OSDN Git Service

(root) / pukiwiki / pukiwiki.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 132ca28)
BugTrack2/362 Support ldaps(SSL) - Secure LDAP server connection
authorumorigu <umorigu@gmail.com>
Sat, 13 Feb 2016 00:45:44 +0000 (09:45 +0900)
committerumorigu <umorigu@gmail.com>
Sat, 13 Feb 2016 00:45:44 +0000 (09:45 +0900)
lib/auth.php patch | blob | history
lib/file.php patch | blob | history
pukiwiki.ini.php patch | blob | history

diff --git a/lib/auth.php b/lib/auth.php
index 88b6642..2e72138 100644 (file)
--- a/lib/auth.php
+++ b/lib/auth.php
@@ -244,7 +244,7 @@ function ensure_valid_auth_user()
 {
        global $auth_type, $auth_users, $_msg_auth, $auth_user, $auth_groups;
        global $auth_user_groups, $auth_user_fullname;
-       global $auth_provider_user_prefix, $ldap_user_account;
+       global $ldap_user_account;
        global $read_auth, $edit_auth;
        if ($read_auth || $edit_auth) {
                switch ($auth_type) {
@@ -399,41 +399,38 @@ function form_auth($username, $password)
 
 function ldap_auth($username, $password)
 {
-       global $ldap_url, $ldap_bind_dn, $ldap_bind_password;
-       if (preg_match('#^(ldap\:\/\/[^/]+/)(.*)$#', $ldap_url, $m)) {
-               $ldap_server = $m[1];
-               $ldap_base_dn = $m[2];
-               $ldapconn = ldap_connect($ldap_server);
-               if ($ldapconn) {
-                       ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
-                       if (preg_match('#\$login\b#', $ldap_bind_dn)) {
-                               // Bind by user credential
-                               $bind_dn_user = preg_replace('#\$login#', $username, $ldap_bind_dn);
-                               $ldap_bind_user = ldap_bind($ldapconn, $bind_dn_user, $password);
-                               if ($ldap_bind_user) {
-                                       $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
-                                       if ($user_info) {
+       global $ldap_server, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_password;
+       $ldapconn = ldap_connect($ldap_server);
+       if ($ldapconn) {
+               ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+               ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+               if (preg_match('#\$login\b#', $ldap_bind_dn)) {
+                       // Bind by user credential
+                       $bind_dn_user = preg_replace('#\$login#', $username, $ldap_bind_dn);
+                       $ldap_bind_user = ldap_bind($ldapconn, $bind_dn_user, $password);
+                       if ($ldap_bind_user) {
+                               $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
+                               if ($user_info) {
+                                       session_regenerate_id(true); // require: PHP5.1+
+                                       $_SESSION['authenticated_user'] = $user_info['uid'];
+                                       $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
+                                       return true;
+                               }
+                       }
+               } else {
+                       // Bind by bind dn
+                       $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
+                       if ($ldap_bind) {
+                               $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
+                               if ($user_info) {
+                                       $ldap_bind_user2 = ldap_bind($ldapconn, $user_info['dn'], $password);
+                                       if ($ldap_bind_user2) {
                                                session_regenerate_id(true); // require: PHP5.1+
                                                $_SESSION['authenticated_user'] = $user_info['uid'];
                                                $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
                                                return true;
                                        }
                                }
-                       } else {
-                               // Bind by bind dn
-                               $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
-                               if ($ldap_bind) {
-                                       $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
-                                       if ($user_info) {
-                                               $ldap_bind_user2 = ldap_bind($ldapconn, $user_info['dn'], $password);
-                                               if ($ldap_bind_user2) {
-                                                       session_regenerate_id(true); // require: PHP5.1+
-                                                       $_SESSION['authenticated_user'] = $user_info['uid'];
-                                                       $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
-                                                       return true;
-                                               }
-                                       }
-                               }
                        }
                }
        }
@@ -443,20 +440,17 @@ function ldap_auth($username, $password)
 // Get LDAP user info via bind DN
 function ldap_get_simple_user_info($username)
 {
-       global $ldap_url, $ldap_bind_dn, $ldap_bind_password;
-       if (preg_match('#^(ldap\:\/\/[^/]+/)(.*)$#', $ldap_url, $m)) {
-               $ldap_server = $m[1];
-               $ldap_base_dn = $m[2];
-               $ldapconn = ldap_connect($ldap_server);
-               if ($ldapconn) {
-                       ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
-                       // Bind by bind dn
-                       $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
-                       if ($ldap_bind) {
-                               $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
-                               if ($user_info) {
-                                       return $user_info;
-                               }
+       global $ldap_server, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_password;
+       $ldapconn = ldap_connect($ldap_server);
+       if ($ldapconn) {
+               ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+               ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+               // Bind by bind dn
+               $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
+               if ($ldap_bind) {
+                       $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
+                       if ($user_info) {
+                               return $user_info;
                        }
                }
        }
diff --git a/lib/file.php b/lib/file.php
index f643969..79c7ad7 100644 (file)
--- a/lib/file.php
+++ b/lib/file.php
@@ -170,6 +170,9 @@ function make_str_rules($source)
 function add_author_info($wikitext)
 {
        global $auth_user, $auth_user_fullname, $auth_type, $ldap_user_account;
+       global $auth_provider_user_prefix_default;
+       global $auth_provider_user_prefix_ldap;
+       global $auth_provider_user_prefix_external;
        $author = preg_replace('/"/', '', $auth_user);
        $fullname = $auth_user_fullname;
        if (!$fullname && $author) {
@@ -180,18 +183,18 @@ function add_author_info($wikitext)
        $user_prefix = '';
        switch ($auth_type) {
                case AUTH_TYPE_BASIC:
-                       $user_prefix = AUTH_PROVIDER_USER_PREFIX_DEFAULT;
+                       $user_prefix = $auth_provider_user_prefix_default;
                        break;
                case AUTH_TYPE_EXTERNAL:
                case AUTH_TYPE_EXTERNAL_REMOTE_USER:
                case AUTH_TYPE_EXTERNAL_X_FORWARDED_USER:
-                       $user_prefix = AUTH_PROVIDER_USER_PREFIX_EXTERNAL;
+                       $user_prefix = $auth_provider_user_prefix_external;
                        break;
                case AUTH_TYPE_FORM:
                        if ($ldap_user_account) {
-                               $user_prefix = AUTH_PROVIDER_USER_PREFIX_LDAP;
+                               $user_prefix = $auth_provider_user_prefix_ldap;
                        } else {
-                               $user_prefix = AUTH_PROVIDER_USER_PREFIX_DEFAULT;
+                               $user_prefix = $auth_provider_user_prefix_default;
                        }
                        break;
        }
diff --git a/pukiwiki.ini.php b/pukiwiki.ini.php
index ce28343..040295f 100644 (file)
--- a/pukiwiki.ini.php
+++ b/pukiwiki.ini.php
@@ -1,8 +1,8 @@
 <?php
 // PukiWiki - Yet another WikiWikiWeb clone
-// $Id: pukiwiki.ini.php,v 1.148 2007/02/11 05:53:30 henoheno Exp $
-// Copyright (C)
-//   2002-2006 PukiWiki Developers Team
+// pukiwiki.ini.php
+// Copyright
+//   2002-2016 PukiWiki Development Team
 //   2001-2002 Originally written by yu-ji
 // License: GPL v2 or (at your option) any later version
 //
@@ -215,6 +215,28 @@ $pagereading_config_page = ':config/PageReading';
 // Page name of default pronouncing dictionary, used when converter = 'none'
 $pagereading_config_dict = ':config/PageReading/dict';
 
+
+/////////////////////////////////////////////////
+// Authentication type
+// AUTH_TYPE_NONE, AUTH_TYPE_FORM, AUTH_TYPE_BASIC, AUTH_TYPE_EXTERNAL, ...
+// $auth_type = AUTH_TYPE_FORM;
+// $auth_external_login_url_base = './exlogin.php';
+
+/////////////////////////////////////////////////
+// LDAP
+$ldap_user_account = 0; // (0: Disabled, 1: Enabled)
+// $ldap_server = 'ldap://ldapserver:389';
+// $ldap_base_dn = 'ou=Users,dc=ldap,dc=example,dc=com';
+// $ldap_bind_dn = 'uid=$login,dc=example,dc=com';
+// $ldap_bind_password = '';
+
+/////////////////////////////////////////////////
+// User prefix that shows its auth provider
+$auth_provider_user_prefix_default = 'default:';
+$auth_provider_user_prefix_ldap = 'ldap:';
+$auth_provider_user_prefix_external = 'external:';
+
+
 /////////////////////////////////////////////////
 // User definition
 $auth_users = array(
@@ -234,12 +256,6 @@ $auth_groups = array(
 );
 
 /////////////////////////////////////////////////
-// Authentication type
-// AUTH_TYPE_FORM, AUTH_TYPE_BASIC or AUTH_TYPE_EXTERNAL
-// $auth_type = AUTH_TYPE_FORM;
-// $auth_external_login_url_base = './exlogin.php';
-
-/////////////////////////////////////////////////
 // Authentication method
 
 $auth_method_type      = 'pagename';   // By Page name
@@ -274,20 +290,6 @@ $edit_auth_pages = array(
 $search_auth = 0;
 
 /////////////////////////////////////////////////
-// LDAP
-$ldap_user_account = 0;
-// $ldap_user_account = 1; // (0: Disabled, 1: Enabled)
-// $ldap_url = 'ldap://ldapserver:389/ou=Users,dc=ldap,dc=example,dc=com';
-// $ldap_bind_dn = '';
-// $ldap_bind_password = '';
-
-/////////////////////////////////////////////////
-// User prefix that shows its auth provider
-define('AUTH_PROVIDER_USER_PREFIX_DEFAULT', 'default:');
-define('AUTH_PROVIDER_USER_PREFIX_LDAP', 'ldap:');
-define('AUTH_PROVIDER_USER_PREFIX_EXTERNAL', 'external:');
-
-/////////////////////////////////////////////////
 // $whatsnew: Max number of RecentChanges
 $maxshow = 60;
 
About OSDN
Find Software
Develop Software
Help