From 06da270e039cf517a6bd847ca0cd4a7819c9f879 Mon Sep 17 00:00:00 2001 From: Axel Angel Date: Sun, 4 May 2014 11:46:35 +0200 Subject: Authldap: implement change password in modifyUser --- lib/plugins/authldap/auth.php | 55 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 6c3637e15..13ffb8be2 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -36,8 +36,8 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return; } - // auth_ldap currently just handles authentication, so no - // capabilities are set + // Add the capabilities to change the password + $this->cando['modPass'] = true; } /** @@ -263,6 +263,57 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return $info; } + /** + * Definition of the function modifyUser in order to modify the password + */ + + function modifyUser($user,$changes){ + + // open the connection to the ldap + if(!$this->_openLDAP()){ + msg('LDAP cannot connect: '. htmlspecialchars(ldap_error($this->con))); + return false; + } + + // find the information about the user, in particular the "dn" + $info = $this->getUserData($user,true); + if(empty($info['dn'])) { + msg('LDAP cannot find your user dn: '. htmlspecialchars($info['dn'])); + return false; + } else { + $dn = $info['dn']; + } + + // find the new password and encrypt it whit SSHA + if(empty($changes['pass'])) { + msg('The new password is not allow because it\'s empty'); + return false; + } else { + mt_srand((double)microtime()*1000000); + $salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand()); + $hash = "{SSHA}" . base64_encode(pack("H*", sha1($changes['pass'] . $salt)) . $salt); + } + + // find the old password of the user + list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); + $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session + $pass = auth_decrypt($loginpass, $secret); + + // bind with the ldap + if(!@ldap_bind($this->con,$dn,$pass)){ + msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + + // change the password + if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){ + msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con))); + return false; + } + + return true; + } + /** * Most values in LDAP are case-insensitive * -- cgit v1.2.3 From 719c6730c7da93e830205e42dc230de831446e8f Mon Sep 17 00:00:00 2001 From: Axel Angel Date: Sun, 4 May 2014 12:26:13 +0200 Subject: Allow authldap to change password with ldap superuser only if necessary --- lib/plugins/authldap/auth.php | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 13ffb8be2..5bdaf0446 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -296,13 +296,25 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { // find the old password of the user list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); - $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session - $pass = auth_decrypt($loginpass, $secret); + if ($loginuser !== null) { // the user is currently logged in + $secret = auth_cookiesalt(!$sticky, true); + $pass = auth_decrypt($loginpass, $secret); - // bind with the ldap - if(!@ldap_bind($this->con,$dn,$pass)){ - msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); - return false; + // bind with the ldap + if(!@ldap_bind($this->con, $dn, $pass)){ + msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) { + // we are changing the password on behalf of the user (eg: forgotten password) + // bind with the superuser ldap + if (!@ldap_bind($this->con, $this->getConf('binddn'), $this->getConf('bindpw'))){ + $this->_debug('LDAP bind as superuser: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + } + else { + return false; // no otherway } // change the password -- cgit v1.2.3 From 67723447f02824ff2df7daa0f1f97d8b289c5d7a Mon Sep 17 00:00:00 2001 From: Axel Angel Date: Sun, 4 May 2014 19:54:37 +0200 Subject: Hash and salt password with PassHash::ssha Moved the block closer to the variable use (indent clearer) --- lib/plugins/authldap/auth.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 5bdaf0446..ecbbc2a3a 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -288,10 +288,6 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { if(empty($changes['pass'])) { msg('The new password is not allow because it\'s empty'); return false; - } else { - mt_srand((double)microtime()*1000000); - $salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand()); - $hash = "{SSHA}" . base64_encode(pack("H*", sha1($changes['pass'] . $salt)) . $salt); } // find the old password of the user @@ -317,6 +313,10 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return false; // no otherway } + // Generate the salted hashed password for LDAP + $phash = new PassHash(); + $hash = $phash->hash_ssha($changes['pass']); + // change the password if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){ msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con))); -- cgit v1.2.3 From 8f2ea93bb09b8744de56a8797176d3a209c2e8d7 Mon Sep 17 00:00:00 2001 From: Axel Angel Date: Thu, 8 May 2014 12:19:39 +0200 Subject: Simplify code and remove unreachable check --- lib/plugins/authldap/auth.php | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index ecbbc2a3a..bda8f2abe 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -278,17 +278,10 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { // find the information about the user, in particular the "dn" $info = $this->getUserData($user,true); if(empty($info['dn'])) { - msg('LDAP cannot find your user dn: '. htmlspecialchars($info['dn'])); - return false; - } else { - $dn = $info['dn']; - } - - // find the new password and encrypt it whit SSHA - if(empty($changes['pass'])) { - msg('The new password is not allow because it\'s empty'); + msg('LDAP cannot find your user dn'); return false; } + $dn = $info['dn']; // find the old password of the user list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); -- cgit v1.2.3 From e151bd73ba8b0f385b128cfe70c6d6e0eb4b7360 Mon Sep 17 00:00:00 2001 From: Hideaki SAWADA Date: Sat, 17 May 2014 08:11:01 +0200 Subject: translation update --- lib/plugins/extension/lang/ja/intro_install.txt | 2 +- lib/plugins/extension/lang/ja/intro_plugins.txt | 2 +- lib/plugins/extension/lang/ja/intro_templates.txt | 2 +- lib/plugins/extension/lang/ja/lang.php | 1 + 4 files changed, 4 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/plugins/extension/lang/ja/intro_install.txt b/lib/plugins/extension/lang/ja/intro_install.txt index 889ed6879..9f99b8202 100644 --- a/lib/plugins/extension/lang/ja/intro_install.txt +++ b/lib/plugins/extension/lang/ja/intro_install.txt @@ -1 +1 @@ -ここでは、アップロードするかダウンロードURLを指定して、手動でプラグインやテンプレートをインストールできます。 +アップロードするかダウンロードURLを指定して、手動でプラグインやテンプレートをインストールできます。 diff --git a/lib/plugins/extension/lang/ja/intro_plugins.txt b/lib/plugins/extension/lang/ja/intro_plugins.txt index 9bfc68431..b8251c7e8 100644 --- a/lib/plugins/extension/lang/ja/intro_plugins.txt +++ b/lib/plugins/extension/lang/ja/intro_plugins.txt @@ -1 +1 @@ -このDokuWikiに現在インストールされているプラグインです。ここでは、これらプラグインを有効化、無効化、アンインストールすることができます。同様にプラグインのアップデートも表示されます。アップデート前に、プラグインのマニュアルをお読みください。 \ No newline at end of file +このDokuWikiに現在インストールされているプラグインです。これらプラグインを有効化、無効化、アンインストールできます。更新はできる場合のみ表示されます。更新前に、プラグインの解説をお読みください。 \ No newline at end of file diff --git a/lib/plugins/extension/lang/ja/intro_templates.txt b/lib/plugins/extension/lang/ja/intro_templates.txt index f97694aaa..5de6d2f0d 100644 --- a/lib/plugins/extension/lang/ja/intro_templates.txt +++ b/lib/plugins/extension/lang/ja/intro_templates.txt @@ -1 +1 @@ -このDokuWikiに現在インストールされているテンプレートです。[[?do=admin&page=config|設定管理]]で使用するテンプレートを選択できます。 \ No newline at end of file +このDokuWikiに現在インストールされているテンプレートです。使用するテンプレートは[[?do=admin&page=config|設定管理]]で選択できます。 \ No newline at end of file diff --git a/lib/plugins/extension/lang/ja/lang.php b/lib/plugins/extension/lang/ja/lang.php index b42e4aefd..f1a95f7a2 100644 --- a/lib/plugins/extension/lang/ja/lang.php +++ b/lib/plugins/extension/lang/ja/lang.php @@ -83,3 +83,4 @@ $lang['nopluginperms'] = 'プラグインディレクトリが書き込 $lang['git'] = 'この拡張機能は Git 経由でインストールされており、ここで更新すべきでないかもしれません。'; $lang['install_url'] = 'URL からインストール:'; $lang['install_upload'] = '拡張機能をアップロード:'; +$lang['repo_error'] = 'プラグインのリポジトリに接続できません。サーバーが www.dokuwiki.org に接続できることやプロキシの設定を確認して下さい。'; -- cgit v1.2.3 From 5aa1e6b571d748ca5b0c7684ec6116c9e5f299d4 Mon Sep 17 00:00:00 2001 From: Rene Date: Sat, 17 May 2014 09:36:32 +0200 Subject: translation update --- lib/plugins/extension/lang/nl/lang.php | 2 +- lib/plugins/revert/lang/nl/intro.txt | 2 +- lib/plugins/revert/lang/nl/lang.php | 3 ++- lib/plugins/usermanager/lang/nl/intro.txt | 2 +- lib/plugins/usermanager/lang/nl/lang.php | 3 ++- 5 files changed, 7 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/plugins/extension/lang/nl/lang.php b/lib/plugins/extension/lang/nl/lang.php index 524c2b2e7..c1c72e812 100644 --- a/lib/plugins/extension/lang/nl/lang.php +++ b/lib/plugins/extension/lang/nl/lang.php @@ -6,7 +6,7 @@ * @author Rene * @author Gerrit Uitslag */ -$lang['menu'] = 'Uitbreidings Beheerder'; +$lang['menu'] = 'Uitbreidingen'; $lang['tab_plugins'] = 'Geïnstalleerde Plugins'; $lang['tab_templates'] = 'Geïnstalleerde Templates'; $lang['tab_search'] = 'Zoek en installeer'; diff --git a/lib/plugins/revert/lang/nl/intro.txt b/lib/plugins/revert/lang/nl/intro.txt index db8f5a06c..efa325839 100644 --- a/lib/plugins/revert/lang/nl/intro.txt +++ b/lib/plugins/revert/lang/nl/intro.txt @@ -1,3 +1,3 @@ -===== Herstelmanager ===== +===== Herstel ===== Deze pagina helpt u bij het herstellen van pagina's na een spam-aanval. Vul een zoekterm in (bijvoorbeeld een spam url) om een lijst te krijgen van bekladde pagina's, bevestig dat de pagina's inderdaad spam bevatten en herstel de wijzigingen. diff --git a/lib/plugins/revert/lang/nl/lang.php b/lib/plugins/revert/lang/nl/lang.php index ee8678e63..d04b96869 100644 --- a/lib/plugins/revert/lang/nl/lang.php +++ b/lib/plugins/revert/lang/nl/lang.php @@ -16,8 +16,9 @@ * @author Ricardo Guijt * @author Gerrit * @author Remon + * @author Rene */ -$lang['menu'] = 'Herstelmanager'; +$lang['menu'] = 'Herstel'; $lang['filter'] = 'Zoek naar bekladde pagina\'s'; $lang['revert'] = 'Herstel geselecteerde pagina\'s'; $lang['reverted'] = '%s hersteld naar revisie %s'; diff --git a/lib/plugins/usermanager/lang/nl/intro.txt b/lib/plugins/usermanager/lang/nl/intro.txt index 7df09dbab..478174ab6 100644 --- a/lib/plugins/usermanager/lang/nl/intro.txt +++ b/lib/plugins/usermanager/lang/nl/intro.txt @@ -1 +1 @@ -==== Gebruikersmanager ===== \ No newline at end of file +==== Gebruikers ===== \ No newline at end of file diff --git a/lib/plugins/usermanager/lang/nl/lang.php b/lib/plugins/usermanager/lang/nl/lang.php index 5cebede89..3f9902e14 100644 --- a/lib/plugins/usermanager/lang/nl/lang.php +++ b/lib/plugins/usermanager/lang/nl/lang.php @@ -15,8 +15,9 @@ * @author Jeroen * @author Ricardo Guijt * @author Gerrit Uitslag + * @author Rene */ -$lang['menu'] = 'Gebruikersmanager'; +$lang['menu'] = 'Gebruikersbeheer'; $lang['noauth'] = '(gebruikersauthenticatie niet beschikbaar)'; $lang['nosupport'] = '(gebruikersbeheer niet ondersteund)'; $lang['badauth'] = 'ongeldige authenticatiemethode'; -- cgit v1.2.3 From f88adfe0b3b6ae718cb4a99c6f8363042c7b0b6e Mon Sep 17 00:00:00 2001 From: PzF_X Date: Sun, 18 May 2014 13:56:03 +0200 Subject: translation update --- lib/plugins/authad/lang/ja/lang.php | 8 ++++++++ lib/plugins/authad/lang/ja/settings.php | 2 ++ lib/plugins/authldap/lang/ja/settings.php | 7 +++++++ lib/plugins/extension/lang/ja/lang.php | 3 +++ 4 files changed, 20 insertions(+) create mode 100644 lib/plugins/authad/lang/ja/lang.php (limited to 'lib') diff --git a/lib/plugins/authad/lang/ja/lang.php b/lib/plugins/authad/lang/ja/lang.php new file mode 100644 index 000000000..b40aa5da3 --- /dev/null +++ b/lib/plugins/authad/lang/ja/lang.php @@ -0,0 +1,8 @@ + + */ +$lang['domain'] = 'ログオン時のドメイン'; diff --git a/lib/plugins/authad/lang/ja/settings.php b/lib/plugins/authad/lang/ja/settings.php index f308249ef..118e8348c 100644 --- a/lib/plugins/authad/lang/ja/settings.php +++ b/lib/plugins/authad/lang/ja/settings.php @@ -5,6 +5,7 @@ * * @author Satoshi Sahara * @author Hideaki SAWADA + * @author PzF_X */ $lang['account_suffix'] = 'アカウントの接尾語。例:@my.domain.org'; $lang['base_dn'] = 'ベースDN。例:DC=my,DC=domain,DC=org'; @@ -12,6 +13,7 @@ $lang['domain_controllers'] = 'ドメインコントローラのカンマ区 $lang['admin_username'] = '全ユーザーデータへのアクセス権のある特権Active Directoryユーザー。任意ですが、メール通知の登録等の特定の動作に必要。'; $lang['admin_password'] = '上記ユーザーのパスワード'; $lang['sso'] = 'Kerberos か NTLM を使ったシングルサインオン(SSO)をしますか?'; +$lang['sso_charset'] = 'サーバーは空のUTF-8かLatin-1でKerberosかNTLMユーザネームを送信します。iconv拡張モジュールが必要です。'; $lang['real_primarygroup'] = '"Domain Users" を仮定する代わりに本当のプライマリグループを解決する(低速)'; $lang['use_ssl'] = 'SSL接続を使用しますか?使用した場合、下のSSLを有効にしないでください。'; $lang['use_tls'] = 'TLS接続を使用しますか?使用した場合、上のSSLを有効にしないでください。'; diff --git a/lib/plugins/authldap/lang/ja/settings.php b/lib/plugins/authldap/lang/ja/settings.php index 3c0e08f6a..6cff0ea67 100644 --- a/lib/plugins/authldap/lang/ja/settings.php +++ b/lib/plugins/authldap/lang/ja/settings.php @@ -6,6 +6,7 @@ * @author Satoshi Sahara * @author Hideaki SAWADA * @author Hideaki SAWADA + * @author PzF_X */ $lang['server'] = 'LDAPサーバー。ホスト名(localhost)又は完全修飾URL(ldap://server.tld:389)'; $lang['port'] = '上記が完全修飾URLでない場合、LDAPサーバーポート'; @@ -15,8 +16,14 @@ $lang['userfilter'] = 'ユーザーアカウントを探すためのL $lang['groupfilter'] = 'グループを探すLDAP抽出条件。例:(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; $lang['version'] = '使用するプロトコルのバージョン。3を設定する必要がある場合があります。'; $lang['starttls'] = 'TLS接続を使用しますか?'; +$lang['referrals'] = '紹介に従いますか?'; +$lang['deref'] = 'どのように間接参照のエイリアスにしますか?'; $lang['binddn'] = '匿名バインドでは不十分な場合、オプションバインドユーザーのDN。例:cn=admin, dc=my, dc=home'; $lang['bindpw'] = '上記ユーザーのパスワード'; +$lang['userscope'] = 'ユーザー検索の範囲を限定させる'; +$lang['groupscope'] = 'グループ検索の範囲を限定させる'; +$lang['groupkey'] = 'ユーザー属性をグループのメンバーシップから設定します(代わりに標準のADグループ)。 +例えば、部署や電話番号などです。'; $lang['debug'] = 'エラーに関して追加のデバッグ情報を表示する。'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; diff --git a/lib/plugins/extension/lang/ja/lang.php b/lib/plugins/extension/lang/ja/lang.php index f1a95f7a2..dec46d629 100644 --- a/lib/plugins/extension/lang/ja/lang.php +++ b/lib/plugins/extension/lang/ja/lang.php @@ -4,6 +4,7 @@ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * * @author Hideaki SAWADA + * @author PzF_X */ $lang['menu'] = '拡張機能管理'; $lang['tab_plugins'] = 'インストール済プラグイン'; @@ -52,8 +53,10 @@ $lang['provides'] = '提供:'; $lang['status'] = '状態:'; $lang['status_installed'] = 'インストール済'; $lang['status_not_installed'] = '未インストール'; +$lang['status_protected'] = '保護されています'; $lang['status_enabled'] = '有効'; $lang['status_disabled'] = '無効'; +$lang['status_unmodifiable'] = '編集不可'; $lang['status_plugin'] = 'プラグイン'; $lang['status_template'] = 'テンプレート'; $lang['status_bundled'] = '同梱'; -- cgit v1.2.3 From 18496fe0decfb1382393daca3141bf315cda7254 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 18 May 2014 20:33:21 +0200 Subject: fixed undefined variable in LDAP plugin --- lib/plugins/authldap/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index bda8f2abe..0d5e130ea 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -286,7 +286,7 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { // find the old password of the user list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); if ($loginuser !== null) { // the user is currently logged in - $secret = auth_cookiesalt(!$sticky, true); + $secret = auth_cookiesalt(!$loginsticky, true); $pass = auth_decrypt($loginpass, $secret); // bind with the ldap -- cgit v1.2.3