From 638df94f88fb4d401258feb26cc6511167d1d72e Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 17 Nov 2009 08:48:16 -0800 Subject: [PATCH 1/3] Need to check the Profile rather than the User. --- classes/Notice.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/Notice.php b/classes/Notice.php index 1db431f2a7..ebb5022b99 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -207,7 +207,7 @@ class Notice extends Memcached_DataObject # Sandboxed are non-false, but not 1, either - if (!$user->hasRight(Right::PUBLICNOTICE) || + if (!$profile->hasRight(Right::PUBLICNOTICE) || ($source && $autosource && in_array($source, $autosource))) { $notice->is_local = Notice::LOCAL_NONPUBLIC; } else { From 3d6a55a49f298b83d4f0cdfe2f14ea201f45a565 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 17 Nov 2009 09:07:44 -0800 Subject: [PATCH 2/3] Fix ticket 1816: Database errors recorded as "Array" PEAR error backtrace lines are now correctly formatted as strings in debug log, roughly as debug_print_backtrace() does (but with argument values swapped out for types to avoid being overly verbose). Todo: exceptions and PEAR error objects should log backtraces the same way; right now it doesn't look like exceptions get backtraces logged. Todo: At one line per line, it's potentially tough to figure out what backtrace goes with what event if traffic is heavy; even if not heavy it's awkward to jump back into a log file after grepping to find the backtrace. Consider using a random per-event ID which can go in the log output -- bonus points for exposing the error ID to users so ops can track down actual error details in logs from a user report. --- index.php | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/index.php b/index.php index 577b491ed0..997ee6197f 100644 --- a/index.php +++ b/index.php @@ -76,11 +76,16 @@ function handleError($error) if (common_config('site', 'logdebug')) { $logmsg .= " : ". $error->getDebugInfo(); } + // DB queries often end up with a lot of newlines; merge to a single line + // for easier grepability... + $logmsg = str_replace("\n", " ", $logmsg); common_log(LOG_ERR, $logmsg); + + // @fixme backtrace output should be consistent with exception handling if (common_config('site', 'logdebug')) { $bt = $error->getBacktrace(); - foreach ($bt as $line) { - common_log(LOG_ERR, $line); + foreach ($bt as $n => $line) { + common_log(LOG_ERR, formatBacktraceLine($n, $line)); } } if ($error instanceof DB_DataObject_Error @@ -109,6 +114,38 @@ function handleError($error) exit(-1); } +/** + * Format a backtrace line for debug output roughly like debug_print_backtrace() does. + * Exceptions already have this built in, but PEAR error objects just give us the array. + * + * @param int $n line number + * @param array $line per-frame array item from debug_backtrace() + * @return string + */ +function formatBacktraceLine($n, $line) +{ + $out = "#$n "; + if (isset($line['class'])) $out .= $line['class']; + if (isset($line['type'])) $out .= $line['type']; + if (isset($line['function'])) $out .= $line['function']; + $out .= '('; + if (isset($line['args'])) { + $args = array(); + foreach ($line['args'] as $arg) { + // debug_print_backtrace seems to use var_export + // but this gets *very* verbose! + $args[] = gettype($arg); + } + $out .= implode(',', $args); + } + $out .= ')'; + $out .= ' called at ['; + if (isset($line['file'])) $out .= $line['file']; + if (isset($line['line'])) $out .= ':' . $line['line']; + $out .= ']'; + return $out; +} + function checkMirror($action_obj, $args) { global $config; From 4ff2d37b10977f77fe3e627f93176657a45270bb Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Tue, 17 Nov 2009 13:00:45 -0500 Subject: [PATCH 3/3] Reformatted for 80 character width, and clarified the username/nickname attribute difference --- plugins/LdapAuthentication/README | 63 +++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 20 deletions(-) diff --git a/plugins/LdapAuthentication/README b/plugins/LdapAuthentication/README index b10a1eb930..dc3f4ba884 100644 --- a/plugins/LdapAuthentication/README +++ b/plugins/LdapAuthentication/README @@ -1,42 +1,63 @@ -The LDAP Authentication plugin allows for StatusNet to handle authentication through LDAP. +The LDAP Authentication plugin allows for StatusNet to handle authentication +through LDAP. Installation ============ -add "addPlugin('ldapAuthentication', array('setting'=>'value', 'setting2'=>'value2', ...);" to the bottom of your config.php +add "addPlugin('ldapAuthentication', + array('setting'=>'value', 'setting2'=>'value2', ...);" +to the bottom of your config.php Settings ======== provider_name*: a unique name for this authentication provider. -authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check any other plugins or the internal password database). -autoregistration (false): Set to true if users should be automatically created when they attempt to login. -email_changeable (true): Are users allowed to change their email address? (true or false) -password_changeable (true): Are users allowed to change their passwords? (true or false) +authoritative (false): Set to true if LDAP's responses are authoritative + (if authorative and LDAP fails, no other password checking will be done). +autoregistration (false): Set to true if users should be automatically created + when they attempt to login. +email_changeable (true): Are users allowed to change their email address? + (true or false) +password_changeable (true): Are users allowed to change their passwords? + (true or false) -host*: LDAP server name to connect to. You can provide several hosts in an array in which case the hosts are tried from left to right.. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -port: Port on the server. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -version: LDAP version. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -starttls: TLS is started after connecting. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -binddn: The distinguished name to bind as (username). See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -bindpw: Password for the binddn. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -basedn*: LDAP base name (root directory). See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +host*: LDAP server name to connect to. You can provide several hosts in an + array in which case the hosts are tried from left to right. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +port: Port on the server. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +version: LDAP version. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +starttls: TLS is started after connecting. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +binddn: The distinguished name to bind as (username). + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +bindpw: Password for the binddn. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +basedn*: LDAP base name (root directory). + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -filter: Default search filter. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +filter: Default search filter. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php +scope: Default search scope. + See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php -attributes: an array with the key being the StatusNet user attribute name, and the value the LDAP attribute name - username* - nickname* +attributes: an array that relates StatusNet user attributes to LDAP ones + username*: LDAP attribute value entered when authenticating to StatusNet + nickname*: LDAP attribute value shown as the user's nickname email fullname homepage location - + * required default values are in (parenthesis) +For most LDAP installations, the "nickname" and "username" attributes should + be the same. + Example ======= -Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory. +Here's an example of an LDAP plugin configuration that connects to + Microsoft Active Directory. addPlugin('ldapAuthentication', array( 'provider_name'=>'Example', @@ -47,7 +68,9 @@ addPlugin('ldapAuthentication', array( 'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc', 'host'=>array('server1', 'server2'), 'attributes'=>array( + 'username'=>'sAMAccountName', 'nickname'=>'sAMAccountName', 'email'=>'mail', 'fullname'=>'displayName') )); +