Rev 13323 | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 20 | reyssat | 1 | |
| 2 | # Input variables: authdef=def file. |
||
| 3 | # Parameters: auth_user, auth_password. |
||
| 4993 | bpr | 4 | # output : auth_test, auth_user |
| 20 | reyssat | 5 | |
| 468 | bpr | 6 | auth_test=ERROR |
| 7 | auth_real_login=ERROR |
||
| 8 | |||
| 9 | |||
| 20 | reyssat | 10 | ldap_find=!sh which ldapsearch |
| 11 | !if $ldap_find issametext $empty |
||
| 12555 | bpr | 12 | auth_test=ERROR no_ldap |
| 13 | !exit |
||
| 20 | reyssat | 14 | !endif |
| 15 | |||
| 5015 | bpr | 16 | ldap_auth=!defof class_ldap_auth in $authdef |
| 17 | !default ldap_auth=!defof ldap_auth in wimshome/log/wims.conf |
||
| 17842 | bpr | 18 | !if xxxldap: notin xxx$ldap_auth and xxxldaps: notin xxx$ldap_auth |
| 19 | ldap_auth=ldap://$ldap_auth |
||
| 20 | !endif |
||
| 20 | reyssat | 21 | ldap_port=!defof class_ldap_port in $authdef |
| 4613 | bpr | 22 | !default ldap_port=!defof ldap_port in wimshome/log/wims.conf |
| 468 | bpr | 23 | |
| 20 | reyssat | 24 | ldap_version=!defof class_ldap_version in $authdef |
| 4613 | bpr | 25 | !default ldap_version=!defof ldap_version in wimshome/log/wims.conf |
| 468 | bpr | 26 | |
| 20 | reyssat | 27 | ldap_base=!defof class_ldap_base in $authdef |
| 4613 | bpr | 28 | !default ldap_base=!defof ldap_base in wimshome/log/wims.conf |
| 468 | bpr | 29 | |
| 20 | reyssat | 30 | ldap_branch=!defof class_ldap_branch in $authdef |
| 4613 | bpr | 31 | !default ldap_branch=!defof ldap_branch in wimshome/log/wims.conf |
| 468 | bpr | 32 | |
| 20 | reyssat | 33 | ldap_uid=!defof class_ldap_uid in $authdef |
| 4613 | bpr | 34 | !default ldap_uid=!defof ldap_uid in wimshome/log/wims.conf |
| 12555 | bpr | 35 | |
| 468 | bpr | 36 | #ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]),$ldap_branch,$ldap_base |
| 37 | ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]) |
||
| 20 | reyssat | 38 | |
| 468 | bpr | 39 | ldap_login=!defof class_ldap_login in $authdef |
| 4613 | bpr | 40 | !default ldap_login=!defof ldap_login in wimshome/log/wims.conf |
| 20 | reyssat | 41 | |
| 468 | bpr | 42 | !if $ldap_login=$empty or $ldap_uid=$empty or $ldap_base=$empty \ |
| 12555 | bpr | 43 | or $ldap_branch=$empty or $ldap_auth=$empty |
| 44 | auth_test=ERROR no_ldap_config |
||
| 45 | !exit |
||
| 468 | bpr | 46 | !endif |
| 5099 | bpr | 47 | !!!FIXME Be careful : ldap must be configured such that the option -w is accepted. If not, the answer |
| 48 | !!! is the same for a good or wrong password. |
||
| 49 | !!! should fix the test |
||
| 17842 | bpr | 50 | ldap_search=!sh ldapsearch -x -H $ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' -D "$ldap_id , $ldap_base" -w '$(wims_read_parm[2])' |
| 4613 | bpr | 51 | atest=result: 0 Success |
| 52 | btest=# numEntries: 1 |
||
| 53 | firstcond=0 |
||
| 54 | |||
| 20 | reyssat | 55 | ldap_cnt=!linecnt $ldap_search |
| 56 | !for i=1 to $ldap_cnt |
||
| 12555 | bpr | 57 | l=!line $i of $ldap_search |
| 58 | field=!word 1 of $l |
||
| 468 | bpr | 59 | |
| 12555 | bpr | 60 | !if $field iswordof $ldap_login: |
| 61 | auth_real_login=!word 2 of $l |
||
| 62 | !endif |
||
| 468 | bpr | 63 | |
| 12555 | bpr | 64 | !if $l issametext $atest |
| 65 | !increase firstcond |
||
| 66 | !endif |
||
| 67 | !if $l issametext $btest |
||
| 68 | !increase firstcond |
||
| 69 | !endif |
||
| 20 | reyssat | 70 | !next i |
| 4613 | bpr | 71 | !if $firstcond=2 |
| 72 | !!! now the user exists and password is good |
||
| 73 | !!! find eventually wims login |
||
| 74 | !if $ldap_login issametext $ldap_uid |
||
| 12555 | bpr | 75 | auth_test=!replace internal " by in $(wims_read_parm[1]) |
| 4613 | bpr | 76 | !else |
| 12555 | bpr | 77 | !if $auth_real_login!= and $auth_real_login!=ERROR |
| 78 | auth_test=$auth_real_login |
||
| 79 | !else |
||
| 80 | !! one looks for the ldap_login in an anonymous way (no password) |
||
| 13323 | georgesk | 81 | !! quite anonymous search, since $ldap_oneuser is unpriviledged |
| 17842 | bpr | 82 | ldap_search2=!sh ldapsearch -x -H $ldap_auth:$ldap_port -b "$ldap_base" $ldap_accreditation '$ldap_id' $ldap_login | grep -v "^[d]n:" |
| 12555 | bpr | 83 | ldap_search2=!replace internal :$ $ by , in $ldap_search2 |
| 84 | ldap_cnt2=!linecnt $ldap_search2 |
||
| 4637 | bpr | 85 | |
| 12555 | bpr | 86 | !for i=1 to $ldap_cnt2 |
| 87 | l=!line $i of $ldap_search2 |
||
| 88 | field=!item 1 of $l |
||
| 89 | !if $field iswordof $ldap_login |
||
| 90 | auth_real_login=!item 2 of $l |
||
| 91 | !endif |
||
| 92 | !next |
||
| 93 | !if $auth_real_login!= |
||
| 94 | auth_user=$auth_real_login |
||
| 95 | !endif |
||
| 96 | auth_test=$auth_real_login |
||
| 4613 | bpr | 97 | !endif |
| 98 | !endif |
||
| 99 | !endif |
||
| 633 | bpr | 100 | |
| 4993 | bpr | 101 | cnt_=!charcnt $auth_user |
| 809 | bpr | 102 | !if $cnt_=3 |
| 12555 | bpr | 103 | auth_user=!nospace $auth_user 0 |
| 809 | bpr | 104 | !endif |
| 4613 | bpr | 105 | !if $cnt_<=2 |
| 106 | auth_test=ERROR |
||
| 4993 | bpr | 107 | !reset auth_user |
| 4613 | bpr | 108 | !endif |
| 4993 | bpr | 109 | !if $auth_test!=ERROR |
| 110 | auth_test=OK |
||
| 111 | !endif |
||
| 20 | reyssat | 112 | auth_error=$wims_exec_error |
| 4613 | bpr | 113 | !reset wims_exec_error |
| 5072 | bpr | 114 | auth_user_orig=$(wims_read_parm[1]) |