advanced_ldap_auth_2.2.3.diff - Redmine

Patch #3358 » advanced_ldap_auth_2.2.3.diff

Diff for post-Redmine 2 - Phil Weir, 2014-02-28 11:28

     # You should have received a copy of the GNU General Public License
     # along with this program; if not, write to the Free Software
     # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
     # Modified by Daniel Marczisovszky (marczi@dev-labs.com)
     # to allow dereferencing aliases, START_TLS
     require 'iconv'
     require 'net/ldap'
     require 'net/ldap/dn'
     require 'ldap'
     require 'timeout'
     class AuthSourceLdap < AuthSource
       validates_presence_of :host, :port, :attr_login
       validates_length_of :name, :host, :maximum => 60, :allow_nil => true
       validates_length_of :account, :account_password, :base_dn, :filter, :maximum => 255, :allow_blank => true
       validates_length_of :account, :base_dn, :filter, :maximum => 255, :allow_blank => true
       validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true
       validates_numericality_of :port, :only_integer => true
       validates_numericality_of :port, :protocol_version, :only_integer => true
       validates_numericality_of :timeout, :only_integer => true, :allow_blank => true
       validate :validate_filter
-...
       def initialize(attributes=nil, *args)
         super
         self.port = 389 if self.port == 0
         self.protocol_version = 3 if self.protocol_version == 0
       end
       def authenticate(login, password)
-...
             return attrs.except(:dn)
           end
         end
       rescue Net::LDAP::LdapError => e
         raise AuthSourceException.new(e.message)
       rescue LDAP::Error => text
         raise AuthSourceException.new(text)
       end
       # test the connection to the LDAP
       def test_connection
         with_timeout do
           ldap_con = initialize_ldap_con(self.account, self.account_password)
           ldap_con.open { }
         end
       rescue Net::LDAP::LdapError => e
         raise AuthSourceException.new(e.message)
       rescue LDAP::Error => text
         raise AuthSourceException.new(text)
       end
       def auth_method_name
-...
       def ldap_filter
         if filter.present?
           Net::LDAP::Filter.construct(filter)
           LDAP::Filter.construct(filter)
         end
       rescue Net::LDAP::LdapError
       rescue LDAP::Error
         nil
       end
       def validate_filter
         if filter.present? && ldap_filter.nil?
           errors.add(:filter, :invalid)
         end
         #if filter.present? && ldap_filter.nil?
         #  errors.add(:filter, :invalid)
         #end
       end
       def strip_ldap_attributes
-...
       end
       def initialize_ldap_con(ldap_user, ldap_password)
         options = { :host => self.host,
                     :port => self.port,
                     :encryption => (self.tls ? :simple_tls : nil)
+                  }
         options.merge!(:auth => { :method => :simple, :username => ldap_user, :password => ldap_password }) unless ldap_user.blank? && ldap_password.blank?
         Net::LDAP.new options
         logger.debug "Connecting to #{self.host}:#{self.port}, tls=#{self.tls}" if logger && logger.debug?
         if self.tls
           conn = LDAP::SSLConn.new(self.host, self.port, self.starttls)
         else
           conn = LDAP::Conn.new(self.host, self.port)
         end
         logger.debug "Dereference set option" if logger && logger.debug?
         conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, self.protocol_version)
         conn.set_option(LDAP::LDAP_OPT_DEREF, self.dereference)
         if self.tls && self.starttls
           logger.debug "Certificate set option" if logger && logger.debug?
           conn.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT, self.require_cert)
         end
         logger.debug "Trying to bind" if logger && logger.debug?
         if !ldap_user.blank? || !ldap_password.blank? then
           logger.debug "Bind as user #{ldap_user}" if logger && logger.debug?
           conn.bind(ldap_user, ldap_password)
         else
           logger.debug "Anonymous bind" if logger && logger.debug?
           conn.bind
         end
       rescue LDAP::Error => text
         logger.debug "LDAP Connect Error: #{$!}" if logger && logger.debug?
         raise
       end
       def get_user_attributes_from_ldap_entry(entry)
-...
       # Check if a DN (user record) authenticates with the password
       def authenticate_dn(dn, password)
         if dn.present? && password.present?
           initialize_ldap_con(dn, password).bind
           begin
             logger.debug "Trying to login as #{dn}" if logger && logger.debug?
             initialize_ldap_con(dn, password)
           rescue LDAP::Error => bindError
             logger.debug "Login failed: #{bindError}" if logger && logger.debug?
             return nil
           end
         end
       end
       # Get the user's dn and any attributes for them, given their login
       def get_user_dn(login, password)
         ldap_con = nil
         if self.account && self.account.include?("$login")
           ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
         #ldap_con = nil
         #if self.account && self.account.include?("$login")
         #  ldap_con = initialize_ldap_con(self.account.sub("$login", Net::LDAP::DN.escape(login)), password)
         #else
         #  ldap_con = initialize_ldap_con(self.account, self.account_password)
         #end
         #login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
         #object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
         attrs = {}
         #search_filter = object_filter & login_filter
         #if f = ldap_filter
         #  search_filter = search_filter & f
         #end
         #ldap_con.search( :base => self.base_dn,
         #                 :filter => search_filter,
         #                 :attributes=> search_attributes) do |entry|
         # Ticket #1913 by Adi Kriegisch (adi@cg.tuwien.ac.at)
         if self.account.include? "$login" then
           logger.debug "LDAP-Auth with User login" if logger && logger.debug?
           ldap_con = initialize_ldap_con(self.account.sub("$login", encode(login)), password)
         else
           logger.debug "LDAP-Auth with Admin User" if logger && logger.debug?
           ldap_con = initialize_ldap_con(self.account, self.account_password)
         end
         login_filter = Net::LDAP::Filter.eq( self.attr_login, login )
         object_filter = Net::LDAP::Filter.eq( "objectClass", "*" )
         attrs = {}
         search_filter = object_filter & login_filter
         if f = ldap_filter
           search_filter = search_filter & f
         if self.filter.empty?
           filter = self.attr_login + "=" + encode(login)
         else
           filter = self.filter.gsub("$login", encode(login))
         end
         ldap_con.search( :base => self.base_dn,
                          :filter => search_filter,
                          :attributes=> search_attributes) do |entry|
     #    ldap_con.search( :base => self.base_dn,
     #                     :filter => object_filter & login_filter,
     #                     :attributes=> search_attributes) do |entry|
         logger.debug "Search in DN: #{self.base_dn} with filter: #{filter}" if logger && logger.debug?
         ldap_con.search( self.base_dn, LDAP::LDAP_SCOPE_SUBTREE, filter,
                          (onthefly_register? ? ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail] : ['dn'])) { |entry|
           if onthefly_register?
             attrs = get_user_attributes_from_ldap_entry(entry)
-...
           end
           logger.debug "DN found for #{login}: #{attrs[:dn]}" if logger && logger.debug?
         end
+        }
         attrs
       end
-...
           entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
         end
       end
       def encode(value)
         value = value.gsub("\\", "\\\\5c")
         value = value.gsub("*", "\\\\2a")
         value = value.gsub("(", "\\\\28")
         value = value.gsub(")", "\\\\29")
         value = value.gsub("\000", "\\\\00")
       end
     end

     <%= text_field 'auth_source', 'host'  %></p>
     <p><label for="auth_source_port"><%=l(:field_port)%> <span class="required">*</span></label>
     <%= text_field 'auth_source', 'port', :size => 6 %> <%= check_box 'auth_source', 'tls'  %> LDAPS</p>
     <%= text_field 'auth_source', 'port', :size => 6 %>
     <%= check_box 'auth_source', 'tls' %> LDAPS
     <%= check_box 'auth_source', 'starttls' %> START_TLS</p>
     <p><label for="auth_source_protocol_version"><%=l(:field_protocol_version)%></label>
     <%= select 'auth_source', 'protocol_version', [2, 3] %></p>
     <p><label for="auth_source_account"><%=l(:field_account)%></label>
     <%= text_field 'auth_source', 'account'  %></p>
     <%= text_field 'auth_source', 'account' %></p>
     <p><label for="auth_source_account_password"><%=l(:field_password)%></label>
     <%= password_field 'auth_source', 'account_password', :name => 'ignore',
-...
                                                :onfocus => "this.value=''; this.name='auth_source[account_password]';",
                                                :onchange => "this.name='auth_source[account_password]';" %></p>
     <p><label for="auth_source_require_cert"><%=l(:field_require_cert)%></label>
     <%= select 'auth_source', 'require_cert', [ [l(:field_require_cert_never), 0],
                                                 [l(:field_require_cert_hard), 1],
                                                 [l(:field_require_cert_demand), 2],
                                                 [l(:field_require_cert_allow), 3],
                                                 [l(:field_require_cert_try), 4] ] %></p>
     <p><label for="auth_source_base_dn"><%=l(:field_base_dn)%> <span class="required">*</span></label>
     <%= text_field 'auth_source', 'base_dn', :size => 60 %></p>
     <p><label for="auth_source_custom_filter"><%=l(:field_auth_source_ldap_filter)%></label>
     <%= text_field 'auth_source', 'filter', :size => 60 %></p>
     <p><label for="auth_source_filter"><%=l(:field_filter)%></label><%= text_field 'auth_source', 'filter' %></p>
     <p><label for="auth_source_dereference"><%=l(:field_dereference)%></label>
     <%= select 'auth_source', 'dereference', [ [l(:field_dereference_never), 0],
                                              [l(:field_dereference_searching), 1],
                                              [l(:field_dereference_finding), 2],
                                              [l(:field_dereference_always), 3] ] %></p>
     <p><label for="auth_source_timeout"><%=l(:field_timeout)%></label>
     <%= text_field 'auth_source', 'timeout', :size => 4 %></p>

       field_port: Port
       field_account: Konto
       field_base_dn: Base DN
       field_protocol_version: Protokol Version
       field_filter: Filter
       field_dereference: LDAP Aliase dereferenzieren
       field_dereference_never: Nie (standard)
       field_dereference_searching: Beim suchen
       field_dereference_finding: Beim finden
       field_dereference_always: Immer
       field_require_cert: Zertifikat verlangen
       field_require_cert_never: Nie
       field_require_cert_hard: Hart
       field_require_cert_demand: Anfordern
       field_require_cert_allow: Erlauben
       field_require_cert_try: Versuchen
       field_attr_login: Mitgliedsname-Attribut
       field_attr_firstname: Vorname-Attribut
       field_attr_lastname: Name-Attribut

       field_port: Port
       field_account: Account
       field_base_dn: Base DN
       field_protocol_version: Protocol version
       field_filter: Filter
       field_dereference: Dereference LDAP aliases
       field_dereference_never: Never (default)
       field_dereference_searching: Searching
       field_dereference_finding: Finding
       field_dereference_always: Always
       field_require_cert: Require certificate
       field_require_cert_never: Never
       field_require_cert_hard: Hard
       field_require_cert_demand: Demand
       field_require_cert_allow: Allow
       field_require_cert_try: Try
       field_attr_login: Login attribute
       field_attr_firstname: Firstname attribute
       field_attr_lastname: Lastname attribute

     class AddAuthSourcesFilterDerefAdvtls < ActiveRecord::Migration
       def self.up
         add_column :auth_sources, :starttls, :boolean, :default => false, :null => false
         add_column :auth_sources, :filter, :string
         add_column :auth_sources, :dereference, :integer
         add_column :auth_sources, :require_cert, :integer
         add_column :auth_sources, :protocol_version, :integer, :default => 3, :null => false
       end
        +  def self.down
         remove_column :auth_sources, :starttls
         remove_column :auth_sources, :filter
         remove_column :auth_sources, :dereference
         remove_column :auth_sources, :require_cert
         remove_column :auth_sources, :protocol_version
       end
     end

« Previous
1
…
7
8
9
Next »

(9-9/9)

Project

General

Profile

Redmine

Patch #3358 » advanced_ldap_auth_2.2.3.diff