Subversion Repositories wimsdev

Rev

Rev 5099 | Rev 13323 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
20 reyssat 1
 
2
# Input variables: authdef=def file.
3
# Parameters: auth_user, auth_password.
4993 bpr 4
# output : auth_test, auth_user
20 reyssat 5
 
468 bpr 6
auth_test=ERROR
7
auth_real_login=ERROR
8
 
9
 
20 reyssat 10
ldap_find=!sh which ldapsearch
11
!if $ldap_find issametext $empty
12555 bpr 12
  auth_test=ERROR no_ldap
13
  !exit
20 reyssat 14
!endif
15
 
5015 bpr 16
ldap_auth=!defof class_ldap_auth in $authdef
17
!default ldap_auth=!defof ldap_auth in wimshome/log/wims.conf
468 bpr 18
 
20 reyssat 19
ldap_port=!defof class_ldap_port in $authdef
4613 bpr 20
!default ldap_port=!defof ldap_port in wimshome/log/wims.conf
468 bpr 21
 
20 reyssat 22
ldap_version=!defof class_ldap_version in $authdef
4613 bpr 23
!default ldap_version=!defof ldap_version in wimshome/log/wims.conf
468 bpr 24
 
20 reyssat 25
ldap_base=!defof class_ldap_base in $authdef
4613 bpr 26
!default ldap_base=!defof ldap_base in wimshome/log/wims.conf
468 bpr 27
 
20 reyssat 28
ldap_branch=!defof class_ldap_branch in $authdef
4613 bpr 29
!default ldap_branch=!defof ldap_branch in wimshome/log/wims.conf
468 bpr 30
 
20 reyssat 31
ldap_uid=!defof class_ldap_uid in $authdef
4613 bpr 32
!default ldap_uid=!defof ldap_uid in wimshome/log/wims.conf
12555 bpr 33
 
468 bpr 34
#ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]),$ldap_branch,$ldap_base
35
ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1])
20 reyssat 36
 
468 bpr 37
ldap_login=!defof class_ldap_login in $authdef
4613 bpr 38
!default ldap_login=!defof ldap_login in wimshome/log/wims.conf
20 reyssat 39
 
468 bpr 40
!if $ldap_login=$empty or $ldap_uid=$empty or $ldap_base=$empty \
12555 bpr 41
       or $ldap_branch=$empty  or $ldap_auth=$empty
42
  auth_test=ERROR no_ldap_config
43
  !exit
468 bpr 44
!endif
5099 bpr 45
!!!FIXME  Be careful : ldap must be configured such that the option -w is accepted. If not, the answer
46
!!! is the same for a good or wrong password.
47
!!! should fix the test
5072 bpr 48
ldap_search=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' -D "$ldap_id , $ldap_base" -w '$(wims_read_parm[2])'
4613 bpr 49
atest=result: 0 Success
50
btest=# numEntries: 1
51
firstcond=0
52
 
20 reyssat 53
ldap_cnt=!linecnt $ldap_search
54
!for i=1 to $ldap_cnt
12555 bpr 55
  l=!line $i of $ldap_search
56
  field=!word 1 of $l
468 bpr 57
 
12555 bpr 58
  !if $field iswordof $ldap_login:
59
    auth_real_login=!word 2 of $l
60
  !endif
468 bpr 61
 
12555 bpr 62
  !if $l issametext $atest
63
    !increase firstcond
64
  !endif
65
  !if $l issametext $btest
66
    !increase firstcond
67
  !endif
20 reyssat 68
!next i
4613 bpr 69
!if $firstcond=2
70
  !!! now the user exists and password is good
71
  !!! find eventually  wims login
72
  !if $ldap_login issametext $ldap_uid
12555 bpr 73
    auth_test=!replace internal " by  in $(wims_read_parm[1])
4613 bpr 74
  !else
12555 bpr 75
    !if $auth_real_login!= and $auth_real_login!=ERROR
76
      auth_test=$auth_real_login
77
    !else
78
      !! one looks for the ldap_login in an anonymous way (no password)
79
      ldap_search2=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' $ldap_login | grep -v "^[d]n:"
80
      ldap_search2=!replace internal :$ $ by , in $ldap_search2
81
      ldap_cnt2=!linecnt $ldap_search2
4637 bpr 82
 
12555 bpr 83
      !for i=1 to $ldap_cnt2
84
        l=!line $i of $ldap_search2
85
        field=!item 1 of $l
86
        !if $field iswordof $ldap_login
87
          auth_real_login=!item 2 of $l
88
        !endif
89
      !next
90
      !if $auth_real_login!=
91
        auth_user=$auth_real_login
92
      !endif
93
      auth_test=$auth_real_login
4613 bpr 94
    !endif
95
  !endif
96
!endif
633 bpr 97
 
4993 bpr 98
cnt_=!charcnt $auth_user
809 bpr 99
!if $cnt_=3
12555 bpr 100
  auth_user=!nospace $auth_user 0
809 bpr 101
!endif
4613 bpr 102
!if $cnt_<=2
103
  auth_test=ERROR
4993 bpr 104
  !reset auth_user
4613 bpr 105
!endif
4993 bpr 106
!if $auth_test!=ERROR
107
  auth_test=OK
108
!endif
20 reyssat 109
auth_error=$wims_exec_error
4613 bpr 110
!reset wims_exec_error
5072 bpr 111
auth_user_orig=$(wims_read_parm[1])