Index: account_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/account_page.php,v retrieving revision 1.51 diff -u -r1.51 account_page.php --- account_page.php 17 Jul 2005 21:56:21 -0000 1.51 +++ account_page.php 25 Sep 2006 10:45:56 -0000 @@ -52,7 +52,7 @@ $row = user_get_row( auth_get_current_user_id() ); extract( $row, EXTR_PREFIX_ALL, 'u' ); - $t_ldap = ( LDAP == config_get( 'login_method' ) ); + $t_ldap = ( LDAP == $row['login_method'] ); #config_get( 'login_method' ) ); # In case we're using LDAP to get the email address... this will pull out # that version instead of the one in the DB @@ -72,7 +72,7 @@
' . lang_get( 'verify_change_password' ); } ?> @@ -93,7 +93,7 @@ - + Index: account_update.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/account_update.php,v retrieving revision 1.40 diff -u -r1.40 account_update.php --- account_update.php 30 Nov 2004 13:02:57 -0000 1.40 +++ account_update.php 25 Sep 2006 10:45:56 -0000 @@ -68,7 +68,7 @@ } # Update password if the two match and are not empty - if ( !is_blank( $f_password ) ) { + if ( !is_blank( $f_password ) ) { if ( $f_password != $f_password_confirm ) { trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR ); } else { Index: config_defaults_inc.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/config_defaults_inc.php,v retrieving revision 1.312 diff -u -r1.312 config_defaults_inc.php --- config_defaults_inc.php 22 Sep 2006 22:18:08 -0000 1.312 +++ config_defaults_inc.php 25 Sep 2006 10:45:57 -0000 @@ -832,6 +832,16 @@ # The LDAP Protocol Version, if 0, then the protocol version is not set. $g_ldap_protocol_version = 0; + ############################# + # Mantis ADS Settings + ############################# + # --- using MS Active Directory ------------- + $g_ads_server = 'ldap://ads.example.com.au/'; + $g_ads_port = '389'; + $g_ads_domain = 'myDomain'; # ADS domain like 'myDomain' + $g_ads_bind_name = ''; + $g_ads_bind_passwd = ''; + ############################ # Status Settings ############################ @@ -1083,10 +1093,26 @@ # example: $g_set_status_threshold = array( ACKNOWLEDGED => MANAGER, CONFIRMED => DEVELOPER, CLOSED => MANAGER ); $g_set_status_threshold = array(); + # --- login method strings -------- + # Don't change this + $g_login_method_strings[PLAIN] = "Plain"; + $g_login_method_strings[CRYPT] = "Crypt"; + $g_login_method_strings[CRYPT_FULL_SALT] = "Crypt full salt"; + $g_login_method_strings[MD5] = "MD5"; + $g_login_method_strings[LDAP] = "LDAP"; + $g_login_method_strings[BASIC_AUTH] = "Basic Auth"; + $g_login_method_strings[HTTP_AUTH] = "HTTP Auth"; + $g_login_method_strings[ADS] = "Active Directory"; + # --- login method ---------------- - # CRYPT or PLAIN or MD5 or LDAP or BASIC_AUTH + # CRYPT or PLAIN or MD5 or LDAP or BASIC_AUTH or ADS # You can simply change this at will. Mantis will try to figure out how the passwords were encrypted. + # ATTENTION: This might soon be depricated $g_login_method = MD5; + + # Enter here your allowed login methods. This values will be choosable when create new user + # e.g. array(LDAP, ADS, MD5, CRYPT) + $g_login_methods = array(MD5, ADS); # --- limit reporters ------------- # Set to ON if you wish to limit reporters to only viewing bugs that they report. @@ -1768,4 +1794,4 @@ # The maximum number of issues to keep in the recently visited list. $g_recently_visited_count = 5; -?> \ No newline at end of file +?> Index: login.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/login.php,v retrieving revision 1.36 diff -u -r1.36 login.php --- login.php 7 Aug 2005 16:01:37 -0000 1.36 +++ login.php 25 Sep 2006 10:45:57 -0000 @@ -20,13 +20,15 @@ $f_perm_login = gpc_get_bool( 'perm_login' ); $f_return = gpc_get_string( 'return', config_get( 'default_home_page' ) ); $f_from = gpc_get_string( 'from', '' ); + $f_login_method = user_get_field( user_get_id_by_name($f_username), 'login_method' ); + - if ( BASIC_AUTH == config_get( 'login_method' ) ) { + if ( BASIC_AUTH == $f_login_method ) { #config_get( 'login_method' ) ) { $f_username = $_SERVER['REMOTE_USER']; $f_password = $_SERVER['PHP_AUTH_PW']; } - if ( HTTP_AUTH == config_get( 'login_method' ) ) { + if ( HTTP_AUTH == $f_login_method ) { #config_get( 'login_method' ) ) { if ( !auth_http_is_logout_pending() ) { if ( isset( $_SERVER['PHP_AUTH_USER'] ) ) @@ -45,7 +47,7 @@ } else { $t_redirect_url = 'login_page.php?return=' . urlencode( $f_return ) . '&error=1'; - if ( HTTP_AUTH == config_get( 'login_method' ) ) { + if ( HTTP_AUTH == $f_login_method ) { #config_get( 'login_method' ) ) { auth_http_prompt(); exit; } Index: login_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/login_page.php,v retrieving revision 1.56 diff -u -r1.56 login_page.php --- login_page.php 24 Jul 2006 01:31:28 -0000 1.56 +++ login_page.php 25 Sep 2006 10:45:57 -0000 @@ -23,21 +23,22 @@ $f_return = gpc_get_string( 'return', '' ); # Check for HTTP_AUTH. HTTP_AUTH is handled in login.php - - if ( HTTP_AUTH == config_get( 'login_method' ) ) { - $t_uri = "login.php"; - - if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) { - $t_uri = "login_anon.php"; - } - - if ( $f_return ) { - $t_uri .= "?return=" . urlencode( $f_return ); - } - - print_header_redirect( $t_uri ); - exit; - } + # + #if ( HTTP_AUTH == config_get( 'login_method' ) ) { + # $t_uri = "login.php"; + # + # if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) { + # $t_uri = "login_anon.php"; + # } + # + # if ( $f_return ) { + # $t_uri .= "?return=" . urlencode( $f_return ); + # } + # + # print_header_redirect( $t_uri ); + # exit; + #} + # THIS IS CHECKED IN login.php ANYWAYS html_page_top1(); html_page_top2a(); @@ -127,7 +128,7 @@ # # Warning, if plain passwords are selected - if ( config_get( 'login_method' ) === PLAIN ) { + if ( in_array( PLAIN, $g_login_methods ) ){ #config_get( 'login_method' ) === PLAIN ) { echo '
'; echo '

WARNING: Plain password authentication is used, this will expose your passwords to administrators.

'; echo '
'; @@ -135,7 +136,7 @@ # Generate a warning if administrator/root is valid. $t_admin_user_id = user_get_id_by_name( 'administrator' ); - if ( $t_admin_user_id !== false ) { + if ( $t_admin_user_id !== false ) { if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) { echo '
'; echo '

WARNING: You should disable the default "administrator" account or change its password.

'; Index: manage_user_create.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_user_create.php,v retrieving revision 1.22 diff -u -r1.22 manage_user_create.php --- manage_user_create.php 21 Mar 2005 20:48:55 -0000 1.22 +++ manage_user_create.php 25 Sep 2006 10:45:57 -0000 @@ -22,6 +22,7 @@ $f_password = gpc_get_string( 'password', '' ); $f_password_verify = gpc_get_string( 'password_verify', '' ); $f_email = gpc_get_string( 'email' ); + $f_login_method = gpc_get_string( 'login_method' ); $f_access_level = gpc_get_string( 'access_level' ); $f_protected = gpc_get_bool( 'protected' ); $f_enabled = gpc_get_bool( 'enabled' ); @@ -58,7 +59,7 @@ } } - $t_cookie = user_create( $f_username, $f_password, $f_email, $f_access_level, $f_protected, $f_enabled, $f_realname ); + $t_cookie = user_create( $f_username, $f_password, $f_email, $f_login_method, $f_access_level, $f_protected, $f_enabled, $f_realname ); if ( $t_cookie === false ) { $t_redirect_url = 'manage_user_page.php'; Index: manage_user_create_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_user_create_page.php,v retrieving revision 1.19 diff -u -r1.19 manage_user_create_page.php --- manage_user_create_page.php 21 Mar 2005 20:48:55 -0000 1.19 +++ manage_user_create_page.php 25 Sep 2006 10:45:57 -0000 @@ -75,6 +75,21 @@ ?> > + + + + + + +> + Index: manage_user_edit_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_user_edit_page.php,v retrieving revision 1.16 diff -u -r1.16 manage_user_edit_page.php --- manage_user_edit_page.php 26 Mar 2006 10:35:33 -0000 1.16 +++ manage_user_edit_page.php 25 Sep 2006 10:45:57 -0000 @@ -69,6 +69,16 @@ + +> + + : + + + + + + > Index: admin/schema.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/admin/schema.php,v retrieving revision 1.11 diff -u -r1.11 schema.php --- admin/schema.php 14 Aug 2006 08:32:57 -0000 1.11 +++ admin/schema.php 25 Sep 2006 10:45:57 -0000 @@ -303,7 +303,8 @@ login_count I NOTNULL DEFAULT '0', lost_password_request_count I2 NOTNULL DEFAULT '0', failed_login_count I2 NOTNULL DEFAULT '0', - cookie_string C(64) NOTNULL DEFAULT \" '' \" + cookie_string C(64) NOTNULL DEFAULT \" '' \", + login_method I2 NOTNULL DEFAULT '0' ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateIndexSQL',Array('idx_user_cookie_string',config_get('mantis_user_table'),'cookie_string',Array('UNIQUE'))); $upgrade[] = Array('CreateIndexSQL',Array('idx_user_username',config_get('mantis_user_table'),'username',Array('UNIQUE'))); @@ -325,4 +326,4 @@ body XS NOTNULL ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS'))); $upgrade[] = Array('CreateIndexSQL',Array('idx_email_id',config_get('mantis_email_table'),'email_id')); -?> \ No newline at end of file +?> Index: core/authentication_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/authentication_api.php,v retrieving revision 1.55 diff -u -r1.55 authentication_api.php --- core/authentication_api.php 23 Apr 2006 12:32:59 -0000 1.55 +++ core/authentication_api.php 25 Sep 2006 10:45:58 -0000 @@ -74,7 +74,7 @@ function auth_attempt_login( $p_username, $p_password, $p_perm_login=false ) { $t_user_id = user_get_id_by_name( $p_username ); - $t_login_method = config_get( 'login_method' ); + $t_login_method = user_get_field($t_user_id, 'login_method'); #config_get( 'login_method' ); if ( false === $t_user_id ) { if ( BASIC_AUTH == $t_login_method ) { @@ -118,7 +118,7 @@ if ( !( ( ON == $t_anon_allowed ) && ( $t_anon_account == $p_username) ) ) { # anonymous login didn't work, so check the password - if ( !auth_does_password_match( $t_user_id, $p_password ) ) { + if ( !auth_does_password_match( $t_user_id, $p_password ) ) { user_increment_failed_login_count( $t_user_id ); return false; } @@ -201,22 +201,25 @@ # Return true if the password for the user id given matches the given # password (taking into account the global login method) function auth_does_password_match( $p_user_id, $p_test_password ) { - $t_configured_login_method = config_get( 'login_method' ); - - if ( LDAP == $t_configured_login_method ) { - return ldap_authenticate( $p_user_id, $p_test_password ); - } + $t_user_login_method = user_get_field( $p_user_id, 'login_method' ); #config_get( 'login_method' ); + switch ($t_user_login_method) + { + case ADS: return ads_authenticate( $p_user_id, $p_test_password ); break; + case LDAP: return ldap_authenticate( $p_user_id, $p_test_password ); break; + default: break; + } + $t_password = user_get_field( $p_user_id, 'password' ); $t_login_methods = Array(MD5, CRYPT, PLAIN); foreach ( $t_login_methods as $t_login_method ) { # pass the stored password in as the salt - if ( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password ) { + if ( auth_process_plain_password( $p_test_password, $t_login_method, $t_password) == $t_password ) { # Check for migration to another login method and test whether the password was encrypted # with our previously insecure implemention of the CRYPT method - if ( ( $t_login_method != $t_configured_login_method ) || - ( ( CRYPT == $t_configured_login_method ) && substr( $t_password, 0, 2 ) == substr( $p_test_password, 0, 2 ) ) ) { + if ( ( $t_login_method != $t_user_login_method ) || + ( ( CRYPT == $t_user_login_method ) && substr( $t_password, 0, 2 ) == substr( $p_test_password, 0, 2 ) ) ) { user_set_password( $p_user_id, $p_test_password, true ); } @@ -235,13 +238,9 @@ # When encrypting a password to compare to a stored password, the stored # password should be passed in as salt. If the auth method is CRYPT then # crypt() will extract the appropriate portion of the stored password as its salt - function auth_process_plain_password( $p_password, $p_salt=null, $p_method=null ) { - $t_login_method = config_get( 'login_method' ); - if ( $p_method !== null ) { - $t_login_method = $p_method; - } + function auth_process_plain_password( $p_password, $p_login_method, $p_salt=null ) { - switch ( $t_login_method ) { + switch ( $p_login_method ) { case CRYPT: # a null salt is the same as no salt, which causes a salt to be generated # otherwise, use the salt given Index: core/constant_inc.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/constant_inc.php,v retrieving revision 1.58 diff -u -r1.58 constant_inc.php --- core/constant_inc.php 12 Aug 2006 08:04:13 -0000 1.58 +++ core/constant_inc.php 25 Sep 2006 10:45:58 -0000 @@ -103,8 +103,9 @@ define( 'LDAP', 4 ); define( 'BASIC_AUTH', 5 ); define( 'HTTP_AUTH', 6 ); - - # file upload methods + define( 'ADS', 7 ); + + # file upload methods define( 'DISK', 1 ); define( 'DATABASE', 2 ); define( 'FTP', 3 ); @@ -286,6 +287,9 @@ define( 'ERROR_SIGNUP_NOT_MATCHING_CAPTCHA', 1904 ); define( 'ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED', 1905 ); + # ERROR_ADS_* + define( 'ERROR_ADS_SERVER_CONNECT_FAILED', 2000 ); + # ERROR_FILTER_NOT_FOUND define( 'ERROR_FILTER_NOT_FOUND', 2000 ); define( 'ERROR_FILTER_TOO_OLD', 2001 ); Index: core/custom_function_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/custom_function_api.php,v retrieving revision 1.27 diff -u -r1.27 custom_function_api.php --- core/custom_function_api.php 18 May 2006 05:53:44 -0000 1.27 +++ core/custom_function_api.php 25 Sep 2006 10:45:58 -0000 @@ -128,9 +128,9 @@ # -------------------- # Hook for authentication # can Mantis update the password - function custom_function_default_auth_can_change_password( ) { + function custom_function_default_auth_can_change_password( $p_login_method ) { $t_can_change = array( PLAIN, CRYPT, CRYPT_FULL_SALT, MD5 ); - if ( in_array( config_get( 'login_method' ), $t_can_change ) ) { + if ( in_array( $p_login_method, $t_can_change ) ) { return true; } else { return false; @@ -347,4 +347,4 @@ # html_api.php. For each button, this function needs to generate the enclosing '' and ''. function custom_function_default_print_bug_view_page_custom_buttons( $p_bug_id ) { } -?> \ No newline at end of file +?> Index: core/ldap_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/ldap_api.php,v retrieving revision 1.19 diff -u -r1.19 ldap_api.php --- core/ldap_api.php 22 Apr 2006 01:52:14 -0000 1.19 +++ core/ldap_api.php 25 Sep 2006 10:45:58 -0000 @@ -153,4 +153,5 @@ # -------------------- # Change the user's password in the LDAP Directory + ?> Index: core/user_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/user_api.php,v retrieving revision 1.107 diff -u -r1.107 user_api.php --- core/user_api.php 29 Oct 2005 09:52:52 -0000 1.107 +++ core/user_api.php 25 Sep 2006 10:45:58 -0000 @@ -13,6 +13,7 @@ require_once( $t_core_dir . 'email_api.php' ); require_once( $t_core_dir . 'ldap_api.php' ); + require_once( $t_core_dir . 'ads_api.php' ); ### User API ### @@ -326,17 +327,18 @@ # -------------------- # Create a user. # returns false if error, the generated cookie string if ok - function user_create( $p_username, $p_password, $p_email='', $p_access_level=null, $p_protected=false, $p_enabled=true, $p_realname='' ) { + function user_create( $p_username, $p_password, $p_email='', $p_login_method=MD5, $p_access_level=null, $p_protected=false, $p_enabled=true, $p_realname='' ) { if ( null === $p_access_level ) { $p_access_level = config_get( 'default_new_account_access_level'); } - $t_password = auth_process_plain_password( $p_password ); + $t_password = auth_process_plain_password( $p_password, 'MD5' ); $c_username = db_prepare_string( $p_username ); $c_realname = db_prepare_string( $p_realname ); $c_password = db_prepare_string( $t_password ); $c_email = db_prepare_string( $p_email ); + $c_login_method = db_prepare_int( $p_login_method ); $c_access_level = db_prepare_int( $p_access_level ); $c_protected = db_prepare_bool( $p_protected ); $c_enabled = db_prepare_bool( $p_enabled ); @@ -352,10 +354,10 @@ $query = "INSERT INTO $t_user_table ( username, email, password, date_created, last_visit, - enabled, access_level, login_count, cookie_string, realname ) + enabled, access_level, login_count, cookie_string, realname, login_method ) VALUES ( '$c_username', '$c_email', '$c_password', " . db_now() . "," . db_now() . ", - $c_enabled, $c_access_level, 0, '$t_cookie_string', '$c_realname')"; + $c_enabled, $c_access_level, 0, '$t_cookie_string', '$c_realname', '$c_login_method')"; db_query( $query ); # Create preferences for the user @@ -1054,12 +1056,13 @@ # Set the user's password to the given string, encoded as appropriate function user_set_password( $p_user_id, $p_password, $p_allow_protected=false ) { $c_user_id = db_prepare_int( $p_user_id ); + $t_user_login_method = user_get_field( $p_user_id, 'login_method' ); if ( !$p_allow_protected ) { user_ensure_unprotected( $p_user_id ); } - $t_password = auth_process_plain_password( $p_password ); + $t_password = auth_process_plain_password( $p_password, $t_user_login_method ); $t_user_table = config_get( 'mantis_user_table' ); $query = "UPDATE $t_user_table SET password='$t_password' @@ -1120,8 +1123,9 @@ if ( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) { # Create random password $t_email = user_get_field( $p_user_id, 'email' ); + $t_user_login_method = user_get_field ( $p_user_id, 'login_method' ); $t_password = auth_generate_random_password( $t_email ); - $t_password2 = auth_process_plain_password( $t_password ); + $t_password2 = auth_process_plain_password( $t_password, $t_user_login_method ); user_set_field( $p_user_id, 'password', $t_password2 ); @@ -1132,7 +1136,8 @@ } } else { # use blank password, no emailing - $t_password = auth_process_plain_password( '' ); + $t_user_login_method = user_get_field( $p_user_id, 'login_method' ); + $t_password = auth_process_plain_password( '', $t_user_login_method ); user_set_field( $p_user_id, 'password', $t_password ); # reset the failed login count because in this mode there is no emailing user_reset_failed_login_count_to_zero( $p_user_id ); Index: lang/strings_dutch.txt =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/lang/strings_dutch.txt,v retrieving revision 1.108 diff -u -r1.108 strings_dutch.txt --- lang/strings_dutch.txt 25 Sep 2006 05:16:48 -0000 1.108 +++ lang/strings_dutch.txt 25 Sep 2006 10:45:58 -0000 @@ -384,6 +384,7 @@ $s_update_user_button = 'Gebruiker aanpassen'; $s_verify_warning = 'Uw account is gecontroleerd. Het accountbevestigingsbericht dat u heeft ontvangen is niet langer bruikbaar.'; $s_verify_change_password = 'Hier dient een wachtwoord ingegeven te worden om opnieuw te kunnen aanmelden.'; +$s_login_method = 'Aanmeldings-methode'; # account_prefs_page.php $s_default_account_preferences_title = 'Standaard accountinstellingen'; Index: lang/strings_english.txt =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/lang/strings_english.txt,v retrieving revision 1.280 diff -u -r1.280 strings_english.txt --- lang/strings_english.txt 25 Sep 2006 05:16:48 -0000 1.280 +++ lang/strings_english.txt 25 Sep 2006 10:45:59 -0000 @@ -262,6 +262,7 @@ $MANTIS_ERROR[ERROR_PROJECT_RECURSIVE_HIERARCHY] = 'That operation would create a loop in the subproject hierarchy.'; $MANTIS_ERROR[ERROR_USER_CHANGE_LAST_ADMIN] = 'You cannot change the access level of the only ADMINISTRATOR in the system.'; $MANTIS_ERROR[ERROR_PAGE_REDIRECTION] = 'Page redirection error, ensure that there are no spaces outside the PHP block (<?php ?>) in config_inc.php or custom_*.php files.'; +$MANTIS_ERROR[ERROR_ADS_SERVER_CONNECT_FAILED] = 'ADS Server Connection Failed'; $s_login_error = 'Your account may be disabled or blocked or the username/password you entered is incorrect.'; $s_login_cookies_disabled = 'Your browser either doesn\'t know how to handle cookies, or refuses to handle them.'; @@ -380,6 +381,7 @@ $s_update_user_button = 'Update User'; $s_verify_warning = 'Your account information has been verified. The account confirmation message you have received is now invalid.'; $s_verify_change_password = 'You must set a password here to allow you to log in again.'; +$s_login_method = 'Authentication method'; # account_prefs_page.php $s_default_account_preferences_title = 'Account Preferences'; Index: lang/strings_german.txt =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/lang/strings_german.txt,v retrieving revision 1.145 diff -u -r1.145 strings_german.txt --- lang/strings_german.txt 25 Sep 2006 05:16:48 -0000 1.145 +++ lang/strings_german.txt 25 Sep 2006 10:45:59 -0000 @@ -385,6 +385,7 @@ $s_update_user_button = 'Benutzer aktualisieren'; $s_verify_warning = 'Ihre Kontoinformationen wurden überprüft. Die von Ihnen erhaltene Konto Bestätigungsmeldung ist jetzt ungültig.'; $s_verify_change_password = 'Sie müssen hier ein Paßwort vergeben, um sich wieder anmelden zu können.'; +$s_login_method = 'Authentifizierungs-Methode'; # account_prefs_page.php $s_default_account_preferences_title = 'Kontoeinstellungen';