From ae96661d53e3c4e27f3cbb21b186d74eec7cb911 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 15 May 2013 15:05:34 +0200 Subject: [PATCH] Initial commit --- createlinks | 9 ++ .../db/accounts/defaults/dokuwiki/type | 1 + .../db/configuration/defaults/dokuwiki/status | 1 + .../db/configuration/defaults/dokuwiki/type | 1 + .../etc/dokuwiki/local.protected.php/10auth | 48 ++++++++++ .../etc/dokuwiki/local.protected.php/20acl | 11 +++ .../etc/httpd/conf/httpd.conf/98Dokuwiki | 87 +++++++++++++++++++ .../httpd.conf/VirtualHosts/61redirDokuwiki | 15 ++++ .../dokuwiki/inc/auth/httpldap.class.php | 82 +++++++++++++++++ .../dokuwiki/inc/auth/lemonldapng.class.php | 71 +++++++++++++++ smeserver-dokuwiki.spec | 59 +++++++++++++ 11 files changed, 385 insertions(+) create mode 100644 createlinks create mode 100644 root/etc/e-smith/db/accounts/defaults/dokuwiki/type create mode 100644 root/etc/e-smith/db/configuration/defaults/dokuwiki/status create mode 100644 root/etc/e-smith/db/configuration/defaults/dokuwiki/type create mode 100644 root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth create mode 100644 root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/20acl create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61redirDokuwiki create mode 100644 root/usr/share/dokuwiki/inc/auth/httpldap.class.php create mode 100644 root/usr/share/dokuwiki/inc/auth/lemonldapng.class.php create mode 100644 smeserver-dokuwiki.spec diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..6ba8c2a --- /dev/null +++ b/createlinks @@ -0,0 +1,9 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/template-begin"); +safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/template-end"); + +templates2events("/etc/dokuwiki/local.protected.php", qw(webapps-update bootstrap-console-save)); + diff --git a/root/etc/e-smith/db/accounts/defaults/dokuwiki/type b/root/etc/e-smith/db/accounts/defaults/dokuwiki/type new file mode 100644 index 0000000..96cdd3b --- /dev/null +++ b/root/etc/e-smith/db/accounts/defaults/dokuwiki/type @@ -0,0 +1 @@ +url diff --git a/root/etc/e-smith/db/configuration/defaults/dokuwiki/status b/root/etc/e-smith/db/configuration/defaults/dokuwiki/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/dokuwiki/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/dokuwiki/type b/root/etc/e-smith/db/configuration/defaults/dokuwiki/type new file mode 100644 index 0000000..1b93c9e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/dokuwiki/type @@ -0,0 +1 @@ +webapp diff --git a/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth b/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth new file mode 100644 index 0000000..c0e307c --- /dev/null +++ b/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/10auth @@ -0,0 +1,48 @@ +{ + +use esmith::util; +my $base = esmith::util::ldapBase($DomainName); +my $auth = $dokuwiki{'Authentication'} || 'ldap'; +my $ldapPort = $ldap{'TCPPort'} || '389'; + +if ($auth eq 'internal'){ + $OUT .=<<"EOF"; + +\$conf['authtype'] = 'plain'; + +EOF + +} +elsif ($auth eq 'ldap'){ + $OUT .=<<"EOF"; + +\$conf['authtype'] = 'ldap'; + +EOF + +} +elsif ($auth eq 'LemonLDAP'){ + $OUT .=<<"EOF"; + +\$conf['authtype'] = 'httpldap'; + +EOF + +} + +if ($auth eq 'LemonLDAP' or $auth eq 'ldap'){ + $OUT .=<<"EOF"; + +\$conf['auth']['ldap']['server'] = "ldap://localhost:$ldapPort"; +\$conf['auth']['ldap']['version'] = '3'; +\$conf['auth']['ldap']['usertree'] = 'ou=Users,$base'; +\$conf['auth']['ldap']['grouptree'] = 'ou=Groups,$base'; +\$conf['auth']['ldap']['userfilter'] = '(&(uid=%{user})(objectClass=inetOrgPerson))'; +\$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=mailboxRelatedObject)(memberUid=%{user}))'; + +EOF + +} + +} + diff --git a/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/20acl b/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/20acl new file mode 100644 index 0000000..a40ef8a --- /dev/null +++ b/root/etc/e-smith/templates/etc/dokuwiki/local.protected.php/20acl @@ -0,0 +1,11 @@ + +$conf['useacl'] = 1; + +{ + +if (system('egrep -q "^[^#/].*\[\'superuser\'\]" /etc/dokuwiki/local.php') != 0){ + $OUT .= '$conf[\'superuser\'] = \'admin\';'; +} + +} + diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki new file mode 100644 index 0000000..6c8dc64 --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki @@ -0,0 +1,87 @@ +{ + +if (($dokuwiki{'status'} || 'disabled') eq 'enabled'){ + my $alias = (($dokuwiki{'AliasOnPrimary'} || 'enabled') eq 'enabled' ) ? 'Alias /dokuwiki /usr/share/dokuwiki':''; + my $allow = (($dokuwiki{'access'} || 'private') eq 'public') ? 'all':"$localAccess $externalSSLAccess"; + my $auth = (($dokuwiki{'Authentication'} || 'internal') eq 'http') ? "AuthName \"Dokuwiki\"\n" . + " AuthType Basic\n" . + " AuthExternal pwauth\n" . + " Require valid-user\n" : ''; + my $ssl = (($dokuwiki{'RequireSSL'} || 'enabled') =~ m/^(enabled|yes|on)$/i) ? + 'SSLRequireSSL on':'# SSL is not encforced'; + my $maxsize = $dokuwiki{'MaxUploadSize'} || '200'; + $maxsize .= 'M' unless ($maxsize =~ m/M$/); + + $OUT .=<<"EOF"; + +$alias + + + AllowOverride None + Options +FollowSymlinks + AddType application/x-httpd-php .php + Order Allow,Deny + Allow from $allow + $ssl + $auth + php_admin_value open_basedir /usr/share/dokuwiki:/var/lib/dokuwiki:/etc/dokuwiki + php_admin_value memory_limit 64M + php_admin_value upload_max_filesize $maxsize + php_admin_value post_max_size $maxsize + php_admin_value upload_tmp_dir /var/lib/dokuwiki/data/tmp + php_admin_value session.save_path /var/lib/dokuwiki/data/tmp + + + + Order Deny,Allow + Deny from all + + + + Order Deny,Allow + Deny from all + + + + ## no access to the fla directory + Order allow,deny + Deny from all + + +## no access to the conf directory + + Order allow,deny + Deny from all + + + Order allow,deny + Deny from all + + +## no access to the data directory + + Order allow,deny + Deny from all + + + Order allow,deny + Deny from all + + + +EOF + +} +else { + $OUT .=<<'EOF'; + +# Dokuwiki is disabled +# You can enable it with +# db configuration setprop dokuwiki status enabled +# signal-event webapps-update + +EOF +} + +} + diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61redirDokuwiki b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61redirDokuwiki new file mode 100644 index 0000000..06605da --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/61redirDokuwiki @@ -0,0 +1,15 @@ +{ +my $sslport = $modSSL{'TCPPort'} || '443'; +my $alias = $dokuwiki{'AliasOnPrimary'} || 'enabled'; +my $requiressl = $dokuwiki{'RequireSSL'} || 'yes'; + +if (($port ne $sslport) && ($requiressl !~ m/^(enabled|yes|on)$/i) && ($alias ne 'disabled')){ + + ## Redirect Web Address to Secure Address + $OUT .= " RewriteEngine on\n"; + $OUT .= " RewriteCond %{QUERY_STRING} do=login\n" if ($requiressl eq 'login'); + $OUT .= " RewriteRule ^/dokuwwiki(/.*|\$) https://%{HTTP_HOST}/dokuwiki\$1 \[L,R\]\n"; + +} +} + diff --git a/root/usr/share/dokuwiki/inc/auth/httpldap.class.php b/root/usr/share/dokuwiki/inc/auth/httpldap.class.php new file mode 100644 index 0000000..6c092b2 --- /dev/null +++ b/root/usr/share/dokuwiki/inc/auth/httpldap.class.php @@ -0,0 +1,82 @@ + + */ + +require("ldap.class.php"); +class auth_httpldap extends auth_ldap { + var $cnf = null; + + /** + * Posible things an auth backend module may be able to + * do. The things a backend can do need to be set to true + * in the constructor. + */ + var $cando = array ( + 'addUser' => false, // can Users be created? + 'delUser' => false, // can Users be deleted? + 'modLogin' => false, // can login names be changed? + 'modPass' => false, // can passwords be changed? + 'modName' => false, // can real names be changed? + 'modMail' => false, // can emails be changed? + 'modGroups' => false, // can groups be changed? + 'getUsers' => false, // can a (filtered) list of users be retrieved? + 'getUserCount'=> false, // can the number of users be retrieved? + 'getGroups' => false, // can a list of available groups be retrieved? + 'external' => true, // does the module do external auth checking? + 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) + ); + + + /** + * Constructor + */ + function auth_httpldap() { + global $conf; + $this->cnf = $conf['auth']['ldap']; + + // ldap extension is needed + if(!function_exists('ldap_connect')) { + if ($this->cnf['debug']) + msg("LDAP err: PHP LDAP extension not found.",-1,__LINE__,__FILE__); + $this->success = false; + return; + } + + if(empty($this->cnf['groupkey'])) $this->cnf['groupkey'] = 'cn'; + if(empty($this->cnf['userscope'])) $this->cnf['userscope'] = 'sub'; + if(empty($this->cnf['groupscope'])) $this->cnf['groupscope'] = 'sub'; + } + + + /** + * Check if REMOTE_USER is set + */ + function trustExternal($user,$pass,$sticky=false){ + global $USERINFO; + $success = false; + $username = $_SERVER['REMOTE_USER']; + // print info if debug is enabled + if ($this->cnf['debug']){ + msg('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__); + } + if (!empty($username)){ + $USERINFO = $this->getUserData($user,true); + $success = true; + $_SESSION[DOKU_COOKIE]['auth']['user'] = $username; + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; + } + // Deny access if user is not found in LDAP + // This should never happen + if (!empty($USERINFO['dn'])){ + $success = false; + } + return $success; + } +} + diff --git a/root/usr/share/dokuwiki/inc/auth/lemonldapng.class.php b/root/usr/share/dokuwiki/inc/auth/lemonldapng.class.php new file mode 100644 index 0000000..f4a1eae --- /dev/null +++ b/root/usr/share/dokuwiki/inc/auth/lemonldapng.class.php @@ -0,0 +1,71 @@ + + */ + +class auth_lemonldapng extends auth_basic { + + var $success = true; + + + /** + * Posible things an auth backend module may be able to + * do. The things a backend can do need to be set to true + * in the constructor. + */ + var $cando = array ( + 'addUser' => false, // can Users be created? + 'delUser' => false, // can Users be deleted? + 'modLogin' => false, // can login names be changed? + 'modPass' => false, // can passwords be changed? + 'modName' => false, // can real names be changed? + 'modMail' => false, // can emails be changed? + 'modGroups' => false, // can groups be changed? + 'getUsers' => false, // can a (filtered) list of users be retrieved? + 'getUserCount'=> false, // can the number of users be retrieved? + 'getGroups' => false, // can a list of available groups be retrieved? + 'external' => true, // does the module do external auth checking? + 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) + ); + + function auth_lemonldapng() { + global $conf; + $this->cnf = $conf['auth']['lemonldapng']; + + // Set default headers name + if(empty($this->cnf['header_login'])) $this->cnf['header_login'] = 'HTTP_AUTH_USER'; + if(empty($this->cnf['header_name'])) $this->cnf['header_name'] = 'HTTP_USER_NAME'; + if(empty($this->cnf['header_mail'])) $this->cnf['header_mail'] = 'HTTP_USER_MAIL'; + if(empty($this->cnf['header_groups'])) $this->cnf['header_groups'] = 'HTTP_USER_GROUPS'; + } + + function trustExternal($user,$pass,$sticky=false){ + global $USERINFO; + + $username = $_SERVER{$this->cnf['header_login']}; + $USERINFO['name'] = $_SERVER{$this->cnf['header_name']}; + $USERINFO['mail'] = $_SERVER{$this->cnf['header_mail']}; + $USERINFO['grps'] = preg_split("/; /", $_SERVER{$this->cnf['header_groups']}); + + // print info if debug is enabled + if ($this->cnf['debug']){ + msg('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__); + msg('LemonLDAP::NG Full Name: '.htmlspecialchars($USERINFO['name']),0,__LINE__,__FILE__); + msg('LemonLDAP::NG User Email Address: '.htmlspecialchars($USERINFO['mail']),0,__LINE__,__FILE__); + if (is_array($USERINFO['grps'])) foreach ($USERINFO['grps'] as $group){ + msg('LemonLDAP::NG User Groups: '.htmlspecialchars($group),0,__LINE__,__FILE__); + } + } + $success = $USERINFO !== false; + if ($success) { + $_SERVER['REMOTE_USER'] = $username; + $_SESSION[DOKU_COOKIE]['auth']['user'] = $username; + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; + } + return $success; + } +} diff --git a/smeserver-dokuwiki.spec b/smeserver-dokuwiki.spec new file mode 100644 index 0000000..84e6054 --- /dev/null +++ b/smeserver-dokuwiki.spec @@ -0,0 +1,59 @@ +# Authority: vip-ire +# Name: Daniel Berteaud + +%define name smeserver-dokuwiki +%define version 0.1.0 +%define release 1 +Summary: sme server integration of dokuwiki +Name: %{name} +Version: %{version} +Release: %{release}%{?dist} +License: GNU GPL +URL: http://www.splitbrain.org/projects/dokuwiki +Group: SMEserver/addon +Source: %{name}-%{version}.tar.gz + +BuildArchitectures: noarch +BuildRequires: e-smith-devtools +BuildRoot: /var/tmp/%{name}-%{version} +Requires: e-smith-base >= 5.2.0-56 +Requires: dokuwiki +Requires: smeserver-webapps-common +AutoReqProv: no + +%description +smserver integration of dokuwiki +DokuWiki is a simple to use Wiki aimed at the documentation needs of a small company + +%changelog +* Wed May 15 2013 Daniel B. 0.1.0-1 +- Iport in GIT + +* Mon Dec 19 2011 Daniel B. 0.1-2 +- Follow symlinks so fck media browser works + +* Fri Jul 08 2011 Daniel B. 0.1-1 +- initial release + +%prep +%setup + +%build +perl ./createlinks + +%install +rm -rf $RPM_BUILD_ROOT +(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) +rm -f %{name}-%{version}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + > %{name}-%{version}-filelist + +%files -f %{name}-%{version}-filelist +%defattr(-,root,root) + +%clean +rm -rf $RPM_BUILD_ROOT + + +%postun +