Revision 48c71a4b
Von Moritz Bunkus vor mehr als 5 Jahren hinzugefügt
| SL/Auth.pm | ||
|---|---|---|
| 5 | 5 |
use Digest::MD5 qw(md5_hex); |
| 6 | 6 |
use IO::File; |
| 7 | 7 |
use Time::HiRes qw(gettimeofday); |
| 8 |
use List::MoreUtils qw(uniq); |
|
| 8 |
use List::MoreUtils qw(any uniq);
|
|
| 9 | 9 |
use YAML; |
| 10 | 10 |
use Regexp::IPv6 qw($IPv6_re); |
| 11 | 11 |
|
| ... | ... | |
| 72 | 72 |
delete $self->{column_information};
|
| 73 | 73 |
} |
| 74 | 74 |
|
| 75 |
$self->{authenticator}->reset;
|
|
| 75 |
$_->reset for @{ $self->{authenticators} };
|
|
| 76 | 76 |
|
| 77 | 77 |
$self->client(undef); |
| 78 | 78 |
} |
| ... | ... | |
| 145 | 145 |
$self->{DB_config} = $::lx_office_conf{'authentication/database'};
|
| 146 | 146 |
} |
| 147 | 147 |
|
| 148 |
if ($self->{module} eq 'DB') {
|
|
| 149 |
$self->{authenticator} = SL::Auth::DB->new($self);
|
|
| 148 |
$self->{authenticators} = [];
|
|
| 149 |
$self->{module} ||= 'DB';
|
|
| 150 |
$self->{module} =~ s{^ +| +$}{}g;
|
|
| 150 | 151 |
|
| 151 |
} elsif ($self->{module} eq 'LDAP') {
|
|
| 152 |
$self->{authenticator} = SL::Auth::LDAP->new($::lx_office_conf{'authentication/ldap'});
|
|
| 153 |
} |
|
| 152 |
foreach my $module (split m{ +}, $self->{module}) {
|
|
| 153 |
my $config_name; |
|
| 154 |
($module, $config_name) = split m{:}, $module, 2;
|
|
| 155 |
$config_name ||= $module eq 'DB' ? 'database' : lc($module); |
|
| 156 |
my $config = $::lx_office_conf{'authentication/' . $config_name};
|
|
| 154 | 157 |
|
| 155 |
if (!$self->{authenticator}) {
|
|
| 156 |
my $locale = Locale->new('en');
|
|
| 157 |
$self->mini_error($locale->text('No or an unknown authenticantion module specified in "config/kivitendo.conf".'));
|
|
| 158 |
if (!$config) {
|
|
| 159 |
my $locale = Locale->new('en');
|
|
| 160 |
$self->mini_error($locale->text('Missing configuration section "authentication/#1" in "config/kivitendo.conf".', $config_name));
|
|
| 161 |
} |
|
| 162 |
|
|
| 163 |
if ($module eq 'DB') {
|
|
| 164 |
push @{ $self->{authenticators} }, SL::Auth::DB->new($self);
|
|
| 165 |
|
|
| 166 |
} elsif ($module eq 'LDAP') {
|
|
| 167 |
push @{ $self->{authenticators} }, SL::Auth::LDAP->new($config);
|
|
| 168 |
|
|
| 169 |
} else {
|
|
| 170 |
my $locale = Locale->new('en');
|
|
| 171 |
$self->mini_error($locale->text('Unknown authenticantion module #1 specified in "config/kivitendo.conf".', $module));
|
|
| 172 |
} |
|
| 158 | 173 |
} |
| 159 | 174 |
|
| 160 | 175 |
my $cfg = $self->{DB_config};
|
| ... | ... | |
| 169 | 184 |
$self->mini_error($locale->text('config/kivitendo.conf: Missing parameters in "authentication/database". Required parameters are "host", "db" and "user".'));
|
| 170 | 185 |
} |
| 171 | 186 |
|
| 172 |
$self->{authenticator}->verify_config();
|
|
| 187 |
$_->verify_config for @{ $self->{authenticators} };
|
|
| 173 | 188 |
|
| 174 | 189 |
$self->{session_timeout} *= 1;
|
| 175 | 190 |
$self->{session_timeout} = 8 * 60 if (!$self->{session_timeout});
|
| ... | ... | |
| 229 | 244 |
return ERR_PASSWORD; |
| 230 | 245 |
} |
| 231 | 246 |
|
| 232 |
my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER;
|
|
| 247 |
my $result = ERR_USER; |
|
| 248 |
if ($login) {
|
|
| 249 |
foreach my $authenticator (@{ $self->{authenticators} }) {
|
|
| 250 |
$result = $authenticator->authenticate($login, $password); |
|
| 251 |
last if $result == OK; |
|
| 252 |
} |
|
| 253 |
} |
|
| 254 |
|
|
| 233 | 255 |
$self->set_session_value(SESSION_KEY_USER_AUTH() => $result, login => $login, client_id => $self->client->{id});
|
| 234 | 256 |
return $result; |
| 235 | 257 |
} |
| ... | ... | |
| 414 | 436 |
sub can_change_password {
|
| 415 | 437 |
my $self = shift; |
| 416 | 438 |
|
| 417 |
return $self->{authenticator}->can_change_password();
|
|
| 439 |
return any { $_->can_change_password } @{ $self->{authenticators} };
|
|
| 418 | 440 |
} |
| 419 | 441 |
|
| 420 | 442 |
sub change_password {
|
| 421 | 443 |
my ($self, $login, $new_password) = @_; |
| 422 | 444 |
|
| 423 |
my $result = $self->{authenticator}->change_password($login, $new_password);
|
|
| 445 |
my $overall_result = OK;
|
|
| 424 | 446 |
|
| 425 |
return $result; |
|
| 447 |
foreach my $authenticator (@{ $self->{authenticators} }) {
|
|
| 448 |
next unless $authenticator->can_change_password; |
|
| 449 |
|
|
| 450 |
my $result = $authenticator->change_password($login, $new_password); |
|
| 451 |
$overall_result = $result if $result != OK; |
|
| 452 |
} |
|
| 453 |
|
|
| 454 |
return $overall_result; |
|
| 426 | 455 |
} |
| 427 | 456 |
|
| 428 | 457 |
sub read_all_users {
|
Auch abrufbar als: Unified diff
Auth: Unterstützung für multiple Authentifizierungsbackends
Über den Parameter "module" kann man nun multiple Backends angeben,
die nacheinander versucht werden, bis ein Erfolg gemeldet wird oder
die Liste durchlaufen wurde.
Zusätzlich kann man LDAP-Module mehrfach angeben. Damit
unterschiedliche Konfigurationen für jede Modulinstanz benutzt werden
können, wurde die Syntax erweitert: für "LDAP:Config-Abschnitts-Name"
wird "[authentication/Config-Abschnitts-Name]" benutzt. Zwecks
Rückwärtskompatibilität sucht "LDAP" ohne Angabe eines Namens nach dem
bisher auch verwendeten Abschnitt "[authentication/ldap]".
Nützlich ist das Ganze z.B., um einen LDAP-Fallback-Server angeben zu
können, der benutzt wird, wenn der Hauptserver nicht erreichbar sein
sollte.