Add php ldap

Related issue: https://git.immae.eu/mantisbt/view.php?id=78

diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 4bbd5cdc931076e5fb825600afdbf05cb39ddc48..5db7d3eb5a3e7d4127922ae49186a83fdc7fcd26 100644 (file)
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -24,6 +24,9 @@ let
     dokuwiki = pkgs.callPackage ./dokuwiki.nix {
       inherit (mylibs) fetchedGithub;
     };
+    ldap = pkgs.callPackage ./ldap.nix {
+      env = myconfig.env.tools.phpldapadmin;
+    };
 
     cfg = config.services.myWebsites.tools.tools;
 in {
@@ -44,7 +47,8 @@ in {
       ++ yourls.apache.modules
       ++ rompr.apache.modules
       ++ shaarli.apache.modules
-      ++ dokuwiki.apache.modules;
+      ++ dokuwiki.apache.modules
+      ++ ldap.apache.modules;
 
     services.ympd = ympd.config // { enable = true; };
 
@@ -71,6 +75,7 @@ in {
         rompr.apache.vhostConf
         shaarli.apache.vhostConf
         dokuwiki.apache.vhostConf
+        ldap.apache.vhostConf
       ];
     };
 
@@ -83,6 +88,7 @@ in {
       rompr = rompr.phpFpm.pool;
       shaarli = shaarli.phpFpm.pool;
       dokuwiki = dokuwiki.phpFpm.pool;
+      ldap = ldap.phpFpm.pool;
       tools = ''
         listen = /var/run/phpfpm/tools.sock
         user = wwwrun

diff --git a/nixops/modules/websites/tools/tools/ldap-align-button.patch b/nixops/modules/websites/tools/tools/ldap-align-button.patch
new file mode 100644 (file)
index 0000000..d9a5504
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-align-button.patch
@@ -0,0 +1,11 @@
+--- a/htdocs/update_confirm.php        2012-10-01 08:54:14.000000000 +0200
++++ b/htdocs/update_confirm.php        2018-06-06 15:47:44.122398888 +0200
+@@ -187,7 +187,7 @@
+ 
+       echo '</table>';
+ 
+-      echo '<div style="text-align: center;">';
++      echo '<div style="text-align: left;">';
+       echo '<br />';
+       // @todo cant use AJAX here, it affects file uploads.
+       printf('<input type="submit" value="%s" />',

diff --git a/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch
new file mode 100644 (file)
index 0000000..8bc4e7b
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch
@@ -0,0 +1,36 @@
+diff -wbBur phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3.my/lib/functions.php
+--- phpldapadmin-1.2.3/lib/functions.php       2012-10-01 10:54:14.000000000 +0400
++++ phpldapadmin-1.2.3.my/lib/functions.php    2017-02-02 20:02:14.424245233 +0300
+@@ -745,6 +745,7 @@
+       if (! trim($secret))
+               return $data;
+ 
++/*
+       if (function_exists('mcrypt_module_open') && ! empty($data)) {
+               $td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
+               $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM);
+@@ -754,7 +755,7 @@
+ 
+               return $encrypted_data;
+       }
+-
++*/
+       if (file_exists(LIBDIR.'blowfish.php'))
+               require_once LIBDIR.'blowfish.php';
+       else
+@@ -801,6 +802,7 @@
+       if (! trim($secret))
+               return $encdata;
+ 
++/*
+       if (function_exists('mcrypt_module_open') && ! empty($encdata)) {
+               $td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
+               $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM);
+@@ -810,6 +812,7 @@
+ 
+               return $decrypted_data;
+       }
++*/
+ 
+       if (file_exists(LIBDIR.'blowfish.php'))
+               require_once LIBDIR.'blowfish.php';

diff --git a/nixops/modules/websites/tools/tools/ldap-php5_5.patch b/nixops/modules/websites/tools/tools/ldap-php5_5.patch
new file mode 100644 (file)
index 0000000..8545ad2
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-php5_5.patch
@@ -0,0 +1,88 @@
+diff -Nrbu phpldapadmin-1.2.3/lib/PageRender.php phpldapadmin-1.2.3-OK/lib/PageRender.php
+--- phpldapadmin-1.2.3/lib/PageRender.php      2012-10-01 10:54:14.000000000 +0400
++++ phpldapadmin-1.2.3-OK/lib/PageRender.php   2013-11-12 03:44:40.518144839 +0400
+@@ -287,7 +287,7 @@
+                                               break;
+ 
+                                       default:
+-                                              $vals[$i] = password_hash($passwordvalue,$enc);
++                                              $vals[$i] = pla_password_hash($passwordvalue,$enc);
+                               }
+ 
+                               $vals = array_unique($vals);
+diff -Nrbu phpldapadmin-1.2.3/lib/ds_ldap.php phpldapadmin-1.2.3-OK/lib/ds_ldap.php
+--- phpldapadmin-1.2.3/lib/ds_ldap.php 2012-10-01 10:54:14.000000000 +0400
++++ phpldapadmin-1.2.3-OK/lib/ds_ldap.php      2013-11-12 03:40:56.638343739 +0400
+@@ -1117,12 +1117,14 @@
+               if (is_array($dn)) {
+                       $a = array();
+                       foreach ($dn as $key => $rdn)
+-                              $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
++                              $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++                                      function ($matches) { return chr(hexdec($matches[1])); }, $rdn);
+ 
+                       return $a;
+ 
+               } else
+-                      return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
++                      return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++                                      function ($matches) { return chr(hexdec($matches[1])); }, $dn);
+       }
+ 
+       public function getRootDSE($method=null) {
+diff -Nrbu phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3-OK/lib/functions.php
+--- phpldapadmin-1.2.3/lib/functions.php       2012-10-01 10:54:14.000000000 +0400
++++ phpldapadmin-1.2.3-OK/lib/functions.php    2013-11-12 03:44:17.298065264 +0400
+@@ -2127,7 +2127,7 @@
+  *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
+  * @return string The hashed password.
+  */
+-function password_hash($password_clear,$enc_type) {
++function pla_password_hash($password_clear,$enc_type) {
+       if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
+               debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
+ 
+@@ -2318,7 +2318,7 @@
+ 
+               # SHA crypted passwords
+               case 'sha':
+-                      if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
++                      if (strcasecmp(pla_password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
+                               return true;
+                       else
+                               return false;
+@@ -2327,7 +2327,7 @@
+ 
+               # MD5 crypted passwords
+               case 'md5':
+-                      if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
++                      if( strcasecmp(pla_password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
+                               return true;
+                       else
+                               return false;
+@@ -2392,7 +2392,7 @@
+ 
+               # SHA512 crypted passwords
+               case 'sha512':
+-                      if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
++                      if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
+                               return true;
+                       else
+                               return false;
+@@ -2565,12 +2565,14 @@
+               $a = array();
+ 
+               foreach ($dn as $key => $rdn)
+-                      $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
++                      $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', 
++                              function ($matches) { return chr(hexdec($matches[1])); }, $rdn );
+ 
+               return $a;
+ 
+       } else {
+-              return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
++              return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++                              function ($matches) { return chr(hexdec($matches[1])); }, $dn);
+       }
+ }
+ 

diff --git a/nixops/modules/websites/tools/tools/ldap-php7_2.patch b/nixops/modules/websites/tools/tools/ldap-php7_2.patch
new file mode 100644 (file)
index 0000000..40ee055
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-php7_2.patch
@@ -0,0 +1,30 @@
+diff -wbBur phpldapadmin.org/lib/functions.php phpldapadmin/lib/functions.php
+--- phpldapadmin.org/lib/functions.php 2017-02-02 10:03:58.000000000 -0700
++++ phpldapadmin/lib/functions.php     2018-01-23 06:18:31.118312887 -0700
+@@ -51,7 +51,7 @@
+ /**
+  * Loads class definition
+  */
+-function __autoload($className) {
++spl_autoload_register(function($className) {
+       if (file_exists(HOOKSDIR."classes/$className.php"))
+               require_once(HOOKSDIR."classes/$className.php");
+       elseif (file_exists(LIBDIR."$className.php"))
+@@ -64,7 +64,7 @@
+                       'body'=>sprintf('%s: %s [%s]',
+                               __METHOD__,_('Called to load a class that cant be found'),$className),
+                       'type'=>'error'));
+-}
++});
+ 
+ /**
+  * Strips all slashes from the specified array in place (pass by ref).
+@@ -1083,7 +1083,7 @@
+ 
+               $code .= 'return $c;';
+ 
+-              $CACHE[$sortby] = create_function('$a, $b',$code);
++              eval("\$CACHE[\$sortby] = function(\$a, \$b) { $code; };");
+       }
+ 
+       uasort($data,$CACHE[$sortby]);

diff --git a/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch
new file mode 100644 (file)
index 0000000..55a1974
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch
@@ -0,0 +1,12 @@
+diff -wbBur phpldapadmin-1.2.3.org/lib/TemplateRender.php phpldapadmin-1.2.3/lib/TemplateRender.php
+--- phpldapadmin-1.2.3.org/lib/TemplateRender.php      2012-10-01 10:54:14.000000000 +0400
++++ phpldapadmin-1.2.3/lib/TemplateRender.php  2018-02-02 19:06:45.674760057 +0300
+@@ -321,6 +321,8 @@
+ 
+                               $vals = array();
+ 
++                              asort($picklistvalues);
++
+                               foreach ($picklistvalues as $key => $values) {
+                                       $display = $args[3];
+ 

diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
new file mode 100644 (file)
index 0000000..82615a7
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -0,0 +1,80 @@
+{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
+rec {
+  config = writeText "config.php" ''
+    <?php
+    $config->custom->appearance['show_clear_password'] = true;
+    $config->custom->appearance['hide_template_warning'] = true;
+    $config->custom->appearance['theme'] = "tango";
+    $config->custom->appearance['minimalMode'] = true;
+
+    $servers = new Datastore();
+
+    $servers->newServer('ldap_pla');
+    $servers->setValue('server','name','Immae’s LDAP');
+    $servers->setValue('server','host','ldaps://${env.ldap.host}');
+    $servers->setValue('login','auth_type','cookie');
+    $servers->setValue('login','bind_id','${env.ldap.dn}');
+    $servers->setValue('login','bind_pass','${env.ldap.password}');
+    $servers->setValue('appearance','password_hash','ssha');
+    $servers->setValue('login','attr','uid');
+    $servers->setValue('login','fallback_dn',true);
+    '';
+  webRoot = stdenv.mkDerivation rec {
+    version = "1.2.3";
+    name = "phpldapadmin-${version}";
+    src = fetchurl {
+      url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
+      sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
+    };
+    patches = [
+      ./ldap-php5_5.patch
+      ./ldap-disable-mcrypt.patch
+      ./ldap-php7_2.patch
+      ./ldap-sort-in-templates.patch
+      ./ldap-align-button.patch
+      ];
+    buildInputs = [ optipng ];
+    buildPhase = ''
+      find -name '*.png' -exec optipng -quiet -force -fix {} \;
+    '';
+    installPhase = ''
+      cp -a . $out
+      ln -sf ${config} $out/config/config.php
+    '';
+  };
+  apache = {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    vhostConf = ''
+      Alias /ldap "${webRoot}/htdocs"
+      <Directory "${webRoot}/htdocs">
+        DirectoryIndex index.php
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+        </FilesMatch>
+
+        AllowOverride None
+        Require all granted
+      </Directory>
+      '';
+  };
+  phpFpm = rec {
+    basedir = builtins.concatStringsSep ":" [ webRoot config ];
+    socket = "/var/run/phpfpm/ldap.sock";
+    pool = ''
+      listen = ${socket}
+      user = ${apache.user}
+      group = ${apache.group}
+      listen.owner = ${apache.user}
+      listen.group = ${apache.group}
+      pm = ondemand
+      pm.max_children = 60
+      pm.process_idle_timeout = 60
+
+      ; Needed to avoid clashes in browser cookies (same domain)
+      php_value[session.name] = LdapPHPSESSID
+      php_admin_value[open_basedir] = "${basedir}:/tmp"
+      '';
+  };
+}