OSDN > Find Software > Internet > WWW/HTTP > Dynamic Content > Wiki > PukiWiki > SCM > git > pukiwiki > Commit

PukiWiki
Fork
pukiwiki_devel
pukiwiki_sandbox
pukiwiki

R/O
HTTP
SSH
HTTPS

pukiwiki: Commit

Commit MetaInfo

Revision	f50271d7309dbc61fdcc612d889ee0aeef48582c (tree)
Time	2016-02-13 09:45:44
Author	umorigu <umorigu@gmai...>
Commiter	umorigu

Log Message

BugTrack2/362 Support ldaps(SSL) - Secure LDAP server connection

Change Summary

modified: lib/auth.php (diff)
modified: lib/file.php (diff)
modified: pukiwiki.ini.php (diff)

Incremental Difference

--- a/lib/auth.php

+++ b/lib/auth.php

		@@ -244,7 +244,7 @@ function ensure_valid_auth_user()
244	244	{
245	245	global $auth_type, $auth_users, $_msg_auth, $auth_user, $auth_groups;
246	246	global $auth_user_groups, $auth_user_fullname;
247		- global $auth_provider_user_prefix, $ldap_user_account;
	247	+ global $ldap_user_account;
248	248	global $read_auth, $edit_auth;
249	249	if ($read_auth \|\| $edit_auth) {
250	250	switch ($auth_type) {

		@@ -399,41 +399,38 @@ function form_auth($username, $password)
399	399
400	400	function ldap_auth($username, $password)
401	401	{
402		- global $ldap_url, $ldap_bind_dn, $ldap_bind_password;
403		- if (preg_match('#^(ldap\:\/\/[^/]+/)(.*)$#', $ldap_url, $m)) {
404		- $ldap_server = $m[1];
405		- $ldap_base_dn = $m[2];
406		- $ldapconn = ldap_connect($ldap_server);
407		- if ($ldapconn) {
408		- ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
409		- if (preg_match('#\$login\b#', $ldap_bind_dn)) {
410		- // Bind by user credential
411		- $bind_dn_user = preg_replace('#\$login#', $username, $ldap_bind_dn);
412		- $ldap_bind_user = ldap_bind($ldapconn, $bind_dn_user, $password);
413		- if ($ldap_bind_user) {
414		- $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
415		- if ($user_info) {
	402	+ global $ldap_server, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_password;
	403	+ $ldapconn = ldap_connect($ldap_server);
	404	+ if ($ldapconn) {
	405	+ ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
	406	+ ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
	407	+ if (preg_match('#\$login\b#', $ldap_bind_dn)) {
	408	+ // Bind by user credential
	409	+ $bind_dn_user = preg_replace('#\$login#', $username, $ldap_bind_dn);
	410	+ $ldap_bind_user = ldap_bind($ldapconn, $bind_dn_user, $password);
	411	+ if ($ldap_bind_user) {
	412	+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
	413	+ if ($user_info) {
	414	+ session_regenerate_id(true); // require: PHP5.1+
	415	+ $_SESSION['authenticated_user'] = $user_info['uid'];
	416	+ $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
	417	+ return true;
	418	+ }
	419	+ }
	420	+ } else {
	421	+ // Bind by bind dn
	422	+ $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
	423	+ if ($ldap_bind) {
	424	+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
	425	+ if ($user_info) {
	426	+ $ldap_bind_user2 = ldap_bind($ldapconn, $user_info['dn'], $password);
	427	+ if ($ldap_bind_user2) {
416	428	session_regenerate_id(true); // require: PHP5.1+
417	429	$_SESSION['authenticated_user'] = $user_info['uid'];
418	430	$_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
419	431	return true;
420	432	}
421	433	}
422		- } else {
423		- // Bind by bind dn
424		- $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
425		- if ($ldap_bind) {
426		- $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
427		- if ($user_info) {
428		- $ldap_bind_user2 = ldap_bind($ldapconn, $user_info['dn'], $password);
429		- if ($ldap_bind_user2) {
430		- session_regenerate_id(true); // require: PHP5.1+
431		- $_SESSION['authenticated_user'] = $user_info['uid'];
432		- $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
433		- return true;
434		- }
435		- }
436		- }
437	434	}
438	435	}
439	436	}

		@@ -443,20 +440,17 @@ function ldap_auth($username, $password)
443	440	// Get LDAP user info via bind DN
444	441	function ldap_get_simple_user_info($username)
445	442	{
446		- global $ldap_url, $ldap_bind_dn, $ldap_bind_password;
447		- if (preg_match('#^(ldap\:\/\/[^/]+/)(.*)$#', $ldap_url, $m)) {
448		- $ldap_server = $m[1];
449		- $ldap_base_dn = $m[2];
450		- $ldapconn = ldap_connect($ldap_server);
451		- if ($ldapconn) {
452		- ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
453		- // Bind by bind dn
454		- $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
455		- if ($ldap_bind) {
456		- $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
457		- if ($user_info) {
458		- return $user_info;
459		- }
	443	+ global $ldap_server, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_password;
	444	+ $ldapconn = ldap_connect($ldap_server);
	445	+ if ($ldapconn) {
	446	+ ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
	447	+ ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
	448	+ // Bind by bind dn
	449	+ $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
	450	+ if ($ldap_bind) {
	451	+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
	452	+ if ($user_info) {
	453	+ return $user_info;
460	454	}
461	455	}
462	456	}

--- a/lib/file.php

+++ b/lib/file.php

		@@ -170,6 +170,9 @@ function make_str_rules($source)
170	170	function add_author_info($wikitext)
171	171	{
172	172	global $auth_user, $auth_user_fullname, $auth_type, $ldap_user_account;
	173	+ global $auth_provider_user_prefix_default;
	174	+ global $auth_provider_user_prefix_ldap;
	175	+ global $auth_provider_user_prefix_external;
173	176	$author = preg_replace('/"/', '', $auth_user);
174	177	$fullname = $auth_user_fullname;
175	178	if (!$fullname && $author) {

		@@ -180,18 +183,18 @@ function add_author_info($wikitext)
180	183	$user_prefix = '';
181	184	switch ($auth_type) {
182	185	case AUTH_TYPE_BASIC:
183		- $user_prefix = AUTH_PROVIDER_USER_PREFIX_DEFAULT;
	186	+ $user_prefix = $auth_provider_user_prefix_default;
184	187	break;
185	188	case AUTH_TYPE_EXTERNAL:
186	189	case AUTH_TYPE_EXTERNAL_REMOTE_USER:
187	190	case AUTH_TYPE_EXTERNAL_X_FORWARDED_USER:
188		- $user_prefix = AUTH_PROVIDER_USER_PREFIX_EXTERNAL;
	191	+ $user_prefix = $auth_provider_user_prefix_external;
189	192	break;
190	193	case AUTH_TYPE_FORM:
191	194	if ($ldap_user_account) {
192		- $user_prefix = AUTH_PROVIDER_USER_PREFIX_LDAP;
	195	+ $user_prefix = $auth_provider_user_prefix_ldap;
193	196	} else {
194		- $user_prefix = AUTH_PROVIDER_USER_PREFIX_DEFAULT;
	197	+ $user_prefix = $auth_provider_user_prefix_default;
195	198	}
196	199	break;
197	200	}

--- a/pukiwiki.ini.php

+++ b/pukiwiki.ini.php

		@@ -1,8 +1,8 @@
1	1	<?php
2	2	// PukiWiki - Yet another WikiWikiWeb clone
3		-// $Id: pukiwiki.ini.php,v 1.148 2007/02/11 05:53:30 henoheno Exp $
4		-// Copyright (C)
5		-// 2002-2006 PukiWiki Developers Team
	3	+// pukiwiki.ini.php
	4	+// Copyright
	5	+// 2002-2016 PukiWiki Development Team
6	6	// 2001-2002 Originally written by yu-ji
7	7	// License: GPL v2 or (at your option) any later version
8	8	//

		@@ -215,6 +215,28 @@ $pagereading_config_page = ':config/PageReading';
215	215	// Page name of default pronouncing dictionary, used when converter = 'none'
216	216	$pagereading_config_dict = ':config/PageReading/dict';
217	217
	218	+
	219	+/////////////////////////////////////////////////
	220	+// Authentication type
	221	+// AUTH_TYPE_NONE, AUTH_TYPE_FORM, AUTH_TYPE_BASIC, AUTH_TYPE_EXTERNAL, ...
	222	+// $auth_type = AUTH_TYPE_FORM;
	223	+// $auth_external_login_url_base = './exlogin.php';
	224	+
	225	+/////////////////////////////////////////////////
	226	+// LDAP
	227	+$ldap_user_account = 0; // (0: Disabled, 1: Enabled)
	228	+// $ldap_server = 'ldap://ldapserver:389';
	229	+// $ldap_base_dn = 'ou=Users,dc=ldap,dc=example,dc=com';
	230	+// $ldap_bind_dn = 'uid=$login,dc=example,dc=com';
	231	+// $ldap_bind_password = '';
	232	+
	233	+/////////////////////////////////////////////////
	234	+// User prefix that shows its auth provider
	235	+$auth_provider_user_prefix_default = 'default:';
	236	+$auth_provider_user_prefix_ldap = 'ldap:';
	237	+$auth_provider_user_prefix_external = 'external:';
	238	+
	239	+
218	240	/////////////////////////////////////////////////
219	241	// User definition
220	242	$auth_users = array(

		@@ -234,12 +256,6 @@ $auth_groups = array(
234	256	);
235	257
236	258	/////////////////////////////////////////////////
237		-// Authentication type
238		-// AUTH_TYPE_FORM, AUTH_TYPE_BASIC or AUTH_TYPE_EXTERNAL
239		-// $auth_type = AUTH_TYPE_FORM;
240		-// $auth_external_login_url_base = './exlogin.php';
241		-
242		-/////////////////////////////////////////////////
243	259	// Authentication method
244	260
245	261	$auth_method_type = 'pagename'; // By Page name

		@@ -274,20 +290,6 @@ $edit_auth_pages = array(
274	290	$search_auth = 0;
275	291
276	292	/////////////////////////////////////////////////
277		-// LDAP
278		-$ldap_user_account = 0;
279		-// $ldap_user_account = 1; // (0: Disabled, 1: Enabled)
280		-// $ldap_url = 'ldap://ldapserver:389/ou=Users,dc=ldap,dc=example,dc=com';
281		-// $ldap_bind_dn = '';
282		-// $ldap_bind_password = '';
283		-
284		-/////////////////////////////////////////////////
285		-// User prefix that shows its auth provider
286		-define('AUTH_PROVIDER_USER_PREFIX_DEFAULT', 'default:');
287		-define('AUTH_PROVIDER_USER_PREFIX_LDAP', 'ldap:');
288		-define('AUTH_PROVIDER_USER_PREFIX_EXTERNAL', 'external:');
289		-
290		-/////////////////////////////////////////////////
291	293	// $whatsnew: Max number of RecentChanges
292	294	$maxshow = 60;
293	295

Show on old repository browser