Updated server info
This commit is contained in:
parent
4f9accbadf
commit
491f04cd5d
@ -2,20 +2,24 @@
|
|||||||
|
|
||||||
namespace App\Classes\LDAP;
|
namespace App\Classes\LDAP;
|
||||||
|
|
||||||
|
use Illuminate\Support\Collection;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Represents an attribute of an LDAP Object
|
* Represents an attribute of an LDAP Object
|
||||||
*/
|
*/
|
||||||
class Attribute
|
class Attribute
|
||||||
{
|
{
|
||||||
# Attribute Name
|
// Attribute Name
|
||||||
public string $name;
|
protected string $name;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
# Source of this attribute definition
|
# Source of this attribute definition
|
||||||
protected $source;
|
protected $source;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
# Current and Old Values
|
// Current and Old Values
|
||||||
protected array $values;
|
protected Collection $values;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
protected $oldvalues = array();
|
protected $oldvalues = array();
|
||||||
|
|
||||||
@ -76,9 +80,10 @@ class Attribute
|
|||||||
protected $postvalue = array();
|
protected $postvalue = array();
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public function __construct(string $name,array $values) {
|
public function __construct(string $name,array $values)
|
||||||
|
{
|
||||||
$this->name = $name;
|
$this->name = $name;
|
||||||
$this->values = $values;
|
$this->values = collect($values);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
# Should this attribute be hidden
|
# Should this attribute be hidden
|
||||||
@ -102,7 +107,7 @@ class Attribute
|
|||||||
*/
|
*/
|
||||||
public function __toString(): string
|
public function __toString(): string
|
||||||
{
|
{
|
||||||
return join('<br>',$this->values);
|
return $this->values->join('<br>');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -20,7 +20,11 @@ class Factory
|
|||||||
* Map of attributes to appropriate class
|
* Map of attributes to appropriate class
|
||||||
*/
|
*/
|
||||||
public const map = [
|
public const map = [
|
||||||
'jpegphoto'=>Attribute\Binary\JpegPhoto::class,
|
'jpegphoto' => Binary\JpegPhoto::class,
|
||||||
|
'supportedcontrol' => OID::class,
|
||||||
|
'supportedextension' => OID::class,
|
||||||
|
'supportedfeatures' => OID::class,
|
||||||
|
'supportedsaslmechanisms' => Mechanisms::class,
|
||||||
];
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
80
app/Classes/LDAP/Attribute/Mechanisms.php
Normal file
80
app/Classes/LDAP/Attribute/Mechanisms.php
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Classes\LDAP\Attribute;
|
||||||
|
|
||||||
|
use Illuminate\Support\Arr;
|
||||||
|
use Illuminate\Support\Facades\Cache;
|
||||||
|
|
||||||
|
use App\Classes\LDAP\Attribute;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents an attribute whose values are binary
|
||||||
|
*/
|
||||||
|
class Mechanisms extends Attribute
|
||||||
|
{
|
||||||
|
public function __toString(): string
|
||||||
|
{
|
||||||
|
return $this->values
|
||||||
|
->transform(function($item) {
|
||||||
|
$format = sprintf('<abbr class="pb-1" title="%s"><i class="fas fa-book pr-2"></i>%s</abbr>%s<p class="mb-0">%s</p>',
|
||||||
|
$item,
|
||||||
|
static::get($item,'title'),
|
||||||
|
($x=static::get($item,'ref')) ? sprintf('<abbr class="pl-2" title="%s"><i class="fas fa-comment-dots"></i></abbr>',$x) : '',
|
||||||
|
static::get($item,'desc'),
|
||||||
|
);
|
||||||
|
|
||||||
|
return $format;
|
||||||
|
})->join('<br>');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Given an SASL Mechanism name, returns a verbose description of the Mechanism.
|
||||||
|
* This function parses ldap_supported_saslmechanisms.txt and looks up the specified
|
||||||
|
* Mechanism, and returns the verbose message defined in that file.
|
||||||
|
*
|
||||||
|
* <code>
|
||||||
|
* "SCRAM-SHA-1" => array:3 [▼
|
||||||
|
* "title" => "Salted Challenge Response Authentication Mechanism (SCRAM) SHA1"
|
||||||
|
* "ref" => "RFC 5802"
|
||||||
|
* "desc" => "This specification describes a family of authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM) which addresses the req ▶"
|
||||||
|
* ]
|
||||||
|
* </code>
|
||||||
|
*
|
||||||
|
* @param string $string The SASL Mechanism (ie, "SCRAM-SHA-1") of interest.
|
||||||
|
* @param string $key The title|ref|desc to return
|
||||||
|
* @return string|NULL
|
||||||
|
*/
|
||||||
|
private static function get(string $string,string $key): ?string
|
||||||
|
{
|
||||||
|
$array = Cache::remember('saslmechanisms',86400,function() {
|
||||||
|
try {
|
||||||
|
$f = fopen(config_path('ldap_supported_saslmechanisms.txt'),'r');
|
||||||
|
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
$result = collect();
|
||||||
|
|
||||||
|
while (! feof($f)) {
|
||||||
|
$line = trim(fgets($f));
|
||||||
|
|
||||||
|
if (! $line OR preg_match('/^#/',$line))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
$fields = explode(':',$line);
|
||||||
|
|
||||||
|
$result->put($x=Arr::get($fields,0),[
|
||||||
|
'title'=>Arr::get($fields,1,$x),
|
||||||
|
'ref'=>Arr::get($fields,2),
|
||||||
|
'desc'=>Arr::get($fields,3,__('No description available, can you help with one?')),
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
fclose($f);
|
||||||
|
|
||||||
|
return $result;
|
||||||
|
});
|
||||||
|
|
||||||
|
return Arr::get(($array ? $array->get($string) : []),$key);
|
||||||
|
}
|
||||||
|
}
|
85
app/Classes/LDAP/Attribute/OID.php
Normal file
85
app/Classes/LDAP/Attribute/OID.php
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Classes\LDAP\Attribute;
|
||||||
|
|
||||||
|
use Illuminate\Support\Arr;
|
||||||
|
use Illuminate\Support\Facades\Cache;
|
||||||
|
|
||||||
|
use App\Classes\LDAP\Attribute;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents an attribute whose values are binary
|
||||||
|
*/
|
||||||
|
class OID extends Attribute
|
||||||
|
{
|
||||||
|
public function __toString(): string
|
||||||
|
{
|
||||||
|
return $this->values
|
||||||
|
->transform(function($item) {
|
||||||
|
if (preg_match('/[0-9]+\.[0-9]+\.[0-9]+/',$item)) {
|
||||||
|
$format = sprintf('<abbr class="pb-1" title="%s"><i class="fas fa-list-ol pr-2"></i>%s</abbr>%s<p class="mb-0">%s</p>',
|
||||||
|
$item,
|
||||||
|
static::get($item,'title'),
|
||||||
|
($x=static::get($item,'ref')) ? sprintf('<abbr class="pl-2" title="%s"><i class="fas fa-comment-dots"></i></abbr>',$x) : '',
|
||||||
|
static::get($item,'desc'),
|
||||||
|
);
|
||||||
|
|
||||||
|
return $format;
|
||||||
|
|
||||||
|
} else
|
||||||
|
return $item;
|
||||||
|
})->join('<br>');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Given an LDAP OID number, returns a verbose description of the OID.
|
||||||
|
* This function parses ldap_supported_oids.txt and looks up the specified
|
||||||
|
* OID, and returns the verbose message defined in that file.
|
||||||
|
*
|
||||||
|
* <code>
|
||||||
|
* "1.3.6.1.4.1.4203.1.5.1" => array:3 [
|
||||||
|
* [title] => All Operational Attribute
|
||||||
|
* [ref] => RFC 3673
|
||||||
|
* [desc] => An LDAP extension which clients may use to request the return of all operational attributes.
|
||||||
|
* ]
|
||||||
|
* </code>
|
||||||
|
*
|
||||||
|
* @param string $oid The OID number (ie, "1.3.6.1.4.1.4203.1.5.1") of the OID of interest.
|
||||||
|
* @param string $key The title|ref|desc to return
|
||||||
|
* @return string|null
|
||||||
|
* @testedby TranslateOidTest::testRootDSE()
|
||||||
|
*/
|
||||||
|
private static function get(string $string,string $key): ?string
|
||||||
|
{
|
||||||
|
$array = Cache::remember('oids',86400,function() {
|
||||||
|
try {
|
||||||
|
$f = fopen(config_path('ldap_supported_oids.txt'),'r');
|
||||||
|
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
$result = collect();
|
||||||
|
|
||||||
|
while (! feof($f)) {
|
||||||
|
$line = trim(fgets($f));
|
||||||
|
|
||||||
|
if (! $line OR preg_match('/^#/',$line))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
$fields = explode(':',$line);
|
||||||
|
|
||||||
|
$result->put($x=Arr::get($fields,0),[
|
||||||
|
'title'=>Arr::get($fields,1,$x),
|
||||||
|
'ref'=>Arr::get($fields,2),
|
||||||
|
'desc'=>Arr::get($fields,3,__('No description available, can you help with one?')),
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
fclose($f);
|
||||||
|
|
||||||
|
return $result;
|
||||||
|
});
|
||||||
|
|
||||||
|
return Arr::get(($array ? $array->get($string) : []),$key);
|
||||||
|
}
|
||||||
|
}
|
@ -255,62 +255,6 @@ class Server
|
|||||||
->find($dn)) ? $x : NULL;
|
->find($dn)) ? $x : NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Given an LDAP OID number, returns a verbose description of the OID.
|
|
||||||
* This function parses ldap_supported_oids.txt and looks up the specified
|
|
||||||
* OID, and returns the verbose message defined in that file.
|
|
||||||
*
|
|
||||||
* <code>
|
|
||||||
* Array (
|
|
||||||
* [title] => All Operational Attribute
|
|
||||||
* [ref] => RFC 3673
|
|
||||||
* [desc] => An LDAP extension which clients may use to request the return of all operational attributes.
|
|
||||||
* )
|
|
||||||
* </code>
|
|
||||||
*
|
|
||||||
* @param string $oid The OID number (ie, "1.3.6.1.4.1.4203.1.5.1") of the OID of interest.
|
|
||||||
* @param string $key The title|ref|desc to return
|
|
||||||
* @return string|null
|
|
||||||
* @testedby TranslateOidTest::testRootDSE()
|
|
||||||
*/
|
|
||||||
public static function getOID(string $oid,string $key): ?string
|
|
||||||
{
|
|
||||||
$oids = Cache::remember('oids',86400,function() {
|
|
||||||
try {
|
|
||||||
$f = fopen(config_path('ldap_supported_oids.txt'),'r');
|
|
||||||
|
|
||||||
} catch (Exception $e) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
$result = collect();
|
|
||||||
|
|
||||||
while (! feof($f)) {
|
|
||||||
$line = trim(fgets($f));
|
|
||||||
|
|
||||||
if (! $line OR preg_match('/^#/',$line))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
$fields = explode(':',$line);
|
|
||||||
|
|
||||||
$result->put(Arr::get($fields,0),[
|
|
||||||
'title'=>Arr::get($fields,1),
|
|
||||||
'ref'=>Arr::get($fields,2),
|
|
||||||
'desc'=>Arr::get($fields,3),
|
|
||||||
]);
|
|
||||||
}
|
|
||||||
fclose($f);
|
|
||||||
|
|
||||||
return $result;
|
|
||||||
});
|
|
||||||
|
|
||||||
return Arr::get(
|
|
||||||
($oids ? $oids->get($oid) : []),
|
|
||||||
$key,
|
|
||||||
($key == 'desc' ? 'No description available, can you help with one?' : ($key == 'title' ? $oid : NULL))
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This function determines if the specified attribute is contained in the force_may list
|
* This function determines if the specified attribute is contained in the force_may list
|
||||||
* as configured in config.php.
|
* as configured in config.php.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# If you find some reliable and more meaningful descriptions to this OIDS,
|
# If you find some reliable and more meaningful descriptions to these OIDS,
|
||||||
# then please let the phpldapadmin development know so that this file can be
|
# then please let the phpldapadmin development know so that this file can be
|
||||||
# more descriptive.
|
# more descriptive.
|
||||||
|
|
||||||
|
16
config/ldap_supported_saslmechanisms.txt
Normal file
16
config/ldap_supported_saslmechanisms.txt
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# If you find some reliable and more meaningful descriptions to these SASL Mechanisms,
|
||||||
|
# then please let the phpldapadmin development know so that this file can be
|
||||||
|
# more descriptive.
|
||||||
|
|
||||||
|
# Format
|
||||||
|
# Mechanisms:Title:RFC Ref:Detail
|
||||||
|
SCRAM-SHA-1:Salted Challenge Response Authentication Mechanism (SCRAM) SHA1:RFC 5802:This specification describes a family of authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM) which addresses the requirements necessary to deploy a challenge- response mechanism more widely than past attempts.
|
||||||
|
SCRAM-SHA-256:Salted Challenge Response Authentication Mechanism (SCRAM) SHA256:RFC 7677:The SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL mechanisms are defined in the same way that SCRAM-SHA-1 and SCRAM-SHA-1-PLUS are defined in [RFC5802], except that the hash function for HMAC() and H() uses SHA-256 instead of SHA-1 [RFC6234].
|
||||||
|
GS2-IAKERB:Initial and Pass Through Authentication Using Kerberos V5 and the GSS-API:draft-ietf-krb-wg-iakerb-02:Extends [RFC4120] and [RFC4121] such that the client can communicate with the KDC using a Generic Security Service Application Program Interface (GSS-API) [RFC2743] acceptor as the proxy.
|
||||||
|
GS2-KRB5:Family of mechanisms supports arbitrary GSS-API mechanisms in SASL::GS2 is a protocol bridge between GSS-API and SASL, and allows every GSS-API mechanism that supports mutual authentication and channel bindings to be used as a SASL mechanism. This implements Kerberos V5 authentication.
|
||||||
|
GSSAPI:Generic Security Services Application Program Interface:RFC 2744:The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services.
|
||||||
|
GSS-SPNEGO:GSS-SPNEGO security mechanism for LDAP bind requests:RFC 4178:The DC accepts the GSS-SPNEGO security mechanism for LDAP bind requests. This mechanism is documented in [RFC4178]. Active Directory supports Kerberos (see [MS-KILE]) and NTLM (see [MS-NLMP]) when using GSS-SPNEGO.
|
||||||
|
DIGEST-MD5:HTTP Digest compatible (partially) challenge-response scheme based upon MD5, offering a data security layer:RFC 2831:In Digest-MD5, the LDAP server sends data that includes various authentication options that it is willing to support plus a special token to the LDAP client. The client responds by sending an encrypted response that indicates the authentication options that it has selected. The response is encrypted in such a way that proves that the client knows its password. The LDAP server then decrypts and verifies the client's response.
|
||||||
|
OTP:One-Time Password Mechanism:RFC 2444:
|
||||||
|
CRAM-MD5:Simple challenge-response scheme based on HMAC-MD5:RFC 2195:When using the CRAM-MD5 mechanism, the LDAP server sends some data to the LDAP client. The client responds by encrypting the data with its password by using the MD5 algorithm. The LDAP server then uses the client's stored password to determine whether the client used the right password.
|
||||||
|
NTLM:MS Windows NT LAN Manager authentication mechanism:MS Proprietary:
|
@ -1,31 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
namespace Tests\Unit;
|
|
||||||
|
|
||||||
use LdapRecord\Query\ObjectNotFoundException;
|
|
||||||
use Tests\TestCase;
|
|
||||||
|
|
||||||
use App\Classes\LDAP\Server;
|
|
||||||
|
|
||||||
class TranslateOidTest extends TestCase
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* A basic feature test example.
|
|
||||||
*
|
|
||||||
* @return void
|
|
||||||
* @covers \App\Classes\LDAP\Server::getOID()
|
|
||||||
* @throws ObjectNotFoundException
|
|
||||||
*/
|
|
||||||
public function testRootDse()
|
|
||||||
{
|
|
||||||
$dse = Server::rootDSE();
|
|
||||||
|
|
||||||
// Test our rootDSE returns an objectclass attribute
|
|
||||||
$this->assertIsArray($dse->objectclass);
|
|
||||||
// Test OID that exists
|
|
||||||
$this->assertStringContainsString('Subentries',Server::getOID('1.3.6.1.4.1.4203.1.10.1','title'));
|
|
||||||
// Test OID doesnt exist
|
|
||||||
$this->assertStringContainsString('9.9.9.9',Server::getOID('9.9.9.9','title'));
|
|
||||||
$this->assertNull(Server::getOID('9.9.9.9','ref'));
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user