Authentification par jeton

2012-10-10 15:05:24 +02:00 · 2012-10-10 15:05:24 +02:00 · 7cd552118b
parent e77fa51fba
commit 7cd552118b
9 changed files with 90 additions and 5 deletions
--- a/7
+++ b/7
@ -3,11 +3,16 @@
 use esmith::Build::CreateLinks  qw(:all);

 foreach my $event (qw/bootstrap-console-save webapps-update ipasserelle-update/){
-    templates2events("/etc/phpMyAdmin/config.inc.php", $event);
    event_link("ipasserelle-pma-init-domain", "$event", "25");
 }
+foreach my $event (qw/bootstrap-console-save webapps-update/){
+    templates2events("/etc/phpMyAdmin/config.inc.php", $event);
+    templates2events("/etc/phpMyAdmin/sso.inc.php", $event);
+}

 # PHP header and footer
 safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/template-begin");
 safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/template-end");
+safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/template-begin");
+safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/template-end");

--- a/root/etc/e-smith/db/accounts/defaults/admin/SqlLogin
+++ b/root/etc/e-smith/db/accounts/defaults/admin/SqlLogin
@ -0,0 +1 @@
+root
--- a/root/etc/e-smith/db/accounts/migrate/98AdminSqlPass
+++ b/root/etc/e-smith/db/accounts/migrate/98AdminSqlPass
@ -0,0 +1,12 @@
+{
+
+use esmith::util;
+
+my $admin = $DB->get('admin') || return;
+my $pw = $admin->prop('SqlPassword');
+
+unless ($pw){
+    $admin->set_prop('SqlPassword',  esmith::util::LdapPassword());
+}
+
+}
--- a/root/etc/e-smith/templates.metadata/etc/phpMyAdmin/sso.inc.php
+++ b/root/etc/e-smith/templates.metadata/etc/phpMyAdmin/sso.inc.php
@ -0,0 +1,3 @@
+UID="root"
+GID="www"
+PERMS=0640
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98phpMyAdmin
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98phpMyAdmin
@ -19,6 +19,30 @@ $OUT .=<<"END";
    php_admin_value openbase_dir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin
 </Directory>

+<Directory /usr/share/phpMyAdmin/setup/>
+    Order Deny,Allow
+    Deny from All
+    Allow from None
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/libraries/>
+    Order Deny,Allow
+    Deny from All
+    Allow from None
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/lib/>
+    Order Deny,Allow
+    Deny from All
+    Allow from None
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/frames/>
+    Order Deny,Allow
+    Deny from All
+    Allow from None
+</Directory>
+
 END
 }
 else {
--- a/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/10All
+++ b/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/10All
@ -19,9 +19,9 @@ $cfg['Servers'][$i]['port'] = '';
 $cfg['Servers'][$i]['socket'] = '/var/lib/mysql/mysql.sock';
 $cfg['Servers'][$i]['connect_type'] = 'socket';
 $cfg['Servers'][$i]['extension'] = 'mysqli';
-$cfg['Servers'][$i]['auth_type'] = 'config';
-$cfg['Servers'][$i]['user'] = 'root';
-$cfg['Servers'][$i]['password'] = '{$pw}';
+$cfg['Servers'][$i]['auth_type'] = 'signon';
+$cfg['Servers'][$i]['SignonSession'] = 'SignonSession';
+$cfg['Servers'][$i]['SignonURL']     = '/sso.php';

 /* End of servers configuration */

--- a/root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All
+++ b/root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All
@ -0,0 +1,19 @@
+{
+
+use Digest::SHA1 qw(sha1_hex);
+use esmith::AccountsDB;
+my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
+
+$OUT .= "// login and password for MySQL access\n";
+
+foreach my $u ($a->users,$a->get('admin')){
+    my $user = $u->key;
+    my $login = $u->prop('SqlLogin') || '';
+    my $pass = $u->prop('SqlPassword') || '';
+    next unless (($login ne '') && ($pass ne ''));
+    $OUT .= "// Credentials for $user\n";
+    $OUT .= '$login["'.$user.'"] = "'.$login."\";\n";
+    $OUT .= '$password["'.$user.'"] = "'.$pass."\";\n";
+}
+
+}
--- a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/075phpMyadmin
+++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/075phpMyadmin
@ -9,7 +9,6 @@ $conf->{'locationRules'}->{"sql.$domain"} = {
    'default' => '$groups =~ /\\badmins\\b/',
 } unless ($conf->{'locationRules'}->{"sql.$domain"});

-
 $conf->{'applicationList'}->{'030admin'}->{'phpmyadmin'} = {
    'options' => {
        'logo' => 'database.png',
--- a/root/usr/share/phpMyAdmin/sso.php
+++ b/root/usr/share/phpMyAdmin/sso.php
@ -0,0 +1,22 @@
+<?php
+
+require('/etc/phpMyAdmin/sso.inc.php');
+
+if(isset($_SERVER['REMOTE_USER']) && isset($login[$_SERVER['REMOTE_USER']]) && isset($password[$_SERVER['REMOTE_USER']])) {
+    session_set_cookie_params(0, '/', '', 0);
+    session_name('SignonSession');
+    session_start();
+    $_SESSION['PMA_single_signon_user'] = $login[$_SERVER['REMOTE_USER']];
+    $_SESSION['PMA_single_signon_password'] = $password[$_SERVER['REMOTE_USER']];
+    session_write_close();
+    header('Location: /index.php?server=1');
+}
+else {
+    // This location is forbiden
+    // So it will just display the access denied
+    // msg from LemonLDAP
+    header('Location: /libraries');
+}
+
+?>
+