Example 1 with DistinguishedName
use of net.sourceforge.myvd.types.DistinguishedName in project OpenUnison by TremoloSecurity.
the class MyVDConnection method bind.
public void bind(String dn, String password) throws LDAPException {
HashMap<Object, Object> request = new HashMap<Object, Object>();
HashMap<Object, Object> session = new HashMap<Object, Object>();
session.put(SessionVariables.BOUND_INTERCEPTORS, new ArrayList<String>());
session.put("MYVD_BINDDN", new DistinguishedName(""));
session.put("MYVD_BINDPASS", new Password());
BindInterceptorChain chain = new BindInterceptorChain(new DistinguishedName(""), new Password(), 0, core.getGlobalChain(), session, request, core.getRouter());
chain.nextBind(new DistinguishedName(dn), new Password(password), new LDAPConstraints());
}
Also used :
HashMap(java.util.HashMap)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
LDAPConstraints(com.novell.ldap.LDAPConstraints)
BindInterceptorChain(net.sourceforge.myvd.chain.BindInterceptorChain)
Password(net.sourceforge.myvd.types.Password)
Example 2 with DistinguishedName
use of net.sourceforge.myvd.types.DistinguishedName in project OpenUnison by TremoloSecurity.
the class AuthLockoutInsert method bind.
@Override
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
Results results = new Results(null, chain.getPositionInChain(this) + 1);
SearchInterceptorChain schain = chain.createSearchChain(chain.getPositionInChain(this) + 1);
schain.nextSearch(new DistinguishedName(dn.getDN()), new Int(0), new Filter("(objectClass=*)"), new ArrayList<Attribute>(), new Bool(false), results, new LDAPSearchConstraints());
results.start();
if (!results.hasMore()) {
throw new LDAPException("No such object", LDAPException.NO_SUCH_OBJECT, "Could not find dn");
}
Entry entry = results.next();
while (results.hasMore()) {
results.next();
}
try {
chain.nextBind(dn, pwd, constraints);
LDAPAttribute lastFailed = entry.getEntry().getAttributeSet().getAttribute(this.lastFailedAttribute);
LDAPAttribute numFailures = entry.getEntry().getAttributeSet().getAttribute(this.numFailedAttribute);
if (lastFailed != null && numFailures != null) {
long lastFailedTS = Long.parseLong(lastFailed.getStringValue());
int numPrevFailures = Integer.parseInt(numFailures.getStringValue());
long now = new DateTime(DateTimeZone.UTC).getMillis();
long lockedUntil = lastFailedTS + this.maxLockoutTime;
if (logger.isDebugEnabled()) {
logger.debug("Num Failed : " + numPrevFailures);
logger.debug("Last Failed : '" + lastFailedTS + "'");
logger.info("Now : '" + now + "'");
logger.info("Locked Until : '" + lockedUntil + "'");
logger.info("locked >= now? : '" + (lockedUntil >= now) + "'");
logger.info("max fails? : '" + this.maxFailedAttempts + "'");
logger.info("too many fails : '" + (numPrevFailures >= this.maxFailedAttempts) + "'");
}
if (lockedUntil >= now && numPrevFailures >= this.maxFailedAttempts) {
this.updateFailedAttrs(entry.getEntry());
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "User locked out");
}
}
this.updateSuccessAttrs(entry.getEntry());
} catch (LDAPException e) {
if (e.getResultCode() == LDAPException.INVALID_CREDENTIALS) {
this.updateFailedAttrs(entry.getEntry());
}
throw e;
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
Int(net.sourceforge.myvd.types.Int)
DateTime(org.joda.time.DateTime)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
Results(net.sourceforge.myvd.types.Results)
Filter(net.sourceforge.myvd.types.Filter)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
Example 3 with DistinguishedName
use of net.sourceforge.myvd.types.DistinguishedName in project OpenUnison by TremoloSecurity.
the class AuthTOTPInsert method bind.
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
DistinguishedName localdn = new DistinguishedName(new DN(dn.getDN().toString()));
logger.debug("In bind");
SearchInterceptorChain schain = chain.createSearchChain();
ArrayList<Attribute> searchattrs = new ArrayList<Attribute>();
// searchattrs.add(new Attribute(this.attribute));
logger.debug("searching...");
Results res = new Results(chain.getInterceptors(), chain.getPos());
logger.debug("Created res");
schain.nextSearch(localdn, new Int(0), new Filter("(objectClass=*)"), searchattrs, new Bool(false), res, new LDAPSearchConstraints());
logger.debug("ran search");
res.start();
logger.debug("res started");
if (!res.hasMore()) {
logger.debug("user not found");
throw new LDAPException("Could not find " + localdn.getDN().toString(), LDAPException.NO_SUCH_OBJECT, "Could not find " + localdn.getDN().toString());
}
logger.debug("user found");
LDAPEntry entry = res.next().getEntry();
LDAPAttribute key = entry.getAttribute(this.attribute);
if (key == null) {
logger.debug("No key");
throw new LDAPException("Invalid Credentials", LDAPException.NO_SUCH_OBJECT, "Invalid Credentials");
}
try {
String keyjson = key.getStringValue();
if (logger.isDebugEnabled())
logger.debug("token json : '" + keyjson + "'");
Gson gson = new Gson();
Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(this.encyrptionKey), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String totpJson = new String(cipher.doFinal(encBytes));
if (logger.isDebugEnabled())
logger.debug("totp json : '" + totpJson + "'");
TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
b.setWindowSize(this.window);
GoogleAuthenticatorConfig cfg = b.build();
GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
String spwd = new String(pwd.getValue());
if (spwd.indexOf(':') == -1) {
logger.debug("no colon");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
String scode = spwd.substring(spwd.indexOf(':') + 1);
int code = Integer.parseInt(scode);
if (!ga.authorize(totp.getSecretKey(), code)) {
logger.debug("Verify failed");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
logger.debug("verify succeeded");
pwd.setValue(spwd.substring(0, spwd.indexOf(':')).getBytes("UTF-8"));
chain.nextBind(dn, pwd, constraints);
} catch (Exception e) {
logger.error("Could not work", e);
if (e instanceof LDAPException) {
throw ((LDAPException) e);
} else {
throw new LDAPException("Could not decrypt key", LDAPException.OPERATIONS_ERROR, "Could not decrypt key", e);
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
DN(com.novell.ldap.util.DN)
Token(com.tremolosecurity.json.Token)
Int(net.sourceforge.myvd.types.Int)
LDAPEntry(com.novell.ldap.LDAPEntry)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
GoogleAuthenticator(com.warrenstrange.googleauth.GoogleAuthenticator)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
GoogleAuthenticatorConfig(com.warrenstrange.googleauth.GoogleAuthenticatorConfig)
GoogleAuthenticatorConfigBuilder(com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder)
LDAPException(com.novell.ldap.LDAPException)
LDAPException(com.novell.ldap.LDAPException)
Results(net.sourceforge.myvd.types.Results)
Filter(net.sourceforge.myvd.types.Filter)
TOTPKey(com.tremolosecurity.proxy.auth.otp.TOTPKey)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
Example 4 with DistinguishedName
use of net.sourceforge.myvd.types.DistinguishedName in project OpenUnison by TremoloSecurity.
the class MyVDConnection method search.
public LDAPSearchResults search(String base, int scope, String filter, ArrayList<String> attributes) throws LDAPException {
HashMap<Object, Object> request = new HashMap<Object, Object>();
HashMap<Object, Object> session = new HashMap<Object, Object>();
session.put(SessionVariables.BOUND_INTERCEPTORS, new ArrayList<String>());
session.put("MYVD_BINDDN", new DistinguishedName("cn=TremoloAdmin"));
session.put("MYVD_BINDPASS", new Password());
ArrayList<net.sourceforge.myvd.types.Attribute> lattribs = new ArrayList<net.sourceforge.myvd.types.Attribute>();
Iterator<String> it = attributes.iterator();
while (it.hasNext()) {
lattribs.add(new net.sourceforge.myvd.types.Attribute(it.next()));
}
SearchInterceptorChain chain = new SearchInterceptorChain(new DistinguishedName("cn=TremoloAdmin"), new Password(), 0, core.getGlobalChain(), session, request, core.getRouter());
DistinguishedName baseDN = new DistinguishedName(base);
if (filter.contains("\\,")) {
filter = filter.replaceAll("[\\\\][,]", "\\\\5C,");
}
Filter searchFilter = new Filter(filter);
Results res = new Results(core.getGlobalChain(), 0);
chain.nextSearch(baseDN, new Int(scope), searchFilter, lattribs, new Bool(false), res, new LDAPSearchConstraints());
return new EntrySetSearchResults(res);
}
Also used :
HashMap(java.util.HashMap)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
ArrayList(java.util.ArrayList)
EntrySetSearchResults(net.sourceforge.myvd.chain.jdbcLdapImpl.EntrySetSearchResults)
Int(net.sourceforge.myvd.types.Int)
Filter(net.sourceforge.myvd.types.Filter)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
EntrySetSearchResults(net.sourceforge.myvd.chain.jdbcLdapImpl.EntrySetSearchResults)
Results(net.sourceforge.myvd.types.Results)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
Password(net.sourceforge.myvd.types.Password)
Aggregations
DistinguishedName (net.sourceforge.myvd.types.DistinguishedName)4
LDAPAttribute (com.novell.ldap.LDAPAttribute)3
LDAPSearchConstraints (com.novell.ldap.LDAPSearchConstraints)3
SearchInterceptorChain (net.sourceforge.myvd.chain.SearchInterceptorChain)3
Bool (net.sourceforge.myvd.types.Bool)3
Filter (net.sourceforge.myvd.types.Filter)3
Int (net.sourceforge.myvd.types.Int)3
Results (net.sourceforge.myvd.types.Results)3
LDAPEntry (com.novell.ldap.LDAPEntry)2
LDAPException (com.novell.ldap.LDAPException)2
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
Attribute (net.sourceforge.myvd.types.Attribute)2
Password (net.sourceforge.myvd.types.Password)2
Gson (com.google.gson.Gson)1
LDAPConstraints (com.novell.ldap.LDAPConstraints)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
DN (com.novell.ldap.util.DN)1
Token (com.tremolosecurity.json.Token)1
TOTPKey (com.tremolosecurity.proxy.auth.otp.TOTPKey)1
