/**
* ************************************************************************ Authenticate and
* Authorize
*
* @param ldapUser MLdapUser object
* @param usr user name
* @param o organization = Client Name
* @param ou optional organization unit = Interest Group
* @return ldapUser MLdapUser with updated information
*/
public MLdapUser authenticate(MLdapUser ldapUser, String usr, String o, String ou) {
// Ensure something to return
if (ldapUser == null) ldapUser = new MLdapUser();
String error = null;
String info = null;
// User
if (usr == null || usr.trim().length() == 0) {
error = "@NotFound@ User";
ldapUser.setErrorString(error);
m_error++;
log.warn(error);
return ldapUser;
}
usr = usr.trim();
// Client
if (o == null || o.length() == 0) {
error = "@NotFound@ O";
ldapUser.setErrorString(error);
m_error++;
log.warn(error);
return ldapUser;
}
int AD_Client_ID = findClient(o);
if (AD_Client_ID == 0) {
error = "@NotFound@ O=" + o;
ldapUser.setErrorString(error);
m_error++;
log.info(error);
return ldapUser;
}
// Optional Interest Area
int R_InterestArea_ID = 0;
if (ou != null && ou.length() > 0) {
R_InterestArea_ID = findInterestArea(AD_Client_ID, ou);
if (R_InterestArea_ID == 0) {
error = "@NotFound@ OU=" + ou;
ldapUser.setErrorString(error);
m_error++;
log.info(error);
return ldapUser;
}
}
m_auth++;
// Query 1 - Validate User
int AD_User_ID = 0;
String Value = null;
String LdapUser = null;
String EMail = null;
String Name = null;
String Password = null;
boolean IsActive = false;
String EMailVerify = null; // is timestamp
boolean isUnique = false;
//
String sql =
"SELECT AD_User_ID, Value, LdapUser, EMail," // 1..4
+ " Name, Password, IsActive, EMailVerify "
+ "FROM AD_User "
+ "WHERE AD_Client_ID=? AND (EMail=? OR Value=? OR LdapUser=?)";
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
pstmt = DB.prepareStatement(sql, null);
pstmt.setInt(1, AD_Client_ID);
pstmt.setString(2, usr);
pstmt.setString(3, usr);
pstmt.setString(4, usr);
rs = pstmt.executeQuery();
if (rs.next()) {
AD_User_ID = rs.getInt(1);
Value = rs.getString(2);
LdapUser = rs.getString(3);
EMail = rs.getString(4);
//
Name = rs.getString(5);
Password = rs.getString(6);
IsActive = "Y".equals(rs.getString(7));
EMailVerify = rs.getString(8);
isUnique = rs.next();
}
} catch (Exception e) {
log.error(sql, e);
error = "System Error";
} finally {
DB.close(rs, pstmt);
rs = null;
pstmt = null;
}
if (error != null) {
m_error++;
ldapUser.setErrorString(error);
return ldapUser;
}
//
if (AD_User_ID == 0) {
error = "@NotFound@ User="******"User not found - " + usr;
} else if (!IsActive) {
error = "@NotFound@ User="******"User not active - " + usr;
} else if (EMailVerify == null) {
error = "@UserNotVerified@ User="******"User EMail not verified - " + usr;
} else if (usr.equalsIgnoreCase(LdapUser))
info = "User verified - Ldap=" + usr + (isUnique ? "" : " - Not Unique");
else if (usr.equalsIgnoreCase(Value))
info = "User verified - Value=" + usr + (isUnique ? "" : " - Not Unique");
else if (usr.equalsIgnoreCase(EMail))
info = "User verified - EMail=" + usr + (isUnique ? "" : " - Not Unique");
else
info =
"User verified ?? "
+ usr
+ " - Name="
+ Name
+ ", Ldap="
+ LdapUser
+ ", Value="
+ Value
+ (isUnique ? "" : " - Not Unique");
// Error
if (error != null) // should use Language of the User
{
logAccess(AD_Client_ID, AD_User_ID, R_InterestArea_ID, info, error);
ldapUser.setErrorString(Msg.translate(getCtx(), error));
return ldapUser;
}
// Done
if (R_InterestArea_ID == 0) {
logAccess(AD_Client_ID, AD_User_ID, R_InterestArea_ID, info, null);
ldapUser.setOrg(o);
ldapUser.setOrgUnit(ou);
ldapUser.setUserId(usr);
ldapUser.setPassword(Password);
return ldapUser;
}
// Query 2 - Validate Subscription
String OptOutDate = null;
boolean found = false;
sql =
"SELECT IsActive, OptOutDate "
+ "FROM R_ContactInterest "
+ "WHERE R_InterestArea_ID=? AND AD_User_ID=?";
try {
pstmt = DB.prepareStatement(sql, null);
pstmt.setInt(1, R_InterestArea_ID);
pstmt.setInt(2, AD_User_ID);
rs = pstmt.executeQuery();
if (rs.next()) {
found = true;
IsActive = "Y".equals(rs.getString(1));
OptOutDate = rs.getString(2);
isUnique = rs.next();
}
} catch (Exception e) {
log.error(sql, e);
error = "System Error (2)";
} finally {
DB.close(rs, pstmt);
rs = null;
pstmt = null;
}
// System Error
if (error != null) {
m_error++;
ldapUser.setErrorString(error);
return ldapUser;
}
if (!found) {
error = "@UserNotSubscribed@ User="******"No User Interest - " + usr + " - R_InterestArea_ID=" + R_InterestArea_ID;
} else if (OptOutDate != null) {
error = "@UserNotSubscribed@ User="******" @OptOutDate@=" + OptOutDate;
info = "Opted out - " + usr + " - OptOutDate=" + OptOutDate;
} else if (!IsActive) {
error = "@UserNotSubscribed@ User="******"User Interest Not Active - " + usr;
} else info = "User subscribed - " + usr;
if (error != null) // should use Language of the User
{
logAccess(AD_Client_ID, AD_User_ID, R_InterestArea_ID, info, error);
ldapUser.setErrorString(Msg.translate(getCtx(), error));
return ldapUser;
}
// Done
logAccess(AD_Client_ID, AD_User_ID, R_InterestArea_ID, info, null);
ldapUser.setOrg(o);
ldapUser.setOrgUnit(ou);
ldapUser.setUserId(usr);
ldapUser.setPassword(Password);
return ldapUser;
} // authenticate
/**
* Get the response according to the request message
*
* @param model model
* @param remoteHost remote host name
* @param remoteAddr remote host ip address
* @return response
*/
public byte[] getResult(MLdapProcessor model, String remoteHost, String remoteAddr) {
if (m_errNo != LDAP_SUCCESS) {
generateResult(
"",
(m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST
? LdapMessage.BIND_RESPONSE
: LdapMessage.SEARCH_RES_RESULT),
m_errNo,
ldapErrorMessage[m_errNo] + ": " + m_errStr);
m_encoder.getTrimmedBuf();
}
try {
String usrId = m_ldapMsg.getUserId();
String o = m_ldapMsg.getOrg();
String ou = m_ldapMsg.getOrgUnit();
int msgId = m_ldapMsg.getMsgId();
// Adding the Application 1 Sequence
if (m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST) {
String pwd = m_ldapMsg.getUserPasswd();
if (pwd == null || pwd.length() <= 0) {
// 1st anonymous bind
generateResult(m_ldapMsg.getDN(), LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null);
log.config("#" + msgId + ": Success on anonymous bind");
return m_encoder.getTrimmedBuf();
}
// Authenticate with Compiere data
if (m_ldapUser.getUserId()
== null) { // Try to authenticate on the 1st bind, must be java client
m_ldapUser.reset();
model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr);
if (m_ldapUser.getErrorMsg() != null) { // Failed to authenticated with compiere
m_errNo = LDAP_NO_SUCH_OBJECT;
generateResult(
m_ldapMsg.getBaseObj(),
LdapMessage.SEARCH_RES_RESULT,
LDAP_NO_SUCH_OBJECT,
ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg());
log.config("#" + msgId + ": Failed with bind");
return m_encoder.getTrimmedBuf();
}
}
// Check to see if the input passwd is match to the one
// in compiere database
if (m_ldapUser.getUserId() != null
&& m_ldapUser.getPassword() != null
&& usrId.compareTo(m_ldapUser.getUserId()) == 0
&& !SecureEngine.isEncrypted(pwd)
&& (pwd.compareTo(m_ldapUser.getPassword()) == 0
|| pwd.compareTo(SecureEngine.decrypt(m_ldapUser.getPassword()))
== 0)) { // Successfully authenticated
generateResult("", LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null);
// Close the connection to client since most of the client
// application might cache the connection but we can't afford
// to have too many such client connection
m_disconnect = true;
log.config("#" + msgId + ": Success authenticate with password");
} else { // Unsuccessfully authenticated
m_errNo = LDAP_INAPPROPRIATE_AUTHENTICATION;
generateResult(
"",
LdapMessage.BIND_RESPONSE,
LDAP_INAPPROPRIATE_AUTHENTICATION,
ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
log.info(
"#" + msgId + ": Failed : " + ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
}
} else if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST) {
// Authenticate with compiere database
m_ldapUser.reset();
model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr);
if (m_ldapUser.getErrorMsg() != null) {
m_errNo = LDAP_NO_SUCH_OBJECT;
generateResult(
m_ldapMsg.getBaseObj(),
LdapMessage.SEARCH_RES_RESULT,
LDAP_NO_SUCH_OBJECT,
ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg());
log.info("#" + msgId + ": Failed with SEARCH_REQUEST");
return m_encoder.getTrimmedBuf();
}
m_encoder.beginSeq(48); // Hard coded here for Envelope header
m_encoder.encodeInt(msgId);
m_encoder.beginSeq(LdapMessage.SEARCH_REP_ENTRY); // Application 4
m_encoder.encodeString("cn=" + m_ldapMsg.getUserId(), true); // this should be object name
// not going to put in any attributes for this
m_encoder.beginSeq(48);
m_encoder.endSeq();
m_encoder.endSeq();
m_encoder.endSeq();
// SearchResultDone Application 5 for bind
// Result 0 = success
// No error message
generateResult(m_ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT, LDAP_SUCCESS, null);
log.config("#" + msgId + ": Success with SEARCH_REQUEST");
}
return m_encoder.getTrimmedBuf();
} catch (Exception e) {
log.log(Level.SEVERE, "", e);
// Get the response operation
int responseOp = LdapMessage.BIND_RESPONSE;
if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST)
responseOp = LdapMessage.SEARCH_RES_RESULT;
// Send the response to the client and disconnect
m_errNo = LDAP_OTHER;
generateResult(
m_ldapMsg.getBaseObj(),
responseOp,
LDAP_OTHER,
ldapErrorMessage[LDAP_OTHER] + e.getMessage());
m_disconnect = true;
}
return m_encoder.getTrimmedBuf();
} // getResult
