diff options
Diffstat (limited to 'lib/FPanel/Interface.pm')
-rw-r--r-- | lib/FPanel/Interface.pm | 132 |
1 files changed, 70 insertions, 62 deletions
diff --git a/lib/FPanel/Interface.pm b/lib/FPanel/Interface.pm index 72fa29f..6781ae5 100644 --- a/lib/FPanel/Interface.pm +++ b/lib/FPanel/Interface.pm @@ -7,75 +7,63 @@ use utf8; use lib 'lib'; use base 'FPanel::Login'; -sub cgiapp_init { - my $self = shift; - - $self->SUPER::cgiapp_init; - # define runmodes (pages) that require successful login: - $self->authen->protected_runmodes( ':all' ); +# This method is called right before the 'setup' method below. It +# inherits the configuration from the super class. +sub cgiapp_init { + my $self = shift; + + $self->SUPER::cgiapp_init; + + # Every single Run Mode here is protected + $self->authen->protected_runmodes( ':all' ); } -sub index : Runmode { - my $self = shift; - my $template = $self->load_tmpl('index.html' - , cache => 1 - , utf8 => 1 ); - my $domain = (split /\//, $ENV{PATH_INFO},3)[1]; - $template->param({ - NAME => 'INDEX', - URL => $self->query->url(), - MYDOMAIN => $domain, - USER => $self->authen->username, - }); - return $template->output; -} +# This is the first page an authenticated user sees. It lists the known +# domains. sub DomainList : StartRunmode { - my $self = shift; - - my ($u,$d) = split /@/, $self->authen->username, 2; - my $dn = "fvu=$u,fvd=$d,ou=virtual,o=mailHosting,dc=fripost,dc=dev"; - - my $ldap = Net::LDAP->new( 'ldap://127.0.0.1:389', - , async => 1, - , onerror => 'die' - ); - my $sasl = Authen::SASL->new( mechanism => 'DIGEST-MD5' - , callback => { user => 'FPanel' - , pass => 'panel' - , authname => "dn:$dn" } - ); - my $mesg = $ldap->bind( sasl => $sasl ) ; - die $mesg->error if $mesg->code; - - my $domains = $ldap->search( base => "ou=virtual,o=mailHosting,dc=fripost,dc=dev" - , scope => 'one' - , filter => 'objectClass=FripostVirtualDomain' - , deref => 'never' - ); - die $domains->error if $domains->code; - - - my $template = $self->load_tmpl('domain-list.html' - , cache => 1 - , utf8 => 1 - , loop_context_vars => 1 - , global_vars => 1 ); - $template->param( URL => $self->query->url ); - $template->param( USER_LOCALPART => $u, USER_DOMAINPART => $d); - $template->param( DOMAINS => [ - map { { DOMAIN => $_->get_value('fvd') - , PERMS => &list_perms($_, $dn) - , DESCRIPTION => join ("\n", $_->get_value('description')) - , ISACTIVE => $_->get_value('fripostIsStatusActive') eq 'TRUE' ? 1 : 0 - }; - } - $domains->sorted('fvd') - ]); - return $template->output; + my $self = shift; + my %CFG = $self->cfg; + my $suffix = join ',', @{$CFG{ldap_suffix}}; + + my ($l,$d) = split /@/, $self->authen->username, 2; + my $authzDN = "fvu=$l,fvd=$d,". $suffix; + my $ldap = $self->ldap_from_auth_user($authzDN); + + my $domains = $ldap->search( base => $suffix + , scope => 'one' + , filter => 'objectClass=FripostVirtualDomain' + , deref => 'never' + ); + die $domains->error if $domains->code; + + + my $template = $self->load_tmpl( 'domain-list.html', cache => 1, utf8 => 1 + , loop_context_vars => 1 + , global_vars => 1 ); + $template->param( URL => $self->query->url ); + $template->param( USER_LOCALPART => $l, USER_DOMAINPART => $d); + $template->param( DOMAINS => [ + map { { DOMAIN => $_->get_value('fvd') + , PERMS => &list_perms($_, $authzDN) + , DESCRIPTION => join ("\n", $_->get_value('description')) + , ISACTIVE => $_->get_value('fripostIsStatusActive') eq 'TRUE' ? 1 : 0 + }; + } + $domains->sorted('fvd') + ]); + return $template->output; } + +# This subroutine displays the access that the given DN has on the entry. +# Possible values are : +# - "can create aliases" (a) +# - "can create lists" (l) +# - "can create aliases & lists" (al) +# - "owner" (o) +# - "postmaster" (p) sub list_perms { my ($entry, $dn) = @_; my $perms = ''; @@ -115,5 +103,25 @@ sub list_perms { } } + +# This method SASL binds the web application and uses the provided +# authorization DN. +sub ldap_from_auth_user { + my $self = shift; + my $authzDN = shift; + + my $ldap = Net::LDAP->new( $self->cfg('ldap_uri'), async => 1, onerror => 'die' ); + my $sasl = Authen::SASL->new( mechanism => 'DIGEST-MD5' + , callback => { user => $self->cfg('ldap_authcID') + , pass => $self->cfg('ldap_authcPW') + , authname => "dn:$authzDN" } + ); + my $mesg = $ldap->bind( sasl => $sasl ) ; + die $mesg->error if $mesg->code; + + return $ldap; +} + + 1; |