diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-02-09 03:19:46 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-02-09 03:19:46 +0100 |
commit | f80772dc1f1ffb3e6d36ea0b96f71c875bb9b2cd (patch) | |
tree | 37e61a4d18fc814548bfcf821a8bab8078805679 /nixops/modules | |
parent | 1922655a53a11307fc07f6bbcdfec68c1f2a8b33 (diff) | |
download | Nix-f80772dc1f1ffb3e6d36ea0b96f71c875bb9b2cd.tar.gz Nix-f80772dc1f1ffb3e6d36ea0b96f71c875bb9b2cd.tar.zst Nix-f80772dc1f1ffb3e6d36ea0b96f71c875bb9b2cd.zip |
Add php ldap
Related issue: https://git.immae.eu/mantisbt/view.php?id=78
Diffstat (limited to 'nixops/modules')
7 files changed, 264 insertions, 1 deletions
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 4bbd5cd..5db7d3e 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix | |||
@@ -24,6 +24,9 @@ let | |||
24 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { | 24 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { |
25 | inherit (mylibs) fetchedGithub; | 25 | inherit (mylibs) fetchedGithub; |
26 | }; | 26 | }; |
27 | ldap = pkgs.callPackage ./ldap.nix { | ||
28 | env = myconfig.env.tools.phpldapadmin; | ||
29 | }; | ||
27 | 30 | ||
28 | cfg = config.services.myWebsites.tools.tools; | 31 | cfg = config.services.myWebsites.tools.tools; |
29 | in { | 32 | in { |
@@ -44,7 +47,8 @@ in { | |||
44 | ++ yourls.apache.modules | 47 | ++ yourls.apache.modules |
45 | ++ rompr.apache.modules | 48 | ++ rompr.apache.modules |
46 | ++ shaarli.apache.modules | 49 | ++ shaarli.apache.modules |
47 | ++ dokuwiki.apache.modules; | 50 | ++ dokuwiki.apache.modules |
51 | ++ ldap.apache.modules; | ||
48 | 52 | ||
49 | services.ympd = ympd.config // { enable = true; }; | 53 | services.ympd = ympd.config // { enable = true; }; |
50 | 54 | ||
@@ -71,6 +75,7 @@ in { | |||
71 | rompr.apache.vhostConf | 75 | rompr.apache.vhostConf |
72 | shaarli.apache.vhostConf | 76 | shaarli.apache.vhostConf |
73 | dokuwiki.apache.vhostConf | 77 | dokuwiki.apache.vhostConf |
78 | ldap.apache.vhostConf | ||
74 | ]; | 79 | ]; |
75 | }; | 80 | }; |
76 | 81 | ||
@@ -83,6 +88,7 @@ in { | |||
83 | rompr = rompr.phpFpm.pool; | 88 | rompr = rompr.phpFpm.pool; |
84 | shaarli = shaarli.phpFpm.pool; | 89 | shaarli = shaarli.phpFpm.pool; |
85 | dokuwiki = dokuwiki.phpFpm.pool; | 90 | dokuwiki = dokuwiki.phpFpm.pool; |
91 | ldap = ldap.phpFpm.pool; | ||
86 | tools = '' | 92 | tools = '' |
87 | listen = /var/run/phpfpm/tools.sock | 93 | listen = /var/run/phpfpm/tools.sock |
88 | user = wwwrun | 94 | user = wwwrun |
diff --git a/nixops/modules/websites/tools/tools/ldap-align-button.patch b/nixops/modules/websites/tools/tools/ldap-align-button.patch new file mode 100644 index 0000000..d9a5504 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-align-button.patch | |||
@@ -0,0 +1,11 @@ | |||
1 | --- a/htdocs/update_confirm.php 2012-10-01 08:54:14.000000000 +0200 | ||
2 | +++ b/htdocs/update_confirm.php 2018-06-06 15:47:44.122398888 +0200 | ||
3 | @@ -187,7 +187,7 @@ | ||
4 | |||
5 | echo '</table>'; | ||
6 | |||
7 | - echo '<div style="text-align: center;">'; | ||
8 | + echo '<div style="text-align: left;">'; | ||
9 | echo '<br />'; | ||
10 | // @todo cant use AJAX here, it affects file uploads. | ||
11 | printf('<input type="submit" value="%s" />', | ||
diff --git a/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch new file mode 100644 index 0000000..8bc4e7b --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | diff -wbBur phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3.my/lib/functions.php | ||
2 | --- phpldapadmin-1.2.3/lib/functions.php 2012-10-01 10:54:14.000000000 +0400 | ||
3 | +++ phpldapadmin-1.2.3.my/lib/functions.php 2017-02-02 20:02:14.424245233 +0300 | ||
4 | @@ -745,6 +745,7 @@ | ||
5 | if (! trim($secret)) | ||
6 | return $data; | ||
7 | |||
8 | +/* | ||
9 | if (function_exists('mcrypt_module_open') && ! empty($data)) { | ||
10 | $td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,''); | ||
11 | $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM); | ||
12 | @@ -754,7 +755,7 @@ | ||
13 | |||
14 | return $encrypted_data; | ||
15 | } | ||
16 | - | ||
17 | +*/ | ||
18 | if (file_exists(LIBDIR.'blowfish.php')) | ||
19 | require_once LIBDIR.'blowfish.php'; | ||
20 | else | ||
21 | @@ -801,6 +802,7 @@ | ||
22 | if (! trim($secret)) | ||
23 | return $encdata; | ||
24 | |||
25 | +/* | ||
26 | if (function_exists('mcrypt_module_open') && ! empty($encdata)) { | ||
27 | $td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,''); | ||
28 | $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM); | ||
29 | @@ -810,6 +812,7 @@ | ||
30 | |||
31 | return $decrypted_data; | ||
32 | } | ||
33 | +*/ | ||
34 | |||
35 | if (file_exists(LIBDIR.'blowfish.php')) | ||
36 | require_once LIBDIR.'blowfish.php'; | ||
diff --git a/nixops/modules/websites/tools/tools/ldap-php5_5.patch b/nixops/modules/websites/tools/tools/ldap-php5_5.patch new file mode 100644 index 0000000..8545ad2 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-php5_5.patch | |||
@@ -0,0 +1,88 @@ | |||
1 | diff -Nrbu phpldapadmin-1.2.3/lib/PageRender.php phpldapadmin-1.2.3-OK/lib/PageRender.php | ||
2 | --- phpldapadmin-1.2.3/lib/PageRender.php 2012-10-01 10:54:14.000000000 +0400 | ||
3 | +++ phpldapadmin-1.2.3-OK/lib/PageRender.php 2013-11-12 03:44:40.518144839 +0400 | ||
4 | @@ -287,7 +287,7 @@ | ||
5 | break; | ||
6 | |||
7 | default: | ||
8 | - $vals[$i] = password_hash($passwordvalue,$enc); | ||
9 | + $vals[$i] = pla_password_hash($passwordvalue,$enc); | ||
10 | } | ||
11 | |||
12 | $vals = array_unique($vals); | ||
13 | diff -Nrbu phpldapadmin-1.2.3/lib/ds_ldap.php phpldapadmin-1.2.3-OK/lib/ds_ldap.php | ||
14 | --- phpldapadmin-1.2.3/lib/ds_ldap.php 2012-10-01 10:54:14.000000000 +0400 | ||
15 | +++ phpldapadmin-1.2.3-OK/lib/ds_ldap.php 2013-11-12 03:40:56.638343739 +0400 | ||
16 | @@ -1117,12 +1117,14 @@ | ||
17 | if (is_array($dn)) { | ||
18 | $a = array(); | ||
19 | foreach ($dn as $key => $rdn) | ||
20 | - $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); | ||
21 | + $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', | ||
22 | + function ($matches) { return chr(hexdec($matches[1])); }, $rdn); | ||
23 | |||
24 | return $a; | ||
25 | |||
26 | } else | ||
27 | - return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); | ||
28 | + return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', | ||
29 | + function ($matches) { return chr(hexdec($matches[1])); }, $dn); | ||
30 | } | ||
31 | |||
32 | public function getRootDSE($method=null) { | ||
33 | diff -Nrbu phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3-OK/lib/functions.php | ||
34 | --- phpldapadmin-1.2.3/lib/functions.php 2012-10-01 10:54:14.000000000 +0400 | ||
35 | +++ phpldapadmin-1.2.3-OK/lib/functions.php 2013-11-12 03:44:17.298065264 +0400 | ||
36 | @@ -2127,7 +2127,7 @@ | ||
37 | * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear. | ||
38 | * @return string The hashed password. | ||
39 | */ | ||
40 | -function password_hash($password_clear,$enc_type) { | ||
41 | +function pla_password_hash($password_clear,$enc_type) { | ||
42 | if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) | ||
43 | debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); | ||
44 | |||
45 | @@ -2318,7 +2318,7 @@ | ||
46 | |||
47 | # SHA crypted passwords | ||
48 | case 'sha': | ||
49 | - if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0) | ||
50 | + if (strcasecmp(pla_password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0) | ||
51 | return true; | ||
52 | else | ||
53 | return false; | ||
54 | @@ -2327,7 +2327,7 @@ | ||
55 | |||
56 | # MD5 crypted passwords | ||
57 | case 'md5': | ||
58 | - if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0) | ||
59 | + if( strcasecmp(pla_password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0) | ||
60 | return true; | ||
61 | else | ||
62 | return false; | ||
63 | @@ -2392,7 +2392,7 @@ | ||
64 | |||
65 | # SHA512 crypted passwords | ||
66 | case 'sha512': | ||
67 | - if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) | ||
68 | + if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0) | ||
69 | return true; | ||
70 | else | ||
71 | return false; | ||
72 | @@ -2565,12 +2565,14 @@ | ||
73 | $a = array(); | ||
74 | |||
75 | foreach ($dn as $key => $rdn) | ||
76 | - $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); | ||
77 | + $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', | ||
78 | + function ($matches) { return chr(hexdec($matches[1])); }, $rdn ); | ||
79 | |||
80 | return $a; | ||
81 | |||
82 | } else { | ||
83 | - return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); | ||
84 | + return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', | ||
85 | + function ($matches) { return chr(hexdec($matches[1])); }, $dn); | ||
86 | } | ||
87 | } | ||
88 | |||
diff --git a/nixops/modules/websites/tools/tools/ldap-php7_2.patch b/nixops/modules/websites/tools/tools/ldap-php7_2.patch new file mode 100644 index 0000000..40ee055 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-php7_2.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | diff -wbBur phpldapadmin.org/lib/functions.php phpldapadmin/lib/functions.php | ||
2 | --- phpldapadmin.org/lib/functions.php 2017-02-02 10:03:58.000000000 -0700 | ||
3 | +++ phpldapadmin/lib/functions.php 2018-01-23 06:18:31.118312887 -0700 | ||
4 | @@ -51,7 +51,7 @@ | ||
5 | /** | ||
6 | * Loads class definition | ||
7 | */ | ||
8 | -function __autoload($className) { | ||
9 | +spl_autoload_register(function($className) { | ||
10 | if (file_exists(HOOKSDIR."classes/$className.php")) | ||
11 | require_once(HOOKSDIR."classes/$className.php"); | ||
12 | elseif (file_exists(LIBDIR."$className.php")) | ||
13 | @@ -64,7 +64,7 @@ | ||
14 | 'body'=>sprintf('%s: %s [%s]', | ||
15 | __METHOD__,_('Called to load a class that cant be found'),$className), | ||
16 | 'type'=>'error')); | ||
17 | -} | ||
18 | +}); | ||
19 | |||
20 | /** | ||
21 | * Strips all slashes from the specified array in place (pass by ref). | ||
22 | @@ -1083,7 +1083,7 @@ | ||
23 | |||
24 | $code .= 'return $c;'; | ||
25 | |||
26 | - $CACHE[$sortby] = create_function('$a, $b',$code); | ||
27 | + eval("\$CACHE[\$sortby] = function(\$a, \$b) { $code; };"); | ||
28 | } | ||
29 | |||
30 | uasort($data,$CACHE[$sortby]); | ||
diff --git a/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch new file mode 100644 index 0000000..55a1974 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch | |||
@@ -0,0 +1,12 @@ | |||
1 | diff -wbBur phpldapadmin-1.2.3.org/lib/TemplateRender.php phpldapadmin-1.2.3/lib/TemplateRender.php | ||
2 | --- phpldapadmin-1.2.3.org/lib/TemplateRender.php 2012-10-01 10:54:14.000000000 +0400 | ||
3 | +++ phpldapadmin-1.2.3/lib/TemplateRender.php 2018-02-02 19:06:45.674760057 +0300 | ||
4 | @@ -321,6 +321,8 @@ | ||
5 | |||
6 | $vals = array(); | ||
7 | |||
8 | + asort($picklistvalues); | ||
9 | + | ||
10 | foreach ($picklistvalues as $key => $values) { | ||
11 | $display = $args[3]; | ||
12 | |||
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix new file mode 100644 index 0000000..82615a7 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap.nix | |||
@@ -0,0 +1,80 @@ | |||
1 | { lib, php, env, writeText, stdenv, optipng, fetchurl }: | ||
2 | rec { | ||
3 | config = writeText "config.php" '' | ||
4 | <?php | ||
5 | $config->custom->appearance['show_clear_password'] = true; | ||
6 | $config->custom->appearance['hide_template_warning'] = true; | ||
7 | $config->custom->appearance['theme'] = "tango"; | ||
8 | $config->custom->appearance['minimalMode'] = true; | ||
9 | |||
10 | $servers = new Datastore(); | ||
11 | |||
12 | $servers->newServer('ldap_pla'); | ||
13 | $servers->setValue('server','name','Immae’s LDAP'); | ||
14 | $servers->setValue('server','host','ldaps://${env.ldap.host}'); | ||
15 | $servers->setValue('login','auth_type','cookie'); | ||
16 | $servers->setValue('login','bind_id','${env.ldap.dn}'); | ||
17 | $servers->setValue('login','bind_pass','${env.ldap.password}'); | ||
18 | $servers->setValue('appearance','password_hash','ssha'); | ||
19 | $servers->setValue('login','attr','uid'); | ||
20 | $servers->setValue('login','fallback_dn',true); | ||
21 | ''; | ||
22 | webRoot = stdenv.mkDerivation rec { | ||
23 | version = "1.2.3"; | ||
24 | name = "phpldapadmin-${version}"; | ||
25 | src = fetchurl { | ||
26 | url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz"; | ||
27 | sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf"; | ||
28 | }; | ||
29 | patches = [ | ||
30 | ./ldap-php5_5.patch | ||
31 | ./ldap-disable-mcrypt.patch | ||
32 | ./ldap-php7_2.patch | ||
33 | ./ldap-sort-in-templates.patch | ||
34 | ./ldap-align-button.patch | ||
35 | ]; | ||
36 | buildInputs = [ optipng ]; | ||
37 | buildPhase = '' | ||
38 | find -name '*.png' -exec optipng -quiet -force -fix {} \; | ||
39 | ''; | ||
40 | installPhase = '' | ||
41 | cp -a . $out | ||
42 | ln -sf ${config} $out/config/config.php | ||
43 | ''; | ||
44 | }; | ||
45 | apache = { | ||
46 | user = "wwwrun"; | ||
47 | group = "wwwrun"; | ||
48 | modules = [ "proxy_fcgi" ]; | ||
49 | vhostConf = '' | ||
50 | Alias /ldap "${webRoot}/htdocs" | ||
51 | <Directory "${webRoot}/htdocs"> | ||
52 | DirectoryIndex index.php | ||
53 | <FilesMatch "\.php$"> | ||
54 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
55 | </FilesMatch> | ||
56 | |||
57 | AllowOverride None | ||
58 | Require all granted | ||
59 | </Directory> | ||
60 | ''; | ||
61 | }; | ||
62 | phpFpm = rec { | ||
63 | basedir = builtins.concatStringsSep ":" [ webRoot config ]; | ||
64 | socket = "/var/run/phpfpm/ldap.sock"; | ||
65 | pool = '' | ||
66 | listen = ${socket} | ||
67 | user = ${apache.user} | ||
68 | group = ${apache.group} | ||
69 | listen.owner = ${apache.user} | ||
70 | listen.group = ${apache.group} | ||
71 | pm = ondemand | ||
72 | pm.max_children = 60 | ||
73 | pm.process_idle_timeout = 60 | ||
74 | |||
75 | ; Needed to avoid clashes in browser cookies (same domain) | ||
76 | php_value[session.name] = LdapPHPSESSID | ||
77 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
78 | ''; | ||
79 | }; | ||
80 | } | ||