From 491f04cd5d77dcff873346465588db7f62baa2c2 Mon Sep 17 00:00:00 2001 From: Deon George Date: Sun, 19 Feb 2023 20:25:32 +1100 Subject: [PATCH] Updated server info --- app/Classes/LDAP/Attribute.php | 19 +++-- app/Classes/LDAP/Attribute/Factory.php | 6 +- app/Classes/LDAP/Attribute/Mechanisms.php | 80 +++++++++++++++++++++ app/Classes/LDAP/Attribute/OID.php | 85 +++++++++++++++++++++++ app/Classes/LDAP/Server.php | 56 --------------- config/ldap_supported_oids.txt | 2 +- config/ldap_supported_saslmechanisms.txt | 16 +++++ tests/Unit/TranslateOidTest.php | 31 --------- 8 files changed, 199 insertions(+), 96 deletions(-) create mode 100644 app/Classes/LDAP/Attribute/Mechanisms.php create mode 100644 app/Classes/LDAP/Attribute/OID.php create mode 100644 config/ldap_supported_saslmechanisms.txt delete mode 100644 tests/Unit/TranslateOidTest.php diff --git a/app/Classes/LDAP/Attribute.php b/app/Classes/LDAP/Attribute.php index f973d9a..370d16f 100644 --- a/app/Classes/LDAP/Attribute.php +++ b/app/Classes/LDAP/Attribute.php @@ -2,20 +2,24 @@ namespace App\Classes\LDAP; +use Illuminate\Support\Collection; + /** * Represents an attribute of an LDAP Object */ class Attribute { - # Attribute Name - public string $name; + // Attribute Name + protected string $name; + /* # Source of this attribute definition protected $source; */ - # Current and Old Values - protected array $values; + // Current and Old Values + protected Collection $values; + /* protected $oldvalues = array(); @@ -76,9 +80,10 @@ class Attribute protected $postvalue = array(); */ - public function __construct(string $name,array $values) { + public function __construct(string $name,array $values) + { $this->name = $name; - $this->values = $values; + $this->values = collect($values); /* # Should this attribute be hidden @@ -102,7 +107,7 @@ class Attribute */ public function __toString(): string { - return join('
',$this->values); + return $this->values->join('
'); } /** diff --git a/app/Classes/LDAP/Attribute/Factory.php b/app/Classes/LDAP/Attribute/Factory.php index ee96236..8d45d10 100644 --- a/app/Classes/LDAP/Attribute/Factory.php +++ b/app/Classes/LDAP/Attribute/Factory.php @@ -20,7 +20,11 @@ class Factory * Map of attributes to appropriate class */ public const map = [ - 'jpegphoto'=>Attribute\Binary\JpegPhoto::class, + 'jpegphoto' => Binary\JpegPhoto::class, + 'supportedcontrol' => OID::class, + 'supportedextension' => OID::class, + 'supportedfeatures' => OID::class, + 'supportedsaslmechanisms' => Mechanisms::class, ]; /** diff --git a/app/Classes/LDAP/Attribute/Mechanisms.php b/app/Classes/LDAP/Attribute/Mechanisms.php new file mode 100644 index 0000000..099af52 --- /dev/null +++ b/app/Classes/LDAP/Attribute/Mechanisms.php @@ -0,0 +1,80 @@ +values + ->transform(function($item) { + $format = sprintf('%s%s

%s

', + $item, + static::get($item,'title'), + ($x=static::get($item,'ref')) ? sprintf('',$x) : '', + static::get($item,'desc'), + ); + + return $format; + })->join('
'); + } + + /** + * Given an SASL Mechanism name, returns a verbose description of the Mechanism. + * This function parses ldap_supported_saslmechanisms.txt and looks up the specified + * Mechanism, and returns the verbose message defined in that file. + * + * + * "SCRAM-SHA-1" => array:3 [▼ + * "title" => "Salted Challenge Response Authentication Mechanism (SCRAM) SHA1" + * "ref" => "RFC 5802" + * "desc" => "This specification describes a family of authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM) which addresses the req ▶" + * ] + * + * + * @param string $string The SASL Mechanism (ie, "SCRAM-SHA-1") of interest. + * @param string $key The title|ref|desc to return + * @return string|NULL + */ + private static function get(string $string,string $key): ?string + { + $array = Cache::remember('saslmechanisms',86400,function() { + try { + $f = fopen(config_path('ldap_supported_saslmechanisms.txt'),'r'); + + } catch (\Exception $e) { + return NULL; + } + + $result = collect(); + + while (! feof($f)) { + $line = trim(fgets($f)); + + if (! $line OR preg_match('/^#/',$line)) + continue; + + $fields = explode(':',$line); + + $result->put($x=Arr::get($fields,0),[ + 'title'=>Arr::get($fields,1,$x), + 'ref'=>Arr::get($fields,2), + 'desc'=>Arr::get($fields,3,__('No description available, can you help with one?')), + ]); + } + fclose($f); + + return $result; + }); + + return Arr::get(($array ? $array->get($string) : []),$key); + } +} \ No newline at end of file diff --git a/app/Classes/LDAP/Attribute/OID.php b/app/Classes/LDAP/Attribute/OID.php new file mode 100644 index 0000000..6adb410 --- /dev/null +++ b/app/Classes/LDAP/Attribute/OID.php @@ -0,0 +1,85 @@ +values + ->transform(function($item) { + if (preg_match('/[0-9]+\.[0-9]+\.[0-9]+/',$item)) { + $format = sprintf('%s%s

%s

', + $item, + static::get($item,'title'), + ($x=static::get($item,'ref')) ? sprintf('',$x) : '', + static::get($item,'desc'), + ); + + return $format; + + } else + return $item; + })->join('
'); + } + + /** + * Given an LDAP OID number, returns a verbose description of the OID. + * This function parses ldap_supported_oids.txt and looks up the specified + * OID, and returns the verbose message defined in that file. + * + * + * "1.3.6.1.4.1.4203.1.5.1" => array:3 [ + * [title] => All Operational Attribute + * [ref] => RFC 3673 + * [desc] => An LDAP extension which clients may use to request the return of all operational attributes. + * ] + * + * + * @param string $oid The OID number (ie, "1.3.6.1.4.1.4203.1.5.1") of the OID of interest. + * @param string $key The title|ref|desc to return + * @return string|null + * @testedby TranslateOidTest::testRootDSE() + */ + private static function get(string $string,string $key): ?string + { + $array = Cache::remember('oids',86400,function() { + try { + $f = fopen(config_path('ldap_supported_oids.txt'),'r'); + + } catch (\Exception $e) { + return NULL; + } + + $result = collect(); + + while (! feof($f)) { + $line = trim(fgets($f)); + + if (! $line OR preg_match('/^#/',$line)) + continue; + + $fields = explode(':',$line); + + $result->put($x=Arr::get($fields,0),[ + 'title'=>Arr::get($fields,1,$x), + 'ref'=>Arr::get($fields,2), + 'desc'=>Arr::get($fields,3,__('No description available, can you help with one?')), + ]); + } + fclose($f); + + return $result; + }); + + return Arr::get(($array ? $array->get($string) : []),$key); + } +} \ No newline at end of file diff --git a/app/Classes/LDAP/Server.php b/app/Classes/LDAP/Server.php index 3ca77b3..365017c 100644 --- a/app/Classes/LDAP/Server.php +++ b/app/Classes/LDAP/Server.php @@ -255,62 +255,6 @@ class Server ->find($dn)) ? $x : NULL; } - /** - * Given an LDAP OID number, returns a verbose description of the OID. - * This function parses ldap_supported_oids.txt and looks up the specified - * OID, and returns the verbose message defined in that file. - * - * - * Array ( - * [title] => All Operational Attribute - * [ref] => RFC 3673 - * [desc] => An LDAP extension which clients may use to request the return of all operational attributes. - * ) - * - * - * @param string $oid The OID number (ie, "1.3.6.1.4.1.4203.1.5.1") of the OID of interest. - * @param string $key The title|ref|desc to return - * @return string|null - * @testedby TranslateOidTest::testRootDSE() - */ - public static function getOID(string $oid,string $key): ?string - { - $oids = Cache::remember('oids',86400,function() { - try { - $f = fopen(config_path('ldap_supported_oids.txt'),'r'); - - } catch (Exception $e) { - return NULL; - } - - $result = collect(); - - while (! feof($f)) { - $line = trim(fgets($f)); - - if (! $line OR preg_match('/^#/',$line)) - continue; - - $fields = explode(':',$line); - - $result->put(Arr::get($fields,0),[ - 'title'=>Arr::get($fields,1), - 'ref'=>Arr::get($fields,2), - 'desc'=>Arr::get($fields,3), - ]); - } - fclose($f); - - return $result; - }); - - return Arr::get( - ($oids ? $oids->get($oid) : []), - $key, - ($key == 'desc' ? 'No description available, can you help with one?' : ($key == 'title' ? $oid : NULL)) - ); - } - /** * This function determines if the specified attribute is contained in the force_may list * as configured in config.php. diff --git a/config/ldap_supported_oids.txt b/config/ldap_supported_oids.txt index da37322..d50d433 100644 --- a/config/ldap_supported_oids.txt +++ b/config/ldap_supported_oids.txt @@ -1,4 +1,4 @@ -# If you find some reliable and more meaningful descriptions to this OIDS, +# If you find some reliable and more meaningful descriptions to these OIDS, # then please let the phpldapadmin development know so that this file can be # more descriptive. diff --git a/config/ldap_supported_saslmechanisms.txt b/config/ldap_supported_saslmechanisms.txt new file mode 100644 index 0000000..49ae335 --- /dev/null +++ b/config/ldap_supported_saslmechanisms.txt @@ -0,0 +1,16 @@ +# If you find some reliable and more meaningful descriptions to these SASL Mechanisms, +# then please let the phpldapadmin development know so that this file can be +# more descriptive. + +# Format +# Mechanisms:Title:RFC Ref:Detail +SCRAM-SHA-1:Salted Challenge Response Authentication Mechanism (SCRAM) SHA1:RFC 5802:This specification describes a family of authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM) which addresses the requirements necessary to deploy a challenge- response mechanism more widely than past attempts. +SCRAM-SHA-256:Salted Challenge Response Authentication Mechanism (SCRAM) SHA256:RFC 7677:The SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL mechanisms are defined in the same way that SCRAM-SHA-1 and SCRAM-SHA-1-PLUS are defined in [RFC5802], except that the hash function for HMAC() and H() uses SHA-256 instead of SHA-1 [RFC6234]. +GS2-IAKERB:Initial and Pass Through Authentication Using Kerberos V5 and the GSS-API:draft-ietf-krb-wg-iakerb-02:Extends [RFC4120] and [RFC4121] such that the client can communicate with the KDC using a Generic Security Service Application Program Interface (GSS-API) [RFC2743] acceptor as the proxy. +GS2-KRB5:Family of mechanisms supports arbitrary GSS-API mechanisms in SASL::GS2 is a protocol bridge between GSS-API and SASL, and allows every GSS-API mechanism that supports mutual authentication and channel bindings to be used as a SASL mechanism. This implements Kerberos V5 authentication. +GSSAPI:Generic Security Services Application Program Interface:RFC 2744:The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services. +GSS-SPNEGO:GSS-SPNEGO security mechanism for LDAP bind requests:RFC 4178:The DC accepts the GSS-SPNEGO security mechanism for LDAP bind requests. This mechanism is documented in [RFC4178]. Active Directory supports Kerberos (see [MS-KILE]) and NTLM (see [MS-NLMP]) when using GSS-SPNEGO. +DIGEST-MD5:HTTP Digest compatible (partially) challenge-response scheme based upon MD5, offering a data security layer:RFC 2831:In Digest-MD5, the LDAP server sends data that includes various authentication options that it is willing to support plus a special token to the LDAP client. The client responds by sending an encrypted response that indicates the authentication options that it has selected. The response is encrypted in such a way that proves that the client knows its password. The LDAP server then decrypts and verifies the client's response. +OTP:One-Time Password Mechanism:RFC 2444: +CRAM-MD5:Simple challenge-response scheme based on HMAC-MD5:RFC 2195:When using the CRAM-MD5 mechanism, the LDAP server sends some data to the LDAP client. The client responds by encrypting the data with its password by using the MD5 algorithm. The LDAP server then uses the client's stored password to determine whether the client used the right password. +NTLM:MS Windows NT LAN Manager authentication mechanism:MS Proprietary: diff --git a/tests/Unit/TranslateOidTest.php b/tests/Unit/TranslateOidTest.php deleted file mode 100644 index ef43c68..0000000 --- a/tests/Unit/TranslateOidTest.php +++ /dev/null @@ -1,31 +0,0 @@ -assertIsArray($dse->objectclass); - // Test OID that exists - $this->assertStringContainsString('Subentries',Server::getOID('1.3.6.1.4.1.4203.1.10.1','title')); - // Test OID doesnt exist - $this->assertStringContainsString('9.9.9.9',Server::getOID('9.9.9.9','title')); - $this->assertNull(Server::getOID('9.9.9.9','ref')); - } -}