From f80772dc1f1ffb3e6d36ea0b96f71c875bb9b2cd Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 9 Feb 2019 03:19:46 +0100 Subject: [PATCH] Add php ldap Related issue: https://git.immae.eu/mantisbt/view.php?id=78 --- .../modules/websites/tools/tools/default.nix | 8 +- .../tools/tools/ldap-align-button.patch | 11 +++ .../tools/tools/ldap-disable-mcrypt.patch | 36 ++++++++ .../websites/tools/tools/ldap-php5_5.patch | 88 +++++++++++++++++++ .../websites/tools/tools/ldap-php7_2.patch | 30 +++++++ .../tools/tools/ldap-sort-in-templates.patch | 12 +++ nixops/modules/websites/tools/tools/ldap.nix | 80 +++++++++++++++++ 7 files changed, 264 insertions(+), 1 deletion(-) create mode 100644 nixops/modules/websites/tools/tools/ldap-align-button.patch create mode 100644 nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch create mode 100644 nixops/modules/websites/tools/tools/ldap-php5_5.patch create mode 100644 nixops/modules/websites/tools/tools/ldap-php7_2.patch create mode 100644 nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch create mode 100644 nixops/modules/websites/tools/tools/ldap.nix diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 4bbd5cd..5db7d3e 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix @@ -24,6 +24,9 @@ let dokuwiki = pkgs.callPackage ./dokuwiki.nix { inherit (mylibs) fetchedGithub; }; + ldap = pkgs.callPackage ./ldap.nix { + env = myconfig.env.tools.phpldapadmin; + }; cfg = config.services.myWebsites.tools.tools; in { @@ -44,7 +47,8 @@ in { ++ yourls.apache.modules ++ rompr.apache.modules ++ shaarli.apache.modules - ++ dokuwiki.apache.modules; + ++ dokuwiki.apache.modules + ++ ldap.apache.modules; services.ympd = ympd.config // { enable = true; }; @@ -71,6 +75,7 @@ in { rompr.apache.vhostConf shaarli.apache.vhostConf dokuwiki.apache.vhostConf + ldap.apache.vhostConf ]; }; @@ -83,6 +88,7 @@ in { rompr = rompr.phpFpm.pool; shaarli = shaarli.phpFpm.pool; dokuwiki = dokuwiki.phpFpm.pool; + ldap = ldap.phpFpm.pool; tools = '' listen = /var/run/phpfpm/tools.sock user = wwwrun diff --git a/nixops/modules/websites/tools/tools/ldap-align-button.patch b/nixops/modules/websites/tools/tools/ldap-align-button.patch new file mode 100644 index 0000000..d9a5504 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-align-button.patch @@ -0,0 +1,11 @@ +--- a/htdocs/update_confirm.php 2012-10-01 08:54:14.000000000 +0200 ++++ b/htdocs/update_confirm.php 2018-06-06 15:47:44.122398888 +0200 +@@ -187,7 +187,7 @@ + + echo ''; + +- echo '
'; ++ echo '
'; + echo '
'; + // @todo cant use AJAX here, it affects file uploads. + printf('', diff --git a/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch new file mode 100644 index 0000000..8bc4e7b --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch @@ -0,0 +1,36 @@ +diff -wbBur phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3.my/lib/functions.php +--- phpldapadmin-1.2.3/lib/functions.php 2012-10-01 10:54:14.000000000 +0400 ++++ phpldapadmin-1.2.3.my/lib/functions.php 2017-02-02 20:02:14.424245233 +0300 +@@ -745,6 +745,7 @@ + if (! trim($secret)) + return $data; + ++/* + if (function_exists('mcrypt_module_open') && ! empty($data)) { + $td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,''); + $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM); +@@ -754,7 +755,7 @@ + + return $encrypted_data; + } +- ++*/ + if (file_exists(LIBDIR.'blowfish.php')) + require_once LIBDIR.'blowfish.php'; + else +@@ -801,6 +802,7 @@ + if (! trim($secret)) + return $encdata; + ++/* + if (function_exists('mcrypt_module_open') && ! empty($encdata)) { + $td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,''); + $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM); +@@ -810,6 +812,7 @@ + + return $decrypted_data; + } ++*/ + + if (file_exists(LIBDIR.'blowfish.php')) + require_once LIBDIR.'blowfish.php'; diff --git a/nixops/modules/websites/tools/tools/ldap-php5_5.patch b/nixops/modules/websites/tools/tools/ldap-php5_5.patch new file mode 100644 index 0000000..8545ad2 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-php5_5.patch @@ -0,0 +1,88 @@ +diff -Nrbu phpldapadmin-1.2.3/lib/PageRender.php phpldapadmin-1.2.3-OK/lib/PageRender.php +--- phpldapadmin-1.2.3/lib/PageRender.php 2012-10-01 10:54:14.000000000 +0400 ++++ phpldapadmin-1.2.3-OK/lib/PageRender.php 2013-11-12 03:44:40.518144839 +0400 +@@ -287,7 +287,7 @@ + break; + + default: +- $vals[$i] = password_hash($passwordvalue,$enc); ++ $vals[$i] = pla_password_hash($passwordvalue,$enc); + } + + $vals = array_unique($vals); +diff -Nrbu phpldapadmin-1.2.3/lib/ds_ldap.php phpldapadmin-1.2.3-OK/lib/ds_ldap.php +--- phpldapadmin-1.2.3/lib/ds_ldap.php 2012-10-01 10:54:14.000000000 +0400 ++++ phpldapadmin-1.2.3-OK/lib/ds_ldap.php 2013-11-12 03:40:56.638343739 +0400 +@@ -1117,12 +1117,14 @@ + if (is_array($dn)) { + $a = array(); + foreach ($dn as $key => $rdn) +- $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); ++ $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', ++ function ($matches) { return chr(hexdec($matches[1])); }, $rdn); + + return $a; + + } else +- return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); ++ return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', ++ function ($matches) { return chr(hexdec($matches[1])); }, $dn); + } + + public function getRootDSE($method=null) { +diff -Nrbu phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3-OK/lib/functions.php +--- phpldapadmin-1.2.3/lib/functions.php 2012-10-01 10:54:14.000000000 +0400 ++++ phpldapadmin-1.2.3-OK/lib/functions.php 2013-11-12 03:44:17.298065264 +0400 +@@ -2127,7 +2127,7 @@ + * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear. + * @return string The hashed password. + */ +-function password_hash($password_clear,$enc_type) { ++function pla_password_hash($password_clear,$enc_type) { + if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) + debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); + +@@ -2318,7 +2318,7 @@ + + # SHA crypted passwords + case 'sha': +- if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0) ++ if (strcasecmp(pla_password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0) + return true; + else + return false; +@@ -2327,7 +2327,7 @@ + + # MD5 crypted passwords + case 'md5': +- if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0) ++ if( strcasecmp(pla_password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0) + return true; + else + return false; +@@ -2392,7 +2392,7 @@ + + # SHA512 crypted passwords + case 'sha512': +- if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) ++ if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) + return true; + else + return false; +@@ -2565,12 +2565,14 @@ + $a = array(); + + foreach ($dn as $key => $rdn) +- $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); ++ $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', ++ function ($matches) { return chr(hexdec($matches[1])); }, $rdn ); + + return $a; + + } else { +- return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); ++ return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', ++ function ($matches) { return chr(hexdec($matches[1])); }, $dn); + } + } + diff --git a/nixops/modules/websites/tools/tools/ldap-php7_2.patch b/nixops/modules/websites/tools/tools/ldap-php7_2.patch new file mode 100644 index 0000000..40ee055 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-php7_2.patch @@ -0,0 +1,30 @@ +diff -wbBur phpldapadmin.org/lib/functions.php phpldapadmin/lib/functions.php +--- phpldapadmin.org/lib/functions.php 2017-02-02 10:03:58.000000000 -0700 ++++ phpldapadmin/lib/functions.php 2018-01-23 06:18:31.118312887 -0700 +@@ -51,7 +51,7 @@ + /** + * Loads class definition + */ +-function __autoload($className) { ++spl_autoload_register(function($className) { + if (file_exists(HOOKSDIR."classes/$className.php")) + require_once(HOOKSDIR."classes/$className.php"); + elseif (file_exists(LIBDIR."$className.php")) +@@ -64,7 +64,7 @@ + 'body'=>sprintf('%s: %s [%s]', + __METHOD__,_('Called to load a class that cant be found'),$className), + 'type'=>'error')); +-} ++}); + + /** + * Strips all slashes from the specified array in place (pass by ref). +@@ -1083,7 +1083,7 @@ + + $code .= 'return $c;'; + +- $CACHE[$sortby] = create_function('$a, $b',$code); ++ eval("\$CACHE[\$sortby] = function(\$a, \$b) { $code; };"); + } + + uasort($data,$CACHE[$sortby]); diff --git a/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch new file mode 100644 index 0000000..55a1974 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch @@ -0,0 +1,12 @@ +diff -wbBur phpldapadmin-1.2.3.org/lib/TemplateRender.php phpldapadmin-1.2.3/lib/TemplateRender.php +--- phpldapadmin-1.2.3.org/lib/TemplateRender.php 2012-10-01 10:54:14.000000000 +0400 ++++ phpldapadmin-1.2.3/lib/TemplateRender.php 2018-02-02 19:06:45.674760057 +0300 +@@ -321,6 +321,8 @@ + + $vals = array(); + ++ asort($picklistvalues); ++ + foreach ($picklistvalues as $key => $values) { + $display = $args[3]; + diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix new file mode 100644 index 0000000..82615a7 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap.nix @@ -0,0 +1,80 @@ +{ lib, php, env, writeText, stdenv, optipng, fetchurl }: +rec { + config = writeText "config.php" '' + custom->appearance['show_clear_password'] = true; + $config->custom->appearance['hide_template_warning'] = true; + $config->custom->appearance['theme'] = "tango"; + $config->custom->appearance['minimalMode'] = true; + + $servers = new Datastore(); + + $servers->newServer('ldap_pla'); + $servers->setValue('server','name','Immae’s LDAP'); + $servers->setValue('server','host','ldaps://${env.ldap.host}'); + $servers->setValue('login','auth_type','cookie'); + $servers->setValue('login','bind_id','${env.ldap.dn}'); + $servers->setValue('login','bind_pass','${env.ldap.password}'); + $servers->setValue('appearance','password_hash','ssha'); + $servers->setValue('login','attr','uid'); + $servers->setValue('login','fallback_dn',true); + ''; + webRoot = stdenv.mkDerivation rec { + version = "1.2.3"; + name = "phpldapadmin-${version}"; + src = fetchurl { + url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz"; + sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf"; + }; + patches = [ + ./ldap-php5_5.patch + ./ldap-disable-mcrypt.patch + ./ldap-php7_2.patch + ./ldap-sort-in-templates.patch + ./ldap-align-button.patch + ]; + buildInputs = [ optipng ]; + buildPhase = '' + find -name '*.png' -exec optipng -quiet -force -fix {} \; + ''; + installPhase = '' + cp -a . $out + ln -sf ${config} $out/config/config.php + ''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + Alias /ldap "${webRoot}/htdocs" + + DirectoryIndex index.php + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + AllowOverride None + Require all granted + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" [ webRoot config ]; + socket = "/var/run/phpfpm/ldap.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = LdapPHPSESSID + php_admin_value[open_basedir] = "${basedir}:/tmp" + ''; + }; +} -- 2.41.0