[Evolvis-commits] r16: changed path to ldapextauth↵

sfromm at evolvis.org sfromm at evolvis.org
Wed May 7 15:29:16 CEST 2008


Author: sfromm
Date: 2008-05-07 13:29:15 +0000 (Wed, 07 May 2008)
New Revision: 16

Added:
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/README
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-delete.pl
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-upgrade.pl
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/db/
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/db/install_ldapextauth.sql
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/config.php
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/mapping.php
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/gforge-plugin-ldapextauth.spec
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/LdapExtAuthPlugin.class.php
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/ldapextauth-init.php
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/login.diff
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/login_old.php
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/rpm-specific/
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/rpm-specific/.keepme
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/session.diff
   trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/session_old.php
Removed:
   trunk/gforge_base/login_management/ldap/ldapextauth/
Log:
changed path to ldapextauth


Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/README
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/README	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/README	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,32 @@
+gforge-plugin-ldapextauth
+-------------------------
+
+This is the external LDAP authentication plugin for Gforge.
+
+Prerequisite:
+
+- install Perl, DBI and DBD::Pg as per Gforge's INSTALL file
+
+Installation:
+
+- files from etc/ go to /etc/gforge/plugins/ldapextauth
+- files from bin/ go to /usr/lib/gforge/plugins/ldapextauth/bin
+- files from include/ go to /usr/lib/gforge/plugins/ldapextauth/include
+
+Setup:
+
+- customise files in /etc/gforge/plugins/ldapextauth to match your
+LDAP installation (server, base DN, and mapping)
+- /usr/lib/gforge/plugins/ldapextauth/bin/db-upgrade.pl
+- /usr/lib/gforge/bin/register-plugin ldapextauth "LDAP external authentication"
+
+Voilà, you can now log into Gforge with your existing loginname and
+password.  Your account will be created the first time you log in
+(which means you can't add someone to a group before his/her first
+login).
+
+ -- Roland Mas <lolando at debian.org>, Tue May 18 22:14:54 2004
+
+Local Variables:
+mode: readme-debian
+End:

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-delete.pl
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-delete.pl	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-delete.pl	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,189 @@
+#!/usr/bin/perl -w
+#
+# $Id: db-delete.pl 2605 2004-01-18 21:47:18Z lo-lan-do $
+#
+# Debian-specific script to delete plugin-specific tables
+# Roland Mas <lolando at debian.org>
+
+use strict ;
+use diagnostics ;
+
+use DBI ;
+use MIME::Base64 ;
+use HTML::Entities ;
+
+use vars qw/$dbh @reqlist $query/ ;
+use vars qw/$sys_default_domain $sys_cvs_host $sys_download_host
+    $sys_shell_host $sys_users_host $sys_docs_host $sys_lists_host
+    $sys_dns1_host $sys_dns2_host $FTPINCOMING_DIR $FTPFILES_DIR
+    $sys_urlroot $sf_cache_dir $sys_name $sys_themeroot
+    $sys_news_group $sys_dbhost $sys_dbname $sys_dbuser $sys_dbpasswd
+    $sys_ldap_base_dn $sys_ldap_host $admin_login $admin_password
+    $server_admin $domain_name $newsadmin_groupid $statsadmin_groupid
+    $skill_list/ ;
+use vars qw/$pluginname/ ;
+
+sub is_lesser ( $$ ) ;
+sub is_greater ( $$ ) ;
+sub debug ( $ ) ;
+sub parse_sql_file ( $ ) ;
+
+require ("/usr/lib/gforge/lib/include.pl") ; # Include a few predefined functions 
+require ("/usr/lib/gforge/lib/sqlparser.pm") ; # Our magic SQL parser
+
+debug "You'll see some debugging info during this installation." ;
+debug "Do not worry unless told otherwise." ;
+
+&db_connect ;
+
+# debug "Connected to the database OK." ;
+
+$pluginname = "ldapextauth" ;
+
+$dbh->{AutoCommit} = 0;
+$dbh->{RaiseError} = 1;
+eval {
+    my ($sth, @array, $version, $action, $path, $target, $rname) ;
+
+    my $pattern = "plugin_" . $pluginname . '_%' ;
+
+    $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='v'" ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    while (@array = $sth->fetchrow_array ()) {
+	$rname = $array [0] ;
+	&drop_view_if_exists ($rname) ;
+    }
+    $sth->finish () ;
+
+    $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='r'" ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    while (@array = $sth->fetchrow_array ()) {
+	$rname = $array [0] ;
+	&drop_table_if_exists ($rname) ;
+    }
+    $sth->finish () ;
+
+    $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='i'" ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    while (@array = $sth->fetchrow_array ()) {
+	$rname = $array [0] ;
+	&drop_index_if_exists ($rname) ;
+    }
+    $sth->finish () ;
+
+    $query = "SELECT relname FROM pg_class WHERE relname LIKE '$pattern' AND relkind='s'" ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    while (@array = $sth->fetchrow_array ()) {
+	$rname = $array [0] ;
+	&drop_sequence_if_exists ($rname) ;
+    }
+    $sth->finish () ;
+
+    $dbh->commit ();
+
+
+    debug "It seems your database deletion went well and smoothly.  That's cool." ;
+    debug "Please enjoy using Debian GForge." ;
+
+    # There should be a commit at the end of every block above.
+    # If there is not, then it might be symptomatic of a problem.
+    # For safety, we roll back.
+    $dbh->rollback ();
+};
+
+if ($@) {
+    warn "Transaction aborted because $@" ;
+    debug "Transaction aborted because $@" ;
+    debug "Last SQL query was:\n$query\n(end of query)" ;
+    $dbh->rollback ;
+    debug "Please report this bug on the Debian bug-tracking system." ;
+    debug "Please include the previous messages as well to help debugging." ;
+    debug "You should not worry too much about this," ;
+    debug "your DB is still in a consistent state and should be usable." ;
+    exit 1 ;
+}
+
+$dbh->rollback ;
+$dbh->disconnect ;
+
+sub debug ( $ ) {
+    my $v = shift ;
+    chomp $v ;
+    print STDERR "$v\n" ;
+}
+
+sub drop_table_if_exists ( $ ) {
+    my $tname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$tname' AND relkind='r'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping table $tname" ;
+	$query = "DROP TABLE $tname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_sequence_if_exists ( $ ) {
+    my $sname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$sname' AND relkind='S'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping sequence $sname" ;
+	$query = "DROP SEQUENCE $sname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_index_if_exists ( $ ) {
+    my $iname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='i'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping index $iname" ;
+	$query = "DROP INDEX $iname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_view_if_exists ( $ ) {
+    my $iname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='v'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping view $iname" ;
+	$query = "DROP VIEW $iname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}


Property changes on: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-delete.pl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-upgrade.pl
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-upgrade.pl	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-upgrade.pl	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,280 @@
+#!/usr/bin/perl -w
+#
+# $Id: db-upgrade.pl 3370 2004-09-23 21:11:22Z lo-lan-do $
+#
+# Debian-specific script to upgrade the database between releases
+# Roland Mas <lolando at debian.org>
+
+use strict ;
+use diagnostics ;
+
+use DBI ;
+use MIME::Base64 ;
+use HTML::Entities ;
+
+use vars qw/$dbh @reqlist $query/ ;
+use vars qw/$sys_default_domain $sys_cvs_host $sys_download_host
+    $sys_shell_host $sys_users_host $sys_docs_host $sys_lists_host
+    $sys_dns1_host $sys_dns2_host $FTPINCOMING_DIR $FTPFILES_DIR
+    $sys_urlroot $sf_cache_dir $sys_name $sys_themeroot
+    $sys_news_group $sys_dbhost $sys_dbname $sys_dbuser $sys_dbpasswd
+    $sys_ldap_base_dn $sys_ldap_host $admin_login $admin_password
+    $server_admin $domain_name $newsadmin_groupid $statsadmin_groupid
+    $skill_list/ ;
+use vars qw/$pluginname/ ;
+
+sub is_lesser ( $$ ) ;
+sub is_greater ( $$ ) ;
+sub debug ( $ ) ;
+sub parse_sql_file ( $ ) ;
+
+require ("/usr/lib/gforge/lib/include.pl") ; # Include a few predefined functions 
+require ("/usr/lib/gforge/lib/sqlparser.pm") ; # Our magic SQL parser
+
+debug "You'll see some debugging info during this installation." ;
+debug "Do not worry unless told otherwise." ;
+
+&db_connect ;
+
+# debug "Connected to the database OK." ;
+
+$pluginname = "ldapextauth" ;
+
+$dbh->{AutoCommit} = 0;
+$dbh->{RaiseError} = 1;
+eval {
+    my ($sth, @array, $version, $path, $target) ;
+
+    &create_metadata_table ("0") ;
+
+    $dbh->commit () ;
+    
+    $version = &get_db_version ;
+    $target = "1.0" ;
+    if (is_lesser $version, $target) {
+	my @filelist = (
+			# "/usr/lib/gforge/plugins/$pluginname/lib/$pluginname-init.sql",
+			) ;
+	
+	foreach my $file (@filelist) {
+	    debug "Processing $file" ;
+	    @reqlist = @{ &parse_sql_file ($file) } ;
+	    
+	    foreach my $s (@reqlist) {
+		$query = $s ;
+		# debug $query ;
+		$sth = $dbh->prepare ($query) ;
+		$sth->execute () ;
+		$sth->finish () ;
+	    }
+	}
+	@reqlist = () ;
+	
+	&update_db_version ($target) ;
+	debug "Committing." ;
+	$dbh->commit () ;
+    }
+    
+    debug "It seems your database install/upgrade went well and smoothly.  That's cool." ;
+    debug "Please enjoy using Debian GForge." ;
+
+    # There should be a commit at the end of every block above.
+    # If there is not, then it might be symptomatic of a problem.
+    # For safety, we roll back.
+    $dbh->rollback ();
+};
+
+if ($@) {
+    warn "Transaction aborted because $@" ;
+    debug "Transaction aborted because $@" ;
+    debug "Last SQL query was:\n$query\n(end of query)" ;
+    $dbh->rollback ;
+    debug "Please report this bug on the Debian bug-tracking system." ;
+    debug "Please include the previous messages as well to help debugging." ;
+    debug "You should not worry too much about this," ;
+    debug "your DB is still in a consistent state and should be usable." ;
+    exit 1 ;
+}
+
+$dbh->rollback ;
+$dbh->disconnect ;
+
+sub is_lesser ( $$ ) {
+    my $v1 = shift || 0 ;
+    my $v2 = shift || 0 ;
+
+    my $rc = system "dpkg --compare-versions $v1 lt $v2" ;
+
+    return (! $rc) ;
+}
+
+sub is_greater ( $$ ) {
+    my $v1 = shift || 0 ;
+    my $v2 = shift || 0 ;
+
+    my $rc = system "dpkg --compare-versions $v1 gt $v2" ;
+
+    return (! $rc) ;
+}
+
+sub debug ( $ ) {
+    my $v = shift ;
+    chomp $v ;
+    print STDERR "$v\n" ;
+}
+
+sub create_metadata_table ( $ ) {
+    my $v = shift || "0" ;
+    my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+    # Do we have the metadata table?
+
+    $query = "SELECT count(*) FROM pg_class WHERE relname = '$tablename' and relkind = 'r'";
+    # debug $query ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    # Let's create this table if we have it not
+
+    if ($array [0] == 0) {
+	debug "Creating $tablename table." ;
+	$query = "CREATE TABLE $tablename (key varchar primary key, value text not null)" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+
+    $query = "SELECT count(*) FROM $tablename WHERE key = 'db-version'";
+    # debug $query ;
+    $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    # Empty table?  We'll have to fill it up a bit
+
+    if ($array [0] == 0) {
+	debug "Inserting first data into $tablename table." ;
+	$query = "INSERT INTO $tablename (key, value) VALUES ('db-version', '$v')" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub update_db_version ( $ ) {
+    my $v = shift or die "Not enough arguments" ;
+    my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+
+    debug "Updating $tablename table." ;
+    $query = "UPDATE $tablename SET value = '$v' WHERE key = 'db-version'" ;
+    # debug $query ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    $sth->finish () ;
+}
+
+sub get_db_version () {
+    my $tablename = "plugin_" .$pluginname . "_meta_data" ;
+
+    $query = "SELECT value FROM $tablename WHERE key = 'db-version'" ;
+    # debug $query ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    my $version = $array [0] ;
+
+    return $version ;
+}
+
+sub drop_table_if_exists ( $ ) {
+    my $tname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$tname' AND relkind='r'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping table $tname" ;
+	$query = "DROP TABLE $tname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_sequence_if_exists ( $ ) {
+    my $sname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$sname' AND relkind='S'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping sequence $sname" ;
+	$query = "DROP SEQUENCE $sname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_index_if_exists ( $ ) {
+    my $iname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='i'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping index $iname" ;
+	$query = "DROP INDEX $iname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub drop_view_if_exists ( $ ) {
+    my $iname = shift or die  "Not enough arguments" ;
+    $query = "SELECT count(*) FROM pg_class WHERE relname='$iname' AND relkind='v'" ;
+    my $sth = $dbh->prepare ($query) ;
+    $sth->execute () ;
+    my @array = $sth->fetchrow_array () ;
+    $sth->finish () ;
+
+    if ($array [0] != 0) {
+	# debug "Dropping view $iname" ;
+	$query = "DROP VIEW $iname" ;
+	# debug $query ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	$sth->finish () ;
+    }
+}
+
+sub bump_sequence_to ( $$ ) {
+    my ($sth, @array, $seqname, $targetvalue) ;
+
+    $seqname = shift ;
+    $targetvalue = shift ;
+
+    do {
+	$query = "select nextval ('$seqname')" ;
+	$sth = $dbh->prepare ($query) ;
+	$sth->execute () ;
+	@array = $sth->fetchrow_array () ;
+	$sth->finish () ;
+    } until $array[0] >= $targetvalue ;
+}


Property changes on: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/bin/db-upgrade.pl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/db/install_ldapextauth.sql
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/db/install_ldapextauth.sql	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/db/install_ldapextauth.sql	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1 @@
+INSERT INTO plugins (plugin_name,plugin_desc) VALUES ('ldapextauth','LDAP Auth. Plugin');

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/config.php
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/config.php	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/config.php	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,18 @@
+<?php
+
+// The three following are to remove warning, they should not be necessary, only for compatibility reason
+$sys_ldap_dn = "";
+$sys_ldap_server = "";
+$sys_ldap_port = "";
+$base_dn = "dc=users,dc=example,dc=com" ;
+$ldap_server = "ldap.example.com" ;
+$ldap_kind=""; // Std Directory server
+//$ldap_kind="AD"; // Active Directory server
+$ldap_port=389;
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/mapping.php
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/mapping.php	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/etc/plugins/ldapextauth/mapping.php	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,40 @@
+<?php
+
+function plugin_ldapextauth_mapping ($entry) {
+	global $Language;
+	$result = array () ;
+	
+	$result['firstname'] = $entry['givenname'][0] ;
+	$result['lastname'] = $entry['sn'][0] ;
+	$result['email'] = $entry['uid'][0] . '@' . $GLOBALS['sys_default_domain'] ;
+	//$result['email'] = $entry['mail'][0] ; // AD
+	// You may also want to customise $result['language_id']
+	//$result['language_id']=$Language->getLanguageId();
+	// You may also want to customise $result['timezone']
+	//$result['timezone']=$GLOBALS['sys_default_timezone'];
+	// You may also want to customise $result['jabber_address']
+	// You may also want to customise $result['address']
+	// You may also want to customise $result['address2']
+	// You may also want to customise $result['phone']
+	//$result['phone'] = $entry['telephonenumber'][0]; //AD
+	// You may also want to customise $result['fax']
+	// You may also want to customise $result['title']
+	// You may also want to customise $result['ccode']
+	//$result['ccode']=$GLOBALS['sys_default_country_code'];
+	// You may also want to customise $result['themeid']
+	$result['themeid']=$GLOBALS['sys_default_theme_id'];
+	
+	return $result ;
+}
+
+function plugin_ldapextauth_getdn ($plugin, $username) {
+	return "uid=$username," . $plugin->base_dn ;
+	//return 'DOMAIN\\' . "$username" ; // AD
+}
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/gforge-plugin-ldapextauth.spec
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/gforge-plugin-ldapextauth.spec	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/gforge-plugin-ldapextauth.spec	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,118 @@
+%define plugin		ldapextauth
+%{!?release:%define release 1}
+
+Summary: LDAP external authentication plugin for GForge CDE
+Name: gforge-plugin-%{plugin}
+Version: 4.1
+Release: %{release}
+BuildArch: noarch
+License: GPL
+Group: Development/Tools
+Source0: %{name}-%{version}.tar.bz2
+AutoReqProv: off
+Requires: gforge >= 4.0
+URL: http://www.gforge.org
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
+
+%define gfuser			gforge
+%define gfgroup			gforge
+
+%if "%{_vendor}" == "suse"
+	%define httpduser		wwwrun
+	%define httpdgroup		www
+Requires: php5-ldap
+%else
+	%define httpduser		apache
+	%define httpdgroup		apache
+Requires: php-ldap
+%endif
+
+#Globals defines for gforge
+%define GFORGE_DIR		%{_datadir}/gforge
+%define GFORGE_CONF_DIR		%{_sysconfdir}/gforge
+%define GFORGE_LANG_DIR		%{GFORGE_CONF_DIR}/languages-local
+%define GFORGE_SBIN_DIR		%{_sbindir}
+%define GFORGE_LIB_DIR		%{_libdir}/gforge/lib
+%define GFORGE_DB_DIR		%{_libdir}/gforge/db
+%define GFORGE_BIN_DIR		%{_libdir}/gforge/bin
+%define PLUGINS_LIB_DIR		%{_libdir}/gforge/plugins
+%define PLUGINS_CONF_DIR	%{GFORGE_CONF_DIR}/plugins
+%define CROND_DIR		%{_sysconfdir}/cron.d
+
+#specific define for plugins
+%define PLUGIN_LIB_DIR		%{PLUGINS_LIB_DIR}/%{plugin}
+%define PLUGIN_CONF_DIR		%{PLUGINS_CONF_DIR}/%{plugin}
+
+%description
+GForge CDE is a web-based Collaborative Development Environment offering
+easy access to CVS, mailing lists, bug tracking, message
+boards/forums, task management, permanent file archival, and total
+web-based administration.
+
+This RPM installs LDAP external authentication plugin for GForge CDE.
+
+%prep
+%setup
+
+%build
+
+%install
+# cleaning build environment
+[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
+
+# copying all needed stuff to %{PLUGIN_LIB_DIR}
+install -m 755 -d $RPM_BUILD_ROOT/%{PLUGIN_LIB_DIR}
+for dir in bin include rpm-specific ; do
+        cp -rp $dir $RPM_BUILD_ROOT/%{PLUGIN_LIB_DIR}/
+done;
+chmod 755 $RPM_BUILD_ROOT/%{PLUGIN_LIB_DIR}/bin/db-*.pl
+
+# installing configuration file
+install -m 755 -d $RPM_BUILD_ROOT/%{PLUGIN_CONF_DIR}
+cp -p etc/plugins/%{plugin}/* $RPM_BUILD_ROOT/%{PLUGIN_CONF_DIR}/
+
+%pre
+
+%post
+if [ "$1" = "1" ] ; then
+	# register plugin in database
+	%{GFORGE_BIN_DIR}/register-plugin %{plugin} "LDAP external authentication" &> /dev/null
+	# su -l %{gfuser} -c "%{PLUGIN_LIB_DIR}/bin/db-upgrade.pl 2>&1" | grep -v ^NOTICE
+else
+	# upgrade
+	#su -l %{gfuser} -c "%{PLUGIN_LIB_DIR}/bin/db-upgrade.pl 2>&1" | grep -v ^NOTICE
+	:
+fi
+
+%postun
+if [ "$1" = "0" ] ; then
+	# unregister plugin in database
+	%{GFORGE_BIN_DIR}/unregister-plugin %{plugin}
+	#su -l %{gfuser} -c "%{PLUGIN_LIB_DIR}/bin/db-delete.pl 2>&1" | grep -v ^NOTICE
+else
+	# upgrade
+	:
+fi
+
+%clean
+[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-, root, root)
+%doc README
+%attr(0660, %{httpduser}, %{gfgroup}) %config(noreplace) %{PLUGIN_CONF_DIR}/config.php
+%attr(0660, %{httpduser}, %{gfgroup}) %config(noreplace) %{PLUGIN_CONF_DIR}/mapping.php
+%{PLUGIN_LIB_DIR}/bin
+%{PLUGIN_LIB_DIR}/include
+%{PLUGIN_LIB_DIR}/rpm-specific
+
+%changelog
+* Fri Apr 29 2005 Xavier Rameau <xrameau at gmail.com>
+- Added support for SuSE
+* Thu Mar 03 2005 Guillaume Smet <guillaume-gforge at smet.org>
+- config files have moved
+* Sat Feb 19 2005 Guillaume Smet <guillaume-gforge at smet.org>
+- 4.1
+- redirects register-plugin output to /dev/null
+* Fri Nov 26 2004  Dassault Aviation <guillaume.smet at openwide.fr>
+Initial RPM packaging

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/LdapExtAuthPlugin.class.php
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/LdapExtAuthPlugin.class.php	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/LdapExtAuthPlugin.class.php	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,223 @@
+<?php
+/** External authentication via LDAP for Gforge
+ * Copyright 2003 Roland Mas <lolando at debian.org>
+ * Copyright 2004 Roland Mas <roland at gnurandal.com> 
+ *                The Gforge Group, LLC <http://gforgegroup.com/>
+ * Copyright 2004 Christian Bayle <bayle at debian.org> 
+ *
+ * This file is not part of Gforge
+ *
+ * This plugin, like Gforge, is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * GForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  US
+ */
+
+require_once('plugins/ldapextauth/mapping.php') ;
+
+class LdapextauthPlugin extends Plugin {
+	function LdapextauthPlugin () {
+		$this->Plugin() ;
+		$this->name = "ldapextauth";
+		$this->hooks[] = "session_before_login";
+		
+		$this->ldap_conn = false ;
+
+		require_once('plugins/ldapextauth/config.php') ;
+                $this->base_dn = $sys_ldap_dn ;
+		$this->ldap_server = $sys_ldap_server ;
+		$this->ldap_port = $sys_ldap_port ;
+		if ($base_dn) {
+			$this->base_dn = $base_dn ;
+		}
+		if ($ldap_server) {
+			$this->ldap_server = $ldap_server ;
+		}
+		if ($ldap_port) {
+			$this->ldap_port = $ldap_port ;
+		}
+		if ($ldap_kind) {
+			$this->ldap_kind = $ldap_kind ;
+		}
+	}
+	
+	function CallHook ($hookname, $params) {
+		global $HTML ;
+		
+		$loginname = $params['loginname'] ;
+		$passwd = $params['passwd'] ;
+		
+		switch ($hookname) {
+		case "session_before_login":
+			// Authenticate against LDAP
+			$this->AuthUser ($loginname, $passwd) ;
+			break;
+		case "blah":
+			// Should not happen
+			break;
+		default:
+			// Forgot something
+		}
+	}
+
+	function AuthUser ($loginname, $passwd) {
+		global $feedback;
+	
+		if  (!function_exists ( "ldap_connect" )) {
+			return false;
+		}
+
+		if (!$this->ldap_conn) {
+			$this->ldap_conn = ldap_connect ($this->ldap_server,
+							 $this->ldap_port);
+		}
+		if ($GLOBALS['sys_ldap_version']) {
+			ldap_set_option ($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $GLOBALS['sys_ldap_version']);
+		}
+		$dn = plugin_ldapextauth_getdn ($this, $loginname) ;
+		if(empty($dn)) {
+			$GLOBALS['ldap_auth_failed']=true;
+			return false;
+		}
+
+		$u = user_get_object_by_name ($loginname) ;
+		if ($u) {
+			// User exists in DB
+			if (@ldap_bind($this->ldap_conn, $dn, $passwd)) {
+				// Password from form is valid in LDAP
+				if (session_login_valid_dbonly ($loginname, $passwd, false)) {
+					// Also according to DB
+					$GLOBALS['ldap_auth_failed']=false;
+					return true ;
+				} else {
+					// Passwords mismatch, update DB's
+					$u->setPasswd ($passwd) ;
+					$GLOBALS['ldap_auth_failed']=false;
+					return true ;
+				}
+			} else {
+				// Wrong password according to LDAP
+				$feedback=_('Invalid Password Or User Name');
+				$GLOBALS['ldap_auth_failed']=true;
+				return false ;
+			}
+		} else {
+			// User doesn't exist in DB yet
+			if (@ldap_bind($this->ldap_conn, $dn, $passwd)) {
+				// User authenticated
+				// Now get her info
+				if ($this->ldap_kind=="AD"){
+					$res = ldap_search ($this->ldap_conn, $this->base_dn, "sAMAccountName=".$loginname) ;
+				} else {
+					$res = ldap_read ($this->ldap_conn, $dn, "objectclass=*") ;
+				}
+				$info = ldap_get_entries ($this->ldap_conn,$res);
+				$ldapentry = $info[0] ;
+				
+				$mappedinfo = plugin_ldapextauth_mapping ($ldapentry) ;
+				
+				// Insert into DB
+				$u = new User () ;
+
+				$unix_name = $loginname ;
+				$firstname = '' ;
+				$lastname = '' ;
+				$password1 = $passwd ;
+				$password2 = $passwd ;
+				$email = '' ;
+				$mail_site = 1 ;
+				$mail_va = 0 ;
+				$language_id = 1 ;
+				$timezone = 'GMT' ;
+				$jabber_address = '' ;
+				$jabber_only = 0 ;
+				$theme_id = 1 ;
+				$unix_box = '' ;
+				$address = '' ;
+				$address2 = '' ;
+				$phone = '' ;
+				$fax = '' ;
+				$title = '' ;
+				$ccode = 'US' ;
+				$send_mail = false ;
+
+				if ($mappedinfo['firstname']) {
+					$firstname = $mappedinfo['firstname'] ;
+				}
+				if ($mappedinfo['lastname']) {
+					$lastname = $mappedinfo['lastname'] ;
+				}
+				if ($mappedinfo['email']) {
+					$email = $mappedinfo['email'] ;
+				}
+				if ($mappedinfo['language_id']) {
+					$language_id = $mappedinfo['language_id'] ;
+				}
+				if ($mappedinfo['timezone']) {
+					$timezone = $mappedinfo['timezone'] ;
+				}
+				if ($mappedinfo['jabber_address']) {
+					$jabber_address = $mappedinfo['jabber_address'] ;
+				}
+				if ($mappedinfo['address']) {
+					$address = $mappedinfo['address'] ;
+				}
+				if ($mappedinfo['address2']) {
+					$address2 = $mappedinfo['address2'] ;
+				}
+				if ($mappedinfo['phone']) {
+					$phone = $mappedinfo['phone'] ;
+				}
+				if ($mappedinfo['fax']) {
+					$fax = $mappedinfo['fax'] ;
+				}
+				if ($mappedinfo['title']) {
+					$title = $mappedinfo['title'] ;
+				}
+				if ($mappedinfo['ccode']) {
+					$ccode = $mappedinfo['ccode'] ;
+				}
+				if ($mappedinfo['themeid']) {
+					$theme_id = $mappedinfo['themeid'] ;
+				}
+
+				if (!$u->create ($unix_name,$firstname,$lastname,$password1,$password2,$email,
+					    $mail_site,$mail_va,$language_id,$timezone,$jabber_address,$jabber_only,$theme_id,
+					    $unix_box, $address, $address2, $phone, $fax, $title, $ccode, $send_mail)) {
+					$GLOBALS['ldap_auth_failed']=true;
+					$feedback = "<br>Error Creating User: ".$u->getErrorMessage();
+					return false;
+				}
+
+				if (!$u->setStatus ('A')) {
+					$GLOBALS['ldap_auth_failed']=true;
+					$feedback = "<br>Error Activating User: ".$u->getErrorMessage();
+					return false;
+				}
+				$GLOBALS['ldap_auth_failed']=false;
+				$GLOBALS['ldap_first_login']=true;
+				return true ;
+			} else {
+				$GLOBALS['ldap_auth_failed']=true;
+				$feedback=_('Invalid Password Or User Name');
+				return false ; // Probably ignored, but just in case
+			}
+		}
+	}
+}
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/ldapextauth-init.php
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/ldapextauth-init.php	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/include/ldapextauth-init.php	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,35 @@
+<?php
+/** External authentication via LDAP for Gforge
+ * Copyright 2003 Roland Mas <lolando at debian.org>
+ * Copyright 2004 Roland Mas <roland at gnurandal.com> 
+ *                The Gforge Group, LLC <http://gforgegroup.com/>
+ *
+ * This file is not part of Gforge
+ *
+ * This plugin, like Gforge, is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * GForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  US
+ */
+
+require_once ($GLOBALS['sys_plugins_path'].'/ldapextauth/include/LdapExtAuthPlugin.class.php') ;
+
+$LdapExtAuthPluginObject = new LdapExtAuthPlugin ;
+
+register_plugin ($LdapExtAuthPluginObject) ;
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/login.diff
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/login.diff	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/login.diff	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,30 @@
+--- /var/www/gforge-4.0.2/www/account/login.php	2004-12-15 10:11:38.000000000 -0800
++++ login.php	2004-11-01 09:51:19.000000000 -0800
+@@ -60,15 +60,19 @@
+ if ($login) {
+ 	$success=session_login_valid(strtolower($form_loginname),$form_pw);
+ 	if ($success) {
+-		/*
+-			You can now optionally stay in SSL mode
+-		*/
+-		if ($return_to) {
+-			header ("Location: " . $return_to);
+-			exit;
++		if ($GLOBALS['ldap_first_login']) {
++			header ("Location: /account/");
+ 		} else {
+-			header ("Location: /my/");
+-			exit;
++			/*
++				You can now optionally stay in SSL mode
++			*/
++			if ($return_to) {
++				header ("Location: " . $return_to);
++				exit;
++			} else {
++				header ("Location: /my/");
++				exit;
++			}
+ 		}
+ 	}
+ }

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/login_old.php
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/login_old.php	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/login_old.php	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,129 @@
+<?php
+/**
+ * GForge login page
+ *
+ * This is main login page. It takes care of different account states
+ * (by disallowing logging in with non-active account, with appropriate
+ * notice).
+ *
+ * Copyright 1999-2001 (c) VA Linux Systems
+ *
+ * @version   $Id: login.php 4591 2005-08-28 14:51:51Z ogi $
+ *
+ * This file is part of GForge.
+ *
+ * GForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT"); 
+Header( "Cache-Control: no-cache"); 
+Header( "Cache-Control: must-revalidate"); 
+
+require_once('pre.php');
+
+//
+//	Validate return_to
+//
+if ($return_to) {
+	$tmpreturn=explode('?',$return_to);
+	if (!@is_file($sys_urlroot.$tmpreturn[0]) && 
+	    !@is_dir($sys_urlroot.$tmpreturn[0]) && 
+	    !(strpos($tmpreturn[0],'projects') == 1) && 
+	    !(strpos($tmpreturn[0], "/frs/download.php") == 0)) {
+		$return_to='';
+	}
+}
+
+if ($sys_use_ssl && !session_issecure()) {
+	//force use of SSL for login
+	header('Location: https://'.$HTTP_HOST.$REQUEST_URI);
+}
+
+// Decide login button based on session.
+if (session_issecure()) {
+    $login_button = $Language->getText('account_login', 'login_ssl');
+} else {
+    $login_button = $Language->getText('account_login', 'login'); 
+}
+
+// ###### first check for valid login, if so, redirect
+
+if ($login) {
+	$success=session_login_valid(strtolower($form_loginname),$form_pw);
+	if ($success) {
+		/*
+			You can now optionally stay in SSL mode
+		*/
+		if ($return_to) {
+			header ("Location: " . $return_to);
+			exit;
+		} else {
+			header ("Location: /my/");
+			exit;
+		}
+	}
+}
+
+if ($session_hash) {
+	//nuke their old session
+	session_logout();
+}
+
+//echo "\n\n$session_hash";
+//echo "\n\nlogged in: ".session_loggedin();
+
+$HTML->header(array('title'=>'Login','pagename'=>'account_login'));
+
+if ($login && !$success) {
+		
+	// Account Pending
+	if ($userstatus == "P") {
+		$feedback = $Language->getText('account_login', 'pending_account', array(htmlspecialchars($form_loginname)));
+	} else {
+		if ($userstatus == "D") {
+			$feedback .= '<br />'.$Language->getText('account_login', 'deleted_account', $GLOBALS['sys_name']);
+		}
+	}
+	html_feedback_top($feedback);
+}
+
+?>
+	
+<p>
+<span style="color:red"><strong><?php echo $Language->getText('account_login', 'cookiewarn'); ?></strong></span>
+</p>
+<form action="<?php echo $PHP_SELF; ?>" method="post">
+<input type="hidden" name="return_to" value="<?php echo htmlspecialchars(stripslashes($return_to)); ?>" />
+<p>
+<?php echo $Language->getText('account_login', 'loginname'); ?>
+<br /><input type="text" name="form_loginname" value="<?php echo htmlspecialchars(stripslashes($form_loginname)); ?>" />
+</p>
+<p>
+<?php echo $Language->getText('account_login', 'passwd'); ?>
+<br /><input type="password" name="form_pw" />
+</p>
+<p>
+<input type="submit" name="login" value="<?php echo $login_button; ?>" />
+</p>
+</form>
+<p><a href="lostpw.php"><?php echo $Language->getText('account_login', 'lostpw'); ?></a></p>
+<p><a href="register.php"><?php echo $Language->getText('account_login', 'newaccount'); ?></a></p>
+<p><a href="pending-resend.php"><?php echo $Language->getText('account_login','resend_pending'); ?></a>
+
+<?php
+
+$HTML->footer(array());
+
+?>

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/rpm-specific/.keepme
===================================================================

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/session.diff
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/session.diff	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/session.diff	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,23 @@
+--- session.php.orig	2004-12-15 10:11:37.000000000 -0800
++++ session.php	2004-12-15 11:52:55.000000000 -0800
+@@ -133,7 +133,19 @@
+ 	$hook_params['passwd'] = $passwd ;
+ 	plugin_hook ("session_before_login", $hook_params) ;
+ 
+-	return session_login_valid_dbonly ($loginname, $passwd, $allowpending) ;
++	if ($GLOBALS['ldap_auth_failed']) {
++		return false;
++	} elseif ($GLOBALS['ldap_first_login']) {
++		if (session_login_valid_dbonly ($loginname, $passwd, $allowpending)) {
++			header("Location: /account/");
++			return true;
++		} else {
++			return false;
++		}
++	} else {
++		return session_login_valid_dbonly ($loginname, $passwd, $allowpending) ;
++	}
++
+ }
+ 
+ function session_login_valid_dbonly ($loginname, $passwd, $allowpending) {

Added: trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/session_old.php
===================================================================
--- trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/session_old.php	                        (rev 0)
+++ trunk/gforge_base/gforge_plugins/gforge-plugin-ldapextauth/session_old.php	2008-05-07 13:29:15 UTC (rev 16)
@@ -0,0 +1,522 @@
+<?php
+/**
+ * SourceForge Session Module
+ *
+ * Copyright 1999-2001 (c) VA Linux Systems
+ *
+ * @version   $Id: session.php 5588 2006-06-28 13:30:08Z federicot $
+ *
+ * This file is part of GForge.
+ *
+ * GForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+require_once('common/include/account.php');
+
+/**
+ * A User object if user is logged in
+ *
+ * @var	constant		$G_SESSION
+ */
+$G_SESSION = false;
+
+/**
+ *	session_build_session_cookie() - Construct session cookie for the user
+ *
+ *	@param		int		User_id of the logged in user
+ *	@return cookie value
+ */
+function session_build_session_cookie($user_id) {
+	$session_serial = $user_id.'-*-'.time().'-*-'.$GLOBALS['REMOTE_ADDR'].'-*-'.$GLOBALS['HTTP_USER_AGENT'];
+	$session_serial_hash = md5($session_serial.$GLOBALS['sys_session_key']);
+	$session_serial_cookie = base64_encode($session_serial).'-*-'.$session_serial_hash;
+	return $session_serial_cookie;
+}
+
+/**
+ *	session_get_session_cookie_hash() - Get hash of session cookie
+ *
+ *	This hash can be used as a key to identify session, e.g. in DB.
+ *
+ *	@param		string	Value of the session cookie
+ *	@return hash
+ */
+function session_get_session_cookie_hash($session_cookie) {
+	list ($junk, $hash) = explode('-*-', $session_cookie);
+	return $hash;
+}
+
+/**
+ *	session_check_session_cookie() - Check that session cookie passed from user is ok
+ *
+ *	@param		string	Value of the session cookie
+ *	@return user_id if cookie is ok, false otherwise
+ */
+function session_check_session_cookie($session_cookie) {
+
+	list ($session_serial, $hash) = explode('-*-', $session_cookie);
+	$session_serial = base64_decode($session_serial);
+	$new_hash = md5($session_serial.$GLOBALS['sys_session_key']);
+
+	if ($hash != $new_hash) {
+		return false;
+	}
+
+	list($user_id, $time, $ip, $user_agent) = explode('-*-', $session_serial, 4);
+
+	if (!session_check_ip($ip, $GLOBALS['REMOTE_ADDR'])) {
+		return false;
+	}
+	if (trim($user_agent) != $GLOBALS['HTTP_USER_AGENT']) {
+		return false;
+	}
+	if ($time - time() >= $GLOBALS['sys_session_expire']) {
+		return false;
+	}
+
+	return $user_id;
+}
+
+/**
+ *	session_logout() - Log the user off the system.
+ *
+ *	This function destroys object associated with the current session,
+ *	making user "logged out".  Deletes both user and session cookies.
+ *
+ *	@return true/false
+ *
+ */
+function session_logout() {
+
+	// delete both session and username cookies
+	// NB: cookies must be deleted with the same scope parameters they were set with
+	//
+	session_cookie('session_ser', '');
+	return true;
+}
+
+/**
+ *	session_login_valid() - Log the user to the system.
+ *
+ *	High-level function for user login. Check credentials, and if they
+ *	are valid, open new session.
+ *
+ *	@param		string	User name
+ *	@param		string	User password (in clear text)
+ *	@param		bool	Allow login to non-confirmed user account (only for confirmation of the very account)
+ *	@return true/false, if false reason is in global $feedback
+ *	@access public
+ *
+ */
+function session_login_valid($loginname, $passwd, $allowpending=0)  {
+	global $feedback,$Language;
+
+	if (!$loginname || !$passwd) {
+		$feedback = $Language->getText('session','missingpasswd');
+		return false;
+	}
+
+	$hook_params = array () ;
+	$hook_params['loginname'] = $loginname ;
+	$hook_params['passwd'] = $passwd ;
+	plugin_hook ("session_before_login", $hook_params) ;
+
+	return session_login_valid_dbonly ($loginname, $passwd, $allowpending) ;
+}
+
+function session_login_valid_dbonly ($loginname, $passwd, $allowpending) {
+	global $feedback,$userstatus,$Language;
+
+	//  Try to get the users from the database using user_id and (MD5) user_pw
+	$res = db_query("
+		SELECT user_id,status,unix_pw
+		FROM users
+		WHERE user_name='$loginname' 
+		AND user_pw='".md5($passwd)."'
+	");
+	if (!$res || db_numrows($res) < 1) {
+		// No user whose MD5 passwd matches the MD5 of the provided passwd
+		// Selecting by user_name only
+		$res = db_query("SELECT user_id,status,unix_pw
+					FROM users
+					WHERE user_name='$loginname'");
+		if (!$res || db_numrows($res) < 1) {
+			// No user by that name
+			$feedback=$Language->getText('session','invalidpasswd');
+			return false;
+		} else {
+			// There is a user with the provided user_name, but the MD5 passwds do not match
+			// We'll have to try checking the (crypt) unix_pw
+			$usr = db_fetch_array($res);
+
+			if (crypt ($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
+				// Even the (crypt) unix_pw does not patch
+				// This one has clearly typed a bad passwd
+				$feedback=$Language->getText('session','invalidpasswd');
+				return false;
+			}
+			// User exists, (crypt) unix_pw matches
+			// Update the (MD5) user_pw and retry authentication
+			// It should work, except for status errors
+			$res = db_query ("UPDATE users
+				SET user_pw='" . md5($passwd) . "'
+				WHERE user_id='".$usr['user_id']."'");
+			return session_login_valid_dbonly($loginname, $passwd, $allowpending) ;
+		}
+	} else {
+		// If we're here, then the user has typed a password matching the (MD5) user_pw
+		// Let's check whether it also matches the (crypt) unix_pw
+		$usr = db_fetch_array($res);
+
+		if (crypt ($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
+			// The (crypt) unix_pw does not match
+			if ($usr['unix_pw'] == '') {
+				// Empty unix_pw, we'll take the MD5 as authoritative
+				// Update the (crypt) unix_pw and retry authentication
+				// It should work, except for status errors
+				$res = db_query ("UPDATE users
+					SET unix_pw='" . account_genunixpw($passwd) . "'
+					WHERE user_id='".$usr['user_id']."'");
+				return session_login_valid_dbonly($loginname, $passwd, $allowpending) ;
+			} else {
+				// Invalidate (MD5) user_pw, refuse authentication
+				$res = db_query ("UPDATE users
+					SET user_pw='OUT OF DATE'
+					WHERE user_id='".$usr['user_id']."'");
+				$feedback=$Language->getText('session','invalidpasswd');
+				return false;
+			}
+		}
+
+		// Yay.  The provided password matches both fields in the database.
+		// Let's check the status of this user
+
+		// if allowpending (for verify.php) then allow
+		$userstatus=$usr['status'];
+		if ($allowpending && ($usr['status'] == 'P')) {
+			//1;
+		} else {
+			if ($usr['status'] == 'S') { 
+				//acount suspended
+				$feedback = $Language->getText('session','suspended');
+				return false;
+			}
+			if ($usr['status'] == 'P') { 
+				//account pending
+				$feedback = $Language->getText('session','pending');
+				return false;
+			} 
+			if ($usr['status'] == 'D') { 
+				//account deleted
+				$feedback = $Language->getText('session','deleted');
+				return false;
+			}
+			if ($usr['status'] != 'A') {
+				//unacceptable account flag
+				$feedback = $Language->getText('session','notactive');
+				return false;
+			}
+		}
+		//create a new session
+		session_set_new(db_result($res,0,'user_id'));
+
+		return true;
+	}
+}
+
+/**
+ *	session_check_ip() - Check 2 IP addresses for match
+ *
+ *	This function checks that IP addresses match with the
+ *	given fuzz factor (within 255.255.0.0 subnet).
+ *
+ *	@param		string	The old IP address
+ *	@param		string	The new IP address
+ *	@return true/false
+ *	@access private
+ */
+function session_check_ip($oldip,$newip) {
+	$eoldip = explode(".",$oldip);
+	$enewip = explode(".",$newip);
+
+	// ## require same class b subnet
+	if (($eoldip[0]!=$enewip[0])||($eoldip[1]!=$enewip[1])) {
+		return 0;
+	} else {
+		return 1;
+	}
+}
+
+/**
+ *	session_issecure() - Check if current session is secure
+ *
+ *	@return true/false
+ *	@access public
+ */
+function session_issecure() {
+	global $HTTP_SERVER_VARS;
+	return (strtoupper($HTTP_SERVER_VARS['HTTPS']) == "ON");
+}
+
+/**
+ *	session_cookie() - Set a session cookie
+ *
+ *	Set a cookie with default temporal scope of the current browser session
+ *	and URL space of the current webserver
+ *
+ *	@param		string	Name of cookie
+ *	@param		string	Value of cookie
+ *	@param		string	Domain scope (default '')
+ *	@param		string	Expiration time in UNIX seconds (default 0)
+ *	@return true/false
+ */
+function session_cookie($name ,$value, $domain = '', $expiration = 0) {
+	if ( $expiration != 0){
+		setcookie($name, $value, time() + $expiration, '/', $domain, 0);
+	} else {
+		setcookie($name, $value, $expiration, '/', $domain, 0);
+	}
+}
+
+/**
+ *	session_redirect() - Redirect browser within the site
+ *
+ *	@param		string	Absolute path within the site
+ *	@return never returns
+ */
+function session_redirect($loc) {
+	header('Location: http' . (session_issecure()?'s':'') . '://' . getStringFromServer('HTTP_HOST') . $loc);
+	print("\n\n");
+	exit;
+}
+
+/**
+ *	session_require() - Convenience function to easily enforce permissions
+ *
+ *	Calling page will terminate with error message if current user
+ *	fails checks.
+ *
+ *	@param		array	Associative array specifying criteria
+ *	@param		string	Override error string (optional)
+ *	@return does not return if check is failed
+ *
+ */
+function session_require($req,$xreason='') {
+	if (!session_loggedin()) {
+		exit_not_logged_in();	
+	}
+
+	if ($req['group']) {
+		$group =& group_get_object($req['group']);
+		if (!$group || !is_object($group)) {
+			exit_error('Error',$xreason == '' ? 'Could Not Get Group' : $xreason);
+		} elseif ($group->isError()) {
+			exit_error('Error',$xreason == '' ? $group->getErrorMessage() : $xreason);
+		}
+
+		$perm =& $group->getPermission( session_get_user() );
+		if (!$perm || !is_object($perm) || $perm->isError()) {
+			exit_permission_denied($xreason);
+		}
+
+		if ($req['admin_flags']) {
+			if (!$perm->isAdmin()) {
+				exit_permission_denied($xreason);
+			}
+		} else {
+			if (!$perm->isMember()) {
+				exit_permission_denied($xreason);
+			}
+		}
+	} else if ($req['isloggedin']) {
+		//no need to check as long as the check is present at top of function
+	} else {
+		exit_permission_denied($xreason);
+	}
+}
+
+/**
+ *	session_set_new() - Setup session for the given user
+ *
+ *	This function sets up SourceForge session for the given user,
+ *	making one be "logged in".
+ *
+ *	@param		int		The user ID
+ *	@return none
+ */
+function session_set_new($user_id) {
+	global $G_SESSION,$session_ser,$Language;
+
+	// set session cookie
+  //
+	$cookie = session_build_session_cookie($user_id);
+	session_cookie("session_ser", $cookie, "", $GLOBALS['sys_session_expire']);
+	$session_ser=$cookie;
+
+	db_query("
+		INSERT INTO user_session (session_hash, ip_addr, time, user_id) 
+		VALUES (
+			'".session_get_session_cookie_hash($cookie)."', 
+			'".$GLOBALS['REMOTE_ADDR']."',
+			'".time()."',
+			$user_id
+		)
+	");
+
+	// check uniqueness of the session_hash in the database
+	// 
+	$res = session_getdata($user_id);
+
+	if (!$res || db_numrows($res) < 1) {
+		exit_error($Language->getText('global','error'),$Language->getText('session','cannotinit').": ".db_error());
+	} else {
+
+		//set up the new user object
+		//
+		$G_SESSION = user_get_object($user_id,$res);
+		if ($G_SESSION) {
+			$G_SESSION->setLoggedIn(true);
+		}
+	}
+
+}
+
+/**
+ *	Private optimization function for logins - fetches user data, language, and session
+ *	with one query
+ *
+ *  @param		int		The user ID
+ *	@access private
+ */
+function session_getdata($user_id) {
+	$res=db_query("SELECT
+		u.*,sl.language_id, sl.name, sl.filename, sl.classname, sl.language_code, t.dirname, t.fullname
+		FROM users u,
+		supported_languages sl,
+		themes t
+		WHERE u.language=sl.language_id 
+		AND u.theme_id=t.theme_id
+		AND u.user_id='$user_id'");
+	return $res;
+}
+
+/**
+ *	session_set() - Re-initialize session for the logged in user
+ *
+ *	This function checks that the user is logged in and if so, initialize
+ *	internal session environment.
+ *
+ *	@return none
+ */
+function session_set() {
+	global $G_SESSION;
+	global $session_ser, $session_key;
+
+	// assume bad session_hash and session. If all checks work, then allow
+	// otherwise make new session
+	$id_is_good = false;
+
+	// If user says he's logged in (by presenting cookie), check that
+	if ($session_ser) {
+
+		$user_id = session_check_session_cookie($session_ser);
+
+		if ($user_id) {
+
+			$result = session_getdata($user_id);
+
+			if (db_numrows($result) > 0) {
+				$id_is_good = true;
+			}
+		}
+	} // else (hash does not exist) or (session hash is bad)
+
+	if ($id_is_good) {
+		$G_SESSION = user_get_object($user_id, $result);
+		if ($G_SESSION) {
+			$G_SESSION->setLoggedIn(true);
+		}
+	} else {
+		$G_SESSION=false;
+
+		// if there was bad session cookie, kill it and the user cookie
+		//
+		if ($session_ser) {
+			session_logout();
+		}
+	}
+}
+
+//TODO - this should be generalized and used for pre.php, squal_pre.php, 
+//SOAP, forum_gateway.php, tracker_gateway.php, etc to 
+//setup languages
+function session_continue($sessionKey) {
+	global $session_ser, $Language, $sys_strftimefmt, $sys_datefmt;
+	$session_ser = $sessionKey;
+	session_set();
+ 	$Language=new BaseLanguage();
+	$Language->loadLanguage("English"); // TODO use the user's default language
+	setlocale (LC_TIME, $Language->getText('system','locale'));
+	$sys_strftimefmt = $Language->getText('system','strftimefmt');
+	$sys_datefmt = $Language->getText('system','datefmt');
+	$LUSER =& session_get_user();
+	if (!is_object($LUSER) || $LUSER->isError()) {
+		return false;
+	} else {
+		putenv('TZ='. $LUSER->getTimeZone());
+		return true;
+	}
+}
+
+/**
+ *	session_get_user() - Wrapper function to return the User object for the logged in user.
+ *	
+ *	@return User
+ *	@access public
+ */
+function &session_get_user() {
+	global $G_SESSION;
+	return $G_SESSION;
+}
+
+/**
+ *  user_getid()
+ *  Get user_id of logged in user
+ */
+
+function user_getid() {
+	global $G_SESSION;
+	if ($G_SESSION) {
+		return $G_SESSION->getID();
+	} else {
+		return false;
+	}
+}
+
+/**
+ *  session_loggedin()
+ *  See if user is logged in
+ */
+function session_loggedin() {
+	global $G_SESSION;
+
+	if ($G_SESSION) {
+		return $G_SESSION->isLoggedIn();
+	} else {
+		return false;
+	}
+}
+
+?>




More information about the evolvis-commits mailing list