• R/O
  • HTTP
  • SSH
  • HTTPS

pukiwiki: Commit


Commit MetaInfo

Revisionf50271d7309dbc61fdcc612d889ee0aeef48582c (tree)
Time2016-02-13 09:45:44
Authorumorigu <umorigu@gmai...>
Commiterumorigu

Log Message

BugTrack2/362 Support ldaps(SSL) - Secure LDAP server connection

Change Summary

Incremental Difference

--- a/lib/auth.php
+++ b/lib/auth.php
@@ -244,7 +244,7 @@ function ensure_valid_auth_user()
244244 {
245245 global $auth_type, $auth_users, $_msg_auth, $auth_user, $auth_groups;
246246 global $auth_user_groups, $auth_user_fullname;
247- global $auth_provider_user_prefix, $ldap_user_account;
247+ global $ldap_user_account;
248248 global $read_auth, $edit_auth;
249249 if ($read_auth || $edit_auth) {
250250 switch ($auth_type) {
@@ -399,41 +399,38 @@ function form_auth($username, $password)
399399
400400 function ldap_auth($username, $password)
401401 {
402- global $ldap_url, $ldap_bind_dn, $ldap_bind_password;
403- if (preg_match('#^(ldap\:\/\/[^/]+/)(.*)$#', $ldap_url, $m)) {
404- $ldap_server = $m[1];
405- $ldap_base_dn = $m[2];
406- $ldapconn = ldap_connect($ldap_server);
407- if ($ldapconn) {
408- ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
409- if (preg_match('#\$login\b#', $ldap_bind_dn)) {
410- // Bind by user credential
411- $bind_dn_user = preg_replace('#\$login#', $username, $ldap_bind_dn);
412- $ldap_bind_user = ldap_bind($ldapconn, $bind_dn_user, $password);
413- if ($ldap_bind_user) {
414- $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
415- if ($user_info) {
402+ global $ldap_server, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_password;
403+ $ldapconn = ldap_connect($ldap_server);
404+ if ($ldapconn) {
405+ ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
406+ ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
407+ if (preg_match('#\$login\b#', $ldap_bind_dn)) {
408+ // Bind by user credential
409+ $bind_dn_user = preg_replace('#\$login#', $username, $ldap_bind_dn);
410+ $ldap_bind_user = ldap_bind($ldapconn, $bind_dn_user, $password);
411+ if ($ldap_bind_user) {
412+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
413+ if ($user_info) {
414+ session_regenerate_id(true); // require: PHP5.1+
415+ $_SESSION['authenticated_user'] = $user_info['uid'];
416+ $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
417+ return true;
418+ }
419+ }
420+ } else {
421+ // Bind by bind dn
422+ $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
423+ if ($ldap_bind) {
424+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
425+ if ($user_info) {
426+ $ldap_bind_user2 = ldap_bind($ldapconn, $user_info['dn'], $password);
427+ if ($ldap_bind_user2) {
416428 session_regenerate_id(true); // require: PHP5.1+
417429 $_SESSION['authenticated_user'] = $user_info['uid'];
418430 $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
419431 return true;
420432 }
421433 }
422- } else {
423- // Bind by bind dn
424- $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
425- if ($ldap_bind) {
426- $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
427- if ($user_info) {
428- $ldap_bind_user2 = ldap_bind($ldapconn, $user_info['dn'], $password);
429- if ($ldap_bind_user2) {
430- session_regenerate_id(true); // require: PHP5.1+
431- $_SESSION['authenticated_user'] = $user_info['uid'];
432- $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
433- return true;
434- }
435- }
436- }
437434 }
438435 }
439436 }
@@ -443,20 +440,17 @@ function ldap_auth($username, $password)
443440 // Get LDAP user info via bind DN
444441 function ldap_get_simple_user_info($username)
445442 {
446- global $ldap_url, $ldap_bind_dn, $ldap_bind_password;
447- if (preg_match('#^(ldap\:\/\/[^/]+/)(.*)$#', $ldap_url, $m)) {
448- $ldap_server = $m[1];
449- $ldap_base_dn = $m[2];
450- $ldapconn = ldap_connect($ldap_server);
451- if ($ldapconn) {
452- ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
453- // Bind by bind dn
454- $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
455- if ($ldap_bind) {
456- $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
457- if ($user_info) {
458- return $user_info;
459- }
443+ global $ldap_server, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_password;
444+ $ldapconn = ldap_connect($ldap_server);
445+ if ($ldapconn) {
446+ ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
447+ ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
448+ // Bind by bind dn
449+ $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
450+ if ($ldap_bind) {
451+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
452+ if ($user_info) {
453+ return $user_info;
460454 }
461455 }
462456 }
--- a/lib/file.php
+++ b/lib/file.php
@@ -170,6 +170,9 @@ function make_str_rules($source)
170170 function add_author_info($wikitext)
171171 {
172172 global $auth_user, $auth_user_fullname, $auth_type, $ldap_user_account;
173+ global $auth_provider_user_prefix_default;
174+ global $auth_provider_user_prefix_ldap;
175+ global $auth_provider_user_prefix_external;
173176 $author = preg_replace('/"/', '', $auth_user);
174177 $fullname = $auth_user_fullname;
175178 if (!$fullname && $author) {
@@ -180,18 +183,18 @@ function add_author_info($wikitext)
180183 $user_prefix = '';
181184 switch ($auth_type) {
182185 case AUTH_TYPE_BASIC:
183- $user_prefix = AUTH_PROVIDER_USER_PREFIX_DEFAULT;
186+ $user_prefix = $auth_provider_user_prefix_default;
184187 break;
185188 case AUTH_TYPE_EXTERNAL:
186189 case AUTH_TYPE_EXTERNAL_REMOTE_USER:
187190 case AUTH_TYPE_EXTERNAL_X_FORWARDED_USER:
188- $user_prefix = AUTH_PROVIDER_USER_PREFIX_EXTERNAL;
191+ $user_prefix = $auth_provider_user_prefix_external;
189192 break;
190193 case AUTH_TYPE_FORM:
191194 if ($ldap_user_account) {
192- $user_prefix = AUTH_PROVIDER_USER_PREFIX_LDAP;
195+ $user_prefix = $auth_provider_user_prefix_ldap;
193196 } else {
194- $user_prefix = AUTH_PROVIDER_USER_PREFIX_DEFAULT;
197+ $user_prefix = $auth_provider_user_prefix_default;
195198 }
196199 break;
197200 }
--- a/pukiwiki.ini.php
+++ b/pukiwiki.ini.php
@@ -1,8 +1,8 @@
11 <?php
22 // PukiWiki - Yet another WikiWikiWeb clone
3-// $Id: pukiwiki.ini.php,v 1.148 2007/02/11 05:53:30 henoheno Exp $
4-// Copyright (C)
5-// 2002-2006 PukiWiki Developers Team
3+// pukiwiki.ini.php
4+// Copyright
5+// 2002-2016 PukiWiki Development Team
66 // 2001-2002 Originally written by yu-ji
77 // License: GPL v2 or (at your option) any later version
88 //
@@ -215,6 +215,28 @@ $pagereading_config_page = ':config/PageReading';
215215 // Page name of default pronouncing dictionary, used when converter = 'none'
216216 $pagereading_config_dict = ':config/PageReading/dict';
217217
218+
219+/////////////////////////////////////////////////
220+// Authentication type
221+// AUTH_TYPE_NONE, AUTH_TYPE_FORM, AUTH_TYPE_BASIC, AUTH_TYPE_EXTERNAL, ...
222+// $auth_type = AUTH_TYPE_FORM;
223+// $auth_external_login_url_base = './exlogin.php';
224+
225+/////////////////////////////////////////////////
226+// LDAP
227+$ldap_user_account = 0; // (0: Disabled, 1: Enabled)
228+// $ldap_server = 'ldap://ldapserver:389';
229+// $ldap_base_dn = 'ou=Users,dc=ldap,dc=example,dc=com';
230+// $ldap_bind_dn = 'uid=$login,dc=example,dc=com';
231+// $ldap_bind_password = '';
232+
233+/////////////////////////////////////////////////
234+// User prefix that shows its auth provider
235+$auth_provider_user_prefix_default = 'default:';
236+$auth_provider_user_prefix_ldap = 'ldap:';
237+$auth_provider_user_prefix_external = 'external:';
238+
239+
218240 /////////////////////////////////////////////////
219241 // User definition
220242 $auth_users = array(
@@ -234,12 +256,6 @@ $auth_groups = array(
234256 );
235257
236258 /////////////////////////////////////////////////
237-// Authentication type
238-// AUTH_TYPE_FORM, AUTH_TYPE_BASIC or AUTH_TYPE_EXTERNAL
239-// $auth_type = AUTH_TYPE_FORM;
240-// $auth_external_login_url_base = './exlogin.php';
241-
242-/////////////////////////////////////////////////
243259 // Authentication method
244260
245261 $auth_method_type = 'pagename'; // By Page name
@@ -274,20 +290,6 @@ $edit_auth_pages = array(
274290 $search_auth = 0;
275291
276292 /////////////////////////////////////////////////
277-// LDAP
278-$ldap_user_account = 0;
279-// $ldap_user_account = 1; // (0: Disabled, 1: Enabled)
280-// $ldap_url = 'ldap://ldapserver:389/ou=Users,dc=ldap,dc=example,dc=com';
281-// $ldap_bind_dn = '';
282-// $ldap_bind_password = '';
283-
284-/////////////////////////////////////////////////
285-// User prefix that shows its auth provider
286-define('AUTH_PROVIDER_USER_PREFIX_DEFAULT', 'default:');
287-define('AUTH_PROVIDER_USER_PREFIX_LDAP', 'ldap:');
288-define('AUTH_PROVIDER_USER_PREFIX_EXTERNAL', 'external:');
289-
290-/////////////////////////////////////////////////
291293 // $whatsnew: Max number of RecentChanges
292294 $maxshow = 60;
293295
Show on old repository browser