From 59f0fd74eb6f46c97ebaf8be8272edef96b4ef0c Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Fri, 30 Aug 2024 22:40:50 +0200 Subject: [PATCH] [autopatch] Automatic patch attempt for helpers 2.1 --- .gitignore | 2 + conf/extra_php-fpm.conf | 4 - conf/nginx.conf | 2 +- manifest.toml | 4 +- scripts/_common.sh | 16 +-- scripts/backup | 21 ++- scripts/change_url | 16 +-- scripts/install | 39 +++--- scripts/remove | 10 +- scripts/restore | 41 +++--- scripts/upgrade | 29 ++-- .../Baikal/Core/AbstractExternalAuth.php | 130 ------------------ .../Baikal/Core/LDAPUserBindAuth.php | 79 ----------- sources/extra_files/main/bin/upgrade.sh | 102 -------------- sources/patches/main-add-ldap-auth.patch | 79 ----------- 15 files changed, 82 insertions(+), 492 deletions(-) delete mode 100644 conf/extra_php-fpm.conf delete mode 100644 sources/extra_files/main/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php delete mode 100644 sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php delete mode 100755 sources/extra_files/main/bin/upgrade.sh delete mode 100644 sources/patches/main-add-ldap-auth.patch diff --git a/.gitignore b/.gitignore index f248394..995b1ae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ *~ *.sw[po] +*.sw[op] +.DS_Store diff --git a/conf/extra_php-fpm.conf b/conf/extra_php-fpm.conf deleted file mode 100644 index 700c37c..0000000 --- a/conf/extra_php-fpm.conf +++ /dev/null @@ -1,4 +0,0 @@ -; Additional php.ini defines, specific to this pool of workers. - -php_admin_value[upload_max_filesize] = 50M -php_admin_value[post_max_size] = 50M diff --git a/conf/nginx.conf b/conf/nginx.conf index e9c351e..16699df 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -21,7 +21,7 @@ location __PATH__/ { fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHP_VERSION__-fpm-__APP__.sock; } location ~ ^__PATH__/(\.ht|Core|Specific|config) { diff --git a/manifest.toml b/manifest.toml index e2513fb..22345ef 100644 --- a/manifest.toml +++ b/manifest.toml @@ -20,7 +20,8 @@ userdoc = "https://sabre.io/baikal/install/" code = "https://github.com/sabre-io/Baikal" [integration] -yunohost = ">= 11.2" +yunohost = ">= 11.2.18" +helpers_version = "2.1" architectures = "all" multi_instance = false @@ -52,6 +53,7 @@ ram.runtime = "50M" [resources.system_user] [resources.install_dir] + group = "www-data:r-x" [resources.permissions] main.url = "/" diff --git a/scripts/_common.sh b/scripts/_common.sh index 0cb0789..e861ed8 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,18 +1,14 @@ #!/bin/bash #================================================= -# COMMON VARIABLES -#================================================= - -#================================================= -# PERSONAL HELPERS +# COMMON VARIABLES AND CUSTOM HELPERS #================================================= # Check if an URL is already handled # usage: is_url_handled --domain=DOMAIN --path=PATH_URI is_url_handled() { # Declare an array to define the options of this helper. - local legacy_args=dp + #REMOVEME? local legacy_args=dp declare -Ar args_array=( [d]=domain= [p]=path= ) local domain local path @@ -39,11 +35,3 @@ is_url_handled() { return 1 fi } - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= diff --git a/scripts/backup b/scripts/backup index 2f4bc70..3e98e05 100644 --- a/scripts/backup +++ b/scripts/backup @@ -8,37 +8,34 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# DECLARE DATA AND CONF FILES TO BACKUP -#================================================= -ynh_print_info --message="Declaring files to be backed up..." +ynh_print_info "Declaring files to be backed up..." #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$install_dir" +ynh_backup "$install_dir" #================================================= # SYSTEM CONFIGURATION #================================================= -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +ynh_backup "/etc/php/$php_version/fpm/pool.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= -ynh_print_info --message="Backing up the MySQL database..." +ynh_print_info "Backing up the MySQL database..." -ynh_mysql_dump_db --database="$db_name" > db.sql +ynh_mysql_dump_db > db.sql #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index cb2b45a..dad7263 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,30 +16,30 @@ then # Check if .well-known is available for the new domain. if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" then - ynh_die --message="Another app already uses the domain $new_domain to serve a calDAV/cardDAV feature. Please use another domain." + ynh_die "Another app already uses the domain $new_domain to serve a calDAV/cardDAV feature. Please use another domain." fi fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 +ynh_script_progression "Updating NGINX web server configuration..." -ynh_change_url_nginx_config +ynh_config_change_url_nginx #================================================= # UPDATE CONFIGURATION #================================================= -ynh_script_progression --message="Updating $app configuration..." --weight=2 +ynh_script_progression "Updating $app configuration..." -ynh_backup_if_checksum_is_different --file="$install_dir/config/baikal.yaml" +ynh_backup_if_checksum_is_different "$install_dir/config/baikal.yaml" -ynh_replace_string --match_string="base_uri: '$old_path'" --replace_string="base_uri: '$new_path'" --target_file="$install_dir/config/baikal.yaml" +ynh_replace --match="base_uri: '$old_path'" --replace="base_uri: '$new_path'" --file="$install_dir/config/baikal.yaml" -ynh_store_file_checksum --file="$install_dir/config/baikal.yaml" +ynh_store_file_checksum "$install_dir/config/baikal.yaml" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index 0f11817..cba3d2a 100644 --- a/scripts/install +++ b/scripts/install @@ -12,66 +12,65 @@ source /usr/share/yunohost/helpers #================================================= timezone=$(cat /etc/timezone) -encrypt_key=$(ynh_string_random 24) +encrypt_key=$(ynh_string_random --length=24) password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1) -ynh_app_setting_set --app="$app" --key="encrypt_key" --value="$encrypt_key" -ynh_app_setting_set --app="$app" --key="password_hash" --value="$password_hash" +ynh_app_setting_set --key="encrypt_key" --value="$encrypt_key" +ynh_app_setting_set --key="password_hash" --value="$password_hash" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 +ynh_script_progression "Validating installation parameters..." # Check if .well-known is available for this domain. if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then - ynh_die --message="Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain." + ynh_die "Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain." fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=8 +ynh_script_progression "Setting up source files..." ynh_setup_source --dest_dir="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R "$app:www-data" "$install_dir" - +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:www-data" "$install_dir" #================================================= # SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 +ynh_script_progression "Adding system configurations related to $app..." -ynh_add_fpm_config +ynh_config_add_phpfpm -ynh_add_nginx_config +ynh_config_add_nginx # Create the logfile, required before configuring fail2ban touch "/var/log/nginx/${domain}-error.log" # Create a dedicated fail2ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: ' +ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: ' #================================================= # INITIALIZE DATABASE #================================================= -ynh_script_progression --message="Configuring $app..." --weight=3 +ynh_script_progression "Configuring $app..." -ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name < "$install_dir/Core/Resources/Db/MySQL/db.sql" +ynh_mysql_db_shell < "$install_dir/Core/Resources/Db/MySQL/db.sql" #================================================= # CONFIGURE BAIKAL #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression "Adding $app's configuration..." path=${path%/} -ynh_add_config --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml" +ynh_config_add --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml" -chown $app: "$install_dir/config/baikal.yaml" -chmod 640 "$install_dir/config/baikal.yaml" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml" # Disable installation touch "$install_dir/Specific/INSTALL_DISABLED" @@ -80,4 +79,4 @@ touch "$install_dir/Specific/INSTALL_DISABLED" # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index 216843d..8b4044d 100644 --- a/scripts/remove +++ b/scripts/remove @@ -10,16 +10,16 @@ source /usr/share/yunohost/helpers #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 +ynh_script_progression "Removing NGINX web server configuration..." -ynh_remove_nginx_config +ynh_config_remove_nginx -ynh_remove_fpm_config +ynh_config_remove_phpfpm -ynh_remove_fail2ban_config +ynh_config_remove_fail2ban #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index 47121dd..0032a56 100644 --- a/scripts/restore +++ b/scripts/restore @@ -11,58 +11,57 @@ source /usr/share/yunohost/helpers #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=2 +ynh_script_progression "Validating restoration parameters..." # Check if .well-known is available for this domain. if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then - ynh_die --message="Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain." + ynh_die "Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain." fi #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=3 +ynh_script_progression "Restoring the app main directory..." -ynh_restore_file --origin_path="$install_dir" - -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +ynh_restore "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R $app:www-data "$install_dir" # Set permissions -chown $app: "$install_dir/config/baikal.yaml" -chmod 640 "$install_dir/config/baikal.yaml" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml" #================================================= # RESTORE THE MYSQL DATABASE #================================================= -ynh_script_progression --message="Restoring the MySQL database..." --weight=2 +ynh_script_progression "Restoring the MySQL database..." -ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql +ynh_mysql_db_shell < ./db.sql #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 +ynh_script_progression "Restoring system configurations related to $app..." -ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +ynh_restore "/etc/php/$php_version/fpm/pool.d/$app.conf" -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban +ynh_restore "/etc/fail2ban/jail.d/$app.conf" +ynh_restore "/etc/fail2ban/filter.d/$app.conf" +ynh_systemctl --action=restart --service=fail2ban #================================================= # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 +ynh_script_progression "Reloading NGINX web server and $app's service..." -ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemctl --service="php$php_version-fpm" --action=reload +ynh_systemctl --service=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index d56f519..44fa76f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,44 +12,41 @@ timezone=$(cat /etc/timezone) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Upgrading source files..." --weight=3 +ynh_script_progression "Upgrading source files..." -ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="config Specific" - -chmod -R o-rwx "$install_dir" -chown -R "$app:www-data" "$install_dir" +ynh_setup_source --dest_dir="$install_dir" --full_replace --keep="config Specific" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir" +#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:www-data" "$install_dir" #================================================= # REAPPLY SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 +ynh_script_progression "Upgrading system configurations related to $app..." -ynh_add_fpm_config +ynh_config_add_phpfpm -ynh_add_nginx_config +ynh_config_add_nginx # Create the logfile, required before configuring fail2ban touch "/var/log/nginx/${domain}-error.log" # Create a dedicated fail2ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: ' +ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: ' -#================================================= -# SPECIFIC UPGRADE #================================================= # UPGRADE BAIKAL CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading the configuration file..." --weight=2 +ynh_script_progression "Upgrading the configuration file..." # We keep this to allow upgrade the config file in case it needs to be changed. path=${path%/} -ynh_add_config --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml" -chown $app: "$install_dir/config/baikal.yaml" -chmod 640 "$install_dir/config/baikal.yaml" +ynh_config_add --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml" +#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression "Upgrade of $app completed" diff --git a/sources/extra_files/main/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php b/sources/extra_files/main/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php deleted file mode 100644 index e7859ea..0000000 --- a/sources/extra_files/main/Core/Frameworks/Baikal/Core/AbstractExternalAuth.php +++ /dev/null @@ -1,130 +0,0 @@ - - * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License - */ -abstract class AbstractExternalAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { - - /** - * enable autocreation of user - * - * @var PDO - */ - protected $enableAutoCreation; - - /** - * Reference to PDO connection - * - * @var PDO - */ - private $pdo; - - /** - * PDO table name we'll be using - * - * @var string - */ - private $tableName; - - /** - * Creates the backend object. - * - * If the filename argument is passed in, it will parse out the specified file fist. - * - * @param PDO $pdo - * @param string $realm - * @param string $tableName The PDO table name to use - */ - public function __construct(\PDO $pdo, $realm = 'BaikalDAV', $tableName = 'users') { - - $this->pdo = $pdo; - $this->tableName = $tableName; - $this->enableAutoCreation = true; - } - - /** - * Validates a username and password - * - * This method should return true or false depending on if login - * succeeded. - * - * @param string $username - * @param string $password - * @return bool - */ - public function validateUserPass($username, $password) { - - if (!$this->validateUserPassExternal($username, $password)) - return false; - - $this->currentUser = $username; - if ($this->enableAutoCreation) - $this->autoUserCreation($username); - - return true; - } - - /** - * Validates a username and password agains external backend - * - * This method should return true or false depending on if login - * succeeded. - * - * @param string $username - * @param string $password - * @return bool - */ - public abstract function validateUserPassExternal($username, $password); - - /** - * return the displayname and email from the external Backend - * - * @param string $username - * @return array ('displayname' => string, 'email' => string) - */ - public function getAccountValues($username) { - - return array(); - } - - /** - * create an internal user, when user not exists - * - * @param string $username - */ - private function autoUserCreation($username) { - - /* search user in DB and do nothing, when user exists */ - $stmt = $this->pdo->prepare('SELECT username FROM '.$this->tableName.' WHERE username = ?'); - $stmt->execute(array($username)); - $result = $stmt->fetchAll(); - if (count($result) != 0) - return; - - /* get account values from backend */ - $values = $this->getAccountValues($username); - if (!isset($values['displayname']) OR strlen($values['displayname']) === 0) - $values['displayname'] = $username; - if (!isset($values['email']) OR strlen($values['email']) === 0) { - if(filter_var($username, FILTER_VALIDATE_EMAIL)) - $values['email'] = $username; - else - $values['email'] = 'unset-mail'; - } - - /* create user */ - $user = new \Baikal\Model\User(); - $user->set('username', $username); - $user->set('displayname', $values['displayname']); - $user->set('email', $values['email']); - $user->persist(); - } - -} diff --git a/sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php b/sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php deleted file mode 100644 index d558a78..0000000 --- a/sources/extra_files/main/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php +++ /dev/null @@ -1,79 +0,0 @@ - - * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License - */ -class LDAPUserBindAuth extends AbstractExternalAuth { - - /** - * AccountValues for getAccountValues - * - * @var array ('displayname' => string, 'email' => string) - */ - private $accountValues; - - /** - * Validates a username and password over ldap - * - * @param string $username - * @param string $password - * @return bool - */ - public function validateUserPassExternal($username, $password) { - $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); - - /* create ldap connection */ - $conn = ldap_connect($config['system']['dav_ldap_uri']); - if (!$conn) - return false; - if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3)) - return false; - - /* bind with user - * error_handler have to change, because a failed bind raises an error - * this raise a secuity issue because in the stack trace is the password of user readable - */ - $arr = explode('@', $username, 2); - $dn = str_replace('%n', $username, $config['system']['dav_ldap_dn_template']); - $dn = str_replace('%u', $arr[0], $dn); - if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn); - - set_error_handler("\Baikal\Core\LDAPUserBindAuth::exception_error_handler"); - $bind = ldap_bind($conn, $dn, $password); - restore_error_handler(); - if (!$bind) { - ldap_close($conn); - return false; - } - - /* read displayname and email from user */ - $this->accountValues = array(); - $dav_ldap_displayname_attr = $config['system']['dav_ldap_displayname_attr']; - $dav_ldap_email_attr = $config['system']['dav_ldap_email_attr']; - $sr = ldap_read($conn, $dn, '(objectclass=*)', array($dav_ldap_displayname_attr, $dav_ldap_email_attr)); - $entry = ldap_get_entries($conn, $sr); - if (isset($entry[0][$dav_ldap_displayname_attr][0])) - $this->accountValues['displayname'] = $entry[0][$dav_ldap_displayname_attr][0]; - if (isset($entry[0][$dav_ldap_email_attr][0])) - $this->accountValues['email'] = $entry[0][$dav_ldap_email_attr][0]; - - /* close */ - ldap_close($conn); - return true; - } - - public function getAccountValues($username) { - - return $this->accountValues; - } - - # WorkAround error_handler in failed bind of LDAP - public static function exception_error_handler($errno, $errstr, $errfile, $errline) { - } -} diff --git a/sources/extra_files/main/bin/upgrade.sh b/sources/extra_files/main/bin/upgrade.sh deleted file mode 100755 index b77d96b..0000000 --- a/sources/extra_files/main/bin/upgrade.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env php - -* All rights reserved -* -* http://baikal-server.com -* -* This script is part of the Baïkal Server project. The Baïkal -* Server project is free software; you can redistribute it -* and/or modify it under the terms of the GNU General Public -* License as published by the Free Software Foundation; either -* version 2 of the License, or (at your option) any later version. -* -* The GNU General Public License can be found at -* http://www.gnu.org/copyleft/gpl.html. -* -* This script is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* This copyright notice MUST APPEAR in all copies of the script! -***************************************************************/ - -ini_set("session.cookie_httponly", 1); -ini_set("log_errors", 1); -error_reporting(E_WARNING | E_ERROR); - -define("BAIKAL_CONTEXT", true); -define("BAIKAL_CONTEXT_INSTALL", true); -define("PROJECT_CONTEXT_BASEURI", "/admin/install/"); - -define('PROJECT_PATH_ROOT', realpath(__DIR__ . '/..') . '/' ); - -if (!file_exists(PROJECT_PATH_ROOT . 'vendor/')) { - echo "Baïkal is not completely installed!\n"; - exit(1); -} - -require PROJECT_PATH_ROOT . "vendor/autoload.php"; -use Symfony\Component\Yaml\Yaml; - -# Extend VersionUpgrade for cli usage -class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade { - - function run() { - try { - $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); - } catch (\Exception $e) { - $this->output('Error reading baikal.yaml file : ' . $e->getMessage()); - } - - $sBaikalVersion = BAIKAL_VERSION; - $sBaikalConfiguredVersion = $config['system']['configured_version']; - - if (isset($config['system']['configured_version']) && $sBaikalConfiguredVersion === BAIKAL_VERSION) { - $this->output("Baïkal is already configured for version " . $sBaikalVersion); - return true; - } else { - $this->output("Upgrading Baïkal from version " . $sBaikalConfiguredVersion . " to version " . $sBaikalVersion); - } - - try { - $bSuccess = $this->upgrade($sBaikalConfiguredVersion, BAIKAL_VERSION); - } catch (\Exception $e) { - $bSuccess = false; - $this->output("Uncaught exception during upgrade: " . (string)$e); - } - if (!empty($oUpgrade->aErrors)) { - $this->output("Some errors occured:\n" . implode("\n - ", $oUpgrade->aErrors)); - } - if (!empty($oUpgrade->aSuccess)) { - $this->output(implode("\n", $oUpgrade->aSuccess)); - } - if ($bSuccess === false) { - $this->output("Error: unable to upgrade Baïkal."); - } else { - $this->output("Baïkal has been upgraded!"); - } - - return $bSuccess; - } - - function output($message) { - echo $message . "\n"; - } -} - -# Bootstraping Flake -\Flake\Framework::bootstrap(); - -# Bootstrap BaikalAdmin -\BaikalAdmin\Framework::bootstrap(); - -# Run the upgrade -$oUpgrade = new CLIUpgrade(); -if (!$oUpgrade->run()) { - exit(1); -} diff --git a/sources/patches/main-add-ldap-auth.patch b/sources/patches/main-add-ldap-auth.patch deleted file mode 100644 index d5849b7..0000000 --- a/sources/patches/main-add-ldap-auth.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php -index e96fe39..b90b49e 100644 ---- a/Core/Frameworks/Baikal/Core/Server.php -+++ b/Core/Frameworks/Baikal/Core/Server.php -@@ -133,8 +133,8 @@ - - if ($this->authType === 'Basic') { - $authBackend = new \Baikal\Core\PDOBasicAuth($this->pdo, $this->authRealm); -- } elseif ($this->authType === 'Apache') { -- $authBackend = new \Sabre\DAV\Auth\Backend\Apache(); -+ } elseif ($this->authType === 'LDAP-UserBind') { -+ $authBackend = new \Baikal\Core\LDAPUserBindAuth($this->pdo, $this->authRealm); - } else { - $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); - $authBackend->setRealm($this->authRealm); -diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php -index 1ef5a51..32ec217 100644 ---- a/Core/Frameworks/Baikal/Model/Config/Standard.php -+++ b/Core/Frameworks/Baikal/Model/Config/Standard.php -@@ -37,6 +37,26 @@ - "card_enabled" => true, - "cal_enabled" => true, - "dav_auth_type" => "Digest", -+ "dav_ldap_uri" => "ldapi:///", -+ "dav_ldap_dn_template" => "uid=%n,dc=example,dc=com", -+ "dav_ldap_displayname_attr" => "cn", -+ "dav_ldap_email_attr" => "mail", -+ "dav_ldap_uri" => [ -+ "type" => "string", -+ "comment" => "URI to LDAP Server (for ldap-userbind auth); default ldapi:///" -+ ], -+ "dav_ldap_dn_template" => [ -+ "type" => "string", -+ "comment" => "User DN for bind; with replacments %n => username, %u => user part, %d => domain part of username" -+ ], -+ "dav_ldap_displayname_attr" => [ -+ "type" => "string", -+ "comment" => "LDAP-attribute for displayname; default cn" -+ ], -+ "dav_ldap_email_attr" => [ -+ "type" => "string", -+ "comment" => "LDAP-attribute for email; default mail" -+ ], - "admin_passwordhash" => "", - "failed_access_message" => "user %u authentication failure for Baikal", - // While not editable as will change admin & any existing user passwords, -@@ -79,7 +99,31 @@ - $oMorpho->add(new \Formal\Element\Listbox([ - "prop" => "dav_auth_type", - "label" => "WebDAV authentication type", -- "options" => ["Digest", "Basic", "Apache"], -+ "options" => ["Digest", "Basic", "LDAP-UserBind"] -+ ])); -+ -+ $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "dav_ldap_uri", -+ "label" => "LDAP URI" -+ ])); -+ -+ $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "dav_ldap_dn_template", -+ "label" => "LDAP DN template", -+ "popover" => [ -+ "title" => "posible placeholder", -+ "content" => "%n - username
%u - user part of username , when it is an email address)
%d - domain part", -+ ] -+ ])); -+ -+ $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "dav_ldap_displayname_attr", -+ "label" => "LDAP attribute for DisplayName" -+ ])); -+ -+ $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "dav_ldap_email_attr", -+ "label" => "LDAP attribute for eMail" - ])); - - $oMorpho->add(new \Formal\Element\Password([