liblemonldap-ng-portal-perl 1.9.16-2 / usr / share / perl5 / Lemonldap / NG / Portal / AuthAD.pm

This file is indexed.

/usr/share/perl5/Lemonldap/NG/Portal/AuthAD.pm is in liblemonldap-ng-portal-perl 1.9.16-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
##@file
# AD authentication backend file

##@class
# AD authentication backend class
package Lemonldap::NG::Portal::AuthAD;

use strict;

our $VERSION = '1.9.3';
use Lemonldap::NG::Portal::Simple;
use base qw(Lemonldap::NG::Portal::AuthLDAP);

*_formateFilter = *Lemonldap::NG::Portal::UserDBAD::formateFilter;
*getDisplayType = *Lemonldap::NG::Portal::AuthLDAP::getDisplayType;

## @apmethod int authInit()
# Add specific attributes for search
# @return Lemonldap::NG::Portal constant
sub authInit {
    my $self = shift;

    $self->{ldapExportedVars}->{_AD_pwdLastSet}         = 'pwdLastSet';
    $self->{ldapExportedVars}->{_AD_userAccountControl} = 'userAccountControl';
    $self->{ldapExportedVars}->{_AD_msDS_UACC} =
      'msDS-User-Account-Control-Computed';

    return $self->SUPER::authInit();
}

## @apmethod int authenticate()
# Authenticate user by LDAP mechanism.
# Check AD specific attribute to get password state.
# @return Lemonldap::NG::Portal constant
sub authenticate {
    my $self = shift;

    my $res = $self->SUPER::authenticate;

    unless ( $res == PE_OK ) {

        # Check specific AD attributes
        my $pls      = $self->{sessionInfo}->{_AD_pwdLastSet};
        my $computed = $self->{sessionInfo}->{_AD_msDS_UACC};
        my $mask = 0xf00000;    # mask to get the 8 at 6th position
        my $expired_flag =
          0x800000;   # 8 at 6th position for flag UF_PASSWORD_EXPIRED to be set
        if ( ( $computed & $mask ) == $expired_flag ) {
            $self->lmLog( "[AD] Password has expired", 'warn' );
            $res = PE_PP_PASSWORD_EXPIRED;
        }

        # Password must be changed if pwdLastSet 0
        if ( defined $pls and $pls == 0 ) {
            $self->lmLog( "[AD] Password reset. User must change his password",
                'warn' );
            $res = PE_PP_CHANGE_AFTER_RESET;
        }

    }
    else {

        # Getting password max age (delay)
        my $ADPwdMaxAge = $self->{ADPwdMaxAge} || 0;
        $ADPwdMaxAge *= 10000000; # padding with '0' to obtain 0.1 micro-seconds

        # Getting password expiration warning time (delay)
        my $ADPwdExpireWarning = $self->{ADPwdExpireWarning} || 0;
        $ADPwdExpireWarning *=
          10000000;               # padding with '0' to obtain 0.1 micro-seconds

        if ( $ADPwdExpireWarning > $ADPwdMaxAge ) {
            $ADPwdExpireWarning = $ADPwdMaxAge;
            $self->lmLog(
"Error: ADPwdExpireWarning > ADPwdMaxAge, this should not happen",
                'warn'
            );
        }

        # get userAccountControl to ckeck password expiration flags
        my $_adUac = $self->{sessionInfo}->{_AD_userAccountControl} || 0;

        # Compute current timestamp in AD format (date)
        my $time = time;    # unix timestamp (seconds since Jan 01 1970)
        my $a_time =
          $time + 11644473600;    # adding difference (in s) from Jan 01 1601
        my $timestamp =
          $a_time . '0000000';   # padding with '0' to obatin 0.1 micro-seconds

        # Compute password expiration time (date)
        my $_pwdExpire = $self->{sessionInfo}->{_AD_pwdLastSet} || $timestamp;
        $_pwdExpire += $ADPwdMaxAge;

# computing when the warning message is displayed on portal (date - delay = date)
        my $_pwdWarning = $_pwdExpire - $ADPwdExpireWarning;

        # display warning if account warning time before expiration is
        # reached and flag "password nevers expires" is not set
        if (   $timestamp > $_pwdWarning
            && $timestamp < $_pwdExpire
            && ( $_adUac & 0x10000 ) != 0x10000 )
        {

            # calculating remaining time before password expiration
            my $remainingTime = $_pwdExpire - $timestamp;
            $self->info(
                "<h3>"
                  . sprintf(
                    $self->msg(PM_PP_EXP_WARNING),
                    $self->convertSec(
                        substr( $remainingTime, 0, length($remainingTime) - 7 )
                    )
                  )
                  . "</h3>"
            );
        }

    }

    # Remember password if password reset needed
    $self->{oldpassword} = $self->{password}
      if (
        $res == PE_PP_CHANGE_AFTER_RESET
        or (    $res == PE_PP_PASSWORD_EXPIRED
            and $self->{ldapAllowResetExpiredPassword} )
      );

    return $res;
}

## @method boolean stop
# Define which error codes will stop Multi process
# @param res error code
# @return result 1 if stop is needed
sub stop {
    my ( $self, $res ) = @_;

    return 1
      if ( $res == PE_PP_PASSWORD_EXPIRED
        or $res == PE_PP_CHANGE_AFTER_RESET );
    return 0;
}

1;

APT Browse - Built by Thomas Orozco.