Project

General

Profile

1 2341 sgarg
#!/usr/bin/perl -w
2 4865 walbridge
#
3
#  '$RCSfile$'
4
#  Copyright: 2001 Regents of the University of California
5
#
6
#   '$Author$'
7
#     '$Date$'
8
# '$Revision$'
9
#
10
# This program is free software; you can redistribute it and/or modify
11
# it under the terms of the GNU General Public License as published by
12
# the Free Software Foundation; either version 2 of the License, or
13
# (at your option) any later version.
14
#
15
# This program is distributed in the hope that it will be useful,
16
# but WITHOUT ANY WARRANTY; without even the implied warranty of
17
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
# GNU General Public License for more details.
19
#
20
# You should have received a copy of the GNU General Public License
21
# along with this program; if not, write to the Free Software
22
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23
#
24 2341 sgarg
25
#
26
# This is a web-based application for allowing users to register a new
27
# account for Metacat access.  We currently only support LDAP even
28
# though metacat could potentially support other types of directories.
29 4394 walbridge
30
use lib '../WEB-INF/lib';
31 4080 daigle
use strict;             # turn on strict syntax checking
32
use Template;           # load the template-toolkit module
33 4394 walbridge
use CGI qw/:standard :html3/; # load the CGI module
34 4080 daigle
use Net::LDAP;          # load the LDAP net libraries
35
use Net::SMTP;          # load the SMTP net libraries
36
use Digest::SHA1;       # for creating the password hash
37
use MIME::Base64;       # for creating the password hash
38
use URI;                # for parsing URL syntax
39
use Config::Properties; # for parsing Java .properties files
40
use File::Basename;     # for path name parsing
41 8351 leinfelder
use DateTime;			# for parsing dates
42
use DateTime::Duration; # for substracting
43 8166 tao
use Captcha::reCAPTCHA; # for protection against spams
44 4394 walbridge
use Cwd 'abs_path';
45 8413 tao
use Scalar::Util qw(looks_like_number);
46 2341 sgarg
47 4080 daigle
# Global configuration paramters
48 4394 walbridge
# This entire block (including skin parsing) could be pushed out to a separate .pm file
49 4080 daigle
my $cgiUrl = $ENV{'SCRIPT_FILENAME'};
50
my $workingDirectory = dirname($cgiUrl);
51
my $metacatProps = "${workingDirectory}/../WEB-INF/metacat.properties";
52
my $properties = new Config::Properties();
53
unless (open (METACAT_PROPERTIES, $metacatProps)) {
54 4394 walbridge
    print "Content-type: text/html\n\n";
55 4080 daigle
    print "Unable to locate Metacat properties. Working directory is set as " .
56
        $workingDirectory .", is this correct?";
57
    exit(0);
58
}
59 2341 sgarg
60 4080 daigle
$properties->load(*METACAT_PROPERTIES);
61 4010 tao
62 4394 walbridge
# local directory configuration
63
my $skinsDir = "${workingDirectory}/../style/skins";
64
my $templatesDir = abs_path("${workingDirectory}/../style/common/templates");
65
my $tempDir = $properties->getProperty('application.tempDir');
66
67
# url configuration
68
my $server = $properties->splitToTree(qr/\./, 'server');
69 7199 leinfelder
my $protocol = 'http://';
70
if ( $properties->getProperty('server.httpPort') eq '443' ) {
71
	$protocol = 'https://';
72
}
73 8253 leinfelder
my $serverUrl = $protocol . $properties->getProperty('server.name');
74 4864 walbridge
if ($properties->getProperty('server.httpPort') ne '80') {
75 8253 leinfelder
        $serverUrl = $serverUrl . ':' . $properties->getProperty('server.httpPort');
76 4864 walbridge
}
77 8253 leinfelder
my $context = $properties->getProperty('application.context');
78
my $contextUrl = $serverUrl . '/' .  $context;
79 4394 walbridge
80
my $metacatUrl = $contextUrl . "/metacat";
81 8253 leinfelder
my $cgiPrefix = "/" . $context . "/cgi-bin";
82 4394 walbridge
my $styleSkinsPath = $contextUrl . "/style/skins";
83
my $styleCommonPath = $contextUrl . "/style/common";
84 8403 tao
my $ldapServerCACertFile = $workingDirectory. "/../" . $properties->getProperty('ldap.server.ca.certificate');
85 4394 walbridge
86 8169 tao
#recaptcha key information
87
my $recaptchaPublicKey=$properties->getProperty('ldap.recaptcha.publickey');
88
my $recaptchaPrivateKey=$properties->getProperty('ldap.recaptcha.privatekey');
89
90 4394 walbridge
my @errorMessages;
91
my $error = 0;
92
93 8181 tao
my $emailVerification= 'emailverification';
94
95 8413 tao
 my $dn_store_next_uid=$properties->getProperty('ldap.nextuid.storing.dn');
96
 my $attribute_name_store_next_uid = $properties->getProperty('ldap.nextuid.storing.attributename');
97
98 4394 walbridge
# Import all of the HTML form fields as variables
99
import_names('FORM');
100
101
# Must have a config to use Metacat
102
my $skinName = "";
103
if ($FORM::cfg) {
104
    $skinName = $FORM::cfg;
105
} elsif ($ARGV[0]) {
106
    $skinName = $ARGV[0];
107
} else {
108 4747 walbridge
    debug("No configuration set.");
109 4394 walbridge
    print "Content-type: text/html\n\n";
110 4749 walbridge
    print 'LDAPweb Error: The registry requires a skin name to continue.';
111 4394 walbridge
    exit();
112
}
113
114
# Metacat isn't initialized, the registry will fail in strange ways.
115
if (!($metacatUrl)) {
116 4747 walbridge
    debug("No Metacat.");
117 4394 walbridge
    print "Content-type: text/html\n\n";
118
    'Registry Error: Metacat is not initialized! Make sure' .
119 5214 walbridge
        ' MetacatUrl is set correctly in ' .  $skinName . '.properties';
120 4394 walbridge
    exit();
121
}
122
123
my $skinProperties = new Config::Properties();
124
if (!($skinName)) {
125
    $error = "Application misconfigured.  Please contact the administrator.";
126
    push(@errorMessages, $error);
127
} else {
128
    my $skinProps = "$skinsDir/$skinName/$skinName.properties";
129
    unless (open (SKIN_PROPERTIES, $skinProps)) {
130
        print "Content-type: text/html\n\n";
131
        print "Unable to locate skin properties at $skinProps.  Is this path correct?";
132
        exit(0);
133
    }
134
    $skinProperties->load(*SKIN_PROPERTIES);
135
}
136
137
my $config = $skinProperties->splitToTree(qr/\./, 'registry.config');
138
139 4870 walbridge
# XXX HACK: this is a temporary fix to pull out the UCNRS password property from the
140
#           NRS skin instead of metacat.properties. The intent is to prevent editing
141
#           of our core properties file, which is manipulated purely through the web.
142
#           Once organizations are editable, this section should be removed as should
143
#           the properties within nrs/nrs.properties.
144
my $nrsProperties = new Config::Properties();
145
my $nrsProps = "$skinsDir/nrs/nrs.properties";
146
unless (open (NRS_PROPERTIES, $nrsProps)) {
147
    print "Content-type: text/html\n\n";
148
    print "Unable to locate skin properties at $nrsProps.  Is this path correct?";
149
    exit(0);
150
}
151
$nrsProperties->load(*NRS_PROPERTIES);
152
153
my $nrsConfig = $nrsProperties->splitToTree(qr/\./, 'registry.config');
154
155
# XXX END HACK
156
157
158 4394 walbridge
my $searchBase;
159
my $ldapUsername;
160
my $ldapPassword;
161 4728 walbridge
# TODO: when should we use surl instead? Is there a setting promoting one over the other?
162
# TODO: the default tree for accounts should be exposed somewhere, defaulting to unaffiliated
163
my $ldapurl = $properties->getProperty('auth.url');
164 4080 daigle
165
# Java uses miliseconds, Perl expects whole seconds
166 4728 walbridge
my $timeout = $properties->getProperty('ldap.connectTimeLimit') / 1000;
167 4080 daigle
168 2341 sgarg
# Get the CGI input variables
169
my $query = new CGI;
170 4747 walbridge
my $debug = 1;
171 2341 sgarg
172
#--------------------------------------------------------------------------80c->
173
# Set up the Template Toolkit to read html form templates
174
175 4080 daigle
# templates hash, imported from ldap.templates tree in metacat.properties
176
my $templates = $properties->splitToTree(qr/\./, 'ldap.templates');
177 4394 walbridge
$$templates{'header'} = $skinProperties->getProperty("registry.templates.header");
178
$$templates{'footer'} = $skinProperties->getProperty("registry.templates.footer");
179 2341 sgarg
180
# set some configuration options for the template object
181 4394 walbridge
my $ttConfig = {
182
             INCLUDE_PATH => $templatesDir,
183
             INTERPOLATE  => 0,
184
             POST_CHOMP   => 1,
185
             DEBUG        => 1,
186 2341 sgarg
             };
187
188
# create an instance of the template
189 4394 walbridge
my $template = Template->new($ttConfig) || handleGeneralServerFailure($Template::ERROR);
190 2341 sgarg
191 4080 daigle
# custom LDAP properties hash
192
my $ldapCustom = $properties->splitToTree(qr/\./, 'ldap');
193 2341 sgarg
194 8201 tao
# This is a hash which has the keys of the organization's properties 'name', 'base', 'organization'.
195 4394 walbridge
my $orgProps = $properties->splitToTree(qr/\./, 'organization');
196 8201 tao
197
#This is a hash which has the keys of the ldap sub tree names of the organizations, such as 'NCEAS', 'LTER' and 'KU', and values are real name of the organization.
198 4394 walbridge
my $orgNames = $properties->splitToTree(qr/\./, 'organization.name');
199
# pull out properties available e.g. 'name', 'base'
200
my @orgData = keys(%$orgProps);
201 4870 walbridge
202 8201 tao
my @orgList; #An array has the names (i.e, sub tree names, such as 'NCEAS', 'LTER' and 'KU')  of the all organizations in the metacat.properties.
203 4394 walbridge
while (my ($oKey, $oVal) = each(%$orgNames)) {
204
    push(@orgList, $oKey);
205
}
206
207 4866 walbridge
my $authBase = $properties->getProperty("auth.base");
208 4080 daigle
my $ldapConfig;
209
foreach my $o (@orgList) {
210 4394 walbridge
    foreach my $d (@orgData) {
211
        $ldapConfig->{$o}{$d} = $properties->getProperty("organization.$d.$o");
212 4080 daigle
    }
213 4866 walbridge
214 4870 walbridge
    # XXX hack, remove after 1.9
215
    if ($o eq 'UCNRS') {
216
        $ldapConfig->{'UCNRS'}{'base'} = $nrsConfig->{'base'};
217
        $ldapConfig->{'UCNRS'}{'user'} = $nrsConfig->{'username'};
218
        $ldapConfig->{'UCNRS'}{'password'} = $nrsConfig->{'password'};
219
    }
220
221 4866 walbridge
    # set default base
222
    if (!$ldapConfig->{$o}{'base'}) {
223
        $ldapConfig->{$o}{'base'} = $authBase;
224
    }
225
226
    # include filter information. By default, our filters are 'o=$name', e.g. 'o=NAPIER'
227
    # these can be overridden by specifying them in metacat.properties. Non-default configs
228
    # such as UCNRS must specify all LDAP properties.
229
    if ($ldapConfig->{$o}{'base'} eq $authBase) {
230
        my $filter = "o=$o";
231
        if (!$ldapConfig->{$o}{'org'}) {
232
            $ldapConfig->{$o}{'org'} = $filter;
233
        }
234
        if (!$ldapConfig->{$o}{'filter'}) {
235 8201 tao
            #$ldapConfig->{$o}{'filter'} = $filter;
236
            $ldapConfig->{$o}{'filter'} = $ldapConfig->{$o}{'org'};
237 4866 walbridge
        }
238
        # also include DN, which is just org + base
239
        if ($ldapConfig->{$o}{'org'}) {
240
            $ldapConfig->{$o}{'dn'} = $ldapConfig->{$o}{'org'} . "," . $ldapConfig->{$o}{'base'};
241
        }
242 4394 walbridge
    } else {
243
        $ldapConfig->{$o}{'dn'} = $ldapConfig->{$o}{'base'};
244
    }
245 4868 walbridge
246
    # set LDAP administrator user account
247 4866 walbridge
    if (!$ldapConfig->{$o}{'user'}) {
248
        $ldapConfig->{$o}{'user'} = $ldapConfig->{'unaffiliated'}{'user'};
249 4865 walbridge
    }
250 4868 walbridge
    # check for a fully qualified LDAP name. If it doesn't exist, append base.
251
    my @userParts = split(',', $ldapConfig->{$o}{'user'});
252
    if (scalar(@userParts) == 1) {
253
        $ldapConfig->{$o}{'user'} = $ldapConfig->{$o}{'user'} . "," . $ldapConfig->{$o}{'base'};
254
    }
255 4866 walbridge
256
    if (!$ldapConfig->{$o}{'password'}) {
257
        $ldapConfig->{$o}{'password'} = $ldapConfig->{'unaffiliated'}{'password'};
258
    }
259 2341 sgarg
}
260
261 8201 tao
### Determine the display organization list (such as NCEAS, Account ) in the ldap template files
262 8206 tao
my $displayOrgListStr;
263
$displayOrgListStr = $skinProperties->getProperty("ldap.templates.organizationList") or $displayOrgListStr = $properties->getProperty('ldap.templates.organizationList');
264 8207 tao
debug("the string of the org from properties : " . $displayOrgListStr);
265
my @displayOrgList = split(';', $displayOrgListStr);
266
267 8206 tao
my @validDisplayOrgList; #this array contains the org list which will be shown in the templates files.
268 8201 tao
269 8206 tao
my %orgNamesHash = %$orgNames;
270
foreach my $element (@displayOrgList) {
271
    if(exists $orgNamesHash{$element}) {
272 8540 tao
         my $label = $ldapConfig->{$element}{'label'};
273
         my %displayHash;
274
         $displayHash{$element} = $label;
275
         debug("push a hash containing the key " . $element . "with the value label" . $label . " into the display array");
276 8206 tao
         #if the name is found in the organization part of metacat.properties, put it into the valid array
277 8540 tao
         push(@validDisplayOrgList, \%displayHash);
278 8206 tao
    }
279
280
}
281 8201 tao
282 8206 tao
if(!@validDisplayOrgList) {
283
     my $sender;
284
     $sender = $skinProperties->getProperty("email.sender") or $sender = $properties->getProperty('email.sender');
285
    print "Content-type: text/html\n\n";
286
    print "The value of property ldap.templates.organizationList in "
287
     . $skinName . ".properties file or metacat.properties file (if the property doesn't exist in the "
288
     . $skinName . ".properties file) is invalid. Please send the information to ". $sender;
289
    exit(0);
290
}
291
292
293 2341 sgarg
#--------------------------------------------------------------------------80c->
294
# Define the main program logic that calls subroutines to do the work
295
#--------------------------------------------------------------------------80c->
296
297
# The processing step we are handling
298 4080 daigle
my $stage = $query->param('stage') || $templates->{'stage'};
299 2341 sgarg
300
my $cfg = $query->param('cfg');
301 4767 walbridge
debug("started with stage $stage, cfg $cfg");
302 2341 sgarg
303
# define the possible stages
304
my %stages = (
305
              'initregister'      => \&handleInitRegister,
306
              'register'          => \&handleRegister,
307
              'registerconfirmed' => \&handleRegisterConfirmed,
308
              'simplesearch'      => \&handleSimpleSearch,
309
              'initaddentry'      => \&handleInitAddEntry,
310
              'addentry'          => \&handleAddEntry,
311
              'initmodifyentry'   => \&handleInitModifyEntry,
312
              'modifyentry'       => \&handleModifyEntry,
313 2972 jones
              'changepass'        => \&handleChangePassword,
314
              'initchangepass'    => \&handleInitialChangePassword,
315 2341 sgarg
              'resetpass'         => \&handleResetPassword,
316 2414 sgarg
              'initresetpass'     => \&handleInitialResetPassword,
317 8185 tao
              'emailverification' => \&handleEmailVerification,
318 8229 tao
              'lookupname'        => \&handleLookupName,
319
              'searchnamesbyemail'=> \&handleSearchNameByEmail,
320 8818 tao
              #'getnextuid'        => \&getExistingHighestUidNum,
321 2341 sgarg
             );
322 4394 walbridge
323 2341 sgarg
# call the appropriate routine based on the stage
324
if ( $stages{$stage} ) {
325
  $stages{$stage}->();
326
} else {
327
  &handleResponseMessage();
328
}
329
330
#--------------------------------------------------------------------------80c->
331
# Define the subroutines to do the work
332
#--------------------------------------------------------------------------80c->
333
334 8351 leinfelder
sub clearTemporaryAccounts {
335
336
    #search accounts that have expired
337
	my $org = $query->param('o');
338
    my $ldapUsername = $ldapConfig->{$org}{'user'};
339
    my $ldapPassword = $ldapConfig->{$org}{'password'};
340
    my $orgAuthBase = $ldapConfig->{$org}{'base'};
341
    my $orgExpiration = $ldapConfig->{$org}{'expiration'};
342
    my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase;
343
344
	my $dt = DateTime->now;
345
	$dt->subtract( hours => $orgExpiration );
346 8354 leinfelder
	my $expirationDate = $dt->ymd("") . $dt->hms("") . "Z";
347 8356 leinfelder
    my $filter = "(&(objectClass=inetOrgPerson)(createTimestamp<=" . $expirationDate . "))";
348
    debug("Clearing expired accounts with filter: " . $filter . ", base: " . $tmpSearchBase);
349 8351 leinfelder
    my @attrs = [ 'uid', 'o', 'ou', 'cn', 'mail', 'telephoneNumber', 'title' ];
350
351
    my $ldap;
352
    my $mesg;
353
354
    my $dn;
355
356
    #if main ldap server is down, a html file containing warning message will be returned
357 8356 leinfelder
    debug("clearTemporaryAccounts: connecting to $ldapurl, $timeout");
358 8351 leinfelder
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
359
    if ($ldap) {
360 8403 tao
    	$ldap->start_tls( verify => 'require',
361
                      cafile => $ldapServerCACertFile);
362 8351 leinfelder
        $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword );
363
		$mesg = $ldap->search (
364 8356 leinfelder
			base   => $tmpSearchBase,
365 8351 leinfelder
			filter => $filter,
366
			attrs => \@attrs,
367
		);
368
	    if ($mesg->count() > 0) {
369
			my $entry;
370
			foreach $entry ($mesg->all_entries) {
371
            	$dn = $entry->dn();
372
            	# remove the entry
373 8357 leinfelder
   				debug("Removing expired account: " . $dn);
374
            	$ldap->delete($dn);
375 8351 leinfelder
			}
376
        }
377
    	$ldap->unbind;   # take down session
378
    }
379
380 8354 leinfelder
    return 0;
381 8351 leinfelder
}
382
383 4728 walbridge
sub fullTemplate {
384
    my $templateList = shift;
385
    my $templateVars = setVars(shift);
386 8166 tao
    my $c = Captcha::reCAPTCHA->new;
387
    my $captcha = 'captcha';
388
    #my $error=null;
389
    my $use_ssl= 1;
390
    #my $options=null;
391 8250 leinfelder
    # use the AJAX style, only need to provide the public key to the template
392
    $templateVars->{'recaptchaPublicKey'} = $recaptchaPublicKey;
393
    #$templateVars->{$captcha} = $c->get_html($recaptchaPublicKey,undef, $use_ssl, undef);
394 4728 walbridge
    $template->process( $templates->{'header'}, $templateVars );
395
    foreach my $tmpl (@{$templateList}) {
396
        $template->process( $templates->{$tmpl}, $templateVars );
397
    }
398
    $template->process( $templates->{'footer'}, $templateVars );
399
}
400
401 8221 tao
402 8229 tao
#
403
# Initialize a form for a user to request the account name associated with an email address
404
#
405
sub handleLookupName {
406
407
    print "Content-type: text/html\n\n";
408
    # process the template files:
409
    fullTemplate(['lookupName']);
410
    exit();
411
}
412 8221 tao
413 2341 sgarg
#
414 8221 tao
# Handle the user's request to look up account names with a specified email address.
415
# This relates to "Forget your user name"
416
#
417 8229 tao
sub handleSearchNameByEmail{
418 8221 tao
419
    print "Content-type: text/html\n\n";
420
421
    my $allParams = {'mail' => $query->param('mail')};
422
    my @requiredParams = ('mail');
423
    if (! paramsAreValid(@requiredParams)) {
424
        my $errorMessage = "Required information is missing. " .
425
            "Please fill in all required fields and resubmit the form.";
426 8229 tao
        fullTemplate(['lookupName'], { allParams => $allParams,
427 8221 tao
                                     errorMessage => $errorMessage });
428
        exit();
429
    }
430
    my $mail = $query->param('mail');
431
432
    #search accounts with the specified emails
433
    $searchBase = $authBase;
434
    my $filter = "(mail=" . $mail . ")";
435
    my @attrs = [ 'uid', 'o', 'ou', 'cn', 'mail', 'telephoneNumber', 'title' ];
436
    my $notHtmlFormat = 1;
437
    my $found = findExistingAccounts($ldapurl, $searchBase, $filter, \@attrs, $notHtmlFormat);
438
    my $accountInfo;
439 8254 leinfelder
    if ($found) {
440 8221 tao
        $accountInfo = $found;
441
    } else {
442 8254 leinfelder
        $accountInfo = "There are no accounts associated with the email " . $mail . ".\n";
443 8221 tao
    }
444 8254 leinfelder
445 8221 tao
    my $mailhost = $properties->getProperty('email.mailhost');
446
    my $sender;
447
    $sender = $skinProperties->getProperty("email.sender") or $sender = $properties->getProperty('email.sender');
448
    debug("the sender is " . $sender);
449
    my $recipient = $query->param('mail');
450
    # Send the email message to them
451
    my $smtp = Net::SMTP->new($mailhost) or do {
452 8229 tao
                                                  fullTemplate( ['lookupName'], {allParams => $allParams,
453
                                                                errorMessage => "Our mail server currently is experiencing some difficulties. Please contact " .
454
                                                                $skinProperties->getProperty("email.recipient") . "." });
455 8221 tao
                                                  exit(0);
456
                                               };
457
    $smtp->mail($sender);
458
    $smtp->to($recipient);
459
460
    my $message = <<"     ENDOFMESSAGE";
461
    To: $recipient
462
    From: $sender
463 8234 tao
    Subject: Your Account Information
464 8221 tao
465 8234 tao
    Somebody (hopefully you) looked up the account information associated with the email address.
466
    Here is the account information:
467 8221 tao
468
    $accountInfo
469
470
    Thanks,
471 8234 tao
        $sender
472 8221 tao
473
     ENDOFMESSAGE
474
     $message =~ s/^[ \t\r\f]+//gm;
475
476
     $smtp->data($message);
477
     $smtp->quit;
478
     fullTemplate( ['lookupNameSuccess'] );
479
480
}
481
482
483
#
484 2341 sgarg
# create the initial registration form
485
#
486
sub handleInitRegister {
487
  my $vars = shift;
488
  print "Content-type: text/html\n\n";
489
  # process the template files:
490 4080 daigle
  fullTemplate(['register'], {stage => "register"});
491 2341 sgarg
  exit();
492
}
493
494 8221 tao
495
496 2341 sgarg
#
497
# process input from the register stage, which occurs when
498
# a user submits form data to create a new account
499
#
500
sub handleRegister {
501
502 8258 tao
    #print "Content-type: text/html\n\n";
503 8220 tao
    if ($query->param('o') =~ "LTER") {
504 8258 tao
      print "Content-type: text/html\n\n";
505 8220 tao
      fullTemplate( ['registerLter'] );
506
      exit(0);
507
    }
508 8166 tao
509 2341 sgarg
    my $allParams = { 'givenName' => $query->param('givenName'),
510
                      'sn' => $query->param('sn'),
511
                      'o' => $query->param('o'),
512
                      'mail' => $query->param('mail'),
513
                      'uid' => $query->param('uid'),
514
                      'userPassword' => $query->param('userPassword'),
515
                      'userPassword2' => $query->param('userPassword2'),
516
                      'title' => $query->param('title'),
517
                      'telephoneNumber' => $query->param('telephoneNumber') };
518 8166 tao
519
    # Check the recaptcha
520
    my $c = Captcha::reCAPTCHA->new;
521
    my $challenge = $query->param('recaptcha_challenge_field');
522
    my $response = $query->param('recaptcha_response_field');
523
    # Verify submission
524
    my $result = $c->check_answer(
525 8169 tao
        $recaptchaPrivateKey, $ENV{'REMOTE_ADDR'},
526 8166 tao
        $challenge, $response
527
    );
528
529
    if ( $result->{is_valid} ) {
530
        #print "Yes!";
531
        #exit();
532
    }
533
    else {
534 8258 tao
        print "Content-type: text/html\n\n";
535 8166 tao
        my $errorMessage = "The verification code is wrong. Please input again.";
536
        fullTemplate(['register'], { stage => "register",
537
                                     allParams => $allParams,
538
                                     errorMessage => $errorMessage });
539
        exit();
540
    }
541
542
543 2341 sgarg
    # Check that all required fields are provided and not null
544
    my @requiredParams = ( 'givenName', 'sn', 'o', 'mail',
545
                           'uid', 'userPassword', 'userPassword2');
546
    if (! paramsAreValid(@requiredParams)) {
547 8258 tao
        print "Content-type: text/html\n\n";
548 2341 sgarg
        my $errorMessage = "Required information is missing. " .
549
            "Please fill in all required fields and resubmit the form.";
550 4080 daigle
        fullTemplate(['register'], { stage => "register",
551
                                     allParams => $allParams,
552
                                     errorMessage => $errorMessage });
553
        exit();
554 2341 sgarg
    } else {
555 8186 tao
         if ($query->param('userPassword') ne $query->param('userPassword2')) {
556 8258 tao
            print "Content-type: text/html\n\n";
557 8186 tao
            my $errorMessage = "The passwords do not match. Try again.";
558
            fullTemplate( ['registerFailed', 'register'], { stage => "register",
559
                                                            allParams => $allParams,
560
                                                            errorMessage => $errorMessage });
561
            exit();
562
        }
563 2972 jones
        my $o = $query->param('o');
564 4080 daigle
        $searchBase = $ldapConfig->{$o}{'base'};
565 2341 sgarg
    }
566 8351 leinfelder
567
    # Remove any expired temporary accounts for this subtree before continuing
568
    clearTemporaryAccounts();
569 8877 tao
570
    # Check if the uid was taken in the production space
571
    my @attrs = [ 'uid', 'o', 'ou', 'cn', 'mail', 'telephoneNumber', 'title' ];
572
    my $uidExists;
573
    my $uid=$query->param('uid');
574
    my $uidFilter = "uid=" . $uid;
575
    my $newSearchBase = $ldapConfig->{$query->param('o')}{'org'} . "," .  $searchBase;
576
    debug("the new search base is $newSearchBase");
577
    $uidExists = uidExists($ldapurl, $newSearchBase, $uidFilter, \@attrs);
578
    debug("the result of uidExists $uidExists");
579
    if($uidExists) {
580
         print "Content-type: text/html\n\n";
581
            my $errorMessage = $uidExists;
582
            fullTemplate( ['registerFailed', 'register'], { stage => "register",
583
                                                            allParams => $allParams,
584
                                                            errorMessage => $errorMessage });
585
            exit();
586
    }
587 8880 tao
588 2341 sgarg
    # Search LDAP for matching entries that already exist
589
    # Some forms use a single text search box, whereas others search per
590
    # attribute.
591
    my $filter;
592
    if ($query->param('searchField')) {
593
594
      $filter = "(|" .
595
                "(uid=" . $query->param('searchField') . ") " .
596
                "(mail=" . $query->param('searchField') . ")" .
597
                "(&(sn=" . $query->param('searchField') . ") " .
598
                "(givenName=" . $query->param('searchField') . "))" .
599
                ")";
600
    } else {
601
      $filter = "(|" .
602
                "(uid=" . $query->param('uid') . ") " .
603
                "(mail=" . $query->param('mail') . ")" .
604
                "(&(sn=" . $query->param('sn') . ") " .
605
                "(givenName=" . $query->param('givenName') . "))" .
606
                ")";
607
    }
608
609 8880 tao
610 2341 sgarg
    my $found = findExistingAccounts($ldapurl, $searchBase, $filter, \@attrs);
611
612
    # If entries match, send back a request to confirm new-user creation
613
    if ($found) {
614 8261 tao
      print "Content-type: text/html\n\n";
615 4080 daigle
      fullTemplate( ['registerMatch', 'register'], { stage => "registerconfirmed",
616
                                                     allParams => $allParams,
617
                                                     foundAccounts => $found });
618 2341 sgarg
    # Otherwise, create a new user in the LDAP directory
619
    } else {
620 8180 tao
        createTemporaryAccount($allParams);
621 2341 sgarg
    }
622
623
    exit();
624
}
625
626
#
627
# process input from the registerconfirmed stage, which occurs when
628
# a user chooses to create an account despite similarities to other
629
# existing accounts
630
#
631
sub handleRegisterConfirmed {
632
633
    my $allParams = { 'givenName' => $query->param('givenName'),
634
                      'sn' => $query->param('sn'),
635 8207 tao
                      'o' => $query->param('o'),
636 2341 sgarg
                      'mail' => $query->param('mail'),
637
                      'uid' => $query->param('uid'),
638
                      'userPassword' => $query->param('userPassword'),
639
                      'userPassword2' => $query->param('userPassword2'),
640
                      'title' => $query->param('title'),
641
                      'telephoneNumber' => $query->param('telephoneNumber') };
642 8258 tao
    #print "Content-type: text/html\n\n";
643 8180 tao
    createTemporaryAccount($allParams);
644 2341 sgarg
    exit();
645
}
646
647
#
648
# change a user's password upon request
649
#
650
sub handleChangePassword {
651
652
    print "Content-type: text/html\n\n";
653
654
    my $allParams = { 'test' => "1", };
655
    if ($query->param('uid')) {
656
        $$allParams{'uid'} = $query->param('uid');
657
    }
658
    if ($query->param('o')) {
659
        $$allParams{'o'} = $query->param('o');
660 2972 jones
        my $o = $query->param('o');
661
662 4080 daigle
        $searchBase = $ldapConfig->{$o}{'base'};
663 2341 sgarg
    }
664
665
666
    # Check that all required fields are provided and not null
667
    my @requiredParams = ( 'uid', 'o', 'oldpass',
668
                           'userPassword', 'userPassword2');
669
    if (! paramsAreValid(@requiredParams)) {
670
        my $errorMessage = "Required information is missing. " .
671
            "Please fill in all required fields and submit the form.";
672 4080 daigle
        fullTemplate( ['changePass'], { stage => "changepass",
673
                                        allParams => $allParams,
674
                                        errorMessage => $errorMessage });
675
        exit();
676 2341 sgarg
    }
677
678
    # We have all of the info we need, so try to change the password
679 8880 tao
    if ($query->param('userPassword') eq $query->param('userPassword2')) {
680 2341 sgarg
681 2972 jones
        my $o = $query->param('o');
682 4080 daigle
        $searchBase = $ldapConfig->{$o}{'base'};
683
        $ldapUsername = $ldapConfig->{$o}{'user'};
684
        $ldapPassword = $ldapConfig->{$o}{'password'};
685 2341 sgarg
686 4080 daigle
        my $dn = "uid=" . $query->param('uid') . "," . $ldapConfig->{$o}{'dn'};;
687 2341 sgarg
        if ($query->param('o') =~ "LTER") {
688 4080 daigle
            fullTemplate( ['registerLter'] );
689 2341 sgarg
        } else {
690
            my $errorMessage = changePassword(
691
                    $dn, $query->param('userPassword'),
692
                    $dn, $query->param('oldpass'), $query->param('o'));
693 2972 jones
            if ($errorMessage) {
694 4080 daigle
                fullTemplate( ['changePass'], { stage => "changepass",
695
                                                allParams => $allParams,
696
                                                errorMessage => $errorMessage });
697
                exit();
698 2341 sgarg
            } else {
699 4080 daigle
                fullTemplate( ['changePassSuccess'], { stage => "changepass",
700
                                                       allParams => $allParams });
701
                exit();
702 2341 sgarg
            }
703
        }
704
    } else {
705
        my $errorMessage = "The passwords do not match. Try again.";
706 4080 daigle
        fullTemplate( ['changePass'], { stage => "changepass",
707
                                        allParams => $allParams,
708
                                        errorMessage => $errorMessage });
709
        exit();
710 2341 sgarg
    }
711
}
712
713
#
714 2414 sgarg
# change a user's password upon request - no input params
715
# only display chagepass template without any error
716
#
717
sub handleInitialChangePassword {
718
    print "Content-type: text/html\n\n";
719
720
    my $allParams = { 'test' => "1", };
721
    my $errorMessage = "";
722 4080 daigle
    fullTemplate( ['changePass'], { stage => "changepass",
723
                                    errorMessage => $errorMessage });
724
    exit();
725 2414 sgarg
}
726
727
#
728 2341 sgarg
# reset a user's password upon request
729
#
730
sub handleResetPassword {
731
732
    print "Content-type: text/html\n\n";
733
734
    my $allParams = { 'test' => "1", };
735
    if ($query->param('uid')) {
736
        $$allParams{'uid'} = $query->param('uid');
737
    }
738
    if ($query->param('o')) {
739
        $$allParams{'o'} = $query->param('o');
740 2972 jones
        my $o = $query->param('o');
741
742 4080 daigle
        $searchBase = $ldapConfig->{$o}{'base'};
743 4868 walbridge
        $ldapUsername = $ldapConfig->{$o}{'user'};
744 4080 daigle
        $ldapPassword = $ldapConfig->{$o}{'password'};
745 2341 sgarg
    }
746
747
    # Check that all required fields are provided and not null
748
    my @requiredParams = ( 'uid', 'o' );
749
    if (! paramsAreValid(@requiredParams)) {
750
        my $errorMessage = "Required information is missing. " .
751
            "Please fill in all required fields and submit the form.";
752 4080 daigle
        fullTemplate( ['resetPass'],  { stage => "resetpass",
753
                                        allParams => $allParams,
754
                                        errorMessage => $errorMessage });
755
        exit();
756 2341 sgarg
    }
757
758
    # We have all of the info we need, so try to change the password
759
    my $o = $query->param('o');
760 4080 daigle
    my $dn = "uid=" . $query->param('uid') . "," . $ldapConfig->{$o}{'dn'};
761 4866 walbridge
    debug("handleResetPassword: dn: $dn");
762 2341 sgarg
    if ($query->param('o') =~ "LTER") {
763 4080 daigle
        fullTemplate( ['registerLter'] );
764
        exit();
765 2341 sgarg
    } else {
766
        my $errorMessage = "";
767
        my $recipient;
768
        my $userPass;
769
        my $entry = getLdapEntry($ldapurl, $searchBase,
770
                $query->param('uid'), $query->param('o'));
771
772
        if ($entry) {
773
            $recipient = $entry->get_value('mail');
774
            $userPass = getRandomPassword();
775 4080 daigle
            $errorMessage = changePassword($dn, $userPass, $ldapUsername, $ldapPassword, $query->param('o'));
776 2341 sgarg
        } else {
777
            $errorMessage = "User not found in database.  Please try again.";
778
        }
779
780
        if ($errorMessage) {
781 4080 daigle
            fullTemplate( ['resetPass'], { stage => "resetpass",
782
                                           allParams => $allParams,
783
                                           errorMessage => $errorMessage });
784
            exit();
785 2341 sgarg
        } else {
786
            my $errorMessage = sendPasswordNotification($query->param('uid'),
787 2972 jones
                    $query->param('o'), $userPass, $recipient, $cfg);
788 4080 daigle
            fullTemplate( ['resetPassSuccess'], { stage => "resetpass",
789
                                                  allParams => $allParams,
790
                                                  errorMessage => $errorMessage });
791
            exit();
792 2341 sgarg
        }
793
    }
794
}
795
796
#
797 2414 sgarg
# reset a user's password upon request- no initial params
798
# only display resetpass template without any error
799
#
800
sub handleInitialResetPassword {
801
    print "Content-type: text/html\n\n";
802
    my $errorMessage = "";
803 4080 daigle
    fullTemplate( ['resetPass'], { stage => "resetpass",
804
                                   errorMessage => $errorMessage });
805
    exit();
806 2414 sgarg
}
807
808
#
809 2341 sgarg
# Construct a random string to use for a newly reset password
810
#
811
sub getRandomPassword {
812
    my $length = shift;
813
    if (!$length) {
814
        $length = 8;
815
    }
816
    my $newPass = "";
817
818
    my @chars = ( "A" .. "Z", "a" .. "z", 0 .. 9, qw(! @ $ ^) );
819
    $newPass = join("", @chars[ map { rand @chars } ( 1 .. $length ) ]);
820
    return $newPass;
821
}
822
823
#
824
# Change a password to a new value, binding as the provided user
825
#
826
sub changePassword {
827
    my $userDN = shift;
828
    my $userPass = shift;
829
    my $bindDN = shift;
830
    my $bindPass = shift;
831
    my $o = shift;
832
833 4080 daigle
    my $searchBase = $ldapConfig->{$o}{'base'};
834 4868 walbridge
835 2341 sgarg
    my $errorMessage = 0;
836 3177 tao
    my $ldap;
837 4868 walbridge
838 4771 walbridge
    #if main ldap server is down, a html file containing warning message will be returned
839
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
840 4394 walbridge
841 4849 daigle
    if ($ldap) {
842 8403 tao
        $ldap->start_tls( verify => 'require',
843
                      cafile => $ldapServerCACertFile);
844 4868 walbridge
        debug("changePassword: attempting to bind to $bindDN");
845
        my $bindresult = $ldap->bind( version => 3, dn => $bindDN,
846 2341 sgarg
                                  password => $bindPass );
847 4868 walbridge
        if ($bindresult->code) {
848
            $errorMessage = "Failed to log in. Are you sure your connection credentails are " .
849
                            "correct? Please correct and try again...";
850
            return $errorMessage;
851
        }
852 2341 sgarg
853 4849 daigle
    	# Find the user here and change their entry
854
    	my $newpass = createSeededPassHash($userPass);
855
    	my $modifications = { userPassword => $newpass };
856 4868 walbridge
      debug("changePass: setting password for $userDN to $newpass");
857 4849 daigle
    	my $result = $ldap->modify( $userDN, replace => { %$modifications });
858 2341 sgarg
859 4849 daigle
    	if ($result->code()) {
860 4866 walbridge
            debug("changePass: error changing password: " . $result->error);
861
        	$errorMessage = "There was an error changing the password:" .
862 2341 sgarg
                           "<br />\n" . $result->error;
863 4849 daigle
    	}
864
    	$ldap->unbind;   # take down session
865
    }
866 2341 sgarg
867
    return $errorMessage;
868
}
869
870
#
871
# generate a Seeded SHA1 hash of a plaintext password
872
#
873
sub createSeededPassHash {
874
    my $secret = shift;
875
876
    my $salt = "";
877
    for (my $i=0; $i < 4; $i++) {
878
        $salt .= int(rand(10));
879
    }
880
881
    my $ctx = Digest::SHA1->new;
882
    $ctx->add($secret);
883
    $ctx->add($salt);
884
    my $hashedPasswd = '{SSHA}' . encode_base64($ctx->digest . $salt ,'');
885
886
    return $hashedPasswd;
887
}
888
889
#
890
# Look up an ldap entry for a user
891
#
892
sub getLdapEntry {
893
    my $ldapurl = shift;
894
    my $base = shift;
895
    my $username = shift;
896
    my $org = shift;
897
898
    my $entry = "";
899
    my $mesg;
900 3177 tao
    my $ldap;
901 4749 walbridge
    debug("ldap server: $ldapurl");
902 4394 walbridge
903
    #if main ldap server is down, a html file containing warning message will be returned
904 4771 walbridge
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
905 4849 daigle
906
    if ($ldap) {
907 8501 tao
        $ldap->start_tls( verify => 'none');
908
        #$ldap->start_tls( verify => 'require',
909
        #              cafile => $ldapServerCACertFile);
910 4849 daigle
    	my $bindresult = $ldap->bind;
911
    	if ($bindresult->code) {
912
        	return $entry;
913
    	}
914 2341 sgarg
915 8415 tao
        $base = $ldapConfig->{$org}{'org'} . ',' . $base;
916
        debug("getLdapEntry, searching for $base, (uid=$username)");
917
        $mesg = $ldap->search ( base   => $base, filter => "(uid=$username)");
918
    	#if($ldapConfig->{$org}{'filter'}){
919
            #debug("getLdapEntry: filter set, searching for base=$base, " .
920
                  #"(&(uid=$username)($ldapConfig->{$org}{'filter'}))");
921
        	#$mesg = $ldap->search ( base   => $base,
922
                #filter => "(&(uid=$username)($ldapConfig->{$org}{'filter'}))");
923
    	#} else {
924
            #debug("getLdapEntry: no filter, searching for $base, (uid=$username)");
925
        	#$mesg = $ldap->search ( base   => $base, filter => "(uid=$username)");
926
    	#}
927 3177 tao
928 4849 daigle
    	if ($mesg->count > 0) {
929
        	$entry = $mesg->pop_entry;
930
        	$ldap->unbind;   # take down session
931
    	} else {
932
        	$ldap->unbind;   # take down session
933
        	# Follow references by recursive call to self
934
        	my @references = $mesg->references();
935
        	for (my $i = 0; $i <= $#references; $i++) {
936
            	my $uri = URI->new($references[$i]);
937
            	my $host = $uri->host();
938
            	my $path = $uri->path();
939
            	$path =~ s/^\///;
940
            	$entry = &getLdapEntry($host, $path, $username, $org);
941
            	if ($entry) {
942 4865 walbridge
                    debug("getLdapEntry: recursion found $host, $path, $username, $org");
943 4849 daigle
                	return $entry;
944
            	}
945
        	}
946
    	}
947 2341 sgarg
    }
948
    return $entry;
949
}
950
951
#
952
# send an email message notifying the user of the pw change
953
#
954
sub sendPasswordNotification {
955
    my $username = shift;
956
    my $org = shift;
957
    my $newPass = shift;
958
    my $recipient = shift;
959 2972 jones
    my $cfg = shift;
960 2341 sgarg
961
    my $errorMessage = "";
962
    if ($recipient) {
963 8254 leinfelder
964 4771 walbridge
        my $mailhost = $properties->getProperty('email.mailhost');
965 8197 tao
        my $sender;
966
        $sender = $skinProperties->getProperty("email.sender") or $sender = $properties->getProperty('email.sender');
967 2341 sgarg
        # Send the email message to them
968
        my $smtp = Net::SMTP->new($mailhost);
969
        $smtp->mail($sender);
970
        $smtp->to($recipient);
971
972
        my $message = <<"        ENDOFMESSAGE";
973
        To: $recipient
974
        From: $sender
975 8234 tao
        Subject: Your Account Password Reset
976 2341 sgarg
977 8234 tao
        Somebody (hopefully you) requested that your account password be reset.
978 8259 leinfelder
        Your temporary password is below. Please change it as soon as possible
979 8413 tao
        at: $contextUrl/style/skins/account/.
980 2341 sgarg
981
            Username: $username
982
        Organization: $org
983
        New Password: $newPass
984
985
        Thanks,
986 8234 tao
            $sender
987 2341 sgarg
988
        ENDOFMESSAGE
989
        $message =~ s/^[ \t\r\f]+//gm;
990
991
        $smtp->data($message);
992
        $smtp->quit;
993
    } else {
994
        $errorMessage = "Failed to send password because I " .
995
                        "couldn't find a valid email address.";
996
    }
997
    return $errorMessage;
998
}
999
1000
#
1001 8877 tao
# search the LDAP production space to see if a uid already exists
1002
#
1003
sub uidExists {
1004
    my $ldapurl = shift;
1005
    debug("the ldap ulr is $ldapurl");
1006
    my $base = shift;
1007
    debug("the base is $base");
1008
    my $filter = shift;
1009
    debug("the filter is $filter");
1010
    my $attref = shift;
1011
1012
    my $ldap;
1013
    my $mesg;
1014
1015
    my $foundAccounts = 0;
1016
1017
    #if main ldap server is down, a html file containing warning message will be returned
1018
    debug("uidExists: connecting to $ldapurl, $timeout");
1019
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1020
    if ($ldap) {
1021
        $ldap->start_tls( verify => 'none');
1022
        #$ldap->start_tls( verify => 'require',
1023
        #              cafile => $ldapServerCACertFile);
1024
        $ldap->bind( version => 3, anonymous => 1);
1025
        $mesg = $ldap->search (
1026
            base   => $base,
1027
            filter => $filter,
1028
            attrs => @$attref,
1029
        );
1030
        debug("the message count is " . $mesg->count());
1031
        if ($mesg->count() > 0) {
1032
            $foundAccounts = "The username has been taken already by another user. Please choose a different one.";
1033
1034
        }
1035
        $ldap->unbind;   # take down session
1036
    } else {
1037
        $foundAccounts = "The ldap server is not running";
1038
    }
1039
    return $foundAccounts;
1040
}
1041
1042
#
1043 2341 sgarg
# search the LDAP directory to see if a similar account already exists
1044
#
1045
sub findExistingAccounts {
1046
    my $ldapurl = shift;
1047
    my $base = shift;
1048
    my $filter = shift;
1049
    my $attref = shift;
1050 8221 tao
    my $notHtmlFormat = shift;
1051 3175 tao
    my $ldap;
1052 4847 daigle
    my $mesg;
1053 2341 sgarg
1054
    my $foundAccounts = 0;
1055 4749 walbridge
1056 4394 walbridge
    #if main ldap server is down, a html file containing warning message will be returned
1057 4868 walbridge
    debug("findExistingAccounts: connecting to $ldapurl, $timeout");
1058 4771 walbridge
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1059 4845 daigle
    if ($ldap) {
1060 8501 tao
    	$ldap->start_tls( verify => 'none');
1061
    	#$ldap->start_tls( verify => 'require',
1062
        #              cafile => $ldapServerCACertFile);
1063 4845 daigle
    	$ldap->bind( version => 3, anonymous => 1);
1064 4848 daigle
		$mesg = $ldap->search (
1065 4845 daigle
			base   => $base,
1066
			filter => $filter,
1067
			attrs => @$attref,
1068
		);
1069 2341 sgarg
1070 4845 daigle
	    if ($mesg->count() > 0) {
1071
			$foundAccounts = "";
1072
			my $entry;
1073
			foreach $entry ($mesg->all_entries) {
1074 5650 walbridge
                # a fix to ignore 'ou=Account' properties which are not usable accounts within Metacat.
1075
                # this could be done directly with filters on the LDAP connection, instead.
1076 8217 tao
                #if ($entry->dn !~ /ou=Account/) {
1077 8221 tao
                    if($notHtmlFormat) {
1078
                        $foundAccounts .= "\nAccount: ";
1079
                    } else {
1080
                        $foundAccounts .= "<p>\n<b><u>Account:</u> ";
1081
                    }
1082 5650 walbridge
                    $foundAccounts .= $entry->dn();
1083 8221 tao
                    if($notHtmlFormat) {
1084
                        $foundAccounts .= "\n";
1085
                    } else {
1086
                        $foundAccounts .= "</b><br />\n";
1087
                    }
1088 5650 walbridge
                    foreach my $attribute ($entry->attributes()) {
1089
                        my $value = $entry->get_value($attribute);
1090
                        $foundAccounts .= "$attribute: ";
1091
                        $foundAccounts .= $value;
1092 8221 tao
                         if($notHtmlFormat) {
1093
                            $foundAccounts .= "\n";
1094
                        } else {
1095
                            $foundAccounts .= "<br />\n";
1096
                        }
1097 5650 walbridge
                    }
1098 8221 tao
                    if($notHtmlFormat) {
1099
                        $foundAccounts .= "\n";
1100
                    } else {
1101
                        $foundAccounts .= "</p>\n";
1102
                    }
1103
1104 8217 tao
                #}
1105 4845 daigle
			}
1106 2341 sgarg
        }
1107 4845 daigle
    	$ldap->unbind;   # take down session
1108 2341 sgarg
1109 4848 daigle
    	# Follow references
1110
    	my @references = $mesg->references();
1111
    	for (my $i = 0; $i <= $#references; $i++) {
1112
        	my $uri = URI->new($references[$i]);
1113
        	my $host = $uri->host();
1114
        	my $path = $uri->path();
1115
        	$path =~ s/^\///;
1116 8254 leinfelder
        	my $refFound = &findExistingAccounts($host, $path, $filter, $attref, $notHtmlFormat);
1117 4848 daigle
        	if ($refFound) {
1118
            	$foundAccounts .= $refFound;
1119
        	}
1120
    	}
1121 2341 sgarg
    }
1122
1123
    #print "<p>Checking referrals...</p>\n";
1124
    #my @referrals = $mesg->referrals();
1125
    #print "<p>Referrals count: ", scalar(@referrals), "</p>\n";
1126
    #for (my $i = 0; $i <= $#referrals; $i++) {
1127
        #print "<p>Referral: ", $referrals[$i], "</p>\n";
1128
    #}
1129
1130
    return $foundAccounts;
1131
}
1132
1133
#
1134
# Validate that we have the proper set of input parameters
1135
#
1136
sub paramsAreValid {
1137
    my @pnames = @_;
1138
1139
    my $allValid = 1;
1140
    foreach my $parameter (@pnames) {
1141
        if (!defined($query->param($parameter)) ||
1142
            ! $query->param($parameter) ||
1143
            $query->param($parameter) =~ /^\s+$/) {
1144
            $allValid = 0;
1145
        }
1146
    }
1147
1148
    return $allValid;
1149
}
1150
1151
#
1152 8175 tao
# Create a temporary account for a user and send an email with a link which can click for the
1153
# verification. This is used to protect the ldap server against spams.
1154
#
1155
sub createTemporaryAccount {
1156
    my $allParams = shift;
1157 8180 tao
    my $org = $query->param('o');
1158 8220 tao
    my $ldapUsername = $ldapConfig->{$org}{'user'};
1159
    my $ldapPassword = $ldapConfig->{$org}{'password'};
1160
    my $tmp = 1;
1161 8185 tao
1162 8220 tao
    ################## Search LDAP to see if the dc=tmp which stores the inactive accounts exist or not. If it doesn't exist, it will be generated
1163
    my $orgAuthBase = $ldapConfig->{$org}{'base'};
1164
    my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase;
1165
    my $tmpFilter = "dc=tmp";
1166
    my @attributes=['dc'];
1167
    my $foundTmp = searchDirectory($ldapurl, $orgAuthBase, $tmpFilter, \@attributes);
1168
    if (!$foundTmp) {
1169
        my $dn = $tmpSearchBase;
1170
        my $additions = [
1171
                    'dc' => 'tmp',
1172
                    'o'  => 'tmp',
1173
                    'objectclass' => ['top', 'dcObject', 'organization']
1174
                    ];
1175
        createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams);
1176
    } else {
1177
     debug("found the tmp space");
1178
    }
1179 8175 tao
1180 8220 tao
    ################## Search LDAP for matching o or ou under the dc=tmp that already exist. If it doesn't exist, it will be generated
1181 8201 tao
    my $filter = $ldapConfig->{$org}{'filter'};
1182 8220 tao
1183 8176 tao
    debug("search filer " . $filter);
1184
    debug("ldap server ". $ldapurl);
1185
    debug("sesarch base " . $tmpSearchBase);
1186 8262 tao
    #print "Content-type: text/html\n\n";
1187 8175 tao
    my @attrs = ['o', 'ou' ];
1188
    my $found = searchDirectory($ldapurl, $tmpSearchBase, $filter, \@attrs);
1189 8220 tao
1190
    my @organizationInfo = split('=', $ldapConfig->{$org}{'org'}); #split 'o=NCEAS' or something like that
1191
    my $organization = $organizationInfo[0]; # This will be 'o' or 'ou'
1192
    my $organizationName = $organizationInfo[1]; # This will be 'NCEAS' or 'Account'
1193 8180 tao
1194 8176 tao
    if(!$found) {
1195 8180 tao
        debug("generate the subtree in the dc=tmp===========================");
1196 8176 tao
        #need to generate the subtree o or ou
1197 8220 tao
        my $additions;
1198 8207 tao
            if($organization eq 'ou') {
1199
                $additions = [
1200
                    $organization   => $organizationName,
1201
                    'objectclass' => ['top', 'organizationalUnit']
1202
                    ];
1203
1204
            } else {
1205
                $additions = [
1206
                    $organization   => $organizationName,
1207
                    'objectclass' => ['top', 'organization']
1208
                    ];
1209
1210
            }
1211 8220 tao
        my $dn=$ldapConfig->{$org}{'org'} . ',' . $tmpSearchBase;
1212
        createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams);
1213 8176 tao
    }
1214 8175 tao
1215 8180 tao
    ################create an account under tmp subtree
1216 8176 tao
1217 8413 tao
     my $dn_store_next_uid=$properties->getProperty('ldap.nextuid.storing.dn');
1218
    my $attribute_name_store_next_uid = $properties->getProperty('ldap.nextuid.storing.attributename');
1219 8411 tao
    #get the next avaliable uid number. If it fails, the program will exist.
1220
    my $nextUidNumber = getNextUidNumber($ldapUsername, $ldapPassword);
1221
    if(!$nextUidNumber) {
1222
        print "Content-type: text/html\n\n";
1223
         my $sender;
1224
        $sender = $skinProperties->getProperty("email.recipient") or $sender = $properties->getProperty('email.recipient');
1225 8413 tao
        my $errorMessage = "The Identity Service can't get the next avaliable uid number. Please try again.  If the issue persists, please contact the administrator - $sender.
1226
                           The possible reasons are: the dn - $dn_store_next_uid or its attribute - $attribute_name_store_next_uid don't exist; the value of the attribute - $attribute_name_store_next_uid
1227
                           is not a number; or lots of users were registering and you couldn't get a lock on the dn - $dn_store_next_uid.";
1228 8411 tao
        fullTemplate(['register'], { stage => "register",
1229
                                     allParams => $allParams,
1230
                                     errorMessage => $errorMessage });
1231
        exit(0);
1232
    }
1233
    my $cn = join(" ", $query->param('givenName'), $query->param('sn'));
1234 8180 tao
    #generate a randomstr for matching the email.
1235
    my $randomStr = getRandomPassword(16);
1236
    # Create a hashed version of the password
1237
    my $shapass = createSeededPassHash($query->param('userPassword'));
1238
    my $additions = [
1239
                'uid'   => $query->param('uid'),
1240 8411 tao
                'cn'   => $cn,
1241 8180 tao
                'sn'   => $query->param('sn'),
1242
                'givenName'   => $query->param('givenName'),
1243
                'mail' => $query->param('mail'),
1244
                'userPassword' => $shapass,
1245
                'employeeNumber' => $randomStr,
1246 8411 tao
                'uidNumber' => $nextUidNumber,
1247
                'gidNumber' => $nextUidNumber,
1248
                'loginShell' => '/sbin/nologin',
1249
                'homeDirectory' => '/dev/null',
1250 8180 tao
                'objectclass' => ['top', 'person', 'organizationalPerson',
1251 8411 tao
                                'inetOrgPerson', 'posixAccount', 'shadowAccount' ],
1252 8201 tao
                $organization   => $organizationName
1253 8180 tao
                ];
1254 8411 tao
    my $gecos;
1255 8180 tao
    if (defined($query->param('telephoneNumber')) &&
1256
                $query->param('telephoneNumber') &&
1257
                ! $query->param('telephoneNumber') =~ /^\s+$/) {
1258
                $$additions[$#$additions + 1] = 'telephoneNumber';
1259
                $$additions[$#$additions + 1] = $query->param('telephoneNumber');
1260 8411 tao
                $gecos = $cn . ',,'. $query->param('telephoneNumber'). ',';
1261
    } else {
1262
        $gecos = $cn . ',,,';
1263 8180 tao
    }
1264 8411 tao
1265
    $$additions[$#$additions + 1] = 'gecos';
1266
    $$additions[$#$additions + 1] = $gecos;
1267
1268 8180 tao
    if (defined($query->param('title')) &&
1269
                $query->param('title') &&
1270
                ! $query->param('title') =~ /^\s+$/) {
1271
                $$additions[$#$additions + 1] = 'title';
1272
                $$additions[$#$additions + 1] = $query->param('title');
1273
    }
1274 8201 tao
1275
1276
    #$$additions[$#$additions + 1] = 'o';
1277
    #$$additions[$#$additions + 1] = $org;
1278
    my $dn='uid=' . $query->param('uid') . ',' . $ldapConfig->{$org}{'org'} . ',' . $tmpSearchBase;
1279 8220 tao
    createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams);
1280 8176 tao
1281 8180 tao
1282
    ####################send the verification email to the user
1283 8253 leinfelder
    my $link = '/' . $context . '/cgi-bin/ldapweb.cgi?cfg=' . $skinName . '&' . 'stage=' . $emailVerification . '&' . 'dn=' . $dn . '&' . 'hash=' . $randomStr . '&o=' . $org . '&uid=' . $query->param('uid'); #even though we use o=something. The emailVerification will figure the real o= or ou=something.
1284 8180 tao
1285 8253 leinfelder
    my $overrideURL;
1286
    $overrideURL = $skinProperties->getProperty("email.overrideURL");
1287 8411 tao
    debug("the overrideURL is $overrideURL");
1288 8253 leinfelder
    if (defined($overrideURL) && !($overrideURL eq '')) {
1289
    	$link = $serverUrl . $overrideURL . $link;
1290
    } else {
1291
    	$link = $serverUrl . $link;
1292
    }
1293
1294 8181 tao
    my $mailhost = $properties->getProperty('email.mailhost');
1295 8197 tao
    my $sender;
1296
    $sender = $skinProperties->getProperty("email.sender") or $sender = $properties->getProperty('email.sender');
1297
    debug("the sender is " . $sender);
1298 8181 tao
    my $recipient = $query->param('mail');
1299
    # Send the email message to them
1300 8191 tao
    my $smtp = Net::SMTP->new($mailhost) or do {
1301
                                                  fullTemplate( ['registerFailed'], {errorMessage => "The temporary account " . $dn . " was created successfully. However, the vertification email can't be sent to you because the email server has some issues. Please contact " .
1302
                                                  $skinProperties->getProperty("email.recipient") . "." });
1303
                                                  exit(0);
1304
                                               };
1305 8181 tao
    $smtp->mail($sender);
1306
    $smtp->to($recipient);
1307
1308
    my $message = <<"     ENDOFMESSAGE";
1309
    To: $recipient
1310
    From: $sender
1311 8239 leinfelder
    Subject: New Account Activation
1312 8181 tao
1313 8413 tao
    Somebody (hopefully you) registered an account on $contextUrl/style/skins/account/.
1314 8181 tao
    Please click the following link to activate your account.
1315
    If the link doesn't work, please copy the link to your browser:
1316
1317
    $link
1318
1319
    Thanks,
1320 8234 tao
        $sender
1321 8181 tao
1322
     ENDOFMESSAGE
1323
     $message =~ s/^[ \t\r\f]+//gm;
1324
1325
     $smtp->data($message);
1326
     $smtp->quit;
1327 8182 tao
    debug("the link is " . $link);
1328 8181 tao
    fullTemplate( ['success'] );
1329
1330 8175 tao
}
1331
1332
#
1333 8220 tao
# Bind to LDAP and create a new item (a user or subtree) using the information provided
1334 2341 sgarg
# by the user
1335
#
1336 8220 tao
sub createItem {
1337 8180 tao
    my $dn = shift;
1338
    my $ldapUsername = shift;
1339
    my $ldapPassword = shift;
1340
    my $additions = shift;
1341
    my $temp = shift; #if it is for a temporary account.
1342
    my $allParams = shift;
1343
1344
    my @failureTemplate;
1345
    if($temp){
1346
        @failureTemplate = ['registerFailed', 'register'];
1347
    } else {
1348
        @failureTemplate = ['registerFailed'];
1349
    }
1350
    print "Content-type: text/html\n\n";
1351
    debug("the dn is " . $dn);
1352
    debug("LDAP connection to $ldapurl...");
1353
    #if main ldap server is down, a html file containing warning message will be returned
1354
    my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1355
    if ($ldap) {
1356 8403 tao
            $ldap->start_tls( verify => 'require',
1357
                      cafile => $ldapServerCACertFile);
1358 8180 tao
            debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword");
1359 8185 tao
            $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword );
1360 8180 tao
            my $result = $ldap->add ( 'dn' => $dn, 'attr' => [@$additions ]);
1361
            if ($result->code()) {
1362
                fullTemplate(@failureTemplate, { stage => "register",
1363
                                                            allParams => $allParams,
1364
                                                            errorMessage => $result->error });
1365 8220 tao
                exist(0);
1366 8180 tao
                # TODO SCW was included as separate errors, test this
1367
                #$templateVars    = setVars({ stage => "register",
1368
                #                     allParams => $allParams });
1369
                #$template->process( $templates->{'register'}, $templateVars);
1370
            } else {
1371 8181 tao
                #fullTemplate( ['success'] );
1372 8180 tao
            }
1373
            $ldap->unbind;   # take down session
1374
1375
    } else {
1376
         fullTemplate(@failureTemplate, { stage => "register",
1377
                                                            allParams => $allParams,
1378
                                                            errorMessage => "The ldap server is not available now. Please try it later"});
1379
         exit(0);
1380
    }
1381
1382
}
1383
1384 2341 sgarg
1385
1386
1387
1388
1389 8185 tao
#
1390
# This subroutine will handle a email verification:
1391
# If the hash string matches the one store in the ldap, the account will be
1392
# copied from the temporary space to the permanent tree and the account in
1393
# the temporary space will be removed.
1394
sub handleEmailVerification {
1395
1396
    my $cfg = $query->param('cfg');
1397
    my $dn = $query->param('dn');
1398
    my $hash = $query->param('hash');
1399
    my $org = $query->param('o');
1400
    my $uid = $query->param('uid');
1401
1402
    my $ldapUsername;
1403
    my $ldapPassword;
1404 8211 tao
    #my $orgAuthBase;
1405
1406
    $ldapUsername = $ldapConfig->{$org}{'user'};
1407
    $ldapPassword = $ldapConfig->{$org}{'password'};
1408
    #$orgAuthBase = $ldapConfig->{$org}{'base'};
1409
1410 8185 tao
    debug("LDAP connection to $ldapurl...");
1411
1412
1413
   print "Content-type: text/html\n\n";
1414
   #if main ldap server is down, a html file containing warning message will be returned
1415
   my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1416
   if ($ldap) {
1417 8403 tao
        $ldap->start_tls( verify => 'require',
1418
                      cafile => $ldapServerCACertFile);
1419 8185 tao
        $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword );
1420 8211 tao
        my $mesg = $ldap->search(base => $dn, scope => 'base', filter => '(objectClass=*)'); #This dn is with the dc=tmp. So it will find out the temporary account registered in registration step.
1421 8185 tao
        my $max = $mesg->count;
1422
        debug("the count is " . $max);
1423
        if($max < 1) {
1424
            $ldap->unbind;   # take down session
1425 8216 tao
            fullTemplate( ['verificationFailed'], {errorMessage => "No record matched the dn " . $dn . " for the activation. You probably already activated the account."});
1426 8185 tao
            #handleLDAPBindFailure($ldapurl);
1427
            exit(0);
1428
        } else {
1429
            #check if the hash string match
1430
            my $entry = $mesg->entry (0);
1431
            my $hashStrFromLdap = $entry->get_value('employeeNumber');
1432
            if( $hashStrFromLdap eq $hash) {
1433
                #my $additions = [ ];
1434
                #foreach my $attr ( $entry->attributes ) {
1435
                    #if($attr ne 'employeeNumber') {
1436
                        #$$additions[$#$additions + 1] = $attr;
1437
                        #$$additions[$#$additions + 1] = $entry->get_value( $attr );
1438
                    #}
1439
                #}
1440 8211 tao
1441
1442
                my $orgDn = $ldapConfig->{$org}{'dn'}; #the DN for the organization.
1443 8185 tao
                $mesg = $ldap->moddn(
1444
                            dn => $dn,
1445
                            deleteoldrdn => 1,
1446
                            newrdn => "uid=" . $uid,
1447 8211 tao
                            newsuperior  =>  $orgDn);
1448 8185 tao
                $ldap->unbind;   # take down session
1449 8186 tao
                if($mesg->code()) {
1450 8216 tao
                    fullTemplate( ['verificationFailed'], {errorMessage => "Cannot move the account from the inactive area to the ative area since " . $mesg->error()});
1451 8185 tao
                    exit(0);
1452
                } else {
1453 8216 tao
                    fullTemplate( ['verificationSuccess'] );
1454 8185 tao
                }
1455
                #createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams);
1456
            } else {
1457
                $ldap->unbind;   # take down session
1458 8216 tao
                fullTemplate( ['verificationFailed'], {errorMessage => "The hash string " . $hash . " from your link doesn't match our record."});
1459 8185 tao
                exit(0);
1460
            }
1461
1462
        }
1463
    } else {
1464
        handleLDAPBindFailure($ldapurl);
1465
        exit(0);
1466
    }
1467
1468
}
1469
1470 2341 sgarg
sub handleResponseMessage {
1471
1472
  print "Content-type: text/html\n\n";
1473
  my $errorMessage = "You provided invalid input to the script. " .
1474
                     "Try again please.";
1475 4080 daigle
  fullTemplate( [], { stage => $templates->{'stage'},
1476
                      errorMessage => $errorMessage });
1477
  exit();
1478 2341 sgarg
}
1479
1480
#
1481
# perform a simple search against the LDAP database using
1482
# a small subset of attributes of each dn and return it
1483
# as a table to the calling browser.
1484
#
1485
sub handleSimpleSearch {
1486
1487
    my $o = $query->param('o');
1488
1489 4080 daigle
    my $ldapurl = $ldapConfig->{$o}{'url'};
1490
    my $searchBase = $ldapConfig->{$o}{'base'};
1491 2341 sgarg
1492
    print "Content-type: text/html\n\n";
1493
1494
    my $allParams = {
1495
                      'cn' => $query->param('cn'),
1496
                      'sn' => $query->param('sn'),
1497
                      'gn' => $query->param('gn'),
1498
                      'o'  => $query->param('o'),
1499
                      'facsimiletelephonenumber'
1500
                      => $query->param('facsimiletelephonenumber'),
1501
                      'mail' => $query->param('cmail'),
1502
                      'telephonenumber' => $query->param('telephonenumber'),
1503
                      'title' => $query->param('title'),
1504
                      'uid' => $query->param('uid'),
1505
                      'ou' => $query->param('ou'),
1506
                    };
1507
1508
    # Search LDAP for matching entries that already exist
1509
    my $filter = "(" .
1510
                 $query->param('searchField') . "=" .
1511
                 "*" .
1512
                 $query->param('searchValue') .
1513
                 "*" .
1514
                 ")";
1515
1516
    my @attrs = [ 'sn',
1517
                  'gn',
1518
                  'cn',
1519
                  'o',
1520
                  'facsimiletelephonenumber',
1521
                  'mail',
1522
                  'telephoneNumber',
1523
                  'title',
1524
                  'uid',
1525
                  'labeledURI',
1526
                  'ou' ];
1527
1528
    my $found = searchDirectory($ldapurl, $searchBase, $filter, \@attrs);
1529
1530
    # Send back the search results
1531
    if ($found) {
1532 4080 daigle
      fullTemplate( ('searchResults'), { stage => "searchresults",
1533
                                         allParams => $allParams,
1534
                                         foundAccounts => $found });
1535 2341 sgarg
    } else {
1536
      $found = "No entries matched your criteria.  Please try again\n";
1537
1538 4080 daigle
      fullTemplate( ('searchResults'), { stage => "searchresults",
1539
                                         allParams => $allParams,
1540
                                         foundAccounts => $found });
1541 2341 sgarg
    }
1542
1543
    exit();
1544
}
1545
1546
#
1547
# search the LDAP directory to see if a similar account already exists
1548
#
1549
sub searchDirectory {
1550
    my $ldapurl = shift;
1551
    my $base = shift;
1552
    my $filter = shift;
1553
    my $attref = shift;
1554
1555 4849 daigle
	my $mesg;
1556 2341 sgarg
    my $foundAccounts = 0;
1557 3177 tao
1558
    #if ldap server is down, a html file containing warning message will be returned
1559 4771 walbridge
    my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1560 3177 tao
1561 4849 daigle
    if ($ldap) {
1562 8403 tao
    	$ldap->start_tls( verify => 'require',
1563
                      cafile => $ldapServerCACertFile);
1564 4849 daigle
    	$ldap->bind( version => 3, anonymous => 1);
1565
    	my $mesg = $ldap->search (
1566
        	base   => $base,
1567
        	filter => $filter,
1568
        	attrs => @$attref,
1569
    	);
1570 2341 sgarg
1571 4849 daigle
    	if ($mesg->count() > 0) {
1572
        	$foundAccounts = "";
1573
        	my $entry;
1574
        	foreach $entry ($mesg->sorted(['sn'])) {
1575
          		$foundAccounts .= "<tr>\n<td class=\"main\">\n";
1576
          		$foundAccounts .= "<a href=\"" unless
1577 2341 sgarg
                    (!$entry->get_value('labeledURI'));
1578 4849 daigle
         		 $foundAccounts .= $entry->get_value('labeledURI') unless
1579 2341 sgarg
                    (!$entry->get_value('labeledURI'));
1580 4849 daigle
          		$foundAccounts .= "\">\n" unless
1581 2341 sgarg
                    (!$entry->get_value('labeledURI'));
1582 4849 daigle
          		$foundAccounts .= $entry->get_value('givenName');
1583
          		$foundAccounts .= "</a>\n" unless
1584 2341 sgarg
                    (!$entry->get_value('labeledURI'));
1585 4849 daigle
          		$foundAccounts .= "\n</td>\n<td class=\"main\">\n";
1586
          		$foundAccounts .= "<a href=\"" unless
1587 2341 sgarg
                    (!$entry->get_value('labeledURI'));
1588 4849 daigle
          		$foundAccounts .= $entry->get_value('labeledURI') unless
1589 2341 sgarg
                    (!$entry->get_value('labeledURI'));
1590 4849 daigle
          		$foundAccounts .= "\">\n" unless
1591 2341 sgarg
                    (!$entry->get_value('labeledURI'));
1592 4849 daigle
          		$foundAccounts .= $entry->get_value('sn');
1593
          		$foundAccounts .= "</a>\n";
1594
          		$foundAccounts .= "\n</td>\n<td class=\"main\">\n";
1595
          		$foundAccounts .= $entry->get_value('mail');
1596
          		$foundAccounts .= "\n</td>\n<td class=\"main\">\n";
1597
          		$foundAccounts .= $entry->get_value('telephonenumber');
1598
          		$foundAccounts .= "\n</td>\n<td class=\"main\">\n";
1599
          		$foundAccounts .= $entry->get_value('title');
1600
          		$foundAccounts .= "\n</td>\n<td class=\"main\">\n";
1601
          		$foundAccounts .= $entry->get_value('ou');
1602
          		$foundAccounts .= "\n</td>\n";
1603
          		$foundAccounts .= "</tr>\n";
1604
        	}
1605
    	}
1606
    	$ldap->unbind;   # take down session
1607 2341 sgarg
    }
1608
    return $foundAccounts;
1609
}
1610
1611
sub debug {
1612
    my $msg = shift;
1613
1614
    if ($debug) {
1615 4747 walbridge
        print STDERR "LDAPweb: $msg\n";
1616 2341 sgarg
    }
1617
}
1618 3175 tao
1619 4771 walbridge
sub handleLDAPBindFailure {
1620
    my $ldapAttemptUrl = shift;
1621
    my $primaryLdap =  $properties->getProperty('auth.url');
1622
1623
    if ($ldapAttemptUrl eq  $primaryLdap) {
1624
        handleGeneralServerFailure("The main LDAP server $ldapurl is down!");
1625
    } else {
1626
        debug("attempted to bind to nonresponsive LDAP server $ldapAttemptUrl, skipped.");
1627
    }
1628
}
1629
1630 3177 tao
sub handleGeneralServerFailure {
1631
    my $errorMessage = shift;
1632 4728 walbridge
    fullTemplate( ['mainServerFailure'], { errorMessage => $errorMessage });
1633 3175 tao
    exit(0);
1634
   }
1635
1636 4080 daigle
sub setVars {
1637
    my $paramVars = shift;
1638
    # initialize default parameters
1639
    my $templateVars = { cfg => $cfg,
1640 4394 walbridge
                         styleSkinsPath => $contextUrl . "/style/skins",
1641
                         styleCommonPath => $contextUrl . "/style/common",
1642
                         contextUrl => $contextUrl,
1643 4770 daigle
                         cgiPrefix => $cgiPrefix,
1644 8206 tao
                         orgList => \@validDisplayOrgList,
1645 4394 walbridge
                         config  => $config,
1646 4080 daigle
    };
1647
1648
    # append customized params
1649
    while (my ($k, $v) = each (%$paramVars)) {
1650
        $templateVars->{$k} = $v;
1651
    }
1652
1653
    return $templateVars;
1654
}
1655 8180 tao
1656 8408 tao
#Method to get the next avaliable uid number. We use the mechanism - http://www.rexconsulting.net/ldap-protocol-uidNumber.html
1657
sub getNextUidNumber {
1658 8413 tao
1659 8410 tao
    my $maxAttempt = $properties->getProperty('ldap.nextuid.maxattempt');
1660 8408 tao
1661 8411 tao
    my $ldapUsername = shift;
1662
    my $ldapPassword = shift;
1663 8408 tao
1664 8411 tao
    my $realUidNumber;
1665
    my $uidNumber;
1666 8408 tao
    my $entry;
1667
    my $mesg;
1668
    my $ldap;
1669
1670
    debug("ldap server: $ldapurl");
1671
1672
    #if main ldap server is down, a html file containing warning message will be returned
1673
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1674
1675
    if ($ldap) {
1676 8818 tao
    	my $existingHighUid=getExistingHighestUidNum($ldapUsername, $ldapPassword);
1677 8408 tao
        $ldap->start_tls( verify => 'require',
1678
                      cafile => $ldapServerCACertFile);
1679
        my $bindresult = $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword);
1680
        #read the uid value stored in uidObject class
1681
        for(my $index=0; $index<$maxAttempt; $index++) {
1682 8413 tao
            $mesg = $ldap->search(base  => $dn_store_next_uid, filter => '(objectClass=*)');
1683 8408 tao
            if ($mesg->count() > 0) {
1684 8413 tao
                debug("Find the cn - $dn_store_next_uid");
1685 8408 tao
                $entry = $mesg->pop_entry;
1686 8413 tao
                $uidNumber = $entry->get_value($attribute_name_store_next_uid);
1687 8408 tao
                if($uidNumber) {
1688 8413 tao
                    if (looks_like_number($uidNumber)) {
1689
                        debug("uid number is $uidNumber");
1690
                        #remove the uid attribute with the read value
1691
                        my $delMesg = $ldap->modify($dn_store_next_uid, delete => { $attribute_name_store_next_uid => $uidNumber});
1692
                        if($delMesg->is_error()) {
1693
                            my $error=$delMesg->error();
1694
                            my $errorName = $delMesg->error_name();
1695
                            debug("can't remove the attribute - $error");
1696
                            debug("can't remove the attribute and the error name - $errorName");
1697
                            #can't remove the attribute with the specified value - that means somebody modify the value in another route, so try it again
1698
                        } else {
1699
                            debug("Remove the attribute successfully and write a new increased value back");
1700 8819 tao
                            if($existingHighUid) {
1701 8821 tao
                            	debug("exiting high uid exists =======================================");
1702 8819 tao
                            	if($uidNumber <= $existingHighUid ) {
1703
                            		debug("The stored uidNumber $uidNumber is less than or equals the used uidNumber $existingHighUid, so we will use the new number which is $existingHighUid+1");
1704
                            		$uidNumber = $existingHighUid +1;
1705
                            	}
1706
                            }
1707 8413 tao
                            my $newValue = $uidNumber +1;
1708
                            $delMesg = $ldap->modify($dn_store_next_uid, add => {$attribute_name_store_next_uid => $newValue});
1709
                            $realUidNumber = $uidNumber;
1710
                            last;
1711
                        }
1712 8408 tao
                    }
1713 8413 tao
1714 8408 tao
               } else {
1715 8413 tao
                 debug("can't find the attribute - $attribute_name_store_next_uid in the $dn_store_next_uid and we will try again");
1716 8408 tao
               }
1717
            }
1718
        }
1719
        $ldap->unbind;   # take down session
1720
    }
1721
    return $realUidNumber;
1722
}
1723
1724 8818 tao
#Method to get the existing high uidNumber in the account tree.
1725
sub getExistingHighestUidNum {
1726
    my $ldapUsername = shift;
1727
    my $ldapPassword = shift;
1728
1729
    my $high;
1730
    my $ldap;
1731 8821 tao
    my $storedUidNumber;
1732 8818 tao
1733 8819 tao
1734 8818 tao
    #if main ldap server is down, a html file containing warning message will be returned
1735
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
1736
    if ($ldap) {
1737
        $ldap->start_tls( verify => 'require',
1738
                      cafile => $ldapServerCACertFile);
1739
        my $bindresult = $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword);
1740 8821 tao
        my $mesg = $ldap->search(base  => $dn_store_next_uid, filter => '(objectClass=*)');
1741
         if ($mesg->count() > 0) {
1742
                debug("Find the cn - $dn_store_next_uid");
1743
                my  $entry = $mesg->pop_entry;
1744
                $storedUidNumber = $entry->get_value($attribute_name_store_next_uid);
1745
        }
1746 8877 tao
        my $authBase = $properties->getProperty("auth.base");
1747 8818 tao
        my $uids = $ldap->search(
1748 8844 leinfelder
                        base => $authBase,
1749 8818 tao
                        scope => "sub",
1750
                        filter => "uidNumber=*",
1751
                        attrs   => [ 'uidNumber' ],
1752
                        );
1753
       return unless $uids->count;
1754
  	    my @uids;
1755
        if ($uids->count > 0) {
1756
                foreach my $uid ($uids->all_entries) {
1757 8821 tao
                		if($storedUidNumber) {
1758
                			if( $uid->get_value('uidNumber') >= $storedUidNumber) {
1759
                				push @uids, $uid->get_value('uidNumber');
1760
                			}
1761
                		} else {
1762
                        	push @uids, $uid->get_value('uidNumber');
1763
                        }
1764 8818 tao
                }
1765
        }
1766
1767 8821 tao
        if(@uids) {
1768
        	@uids = sort { $b <=> $a } @uids;
1769
        	$high = $uids[0];
1770
        }
1771 8818 tao
        debug("the highest exiting uidnumber is $high");
1772
        $ldap->unbind;   # take down session
1773
    }
1774
    return $high;
1775 8408 tao
1776 8818 tao
}
1777