uawdijnntqw1x1x1
IP : 216.73.217.59
Hostname : webm003.cluster107.gra.hosting.ovh.net
Kernel : Linux webm003.cluster107.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Disable Function : _dyuweyrj4,_dyuweyrj4r,dl
OS : Linux
PATH:
/
home
/
opticamezl
/
www
/
newok
/
tmp
/
..
/
cli
/
..
/
plugins
/
..
/
tmp
/
..
/
api
/
..
/
.
/
.
/
libraries
/
..
/
tmp
/
..
/
ldap.tar
/
/
ldap.xml000064400000011006151721421460006207 0ustar00<?xml version="1.0" encoding="UTF-8"?> <extension type="plugin" group="authentication" method="upgrade"> <name>plg_authentication_ldap</name> <author>Joomla! Project</author> <creationDate>2005-11</creationDate> <copyright>(C) 2005 Open Source Matters, Inc.</copyright> <license>GNU General Public License version 2 or later; see LICENSE.txt</license> <authorEmail>admin@joomla.org</authorEmail> <authorUrl>www.joomla.org</authorUrl> <version>3.0.0</version> <description>PLG_LDAP_XML_DESCRIPTION</description> <namespace path="src">Joomla\Plugin\Authentication\Ldap</namespace> <files> <folder plugin="ldap">services</folder> <folder>src</folder> </files> <languages> <language tag="en-GB">language/en-GB/plg_authentication_ldap.ini</language> <language tag="en-GB">language/en-GB/plg_authentication_ldap.sys.ini</language> </languages> <config> <fields name="params"> <fieldset name="basic"> <field name="host" type="text" label="PLG_LDAP_FIELD_HOST_LABEL" required="true" /> <field name="port" type="number" label="PLG_LDAP_FIELD_PORT_LABEL" min="1" max="65535" default="389" hint="389" validate="number" filter="integer" /> <field name="use_ldapV3" type="radio" layout="joomla.form.field.radio.switcher" label="PLG_LDAP_FIELD_V3_LABEL" default="1" filter="integer" > <option value="0">JNO</option> <option value="1">JYES</option> </field> <field name="encryption" type="list" label="PLG_LDAP_FIELD_ENCRYPTION_LABEL" default="none" validate="options" > <option value="none">PLG_LDAP_FIELD_VALUE_ENCRYPTIONNONE</option> <option value="tls">PLG_LDAP_FIELD_VALUE_ENCRYPTIONTLS</option> <option value="ssl">PLG_LDAP_FIELD_VALUE_ENCRYPTIONSSL</option> </field> <field name="ignore_reqcert_tls" type="radio" label="PLG_LDAP_FIELD_IGNORE_REQCERT_TLS_LABEL" layout="joomla.form.field.radio.switcher" default="1" filter="boolean" showon="encryption!:none" > <option value="0">JNO</option> <option value="1">JYES</option> </field> <field name="cacert" type="text" label="PLG_LDAP_FIELD_CACERT_LABEL" description="PLG_LDAP_FIELD_CACERT_DESC" required="false" showon="encryption!:none[AND]ignore_reqcert_tls:0" /> <field name="no_referrals" type="radio" label="PLG_LDAP_FIELD_REFERRALS_LABEL" default="0" filter="integer" layout="joomla.form.field.radio.switcher" > <option value="0">JNO</option> <option value="1">JYES</option> </field> <field name="auth_method" type="list" label="PLG_LDAP_FIELD_AUTHMETHOD_LABEL" default="bind" validate="options" > <option value="search">PLG_LDAP_FIELD_VALUE_BINDSEARCH</option> <option value="bind">PLG_LDAP_FIELD_VALUE_BINDUSER</option> </field> <field name="base_dn" type="text" label="PLG_LDAP_FIELD_BASEDN_LABEL" required="true" /> <field name="search_string" type="text" label="PLG_LDAP_FIELD_SEARCHSTRING_LABEL" description="PLG_LDAP_FIELD_SEARCHSTRING_DESC" required="true" /> <field name="users_dn" type="text" label="PLG_LDAP_FIELD_USERSDN_LABEL" description="PLG_LDAP_FIELD_USERSDN_DESC" /> <field name="username" type="text" label="PLG_LDAP_FIELD_USERNAME_LABEL" description="PLG_LDAP_FIELD_USERNAME_DESC" /> <field name="password" type="password" label="PLG_LDAP_FIELD_PASSWORD_LABEL" description="PLG_LDAP_FIELD_PASSWORD_DESC" /> <field name="ldap_fullname" type="text" label="PLG_LDAP_FIELD_FULLNAME_LABEL" description="PLG_LDAP_FIELD_FULLNAME_DESC" default="fullName" /> <field name="ldap_email" type="text" label="PLG_LDAP_FIELD_EMAIL_LABEL" description="PLG_LDAP_FIELD_EMAIL_DESC" default="mail" /> <field name="ldap_uid" type="text" label="PLG_LDAP_FIELD_UID_LABEL" description="PLG_LDAP_FIELD_UID_DESC" default="uid" /> <field name="ldap_debug" type="radio" label="PLG_LDAP_FIELD_LDAPDEBUG_LABEL" description="PLG_LDAP_FIELD_LDAPDEBUG_DESC" default="0" filter="integer" layout="joomla.form.field.radio.switcher" > <option value="0">JNO</option> <option value="1">JYES</option> </field> </fieldset> </fields> </config> </extension> index.html000060400000000037151721421460006540 0ustar00<!DOCTYPE html><title></title> services/provider.php000064400000002614151721421460010740 0ustar00<?php /** * @package Joomla.Plugin * @subpackage Authentication.ldap * * @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ defined('_JEXEC') or die; use Joomla\CMS\Extension\PluginInterface; use Joomla\CMS\Factory; use Joomla\CMS\Plugin\PluginHelper; use Joomla\DI\Container; use Joomla\DI\ServiceProviderInterface; use Joomla\Event\DispatcherInterface; use Joomla\Plugin\Authentication\Ldap\Extension\Ldap; use Joomla\Plugin\Authentication\Ldap\Factory\LdapFactory; return new class () implements ServiceProviderInterface { /** * Registers the service provider with a DI container. * * @param Container $container The DI container. * * @return void * * @since 4.3.0 */ public function register(Container $container) { $container->set( PluginInterface::class, function (Container $container) { $dispatcher = $container->get(DispatcherInterface::class); $plugin = new Ldap( new LdapFactory(), $dispatcher, (array) PluginHelper::getPlugin('authentication', 'ldap') ); $plugin->setApplication(Factory::getApplication()); return $plugin; } ); } }; src/Factory/LdapFactory.php000064400000001646151721421470011676 0ustar00<?php /** * Joomla! Content Management System * * @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Plugin\Authentication\Ldap\Factory; use Symfony\Component\Ldap\Ldap; use Symfony\Component\Ldap\LdapInterface; // phpcs:disable PSR1.Files.SideEffects \defined('_JEXEC') or die; // phpcs:enable PSR1.Files.SideEffects /** * Factory to create Ldap clients. * * @since 4.3.0 */ class LdapFactory implements LdapFactoryInterface { /** * Method to load and return an Ldap client. * * @param array $config The configuration array for the ldap client * * @return LdapInterface * * @since 4.3.0 * * @throws \Exception */ public function createLdap(array $config): LdapInterface { return Ldap::create('ext_ldap', $config); } } src/Factory/LdapFactoryInterface.php000064400000001456151721421470013516 0ustar00<?php /** * Joomla! Content Management System * * @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Plugin\Authentication\Ldap\Factory; use Symfony\Component\Ldap\LdapInterface; // phpcs:disable PSR1.Files.SideEffects \defined('_JEXEC') or die; // phpcs:enable PSR1.Files.SideEffects /** * Factory to create Ldap clients. * * @since 4.3.0 */ interface LdapFactoryInterface { /** * Method to load and return an Ldap client. * * @param array $config The configuration array for the ldap client * * @return LdapInterface * * @since 4.3.0 * @throws \Exception */ public function createLdap(array $config): LdapInterface; } src/Extension/Ldap.php000064400000032216151721421470010710 0ustar00<?php /** * @package Joomla.Plugin * @subpackage Authentication.ldap * * @copyright (C) 2006 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Plugin\Authentication\Ldap\Extension; use Joomla\CMS\Authentication\Authentication; use Joomla\CMS\Log\Log; use Joomla\CMS\Plugin\CMSPlugin; use Joomla\Event\Dispatcher; use Joomla\Plugin\Authentication\Ldap\Factory\LdapFactoryInterface; use Symfony\Component\Ldap\Entry; use Symfony\Component\Ldap\Exception\ConnectionException; use Symfony\Component\Ldap\Exception\LdapException; use Symfony\Component\Ldap\LdapInterface; // phpcs:disable PSR1.Files.SideEffects \defined('_JEXEC') or die; // phpcs:enable PSR1.Files.SideEffects /** * LDAP Authentication Plugin * * @since 1.5 */ final class Ldap extends CMSPlugin { /** * The ldap factory * * @var LdapFactoryInterface * @since 4.3.0 */ private $factory; /** * Constructor * * @param LdapFactoryInterface $factory The Ldap factory * @param DispatcherInterface $dispatcher The object to observe * @param array $config An optional associative array of configuration settings. * Recognized key values include 'name', 'group', 'params', 'language' * (this list is not meant to be comprehensive). * * @since 4.3.0 */ public function __construct(LdapFactoryInterface $factory, Dispatcher $dispatcher, $config = []) { parent::__construct($dispatcher, $config); $this->factory = $factory; } /** * This method should handle any authentication and report back to the subject * * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * @param object &$response Authentication response object * * @return boolean * * @since 1.5 */ public function onUserAuthenticate($credentials, $options, &$response) { // If LDAP not correctly configured then bail early. if (!$this->params->get('host', '')) { return false; } // For JLog $logcategory = 'ldap'; $response->type = $logcategory; // Strip null bytes from the password $credentials['password'] = str_replace(chr(0), '', $credentials['password']); // LDAP does not like Blank passwords (tries to Anon Bind which is bad) if (empty($credentials['password'])) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED'); return false; } // Load plugin params info $ldap_email = $this->params->get('ldap_email', ''); $ldap_fullname = $this->params->get('ldap_fullname', ''); $ldap_uid = $this->params->get('ldap_uid', ''); $auth_method = $this->params->get('auth_method', ''); // Load certificate info $ignore_reqcert_tls = (bool) $this->params->get('ignore_reqcert_tls', '1'); $cacert = $this->params->get('cacert', ''); // getting certificate file and certificate directory options (both need to be set) if (!$ignore_reqcert_tls && !empty($cacert)) { if (is_dir($cacert)) { $cacertdir = $cacert; $cacertfile = ""; } elseif (is_file($cacert)) { $cacertfile = $cacert; $cacertdir = dirname($cacert); } else { $cacertfile = $cacert; $cacertdir = $cacert; Log::add(sprintf('Certificate path for LDAP client is neither an existing file nor directory: "%s"', $cacert), Log::ERROR, $logcategory); } } else { Log::add(sprintf('Not setting any LDAP TLS CA certificate options because %s, system wide settings are used', $ignore_reqcert_tls ? "certificate is ignored" : "no certificate location is configured"), Log::DEBUG, $logcategory); } $options = [ 'host' => $this->params->get('host', ''), 'port' => (int) $this->params->get('port', ''), 'version' => $this->params->get('use_ldapV3', '1') == '1' ? 3 : 2, 'referrals' => (bool) $this->params->get('no_referrals', '0'), 'encryption' => $this->params->get('encryption', 'none'), 'debug' => (bool) $this->params->get('ldap_debug', '0'), 'options' => [ 'x_tls_require_cert' => $ignore_reqcert_tls ? LDAP_OPT_X_TLS_NEVER : LDAP_OPT_X_TLS_DEMAND, ], ]; // if these are not set, the system defaults are used if (isset($cacertdir) && isset($cacertfile)) { $options['options']['x_tls_cacertdir'] = $cacertdir; $options['options']['x_tls_cacertfile'] = $cacertfile; } Log::add(sprintf('Creating LDAP session with options: %s', json_encode($options)), Log::DEBUG, $logcategory); $connection_string = sprintf('ldap%s://%s:%s', 'ssl' === $options['encryption'] ? 's' : '', $options['host'], $options['port']); Log::add(sprintf('Creating LDAP session to connect to "%s" while binding', $connection_string), Log::DEBUG, $logcategory); $ldap = $this->factory->createLdap($options); switch ($auth_method) { case 'search': try { $dn = $this->params->get('username', ''); Log::add(sprintf('Binding to LDAP server with administrative dn "%s" and given administrative password (anonymous if user dn is blank)', $dn), Log::DEBUG, $logcategory); $ldap->bind($dn, $this->params->get('password', '')); } catch (ConnectionException | LdapException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_NOT_CONNECT'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } // Search for users DN try { $searchstring = str_replace( '[search]', str_replace(';', '\3b', $ldap->escape($credentials['username'], '', LDAP_ESCAPE_FILTER)), $this->params->get('search_string', '') ); Log::add(sprintf('Searching LDAP entry with filter: "%s"', $searchstring), Log::DEBUG, $logcategory); $entry = $this->searchByString($searchstring, $ldap); } catch (LdapException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_UNKNOWN_ACCESS_DENIED'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } if (!$entry) { // we did not find the login in LDAP $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_NO_USER'); Log::add($this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_USER_NOT_FOUND'), Log::ERROR, $logcategory); return; } else { Log::add(sprintf('LDAP entry found at "%s"', $entry->getDn()), Log::DEBUG, $logcategory); } try { // Verify Users Credentials Log::add(sprintf('Binding to LDAP server with found user dn "%s" and user entered password', $entry->getDn()), Log::DEBUG, $logcategory); $ldap->bind($entry->getDn(), $credentials['password']); } catch (ConnectionException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_INVALID_PASS'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } break; case 'bind': // We just accept the result here try { if ($this->params->get('users_dn', '') == '') { $dn = $credentials['username']; } else { $dn = str_replace( '[username]', $ldap->escape($credentials['username'], '', LDAP_ESCAPE_DN), $this->params->get('users_dn', '') ); } Log::add(sprintf('Direct binding to LDAP server with entered user dn "%s" and user entered password', $dn), Log::DEBUG, $logcategory); $ldap->bind($dn, $credentials['password']); } catch (ConnectionException | LdapException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_INVALID_PASS'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } try { $searchstring = str_replace( '[search]', str_replace(';', '\3b', $ldap->escape($credentials['username'], '', LDAP_ESCAPE_FILTER)), $this->params->get('search_string', '') ); Log::add(sprintf('Searching LDAP entry with filter: "%s"', $searchstring), Log::DEBUG, $logcategory); $entry = $this->searchByString($searchstring, $ldap); } catch (LdapException $exception) { $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_UNKNOWN_ACCESS_DENIED'); Log::add($exception->getMessage(), Log::ERROR, $logcategory); return; } if (!$entry) { // we did not find the login in LDAP $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_NO_USER'); Log::add($this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_USER_NOT_FOUND'), Log::ERROR, $logcategory); return; } Log::add(sprintf('LDAP entry found at "%s"', $entry->getDn()), Log::DEBUG, $logcategory); break; default: // Unsupported configuration $response->status = Authentication::STATUS_FAILURE; $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_UNKNOWN_ACCESS_DENIED'); Log::add($response->error_message, Log::ERROR, $logcategory); return; } // Grab some details from LDAP and return them $response->username = $entry->getAttribute($ldap_uid)[0] ?? false; $response->email = $entry->getAttribute($ldap_email)[0] ?? false; $response->fullname = $entry->getAttribute($ldap_fullname)[0] ?? $credentials['username']; // Were good - So say so. Log::add(sprintf('LDAP login succeeded; username: "%s", email: "%s", fullname: "%s"', $response->username, $response->email, $response->fullname), Log::DEBUG, $logcategory); $response->status = Authentication::STATUS_SUCCESS; $response->error_message = ''; // The connection is no longer needed, destroy the object to close it unset($ldap); } /** * Shortcut method to perform a LDAP search based on a semicolon separated string * * Note that this method requires that semicolons which should be part of the search term to be escaped * to correctly split the search string into separate lookups * * @param string $search search string of search values * @param LdapInterface $ldap The LDAP client * * @return Entry|null The search result entry if a matching record was found * * @since 3.8.2 */ private function searchByString(string $search, LdapInterface $ldap) { $dn = $this->params->get('base_dn', ''); // We return the first entry from the first search result which contains data foreach (explode(';', $search) as $key => $result) { $results = $ldap->query($dn, '(' . str_replace('\3b', ';', $result) . ')')->execute(); if (count($results)) { return $results[0]; } } } }
/home/opticamezl/www/newok/tmp/../cli/../plugins/../tmp/../api/../././libraries/../tmp/../ldap.tar