Context Navigation

source: trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql.pm @ 2605

Visit:

Last change on this file since 2605 was 2605, checked in by nanardon, 2 months ago
Avoid undef
Property svn:keywords set to `Id Rev`
File size: 28.0 KB

Rev	Line
[29]	1	package LATMOS::Accounts::Bases::Sql;
[19]	2
	3	use 5.010000;
	4	use strict;
	5	use warnings;
	6
	7	use base qw(LATMOS::Accounts::Bases);
[297]	8	use LATMOS::Accounts::Log;
[19]	9	use DBI;
[861]	10	use Crypt::RSA;
	11	use Crypt::RSA::Key::Public::SSH;
	12	use Crypt::RSA::Key::Private::SSH;
[1309]	13	use Crypt::RSA::Key::Public;
	14	use Crypt::RSA::Key::Private;
[2035]	15	use Crypt::Blowfish;
[861]	16	use MIME::Base64;
[19]	17
[2207]	18	our $VERSION = (q$Rev$ =~ /^Rev: (\d+) /)[0];
[19]	19
[2541]	20	sub SCHEMA_VERSION { 40 };
[880]	21
[19]	22	=head1 NAME
	23
	24	LATMOS::Ad - Perl extension for blah blah blah
	25
	26	=head1 SYNOPSIS
	27
	28	use LATMOS::Accounts::Bases;
	29	my $base = LATMOS::Accounts::Bases->new('unix');
	30	...
	31
	32	=head1 DESCRIPTION
	33
	34	Account base access over standard unix file format.
	35
	36	=head1 FUNCTIONS
	37
	38	=cut
	39
[1402]	40	=head2 SCHEMA_VERSION
	41
	42	Return the SQL schema version to use for this software version.
	43
[1071]	44	=head2 new(%config)
[19]	45
	46	Create a new LATMOS::Ad object for windows AD $domain.
	47
	48	domain / server: either the Ad domain or directly the server
	49
	50	ldap_args is an optionnal list of arguments to pass to L<Net::LDAP>.
	51
	52	=cut
	53
	54	sub new {
[1071]	55	my ($class, %config) = @_;
[19]	56
	57	my $base = {
[1071]	58	db_conn => $config{db_conn},
[19]	59	};
	60
	61	bless($base, $class);
	62	}
	63
[102]	64	sub DESTROY {
	65	my ($self) = @_;
	66	$self->{_db} && $self->{_db}->rollback;
	67	}
	68
[1023]	69	=head2 db
	70
	71	Return a L<DBI> handle over database, load it if need.
	72
	73	=cut
	74
[19]	75	sub db {
	76	my ($self) = @_;
	77
	78	if ($self->{_db} && $self->{_db}->ping) {
	79	return $self->{_db};
	80	} else {
	81	$self->{_db} = DBI->connect_cached(
	82	'dbi:Pg:' . $self->{db_conn},
	83	undef, undef,
	84	{
[861]	85	RaiseError => 0,
[19]	86	AutoCommit => 0,
[327]	87	PrintWarn => 1,
[19]	88	PrintError => 1,
	89	}
[297]	90	) or do {
[861]	91	$self->log(LA_ERR, "Cannot connect to database: %s", $DBI::errstr);
[297]	92	return;
	93	};
[19]	94	$self->{_db}->do(q{set DATESTYLE to 'DMY'});
[297]	95	$self->log(LA_DEBUG, 'New connection to DB');
[1843]	96
[2475]	97	$self->get_global_value('sambaSID') or do {
	98	$self->_setSambaSID;
	99	$self->commit;
	100	};
	101
[19]	102	return $self->{_db};
	103	}
	104	}
	105
[2243]	106	sub IsSchemaUpToDate {
	107	my ($self) = @_;
	108
	109	my $sv = $self->get_global_value('schema_version') \|\| 1;
	110
	111	return $sv == SCHEMA_VERSION;
	112	}
	113
	114	sub SchemaUpgrade {
	115	my ($self) = @_;
	116
	117	if (!$self->IsSchemaUpToDate) {
	118	require LATMOS::Accounts::Bases::Sql::upgrade;
	119	if ($self->_SchemaUpgrade()) {
	120	$self->commit;
	121	} else {
	122	$self->rollback;
	123	return;
	124	}
	125	} else {
	126	return 1;
	127	}
	128	}
	129
[19]	130	=head2 load
	131
	132	Read file and load data into memory
	133
	134	=cut
	135
	136	sub load {
	137	my ($self) = @_;
[881]	138	if (!$self->db) { return 0 };
	139
[2243]	140	if (!$self->IsSchemaUpToDate) {
	141	my $sv = $self->get_global_value('schema_version') \|\| 1;
	142	$self->log(LA_ERR, "Schema need update, please run `la-sql-upgrade -b %s'", $self->label);
	143	return;
[881]	144	}
[2243]	145
[2204]	146	if (!$self->_CreateInternalObjects) {
	147	$self->rollback;
	148	}
[881]	149
	150	1;
[19]	151	}
	152
[2175]	153	sub _CreateInternalObjects {
	154	my ($self) = @_;
	155
	156	my $dbi = $self->{_db};
	157
	158	my @objects = (
	159	{
	160	name => 'dpmt',
	161	otype => 'sutype',
	162	attrs => {
	163	description => 'Department',
	164	},
	165	},
	166	{
	167	name => 'contrattype',
	168	otype => 'sutype',
	169	attrs => {
	170	description => 'Contract',
	171	},
	172	},
	173	{
	174	name => '-useralias',
	175	otype => 'group',
	176	attrs => {
	177	description => 'Internal group for user alias object',
	178	gidnumber => -1,
[2189]	179	unexported => 1,
[2175]	180	},
	181	intern => 1,
	182	},
	183	);
	184
[2194]	185	my $change = 0;
	186
[2175]	187	$self->temp_switch_unexported( sub {
	188
[2194]	189	my $setnodel = $dbi->prepare('UPDATE objects SET nodelete = true where name = ? and nodelete = false');
	190	my $setintern = $dbi->prepare('UPDATE objects SET internobject = true where name = ? and internobject = false');
[2175]	191
	192	foreach (@objects) {
	193	if (!$self->GetRawObject($_->{otype}, $_->{name})) {
	194	printf("Creating object %s/%s\n", $_->{otype}, $_->{name});
	195	$self->create_object($_->{otype}, $_->{name}, %{$_->{attrs} \|\| {}})
	196	or warn sprintf("cannot create %s/%s\n", $_->{otype}, $_->{name});
[2194]	197	$change += 1;
[2175]	198	}
	199
[2194]	200	$change += $setnodel->execute($_->{name});
	201	$change += $setintern->execute($_->{name}) if ($_->{intern});
[2175]	202	}
	203
	204	}, 1);
	205
[2194]	206	if ($change > 0) {
	207	$self->db->commit;
	208	}
	209
[2210]	210	return 1;
[2175]	211	}
	212
[1865]	213	=head2 ListInternalObjects($otype)
	214
	215	List objects flags as internal for type C<$otype>
	216
	217	=cut
	218
	219	sub ListInternalObjects {
	220	my ($self, $otype) = @_;
	221
	222	my $pclass = $self->_load_obj_class($otype) or return;
	223
	224	# Object Alias: checking if object is alias, then returning it:
	225	my $sth = $self->db->prepare_cached(
	226	sprintf(q{select %s as k from %s where and internobject = true},
	227	$self->db->quote_identifier($pclass->_key_field),
	228	$self->db->quote_identifier($pclass->_object_table),
	229	),
	230	);
	231	$sth->execute();
	232	my @list;
	233	while (my $res = $sth->fetchrow_hashref) {
	234	push(@list, $_->{k});
	235	}
	236	return(@list);
	237	}
	238
	239	=head2 GetRawObject($otype, $id)
	240
	241	Return an object even it is internal, alias are not follow and even
	242	unexported object are returned
	243
	244	This function must be used only for maintenance operation.
	245
	246	=cut
	247
	248	sub GetRawObject {
	249	my ($self, $otype, $id) = @_;
	250
	251	my $pclass = $self->_load_obj_class($otype) or return;
	252
	253	return $self->SUPER::get_object($otype, $id);
	254	}
	255
	256	sub _derefObject {
	257	my ($self, $otype, $oalias) = @_;
[1909]	258	$oalias or return;
[2471]	259	if (my ($aliasotype, $aliasoname, $aliasattr) = $oalias =~ m/^([^\/]+)\.([^\.]+)\.(.*)$/) {
[1865]	260	my $attribute = $self->attribute($aliasotype, $aliasattr) or do {
	261	$self->log(LA_DEBUG, "Oalias %s (%s): can fetch attibute %s/%s",
	262	$otype, $oalias, $aliasotype, $aliasattr);
	263	return;
	264	};
	265	my $refotype = $attribute->reference or do {
	266	$self->log(LA_DEBUG, "Oalias %s (%s): Attribute does not reference an object",
	267	$otype, $oalias);
	268	return;
	269	};
[1907]	270	$refotype eq $otype or do {
	271	$self->log(LA_DEBUG, "Oalias %s (%s): Attribute does not reference same object type",
	272	$otype, $oalias, $refotype);
	273	return;
	274	};
[1865]	275	my $robj = $self->get_object($aliasotype, $aliasoname) or do {
	276	$self->log(LA_DEBUG, "Oalias %s (%s): can fetch object %s/%s",
	277	$otype, $oalias, $aliasotype, $aliasoname);
	278	return;
	279	};
	280	my $rvalue = $robj->get_attributes($aliasattr) or do {
	281	$self->log(LA_DEBUG, "Oalias %s (%s): attribute value is empty",
	282	$otype, $oalias);
	283	return;
	284	};
	285	return $self->get_object($refotype, $rvalue);
	286	} else {
[2471]	287	return $self->get_object( $otype, $oalias )
[1865]	288	}
	289	}
	290
	291	sub get_object {
	292	my ($self, $otype, $id) = @_;
	293
	294	my $pclass = $self->_load_obj_class($otype) or return;
	295
	296	# Object Alias: checking if object is alias, then returning it:
	297	my $sth = $self->db->prepare_cached(
	298	sprintf(q{select oalias from %s where %s = ? and internobject = false %s},
	299	$self->db->quote_identifier($pclass->_object_table),
	300	$self->db->quote_identifier($pclass->_key_field),
	301	($self->{wexported} ? '' : 'and exported = true'),
	302	),
	303	);
	304	$sth->execute($id);
	305	my $res = $sth->fetchrow_hashref;
	306	$sth->finish;
	307	if (my $oalias = $res->{oalias}) {
	308	# Cross reference over object/attribute
	309	$self->_derefObject($otype, $oalias);
	310	} else {
	311	return $self->SUPER::get_object($otype, $id);
	312	}
	313	}
	314
[1771]	315	=head2 getObjectFromOKey ($okey)
	316
	317	Return the object from the db internal key
	318
	319	=cut
	320
	321	sub getObjectFromOKey {
	322	my ($self, $okey) = @_;
	323
	324	my $findobj = $self->{_db}->prepare_cached(q{
	325	select * from objects_table where ikey = ?
	326	});
	327
	328	$findobj->execute($okey);
	329
	330	my $res = $findobj->fetchrow_hashref;
	331	$findobj->finish;
	332
	333	if ($res) {
	334	return $self->get_object($res->{relname}, $res->{name});
	335	} else {
	336	return;
	337	}
	338	}
	339
[1135]	340	sub _sync_dyn_group {
	341	my ($self) = @_;
	342
	343	my @groups = $self->search_objects('group', 'autoMemberFilter=*');
	344
[2603]	345	my $gres = 0;
[1135]	346	foreach (@groups) {
	347	my $g = $self->get_object('group', $_) or next;
[2603]	348	my $res = $g->populate_dyn_group;
	349	$self->log( LA_INFO, "Group Dyn $_ has been updated (res: $res)" ) if ($res);
	350	$gres += $res
[1135]	351	}
[1737]	352
[2603]	353	$self->log(LA_DEBUG, "Group Dyn res %d", $gres);
	354	$gres
[1135]	355	}
	356
[1490]	357	sub _sync_dyn_aliases {
	358	my ($self) = @_;
	359
[2603]	360	my @aliases = $self->search_objects('aliases', 'autoMemberFilter=*');
[1490]	361
[2603]	362	my $gres = 0;
	363	foreach (@aliases) {
[1490]	364	my $g = $self->get_object('aliases', $_) or next;
[2603]	365	my $res += $g->populate_dyn_aliases;
	366	$self->log( LA_INFO, "Alias Dyn $_ has been updated (res: $res)" ) if ($res);
	367	$gres += $res
[1490]	368	}
[1737]	369
[2603]	370	$self->log(LA_DEBUG, "Aliases Dyn res %d", $gres);
	371	$gres
[1490]	372	}
	373
[1739]	374	=head2 PopulateDynData
	375
	376	Recomputate dynamics attributes (autoMembersFilters) if need
	377
	378	=cut
	379
[1737]	380	sub PopulateDynData {
[19]	381	my ($self) = @_;
[1135]	382
[2189]	383	$self->log(LA_DEBUG, 'Running PopulateDynData()');
	384
[2111]	385	$self->temp_switch_unexported(sub {
[1737]	386
[2111]	387	foreach (1 .. 5) {
	388	$self->log(LA_DEBUG, "%d loop for PopulateDynData", $_);
	389	my $res = 0;
	390	$res += $self->_sync_dyn_group \|\| 0;
	391	$res += $self->_sync_dyn_aliases \|\| 0;
	392
	393	if ($res == 0) {
	394	last;
	395	}
[1737]	396	}
[1135]	397
[2244]	398	{ # Trick for ssh keys
	399	my %sshUser = map { $_ => 1 } (
	400	$self->search_objects('user', 'authorizedKeys=*', 'oalias=NULL'),
	401	$self->search_objects('user', 'sshPublicKeyFilter=*', 'oalias=NULL'),
	402	$self->search_objects('user', 'sshPublicKey=*', 'oalias=NULL'),
	403	);
[2189]	404
[2244]	405	foreach my $user (keys %sshUser) {
	406	my $ouser = $self->get_object('user', $user) or next;
[2604]	407	my $rawold = $ouser->_get_c_field('authorizedKeys');
[2605]	408	my @old = sort grep { defined $_ } ( ref $rawold ? @{ $rawold } : ( $rawold ) );
[2604]	409	my $rawnew = $ouser->_get_c_field('_authorizedKeys');
[2605]	410	my @new = sort grep { defined $_ } ( ref $rawnew ? @{ $rawnew } : ( $rawnew ) );
[2604]	411	if ( join( "\n", @old ) ne join( "\n", @new ) ) {
	412	$self->log(LA_INFO, "Updating authorizedKeys from filter for user $user" );
	413	$ouser->set_fields( 'authorizedKeys', $rawnew )
	414	}
[2244]	415	}
[2189]	416	}
	417
[2111]	418	}, 0);
	419
[1737]	420	return 1;
	421	}
	422
	423	sub _commit {
	424	my ($self) = @_;
	425
[2189]	426	# Let sync-manager update data in background
	427	$self->PopulateDynData unless($self->config('ASyncDynData'));
	428
[297]	429	if ($ENV{LA_NO_COMMIT}) {
	430	$self->log(LA_DEBUG, 'DB::COMMIT (ignore due to LA_NO_COMMIT)');
	431	return 1;
	432	} else {
	433	$self->log(LA_DEBUG, 'DB::COMMIT');
	434	}
[570]	435	$self->{__cache} = undef;
[19]	436	$self->db->commit;
	437	}
	438
[861]	439	sub _rollback {
[19]	440	my ($self) = @_;
[297]	441	if ($ENV{LA_NO_COMMIT}) {
	442	$self->log(LA_DEBUG, 'DB::ROLLBACK (ignore due to LA_NO_COMMIT)');
	443	return 1
	444	} else {
	445	$self->log(LA_DEBUG, 'DB::ROLLBACK');
	446	}
[570]	447	$self->{__cache} = undef;
[19]	448	$self->db->rollback;
	449	}
	450
[132]	451	sub list_supported_objects {
	452	my ($self, @otype) = @_;
	453	$self->SUPER::list_supported_objects(qw(site), @otype);
	454	}
	455
[1865]	456	# For SQL listRealObjects != list_objects
	457	sub listRealObjects {
	458	my ($self, $otype) = @_;
	459	my $pclass = $self->_load_obj_class($otype) or return;
	460	$pclass->listReal($self);
	461	}
	462
[52]	463	sub current_rev {
	464	my ($self) = @_;
	465	my $sth = $self->db->prepare_cached(
	466	q{select max(rev) from revisions}
	467	);
	468	$sth->execute;
	469	my $res = $sth->fetchrow_hashref;
	470	$sth->finish;
	471	return ($res->{max});
	472	}
	473
[1367]	474	sub authenticate_user {
	475	my ($self, $username, $passwd) = @_;
	476	$username or return;
	477	my $uobj = $self->get_object('user', $username) or do {
[1978]	478	la_log(LA_ERR, "Cannot authenticate non existing SQL user $username");
[1367]	479	return;
	480	};
	481
	482	if ($self->attribute('user', 'exported')) {
	483	if (!$uobj->_get_c_field('exported')) {
	484	la_log(LA_ERR, "User $username found but currently unexported");
	485	return;
	486	}
	487	}
	488
	489	$self->SUPER::authenticate_user($username, $passwd);
	490	}
	491
[1023]	492	=head1 SPECIFICS FUNCTIONS
[861]	493
[1865]	494	=head2 GetAlias($base, $id)
	495
	496	Return object having id C<$id> only if it is an object alias
	497
	498	=cut
	499
	500	sub GetAlias {
	501	my ($self, $otype, $id) = @_;
	502
	503	my $pclass = $self->_load_obj_class($otype) or return;
	504
	505	# Object Alias: checking if object is alias, then returning it:
	506	my $sth = $self->db->prepare_cached(
	507	sprintf(q{select oalias from %s where %s = ? and oalias IS NOT NULL and internobject = false %s},
	508	$self->db->quote_identifier($pclass->_object_table),
	509	$self->db->quote_identifier($pclass->_key_field),
	510	($self->{wexported} ? '' : 'and exported = true'),
	511	),
	512	);
	513	$sth->execute($id);
	514	my $res = $sth->fetchrow_hashref;
	515	$sth->finish;
	516	if ($res) {
	517	return $self->SUPER::get_object($otype, $id);
	518	} else {
	519	return;
	520	}
	521	}
	522
	523	=head2 CreateAlias($otype, $name, $for)
	524
	525	Create an object alias named C<$name> for ovbject C<$for>
	526
	527	=cut
	528
	529	sub CreateAlias {
	530	my ($self, $otype, $name, $for) = @_;
	531
	532	my $pclass = $self->_load_obj_class($otype) or return;
	533
	534	$for or die "Cannot create alias without giving object to point";
	535
	536	my $res = $pclass->CreateAlias($self, $name, $for);
	537
	538	if ($res) {
	539	$self->ReportChange(
	540	$otype,
	541	$name,
	542	$pclass->_get_ikey($self, $name),
	543	'Create', "Alias %s %s => %s", $otype, $name, $for
	544	);
	545	$self->log(LA_DEBUG, "Alias $otype $name => $for created");
[1910]	546	my $oalias = $self->GetAlias($otype, $name);
	547	$oalias->_update_aliases_ptr();
[1865]	548	return 1;
	549	} else {
	550	$self->log(LA_ERR, "Error when creating alias $otype $name");
	551	return;
	552	}
	553	}
	554
[1928]	555	=head2 RenameAlias($otype, $name, $to)
	556
	557	Rename an object alias
	558
	559	=cut
	560
	561	sub RenameAlias {
	562	my ($self, $otype, $name, $to) = @_;
	563
	564	my $pclass = $self->_load_obj_class($otype) or return;
	565
	566	my $obj = $self->GetAlias($otype, $name) or do {
	567	$self->log('Cannot get alias %s/%s for removal', $otype, $name);
	568	return;
	569	};
	570
	571	my $sth = $self->db->prepare_cached(sprintf(
	572	'UPDATE %s SET %s = ? WHERE %s = ?',
	573	$self->db->quote_identifier($pclass->_key_field),
	574	$self->db->quote_identifier($pclass->_object_table),
	575	$self->db->quote_identifier($pclass->_key_field),
	576	));
	577
	578	my $res = $sth->execute($to, $name);
	579
	580	return $res;
	581	}
	582
[1865]	583	=head2 RemoveAlias($otype, $name, $for)
	584
	585	Create an object alias named C<$name> for ovbject C<$for>
	586
	587	=cut
	588
	589	sub RemoveAlias {
	590	my ($self, $otype, $name) = @_;
	591
	592	my $pclass = $self->_load_obj_class($otype) or return;
	593
	594	my $obj = $self->GetAlias($otype, $name) or do {
	595	$self->log('Cannot get alias %s/%s for removal', $otype, $name);
	596	return;
	597	};
	598
	599	if ($obj->_get_attributes('internobject')) {
	600	# Cannot happend: internal are not fetchable
	601	$self->log(LA_ERR,'Cannot delete %s/%s: is an internal object', $pclass->type, $name);
	602	return;
	603	}
	604	if ($obj->_get_attributes('nodelete')) {
	605	$self->log(LA_ERR,'Cannot delete %s/%s: is write protected', $pclass->type, $name);
	606	return;
	607	}
	608
	609	my $id = $obj->Iid;
	610
	611	my $sth = $self->db->prepare_cached(sprintf(
	612	'DELETE FROM %s WHERE %s = ?',
	613	$self->db->quote_identifier($pclass->_object_table),
	614	$self->db->quote_identifier($pclass->_key_field),
	615	));
	616
[1910]	617	$obj->_update_aliases_ptr;
[1865]	618	my $res = $sth->execute($name);
	619
	620	if ($res) {
	621	$self->ReportChange(
	622	$otype,
	623	$name,
	624	$id,
	625	'Delete', "Alias %s %s deleted", $otype, $name
	626	);
	627	$self->log(LA_DEBUG, "Alias $otype $name removed");
	628	return 1;
	629	} else {
	630	$self->log(LA_ERR, "Error when removing alias $otype $name");
	631	return;
	632	}
	633	}
	634
[1023]	635	=head2 get_global_value ($varname)
[861]	636
[1023]	637	Return global value set into base
	638
	639	=cut
	640
[413]	641	sub get_global_value {
	642	my ($self, $varname) = @_;
	643
	644	my $sth = $self->db->prepare_cached(q{
	645	select val from settings where varname = ?
	646	});
	647	$sth->execute($varname);
	648	my $res = $sth->fetchrow_hashref;
	649	$sth->finish;
	650	$res->{val}
	651	}
	652
[1023]	653	=head2 set_global_value ($varname, $value)
	654
	655	Set global value.
	656
	657	=cut
	658
[413]	659	sub set_global_value {
	660	my ($self, $varname, $value) = @_;
	661	my $sth = $self->db->prepare(q{
	662	update settings set val = ? where varname = ?
	663	});
	664	$sth->execute($value, $varname) == 0 and do {
	665	my $sth2 = $self->db->prepare(q{
	666	insert into settings (val, varname) values (?,?)
	667	});
	668	$sth2->execute($value, $varname);
	669	};
	670	}
	671
[1872]	672	=head2 del_global_value ($varname)
	673
	674	Delete global value from base
	675
	676	=cut
	677
	678	sub del_global_value {
	679	my ($self, $varname) = @_;
	680
	681	my $sth = $self->db->prepare_cached(q{
	682	delete from settings where varname = ?
	683	});
	684	return $sth->execute($varname);
	685	}
	686
[1023]	687	=head2 generate_rsa_key ($password)
	688
	689	Return public and private peer rsa keys
	690
	691	=cut
	692
[861]	693	sub generate_rsa_key {
	694	my ($self, $password) = @_;
	695
	696	my $rsa = new Crypt::RSA ES => 'PKCS1v15';
	697	my ($public, $private) = $rsa->keygen (
	698	Identity => 'LATMOS-Accounts',
[1309]	699	Size => 2048,
[861]	700	Password => $password,
	701	Verbosity => 0,
	702	) or die $rsa->errstr(); # TODO avoid die
	703	return ($public, $private);
	704	}
	705
[1023]	706	=head2 private_key ($password)
	707
	708	Load and return private rsa key
	709
	710	=cut
	711
[861]	712	sub private_key {
	713	my ($self, $password) = @_;
	714	my $base = $self;
	715	my $serialize = $base->get_global_value('rsa_private_key') or return;
[1309]	716	my $string = decode_base64($serialize);
	717	my $privkey = $string =~ /^SSH PRIVATE KEY FILE/
	718	? Crypt::RSA::Key::Private::SSH->new
	719	: Crypt::RSA::Key::Private->new;
	720	$privkey = $privkey->deserialize(
	721	String => [ $string ],
	722	Password => $password
	723	);
	724	$privkey->reveal( Password => $password );
	725	$privkey;
[861]	726	}
	727
[1023]	728	=head2 get_rsa_password
	729
	730	Return hash with peer username => encryptedPassword
	731
	732	=cut
	733
[861]	734	sub get_rsa_password {
	735	my ($self) = @_;
	736	my $base = $self;
	737	my $sth = $base->db->prepare(q{
	738	select "name", value from "user" join user_attributes_base
	739	on "user".ikey = user_attributes_base.okey
	740	where user_attributes_base.attr = 'encryptedPassword'
	741	});
	742	$sth->execute;
	743	my %users;
	744	while (my $res = $sth->fetchrow_hashref) {
	745	$users{$res->{name}} = $res->{value};
	746	}
	747	%users
	748	}
	749
[1023]	750	=head2 store_rsa_key ($public, $private)
	751
	752	Store public and private RSA key info data base
	753
	754	=cut
	755
[861]	756	sub store_rsa_key {
	757	my ($self, $public, $private) = @_;
	758	my $base = $self;
[1309]	759	$private->hide;
[861]	760	$base->set_global_value('rsa_private_key',
	761	encode_base64($private->serialize));
	762	$base->set_global_value('rsa_public_key',
	763	$public->serialize);
	764	return;
	765	}
	766
[1023]	767	=head2 find_next_expire_users ($expire)
[861]	768
[1023]	769	Search user expiring in C<$expire> delay
	770
	771	=cut
	772
[850]	773	sub find_next_expire_users {
	774	my ($self, $expire) = @_;
	775
	776	my $sth= $self->db->prepare(q{
	777	select name from "user" where
	778	expire < now() + ?::interval
	779	and expire > now()
	780	and expire is not null
[1865]	781	and internobject = false
[850]	782	} . ($self->{wexported} ? '' : 'and exported = true') . q{
	783	order by expire
	784	}
	785	);
	786	$sth->execute($expire \|\| '1 month');
	787	my @users;
	788	while (my $res = $sth->fetchrow_hashref) {
	789	push(@users, $res->{name});
	790	}
	791	@users
	792	}
	793
[2475]	794	=head2 sambaSID($id)
	795
	796	Return the base samba SID set in the config or a default one if none is set.
	797
	798	If C<$id> is given return the full SID suitable for an object.
	799
	800	=cut
	801
	802	sub sambaSID {
	803	my ($self, $id) = @_;
	804
	805	my $ssid = $self->get_global_value('sambaSID');
	806	if (defined($id)) {
	807	$ssid .= '-' . $id;
	808	}
	809	return $ssid;
	810	}
	811
	812	sub _setSambaSID {
	813	my ( $self ) = @_;
	814
	815	my $sid = sprintf(
	816	'S-1-5-21-%d-%d',
	817	int(rand 1000000000),
	818	int(rand 1000000000),
	819	);
	820
	821	$self->set_global_value( 'sambaSID', $sid );
	822	return $sid;
	823	}
	824
	825
	826
[1023]	827	=head2 find_expired_users ($expire)
	828
	829	Return list of user going to expires in C<$expire> delay
	830
	831	=cut
	832
[850]	833	sub find_expired_users {
	834	my ($self, $expire) = @_;
	835
	836	my $sth= $self->db->prepare(q{
	837	select name from "user" where
	838	expire < now() - ?::interval
	839	and expire is not null
[1865]	840	and internobject = false
[850]	841	} . ($self->{wexported} ? '' : 'and exported = true') . q{
	842	order by expire
	843	}
	844	);
	845	$sth->execute($expire \|\| '1 second');
	846	my @users;
	847	while (my $res = $sth->fetchrow_hashref) {
	848	push(@users, $res->{name});
	849	}
	850	@users
	851	}
	852
[1071]	853	=head2 rename_nethost ($nethostname, $to, %config)
[1023]	854
	855	Facility function to rename computer to new name
	856
	857	=cut
	858
[861]	859	sub rename_nethost {
[1071]	860	my ($self, $nethostname, $to, %config) = @_;
[861]	861	{
[1327]	862	my $obj = $self->get_object('nethost', $nethostname) or do {
	863	$self->log(LA_ERR, 'Unable to rename non exisant host %s', $nethostname);
	864	return;
	865	};
[1318]	866	$obj->_delAttributeValue(cname => $to);
[861]	867	}
	868	$self->rename_object('nethost', $nethostname, $to) or return;
[1071]	869	if ($config{'addcname'}) {
[861]	870	my $obj = $self->get_object('nethost', $to);
[1318]	871	$obj->_addAttributeValue(cname => $nethostname);
[861]	872	}
	873	return 1;
	874	}
	875
[1023]	876	=head2 nethost_exchange_ip ($ip1, $ip2)
	877
	878	Exchange ip1 with ip2 in base
	879
	880	=cut
	881
[861]	882	sub nethost_exchange_ip {
	883	my ($self, $ip1, $ip2) = @_;
	884	my ($obj1, $obj2);
	885	if (my ($host1) = $self->search_objects('nethost', "ip=$ip1")) {
	886	$obj1 = $self->get_object('nethost', $host1);
	887	} else {
[1318]	888	$self->log(LA_ERR, "Cannot find host having $ip1");
[861]	889	return;
	890	}
	891	if (my ($host2) = $self->search_objects('nethost', "ip=$ip2")) {
	892	$obj2 = $self->get_object('nethost', $host2);
	893	} else {
[1318]	894	$self->log(LA_ERR, "Cannot find host having $ip2");
[861]	895	return;
	896	}
	897	if ($obj1->id eq $obj2->id) {
[1318]	898	$self->log(LA_ERR, "Both ip belong to same host (%s)", $obj1->id);
[861]	899	return;
	900	}
	901
[1318]	902	$self->log(LA_NOTICE, "Exchanging IP between %s and %s", $obj1->id, $obj2->id);
[2149]	903	$obj1->delAttributeValue('ip', $ip1) ;
	904	$obj2->delAttributeValue('ip', $ip2) ;
	905	$obj1->addAttributeValue('ip', $ip2) ;
	906	$obj2->addAttributeValue('ip', $ip1) ;
[861]	907	return 1;
	908	}
	909
[1023]	910	=head1 ATTRIBUTES FUNCTIONS
	911
[2094]	912	=cut
	913
	914	sub obj_attr_allowed_values {
	915	my ($self, $otype, $attr) = @_;
[2274]	916	if (my @values = $self->SUPER::obj_attr_allowed_values($otype, $attr)) {
[2094]	917	return @values;
	918	} else {
	919	$self->ListAttrValue($otype, $attr);
	920	}
	921	}
	922
	923	=head2 ListAttrValue($otype, $attribute)
	924
	925	List values allow for an attribute set into SQL database
	926
	927	=cut
	928
	929	sub ListAttrValue {
	930	my ($self, $otype, $attr) = @_;
	931
	932	my @sqlvalues;
	933	my $getAllow = $self->db->prepare_cached(q{
	934	SELECT * FROM attributes_values WHERE otype = ? AND attributes = ?
	935	ORDER BY "value"
	936	});
	937	$getAllow->execute($otype, $attr);
	938	while (my $res = $getAllow->fetchrow_hashref) {
	939	push(@sqlvalues, $res->{value});
	940	}
	941	return @sqlvalues;
	942	}
	943
	944	=head2 AddAttrValue($otype, $attr, @values)
	945
	946	Add given values to allowed attribute list
	947
	948	=cut
	949
	950	sub AddAttrValue {
	951	my ($self, $otype, $attr, @values) = @_;
	952
	953	my $addAllow = $self->db->prepare_cached(q{
	954	INSERT INTO attributes_values (otype, attributes, "value") values (?,?,?)
	955	});
	956
	957	foreach my $value (@values) {
	958	if ($addAllow->execute($otype, $attr, $value)) {
	959	} else {
	960	$self->rollback;
	961	return;
	962	}
	963	}
	964
	965	return 1;
	966	}
	967
	968	=head2 DelAttrValue
	969
	970	Delete a
	971
	972	=cut
	973
	974	sub DelAttrValue {
	975	my ($self, $otype, $attr, @values) = @_;
	976
	977	if (@values) {
	978	my $delAllow = $self->db->prepare_cached(q{
	979	DELETE FROM attributes_values WHERE otype = ? and attributes = ? and "value" = ?
	980	});
	981
	982	foreach my $value (@values) {
	983
	984	if ($delAllow->execute($otype, $attr, $value)) {
	985	} else {
	986	$self->rollback;
	987	return;
	988	}
	989
	990	}
	991	return 1;
	992	} else {
	993	my $delAllow = $self->db->prepare_cached(q{
	994	DELETE FROM attributes_values WHERE otype = ? and attributes = ?
	995	});
	996	if ($delAllow->execute($otype, $attr)) {
	997	return 1;
	998	} else {
	999	$self->rollback;
	1000	return;
	1001	}
	1002	}
	1003	}
	1004
[2121]	1005	=head2 getEmploymentRange
	1006
	1007	Return date range within employment can be found in database
	1008
	1009	=cut
	1010
	1011	sub getEmploymentRange {
	1012	my ($self, @filters) = @_;
	1013
	1014	my ($min,$max);
	1015
	1016	if (@filters) {
	1017	my @flist = $self->search_objects('employment', @filters);
	1018	my $minSql = $self->db->prepare(q{
	1019	SELECT min(firstday) as min FROM employment
	1020	WHERE name = ANY (?)
	1021	});
	1022	$minSql->execute(\@flist);
	1023	if (my $res = $minSql->fetchrow_hashref) {
	1024	$min = $res->{min}
	1025	}
	1026	my $maxSql = $self->db->prepare(q{
	1027	SELECT max(lastday) as max FROM employment
	1028	WHERE name = ANY (?)
	1029	});
	1030	$maxSql->execute(\@flist);
	1031	if (my $res = $maxSql->fetchrow_hashref) {
	1032	$max = $res->{max}
	1033	}
	1034	} else {
	1035	my $minSql = $self->db->prepare(q{
	1036	SELECT min(firstday) as min FROM employment
	1037	});
	1038	$minSql->execute;
	1039	if (my $res = $minSql->fetchrow_hashref) {
	1040	$min = $res->{min}
	1041	}
	1042	my $maxSql = $self->db->prepare(q{
	1043	SELECT max(lastday) as max FROM employment
	1044	});
	1045	$maxSql->execute;
	1046	if (my $res = $maxSql->fetchrow_hashref) {
	1047	$max = $res->{max}
	1048	}
	1049	}
	1050
	1051	return ($min,$max);
	1052	}
	1053
[1286]	1054	sub ReportChange {
	1055	my ($self, $otype, $name, $ref, $changetype, $message, @args) = @_;
	1056
[1457]	1057	my $sthmodifiedby = $self->db->prepare(q{
	1058	UPDATE objects set modifiedby = ? where ikey = ?
	1059	});
	1060
	1061	$sthmodifiedby->execute(
[2439]	1062	$self->LogUser,
[1457]	1063	$ref,
	1064	);
	1065
[2204]	1066	my ($potype, $pname, $pikey);
	1067
	1068	if (my $obj = $self->get_object($otype, $name)) {
[2207]	1069	if (my $parent = $obj->ParentObject) {
	1070	$potype = $parent->type;
[2208]	1071	$pname = $parent->id;
[2207]	1072	$pikey = $parent->Iid;
	1073	}
[2204]	1074	}
	1075
[1286]	1076	my $sth = $self->db->prepare(q{
[2204]	1077	INSERT into objectslogs (ikey, irev, otype, name, changetype, username, message, parentotype, parentname, parentikey)
	1078	VALUES (?,?,?,?,?,?,?,?,?,?)
[1286]	1079	});
	1080
	1081	$sth->execute(
	1082	$ref,
[1311]	1083	$self->current_rev,
[1286]	1084	$otype,
	1085	$name,
	1086	$changetype,
[2439]	1087	$self->LogUser,
[1286]	1088	sprintf($message, @args),
[2204]	1089	$potype, $pname, $pikey,
[1286]	1090	);
	1091	}
	1092
[2218]	1093	=head2 getobjectlogs($otype, @names)
[1285]	1094
	1095	Return logs for object type C<$otype> having C<$name>.
	1096
	1097	=cut
	1098
[1280]	1099	sub getobjectlogs {
[2218]	1100	my ($self, $otype, @names) = @_;
[1280]	1101
	1102	my $sth = $self->db->prepare(q{
	1103	select ikey from objectslogs where
[2204]	1104	(otype = $1 and name = $2)
[1280]	1105	group by ikey
	1106	});
	1107	my @ids;
[2218]	1108	foreach my $name (@names) {
	1109	$sth->execute($otype, $name);
	1110	while (my $res = $sth->fetchrow_hashref) {
	1111	push(@ids, $res->{ikey});
	1112	}
[1280]	1113	}
	1114	@ids or return;
	1115
[2204]	1116	my $sth2 = $self->db->prepare(
[1280]	1117	q{
[2204]	1118	select * from objectslogs where ikey = ANY ($1)
	1119	or parentikey = ANY ($1)
[1280]	1120	order by logdate asc
	1121	},
[2204]	1122	);
[1280]	1123
[2204]	1124	$sth2->execute( \@ids );
[1280]	1125	my @logs;
	1126	while (my $res = $sth2->fetchrow_hashref) {
	1127	push(@logs, $res);
	1128	}
	1129
	1130	return @logs;
	1131	}
	1132
[1285]	1133	=head2 getlogs
	1134
	1135	Return logs for last year
	1136
	1137	=cut
	1138
[1280]	1139	sub getlogs {
	1140	my ($self) = @_;
	1141	my $sth2 = $self->db->prepare(
	1142	q{
	1143	select * from objectslogs
	1144	where logdate > now() - '1 year'::interval
	1145	order by logdate asc
	1146	},
	1147	);
	1148
	1149	$sth2->execute();
	1150	my @logs;
	1151	while (my $res = $sth2->fetchrow_hashref) {
	1152	push(@logs, $res);
	1153	}
	1154
	1155	return @logs;
	1156	}
	1157
[19]	1158	1;
	1159
	1160	__END__
	1161
	1162	=head1 SEE ALSO
	1163
	1164	=head1 AUTHOR
	1165
	1166	Olivier Thauvin, E<lt>olivier.thauvin@latmos.ipsl.frE<gt>
	1167
	1168	=head1 COPYRIGHT AND LICENSE
	1169
	1170	Copyright (C) 2008, 2009 CNRS SA/CETP/LATMOS
	1171
	1172	This library is free software; you can redistribute it and/or modify
	1173	it under the same terms as Perl itself, either Perl version 5.10.0 or,
	1174	at your option, any later version of Perl 5 you may have available.
	1175
	1176
	1177	=cut

Note: See TracBrowser for help on using the repository browser.

Download in other formats: