Authentification par jeton

tags/0.1.1
Daniel Berteaud 12 years ago
parent e77fa51fba
commit 7cd552118b
  1. 7
      createlinks
  2. 1
      root/etc/e-smith/db/accounts/defaults/admin/SqlLogin
  3. 12
      root/etc/e-smith/db/accounts/migrate/98AdminSqlPass
  4. 3
      root/etc/e-smith/templates.metadata/etc/phpMyAdmin/sso.inc.php
  5. 24
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98phpMyAdmin
  6. 6
      root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/10All
  7. 19
      root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/10All
  8. 1
      root/etc/e-smith/templates/var/lib/lemonldap-ng/conf/lmConf/075phpMyadmin
  9. 22
      root/usr/share/phpMyAdmin/sso.php

@ -3,11 +3,16 @@
use esmith::Build::CreateLinks qw(:all); use esmith::Build::CreateLinks qw(:all);
foreach my $event (qw/bootstrap-console-save webapps-update ipasserelle-update/){ foreach my $event (qw/bootstrap-console-save webapps-update ipasserelle-update/){
templates2events("/etc/phpMyAdmin/config.inc.php", $event);
event_link("ipasserelle-pma-init-domain", "$event", "25"); event_link("ipasserelle-pma-init-domain", "$event", "25");
} }
foreach my $event (qw/bootstrap-console-save webapps-update/){
templates2events("/etc/phpMyAdmin/config.inc.php", $event);
templates2events("/etc/phpMyAdmin/sso.inc.php", $event);
}
# PHP header and footer # PHP header and footer
safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/template-begin"); safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/template-begin");
safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/template-end"); safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/etc/phpMyAdmin/config.inc.php/template-end");
safe_symlink("/etc/e-smith/templates-default/template-begin-php", "root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/template-begin");
safe_symlink("/etc/e-smith/templates-default/template-end-php", "root/etc/e-smith/templates/etc/phpMyAdmin/sso.inc.php/template-end");

@ -0,0 +1,12 @@
{
use esmith::util;
my $admin = $DB->get('admin') || return;
my $pw = $admin->prop('SqlPassword');
unless ($pw){
$admin->set_prop('SqlPassword', esmith::util::LdapPassword());
}
}

@ -19,6 +19,30 @@ $OUT .=<<"END";
php_admin_value openbase_dir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin php_admin_value openbase_dir /usr/share/phpMyAdmin:/etc/phpMyAdmin:/var/lib/phpMyAdmin
</Directory> </Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
END END
} }
else { else {

@ -19,9 +19,9 @@ $cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '/var/lib/mysql/mysql.sock'; $cfg['Servers'][$i]['socket'] = '/var/lib/mysql/mysql.sock';
$cfg['Servers'][$i]['connect_type'] = 'socket'; $cfg['Servers'][$i]['connect_type'] = 'socket';
$cfg['Servers'][$i]['extension'] = 'mysqli'; $cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'config'; $cfg['Servers'][$i]['auth_type'] = 'signon';
$cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['SignonSession'] = 'SignonSession';
$cfg['Servers'][$i]['password'] = '{$pw}'; $cfg['Servers'][$i]['SignonURL'] = '/sso.php';
/* End of servers configuration */ /* End of servers configuration */

@ -0,0 +1,19 @@
{
use Digest::SHA1 qw(sha1_hex);
use esmith::AccountsDB;
my $a = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
$OUT .= "// login and password for MySQL access\n";
foreach my $u ($a->users,$a->get('admin')){
my $user = $u->key;
my $login = $u->prop('SqlLogin') || '';
my $pass = $u->prop('SqlPassword') || '';
next unless (($login ne '') && ($pass ne ''));
$OUT .= "// Credentials for $user\n";
$OUT .= '$login["'.$user.'"] = "'.$login."\";\n";
$OUT .= '$password["'.$user.'"] = "'.$pass."\";\n";
}
}

@ -9,7 +9,6 @@ $conf->{'locationRules'}->{"sql.$domain"} = {
'default' => '$groups =~ /\\badmins\\b/', 'default' => '$groups =~ /\\badmins\\b/',
} unless ($conf->{'locationRules'}->{"sql.$domain"}); } unless ($conf->{'locationRules'}->{"sql.$domain"});
$conf->{'applicationList'}->{'030admin'}->{'phpmyadmin'} = { $conf->{'applicationList'}->{'030admin'}->{'phpmyadmin'} = {
'options' => { 'options' => {
'logo' => 'database.png', 'logo' => 'database.png',

@ -0,0 +1,22 @@
<?php
require('/etc/phpMyAdmin/sso.inc.php');
if(isset($_SERVER['REMOTE_USER']) && isset($login[$_SERVER['REMOTE_USER']]) && isset($password[$_SERVER['REMOTE_USER']])) {
session_set_cookie_params(0, '/', '', 0);
session_name('SignonSession');
session_start();
$_SESSION['PMA_single_signon_user'] = $login[$_SERVER['REMOTE_USER']];
$_SESSION['PMA_single_signon_password'] = $password[$_SERVER['REMOTE_USER']];
session_write_close();
header('Location: /index.php?server=1');
}
else {
// This location is forbiden
// So it will just display the access denied
// msg from LemonLDAP
header('Location: /libraries');
}
?>
Loading…
Cancel
Save