1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
package FPanel::Interface;
use strict;
use warnings;
use utf8;
use lib 'lib';
use base 'FPanel::Login';
# This method is called right before the 'setup' method below. It
# inherits the configuration from the super class.
sub cgiapp_init {
my $self = shift;
$self->SUPER::cgiapp_init;
# Every single Run Mode here is protected
$self->authen->protected_runmodes( ':all' );
}
# This is the first page an authenticated user sees. It lists the known
# domains.
sub DomainList : StartRunmode {
my $self = shift;
my %CFG = $self->cfg;
my $suffix = join ',', @{$CFG{ldap_suffix}};
my ($l,$d) = split /@/, $self->authen->username, 2;
my $authzDN = "fvu=$l,fvd=$d,". $suffix;
my $ldap = $self->ldap_from_auth_user($authzDN);
my $domains = $ldap->search( base => $suffix
, scope => 'one'
, filter => 'objectClass=FripostVirtualDomain'
, deref => 'never'
);
die $domains->error if $domains->code;
my $template = $self->load_tmpl( 'domain-list.html', cache => 1, utf8 => 1
, loop_context_vars => 1
, global_vars => 1 );
$template->param( URL => $self->query->url );
$template->param( USER_LOCALPART => $l, USER_DOMAINPART => $d);
$template->param( DOMAINS => [
map { { DOMAIN => $_->get_value('fvd')
, PERMS => &list_perms($_, $authzDN)
, DESCRIPTION => join ("\n", $_->get_value('description'))
, ISACTIVE => $_->get_value('fripostIsStatusActive') eq 'TRUE' ? 1 : 0
};
}
$domains->sorted('fvd')
]);
return $template->output;
}
# This subroutine displays the access that the given DN has on the entry.
# Possible values are :
# - "can create aliases" (a)
# - "can create lists" (l)
# - "can create aliases & lists" (al)
# - "owner" (o)
# - "postmaster" (p)
sub list_perms {
my ($entry, $dn) = @_;
my $perms = '';
my $canCreateAlias = $entry->get_value ('fripostCanCreateAlias', asref => 1);
$perms .= 'a'
if defined $canCreateAlias and
grep { $dn eq $_ or (split /,/,$dn,2)[1] eq $_ }
@{$canCreateAlias};
my $canCreateList = $entry->get_value ('fripostCanCreateList', asref => 1);
$perms .= 'l'
if defined $canCreateList and
grep { $dn eq $_ or (split /,/,$dn,2)[1] eq $_ }
@{$canCreateList};
my $owner = $entry->get_value ('fripostOwner', asref => 1);
$perms = 'o'
if defined $owner and grep { $dn eq $_ } @{$owner};
my $postmaster = $entry->get_value ('fripostPostmaster', asref => 1);
$perms = 'p'
if defined $postmaster and grep { $dn eq $_ } @{$postmaster};
if ( $perms =~ /a/) {
return 'can create aliases & lists' if ( $perms =~ /l/);
return 'can create aliases';
}
elsif ( $perms eq 'l' ) {
return 'can create lists';
}
elsif ( $perms eq 'o' ) {
return 'owner';
}
elsif ( $perms eq 'p' ) {
return 'postmaster';
}
}
# This method SASL binds the web application and uses the provided
# authorization DN.
sub ldap_from_auth_user {
my $self = shift;
my $authzDN = shift;
my $ldap = Net::LDAP->new( $self->cfg('ldap_uri'), async => 1, onerror => 'die' );
my $sasl = Authen::SASL->new( mechanism => 'DIGEST-MD5'
, callback => { user => $self->cfg('ldap_authcID')
, pass => $self->cfg('ldap_authcPW')
, authname => "dn:$authzDN" }
);
my $mesg = $ldap->bind( sasl => $sasl ) ;
die $mesg->error if $mesg->code;
return $ldap;
}
1;
|
