[pmg-api.git] / PMG / RuleDB / LDAPUser.pm

package PMG::RuleDB::LDAPUser;

use strict;
use warnings;
use DBI;
use Digest::SHA;

use PVE::INotify;

use PMG::Utils;
use PMG::RuleDB::Object;
use PMG::LDAPCache;
use PMG::LDAPConfig;
use PMG::LDAPSet;

use base qw(PMG::RuleDB::Object);

sub otype {
    return 1006;
}

sub oclass {
    return 'who';
}

sub otype_text {
    return 'LDAP User';
}

sub new {
    my ($type, $ldapuser, $profile, $ogroup) = @_;

    my $class = ref($type) || $type;
 
    my $self = $class->SUPER::new($class->otype(), $ogroup);

    $self->{ldapuser} = $ldapuser // '';
    $self->{profile} = $profile // '';
    
    return $self;
}

sub load_attr {
    my ($type, $ruledb, $id, $ogroup, $value) = @_;

    my $class = ref($type) || $type;

    defined($value) || die "undefined value: ERROR";
    
    my $obj;
    if ($value =~ m/^([^:]*):(.*)$/) {
	$obj = $class->new($2, $1, $ogroup);
	$obj->{digest} = Digest::SHA::sha1_hex($id, $2, $1, $ogroup);
   } else {
	$obj = $class->new($value, '', $ogroup);
	$obj->{digest} = Digest::SHA::sha1_hex ($id, $value, '#', $ogroup);
    }

    $obj->{id} = $id;
    
    return $obj;
}

sub save {
    my ($self, $ruledb) = @_;

    defined($self->{ogroup}) || die "undefined ogroup: ERROR";
    defined($self->{ldapuser}) || die "undefined ldap user: ERROR";
    defined($self->{profile}) || die "undefined ldap profile: ERROR";

    my $user = $self->{ldapuser};
    my $profile = $self->{profile};
 
    my $confdata = "$profile:$user";
    
    if (defined($self->{id})) {
	# update
	
	$ruledb->{dbh}->do(
	    "UPDATE Object SET Value = ? WHERE ID = ?", 
	    undef, $confdata, $self->{id});

    } else {
	# insert

	my $sth = $ruledb->{dbh}->prepare(
	    "INSERT INTO Object (Objectgroup_ID, ObjectType, Value) " .
	    "VALUES (?, ?, ?);");

	$sth->execute($self->{ogroup}, $self->otype, $confdata);
    
	$self->{id} = PMG::Utils::lastid($ruledb->{dbh}, 'object_id_seq'); 
    }
	
    return $self->{id};
}

sub test_ldap {
    my ($ldap, $addr, $user, $profile) = @_;

    return $ldap->account_has_address($user, $addr, $profile); 
}

sub who_match {
    my ($self, $addr, $ip, $ldap) = @_;

    return 0 if !$ldap;

    return test_ldap($ldap, $addr, $self->{ldapuser}, $self->{profile});
}

sub short_desc {
    my ($self) = @_;

    my $user = $self->{ldapuser};
    my $profile = $self->{profile};

    my $desc;

    if ($profile) {
	$desc = "LDAP user '$user', profile '$profile'";
    } else {
	$desc = "LDAP user without profile - fail always";
    }

    return $desc;
}

sub properties {
    my ($class) = @_;

    return {
	profile => {
	    description => "Profile ID.",
	    type => 'string', format => 'pve-configid',
	},
	account => {
	    description => "LDAP user account name.",
	    type => 'string',
	    maxLength => 1024,
	    minLength => 1,
	},
    };
}

sub get {
    my ($self) = @_;

    return {
	account => $self->{ldapuser},
	profile => $self->{profile},
    };
}

sub update {
    my ($self, $param) = @_;

    my $profile = $param->{profile};
    my $cfg = PVE::INotify::read_file("pmg-ldap.conf");
    my $config = $cfg->{ids}->{$profile};
    die "LDAP profile '$profile' does not exist\n" if !$config;

    my $account = $param->{account};
    my $ldapcache = PMG::LDAPCache->new(
	id => $profile, syncmode => 1, %$config);

    die "LDAP acoount '$account' does not exist\n"
	if !$ldapcache->account_exists($account);

    $self->{ldapuser} = $account;
    $self->{profile} = $profile;
}

1;

__END__

=head1 PMG::RuleDB::LDAPUser

A WHO object to check LDAP users

=head2 Attribues

=head3 ldapuser

An LDAP user account (ignore case).

=head3 profile

The LDAP profile name

=head2 Examples

    $obj = PMG::RuleDB::LDAPUser>new('username', 'profile_name');
Commit	Line	Data
c712d3a2 DM	1	package PMG::RuleDB::LDAPUser;
	2
	3	use strict;
	4	use warnings;
	5	use DBI;
	6	use Digest::SHA;
	7
aba41750 DM	8	use PVE::INotify;
aba41750 DM	9
c712d3a2 DM	10	use PMG::Utils;
	11	use PMG::RuleDB::Object;
	12	use PMG::LDAPCache;
aba41750	13	use PMG::LDAPConfig;
c712d3a2 DM	14	use PMG::LDAPSet;
	15
	16	use base qw(PMG::RuleDB::Object);
	17
	18	sub otype {
	19	return 1006;
	20	}
	21
	22	sub oclass {
	23	return 'who';
	24	}
	25
	26	sub otype_text {
	27	return 'LDAP User';
	28	}
	29
c712d3a2 DM	30	sub new {
	31	my ($type, $ldapuser, $profile, $ogroup) = @_;
	32
	33	my $class = ref($type) \|\| $type;
	34
	35	my $self = $class->SUPER::new($class->otype(), $ogroup);
	36
	37	$self->{ldapuser} = $ldapuser // '';
	38	$self->{profile} = $profile // '';
	39
	40	return $self;
	41	}
	42
	43	sub load_attr {
	44	my ($type, $ruledb, $id, $ogroup, $value) = @_;
	45
	46	my $class = ref($type) \|\| $type;
	47
	48	defined($value) \|\| die "undefined value: ERROR";
	49
	50	my $obj;
	51	if ($value =~ m/^([^:]):(.)$/) {
	52	$obj = $class->new($2, $1, $ogroup);
	53	$obj->{digest} = Digest::SHA::sha1_hex($id, $2, $1, $ogroup);
	54	} else {
	55	$obj = $class->new($value, '', $ogroup);
	56	$obj->{digest} = Digest::SHA::sha1_hex ($id, $value, '#', $ogroup);
	57	}
	58
	59	$obj->{id} = $id;
	60
	61	return $obj;
	62	}
	63
	64	sub save {
	65	my ($self, $ruledb) = @_;
	66
	67	defined($self->{ogroup}) \|\| die "undefined ogroup: ERROR";
	68	defined($self->{ldapuser}) \|\| die "undefined ldap user: ERROR";
	69	defined($self->{profile}) \|\| die "undefined ldap profile: ERROR";
	70
	71	my $user = $self->{ldapuser};
	72	my $profile = $self->{profile};
	73
	74	my $confdata = "$profile:$user";
	75
	76	if (defined($self->{id})) {
	77	# update
	78
	79	$ruledb->{dbh}->do(
	80	"UPDATE Object SET Value = ? WHERE ID = ?",
	81	undef, $confdata, $self->{id});
	82
	83	} else {
	84	# insert
	85
	86	my $sth = $ruledb->{dbh}->prepare(
	87	"INSERT INTO Object (Objectgroup_ID, ObjectType, Value) " .
	88	"VALUES (?, ?, ?);");
	89
	90	$sth->execute($self->{ogroup}, $self->otype, $confdata);
	91
	92	$self->{id} = PMG::Utils::lastid($ruledb->{dbh}, 'object_id_seq');
	93	}
94
95	return $self->{id};
96	}
97
98	sub test_ldap {
99	my ($ldap, $addr, $user, $profile) = @_;
100
101	return $ldap->account_has_address($user, $addr, $profile);
102	}
103
104	sub who_match {
105	my ($self, $addr, $ip, $ldap) = @_;
106
107	return 0 if !$ldap;
108
109	return test_ldap($ldap, $addr, $self->{ldapuser}, $self->{profile});
110	}
111
d4d73d95 DM	112	sub short_desc {
	113	my ($self) = @_;
	114
	115	my $user = $self->{ldapuser};
	116	my $profile = $self->{profile};
	117
	118	my $desc;
	119
	120	if ($profile) {
f76f331a	121	$desc = "LDAP user '$user', profile '$profile'";
d4d73d95 DM	122	} else {
	123	$desc = "LDAP user without profile - fail always";
	124	}
	125
	126	return $desc;
	127	}
	128
	129	sub properties {
	130	my ($class) = @_;
	131
	132	return {
	133	profile => {
	134	description => "Profile ID.",
	135	type => 'string', format => 'pve-configid',
	136	},
	137	account => {
	138	description => "LDAP user account name.",
	139	type => 'string',
	140	maxLength => 1024,
	141	minLength => 1,
	142	},
	143	};
	144	}
	145
	146	sub get {
	147	my ($self) = @_;
	148
	149	return {
	150	account => $self->{ldapuser},
	151	profile => $self->{profile},
	152	};
	153	}
	154
	155	sub update {
	156	my ($self, $param) = @_;
	157
	158	my $profile = $param->{profile};
	159	my $cfg = PVE::INotify::read_file("pmg-ldap.conf");
	160	my $config = $cfg->{ids}->{$profile};
	161	die "LDAP profile '$profile' does not exist\n" if !$config;
	162
	163	my $account = $param->{account};
	164	my $ldapcache = PMG::LDAPCache->new(
	165	id => $profile, syncmode => 1, %$config);
	166
	167	die "LDAP acoount '$account' does not exist\n"
	168	if !$ldapcache->account_exists($account);
	169
	170	$self->{ldapuser} = $account;
	171	$self->{profile} = $profile;
	172	}
	173
c712d3a2 DM	174	1;
	175
	176	__END__
	177
	178	=head1 PMG::RuleDB::LDAPUser
	179
	180	A WHO object to check LDAP users
	181
	182	=head2 Attribues
	183
	184	=head3 ldapuser
	185
	186	An LDAP user account (ignore case).
	187
	188	=head3 profile
	189
	190	The LDAP profile name
	191
	192	=head2 Examples
	193
	194	$obj = PMG::RuleDB::LDAPUser>new('username', 'profile_name');
	195