From 7cd552118bef4aff40e5a08dc1dac583199f46c5 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 10 Oct 2012 15:05:24 +0200 Subject: [PATCH] Authentification par jeton --- createlinks | 7 ++++++- .../e-smith/db/accounts/defaults/admin/SqlLogin | 1 + .../etc/e-smith/db/accounts/migrate/98AdminSqlPass | 12 +++++++++++ .../templates.metadata/etc/phpMyAdmin/sso.inc.php | 3 +++ .../etc/httpd/conf/httpd.conf/98phpMyAdmin | 24 ++++++++++++++++++++++ .../templates/etc/phpMyAdmin/config.inc.php/10All | 6 +++--- .../templates/etc/phpMyAdmin/sso.inc.php/10All | 19 +++++++++++++++++ .../var/lib/lemonldap-ng/conf/lmConf/075phpMyadmin | 1 - root/usr/share/phpMyAdmin/sso.php | 22 ++++++++++++++++++++ 9 files changed, 90 insertions(+), 5 deletions(-) create mode 100644 root/etc/e-smith/db/accounts/defaults/admin/SqlLogin create mode 100644 root/etc/e-smith/db/accounts/migrate/98AdminSqlPass create mode 100644 root/etc/e-smith/templates.metadata/etc/phpMyAdmin/sso.inc.php create mode 100644 root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All create mode 100644 root/usr/share/phpMyAdmin/sso.php diff --git a/createlinks b/createlinks index 7e44eb6..e483218 100644 --- a/createlinks +++ b/createlinks @@ -3,11 +3,16 @@ use esmith::Build::CreateLinks qw(:all); foreach my $event (qw/bootstrap-console-save webapps-update ipasserelle-update/){ - templates2events("/etc/phpMyAdmin/config.inc.php", $event); event_link("ipasserelle-pma-init-domain", "$event", "25"); } +foreach my $event (qw/bootstrap-console-save webapps-update/){ + templates2events("/etc/phpMyAdmin/config.inc.php", $event); + templates2events("/etc/phpMyAdmin/sso.inc.php", $event); +} # PHP header and footer safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/template-begin"); safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/template-end"); +safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/template-begin"); +safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/template-end"); diff --git a/root/etc/e-smith/db/accounts/defaults/admin/SqlLogin b/root/etc/e-smith/db/accounts/defaults/admin/SqlLogin new file mode 100644 index 0000000..d8649da --- /dev/null +++ b/root/etc/e-smith/db/accounts/defaults/admin/SqlLogin @@ -0,0 +1 @@ +root diff --git a/root/etc/e-smith/db/accounts/migrate/98AdminSqlPass b/root/etc/e-smith/db/accounts/migrate/98AdminSqlPass new file mode 100644 index 0000000..5f2f804 --- /dev/null +++ b/root/etc/e-smith/db/accounts/migrate/98AdminSqlPass @@ -0,0 +1,12 @@ +{ + +use esmith::util; + +my $admin = $DB->get('admin') || return; +my $pw = $admin->prop('SqlPassword'); + +unless ($pw){ + $admin->set_prop('SqlPassword', esmith::util::LdapPassword()); +} + +} diff --git a/root/etc/e-smith/templates.metadata/etc/phpMyAdmin/sso.inc.php b/root/etc/e-smith/templates.metadata/etc/phpMyAdmin/sso.inc.php new file mode 100644 index 0000000..b916d35 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/phpMyAdmin/sso.inc.php @@ -0,0 +1,3 @@ +UID="root" +GID="www" +PERMS=0640 diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98phpMyAdmin b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98phpMyAdmin index 1f8a3fa..1a27007 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98phpMyAdmin +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98phpMyAdmin @@ -19,6 +19,30 @@ $OUT .=<<"END"; php_admin_value openbase_dir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin + + Order Deny,Allow + Deny from All + Allow from None + + + + Order Deny,Allow + Deny from All + Allow from None + + + + Order Deny,Allow + Deny from All + Allow from None + + + + Order Deny,Allow + Deny from All + Allow from None + + END } else { diff --git a/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/10All b/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/10All index f6bab91..0cdd13a 100644 --- a/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/10All +++ b/root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/10All @@ -19,9 +19,9 @@ $cfg['Servers'][$i]['port'] = ''; $cfg['Servers'][$i]['socket'] = '/var/lib/mysql/mysql.sock'; $cfg['Servers'][$i]['connect_type'] = 'socket'; $cfg['Servers'][$i]['extension'] = 'mysqli'; -$cfg['Servers'][$i]['auth_type'] = 'config'; -$cfg['Servers'][$i]['user'] = 'root'; -$cfg['Servers'][$i]['password'] = '{$pw}'; +$cfg['Servers'][$i]['auth_type'] = 'signon'; +$cfg['Servers'][$i]['SignonSession'] = 'SignonSession'; +$cfg['Servers'][$i]['SignonURL'] = '/sso.php'; /* End of servers configuration */ diff --git a/root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All b/root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All new file mode 100644 index 0000000..f510273 --- /dev/null +++ b/root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All @@ -0,0 +1,19 @@ +{ + +use Digest::SHA1 qw(sha1_hex); +use esmith::AccountsDB; +my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n"; + +$OUT .= "// login and password for MySQL access\n"; + +foreach my $u ($a->users,$a->get('admin')){ + my $user = $u->key; + my $login = $u->prop('SqlLogin') || ''; + my $pass = $u->prop('SqlPassword') || ''; + next unless (($login ne '') && ($pass ne '')); + $OUT .= "// Credentials for $user\n"; + $OUT .= '$login["'.$user.'"] = "'.$login."\";\n"; + $OUT .= '$password["'.$user.'"] = "'.$pass."\";\n"; +} + +} diff --git a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/075phpMyadmin b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/075phpMyadmin index b996223..04b2fce 100644 --- a/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/075phpMyadmin +++ b/root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/075phpMyadmin @@ -9,7 +9,6 @@ $conf->{'locationRules'}->{"sql.$domain"} = { 'default' => '$groups =~ /\\badmins\\b/', } unless ($conf->{'locationRules'}->{"sql.$domain"}); - $conf->{'applicationList'}->{'030admin'}->{'phpmyadmin'} = { 'options' => { 'logo' => 'database.png', diff --git a/root/usr/share/phpMyAdmin/sso.php b/root/usr/share/phpMyAdmin/sso.php new file mode 100644 index 0000000..1c6fa72 --- /dev/null +++ b/root/usr/share/phpMyAdmin/sso.php @@ -0,0 +1,22 @@ + +