View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006718 | mantisbt | authentication | public | 2006-02-15 09:01 | 2008-07-24 16:51 |
Reporter | brunette | Assigned To | jreese | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | duplicate | ||
Product Version | 1.0.0 | ||||
Summary | 0006718: Multiple authentification | ||||
Description | I create a new type of authentification CVF_AUTH who is a mixte authentification LDAP and MD5. First of all, I search if the user exists in LDAP.
| ||||
Tags | No tags attached. | ||||
Attached Files | authentication_api.php.patch (16,671 bytes)
<?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the README and LICENSE files for details # -------------------------------------------------------- # $Id: authentication_api.php,v 1.51 2005/07/11 23:49:13 thraxisp Exp $ # -------------------------------------------------------- ### Authentication API ### $g_script_login_cookie = null; $g_cache_anonymous_user_cookie_string = null; #=================================== # Boolean queries and ensures #=================================== # -------------------- # Check that there is a user logged-in and authenticated # If the user's account is disabled they will be logged out # If there is no user logged in, redirect to the login page # If parameter is given it is used as a URL to redirect to following # successful login. If none is given, the URL of the current page is used function auth_ensure_user_authenticated( $p_return_page = '' ) { if ( !php_version_at_least( '4.1.0' ) ) { global $_SERVER; } # if logged in if ( auth_is_user_authenticated() ) { # check for access enabled # This also makes sure the cookie is valid if ( OFF == current_user_get_field( 'enabled' ) ) { print_header_redirect( 'logout_page.php' ); } } else { # not logged in if ( is_blank( $p_return_page ) ) { if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; } $p_return_page = $_SERVER['REQUEST_URI']; } $p_return_page = string_url( $p_return_page ); print_header_redirect( 'login_page.php?return=' . $p_return_page ); } } # -------------------- # Return true if there is a currently logged in and authenticated user, # false otherwise function auth_is_user_authenticated() { return ( auth_is_cookie_valid( auth_get_current_user_cookie() ) ); } #=================================== # Login / Logout #=================================== # -------------------- # Attempt to login the user with the given password # If the user fails validation, false is returned # If the user passes validation, the cookies are set and # true is returned. If $p_perm_login is true, the long-term # cookie is created. function auth_attempt_login( $p_username, $p_password, $p_perm_login=false ) { $t_user_id = user_get_id_by_name( $p_username ); $t_login_method = config_get( 'login_method' ); if ( false === $t_user_id ) { if ( BASIC_AUTH == $t_login_method ) { # attempt to create the user if using BASIC_AUTH $t_cookie_string = user_create( $p_username, $p_password ); if ( false === $t_cookie_string ) { # it didn't work return false; } # ok, we created the user, get the row again $t_user_id = user_get_id_by_name( $p_username ); if ( false === $t_user_id ) { # uh oh, something must be really wrong # @@@ trigger an error here? return false; } } else { $t_login= config_get('login_method'); if ( CVF_AUTH == $t_login_method && ldap_authenticate($p_username, $p_password) ){ $t_email = $p_username."@cvf.fr"; user_create($p_username, auth_generate_random_password($t_seed),$t_email); } } } if (CVF_AUTH == $t_login_method) { $t_user_id = user_get_id_by_name( $p_username ); if ( ldap_authenticate($p_username, $p_password)){ $t_login= config_get('login_method'); auth_set_cookies( $t_user_id, $p_perm_login ); return true; break; } else { //$t_login_method = "MD5"; config_set_cache('login_method','3'); $t_login= config_get('login_method'); if (!auth_does_password_match($t_user_id, $p_password)){ user_increment_failed_login_count($t_user_id); return false; break; } } } # check for disabled account if ( !user_is_enabled( $t_user_id ) ) { // return false; } # max. failed login attempts achieved... if( !user_is_login_request_allowed( $t_user_id ) ) { return false; } $t_anon_account = config_get( 'anonymous_account' ); $t_anon_allowed = config_get( 'allow_anonymous_login' ); # check for anonymous login if ( !( ( ON == $t_anon_allowed ) && ( $t_anon_account == $p_username) ) ) { # anonymous login didn't work, so check the password if ( !auth_does_password_match( $t_user_id, $p_password ) ) { user_increment_failed_login_count( $t_user_id ); return false; } } # ok, we're good to login now # increment login count user_increment_login_count( $t_user_id ); user_reset_failed_login_count_to_zero( $t_user_id ); user_reset_lost_password_in_progress_count_to_zero( $t_user_id ); # set the cookies auth_set_cookies( $t_user_id, $p_perm_login ); return true; } # -------------------- # Allows scripts to login using a login name or ( login name + password ) function auth_attempt_script_login( $p_username, $p_password = null ) { global $g_script_login_cookie; $t_user_id = user_get_id_by_name( $p_username ); $t_user = user_get_row( $t_user_id ); # check for disabled account if ( OFF == $t_user['enabled'] ) { return false; } # validate password if supplied if ( null !== $p_password ) { if ( !auth_does_password_match( $t_user_id, $p_password ) ) { return false; } } # ok, we're good to login now # increment login count user_increment_login_count( $t_user_id ); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; return true; } # -------------------- # Logout the current user and remove any remaining cookies from their browser # Returns true on success, false otherwise function auth_logout() { global $g_cache_current_user_id; # clear cached userid $g_cache_current_user_id = null; # clear cookies, if they were set if (auth_clear_cookies()) { helper_clear_pref_cookies(); } return true; } #=================================== # Password functions #=================================== # -------------------- # Return true if the password for the user id given matches the given # password (taking into account the global login method) function auth_does_password_match( $p_user_id, $p_test_password ) { $t_configured_login_method = config_get( 'login_method' ); if ( LDAP == $t_configured_login_method ) { return ldap_authenticate( $p_user_id, $p_test_password ); } $t_password = user_get_field( $p_user_id, 'password' ); $t_login_methods = Array(MD5, CRYPT, PLAIN); foreach ( $t_login_methods as $t_login_method ) { # pass the stored password in as the salt if ( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password ) { # Check for migration to another login method and test whether the password was encrypted # with our previously insecure implemention of the CRYPT method if ( ( $t_login_method != $t_configured_login_method ) ||( ( CRYPT == $t_configured_login_method ) && substr( $t_password, 0, 2 ) == substr( $p_test_password, 0, 2 ) ) ) { user_set_password( $p_user_id, $p_test_password, true ); } return true; } } return false; } # -------------------- # Encrypt and return the plain password given, as appropriate for the current # global login method. # # When generating a new password, no salt should be passed in. # When encrypting a password to compare to a stored password, the stored # password should be passed in as salt. If the auth method is CRYPT then # crypt() will extract the appropriate portion of the stored password as its salt function auth_process_plain_password( $p_password, $p_salt=null, $p_method=null ) { $t_login_method = config_get( 'login_method' ); if ( $p_method !== null ) { $t_login_method = $p_method; } switch ( $t_login_method ) { case CRYPT: # a null salt is the same as no salt, which causes a salt to be generated # otherwise, use the salt given $t_processed_password = crypt( $p_password, $p_salt ); break; case MD5: $t_processed_password = md5( $p_password ); break; case BASIC_AUTH: case PLAIN: default: $t_processed_password = $p_password; break; } # cut this off to 32 cahracters which the largest possible string in the database return substr( $t_processed_password, 0, 32 ); } # -------------------- # Generate a random 12 character password # p_email is unused function auth_generate_random_password( $p_email ) { $t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() ); $t_val = md5( $t_val ); return substr( $t_val, 0, 12 ); } # -------------------- # Generate a confirm_hash 12 character to valide the password reset request function auth_generate_confirm_hash( $p_user_id ) { $t_confirm_hash_generator = config_get( 'password_confirm_hash_magic_string' ); $t_password = user_get_field( $p_user_id, 'password' ); $t_last_visit = user_get_field( $p_user_id, 'last_visit' ); $t_confirm_hash = md5( $t_confirm_hash_generator . $t_password . $t_last_visit ); return $t_confirm_hash; } #=================================== # Cookie functions #=================================== # -------------------- # Set login cookies for the user # If $p_perm_login is true, a long-term cookie is created function auth_set_cookies( $p_user_id, $p_perm_login=false ) { $t_cookie_string = user_get_field( $p_user_id, 'cookie_string' ); $t_cookie_name = config_get( 'string_cookie' ); if ( $p_perm_login ) { # set permanent cookie (1 year) gpc_set_cookie( $t_cookie_name, $t_cookie_string, true ); } else { # set temp cookie, cookie dies after browser closes gpc_set_cookie( $t_cookie_name, $t_cookie_string, false ); } } # -------------------- # Clear login cookies, return true if they were cleared function auth_clear_cookies() { global $g_script_login_cookie; $t_cookies_cleared = false; # clear cookie, if not logged in from script if ($g_script_login_cookie == null) { $t_cookie_name = config_get( 'string_cookie' ); $t_cookie_path = config_get( 'cookie_path' ); gpc_clear_cookie( $t_cookie_name, $t_cookie_path ); $t_cookies_cleared = true; } else { $g_script_login_cookie = null; } return $t_cookies_cleared; } # -------------------- # Generate a string to use as the identifier for the login cookie # It is not guaranteed to be unique and should be checked # The string returned should be 64 characters in length function auth_generate_cookie_string() { $t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() ); $t_val = md5( $t_val ) . md5( time() ); return substr( $t_val, 0, 64 ); } # -------------------- # Generate a UNIQUE string to use as the identifier for the login cookie # The string returned should be 64 characters in length function auth_generate_unique_cookie_string() { do { $t_cookie_string = auth_generate_cookie_string(); } while ( !auth_is_cookie_string_unique( $t_cookie_string ) ); return $t_cookie_string; } # -------------------- # Return true if the cookie login identifier is unique, false otherwise function auth_is_cookie_string_unique( $p_cookie_string ) { $t_user_table = config_get( 'mantis_user_table' ); $c_cookie_string = db_prepare_string( $p_cookie_string ); $query = "SELECT COUNT(*) FROM $t_user_table WHERE cookie_string='$c_cookie_string'"; $result = db_query( $query ); $t_count = db_result( $result ); if ( $t_count > 0 ) { return false; } else { return true; } } # -------------------- # Return the current user login cookie string, # if no user is logged in and anonymous login is enabled, returns cookie for anonymous user # otherwise returns '' (an empty string) function auth_get_current_user_cookie() { global $g_script_login_cookie, $g_cache_anonymous_user_cookie_string; $t_cookie_name = config_get( 'string_cookie' ); $t_cookie = gpc_get_cookie( $t_cookie_name, '' ); # if cookie not found, and anonymous login enabled, use cookie of anonymous account. if ( is_blank( $t_cookie ) ) { if ( $g_script_login_cookie !== null ) { return $g_script_login_cookie; } else { if ( ON == config_get( 'allow_anonymous_login' ) ) { if ( $g_cache_anonymous_user_cookie_string == null ) { if ( function_exists( 'db_is_connected' ) && db_is_connected() ) { # get anonymous information if database is available $query = sprintf('SELECT id, cookie_string FROM %s WHERE username = "%s"', config_get( 'mantis_user_table' ), config_get( 'anonymous_account' ) ); $result = db_query( $query ); if ( 1 == db_num_rows( $result ) ) { $row = db_fetch_array( $result ); $t_cookie = $row['cookie_string']; $g_cache_anonymous_user_cookie_string = $t_cookie; $g_cache_current_user_id = $row['id']; } } } else { $t_cookie = $g_cache_anonymous_user_cookie_string; } } } } return $t_cookie; } #=================================== # Data Access #=================================== ######################################### # is cookie valid? function auth_is_cookie_valid( $p_cookie_string ) { global $g_cache_current_user_id; # fail if DB isn't accessible if ( !db_is_connected() ) { return false; } # fail if cookie is blank if ( '' === $p_cookie_string ) { return false; } # succeeed if user has already been authenticated if ( null !== $g_cache_current_user_id ) { return true; } # look up cookie in the database to see if it is valid $t_user_table = config_get( 'mantis_user_table' ); $c_cookie_string = db_prepare_string( $p_cookie_string ); $query = "SELECT id FROM $t_user_table WHERE cookie_string='$c_cookie_string'"; $result = db_query( $query ); # return true if a matching cookie was found return ( 1 == db_num_rows( $result ) ); } ######################################### # SECURITY NOTE: cache globals are initialized here to prevent them # being spoofed if register_globals is turned on # $g_cache_current_user_id = null; function auth_get_current_user_id() { global $g_cache_current_user_id; if ( null !== $g_cache_current_user_id ) { return $g_cache_current_user_id; } $t_user_table = config_get( 'mantis_user_table' ); $t_cookie_string = auth_get_current_user_cookie(); # @@@ error with an error saying they aren't logged in? # Or redirect to the login page maybe? $c_cookie_string = db_prepare_string( $t_cookie_string ); $query = "SELECT id FROM $t_user_table WHERE cookie_string='$c_cookie_string'"; $result = db_query( $query ); # The cookie was invalid. Clear the cookie (to allow people to log in again) # and give them an Access Denied message. if ( db_num_rows( $result ) < 1 ) { auth_clear_cookies(); access_denied(); # never returns return false; } $t_user_id = (int)db_result( $result ); $g_cache_current_user_id = $t_user_id; return $t_user_id; } #=================================== # HTTP Auth #=================================== function auth_http_prompt() { header( "HTTP/1.0 401 Authorization Required" ); header( "WWW-Authenticate: Basic realm=\"" . lang_get( 'http_auth_realm' ) . "\"" ); header( 'status: 401 Unauthorized' ); echo '<center>'; echo '<p>'.error_string(ERROR_ACCESS_DENIED).'</p>'; print_bracket_link( 'main_page.php', lang_get( 'proceed' ) ); echo '</center>'; exit; } function auth_http_set_logout_pending( $p_pending ) { $t_cookie_name = config_get( 'logout_cookie' ); if ( $p_pending ) { gpc_set_cookie( $t_cookie_name, "1", false ); } else { $t_cookie_path = config_get( 'cookie_path' ); gpc_clear_cookie( $t_cookie_name, $t_cookie_path ); } } function auth_http_is_logout_pending() { $t_cookie_name = config_get( 'logout_cookie' ); $t_cookie = gpc_get_cookie( $t_cookie_name, '' ); return( $t_cookie > '' ); } ?> constant_inc.php.patch (11,172 bytes)
<?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2005 Mantis Team - mantisbt-dev@lists.sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the README and LICENSE files for details # -------------------------------------------------------- # $Id: constant_inc.php,v 1.51 2005/07/03 15:09:11 thraxisp Exp # Modified by Carole PRUVOST CVF - 29/07/2005 # -------------------------------------------------------- ### CONSTANTS ### # --- constants ------------------- # magic numbers define( 'ON', 1 ); define( 'OFF', 0 ); define( 'AUTO', 3 ); # error types define( 'ERROR', E_USER_ERROR ); define( 'WARNING', E_USER_WARNING ); define( 'NOTICE', E_USER_NOTICE ); # access levels define( 'ANYBODY', 0 ); define( 'VIEWER', 10 ); define( 'REPORTER', 25 ); define( 'UPDATER', 40 ); define( 'DEVELOPER', 55 ); define( 'MANAGER', 70 ); define( 'ADMINISTRATOR', 90 ); define( 'NOBODY', 100 ); define( 'DEFAULT_ACCESS_LEVEL', -1); # This is used in add user to project # status define( 'NEW_', 10 ); # NEW seems to be a reserved keyword define( 'FEEDBACK', 20 ); define( 'ACKNOWLEDGED', 30 ); define ('RESOLVED', 40); define( 'CLOSED', 90 ); # resolution define( 'CREATED', 0 ); define( 'FIXED', 10 ); define( 'UNABLE_TO_DUPLICATE', 20 ); define( 'REOPENED', 30 ); define( 'DUPLICATE', 40 ); define( 'NOT_A_BUG', 50); define( 'NOT_FIXABLE', 60); # priority define( 'NONE', 10 ); define( 'LOW', 20 ); define( 'NORMAL', 30 ); define( 'HIGH', 40 ); define( 'URGENT', 50 ); define( 'IMMEDIATE', 60 ); # severity define( 'MINOR', 10 ); define( 'MAJOR', 20 ); define( 'BLOCK', 30 ); # project view_state define( 'VS_PUBLIC', 10 ); define( 'VS_PRIVATE', 50 ); # direction define( 'ASC', 101 ); define( 'DESC', 102 ); # unread status define( 'READ', 201 ); define( 'UNREAD', 202 ); # login methods define( 'PLAIN', 0 ); define( 'CRYPT', 1 ); define( 'CRYPT_FULL_SALT', 2 ); define( 'MD5', 3 ); define( 'LDAP', 4 ); define( 'BASIC_AUTH', 5 ); define( 'HTTP_AUTH', 6 ); // Ajout CP le 09/08/2005 : cas CVF couple authentification LDAP CVF et MD5 pour les clients define ('CVF_AUTH', 7); # file upload methods define( 'DISK', 1 ); define( 'DATABASE', 2 ); define( 'FTP', 3 ); # show variable values define( 'BOTH', 0 ); define( 'SIMPLE_ONLY', 1 ); define( 'ADVANCED_ONLY', 2 ); define( 'SIMPLE_DEFAULT', 3 ); define( 'ADVANCED_DEFAULT', 4 ); # news values define( 'BY_LIMIT', 0 ); define( 'BY_DATE', 1 ); # all projects define( 'ALL_PROJECTS', 0 ); # all users define( 'ALL_USERS', 0 ); # no user define( 'NO_USER', 0 ); # history constants define( 'NORMAL_TYPE', 0 ); define( 'NEW_BUG', 1 ); define( 'BUGNOTE_ADDED', 2 ); define( 'BUGNOTE_UPDATED', 3 ); define( 'BUGNOTE_DELETED', 4 ); define( 'DESCRIPTION_UPDATED', 6 ); define( 'ADDITIONAL_INFO_UPDATED', 7 ); define( 'STEP_TO_REPRODUCE_UPDATED', 8 ); define( 'FILE_ADDED', 9 ); define( 'FILE_DELETED', 10 ); define( 'BUGNOTE_STATE_CHANGED', 11 ); define( 'BUG_MONITOR', 12 ); define( 'BUG_UNMONITOR', 13 ); define( 'BUG_DELETED', 14 ); define( 'BUG_ADD_SPONSORSHIP', 15 ); define( 'BUG_UPDATE_SPONSORSHIP', 16 ); define( 'BUG_DELETE_SPONSORSHIP', 17 ); define( 'BUG_ADD_RELATIONSHIP', 18 ); define( 'BUG_DEL_RELATIONSHIP', 19 ); define( 'BUG_CLONED_TO', 20 ); define( 'BUG_CREATED_FROM', 21 ); define( 'CHECKIN', 22 ); define( 'BUG_REPLACE_RELATIONSHIP', 23 ); define( 'BUG_PAID_SPONSORSHIP', 24 ); define('CUSTOM_FIELD', 25); define( 'PRIVATE_BUGNOTE_ADDED', 26 ); define( 'PRIVATE_BUGNOTE_UPDATED', 27 ); define( 'PRIVATE_BUGNOTE_DELETED', 28 ); # bug relationship constants define( 'BUG_DUPLICATE', 0 ); define( 'BUG_RELATED', 1 ); define( 'BUG_DEPENDANT', 2 ); define( 'BUG_BLOCKS', 3 ); define( 'BUG_HAS_DUPLICATE', 4 ); # error messages define( 'ERROR_GENERIC', 0 ); define( 'ERROR_SQL', 1 ); define( 'ERROR_REPORT', 3 ); define( 'ERROR_NO_FILE_SPECIFIED', 4 ); define( 'ERROR_FILE_DISALLOWED', 5 ); define( 'ERROR_NO_DIRECTORY', 6 ); define( 'ERROR_DUPLICATE_FILE', 9 ); define( 'ERROR_DUPLICATE_PROJECT', 10 ); define( 'ERROR_EMPTY_FIELD', 11 ); define( 'ERROR_PROTECTED_ACCOUNT', 12 ); define( 'ERROR_ACCESS_DENIED', 13 ); define( 'ERROR_UPLOAD_FAILURE', 15 ); define( 'ERROR_FTP_CONNECT_ERROR', 16 ); define( 'ERROR_HANDLER_ACCESS_TOO_LOW', 17 ); # ERROR_CONFIG_* define( 'ERROR_CONFIG_OPT_NOT_FOUND', 100 ); define( 'ERROR_CONFIG_OPT_INVALID', 101 ); # ERROR_GPC_* define( 'ERROR_GPC_VAR_NOT_FOUND', 200 ); define( 'ERROR_GPC_ARRAY_EXPECTED', 201 ); define( 'ERROR_GPC_ARRAY_UNEXPECTED', 202 ); define( 'ERROR_GPC_NOT_NUMBER', 203 ); # ERROR_LANG_* define( 'ERROR_LANG_STRING_NOT_FOUND', 300 ); # ERROR_DB_* define( 'ERROR_DB_CONNECT_FAILED', 400 ); define( 'ERROR_DB_QUERY_FAILED', 401 ); define( 'ERROR_DB_SELECT_FAILED', 402 ); define( 'ERROR_DB_FIELD_NOT_FOUND', 403 ); # ERROR_FILE_* define( 'ERROR_FILE_TOO_BIG', 500 ); define( 'ERROR_FILE_NOT_ALLOWED', 501 ); define( 'ERROR_FILE_DUPLICATE', 502 ); define( 'ERROR_FILE_INVALID_UPLOAD_PATH', 503 ); define( 'ERROR_FILE_NO_UPLOAD_FAILURE', 504 ); define( 'ERROR_FILE_MOVE_FAILED', 505 ); # ERROR_BUGNOTE_* define( 'ERROR_BUGNOTE_NOT_FOUND', 600 ); # ERROR_PROJECT_* define( 'ERROR_PROJECT_NOT_FOUND', 700 ); define( 'ERROR_PROJECT_NAME_NOT_UNIQUE', 701 ); define( 'ERROR_PROJECT_NAME_INVALID', 702 ); define( 'ERROR_PROJECT_RECURSIVE_HIERARCHY', 703 ); # ERROR_USER_* define( 'ERROR_USER_NAME_NOT_UNIQUE', 800 ); define( 'ERROR_USER_NOT_FOUND', 801 ); define( 'ERROR_USER_PREFS_NOT_FOUND', 802 ); define( 'ERROR_USER_CREATE_PASSWORD_MISMATCH', 803 ); define( 'ERROR_USER_PROFILE_NOT_FOUND', 804 ); define( 'ERROR_USER_NAME_INVALID', 805 ); define( 'ERROR_USER_DOES_NOT_HAVE_REQ_ACCESS', 806 ); define( 'ERROR_USER_REAL_MATCH_USER', 807 ); define( 'ERROR_USER_CHANGE_LAST_ADMIN', 808 ); # ERROR_AUTH_* define( 'ERROR_AUTH_INVALID_COOKIE', 900 ); # ERROR_NEWS_* define( 'ERROR_NEWS_NOT_FOUND', 1000 ); # ERROR_BUG_* define( 'ERROR_BUG_NOT_FOUND', 1100 ); define( 'ERROR_BUG_DUPLICATE_SELF', 1101 ); define( 'ERROR_BUG_RESOLVED_ACTION_DENIED', 1102 ); // @@@ obsolete, remove after lang files are sync'd define( 'ERROR_BUG_READ_ONLY_ACTION_DENIED', 1103 ); # ERROR_EMAIL_* define( 'ERROR_EMAIL_INVALID', 1200 ); # ERROR_CUSTOM_FIELD_* define( 'ERROR_CUSTOM_FIELD_NOT_FOUND', 1300 ); define( 'ERROR_CUSTOM_FIELD_NAME_NOT_UNIQUE', 1301 ); define( 'ERROR_CUSTOM_FIELD_IN_USE', 1302 ); define( 'ERROR_CUSTOM_FIELD_INVALID_VALUE', 1303 ); define( 'ERROR_CUSTOM_FIELD_INVALID_DEFINITION',1304 ); # ERROR_LDAP_* define( 'ERROR_LDAP_AUTH_FAILED', 1400 ); define( 'ERROR_LDAP_SERVER_CONNECT_FAILED', 1401 ); define( 'ERROR_LDAP_UPDATE_FAILED', 1402 ); define( 'ERROR_LDAP_USER_NOT_FOUND', 1403 ); # ERROR_CATEGORY_* define( 'ERROR_CATEGORY_DUPLICATE', 1500 ); define( 'ERROR_CATEGORY_NO_ACTION', 1501 ); define( 'ERROR_CATEGORY_NOT_FOUND', 1502 ); # ERROR_VERSION_* define( 'ERROR_VERSION_DUPLICATE', 1600 ); define( 'ERROR_VERSION_NOT_FOUND', 1601 ); # ERROR_SPONSORSHIP_* define( 'ERROR_SPONSORSHIP_NOT_ENABLED', 1700 ); define( 'ERROR_SPONSORSHIP_NOT_FOUND', 1701 ); define( 'ERROR_SPONSORSHIP_AMOUNT_TOO_LOW', 1702 ); define( 'ERROR_SPONSORSHIP_HANDLER_ACCESS_LEVEL_TOO_LOW', 1703 ); define( 'ERROR_SPONSORSHIP_ASSIGNER_ACCESS_LEVEL_TOO_LOW', 1704 ); define( 'ERROR_SPONSORSHIP_SPONSOR_NO_EMAIL', 1705 ); # ERROR RELATIONSHIP define( 'ERROR_RELATIONSHIP_ALREADY_EXISTS', 1800 ); define( 'ERROR_RELATIONSHIP_ACCESS_LEVEL_TO_DEST_BUG_TOO_LOW', 1801 ); define( 'ERROR_RELATIONSHIP_NOT_FOUND', 1802 ); define( 'ERROR_RELATIONSHIP_SAME_BUG', 1803 ); # ERROR_LOST_PASSWORD_* define( 'ERROR_LOST_PASSWORD_NOT_ENABLED', 1900 ); define( 'ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID', 1901 ); define( 'ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED', 1902 ); define( 'ERROR_LOST_PASSWORD_NOT_MATCHING_DATA', 1903 ); define( 'ERROR_SIGNUP_NOT_MATCHING_CAPTCHA', 1904 ); define( 'ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED', 1905 ); # ERROR_FILTER_NOT_FOUND define( 'ERROR_FILTER_NOT_FOUND', 2000 ); define( 'ERROR_FILTER_TOO_OLD', 2001 ); # Status Legend Position define( 'STATUS_LEGEND_POSITION_TOP', 1); define( 'STATUS_LEGEND_POSITION_BOTTOM', 2); # Filter Position define( 'FILTER_POSITION_NONE', 0 ); define( 'FILTER_POSITION_TOP', 1 ); define( 'FILTER_POSITION_BOTTOM', 2 ); define( 'FILTER_POSITION_BOTH', 3 ); // FILTER_POSITION_TOP | FILTER_POSITION_BOTTOM (bitwise OR) # Flags for settings E-mail categories define( 'EMAIL_CATEGORY_PROJECT_CATEGORY', 1); # Custom Field types define( 'CUSTOM_FIELD_TYPE_STRING', 0 ); define( 'CUSTOM_FIELD_TYPE_NUMERIC', 1 ); define( 'CUSTOM_FIELD_TYPE_FLOAT', 2 ); define( 'CUSTOM_FIELD_TYPE_ENUM', 3 ); define( 'CUSTOM_FIELD_TYPE_EMAIL', 4 ); define( 'CUSTOM_FIELD_TYPE_CHECKBOX', 5 ); define( 'CUSTOM_FIELD_TYPE_LIST', 6 ); define( 'CUSTOM_FIELD_TYPE_MULTILIST', 7 ); define( 'CUSTOM_FIELD_TYPE_DATE', 8 ); # Meta filter values define( 'META_FILTER_MYSELF', -1 ); define( 'META_FILTER_NONE', -2 ); define( 'META_FILTER_ANY', 0 ); # Versions define( 'VERSION_ALL', null ); define( 'VERSION_FUTURE', 0 ); define( 'VERSION_RELEASED', 1 ); # Contexts for bug summary define( 'SUMMARY_CAPTION', 1 ); define( 'SUMMARY_FIELD', 2 ); define( 'SUMMARY_EMAIL', 3 ); # bugnote types define( 'BUGNOTE', 0 ); define( 'REMINDER', 1 ); # token types define( 'TOKEN_UNKNOWN', 0 ); define( 'TOKEN_FILTER', 1 ); define( 'TOKEN_GRAPH', 2 ); # config types define( 'CONFIG_TYPE_INT', 1 ); define( 'CONFIG_TYPE_STRING', 2 ); define( 'CONFIG_TYPE_COMPLEX', 3 ); # Control types for date custom fields. define( 'CUSTOM_FIELD_DATE_ANY', 0 ) ; define( 'CUSTOM_FIELD_DATE_NONE', 1 ) ; define( 'CUSTOM_FIELD_DATE_BETWEEN', 2 ) ; define( 'CUSTOM_FIELD_DATE_ONORBEFORE', 3 ) ; define( 'CUSTOM_FIELD_DATE_BEFORE', 4 ) ; define( 'CUSTOM_FIELD_DATE_ON', 5 ) ; define( 'CUSTOM_FIELD_DATE_AFTER', 6 ) ; define( 'CUSTOM_FIELD_DATE_ONORAFTER', 7 ) ; # system logging # logging levels, can be OR'd together define( 'LOG_EMAIL', 1 ); # all emails sent define( 'LOG_EMAIL_RECIPIENT', 2 ); # details of email recipient determination # COLUMNS_TARGET_* define( 'COLUMNS_TARGET_VIEW_PAGE', 1 ); define( 'COLUMNS_TARGET_PRINT_PAGE', 2 ); define( 'COLUMNS_TARGET_CSV_PAGE', 3 ); # sponsorship "paid" values define( 'SPONSORSHIP_UNPAID', 0 ); define( 'SPONSORSHIP_REQUESTED', 1 ); define( 'SPONSORSHIP_PAID', 2 ); ?> ldap_api.php.patch (6,039 bytes)
<?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the README and LICENSE files for details # -------------------------------------------------------- # $Id: ldap_api.php,v 1.18 2005/02/12 20:01:17 jlatour Exp $ # -------------------------------------------------------- ########################################################################### # LDAP API ########################################################################### # -------------------- # Connect and bind to the LDAP directory function ldap_connect_bind( $p_binddn = '', $p_password = '' ) { $t_ldap_server = config_get( 'ldap_server' ); $t_ldap_port = config_get( 'ldap_port' ); $t_ds = @ldap_connect ( $t_ldap_server, $t_ldap_port ); if ( $t_ds > 0 ) { # If no Bind DN and Password is set, attempt to login as the configured # Bind DN. if ( is_blank( $p_binddn ) && is_blank( $p_password ) ) { $p_binddn = config_get( 'ldap_bind_dn', '' ); $p_password = config_get( 'ldap_bind_passwd', '' ); } if ( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) { $t_br = @ldap_bind( $t_ds, $p_binddn, $p_password ); } else { # Either the Bind DN or the Password are empty, so attempt an anonymous bind. $t_br = @ldap_bind( $t_ds ); } if ( !$t_br ) { trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR ); } } else { trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR ); } return $t_ds; } # -------------------- # Return an email address from LDAP, given a userid function ldap_email( $p_user_id ) { $t_username = user_get_field( $p_user_id, 'username' ); return ldap_email_from_username($t_username); } # -------------------- # Return an email address from LDAP, given a username function ldap_email_from_username( $p_username ) { $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$p_username))"; $t_search_attrs = array( $t_ldap_uid_field, 'mail', 'dn' ); $t_ds = ldap_connect_bind(); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); $t_info = ldap_get_entries( $t_ds, $t_sr ); ldap_free_result( $t_sr ); ldap_unbind( $t_ds ); return $t_info[0]['mail'][0]; } # -------------------- # Return true if the $uid has an assigngroup=$p_group tag, false otherwise function ldap_has_group( $p_user_id, $p_group ) { $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_username = user_get_field( $p_user_id, 'username' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))"; $t_search_attrs = array( $t_ldap_uid_field, 'dn', 'assignedgroup' ); $t_ds = ldap_connect_bind(); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); $t_entries = ldap_count_entries( $t_ds, $t_sr ); ldap_free_result( $t_sr ); ldap_unbind( $t_ds ); if ( $t_entries > 0 ) { return true; } else { return false; } } # -------------------- # Attempt to authenticate the user against the LDAP directory # return true on successful authentication, false otherwise function ldap_authenticate( $p_user_id, $p_password ) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. if ( is_blank( $p_password ) ) { return false; } $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_username = $p_user_id;//GF user_get_field( $p_user_id, 'username' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ; $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))"; $t_search_attrs = array( $t_ldap_uid_field, 'dn' ); $t_ds = ldap_connect_bind(); # Search for the user id #$t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); #$t_inf = ldap_get_entries( $t_ds, $t_sr ); $t_authenticated = false; $t_sr = ldap_search ($t_ds, $t_ldap_root_dn, 'uid='.$t_username); if ($t_sr != FALSE) { $t_info = ldap_get_entries ($t_ds,$t_sr); #var_dump($t_info); // We read the salt argument from the current encrypted password $salt = ''; $separator = '$'; $numberOccurencySeparator = 0; $encryptedPassword = trim ($t_info[0]['userpassword'][0]); for ($i = 0; $i < strlen ($encryptedPassword); $i ++) { if (strcmp ($encryptedPassword [$i], $separator) == 0) { $numberOccurencySeparator ++; if ($numberOccurencySeparator == 3) break; } $salt = $salt.$encryptedPassword [$i]; } $password = crypt (trim ($p_password), $salt); if (strcmp ($encryptedPassword, $password) == 0) { $t_authenticated = true; } else { #error_log ('Erreur de login ou de mot de passe.'); } } # if ( $t_info ) { # Try to authenticate to each until we get a match #for ( $i = 0 ; $i < $t_info['count'] ; $i++ ) { # $t_dn = $t_info[$i]['dn']; # # Attempt to bind with the DN and password # if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) { # $t_authenticated = true; # break; # Don't need to go any further # } #} ldap_free_result( $t_sr ); ldap_unbind( $t_ds ); return $t_authenticated; } # -------------------- # Create a new user account in the LDAP Directory. # -------------------- # Update the user's account in the LDAP Directory # -------------------- # Change the user's password in the LDAP Directory ?> | ||||
I'm waiting for that feature. |
|
Is this feature on 1.1.1 Mantis version? |
|
See bug 0004235. |
|
Can anybody tell me how this bug is fixed? I want to use the multi login method but I don't see how. Do I need the patch posted on 0004235? Which file do I need to patch? Which g_login_method should I set? |
|