static LdapType guessType(final DirContext ctx) throws NamingException {
final Attributes rootAtts = ctx.getAttributes("");
Attribute supported = rootAtts.get("supportedCapabilities");
if (supported != null
&& (supported.contains("1.2.840.113556.1.4.800")
|| supported.contains("1.2.840.113556.1.4.1851"))) {
return new ActiveDirectory();
}
return RFC_2307;
}
public boolean isPerson() {
if (userObject == null) {
return false;
}
Attribute attr = userObject.get("objectclass");
if (attr.contains("inetOrgPerson")
|| attr.contains("organizationalPerson")
|| attr.contains("person")) {
return true;
} else {
return false;
}
}
/**
* @param thisA
* @param that
* @return boolean
* @throws Throwable
*/
public boolean attrEquals(Attribute thisA, Attribute that) throws Throwable {
int sz = thisA.size();
if (sz != that.size()) {
return false;
}
if (sz == 0) {
return true;
}
NamingEnumeration ne = thisA.getAll();
if (ne == null) {
return false;
}
while (ne.hasMore()) {
if (!that.contains(ne.next())) {
return false;
}
}
return true;
}
/** Test that the partition has been correctly created */
public void testPartition() throws NamingException {
// We should be able to read it
DirContext appRoot = createContext("o=sevenSeas");
assertNotNull(appRoot);
// Let's get the entry associated to the top level
Attributes attributes = appRoot.getAttributes("");
assertNotNull(attributes);
assertEquals("sevenseas", attributes.get("o").get());
Attribute attribute = attributes.get("objectClass");
assertNotNull(attribute);
assertTrue(attribute.contains("top"));
assertTrue(attribute.contains("organization"));
// Ok, everything is fine
}
public void addMember(LDAPEntry childEntry) {
Attribute memberAttribute = getLDAPAttributes().get(MEMBER);
if (memberAttribute != null) {
if (memberAttribute.contains(SPACE_STRING)) {
memberAttribute.remove(SPACE_STRING);
}
} else {
memberAttribute = new BasicAttribute(MEMBER);
}
memberAttribute.add(childEntry.getDN());
getLDAPAttributes().put(memberAttribute);
}
public boolean existsUser(String userId) {
InitialLdapContext ctx = null;
boolean exists = false;
try {
ctx = buildInitialLdapContext();
String userContext = this.config.getProperty(USER_CTX);
String userFilter = this.config.getProperty(USER_FILTER);
String userAttrId = this.config.getProperty(USER_ATTR_ID, "uid");
userFilter = userFilter.replaceAll("\\{0\\}", userId);
if (logger.isDebugEnabled()) {
logger.debug(
"Seaching for user existence with filter " + userFilter + " on context " + userContext);
}
SearchControls constraints = new SearchControls();
NamingEnumeration<SearchResult> result = ctx.search(userContext, userFilter, constraints);
if (result.hasMore()) {
SearchResult sr = result.next();
Attribute ldapUserId = sr.getAttributes().get(userAttrId);
if (ldapUserId.contains(userId)) {
exists = true;
}
if (logger.isDebugEnabled()) {
logger.debug(
"Entry in LDAP found and result of matching with given user id is " + exists);
}
}
result.close();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
return exists;
}
public boolean existsGroup(String groupId) {
InitialLdapContext ctx = null;
boolean exists = false;
try {
ctx = buildInitialLdapContext();
String roleContext = this.config.getProperty(ROLE_CTX);
String roleFilter = this.config.getProperty(ROLE_FILTER);
String roleAttrId = this.config.getProperty(ROLE_ATTR_ID, "cn");
roleFilter = roleFilter.replaceAll("\\{0\\}", groupId);
SearchControls constraints = new SearchControls();
String searchScope = this.config.getProperty(SEARCH_SCOPE);
if (searchScope != null) {
constraints.setSearchScope(parseSearchScope(searchScope));
}
NamingEnumeration<SearchResult> result = ctx.search(roleContext, roleFilter, constraints);
if (result.hasMore()) {
SearchResult sr = result.next();
Attribute ldapUserId = sr.getAttributes().get(roleAttrId);
if (ldapUserId.contains(groupId)) {
exists = true;
}
}
result.close();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
return exists;
}
private boolean renameSingleValuedRDNS(DXEntry oldEntry, DXEntry newEntry) {
RDN oldRDN = oldEntry.getRDN();
String type = oldRDN.getAtt();
String value = oldRDN.getRawVal();
Attribute oldNamingAttInNewEntry = newEntry.get(type);
// if the old naming value does not exist in the new entry, drop it!
if (!oldNamingAttInNewEntry.contains(value)) {
if (renameObject(oldEntry.getDN(), newEntry.getDN(), true) == true) {
oldEntry.get(type).remove(value); // remove old value so it doesn't get double deleted...
return true;
} else return false;
}
// if it *does* exist in the new entry, keep it.
else {
return renameObject(oldEntry.getDN(), newEntry.getDN(), false);
}
}
/**
* Return true if the record contains all of the values of the given attribute.
*
* @param attr Attribute we're looking for
* @return boolean true if we found it
* @throws Throwable
*/
public boolean contains(Attribute attr) throws Throwable {
if (attr == null) {
return false; // protect
}
Attribute recAttr = getAttributes().get(attr.getID());
if (recAttr == null) {
return false;
}
NamingEnumeration ne = attr.getAll();
while (ne.hasMore()) {
if (!recAttr.contains(ne.next())) {
return false;
}
}
return true;
}
/**
* Returns a pair consisting of a MarshalledObject and attributes to be bound with the stub.
*
* @param obj The non-null object to store.
* @param inAttrs The possible null attributes to store with object.
* @return A non-null Result consisting of the MarshalledObject and attributes.
*/
private static DirStateFactory.Result jrmpObject(Object obj, Attributes inAttrs)
throws NamingException {
try {
Object mobj = new MarshalledObject(obj);
Attributes outAttrs = null;
Attribute cname = null;
Attribute tnames = null;
Attribute objectClass = null;
if (inAttrs != null) {
// Get existing objectclass attribute
objectClass = (Attribute) inAttrs.get("objectClass");
if (objectClass == null && !inAttrs.isCaseIgnored()) {
// %%% workaround
objectClass = (Attribute) inAttrs.get("objectclass");
}
// No objectclasses supplied, use "top" to start
if (objectClass == null) {
objectClass = new BasicAttribute("objectClass", "top");
} else {
objectClass = (Attribute) objectClass.clone();
}
cname = inAttrs.get(CLASSNAME_ATTRID);
tnames = inAttrs.get(CLASSNAMES_ATTRID);
outAttrs = (Attributes) inAttrs.clone();
} else {
outAttrs = new BasicAttributes(true);
objectClass = new BasicAttribute("objectClass", "top");
}
if (cname == null) {
outAttrs.put(CLASSNAME_ATTRID, obj.getClass().getName());
}
if (tnames == null) {
Attribute tAttr = LdapCtxFactory.createTypeNameAttr(obj.getClass());
if (tAttr != null) {
outAttrs.put(tAttr);
}
}
boolean structural =
(objectClass.size() == 0 || (objectClass.size() == 1 && objectClass.contains("top")));
if (structural) {
objectClass.add(STRUCTURAL_OCID);
}
objectClass.add(MARSHALLED_OCID);
outAttrs.put(objectClass);
return new DirStateFactory.Result(mobj, outAttrs);
} catch (java.io.IOException e) {
NamingException ne = new NamingException("Cannot create MarshallObject for " + obj);
ne.setRootCause(e);
throw ne;
}
}
/**
* This compares all but the named attributes allbut true => All must be equal except those on the
* list
*
* @param that
* @param attrIDs
* @return boolean
* @throws Throwable
*/
public boolean equalsAllBut(DirRecord that, String[] attrIDs) throws Throwable {
if (attrIDs == null) throw new Exception("DirectoryRecord: null attrID list");
if (!dnEquals(that)) {
return false;
}
int n = attrIDs.length;
if (n == 0) return true;
Attributes thisAttrs = getAttributes();
Attributes thatAttrs = that.getAttributes();
if (thisAttrs == null) {
if (thatAttrs == null) return true;
return false;
}
if (thatAttrs == null) {
return false;
}
/**
* We need to ensure that all attributes are checked. We init thatLeft to the number of
* attributes in the source. We decrement for each checked attribute. We then decrement for each
* ignored attribute present in that If the result is non-zero, then there are some extra
* attributes in that so we return unequal.
*/
int sz = thisAttrs.size();
int thatLeft = sz;
if ((sz == 0) && (thatAttrs.size() == 0)) {
return true;
}
NamingEnumeration ne = thisAttrs.getAll();
if (ne == null) {
return false;
}
while (ne.hasMore()) {
Attribute attr = (Attribute) ne.next();
String id = attr.getID();
boolean present = false;
for (int i = 0; i < attrIDs.length; i++) {
if (id.equalsIgnoreCase(attrIDs[i])) {
present = true;
break;
}
}
if (present) {
// We don't compare
if (thatAttrs.get(id) != null) thatLeft--;
} else {
Attribute thatAttr = thatAttrs.get(id);
if (thatAttr == null) {
return false;
}
if (!thatAttr.contains(attr)) {
return false;
}
thatLeft--;
}
}
return (thatLeft == 0);
}
public boolean isMember(LDAPEntry member) {
Attribute memberAttribute = getLDAPAttributes().get(MEMBER);
return memberAttribute != null && memberAttribute.contains(member.getDN());
}
protected Object doLdapFunction() throws Exception {
ReaderEvent ev = AuthenticatorLdapOperator.this.input;
boolean gotQuery = ev.type == ReaderEventType.READER_EVENT_ID_QUERY;
boolean gotNotice = ev.type == ReaderEventType.READER_EVENT_ID_NOTICE;
if (gotQuery || gotNotice) {
if (ev.data.length() != 10) {
logger.warn("We got card data of weird length (" + ev.data.length() + "): " + ev.data);
if (gotQuery) {
ev.sendDeny();
}
} else {
String eID = hashData(ev.data.substring(0, 8));
String eNo = ev.data.substring(8);
// String cardData = eID + eNo;
NamingEnumeration<SearchResult> i;
logger.debug("Searching " + eID + " ...");
i =
AuthenticatorLdapOperator.this.dirContext.search(
"", "(employeeType={0})", new Object[] {eID}, ctrl);
logger.debug("Search done");
if (i.hasMoreElements()) {
logger.trace("hasMore");
SearchResult r = i.next();
Attributes attrs = r.getAttributes();
// String uid = getIfNotNull(attrs, "uid");
String userName = getUserFriendlyName(attrs);
if (!getIfNotNull(attrs, "employeeNumber").equals(eNo)) {
if (gotQuery) {
ev.sendBadLCC();
logger.info("Denied access to " + userName + " due to bad LCC");
} else {
logger.warn("eeprom allowed access to id with old LCC" + eID);
}
} else {
Attribute groups = attrs.get("memberOf");
if (groups.contains("CN=Domain Admins,CN=Users,DC=cif,DC=rochester,DC=edu")) {
if (gotQuery) {
ev.sendAllow();
logger.info("Allowed access to admin " + userName);
} else {
logger.info("Eeprom allowed access to admin " + userName);
}
} else if (groups.contains("CN=Lab Users,CN=Users,DC=cif,DC=rochester,DC=edu")) {
if (ev.reader.getMode() == ReaderMode.READER_MODE_ADMIN) {
if (gotQuery) {
ev.sendDeny();
logger.info("Denied access to " + userName + " during admin mode.");
} else {
logger.warn(
"Eeprom allowed access to commoner " + userName + " during admin mode.");
}
} else {
if (gotQuery) {
ev.sendAllow();
logger.info("Allowed access to " + userName);
} else {
logger.warn("Eeprom allowed access to commoner " + userName + ".");
}
}
} else {
if (gotQuery) {
ev.sendDeny();
logger.info("Denied access to " + userName + " due to insufficient permissions.");
} else {
logger.warn("Eeprom allowed acces to denied user " + userName + ".");
}
}
}
} else {
logger.debug("has not got more");
if (gotQuery) {
ev.sendBadLCC();
logger.info("Denied access to unknown id " + eID);
} else {
logger.warn("eeprom allowed access to unknown id " + eID);
}
}
i.close();
}
}
return null;
}