From 52cda8789e986abbc5fe577d2b080a53904eba60 Mon Sep 17 00:00:00 2001 From: Alan Garcia Date: Fri, 1 Mar 2013 10:31:23 +0000 Subject: [PATCH] SSO avec PhpMyAdmin sans cookie, avec le SSO officiel MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PhpMyAdmin sait gérer X serveurs MySQL Le SSO depuis le panel permet de se loguer sur le bon serveur de l'utilisateur Tentative de login sur le serveur SSO renvoie sur le meme form, mais avec le serveur suivant --- .gitattributes | 2 +- bureau/admin/adm_db_servers.php | 3 ++ .../admin/{sql_admin.php => sql_pma_sso.php} | 28 ++++++++-------- bureau/class/config.php | 1 + bureau/class/m_mysql.php | 10 +++--- .../templates/alternc/phpmyadmin.inc.php | 32 +++++-------------- install/alternc.install | 13 ++++++++ 7 files changed, 45 insertions(+), 44 deletions(-) rename bureau/admin/{sql_admin.php => sql_pma_sso.php} (75%) diff --git a/.gitattributes b/.gitattributes index f182ccda..0895e7cf 100644 --- a/.gitattributes +++ b/.gitattributes @@ -316,7 +316,6 @@ bureau/admin/powered_by_alternc2.png -text bureau/admin/quota_show.php -text bureau/admin/quotas_oneuser.php -text bureau/admin/quotas_users.php -text -bureau/admin/sql_admin.php -text bureau/admin/sql_bck.php -text bureau/admin/sql_del.php -text bureau/admin/sql_doadd.php -text @@ -324,6 +323,7 @@ bureau/admin/sql_dobck.php -text bureau/admin/sql_dorestore.php -text bureau/admin/sql_getparam.php -text bureau/admin/sql_list.php -text +bureau/admin/sql_pma_sso.php -text bureau/admin/sql_restore.php -text bureau/admin/sql_users_add.php -text bureau/admin/sql_users_del.php -text diff --git a/bureau/admin/adm_db_servers.php b/bureau/admin/adm_db_servers.php index 8998e382..142858c2 100644 --- a/bureau/admin/adm_db_servers.php +++ b/bureau/admin/adm_db_servers.php @@ -74,6 +74,9 @@ foreach ( $lst_db_servers as $l) { echo "

"; __("To add a database server, do an INSERT into the db_servers table"); echo "

"; +echo "

"; +__("To update the list of the server on the PhpMyAdmin login page, launch alternc.install"); +echo "

"; include_once('foot.php'); ?> diff --git a/bureau/admin/sql_admin.php b/bureau/admin/sql_pma_sso.php similarity index 75% rename from bureau/admin/sql_admin.php rename to bureau/admin/sql_pma_sso.php index 567acd1e..90c3fb9e 100644 --- a/bureau/admin/sql_admin.php +++ b/bureau/admin/sql_pma_sso.php @@ -28,26 +28,26 @@ ---------------------------------------------------------------------- */ require_once("../class/config.php"); -// include_once ("head.php"); if (!$r=$mysql->php_myadmin_connect()) { $error=$err->errstr(); } else { - setcookie("REMOTE_USER",$r[0]["login"],0,"/"); - setcookie("REMOTE_PASSWORD",$r[0]["pass"],0,"/"); - if ($lang) $l="&lang=".substr($lang,0,2); - // TODO : make it an absolute url ! (even in httpS :)) - header("Location: /alternc-sql/index.php?server=3"); - exit(); + // SSO of PhpMyAdmin + $_SESSION['PMA_single_signon_user'] = $r["login"]; + $_SESSION['PMA_single_signon_password'] = $r["pass"]; + $_SESSION['PMA_single_signon_host'] = $r["host"]; // pma >= 2.11 + + // finally redirect to phpMyAdmin : + header("Location: /alternc-sql/"); + exit(); } include_once("head.php"); +echo '

'._("SQL Admin").'

'; + +if (!empty($error)) { + echo "

$error

"; +} +include_once("foot.php"); ?> -

-$error

"; - } -?> - diff --git a/bureau/class/config.php b/bureau/class/config.php index d6ddd891..3c10fdd6 100644 --- a/bureau/class/config.php +++ b/bureau/class/config.php @@ -33,6 +33,7 @@ if (file_exists('/etc/alternc/alternc_display_php_error')) { ini_set('display_errors', true); } +session_name('AlternC_Panel'); session_start(); /* diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php index eb4c78dd..f12fc784 100644 --- a/bureau/class/m_mysql.php +++ b/bureau/class/m_mysql.php @@ -116,7 +116,7 @@ class m_mysql { $obj['links'][] = array ( 'txt' => _("PhpMyAdmin"), - 'url' => "sql_admin.php", + 'url' => "sql_pma_sso.php", 'target' => '_blank', ); } @@ -161,16 +161,16 @@ class m_mysql { function php_myadmin_connect(){ global $db,$cuid,$err; $err->log("mysql","php_myadmin_connect"); - $db->query("SELECT name,password FROM dbusers WHERE uid='$cuid' and enable='ADMIN';"); + $db->query("SELECT dbu.name,dbu.password, dbs.host FROM dbusers dbu, db_servers dbs, membres m WHERE dbu.uid='$cuid' and enable='ADMIN' and dbs.id=m.db_server_id and m.uid='$cuid';"); if (!$db->num_rows()) { $err->raise("mysql",_("Cannot connect to PhpMyAdmin")); return false; } $db->next_record(); - $info=array(); - $info[]=array( + $info=array( "login"=>$db->f("name"), - "pass"=>$db->f("password") + "pass"=>$db->f("password"), + "host"=>$db->f("host") ); return $info; } diff --git a/etc/alternc/templates/alternc/phpmyadmin.inc.php b/etc/alternc/templates/alternc/phpmyadmin.inc.php index f28dca8d..3180317c 100644 --- a/etc/alternc/templates/alternc/phpmyadmin.inc.php +++ b/etc/alternc/templates/alternc/phpmyadmin.inc.php @@ -19,7 +19,6 @@ * /etc/phpmyadmin/config.inc.php */ -include_once('/usr/share/alternc/panel/class/local.php'); $cfg['SuhosinDisableWarning'] = true; $cfg['ShowCreateDb'] = false; $cfg['ShowChgPassword'] = false; @@ -28,29 +27,14 @@ $cfg['blowfish_secret'] = '%%PHPMYADMIN_BLOWFISH%%'; $i = 1; -// Usual auth with web form -$cfg['Servers'][$i]['host'] = $GLOBALS['L_MYSQL_HOST']; // MySQL hostname or IP address -$cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket') -$cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)? -$cfg['Servers'][$i]['hide_db'] = 'information_schema'; - -$i++; -// Usual auth with web form -// two time same thing for backward compatibility -$cfg['Servers'][$i]['host'] = $GLOBALS['L_MYSQL_HOST']; // MySQL hostname or IP address -$cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket') -$cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)? -$cfg['Servers'][$i]['hide_db'] = 'information_schema'; - - -$i++; // Magic auth with AlternC -$cfg['Servers'][$i]['host'] = $GLOBALS['L_MYSQL_HOST']; // MySQL hostname or IP address +// If SSO doesn't work, redirect to the second server $cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket') -$cfg['Servers'][$i]['auth_type'] = 'config'; // Authentication method (config, http or cookie based)? -$cfg['Servers'][$i]['user'] = $_COOKIE["REMOTE_USER"]; ; // MySQL user -$cfg['Servers'][$i]['password'] = $_COOKIE["REMOTE_PASSWORD"]; ; // MySQL password (only needed -$cfg['Servers'][$i]['hide_db'] = 'information_schema'; +$cfg['Servers'][$i]['hide_db'] = 'information_schema'; +$cfg['Servers'][$i]['auth_type'] = 'signon'; +$cfg['Servers'][$i]['SignonSession'] = 'AlternC_Panel'; // must be the same as AlternC Panel +$cfg['Servers'][$i]['verbose'] = 'Single Sign On virtual server'; // human name +$cfg['Servers'][$i]['SignonURL'] = '/alternc-sql/index.php?server=2'; // if login fail, where to go ? +$cfg['Servers'][$i]['LogoutURL'] = '/index.php'; // go to panel main page when you logout - -?> +// Start the auto-generated list of db-server by alternc.install diff --git a/install/alternc.install b/install/alternc.install index d0dce6d7..d14cd047 100644 --- a/install/alternc.install +++ b/install/alternc.install @@ -375,6 +375,19 @@ if ! grep -e "${include_str/\"/\\\"}" $pma_config > /dev/null 2>&1; then echo "$include_str;" >> $pma_config fi +# Le template de /etc/alternc/phpmyadmin.inc.php viens d'être réappliqué, on +# regénére la liste des serveurs MySQL disponible dedans. +mysql_query "select id,host,name from db_servers;" | while read id host name ; do +echo " +// Server #$id in db_servers +\$i++; +\$cfg['Servers'][\$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket') +\$cfg['Servers'][\$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)? +\$cfg['Servers'][\$i]['hide_db'] = 'information_schema'; +\$cfg['Servers'][\$i]['verbose'] = '$name'; // human name +\$cfg['Servers'][\$i]['host'] = '$host'; // MySQL hostname or IP address +" >> '/etc/alternc/phpmyadmin.inc.php' +done # Reload incron. Useless, but who know? SERVICES="$SERVICES incron"