The branch, master has been updated via 8149492cbeb3d485561ff55718441664c127a59b (commit) via c7abc975560450513879091ea99d535c6b674c9c (commit) via d0d236fd6219bbfac03fab208010c23e839eeef1 (commit) from 360e24c6f96758ab2287371ada3b05fec2033f4d (commit)

- Log ----------------------------------------------------------------- commit 8149492cbeb3d485561ff55718441664c127a59b Author: Michal Čihař mcihar@novell.com Date: Wed Mar 2 13:46:43 2011 +0100

rfe #1640812 [auth] Add example for OpenID authentication using signon method.

commit c7abc975560450513879091ea99d535c6b674c9c Author: Michal Čihař mcihar@novell.com Date: Wed Mar 2 13:39:17 2011 +0100

Fix typo

commit d0d236fd6219bbfac03fab208010c23e839eeef1 Author: Michal Čihař mcihar@novell.com Date: Wed Mar 2 11:44:57 2011 +0100

rfe #2936155 [auth] Allow to pass additional parameters using signon method.

-----------------------------------------------------------------------

Summary of changes: ChangeLog | 2 + Documentation.html | 4 +- libraries/auth/signon.auth.lib.php | 10 ++ scripts/openid.php | 161 ++++++++++++++++++++++++++++++++++++ scripts/signon.php | 4 +- 5 files changed, 179 insertions(+), 2 deletions(-) create mode 100644 scripts/openid.php

diff --git a/ChangeLog b/ChangeLog index 9503204..29dafd6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -141,6 +141,8 @@ - patch #3176420 [Search] Ajaxify browse and delete criteria in DB Search, thanks to Thilanka Kaushalya - [interface] New default theme pmahomme, dropped darkblue_orange theme. +- rfe #2936155 [auth] Allow to pass additional parameters using signon method. +- rfe #1640812 [auth] Add example for OpenID authentication using signon method.

3.3.10.0 (not yet released) - patch #3147400 [structure] Aria table size printed as unknown, diff --git a/Documentation.html b/Documentation.html index 956f677..3c40382 100644 --- a/Documentation.html +++ b/Documentation.html @@ -758,7 +758,9 @@ since this link provides funding for phpMyAdmin. as introduced in 2.10.0 allows you to log in from prepared PHP session data. This is useful for implementing single signon from another application. Sample way how to seed session is in - signon example: <code>scripts/signon.php</code>. You need to + signon example: <code>scripts/signon.php</code>. There is also + alternative example using OpenID - + <code>scripts/openid.php</code>. You need to configure <a href="#cfg_Servers_SignonSession" class="configrule">session name</a> and <a href="#cfg_Servers_SignonURL" class="configrule">signon diff --git a/libraries/auth/signon.auth.lib.php b/libraries/auth/signon.auth.lib.php index 8480c46..6eb0ead 100644 --- a/libraries/auth/signon.auth.lib.php +++ b/libraries/auth/signon.auth.lib.php @@ -63,6 +63,9 @@ function PMA_auth_check() /* Current port */ $single_signon_port = $GLOBALS['cfg']['Server']['port'];

+ /* No configuration updates */ + $single_signon_cfgupdate = array(); + /* Are we requested to do logout? */ $do_logout = !empty($_REQUEST['old_usr']);

@@ -104,6 +107,10 @@ function PMA_auth_check() $single_signon_port = $_SESSION['PMA_single_signon_port']; }

+ if (isset($_SESSION['PMA_single_signon_cfgupdate'])) { + $single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate']; + } +

/* Also get token as it is needed to access subpages */ if (isset($_SESSION['PMA_single_signon_token'])) { @@ -127,6 +134,9 @@ function PMA_auth_check() /* Set the single signon port */ $GLOBALS['cfg']['Server']['port'] = $single_signon_port;

+ /* Configuration update */ + $GLOBALS['cfg']['Server'] = array_merge($GLOBALS['cfg']['Server'], $single_signon_cfgupdate); + /* Restore our token */ if (!empty($pma_token)) { $_SESSION[' PMA_token '] = $pma_token; diff --git a/scripts/openid.php b/scripts/openid.php new file mode 100644 index 0000000..b354088 --- /dev/null +++ b/scripts/openid.php @@ -0,0 +1,161 @@ +<?php +/* vim: set expandtab sw=4 ts=4 sts=4: */ +/** + * Single signon for phpMyAdmin using OpenID + * + * This is just example how to use single signon with phpMyAdmin, it is + * not intended to be perfect code and look, only shows how you can + * integrate this functionality in your application. + * + * It uses OpenID pear package, see http://pear.php.net/package/OpenID + * + * User first authenticates using OpenID and based on content of $AUTH_MAP + * the login information is passed to phpMyAdmin in session data. + * + * @package phpMyAdmin + * @subpackage Example + */ + +require_once 'OpenID/RelyingParty.php'; +require_once 'OpenID/Discover.php'; +require_once 'OpenID/Store.php'; +require_once 'OpenID/Extension/SREG10.php'; +require_once 'OpenID/Extension/SREG11.php'; +require_once 'OpenID/Extension/AX.php'; +require_once 'OpenID/Extension/UI.php'; +require_once 'OpenID/Extension/OAuth.php'; +require_once 'OpenID/Message.php'; +require_once 'OpenID/Observer/Log.php'; +require_once 'Net/URL2.php'; + +/* Map of authenticated users to MySQL user/password pairs */ +$AUTH_MAP = array( + 'http://launchpad.net/~username' => array( + 'user' => 'root', + 'password' => '', + ), + ); + +/** + * Simple function to show HTML page with given content. + */ +function show_page($contents) { + header('Content-Type: text/html; charset=utf-8'); + echo '<?xml version="1.0" encoding="utf-8"?>' . "\n"; + ?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> +<head> + <link rel="icon" href="../favicon.ico" type="image/x-icon" /> + <link rel="shortcut icon" href="../favicon.ico" type="image/x-icon" /> + <title>phpMyAdmin OpenID signon example</title> +</head> +<body> +<?php +if (isset($_SESSION) && isset($_SESSION['PMA_single_signon_error_message'])) { + echo '<p class="error">' . $_SESSION['PMA_single_signon_message'] . '</p>'; + unset($_SESSION['PMA_single_signon_message']); +} +echo $contents; +?> +</body> +</html> +<?php +} + +/* Need to have cookie visible from parent directory */ +session_set_cookie_params(0, '/', '', 0); +/* Create signon session */ +$session_name = 'SignonSession'; +session_name($session_name); +session_start(); + +// Determine realm and return_to +$base = 'http'; +if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { + $base .= 's'; +} +$base .= '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT']; + +$realm = $base . '/'; +$returnTo = $base . dirname($_SERVER['PHP_SELF']); +if ($returnTo[strlen($returnTo) - 1] != '/') { + $returnTo .= '/'; +} +$returnTo .= 'openid.php'; + +/* Display form */ +if (!count($_GET) && !count($_POST) || isset($_GET['phpMyAdmin'])) { + /* Show simple form */ + $content = '<form action="openid.php" method="post"> +OpenID: <input type="text" name="identifier" /><br /> +<input type="submit" name="start" /> +</form> +</body> +</html>'; + show_page($content); + exit; +} + +/* Grab identifier */ +if (isset($_POST['identifier'])) { + $identifier = $_POST['identifier']; +} else if (isset($_SESSION['identifier'])) { + $identifier = $_SESSION['identifier']; +} else { + $identifier = null; +} + +/* Create OpenID object */ +try { + $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); +} catch (OpenID_Exception $e) { + $contents = "<div class='relyingparty_results'>\n"; + $contents .= "<pre>" . $e->getMessage() . "</pre>\n"; + $contents .= "</div class='relyingparty_results'>"; + show_page($contents); + exit; +} + +/* Redirect to OpenID provider */ +if (isset($_POST['start'])) { + try { + $authRequest = $o->prepare(); + } catch (OpenID_Exception $e) { + $contents = "<div class='relyingparty_results'>\n"; + $contents .= "<pre>" . $e->getMessage() . "</pre>\n"; + $contents .= "</div class='relyingparty_results'>"; + show_page($contents); + exit; + } + + $url = $authRequest->getAuthorizeURL(); + + header("Location: $url"); + exit; +} else { + /* Grab query string */ + if (!count($_POST)) { + list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); + } else { + // I hate php sometimes + $queryString = file_get_contents('php://input'); + } + + /* Check reply */ + $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); + + $id = $message->get('openid.claimed_id'); + + if (!empty($id) && isset($AUTH_MAP[$id])) { + $_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user']; + $_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password']; + session_write_close(); + /* Redirect to phpMyAdmin (should use absolute URL here!) */ + header('Location: ../index.php'); + } else { + show_page('<p>User not allowed!</p>'); + exit; + } +} diff --git a/scripts/signon.php b/scripts/signon.php index d2aac58..acb5f7d 100644 --- a/scripts/signon.php +++ b/scripts/signon.php @@ -24,6 +24,8 @@ if (isset($_POST['user'])) { $_SESSION['PMA_single_signon_password'] = $_POST['password']; $_SESSION['PMA_single_signon_host'] = $_POST['host']; $_SESSION['PMA_single_signon_port'] = $_POST['port']; + /* Update another field of server configuration */ + $_SESSION['PMA_single_signon_cfgupdate'] = array('verbose' => 'Signon test'); $id = session_id(); /* Close that session */ session_write_close(); @@ -45,7 +47,7 @@ if (isset($_POST['user'])) { <body> <?php if (isset($_SESSION['PMA_single_signon_error_message'])) { - echo '<p class="error">' . $_SESSION['PMA_single_signon_port'] . '</p>'; + echo '<p class="error">' . $_SESSION['PMA_single_signon_message'] . '</p>'; } ?> <form action="signon.php" method="post">

hooks/post-receive