예제 #1
0
 /**
  * Generate LDAPResult
  *
  * @param dn Distinguished Name
  * @param resultProtocol Result protocol/operation code
  * @param resultCode Result code
  * @param errMsg Error Message
  * @return reponse
  */
 private void generateResult(String dn, int resultProtocol, int resultCode, String errMsg) {
   try {
     m_encoder.beginSeq(48); // Hard coded here for Envelope header
     m_encoder.encodeInt(m_ldapMsg.getMsgId());
     m_encoder.beginSeq(resultProtocol);
     m_encoder.encodeInt(resultCode, 10); // Enumeration - 10
     // Adding LDAPDN
     m_encoder.encodeString(dn, true);
     // Adding error message
     m_encoder.encodeString(errMsg == null ? "" : errMsg, true);
     m_encoder.endSeq();
     m_encoder.endSeq();
     log.fine(
         "#"
             + m_ldapMsg.getMsgId()
             + ": "
             + "dn="
             + dn
             + ", op="
             + resultProtocol
             + ", result="
             + resultCode
             + ", errMsg="
             + errMsg);
   } catch (Exception ex) {
     log.log(Level.SEVERE, "", ex);
   }
 } // generateResult
예제 #2
0
  /**
   * Get the response according to the request message
   *
   * @param model model
   * @param remoteHost remote host name
   * @param remoteAddr remote host ip address
   * @return response
   */
  public byte[] getResult(MLdapProcessor model, String remoteHost, String remoteAddr) {
    if (m_errNo != LDAP_SUCCESS) {
      generateResult(
          "",
          (m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST
              ? LdapMessage.BIND_RESPONSE
              : LdapMessage.SEARCH_RES_RESULT),
          m_errNo,
          ldapErrorMessage[m_errNo] + ": " + m_errStr);
      m_encoder.getTrimmedBuf();
    }

    try {
      String usrId = m_ldapMsg.getUserId();
      String o = m_ldapMsg.getOrg();
      String ou = m_ldapMsg.getOrgUnit();
      int msgId = m_ldapMsg.getMsgId();

      // Adding the Application 1 Sequence
      if (m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST) {
        String pwd = m_ldapMsg.getUserPasswd();
        if (pwd == null || pwd.length() <= 0) {
          // 1st anonymous bind
          generateResult(m_ldapMsg.getDN(), LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null);
          log.config("#" + msgId + ": Success on anonymous bind");
          return m_encoder.getTrimmedBuf();
        }

        // Authenticate with Compiere data
        if (m_ldapUser.getUserId()
            == null) { // Try to authenticate on the 1st bind, must be java client
          m_ldapUser.reset();
          model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr);
          if (m_ldapUser.getErrorMsg() != null) { // Failed to authenticated with compiere
            m_errNo = LDAP_NO_SUCH_OBJECT;
            generateResult(
                m_ldapMsg.getBaseObj(),
                LdapMessage.SEARCH_RES_RESULT,
                LDAP_NO_SUCH_OBJECT,
                ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg());
            log.config("#" + msgId + ": Failed with bind");
            return m_encoder.getTrimmedBuf();
          }
        }

        // Check to see if the input passwd is match to the one
        // in compiere database
        if (m_ldapUser.getUserId() != null
            && m_ldapUser.getPassword() != null
            && usrId.compareTo(m_ldapUser.getUserId()) == 0
            && !SecureEngine.isEncrypted(pwd)
            && (pwd.compareTo(m_ldapUser.getPassword()) == 0
                || pwd.compareTo(SecureEngine.decrypt(m_ldapUser.getPassword()))
                    == 0)) { // Successfully authenticated
          generateResult("", LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null);
          // Close the connection to client since most of the client
          // application might cache the connection but we can't afford
          // to have too many such client connection
          m_disconnect = true;
          log.config("#" + msgId + ": Success authenticate with password");
        } else { // Unsuccessfully authenticated
          m_errNo = LDAP_INAPPROPRIATE_AUTHENTICATION;
          generateResult(
              "",
              LdapMessage.BIND_RESPONSE,
              LDAP_INAPPROPRIATE_AUTHENTICATION,
              ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
          log.info(
              "#" + msgId + ": Failed : " + ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
        }
      } else if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST) {
        // Authenticate with compiere database
        m_ldapUser.reset();
        model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr);
        if (m_ldapUser.getErrorMsg() != null) {
          m_errNo = LDAP_NO_SUCH_OBJECT;
          generateResult(
              m_ldapMsg.getBaseObj(),
              LdapMessage.SEARCH_RES_RESULT,
              LDAP_NO_SUCH_OBJECT,
              ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg());
          log.info("#" + msgId + ": Failed with SEARCH_REQUEST");
          return m_encoder.getTrimmedBuf();
        }

        m_encoder.beginSeq(48); // Hard coded here for Envelope header
        m_encoder.encodeInt(msgId);
        m_encoder.beginSeq(LdapMessage.SEARCH_REP_ENTRY); // Application 4
        m_encoder.encodeString("cn=" + m_ldapMsg.getUserId(), true); // this should be object name
        // not going to put in any attributes for this
        m_encoder.beginSeq(48);
        m_encoder.endSeq();
        m_encoder.endSeq();
        m_encoder.endSeq();

        // SearchResultDone Application 5 for bind
        // Result 0 = success
        // No error message
        generateResult(m_ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT, LDAP_SUCCESS, null);
        log.config("#" + msgId + ": Success with SEARCH_REQUEST");
      }

      return m_encoder.getTrimmedBuf();
    } catch (Exception e) {
      log.log(Level.SEVERE, "", e);

      // Get the response operation
      int responseOp = LdapMessage.BIND_RESPONSE;
      if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST)
        responseOp = LdapMessage.SEARCH_RES_RESULT;

      // Send the response to the client and disconnect
      m_errNo = LDAP_OTHER;
      generateResult(
          m_ldapMsg.getBaseObj(),
          responseOp,
          LDAP_OTHER,
          ldapErrorMessage[LDAP_OTHER] + e.getMessage());
      m_disconnect = true;
    }

    return m_encoder.getTrimmedBuf();
  } //	getResult