diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2014-09-29 20:17:39 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2014-09-29 20:17:39 +0200 |
| commit | 6c1ae996157551dcf5bb4e7e8922677bb3d3d358 (patch) | |
| tree | b3a4162367176a4e2ebadbd6ab31753c1b042be0 /lib/plugins/authldap | |
| parent | 35f3340eb3b989194a496861abfb5b3d3c9a630d (diff) | |
| parent | 57271d078b9c433bec79d75cb44dadcafeae07df (diff) | |
| download | rpg-6c1ae996157551dcf5bb4e7e8922677bb3d3d358.tar.gz rpg-6c1ae996157551dcf5bb4e7e8922677bb3d3d358.tar.bz2 | |
Merge branch 'master' into stable
* master: (214 commits)
release preparations
postgresql auth plugin: correct function name
parse AT parameter: first strtotime then timestamp remove config option
move more strings to lang.php
move strings to lang.php
add placeholders for create page text
phpdocs parserutils
improve some scrutinizer issues
visibility plugin methods
use config cascade for loading of localizations
reformatting config cascade
add lang files to cascading
work around missing gzopen on certain systems #865
translation update
fix scrutinizer issues
fixed typos in docblock comments
do not allow empty passwords
clean user credentials from control chars
added filter method to INPUT class
translation update
...
Diffstat (limited to 'lib/plugins/authldap')
| -rw-r--r-- | lib/plugins/authldap/auth.php | 73 | ||||
| -rw-r--r-- | lib/plugins/authldap/lang/hr/settings.php | 27 | ||||
| -rw-r--r-- | lib/plugins/authldap/lang/it/settings.php | 6 | ||||
| -rw-r--r-- | lib/plugins/authldap/lang/ja/settings.php | 7 | ||||
| -rw-r--r-- | lib/plugins/authldap/lang/lv/settings.php | 9 | ||||
| -rw-r--r-- | lib/plugins/authldap/lang/tr/settings.php | 8 | ||||
| -rw-r--r-- | lib/plugins/authldap/lang/zh-tw/settings.php | 2 | ||||
| -rw-r--r-- | lib/plugins/authldap/plugin.info.txt | 2 |
8 files changed, 128 insertions, 6 deletions
diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 6c3637e15..b22b82ecc 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -36,8 +36,8 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return; } - // auth_ldap currently just handles authentication, so no - // capabilities are set + // Add the capabilities to change the password + $this->cando['modPass'] = true; } /** @@ -103,7 +103,7 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return true; } else { // See if we can find the user - $info = $this->getUserData($user, true); + $info = $this->_getUserData($user, true); if(empty($info['dn'])) { return false; } else { @@ -146,10 +146,19 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { * @author Steffen Schoch <schoch@dsb.net> * * @param string $user + * @param bool $requireGroups (optional) - ignored, groups are always supplied by this plugin + * @return array containing user data or false + */ + public function getUserData($user, $requireGroups=true) { + return $this->_getUserData($user); + } + + /** + * @param string $user * @param bool $inbind authldap specific, true if in bind phase * @return array containing user data or false */ - public function getUserData($user, $inbind = false) { + protected function _getUserData($user, $inbind = false) { global $conf; if(!$this->_openLDAP()) return false; @@ -264,6 +273,62 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { } /** + * Definition of the function modifyUser in order to modify the password + */ + + function modifyUser($user,$changes){ + + // open the connection to the ldap + if(!$this->_openLDAP()){ + msg('LDAP cannot connect: '. htmlspecialchars(ldap_error($this->con))); + return false; + } + + // find the information about the user, in particular the "dn" + $info = $this->getUserData($user,true); + if(empty($info['dn'])) { + msg('LDAP cannot find your user dn'); + return false; + } + $dn = $info['dn']; + + // find the old password of the user + list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); + if ($loginuser !== null) { // the user is currently logged in + $secret = auth_cookiesalt(!$loginsticky, true); + $pass = auth_decrypt($loginpass, $secret); + + // bind with the ldap + if(!@ldap_bind($this->con, $dn, $pass)){ + msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) { + // we are changing the password on behalf of the user (eg: forgotten password) + // bind with the superuser ldap + if (!@ldap_bind($this->con, $this->getConf('binddn'), $this->getConf('bindpw'))){ + $this->_debug('LDAP bind as superuser: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + } + else { + return false; // no otherway + } + + // Generate the salted hashed password for LDAP + $phash = new PassHash(); + $hash = $phash->hash_ssha($changes['pass']); + + // change the password + if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){ + msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con))); + return false; + } + + return true; + } + + /** * Most values in LDAP are case-insensitive * * @return bool diff --git a/lib/plugins/authldap/lang/hr/settings.php b/lib/plugins/authldap/lang/hr/settings.php new file mode 100644 index 000000000..cb8df7218 --- /dev/null +++ b/lib/plugins/authldap/lang/hr/settings.php @@ -0,0 +1,27 @@ +<?php + +/** + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * + * @author Davor Turkalj <turki.bsc@gmail.com> + */ +$lang['server'] = 'Vaš LDAP server. Upišite ili naziv računala (<code>localhost</code>) ili puni URL (<code>ldap://server.tld:389</code>)'; +$lang['port'] = 'LDAP server port, ako gore nije specificiran puni URL.'; +$lang['usertree'] = 'Gdje da nađem korisničke prijave. Npr. <code>ou=People, dc=server, dc=tld</code>'; +$lang['grouptree'] = 'Gdje da nađem korisničke grupe. Npr. <code>ou=Group, dc=server, dc=tld</code>'; +$lang['userfilter'] = 'LDAP filter za pretragu korisničkih prijava. Npr. <code>(&(uid=%{user})(objectClass=posixAccount))</code>'; +$lang['groupfilter'] = 'LDAP filter za pretragu grupa. Npr. <code>(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>'; +$lang['version'] = 'Protokol koji se koristi. Možda će te trebati postaviti na <code>3</code>'; +$lang['starttls'] = 'Korisni TLS vezu?'; +$lang['referrals'] = 'Da li da slijedim uputnice?'; +$lang['deref'] = 'Kako da razlikujem aliase?'; +$lang['binddn'] = 'DN opcionalnog korisnika ako anonimni korisnik nije dovoljan. Npr. <code>cn=admin, dc=my, dc=home</code>'; +$lang['bindpw'] = 'Lozinka gore navedenog korisnika'; +$lang['userscope'] = 'Ograniči područje za pretragu korisnika'; +$lang['groupscope'] = 'Ograniči područje za pretragu grupa'; +$lang['groupkey'] = 'Članstvo grupa iz svih atributa korisnika (umjesto standardnih AD grupa) npr. grupa iz odjela ili telefonskog broja'; +$lang['debug'] = 'Prikaži dodatne informacije u slučaju greške'; +$lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; +$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; +$lang['deref_o_2'] = 'LDAP_DEREF_FINDING'; +$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS'; diff --git a/lib/plugins/authldap/lang/it/settings.php b/lib/plugins/authldap/lang/it/settings.php index eba7cde6e..858c694b8 100644 --- a/lib/plugins/authldap/lang/it/settings.php +++ b/lib/plugins/authldap/lang/it/settings.php @@ -5,6 +5,7 @@ * * @author Edmondo Di Tucci <snarchio@gmail.com> * @author Claudio Lanconelli <lancos@libero.it> + * @author Francesco <francesco.cavalli@hotmail.com> */ $lang['server'] = 'Il tuo server LDAP. Inserire o l\'hostname (<code>localhost</code>) oppure un URL completo (<code>ldap://server.tld:389</code>)'; $lang['port'] = 'Porta del server LDAP se non è stato fornito un URL completo più sopra.'; @@ -14,6 +15,11 @@ $lang['userfilter'] = 'Filtro per cercare l\'account utente LDAP. Eg. $lang['groupfilter'] = 'Filtro per cercare i gruppi LDAP. Eg. <code>(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>'; $lang['version'] = 'Versione protocollo da usare. Pu<code>3</code>'; $lang['starttls'] = 'Usare la connessione TSL?'; +$lang['deref'] = 'Come differenziare un alias?'; $lang['userscope'] = 'Limita il contesto di ricerca per la ricerca degli utenti'; $lang['groupscope'] = 'Limita il contesto di ricerca per la ricerca dei gruppi'; $lang['debug'] = 'In caso di errori mostra ulteriori informazioni di debug'; +$lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; +$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; +$lang['deref_o_2'] = 'LDAP_DEREF_FINDING'; +$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS'; diff --git a/lib/plugins/authldap/lang/ja/settings.php b/lib/plugins/authldap/lang/ja/settings.php index 3c0e08f6a..6cff0ea67 100644 --- a/lib/plugins/authldap/lang/ja/settings.php +++ b/lib/plugins/authldap/lang/ja/settings.php @@ -6,6 +6,7 @@ * @author Satoshi Sahara <sahara.satoshi@gmail.com> * @author Hideaki SAWADA <sawadakun@live.jp> * @author Hideaki SAWADA <chuno@live.jp> + * @author PzF_X <jp_minecraft@yahoo.co.jp> */ $lang['server'] = 'LDAPサーバー。ホスト名(<code>localhost</code>)又は完全修飾URL(<code>ldap://server.tld:389</code>)'; $lang['port'] = '上記が完全修飾URLでない場合、LDAPサーバーポート'; @@ -15,8 +16,14 @@ $lang['userfilter'] = 'ユーザーアカウントを探すためのL $lang['groupfilter'] = 'グループを探すLDAP抽出条件。例:<code>(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>'; $lang['version'] = '使用するプロトコルのバージョン。<code>3</code>を設定する必要がある場合があります。'; $lang['starttls'] = 'TLS接続を使用しますか?'; +$lang['referrals'] = '紹介に従いますか?'; +$lang['deref'] = 'どのように間接参照のエイリアスにしますか?'; $lang['binddn'] = '匿名バインドでは不十分な場合、オプションバインドユーザーのDN。例:<code>cn=admin, dc=my, dc=home</code>'; $lang['bindpw'] = '上記ユーザーのパスワード'; +$lang['userscope'] = 'ユーザー検索の範囲を限定させる'; +$lang['groupscope'] = 'グループ検索の範囲を限定させる'; +$lang['groupkey'] = 'ユーザー属性をグループのメンバーシップから設定します(代わりに標準のADグループ)。 +例えば、部署や電話番号などです。'; $lang['debug'] = 'エラーに関して追加のデバッグ情報を表示する。'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; diff --git a/lib/plugins/authldap/lang/lv/settings.php b/lib/plugins/authldap/lang/lv/settings.php new file mode 100644 index 000000000..90986e4f1 --- /dev/null +++ b/lib/plugins/authldap/lang/lv/settings.php @@ -0,0 +1,9 @@ +<?php + +/** + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * + * @author Aivars Miška <allefm@gmail.com> + */ +$lang['starttls'] = 'Lietot TLS savienojumus?'; +$lang['bindpw'] = 'Lietotāja parole'; diff --git a/lib/plugins/authldap/lang/tr/settings.php b/lib/plugins/authldap/lang/tr/settings.php new file mode 100644 index 000000000..843b7ef9c --- /dev/null +++ b/lib/plugins/authldap/lang/tr/settings.php @@ -0,0 +1,8 @@ +<?php + +/** + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * + * @author ilker rifat kapaç <irifat@gmail.com> + */ +$lang['bindpw'] = 'Üstteki kullanıcının şifresi'; diff --git a/lib/plugins/authldap/lang/zh-tw/settings.php b/lib/plugins/authldap/lang/zh-tw/settings.php index 7e35ef632..e3d85cb87 100644 --- a/lib/plugins/authldap/lang/zh-tw/settings.php +++ b/lib/plugins/authldap/lang/zh-tw/settings.php @@ -1,4 +1,5 @@ <?php + /** * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * @@ -19,7 +20,6 @@ $lang['userscope'] = '限制使用者搜索的範圍'; $lang['groupscope'] = '限制群組搜索的範圍'; $lang['groupkey'] = '以其他使用者屬性 (而非標準 AD 群組) 來把使用者分組,例如以部門或電話號碼分類'; $lang['debug'] = '有錯誤時,顯示額外除錯資訊'; - $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; $lang['deref_o_2'] = 'LDAP_DEREF_FINDING'; diff --git a/lib/plugins/authldap/plugin.info.txt b/lib/plugins/authldap/plugin.info.txt index 0d0b13f65..964fbb994 100644 --- a/lib/plugins/authldap/plugin.info.txt +++ b/lib/plugins/authldap/plugin.info.txt @@ -1,7 +1,7 @@ base authldap author Andreas Gohr email andi@splitbrain.org -date 2013-04-19 +date 2014-05-18 name LDAP Auth Plugin desc Provides user authentication against an LDAP server url http://www.dokuwiki.org/plugin:authldap |