File manager

File manager - Edit - /home/opticamezl/www/newok/Security.tar

Back
LdapBadge.php��0000644��00000003416�15173605305�0007071 0��ustar�00��<?php /* * This file is part of the Symfony package. * * (c) Fabien Potencier <fabien@symfony.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. / namespace Symfony\Component\Ldap\Security; use Symfony\Component\Security\Http\Authenticator\Passport\Badge\BadgeInterface; /* * A badge indicating that the credentials should be checked using LDAP. * * This badge must be used together with PasswordCredentials. * * @author Wouter de Jong <wouter@wouterj.nl> * * @final / class LdapBadge implements BadgeInterface { private $resolved = false; private $ldapServiceId; private $dnString; private $searchDn; private $searchPassword; private $queryString; public function __construct(string $ldapServiceId, string $dnString = '{username}', string $searchDn = '', string $searchPassword = '', string $queryString = null) { $this->ldapServiceId = $ldapServiceId; $this->dnString = $dnString; $this->searchDn = $searchDn; $this->searchPassword = $searchPassword; $this->queryString = $queryString; } public function getLdapServiceId(): string { return $this->ldapServiceId; } public function getDnString(): string { return $this->dnString; } public function getSearchDn(): string { return $this->searchDn; } public function getSearchPassword(): string { return $this->searchPassword; } public function getQueryString(): ?string { return $this->queryString; } public function markResolved(): void { $this->resolved = true; } public function isResolved(): bool { return $this->resolved; } } ��LdapUser.php��0000644��00000005443�15173605305�0007007 0��ustar�00��<?php / * This file is part of the Symfony package. * * (c) Fabien Potencier <fabien@symfony.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. / namespace Symfony\Component\Ldap\Security; use Symfony\Component\Ldap\Entry; use Symfony\Component\Security\Core\User\EquatableInterface; use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface; use Symfony\Component\Security\Core\User\UserInterface; /* * @author Robin Chalas <robin.chalas@gmail.com> * * @final / class LdapUser implements UserInterface, PasswordAuthenticatedUserInterface, EquatableInterface { private $entry; private $username; private $password; private $roles; private $extraFields; public function __construct(Entry $entry, string $username, ?string $password, array $roles = [], array $extraFields = []) { if (!$username) { throw new \InvalidArgumentException('The username cannot be empty.'); } $this->entry = $entry; $this->username = $username; $this->password = $password; $this->roles = $roles; $this->extraFields = $extraFields; } public function getEntry(): Entry { return $this->entry; } /* * {@inheritdoc} / public function getRoles(): array { return $this->roles; } /* * {@inheritdoc} / public function getPassword(): ?string { return $this->password; } /* * {@inheritdoc} / public function getSalt(): ?string { return null; } /* * {@inheritdoc} / public function getUsername(): string { trigger_deprecation('symfony/ldap', '5.3', 'Method "%s()" is deprecated and will be removed in 6.0, use getUserIdentifier() instead.', __METHOD__); return $this->username; } public function getUserIdentifier(): string { return $this->username; } /* * {@inheritdoc} / public function eraseCredentials() { $this->password = null; } public function getExtraFields(): array { return $this->extraFields; } public function setPassword(string $password) { $this->password = $password; } /* * {@inheritdoc} / public function isEqualTo(UserInterface $user): bool { if (!$user instanceof self) { return false; } if ($this->getPassword() !== $user->getPassword()) { return false; } if ($this->getSalt() !== $user->getSalt()) { return false; } if ($this->getUserIdentifier() !== $user->getUserIdentifier()) { return false; } return true; } } ��LdapUserProvider.php��0000644��00000014623�15173605305�0010522 0��ustar�00��<?php / * This file is part of the Symfony package. * * (c) Fabien Potencier <fabien@symfony.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. / namespace Symfony\Component\Ldap\Security; use Symfony\Component\Ldap\Entry; use Symfony\Component\Ldap\Exception\ConnectionException; use Symfony\Component\Ldap\Exception\ExceptionInterface; use Symfony\Component\Ldap\LdapInterface; use Symfony\Component\Security\Core\Exception\InvalidArgumentException; use Symfony\Component\Security\Core\Exception\UnsupportedUserException; use Symfony\Component\Security\Core\Exception\UserNotFoundException; use Symfony\Component\Security\Core\User\PasswordUpgraderInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; /* * LdapUserProvider is a simple user provider on top of LDAP. * * @author Grégoire Pineau <lyrixx@lyrixx.info> * @author Charles Sarrazin <charles@sarraz.in> * @author Robin Chalas <robin.chalas@gmail.com> / class LdapUserProvider implements UserProviderInterface, PasswordUpgraderInterface { private $ldap; private $baseDn; private $searchDn; private $searchPassword; private $defaultRoles; private $uidKey; private $defaultSearch; private $passwordAttribute; private $extraFields; public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = []) { if (null === $uidKey) { $uidKey = 'sAMAccountName'; } if (null === $filter) { $filter = '({uid_key}={user_identifier})'; } $this->ldap = $ldap; $this->baseDn = $baseDn; $this->searchDn = $searchDn; $this->searchPassword = $searchPassword; $this->defaultRoles = $defaultRoles; $this->uidKey = $uidKey; $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter); $this->passwordAttribute = $passwordAttribute; $this->extraFields = $extraFields; } /* * {@inheritdoc} / public function loadUserByUsername(string $username) { trigger_deprecation('symfony/ldap', '5.3', 'Method "%s()" is deprecated, use loadUserByIdentifier() instead.', __METHOD__); return $this->loadUserByIdentifier($username); } public function loadUserByIdentifier(string $identifier): UserInterface { try { $this->ldap->bind($this->searchDn, $this->searchPassword); $identifier = $this->ldap->escape($identifier, '', LdapInterface::ESCAPE_FILTER); $query = str_replace(['{username}', '{user_identifier}'], $identifier, $this->defaultSearch); $search = $this->ldap->query($this->baseDn, $query, ['filter' => 0 == \count($this->extraFields) ? '' : $this->extraFields]); } catch (ConnectionException $e) { $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier), 0, $e); $e->setUserIdentifier($identifier); throw $e; } $entries = $search->execute(); $count = \count($entries); if (!$count) { $e = new UserNotFoundException(sprintf('User "%s" not found.', $identifier)); $e->setUserIdentifier($identifier); throw $e; } if ($count > 1) { $e = new UserNotFoundException('More than one user found.'); $e->setUserIdentifier($identifier); throw $e; } $entry = $entries[0]; try { if (null !== $this->uidKey) { $identifier = $this->getAttributeValue($entry, $this->uidKey); } } catch (InvalidArgumentException $e) { } return $this->loadUser($identifier, $entry); } /** * {@inheritdoc} / public function refreshUser(UserInterface $user) { if (!$user instanceof LdapUser) { throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user))); } return new LdapUser($user->getEntry(), $user->getUserIdentifier(), $user->getPassword(), $user->getRoles(), $user->getExtraFields()); } /* * {@inheritdoc} * * @final / public function upgradePassword($user, string $newHashedPassword): void { if (!$user instanceof LdapUser) { throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_debug_type($user))); } if (null === $this->passwordAttribute) { return; } try { $user->getEntry()->setAttribute($this->passwordAttribute, [$newHashedPassword]); $this->ldap->getEntryManager()->update($user->getEntry()); $user->setPassword($newHashedPassword); } catch (ExceptionInterface $e) { // ignore failed password upgrades } } /* * {@inheritdoc} / public function supportsClass(string $class) { return LdapUser::class === $class; } /* * Loads a user from an LDAP entry. * * @return UserInterface / protected function loadUser(string $identifier, Entry $entry) { $password = null; $extraFields = []; if (null !== $this->passwordAttribute) { $password = $this->getAttributeValue($entry, $this->passwordAttribute); } foreach ($this->extraFields as $field) { $extraFields[$field] = $this->getAttributeValue($entry, $field); } return new LdapUser($entry, $identifier, $password, $this->defaultRoles, $extraFields); } private function getAttributeValue(Entry $entry, string $attribute) { if (!$entry->hasAttribute($attribute)) { throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $attribute, $entry->getDn())); } $values = $entry->getAttribute($attribute); if (!\in_array($attribute, [$this->uidKey, $this->passwordAttribute])) { return $values; } if (1 !== \count($values)) { throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute)); } return $values[0]; } } ��LdapAuthenticator.php��0000644��00000010664�15173605305�0010704 0��ustar�00��<?php / * This file is part of the Symfony package. * * (c) Fabien Potencier <fabien@symfony.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. / namespace Symfony\Component\Ldap\Security; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\Authenticator\AuthenticatorInterface; use Symfony\Component\Security\Http\Authenticator\InteractiveAuthenticatorInterface; use Symfony\Component\Security\Http\Authenticator\Passport\Passport; use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Security\Http\EntryPoint\Exception\NotAnEntryPointException; /* * This class decorates internal authenticators to add the LDAP integration. * * In your own authenticators, it is recommended to directly use the * LdapBadge in the authenticate() method. This class should only be * used for Symfony or third party authenticators. * * @author Wouter de Jong <wouter@wouterj.nl> * * @final / class LdapAuthenticator implements AuthenticationEntryPointInterface, InteractiveAuthenticatorInterface { private $authenticator; private $ldapServiceId; private $dnString; private $searchDn; private $searchPassword; private $queryString; public function __construct(AuthenticatorInterface $authenticator, string $ldapServiceId, string $dnString = '{username}', string $searchDn = '', string $searchPassword = '', string $queryString = '') { $this->authenticator = $authenticator; $this->ldapServiceId = $ldapServiceId; $this->dnString = $dnString; $this->searchDn = $searchDn; $this->searchPassword = $searchPassword; $this->queryString = $queryString; } public function supports(Request $request): ?bool { return $this->authenticator->supports($request); } public function authenticate(Request $request): Passport { $passport = $this->authenticator->authenticate($request); $passport->addBadge(new LdapBadge($this->ldapServiceId, $this->dnString, $this->searchDn, $this->searchPassword, $this->queryString)); return $passport; } /* * @deprecated since Symfony 5.4, use {@link createToken()} instead / public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface { trigger_deprecation('symfony/ldap', '5.4', 'Method "%s()" is deprecated, use "%s::createToken()" instead.', __METHOD__, __CLASS__); return $this->createToken($passport, $firewallName); } public function createToken(Passport $passport, string $firewallName): TokenInterface { // @deprecated since Symfony 5.4, in 6.0 change to: // return $this->authenticator->createToken($passport, $firewallName); return method_exists($this->authenticator, 'createToken') ? $this->authenticator->createToken($passport, $firewallName) : $this->authenticator->createAuthenticatedToken($passport, $firewallName); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response { return $this->authenticator->onAuthenticationSuccess($request, $token, $firewallName); } public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response { return $this->authenticator->onAuthenticationFailure($request, $exception); } public function start(Request $request, AuthenticationException $authException = null): Response { if (!$this->authenticator instanceof AuthenticationEntryPointInterface) { throw new NotAnEntryPointException(sprintf('Decorated authenticator "%s" does not implement interface "%s".', get_debug_type($this->authenticator), AuthenticationEntryPointInterface::class)); } return $this->authenticator->start($request, $authException); } public function isInteractive(): bool { if ($this->authenticator instanceof InteractiveAuthenticatorInterface) { return $this->authenticator->isInteractive(); } return false; } } ��CheckLdapCredentialsListener.php��0000644��00000012326�15173605305�0012770 0��ustar�00��<?php / * This file is part of the Symfony package. * * (c) Fabien Potencier <fabien@symfony.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. / namespace Symfony\Component\Ldap\Security; use Psr\Container\ContainerInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\Ldap\Exception\ConnectionException; use Symfony\Component\Ldap\LdapInterface; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\LogicException; use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface; use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials; use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface; use Symfony\Component\Security\Http\Event\CheckPassportEvent; /* * Verifies password credentials using an LDAP service whenever the * LdapBadge is attached to the Security passport. * * @author Wouter de Jong <wouter@wouterj.nl> / class CheckLdapCredentialsListener implements EventSubscriberInterface { private $ldapLocator; public function __construct(ContainerInterface $ldapLocator) { $this->ldapLocator = $ldapLocator; } public function onCheckPassport(CheckPassportEvent $event) { $passport = $event->getPassport(); if (!$passport->hasBadge(LdapBadge::class)) { return; } /* @var LdapBadge $ldapBadge / $ldapBadge = $passport->getBadge(LdapBadge::class); if ($ldapBadge->isResolved()) { return; } if (!$passport instanceof UserPassportInterface \|\| !$passport->hasBadge(PasswordCredentials::class)) { throw new \LogicException(sprintf('LDAP authentication requires a passport containing a user and password credentials, authenticator "%s" does not fulfill these requirements.', \get_class($event->getAuthenticator()))); } /* @var PasswordCredentials $passwordCredentials / $passwordCredentials = $passport->getBadge(PasswordCredentials::class); if ($passwordCredentials->isResolved()) { throw new \LogicException('LDAP authentication password verification cannot be completed because something else has already resolved the PasswordCredentials.'); } if (!$this->ldapLocator->has($ldapBadge->getLdapServiceId())) { throw new \LogicException(sprintf('Cannot check credentials using the "%s" ldap service, as such service is not found. Did you maybe forget to add the "ldap" service tag to this service?', $ldapBadge->getLdapServiceId())); } $presentedPassword = $passwordCredentials->getPassword(); if ('' === $presentedPassword) { throw new BadCredentialsException('The presented password cannot be empty.'); } $user = $passport->getUser(); if (!$user instanceof PasswordAuthenticatedUserInterface) { trigger_deprecation('symfony/ldap', '5.3', 'Not implementing the "%s" interface in class "%s" while using password-based authenticators is deprecated.', PasswordAuthenticatedUserInterface::class, get_debug_type($user)); } /* @var LdapInterface $ldap */ $ldap = $this->ldapLocator->get($ldapBadge->getLdapServiceId()); try { if ($ldapBadge->getQueryString()) { if ('' !== $ldapBadge->getSearchDn() && '' !== $ldapBadge->getSearchPassword()) { $ldap->bind($ldapBadge->getSearchDn(), $ldapBadge->getSearchPassword()); } else { throw new LogicException('Using the "query_string" config without using a "search_dn" and a "search_password" is not supported.'); } // @deprecated since Symfony 5.3, change to $user->getUserIdentifier() in 6.0 $username = $ldap->escape(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), '', LdapInterface::ESCAPE_FILTER); $query = str_replace(['{username}', '{user_identifier}'], $username, $ldapBadge->getQueryString()); $result = $ldap->query($ldapBadge->getDnString(), $query)->execute(); if (1 !== $result->count()) { throw new BadCredentialsException('The presented username is invalid.'); } $dn = $result[0]->getDn(); } else { // @deprecated since Symfony 5.3, change to $user->getUserIdentifier() in 6.0 $username = $ldap->escape(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername(), '', LdapInterface::ESCAPE_DN); $dn = str_replace('{username}', $username, $ldapBadge->getDnString()); } $ldap->bind($dn, $presentedPassword); } catch (ConnectionException $e) { throw new BadCredentialsException('The presented password is invalid.'); } $passwordCredentials->markResolved(); $ldapBadge->markResolved(); } public static function getSubscribedEvents(): array { return [CheckPassportEvent::class => ['onCheckPassport', 144]]; } } ��

| ver. 1.4 | Github | . | PHP 8.3.23 | Generation time: 0 | proxy | phpinfo | Settings