View Issue Details

IDProjectCategoryView StatusLast Update
0006718mantisbtauthenticationpublic2008-07-24 16:51
Reporterbrunette Assigned Tojreese  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionduplicate 
Product Version1.0.0 
Summary0006718: Multiple authentification
Description

I create a new type of authentification CVF_AUTH who is a mixte authentification LDAP and MD5.

First of all, I search if the user exists in LDAP.

  * if it's OK - Mantis login
  * if it's KO - I search if the user exists in BDD .

        ** if it's OK - Mantis login
        ** if it's KO -Error message
TagsNo tags attached.
Attached Files
authentication_api.php.patch (16,671 bytes)   
<?php
 # Mantis - a php based bugtracking system
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
 # Copyright (C) 2002 - 2004  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 # This program is distributed under the terms and conditions of the GPL
 # See the README and LICENSE files for details

 # --------------------------------------------------------
 # $Id: authentication_api.php,v 1.51 2005/07/11 23:49:13 thraxisp Exp $
 # --------------------------------------------------------

 ### Authentication API ###

 $g_script_login_cookie = null;
 $g_cache_anonymous_user_cookie_string = null;

 #===================================
 # Boolean queries and ensures
 #===================================

 # --------------------
 # Check that there is a user logged-in and authenticated
 #  If the user's account is disabled they will be logged out
 #  If there is no user logged in, redirect to the login page
 #  If parameter is given it is used as a URL to redirect to following
 #   successful login.  If none is given, the URL of the current page is used
 function auth_ensure_user_authenticated( $p_return_page = '' ) {
  if ( !php_version_at_least( '4.1.0' ) ) {
   global $_SERVER;
  }

  # if logged in
  if ( auth_is_user_authenticated() ) {
   # check for access enabled
   #  This also makes sure the cookie is valid
   if ( OFF == current_user_get_field( 'enabled' ) ) {
    print_header_redirect( 'logout_page.php' );
   }
  } else { # not logged in
   if ( is_blank( $p_return_page ) ) {
    if (!isset($_SERVER['REQUEST_URI'])) {
     $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
    }
    $p_return_page = $_SERVER['REQUEST_URI'];
   }
   $p_return_page = string_url( $p_return_page );
   print_header_redirect( 'login_page.php?return=' . $p_return_page );
  }
 }

 # --------------------
 # Return true if there is a currently logged in and authenticated user,
 #  false otherwise
 function auth_is_user_authenticated() {
  return ( auth_is_cookie_valid( auth_get_current_user_cookie() ) );
 }


 #===================================
 # Login / Logout
 #===================================

 # --------------------
 # Attempt to login the user with the given password
 #  If the user fails validation, false is returned
 #  If the user passes validation, the cookies are set and
 #   true is returned.  If $p_perm_login is true, the long-term
 #   cookie is created.
 function auth_attempt_login( $p_username, $p_password, $p_perm_login=false ) {

  $t_user_id = user_get_id_by_name( $p_username );
  $t_login_method = config_get( 'login_method' );
  if ( false === $t_user_id ) {
  	if ( BASIC_AUTH == $t_login_method ) {
  		 # attempt to create the user if using BASIC_AUTH
  		$t_cookie_string = user_create( $p_username, $p_password );

  		if ( false === $t_cookie_string ) {
 			 # it didn't work
  			 return false;
   		}

   		# ok, we created the user, get the row again
    		$t_user_id = user_get_id_by_name( $p_username );
		if ( false === $t_user_id ) {
  		# uh oh, something must be really wrong
     		# @@@ trigger an error here?
		return false;
		}
	

   	}
	else {
  		$t_login= config_get('login_method');
                if ( CVF_AUTH == $t_login_method && ldap_authenticate($p_username, $p_password) ){
                        $t_email = $p_username."@cvf.fr";
		        user_create($p_username, auth_generate_random_password($t_seed),$t_email);
                }					
	}
	}
						
	 	
	if (CVF_AUTH == $t_login_method) {
		$t_user_id = user_get_id_by_name( $p_username );
		if ( ldap_authenticate($p_username, $p_password)){
                        $t_login= config_get('login_method');
			auth_set_cookies( $t_user_id, $p_perm_login );
			return true;
			break;				
		} else {
			//$t_login_method = "MD5";
			config_set_cache('login_method','3');
			$t_login= config_get('login_method');
		 	if (!auth_does_password_match($t_user_id, $p_password)){
				user_increment_failed_login_count($t_user_id);
				return false;
                                break;
			}
		}
	}
  # check for disabled account
  if ( !user_is_enabled( $t_user_id ) ) {
  	// return false;
  }

  # max. failed login attempts achieved...
  if( !user_is_login_request_allowed( $t_user_id ) ) {
   	return false;
  }

  $t_anon_account = config_get( 'anonymous_account' );
  $t_anon_allowed = config_get( 'allow_anonymous_login' );

  # check for anonymous login
  if ( !( ( ON == $t_anon_allowed ) && ( $t_anon_account == $p_username)  ) ) {
   # anonymous login didn't work, so check the password

   if ( !auth_does_password_match( $t_user_id, $p_password ) ) {
	user_increment_failed_login_count( $t_user_id );

    return false;
   }
  }
                   
  # ok, we're good to login now
  # increment login count
  user_increment_login_count( $t_user_id );

  user_reset_failed_login_count_to_zero( $t_user_id );
  user_reset_lost_password_in_progress_count_to_zero( $t_user_id );

  # set the cookies
  auth_set_cookies( $t_user_id, $p_perm_login );

  return true;
 }



 # --------------------
 # Allows scripts to login using a login name or ( login name + password )
 function auth_attempt_script_login( $p_username, $p_password = null ) {
  global $g_script_login_cookie;

  $t_user_id = user_get_id_by_name( $p_username );

  $t_user = user_get_row( $t_user_id );

  # check for disabled account
  if ( OFF == $t_user['enabled'] ) {
   return false;
  }

  # validate password if supplied
  if ( null !== $p_password ) {
   if ( !auth_does_password_match( $t_user_id, $p_password ) ) {
    return false;
   }
  }
  # ok, we're good to login now

  # increment login count
  user_increment_login_count( $t_user_id );

  # set the cookies
  $g_script_login_cookie = $t_user['cookie_string'];

  return true;
 }

 # --------------------
 # Logout the current user and remove any remaining cookies from their browser
 # Returns true on success, false otherwise
 function auth_logout() {
        global $g_cache_current_user_id;
        
        # clear cached userid
        $g_cache_current_user_id = null;
        
        # clear cookies, if they were set  
        if (auth_clear_cookies()) {
            helper_clear_pref_cookies();
        }
  return true;
 }

 #===================================
 # Password functions
 #===================================

 # --------------------
 # Return true if the password for the user id given matches the given
 #  password (taking into account the global login method)
 function auth_does_password_match( $p_user_id, $p_test_password ) {
  $t_configured_login_method = config_get( 'login_method' );
  if ( LDAP == $t_configured_login_method ) {
  	return ldap_authenticate( $p_user_id, $p_test_password );
  }

  $t_password  = user_get_field( $p_user_id, 'password' );
  $t_login_methods = Array(MD5, CRYPT, PLAIN);
  foreach ( $t_login_methods as $t_login_method ) {
	        # pass the stored password in as the salt
		if ( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password ) {
			# Check for migration to another login method and test whether the password was encrypted
			# with our previously insecure implemention of the CRYPT method
			if ( ( $t_login_method != $t_configured_login_method ) ||( ( CRYPT == $t_configured_login_method ) && substr( $t_password, 0, 2 ) == substr( $p_test_password, 0, 2 ) ) ) {
				user_set_password( $p_user_id, $p_test_password, true );
			}
		return true;
		}
	}

	return false;
}

	# --------------------
	# Encrypt and return the plain password given, as appropriate for the current
	#  global login method.
	#
	# When generating a new password, no salt should be passed in.
	# When encrypting a password to compare to a stored password, the stored
	#  password should be passed in as salt.  If the auth method is CRYPT then
	#  crypt() will extract the appropriate portion of the stored password as its salt
	function auth_process_plain_password( $p_password, $p_salt=null, $p_method=null ) {
		$t_login_method = config_get( 'login_method' );
		if ( $p_method !== null ) {
			$t_login_method = $p_method;
		}

		switch ( $t_login_method ) {
			case CRYPT:
				# a null salt is the same as no salt, which causes a salt to be generated
				# otherwise, use the salt given
				$t_processed_password = crypt( $p_password, $p_salt );
				break;
			case MD5:
				$t_processed_password = md5( $p_password );
				break;
			case BASIC_AUTH:
			case PLAIN:
			default:
				$t_processed_password = $p_password;
				break;
		}

		# cut this off to 32 cahracters which the largest possible string in the database
		return substr( $t_processed_password, 0, 32 );
	}

	# --------------------
	# Generate a random 12 character password
	# p_email is unused
	function auth_generate_random_password( $p_email ) {
		$t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() );
		$t_val = md5( $t_val );

		return substr( $t_val, 0, 12 );
	}

	# --------------------
	# Generate a confirm_hash 12 character to valide the password reset request
	function auth_generate_confirm_hash( $p_user_id ) {
		$t_confirm_hash_generator = config_get( 'password_confirm_hash_magic_string' );
		$t_password = user_get_field( $p_user_id, 'password' );
		$t_last_visit = user_get_field( $p_user_id, 'last_visit' );

		$t_confirm_hash = md5( $t_confirm_hash_generator . $t_password . $t_last_visit );

		return $t_confirm_hash;
	}

	#===================================
	# Cookie functions
	#===================================

	# --------------------
	# Set login cookies for the user
	#  If $p_perm_login is true, a long-term cookie is created
	function auth_set_cookies( $p_user_id, $p_perm_login=false ) {
		$t_cookie_string = user_get_field( $p_user_id, 'cookie_string' );

		$t_cookie_name = config_get( 'string_cookie' );

		if ( $p_perm_login ) {
			# set permanent cookie (1 year)
			gpc_set_cookie( $t_cookie_name, $t_cookie_string, true );
		} else {
			# set temp cookie, cookie dies after browser closes
			gpc_set_cookie( $t_cookie_name, $t_cookie_string, false );
		}
	}

	# --------------------
	# Clear login cookies, return true if they were cleared
	function auth_clear_cookies() {
		global $g_script_login_cookie;

        $t_cookies_cleared = false;
        
        # clear cookie, if not logged in from script
        if ($g_script_login_cookie == null) {
		    $t_cookie_name =  config_get( 'string_cookie' );
		    $t_cookie_path = config_get( 'cookie_path' );

		    gpc_clear_cookie( $t_cookie_name, $t_cookie_path );
            $t_cookies_cleared = true;
        } else {
            $g_script_login_cookie = null;
        }
        return $t_cookies_cleared;
	}

	# --------------------
	# Generate a string to use as the identifier for the login cookie
	# It is not guaranteed to be unique and should be checked
	# The string returned should be 64 characters in length
	function auth_generate_cookie_string() {
		$t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() );
		$t_val = md5( $t_val ) . md5( time() );

		return substr( $t_val, 0, 64 );
	}

	# --------------------
	# Generate a UNIQUE string to use as the identifier for the login cookie
	# The string returned should be 64 characters in length
	function auth_generate_unique_cookie_string() {
		do {
			$t_cookie_string = auth_generate_cookie_string();
		} while ( !auth_is_cookie_string_unique( $t_cookie_string ) );

		return $t_cookie_string;
	}

	# --------------------
	# Return true if the cookie login identifier is unique, false otherwise
	function auth_is_cookie_string_unique( $p_cookie_string ) {
		$t_user_table = config_get( 'mantis_user_table' );

		$c_cookie_string = db_prepare_string( $p_cookie_string );

		$query = "SELECT COUNT(*)
				  FROM $t_user_table
				  WHERE cookie_string='$c_cookie_string'";
		$result = db_query( $query );
		$t_count = db_result( $result );

		if ( $t_count > 0 ) {
			return false;
		} else {
			return true;
		}
	}

	# --------------------
	# Return the current user login cookie string,
	# if no user is logged in and anonymous login is enabled, returns cookie for anonymous user
	# otherwise returns '' (an empty string)
	function auth_get_current_user_cookie() {
		global $g_script_login_cookie, $g_cache_anonymous_user_cookie_string;

		$t_cookie_name = config_get( 'string_cookie' );
		$t_cookie = gpc_get_cookie( $t_cookie_name, '' );

		# if cookie not found, and anonymous login enabled, use cookie of anonymous account.
		if ( is_blank( $t_cookie ) ) {
			if ( $g_script_login_cookie !== null ) {
				return $g_script_login_cookie;
			} else {
				if ( ON == config_get( 'allow_anonymous_login' ) ) {
					if ( $g_cache_anonymous_user_cookie_string == null ) {
                        if ( function_exists( 'db_is_connected' ) && db_is_connected() ) { 
                            # get anonymous information if database is available
						    $query = sprintf('SELECT id, cookie_string FROM %s WHERE username = "%s"',
								config_get( 'mantis_user_table' ), config_get( 'anonymous_account' ) );
                            $result = db_query( $query );

                            if ( 1 == db_num_rows( $result ) ) {
                                $row		= db_fetch_array( $result );
                               $t_cookie	= $row['cookie_string'];

                                $g_cache_anonymous_user_cookie_string = $t_cookie;
                                $g_cache_current_user_id = $row['id'];
                            }
                        }
					} else {
						$t_cookie = $g_cache_anonymous_user_cookie_string;
					}
				}
			}
		}

		return $t_cookie;
	}


	#===================================
	# Data Access
	#===================================

	#########################################
	# is cookie valid?

	function auth_is_cookie_valid( $p_cookie_string ) {
		global $g_cache_current_user_id;
	
	    # fail if DB isn't accessible
	    if ( !db_is_connected() ) {
			return false;
		}

	    # fail if cookie is blank
	    if ( '' === $p_cookie_string ) {
			return false;
		}

        # succeeed if user has already been authenticated
		if ( null !== $g_cache_current_user_id ) {
			return true;
		}
		
		# look up cookie in the database to see if it is valid
		$t_user_table = config_get( 'mantis_user_table' );

		$c_cookie_string = db_prepare_string( $p_cookie_string );

		$query = "SELECT id
				  FROM $t_user_table
				  WHERE cookie_string='$c_cookie_string'";
		$result = db_query( $query );

		# return true if a matching cookie was found
		return ( 1 == db_num_rows( $result ) );
	}
	
	#########################################
	# SECURITY NOTE: cache globals are initialized here to prevent them
	#   being spoofed if register_globals is turned on
	#
	$g_cache_current_user_id = null;

	function auth_get_current_user_id() {
		global $g_cache_current_user_id;

		if ( null !== $g_cache_current_user_id ) {
			return $g_cache_current_user_id;
		}

		$t_user_table = config_get( 'mantis_user_table' );

		$t_cookie_string = auth_get_current_user_cookie();

		# @@@ error with an error saying they aren't logged in?
		#     Or redirect to the login page maybe?

		$c_cookie_string = db_prepare_string( $t_cookie_string );

		$query = "SELECT id
				  FROM $t_user_table
				  WHERE cookie_string='$c_cookie_string'";
		$result = db_query( $query );

  # The cookie was invalid. Clear the cookie (to allow people to log in again)
  # and give them an Access Denied message.
  if ( db_num_rows( $result ) < 1 ) {
   auth_clear_cookies();
      access_denied(); # never returns
   return false;
  }

  $t_user_id = (int)db_result( $result );
  $g_cache_current_user_id = $t_user_id;

  return $t_user_id;
 }


 #===================================
 # HTTP Auth
 #===================================

 function auth_http_prompt() {
  header( "HTTP/1.0 401 Authorization Required" );
  header( "WWW-Authenticate: Basic realm=\"" . lang_get( 'http_auth_realm' ) . "\"" );
  header( 'status: 401 Unauthorized' );

  echo '<center>';
  echo '<p>'.error_string(ERROR_ACCESS_DENIED).'</p>';
  print_bracket_link( 'main_page.php', lang_get( 'proceed' ) );
  echo '</center>';

  exit;
 }

 function auth_http_set_logout_pending( $p_pending ) {
  $t_cookie_name = config_get( 'logout_cookie' );

  if ( $p_pending ) {
   gpc_set_cookie( $t_cookie_name, "1", false );
  } else {
   $t_cookie_path = config_get( 'cookie_path' );
   gpc_clear_cookie( $t_cookie_name, $t_cookie_path );
  }
 }

 function auth_http_is_logout_pending() {
  $t_cookie_name = config_get( 'logout_cookie' );
  $t_cookie = gpc_get_cookie( $t_cookie_name, '' );

  return( $t_cookie > '' );
 }
?>
authentication_api.php.patch (16,671 bytes)   
constant_inc.php.patch (11,172 bytes)   
<?php
 # Mantis - a php based bugtracking system
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
 # Copyright (C) 2002 - 2005  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 # This program is distributed under the terms and conditions of the GPL
 # See the README and LICENSE files for details

 # --------------------------------------------------------
 # $Id: constant_inc.php,v 1.51 2005/07/03 15:09:11 thraxisp Exp 
 # Modified by Carole PRUVOST CVF - 29/07/2005 
 # --------------------------------------------------------

 ### CONSTANTS  ###

 # --- constants -------------------

 # magic numbers
 define( 'ON', 1 );
 define( 'OFF', 0 );
 define( 'AUTO', 3 );


 # error types
 define( 'ERROR', E_USER_ERROR );
 define( 'WARNING', E_USER_WARNING );
 define( 'NOTICE', E_USER_NOTICE );

 # access levels
 define( 'ANYBODY',   0 );
 define( 'VIEWER',   10 );
 define( 'REPORTER',   25 );
 define( 'UPDATER',   40 );
 define( 'DEVELOPER',  55 );
 define( 'MANAGER',   70 );
 define( 'ADMINISTRATOR', 90 );
 define( 'NOBODY',   100 );

 define( 'DEFAULT_ACCESS_LEVEL', -1); # This is used in add user to project


 # status
 define( 'NEW_',    10 );   # NEW seems to be a reserved keyword
 define( 'FEEDBACK',   20 );
 define( 'ACKNOWLEDGED',   30 );
 define ('RESOLVED',   40);
 define( 'CLOSED',   90 );

 # resolution
        define( 'CREATED',    0 );
 define( 'FIXED',    10 );
 define( 'UNABLE_TO_DUPLICATE', 20 );
	define( 'REOPENED',			30 );
	define( 'DUPLICATE',			40 );
	define( 'NOT_A_BUG',			50);
        define( 'NOT_FIXABLE',			60);

	# priority
	define( 'NONE',			10 );
	define( 'LOW',			20 );
	define( 'NORMAL',		30 );
	define( 'HIGH',			40 );
	define( 'URGENT',		50 );
	define( 'IMMEDIATE',	60 );
	

	# severity
	define( 'MINOR',	10 );
	define( 'MAJOR',	20 );
	define( 'BLOCK',	30 );

	# project view_state
	define( 'VS_PUBLIC',   	10 );
	define( 'VS_PRIVATE',	50 );

	# direction
	define( 'ASC',	101 );
	define( 'DESC',	102 );

	# unread status
	define( 'READ',		201 );
	define( 'UNREAD',	202 );

	# login methods
	define( 'PLAIN',		0 );
	define( 'CRYPT',		1 );
	define( 'CRYPT_FULL_SALT',	2 );
	define( 'MD5',			3 );
	define( 'LDAP',			4 );
	define( 'BASIC_AUTH',		5 );
	define( 'HTTP_AUTH',		6 );
	// Ajout CP le 09/08/2005 : cas CVF couple authentification LDAP CVF et MD5 pour les clients
	define ('CVF_AUTH', 		7);

	# file upload methods
	define( 'DISK',			1 );
	define( 'DATABASE',		2 );
	define( 'FTP',			3 );

	# show variable values
	define( 'BOTH',				0 );
	define( 'SIMPLE_ONLY',		1 );
	define( 'ADVANCED_ONLY',	2 );
	define( 'SIMPLE_DEFAULT',	3 );
	define( 'ADVANCED_DEFAULT',	4 );

	# news values
	define( 'BY_LIMIT',		0 );
	define( 'BY_DATE',		1 );

	# all projects
	define( 'ALL_PROJECTS',	0 );

	# all users
	define( 'ALL_USERS',    0 );

	# no user
	define( 'NO_USER',		0 );

	# history constants
	define( 'NORMAL_TYPE',					0 );
	define( 'NEW_BUG',						1 );
	define( 'BUGNOTE_ADDED',				2 );
	define( 'BUGNOTE_UPDATED',				3 );
	define( 'BUGNOTE_DELETED',				4 );
	define( 'DESCRIPTION_UPDATED',			6 );
	define( 'ADDITIONAL_INFO_UPDATED',		7 );
	define( 'STEP_TO_REPRODUCE_UPDATED',	8 );
	define( 'FILE_ADDED',					9 );
	define( 'FILE_DELETED',					10 );
	define( 'BUGNOTE_STATE_CHANGED',		11 );
	define( 'BUG_MONITOR',					12 );
	define( 'BUG_UNMONITOR',				13 );
	define( 'BUG_DELETED',					14 );
	define( 'BUG_ADD_SPONSORSHIP',				15 );
	define( 'BUG_UPDATE_SPONSORSHIP',			16 );
	define( 'BUG_DELETE_SPONSORSHIP',			17 );
	define( 'BUG_ADD_RELATIONSHIP', 		18 );
	define( 'BUG_DEL_RELATIONSHIP', 		19 );
	define( 'BUG_CLONED_TO', 				20 );
	define( 'BUG_CREATED_FROM', 			21 );
	define( 'CHECKIN',				22 );
	define( 'BUG_REPLACE_RELATIONSHIP', 		23 );
	define( 'BUG_PAID_SPONSORSHIP', 		24 );
        define('CUSTOM_FIELD',         25);
        define( 'PRIVATE_BUGNOTE_ADDED',				26 );
	define( 'PRIVATE_BUGNOTE_UPDATED',				27 );
        define( 'PRIVATE_BUGNOTE_DELETED',				28 );

	# bug relationship constants
	define( 'BUG_DUPLICATE',	0 );
	define( 'BUG_RELATED',		1 );
	define( 'BUG_DEPENDANT',	2 );
	define( 'BUG_BLOCKS', 3 );
	define( 'BUG_HAS_DUPLICATE', 4 );

	# error messages
	define( 'ERROR_GENERIC',						0 );
	define( 'ERROR_SQL',							1 );
	define( 'ERROR_REPORT',							3 );
	define( 'ERROR_NO_FILE_SPECIFIED',				4 );
	define( 'ERROR_FILE_DISALLOWED',				5 );
	define( 'ERROR_NO_DIRECTORY',					6 );
	define( 'ERROR_DUPLICATE_FILE',					9 );
	define( 'ERROR_DUPLICATE_PROJECT',				10 );
	define( 'ERROR_EMPTY_FIELD',					11 );
	define( 'ERROR_PROTECTED_ACCOUNT',				12 );
	define( 'ERROR_ACCESS_DENIED',					13 );
	define( 'ERROR_UPLOAD_FAILURE',					15 );
	define( 'ERROR_FTP_CONNECT_ERROR',				16 );
	define( 'ERROR_HANDLER_ACCESS_TOO_LOW',				17 );

	# ERROR_CONFIG_*
	define( 'ERROR_CONFIG_OPT_NOT_FOUND',			100 );
	define( 'ERROR_CONFIG_OPT_INVALID',			101 );

	# ERROR_GPC_*
	define( 'ERROR_GPC_VAR_NOT_FOUND',				200 );
	define( 'ERROR_GPC_ARRAY_EXPECTED',				201 );
	define( 'ERROR_GPC_ARRAY_UNEXPECTED',			202 );
	define( 'ERROR_GPC_NOT_NUMBER',			203 );

	# ERROR_LANG_*
	define( 'ERROR_LANG_STRING_NOT_FOUND',			300 );

	# ERROR_DB_*
	define( 'ERROR_DB_CONNECT_FAILED',				400 );
	define( 'ERROR_DB_QUERY_FAILED',				401 );
	define( 'ERROR_DB_SELECT_FAILED',				402 );
	define( 'ERROR_DB_FIELD_NOT_FOUND',				403 );

	# ERROR_FILE_*
	define( 'ERROR_FILE_TOO_BIG',					500 );
	define( 'ERROR_FILE_NOT_ALLOWED',				501 );
	define( 'ERROR_FILE_DUPLICATE',					502 );
	define( 'ERROR_FILE_INVALID_UPLOAD_PATH',		503 );
	define( 'ERROR_FILE_NO_UPLOAD_FAILURE',		    504 );
	define( 'ERROR_FILE_MOVE_FAILED',		    505 );

	# ERROR_BUGNOTE_*
	define( 'ERROR_BUGNOTE_NOT_FOUND',				600 );

	# ERROR_PROJECT_*
	define( 'ERROR_PROJECT_NOT_FOUND',				700 );
	define( 'ERROR_PROJECT_NAME_NOT_UNIQUE',		701 );
	define( 'ERROR_PROJECT_NAME_INVALID',			702 );
	define( 'ERROR_PROJECT_RECURSIVE_HIERARCHY',	703 );

	# ERROR_USER_*
	define( 'ERROR_USER_NAME_NOT_UNIQUE',			800 );
	define( 'ERROR_USER_NOT_FOUND',					801 );
	define( 'ERROR_USER_PREFS_NOT_FOUND',			802 );
	define( 'ERROR_USER_CREATE_PASSWORD_MISMATCH',	803 );
	define( 'ERROR_USER_PROFILE_NOT_FOUND',			804 );
	define( 'ERROR_USER_NAME_INVALID',				805 );
	define( 'ERROR_USER_DOES_NOT_HAVE_REQ_ACCESS',		806 );
	define( 'ERROR_USER_REAL_MATCH_USER',		807 );
	define( 'ERROR_USER_CHANGE_LAST_ADMIN',		808 );

	# ERROR_AUTH_*
	define( 'ERROR_AUTH_INVALID_COOKIE',			900 );

	# ERROR_NEWS_*
	define( 'ERROR_NEWS_NOT_FOUND',					1000 );

	# ERROR_BUG_*
	define( 'ERROR_BUG_NOT_FOUND',					1100 );
	define( 'ERROR_BUG_DUPLICATE_SELF',				1101 );
	define( 'ERROR_BUG_RESOLVED_ACTION_DENIED',			1102 );	// @@@ obsolete, remove after lang files are sync'd
	define( 'ERROR_BUG_READ_ONLY_ACTION_DENIED',			1103 );

	# ERROR_EMAIL_*
	define( 'ERROR_EMAIL_INVALID',					1200 );

	# ERROR_CUSTOM_FIELD_*
	define( 'ERROR_CUSTOM_FIELD_NOT_FOUND',			1300 );
	define( 'ERROR_CUSTOM_FIELD_NAME_NOT_UNIQUE',   1301 );
	define( 'ERROR_CUSTOM_FIELD_IN_USE',			1302 );
	define( 'ERROR_CUSTOM_FIELD_INVALID_VALUE',		1303 );
	define( 'ERROR_CUSTOM_FIELD_INVALID_DEFINITION',1304 );

	# ERROR_LDAP_*
	define( 'ERROR_LDAP_AUTH_FAILED',				1400 );
	define( 'ERROR_LDAP_SERVER_CONNECT_FAILED',		1401 );
	define( 'ERROR_LDAP_UPDATE_FAILED',				1402 );
	define( 'ERROR_LDAP_USER_NOT_FOUND',			1403 );

	# ERROR_CATEGORY_*
	define( 'ERROR_CATEGORY_DUPLICATE',				1500 );
	define( 'ERROR_CATEGORY_NO_ACTION',				1501 );
	define( 'ERROR_CATEGORY_NOT_FOUND',				1502 );

	# ERROR_VERSION_*
	define( 'ERROR_VERSION_DUPLICATE',				1600 );
	define( 'ERROR_VERSION_NOT_FOUND',				1601 );

	# ERROR_SPONSORSHIP_*
	define( 'ERROR_SPONSORSHIP_NOT_ENABLED',			1700 );
	define( 'ERROR_SPONSORSHIP_NOT_FOUND',				1701 );
	define( 'ERROR_SPONSORSHIP_AMOUNT_TOO_LOW',			1702 );
	define( 'ERROR_SPONSORSHIP_HANDLER_ACCESS_LEVEL_TOO_LOW',	1703 );
	define( 'ERROR_SPONSORSHIP_ASSIGNER_ACCESS_LEVEL_TOO_LOW',	1704 );
	define( 'ERROR_SPONSORSHIP_SPONSOR_NO_EMAIL',	1705 );

	# ERROR RELATIONSHIP
	define( 'ERROR_RELATIONSHIP_ALREADY_EXISTS', 1800 );
	define( 'ERROR_RELATIONSHIP_ACCESS_LEVEL_TO_DEST_BUG_TOO_LOW', 1801 );
	define( 'ERROR_RELATIONSHIP_NOT_FOUND', 1802 );
	define( 'ERROR_RELATIONSHIP_SAME_BUG', 1803 );

	# ERROR_LOST_PASSWORD_*
	define( 'ERROR_LOST_PASSWORD_NOT_ENABLED', 1900 );
	define( 'ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID', 1901 );
	define( 'ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED', 1902 );
	define( 'ERROR_LOST_PASSWORD_NOT_MATCHING_DATA', 1903 );
	define( 'ERROR_SIGNUP_NOT_MATCHING_CAPTCHA', 1904 );
	define( 'ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED', 1905 );

	# ERROR_FILTER_NOT_FOUND
	define( 'ERROR_FILTER_NOT_FOUND', 2000 );
	define( 'ERROR_FILTER_TOO_OLD', 2001 );

	# Status Legend Position
	define( 'STATUS_LEGEND_POSITION_TOP',		1);
	define( 'STATUS_LEGEND_POSITION_BOTTOM',	2);

	# Filter Position
	define( 'FILTER_POSITION_NONE',				0 );
	define( 'FILTER_POSITION_TOP',				1 );
	define( 'FILTER_POSITION_BOTTOM',			2 );
	define( 'FILTER_POSITION_BOTH',				3 );  // FILTER_POSITION_TOP | FILTER_POSITION_BOTTOM (bitwise OR)

	# Flags for settings E-mail categories
	define( 'EMAIL_CATEGORY_PROJECT_CATEGORY',	1);

	# Custom Field types
	define( 'CUSTOM_FIELD_TYPE_STRING',		0 );
	define( 'CUSTOM_FIELD_TYPE_NUMERIC',	1 );
	define( 'CUSTOM_FIELD_TYPE_FLOAT',		2 );
	define( 'CUSTOM_FIELD_TYPE_ENUM',		3 );
	define( 'CUSTOM_FIELD_TYPE_EMAIL',		4 );
	define( 'CUSTOM_FIELD_TYPE_CHECKBOX',	5 );
	define( 'CUSTOM_FIELD_TYPE_LIST',		6 );
	define( 'CUSTOM_FIELD_TYPE_MULTILIST',	7 );
	define( 'CUSTOM_FIELD_TYPE_DATE',		8 );

	# Meta filter values
	define( 'META_FILTER_MYSELF',	-1 );
	define( 'META_FILTER_NONE',     -2  );
	define( 'META_FILTER_ANY',      0   );

	# Versions
	define( 'VERSION_ALL',		null );
	define( 'VERSION_FUTURE',	0 );
	define( 'VERSION_RELEASED',	1 );

	# Contexts for bug summary
	define( 'SUMMARY_CAPTION', 1 );
	define( 'SUMMARY_FIELD', 2 );
	define( 'SUMMARY_EMAIL', 3 );

	# bugnote types
	define( 'BUGNOTE', 0 );
	define( 'REMINDER', 1 );

	# token types
	define( 'TOKEN_UNKNOWN',	0 );
	define( 'TOKEN_FILTER',		1 );
	define( 'TOKEN_GRAPH',		2 );

	# config types
	define( 'CONFIG_TYPE_INT', 1 );
	define( 'CONFIG_TYPE_STRING', 2 );
	define( 'CONFIG_TYPE_COMPLEX', 3 );

	# Control types for date custom fields.
	define( 'CUSTOM_FIELD_DATE_ANY',		0 ) ;
	define( 'CUSTOM_FIELD_DATE_NONE',		1 ) ;
	define( 'CUSTOM_FIELD_DATE_BETWEEN',	2 ) ;
	define( 'CUSTOM_FIELD_DATE_ONORBEFORE', 3 ) ;
	define( 'CUSTOM_FIELD_DATE_BEFORE',		4 ) ;
	define( 'CUSTOM_FIELD_DATE_ON',			5 ) ;
	define( 'CUSTOM_FIELD_DATE_AFTER',		6 ) ;
	define( 'CUSTOM_FIELD_DATE_ONORAFTER',	7 ) ;

 # system logging
 #  logging levels, can be OR'd together
 define( 'LOG_EMAIL',                    1 );  # all emails sent
 define( 'LOG_EMAIL_RECIPIENT',          2 );  # details of email recipient determination

 # COLUMNS_TARGET_*
 define( 'COLUMNS_TARGET_VIEW_PAGE',   1 );
 define( 'COLUMNS_TARGET_PRINT_PAGE',  2 );
 define( 'COLUMNS_TARGET_CSV_PAGE',    3 );
 
 # sponsorship "paid" values
 define( 'SPONSORSHIP_UNPAID',         0 );
 define( 'SPONSORSHIP_REQUESTED',      1 );
 define( 'SPONSORSHIP_PAID',           2 );
	
?>
constant_inc.php.patch (11,172 bytes)   
ldap_api.php.patch (6,039 bytes)   
<?php
 # Mantis - a php based bugtracking system
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
 # Copyright (C) 2002 - 2004  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 # This program is distributed under the terms and conditions of the GPL
 # See the README and LICENSE files for details

 # --------------------------------------------------------
 # $Id: ldap_api.php,v 1.18 2005/02/12 20:01:17 jlatour Exp $
 # --------------------------------------------------------

 ###########################################################################
 # LDAP API
 ###########################################################################

  # --------------------
 # Connect and bind to the LDAP directory
 function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
  $t_ldap_server = config_get( 'ldap_server' );
  $t_ldap_port = config_get( 'ldap_port' );
  $t_ds = @ldap_connect ( $t_ldap_server, $t_ldap_port );
  if ( $t_ds > 0 ) {
   # If no Bind DN and Password is set, attempt to login as the configured
   #  Bind DN.
   if ( is_blank( $p_binddn ) && is_blank( $p_password ) ) {
    $p_binddn = config_get( 'ldap_bind_dn', '' );
    $p_password = config_get( 'ldap_bind_passwd', '' );
   }

   if ( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) {
    $t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
   } else {
    # Either the Bind DN or the Password are empty, so attempt an anonymous bind.
    $t_br = @ldap_bind( $t_ds );
   }
   if ( !$t_br ) {
    trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
   }
  } else {
          trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
  }

  return $t_ds;
 }

  # --------------------
 # Return an email address from LDAP, given a userid
 function ldap_email( $p_user_id ) {
  $t_username = user_get_field( $p_user_id, 'username' );
  return ldap_email_from_username($t_username);
 }

 	# --------------------
	# Return an email address from LDAP, given a username
	function ldap_email_from_username( $p_username ) {
		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn	    	= config_get( 'ldap_root_dn' );

		$t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter	= "(&$t_ldap_organization($t_ldap_uid_field=$p_username))";
		$t_search_attrs		= array( $t_ldap_uid_field, 'mail', 'dn' );
		$t_ds           	= ldap_connect_bind();

		$t_sr	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		$t_info	= ldap_get_entries( $t_ds, $t_sr );
		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );

		return $t_info[0]['mail'][0];
	}

	# --------------------
	# Return true if the $uid has an assigngroup=$p_group tag, false otherwise
	function ldap_has_group( $p_user_id, $p_group ) {
		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn			= config_get( 'ldap_root_dn' );

		$t_username      	= user_get_field( $p_user_id, 'username' );
		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))";
		$t_search_attrs	 	= array( $t_ldap_uid_field, 'dn', 'assignedgroup' );
		$t_ds            	= ldap_connect_bind();

		$t_sr     	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		$t_entries	= ldap_count_entries( $t_ds, $t_sr );
		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );

		if ( $t_entries > 0 ) {
			return true;
		} else {
			return false;
		}
	}

	# --------------------
	# Attempt to authenticate the user against the LDAP directory
	#  return true on successful authentication, false otherwise
	function ldap_authenticate( $p_user_id, $p_password ) {
		# if password is empty and ldap allows anonymous login, then
		# the user will be able to login, hence, we need to check
		# for this special case.
		if ( is_blank( $p_password ) ) {
			return false;
		}
		$t_ldap_organization	= config_get( 'ldap_organization' );
		$t_ldap_root_dn		= config_get( 'ldap_root_dn' );

		$t_username      	= $p_user_id;//GF user_get_field( $p_user_id, 'username' );
		$t_ldap_uid_field	= config_get( 'ldap_uid_field', 'uid' ) ;
		$t_search_filter 	= "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
		$t_search_attrs  	= array( $t_ldap_uid_field, 'dn' );
		$t_ds            	= ldap_connect_bind();
		# Search for the user id
		#$t_sr	= ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		#$t_inf	= ldap_get_entries( $t_ds, $t_sr );
		$t_authenticated = false;
		$t_sr = ldap_search ($t_ds, $t_ldap_root_dn, 'uid='.$t_username);
	        if ($t_sr != FALSE) {	
			$t_info = ldap_get_entries ($t_ds,$t_sr);
			#var_dump($t_info);
			// We read the salt argument from the current encrypted password	
			$salt = '';
			$separator = '$';
			$numberOccurencySeparator = 0;
			$encryptedPassword = trim ($t_info[0]['userpassword'][0]);
			for ($i = 0; $i < strlen ($encryptedPassword); $i ++) {	
				if (strcmp ($encryptedPassword [$i], $separator) == 0) {
					$numberOccurencySeparator ++;
					if ($numberOccurencySeparator == 3)
						break;
				}
				$salt = $salt.$encryptedPassword [$i];
			}
			$password = crypt (trim ($p_password), $salt);
			if (strcmp ($encryptedPassword, $password) == 0) {
				$t_authenticated = true;
			} else {
				#error_log ('Erreur de login ou de mot de passe.');
			}
		}

	     #	if ( $t_info ) {
			# Try to authenticate to each until we get a match
			#for ( $i = 0 ; $i < $t_info['count'] ; $i++ ) {
			#	$t_dn = $t_info[$i]['dn'];

			#	# Attempt to bind with the DN and password
			#	if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
			#		$t_authenticated = true;
			#		break; # Don't need to go any further
			#	}
			#}
		

  ldap_free_result( $t_sr );
  ldap_unbind( $t_ds );

  return $t_authenticated;
 }

 # --------------------
 # Create a new user account in the LDAP Directory.

 # --------------------
 # Update the user's account in the LDAP Directory

 # --------------------
 # Change the user's password in the LDAP Directory
?>
ldap_api.php.patch (6,039 bytes)   

Relationships

duplicate of 0004235 closedvboctor Support Generic Authentication through Plug-ins 

Activities

tk

tk

2006-03-01 08:29

reporter   ~0012256

I'm waiting for that feature.
Please add to the main project ASAP!

ghm1014

ghm1014

2008-03-20 04:33

reporter   ~0017419

Is this feature on 1.1.1 Mantis version?
Where can I get this files (attachment are missing)

jreese

jreese

2008-03-20 08:33

reporter   ~0017423

See bug 0004235.

ghm1014

ghm1014

2008-03-28 18:38

reporter   ~0017486

Can anybody tell me how this bug is fixed? I want to use the multi login method but I don't see how. Do I need the patch posted on 0004235? Which file do I need to patch? Which g_login_method should I set?