File Coverage

blib/lib/Lemonldap/Portal/Authntsso.pm

Criterion	Covered	Total	%
statement	18	178	10.1
branch	0	36	0.0
condition	0	27	0.0
subroutine	6	26	23.0
pod	6	9	66.6
total	30	276	10.8

line	stmt	bran	cond	sub	pod	time	code
1							package Lemonldap::Portal::Authntsso;
2	1			1		30933	use strict;
	1					3
	1					44
3	1			1		5	use warnings;
	1					2
	1					31
4	1			1		985	use Net::LDAP;
	1					578035
	1					9
5	1			1		1060	use Authen::Smb;
	1					36057
	1					85
6	1			1		1185	use Data::Dumper;
	1					9234
	1					78
7	1			1		1060	use MIME::Base64;
	1					4100
	1					2120
8							our $VERSION = '0.05';
9
10							sub new {
11	0			0	1		my $class = shift;
12	0						my %args = @_;
13	0		0				my $self = bless {}, ref($class) \|\| $class;
14	0						$self->{controlUrlOrigin} = \&__controlUrlOrigin;
15	0						$self->{controlTimeOut} = \&__controlTimeOut;
16	0						$self->{controlSyntax} = \&__controlSyntax;
17	0						$self->{bind} = \&__bind;
18	0						$self->{formateUser} = \&__none;
19	0						$self->{formateFilter} = \&__Filter;
20	0						$self->{formateBaseLDAP} = \&__none;
21	0						$self->{contactServer} = \&__contactServer;
22	0						$self->{bind} = \&__bind;
23	0						$self->{search} = \&__ldapsearch;
24	0						$self->{setSessionInfo} = \&__session;
25	0						$self->{unbind} = \&__unbind;
26	0						$self->{credentials} = \&__credentials;
27	0						my $mess = {
28							1 =>
29							'Your connection has expired; You must to be authentified once again',
30							2 => 'User and password fields must be filled',
31							3 => 'Wrong directory manager account or password',
32							4 => 'not found in directory',
33							5 => 'wrong credentials',
34							};
35	0						$self->{msg} = $mess;
36
37	0						foreach ( keys %args ) {
38	0						$self->{$_} = $args{$_};
39							}
40
41	0						return $self;
42							}
43							##------------------------------------------------------------------
44							## method none
45							## This method does nothing ..
46							##------------------------------------------------------------------
47	0			0			sub __none { #does ...nothing;
48
49							}
50							##------------------------------------------------------------------
51							## method controlUrlOrigin
52							## This method looks at param cgi 'urlc' in order to determine if
53							## the request comes with a vip url (redirection) or for the menu
54							##------------------------------------------------------------------
55							sub __controlUrlOrigin {
56	0			0			my $urldc;
57	0						my $self = shift;
58	0						my $urlc = $self->{param}->{'url'};
59
60	0	0					if ( defined($urlc) ) {
61	0						$urldc = decode_base64($urlc);
62
63							# $urldc =~ s#:\d+/#/#; # Suppress port number in URL
64	0						$urlc = encode_base64( $urldc, '' );
65	0						$self->{'urlc'} = $urlc;
66	0						$self->{'urldc'} = $urldc;
67							}
68							}
69							##------------------------------------------------------------------
70							## method controlTimeOut
71							## This method looks at param cgi 'op'
72							## if op eq 't' (like timeout) the handler couldn't retrieve the
73							## storage session from id session
74							##------------------------------------------------------------------
75							sub __controlTimeOut {
76	0			0			my $self = shift;
77	0						my $operation = $self->{param}->{'op'};
78	0						$self->{operation} = $operation;
79	0	0	0				if ( defined($operation)
80							and $operation eq 't' )
81							{
82	0						$self->{'message'} = $self->{msg}{1};
83	0						$self->{'error'} = 1;
84							}
85							}
86							##------------------------------------------------------------------
87							## method controlSyntax
88							## This method looks at param cgi 'identifant' and 'secret'
89							##
90							##------------------------------------------------------------------
91							sub __controlSyntax {
92	0			0			my $self = shift;
93	0						my $user = $self->{param}->{'identifiant'};
94	0						$self->{'user'} = $user;
95	0						my $password = $self->{param}->{'secret'};
96	0						$self->{'password'} = $password;
97	0	0	0				if ( defined($user)
98							or defined($password) )
99							{
100	0	0	0				if ( !defined($user)
			0
			0
101							or $user eq ''
102							or !defined($password)
103							or $password eq '' )
104							{
105	0						$self->{'message'} = $self->{msg}{2};
106	0						$self->{'error'} = 2;
107							}
108
109							}
110	0	0	0				if ( !defined($user)
111							and !defined($password) )
112							{ # empty form
113	0						$self->{'message'} = '';
114	0						$self->{'error'} = 9;
115							}
116
117							}
118							##---------------------------------------------------------------------------
119							## Connection ldap on server and port ldap
120							##---------------------------------------------------------------------------
121
122							sub __contactServer {
123	0			0			my $self = shift;
124	0	0					unless ( $self->{ldap} ) {
125	0	0					my $ldap = Net::LDAP->new(
126							$self->{server},
127							port => $self->{port},
128							onerror => undef,
129							)
130							or die( 'Net::LDAP->new: ' . $@ );
131	0						$self->{ldap} = $ldap;
132							}
133							}
134
135							sub func_bind {
136	0			0	0		my $ldap = shift;
137	0						my $dn = shift;
138	0						my $password = shift;
139	0						my $mesg;
140	0	0	0				if ( $dn and $password ) { #named bind
141	0						$mesg = $ldap->bind( $dn, password => $password );
142							}
143							else { # anonymous bind
144	0						$mesg = $ldap->bind();
145							}
146
147	0						my $me = $mesg->code();
148	0	0					if ( $mesg->code() != 0 ) {
149	0						$ldap = undef;
150	0						return ("wrong password");
151							}
152	0						return;
153							}
154
155							##---------------------------------------------------------------------------
156							## formate filter
157							##---------------------------------------------------------------------------
158							sub __Filter {
159	0			0			my $self = shift;
160	0						my $user = $self->{user};
161	0						my $filtre = "uid=$user";
162	0						$self->{filter} = $filtre;
163							}
164							##---------------------------------------------------------------------------
165							## Connection on server LDAP with manager credential
166							## in order to extract user infos
167							##---------------------------------------------------------------------------
168
169							sub __bind {
170	0			0			my $self = shift;
171							##---------------------------------------------------------------------------
172							## Authentification
173							##---------------------------------------------------------------------------
174
175	0						my $d = $self->{ldap};
176	0						my $p = $self->{DnManager};
177	0						my $r = $self->{passwdManager};
178
179	0						my $mesg =
180							&func_bind( $self->{ldap}, $self->{DnManager}, $self->{passwordManager} );
181
182	0	0					if ($mesg) {
183	0						$self->{'message'} = $self->{sg}{3};
184	0						$self->{'error'} = 3;
185
186							}
187							}
188
189							sub __ldapsearch {
190	0			0			my $self = shift;
191	0						my $ldap = $self->{ldap};
192	0						my $filter = $self->{filter};
193	0						my $base = $self->{branch};
194
195	0						my $mesg = $ldap->search(
196							base => $base,
197							scope => 'sub',
198							filter => $filter,
199							);
200	0	0					die $mesg->error() if ( $mesg->code() != 0 );
201	0						my $retour = $mesg->entry(0);
202	0						my $identifiantCopy = $self->{user};
203	0	0					if ( !defined($retour) ) {
204	0						$self->{'message'} = "$identifiantCopy :" . $self->{msg}{4};
205	0						$self->{'error'} = 4;
206	0						return;
207							}
208	0						$self->{entry} = $retour;
209	0						return;
210							}
211							##==============================================================================
212							## function _session
213							##
214							##==============================================================================
215
216							sub __session {
217	0			0			my $self = shift;
218	0						my %session;
219	0						my $entry = $self->{entry};
220	0						$session{dn} = $entry->dn();
221	0						$self->{dn} = $entry->dn();
222	0						$session{uid} = $entry->get_value('uid');
223	0						$session{cn} = $entry->get_value('cn');
224	0						$session{personaltitle} = $entry->get_value('personaltitle');
225	0						$session{mail} = $entry->get_value('mail');
226	0						$session{title} = $entry->get_value('title');
227	0						$self->{infosession} = \%session;
228
229							}
230							##==============================================================================
231							## Function unbind
232							## do unbind;
233							##==============================================================================
234							sub __unbind {
235	0			0			my $self = shift;
236	0	0					$self->{ldap}->unbind if $self->{ldap};
237							}
238							##---------------------------------------------------------------------------
239							## Credential against nt domain
240							##---------------------------------------------------------------------------
241							sub __credentials {
242	0			0			my $self = shift;
243	0						my $login = $self->{user};
244	0						my $passwd = $self->{password};
245	0						my $BDC = $self->{BDC};
246	0						my $BDC_secours = $self->{BDC_secours};
247	0						my $ntdomain = $self->{ntDomain};
248
249	0	0	0				unless (
250							Authen::Smb::authen( $login, $passwd, $BDC, $BDC_secours \|\| $BDC,
251							$ntdomain ) == 0
252							)
253							{
254
255	0						$self->{'message'} = $self->{msg}{5};
256	0						$self->{'error'} = 5;
257							}
258							}
259
260							sub message {
261	0			0	1		my $self = shift;
262	0						return ( $self->{message} );
263							}
264
265							sub infoSession {
266	0			0	1		my $self = shift;
267	0						return ( $self->{infosession} );
268							}
269
270							sub getAllRedirection {
271	0			0	0		my $self = shift;
272	0						return ( $self->{urlc}, $self->{urldc} );
273							}
274
275							sub getRedirection {
276	0			0	1		my $self = shift;
277	0						return ( $self->{urldc} );
278							}
279
280							sub user {
281	0			0	0		my $self = shift;
282	0						return ( $self->{user} );
283							}
284
285							sub error {
286	0			0	1		my $self = shift;
287	0						return ( $self->{error} );
288							}
289
290							sub process {
291	0			0	1		my $self = shift;
292	0						my %args = @_;
293	0						foreach ( keys %args ) {
294	0						$self->{$_} = $args{$_};
295							}
296							##------------------------------------------------------------------
297							## method process
298							## This method step after step calls methods for dealing the
299							## connection
300							## step 0 : setting configuration
301							## step 1 : manage the source of request
302							## step 2 : manage timeout
303							## step 3 : control the input form of user and password
304							## step 4 : formate the user id if needing
305							## step 5 : build the filter for the search
306							## step 6 : build subtree for the search ldap
307							## step 7 : make socket upon ldap server
308							## step 8 : bind operation
309							## step 9 : make search
310							## step 10 : confection of %session from ldap infos
311							## step 11 : unbind
312							## step 12 : validing user's credentials upon ntdomain
313							##------------------------------------------------------------------
314	0						&{ $self->{controlUrlOrigin} }($self); # no error avaiable in this step
	0
315	0						&{ $self->{controlTimeOut} }($self);
	0
316	0	0					return ($self) if $self->{'error'}; ## it's not necessary to go next.
317	0						&{ $self->{controlSyntax} }($self);
	0
318	0	0					return ($self) if $self->{'error'}; ## it's not necessary to go next.
319	0						&{ $self->{formateUser} }($self); # no error avaiable in this step
	0
320	0						&{ $self->{formateFilter} }($self); # no error avaiable in this step
	0
321	0						&{ $self->{formateBaseLDAP} }($self); # no error avaiable in this step
	0
322	0						&{ $self->{contactServer} }($self)
	0
323							; # can die if the server if unreachable: critical error
324	0						&{ $self->{bind} }($self);
	0
325	0	0					return ($self) if $self->{'error'}; ## it's not necessary to go next.
326	0						&{ $self->{search} }($self);
	0
327
328	0	0					if ( $self->{'error'} ) {
329							## it's not necessary to go next.
330	0						&{ $self->{unbind} }($self);
	0
331	0						return ($self);
332							}
333	0						&{ $self->{setSessionInfo} }($self); # no error avaiable in this step
	0
334	0						&{ $self->{credentials} }($self);
	0
335	0						&{ $self->{unbind} }($self); # no error avaiable in this step
	0
336	0						return ($self);
337							}
338
339							1;
340							__END__