7 files changed, 264 insertions, 1 deletions
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 4bbd5cd..5db7d3e 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -24,6 +24,9 @@ let
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
+    ldap = pkgs.callPackage ./ldap.nix {
+      env = myconfig.env.tools.phpldapadmin;
+    };
    cfg = config.services.myWebsites.tools.tools;
 in {
@@ -44,7 +47,8 @@ in {
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
-      ++ dokuwiki.apache.modules;
+      ++ dokuwiki.apache.modules
+      ++ ldap.apache.modules;
    services.ympd = ympd.config // { enable = true; };
@@ -71,6 +75,7 @@ in {
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
+        ldap.apache.vhostConf
      ];
    };
@@ -83,6 +88,7 @@ in {
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
+      ldap = ldap.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
diff --git a/nixops/modules/websites/tools/tools/ldap-align-button.patch b/nixops/modules/websites/tools/tools/ldap-align-button.patch
new file mode 100644
index 0000000..d9a5504
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-align-button.patch
@@ -0,0 +1,11 @@
+--- a/htdocs/update_confirm.php 2012-10-01 08:54:14.000000000 +0200
+++ b/htdocs/update_confirm.php 2018-06-06 15:47:44.122398888 +0200
+@@ -187,7 +187,7 @@
+ 
+        echo '</table>';
+ 
+-       echo '<div style="text-align: center;">';
+       echo '<div style="text-align: left;">';
+        echo '<br />';
+        // @todo cant use AJAX here, it affects file uploads.
+        printf('<input type="submit" value="%s" />',
diff --git a/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch
new file mode 100644
index 0000000..8bc4e7b
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch
@@ -0,0 +1,36 @@
+diff -wbBur phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3.my/lib/functions.php
+--- phpldapadmin-1.2.3/lib/functions.php        2012-10-01 10:54:14.000000000 +0400
+++ phpldapadmin-1.2.3.my/lib/functions.php     2017-02-02 20:02:14.424245233 +0300
+@@ -745,6 +745,7 @@
+        if (! trim($secret))
+                return $data;
+ 
+/*
+        if (function_exists('mcrypt_module_open') && ! empty($data)) {
+                $td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
+                $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM);
+@@ -754,7 +755,7 @@
+ 
+                return $encrypted_data;
+        }
+-
+*/
+        if (file_exists(LIBDIR.'blowfish.php'))
+                require_once LIBDIR.'blowfish.php';
+        else
+@@ -801,6 +802,7 @@
+        if (! trim($secret))
+                return $encdata;
+ 
+/*
+        if (function_exists('mcrypt_module_open') && ! empty($encdata)) {
+                $td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
+                $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM);
+@@ -810,6 +812,7 @@
+ 
+                return $decrypted_data;
+        }
+*/
+ 
+        if (file_exists(LIBDIR.'blowfish.php'))
+                require_once LIBDIR.'blowfish.php';
diff --git a/nixops/modules/websites/tools/tools/ldap-php5_5.patch b/nixops/modules/websites/tools/tools/ldap-php5_5.patch
new file mode 100644
index 0000000..8545ad2
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-php5_5.patch
@@ -0,0 +1,88 @@
+diff -Nrbu phpldapadmin-1.2.3/lib/PageRender.php phpldapadmin-1.2.3-OK/lib/PageRender.php
+--- phpldapadmin-1.2.3/lib/PageRender.php       2012-10-01 10:54:14.000000000 +0400
+++ phpldapadmin-1.2.3-OK/lib/PageRender.php    2013-11-12 03:44:40.518144839 +0400
+@@ -287,7 +287,7 @@
+                                                break;
+ 
+                                        default:
+-                                               $vals[$i] = password_hash($passwordvalue,$enc);
+                                               $vals[$i] = pla_password_hash($passwordvalue,$enc);
+                                }
+ 
+                                $vals = array_unique($vals);
+diff -Nrbu phpldapadmin-1.2.3/lib/ds_ldap.php phpldapadmin-1.2.3-OK/lib/ds_ldap.php
+--- phpldapadmin-1.2.3/lib/ds_ldap.php  2012-10-01 10:54:14.000000000 +0400
+++ phpldapadmin-1.2.3-OK/lib/ds_ldap.php       2013-11-12 03:40:56.638343739 +0400
+@@ -1117,12 +1117,14 @@
+                if (is_array($dn)) {
+                        $a = array();
+                        foreach ($dn as $key => $rdn)
+-                               $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
+                               $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
+                                       function ($matches) { return chr(hexdec($matches[1])); }, $rdn);
+ 
+                        return $a;
+ 
+                } else
+-                       return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
+                       return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
+                                       function ($matches) { return chr(hexdec($matches[1])); }, $dn);
+        }
+ 
+        public function getRootDSE($method=null) {
+diff -Nrbu phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3-OK/lib/functions.php
+--- phpldapadmin-1.2.3/lib/functions.php        2012-10-01 10:54:14.000000000 +0400
+++ phpldapadmin-1.2.3-OK/lib/functions.php     2013-11-12 03:44:17.298065264 +0400
+@@ -2127,7 +2127,7 @@
+  *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
+  * @return string The hashed password.
+  */
+-function password_hash($password_clear,$enc_type) {
+function pla_password_hash($password_clear,$enc_type) {
+        if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
+                debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
+ 
+@@ -2318,7 +2318,7 @@
+ 
+                # SHA crypted passwords
+                case 'sha':
+-                       if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
+                       if (strcasecmp(pla_password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
+                                return true;
+                        else
+                                return false;
+@@ -2327,7 +2327,7 @@
+ 
+                # MD5 crypted passwords
+                case 'md5':
+-                       if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
+                       if( strcasecmp(pla_password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
+                                return true;
+                        else
+                                return false;
+@@ -2392,7 +2392,7 @@
+ 
+                # SHA512 crypted passwords
+                case 'sha512':
+-                       if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
+                       if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
+                                return true;
+                        else
+                                return false;
+@@ -2565,12 +2565,14 @@
+                $a = array();
+ 
+                foreach ($dn as $key => $rdn)
+-                       $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
+                       $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', 
+                               function ($matches) { return chr(hexdec($matches[1])); }, $rdn );
+ 
+                return $a;
+ 
+        } else {
+-               return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
+               return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
+                               function ($matches) { return chr(hexdec($matches[1])); }, $dn);
+        }
+ }
+ 
diff --git a/nixops/modules/websites/tools/tools/ldap-php7_2.patch b/nixops/modules/websites/tools/tools/ldap-php7_2.patch
new file mode 100644
index 0000000..40ee055
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-php7_2.patch
@@ -0,0 +1,30 @@
+diff -wbBur phpldapadmin.org/lib/functions.php phpldapadmin/lib/functions.php
+--- phpldapadmin.org/lib/functions.php  2017-02-02 10:03:58.000000000 -0700
+++ phpldapadmin/lib/functions.php      2018-01-23 06:18:31.118312887 -0700
+@@ -51,7 +51,7 @@
+ /**
+  * Loads class definition
+  */
+-function __autoload($className) {
+spl_autoload_register(function($className) {
+        if (file_exists(HOOKSDIR."classes/$className.php"))
+                require_once(HOOKSDIR."classes/$className.php");
+        elseif (file_exists(LIBDIR."$className.php"))
+@@ -64,7 +64,7 @@
+                        'body'=>sprintf('%s: %s [%s]',
+                                __METHOD__,_('Called to load a class that cant be found'),$className),
+                        'type'=>'error'));
+-}
+});
+ 
+ /**
+  * Strips all slashes from the specified array in place (pass by ref).
+@@ -1083,7 +1083,7 @@
+ 
+                $code .= 'return $c;';
+ 
+-               $CACHE[$sortby] = create_function('$a, $b',$code);
+               eval("\$CACHE[\$sortby] = function(\$a, \$b) { $code; };");
+        }
+ 
+        uasort($data,$CACHE[$sortby]);
diff --git a/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch
new file mode 100644
index 0000000..55a1974
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch
@@ -0,0 +1,12 @@
+diff -wbBur phpldapadmin-1.2.3.org/lib/TemplateRender.php phpldapadmin-1.2.3/lib/TemplateRender.php
+--- phpldapadmin-1.2.3.org/lib/TemplateRender.php       2012-10-01 10:54:14.000000000 +0400
+++ phpldapadmin-1.2.3/lib/TemplateRender.php   2018-02-02 19:06:45.674760057 +0300
+@@ -321,6 +321,8 @@
+ 
+                                $vals = array();
+ 
+                               asort($picklistvalues);
+
+                                foreach ($picklistvalues as $key => $values) {
+                                        $display = $args[3];
+ 
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
new file mode 100644
index 0000000..82615a7
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -0,0 +1,80 @@
+{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
+rec {
+  config = writeText "config.php" ''
+    <?php
+    $config->custom->appearance['show_clear_password'] = true;
+    $config->custom->appearance['hide_template_warning'] = true;
+    $config->custom->appearance['theme'] = "tango";
+    $config->custom->appearance['minimalMode'] = true;
+    $servers = new Datastore();
+    $servers->newServer('ldap_pla');
+    $servers->setValue('server','name','Immae’s LDAP');
+    $servers->setValue('server','host','ldaps://${env.ldap.host}');
+    $servers->setValue('login','auth_type','cookie');
+    $servers->setValue('login','bind_id','${env.ldap.dn}');
+    $servers->setValue('login','bind_pass','${env.ldap.password}');
+    $servers->setValue('appearance','password_hash','ssha');
+    $servers->setValue('login','attr','uid');
+    $servers->setValue('login','fallback_dn',true);
+    '';
+  webRoot = stdenv.mkDerivation rec {
+    version = "1.2.3";
+    name = "phpldapadmin-${version}";
+    src = fetchurl {
+      url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
+      sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
+    };
+    patches = [
+      ./ldap-php5_5.patch
+      ./ldap-disable-mcrypt.patch
+      ./ldap-php7_2.patch
+      ./ldap-sort-in-templates.patch
+      ./ldap-align-button.patch
+      ];
+    buildInputs = [ optipng ];
+    buildPhase = ''
+      find -name '*.png' -exec optipng -quiet -force -fix {} \;
+    '';
+    installPhase = ''
+      cp -a . $out
+      ln -sf ${config} $out/config/config.php
+    '';
+  };
+  apache = {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    vhostConf = ''
+      Alias /ldap "${webRoot}/htdocs"
+      <Directory "${webRoot}/htdocs">
+        DirectoryIndex index.php
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+        </FilesMatch>
+        AllowOverride None
+        Require all granted
+      </Directory>
+      '';
+  };
+  phpFpm = rec {
+    basedir = builtins.concatStringsSep ":" [ webRoot config ];
+    socket = "/var/run/phpfpm/ldap.sock";
+    pool = ''
+      listen = ${socket}
+      user = ${apache.user}
+      group = ${apache.group}
+      listen.owner = ${apache.user}
+      listen.group = ${apache.group}
+      pm = ondemand
+      pm.max_children = 60
+      pm.process_idle_timeout = 60
+      ; Needed to avoid clashes in browser cookies (same domain)
+      php_value[session.name] = LdapPHPSESSID
+      php_admin_value[open_basedir] = "${basedir}:/tmp"
+      '';
+  };
+}

diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 4bbd5cd..5db7d3e 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix
@@ -24,6 +24,9 @@ let
24	dokuwiki = pkgs.callPackage ./dokuwiki.nix {	24	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
25	inherit (mylibs) fetchedGithub;	25	inherit (mylibs) fetchedGithub;
26	};	26	};
		27	ldap = pkgs.callPackage ./ldap.nix {
		28	env = myconfig.env.tools.phpldapadmin;
		29	};
27		30
28	cfg = config.services.myWebsites.tools.tools;	31	cfg = config.services.myWebsites.tools.tools;
29	in {	32	in {
@@ -44,7 +47,8 @@ in {
44	++ yourls.apache.modules	47	++ yourls.apache.modules
45	++ rompr.apache.modules	48	++ rompr.apache.modules
46	++ shaarli.apache.modules	49	++ shaarli.apache.modules
47	++ dokuwiki.apache.modules;	50	++ dokuwiki.apache.modules
		51	++ ldap.apache.modules;
48		52
49	services.ympd = ympd.config // { enable = true; };	53	services.ympd = ympd.config // { enable = true; };
50		54
@@ -71,6 +75,7 @@ in {
71	rompr.apache.vhostConf	75	rompr.apache.vhostConf
72	shaarli.apache.vhostConf	76	shaarli.apache.vhostConf
73	dokuwiki.apache.vhostConf	77	dokuwiki.apache.vhostConf
		78	ldap.apache.vhostConf
74	];	79	];
75	};	80	};
76		81
@@ -83,6 +88,7 @@ in {
83	rompr = rompr.phpFpm.pool;	88	rompr = rompr.phpFpm.pool;
84	shaarli = shaarli.phpFpm.pool;	89	shaarli = shaarli.phpFpm.pool;
85	dokuwiki = dokuwiki.phpFpm.pool;	90	dokuwiki = dokuwiki.phpFpm.pool;
		91	ldap = ldap.phpFpm.pool;
86	tools = ''	92	tools = ''
87	listen = /var/run/phpfpm/tools.sock	93	listen = /var/run/phpfpm/tools.sock
88	user = wwwrun	94	user = wwwrun


diff --git a/nixops/modules/websites/tools/tools/ldap-align-button.patch b/nixops/modules/websites/tools/tools/ldap-align-button.patch new file mode 100644 index 0000000..d9a5504 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-align-button.patch
@@ -0,0 +1,11 @@
		1	--- a/htdocs/update_confirm.php 2012-10-01 08:54:14.000000000 +0200
		2	+++ b/htdocs/update_confirm.php 2018-06-06 15:47:44.122398888 +0200
		3	@@ -187,7 +187,7 @@
		4
		5	echo '</table>';
		6
		7	- echo '<div style="text-align: center;">';
		8	+ echo '<div style="text-align: left;">';
		9	echo '<br />';
		10	// @todo cant use AJAX here, it affects file uploads.
		11	printf('<input type="submit" value="%s" />',


diff --git a/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch new file mode 100644 index 0000000..8bc4e7b --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-disable-mcrypt.patch
@@ -0,0 +1,36 @@
		1	diff -wbBur phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3.my/lib/functions.php
		2	--- phpldapadmin-1.2.3/lib/functions.php 2012-10-01 10:54:14.000000000 +0400
		3	+++ phpldapadmin-1.2.3.my/lib/functions.php 2017-02-02 20:02:14.424245233 +0300
		4	@@ -745,6 +745,7 @@
		5	if (! trim($secret))
		6	return $data;
		7
		8	+/*
		9	if (function_exists('mcrypt_module_open') && ! empty($data)) {
		10	$td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
		11	$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM);
		12	@@ -754,7 +755,7 @@
		13
		14	return $encrypted_data;
		15	}
		16	-
		17	+*/
		18	if (file_exists(LIBDIR.'blowfish.php'))
		19	require_once LIBDIR.'blowfish.php';
		20	else
		21	@@ -801,6 +802,7 @@
		22	if (! trim($secret))
		23	return $encdata;
		24
		25	+/*
		26	if (function_exists('mcrypt_module_open') && ! empty($encdata)) {
		27	$td = mcrypt_module_open(MCRYPT_BLOWFISH,'',MCRYPT_MODE_ECB,'');
		28	$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_DEV_URANDOM);
		29	@@ -810,6 +812,7 @@
		30
		31	return $decrypted_data;
		32	}
		33	+*/
		34
		35	if (file_exists(LIBDIR.'blowfish.php'))
		36	require_once LIBDIR.'blowfish.php';


diff --git a/nixops/modules/websites/tools/tools/ldap-php5_5.patch b/nixops/modules/websites/tools/tools/ldap-php5_5.patch new file mode 100644 index 0000000..8545ad2 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-php5_5.patch
@@ -0,0 +1,88 @@
		1	diff -Nrbu phpldapadmin-1.2.3/lib/PageRender.php phpldapadmin-1.2.3-OK/lib/PageRender.php
		2	--- phpldapadmin-1.2.3/lib/PageRender.php 2012-10-01 10:54:14.000000000 +0400
		3	+++ phpldapadmin-1.2.3-OK/lib/PageRender.php 2013-11-12 03:44:40.518144839 +0400
		4	@@ -287,7 +287,7 @@
		5	break;
		6
		7	default:
		8	- $vals[$i] = password_hash($passwordvalue,$enc);
		9	+ $vals[$i] = pla_password_hash($passwordvalue,$enc);
		10	}
		11
		12	$vals = array_unique($vals);
		13	diff -Nrbu phpldapadmin-1.2.3/lib/ds_ldap.php phpldapadmin-1.2.3-OK/lib/ds_ldap.php
		14	--- phpldapadmin-1.2.3/lib/ds_ldap.php 2012-10-01 10:54:14.000000000 +0400
		15	+++ phpldapadmin-1.2.3-OK/lib/ds_ldap.php 2013-11-12 03:40:56.638343739 +0400
		16	@@ -1117,12 +1117,14 @@
		17	if (is_array($dn)) {
		18	$a = array();
		19	foreach ($dn as $key => $rdn)
		20	- $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
		21	+ $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
		22	+ function ($matches) { return chr(hexdec($matches[1])); }, $rdn);
		23
		24	return $a;
		25
		26	} else
		27	- return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
		28	+ return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
		29	+ function ($matches) { return chr(hexdec($matches[1])); }, $dn);
		30	}
		31
		32	public function getRootDSE($method=null) {
		33	diff -Nrbu phpldapadmin-1.2.3/lib/functions.php phpldapadmin-1.2.3-OK/lib/functions.php
		34	--- phpldapadmin-1.2.3/lib/functions.php 2012-10-01 10:54:14.000000000 +0400
		35	+++ phpldapadmin-1.2.3-OK/lib/functions.php 2013-11-12 03:44:17.298065264 +0400
		36	@@ -2127,7 +2127,7 @@
		37	* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
		38	* @return string The hashed password.
		39	*/
		40	-function password_hash($password_clear,$enc_type) {
		41	+function pla_password_hash($password_clear,$enc_type) {
		42	if (DEBUG_ENABLED && (($fargs=func_get_args())\|\|$fargs='NOARGS'))
		43	debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
		44
		45	@@ -2318,7 +2318,7 @@
		46
		47	# SHA crypted passwords
		48	case 'sha':
		49	- if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
		50	+ if (strcasecmp(pla_password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
		51	return true;
		52	else
		53	return false;
		54	@@ -2327,7 +2327,7 @@
		55
		56	# MD5 crypted passwords
		57	case 'md5':
		58	- if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
		59	+ if( strcasecmp(pla_password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
		60	return true;
		61	else
		62	return false;
		63	@@ -2392,7 +2392,7 @@
		64
		65	# SHA512 crypted passwords
		66	case 'sha512':
		67	- if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
		68	+ if (strcasecmp(pla_password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
		69	return true;
		70	else
		71	return false;
		72	@@ -2565,12 +2565,14 @@
		73	$a = array();
		74
		75	foreach ($dn as $key => $rdn)
		76	- $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
		77	+ $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
		78	+ function ($matches) { return chr(hexdec($matches[1])); }, $rdn );
		79
		80	return $a;
		81
		82	} else {
		83	- return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
		84	+ return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
		85	+ function ($matches) { return chr(hexdec($matches[1])); }, $dn);
		86	}
		87	}
		88


diff --git a/nixops/modules/websites/tools/tools/ldap-php7_2.patch b/nixops/modules/websites/tools/tools/ldap-php7_2.patch new file mode 100644 index 0000000..40ee055 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-php7_2.patch
@@ -0,0 +1,30 @@
		1	diff -wbBur phpldapadmin.org/lib/functions.php phpldapadmin/lib/functions.php
		2	--- phpldapadmin.org/lib/functions.php 2017-02-02 10:03:58.000000000 -0700
		3	+++ phpldapadmin/lib/functions.php 2018-01-23 06:18:31.118312887 -0700
		4	@@ -51,7 +51,7 @@
		5	/**
		6	* Loads class definition
		7	*/
		8	-function __autoload($className) {
		9	+spl_autoload_register(function($className) {
		10	if (file_exists(HOOKSDIR."classes/$className.php"))
		11	require_once(HOOKSDIR."classes/$className.php");
		12	elseif (file_exists(LIBDIR."$className.php"))
		13	@@ -64,7 +64,7 @@
		14	'body'=>sprintf('%s: %s [%s]',
		15	__METHOD__,_('Called to load a class that cant be found'),$className),
		16	'type'=>'error'));
		17	-}
		18	+});
		19
		20	/**
		21	* Strips all slashes from the specified array in place (pass by ref).
		22	@@ -1083,7 +1083,7 @@
		23
		24	$code .= 'return $c;';
		25
		26	- $CACHE[$sortby] = create_function('$a, $b',$code);
		27	+ eval("\$CACHE[\$sortby] = function(\$a, \$b) { $code; };");
		28	}
		29
		30	uasort($data,$CACHE[$sortby]);


diff --git a/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch new file mode 100644 index 0000000..55a1974 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap-sort-in-templates.patch
@@ -0,0 +1,12 @@
		1	diff -wbBur phpldapadmin-1.2.3.org/lib/TemplateRender.php phpldapadmin-1.2.3/lib/TemplateRender.php
		2	--- phpldapadmin-1.2.3.org/lib/TemplateRender.php 2012-10-01 10:54:14.000000000 +0400
		3	+++ phpldapadmin-1.2.3/lib/TemplateRender.php 2018-02-02 19:06:45.674760057 +0300
		4	@@ -321,6 +321,8 @@
		5
		6	$vals = array();
		7
		8	+ asort($picklistvalues);
		9	+
		10	foreach ($picklistvalues as $key => $values) {
		11	$display = $args[3];
		12


diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix new file mode 100644 index 0000000..82615a7 --- /dev/null +++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -0,0 +1,80 @@
		1	{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
		2	rec {
		3	config = writeText "config.php" ''
		4	<?php
		5	$config->custom->appearance['show_clear_password'] = true;
		6	$config->custom->appearance['hide_template_warning'] = true;
		7	$config->custom->appearance['theme'] = "tango";
		8	$config->custom->appearance['minimalMode'] = true;
		9
		10	$servers = new Datastore();
		11
		12	$servers->newServer('ldap_pla');
		13	$servers->setValue('server','name','Immae’s LDAP');
		14	$servers->setValue('server','host','ldaps://${env.ldap.host}');
		15	$servers->setValue('login','auth_type','cookie');
		16	$servers->setValue('login','bind_id','${env.ldap.dn}');
		17	$servers->setValue('login','bind_pass','${env.ldap.password}');
		18	$servers->setValue('appearance','password_hash','ssha');
		19	$servers->setValue('login','attr','uid');
		20	$servers->setValue('login','fallback_dn',true);
		21	'';
		22	webRoot = stdenv.mkDerivation rec {
		23	version = "1.2.3";
		24	name = "phpldapadmin-${version}";
		25	src = fetchurl {
		26	url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
		27	sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
		28	};
		29	patches = [
		30	./ldap-php5_5.patch
		31	./ldap-disable-mcrypt.patch
		32	./ldap-php7_2.patch
		33	./ldap-sort-in-templates.patch
		34	./ldap-align-button.patch
		35	];
		36	buildInputs = [ optipng ];
		37	buildPhase = ''
		38	find -name '*.png' -exec optipng -quiet -force -fix {} \;
		39	'';
		40	installPhase = ''
		41	cp -a . $out
		42	ln -sf ${config} $out/config/config.php
		43	'';
		44	};
		45	apache = {
		46	user = "wwwrun";
		47	group = "wwwrun";
		48	modules = [ "proxy_fcgi" ];
		49	vhostConf = ''
		50	Alias /ldap "${webRoot}/htdocs"
		51	<Directory "${webRoot}/htdocs">
		52	DirectoryIndex index.php
		53	<FilesMatch "\.php$">
		54	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
		55	</FilesMatch>
		56
		57	AllowOverride None
		58	Require all granted
		59	</Directory>
		60	'';
		61	};
		62	phpFpm = rec {
		63	basedir = builtins.concatStringsSep ":" [ webRoot config ];
		64	socket = "/var/run/phpfpm/ldap.sock";
		65	pool = ''
		66	listen = ${socket}
		67	user = ${apache.user}
		68	group = ${apache.group}
		69	listen.owner = ${apache.user}
		70	listen.group = ${apache.group}
		71	pm = ondemand
		72	pm.max_children = 60
		73	pm.process_idle_timeout = 60
		74
		75	; Needed to avoid clashes in browser cookies (same domain)
		76	php_value[session.name] = LdapPHPSESSID
		77	php_admin_value[open_basedir] = "${basedir}:/tmp"
		78	'';
		79	};
		80	}