示例#1
0
  static LdapType guessType(final DirContext ctx) throws NamingException {
    final Attributes rootAtts = ctx.getAttributes("");
    Attribute supported = rootAtts.get("supportedCapabilities");
    if (supported != null
        && (supported.contains("1.2.840.113556.1.4.800")
            || supported.contains("1.2.840.113556.1.4.1851"))) {
      return new ActiveDirectory();
    }

    return RFC_2307;
  }
示例#2
0
 public boolean isPerson() {
   if (userObject == null) {
     return false;
   }
   Attribute attr = userObject.get("objectclass");
   if (attr.contains("inetOrgPerson")
       || attr.contains("organizationalPerson")
       || attr.contains("person")) {
     return true;
   } else {
     return false;
   }
 }
  /**
   * @param thisA
   * @param that
   * @return boolean
   * @throws Throwable
   */
  public boolean attrEquals(Attribute thisA, Attribute that) throws Throwable {
    int sz = thisA.size();

    if (sz != that.size()) {
      return false;
    }

    if (sz == 0) {
      return true;
    }

    NamingEnumeration ne = thisA.getAll();

    if (ne == null) {
      return false;
    }

    while (ne.hasMore()) {
      if (!that.contains(ne.next())) {
        return false;
      }
    }

    return true;
  }
示例#4
0
  /** Test that the partition has been correctly created */
  public void testPartition() throws NamingException {

    // We should be able to read it
    DirContext appRoot = createContext("o=sevenSeas");
    assertNotNull(appRoot);

    // Let's get the entry associated to the top level
    Attributes attributes = appRoot.getAttributes("");
    assertNotNull(attributes);
    assertEquals("sevenseas", attributes.get("o").get());

    Attribute attribute = attributes.get("objectClass");
    assertNotNull(attribute);
    assertTrue(attribute.contains("top"));
    assertTrue(attribute.contains("organization"));
    // Ok, everything is fine
  }
示例#5
0
  public void addMember(LDAPEntry childEntry) {
    Attribute memberAttribute = getLDAPAttributes().get(MEMBER);
    if (memberAttribute != null) {
      if (memberAttribute.contains(SPACE_STRING)) {
        memberAttribute.remove(SPACE_STRING);
      }
    } else {
      memberAttribute = new BasicAttribute(MEMBER);
    }

    memberAttribute.add(childEntry.getDN());
    getLDAPAttributes().put(memberAttribute);
  }
  public boolean existsUser(String userId) {

    InitialLdapContext ctx = null;
    boolean exists = false;
    try {
      ctx = buildInitialLdapContext();

      String userContext = this.config.getProperty(USER_CTX);
      String userFilter = this.config.getProperty(USER_FILTER);
      String userAttrId = this.config.getProperty(USER_ATTR_ID, "uid");

      userFilter = userFilter.replaceAll("\\{0\\}", userId);

      if (logger.isDebugEnabled()) {
        logger.debug(
            "Seaching for user existence with filter " + userFilter + " on context " + userContext);
      }

      SearchControls constraints = new SearchControls();

      NamingEnumeration<SearchResult> result = ctx.search(userContext, userFilter, constraints);
      if (result.hasMore()) {

        SearchResult sr = result.next();
        Attribute ldapUserId = sr.getAttributes().get(userAttrId);

        if (ldapUserId.contains(userId)) {
          exists = true;
        }
        if (logger.isDebugEnabled()) {
          logger.debug(
              "Entry in LDAP found and result of matching with given user id is " + exists);
        }
      }
      result.close();

    } catch (Exception e) {
      e.printStackTrace();
    } finally {
      if (ctx != null) {
        try {
          ctx.close();
        } catch (NamingException e) {
          e.printStackTrace();
        }
      }
    }

    return exists;
  }
  public boolean existsGroup(String groupId) {

    InitialLdapContext ctx = null;
    boolean exists = false;
    try {
      ctx = buildInitialLdapContext();

      String roleContext = this.config.getProperty(ROLE_CTX);
      String roleFilter = this.config.getProperty(ROLE_FILTER);
      String roleAttrId = this.config.getProperty(ROLE_ATTR_ID, "cn");

      roleFilter = roleFilter.replaceAll("\\{0\\}", groupId);

      SearchControls constraints = new SearchControls();
      String searchScope = this.config.getProperty(SEARCH_SCOPE);
      if (searchScope != null) {
        constraints.setSearchScope(parseSearchScope(searchScope));
      }

      NamingEnumeration<SearchResult> result = ctx.search(roleContext, roleFilter, constraints);
      if (result.hasMore()) {
        SearchResult sr = result.next();
        Attribute ldapUserId = sr.getAttributes().get(roleAttrId);

        if (ldapUserId.contains(groupId)) {
          exists = true;
        }
      }
      result.close();

    } catch (Exception e) {
      e.printStackTrace();
    } finally {
      if (ctx != null) {
        try {
          ctx.close();
        } catch (NamingException e) {
          e.printStackTrace();
        }
      }
    }

    return exists;
  }
示例#8
0
  private boolean renameSingleValuedRDNS(DXEntry oldEntry, DXEntry newEntry) {
    RDN oldRDN = oldEntry.getRDN();

    String type = oldRDN.getAtt();
    String value = oldRDN.getRawVal();

    Attribute oldNamingAttInNewEntry = newEntry.get(type);
    // if the old naming value does not exist in the new entry, drop it!
    if (!oldNamingAttInNewEntry.contains(value)) {
      if (renameObject(oldEntry.getDN(), newEntry.getDN(), true) == true) {
        oldEntry.get(type).remove(value); // remove old value so it doesn't get double deleted...
        return true;
      } else return false;
    }
    // if it *does* exist in the new entry, keep it.
    else {
      return renameObject(oldEntry.getDN(), newEntry.getDN(), false);
    }
  }
  /**
   * Return true if the record contains all of the values of the given attribute.
   *
   * @param attr Attribute we're looking for
   * @return boolean true if we found it
   * @throws Throwable
   */
  public boolean contains(Attribute attr) throws Throwable {
    if (attr == null) {
      return false; // protect
    }

    Attribute recAttr = getAttributes().get(attr.getID());

    if (recAttr == null) {
      return false;
    }

    NamingEnumeration ne = attr.getAll();

    while (ne.hasMore()) {
      if (!recAttr.contains(ne.next())) {
        return false;
      }
    }

    return true;
  }
  /**
   * Returns a pair consisting of a MarshalledObject and attributes to be bound with the stub.
   *
   * @param obj The non-null object to store.
   * @param inAttrs The possible null attributes to store with object.
   * @return A non-null Result consisting of the MarshalledObject and attributes.
   */
  private static DirStateFactory.Result jrmpObject(Object obj, Attributes inAttrs)
      throws NamingException {
    try {
      Object mobj = new MarshalledObject(obj);

      Attributes outAttrs = null;
      Attribute cname = null;
      Attribute tnames = null;
      Attribute objectClass = null;

      if (inAttrs != null) {
        // Get existing objectclass attribute
        objectClass = (Attribute) inAttrs.get("objectClass");
        if (objectClass == null && !inAttrs.isCaseIgnored()) {
          // %%% workaround
          objectClass = (Attribute) inAttrs.get("objectclass");
        }

        // No objectclasses supplied, use "top" to start
        if (objectClass == null) {
          objectClass = new BasicAttribute("objectClass", "top");
        } else {
          objectClass = (Attribute) objectClass.clone();
        }

        cname = inAttrs.get(CLASSNAME_ATTRID);
        tnames = inAttrs.get(CLASSNAMES_ATTRID);

        outAttrs = (Attributes) inAttrs.clone();
      } else {
        outAttrs = new BasicAttributes(true);
        objectClass = new BasicAttribute("objectClass", "top");
      }

      if (cname == null) {
        outAttrs.put(CLASSNAME_ATTRID, obj.getClass().getName());
      }
      if (tnames == null) {
        Attribute tAttr = LdapCtxFactory.createTypeNameAttr(obj.getClass());
        if (tAttr != null) {
          outAttrs.put(tAttr);
        }
      }

      boolean structural =
          (objectClass.size() == 0 || (objectClass.size() == 1 && objectClass.contains("top")));

      if (structural) {
        objectClass.add(STRUCTURAL_OCID);
      }
      objectClass.add(MARSHALLED_OCID);
      outAttrs.put(objectClass);

      return new DirStateFactory.Result(mobj, outAttrs);

    } catch (java.io.IOException e) {
      NamingException ne = new NamingException("Cannot create MarshallObject for " + obj);
      ne.setRootCause(e);
      throw ne;
    }
  }
  /**
   * This compares all but the named attributes allbut true => All must be equal except those on the
   * list
   *
   * @param that
   * @param attrIDs
   * @return boolean
   * @throws Throwable
   */
  public boolean equalsAllBut(DirRecord that, String[] attrIDs) throws Throwable {
    if (attrIDs == null) throw new Exception("DirectoryRecord: null attrID list");

    if (!dnEquals(that)) {
      return false;
    }

    int n = attrIDs.length;

    if (n == 0) return true;

    Attributes thisAttrs = getAttributes();
    Attributes thatAttrs = that.getAttributes();

    if (thisAttrs == null) {
      if (thatAttrs == null) return true;
      return false;
    }

    if (thatAttrs == null) {
      return false;
    }

    /**
     * We need to ensure that all attributes are checked. We init thatLeft to the number of
     * attributes in the source. We decrement for each checked attribute. We then decrement for each
     * ignored attribute present in that If the result is non-zero, then there are some extra
     * attributes in that so we return unequal.
     */
    int sz = thisAttrs.size();
    int thatLeft = sz;

    if ((sz == 0) && (thatAttrs.size() == 0)) {
      return true;
    }

    NamingEnumeration ne = thisAttrs.getAll();

    if (ne == null) {
      return false;
    }

    while (ne.hasMore()) {
      Attribute attr = (Attribute) ne.next();
      String id = attr.getID();
      boolean present = false;

      for (int i = 0; i < attrIDs.length; i++) {
        if (id.equalsIgnoreCase(attrIDs[i])) {
          present = true;
          break;
        }
      }
      if (present) {
        // We don't compare
        if (thatAttrs.get(id) != null) thatLeft--;
      } else {
        Attribute thatAttr = thatAttrs.get(id);
        if (thatAttr == null) {
          return false;
        }
        if (!thatAttr.contains(attr)) {
          return false;
        }
        thatLeft--;
      }
    }

    return (thatLeft == 0);
  }
示例#12
0
  public boolean isMember(LDAPEntry member) {
    Attribute memberAttribute = getLDAPAttributes().get(MEMBER);

    return memberAttribute != null && memberAttribute.contains(member.getDN());
  }
 protected Object doLdapFunction() throws Exception {
   ReaderEvent ev = AuthenticatorLdapOperator.this.input;
   boolean gotQuery = ev.type == ReaderEventType.READER_EVENT_ID_QUERY;
   boolean gotNotice = ev.type == ReaderEventType.READER_EVENT_ID_NOTICE;
   if (gotQuery || gotNotice) {
     if (ev.data.length() != 10) {
       logger.warn("We got card data of weird length (" + ev.data.length() + "): " + ev.data);
       if (gotQuery) {
         ev.sendDeny();
       }
     } else {
       String eID = hashData(ev.data.substring(0, 8));
       String eNo = ev.data.substring(8);
       // String cardData = eID + eNo;
       NamingEnumeration<SearchResult> i;
       logger.debug("Searching " + eID + " ...");
       i =
           AuthenticatorLdapOperator.this.dirContext.search(
               "", "(employeeType={0})", new Object[] {eID}, ctrl);
       logger.debug("Search done");
       if (i.hasMoreElements()) {
         logger.trace("hasMore");
         SearchResult r = i.next();
         Attributes attrs = r.getAttributes();
         // String uid = getIfNotNull(attrs, "uid");
         String userName = getUserFriendlyName(attrs);
         if (!getIfNotNull(attrs, "employeeNumber").equals(eNo)) {
           if (gotQuery) {
             ev.sendBadLCC();
             logger.info("Denied access to " + userName + " due to bad LCC");
           } else {
             logger.warn("eeprom allowed access to id with old LCC" + eID);
           }
         } else {
           Attribute groups = attrs.get("memberOf");
           if (groups.contains("CN=Domain Admins,CN=Users,DC=cif,DC=rochester,DC=edu")) {
             if (gotQuery) {
               ev.sendAllow();
               logger.info("Allowed access to admin " + userName);
             } else {
               logger.info("Eeprom allowed access to admin " + userName);
             }
           } else if (groups.contains("CN=Lab Users,CN=Users,DC=cif,DC=rochester,DC=edu")) {
             if (ev.reader.getMode() == ReaderMode.READER_MODE_ADMIN) {
               if (gotQuery) {
                 ev.sendDeny();
                 logger.info("Denied access to " + userName + " during admin mode.");
               } else {
                 logger.warn(
                     "Eeprom allowed access to commoner " + userName + " during admin mode.");
               }
             } else {
               if (gotQuery) {
                 ev.sendAllow();
                 logger.info("Allowed access to " + userName);
               } else {
                 logger.warn("Eeprom allowed access to commoner " + userName + ".");
               }
             }
           } else {
             if (gotQuery) {
               ev.sendDeny();
               logger.info("Denied access to " + userName + " due to insufficient permissions.");
             } else {
               logger.warn("Eeprom allowed acces to denied user " + userName + ".");
             }
           }
         }
       } else {
         logger.debug("has not got more");
         if (gotQuery) {
           ev.sendBadLCC();
           logger.info("Denied access to unknown id " + eID);
         } else {
           logger.warn("eeprom allowed access to unknown id " + eID);
         }
       }
       i.close();
     }
   }
   return null;
 }