View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006718 | mantisbt | authentication | public | 2006-02-15 09:01 | 2008-07-24 16:51 |
| Reporter | brunette | Assigned To | jreese | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | duplicate | ||
| Product Version | 1.0.0 | ||||
| Summary | 0006718: Multiple authentification | ||||
| Description | I create a new type of authentification CVF_AUTH who is a mixte authentification LDAP and MD5. First of all, I search if the user exists in LDAP. | ||||
| Tags | No tags attached. | ||||
| Attached Files | authentication_api.php.patch (16,671 bytes)
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details
# --------------------------------------------------------
# $Id: authentication_api.php,v 1.51 2005/07/11 23:49:13 thraxisp Exp $
# --------------------------------------------------------
### Authentication API ###
$g_script_login_cookie = null;
$g_cache_anonymous_user_cookie_string = null;
#===================================
# Boolean queries and ensures
#===================================
# --------------------
# Check that there is a user logged-in and authenticated
# If the user's account is disabled they will be logged out
# If there is no user logged in, redirect to the login page
# If parameter is given it is used as a URL to redirect to following
# successful login. If none is given, the URL of the current page is used
function auth_ensure_user_authenticated( $p_return_page = '' ) {
if ( !php_version_at_least( '4.1.0' ) ) {
global $_SERVER;
}
# if logged in
if ( auth_is_user_authenticated() ) {
# check for access enabled
# This also makes sure the cookie is valid
if ( OFF == current_user_get_field( 'enabled' ) ) {
print_header_redirect( 'logout_page.php' );
}
} else { # not logged in
if ( is_blank( $p_return_page ) ) {
if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
$p_return_page = $_SERVER['REQUEST_URI'];
}
$p_return_page = string_url( $p_return_page );
print_header_redirect( 'login_page.php?return=' . $p_return_page );
}
}
# --------------------
# Return true if there is a currently logged in and authenticated user,
# false otherwise
function auth_is_user_authenticated() {
return ( auth_is_cookie_valid( auth_get_current_user_cookie() ) );
}
#===================================
# Login / Logout
#===================================
# --------------------
# Attempt to login the user with the given password
# If the user fails validation, false is returned
# If the user passes validation, the cookies are set and
# true is returned. If $p_perm_login is true, the long-term
# cookie is created.
function auth_attempt_login( $p_username, $p_password, $p_perm_login=false ) {
$t_user_id = user_get_id_by_name( $p_username );
$t_login_method = config_get( 'login_method' );
if ( false === $t_user_id ) {
if ( BASIC_AUTH == $t_login_method ) {
# attempt to create the user if using BASIC_AUTH
$t_cookie_string = user_create( $p_username, $p_password );
if ( false === $t_cookie_string ) {
# it didn't work
return false;
}
# ok, we created the user, get the row again
$t_user_id = user_get_id_by_name( $p_username );
if ( false === $t_user_id ) {
# uh oh, something must be really wrong
# @@@ trigger an error here?
return false;
}
}
else {
$t_login= config_get('login_method');
if ( CVF_AUTH == $t_login_method && ldap_authenticate($p_username, $p_password) ){
$t_email = $p_username."@cvf.fr";
user_create($p_username, auth_generate_random_password($t_seed),$t_email);
}
}
}
if (CVF_AUTH == $t_login_method) {
$t_user_id = user_get_id_by_name( $p_username );
if ( ldap_authenticate($p_username, $p_password)){
$t_login= config_get('login_method');
auth_set_cookies( $t_user_id, $p_perm_login );
return true;
break;
} else {
//$t_login_method = "MD5";
config_set_cache('login_method','3');
$t_login= config_get('login_method');
if (!auth_does_password_match($t_user_id, $p_password)){
user_increment_failed_login_count($t_user_id);
return false;
break;
}
}
}
# check for disabled account
if ( !user_is_enabled( $t_user_id ) ) {
// return false;
}
# max. failed login attempts achieved...
if( !user_is_login_request_allowed( $t_user_id ) ) {
return false;
}
$t_anon_account = config_get( 'anonymous_account' );
$t_anon_allowed = config_get( 'allow_anonymous_login' );
# check for anonymous login
if ( !( ( ON == $t_anon_allowed ) && ( $t_anon_account == $p_username) ) ) {
# anonymous login didn't work, so check the password
if ( !auth_does_password_match( $t_user_id, $p_password ) ) {
user_increment_failed_login_count( $t_user_id );
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count( $t_user_id );
user_reset_failed_login_count_to_zero( $t_user_id );
user_reset_lost_password_in_progress_count_to_zero( $t_user_id );
# set the cookies
auth_set_cookies( $t_user_id, $p_perm_login );
return true;
}
# --------------------
# Allows scripts to login using a login name or ( login name + password )
function auth_attempt_script_login( $p_username, $p_password = null ) {
global $g_script_login_cookie;
$t_user_id = user_get_id_by_name( $p_username );
$t_user = user_get_row( $t_user_id );
# check for disabled account
if ( OFF == $t_user['enabled'] ) {
return false;
}
# validate password if supplied
if ( null !== $p_password ) {
if ( !auth_does_password_match( $t_user_id, $p_password ) ) {
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count( $t_user_id );
# set the cookies
$g_script_login_cookie = $t_user['cookie_string'];
return true;
}
# --------------------
# Logout the current user and remove any remaining cookies from their browser
# Returns true on success, false otherwise
function auth_logout() {
global $g_cache_current_user_id;
# clear cached userid
$g_cache_current_user_id = null;
# clear cookies, if they were set
if (auth_clear_cookies()) {
helper_clear_pref_cookies();
}
return true;
}
#===================================
# Password functions
#===================================
# --------------------
# Return true if the password for the user id given matches the given
# password (taking into account the global login method)
function auth_does_password_match( $p_user_id, $p_test_password ) {
$t_configured_login_method = config_get( 'login_method' );
if ( LDAP == $t_configured_login_method ) {
return ldap_authenticate( $p_user_id, $p_test_password );
}
$t_password = user_get_field( $p_user_id, 'password' );
$t_login_methods = Array(MD5, CRYPT, PLAIN);
foreach ( $t_login_methods as $t_login_method ) {
# pass the stored password in as the salt
if ( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password ) {
# Check for migration to another login method and test whether the password was encrypted
# with our previously insecure implemention of the CRYPT method
if ( ( $t_login_method != $t_configured_login_method ) ||( ( CRYPT == $t_configured_login_method ) && substr( $t_password, 0, 2 ) == substr( $p_test_password, 0, 2 ) ) ) {
user_set_password( $p_user_id, $p_test_password, true );
}
return true;
}
}
return false;
}
# --------------------
# Encrypt and return the plain password given, as appropriate for the current
# global login method.
#
# When generating a new password, no salt should be passed in.
# When encrypting a password to compare to a stored password, the stored
# password should be passed in as salt. If the auth method is CRYPT then
# crypt() will extract the appropriate portion of the stored password as its salt
function auth_process_plain_password( $p_password, $p_salt=null, $p_method=null ) {
$t_login_method = config_get( 'login_method' );
if ( $p_method !== null ) {
$t_login_method = $p_method;
}
switch ( $t_login_method ) {
case CRYPT:
# a null salt is the same as no salt, which causes a salt to be generated
# otherwise, use the salt given
$t_processed_password = crypt( $p_password, $p_salt );
break;
case MD5:
$t_processed_password = md5( $p_password );
break;
case BASIC_AUTH:
case PLAIN:
default:
$t_processed_password = $p_password;
break;
}
# cut this off to 32 cahracters which the largest possible string in the database
return substr( $t_processed_password, 0, 32 );
}
# --------------------
# Generate a random 12 character password
# p_email is unused
function auth_generate_random_password( $p_email ) {
$t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() );
$t_val = md5( $t_val );
return substr( $t_val, 0, 12 );
}
# --------------------
# Generate a confirm_hash 12 character to valide the password reset request
function auth_generate_confirm_hash( $p_user_id ) {
$t_confirm_hash_generator = config_get( 'password_confirm_hash_magic_string' );
$t_password = user_get_field( $p_user_id, 'password' );
$t_last_visit = user_get_field( $p_user_id, 'last_visit' );
$t_confirm_hash = md5( $t_confirm_hash_generator . $t_password . $t_last_visit );
return $t_confirm_hash;
}
#===================================
# Cookie functions
#===================================
# --------------------
# Set login cookies for the user
# If $p_perm_login is true, a long-term cookie is created
function auth_set_cookies( $p_user_id, $p_perm_login=false ) {
$t_cookie_string = user_get_field( $p_user_id, 'cookie_string' );
$t_cookie_name = config_get( 'string_cookie' );
if ( $p_perm_login ) {
# set permanent cookie (1 year)
gpc_set_cookie( $t_cookie_name, $t_cookie_string, true );
} else {
# set temp cookie, cookie dies after browser closes
gpc_set_cookie( $t_cookie_name, $t_cookie_string, false );
}
}
# --------------------
# Clear login cookies, return true if they were cleared
function auth_clear_cookies() {
global $g_script_login_cookie;
$t_cookies_cleared = false;
# clear cookie, if not logged in from script
if ($g_script_login_cookie == null) {
$t_cookie_name = config_get( 'string_cookie' );
$t_cookie_path = config_get( 'cookie_path' );
gpc_clear_cookie( $t_cookie_name, $t_cookie_path );
$t_cookies_cleared = true;
} else {
$g_script_login_cookie = null;
}
return $t_cookies_cleared;
}
# --------------------
# Generate a string to use as the identifier for the login cookie
# It is not guaranteed to be unique and should be checked
# The string returned should be 64 characters in length
function auth_generate_cookie_string() {
$t_val = mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() );
$t_val = md5( $t_val ) . md5( time() );
return substr( $t_val, 0, 64 );
}
# --------------------
# Generate a UNIQUE string to use as the identifier for the login cookie
# The string returned should be 64 characters in length
function auth_generate_unique_cookie_string() {
do {
$t_cookie_string = auth_generate_cookie_string();
} while ( !auth_is_cookie_string_unique( $t_cookie_string ) );
return $t_cookie_string;
}
# --------------------
# Return true if the cookie login identifier is unique, false otherwise
function auth_is_cookie_string_unique( $p_cookie_string ) {
$t_user_table = config_get( 'mantis_user_table' );
$c_cookie_string = db_prepare_string( $p_cookie_string );
$query = "SELECT COUNT(*)
FROM $t_user_table
WHERE cookie_string='$c_cookie_string'";
$result = db_query( $query );
$t_count = db_result( $result );
if ( $t_count > 0 ) {
return false;
} else {
return true;
}
}
# --------------------
# Return the current user login cookie string,
# if no user is logged in and anonymous login is enabled, returns cookie for anonymous user
# otherwise returns '' (an empty string)
function auth_get_current_user_cookie() {
global $g_script_login_cookie, $g_cache_anonymous_user_cookie_string;
$t_cookie_name = config_get( 'string_cookie' );
$t_cookie = gpc_get_cookie( $t_cookie_name, '' );
# if cookie not found, and anonymous login enabled, use cookie of anonymous account.
if ( is_blank( $t_cookie ) ) {
if ( $g_script_login_cookie !== null ) {
return $g_script_login_cookie;
} else {
if ( ON == config_get( 'allow_anonymous_login' ) ) {
if ( $g_cache_anonymous_user_cookie_string == null ) {
if ( function_exists( 'db_is_connected' ) && db_is_connected() ) {
# get anonymous information if database is available
$query = sprintf('SELECT id, cookie_string FROM %s WHERE username = "%s"',
config_get( 'mantis_user_table' ), config_get( 'anonymous_account' ) );
$result = db_query( $query );
if ( 1 == db_num_rows( $result ) ) {
$row = db_fetch_array( $result );
$t_cookie = $row['cookie_string'];
$g_cache_anonymous_user_cookie_string = $t_cookie;
$g_cache_current_user_id = $row['id'];
}
}
} else {
$t_cookie = $g_cache_anonymous_user_cookie_string;
}
}
}
}
return $t_cookie;
}
#===================================
# Data Access
#===================================
#########################################
# is cookie valid?
function auth_is_cookie_valid( $p_cookie_string ) {
global $g_cache_current_user_id;
# fail if DB isn't accessible
if ( !db_is_connected() ) {
return false;
}
# fail if cookie is blank
if ( '' === $p_cookie_string ) {
return false;
}
# succeeed if user has already been authenticated
if ( null !== $g_cache_current_user_id ) {
return true;
}
# look up cookie in the database to see if it is valid
$t_user_table = config_get( 'mantis_user_table' );
$c_cookie_string = db_prepare_string( $p_cookie_string );
$query = "SELECT id
FROM $t_user_table
WHERE cookie_string='$c_cookie_string'";
$result = db_query( $query );
# return true if a matching cookie was found
return ( 1 == db_num_rows( $result ) );
}
#########################################
# SECURITY NOTE: cache globals are initialized here to prevent them
# being spoofed if register_globals is turned on
#
$g_cache_current_user_id = null;
function auth_get_current_user_id() {
global $g_cache_current_user_id;
if ( null !== $g_cache_current_user_id ) {
return $g_cache_current_user_id;
}
$t_user_table = config_get( 'mantis_user_table' );
$t_cookie_string = auth_get_current_user_cookie();
# @@@ error with an error saying they aren't logged in?
# Or redirect to the login page maybe?
$c_cookie_string = db_prepare_string( $t_cookie_string );
$query = "SELECT id
FROM $t_user_table
WHERE cookie_string='$c_cookie_string'";
$result = db_query( $query );
# The cookie was invalid. Clear the cookie (to allow people to log in again)
# and give them an Access Denied message.
if ( db_num_rows( $result ) < 1 ) {
auth_clear_cookies();
access_denied(); # never returns
return false;
}
$t_user_id = (int)db_result( $result );
$g_cache_current_user_id = $t_user_id;
return $t_user_id;
}
#===================================
# HTTP Auth
#===================================
function auth_http_prompt() {
header( "HTTP/1.0 401 Authorization Required" );
header( "WWW-Authenticate: Basic realm=\"" . lang_get( 'http_auth_realm' ) . "\"" );
header( 'status: 401 Unauthorized' );
echo '<center>';
echo '<p>'.error_string(ERROR_ACCESS_DENIED).'</p>';
print_bracket_link( 'main_page.php', lang_get( 'proceed' ) );
echo '</center>';
exit;
}
function auth_http_set_logout_pending( $p_pending ) {
$t_cookie_name = config_get( 'logout_cookie' );
if ( $p_pending ) {
gpc_set_cookie( $t_cookie_name, "1", false );
} else {
$t_cookie_path = config_get( 'cookie_path' );
gpc_clear_cookie( $t_cookie_name, $t_cookie_path );
}
}
function auth_http_is_logout_pending() {
$t_cookie_name = config_get( 'logout_cookie' );
$t_cookie = gpc_get_cookie( $t_cookie_name, '' );
return( $t_cookie > '' );
}
?>
constant_inc.php.patch (11,172 bytes)
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2005 Mantis Team - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details
# --------------------------------------------------------
# $Id: constant_inc.php,v 1.51 2005/07/03 15:09:11 thraxisp Exp
# Modified by Carole PRUVOST CVF - 29/07/2005
# --------------------------------------------------------
### CONSTANTS ###
# --- constants -------------------
# magic numbers
define( 'ON', 1 );
define( 'OFF', 0 );
define( 'AUTO', 3 );
# error types
define( 'ERROR', E_USER_ERROR );
define( 'WARNING', E_USER_WARNING );
define( 'NOTICE', E_USER_NOTICE );
# access levels
define( 'ANYBODY', 0 );
define( 'VIEWER', 10 );
define( 'REPORTER', 25 );
define( 'UPDATER', 40 );
define( 'DEVELOPER', 55 );
define( 'MANAGER', 70 );
define( 'ADMINISTRATOR', 90 );
define( 'NOBODY', 100 );
define( 'DEFAULT_ACCESS_LEVEL', -1); # This is used in add user to project
# status
define( 'NEW_', 10 ); # NEW seems to be a reserved keyword
define( 'FEEDBACK', 20 );
define( 'ACKNOWLEDGED', 30 );
define ('RESOLVED', 40);
define( 'CLOSED', 90 );
# resolution
define( 'CREATED', 0 );
define( 'FIXED', 10 );
define( 'UNABLE_TO_DUPLICATE', 20 );
define( 'REOPENED', 30 );
define( 'DUPLICATE', 40 );
define( 'NOT_A_BUG', 50);
define( 'NOT_FIXABLE', 60);
# priority
define( 'NONE', 10 );
define( 'LOW', 20 );
define( 'NORMAL', 30 );
define( 'HIGH', 40 );
define( 'URGENT', 50 );
define( 'IMMEDIATE', 60 );
# severity
define( 'MINOR', 10 );
define( 'MAJOR', 20 );
define( 'BLOCK', 30 );
# project view_state
define( 'VS_PUBLIC', 10 );
define( 'VS_PRIVATE', 50 );
# direction
define( 'ASC', 101 );
define( 'DESC', 102 );
# unread status
define( 'READ', 201 );
define( 'UNREAD', 202 );
# login methods
define( 'PLAIN', 0 );
define( 'CRYPT', 1 );
define( 'CRYPT_FULL_SALT', 2 );
define( 'MD5', 3 );
define( 'LDAP', 4 );
define( 'BASIC_AUTH', 5 );
define( 'HTTP_AUTH', 6 );
// Ajout CP le 09/08/2005 : cas CVF couple authentification LDAP CVF et MD5 pour les clients
define ('CVF_AUTH', 7);
# file upload methods
define( 'DISK', 1 );
define( 'DATABASE', 2 );
define( 'FTP', 3 );
# show variable values
define( 'BOTH', 0 );
define( 'SIMPLE_ONLY', 1 );
define( 'ADVANCED_ONLY', 2 );
define( 'SIMPLE_DEFAULT', 3 );
define( 'ADVANCED_DEFAULT', 4 );
# news values
define( 'BY_LIMIT', 0 );
define( 'BY_DATE', 1 );
# all projects
define( 'ALL_PROJECTS', 0 );
# all users
define( 'ALL_USERS', 0 );
# no user
define( 'NO_USER', 0 );
# history constants
define( 'NORMAL_TYPE', 0 );
define( 'NEW_BUG', 1 );
define( 'BUGNOTE_ADDED', 2 );
define( 'BUGNOTE_UPDATED', 3 );
define( 'BUGNOTE_DELETED', 4 );
define( 'DESCRIPTION_UPDATED', 6 );
define( 'ADDITIONAL_INFO_UPDATED', 7 );
define( 'STEP_TO_REPRODUCE_UPDATED', 8 );
define( 'FILE_ADDED', 9 );
define( 'FILE_DELETED', 10 );
define( 'BUGNOTE_STATE_CHANGED', 11 );
define( 'BUG_MONITOR', 12 );
define( 'BUG_UNMONITOR', 13 );
define( 'BUG_DELETED', 14 );
define( 'BUG_ADD_SPONSORSHIP', 15 );
define( 'BUG_UPDATE_SPONSORSHIP', 16 );
define( 'BUG_DELETE_SPONSORSHIP', 17 );
define( 'BUG_ADD_RELATIONSHIP', 18 );
define( 'BUG_DEL_RELATIONSHIP', 19 );
define( 'BUG_CLONED_TO', 20 );
define( 'BUG_CREATED_FROM', 21 );
define( 'CHECKIN', 22 );
define( 'BUG_REPLACE_RELATIONSHIP', 23 );
define( 'BUG_PAID_SPONSORSHIP', 24 );
define('CUSTOM_FIELD', 25);
define( 'PRIVATE_BUGNOTE_ADDED', 26 );
define( 'PRIVATE_BUGNOTE_UPDATED', 27 );
define( 'PRIVATE_BUGNOTE_DELETED', 28 );
# bug relationship constants
define( 'BUG_DUPLICATE', 0 );
define( 'BUG_RELATED', 1 );
define( 'BUG_DEPENDANT', 2 );
define( 'BUG_BLOCKS', 3 );
define( 'BUG_HAS_DUPLICATE', 4 );
# error messages
define( 'ERROR_GENERIC', 0 );
define( 'ERROR_SQL', 1 );
define( 'ERROR_REPORT', 3 );
define( 'ERROR_NO_FILE_SPECIFIED', 4 );
define( 'ERROR_FILE_DISALLOWED', 5 );
define( 'ERROR_NO_DIRECTORY', 6 );
define( 'ERROR_DUPLICATE_FILE', 9 );
define( 'ERROR_DUPLICATE_PROJECT', 10 );
define( 'ERROR_EMPTY_FIELD', 11 );
define( 'ERROR_PROTECTED_ACCOUNT', 12 );
define( 'ERROR_ACCESS_DENIED', 13 );
define( 'ERROR_UPLOAD_FAILURE', 15 );
define( 'ERROR_FTP_CONNECT_ERROR', 16 );
define( 'ERROR_HANDLER_ACCESS_TOO_LOW', 17 );
# ERROR_CONFIG_*
define( 'ERROR_CONFIG_OPT_NOT_FOUND', 100 );
define( 'ERROR_CONFIG_OPT_INVALID', 101 );
# ERROR_GPC_*
define( 'ERROR_GPC_VAR_NOT_FOUND', 200 );
define( 'ERROR_GPC_ARRAY_EXPECTED', 201 );
define( 'ERROR_GPC_ARRAY_UNEXPECTED', 202 );
define( 'ERROR_GPC_NOT_NUMBER', 203 );
# ERROR_LANG_*
define( 'ERROR_LANG_STRING_NOT_FOUND', 300 );
# ERROR_DB_*
define( 'ERROR_DB_CONNECT_FAILED', 400 );
define( 'ERROR_DB_QUERY_FAILED', 401 );
define( 'ERROR_DB_SELECT_FAILED', 402 );
define( 'ERROR_DB_FIELD_NOT_FOUND', 403 );
# ERROR_FILE_*
define( 'ERROR_FILE_TOO_BIG', 500 );
define( 'ERROR_FILE_NOT_ALLOWED', 501 );
define( 'ERROR_FILE_DUPLICATE', 502 );
define( 'ERROR_FILE_INVALID_UPLOAD_PATH', 503 );
define( 'ERROR_FILE_NO_UPLOAD_FAILURE', 504 );
define( 'ERROR_FILE_MOVE_FAILED', 505 );
# ERROR_BUGNOTE_*
define( 'ERROR_BUGNOTE_NOT_FOUND', 600 );
# ERROR_PROJECT_*
define( 'ERROR_PROJECT_NOT_FOUND', 700 );
define( 'ERROR_PROJECT_NAME_NOT_UNIQUE', 701 );
define( 'ERROR_PROJECT_NAME_INVALID', 702 );
define( 'ERROR_PROJECT_RECURSIVE_HIERARCHY', 703 );
# ERROR_USER_*
define( 'ERROR_USER_NAME_NOT_UNIQUE', 800 );
define( 'ERROR_USER_NOT_FOUND', 801 );
define( 'ERROR_USER_PREFS_NOT_FOUND', 802 );
define( 'ERROR_USER_CREATE_PASSWORD_MISMATCH', 803 );
define( 'ERROR_USER_PROFILE_NOT_FOUND', 804 );
define( 'ERROR_USER_NAME_INVALID', 805 );
define( 'ERROR_USER_DOES_NOT_HAVE_REQ_ACCESS', 806 );
define( 'ERROR_USER_REAL_MATCH_USER', 807 );
define( 'ERROR_USER_CHANGE_LAST_ADMIN', 808 );
# ERROR_AUTH_*
define( 'ERROR_AUTH_INVALID_COOKIE', 900 );
# ERROR_NEWS_*
define( 'ERROR_NEWS_NOT_FOUND', 1000 );
# ERROR_BUG_*
define( 'ERROR_BUG_NOT_FOUND', 1100 );
define( 'ERROR_BUG_DUPLICATE_SELF', 1101 );
define( 'ERROR_BUG_RESOLVED_ACTION_DENIED', 1102 ); // @@@ obsolete, remove after lang files are sync'd
define( 'ERROR_BUG_READ_ONLY_ACTION_DENIED', 1103 );
# ERROR_EMAIL_*
define( 'ERROR_EMAIL_INVALID', 1200 );
# ERROR_CUSTOM_FIELD_*
define( 'ERROR_CUSTOM_FIELD_NOT_FOUND', 1300 );
define( 'ERROR_CUSTOM_FIELD_NAME_NOT_UNIQUE', 1301 );
define( 'ERROR_CUSTOM_FIELD_IN_USE', 1302 );
define( 'ERROR_CUSTOM_FIELD_INVALID_VALUE', 1303 );
define( 'ERROR_CUSTOM_FIELD_INVALID_DEFINITION',1304 );
# ERROR_LDAP_*
define( 'ERROR_LDAP_AUTH_FAILED', 1400 );
define( 'ERROR_LDAP_SERVER_CONNECT_FAILED', 1401 );
define( 'ERROR_LDAP_UPDATE_FAILED', 1402 );
define( 'ERROR_LDAP_USER_NOT_FOUND', 1403 );
# ERROR_CATEGORY_*
define( 'ERROR_CATEGORY_DUPLICATE', 1500 );
define( 'ERROR_CATEGORY_NO_ACTION', 1501 );
define( 'ERROR_CATEGORY_NOT_FOUND', 1502 );
# ERROR_VERSION_*
define( 'ERROR_VERSION_DUPLICATE', 1600 );
define( 'ERROR_VERSION_NOT_FOUND', 1601 );
# ERROR_SPONSORSHIP_*
define( 'ERROR_SPONSORSHIP_NOT_ENABLED', 1700 );
define( 'ERROR_SPONSORSHIP_NOT_FOUND', 1701 );
define( 'ERROR_SPONSORSHIP_AMOUNT_TOO_LOW', 1702 );
define( 'ERROR_SPONSORSHIP_HANDLER_ACCESS_LEVEL_TOO_LOW', 1703 );
define( 'ERROR_SPONSORSHIP_ASSIGNER_ACCESS_LEVEL_TOO_LOW', 1704 );
define( 'ERROR_SPONSORSHIP_SPONSOR_NO_EMAIL', 1705 );
# ERROR RELATIONSHIP
define( 'ERROR_RELATIONSHIP_ALREADY_EXISTS', 1800 );
define( 'ERROR_RELATIONSHIP_ACCESS_LEVEL_TO_DEST_BUG_TOO_LOW', 1801 );
define( 'ERROR_RELATIONSHIP_NOT_FOUND', 1802 );
define( 'ERROR_RELATIONSHIP_SAME_BUG', 1803 );
# ERROR_LOST_PASSWORD_*
define( 'ERROR_LOST_PASSWORD_NOT_ENABLED', 1900 );
define( 'ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID', 1901 );
define( 'ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED', 1902 );
define( 'ERROR_LOST_PASSWORD_NOT_MATCHING_DATA', 1903 );
define( 'ERROR_SIGNUP_NOT_MATCHING_CAPTCHA', 1904 );
define( 'ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED', 1905 );
# ERROR_FILTER_NOT_FOUND
define( 'ERROR_FILTER_NOT_FOUND', 2000 );
define( 'ERROR_FILTER_TOO_OLD', 2001 );
# Status Legend Position
define( 'STATUS_LEGEND_POSITION_TOP', 1);
define( 'STATUS_LEGEND_POSITION_BOTTOM', 2);
# Filter Position
define( 'FILTER_POSITION_NONE', 0 );
define( 'FILTER_POSITION_TOP', 1 );
define( 'FILTER_POSITION_BOTTOM', 2 );
define( 'FILTER_POSITION_BOTH', 3 ); // FILTER_POSITION_TOP | FILTER_POSITION_BOTTOM (bitwise OR)
# Flags for settings E-mail categories
define( 'EMAIL_CATEGORY_PROJECT_CATEGORY', 1);
# Custom Field types
define( 'CUSTOM_FIELD_TYPE_STRING', 0 );
define( 'CUSTOM_FIELD_TYPE_NUMERIC', 1 );
define( 'CUSTOM_FIELD_TYPE_FLOAT', 2 );
define( 'CUSTOM_FIELD_TYPE_ENUM', 3 );
define( 'CUSTOM_FIELD_TYPE_EMAIL', 4 );
define( 'CUSTOM_FIELD_TYPE_CHECKBOX', 5 );
define( 'CUSTOM_FIELD_TYPE_LIST', 6 );
define( 'CUSTOM_FIELD_TYPE_MULTILIST', 7 );
define( 'CUSTOM_FIELD_TYPE_DATE', 8 );
# Meta filter values
define( 'META_FILTER_MYSELF', -1 );
define( 'META_FILTER_NONE', -2 );
define( 'META_FILTER_ANY', 0 );
# Versions
define( 'VERSION_ALL', null );
define( 'VERSION_FUTURE', 0 );
define( 'VERSION_RELEASED', 1 );
# Contexts for bug summary
define( 'SUMMARY_CAPTION', 1 );
define( 'SUMMARY_FIELD', 2 );
define( 'SUMMARY_EMAIL', 3 );
# bugnote types
define( 'BUGNOTE', 0 );
define( 'REMINDER', 1 );
# token types
define( 'TOKEN_UNKNOWN', 0 );
define( 'TOKEN_FILTER', 1 );
define( 'TOKEN_GRAPH', 2 );
# config types
define( 'CONFIG_TYPE_INT', 1 );
define( 'CONFIG_TYPE_STRING', 2 );
define( 'CONFIG_TYPE_COMPLEX', 3 );
# Control types for date custom fields.
define( 'CUSTOM_FIELD_DATE_ANY', 0 ) ;
define( 'CUSTOM_FIELD_DATE_NONE', 1 ) ;
define( 'CUSTOM_FIELD_DATE_BETWEEN', 2 ) ;
define( 'CUSTOM_FIELD_DATE_ONORBEFORE', 3 ) ;
define( 'CUSTOM_FIELD_DATE_BEFORE', 4 ) ;
define( 'CUSTOM_FIELD_DATE_ON', 5 ) ;
define( 'CUSTOM_FIELD_DATE_AFTER', 6 ) ;
define( 'CUSTOM_FIELD_DATE_ONORAFTER', 7 ) ;
# system logging
# logging levels, can be OR'd together
define( 'LOG_EMAIL', 1 ); # all emails sent
define( 'LOG_EMAIL_RECIPIENT', 2 ); # details of email recipient determination
# COLUMNS_TARGET_*
define( 'COLUMNS_TARGET_VIEW_PAGE', 1 );
define( 'COLUMNS_TARGET_PRINT_PAGE', 2 );
define( 'COLUMNS_TARGET_CSV_PAGE', 3 );
# sponsorship "paid" values
define( 'SPONSORSHIP_UNPAID', 0 );
define( 'SPONSORSHIP_REQUESTED', 1 );
define( 'SPONSORSHIP_PAID', 2 );
?>
ldap_api.php.patch (6,039 bytes)
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details
# --------------------------------------------------------
# $Id: ldap_api.php,v 1.18 2005/02/12 20:01:17 jlatour Exp $
# --------------------------------------------------------
###########################################################################
# LDAP API
###########################################################################
# --------------------
# Connect and bind to the LDAP directory
function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
$t_ldap_server = config_get( 'ldap_server' );
$t_ldap_port = config_get( 'ldap_port' );
$t_ds = @ldap_connect ( $t_ldap_server, $t_ldap_port );
if ( $t_ds > 0 ) {
# If no Bind DN and Password is set, attempt to login as the configured
# Bind DN.
if ( is_blank( $p_binddn ) && is_blank( $p_password ) ) {
$p_binddn = config_get( 'ldap_bind_dn', '' );
$p_password = config_get( 'ldap_bind_passwd', '' );
}
if ( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) {
$t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
} else {
# Either the Bind DN or the Password are empty, so attempt an anonymous bind.
$t_br = @ldap_bind( $t_ds );
}
if ( !$t_br ) {
trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
}
} else {
trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
}
return $t_ds;
}
# --------------------
# Return an email address from LDAP, given a userid
function ldap_email( $p_user_id ) {
$t_username = user_get_field( $p_user_id, 'username' );
return ldap_email_from_username($t_username);
}
# --------------------
# Return an email address from LDAP, given a username
function ldap_email_from_username( $p_username ) {
$t_ldap_organization = config_get( 'ldap_organization' );
$t_ldap_root_dn = config_get( 'ldap_root_dn' );
$t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ;
$t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$p_username))";
$t_search_attrs = array( $t_ldap_uid_field, 'mail', 'dn' );
$t_ds = ldap_connect_bind();
$t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
$t_info = ldap_get_entries( $t_ds, $t_sr );
ldap_free_result( $t_sr );
ldap_unbind( $t_ds );
return $t_info[0]['mail'][0];
}
# --------------------
# Return true if the $uid has an assigngroup=$p_group tag, false otherwise
function ldap_has_group( $p_user_id, $p_group ) {
$t_ldap_organization = config_get( 'ldap_organization' );
$t_ldap_root_dn = config_get( 'ldap_root_dn' );
$t_username = user_get_field( $p_user_id, 'username' );
$t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ;
$t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))";
$t_search_attrs = array( $t_ldap_uid_field, 'dn', 'assignedgroup' );
$t_ds = ldap_connect_bind();
$t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
$t_entries = ldap_count_entries( $t_ds, $t_sr );
ldap_free_result( $t_sr );
ldap_unbind( $t_ds );
if ( $t_entries > 0 ) {
return true;
} else {
return false;
}
}
# --------------------
# Attempt to authenticate the user against the LDAP directory
# return true on successful authentication, false otherwise
function ldap_authenticate( $p_user_id, $p_password ) {
# if password is empty and ldap allows anonymous login, then
# the user will be able to login, hence, we need to check
# for this special case.
if ( is_blank( $p_password ) ) {
return false;
}
$t_ldap_organization = config_get( 'ldap_organization' );
$t_ldap_root_dn = config_get( 'ldap_root_dn' );
$t_username = $p_user_id;//GF user_get_field( $p_user_id, 'username' );
$t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ;
$t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
$t_search_attrs = array( $t_ldap_uid_field, 'dn' );
$t_ds = ldap_connect_bind();
# Search for the user id
#$t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
#$t_inf = ldap_get_entries( $t_ds, $t_sr );
$t_authenticated = false;
$t_sr = ldap_search ($t_ds, $t_ldap_root_dn, 'uid='.$t_username);
if ($t_sr != FALSE) {
$t_info = ldap_get_entries ($t_ds,$t_sr);
#var_dump($t_info);
// We read the salt argument from the current encrypted password
$salt = '';
$separator = '$';
$numberOccurencySeparator = 0;
$encryptedPassword = trim ($t_info[0]['userpassword'][0]);
for ($i = 0; $i < strlen ($encryptedPassword); $i ++) {
if (strcmp ($encryptedPassword [$i], $separator) == 0) {
$numberOccurencySeparator ++;
if ($numberOccurencySeparator == 3)
break;
}
$salt = $salt.$encryptedPassword [$i];
}
$password = crypt (trim ($p_password), $salt);
if (strcmp ($encryptedPassword, $password) == 0) {
$t_authenticated = true;
} else {
#error_log ('Erreur de login ou de mot de passe.');
}
}
# if ( $t_info ) {
# Try to authenticate to each until we get a match
#for ( $i = 0 ; $i < $t_info['count'] ; $i++ ) {
# $t_dn = $t_info[$i]['dn'];
# # Attempt to bind with the DN and password
# if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
# $t_authenticated = true;
# break; # Don't need to go any further
# }
#}
ldap_free_result( $t_sr );
ldap_unbind( $t_ds );
return $t_authenticated;
}
# --------------------
# Create a new user account in the LDAP Directory.
# --------------------
# Update the user's account in the LDAP Directory
# --------------------
# Change the user's password in the LDAP Directory
?>
| ||||
 |
I'm waiting for that feature. |
 |
Is this feature on 1.1.1 Mantis version? |
 |
See bug 0004235. |
|
|
Can anybody tell me how this bug is fixed? I want to use the multi login method but I don't see how. Do I need the patch posted on 0004235? Which file do I need to patch? Which g_login_method should I set? |
