projects / atutor.git / blob
? search:


4737e437764a978157ad2fb579ce0eda7db2fbd6
[atutor.git] / mods / wiki / fragments / patches / auth_ldap.patch
1
2 This patch from AllianceTec modifies the users_ldap authentication backend,
3 and fixes caching problems for the HTTP login module (in the core). It has
4 not yet been applied because the ewiki_auth() interface is going to get
5 overhauled considerably anyhow.
6
7   cd .../ewiki-R1.0Nx/
8   patch -p1 < .../auth_ldap.patch
9
10
11 --- ewiki-R1.02a+dev3/ewiki.php 2004-09-29 14:14:48.000000000 -0500
12 +++ at_patches/ewiki.php        2005-03-01 10:42:45.883229728 -0600
13 @@ -3232,7 +3232,7 @@
14     $ok = true;
15     $ewiki_errmsg="";
16  
17 -#echo "_a($id,dat,$action,$ring,$request_auth)<br />\n";
18 +#echo "_a($id,$data,$action,$ring,$request_auth)<br />\n";
19  
20     if (EWIKI_PROTECTED_MODE) {
21  
22 @@ -3337,6 +3337,13 @@
23    if ($username || $password) {
24       ewiki_log("_auth_userdb: wrong password supplied for user '$username', not verified against any userdb", 3);
25       $ewiki_errmsg = "wrong username and/or password";
26 +     // Alliance Technologies addition
27 +     #-- If the ewiki_auth_query_http plugin is loaded, we need the following to prevent the HTTP auth from being cached by the browser
28 +     if ($ewiki_plugins["auth_query"][0] == "ewiki_auth_query_http") {
29 +         header('HTTP/1.1 401 Authentication Required');
30 +         header('Status: 401 Authentication Required');
31 +         header('WWW-Authenticate: Basic realm="Login incorrect"');
32 +     }
33  #     ewiki_auth($uu, $uu, $uu, $uu, 2);
34    }
35    return(false);
36 @@ -3962,4 +3969,4 @@
37  
38  
39  
40 -</script>
41 \ No newline at end of file
42 +</script>
43
44 --- ewiki-R1.02a+dev3/plugins/auth/users_ldap.php       2003-12-01 11:14:05.000000000 -0600
45 +++ at_patches/users_ldap.php   2005-03-01 10:42:46.022208600 -0600
46 @@ -4,45 +4,63 @@
47     Check username and password by connecting to LDAP server.
48  */
49  
50 -
51 -#-- config
52 -define("EWIKI_LDAP_SERVER", "ldap.example.com");
53 -define("EWIKI_LDAP_RDN", 'cn=$USER,ou=users,dc=example,dc=com');
54 -define("EWIKI_LDAP_FILTER", "");    // sn=* ???
55 -define("EWIKI_LDAP_RING", 2);
56 -
57 -
58  #-- glue
59  $ewiki_plugins["auth_userdb"][] = "ewiki_auth_userdb_ldap";
60  
61 -
62 -
63 -function ewiki_auth_userdb_ldap($username, $password=NULL) {
64 -
65 -   #-- connect   
66 -   if ($conn = ldap_connect(EWIKI_LDAP_SERVER)) {
67 -
68 -      #-- vars
69 -      $rdn = preg_replace('/[$%_]+\{USER\}|[$%]+USER[$%]?/i', $username, EWIKI_LDAP_RDN);
70 -      $search = EWIKI_LDAP_SEARCH;
71 -
72 -      #-- bind to domain
73 -      if (ldap_bind($conn, $rdn, $password)) {
74 -
75 -         #-- connected == authenticated
76 -         if (!$search || ldap_count_entries($conn, ldap_search($conn, $rdn, $search)) ) {
77 -
78 -            ldap_close($conn);
79 -
80 -            #-- return password array() as true value for userdb plugins
81 -            return(array($password, EWIKI_LDAP_RING));
82 -         }
83 -
84 -      }
85 -
86 -      ldap_close($conn);
87 -   }
88 -   return(false);
89 +function ewiki_auth_userdb_ldap($username, $password) {
90 +// Modified for Alliance Technologies
91 +       //return(array($password, EWIKI_LDAP_RING)); // Added by Josh on 2005-02-25 to disable edirectory check for PM
92 +
93 +       #-- connect   
94 +       if ($conn = ldap_connect(EWIKI_LDAP_SERVER)) {
95 +               // -- Begin Alliance Technologies Add
96 +               // TODO: make this conditionalized
97 +               if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
98 +                       fatal_error("Failed to set LDAP Protocol version to 3, TLS not supported.");
99 +               }
100 +               if (!ldap_start_tls($conn)) {
101 +                       fatal_error("Ldap_start_tls failed");
102 +               }
103 +               // -- End Alliance Technologies Add
104 +
105 +               #-- vars
106 +               $rdn = preg_replace('/[$%_]+\{USER\}|[$%]+USER[$%]?/i', $username, EWIKI_LDAP_RDN);
107 +               // -- Alliance Technologies - Changed SEARCH to FILTER
108 +               $search = EWIKI_LDAP_FILTER;
109 +
110 +               #-- bind to domain
111 +               error_reporting(E_ERROR);
112 +               if (ldap_bind($conn, $rdn, $password)) {
113 +                       #-- connected == authenticated
114 +                       if ($rdn == 'cn=morej,o=alliance') {
115 +                               ldap_close($conn);
116 +                               return(array($password, EWIKI_LDAP_ADMIN_RING));
117 +                       }
118 +                       if (!$search || ldap_count_entries($conn, ldap_search($conn, $rdn, $search)) ) {
119 +                               ldap_close($conn);
120 +                               #-- return password array() as true value for userdb plugins
121 +                               return(array($password, EWIKI_LDAP_RING));
122 +                       }
123 +               } elseif ($rdn) {
124 +                       //Failure
125 +                       return(false);
126 +                       header('HTTP/1.1 401 Authentication Required');
127 +                       header('Status: 401 Authentication Required');
128 +                       header('WWW-Authenticate: Basic realm="Login incorrect"');
129 +                       $redir = 'http://' . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"] ;
130 +                       $redir = ereg_replace('=.+/','=',$redir);
131 +                       #header("Location: $redir");
132 +
133 +                       echo('<pre>');
134 +                       var_dump($_SERVER);
135 +                       echo('</pre>');
136 +                       die();
137 +               }
138 +               error_reporting(E_ALL & ~E_NOTICE);
139 +
140 +       ldap_close($conn);
141 +       }
142 +return(false);
143  }
144  
145 -?>
146 \ No newline at end of file
147 +?>
148
Course Management Learning Management Tools