--- Lib.pm.or 2005-09-27 23:08:20.000000000 +0200 +++ Lib.pm 2005-09-27 23:09:25.000000000 +0200 @@ -50,6 +50,9 @@ use vars qw($Hosts $HostsMTime $ConfigMTime $PrivAdmin); use vars qw(%UserEmailInfo $UserEmailInfoMTime %RestoreReq %ArchiveReq); use vars qw($Lang); +use vars qw($connexionDb $mysqlServerUsername $mysqlServerPw $cookie + $peopleDn $ldap_server $adminDn $adminPw $droitsDn $cn @cn + $baseurl); @ISA = qw(Exporter); @@ -112,7 +115,7 @@ # Default REMOTE_USER so in a miminal installation the user # has a sensible default. # - $ENV{REMOTE_USER} = $Conf{BackupPCUser} if ( $ENV{REMOTE_USER} eq "" ); + #$ENV{REMOTE_USER} = $Conf{BackupPCUser} if ( $ENV{REMOTE_USER} eq "" ); # # We require that Apache pass in $ENV{SCRIPT_NAME} and $ENV{REMOTE_USER}. @@ -120,8 +123,71 @@ # code if you are using some other type of authentication, and have # a different way of getting the user name. # - $MyURL = $ENV{SCRIPT_NAME}; - $User = $ENV{REMOTE_USER}; + #$MyURL = $ENV{SCRIPT_NAME}; + #$User = "www-se3"; + + use CGI::Cookie; + use Net::LDAP; + require '/etc/SeConfig.ph'; + # Identification de l'utilisateur + # =============================== + # R\xe9cup\xe9ration du cookie + my %cookies = fetch CGI::Cookie; + #open LOG, '>/tmp/bpc.log'; + #foreach $cookie (keys %cookies) { + # print LOG "$cookie : $cookies{$cookie}\n"; + #} + #close LOG; + my $isAdmin = "N"; + if ($cookies{'SambaEdu3'}) { + my $session = $cookies{'SambaEdu3'}->value; + # Connexion MySql + my $lcs_db = DBI->connect("DBI:mysql:$connexionDb", $mysqlServerUsername, $mysqlServerPw); + my $requete = $lcs_db->prepare("select id, login from sessions where (sess = '$session')"); + $requete->execute(); + my ( $id, $login ) = $requete->fetchrow_array; + $lcs_db->disconnect; + # Validation + my $admindn = 'uid=' . $login .",". $peopleDn; + my @attrs = ('cn'); + my $lcs_ldap = Net::LDAP->new("$ldap_server"); + $lcs_ldap->bind(dn => "$adminDn", + password => "$adminPw"); + my $res = $lcs_ldap->search(base => "cn=system_is_admin,$droitsDn", + scope => 'subtree', + attrs => \@attrs, + filter => "(member=$admindn)"); + foreach my $entry ($res->entries) { + @cn = $entry->get('cn'); + } + if ($cn[0] eq 'system_is_admin') { + $isAdmin = "Y"; + } + my $res = $lcs_ldap->search(base => "cn=se3_is_admin,$droitsDn", + scope => 'subtree', + attrs => \@attrs, + filter => "(member=$admindn)"); + foreach my $entry ($res->entries) { + @cn = $entry->get('cn'); + } + if ($cn[0] eq 'se3_is_admin') { + $isAdmin = "Y"; + } + $lcs_ldap->unbind(); + } + + if ($isAdmin eq 'N') { + print $Cgi->header(); + print + "\n", + "
\n", + "\n", + "\n"; + exit; + } else { + $User = 'www-se3'; + } # # Clean up %ENV for taint checking