epita-std/ACU
Archived
1
0
Fork 0
Code Releases Activity

Sanities LDAP code

Browse source
This commit is contained in:
Mercier Pierre-Olivier 2013-09-28 18:52:38 +02:00
parent 8132fdb3e1
commit 672740685c
1 changed files with 93 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

201
ACU/LDAP.pm
View file

@ -42,7 +42,8 @@ sub ldap_connect()
log(DEBUG, "Connect to LDAP with $binddn"); log(DEBUG, "Connect to LDAP with $binddn");
if ($mesg->code) { if ($mesg->code) {
log(FATAL, "An error occurred: " .ldap_error_text($mesg->code)); log(ERROR, "An error occurred: " .ldap_error_text($mesg->code));
croak "An error occurred: " .ldap_error_text($mesg->code);
} }
return $ldap; return $ldap;
@ -56,7 +57,8 @@ sub ldap_connect_anon()
log(DEBUG, "Connect to LDAP anonymously"); log(DEBUG, "Connect to LDAP anonymously");
if ($mesg->code) { if ($mesg->code) {
log(FATAL, "An error occurred: " .ldap_error_text($mesg->code)); log(ERROR, "An error occurred: " .ldap_error_text($mesg->code));
croak "An error occurred: " .ldap_error_text($mesg->code);
} }
return $ldap; return $ldap;
@ -87,29 +89,6 @@ sub add_group($$$;$)
return $dn; return $dn;
} }
sub delete_group($$;$)
{
my $cn = shift;
my $year = shift;
my $ou = shift // "intra"; # expected roles or intra
my $ldap = ldap_connect();
log(DEBUG, "Delete group ou=groups,dc=acu,dc=epita,dc=fr");
my $mesg = $ldap->search( # search
base => "ou=groups,dc=acu,dc=epita,dc=fr",
filter => "cn=$cn",
scope => "sub"
);
if ($mesg->code != 0) { log(WARN, $mesg->error); return 0; }
if ($mesg->count != 1) { log(WARN, "$cn not found or multiple entries match"); return 0; }
$ldap->delete( $mesg->entry(0)->dn );
$ldap->unbind or log(WARN, "couldn't disconnect correctly");
}
sub get_year(;$) sub get_year(;$)
{ {
my $ldap = shift // ldap_connect_anon(); my $ldap = shift // ldap_connect_anon();
@ -117,6 +96,90 @@ sub get_year(;$)
return get_attribute($ldap, "cn=year,dc=acu,dc=epita,dc=fr", "year"); return get_attribute($ldap, "cn=year,dc=acu,dc=epita,dc=fr", "year");
} }
sub get_rights($)
{
my $login = shift;
my @rights;
my $ldap = ldap_connect_anon();
my $mesg = $ldap->search( # search
base => "ou=roles,ou=groups,dc=acu,dc=epita,dc=fr",
filter => "&(memberUid=$login)(objectClass=intraGroup)",
attrs => [ 'intraRight' ],
scope => "sub"
);
if ($mesg->code != 0) { die $mesg->error; }
for my $entry ($mesg->entries)
{
for my $r ($entry->get_value('intraRight'))
{
if ($r =~ /^!(.*)$/) {
@rights = grep { $r ne $_ } @rights;
}
else {
push @rights, Right->new($r);
}
}
}
$mesg = $ldap->search( # search
base => "ou=intra,ou=groups,dc=acu,dc=epita,dc=fr",
filter => "&(memberUid=$login)(objectClass=intraGroup)",
attrs => [ 'intraRight' ],
scope => "sub"
);
if ($mesg->code != 0) { die $mesg->error; }
if ($mesg->count != 1) { die "User $login not found or multiple presence"; }
for my $entry ($mesg->entries)
{
for my $r ($entry->get_value('intraRight')) {
push @rights, Right->new($r);
}
}
$mesg = $ldap->search( # search
base => "ou=users,dc=acu,dc=epita,dc=fr",
filter => "&(uid=$login)(objectClass=intraAccount)",
attrs => [ 'intraRight' ],
scope => "sub"
);
if ($mesg->code != 0) { die $mesg->error; }
if ($mesg->count != 1) { die "User $login not found or multiple presence"; }
for my $r ($mesg->entry(0)->get_value('intraRight')) {
push @rights, Right->new($r);
}
$ldap->unbind or die ("couldn't disconnect correctly");
return @rights;
}
sub has_right($$)
{
my $login = shift;
my $right = shift;
my $ok = 0;
for my $r (get_rights($login))
{
if ($r->{right} eq $right)
{
return 0 if ($r->{negate});
$ok = $r;
}
}
return $ok;
}
## Low level functions ## Low level functions
@ -154,7 +217,8 @@ sub add_attribute($$$@)
my @data = $entry->get_value($what); my @data = $entry->get_value($what);
for my $value (@_) for my $value (@_)
{ {
if (! grep { /^\Q$value\E$/ } @data) { if (! grep { $value eq $_ } @data)
{
$mod = 1; $mod = 1;
log(DEBUG, "Add attribute $value to $dn"); log(DEBUG, "Add attribute $value to $dn");
@ -192,10 +256,11 @@ sub delete_attribute($$$@)
my @data = $entry->get_value($what); my @data = $entry->get_value($what);
for my $value (@_) for my $value (@_)
{ {
if (grep { /^\Q$value\E$/ } @data) { if (grep { $value eq $_ } @data)
{
log(DEBUG, "Remove attribute $what ($value) from $dn"); log(DEBUG, "Remove attribute $what ($value) from $dn");
@data = grep { ! /^\Q$value\E$/ } @data; @data = grep { ! $value eq $_ } @data;
$mod = 1; $mod = 1;
} }
else { else {
@ -310,84 +375,4 @@ sub update_attribute($$$@)
return 1; return 1;
} }
sub has_right($$)
{
my $login = shift;
my $right = shift;
my $ok = 0;
for my $r (get_rights($login)) {
if ($r->{right} eq $right) {
return 0 if ($r->{negate});
$ok = $r;
}
}
return $ok;
}
sub get_rights($)
{
my $login = shift;
my @rights;
my $ldap = ldap_connect_anon();
my $mesg = $ldap->search( # search
base => "ou=roles,ou=groups,dc=acu,dc=epita,dc=fr",
filter => "&(memberUid=$login)(objectClass=intraGroup)",
attrs => [ 'intraRight' ],
scope => "sub"
);
if ($mesg->code != 0) { die $mesg->error; }
for my $entry ($mesg->entries) {
for my $r ($entry->get_value('intraRight')) {
if ($r =~ /^!(.*)$/) {
@rights = grep { ! /^\Q$r\E$/ } @rights;
}
else {
push @rights, Right->new($r);
}
}
}
$mesg = $ldap->search( # search
base => "ou=intra,ou=groups,dc=acu,dc=epita,dc=fr",
filter => "&(memberUid=$login)(objectClass=intraGroup)",
attrs => [ 'intraRight' ],
scope => "sub"
);
if ($mesg->code != 0) { die $mesg->error; }
if ($mesg->count != 1) { die "User $login not found or multiple presence"; }
for my $entry ($mesg->entries) {
for my $r ($entry->get_value('intraRight')) {
push @rights, Right->new($r);
}
}
$mesg = $ldap->search( # search
base => "ou=users,dc=acu,dc=epita,dc=fr",
filter => "&(uid=$login)(objectClass=intraAccount)",
attrs => [ 'intraRight' ],
scope => "sub"
);
if ($mesg->code != 0) { die $mesg->error; }
if ($mesg->count != 1) { die "User $login not found or multiple presence"; }
for my $r ($mesg->entry(0)->get_value('intraRight')) {
push @rights, Right->new($r);
}
$ldap->unbind or die ("couldn't disconnect correctly");
return @rights;
}
1; 1;