Rev 1394 | Rev 1396 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1394 | Rev 1395 | ||
|---|---|---|---|
| Line 392... | Line 392... | ||
| 392 | $ldap_attributes["2.17.1.2.1"][2][] = "oidC2"; |
392 | $ldap_attributes["2.17.1.2.1"][2][] = "oidC2"; |
| 393 | $ldap_attributes["2.17.1.2.2"][2][] = "oidC"; |
393 | $ldap_attributes["2.17.1.2.2"][2][] = "oidC"; |
| 394 | $ldap_attributes["2.5.18.28"][2][] = "userPwdHistory"; |
394 | $ldap_attributes["2.5.18.28"][2][] = "userPwdHistory"; |
| 395 | $ldap_attributes["2.5.18.29"][2][] = "userPwdRecentlyExpired"; |
395 | $ldap_attributes["2.5.18.29"][2][] = "userPwdRecentlyExpired"; |
| 396 | 396 | ||
| - | 397 | // Vendor specific stuff |
|
| - | 398 | $ldap_attributes["1.3.6.1.4.1.37476.2.5.2.9.4.1"] = ["ViaThinkSoft", "OIDplus System", ["oidplusSystemId"], "system-id"]; |
|
| - | 399 | ||
| 397 | // Test data |
400 | // Test data |
| 398 | /* |
401 | /* |
| 399 | for ($i=0; $i<=106; $i++) { |
402 | for ($i=0; $i<=106; $i++) { |
| 400 | if (!isset($ldap_attributes["2.5.4.$i"])) echo "WARNING: 2.5.4.$i MISSING<br>\n"; |
403 | if (!isset($ldap_attributes["2.5.4.$i"])) echo "WARNING: 2.5.4.$i MISSING<br>\n"; |
| 401 | } |
404 | } |
| Line 415... | Line 418... | ||
| 415 | 418 | ||
| 416 | /** |
419 | /** |
| 417 | * @param string $val |
420 | * @param string $val |
| 418 | * @param bool $escape_equal_sign |
421 | * @param bool $escape_equal_sign |
| 419 | * @param bool $escape_backslash |
422 | * @param bool $escape_backslash |
| - | 423 | * @param bool $allow_ber |
|
| 420 | * @return string |
424 | * @return string |
| 421 | */ |
425 | */ |
| 422 | protected static function escapeAttributeValue(string $val, bool $escape_equal_sign, bool $escape_backslash): string { |
426 | protected static function escapeAttributeValue(string $val, bool $escape_equal_sign, bool $escape_backslash, bool $allow_ber): string { |
| 423 | // Escaping required by https://datatracker.ietf.org/doc/html/rfc2253#section-2.4 |
427 | // Escaping required by https://datatracker.ietf.org/doc/html/rfc2253#section-2.4 |
| 424 | 428 | ||
| 425 | $val = trim($val); // we don't escape whitespaces. It is very unlikely that someone wants whitespaces at the beginning or end (it is rather a copy-paste error) |
429 | $val = trim($val); // we don't escape whitespaces. It is very unlikely that someone wants whitespaces at the beginning or end (it is rather a copy-paste error) |
| 426 | 430 | ||
| 427 | if ($escape_backslash) $val = str_replace('\\', '\\\\', $val); // important: do this first |
431 | if ($escape_backslash) $val = str_replace('\\', '\\\\', $val); // important: do this first |
| Line 435... | Line 439... | ||
| 435 | if (!$escape_backslash) $val = str_replace('\\'.$char, $dummy, $val); |
439 | if (!$escape_backslash) $val = str_replace('\\'.$char, $dummy, $val); |
| 436 | $val = str_replace($char, '\\'.$char, $val); |
440 | $val = str_replace($char, '\\'.$char, $val); |
| 437 | if (!$escape_backslash) $val = str_replace($dummy, '\\'.$char, $val); |
441 | if (!$escape_backslash) $val = str_replace($dummy, '\\'.$char, $val); |
| 438 | } |
442 | } |
| 439 | 443 | ||
| - | 444 | if (!$allow_ber) { |
|
| 440 | if (substr($val, 0, 1) == '#') { |
445 | if (substr($val, 0, 1) == '#') { |
| 441 | $val = '\\' . $val; |
446 | $val = '\\' . $val; |
| 442 | } |
447 | } |
| - | 448 | } |
|
| 443 | 449 | ||
| 444 | return $val; |
450 | return $val; |
| 445 | } |
451 | } |
| 446 | 452 | ||
| 447 | /** |
453 | /** |
| Line 470... | Line 476... | ||
| 470 | $v = str_replace($dummy, '\\=', $v); |
476 | $v = str_replace($dummy, '\\=', $v); |
| 471 | 477 | ||
| 472 | if ($is_rdn) { |
478 | if ($is_rdn) { |
| 473 | if (!self::isValidArc($v, false)) return false; // Note: isValidArc() also corrects the escaping of $v |
479 | if (!self::isValidArc($v, false)) return false; // Note: isValidArc() also corrects the escaping of $v |
| 474 | } else { |
480 | } else { |
| 475 | $v = self::escapeAttributeValue($v, /*$escape_equal_sign=*/false, /*$escape_backslash=*/false); |
481 | $v = self::escapeAttributeValue($v, /*$escape_equal_sign=*/false, /*$escape_backslash=*/false, /*$allow_ber=*/true); |
| 476 | } |
482 | } |
| 477 | 483 | ||
| 478 | if ($corrected_identifier == '') { // 1st value |
484 | if ($corrected_identifier == '') { // 1st value |
| 479 | if ($is_rdn) { |
485 | if ($is_rdn) { |
| 480 | // "cn=hello" (values = ["cn=hello"]) is valid |
486 | // "cn=hello" (values = ["cn=hello"]) is valid |
| Line 499... | Line 505... | ||
| 499 | $ary = explode_with_escaping('=', $arc, 2); |
505 | $ary = explode_with_escaping('=', $arc, 2); |
| 500 | if (count($ary) !== 2) return false; |
506 | if (count($ary) !== 2) return false; |
| 501 | if ($ary[0] == "") return false; |
507 | if ($ary[0] == "") return false; |
| 502 | if ($ary[1] == "") return false; |
508 | if ($ary[1] == "") return false; |
| 503 | 509 | ||
| 504 | $ary[0] = self::escapeAttributeValue($ary[0], /*$escape_equal_sign=*/false, /*$escape_backslash=*/false); |
510 | $ary[0] = self::escapeAttributeValue($ary[0], /*$escape_equal_sign=*/false, /*$escape_backslash=*/false, /*$allow_ber=*/true); |
| 505 | $ary[1] = self::escapeAttributeValue($ary[1], /*$escape_equal_sign=*/true, /*$escape_backslash=*/false); |
511 | $ary[1] = self::escapeAttributeValue($ary[1], /*$escape_equal_sign=*/true, /*$escape_backslash=*/false, /*$allow_ber=*/true); |
| 506 | 512 | ||
| 507 | if (oid_valid_dotnotation($ary[0], false, false, 1)) { |
513 | if (oid_valid_dotnotation($ary[0], false, false, 1)) { |
| 508 | $arc = $ary[0] . '=' . $ary[1]; // return the auto-corrected identifier |
514 | $arc = $ary[0] . '=' . $ary[1]; // return the auto-corrected identifier |
| 509 | return true; |
515 | return true; |
| 510 | } |
516 | } |
| 511 | 517 | ||
| - | 518 | if (substr($ary[1],0,1) == '#') { |
|
| - | 519 | $hex_code = substr($ary[1],1); |
|
| - | 520 | $is_valid_hexstr = preg_match("/^[a-f0-9]{2,}$/i", $hex_code) && !(strlen($hex_code) & 1); |
|
| - | 521 | if (!$is_valid_hexstr) { |
|
| - | 522 | throw new OIDplusException(_L('"%1" is not a valid hex string. Note: In case you want a string starting with a hashtag, you need to add a backslash in front of it.', $ary[1])); |
|
| - | 523 | } |
|
| - | 524 | ||
| - | 525 | // TODO: Theoretically, we should also check if the hex string is valid BER code... but that is a very hard task |
|
| - | 526 | // Also, if we go even a step further, then we could also check if the data is valid (correct ASN.1 type). |
|
| - | 527 | ||
| - | 528 | } |
|
| - | 529 | ||
| 512 | $known_attr_names = self::getKnownAttributeNames(); |
530 | $known_attr_names = self::getKnownAttributeNames(); |
| 513 | foreach ($known_attr_names as $oid => list($source, $englishName, $ldapNames, $oidName)) { |
531 | foreach ($known_attr_names as $oid => list($source, $englishName, $ldapNames, $oidName)) { |
| 514 | foreach ($ldapNames as $abbr) { |
532 | foreach ($ldapNames as $abbr) { |
| 515 | if (strtolower($abbr) === strtolower($ary[0])) { |
533 | if (strtolower($abbr) === strtolower($ary[0])) { |
| 516 | $arc = $ary[0] . '=' . $ary[1]; // return the auto-corrected identifier |
534 | $arc = $ary[0] . '=' . $ary[1]; // return the auto-corrected identifier |
| Line 622... | Line 640... | ||
| 622 | 640 | ||
| 623 | $html_dce_ad_notation .= '/<abbr title="'.htmlentities($found_hf_name).'">'.htmlentities(strtoupper($ary[0])).'</abbr>='.htmlentities($ary[1]); |
641 | $html_dce_ad_notation .= '/<abbr title="'.htmlentities($found_hf_name).'">'.htmlentities(strtoupper($ary[0])).'</abbr>='.htmlentities($ary[1]); |
| 624 | $html_ldap_notation = '<abbr title="'.htmlentities($found_hf_name).'">'.htmlentities(strtoupper($ary[0])).'</abbr>='.htmlentities(str_replace(',','\\,',$ary[1])) . ($html_ldap_notation == '' ? '' : ', ' . $html_ldap_notation); |
642 | $html_ldap_notation = '<abbr title="'.htmlentities($found_hf_name).'">'.htmlentities(strtoupper($ary[0])).'</abbr>='.htmlentities(str_replace(',','\\,',$ary[1])) . ($html_ldap_notation == '' ? '' : ', ' . $html_ldap_notation); |
| 625 | 643 | ||
| 626 | // TODO: how are multi-valued values handled? |
644 | // TODO: how are multi-valued values handled? |
| - | 645 | // TODO: We cannot simply encode everything to UTF8String, because some attributes need to be encoded as binary, integer, datetime, etc.! |
|
| 627 | $html_encoded_str = '#<abbr title="'._L('ASN.1: UTF8String').'">'.sprintf('%02s', strtoupper(dechex(0x0C/*UTF8String*/))).'</abbr>'; |
646 | $html_encoded_str = '#<abbr title="'._L('ASN.1: UTF8String').'">'.sprintf('%02s', strtoupper(dechex(0x0C/*UTF8String*/))).'</abbr>'; |
| - | 647 | if (substr($ary[1],0,1) == '#') { |
|
| - | 648 | $html_encoded_str = htmlentities(strtoupper($ary[1])); |
|
| - | 649 | } else { |
|
| 628 | $utf8 = vts_utf8_encode($ary[1]); |
650 | $utf8 = vts_utf8_encode($ary[1]); |
| 629 | $html_encoded_str .= '<abbr title="'._L('Length').'">'.sprintf('%02s', strtoupper(dechex(strlen($utf8)))).'</abbr>'; // TODO: This length does only work for length <= 0x7F! The correct implementation is described here: https://misc.daniel-marschall.de/asn.1/oid_facts.html#chap1_2 |
651 | $html_encoded_str .= '<abbr title="'._L('Length').'">'.sprintf('%02s', strtoupper(dechex(strlen($utf8)))).'</abbr>'; // TODO: This length does only work for length <= 0x7F! The correct implementation is described here: https://misc.daniel-marschall.de/asn.1/oid_facts.html#chap1_2 |
| 630 | $html_encoded_str .= '<abbr title="'.htmlentities($ary[1]).'">'; |
652 | $html_encoded_str .= '<abbr title="'.htmlentities($ary[1]).'">'; |
| 631 | for ($i=0; $i<strlen($utf8); $i++) { |
653 | for ($i=0; $i<strlen($utf8); $i++) { |
| 632 | $char = substr($utf8, $i, 1); |
654 | $char = substr($utf8, $i, 1); |
| 633 | $html_encoded_str .= sprintf('%02s', strtoupper(dechex(ord($char)))); |
655 | $html_encoded_str .= sprintf('%02s', strtoupper(dechex(ord($char)))); |
| 634 | } |
656 | } |
| 635 | $html_encoded_str .= '</abbr>'; |
657 | $html_encoded_str .= '</abbr>'; |
| - | 658 | } |
|
| 636 | $html_encoded_string_notation = '<abbr title="'.htmlentities(strtoupper($ary[0]) . ' = ' . $found_hf_name).'">'.htmlentities($found_oid).'</abbr>='.$html_encoded_str . ($html_encoded_string_notation == '' ? '' : ',' . $html_encoded_string_notation); |
659 | $html_encoded_string_notation = '<abbr title="'.htmlentities(strtoupper($ary[0]) . ' = ' . $found_hf_name).'">'.htmlentities($found_oid).'</abbr>='.$html_encoded_str . ($html_encoded_string_notation == '' ? '' : ',' . $html_encoded_string_notation); |
| 637 | } |
660 | } |
| 638 | 661 | ||
| 639 | $tmp = _L('DCE/MSAD notation'); |
662 | $tmp = _L('DCE/MSAD notation'); |
| 640 | $tmp = str_replace('DCE', '<abbr title="'._L('Distributed Computing Environment').'">DCE</abbr>', $tmp); |
663 | $tmp = str_replace('DCE', '<abbr title="'._L('Distributed Computing Environment').'">DCE</abbr>', $tmp); |