From 18883e3f1a2328d73a57741a5d4281f9abf23305 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 15 May 2013 15:30:46 +0200 Subject: [PATCH] Move to the new auth plugins for dokuwiki 2013-05-10 --- .../etc/dokuwiki/local.protected.php/10auth | 19 +++-- .../dokuwiki/inc/auth/httpldap.class.php | 82 ------------------- .../dokuwiki/inc/auth/lemonldapng.class.php | 71 ---------------- .../lib/plugins/authhttpldap/auth.php | 66 +++++++++++++++ 4 files changed, 76 insertions(+), 162 deletions(-) delete mode 100644 root/usr/share/dokuwiki/inc/auth/httpldap.class.php delete mode 100644 root/usr/share/dokuwiki/inc/auth/lemonldapng.class.php create mode 100644 root/usr/share/dokuwiki/lib/plugins/authhttpldap/auth.php diff --git a/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth b/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth index c0e307c..799e130 100644 --- a/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth +++ b/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth @@ -8,7 +8,7 @@ my $ldapPort = $ldap{'TCPPort'} || '389'; if ($auth eq 'internal'){ $OUT .=<<"EOF"; -\$conf['authtype'] = 'plain'; +\$conf['authtype'] = 'authplain'; EOF @@ -16,7 +16,7 @@ EOF elsif ($auth eq 'ldap'){ $OUT .=<<"EOF"; -\$conf['authtype'] = 'ldap'; +\$conf['authtype'] = 'authldap'; EOF @@ -24,7 +24,7 @@ EOF elsif ($auth eq 'LemonLDAP'){ $OUT .=<<"EOF"; -\$conf['authtype'] = 'httpldap'; +\$conf['authtype'] = 'authhttpldap'; EOF @@ -33,12 +33,13 @@ EOF if ($auth eq 'LemonLDAP' or $auth eq 'ldap'){ $OUT .=<<"EOF"; -\$conf['auth']['ldap']['server'] = "ldap://localhost:$ldapPort"; -\$conf['auth']['ldap']['version'] = '3'; -\$conf['auth']['ldap']['usertree'] = 'ou=Users,$base'; -\$conf['auth']['ldap']['grouptree'] = 'ou=Groups,$base'; -\$conf['auth']['ldap']['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))'; -\$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=mailboxRelatedObject)(memberUid=%{user}))'; +\$conf['plugin'][\$conf['authtype']]['server'] = "ldap://localhost:$ldapPort"; +\$conf['plugin'][\$conf['authtype']]['version'] = '3'; +\$conf['plugin'][\$conf['authtype']]['usertree'] = 'ou=Users,$base'; +\$conf['plugin'][\$conf['authtype']]['grouptree'] = 'ou=Groups,$base'; +\$conf['plugin'][\$conf['authtype']]['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))'; +\$conf['plugin'][\$conf['authtype']]['groupfilter'] = '(&(objectClass=mailboxRelatedObject)(memberUid=%{user}))'; +\$conf['plugin'][\$conf['authtype']]['groupkey'] = 'cn'; EOF diff --git a/root/usr/share/dokuwiki/inc/auth/httpldap.class.php b/root/usr/share/dokuwiki/inc/auth/httpldap.class.php deleted file mode 100644 index 6c092b2..0000000 --- a/root/usr/share/dokuwiki/inc/auth/httpldap.class.php +++ /dev/null @@ -1,82 +0,0 @@ - - */ - -require("ldap.class.php"); -class auth_httpldap extends auth_ldap { - var $cnf = null; - - /** - * Posible things an auth backend module may be able to - * do. The things a backend can do need to be set to true - * in the constructor. - */ - var $cando = array ( - 'addUser' => false, // can Users be created? - 'delUser' => false, // can Users be deleted? - 'modLogin' => false, // can login names be changed? - 'modPass' => false, // can passwords be changed? - 'modName' => false, // can real names be changed? - 'modMail' => false, // can emails be changed? - 'modGroups' => false, // can groups be changed? - 'getUsers' => false, // can a (filtered) list of users be retrieved? - 'getUserCount'=> false, // can the number of users be retrieved? - 'getGroups' => false, // can a list of available groups be retrieved? - 'external' => true, // does the module do external auth checking? - 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) - ); - - - /** - * Constructor - */ - function auth_httpldap() { - global $conf; - $this->cnf = $conf['auth']['ldap']; - - // ldap extension is needed - if(!function_exists('ldap_connect')) { - if ($this->cnf['debug']) - msg("LDAP err: PHP LDAP extension not found.",-1,__LINE__,__FILE__); - $this->success = false; - return; - } - - if(empty($this->cnf['groupkey'])) $this->cnf['groupkey'] = 'cn'; - if(empty($this->cnf['userscope'])) $this->cnf['userscope'] = 'sub'; - if(empty($this->cnf['groupscope'])) $this->cnf['groupscope'] = 'sub'; - } - - - /** - * Check if REMOTE_USER is set - */ - function trustExternal($user,$pass,$sticky=false){ - global $USERINFO; - $success = false; - $username = $_SERVER['REMOTE_USER']; - // print info if debug is enabled - if ($this->cnf['debug']){ - msg('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__); - } - if (!empty($username)){ - $USERINFO = $this->getUserData($user,true); - $success = true; - $_SESSION[DOKU_COOKIE]['auth']['user'] = $username; - $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; - } - // Deny access if user is not found in LDAP - // This should never happen - if (!empty($USERINFO['dn'])){ - $success = false; - } - return $success; - } -} - diff --git a/root/usr/share/dokuwiki/inc/auth/lemonldapng.class.php b/root/usr/share/dokuwiki/inc/auth/lemonldapng.class.php deleted file mode 100644 index f4a1eae..0000000 --- a/root/usr/share/dokuwiki/inc/auth/lemonldapng.class.php +++ /dev/null @@ -1,71 +0,0 @@ - - */ - -class auth_lemonldapng extends auth_basic { - - var $success = true; - - - /** - * Posible things an auth backend module may be able to - * do. The things a backend can do need to be set to true - * in the constructor. - */ - var $cando = array ( - 'addUser' => false, // can Users be created? - 'delUser' => false, // can Users be deleted? - 'modLogin' => false, // can login names be changed? - 'modPass' => false, // can passwords be changed? - 'modName' => false, // can real names be changed? - 'modMail' => false, // can emails be changed? - 'modGroups' => false, // can groups be changed? - 'getUsers' => false, // can a (filtered) list of users be retrieved? - 'getUserCount'=> false, // can the number of users be retrieved? - 'getGroups' => false, // can a list of available groups be retrieved? - 'external' => true, // does the module do external auth checking? - 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) - ); - - function auth_lemonldapng() { - global $conf; - $this->cnf = $conf['auth']['lemonldapng']; - - // Set default headers name - if(empty($this->cnf['header_login'])) $this->cnf['header_login'] = 'HTTP_AUTH_USER'; - if(empty($this->cnf['header_name'])) $this->cnf['header_name'] = 'HTTP_USER_NAME'; - if(empty($this->cnf['header_mail'])) $this->cnf['header_mail'] = 'HTTP_USER_MAIL'; - if(empty($this->cnf['header_groups'])) $this->cnf['header_groups'] = 'HTTP_USER_GROUPS'; - } - - function trustExternal($user,$pass,$sticky=false){ - global $USERINFO; - - $username = $_SERVER{$this->cnf['header_login']}; - $USERINFO['name'] = $_SERVER{$this->cnf['header_name']}; - $USERINFO['mail'] = $_SERVER{$this->cnf['header_mail']}; - $USERINFO['grps'] = preg_split("/; /", $_SERVER{$this->cnf['header_groups']}); - - // print info if debug is enabled - if ($this->cnf['debug']){ - msg('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__); - msg('LemonLDAP::NG Full Name: '.htmlspecialchars($USERINFO['name']),0,__LINE__,__FILE__); - msg('LemonLDAP::NG User Email Address: '.htmlspecialchars($USERINFO['mail']),0,__LINE__,__FILE__); - if (is_array($USERINFO['grps'])) foreach ($USERINFO['grps'] as $group){ - msg('LemonLDAP::NG User Groups: '.htmlspecialchars($group),0,__LINE__,__FILE__); - } - } - $success = $USERINFO !== false; - if ($success) { - $_SERVER['REMOTE_USER'] = $username; - $_SESSION[DOKU_COOKIE]['auth']['user'] = $username; - $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; - } - return $success; - } -} diff --git a/root/usr/share/dokuwiki/lib/plugins/authhttpldap/auth.php b/root/usr/share/dokuwiki/lib/plugins/authhttpldap/auth.php new file mode 100644 index 0000000..38036db --- /dev/null +++ b/root/usr/share/dokuwiki/lib/plugins/authhttpldap/auth.php @@ -0,0 +1,66 @@ + + */ + +require(DOKU_PLUGIN."authldap/auth.php"); +class auth_plugin_authhttpldap extends auth_plugin_authldap { + /** + * Constructor + */ + public function __construct() { + parent::__construct(); + + // ldap extension is needed + if(!function_exists('ldap_connect')) { + $this->_debug("LDAP err: PHP LDAP extension not found.", -1, __LINE__, __FILE__); + $this->success = false; + return; + } + $this->cando = array ( + 'addUser' => false, // can Users be created? + 'delUser' => false, // can Users be deleted? + 'modLogin' => false, // can login names be changed? + 'modPass' => false, // can passwords be changed? + 'modName' => false, // can real names be changed? + 'modMail' => false, // can emails be changed? + 'modGroups' => false, // can groups be changed? + 'getUsers' => false, // can a (filtered) list of users be retrieved? + 'getUserCount'=> false, // can the number of users be retrieved? + 'getGroups' => false, // can a list of available groups be retrieved? + 'external' => true, // does the module do external auth checking? + 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) + ); + } + + /** + * Check if REMOTE_USER is set + */ + function trustExternal($user,$pass,$sticky=false){ + global $USERINFO; + $success = false; + if (!isset($_SERVER['REMOTE_USER'])) return false; + $username = $_SERVER['REMOTE_USER']; + $this->_debug('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__); + if (!empty($username)){ + $USERINFO = $this->getUserData($username,true); + $success = true; + $_SESSION[DOKU_COOKIE]['auth']['user'] = $username; + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; + } + // Deny access if user is not found in LDAP + // This should never happen + if (!empty($USERINFO['dn'])){ + $success = false; + } + return $success; + } +}