YunoHost-Apps/baikal_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/baikal_ynh.git synced 2024-09-03 18:16:11 +02:00
Code Issues Activity Actions

Merge pull request #39 from optikfluffel/update-0.5.3

Browse source 
Update to 0.5.3
This commit is contained in:
Maniack Crudelis 2019-06-05 20:34:30 +02:00 committed by GitHub
commit 13bb6d3ba7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 215 additions and 221 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to
[Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on
sabre/dav, that includes an administration interface for easy management.
**Shipped version:** 0.4.6
**Shipped version:** 0.5.3
## Screenshots

4
conf/app.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/fruux/Baikal/releases/download/0.4.6/baikal-0.4.6.zip
SOURCE_SUM=946e8e4161f7ef84be42430b6e9d3bb7dd4bbbe241b409be208c14447d7aa7a6
SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.5.3/baikal-0.5.3.zip
SOURCE_SUM=11e6971a3cdc4c0cfc36e82498809162b5a6cfb67545f0dbc5b9d9e0c28c93c0
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true

2
conf/config.system.php
View file

@ -69,4 +69,4 @@ define("PROJECT_DB_MYSQL_PASSWORD", '__DBPASS__');
define("BAIKAL_ENCRYPTION_KEY", '__DESKEY__');
# The currently configured Baïkal version
define("BAIKAL_CONFIGURED_VERSION", '0.4.6');
define("BAIKAL_CONFIGURED_VERSION", '0.5.3');

2
manifest.json
View file

@ -6,7 +6,7 @@
"en": "Lightweight CalDAV+CardDAV server",
"fr": "Serveur CalDAV+CardDAV léger"
},
"version": "0.4.6~ynh2",
"version": "0.5.3~ynh1",
"url": "http://baikal-server.com/",
"license": "GPL-3.0",
"maintainer": {

130
sources/extra_files/app/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php Normal file
View file

@ -0,0 +1,130 @@
<?php
namespace Baikal\Core;
/**
* This is an abstract authentication, that allows to create external
* authentication backends. User are automatic created, when the does not exists
* in baikal (can disabled).
*
* @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
abstract class AbstractExternalAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
/**
* enable autocreation of user
*
* @var PDO
*/
protected $enableAutoCreation;
/**
* Reference to PDO connection
*
* @var PDO
*/
private $pdo;
/**
* PDO table name we'll be using
*
* @var string
*/
private $tableName;
/**
* Creates the backend object.
*
* If the filename argument is passed in, it will parse out the specified file fist.
*
* @param PDO $pdo
* @param string $realm
* @param string $tableName The PDO table name to use
*/
public function __construct(\PDO $pdo, $realm = 'BaikalDAV', $tableName = 'users') {
$this->pdo = $pdo;
$this->tableName = $tableName;
$this->enableAutoCreation = true;
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
public function validateUserPass($username, $password) {
if (!$this->validateUserPassExternal($username, $password))
return false;
$this->currentUser = $username;
if ($this->enableAutoCreation)
$this->autoUserCreation($username);
return true;
}
/**
* Validates a username and password agains external backend
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
public abstract function validateUserPassExternal($username, $password);
/**
* return the displayname and email from the external Backend
*
* @param string $username
* @return array ('displayname' => string, 'email' => string)
*/
public function getAccountValues($username) {
return array();
}
/**
* create an internal user, when user not exists
*
* @param string $username
*/
private function autoUserCreation($username) {
/* search user in DB and do nothing, when user exists */
$stmt = $this->pdo->prepare('SELECT username FROM '.$this->tableName.' WHERE username = ?');
$stmt->execute(array($username));
$result = $stmt->fetchAll();
if (count($result) != 0)
return;
/* get account values from backend */
$values = $this->getAccountValues($username);
if (!isset($values['displayname']) OR strlen($values['displayname']) === 0)
$values['displayname'] = $username;
if (!isset($values['email']) OR strlen($values['email']) === 0) {
if(filter_var($username, FILTER_VALIDATE_EMAIL))
$values['email'] = $username;
else
$values['email'] = 'unset-mail';
}
/* create user */
$user = new \Baikal\Model\User();
$user->set('username', $username);
$user->set('displayname', $values['displayname']);
$user->set('email', $values['email']);
$user->persist();
}
}

75
sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php Normal file
View file

@ -0,0 +1,75 @@
<?php
namespace Baikal\Core;
/**
* This is an authentication backend that uses a ldap backend to authenticate user.
*
* @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
class LDAPUserBindAuth extends AbstractExternalAuth {
/**
* AccountValues for getAccountValues
*
* @var array ('displayname' => string, 'email' => string)
*/
private $accountValues;
/**
* Validates a username and password over ldap
*
* @param string $username
* @param string $password
* @return bool
*/
public function validateUserPassExternal($username, $password) {
/* create ldap connection */
$conn = ldap_connect(BAIKAL_DAV_LDAP_URI);
if (!$conn)
return false;
if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3))
return false;
/* bind with user
* error_handler have to change, because a failed bind raises an error
* this raise a secuity issue because in the stack trace is the password of user readable
*/
$arr = explode('@', $username, 2);
$dn = str_replace('%n', $username, BAIKAL_DAV_LDAP_DN_TEMPLATE);
$dn = str_replace('%u', $arr[0], $dn);
if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn);
set_error_handler("\Baikal\Core\LDAPUserBindAuth::exception_error_handler");
$bind = ldap_bind($conn, $dn, $password);
restore_error_handler();
if (!$bind) {
ldap_close($conn);
return false;
}
/* read displayname and email from user */
$this->accountValues = array();
$sr = ldap_read($conn, $dn, '(objectclass=*)', array(BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR, BAIKAL_DAV_LDAP_EMAIL_ATTR));
$entry = ldap_get_entries($conn, $sr);
if (isset($entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0]))
$this->accountValues['displayname'] = $entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0];
if (isset($entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0]))
$this->accountValues['email'] = $entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0];
/* close */
ldap_close($conn);
return true;
}
public function getAccountValues($username) {
return $this->accountValues;
}
# WorkAround error_handler in failed bind of LDAP
public static function exception_error_handler($errno, $errstr, $errfile, $errline) {
}
}

221
sources/patches/app-add-ldap-auth.patch
View file

@ -1,229 +1,18 @@
--- b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
+++ b/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
@@ -0,0 +1,130 @@
+<?php
+
+namespace Baikal\Core;
+
+/**
+ * This is an abstract authentication, that allows to create external
+ * authentication backends. User are automatic created, when the does not exists
+ * in baikal (can disabled).
+ *
+ * @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+abstract class AbstractExternalAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
+
+ /**
+ * enable autocreation of user
+ *
+ * @var PDO
+ */
+ protected $enableAutoCreation;
+
+ /**
+ * Reference to PDO connection
+ *
+ * @var PDO
+ */
+ private $pdo;
+
+ /**
+ * PDO table name we'll be using
+ *
+ * @var string
+ */
+ private $tableName;
+
+ /**
+ * Creates the backend object.
+ *
+ * If the filename argument is passed in, it will parse out the specified file fist.
+ *
+ * @param PDO $pdo
+ * @param string $realm
+ * @param string $tableName The PDO table name to use
+ */
+ public function __construct(\PDO $pdo, $realm = 'BaikalDAV', $tableName = 'users') {
+
+ $this->pdo = $pdo;
+ $this->tableName = $tableName;
+ $this->enableAutoCreation = true;
+ }
+
+ /**
+ * Validates a username and password
+ *
+ * This method should return true or false depending on if login
+ * succeeded.
+ *
+ * @param string $username
+ * @param string $password
+ * @return bool
+ */
+ public function validateUserPass($username, $password) {
+
+ if (!$this->validateUserPassExternal($username, $password))
+ return false;
+
+ $this->currentUser = $username;
+ if ($this->enableAutoCreation)
+ $this->autoUserCreation($username);
+
+ return true;
+ }
+
+ /**
+ * Validates a username and password agains external backend
+ *
+ * This method should return true or false depending on if login
+ * succeeded.
+ *
+ * @param string $username
+ * @param string $password
+ * @return bool
+ */
+ public abstract function validateUserPassExternal($username, $password);
+
+ /**
+ * return the displayname and email from the external Backend
+ *
+ * @param string $username
+ * @return array ('displayname' => string, 'email' => string)
+ */
+ public function getAccountValues($username) {
+
+ return array();
+ }
+
+ /**
+ * create an internal user, when user not exists
+ *
+ * @param string $username
+ */
+ private function autoUserCreation($username) {
+
+ /* search user in DB and do nothing, when user exists */
+ $stmt = $this->pdo->prepare('SELECT username FROM '.$this->tableName.' WHERE username = ?');
+ $stmt->execute(array($username));
+ $result = $stmt->fetchAll();
+ if (count($result) != 0)
+ return;
+
+ /* get account values from backend */
+ $values = $this->getAccountValues($username);
+ if (!isset($values['displayname']) OR strlen($values['displayname']) === 0)
+ $values['displayname'] = $username;
+ if (!isset($values['email']) OR strlen($values['email']) === 0) {
+ if(filter_var($username, FILTER_VALIDATE_EMAIL))
+ $values['email'] = $username;
+ else
+ $values['email'] = 'unset-mail';
+ }
+
+ /* create user */
+ $user = new \Baikal\Model\User();
+ $user->set('username', $username);
+ $user->set('displayname', $values['displayname']);
+ $user->set('email', $values['email']);
+ $user->persist();
+ }
+
+}
--- b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
+++ b/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
@@ -0,0 +1,75 @@
+<?php
+
+namespace Baikal\Core;
+
+/**
+ * This is an authentication backend that uses a ldap backend to authenticate user.
+ *
+ * @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class LDAPUserBindAuth extends AbstractExternalAuth {
+
+ /**
+ * AccountValues for getAccountValues
+ *
+ * @var array ('displayname' => string, 'email' => string)
+ */
+ private $accountValues;
+
+ /**
+ * Validates a username and password over ldap
+ *
+ * @param string $username
+ * @param string $password
+ * @return bool
+ */
+ public function validateUserPassExternal($username, $password) {
+
+ /* create ldap connection */
+ $conn = ldap_connect(BAIKAL_DAV_LDAP_URI);
+ if (!$conn)
+ return false;
+ if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3))
+ return false;
+
+ /* bind with user
+ * error_handler have to change, because a failed bind raises an error
+ * this raise a secuity issue because in the stack trace is the password of user readable
+ */
+ $arr = explode('@', $username, 2);
+ $dn = str_replace('%n', $username, BAIKAL_DAV_LDAP_DN_TEMPLATE);
+ $dn = str_replace('%u', $arr[0], $dn);
+ if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn);
+
+ set_error_handler("\Baikal\Core\LDAPUserBindAuth::exception_error_handler");
+ $bind = ldap_bind($conn, $dn, $password);
+ restore_error_handler();
+ if (!$bind) {
+ ldap_close($conn);
+ return false;
+ }
+
+ /* read displayname and email from user */
+ $this->accountValues = array();
+ $sr = ldap_read($conn, $dn, '(objectclass=*)', array(BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR, BAIKAL_DAV_LDAP_EMAIL_ATTR));
+ $entry = ldap_get_entries($conn, $sr);
+ if (isset($entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0]))
+ $this->accountValues['displayname'] = $entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0];
+ if (isset($entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0]))
+ $this->accountValues['email'] = $entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0];
+
+ /* close */
+ ldap_close($conn);
+ return true;
+ }
+
+ public function getAccountValues($username) {
+
+ return $this->accountValues;
+ }
+
+ # WorkAround error_handler in failed bind of LDAP
+ public static function exception_error_handler($errno, $errstr, $errfile, $errline) {
+ }
+}
diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php
index 8026854..8d306fe 100644
index 957cac3..fcc2e3c 100644
--- a/Core/Frameworks/Baikal/Core/Server.php
+++ b/Core/Frameworks/Baikal/Core/Server.php
@@ -133,6 +133,8 @@ class Server {
if ($this->authType === 'Basic') {
$authBackend = new \Baikal\Core\PDOBasicAuth($this->pdo, $this->authRealm);
+ } elseif ($this->authType === 'LDAP-UserBind') {
+ } elseif ($this->authType === 'LDAP-UserBind') {
+ $authBackend = new \Baikal\Core\LDAPUserBindAuth($this->pdo, $this->authRealm);
} else {
$authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo);
$authBackend->setRealm($this->authRealm);
diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php
index 6107377..39f90bd 100644
index 2e07f44..948b5be 100644
--- a/Core/Frameworks/Baikal/Model/Config/Standard.php
+++ b/Core/Frameworks/Baikal/Model/Config/Standard.php
@@ -46,6 +46,22 @@ class Standard extends \Baikal\Model\Config {
@ -264,8 +53,8 @@ index 6107377..39f90bd 100644
$oMorpho->add(new \Formal\Element\Listbox([
"prop" => "BAIKAL_DAV_AUTH_TYPE",
"label" => "WebDAV authentication type",
- "options" => [ "Digest", "Basic" ]
+ "options" => [ "Digest", "Basic", "LDAP-UserBind" ]
- "options" => ["Digest", "Basic"]
+ "options" => ["Digest", "Basic", "LDAP-UserBind"]
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([