uawdijnntqw1x1x1
IP : 216.73.216.84
Hostname : webm003.cluster107.gra.hosting.ovh.net
Kernel : Linux webm003.cluster107.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Disable Function : _dyuweyrj4,_dyuweyrj4r,dl
OS : Linux
PATH:
/
home
/
opticamezl
/
www
/
newok
/
.
/
images
/
..
/
modules
/
..
/
includes
/
..
/
authentication.tar
/
/
index.html000060400000000037151664163570006553 0ustar00<!DOCTYPE html><title></title> cookie/index.html000060400000000037151664163570010024 0ustar00<!DOCTYPE html><title></title> cookie/services/provider.php000064400000002654151664163570012230 0ustar00<?php /** * @package Joomla.Plugin * @subpackage Authentication.cookie * * @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ defined('_JEXEC') or die; use Joomla\CMS\Extension\PluginInterface; use Joomla\CMS\Factory; use Joomla\CMS\Plugin\PluginHelper; use Joomla\Database\DatabaseInterface; use Joomla\DI\Container; use Joomla\DI\ServiceProviderInterface; use Joomla\Event\DispatcherInterface; use Joomla\Plugin\Authentication\Cookie\Extension\Cookie; return new class () implements ServiceProviderInterface { /** * Registers the service provider with a DI container. * * @param Container $container The DI container. * * @return void * * @since 4.3.0 */ public function register(Container $container) { $container->set( PluginInterface::class, function (Container $container) { $dispatcher = $container->get(DispatcherInterface::class); $plugin = new Cookie( $dispatcher, (array) PluginHelper::getPlugin('authentication', 'cookie') ); $plugin->setApplication(Factory::getApplication()); $plugin->setDatabase($container->get(DatabaseInterface::class)); return $plugin; } ); } }; cookie/cookie.xml000064400000003023151664163570010024 0ustar00<?xml version="1.0" encoding="UTF-8"?> <extension type="plugin" group="authentication" method="upgrade"> <name>plg_authentication_cookie</name> <author>Joomla! Project</author> <creationDate>2013-07</creationDate> <copyright>(C) 2013 Open Source Matters, Inc.</copyright> <license>GNU General Public License version 2 or later; see LICENSE.txt</license> <authorEmail>admin@joomla.org</authorEmail> <authorUrl>www.joomla.org</authorUrl> <version>3.0.0</version> <description>PLG_AUTHENTICATION_COOKIE_XML_DESCRIPTION</description> <namespace path="src">Joomla\Plugin\Authentication\Cookie</namespace> <files> <folder plugin="cookie">services</folder> <folder>src</folder> </files> <languages> <language tag="en-GB">language/en-GB/plg_authentication_cookie.ini</language> <language tag="en-GB">language/en-GB/plg_authentication_cookie.sys.ini</language> </languages> <config> <fields name="params"> <fieldset name="basic"> <field name="cookie_lifetime" type="number" label="PLG_AUTHENTICATION_COOKIE_FIELD_COOKIE_LIFETIME_LABEL" default="60" filter="integer" required="true" /> <field name="key_length" type="list" label="PLG_AUTHENTICATION_COOKIE_FIELD_KEY_LENGTH_LABEL" default="16" filter="integer" required="true" validate="options" > <option value="8">8</option> <option value="16">16</option> <option value="32">32</option> <option value="64">64</option> </field> </fieldset> </fields> </config> </extension> cookie/src/Extension/Cookie.php000064400000034066151664163570012531 0ustar00<?php /** * @package Joomla.Plugin * @subpackage Authentication.cookie * * @copyright (C) 2013 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Plugin\Authentication\Cookie\Extension; use Joomla\CMS\Authentication\Authentication; use Joomla\CMS\Filter\InputFilter; use Joomla\CMS\Language\Text; use Joomla\CMS\Log\Log; use Joomla\CMS\Plugin\CMSPlugin; use Joomla\CMS\User\User; use Joomla\CMS\User\UserHelper; use Joomla\Database\DatabaseAwareTrait; // phpcs:disable PSR1.Files.SideEffects \defined('_JEXEC') or die; // phpcs:enable PSR1.Files.SideEffects /** * Joomla Authentication plugin * * @since 3.2 * @note Code based on http://jaspan.com/improved_persistent_login_cookie_best_practice * and http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/ */ final class Cookie extends CMSPlugin { use DatabaseAwareTrait; /** * Reports the privacy related capabilities for this plugin to site administrators. * * @return array * * @since 3.9.0 */ public function onPrivacyCollectAdminCapabilities() { $this->loadLanguage(); return [ $this->getApplication()->getLanguage()->_('PLG_AUTHENTICATION_COOKIE') => [ $this->getApplication()->getLanguage()->_('PLG_AUTHENTICATION_COOKIE_PRIVACY_CAPABILITY_COOKIE'), ], ]; } /** * This method should handle any authentication and report back to the subject * * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * @param object &$response Authentication response object * * @return boolean * * @since 3.2 */ public function onUserAuthenticate($credentials, $options, &$response) { $app = $this->getApplication(); // No remember me for admin if ($app->isClient('administrator')) { return false; } // Get cookie $cookieName = 'joomla_remember_me_' . UserHelper::getShortHashedUserAgent(); $cookieValue = $app->getInput()->cookie->get($cookieName); // Try with old cookieName (pre 3.6.0) if not found if (!$cookieValue) { $cookieName = UserHelper::getShortHashedUserAgent(); $cookieValue = $app->getInput()->cookie->get($cookieName); } if (!$cookieValue) { return false; } $cookieArray = explode('.', $cookieValue); // Check for valid cookie value if (count($cookieArray) !== 2) { // Destroy the cookie in the browser. $app->getInput()->cookie->set($cookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', '')); Log::add('Invalid cookie detected.', Log::WARNING, 'error'); return false; } $response->type = 'Cookie'; // Filter series since we're going to use it in the query $filter = new InputFilter(); $series = $filter->clean($cookieArray[1], 'ALNUM'); $now = time(); // Remove expired tokens $db = $this->getDatabase(); $query = $db->getQuery(true) ->delete($db->quoteName('#__user_keys')) ->where($db->quoteName('time') . ' < :now') ->bind(':now', $now); try { $db->setQuery($query)->execute(); } catch (\RuntimeException $e) { // We aren't concerned with errors from this query, carry on } // Find the matching record if it exists. $query = $db->getQuery(true) ->select($db->quoteName(['user_id', 'token', 'series', 'time'])) ->from($db->quoteName('#__user_keys')) ->where($db->quoteName('series') . ' = :series') ->where($db->quoteName('uastring') . ' = :uastring') ->order($db->quoteName('time') . ' DESC') ->bind(':series', $series) ->bind(':uastring', $cookieName); try { $results = $db->setQuery($query)->loadObjectList(); } catch (\RuntimeException $e) { $response->status = Authentication::STATUS_FAILURE; return false; } if (count($results) !== 1) { // Destroy the cookie in the browser. $app->getInput()->cookie->set($cookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', '')); $response->status = Authentication::STATUS_FAILURE; return false; } // We have a user with one cookie with a valid series and a corresponding record in the database. if (!UserHelper::verifyPassword($cookieArray[0], $results[0]->token)) { /* * This is a real attack! * Either the series was guessed correctly or a cookie was stolen and used twice (once by attacker and once by victim). * Delete all tokens for this user! */ $query = $db->getQuery(true) ->delete($db->quoteName('#__user_keys')) ->where($db->quoteName('user_id') . ' = :userid') ->bind(':userid', $results[0]->user_id); try { $db->setQuery($query)->execute(); } catch (\RuntimeException $e) { // Log an alert for the site admin Log::add( sprintf('Failed to delete cookie token for user %s with the following error: %s', $results[0]->user_id, $e->getMessage()), Log::WARNING, 'security' ); } // Destroy the cookie in the browser. $app->getInput()->cookie->set($cookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', '')); // Issue warning by email to user and/or admin? Log::add(Text::sprintf('PLG_AUTHENTICATION_COOKIE_ERROR_LOG_LOGIN_FAILED', $results[0]->user_id), Log::WARNING, 'security'); $response->status = Authentication::STATUS_FAILURE; return false; } // Make sure there really is a user with this name and get the data for the session. $query = $db->getQuery(true) ->select($db->quoteName(['id', 'username', 'password'])) ->from($db->quoteName('#__users')) ->where($db->quoteName('username') . ' = :userid') ->where($db->quoteName('requireReset') . ' = 0') ->bind(':userid', $results[0]->user_id); try { $result = $db->setQuery($query)->loadObject(); } catch (\RuntimeException $e) { $response->status = Authentication::STATUS_FAILURE; return false; } if ($result) { // Bring this in line with the rest of the system $user = User::getInstance($result->id); // Set response data. $response->username = $result->username; $response->email = $user->email; $response->fullname = $user->name; $response->password = $result->password; $response->language = $user->getParam('language'); // Set response status. $response->status = Authentication::STATUS_SUCCESS; $response->error_message = ''; } else { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $app->getLanguage()->_('JGLOBAL_AUTH_NO_USER'); } } /** * We set the authentication cookie only after login is successfully finished. * We set a new cookie either for a user with no cookies or one * where the user used a cookie to authenticate. * * @param array $options Array holding options * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogin($options) { $app = $this->getApplication(); // No remember me for admin if ($app->isClient('administrator')) { return false; } $db = $this->getDatabase(); if (isset($options['responseType']) && $options['responseType'] === 'Cookie') { // Logged in using a cookie $cookieName = 'joomla_remember_me_' . UserHelper::getShortHashedUserAgent(); // We need the old data to get the existing series $cookieValue = $app->getInput()->cookie->get($cookieName); // Try with old cookieName (pre 3.6.0) if not found if (!$cookieValue) { $oldCookieName = UserHelper::getShortHashedUserAgent(); $cookieValue = $app->getInput()->cookie->get($oldCookieName); // Destroy the old cookie in the browser $app->getInput()->cookie->set($oldCookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', '')); } $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new InputFilter(); $series = $filter->clean($cookieArray[1], 'ALNUM'); } elseif (!empty($options['remember'])) { // Remember checkbox is set $cookieName = 'joomla_remember_me_' . UserHelper::getShortHashedUserAgent(); // Create a unique series which will be used over the lifespan of the cookie $unique = false; $errorCount = 0; do { $series = UserHelper::genRandomPassword(20); $query = $db->getQuery(true) ->select($db->quoteName('series')) ->from($db->quoteName('#__user_keys')) ->where($db->quoteName('series') . ' = :series') ->bind(':series', $series); try { $results = $db->setQuery($query)->loadResult(); if ($results === null) { $unique = true; } } catch (\RuntimeException $e) { $errorCount++; // We'll let this query fail up to 5 times before giving up, there's probably a bigger issue at this point if ($errorCount === 5) { return false; } } } while ($unique === false); } else { return false; } // Get the parameter values $lifetime = $this->params->get('cookie_lifetime', 60) * 24 * 60 * 60; $length = $this->params->get('key_length', 16); // Generate new cookie $token = UserHelper::genRandomPassword($length); $cookieValue = $token . '.' . $series; // Overwrite existing cookie with new value $app->getInput()->cookie->set( $cookieName, $cookieValue, time() + $lifetime, $app->get('cookie_path', '/'), $app->get('cookie_domain', ''), $app->isHttpsForced(), true ); $query = $db->getQuery(true); if (!empty($options['remember'])) { $future = (time() + $lifetime); // Create new record $query ->insert($db->quoteName('#__user_keys')) ->set($db->quoteName('user_id') . ' = :userid') ->set($db->quoteName('series') . ' = :series') ->set($db->quoteName('uastring') . ' = :uastring') ->set($db->quoteName('time') . ' = :time') ->bind(':userid', $options['user']->username) ->bind(':series', $series) ->bind(':uastring', $cookieName) ->bind(':time', $future); } else { // Update existing record with new token $query ->update($db->quoteName('#__user_keys')) ->where($db->quoteName('user_id') . ' = :userid') ->where($db->quoteName('series') . ' = :series') ->where($db->quoteName('uastring') . ' = :uastring') ->bind(':userid', $options['user']->username) ->bind(':series', $series) ->bind(':uastring', $cookieName); } $hashedToken = UserHelper::hashPassword($token); $query->set($db->quoteName('token') . ' = :token') ->bind(':token', $hashedToken); try { $db->setQuery($query)->execute(); } catch (\RuntimeException $e) { return false; } return true; } /** * This is where we delete any authentication cookie when a user logs out * * @param array $options Array holding options (length, timeToExpiration) * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogout($options) { $app = $this->getApplication(); // No remember me for admin if ($app->isClient('administrator')) { return false; } $cookieName = 'joomla_remember_me_' . UserHelper::getShortHashedUserAgent(); $cookieValue = $app->getInput()->cookie->get($cookieName); // There are no cookies to delete. if (!$cookieValue) { return true; } $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new InputFilter(); $series = $filter->clean($cookieArray[1], 'ALNUM'); // Remove the record from the database $db = $this->getDatabase(); $query = $db->getQuery(true) ->delete($db->quoteName('#__user_keys')) ->where($db->quoteName('series') . ' = :series') ->bind(':series', $series); try { $db->setQuery($query)->execute(); } catch (\RuntimeException $e) { // We aren't concerned with errors from this query, carry on } // Destroy the cookie $app->getInput()->cookie->set($cookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', '')); return true; } } joomla/src/Extension/Joomla.php000064400000007577151664163570012560 0ustar00<?php /** * @package Joomla.Plugin * @subpackage Authentication.joomla * * @copyright (C) 2006 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Plugin\Authentication\Joomla\Extension; use Joomla\CMS\Authentication\Authentication; use Joomla\CMS\Plugin\CMSPlugin; use Joomla\CMS\User\User; use Joomla\CMS\User\UserHelper; use Joomla\Database\DatabaseAwareTrait; // phpcs:disable PSR1.Files.SideEffects \defined('_JEXEC') or die; // phpcs:enable PSR1.Files.SideEffects /** * Joomla Authentication plugin * * @since 1.5 */ final class Joomla extends CMSPlugin { use DatabaseAwareTrait; /** * This method should handle any authentication and report back to the subject * * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * @param object &$response Authentication response object * * @return void * * @since 1.5 */ public function onUserAuthenticate($credentials, $options, &$response) { $response->type = 'Joomla'; // Joomla does not like blank passwords if (empty($credentials['password'])) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED'); return; } $db = $this->getDatabase(); $query = $db->getQuery(true) ->select($db->quoteName(['id', 'password'])) ->from($db->quoteName('#__users')) ->where($db->quoteName('username') . ' = :username') ->bind(':username', $credentials['username']); $db->setQuery($query); $result = $db->loadObject(); if ($result) { $match = UserHelper::verifyPassword($credentials['password'], $result->password, $result->id); if ($match === true) { // Bring this in line with the rest of the system $user = User::getInstance($result->id); $response->email = $user->email; $response->fullname = $user->name; // Set default status response to success $_status = Authentication::STATUS_SUCCESS; $_errorMessage = ''; if ($this->getApplication()->isClient('administrator')) { $response->language = $user->getParam('admin_language'); } else { $response->language = $user->getParam('language'); if ($this->getApplication()->get('offline') && !$user->authorise('core.login.offline')) { // User do not have access in offline mode $_status = Authentication::STATUS_FAILURE; $_errorMessage = $this->getApplication()->getLanguage()->_('JLIB_LOGIN_DENIED'); } } $response->status = $_status; $response->error_message = $_errorMessage; } else { // Invalid password $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_INVALID_PASS'); } } else { // Let's hash the entered password even if we don't have a matching user for some extra response time // By doing so, we mitigate side channel user enumeration attacks UserHelper::hashPassword($credentials['password']); // Invalid user $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_NO_USER'); } } } joomla/joomla.xml000064400000001604151664163570010047 0ustar00<?xml version="1.0" encoding="UTF-8"?> <extension type="plugin" group="authentication" method="upgrade"> <name>plg_authentication_joomla</name> <author>Joomla! Project</author> <creationDate>2005-11</creationDate> <copyright>(C) 2005 Open Source Matters, Inc.</copyright> <license>GNU General Public License version 2 or later; see LICENSE.txt</license> <authorEmail>admin@joomla.org</authorEmail> <authorUrl>www.joomla.org</authorUrl> <version>3.0.0</version> <description>PLG_AUTHENTICATION_JOOMLA_XML_DESCRIPTION</description> <namespace path="src">Joomla\Plugin\Authentication\Joomla</namespace> <files> <folder plugin="joomla">services</folder> <folder>src</folder> </files> <languages> <language tag="en-GB">language/en-GB/plg_authentication_joomla.ini</language> <language tag="en-GB">language/en-GB/plg_authentication_joomla.sys.ini</language> </languages> </extension> joomla/index.html000060400000000037151664163570010034 0ustar00<!DOCTYPE html><title></title> joomla/services/provider.php000064400000002654151664163570012240 0ustar00<?php /** * @package Joomla.Plugin * @subpackage Authentication.joomla * * @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ defined('_JEXEC') or die; use Joomla\CMS\Extension\PluginInterface; use Joomla\CMS\Factory; use Joomla\CMS\Plugin\PluginHelper; use Joomla\Database\DatabaseInterface; use Joomla\DI\Container; use Joomla\DI\ServiceProviderInterface; use Joomla\Event\DispatcherInterface; use Joomla\Plugin\Authentication\Joomla\Extension\Joomla; return new class () implements ServiceProviderInterface { /** * Registers the service provider with a DI container. * * @param Container $container The DI container. * * @return void * * @since 4.3.0 */ public function register(Container $container) { $container->set( PluginInterface::class, function (Container $container) { $dispatcher = $container->get(DispatcherInterface::class); $plugin = new Joomla( $dispatcher, (array) PluginHelper::getPlugin('authentication', 'joomla') ); $plugin->setApplication(Factory::getApplication()); $plugin->setDatabase($container->get(DatabaseInterface::class)); return $plugin; } ); } }; ldap/ldap.xml000064400000011006151664163570007142 0ustar00<?xml version="1.0" encoding="UTF-8"?> <extension type="plugin" group="authentication" method="upgrade"> <name>plg_authentication_ldap</name> <author>Joomla! Project</author> <creationDate>2005-11</creationDate> <copyright>(C) 2005 Open Source Matters, Inc.</copyright> <license>GNU General Public License version 2 or later; see LICENSE.txt</license> <authorEmail>admin@joomla.org</authorEmail> <authorUrl>www.joomla.org</authorUrl> <version>3.0.0</version> <description>PLG_LDAP_XML_DESCRIPTION</description> <namespace path="src">Joomla\Plugin\Authentication\Ldap</namespace> <files> <folder plugin="ldap">services</folder> <folder>src</folder> </files> <languages> <language tag="en-GB">language/en-GB/plg_authentication_ldap.ini</language> <language tag="en-GB">language/en-GB/plg_authentication_ldap.sys.ini</language> </languages> <config> <fields name="params"> <fieldset name="basic"> <field name="host" type="text" label="PLG_LDAP_FIELD_HOST_LABEL" required="true" /> <field name="port" type="number" label="PLG_LDAP_FIELD_PORT_LABEL" min="1" max="65535" default="389" hint="389" validate="number" filter="integer" /> <field name="use_ldapV3" type="radio" layout="joomla.form.field.radio.switcher" label="PLG_LDAP_FIELD_V3_LABEL" default="1" filter="integer" > <option value="0">JNO</option> <option value="1">JYES</option> </field> <field name="encryption" type="list" label="PLG_LDAP_FIELD_ENCRYPTION_LABEL" default="none" validate="options" > <option value="none">PLG_LDAP_FIELD_VALUE_ENCRYPTIONNONE</option> <option value="tls">PLG_LDAP_FIELD_VALUE_ENCRYPTIONTLS</option> <option value="ssl">PLG_LDAP_FIELD_VALUE_ENCRYPTIONSSL</option> </field> <field name="ignore_reqcert_tls" type="radio" label="PLG_LDAP_FIELD_IGNORE_REQCERT_TLS_LABEL" layout="joomla.form.field.radio.switcher" default="1" filter="boolean" showon="encryption!:none" > <option value="0">JNO</option> <option value="1">JYES</option> </field> <field name="cacert" type="text" label="PLG_LDAP_FIELD_CACERT_LABEL" description="PLG_LDAP_FIELD_CACERT_DESC" required="false" showon="encryption!:none[AND]ignore_reqcert_tls:0" /> <field name="no_referrals" type="radio" label="PLG_LDAP_FIELD_REFERRALS_LABEL" default="0" filter="integer" layout="joomla.form.field.radio.switcher" > <option value="0">JNO</option> <option value="1">JYES</option> </field> <field name="auth_method" type="list" label="PLG_LDAP_FIELD_AUTHMETHOD_LABEL" default="bind" validate="options" > <option value="search">PLG_LDAP_FIELD_VALUE_BINDSEARCH</option> <option value="bind">PLG_LDAP_FIELD_VALUE_BINDUSER</option> </field> <field name="base_dn" type="text" label="PLG_LDAP_FIELD_BASEDN_LABEL" required="true" /> <field name="search_string" type="text" label="PLG_LDAP_FIELD_SEARCHSTRING_LABEL" description="PLG_LDAP_FIELD_SEARCHSTRING_DESC" required="true" /> <field name="users_dn" type="text" label="PLG_LDAP_FIELD_USERSDN_LABEL" description="PLG_LDAP_FIELD_USERSDN_DESC" /> <field name="username" type="text" label="PLG_LDAP_FIELD_USERNAME_LABEL" description="PLG_LDAP_FIELD_USERNAME_DESC" /> <field name="password" type="password" label="PLG_LDAP_FIELD_PASSWORD_LABEL" description="PLG_LDAP_FIELD_PASSWORD_DESC" /> <field name="ldap_fullname" type="text" label="PLG_LDAP_FIELD_FULLNAME_LABEL" description="PLG_LDAP_FIELD_FULLNAME_DESC" default="fullName" /> <field name="ldap_email" type="text" label="PLG_LDAP_FIELD_EMAIL_LABEL" description="PLG_LDAP_FIELD_EMAIL_DESC" default="mail" /> <field name="ldap_uid" type="text" label="PLG_LDAP_FIELD_UID_LABEL" description="PLG_LDAP_FIELD_UID_DESC" default="uid" /> <field name="ldap_debug" type="radio" label="PLG_LDAP_FIELD_LDAPDEBUG_LABEL" description="PLG_LDAP_FIELD_LDAPDEBUG_DESC" default="0" filter="integer" layout="joomla.form.field.radio.switcher" > <option value="0">JNO</option> <option value="1">JYES</option> </field> </fieldset> </fields> </config> </extension> ldap/index.html000060400000000037151664163570007473 0ustar00<!DOCTYPE html><title></title> ldap/services/provider.php000064400000002614151664163570011673 0ustar00<?php /** * @package Joomla.Plugin * @subpackage Authentication.ldap * * @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ defined('_JEXEC') or die; use Joomla\CMS\Extension\PluginInterface; use Joomla\CMS\Factory; use Joomla\CMS\Plugin\PluginHelper; use Joomla\DI\Container; use Joomla\DI\ServiceProviderInterface; use Joomla\Event\DispatcherInterface; use Joomla\Plugin\Authentication\Ldap\Extension\Ldap; use Joomla\Plugin\Authentication\Ldap\Factory\LdapFactory; return new class () implements ServiceProviderInterface { /** * Registers the service provider with a DI container. * * @param Container $container The DI container. * * @return void * * @since 4.3.0 */ public function register(Container $container) { $container->set( PluginInterface::class, function (Container $container) { $dispatcher = $container->get(DispatcherInterface::class); $plugin = new Ldap( new LdapFactory(), $dispatcher, (array) PluginHelper::getPlugin('authentication', 'ldap') ); $plugin->setApplication(Factory::getApplication()); return $plugin; } ); } }; ldap/src/Factory/LdapFactory.php000064400000001646151664163570012630 0ustar00<?php /** * Joomla! Content Management System * * @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Plugin\Authentication\Ldap\Factory; use Symfony\Component\Ldap\Ldap; use Symfony\Component\Ldap\LdapInterface; // phpcs:disable PSR1.Files.SideEffects \defined('_JEXEC') or die; // phpcs:enable PSR1.Files.SideEffects /** * Factory to create Ldap clients. * * @since 4.3.0 */ class LdapFactory implements LdapFactoryInterface { /** * Method to load and return an Ldap client. * * @param array $config The configuration array for the ldap client * * @return LdapInterface * * @since 4.3.0 * * @throws \Exception */ public function createLdap(array $config): LdapInterface { return Ldap::create('ext_ldap', $config); } } ldap/src/Factory/LdapFactoryInterface.php000064400000001456151664163570014450 0ustar00<?php /** * Joomla! Content Management System * * @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Plugin\Authentication\Ldap\Factory; use Symfony\Component\Ldap\LdapInterface; // phpcs:disable PSR1.Files.SideEffects \defined('_JEXEC') or die; // phpcs:enable PSR1.Files.SideEffects /** * Factory to create Ldap clients. * * @since 4.3.0 */ interface LdapFactoryInterface { /** * Method to load and return an Ldap client. * * @param array $config The configuration array for the ldap client * * @return LdapInterface * * @since 4.3.0 * @throws \Exception */ public function createLdap(array $config): LdapInterface; } ldap/src/Extension/Ldap.php000064400000032216151664163570011642 0ustar00<?php /** * @package Joomla.Plugin * @subpackage Authentication.ldap * * @copyright (C) 2006 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Plugin\Authentication\Ldap\Extension; use Joomla\CMS\Authentication\Authentication; use Joomla\CMS\Log\Log; use Joomla\CMS\Plugin\CMSPlugin; use Joomla\Event\Dispatcher; use Joomla\Plugin\Authentication\Ldap\Factory\LdapFactoryInterface; use Symfony\Component\Ldap\Entry; use Symfony\Component\Ldap\Exception\ConnectionException; use Symfony\Component\Ldap\Exception\LdapException; use Symfony\Component\Ldap\LdapInterface; // phpcs:disable PSR1.Files.SideEffects \defined('_JEXEC') or die; // phpcs:enable PSR1.Files.SideEffects /** * LDAP Authentication Plugin * * @since 1.5 */ final class Ldap extends CMSPlugin { /** * The ldap factory * * @var LdapFactoryInterface * @since 4.3.0 */ private $factory; /** * Constructor * * @param LdapFactoryInterface $factory The Ldap factory * @param DispatcherInterface $dispatcher The object to observe * @param array $config An optional associative array of configuration settings. * Recognized key values include 'name', 'group', 'params', 'language' * (this list is not meant to be comprehensive). * * @since 4.3.0 */ public function __construct(LdapFactoryInterface $factory, Dispatcher $dispatcher, $config = []) { parent::__construct($dispatcher, $config); $this->factory = $factory; } /** * This method should handle any authentication and report back to the subject * * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * @param object &$response Authentication response object * * @return boolean * * @since 1.5 */ public function onUserAuthenticate($credentials, $options, &$response) { // If LDAP not correctly configured then bail early. if (!$this->params->get('host', '')) { return false; } // For JLog $logcategory = 'ldap'; $response->type = $logcategory; // Strip null bytes from the password $credentials['password'] = str_replace(chr(0), '', $credentials['password']); // LDAP does not like Blank passwords (tries to Anon Bind which is bad) if (empty($credentials['password'])) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED'); return false; } // Load plugin params info $ldap_email = $this->params->get('ldap_email', ''); $ldap_fullname = $this->params->get('ldap_fullname', ''); $ldap_uid = $this->params->get('ldap_uid', ''); $auth_method = $this->params->get('auth_method', ''); // Load certificate info $ignore_reqcert_tls = (bool) $this->params->get('ignore_reqcert_tls', '1'); $cacert = $this->params->get('cacert', ''); // getting certificate file and certificate directory options (both need to be set) if (!$ignore_reqcert_tls && !empty($cacert)) { if (is_dir($cacert)) { $cacertdir = $cacert; $cacertfile = ""; } elseif (is_file($cacert)) { $cacertfile = $cacert; $cacertdir = dirname($cacert); } else { $cacertfile = $cacert; $cacertdir = $cacert; Log::add(sprintf('Certificate path for LDAP client is neither an existing file nor directory: "%s"', $cacert), Log::ERROR, $logcategory); } } else { Log::add(sprintf('Not setting any LDAP TLS CA certificate options because %s, system wide settings are used', $ignore_reqcert_tls ? "certificate is ignored" : "no certificate location is configured"), Log::DEBUG, $logcategory); } $options = [ 'host' => $this->params->get('host', ''), 'port' => (int) $this->params->get('port', ''), 'version' => $this->params->get('use_ldapV3', '1') == '1' ? 3 : 2, 'referrals' => (bool) $this->params->get('no_referrals', '0'), 'encryption' => $this->params->get('encryption', 'none'), 'debug' => (bool) $this->params->get('ldap_debug', '0'), 'options' => [ 'x_tls_require_cert' => $ignore_reqcert_tls ? LDAP_OPT_X_TLS_NEVER : LDAP_OPT_X_TLS_DEMAND, ], ]; // if these are not set, the system defaults are used if (isset($cacertdir) && isset($cacertfile)) { $options['options']['x_tls_cacertdir'] = $cacertdir; $options['options']['x_tls_cacertfile'] = $cacertfile; } Log::add(sprintf('Creating LDAP session with options: %s', json_encode($options)), Log::DEBUG, $logcategory); $connection_string = sprintf('ldap%s://%s:%s', 'ssl' === $options['encryption'] ? 's' : '', $options['host'], $options['port']); Log::add(sprintf('Creating LDAP session to connect to "%s" while binding', $connection_string), Log::DEBUG, $logcategory); $ldap = $this->factory->createLdap($options); switch ($auth_method) { case 'search': try { $dn = $this->params->get('username', ''); Log::add(sprintf('Binding to LDAP server with administrative dn "%s" and given administrative password (anonymous if user dn is blank)', $dn), Log::DEBUG, $logcategory); $ldap->bind($dn, $this->params->get('password', '')); } catch (ConnectionException | LdapException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_NOT_CONNECT'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } // Search for users DN try { $searchstring = str_replace( '[search]', str_replace(';', '\3b', $ldap->escape($credentials['username'], '', LDAP_ESCAPE_FILTER)), $this->params->get('search_string', '') ); Log::add(sprintf('Searching LDAP entry with filter: "%s"', $searchstring), Log::DEBUG, $logcategory); $entry = $this->searchByString($searchstring, $ldap); } catch (LdapException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_UNKNOWN_ACCESS_DENIED'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } if (!$entry) { // we did not find the login in LDAP $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_NO_USER'); Log::add($this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_USER_NOT_FOUND'), Log::ERROR, $logcategory); return; } else { Log::add(sprintf('LDAP entry found at "%s"', $entry->getDn()), Log::DEBUG, $logcategory); } try { // Verify Users Credentials Log::add(sprintf('Binding to LDAP server with found user dn "%s" and user entered password', $entry->getDn()), Log::DEBUG, $logcategory); $ldap->bind($entry->getDn(), $credentials['password']); } catch (ConnectionException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_INVALID_PASS'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } break; case 'bind': // We just accept the result here try { if ($this->params->get('users_dn', '') == '') { $dn = $credentials['username']; } else { $dn = str_replace( '[username]', $ldap->escape($credentials['username'], '', LDAP_ESCAPE_DN), $this->params->get('users_dn', '') ); } Log::add(sprintf('Direct binding to LDAP server with entered user dn "%s" and user entered password', $dn), Log::DEBUG, $logcategory); $ldap->bind($dn, $credentials['password']); } catch (ConnectionException | LdapException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_INVALID_PASS'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } try { $searchstring = str_replace( '[search]', str_replace(';', '\3b', $ldap->escape($credentials['username'], '', LDAP_ESCAPE_FILTER)), $this->params->get('search_string', '') ); Log::add(sprintf('Searching LDAP entry with filter: "%s"', $searchstring), Log::DEBUG, $logcategory); $entry = $this->searchByString($searchstring, $ldap); } catch (LdapException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_UNKNOWN_ACCESS_DENIED'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } if (!$entry) { // we did not find the login in LDAP $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_NO_USER'); Log::add($this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_USER_NOT_FOUND'), Log::ERROR, $logcategory); return; } Log::add(sprintf('LDAP entry found at "%s"', $entry->getDn()), Log::DEBUG, $logcategory); break; default: // Unsupported configuration $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_UNKNOWN_ACCESS_DENIED'); Log::add($response->error_message, Log::ERROR, $logcategory); return; } // Grab some details from LDAP and return them $response->username = $entry->getAttribute($ldap_uid)[0] ?? false; $response->email = $entry->getAttribute($ldap_email)[0] ?? false; $response->fullname = $entry->getAttribute($ldap_fullname)[0] ?? $credentials['username']; // Were good - So say so. Log::add(sprintf('LDAP login succeeded; username: "%s", email: "%s", fullname: "%s"', $response->username, $response->email, $response->fullname), Log::DEBUG, $logcategory); $response->status = Authentication::STATUS_SUCCESS; $response->error_message = ''; // The connection is no longer needed, destroy the object to close it unset($ldap); } /** * Shortcut method to perform a LDAP search based on a semicolon separated string * * Note that this method requires that semicolons which should be part of the search term to be escaped * to correctly split the search string into separate lookups * * @param string $search search string of search values * @param LdapInterface $ldap The LDAP client * * @return Entry|null The search result entry if a matching record was found * * @since 3.8.2 */ private function searchByString(string $search, LdapInterface $ldap) { $dn = $this->params->get('base_dn', ''); // We return the first entry from the first search result which contains data foreach (explode(';', $search) as $key => $result) { $results = $ldap->query($dn, '(' . str_replace('\3b', ';', $result) . ')')->execute(); if (count($results)) { return $results[0]; } } } }
/home/opticamezl/www/newok/./images/../modules/../includes/../authentication.tar