/**
* Generate LDAPResult
*
* @param dn Distinguished Name
* @param resultProtocol Result protocol/operation code
* @param resultCode Result code
* @param errMsg Error Message
* @return reponse
*/
private void generateResult(String dn, int resultProtocol, int resultCode, String errMsg) {
try {
m_encoder.beginSeq(48); // Hard coded here for Envelope header
m_encoder.encodeInt(m_ldapMsg.getMsgId());
m_encoder.beginSeq(resultProtocol);
m_encoder.encodeInt(resultCode, 10); // Enumeration - 10
// Adding LDAPDN
m_encoder.encodeString(dn, true);
// Adding error message
m_encoder.encodeString(errMsg == null ? "" : errMsg, true);
m_encoder.endSeq();
m_encoder.endSeq();
log.fine(
"#"
+ m_ldapMsg.getMsgId()
+ ": "
+ "dn="
+ dn
+ ", op="
+ resultProtocol
+ ", result="
+ resultCode
+ ", errMsg="
+ errMsg);
} catch (Exception ex) {
log.log(Level.SEVERE, "", ex);
}
} // generateResult
/**
* Get the response according to the request message
*
* @param model model
* @param remoteHost remote host name
* @param remoteAddr remote host ip address
* @return response
*/
public byte[] getResult(MLdapProcessor model, String remoteHost, String remoteAddr) {
if (m_errNo != LDAP_SUCCESS) {
generateResult(
"",
(m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST
? LdapMessage.BIND_RESPONSE
: LdapMessage.SEARCH_RES_RESULT),
m_errNo,
ldapErrorMessage[m_errNo] + ": " + m_errStr);
m_encoder.getTrimmedBuf();
}
try {
String usrId = m_ldapMsg.getUserId();
String o = m_ldapMsg.getOrg();
String ou = m_ldapMsg.getOrgUnit();
int msgId = m_ldapMsg.getMsgId();
// Adding the Application 1 Sequence
if (m_ldapMsg.getOperation() == LdapMessage.BIND_REQUEST) {
String pwd = m_ldapMsg.getUserPasswd();
if (pwd == null || pwd.length() <= 0) {
// 1st anonymous bind
generateResult(m_ldapMsg.getDN(), LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null);
log.config("#" + msgId + ": Success on anonymous bind");
return m_encoder.getTrimmedBuf();
}
// Authenticate with Compiere data
if (m_ldapUser.getUserId()
== null) { // Try to authenticate on the 1st bind, must be java client
m_ldapUser.reset();
model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr);
if (m_ldapUser.getErrorMsg() != null) { // Failed to authenticated with compiere
m_errNo = LDAP_NO_SUCH_OBJECT;
generateResult(
m_ldapMsg.getBaseObj(),
LdapMessage.SEARCH_RES_RESULT,
LDAP_NO_SUCH_OBJECT,
ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg());
log.config("#" + msgId + ": Failed with bind");
return m_encoder.getTrimmedBuf();
}
}
// Check to see if the input passwd is match to the one
// in compiere database
if (m_ldapUser.getUserId() != null
&& m_ldapUser.getPassword() != null
&& usrId.compareTo(m_ldapUser.getUserId()) == 0
&& !SecureEngine.isEncrypted(pwd)
&& (pwd.compareTo(m_ldapUser.getPassword()) == 0
|| pwd.compareTo(SecureEngine.decrypt(m_ldapUser.getPassword()))
== 0)) { // Successfully authenticated
generateResult("", LdapMessage.BIND_RESPONSE, LDAP_SUCCESS, null);
// Close the connection to client since most of the client
// application might cache the connection but we can't afford
// to have too many such client connection
m_disconnect = true;
log.config("#" + msgId + ": Success authenticate with password");
} else { // Unsuccessfully authenticated
m_errNo = LDAP_INAPPROPRIATE_AUTHENTICATION;
generateResult(
"",
LdapMessage.BIND_RESPONSE,
LDAP_INAPPROPRIATE_AUTHENTICATION,
ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
log.info(
"#" + msgId + ": Failed : " + ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
}
} else if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST) {
// Authenticate with compiere database
m_ldapUser.reset();
model.authenticate(m_ldapUser, usrId, o, ou, remoteHost, remoteAddr);
if (m_ldapUser.getErrorMsg() != null) {
m_errNo = LDAP_NO_SUCH_OBJECT;
generateResult(
m_ldapMsg.getBaseObj(),
LdapMessage.SEARCH_RES_RESULT,
LDAP_NO_SUCH_OBJECT,
ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + m_ldapUser.getErrorMsg());
log.info("#" + msgId + ": Failed with SEARCH_REQUEST");
return m_encoder.getTrimmedBuf();
}
m_encoder.beginSeq(48); // Hard coded here for Envelope header
m_encoder.encodeInt(msgId);
m_encoder.beginSeq(LdapMessage.SEARCH_REP_ENTRY); // Application 4
m_encoder.encodeString("cn=" + m_ldapMsg.getUserId(), true); // this should be object name
// not going to put in any attributes for this
m_encoder.beginSeq(48);
m_encoder.endSeq();
m_encoder.endSeq();
m_encoder.endSeq();
// SearchResultDone Application 5 for bind
// Result 0 = success
// No error message
generateResult(m_ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT, LDAP_SUCCESS, null);
log.config("#" + msgId + ": Success with SEARCH_REQUEST");
}
return m_encoder.getTrimmedBuf();
} catch (Exception e) {
log.log(Level.SEVERE, "", e);
// Get the response operation
int responseOp = LdapMessage.BIND_RESPONSE;
if (m_ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST)
responseOp = LdapMessage.SEARCH_RES_RESULT;
// Send the response to the client and disconnect
m_errNo = LDAP_OTHER;
generateResult(
m_ldapMsg.getBaseObj(),
responseOp,
LDAP_OTHER,
ldapErrorMessage[LDAP_OTHER] + e.getMessage());
m_disconnect = true;
}
return m_encoder.getTrimmedBuf();
} // getResult