예제 #1
0
  /**
   * Perform process.
   *
   * @return Message
   * @throws Exception if not successful
   */
  protected String doIt() throws Exception {
    String where = " Password IS NOT NULL AND Salt IS NULL ";

    int count = 0;
    boolean isEncrypted = MColumn.isEncrypted(417);

    List<MUser> users =
        MTable.get(getCtx(), MUser.Table_ID).createQuery(where, get_TrxName()).list();
    for (MUser user : users) {
      if (user.getAD_User_ID() == 0) {
        String password =
            DB.getSQLValueString(
                get_TrxName(), "SELECT Password FROM AD_User WHERE AD_User_ID=?", 0);
        if (isEncrypted) password = SecureEngine.decrypt(password);

        user.setPassword(password);
        String sql = "UPDATE AD_User SET Updated=SysDate, UpdatedBy=" + getAD_User_ID();
        if (!Util.isEmpty(password)) {
          sql +=
              ", Password="******", Salt=" + DB.TO_STRING(user.getSalt());
        }
        sql += " WHERE AD_User_ID=0";
        DB.executeUpdateEx(sql, get_TrxName());
        count++;
      } else {
        user.setPassword(user.getPassword());
        count++;
        user.saveEx();
      }
    }

    return "@Updated@ " + count;
  } //	doIt
예제 #2
0
  /**
   * Get the response according to the request message
   *
   * @param model model
   * @param remoteHost remote host name
   * @param remoteAddr remote host ip address
   * @return response
   */
  public byte[] getResult(MLdapProcessor model, String remoteHost, String remoteAddr) {
    if (m_errNo != LDAP_SUCCESS) {
      generateResult(
          "",
          (m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST
              ? LdapMessage.BIND_RESPONSE
              : LdapMessage.SEARCH_RES_RESULT),
          m_errNo,
          ldapErrorMessage[m_errNo] + ": " + m_errStr);
      m_encoder.getTrimmedBuf();
    }

    try {
      String usrId = m_ldapMsg.getUserId();
      String o = m_ldapMsg.getOrg();
      String ou = m_ldapMsg.getOrgUnit();
      int msgId = m_ldapMsg.getMsgId();

      // Adding the Application 1 Sequence
      if (m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST) {
        String pwd = m_ldapMsg.getUserPasswd();
        if (pwd == null || pwd.length() <= 0) {
          // 1st anonymous bind
          generateResult(m_ldapMsg.getDN(), LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null);
          log.config("#" + msgId + ": Success on anonymous bind");
          return m_encoder.getTrimmedBuf();
        }

        // Authenticate with Compiere data
        if (m_ldapUser.getUserId()
            == null) { // Try to authenticate on the 1st bind, must be java client
          m_ldapUser.reset();
          model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr);
          if (m_ldapUser.getErrorMsg() != null) { // Failed to authenticated with compiere
            m_errNo = LDAP_NO_SUCH_OBJECT;
            generateResult(
                m_ldapMsg.getBaseObj(),
                LdapMessage.SEARCH_RES_RESULT,
                LDAP_NO_SUCH_OBJECT,
                ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg());
            log.config("#" + msgId + ": Failed with bind");
            return m_encoder.getTrimmedBuf();
          }
        }

        // Check to see if the input passwd is match to the one
        // in compiere database
        if (m_ldapUser.getUserId() != null
            && m_ldapUser.getPassword() != null
            && usrId.compareTo(m_ldapUser.getUserId()) == 0
            && !SecureEngine.isEncrypted(pwd)
            && (pwd.compareTo(m_ldapUser.getPassword()) == 0
                || pwd.compareTo(SecureEngine.decrypt(m_ldapUser.getPassword()))
                    == 0)) { // Successfully authenticated
          generateResult("", LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null);
          // Close the connection to client since most of the client
          // application might cache the connection but we can't afford
          // to have too many such client connection
          m_disconnect = true;
          log.config("#" + msgId + ": Success authenticate with password");
        } else { // Unsuccessfully authenticated
          m_errNo = LDAP_INAPPROPRIATE_AUTHENTICATION;
          generateResult(
              "",
              LdapMessage.BIND_RESPONSE,
              LDAP_INAPPROPRIATE_AUTHENTICATION,
              ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
          log.info(
              "#" + msgId + ": Failed : " + ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
        }
      } else if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST) {
        // Authenticate with compiere database
        m_ldapUser.reset();
        model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr);
        if (m_ldapUser.getErrorMsg() != null) {
          m_errNo = LDAP_NO_SUCH_OBJECT;
          generateResult(
              m_ldapMsg.getBaseObj(),
              LdapMessage.SEARCH_RES_RESULT,
              LDAP_NO_SUCH_OBJECT,
              ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg());
          log.info("#" + msgId + ": Failed with SEARCH_REQUEST");
          return m_encoder.getTrimmedBuf();
        }

        m_encoder.beginSeq(48); // Hard coded here for Envelope header
        m_encoder.encodeInt(msgId);
        m_encoder.beginSeq(LdapMessage.SEARCH_REP_ENTRY); // Application 4
        m_encoder.encodeString("cn=" + m_ldapMsg.getUserId(), true); // this should be object name
        // not going to put in any attributes for this
        m_encoder.beginSeq(48);
        m_encoder.endSeq();
        m_encoder.endSeq();
        m_encoder.endSeq();

        // SearchResultDone Application 5 for bind
        // Result 0 = success
        // No error message
        generateResult(m_ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT, LDAP_SUCCESS, null);
        log.config("#" + msgId + ": Success with SEARCH_REQUEST");
      }

      return m_encoder.getTrimmedBuf();
    } catch (Exception e) {
      log.log(Level.SEVERE, "", e);

      // Get the response operation
      int responseOp = LdapMessage.BIND_RESPONSE;
      if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST)
        responseOp = LdapMessage.SEARCH_RES_RESULT;

      // Send the response to the client and disconnect
      m_errNo = LDAP_OTHER;
      generateResult(
          m_ldapMsg.getBaseObj(),
          responseOp,
          LDAP_OTHER,
          ldapErrorMessage[LDAP_OTHER] + e.getMessage());
      m_disconnect = true;
    }

    return m_encoder.getTrimmedBuf();
  } //	getResult