Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters.
Any control characters with an ACII code < 32 as well as the characters with special meaning in
LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a
backslash followed by two hex digits representing the hexadecimal value of the character.
| public static escape_filter_value ( array $values = [], $singleValue = true ) : array | ||
| $values | array | Array of values to escape |
| Результат | array | Array $values, but escaped |
/**
* Add attributes from an LDAP server.
*
* @param array &$request The current request
*/
public function process(&$request)
{
assert('is_array($request)');
assert('array_key_exists("Attributes", $request)');
$attributes =& $request['Attributes'];
$map =& $this->attribute_map;
if (!isset($attributes[$map['username']])) {
throw new Exception('The user\'s identity does not have an attribute called "' . $map['username'] . '"');
}
// perform a merge on the ldap_search_filter
// loop over the attributes and build the search and replace arrays
foreach ($attributes as $attr => $val) {
$arrSearch[] = '%' . $attr . '%';
if (strlen($val[0]) > 0) {
$arrReplace[] = SimpleSAML_Auth_LDAP::escape_filter_value($val[0]);
} else {
$arrReplace[] = '';
}
}
// merge the attributes into the ldap_search_filter
$filter = str_replace($arrSearch, $arrReplace, $this->search_filter);
// search for matching entries
$entries = $this->getLdap()->searchformultiple($this->base_dn, $filter, (array) $this->search_attribute, TRUE, FALSE);
// handle [multiple] values
if (is_array($entries) && is_array($entries[0])) {
$results = array();
foreach ($entries as $entry) {
$entry = $entry[strtolower($this->search_attribute)];
for ($i = 0; $i < $entry['count']; $i++) {
$results[] = $entry[$i];
}
}
$attributes[$this->new_attribute] = array_values($results);
}
}
/**
* Add attributes from an LDAP server.
*
* @param array &$request The current request
*/
public function process(&$request)
{
assert('is_array($request)');
assert('array_key_exists("Attributes", $request)');
$attributes =& $request['Attributes'];
// perform a merge on the ldap_search_filter
// loop over the attributes and build the search and replace arrays
foreach ($attributes as $attr => $val) {
$arrSearch[] = '%' . $attr . '%';
if (strlen($val[0]) > 0) {
$arrReplace[] = SimpleSAML_Auth_LDAP::escape_filter_value($val[0]);
} else {
$arrReplace[] = '';
}
}
// merge the attributes into the ldap_search_filter
$filter = str_replace($arrSearch, $arrReplace, $this->search_filter);
if (strpos($filter, '%') !== FALSE) {
SimpleSAML_Logger::info('AttributeAddFromLDAP: There are non-existing attributes in the search filter. (' . $this->search_filter . ')');
return;
}
if (!in_array($this->attr_policy, array('merge', 'replace', 'add'))) {
SimpleSAML_Logger::warning("AttributeAddFromLDAP: 'attribute.policy' must be one of 'merge'," . "'replace' or 'add'.");
return;
}
// search for matching entries
try {
$entries = $this->getLdap()->searchformultiple($this->base_dn, $filter, array_values($this->search_attributes), TRUE, FALSE);
} catch (Exception $e) {
return;
// silent fail, error is still logged by LDAP search
}
// handle [multiple] values
foreach ($entries as $entry) {
foreach ($this->search_attributes as $target => $name) {
if (is_numeric($target)) {
$target = $name;
}
if (isset($attributes[$target]) && $this->attr_policy === 'replace') {
unset($attributes[$target]);
}
$name = strtolower($name);
if (isset($entry[$name])) {
unset($entry[$name]['count']);
if (isset($attributes[$target])) {
foreach (array_values($entry[$name]) as $value) {
if ($this->attr_policy === 'merge') {
if (!in_array($value, $attributes[$target])) {
$attributes[$target][] = $value;
}
} else {
$attributes[$target][] = $value;
}
}
} else {
$attributes[$target] = array_values($entry[$name]);
}
}
}
}
}
/**
* Add attributes from an LDAP server.
*
* @param array &$request The current request
*/
public function process(&$request)
{
assert('is_array($request)');
assert('array_key_exists("Attributes", $request)');
$attributes =& $request['Attributes'];
if (!isset($attributes[$this->config['userid_attribute']])) {
throw new Exception('The user\'s identity does not have an attribute called "' . $this->config['userid_attribute'] . '"');
}
// perform a merge on the ldap_search_filter
// loop over the attributes and build the search and replace arrays
foreach ($attributes as $attr => $val) {
$arrSearch[] = '%' . $attr . '%';
if (strlen($val[0]) > 0) {
$arrReplace[] = SimpleSAML_Auth_LDAP::escape_filter_value($val[0]);
} else {
$arrReplace[] = '';
}
}
// merge the attributes into the ldap_search_filter
$merged_ldap_search_filter = str_replace($arrSearch, $arrReplace, $this->config['ldap_search_filter']);
// connect to the LDAP directory
$ds = ldap_connect($this->config['ldap_host'], $this->config['ldap_port']);
if (!$ds) {
throw new Exception('Failed to initialize LDAP connection parameters (' . ldap_error(NULL) . ')');
}
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
// if we're supposed to bind as a specified user
if (isset($this->config['ldap_bind_user']) && $this->config['ldap_bind_user'] && (isset($this->config['ldap_bind_pwd']) && $this->config['ldap_bind_pwd'])) {
// bind to the directory as the specified user
if (!ldap_bind($ds, $this->config['ldap_bind_user'], $this->config['ldap_bind_pwd'])) {
throw new Exception($this->config['ldap_bind_user'] . ' failed to bind against ' . $this->config['ldap_host'] . ' (' . ldap_error($ds) . ')');
}
} else {
// bind to the directory anonymously
if (!ldap_bind($ds)) {
throw new Exception('Failed to anonymously bind against ' . $this->config['ldap_host'] . ' (' . ldap_error($ds) . ')');
}
}
// search for matching entries
$sr = ldap_search($ds, $this->config['ldap_search_base_dn'], $merged_ldap_search_filter, array($this->config['ldap_search_attribute']));
$entries = ldap_get_entries($ds, $sr);
// handle [multiple] values
if (is_array($entries) && is_array($entries[0])) {
$entry = $entries[0][strtolower($this->config['ldap_search_attribute'])];
$results = array();
for ($i = 0; $i < $entry['count']; $i++) {
$results[] = $entry[$i];
}
$attributes[$this->config['new_attribute_name']] = array_values($results);
}
ldap_unbind($ds);
}
