Rev 1394 | Rev 1396 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1394 | Rev 1395 | ||
---|---|---|---|
Line 392... | Line 392... | ||
392 | $ldap_attributes["2.17.1.2.1"][2][] = "oidC2"; |
392 | $ldap_attributes["2.17.1.2.1"][2][] = "oidC2"; |
393 | $ldap_attributes["2.17.1.2.2"][2][] = "oidC"; |
393 | $ldap_attributes["2.17.1.2.2"][2][] = "oidC"; |
394 | $ldap_attributes["2.5.18.28"][2][] = "userPwdHistory"; |
394 | $ldap_attributes["2.5.18.28"][2][] = "userPwdHistory"; |
395 | $ldap_attributes["2.5.18.29"][2][] = "userPwdRecentlyExpired"; |
395 | $ldap_attributes["2.5.18.29"][2][] = "userPwdRecentlyExpired"; |
396 | 396 | ||
- | 397 | // Vendor specific stuff |
|
- | 398 | $ldap_attributes["1.3.6.1.4.1.37476.2.5.2.9.4.1"] = ["ViaThinkSoft", "OIDplus System", ["oidplusSystemId"], "system-id"]; |
|
- | 399 | ||
397 | // Test data |
400 | // Test data |
398 | /* |
401 | /* |
399 | for ($i=0; $i<=106; $i++) { |
402 | for ($i=0; $i<=106; $i++) { |
400 | if (!isset($ldap_attributes["2.5.4.$i"])) echo "WARNING: 2.5.4.$i MISSING<br>\n"; |
403 | if (!isset($ldap_attributes["2.5.4.$i"])) echo "WARNING: 2.5.4.$i MISSING<br>\n"; |
401 | } |
404 | } |
Line 415... | Line 418... | ||
415 | 418 | ||
416 | /** |
419 | /** |
417 | * @param string $val |
420 | * @param string $val |
418 | * @param bool $escape_equal_sign |
421 | * @param bool $escape_equal_sign |
419 | * @param bool $escape_backslash |
422 | * @param bool $escape_backslash |
- | 423 | * @param bool $allow_ber |
|
420 | * @return string |
424 | * @return string |
421 | */ |
425 | */ |
422 | protected static function escapeAttributeValue(string $val, bool $escape_equal_sign, bool $escape_backslash): string { |
426 | protected static function escapeAttributeValue(string $val, bool $escape_equal_sign, bool $escape_backslash, bool $allow_ber): string { |
423 | // Escaping required by https://datatracker.ietf.org/doc/html/rfc2253#section-2.4 |
427 | // Escaping required by https://datatracker.ietf.org/doc/html/rfc2253#section-2.4 |
424 | 428 | ||
425 | $val = trim($val); // we don't escape whitespaces. It is very unlikely that someone wants whitespaces at the beginning or end (it is rather a copy-paste error) |
429 | $val = trim($val); // we don't escape whitespaces. It is very unlikely that someone wants whitespaces at the beginning or end (it is rather a copy-paste error) |
426 | 430 | ||
427 | if ($escape_backslash) $val = str_replace('\\', '\\\\', $val); // important: do this first |
431 | if ($escape_backslash) $val = str_replace('\\', '\\\\', $val); // important: do this first |
Line 435... | Line 439... | ||
435 | if (!$escape_backslash) $val = str_replace('\\'.$char, $dummy, $val); |
439 | if (!$escape_backslash) $val = str_replace('\\'.$char, $dummy, $val); |
436 | $val = str_replace($char, '\\'.$char, $val); |
440 | $val = str_replace($char, '\\'.$char, $val); |
437 | if (!$escape_backslash) $val = str_replace($dummy, '\\'.$char, $val); |
441 | if (!$escape_backslash) $val = str_replace($dummy, '\\'.$char, $val); |
438 | } |
442 | } |
439 | 443 | ||
- | 444 | if (!$allow_ber) { |
|
440 | if (substr($val, 0, 1) == '#') { |
445 | if (substr($val, 0, 1) == '#') { |
441 | $val = '\\' . $val; |
446 | $val = '\\' . $val; |
442 | } |
447 | } |
- | 448 | } |
|
443 | 449 | ||
444 | return $val; |
450 | return $val; |
445 | } |
451 | } |
446 | 452 | ||
447 | /** |
453 | /** |
Line 470... | Line 476... | ||
470 | $v = str_replace($dummy, '\\=', $v); |
476 | $v = str_replace($dummy, '\\=', $v); |
471 | 477 | ||
472 | if ($is_rdn) { |
478 | if ($is_rdn) { |
473 | if (!self::isValidArc($v, false)) return false; // Note: isValidArc() also corrects the escaping of $v |
479 | if (!self::isValidArc($v, false)) return false; // Note: isValidArc() also corrects the escaping of $v |
474 | } else { |
480 | } else { |
475 | $v = self::escapeAttributeValue($v, /*$escape_equal_sign=*/false, /*$escape_backslash=*/false); |
481 | $v = self::escapeAttributeValue($v, /*$escape_equal_sign=*/false, /*$escape_backslash=*/false, /*$allow_ber=*/true); |
476 | } |
482 | } |
477 | 483 | ||
478 | if ($corrected_identifier == '') { // 1st value |
484 | if ($corrected_identifier == '') { // 1st value |
479 | if ($is_rdn) { |
485 | if ($is_rdn) { |
480 | // "cn=hello" (values = ["cn=hello"]) is valid |
486 | // "cn=hello" (values = ["cn=hello"]) is valid |
Line 499... | Line 505... | ||
499 | $ary = explode_with_escaping('=', $arc, 2); |
505 | $ary = explode_with_escaping('=', $arc, 2); |
500 | if (count($ary) !== 2) return false; |
506 | if (count($ary) !== 2) return false; |
501 | if ($ary[0] == "") return false; |
507 | if ($ary[0] == "") return false; |
502 | if ($ary[1] == "") return false; |
508 | if ($ary[1] == "") return false; |
503 | 509 | ||
504 | $ary[0] = self::escapeAttributeValue($ary[0], /*$escape_equal_sign=*/false, /*$escape_backslash=*/false); |
510 | $ary[0] = self::escapeAttributeValue($ary[0], /*$escape_equal_sign=*/false, /*$escape_backslash=*/false, /*$allow_ber=*/true); |
505 | $ary[1] = self::escapeAttributeValue($ary[1], /*$escape_equal_sign=*/true, /*$escape_backslash=*/false); |
511 | $ary[1] = self::escapeAttributeValue($ary[1], /*$escape_equal_sign=*/true, /*$escape_backslash=*/false, /*$allow_ber=*/true); |
506 | 512 | ||
507 | if (oid_valid_dotnotation($ary[0], false, false, 1)) { |
513 | if (oid_valid_dotnotation($ary[0], false, false, 1)) { |
508 | $arc = $ary[0] . '=' . $ary[1]; // return the auto-corrected identifier |
514 | $arc = $ary[0] . '=' . $ary[1]; // return the auto-corrected identifier |
509 | return true; |
515 | return true; |
510 | } |
516 | } |
511 | 517 | ||
- | 518 | if (substr($ary[1],0,1) == '#') { |
|
- | 519 | $hex_code = substr($ary[1],1); |
|
- | 520 | $is_valid_hexstr = preg_match("/^[a-f0-9]{2,}$/i", $hex_code) && !(strlen($hex_code) & 1); |
|
- | 521 | if (!$is_valid_hexstr) { |
|
- | 522 | throw new OIDplusException(_L('"%1" is not a valid hex string. Note: In case you want a string starting with a hashtag, you need to add a backslash in front of it.', $ary[1])); |
|
- | 523 | } |
|
- | 524 | ||
- | 525 | // TODO: Theoretically, we should also check if the hex string is valid BER code... but that is a very hard task |
|
- | 526 | // Also, if we go even a step further, then we could also check if the data is valid (correct ASN.1 type). |
|
- | 527 | ||
- | 528 | } |
|
- | 529 | ||
512 | $known_attr_names = self::getKnownAttributeNames(); |
530 | $known_attr_names = self::getKnownAttributeNames(); |
513 | foreach ($known_attr_names as $oid => list($source, $englishName, $ldapNames, $oidName)) { |
531 | foreach ($known_attr_names as $oid => list($source, $englishName, $ldapNames, $oidName)) { |
514 | foreach ($ldapNames as $abbr) { |
532 | foreach ($ldapNames as $abbr) { |
515 | if (strtolower($abbr) === strtolower($ary[0])) { |
533 | if (strtolower($abbr) === strtolower($ary[0])) { |
516 | $arc = $ary[0] . '=' . $ary[1]; // return the auto-corrected identifier |
534 | $arc = $ary[0] . '=' . $ary[1]; // return the auto-corrected identifier |
Line 622... | Line 640... | ||
622 | 640 | ||
623 | $html_dce_ad_notation .= '/<abbr title="'.htmlentities($found_hf_name).'">'.htmlentities(strtoupper($ary[0])).'</abbr>='.htmlentities($ary[1]); |
641 | $html_dce_ad_notation .= '/<abbr title="'.htmlentities($found_hf_name).'">'.htmlentities(strtoupper($ary[0])).'</abbr>='.htmlentities($ary[1]); |
624 | $html_ldap_notation = '<abbr title="'.htmlentities($found_hf_name).'">'.htmlentities(strtoupper($ary[0])).'</abbr>='.htmlentities(str_replace(',','\\,',$ary[1])) . ($html_ldap_notation == '' ? '' : ', ' . $html_ldap_notation); |
642 | $html_ldap_notation = '<abbr title="'.htmlentities($found_hf_name).'">'.htmlentities(strtoupper($ary[0])).'</abbr>='.htmlentities(str_replace(',','\\,',$ary[1])) . ($html_ldap_notation == '' ? '' : ', ' . $html_ldap_notation); |
625 | 643 | ||
626 | // TODO: how are multi-valued values handled? |
644 | // TODO: how are multi-valued values handled? |
- | 645 | // TODO: We cannot simply encode everything to UTF8String, because some attributes need to be encoded as binary, integer, datetime, etc.! |
|
627 | $html_encoded_str = '#<abbr title="'._L('ASN.1: UTF8String').'">'.sprintf('%02s', strtoupper(dechex(0x0C/*UTF8String*/))).'</abbr>'; |
646 | $html_encoded_str = '#<abbr title="'._L('ASN.1: UTF8String').'">'.sprintf('%02s', strtoupper(dechex(0x0C/*UTF8String*/))).'</abbr>'; |
- | 647 | if (substr($ary[1],0,1) == '#') { |
|
- | 648 | $html_encoded_str = htmlentities(strtoupper($ary[1])); |
|
- | 649 | } else { |
|
628 | $utf8 = vts_utf8_encode($ary[1]); |
650 | $utf8 = vts_utf8_encode($ary[1]); |
629 | $html_encoded_str .= '<abbr title="'._L('Length').'">'.sprintf('%02s', strtoupper(dechex(strlen($utf8)))).'</abbr>'; // TODO: This length does only work for length <= 0x7F! The correct implementation is described here: https://misc.daniel-marschall.de/asn.1/oid_facts.html#chap1_2 |
651 | $html_encoded_str .= '<abbr title="'._L('Length').'">'.sprintf('%02s', strtoupper(dechex(strlen($utf8)))).'</abbr>'; // TODO: This length does only work for length <= 0x7F! The correct implementation is described here: https://misc.daniel-marschall.de/asn.1/oid_facts.html#chap1_2 |
630 | $html_encoded_str .= '<abbr title="'.htmlentities($ary[1]).'">'; |
652 | $html_encoded_str .= '<abbr title="'.htmlentities($ary[1]).'">'; |
631 | for ($i=0; $i<strlen($utf8); $i++) { |
653 | for ($i=0; $i<strlen($utf8); $i++) { |
632 | $char = substr($utf8, $i, 1); |
654 | $char = substr($utf8, $i, 1); |
633 | $html_encoded_str .= sprintf('%02s', strtoupper(dechex(ord($char)))); |
655 | $html_encoded_str .= sprintf('%02s', strtoupper(dechex(ord($char)))); |
634 | } |
656 | } |
635 | $html_encoded_str .= '</abbr>'; |
657 | $html_encoded_str .= '</abbr>'; |
- | 658 | } |
|
636 | $html_encoded_string_notation = '<abbr title="'.htmlentities(strtoupper($ary[0]) . ' = ' . $found_hf_name).'">'.htmlentities($found_oid).'</abbr>='.$html_encoded_str . ($html_encoded_string_notation == '' ? '' : ',' . $html_encoded_string_notation); |
659 | $html_encoded_string_notation = '<abbr title="'.htmlentities(strtoupper($ary[0]) . ' = ' . $found_hf_name).'">'.htmlentities($found_oid).'</abbr>='.$html_encoded_str . ($html_encoded_string_notation == '' ? '' : ',' . $html_encoded_string_notation); |
637 | } |
660 | } |
638 | 661 | ||
639 | $tmp = _L('DCE/MSAD notation'); |
662 | $tmp = _L('DCE/MSAD notation'); |
640 | $tmp = str_replace('DCE', '<abbr title="'._L('Distributed Computing Environment').'">DCE</abbr>', $tmp); |
663 | $tmp = str_replace('DCE', '<abbr title="'._L('Distributed Computing Environment').'">DCE</abbr>', $tmp); |