Updated server info

This commit is contained in:
Deon George 2023-02-19 20:25:32 +11:00
parent 4f9accbadf
commit 491f04cd5d
8 changed files with 199 additions and 96 deletions

View File

@ -2,20 +2,24 @@
namespace App\Classes\LDAP; namespace App\Classes\LDAP;
use Illuminate\Support\Collection;
/** /**
* Represents an attribute of an LDAP Object * Represents an attribute of an LDAP Object
*/ */
class Attribute class Attribute
{ {
# Attribute Name // Attribute Name
public string $name; protected string $name;
/* /*
# Source of this attribute definition # Source of this attribute definition
protected $source; protected $source;
*/ */
# Current and Old Values // Current and Old Values
protected array $values; protected Collection $values;
/* /*
protected $oldvalues = array(); protected $oldvalues = array();
@ -76,9 +80,10 @@ class Attribute
protected $postvalue = array(); protected $postvalue = array();
*/ */
public function __construct(string $name,array $values) { public function __construct(string $name,array $values)
{
$this->name = $name; $this->name = $name;
$this->values = $values; $this->values = collect($values);
/* /*
# Should this attribute be hidden # Should this attribute be hidden
@ -102,7 +107,7 @@ class Attribute
*/ */
public function __toString(): string public function __toString(): string
{ {
return join('<br>',$this->values); return $this->values->join('<br>');
} }
/** /**

View File

@ -20,7 +20,11 @@ class Factory
* Map of attributes to appropriate class * Map of attributes to appropriate class
*/ */
public const map = [ public const map = [
'jpegphoto'=>Attribute\Binary\JpegPhoto::class, 'jpegphoto' => Binary\JpegPhoto::class,
'supportedcontrol' => OID::class,
'supportedextension' => OID::class,
'supportedfeatures' => OID::class,
'supportedsaslmechanisms' => Mechanisms::class,
]; ];
/** /**

View File

@ -0,0 +1,80 @@
<?php
namespace App\Classes\LDAP\Attribute;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Cache;
use App\Classes\LDAP\Attribute;
/**
* Represents an attribute whose values are binary
*/
class Mechanisms extends Attribute
{
public function __toString(): string
{
return $this->values
->transform(function($item) {
$format = sprintf('<abbr class="pb-1" title="%s"><i class="fas fa-book pr-2"></i>%s</abbr>%s<p class="mb-0">%s</p>',
$item,
static::get($item,'title'),
($x=static::get($item,'ref')) ? sprintf('<abbr class="pl-2" title="%s"><i class="fas fa-comment-dots"></i></abbr>',$x) : '',
static::get($item,'desc'),
);
return $format;
})->join('<br>');
}
/**
* Given an SASL Mechanism name, returns a verbose description of the Mechanism.
* This function parses ldap_supported_saslmechanisms.txt and looks up the specified
* Mechanism, and returns the verbose message defined in that file.
*
* <code>
* "SCRAM-SHA-1" => array:3 [
* "title" => "Salted Challenge Response Authentication Mechanism (SCRAM) SHA1"
* "ref" => "RFC 5802"
* "desc" => "This specification describes a family of authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM) which addresses the req ▶"
* ]
* </code>
*
* @param string $string The SASL Mechanism (ie, "SCRAM-SHA-1") of interest.
* @param string $key The title|ref|desc to return
* @return string|NULL
*/
private static function get(string $string,string $key): ?string
{
$array = Cache::remember('saslmechanisms',86400,function() {
try {
$f = fopen(config_path('ldap_supported_saslmechanisms.txt'),'r');
} catch (\Exception $e) {
return NULL;
}
$result = collect();
while (! feof($f)) {
$line = trim(fgets($f));
if (! $line OR preg_match('/^#/',$line))
continue;
$fields = explode(':',$line);
$result->put($x=Arr::get($fields,0),[
'title'=>Arr::get($fields,1,$x),
'ref'=>Arr::get($fields,2),
'desc'=>Arr::get($fields,3,__('No description available, can you help with one?')),
]);
}
fclose($f);
return $result;
});
return Arr::get(($array ? $array->get($string) : []),$key);
}
}

View File

@ -0,0 +1,85 @@
<?php
namespace App\Classes\LDAP\Attribute;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Cache;
use App\Classes\LDAP\Attribute;
/**
* Represents an attribute whose values are binary
*/
class OID extends Attribute
{
public function __toString(): string
{
return $this->values
->transform(function($item) {
if (preg_match('/[0-9]+\.[0-9]+\.[0-9]+/',$item)) {
$format = sprintf('<abbr class="pb-1" title="%s"><i class="fas fa-list-ol pr-2"></i>%s</abbr>%s<p class="mb-0">%s</p>',
$item,
static::get($item,'title'),
($x=static::get($item,'ref')) ? sprintf('<abbr class="pl-2" title="%s"><i class="fas fa-comment-dots"></i></abbr>',$x) : '',
static::get($item,'desc'),
);
return $format;
} else
return $item;
})->join('<br>');
}
/**
* Given an LDAP OID number, returns a verbose description of the OID.
* This function parses ldap_supported_oids.txt and looks up the specified
* OID, and returns the verbose message defined in that file.
*
* <code>
* "1.3.6.1.4.1.4203.1.5.1" => array:3 [
* [title] => All Operational Attribute
* [ref] => RFC 3673
* [desc] => An LDAP extension which clients may use to request the return of all operational attributes.
* ]
* </code>
*
* @param string $oid The OID number (ie, "1.3.6.1.4.1.4203.1.5.1") of the OID of interest.
* @param string $key The title|ref|desc to return
* @return string|null
* @testedby TranslateOidTest::testRootDSE()
*/
private static function get(string $string,string $key): ?string
{
$array = Cache::remember('oids',86400,function() {
try {
$f = fopen(config_path('ldap_supported_oids.txt'),'r');
} catch (\Exception $e) {
return NULL;
}
$result = collect();
while (! feof($f)) {
$line = trim(fgets($f));
if (! $line OR preg_match('/^#/',$line))
continue;
$fields = explode(':',$line);
$result->put($x=Arr::get($fields,0),[
'title'=>Arr::get($fields,1,$x),
'ref'=>Arr::get($fields,2),
'desc'=>Arr::get($fields,3,__('No description available, can you help with one?')),
]);
}
fclose($f);
return $result;
});
return Arr::get(($array ? $array->get($string) : []),$key);
}
}

View File

@ -255,62 +255,6 @@ class Server
->find($dn)) ? $x : NULL; ->find($dn)) ? $x : NULL;
} }
/**
* Given an LDAP OID number, returns a verbose description of the OID.
* This function parses ldap_supported_oids.txt and looks up the specified
* OID, and returns the verbose message defined in that file.
*
* <code>
* Array (
* [title] => All Operational Attribute
* [ref] => RFC 3673
* [desc] => An LDAP extension which clients may use to request the return of all operational attributes.
* )
* </code>
*
* @param string $oid The OID number (ie, "1.3.6.1.4.1.4203.1.5.1") of the OID of interest.
* @param string $key The title|ref|desc to return
* @return string|null
* @testedby TranslateOidTest::testRootDSE()
*/
public static function getOID(string $oid,string $key): ?string
{
$oids = Cache::remember('oids',86400,function() {
try {
$f = fopen(config_path('ldap_supported_oids.txt'),'r');
} catch (Exception $e) {
return NULL;
}
$result = collect();
while (! feof($f)) {
$line = trim(fgets($f));
if (! $line OR preg_match('/^#/',$line))
continue;
$fields = explode(':',$line);
$result->put(Arr::get($fields,0),[
'title'=>Arr::get($fields,1),
'ref'=>Arr::get($fields,2),
'desc'=>Arr::get($fields,3),
]);
}
fclose($f);
return $result;
});
return Arr::get(
($oids ? $oids->get($oid) : []),
$key,
($key == 'desc' ? 'No description available, can you help with one?' : ($key == 'title' ? $oid : NULL))
);
}
/** /**
* This function determines if the specified attribute is contained in the force_may list * This function determines if the specified attribute is contained in the force_may list
* as configured in config.php. * as configured in config.php.

View File

@ -1,4 +1,4 @@
# If you find some reliable and more meaningful descriptions to this OIDS, # If you find some reliable and more meaningful descriptions to these OIDS,
# then please let the phpldapadmin development know so that this file can be # then please let the phpldapadmin development know so that this file can be
# more descriptive. # more descriptive.

View File

@ -0,0 +1,16 @@
# If you find some reliable and more meaningful descriptions to these SASL Mechanisms,
# then please let the phpldapadmin development know so that this file can be
# more descriptive.
# Format
# Mechanisms:Title:RFC Ref:Detail
SCRAM-SHA-1:Salted Challenge Response Authentication Mechanism (SCRAM) SHA1:RFC 5802:This specification describes a family of authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM) which addresses the requirements necessary to deploy a challenge- response mechanism more widely than past attempts.
SCRAM-SHA-256:Salted Challenge Response Authentication Mechanism (SCRAM) SHA256:RFC 7677:The SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL mechanisms are defined in the same way that SCRAM-SHA-1 and SCRAM-SHA-1-PLUS are defined in [RFC5802], except that the hash function for HMAC() and H() uses SHA-256 instead of SHA-1 [RFC6234].
GS2-IAKERB:Initial and Pass Through Authentication Using Kerberos V5 and the GSS-API:draft-ietf-krb-wg-iakerb-02:Extends [RFC4120] and [RFC4121] such that the client can communicate with the KDC using a Generic Security Service Application Program Interface (GSS-API) [RFC2743] acceptor as the proxy.
GS2-KRB5:Family of mechanisms supports arbitrary GSS-API mechanisms in SASL::GS2 is a protocol bridge between GSS-API and SASL, and allows every GSS-API mechanism that supports mutual authentication and channel bindings to be used as a SASL mechanism. This implements Kerberos V5 authentication.
GSSAPI:Generic Security Services Application Program Interface:RFC 2744:The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services.
GSS-SPNEGO:GSS-SPNEGO security mechanism for LDAP bind requests:RFC 4178:The DC accepts the GSS-SPNEGO security mechanism for LDAP bind requests. This mechanism is documented in [RFC4178]. Active Directory supports Kerberos (see [MS-KILE]) and NTLM (see [MS-NLMP]) when using GSS-SPNEGO.
DIGEST-MD5:HTTP Digest compatible (partially) challenge-response scheme based upon MD5, offering a data security layer:RFC 2831:In Digest-MD5, the LDAP server sends data that includes various authentication options that it is willing to support plus a special token to the LDAP client. The client responds by sending an encrypted response that indicates the authentication options that it has selected. The response is encrypted in such a way that proves that the client knows its password. The LDAP server then decrypts and verifies the client's response.
OTP:One-Time Password Mechanism:RFC 2444:
CRAM-MD5:Simple challenge-response scheme based on HMAC-MD5:RFC 2195:When using the CRAM-MD5 mechanism, the LDAP server sends some data to the LDAP client. The client responds by encrypting the data with its password by using the MD5 algorithm. The LDAP server then uses the client's stored password to determine whether the client used the right password.
NTLM:MS Windows NT LAN Manager authentication mechanism:MS Proprietary:

View File

@ -1,31 +0,0 @@
<?php
namespace Tests\Unit;
use LdapRecord\Query\ObjectNotFoundException;
use Tests\TestCase;
use App\Classes\LDAP\Server;
class TranslateOidTest extends TestCase
{
/**
* A basic feature test example.
*
* @return void
* @covers \App\Classes\LDAP\Server::getOID()
* @throws ObjectNotFoundException
*/
public function testRootDse()
{
$dse = Server::rootDSE();
// Test our rootDSE returns an objectclass attribute
$this->assertIsArray($dse->objectclass);
// Test OID that exists
$this->assertStringContainsString('Subentries',Server::getOID('1.3.6.1.4.1.4203.1.10.1','title'));
// Test OID doesnt exist
$this->assertStringContainsString('9.9.9.9',Server::getOID('9.9.9.9','title'));
$this->assertNull(Server::getOID('9.9.9.9','ref'));
}
}