Author: ryan.lane
Description:
DefaultSettings.php (add):
$wgUseLDAP = false;
$wgLDAPDomainNames = array("");
$wgLDAPServerNames = array("");
$wgLDAPSearchStrings = array("");
$wgLDAPUseSSL = true;
$wgLDAPUseLocal = false;
Language.php (add):
'yourdomainname' => 'Your LDAP Domain'
'blankpasswordnotallowed' => 'Blank passwords are not allowed.'
includes/User.php (diff -u old new):
- User.php.new.old 2004-11-01 09:43:28.000000000 -0600
+++ User.php.new 2004-11-01 09:30:39.000000000 -0600
@@ -1010,6 +1010,12 @@
*/ function checkPassword( $password ) { $this->loadFromDatabase();
+ if ( 0 == strcmp( "", $password ) ) {
+ return false;
+ }
+ if ( $this->checkLDAPPassword( $password ) && 0 !=
strcmp('local', $_SESSION["ldapdomain"]->mDomain ) ) {
+ return true;
+ }
$ep = $this->encryptPassword( $password ); if ( 0 == strcmp( $ep, $this->mPassword ) ) { return true;
@@ -1025,6 +1031,42 @@
} return false; }
-}
+
+ function checkLDAPPassword( $password ) {
+ global $wgLDAPDomainNames, $wgLDAPServerNames,
$wgLDAPSearchStrings;
+ global $wgLDAPUseLocal, $wgLDAPUseSSL;
+
+ if ( $wgLDAPUseSSL ) {
+ $serverpre = "ldaps://";
+ } else {
+ $serverpre = "ldap://";
+ }
+
+ $domain = $_SESSION["ldapdomain"]->mDomain;
+ $tmpservers = $wgLDAPServerNames["$domain"];
+ $tok = strtok($tmpservers, " ");
+ while ($tok) {
+ $servers = $servers . " " . $serverpre . $tok;
+ $tok = strtok(" ");
+ }
+ $servers = rtrim($servers);
+
+ $tmpuserdn = $wgLDAPSearchStrings["$domain"];
+ $userdn = str_replace("USER-NAME",$this->mName,$tmpuserdn);
+ $userpass = $password;
+ $ldapconn = @ldap_connect( $servers );
+ if ( $ldapconn ) {
+ ldap_set_option( $ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+ $bind = @ldap_bind( $ldapconn, $userdn, $userpass );
+ if (!$bind) {
+ return false;
+ }
+ } else {
+ return false;
+ }
+ return true;
+ }
+
+}
?>
includes/SpecialUserlogin.php (diff -u old new):
- SpecialUserlogin.php.new.old 2004-11-01 09:57:41.000000000 -0600
+++ SpecialUserlogin.php 2004-11-01 10:02:01.000000000 -0600
@@ -32,11 +32,12 @@
class LoginForm {
var $mName, $mPassword, $mRetype, $mReturnto, $mCookieCheck, $mPosted; var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword;
- var $mLoginattempt, $mRemember, $mEmail;
+ var $mLoginattempt, $mRemember, $mEmail, $mDomain;
function LoginForm( &$request ) { global $wgLang, $wgAllowRealName;
+ $this->mDomain = $request->getVal( 'wpDomain' );
$this->mName = $request->getText( 'wpName' ); $this->mPassword = $request->getText( 'wpPassword' ); $this->mRetype = $request->getText( 'wpRetype' );
@@ -149,15 +150,18 @@
global $wgUser, $wgOut; global $wgMaxNameChars; global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP;
+ global $wgUseLDAP, $wgLDAPUseLocal;
if (!$wgUser->isAllowedToCreateAccount()) { $this->userNotPrivilegedMessage(); return; }
- if ( 0 != strcmp( $this->mPassword, $this->mRetype ) ) {
- $this->mainLoginForm( wfMsg( 'badretype' ) );
- return;
+ if ( !$wgUseLDAP || 0 == strcmp('local', $this->mDomain ) ) {
+ if ( 0 != strcmp( $this->mPassword, $this->mRetype ) ) {
+ $this->mainLoginForm( wfMsg( 'badretype' ) );
+ return;
+ }
} $name = trim( $this->mName );
@@ -194,8 +198,21 @@
} }
+ if ( $wgUseLDAP && 0 != strcmp('local', $this->mDomain ) ) {
+ if (!$u->checkPassword( $this->mPassword )) {
+ $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
+ return;
+ }
+ } else {
+ # We shouldn't allow blank passwords, even on
+ # local accounts
+ if ( 0 == strcmp( "", $this-mPassword ) ) {
+ return;
+ }
+ }
+
$u->addToDatabase();
- $u->setPassword( $this->mPassword );
+ if ( !$wgUseLDAP ) { $u->setPassword( $this->mPassword ); }
$u->setEmail( $this->mEmail ); $u->setRealName( $this->mRealName );
@@ -224,14 +241,16 @@
} $id = $u->idForName(); if ( 0 == $id ) {
- $this->mainLoginForm( wfMsg( 'nosuchuser', $u->getName() ) );
+ $this->mainLoginForm( wfMsg( 'nosuchuser', $u->getName()) );
return; } $u->setId( $id ); $u->loadFromDatabase();
+
+ $_SESSION["ldapdomain"] = $this;
if (!$u->checkPassword( $this->mPassword )) {
- $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
- return;
+ $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
+ return;
} # We've verified now, update the real record
@@ -351,11 +370,13 @@
function mainLoginForm( $err ) { global $wgUser, $wgOut, $wgLang; global $wgDBname, $wgAllowRealName;
+ global $wgUseLDAP, $wgLDAPDomainNames, $wgLDAPUseLocal;
$le = wfMsg( 'loginerror' ); $yn = wfMsg( 'yourname' ); $yp = wfMsg( 'yourpassword' ); $ypa = wfMsg( 'yourpasswordagain' );
+ $ydn = wfMsg( 'yourdomainname' );
$rmp = wfMsg( 'remembermypassword' ); $nuo = wfMsg( 'newusersonly' ); $li = wfMsg( 'login' );
@@ -392,7 +413,7 @@
$wgOut->addHTML( "<h2>$li:</h2>\n<p>$lp</p>" ); } else { $wgOut->addHTML( "<h2>$le:</h2>\n<font size='+1'
- color='red'>$err</font>\n" );
+ color='red'>$err</font>\n" );
} if ( 1 == $wgUser->getOption( 'rememberpassword' ) ) { $checked = ' checked';
@@ -413,6 +434,7 @@
$encRetype = htmlspecialchars( $this->mRetype ); $encEmail = htmlspecialchars( $this->mEmail ); $encRealName = htmlspecialchars( $this->mRealName );
+ $encDomain = htmlspecialchars( $this->mDomain );
if ($wgUser->getID() != 0) { $cambutton = "<input tabindex='6' type='submit' name=\"wpCreateaccountMail\"
value=\"{$cam}\" />";
@@ -436,21 +458,44 @@
<td align='left'> <input tabindex='2' type='password' name=\"wpPassword\"
value=\"{$encPassword}\" size='20' />
</td>
- <td align='left'>
- <input tabindex='4' type='checkbox' name=\"wpRemember\" value=\"1\"
id=\"wpRemember\"$checked /><label for=\"wpRemember\">$rmp</label>
- </td>
- </tr>");
+ ");
+
+ if ($wgUseLDAP) {
+ foreach ($wgLDAPDomainNames as $dom) {
+ $doms = $doms . "<option>$dom</option>";
+ }
+ if ($wgLDAPUseLocal) {
+ $doms = $doms . "<option>local</option>";
+ }
+ $wgOut->addHTML("<tr><td align='right'>$ydn:</td>
+ <td align='left'>
+ <select tabindex='9' name=\"wpDomain\" value=\"{$encDomain}\">
+ $doms
+ </select>
+ </td></tr>");
+ } else {
+ $wgOut->addHTML("
+ <td align='left'>
+ <input tabindex='4' type='checkbox' name=\"wpRemember\" value=\"1\"
id=\"wpRemember\"$checked /><label for=\"wpRemember\">$rmp</label>
+ </td></tr>");
+ }
+
if ($wgUser->isAllowedToCreateAccount()) { $encRetype = htmlspecialchars( $this->mRetype ); $encEmail = htmlspecialchars( $this->mEmail ); $wgOut->addHTML("<tr><td colspan='3'> </td></tr><tr>
- <td align='right'>$ypa:</td>
- <td align='left'>
- <input tabindex='5' type='password' name=\"wpRetype\" value=\"{$encRetype}\"
- size='20' />
- </td><td>$nuo</td></tr>
- <tr>
+ <td align='right'>$nuo</td></tr>");
+
+ if (!$wgUseLDAP || $wgLDAPUseLocal) {
+ $wgOut->addHTML("<td align='right'>$ypa:</td>
+ <td align='left'>
+ <input tabindex='5' type='password' name=\"wpRetype\" value=\"{$encRetype}\"
+ size='20' />
+ </td></tr>");
+ }
+
+ $wgOut->addHTML("<tr>
<td align='right'>$ye:</td> <td align='left'> <input tabindex='7' type='text' name=\"wpEmail\" value=\"{$encEmail}\"
size='20' />
@@ -470,16 +515,22 @@
$cambutton </td></tr>"); }
+
+ $wgOut->addHTML("
+ <tr><td colspan='3'> </td></tr><tr>
+ <td colspan='3' align='left'>
+ <p>$efl<br />");
+
+ if ( !wgUseLDAP) {
$wgOut->addHTML("
- <tr><td colspan='3'> </td></tr><tr>
- <td colspan='3' align='left'>
- <p>$efl<br />
- <input tabindex='10' type='submit' name=\"wpMailmypassword\" value=\"{$mmp}\"
/></p>
- </td></tr></table>
- </form>\n" );
- $wgOut->addHTML( $endText );
+ <input tabindex='10' type='submit' name=\"wpMailmypassword\" value=\"{$mmp}\"
/></p>");
}
+
+ $wgOut->addHTML("
+ </td></tr>
+ </table></form>\n $endText" );
+ }
+
/** * @access private
@@ -531,3 +582,4 @@
}
}
?>
+
Version: 1.10.x
Severity: enhancement
URL: http://meta.wikimedia.org/wiki/LDAP_Authentication