]>
Commit | Line | Data |
---|---|---|
c712d3a2 DM |
1 | package PMG::RuleDB::LDAPUser; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use DBI; | |
6 | use Digest::SHA; | |
7 | ||
aba41750 DM |
8 | use PVE::INotify; |
9 | ||
c712d3a2 DM |
10 | use PMG::Utils; |
11 | use PMG::RuleDB::Object; | |
12 | use PMG::LDAPCache; | |
aba41750 | 13 | use PMG::LDAPConfig; |
c712d3a2 DM |
14 | use PMG::LDAPSet; |
15 | ||
16 | use base qw(PMG::RuleDB::Object); | |
17 | ||
18 | sub otype { | |
19 | return 1006; | |
20 | } | |
21 | ||
22 | sub oclass { | |
23 | return 'who'; | |
24 | } | |
25 | ||
26 | sub otype_text { | |
27 | return 'LDAP User'; | |
28 | } | |
29 | ||
c712d3a2 DM |
30 | sub new { |
31 | my ($type, $ldapuser, $profile, $ogroup) = @_; | |
32 | ||
33 | my $class = ref($type) || $type; | |
34 | ||
35 | my $self = $class->SUPER::new($class->otype(), $ogroup); | |
36 | ||
37 | $self->{ldapuser} = $ldapuser // ''; | |
38 | $self->{profile} = $profile // ''; | |
39 | ||
40 | return $self; | |
41 | } | |
42 | ||
43 | sub load_attr { | |
44 | my ($type, $ruledb, $id, $ogroup, $value) = @_; | |
45 | ||
46 | my $class = ref($type) || $type; | |
47 | ||
48 | defined($value) || die "undefined value: ERROR"; | |
49 | ||
50 | my $obj; | |
51 | if ($value =~ m/^([^:]*):(.*)$/) { | |
52 | $obj = $class->new($2, $1, $ogroup); | |
53 | $obj->{digest} = Digest::SHA::sha1_hex($id, $2, $1, $ogroup); | |
54 | } else { | |
55 | $obj = $class->new($value, '', $ogroup); | |
56 | $obj->{digest} = Digest::SHA::sha1_hex ($id, $value, '#', $ogroup); | |
57 | } | |
58 | ||
59 | $obj->{id} = $id; | |
60 | ||
61 | return $obj; | |
62 | } | |
63 | ||
64 | sub save { | |
65 | my ($self, $ruledb) = @_; | |
66 | ||
67 | defined($self->{ogroup}) || die "undefined ogroup: ERROR"; | |
68 | defined($self->{ldapuser}) || die "undefined ldap user: ERROR"; | |
69 | defined($self->{profile}) || die "undefined ldap profile: ERROR"; | |
70 | ||
71 | my $user = $self->{ldapuser}; | |
72 | my $profile = $self->{profile}; | |
73 | ||
74 | my $confdata = "$profile:$user"; | |
75 | ||
76 | if (defined($self->{id})) { | |
77 | # update | |
78 | ||
79 | $ruledb->{dbh}->do( | |
80 | "UPDATE Object SET Value = ? WHERE ID = ?", | |
81 | undef, $confdata, $self->{id}); | |
82 | ||
83 | } else { | |
84 | # insert | |
85 | ||
86 | my $sth = $ruledb->{dbh}->prepare( | |
87 | "INSERT INTO Object (Objectgroup_ID, ObjectType, Value) " . | |
88 | "VALUES (?, ?, ?);"); | |
89 | ||
90 | $sth->execute($self->{ogroup}, $self->otype, $confdata); | |
91 | ||
92 | $self->{id} = PMG::Utils::lastid($ruledb->{dbh}, 'object_id_seq'); | |
93 | } | |
94 | ||
95 | return $self->{id}; | |
96 | } | |
97 | ||
98 | sub test_ldap { | |
99 | my ($ldap, $addr, $user, $profile) = @_; | |
100 | ||
101 | return $ldap->account_has_address($user, $addr, $profile); | |
102 | } | |
103 | ||
104 | sub who_match { | |
105 | my ($self, $addr, $ip, $ldap) = @_; | |
106 | ||
107 | return 0 if !$ldap; | |
108 | ||
109 | return test_ldap($ldap, $addr, $self->{ldapuser}, $self->{profile}); | |
110 | } | |
111 | ||
d4d73d95 DM |
112 | sub short_desc { |
113 | my ($self) = @_; | |
114 | ||
115 | my $user = $self->{ldapuser}; | |
116 | my $profile = $self->{profile}; | |
117 | ||
118 | my $desc; | |
119 | ||
120 | if ($profile) { | |
f76f331a | 121 | $desc = "LDAP user '$user', profile '$profile'"; |
d4d73d95 DM |
122 | } else { |
123 | $desc = "LDAP user without profile - fail always"; | |
124 | } | |
125 | ||
126 | return $desc; | |
127 | } | |
128 | ||
129 | sub properties { | |
130 | my ($class) = @_; | |
131 | ||
132 | return { | |
133 | profile => { | |
134 | description => "Profile ID.", | |
135 | type => 'string', format => 'pve-configid', | |
136 | }, | |
137 | account => { | |
138 | description => "LDAP user account name.", | |
139 | type => 'string', | |
140 | maxLength => 1024, | |
141 | minLength => 1, | |
142 | }, | |
143 | }; | |
144 | } | |
145 | ||
146 | sub get { | |
147 | my ($self) = @_; | |
148 | ||
149 | return { | |
150 | account => $self->{ldapuser}, | |
151 | profile => $self->{profile}, | |
152 | }; | |
153 | } | |
154 | ||
155 | sub update { | |
156 | my ($self, $param) = @_; | |
157 | ||
158 | my $profile = $param->{profile}; | |
159 | my $cfg = PVE::INotify::read_file("pmg-ldap.conf"); | |
160 | my $config = $cfg->{ids}->{$profile}; | |
161 | die "LDAP profile '$profile' does not exist\n" if !$config; | |
162 | ||
163 | my $account = $param->{account}; | |
164 | my $ldapcache = PMG::LDAPCache->new( | |
165 | id => $profile, syncmode => 1, %$config); | |
166 | ||
167 | die "LDAP acoount '$account' does not exist\n" | |
168 | if !$ldapcache->account_exists($account); | |
169 | ||
170 | $self->{ldapuser} = $account; | |
171 | $self->{profile} = $profile; | |
172 | } | |
173 | ||
c712d3a2 DM |
174 | 1; |
175 | ||
176 | __END__ | |
177 | ||
178 | =head1 PMG::RuleDB::LDAPUser | |
179 | ||
180 | A WHO object to check LDAP users | |
181 | ||
1359baef | 182 | =head2 Attributes |
c712d3a2 DM |
183 | |
184 | =head3 ldapuser | |
185 | ||
186 | An LDAP user account (ignore case). | |
187 | ||
188 | =head3 profile | |
189 | ||
190 | The LDAP profile name | |
191 | ||
192 | =head2 Examples | |
193 | ||
194 | $obj = PMG::RuleDB::LDAPUser>new('username', 'profile_name'); | |
195 |