DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:authmysql:gallery2

Gallery2

Configuration for authMySQL Auth plugin to authenticate with Gallery2, which let's do:

  • Only basic authentication
  • No user modification/adding. This assumes that all user/group accounts will be created and maintained through Gallery2.

Tested on:

  • Gallery version 2.2.1 core 1.2.0.1 – DokuWiki version 2007-06-26b
  • Gallery version 2.2.4 core 1.2.0.6 – DokuWiki version 2008-05-05

Password hashing similar to Gallery2

FIXME where snippet should be added.

Hashing

Gallery2 stores passwords md5encrypted with salt as the first 4 chars. The code below is the function with which Gallery2 creates its passwords:

    /**
     * Create a hashed password using md5 plus salt.
     * @param string $password plaintext password
     * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
     * @return string hashed password
     */
    function md5Salt($password, $salt='') {
        if (empty($salt)) {
            for ($i = 0; $i < 4; $i++) {
                $char = mt_rand(48, 109);
                $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
                $salt .= chr($char);
            }
        } else {
            $salt = substr($salt, 0, 4);
        }
        return $salt . md5($salt . $password);
    }
Detect password hashing

FIXME is moved to inc/PassHash.class.php

Due to how gallery stores its passwords as stated above, none of DokuWikis built-in-encryptions work so one must edit the function auth_verifyPassword in inc/auth.php:

...
  }elseif($len == 32){
    $method = 'md5';
  }elseif($len == 36){  //gallery2 md5 with salt
    $method = 'md5';
    $privatesalt = substr($crypt,0,4);
    $clear = $privatesalt.$clear;
    $crypt = substr($crypt, 4, 32);
  }elseif($len == 40){
    $method = 'sha1';
...

Configuration

Use the Config Manager or add it to the conf/local.protected.php to store the config protected.

conf/local.protected.php
<?php
/**
 * Gallery2 configuration for MySQL Auth Plugin
 * See https://www.dokuwiki.org/plugin:authmysql:gallery2 for details and explanation
 */
 
/* Options to configure database access. You need to set up this
 * options carefully, otherwise you won't be able to access you
 * database.
 */
$conf['plugin']['authmysql']['server']   = '';
$conf['plugin']['authmysql']['user']     = '';
$conf['plugin']['authmysql']['password'] = '';
$conf['plugin']['authmysql']['database'] = '';
 
/* This option enables debug messages in the mysql module. It is
 * mostly usefull for system admins.
 */
$conf['plugin']['authmysql']['debug'] = 0;
 
/* Normally password encryption is done by DokuWiki (recommended) but for
 * some reasons it might be useful to let the database do the encryption.
 * Set 'forwardClearPass' to '1' and the cleartext password is forwarded to
 * the database, otherwise the encrypted one.
 */
$conf['plugin']['authmysql']['forwardClearPass'] = 0;
 
/* Multiple table operations will be protected by locks. This array tells
 * the module which tables to lock. If you use any aliases for table names
 * these array must also contain these aliases. Any unnamed alias will cause
 * a warning during operation. See the example below.
 */
$conf['plugin']['authmysql']['TablesToLock']= array("g2_User", "g2_User AS u","g2_Group", "g2_Group AS g", "g2_UserGroupMap", "g2_UserGroupMap AS ug");
 
/***********************************************************************/
/*       Basic SQL statements for user authentication (required)       */
/***********************************************************************/
 
/* This statement is used to grant or deny access to the wiki. The result
 * should be a table with exact one line containing at least the password
 * of the user. If the result table is empty or contains more than one
 * row, access will be denied.
 *
 * The module access the password as 'pass' so a alias might be necessary.
 *
 * Following patters will be replaced:
 *   %{user}    user name
 *   %{pass}    encrypted or clear text password (depends on 'encryptPass')
 *   %{dgroup}  default group name
 */
$conf['plugin']['authmysql']['checkPass']   = "SELECT g_hashedPassword AS pass
                                               FROM g2_UserGroupMap AS ug
                                               JOIN g2_User AS u ON u.g_id=ug.g_userId
                                               JOIN g2_Group AS g ON g.g_id=ug.g_groupId
                                               WHERE g_userName='%{user}'
                                                 AND g_groupName='%{dgroup}'";
 
/* This statement should return a table with exact one row containing
 * information about one user. The field needed are:
 * 'pass'  containing the encrypted or clear text password
 * 'name'  the user's full name
 * 'mail'  the user's email address
 *
 * Keep in mind that DokuWiki will access this information through the
 * names listed above so aliases might be necessary.
 *
 * Following patters will be replaced:
 *   %{user}    user name
 */
$conf['plugin']['authmysql']['getUserInfo'] = "SELECT g_hashedPassword AS pass, g_fullName AS name, g_email AS mail
                                               FROM g2_User
                                               WHERE g_userName='%{user}'";
 
/* This statement is used to get all groups a user is member of. The
 * result should be a table containing all groups the given user is
 * member of. The module access the group name as 'group' so a alias
 * might be necessary.
 *
 * Following patters will be replaced:
 *   %{user}    user name
 */
$conf['plugin']['authmysql']['getGroups']   = "SELECT g_groupName as `group`
                                               FROM g2_Group g, g2_User u, g2_UserGroupMap ug
                                               WHERE u.g_id = ug.g_userId
                                                 AND g.g_id = ug.g_groupId
                                                 AND u.g_userName='%{user}'";
 
/***********************************************************************/
/*      Additional minimum SQL statements to use the user manager      */
/***********************************************************************/
 
/* This statement should return a table containing all user login names
 * that meet certain filter criteria. The filter expressions will be added
 * case dependent by the module. At the end a sort expression will be added.
 * Important is that this list contains no double entries for a user. Each
 * user name is only allowed once in the table.
 *
 * The login name will be accessed as 'user' to a alias might be necessary.
 * No patterns will be replaced in this statement but following patters
 * will be replaced in the filter expressions:
 *   %{user}    in FilterLogin  user's login name
 *   %{name}    in FilterName   user's full name
 *   %{email}   in FilterEmail  user's email address
 *   %{group}   in FilterGroup  group name
 */
$conf['plugin']['authmysql']['getUsers']    = "SELECT DISTINCT g_userName AS user
                                               FROM g2_User AS u
                                               LEFT JOIN g2_UserGroupMap AS ug ON u.g_id=ug.g_userId
                                               LEFT JOIN g2_Group AS g ON ug.g_groupId=g.g_id";
$conf['plugin']['authmysql']['FilterLogin'] = "g_userName LIKE '%{user}'";
$conf['plugin']['authmysql']['FilterName']  = "g_fullName LIKE '%{name}'";
$conf['plugin']['authmysql']['FilterEmail'] = "g_email LIKE '%{email}'";
$conf['plugin']['authmysql']['FilterGroup'] = "g_groupName LIKE '%{group}'";
$conf['plugin']['authmysql']['SortOrder']   = "ORDER BY g_userName";
 
/***********************************************************************/
/*   Additional SQL statements to add new users with the user manager  */
/***********************************************************************/
 
/* This statement should add a user to the database. Minimum information
 * to store are: login name, password, email address and full name.
 *
 * Following patterns will be replaced:
 *   %{user}    user's login name
 *   %{pass}    password (encrypted or clear text, depends on 'encryptPass')
 *   %{email}   email address
 *   %{name}    user's full name
 */
$conf['plugin']['authmysql']['addUser']     = ""; /*"INSERT INTO users
                                               (login, pass, email, firstname, lastname)
                                               VALUES ('%{user}', '%{pass}', '%{email}',
                                               SUBSTRING_INDEX('%{name}',' ', 1),
                                               SUBSTRING_INDEX('%{name}',' ', -1))";
*/
/* This statement should add a group to the database.
 * Following patterns will be replaced:
 *   %{group}   group name
 */
$conf['plugin']['authmysql']['addGroup']    = ""; /*"INSERT INTO groups (name)
                                               VALUES ('%{group}')";
*/
/* This statement should connect a user to a group (a user become member
 * of that group).
 * Following patterns will be replaced:
 *   %{user}    user's login name
 *   %{uid}             id of a user dataset
 *   %{group}   group name
 *   %{gid}             id of a group dataset
 */
$conf['plugin']['authmysql']['addUserGroup']= ""; /*"INSERT INTO usergroup (uid, gid)
                                               VALUES ('%{uid}', '%{gid}')";
*/
/* This statement should remove a group from the database.
 * Following patterns will be replaced:
 *   %{group}   group name
 *   %{gid}             id of a group dataset
 */
$conf['plugin']['authmysql']['delGroup']    = ""; /*"DELETE FROM groups
                                               WHERE gid='%{gid}'";
*/
/* This statement should return the database index of a given user name.
 * The module will access the index with the name 'id' so a alias might be
 * necessary.
 * following patters will be replaced:
 *   %{user}    user name
 */
$conf['plugin']['authmysql']['getUserID']   = ""; /*"SELECT uid AS id
                                               FROM users
                                               WHERE login='%{user}'";
*/
 
/***********************************************************************/
/*   Additional SQL statements to delete users with the user manager   */
/***********************************************************************/
 
/* This statement should remove a user from the database.
 * Following patterns will be replaced:
 *   %{user}    user's login name
 *   %{uid}             id of a user dataset
 */
$conf['plugin']['authmysql']['delUser']     = ""; /*"DELETE FROM users
                                               WHERE uid='%{uid}'";
*/
/* This statement should remove all connections from a user to any group
 * (a user quits membership of all groups).
 * Following patterns will be replaced:
 *   %{uid}             id of a user dataset
 */
$conf['plugin']['authmysql']['delUserRefs'] = ""; /*"DELETE FROM usergroup
                                               WHERE uid='%{uid}'";
*/
/***********************************************************************/
/*   Additional SQL statements to modify users with the user manager   */
/***********************************************************************/
 
/* This statements should modify a user entry in the database. The
 * statements UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be
 * added to updateUser on demand. Only changed parameters will be used.
 *
 * Following patterns will be replaced:
 *   %{user}    user's login name
 *   %{pass}    password (encrypted or clear text, depends on 'encryptPass')
 *   %{email}   email address
 *   %{name}    user's full name
 *   %{uid}     user id that should be updated
 */
$conf['plugin']['authmysql']['updateUser']  = ""; //"UPDATE users SET";
$conf['plugin']['authmysql']['UpdateLogin'] = ""; //"login='%{user}'";
$conf['plugin']['authmysql']['UpdatePass']  = ""; //"pass='%{pass}'";
$conf['plugin']['authmysql']['UpdateEmail'] = ""; //"email='%{email}'";
$conf['plugin']['authmysql']['UpdateName']  = ""; //"firstname=SUBSTRING_INDEX('%{name}',' ', 1),
                                                  //lastname=SUBSTRING_INDEX('%{name}',' ', -1)";
$conf['plugin']['authmysql']['UpdateTarget']= ""; //"WHERE uid=%{uid}";
 
/* This statement should remove a single connection from a user to a
 * group (a user quits membership of that group).
 *
 * Following patterns will be replaced:
 *   %{user}    user's login name
 *   %{uid}             id of a user dataset
 *   %{group}   group name
 *   %{gid}             id of a group dataset
 */
$conf['plugin']['authmysql']['delUserGroup']= ""; /*"DELETE FROM usergroup
                                               WHERE uid='%{uid}'
                                                 AND gid='%{gid}'";
*/
/* This statement should return the database index of a given group name.
 * The module will access the index with the name 'id' so a alias might
 * be necessary.
 *
 * Following patters will be replaced:
 *   %{group}   group name
 */
$conf['plugin']['authmysql']['getGroupID']  = "SELECT g_id AS id
                                               FROM g2_Group
                                               WHERE g_groupName='%{group}'";

Anders Runeson 2007-07-23 15:24

plugin/authmysql/gallery2.txt · Last modified: 2013-02-10 15:06 by Klap-in