/** * ************************************************************************ Authenticate and * Authorize * * @param ldapUser MLdapUser object * @param usr user name * @param o organization = Client Name * @param ou optional organization unit = Interest Group * @return ldapUser MLdapUser with updated information */ public MLdapUser authenticate(MLdapUser ldapUser, String usr, String o, String ou) { // Ensure something to return if (ldapUser == null) ldapUser = new MLdapUser(); String error = null; String info = null; // User if (usr == null || usr.trim().length() == 0) { error = "@NotFound@ User"; ldapUser.setErrorString(error); m_error++; log.warn(error); return ldapUser; } usr = usr.trim(); // Client if (o == null || o.length() == 0) { error = "@NotFound@ O"; ldapUser.setErrorString(error); m_error++; log.warn(error); return ldapUser; } int AD_Client_ID = findClient(o); if (AD_Client_ID == 0) { error = "@NotFound@ O=" + o; ldapUser.setErrorString(error); m_error++; log.info(error); return ldapUser; } // Optional Interest Area int R_InterestArea_ID = 0; if (ou != null && ou.length() > 0) { R_InterestArea_ID = findInterestArea(AD_Client_ID, ou); if (R_InterestArea_ID == 0) { error = "@NotFound@ OU=" + ou; ldapUser.setErrorString(error); m_error++; log.info(error); return ldapUser; } } m_auth++; // Query 1 - Validate User int AD_User_ID = 0; String Value = null; String LdapUser = null; String EMail = null; String Name = null; String Password = null; boolean IsActive = false; String EMailVerify = null; // is timestamp boolean isUnique = false; // String sql = "SELECT AD_User_ID, Value, LdapUser, EMail," // 1..4 + " Name, Password, IsActive, EMailVerify " + "FROM AD_User " + "WHERE AD_Client_ID=? AND (EMail=? OR Value=? OR LdapUser=?)"; PreparedStatement pstmt = null; ResultSet rs = null; try { pstmt = DB.prepareStatement(sql, null); pstmt.setInt(1, AD_Client_ID); pstmt.setString(2, usr); pstmt.setString(3, usr); pstmt.setString(4, usr); rs = pstmt.executeQuery(); if (rs.next()) { AD_User_ID = rs.getInt(1); Value = rs.getString(2); LdapUser = rs.getString(3); EMail = rs.getString(4); // Name = rs.getString(5); Password = rs.getString(6); IsActive = "Y".equals(rs.getString(7)); EMailVerify = rs.getString(8); isUnique = rs.next(); } } catch (Exception e) { log.error(sql, e); error = "System Error"; } finally { DB.close(rs, pstmt); rs = null; pstmt = null; } if (error != null) { m_error++; ldapUser.setErrorString(error); return ldapUser; } // if (AD_User_ID == 0) { error = "@NotFound@ User="******"User not found - " + usr; } else if (!IsActive) { error = "@NotFound@ User="******"User not active - " + usr; } else if (EMailVerify == null) { error = "@UserNotVerified@ User="******"User EMail not verified - " + usr; } else if (usr.equalsIgnoreCase(LdapUser)) info = "User verified - Ldap=" + usr + (isUnique ? "" : " - Not Unique"); else if (usr.equalsIgnoreCase(Value)) info = "User verified - Value=" + usr + (isUnique ? "" : " - Not Unique"); else if (usr.equalsIgnoreCase(EMail)) info = "User verified - EMail=" + usr + (isUnique ? "" : " - Not Unique"); else info = "User verified ?? " + usr + " - Name=" + Name + ", Ldap=" + LdapUser + ", Value=" + Value + (isUnique ? "" : " - Not Unique"); // Error if (error != null) // should use Language of the User { logAccess(AD_Client_ID, AD_User_ID, R_InterestArea_ID, info, error); ldapUser.setErrorString(Msg.translate(getCtx(), error)); return ldapUser; } // Done if (R_InterestArea_ID == 0) { logAccess(AD_Client_ID, AD_User_ID, R_InterestArea_ID, info, null); ldapUser.setOrg(o); ldapUser.setOrgUnit(ou); ldapUser.setUserId(usr); ldapUser.setPassword(Password); return ldapUser; } // Query 2 - Validate Subscription String OptOutDate = null; boolean found = false; sql = "SELECT IsActive, OptOutDate " + "FROM R_ContactInterest " + "WHERE R_InterestArea_ID=? AND AD_User_ID=?"; try { pstmt = DB.prepareStatement(sql, null); pstmt.setInt(1, R_InterestArea_ID); pstmt.setInt(2, AD_User_ID); rs = pstmt.executeQuery(); if (rs.next()) { found = true; IsActive = "Y".equals(rs.getString(1)); OptOutDate = rs.getString(2); isUnique = rs.next(); } } catch (Exception e) { log.error(sql, e); error = "System Error (2)"; } finally { DB.close(rs, pstmt); rs = null; pstmt = null; } // System Error if (error != null) { m_error++; ldapUser.setErrorString(error); return ldapUser; } if (!found) { error = "@UserNotSubscribed@ User="******"No User Interest - " + usr + " - R_InterestArea_ID=" + R_InterestArea_ID; } else if (OptOutDate != null) { error = "@UserNotSubscribed@ User="******" @OptOutDate@=" + OptOutDate; info = "Opted out - " + usr + " - OptOutDate=" + OptOutDate; } else if (!IsActive) { error = "@UserNotSubscribed@ User="******"User Interest Not Active - " + usr; } else info = "User subscribed - " + usr; if (error != null) // should use Language of the User { logAccess(AD_Client_ID, AD_User_ID, R_InterestArea_ID, info, error); ldapUser.setErrorString(Msg.translate(getCtx(), error)); return ldapUser; } // Done logAccess(AD_Client_ID, AD_User_ID, R_InterestArea_ID, info, null); ldapUser.setOrg(o); ldapUser.setOrgUnit(ou); ldapUser.setUserId(usr); ldapUser.setPassword(Password); return ldapUser; } // authenticate
/** * Get the response according to the request message * * @param model model * @param remoteHost remote host name * @param remoteAddr remote host ip address * @return response */ public byte[] getResult(MLdapProcessor model, String remoteHost, String remoteAddr) { if (m_errNo != LDAP_SUCCESS) { generateResult( "", (m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST ? LdapMessage.BIND_RESPONSE : LdapMessage.SEARCH_RES_RESULT), m_errNo, ldapErrorMessage[m_errNo] + ": " + m_errStr); m_encoder.getTrimmedBuf(); } try { String usrId = m_ldapMsg.getUserId(); String o = m_ldapMsg.getOrg(); String ou = m_ldapMsg.getOrgUnit(); int msgId = m_ldapMsg.getMsgId(); // Adding the Application 1 Sequence if (m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST) { String pwd = m_ldapMsg.getUserPasswd(); if (pwd == null || pwd.length() <= 0) { // 1st anonymous bind generateResult(m_ldapMsg.getDN(), LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null); log.config("#" + msgId + ": Success on anonymous bind"); return m_encoder.getTrimmedBuf(); } // Authenticate with Compiere data if (m_ldapUser.getUserId() == null) { // Try to authenticate on the 1st bind, must be java client m_ldapUser.reset(); model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr); if (m_ldapUser.getErrorMsg() != null) { // Failed to authenticated with compiere m_errNo = LDAP_NO_SUCH_OBJECT; generateResult( m_ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT, LDAP_NO_SUCH_OBJECT, ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg()); log.config("#" + msgId + ": Failed with bind"); return m_encoder.getTrimmedBuf(); } } // Check to see if the input passwd is match to the one // in compiere database if (m_ldapUser.getUserId() != null && m_ldapUser.getPassword() != null && usrId.compareTo(m_ldapUser.getUserId()) == 0 && !SecureEngine.isEncrypted(pwd) && (pwd.compareTo(m_ldapUser.getPassword()) == 0 || pwd.compareTo(SecureEngine.decrypt(m_ldapUser.getPassword())) == 0)) { // Successfully authenticated generateResult("", LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null); // Close the connection to client since most of the client // application might cache the connection but we can't afford // to have too many such client connection m_disconnect = true; log.config("#" + msgId + ": Success authenticate with password"); } else { // Unsuccessfully authenticated m_errNo = LDAP_INAPPROPRIATE_AUTHENTICATION; generateResult( "", LdapMessage.BIND_RESPONSE, LDAP_INAPPROPRIATE_AUTHENTICATION, ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]); log.info( "#" + msgId + ": Failed : " + ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]); } } else if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST) { // Authenticate with compiere database m_ldapUser.reset(); model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr); if (m_ldapUser.getErrorMsg() != null) { m_errNo = LDAP_NO_SUCH_OBJECT; generateResult( m_ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT, LDAP_NO_SUCH_OBJECT, ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg()); log.info("#" + msgId + ": Failed with SEARCH_REQUEST"); return m_encoder.getTrimmedBuf(); } m_encoder.beginSeq(48); // Hard coded here for Envelope header m_encoder.encodeInt(msgId); m_encoder.beginSeq(LdapMessage.SEARCH_REP_ENTRY); // Application 4 m_encoder.encodeString("cn=" + m_ldapMsg.getUserId(), true); // this should be object name // not going to put in any attributes for this m_encoder.beginSeq(48); m_encoder.endSeq(); m_encoder.endSeq(); m_encoder.endSeq(); // SearchResultDone Application 5 for bind // Result 0 = success // No error message generateResult(m_ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT, LDAP_SUCCESS, null); log.config("#" + msgId + ": Success with SEARCH_REQUEST"); } return m_encoder.getTrimmedBuf(); } catch (Exception e) { log.log(Level.SEVERE, "", e); // Get the response operation int responseOp = LdapMessage.BIND_RESPONSE; if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST) responseOp = LdapMessage.SEARCH_RES_RESULT; // Send the response to the client and disconnect m_errNo = LDAP_OTHER; generateResult( m_ldapMsg.getBaseObj(), responseOp, LDAP_OTHER, ldapErrorMessage[LDAP_OTHER] + e.getMessage()); m_disconnect = true; } return m_encoder.getTrimmedBuf(); } // getResult