YunoHost-Apps/baikal_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/baikal_ynh.git synced 2024-09-03 18:16:11 +02:00
Code Issues Activity Actions

[autopatch] Automatic patch attempt for helpers 2.1

Browse source
This commit is contained in:
Yunohost-Bot 2024-08-30 22:40:50 +02:00 committed by Alexandre Aubin
parent e1ef8fca83
commit 59f0fd74eb
15 changed files with 82 additions and 492 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +1,4 @@
*~
*.sw[po]
*.sw[op]
.DS_Store

4
conf/extra_php-fpm.conf
View file

@ -1,4 +0,0 @@
; Additional php.ini defines, specific to this pool of workers.
php_admin_value[upload_max_filesize] = 50M
php_admin_value[post_max_size] = 50M

2
conf/nginx.conf
View file

@ -21,7 +21,7 @@ location __PATH__/ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_pass unix:/var/run/php/php__PHP_VERSION__-fpm-__APP__.sock;
}
location ~ ^__PATH__/(\.ht|Core|Specific|config) {

4
manifest.toml
View file

@ -20,7 +20,8 @@ userdoc = "https://sabre.io/baikal/install/"
code = "https://github.com/sabre-io/Baikal"
[integration]
yunohost = ">= 11.2"
yunohost = ">= 11.2.18"
helpers_version = "2.1"
architectures = "all"
multi_instance = false
@ -52,6 +53,7 @@ ram.runtime = "50M"
[resources.system_user]
[resources.install_dir]
group = "www-data:r-x"
[resources.permissions]
main.url = "/"

16
scripts/_common.sh
View file

@ -1,18 +1,14 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
#=================================================
# PERSONAL HELPERS
# COMMON VARIABLES AND CUSTOM HELPERS
#=================================================
# Check if an URL is already handled
# usage: is_url_handled --domain=DOMAIN --path=PATH_URI
is_url_handled() {
# Declare an array to define the options of this helper.
local legacy_args=dp
#REMOVEME? local legacy_args=dp
declare -Ar args_array=( [d]=domain= [p]=path= )
local domain
local path
@ -39,11 +35,3 @@ is_url_handled() {
return 1
fi
}
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

21
scripts/backup
View file

@ -8,37 +8,34 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
ynh_print_info "Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$install_dir"
ynh_backup "$install_dir"
#=================================================
# SYSTEM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_backup "/etc/php/$php_version/fpm/pool.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info --message="Backing up the MySQL database..."
ynh_print_info "Backing up the MySQL database..."
ynh_mysql_dump_db --database="$db_name" > db.sql
ynh_mysql_dump_db > db.sql
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

16
scripts/change_url
View file

@ -16,30 +16,30 @@ then
# Check if .well-known is available for the new domain.
if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
then
ynh_die --message="Another app already uses the domain $new_domain to serve a calDAV/cardDAV feature. Please use another domain."
ynh_die "Another app already uses the domain $new_domain to serve a calDAV/cardDAV feature. Please use another domain."
fi
fi
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2
ynh_script_progression "Updating NGINX web server configuration..."
ynh_change_url_nginx_config
ynh_config_change_url_nginx
#=================================================
# UPDATE CONFIGURATION
#=================================================
ynh_script_progression --message="Updating $app configuration..." --weight=2
ynh_script_progression "Updating $app configuration..."
ynh_backup_if_checksum_is_different --file="$install_dir/config/baikal.yaml"
ynh_backup_if_checksum_is_different "$install_dir/config/baikal.yaml"
ynh_replace_string --match_string="base_uri: '$old_path'" --replace_string="base_uri: '$new_path'" --target_file="$install_dir/config/baikal.yaml"
ynh_replace --match="base_uri: '$old_path'" --replace="base_uri: '$new_path'" --file="$install_dir/config/baikal.yaml"
ynh_store_file_checksum --file="$install_dir/config/baikal.yaml"
ynh_store_file_checksum "$install_dir/config/baikal.yaml"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last
ynh_script_progression "Change of URL completed for $app"

39
scripts/install
View file

@ -12,66 +12,65 @@ source /usr/share/yunohost/helpers
#=================================================
timezone=$(cat /etc/timezone)
encrypt_key=$(ynh_string_random 24)
encrypt_key=$(ynh_string_random --length=24)
password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1)
ynh_app_setting_set --app="$app" --key="encrypt_key" --value="$encrypt_key"
ynh_app_setting_set --app="$app" --key="password_hash" --value="$password_hash"
ynh_app_setting_set --key="encrypt_key" --value="$encrypt_key"
ynh_app_setting_set --key="password_hash" --value="$password_hash"
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
ynh_script_progression "Validating installation parameters..."
# Check if .well-known is available for this domain.
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_die --message="Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain."
ynh_die "Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain."
fi
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=8
ynh_script_progression "Setting up source files..."
ynh_setup_source --dest_dir="$install_dir"
chmod -R o-rwx "$install_dir"
chown -R "$app:www-data" "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:www-data" "$install_dir"
#=================================================
# SYSTEM CONFIGURATION
#=================================================
ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
ynh_script_progression "Adding system configurations related to $app..."
ynh_add_fpm_config
ynh_config_add_phpfpm
ynh_add_nginx_config
ynh_config_add_nginx
# Create the logfile, required before configuring fail2ban
touch "/var/log/nginx/${domain}-error.log"
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
#=================================================
# INITIALIZE DATABASE
#=================================================
ynh_script_progression --message="Configuring $app..." --weight=3
ynh_script_progression "Configuring $app..."
ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name < "$install_dir/Core/Resources/Db/MySQL/db.sql"
ynh_mysql_db_shell < "$install_dir/Core/Resources/Db/MySQL/db.sql"
#=================================================
# CONFIGURE BAIKAL
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_script_progression "Adding $app's configuration..."
path=${path%/}
ynh_add_config --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml"
ynh_config_add --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml"
chown $app: "$install_dir/config/baikal.yaml"
chmod 640 "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml"
# Disable installation
touch "$install_dir/Specific/INSTALL_DISABLED"
@ -80,4 +79,4 @@ touch "$install_dir/Specific/INSTALL_DISABLED"
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last
ynh_script_progression "Installation of $app completed"

10
scripts/remove
View file

@ -10,16 +10,16 @@ source /usr/share/yunohost/helpers
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
ynh_script_progression "Removing NGINX web server configuration..."
ynh_remove_nginx_config
ynh_config_remove_nginx
ynh_remove_fpm_config
ynh_config_remove_phpfpm
ynh_remove_fail2ban_config
ynh_config_remove_fail2ban
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last
ynh_script_progression "Removal of $app completed"

41
scripts/restore
View file

@ -11,58 +11,57 @@ source /usr/share/yunohost/helpers
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=2
ynh_script_progression "Validating restoration parameters..."
# Check if .well-known is available for this domain.
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_die --message="Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain."
ynh_die "Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain."
fi
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=3
ynh_script_progression "Restoring the app main directory..."
ynh_restore_file --origin_path="$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
ynh_restore "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R $app:www-data "$install_dir"
# Set permissions
chown $app: "$install_dir/config/baikal.yaml"
chmod 640 "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=2
ynh_script_progression "Restoring the MySQL database..."
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
ynh_mysql_db_shell < ./db.sql
#=================================================
# RESTORE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_script_progression "Restoring system configurations related to $app..."
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_restore "/etc/php/$php_version/fpm/pool.d/$app.conf"
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
ynh_restore "/etc/fail2ban/jail.d/$app.conf"
ynh_restore "/etc/fail2ban/filter.d/$app.conf"
ynh_systemctl --action=restart --service=fail2ban
#=================================================
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
#=================================================
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
ynh_script_progression "Reloading NGINX web server and $app's service..."
ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload
ynh_systemd_action --service_name=nginx --action=reload
ynh_systemctl --service="php$php_version-fpm" --action=reload
ynh_systemctl --service=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last
ynh_script_progression "Restoration completed for $app"

29
scripts/upgrade
View file

@ -12,44 +12,41 @@ timezone=$(cat /etc/timezone)
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Upgrading source files..." --weight=3
ynh_script_progression "Upgrading source files..."
ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="config Specific"
chmod -R o-rwx "$install_dir"
chown -R "$app:www-data" "$install_dir"
ynh_setup_source --dest_dir="$install_dir" --full_replace --keep="config Specific"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:www-data" "$install_dir"
#=================================================
# REAPPLY SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
ynh_script_progression "Upgrading system configurations related to $app..."
ynh_add_fpm_config
ynh_config_add_phpfpm
ynh_add_nginx_config
ynh_config_add_nginx
# Create the logfile, required before configuring fail2ban
touch "/var/log/nginx/${domain}-error.log"
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPGRADE BAIKAL CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading the configuration file..." --weight=2
ynh_script_progression "Upgrading the configuration file..."
# We keep this to allow upgrade the config file in case it needs to be changed.
path=${path%/}
ynh_add_config --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml"
chown $app: "$install_dir/config/baikal.yaml"
chmod 640 "$install_dir/config/baikal.yaml"
ynh_config_add --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last
ynh_script_progression "Upgrade of $app completed"

130
sources/extra_files/main/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php
View file

@ -1,130 +0,0 @@
<?php
namespace Baikal\Core;
/**
* This is an abstract authentication, that allows to create external
* authentication backends. User are automatic created, when the does not exists
* in baikal (can disabled).
*
* @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
abstract class AbstractExternalAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
/**
* enable autocreation of user
*
* @var PDO
*/
protected $enableAutoCreation;
/**
* Reference to PDO connection
*
* @var PDO
*/
private $pdo;
/**
* PDO table name we'll be using
*
* @var string
*/
private $tableName;
/**
* Creates the backend object.
*
* If the filename argument is passed in, it will parse out the specified file fist.
*
* @param PDO $pdo
* @param string $realm
* @param string $tableName The PDO table name to use
*/
public function __construct(\PDO $pdo, $realm = 'BaikalDAV', $tableName = 'users') {
$this->pdo = $pdo;
$this->tableName = $tableName;
$this->enableAutoCreation = true;
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
public function validateUserPass($username, $password) {
if (!$this->validateUserPassExternal($username, $password))
return false;
$this->currentUser = $username;
if ($this->enableAutoCreation)
$this->autoUserCreation($username);
return true;
}
/**
* Validates a username and password agains external backend
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
public abstract function validateUserPassExternal($username, $password);
/**
* return the displayname and email from the external Backend
*
* @param string $username
* @return array ('displayname' => string, 'email' => string)
*/
public function getAccountValues($username) {
return array();
}
/**
* create an internal user, when user not exists
*
* @param string $username
*/
private function autoUserCreation($username) {
/* search user in DB and do nothing, when user exists */
$stmt = $this->pdo->prepare('SELECT username FROM '.$this->tableName.' WHERE username = ?');
$stmt->execute(array($username));
$result = $stmt->fetchAll();
if (count($result) != 0)
return;
/* get account values from backend */
$values = $this->getAccountValues($username);
if (!isset($values['displayname']) OR strlen($values['displayname']) === 0)
$values['displayname'] = $username;
if (!isset($values['email']) OR strlen($values['email']) === 0) {
if(filter_var($username, FILTER_VALIDATE_EMAIL))
$values['email'] = $username;
else
$values['email'] = 'unset-mail';
}
/* create user */
$user = new \Baikal\Model\User();
$user->set('username', $username);
$user->set('displayname', $values['displayname']);
$user->set('email', $values['email']);
$user->persist();
}
}

79
sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
View file

@ -1,79 +0,0 @@
<?php
namespace Baikal\Core;
use Symfony\Component\Yaml\Yaml;
/**
* This is an authentication backend that uses a ldap backend to authenticate user.
*
* @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
class LDAPUserBindAuth extends AbstractExternalAuth {
/**
* AccountValues for getAccountValues
*
* @var array ('displayname' => string, 'email' => string)
*/
private $accountValues;
/**
* Validates a username and password over ldap
*
* @param string $username
* @param string $password
* @return bool
*/
public function validateUserPassExternal($username, $password) {
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
/* create ldap connection */
$conn = ldap_connect($config['system']['dav_ldap_uri']);
if (!$conn)
return false;
if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3))
return false;
/* bind with user
* error_handler have to change, because a failed bind raises an error
* this raise a secuity issue because in the stack trace is the password of user readable
*/
$arr = explode('@', $username, 2);
$dn = str_replace('%n', $username, $config['system']['dav_ldap_dn_template']);
$dn = str_replace('%u', $arr[0], $dn);
if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn);
set_error_handler("\Baikal\Core\LDAPUserBindAuth::exception_error_handler");
$bind = ldap_bind($conn, $dn, $password);
restore_error_handler();
if (!$bind) {
ldap_close($conn);
return false;
}
/* read displayname and email from user */
$this->accountValues = array();
$dav_ldap_displayname_attr = $config['system']['dav_ldap_displayname_attr'];
$dav_ldap_email_attr = $config['system']['dav_ldap_email_attr'];
$sr = ldap_read($conn, $dn, '(objectclass=*)', array($dav_ldap_displayname_attr, $dav_ldap_email_attr));
$entry = ldap_get_entries($conn, $sr);
if (isset($entry[0][$dav_ldap_displayname_attr][0]))
$this->accountValues['displayname'] = $entry[0][$dav_ldap_displayname_attr][0];
if (isset($entry[0][$dav_ldap_email_attr][0]))
$this->accountValues['email'] = $entry[0][$dav_ldap_email_attr][0];
/* close */
ldap_close($conn);
return true;
}
public function getAccountValues($username) {
return $this->accountValues;
}
# WorkAround error_handler in failed bind of LDAP
public static function exception_error_handler($errno, $errstr, $errfile, $errline) {
}
}

102
sources/extra_files/main/bin/upgrade.sh
View file

@ -1,102 +0,0 @@
#!/usr/bin/env php
<?php
/***************************************************************
* Copyright notice
*
* (c) 2013 Jérôme Schneider <mail@jeromeschneider.fr>
* All rights reserved
*
* http://baikal-server.com
*
* This script is part of the Baïkal Server project. The Baïkal
* Server project is free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
ini_set("session.cookie_httponly", 1);
ini_set("log_errors", 1);
error_reporting(E_WARNING | E_ERROR);
define("BAIKAL_CONTEXT", true);
define("BAIKAL_CONTEXT_INSTALL", true);
define("PROJECT_CONTEXT_BASEURI", "/admin/install/");
define('PROJECT_PATH_ROOT', realpath(__DIR__ . '/..') . '/' );
if (!file_exists(PROJECT_PATH_ROOT . 'vendor/')) {
echo "Baïkal is not completely installed!\n";
exit(1);
}
require PROJECT_PATH_ROOT . "vendor/autoload.php";
use Symfony\Component\Yaml\Yaml;
# Extend VersionUpgrade for cli usage
class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade {
function run() {
try {
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
} catch (\Exception $e) {
$this->output('Error reading baikal.yaml file : ' . $e->getMessage());
}
$sBaikalVersion = BAIKAL_VERSION;
$sBaikalConfiguredVersion = $config['system']['configured_version'];
if (isset($config['system']['configured_version']) && $sBaikalConfiguredVersion === BAIKAL_VERSION) {
$this->output("Baïkal is already configured for version " . $sBaikalVersion);
return true;
} else {
$this->output("Upgrading Baïkal from version " . $sBaikalConfiguredVersion . " to version " . $sBaikalVersion);
}
try {
$bSuccess = $this->upgrade($sBaikalConfiguredVersion, BAIKAL_VERSION);
} catch (\Exception $e) {
$bSuccess = false;
$this->output("Uncaught exception during upgrade: " . (string)$e);
}
if (!empty($oUpgrade->aErrors)) {
$this->output("Some errors occured:\n" . implode("\n - ", $oUpgrade->aErrors));
}
if (!empty($oUpgrade->aSuccess)) {
$this->output(implode("\n", $oUpgrade->aSuccess));
}
if ($bSuccess === false) {
$this->output("Error: unable to upgrade Baïkal.");
} else {
$this->output("Baïkal has been upgraded!");
}
return $bSuccess;
}
function output($message) {
echo $message . "\n";
}
}
# Bootstraping Flake
\Flake\Framework::bootstrap();
# Bootstrap BaikalAdmin
\BaikalAdmin\Framework::bootstrap();
# Run the upgrade
$oUpgrade = new CLIUpgrade();
if (!$oUpgrade->run()) {
exit(1);
}

79
sources/patches/main-add-ldap-auth.patch
View file

@ -1,79 +0,0 @@
diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php
index e96fe39..b90b49e 100644
--- a/Core/Frameworks/Baikal/Core/Server.php
+++ b/Core/Frameworks/Baikal/Core/Server.php
@@ -133,8 +133,8 @@
if ($this->authType === 'Basic') {
$authBackend = new \Baikal\Core\PDOBasicAuth($this->pdo, $this->authRealm);
- } elseif ($this->authType === 'Apache') {
- $authBackend = new \Sabre\DAV\Auth\Backend\Apache();
+ } elseif ($this->authType === 'LDAP-UserBind') {
+ $authBackend = new \Baikal\Core\LDAPUserBindAuth($this->pdo, $this->authRealm);
} else {
$authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo);
$authBackend->setRealm($this->authRealm);
diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php
index 1ef5a51..32ec217 100644
--- a/Core/Frameworks/Baikal/Model/Config/Standard.php
+++ b/Core/Frameworks/Baikal/Model/Config/Standard.php
@@ -37,6 +37,26 @@
"card_enabled" => true,
"cal_enabled" => true,
"dav_auth_type" => "Digest",
+ "dav_ldap_uri" => "ldapi:///",
+ "dav_ldap_dn_template" => "uid=%n,dc=example,dc=com",
+ "dav_ldap_displayname_attr" => "cn",
+ "dav_ldap_email_attr" => "mail",
+ "dav_ldap_uri" => [
+ "type" => "string",
+ "comment" => "URI to LDAP Server (for ldap-userbind auth); default ldapi:///"
+ ],
+ "dav_ldap_dn_template" => [
+ "type" => "string",
+ "comment" => "User DN for bind; with replacments %n => username, %u => user part, %d => domain part of username"
+ ],
+ "dav_ldap_displayname_attr" => [
+ "type" => "string",
+ "comment" => "LDAP-attribute for displayname; default cn"
+ ],
+ "dav_ldap_email_attr" => [
+ "type" => "string",
+ "comment" => "LDAP-attribute for email; default mail"
+ ],
"admin_passwordhash" => "",
"failed_access_message" => "user %u authentication failure for Baikal",
// While not editable as will change admin & any existing user passwords,
@@ -79,7 +99,31 @@
$oMorpho->add(new \Formal\Element\Listbox([
"prop" => "dav_auth_type",
"label" => "WebDAV authentication type",
- "options" => ["Digest", "Basic", "Apache"],
+ "options" => ["Digest", "Basic", "LDAP-UserBind"]
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "dav_ldap_uri",
+ "label" => "LDAP URI"
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "dav_ldap_dn_template",
+ "label" => "LDAP DN template",
+ "popover" => [
+ "title" => "posible placeholder",
+ "content" => "<strong>%n</strong> - username<br /><strong>%u</strong> - user part of username , when it is an email address)<br /><strong>%d</strong> - domain part",
+ ]
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "dav_ldap_displayname_attr",
+ "label" => "LDAP attribute for DisplayName"
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "dav_ldap_email_attr",
+ "label" => "LDAP attribute for eMail"
]));
$oMorpho->add(new \Formal\Element\Password([