25 Oct
2005
25 Oct
'05
3:05 p.m.
Bugzilla 2.18.3 vendor drop
Added: vendor/bugzilla/
Added: vendor/bugzilla/current/
Added: vendor/bugzilla/current/1x1.gif
Added: vendor/bugzilla/current/Bugzilla/
Added: vendor/bugzilla/current/Bugzilla/.cvsignore
Added: vendor/bugzilla/current/Bugzilla/Attachment.pm
Added: vendor/bugzilla/current/Bugzilla/Auth/
Added: vendor/bugzilla/current/Bugzilla/Auth/CGI.pm
Added: vendor/bugzilla/current/Bugzilla/Auth/Cookie.pm
Added: vendor/bugzilla/current/Bugzilla/Auth/DB.pm
Added: vendor/bugzilla/current/Bugzilla/Auth/LDAP.pm
Added: vendor/bugzilla/current/Bugzilla/Auth.pm
Added: vendor/bugzilla/current/Bugzilla/Bug.pm
Added: vendor/bugzilla/current/Bugzilla/BugMail.pm
Added: vendor/bugzilla/current/Bugzilla/CGI.pm
Added: vendor/bugzilla/current/Bugzilla/Chart.pm
Added: vendor/bugzilla/current/Bugzilla/Config.pm
Added: vendor/bugzilla/current/Bugzilla/Constants.pm
Added: vendor/bugzilla/current/Bugzilla/DB.pm
Added: vendor/bugzilla/current/Bugzilla/Error.pm
Added: vendor/bugzilla/current/Bugzilla/Flag.pm
Added: vendor/bugzilla/current/Bugzilla/FlagType.pm
Added: vendor/bugzilla/current/Bugzilla/RelationSet.pm
Added: vendor/bugzilla/current/Bugzilla/Search.pm
Added: vendor/bugzilla/current/Bugzilla/Series.pm
Added: vendor/bugzilla/current/Bugzilla/Template/
Added: vendor/bugzilla/current/Bugzilla/Template/Plugin/
Added: vendor/bugzilla/current/Bugzilla/Template/Plugin/Bugzilla.pm
Added: vendor/bugzilla/current/Bugzilla/Template/Plugin/Hook.pm
Added: vendor/bugzilla/current/Bugzilla/Template.pm
Added: vendor/bugzilla/current/Bugzilla/Token.pm
Added: vendor/bugzilla/current/Bugzilla/User.pm
Added: vendor/bugzilla/current/Bugzilla/Util.pm
Added: vendor/bugzilla/current/Bugzilla.pm
Added: vendor/bugzilla/current/CGI.pl
Added: vendor/bugzilla/current/QUICKSTART
Added: vendor/bugzilla/current/README
Added: vendor/bugzilla/current/UPGRADING
Added: vendor/bugzilla/current/UPGRADING-pre-2.8
Added: vendor/bugzilla/current/ant.jpg
Added: vendor/bugzilla/current/attachment.cgi
Added: vendor/bugzilla/current/buglist.cgi
Added: vendor/bugzilla/current/bugzilla.dtd
Added: vendor/bugzilla/current/chart.cgi
Added: vendor/bugzilla/current/checksetup.pl
Added: vendor/bugzilla/current/colchange.cgi
Added: vendor/bugzilla/current/collectstats.pl
Added: vendor/bugzilla/current/config.cgi
Added: vendor/bugzilla/current/contrib/
Added: vendor/bugzilla/current/contrib/BugzillaEmail.pm
Added: vendor/bugzilla/current/contrib/README
Added: vendor/bugzilla/current/contrib/README.Mailif
Added: vendor/bugzilla/current/contrib/bug_email.pl
Added: vendor/bugzilla/current/contrib/bugmail_help.html
Added: vendor/bugzilla/current/contrib/bugzilla-submit/
Added: vendor/bugzilla/current/contrib/bugzilla-submit/README
Added: vendor/bugzilla/current/contrib/bugzilla-submit/bugdata.txt
Added: vendor/bugzilla/current/contrib/bugzilla-submit/bugzilla-submit
Added:
vendor/bugzilla/current/contrib/bugzilla-submit/bugzilla-submit.xml
Added: vendor/bugzilla/current/contrib/bugzilla.procmailrc
Added: vendor/bugzilla/current/contrib/bugzilla_email_append.pl
Added: vendor/bugzilla/current/contrib/bugzilla_ldapsync.rb
Added: vendor/bugzilla/current/contrib/cmdline/
Added: vendor/bugzilla/current/contrib/cmdline/bugcount
Added: vendor/bugzilla/current/contrib/cmdline/bugids
Added: vendor/bugzilla/current/contrib/cmdline/buglist
Added: vendor/bugzilla/current/contrib/cmdline/bugs
Added: vendor/bugzilla/current/contrib/cmdline/bugslink
Added: vendor/bugzilla/current/contrib/cmdline/makequery
Added: vendor/bugzilla/current/contrib/cmdline/query.conf
Added: vendor/bugzilla/current/contrib/cvs-update.pl
Added: vendor/bugzilla/current/contrib/gnats2bz.pl
Added: vendor/bugzilla/current/contrib/gnatsparse/
Added: vendor/bugzilla/current/contrib/gnatsparse/README
Added: vendor/bugzilla/current/contrib/gnatsparse/gnatsparse.py
Added: vendor/bugzilla/current/contrib/gnatsparse/magic.py
Added: vendor/bugzilla/current/contrib/gnatsparse/specialuu.py
Added: vendor/bugzilla/current/contrib/jb2bz.py
Added: vendor/bugzilla/current/contrib/mysqld-watcher.pl
Added: vendor/bugzilla/current/contrib/sendbugmail.pl
Added: vendor/bugzilla/current/contrib/sendunsentbugmail.pl
Added: vendor/bugzilla/current/contrib/syncLDAP.pl
Added: vendor/bugzilla/current/contrib/yp_nomail.sh
Added: vendor/bugzilla/current/createaccount.cgi
Added: vendor/bugzilla/current/css/
Added: vendor/bugzilla/current/css/buglist.css
Added: vendor/bugzilla/current/css/duplicates.css
Added: vendor/bugzilla/current/css/global.css
Added: vendor/bugzilla/current/css/panel.css
Added: vendor/bugzilla/current/css/show_multiple.css
Added: vendor/bugzilla/current/defparams.pl
Added: vendor/bugzilla/current/describecomponents.cgi
Added: vendor/bugzilla/current/describekeywords.cgi
Added: vendor/bugzilla/current/docs/
Added: vendor/bugzilla/current/docs/.cvsignore
Added: vendor/bugzilla/current/docs/README.docs
Added: vendor/bugzilla/current/docs/html/
Added: vendor/bugzilla/current/docs/html/Bugzilla-Guide.html
Added: vendor/bugzilla/current/docs/html/about.html
Added: vendor/bugzilla/current/docs/html/administration.html
[truncated at 100 lines; 364 more skipped]
_____
Added: vendor/bugzilla/current/1x1.gif
(Binary files differ)
Property changes on: vendor/bugzilla/current/1x1.gif
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
_____
Added: vendor/bugzilla/current/Bugzilla/.cvsignore
--- vendor/bugzilla/current/Bugzilla/.cvsignore 2005-10-25 14:03:20 UTC
(rev 18767)
+++ vendor/bugzilla/current/Bugzilla/.cvsignore 2005-10-25 15:05:06 UTC
(rev 18768)
@@ -0,0 +1 @@
+.htaccess
Property changes on: vendor/bugzilla/current/Bugzilla/.cvsignore
___________________________________________________________________
Name: svn:eol-style
+ native
_____
Added: vendor/bugzilla/current/Bugzilla/Attachment.pm
--- vendor/bugzilla/current/Bugzilla/Attachment.pm 2005-10-25
14:03:20 UTC (rev 18767)
+++ vendor/bugzilla/current/Bugzilla/Attachment.pm 2005-10-25
15:05:06 UTC (rev 18768)
@@ -0,0 +1,108 @@
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Netscape Communications
+# Corporation. Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): Terry Weissman <terry(a)mozilla.org>
+# Myk Melez <myk(a)mozilla.org>
+
+#######################################################################
#####
+# Module Initialization
+#######################################################################
#####
+
+use strict;
+
+package Bugzilla::Attachment;
+
+# This module requires that its caller have said "require CGI.pl" to
import
+# relevant functions from that script and its companion globals.pl.
+
+# Use the Flag module to handle flags.
+use Bugzilla::Flag;
+
+#######################################################################
#####
+# Functions
+#######################################################################
#####
+
+sub new {
+ # Returns a hash of information about the attachment with the given
ID.
+
+ my ($invocant, $id) = @_;
+ return undef if !$id;
+ my $self = { 'id' => $id };
+ my $class = ref($invocant) || $invocant;
+ bless($self, $class);
+
+ &::PushGlobalSQLState();
+ &::SendSQL("SELECT 1, description, bug_id, isprivate FROM
attachments " .
+ "WHERE attach_id = $id");
+ ($self->{'exists'},
+ $self->{'summary'},
+ $self->{'bug_id'},
+ $self->{'isprivate'}) = &::FetchSQLData();
+ &::PopGlobalSQLState();
+
+ return $self;
+}
+
+sub query
+{
+ # Retrieves and returns an array of attachment records for a given
bug.
+ # This data should be given to attachment/list.atml in an
+ # "attachments" variable.
+ my ($bugid) = @_;
+
+ my $in_editbugs = &::UserInGroup("editbugs");
+ &::SendSQL("SELECT product_id
+ FROM bugs
+ WHERE bug_id = $bugid");
+ my $productid = &::FetchOneColumn();
+ my $caneditproduct = &::CanEditProductId($productid);
+
+ # Retrieve a list of attachments for this bug and write them into an
array
+ # of hashes in which each hash represents a single attachment.
+ &::SendSQL("
+ SELECT attach_id, DATE_FORMAT(creation_ts, '%Y.%m.%d
%H:%i'),
+ mimetype, description, ispatch, isobsolete, isprivate,
+ submitter_id, LENGTH(thedata)
+ FROM attachments WHERE bug_id = $bugid ORDER BY attach_id
+ ");
+ my @attachments = ();
+ while (&::MoreSQLData()) {
+ my %a;
+ my $submitter_id;
+ ($a{'attachid'}, $a{'date'}, $a{'contenttype'},
$a{'description'},
+ $a{'ispatch'}, $a{'isobsolete'}, $a{'isprivate'},
$submitter_id,
+ $a{'datasize'}) = &::FetchSQLData();
+
+ # Retrieve a list of flags for this attachment.
+ $a{'flags'} = Bugzilla::Flag::match({ 'attach_id' =>
$a{'attachid'},
+ 'is_active' => 1 });
+
+ # We will display the edit link if the user can edit the
attachment;
+ # ie the are the submitter, or they have canedit.
+ # Also show the link if the user is not logged in - in that cae,
+ # They'll be prompted later
+ $a{'canedit'} = ($::userid == 0 || (($submitter_id == $::userid ||
+ $in_editbugs) && $caneditproduct));
+ push @attachments, \%a;
+ }
+
+ return \@attachments;
+}
+
+1;
Property changes on: vendor/bugzilla/current/Bugzilla/Attachment.pm
___________________________________________________________________
Name: svn:eol-style
+ native
_____
Added: vendor/bugzilla/current/Bugzilla/Auth/CGI.pm
--- vendor/bugzilla/current/Bugzilla/Auth/CGI.pm 2005-10-25
14:03:20 UTC (rev 18767)
+++ vendor/bugzilla/current/Bugzilla/Auth/CGI.pm 2005-10-25
15:05:06 UTC (rev 18768)
@@ -0,0 +1,247 @@
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Netscape Communications
+# Corporation. Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): Terry Weissman <terry(a)mozilla.org>
+# Dan Mosedale <dmose(a)mozilla.org>
+# Joe Robins <jmrobins(a)tgix.com>
+# Dave Miller <justdave(a)syndicomm.com>
+# Christopher Aillon <christopher(a)aillon.com>
+# Gervase Markham <gerv(a)gerv.net>
+# Christian Reis <kiko(a)async.com.br>
+# Bradley Baetz <bbaetz(a)acm.org>
+
+package Bugzilla::Auth::CGI;
+
+use strict;
+
+use Bugzilla::Config;
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Util;
+
+sub login {
+ my ($class, $type) = @_;
+
+ # 'NORMAL' logins depend on the 'requirelogin' param
+ if ($type == LOGIN_NORMAL) {
+ $type = Param('requirelogin') ? LOGIN_REQUIRED :
LOGIN_OPTIONAL;
+ }
+
+ my $cgi = Bugzilla->cgi;
+
+ # First, try the actual login method against form variables
+ my $username = $cgi->param("Bugzilla_login");
+ my $passwd = $cgi->param("Bugzilla_password");
+
+ $cgi->delete('Bugzilla_login', 'Bugzilla_password');
+
+ my $authmethod = Param("loginmethod");
+ my ($authres, $userid, $extra, $info) =
+ Bugzilla::Auth->authenticate($username, $passwd);
+
+ if ($authres == AUTH_OK) {
+ # Login via username/password was correct and valid, so create
+ # and send out the login cookies
+ my $ipaddr = $cgi->remote_addr;
+ unless ($cgi->param('Bugzilla_restrictlogin') ||
+ Param('loginnetmask') == 32) {
+ $ipaddr = Bugzilla::Auth::get_netaddr($ipaddr);
+ }
+
+ # The IP address is valid, at least for comparing with itself
in a
+ # subsequent login
+ trick_taint($ipaddr);
+
+ my $dbh = Bugzilla->dbh;
+ $dbh->do("INSERT INTO logincookies (userid, ipaddr) VALUES (?,
?)",
+ undef,
+ $userid, $ipaddr);
+ my $logincookie = $dbh->selectrow_array("SELECT
LAST_INSERT_ID()");
+
+ # Remember cookie only if admin has told so
+ # or admin didn't forbid it and user told to remember.
+ if ((Param('rememberlogin') eq 'on') ||
+ ((Param('rememberlogin') ne 'off') &&
+ ($cgi->param('Bugzilla_remember') eq 'on'))) {
+ $cgi->send_cookie(-name => 'Bugzilla_login',
+ -value => $userid,
+ -expires => 'Fri, 01-Jan-2038 00:00:00
GMT');
+ $cgi->send_cookie(-name => 'Bugzilla_logincookie',
+ -value => $logincookie,
+ -expires => 'Fri, 01-Jan-2038 00:00:00
GMT');
+
+ }
+ else {
+ $cgi->send_cookie(-name => 'Bugzilla_login',
+ -value => $userid);
+ $cgi->send_cookie(-name => 'Bugzilla_logincookie',
+ -value => $logincookie);
+
+ }
+ }
+ elsif ($authres == AUTH_NODATA) {
+ # No data from the form, so try to login via cookies
+ $username = $cgi->cookie("Bugzilla_login");
+ $passwd = $cgi->cookie("Bugzilla_logincookie");
+
+ require Bugzilla::Auth::Cookie;
+ my $authmethod = "Cookie";
+
+ ($authres, $userid, $extra) =
+ Bugzilla::Auth::Cookie->authenticate($username, $passwd);
+
+ # If the data for the cookie was incorrect, then treat that as
+ # NODATA. This could occur if the user's IP changed, for
example.
+ # Give them un-loggedin access if allowed (checked below)
+ $authres = AUTH_NODATA if $authres == AUTH_LOGINFAILED;
+ }
+
+ # Now check the result
+
+ # An error may have occurred with the login mechanism
+ if ($authres == AUTH_ERROR) {
+ ThrowCodeError("auth_err",
+ { authmethod => lc($authmethod),
+ userid => $userid,
+ auth_err_tag => $extra,
+ info => $info
+ });
+ }
+
+ # We can load the page if the login was ok, or there was no data
+ # but a login wasn't required
+ if ($authres == AUTH_OK ||
+ ($authres == AUTH_NODATA && $type == LOGIN_OPTIONAL)) {
+
+ # login succeded, so we're done
+ return $userid;
+ }
+
+ # No login details were given, but we require a login if the
+ # page does
+ if ($authres == AUTH_NODATA && $type == LOGIN_REQUIRED) {
+ # Throw up the login page
+
+ print Bugzilla->cgi->header();
+
+ my $template = Bugzilla->template;
+ $template->process("account/auth/login.html.tmpl",
+ { 'target' => $cgi->url(-relative=>1),
+ 'form' => \%::FORM,
+ 'mform' => \%::MFORM,
+ 'caneditaccount' =>
Bugzilla::Auth->can_edit,
+ }
+ )
+ || ThrowTemplateError($template->error());
+
+ # This seems like as good as time as any to get rid of old
+ # crufty junk in the logincookies table. Get rid of any entry
+ # that hasn't been used in a month.
+ Bugzilla->dbh->do("DELETE FROM logincookies " .
+ "WHERE TO_DAYS(NOW()) - TO_DAYS(lastused) >
30");
+
+ exit;
+ }
+
+ # The username/password may be wrong
+ # Don't let the user know whether the username exists or whether
+ # the password was just wrong. (This makes it harder for a cracker
+ # to find account names by brute force)
+ if ($authres == AUTH_LOGINFAILED) {
+ ThrowUserError("invalid_username_or_password");
+ }
+
+ # The account may be disabled
+ if ($authres == AUTH_DISABLED) {
+ clear_browser_cookies();
+ # and throw a user error
+ ThrowUserError("account_disabled",
+ {'disabled_reason' => $extra});
+ }
+
+ # If we get here, then we've run out of options, which shouldn't
happen
+ ThrowCodeError("authres_unhandled", { authres => $authres,
+ type => $type, });
+}
+
+# Logs user out, according to the option provided; this consists of
+# removing entries from logincookies for the specified $user.
+sub logout {
+ my ($class, $user, $option) = @_;
+ my $dbh = Bugzilla->dbh;
+ $option = LOGOUT_ALL unless defined $option;
+
+ if ($option == LOGOUT_ALL) {
+ $dbh->do("DELETE FROM logincookies WHERE userid = ?",
+ undef, $user->id);
+ return;
+ }
+
+ # The LOGOUT_*_CURRENT options require a cookie
+ my $cookie = Bugzilla->cgi->cookie("Bugzilla_logincookie");
+ detaint_natural($cookie);
+
+ # These queries use both the cookie ID and the user ID as keys.
Even
+ # though we know the userid must match, we still check it in the
SQL
+ # as a sanity check, since there is no locking here, and if the
user
+ # logged out from two machines simultaneously, while someone else
+ # logged in and got the same cookie, we could be logging the other
+ # user out here. Yes, this is very very very unlikely, but why take
+ # chances? - bbaetz
+ if ($option == LOGOUT_KEEP_CURRENT) {
+ $dbh->do("DELETE FROM logincookies WHERE cookie != ? AND userid
= ?",
+ undef, $cookie, $user->id);
+ } elsif ($option == LOGOUT_CURRENT) {
+ $dbh->do("DELETE FROM logincookies WHERE cookie = ? AND userid
= ?",
+ undef, $cookie, $user->id);
+ } else {
+ die("Invalid option $option supplied to logout()");
+ }
+}
+
+sub clear_browser_cookies {
+ my $cgi = Bugzilla->cgi;
+ $cgi->remove_cookie('Bugzilla_login');
+ $cgi->remove_cookie('Bugzilla_logincookie');
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+Bugzilla::Auth::CGI - CGI-based logins for Bugzilla
+
+=head1 SUMMARY
+
+This is a L<login module|Bugzilla::Auth/"LOGIN"> for Bugzilla. Users
connecting
+from a CGI script use this module to authenticate. Logouts are also
handled here.
+
+=head1 BEHAVIOUR
+
+Users are first authenticated against the default authentication
handler,
+using the CGI parameters I<Bugzilla_login> and I<Bugzilla_password>.
+
+If no data is present for that, then cookies are tried, using
+L<Bugzilla::Auth::Cookie>.
+
+=head1 SEE ALSO
+
+L<Bugzilla::Auth>
Property changes on: vendor/bugzilla/current/Bugzilla/Auth/CGI.pm
___________________________________________________________________
Name: svn:eol-style
+ native
_____
Added: vendor/bugzilla/current/Bugzilla/Auth/Cookie.pm
--- vendor/bugzilla/current/Bugzilla/Auth/Cookie.pm 2005-10-25
14:03:20 UTC (rev 18767)
+++ vendor/bugzilla/current/Bugzilla/Auth/Cookie.pm 2005-10-25
15:05:06 UTC (rev 18768)
@@ -0,0 +1,113 @@
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Netscape Communications
+# Corporation. Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): Terry Weissman <terry(a)mozilla.org>
+# Dan Mosedale <dmose(a)mozilla.org>
+# Joe Robins <jmrobins(a)tgix.com>
+# Dave Miller <justdave(a)syndicomm.com>
+# Christopher Aillon <christopher(a)aillon.com>
+# Gervase Markham <gerv(a)gerv.net>
+# Christian Reis <kiko(a)async.com.br>
+# Bradley Baetz <bbaetz(a)acm.org>
+
+package Bugzilla::Auth::Cookie;
+
+use strict;
+
+use Bugzilla::Auth;
+use Bugzilla::Config;
+use Bugzilla::Constants;
+use Bugzilla::Util;
+
+sub authenticate {
+ my ($class, $login, $login_cookie) = @_;
+
+ return (AUTH_NODATA) unless defined $login && defined
$login_cookie;
+
+ my $cgi = Bugzilla->cgi;
+
+ my $ipaddr = $cgi->remote_addr();
+ my $netaddr = Bugzilla::Auth::get_netaddr($ipaddr);
+
+ # Anything goes for these params - they're just strings which
+ # we're going to verify against the db
+ trick_taint($login);
+ trick_taint($login_cookie);
+ trick_taint($ipaddr);
+
+ my $query = "SELECT profiles.userid, profiles.disabledtext " .
+ "FROM logincookies, profiles " .
+ "WHERE logincookies.cookie=? AND " .
+ " logincookies.userid=profiles.userid AND " .
+ " logincookies.userid=? AND " .
+ " (logincookies.ipaddr=?";
+ my @params = ($login_cookie, $login, $ipaddr);
+ if (defined $netaddr) {
+ trick_taint($netaddr);
+ $query .= " OR logincookies.ipaddr=?";
+ push(@params, $netaddr);
+ }
+ $query .= ")";
+
+ my $dbh = Bugzilla->dbh;
+ my ($userid, $disabledtext) = $dbh->selectrow_array($query, undef,
@params);
+
+ return (AUTH_DISABLED, $userid, $disabledtext)
+ if ($disabledtext);
+
+ if ($userid) {
+ # If we logged in successfully, then update the lastused time
on the
+ # login cookie
+ $dbh->do("UPDATE logincookies SET lastused=NULL WHERE
cookie=?",
+ undef,
+ $login_cookie);
+
+ return (AUTH_OK, $userid);
+ }
+
+ # If we get here, then the login failed.
+ return (AUTH_LOGINFAILED);
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+Bugzilla::Cookie - cookie authentication for Bugzilla
+
+=head1 SUMMARY
+
+This is an L<authentication module|Bugzilla::Auth/"AUTHENTICATION"> for
+Bugzilla, which logs the user in using a persistent cookie stored in
the
+C<logincookies> table.
+
+The actual password is not stored in the cookie; only the userid and a
+I<logincookie> (which is used to reverify the login without requiring
the
+password to be sent over the network) are. These I<logincookies> are
+restricted to certain IP addresses as a security meaure. The exact
+restriction can be specified by the admin via the C<loginnetmask>
parameter.
+
+This module does not ever send a cookie (It has no way of knowing when
a user
+is successfully logged in). Instead L<Bugzilla::Auth::CGI> handles
this.
+
+=head1 SEE ALSO
+
+L<Bugzilla::Auth>, L<Bugzilla::Auth::CGI>
Property changes on: vendor/bugzilla/current/Bugzilla/Auth/Cookie.pm
___________________________________________________________________
Name: svn:eol-style
+ native
_____
Added: vendor/bugzilla/current/Bugzilla/Auth/DB.pm
--- vendor/bugzilla/current/Bugzilla/Auth/DB.pm 2005-10-25 14:03:20 UTC
(rev 18767)
+++ vendor/bugzilla/current/Bugzilla/Auth/DB.pm 2005-10-25 15:05:06 UTC
(rev 18768)
@@ -0,0 +1,124 @@
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Netscape Communications
+# Corporation. Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): Terry Weissman <terry(a)mozilla.org>
+# Dan Mosedale <dmose(a)mozilla.org>
+# Joe Robins <jmrobins(a)tgix.com>
+# Dave Miller <justdave(a)syndicomm.com>
+# Christopher Aillon <christopher(a)aillon.com>
+# Gervase Markham <gerv(a)gerv.net>
+# Christian Reis <kiko(a)async.com.br>
+# Bradley Baetz <bbaetz(a)acm.org>
+
+package Bugzilla::Auth::DB;
+
+use strict;
+
+use Bugzilla::Config;
+use Bugzilla::Constants;
+use Bugzilla::Util;
+
+sub authenticate {
+ my ($class, $username, $passwd) = @_;
+
+ return (AUTH_NODATA) unless defined $username && defined $passwd;
+
+ # We're just testing against the db: any value is ok
+ trick_taint($username);
+
+ my $userid = $class->get_id_from_username($username);
+ return (AUTH_LOGINFAILED) unless defined $userid;
+
+ return (AUTH_LOGINFAILED, $userid)
+ unless $class->check_password($userid, $passwd);
+
+ # The user's credentials are okay, so delete any outstanding
+ # password tokens they may have generated.
+ require Bugzilla::Token;
+ Bugzilla::Token::DeletePasswordTokens($userid, "user_logged_in");
+
+ # Account may have been disabled
+ my $disabledtext = $class->get_disabled($userid);
+ return (AUTH_DISABLED, $userid, $disabledtext)
+ if $disabledtext ne '';
+
+ return (AUTH_OK, $userid);
+}
+
+sub can_edit { return 1; }
+
+sub get_id_from_username {
+ my ($class, $username) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $sth = $dbh->prepare_cached("SELECT userid FROM profiles " .
+ "WHERE login_name=?");
+ my ($userid) = $dbh->selectrow_array($sth, undef, $username);
+ return $userid;
+}
+
+sub get_disabled {
+ my ($class, $userid) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $sth = $dbh->prepare_cached("SELECT disabledtext FROM profiles "
.
+ "WHERE userid=?");
+ my ($text) = $dbh->selectrow_array($sth, undef, $userid);
+ return $text;
+}
+
+sub check_password {
+ my ($class, $userid, $passwd) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $sth = $dbh->prepare_cached("SELECT cryptpassword FROM profiles
" .
+ "WHERE userid=?");
+ my ($realcryptpwd) = $dbh->selectrow_array($sth, undef, $userid);
+
+ # Get the salt from the user's crypted password.
+ my $salt = $realcryptpwd;
+
+ # Using the salt, crypt the password the user entered.
+ my $enteredCryptedPassword = crypt($passwd, $salt);
+
+ return $enteredCryptedPassword eq $realcryptpwd;
+}
+
+sub change_password {
+ my ($class, $userid, $password) = @_;
+ my $dbh = Bugzilla->dbh;
+ my $cryptpassword = Crypt($password);
+ $dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?",
+ undef, $cryptpassword, $userid);
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+Bugzilla::Auth::DB - database authentication for Bugzilla
+
+=head1 SUMMARY
+
+This is an L<authentication module|Bugzilla::Auth/"AUTHENTICATION"> for
+Bugzilla, which logs the user in using the password stored in the
C<profiles>
+table. This is the most commonly used authentication module.
+
+=head1 SEE ALSO
+
+L<Bugzilla::Auth>
Property changes on: vendor/bugzilla/current/Bugzilla/Auth/DB.pm
___________________________________________________________________
Name: svn:eol-style
+ native
_____
Added: vendor/bugzilla/current/Bugzilla/Auth/LDAP.pm
--- vendor/bugzilla/current/Bugzilla/Auth/LDAP.pm 2005-10-25
14:03:20 UTC (rev 18767)
+++ vendor/bugzilla/current/Bugzilla/Auth/LDAP.pm 2005-10-25
15:05:06 UTC (rev 18768)
@@ -0,0 +1,185 @@
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Netscape Communications
+# Corporation. Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): Terry Weissman <terry(a)mozilla.org>
+# Dan Mosedale <dmose(a)mozilla.org>
+# Joe Robins <jmrobins(a)tgix.com>
+# Dave Miller <justdave(a)syndicomm.com>
+# Christopher Aillon <christopher(a)aillon.com>
+# Gervase Markham <gerv(a)gerv.net>
+# Christian Reis <kiko(a)async.com.br>
+# Bradley Baetz <bbaetz(a)acm.org>
+
+package Bugzilla::Auth::LDAP;
+
+use strict;
+
+use Bugzilla::Config;
+use Bugzilla::Constants;
+
+use Net::LDAP;
+
+sub authenticate {
+ my ($class, $username, $passwd) = @_;
+
+ # If no password was provided, then fail the authentication.
+ # While it may be valid to not have an LDAP password, when you
+ # bind without a password (regardless of the binddn value), you
+ # will get an anonymous bind. I do not know of a way to determine
+ # whether a bind is anonymous or not without making changes to the
+ # LDAP access control settings
+ return (AUTH_NODATA) unless $username && $passwd;
+
+ # We need to bind anonymously to the LDAP server. This is
+ # because we need to get the Distinguished Name of the user trying
+ # to log in. Some servers (such as iPlanet) allow you to have
unique
+ # uids spread out over a subtree of an area (such as "People"), so
+ # just appending the Base DN to the uid isn't sufficient to get the
+ # user's DN. For servers which don't work this way, there will
still
+ # be no harm done.
+ my $LDAPserver = Param("LDAPserver");
+ if ($LDAPserver eq "") {
+ return (AUTH_ERROR, undef, "server_not_defined");
+ }
+
+ my $LDAPport = "389"; # default LDAP port
+ if($LDAPserver =~ /:/) {
+ ($LDAPserver, $LDAPport) = split(":",$LDAPserver);
+ }
+ my $LDAPconn = Net::LDAP->new($LDAPserver, port => $LDAPport,
version => 3);
+ if(!$LDAPconn) {
+ return (AUTH_ERROR, undef, "connect_failed");
+ }
+
+ my $mesg;
+ if (Param("LDAPbinddn")) {
+ my ($LDAPbinddn,$LDAPbindpass) =
split(":",Param("LDAPbinddn"));
+ $mesg = $LDAPconn->bind($LDAPbinddn, password =>
$LDAPbindpass);
+ }
+ else {
+ $mesg = $LDAPconn->bind();
+ }
+ if($mesg->code) {
+ return (AUTH_ERROR, undef,
+ "connect_failed",
+ { errstr => $mesg->error });
+ }
+
+ # We've got our anonymous bind; let's look up this user.
+ $mesg = $LDAPconn->search( base => Param("LDAPBaseDN"),
+ scope => "sub",
+ filter => '(&(' .
Param("LDAPuidattribute") . "=$username)" .
Param("LDAPfilter") . ')',
+ attrs => ['dn'],
+ );
+ return (AUTH_LOGINFAILED, undef, "lookup_failure")
+ unless $mesg->count;
+
+ # Now we get the DN from this search.
+ my $userDN = $mesg->shift_entry->dn;
+
+ # Now we attempt to bind as the specified user.
+ $mesg = $LDAPconn->bind( $userDN, password => $passwd);
+
+ return (AUTH_LOGINFAILED) if $mesg->code;
+
+ # And now we're going to repeat the search, so that we can get the
+ # mail attribute for this user.
+ $mesg = $LDAPconn->search( base => Param("LDAPBaseDN"),
+ scope => "sub",
+ filter => '(&(' .
Param("LDAPuidattribute") . "=$username)" .
Param("LDAPfilter") . ')',
+ );
+ my $user_entry = $mesg->shift_entry if !$mesg->code &&
$mesg->count;
+ if(!$user_entry ||
!$user_entry->exists(Param("LDAPmailattribute"))) {
+ return (AUTH_ERROR, undef,
+ "cannot_retreive_attr",
+ { attr => Param("LDAPmailattribute") });
+ }
+
+ # get the mail attribute
+ $username = $user_entry->get_value(Param("LDAPmailattribute"));
+ # OK, so now we know that the user is valid. Lets try finding them
in the
+ # Bugzilla database
+
+ # XXX - should this part be made more generic, and placed in
+ # Bugzilla::Auth? Lots of login mechanisms may have to do this,
although
+ # until we actually get some more, its hard to know - BB
+
+ my $dbh = Bugzilla->dbh;
+ my $sth = $dbh->prepare_cached("SELECT userid, disabledtext " .
+ "FROM profiles " .
+ "WHERE login_name=?");
+ my ($userid, $disabledtext) =
+ $dbh->selectrow_array($sth,
+ undef,
+ $username);
+
+ # If the user doesn't exist, then they need to be added
+ unless ($userid) {
+ # We'll want the user's name for this.
+ my $userRealName = $user_entry->get_value("displayName");
+ if($userRealName eq "") {
+ $userRealName = $user_entry->get_value("cn");
+ }
+ &::InsertNewUser($username, $userRealName);
+
+ ($userid, $disabledtext) = $dbh->selectrow_array($sth,
+ undef,
+ $username);
+ return (AUTH_ERROR, $userid, "no_userid")
+ unless $userid;
+ }
+
+ # we're done, so disconnect
+ $LDAPconn->unbind;
+
+ # Test for disabled account
+ return (AUTH_DISABLED, $userid, $disabledtext)
+ if $disabledtext ne '';
+
+ # If we get to here, then the user is allowed to login, so we're
done!
+ return (AUTH_OK, $userid);
+}
+
+sub can_edit { return 0; }
+
+1;
+
+__END__
+
+=head1 NAME
+
+Bugzilla::Auth::LDAP - LDAP based authentication for Bugzilla
+
+This is an L<authentication module|Bugzilla::Auth/"AUTHENTICATION"> for
+Bugzilla, which logs the user in using an LDAP directory.
+
+=head1 DISCLAIMER
+
+B<This module is experimental>. It is poorly documented, and not very
flexible.
+Search L<http://bugzilla.mozilla.org/> for a list of known LDAP bugs.
+
+None of the core Bugzilla developers, nor any of the large
installations, use
+this module, and so it has received less testing. (In fact, this
iteration
+hasn't been tested at all)
+
+Patches are accepted.
+
+=head1 SEE ALSO
+
+L<Bugzilla::Auth>
Property changes on: vendor/bugzilla/current/Bugzilla/Auth/LDAP.pm
___________________________________________________________________
Name: svn:eol-style
+ native
_____
Added: vendor/bugzilla/current/Bugzilla/Auth.pm
--- vendor/bugzilla/current/Bugzilla/Auth.pm 2005-10-25 14:03:20 UTC
(rev 18767)
+++ vendor/bugzilla/current/Bugzilla/Auth.pm 2005-10-25 15:05:06 UTC
(rev 18768)
@@ -0,0 +1,254 @@
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Netscape Communications
+# Corporation. Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): Bradley Baetz <bbaetz(a)acm.org>
+
+package Bugzilla::Auth;
+
+use strict;
+
+use Bugzilla::Config;
+use Bugzilla::Constants;
+
+# 'inherit' from the main loginmethod
+BEGIN {
+ my $loginmethod = Param("loginmethod");
+ if ($loginmethod =~ /^([A-Za-z0-9_\.\-]+)$/) {
+ $loginmethod = $1;
+ }
+ else {
+ die "Badly-named loginmethod '$loginmethod'";
+ }
+ require "Bugzilla/Auth/" . $loginmethod . ".pm";
+
+ our @ISA;
+ push (@ISA, "Bugzilla::Auth::" . $loginmethod);
+}
+
+# PRIVATE
+
+# Returns the network address for a given ip
+sub get_netaddr {
+ my $ipaddr = shift;
+
+ # Check for a valid IPv4 addr which we know how to parse
+ if (!$ipaddr || $ipaddr !~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
{
+ return undef;
+ }
+
+ my $addr = unpack("N", pack("CCCC", split(/\./, $ipaddr)));
+
+ my $maskbits = Param('loginnetmask');
+
+ $addr >>= (32-$maskbits);
+ $addr <<= (32-$maskbits);
+ return join(".", unpack("CCCC", pack("N", $addr)));
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+Bugzilla::Auth - Authentication handling for Bugzilla users
+
+=head1 DESCRIPTION
+
+Handles authentication for Bugzilla users.
+
+Authentication from Bugzilla involves two sets of modules. One set is
+used to obtain the data (from CGI, email, etc), and the other set uses
+this data to authenticate against the datasource (the Bugzilla DB,
LDAP,
+cookies, etc).
+
+The handlers for the various types of authentication
+(DB/LDAP/cookies/etc) provide the actual code for each specific method
+of authentication.
+
+The source modules (currently, only
+L<Bugzilla::Auth::CGI|Bugzilla::Auth::CGI>) then use those methods to
do
+the authentication.
+
+I<Bugzilla::Auth> itself inherits from the default authentication
handler,
+identified by the I<loginmethod> param.
+
+=head1 METHODS
+
+C<Bugzilla::Auth> contains several helper methods to be used by
+authentication or login modules.
+
+=over 4
+
+=item C<Bugzilla::Auth::get_netaddr($ipaddr)>
+
+Given an ip address, this returns the associated network address, using
+C<Param('loginnetmask')> as the netmask. This can be used to obtain
data
+in order to restrict weak authentication methods (such as cookies) to
+only some addresses.
+
+=back
+
+=head1 AUTHENTICATION
+
+Authentication modules check a user's credentials (username, password,
+etc) to verify who the user is.
+
+=head2 METHODS
+
+=over 4
+
+=item C<authenticate($username, $pass)>
+
+This method is passed a username and a password, and returns a list
+containing up to four return values, depending on the results of the
+authentication.
+
+The first return value is one of the status codes defined in
+L<Bugzilla::Constants|Bugzilla::Constants> and described below. The
+rest of the return values are status code-specific and are explained in
+the status code descriptions.
+
+=over 4
+
+=item C<AUTH_OK>
+
+Authentication succeeded. The second variable is the userid of the new
+user.
+
+=item C<AUTH_NODATA>
+
+Insufficient login data was provided by the user. This may happen in
several
+cases, such as cookie authentication when the cookie is not present.
+
+=item C<AUTH_ERROR>
+
+An error occurred when trying to use the login mechanism. The second
return
+value may contain the Bugzilla userid, but will probably be C<undef>,
+signifiying that the userid is unknown. The third value is a tag
describing
+the error used by the authentication error templates to print a
description
+to the user. The optional fourth argument is a hashref of values used
as part
+of the tag's error descriptions.
+
+This error template must have a name/location of
+I<account/auth/C<lc(authentication-type)>-error.html.tmpl>.
+
+=item C<AUTH_LOGINFAILED>
+
+An incorrect username or password was given. Note that for security
reasons,
+both cases return the same error code. However, in the case of a valid
+username, the second argument may be the userid. The authentication
[truncated at 1000 lines; 163053 more skipped]