword, $uid);
$uid = shift;
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
WebGUI::Authentication::saveParams($uid, 'WebGUI', {identifier => $encryptedPassword});
}
#-------------------------------------------------------------------
sub formEditUser {
my $f;
$f = WebGUI::HTMLForm->new;
$f->readOnly('<b>WebGUI Authentication Options</b>');
$f->readOnly('<b>'.optionsLabel().'</b>');
$f->password("identifier",WebGUI::International::get(51),"password");
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub saveEditUser {
my ($encryptedPassword);
if ($session{form}{identifier} ne "password") {
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier});
WebGUI::Authentication::saveParams($session{form}{uid}, 'WebGUI', {identifier => $encryptedPassword});
sub adminFormSave {
unless ($session{form}{identifier} eq "password") {
WebGUI::Authentication::saveParams($_[0],'WebGUI',{identifier => Digest::MD5::md5_base64($session{form}{identifier})});
}
}
#-------------------------------------------------------------------
sub formEditUserSettings {
return '';
sub adminFormValidate {
return "";
}
#-------------------------------------------------------------------
sub optionsLabel {
return "WebGUI Authentication Options";
}
#-------------------------------------------------------------------
sub registrationForm {
my $f;
$f = WebGUI::HTMLForm->new;
$f->password("identifier",WebGUI::International::get(51));
$f->password("identifierConfirm",WebGUI::International::get(55));
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub registrationFormSave {
adminFormSave($_[0]);
}
#-------------------------------------------------------------------
sub registrationFormValidate {
my ($error);
if ($session{form}{identifier} ne $session{form}{identifierConfirm}) {
$error = '<li>'.WebGUI::International::get(78);
}
if ($session{form}{identifier} eq "password") {
$error .= '<li>'.WebGUI::International::get(727);
}
if ($session{form}{identifier} eq "") {
$error .= '<li>'.WebGUI::International::get(726);
}
return $error;
}
#-------------------------------------------------------------------
sub settingsForm {
return "";
}
#-------------------------------------------------------------------
sub userForm {
my $f;
$f = WebGUI::HTMLForm->new;
$f->password("identifier",WebGUI::International::get(51),"password");
$f->password("identifierConfirm",WebGUI::International::get(55),"password");
return $f->printRowsOnly;
}
#-------------------------------------------------------------------
sub userFormSave {
adminFormSave($session{user}{userId});
}
#-------------------------------------------------------------------
sub userFormValidate {
my ($error);
if ($session{form}{identifier} ne $session{form}{identifierConfirm}) {
$error = '<li>'.WebGUI::International::get(78);
}
if ($session{form}{identifier} eq "") {
$error .= '<li>'.WebGUI::International::get(726);
}
return $error;
}
1;