smeserver-manager/root/usr/share/smanager/lib/SrvMngr/Model/Main.pm

109 lines
3.0 KiB
Perl
Raw Permalink Normal View History

package SrvMngr::Model::Main;
use strict;
use warnings;
use utf8;
use esmith::ConfigDB;
use esmith::AccountsDB;
use esmith::util;
use Net::LDAP qw/LDAP_INVALID_CREDENTIALS/;
sub init_data {
my %datas = ();
my $cdb = esmith::ConfigDB->open_ro() or die("can't open Config DB");
my $sysconfig = $cdb->get("sysconfig");
$datas{'lang'} = $sysconfig->prop('Language') || 'en_US';
## convert xx_XX lang format to xx-xx + delete .UTFxx + lowercase
$datas{'lang'} =~ s/_(.*)\..*$/-${1}/; # just keep 'en-us'
# $datas{'lang'} = lc( substr( $datas{'lang'},0,2 )); # just keep 'en'
$datas{'releaseVersion'} = $sysconfig->prop("ReleaseVersion") || '??';
$datas{'copyRight'} = 'All rights reserved';
$datas{'PwdSet'} = ($cdb->get('PasswordSet')->value eq "yes") || '0' ;
$datas{'SystemName'} = $cdb->get("SystemName")->value;
$datas{'DomainName'} = $cdb->get("DomainName")->value;
my $rec = $cdb->get("smanager");
$datas{'Access'} = $rec->prop('access') || 'private';
return \%datas;
}
sub reconf_needed {
my $cdb = esmith::ConfigDB->open_ro() or die("can't open Config DB");
my $unsafe = ($cdb->get('bootstrap-console') and $cdb->get('bootstrap-console')->prop('Run') eq 'yes') ||
($cdb->get('UnsavedChanges') and $cdb->get('UnsavedChanges')->value eq 'yes') || '0';
return $unsafe;
}
sub check_credentials {
my ($c, $username, $password) = @_;
return unless $username || $password;
my $cdb = esmith::ConfigDB->open_ro() or die("can't open Configuration DB");
my $l = $cdb->get('ldap');
my $status = $l->prop('status') || "disabled";
unless ($status eq "enabled" ) {
warn "Couldn't connect. LDAP service not enabled!\n";
return;
}
my $domain = $cdb->get('DomainName')->value;
my $base = esmith::util::ldapBase ($domain);
# secure & localhost !?
my $LDAP_server = 'ldaps://localhost';
my $ldap = Net::LDAP->new( $LDAP_server )
or warn("Couldn't connect to LDAP server $LDAP_server: $@"), return;
# this is where we check the password
my $DN = "uid=$username,ou=Users,$base";
my $login = $ldap->bind( $DN, password => $password );
# return 1 on success, 0 on failure with the ternary operator
return $login->code == LDAP_INVALID_CREDENTIALS ? 0 : 1;
}
sub check_adminalias {
# is an alias required for admin ? return it or undef
my $c = shift;
my $alias;
my $cdb = esmith::ConfigDB->open_ro() or die("can't open Configuration DB");
if (defined $cdb->get('AdminAlias')) {
$alias = $cdb->get('AdminAlias')->value;
}
return undef unless $alias;
my $adb = esmith::AccountsDB->open_ro() or die("can't open Accounts DB");
my $arec = $adb->get( $alias );
return undef unless $arec;
# $alias pseudo exists AND points to admin AND is removable (not known pseudos) => OK
return ( $arec && $arec->prop('type') eq 'pseudonym' && $arec->prop('Account') eq 'admin'
&& ($arec->prop('Removable') || 'yes') ne 'no' ) ? $alias : undef;
}
1;