aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2013-01-18 21:24:39 +0100
committerGuilhem Moulin <guilhem.moulin@fripost.org>2013-01-18 21:24:39 +0100
commit1f365b29f094912fa8f6e9d7fe0348148eb60ccf (patch)
tree74ab5846ce9a5003eb29084f29f768291c159a1f
parentc70ea95c7e2e07cccbff9b7cce26e7bb506d1db6 (diff)
Added the possibility to chooze the SASL mechanism (GSSAPI or DIGEST-MD5).
-rw-r--r--lib/Fripost/Panel/Interface.pm3
-rw-r--r--lib/Fripost/Panel/Login.pm6
-rw-r--r--lib/Fripost/Schema.pm31
3 files changed, 25 insertions, 15 deletions
diff --git a/lib/Fripost/Panel/Interface.pm b/lib/Fripost/Panel/Interface.pm
index 18b9a48..fcd4f97 100644
--- a/lib/Fripost/Panel/Interface.pm
+++ b/lib/Fripost/Panel/Interface.pm
@@ -264,8 +264,7 @@ sub EditLocal : Runmode {
$fp = Fripost::Schema::->auth(
$u,
$q->param('oldpw'),
- ldap_uri => $CFG{ldap_uri},
- ldap_suffix => $CFG{ldap_suffix},
+ %CFG,
-die => "Wrong password (for ‘".$u."’)." );
};
$error = $@ || $fp->user->passwd(
diff --git a/lib/Fripost/Panel/Login.pm b/lib/Fripost/Panel/Login.pm
index ef8474c..4f00f6b 100644
--- a/lib/Fripost/Panel/Login.pm
+++ b/lib/Fripost/Panel/Login.pm
@@ -65,11 +65,7 @@ sub cgiapp_init {
}
Encode::_utf8_on($u);
$u = email_to_ascii($u);
- my $fp = Fripost::Schema::->auth($u, $p,
- ldap_uri => $CFG{ldap_uri},
- ldap_suffix => $CFG{ldap_suffix},
- -die => 0
- );
+ my $fp = Fripost::Schema::->auth($u, $p, %CFG, -die => 0);
return 0 unless defined $fp;
$fp->done;
return $u;
diff --git a/lib/Fripost/Schema.pm b/lib/Fripost/Schema.pm
index 9d6f4cb..236b407 100644
--- a/lib/Fripost/Schema.pm
+++ b/lib/Fripost/Schema.pm
@@ -50,16 +50,31 @@ sub SASLauth {
my $self = bless {}, $class;
$self->suffix( join ',', @{$cfg{ldap_suffix}} );
$self->whoami( "fvu=$l,fvd=$d,".$self->suffix );
- $self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 1 ) );
+ return $self unless defined $cfg{ldap_SASL_mechanism};
- my $sasl = Authen::SASL::->new(
- mechanism => 'GSSAPI',
- callback => { user => 'dn:'.$self->whoami }
- );
- my $conn = $sasl->client_new('ldap', $cfg{krb5_service_instance} );
+ $self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 0 ));
+
+ my $callback;
+ if ($cfg{ldap_SASL_mechanism} eq 'DIGEST-MD5') {
+ $callback = { user => $cfg{ldap_authcID}
+ , pass => $cfg{ldap_authcPW}
+ , authname => 'dn:'.$self->whoami
+ };
+ }
+ elsif ($cfg{ldap_SASL_mechanism} eq 'GSSAPI') {
+ $callback = { user => 'dn:'.$self->whoami };
+ }
+ else {
+ die "Unknown SASL mechanism: ".$cfg{ldap_SASL_mechanism};
+ }
+
+ my $sasl = Authen::SASL::->new( mechanism => $cfg{ldap_SASL_mechanism}
+ , callback => $callback );
+ my $host = $cfg{krb5_service_instance} // 'localhost';
+ my $conn = $sasl->client_new( 'ldap', $host );
die $conn->error if $conn->code;
- my $mesg = $self->ldap->bind( '', sasl => $conn );
+ my $mesg = $self->ldap->bind( undef, sasl => $conn );
# This is not supposed to happen.
die $mesg->error if $mesg->code;
@@ -91,7 +106,7 @@ sub auth {
$self->whoami( "fvu=$l,fvd=$d,".$self->suffix );
}
- $self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 1 ) );
+ $self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 0 ) );
my $mesg = $self->ldap->bind( $self->whoami, password => $pw );
if ($mesg->code) {