![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] Is LJ::LDAP planned to be used?
[commit: http://hg.dwscoalition.org/dw-free/rev/6dd5f7c17c23]
http://bugs.dwscoalition.org/show_bug.cgi?id=1788
Remove unused code.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
kareila.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=1788
Remove unused code.
Patch by
kareila.Files modified:
- cgi-bin/LJ/ConfCheck/General.pm
- cgi-bin/LJ/LDAP.pm
- cgi-bin/LJ/User.pm
- cgi-bin/ljlib.pl
- doc/raw/build/ljconfig/ljconfig2db.pl
- doc/raw/lj.book/admin/create_users.xml
- etc/config.pl
- htdocs/login.bml
- htdocs/logout.bml
- t/00-compile.t
--------------------------------------------------------------------------------
diff -r f34920fb3665 -r 6dd5f7c17c23 cgi-bin/LJ/ConfCheck/General.pm
--- a/cgi-bin/LJ/ConfCheck/General.pm Fri Jun 25 15:06:36 2010 +0800
+++ b/cgi-bin/LJ/ConfCheck/General.pm Fri Jun 25 15:08:51 2010 +0800
@@ -501,19 +501,7 @@ add_conf('$MAX_FRIENDS_VIEW_AGE',
add_conf('$MAX_FRIENDS_VIEW_AGE',
type => '',
des => "");
-add_conf('$LDAP_HOST',
- type => '',
- des => "");
-add_conf('$LDAP_UID',
- type => '',
- des => "");
-add_conf('$LDAP_BASE',
- type => '',
- des => "");
add_conf('%COMMON_CODE',
- type => '',
- des => "");
-add_conf('$AUTH_EXISTS',
type => '',
des => "");
add_conf('%FORCE_EMPTY_FRIENDS',
@@ -610,9 +598,6 @@ add_conf('%MOGILEFS_PREF_IP',
type => '',
des => "");
add_conf('$SLOPPY_FRIENDS_THRESHOLD',
- type => '',
- des => "");
-add_conf('$AUTH_CHECK',
type => '',
des => "");
add_conf('$WORK_REPORT_HOST',
diff -r f34920fb3665 -r 6dd5f7c17c23 cgi-bin/LJ/LDAP.pm
--- a/cgi-bin/LJ/LDAP.pm Fri Jun 25 15:06:36 2010 +0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-#!/usr/bin/perl
-#
-# This code was forked from the LiveJournal project owned and operated
-# by Live Journal, Inc. The code has been modified and expanded by
-# Dreamwidth Studios, LLC. These files were originally licensed under
-# the terms of the license supplied by Live Journal, Inc, which can
-# currently be found at:
-#
-# http://code.livejournal.org/trac/livejournal/browser/trunk/LICENSE-LiveJournal.txt
-#
-# In accordance with the original license, this code and all its
-# modifications are provided under the GNU General Public License.
-# A copy of that license can be found in the LICENSE file included as
-# part of this distribution.
-
-
-package LJ::LDAP;
-
-use strict;
-use Net::LDAP;
-use Digest::MD5 qw(md5);
-use Digest::SHA1 qw(sha1);
-use MIME::Base64;
-
-sub load_ldap_user {
- my ($user) = @_;
- return undef unless $user =~ /^[\w ]+$/;
-
- my $ldap = Net::LDAP->new($LJ::LDAP_HOST)
- or return undef;
- my $mesg = $ldap->bind; # an anonymous bind
-
- my $uid = $LJ::LDAP_UID || "uid";
-
- my $urec = $ldap->search( # perform a search
- base => $LJ::LDAP_BASE,
- scope => "sub",
- filter => "$uid=$user",
- #filter => "(&(sn=Barr) (o=Texas Instruments))"
- )->pop_entry
- or return undef;
-
- my $up = $urec->get_value('userPassword')
- or return undef;
-
- my ($nick, $email) = ($urec->get_value('gecos'), $urec->get_value('mailLocalAddress'));
- unless ($nick && $email) {
- $@ = "Necessary information not found in LDAP record: name=$nick; email=$email";
- return undef;
- }
-
- # $res comes out as...?
- my $res = {
- name => $user,
- nick => $nick,
- email => $email,
- ldap_pass => $up,
- };
-
- return $res;
-}
-
-sub is_good_ldap
-{
- my ($user, $pass) = @_;
- my $lrec = load_ldap_user($user)
- or return undef;
-
- # get auth type and data, then decode it
- return undef unless $lrec->{ldap_pass} =~ /^\{(\w+)\}(.+)$/;
- my ($auth, $data) = ($1, decode_base64($2));
-
- if ($auth eq 'MD5') {
- unless ($data eq md5($pass)) {
- $@ = "Password mismatch (MD5) from LDAP server; is your password correct?";
- return undef;
- }
- } elsif ($auth eq 'SSHA') {
- my $salt = substr($data, 20);
- my $orig = substr($data, 0, 20);
- unless ($orig eq sha1($pass, $salt)) {
- $@ = "Password mismatch (SSHA) from LDAP server; is your password correct?";
- return undef;
- }
-
- } elsif ($auth eq 'SMD5') {
- # this didn't work
- my $salt = substr($data, 16);
- my $orig = substr($data, 0, 16);
- unless ($orig eq md5($pass, $salt)) {
- $@ = "Password mismatch (SMD5) from LDAP server; is your password correct?";
- return undef;
- }
-
- } else {
- print STDERR "Unsupported LDAP auth method: $auth\n";
- $@ = "userPassword field from LDAP server not of supported format; type: $auth"
-;
- return undef;
- }
-
- return $lrec;
-}
-
-
-1;
-
diff -r f34920fb3665 -r 6dd5f7c17c23 cgi-bin/LJ/User.pm
--- a/cgi-bin/LJ/User.pm Fri Jun 25 15:06:36 2010 +0800
+++ b/cgi-bin/LJ/User.pm Fri Jun 25 15:08:51 2010 +0800
@@ -6161,15 +6161,6 @@ sub get_userid {
my $dbr = LJ::get_db_reader();
$userid = $dbr->selectrow_array("SELECT userid FROM useridmap WHERE user=?", undef, $user);
- # implicitly create an account if we're using an external
- # auth mechanism
- if (! $userid && ref $LJ::AUTH_EXISTS eq "CODE")
- {
- $userid = LJ::create_account({ 'user' => $user,
- 'name' => $user,
- 'password' => '', });
- }
-
if ($userid) {
$LJ::CACHE_USERID{$user} = $userid;
LJ::MemCache::set("uidof:$user", $userid);
@@ -6283,35 +6274,6 @@ sub load_user {
# try to load from master if using memcache, otherwise from slave
$u = $get_user->(scalar @LJ::MEMCACHE_SERVERS);
return $u if $u;
-
- # setup LDAP handler if this is the first time
- if ($LJ::LDAP_HOST && ! $LJ::AUTH_EXISTS) {
- require LJ::LDAP;
- $LJ::AUTH_EXISTS = sub {
- my $user = shift;
- my $rec = LJ::LDAP::load_ldap_user($user);
- return $rec ? $rec : undef;
- };
- }
-
- # if user doesn't exist in the LJ database, it's possible we're using
- # an external authentication source and we should create the account
- # implicitly.
- my $lu;
- if (ref $LJ::AUTH_EXISTS eq "CODE" && ($lu = $LJ::AUTH_EXISTS->($user)))
- {
- my $name = ref $lu eq "HASH" ? ($lu->{'nick'} || $lu->{name} || $user) : $user;
- if (LJ::create_account({
- 'user' => $user,
- 'name' => $name,
- 'email' => ref $lu eq "HASH" ? $lu->email_raw : "",
- 'password' => "",
- }))
- {
- # this should pull from the master, since it was _just_ created
- return $get_user->("master");
- }
- }
return undef;
}
diff -r f34920fb3665 -r 6dd5f7c17c23 cgi-bin/ljlib.pl
--- a/cgi-bin/ljlib.pl Fri Jun 25 15:06:36 2010 +0800
+++ b/cgi-bin/ljlib.pl Fri Jun 25 15:08:51 2010 +0800
@@ -833,10 +833,7 @@ sub load_state_city_for_zip {
# must be present, and either the "actual" argument (the correct
# password) must be set, or the first argument must be a user
# object ($u) with the 'password' key set. This is the preferred
-# way to validate a password (as opposed to doing it by hand),
-# since <strong>this</strong> function will use a pluggable
-# authenticator, if one is defined, so LiveJournal installations
-# can be based off an LDAP server, for example.
+# way to validate a password (as opposed to doing it by hand).
# returns: boolean; 1 if authentication succeeded, 0 on failure
# args: u, clear, md5, actual?, ip_banned?
# des-clear: Clear text password the client is sending. (need this or md5)
@@ -876,24 +873,6 @@ sub auth_okay
LJ::handle_bad_login($u);
return 0;
};
-
- # setup this auth checker for LDAP
- if ($LJ::LDAP_HOST && ! $LJ::AUTH_CHECK) {
- require LJ::LDAP;
- $LJ::AUTH_CHECK = sub {
- my ($user, $try, $type) = @_;
- die unless $type eq "clear";
- return LJ::LDAP::is_good_ldap($user, $try);
- };
- }
-
- ## custom authorization:
- if (ref $LJ::AUTH_CHECK eq "CODE") {
- my $type = $md5 ? "md5" : "clear";
- my $try = $md5 || $clear;
- my $good = $LJ::AUTH_CHECK->($user, $try, $type);
- return $good || $bad_login->();
- }
## LJ default authorization:
return 0 unless $actual;
diff -r f34920fb3665 -r 6dd5f7c17c23 doc/raw/build/ljconfig/ljconfig2db.pl
--- a/doc/raw/build/ljconfig/ljconfig2db.pl Fri Jun 25 15:06:36 2010 +0800
+++ b/doc/raw/build/ljconfig/ljconfig2db.pl Fri Jun 25 15:08:51 2010 +0800
@@ -404,18 +404,6 @@ my %ljconfig =
'external_pluggable_auth' => {
'name' => "External and Pluggable Authorization Support",
- 'ldap_base' => {
- 'desc' => "The <acronym>DN</acronym> unique identifiers go here. This is a required setting for &ldap; (Lightweight Directory Access Protocol) support.",
- 'example' => "ou=People,dc=exampleorg,dc=com;",
- },
- 'ldap_host' => {
- 'desc' => "The host &uri; goes here. It accepts anything that the <systemitem>Net::LDAP</systemitem> constructor takes. This is a required setting for &ldap; support.",
- 'example' => "ldap.example.com;",
- },
- 'ldap_uid' => {
- 'desc' => "An optional field containing the username. It defaults to 'uid'.",
- 'example' => "uid;",
- },
'openid_compat' => {
'desc' => "Support pre-1.0 &openid; specs as well as final spec.",
},
diff -r f34920fb3665 -r 6dd5f7c17c23 doc/raw/lj.book/admin/create_users.xml
--- a/doc/raw/lj.book/admin/create_users.xml Fri Jun 25 15:06:36 2010 +0800
+++ b/doc/raw/lj.book/admin/create_users.xml Fri Jun 25 15:08:51 2010 +0800
@@ -13,6 +13,6 @@
</para>
<para>
If your service is live, simply visit <filename>/create.bml</filename>. With this page, you can create as many users as you like.
- If you are using &ldap;, you should instead create accounts in your &ldap; external authorization source.</para>
+ </para>
</chapter>
diff -r f34920fb3665 -r 6dd5f7c17c23 etc/config.pl
--- a/etc/config.pl Fri Jun 25 15:06:36 2010 +0800
+++ b/etc/config.pl Fri Jun 25 15:08:51 2010 +0800
@@ -759,13 +759,6 @@
# that they must be public styles
);
- # optional LDAP support
- # required:
- # $LJ::LDAP_HOST = "ldap.example.com"; # anything that the Net::LDAP constructor takes
- # $LJ::LDAP_BASE = "ou=People,dc=exampleorg,dc=com";
- # optional:
- # $LJ::LDAP_UID = "uid"; # field containing the username. defaults to "uid".
-
# if you know that your installation is behind a proxy or other fence that inserts
# X-Forwarded-For headers that you can trust (eg Perlbal), enable this. otherwise, don't!
# $TRUST_X_HEADERS = 1;
diff -r f34920fb3665 -r 6dd5f7c17c23 htdocs/login.bml
--- a/htdocs/login.bml Fri Jun 25 15:06:36 2010 +0800
+++ b/htdocs/login.bml Fri Jun 25 15:08:51 2010 +0800
@@ -98,9 +98,6 @@ _c?>
my $login_html = sub {
my $nojs = $GET{'nojs'};
-
- # can't do challenge/response with LDAP.
- $nojs = 1 if $LJ::LDAP_HOST;
my $getextra = $nojs ? '?nojs=1' : '';
diff -r f34920fb3665 -r 6dd5f7c17c23 htdocs/logout.bml
--- a/htdocs/logout.bml Fri Jun 25 15:06:36 2010 +0800
+++ b/htdocs/logout.bml Fri Jun 25 15:08:51 2010 +0800
@@ -26,9 +26,6 @@ _c?>
my $user = $POST{'user'} || $GET{'user'};
my $sessid = $POST{'sessid'} || $GET{'sessid'};
my $nojs = $GET{'nojs'};
-
- # can't do challenge/response with LDAP.
- $nojs = 1 if $LJ::LDAP_HOST;
my $logged_out_html = sub {
my $username = $u ? $u->display_username : $user;
diff -r f34920fb3665 -r 6dd5f7c17c23 t/00-compile.t
--- a/t/00-compile.t Fri Jun 25 15:06:36 2010 +0800
+++ b/t/00-compile.t Fri Jun 25 15:08:51 2010 +0800
@@ -13,7 +13,6 @@ my $dir = File::Temp::tempdir( CLEANUP =
# instead of waiting them to be fixed we are skipping them for now
# They should be fixed or marked why they cannot run.
my %SKIP = (
- 'LJ/LDAP.pm' => 'bug 1788 needs Net::LDAP',
'LJ/ConfCheck/General.pm' => 'needs to be integrated into LJ::ConfCheck',
'Test/FakeApache.pm' => 'needs Apache::Constants',
--------------------------------------------------------------------------------