diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-04-01 01:30:07 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-04-01 01:30:07 +0000 |
commit | 012d853d21acba301c306b12e71ca744ccee1732 (patch) | |
tree | 725569a79eb3d862d1499ff975efa4b97ee6ac82 /pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl | |
parent | de177a4ef3cfcd987a478055bbf19da4275b19e6 (diff) | |
download | pki-012d853d21acba301c306b12e71ca744ccee1732.tar.gz pki-012d853d21acba301c306b12e71ca744ccee1732.tar.xz pki-012d853d21acba301c306b12e71ca744ccee1732.zip |
Bugzilla BZ#691867: add ldaps support through perLDAP
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1938 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl')
-rwxr-xr-x | pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl | 96 |
1 files changed, 50 insertions, 46 deletions
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl b/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl index 59980b134..d616fa136 100755 --- a/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl +++ b/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl @@ -20,11 +20,8 @@ # --- END COPYRIGHT BLOCK --- # -# -# Establish platform-dependent variables: -# - -my $ldapsearch = "/usr/bin/ldapsearch"; +use Mozilla::LDAP::Conn; +use PKI::TPS::Common; # # Feel free to modify the following parameters: @@ -38,11 +35,6 @@ my $host = "localhost"; my $cfg = "/var/lib/pki-tps/conf/CS.cfg"; -sub get_ldapsearch() -{ - return $ldapsearch; -} - sub get_ldap_host() { my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`; @@ -59,6 +51,20 @@ sub get_ldap_port() return $ldapPort; } +sub get_ldap_secure() +{ + my $ldapsecure = `grep auth.instance.0.ssl $cfg | cut -c21-`; + chomp($ldapsecure); + return $ldapsecure; +} + +sub get_ldap_certdir() +{ + my $ldapcertdir = `grep service.instanceDir $cfg | cut -c21-`; + chomp($ldapcertdir); + return $ldapcertdir . "/alias"; +} + sub get_base_dn() { my $basedn = `grep auth.instance.0.baseDN $cfg | cut -c24-`; @@ -99,6 +105,9 @@ sub is_agent() my $x_hostport = `grep -e "^tokendb.hostport" $cfg | cut -c18-`; chomp($x_hostport); my ($x_host, $x_port) = split(/:/, $x_hostport); + + my $x_secureconn = `grep -e "^tokendb.ssl" $cfg | cut -c13-`; + chomp($x_secureconn); my $x_basedn = `grep -e "^tokendb.userBaseDN" $cfg | cut -c20-`; chomp($x_basedn); my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`; @@ -108,24 +117,24 @@ sub is_agent() my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`; chomp($x_bindpwd); - my $cmd = $ldapsearch . " " . - "-x " . - "-D \"" . $x_binddn . "\" " . - "-w \"" . $x_bindpwd . "\" " . - "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " . - "-h \"" . $x_host . "\" " . - "-p \"" . $x_port ."\" " . - "-LLL member | grep \"uid=" . $uid . ",\" | wc -l"; + my $ldap = PKI::TPS::Common::make_connection( + {host => $x_host, port => $x_port, pswd => $x_bindpwd, bind => $x_binddn, cert => $x_certdir}, + $x_secureconn); + + return 0 if (! $ldap); - my $matched = `$cmd`; + my $entry = $ldap->search ( "cn=TUS Officers,ou=Groups,$x_basedn", + "sub", + "uid=$uid", + 0 + ); - chomp($matched); + $ldap->close(); - if ($matched eq "0" || $matched eq "") { - return 0; - } else { - return 1; + if ($entry) { + return 1; } + return 0; } sub is_user() @@ -138,33 +147,28 @@ sub is_user() $uid = $1; my $x_host = get_ldap_host(); - $x_port = get_ldap_port(); + my $x_port = get_ldap_port(); + my $x_secureconn = get_ldap_secure(); my $x_basedn = get_base_dn(); - chomp($x_basedn); - my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`; - chomp($x_binddn); - my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`; - chomp($x_bindpwdpath); - my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`; - chomp($x_bindpwd); + my $x_certdir = get_ldap_certdir(); + + my $ldap = PKI::TPS::Common::make_connection( + {host => $x_host, port => $x_port, cert => $x_certdir}, + $x_secureconn); - my $cmd = $ldapsearch . " " . - "-x " . - "-D \"" . $x_binddn . "\" " . - "-w \"" . $x_bindpwd . "\" " . - "-b \"" . "ou=people,".$x_basedn . "\" " . - "-h \"" . $x_host . "\" " . - "-p \"" . $x_port ."\" " . - "-LLL \"(uid=" . $uid . ")\" uid | grep \"uid:\" | wc -l"; + return 0 if (! $ldap); - my $matched = `$cmd`; + my $entry = $ldap->search ( "ou=people,$x_basedn", + "sub", + "uid=$uid", + 0 + ); - chomp($matched); + $ldap->close(); - if ($matched eq "0" || $matched eq "") { - return 0; - } else { - return 1; + if ($entry) { + return 1; } + return 0; } |