Example 6 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class AuthTOTPInsert method bind.
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
DistinguishedName localdn = new DistinguishedName(new DN(dn.getDN().toString()));
logger.debug("In bind");
SearchInterceptorChain schain = chain.createSearchChain();
ArrayList<Attribute> searchattrs = new ArrayList<Attribute>();
// searchattrs.add(new Attribute(this.attribute));
logger.debug("searching...");
Results res = new Results(chain.getInterceptors(), chain.getPos());
logger.debug("Created res");
schain.nextSearch(localdn, new Int(0), new Filter("(objectClass=*)"), searchattrs, new Bool(false), res, new LDAPSearchConstraints());
logger.debug("ran search");
res.start();
logger.debug("res started");
if (!res.hasMore()) {
logger.debug("user not found");
throw new LDAPException("Could not find " + localdn.getDN().toString(), LDAPException.NO_SUCH_OBJECT, "Could not find " + localdn.getDN().toString());
}
logger.debug("user found");
LDAPEntry entry = res.next().getEntry();
LDAPAttribute key = entry.getAttribute(this.attribute);
if (key == null) {
logger.debug("No key");
throw new LDAPException("Invalid Credentials", LDAPException.NO_SUCH_OBJECT, "Invalid Credentials");
}
try {
String keyjson = key.getStringValue();
if (logger.isDebugEnabled())
logger.debug("token json : '" + keyjson + "'");
Gson gson = new Gson();
Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(this.encyrptionKey), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String totpJson = new String(cipher.doFinal(encBytes));
if (logger.isDebugEnabled())
logger.debug("totp json : '" + totpJson + "'");
TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
b.setWindowSize(this.window);
GoogleAuthenticatorConfig cfg = b.build();
GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
String spwd = new String(pwd.getValue());
if (spwd.indexOf(':') == -1) {
logger.debug("no colon");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
String scode = spwd.substring(spwd.indexOf(':') + 1);
int code = Integer.parseInt(scode);
if (!ga.authorize(totp.getSecretKey(), code)) {
logger.debug("Verify failed");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
logger.debug("verify succeeded");
pwd.setValue(spwd.substring(0, spwd.indexOf(':')).getBytes("UTF-8"));
chain.nextBind(dn, pwd, constraints);
} catch (Exception e) {
logger.error("Could not work", e);
if (e instanceof LDAPException) {
throw ((LDAPException) e);
} else {
throw new LDAPException("Could not decrypt key", LDAPException.OPERATIONS_ERROR, "Could not decrypt key", e);
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
DN(com.novell.ldap.util.DN)
Token(com.tremolosecurity.json.Token)
Int(net.sourceforge.myvd.types.Int)
LDAPEntry(com.novell.ldap.LDAPEntry)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
GoogleAuthenticator(com.warrenstrange.googleauth.GoogleAuthenticator)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
GoogleAuthenticatorConfig(com.warrenstrange.googleauth.GoogleAuthenticatorConfig)
GoogleAuthenticatorConfigBuilder(com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder)
LDAPException(com.novell.ldap.LDAPException)
LDAPException(com.novell.ldap.LDAPException)
Results(net.sourceforge.myvd.types.Results)
Filter(net.sourceforge.myvd.types.Filter)
TOTPKey(com.tremolosecurity.proxy.auth.otp.TOTPKey)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
Example 7 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class MyVDConnection method search.
public LDAPSearchResults search(String base, int scope, String filter, ArrayList<String> attributes) throws LDAPException {
HashMap<Object, Object> request = new HashMap<Object, Object>();
HashMap<Object, Object> session = new HashMap<Object, Object>();
session.put(SessionVariables.BOUND_INTERCEPTORS, new ArrayList<String>());
session.put("MYVD_BINDDN", new DistinguishedName("cn=TremoloAdmin"));
session.put("MYVD_BINDPASS", new Password());
ArrayList<net.sourceforge.myvd.types.Attribute> lattribs = new ArrayList<net.sourceforge.myvd.types.Attribute>();
Iterator<String> it = attributes.iterator();
while (it.hasNext()) {
lattribs.add(new net.sourceforge.myvd.types.Attribute(it.next()));
}
SearchInterceptorChain chain = new SearchInterceptorChain(new DistinguishedName("cn=TremoloAdmin"), new Password(), 0, core.getGlobalChain(), session, request, core.getRouter());
DistinguishedName baseDN = new DistinguishedName(base);
if (filter.contains("\\,")) {
filter = filter.replaceAll("[\\\\][,]", "\\\\5C,");
}
Filter searchFilter = new Filter(filter);
Results res = new Results(core.getGlobalChain(), 0);
chain.nextSearch(baseDN, new Int(scope), searchFilter, lattribs, new Bool(false), res, new LDAPSearchConstraints());
return new EntrySetSearchResults(res);
}
Also used :
HashMap(java.util.HashMap)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
ArrayList(java.util.ArrayList)
EntrySetSearchResults(net.sourceforge.myvd.chain.jdbcLdapImpl.EntrySetSearchResults)
Int(net.sourceforge.myvd.types.Int)
Filter(net.sourceforge.myvd.types.Filter)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
EntrySetSearchResults(net.sourceforge.myvd.chain.jdbcLdapImpl.EntrySetSearchResults)
Results(net.sourceforge.myvd.types.Results)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
Password(net.sourceforge.myvd.types.Password)
Example 8 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDB method addBaseToFilter.
private Filter addBaseToFilter(DistinguishedName base, Filter filter) {
String rdnName, rdnVal;
RDN rdn = (RDN) base.getDN().getRDNs().get(0);
rdnName = rdn.getType();
rdnVal = rdn.getValue();
ArrayList<FilterNode> ands = new ArrayList<FilterNode>();
ands.add(new FilterNode(FilterType.EQUALS, rdnName, rdnVal));
try {
ands.add((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
FilterNode newroot = new FilterNode(FilterType.AND, ands);
filter = new Filter(newroot);
return filter;
}
Also used :
Filter(net.sourceforge.myvd.types.Filter)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
RDN(com.novell.ldap.util.RDN)
Example 9 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDB method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
boolean addBase = false;
boolean addUser = false;
boolean addGroups = false;
boolean searchUsers = false;
boolean searchGroups = false;
Filter filterToUser = null;
Iterator<Item> userResults = null;
Iterator<Item> groupResults = null;
try {
filterToUser = new Filter((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
if (scope.getValue() == 0) {
if (base.getDN().equals(this.baseDN)) {
addBase = true;
} else if (base.getDN().equals(this.userDN)) {
addUser = true;
} else if (base.getDN().equals(this.groupDN)) {
addGroups = true;
} else if (base.getDN().toString().endsWith(this.userDN.toString())) {
searchUsers = true;
filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().toString().endsWith(this.groupDN.toString())) {
searchGroups = true;
filterToUser = this.addBaseToFilter(base, filterToUser);
} else {
throw new LDAPException("Object not found", LDAPException.NO_SUCH_OBJECT, base.getDN().toString());
}
} else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
addUser = true;
addGroups = true;
} else if (base.getDN().equals(userDN)) {
searchUsers = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(groupDN)) {
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
}
} else if (scope.getValue() == 2) {
if (base.getDN().equals(this.baseDN)) {
addBase = true;
addUser = true;
addGroups = true;
searchUsers = true;
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(userDN) || base.getDN().toString().endsWith(this.userDN.toString())) {
searchUsers = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(groupDN) || base.getDN().toString().endsWith(this.groupDN.toString())) {
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
}
}
ArrayList<Entry> baseEntries = new ArrayList<Entry>();
if (addBase) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
}
if (addUser) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.userDN)));
}
if (addGroups) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.groupDN)));
}
if (searchUsers) {
userResults = this.searchAmazonSimpleDB(true, filterToUser, attributes);
}
if (searchGroups) {
groupResults = this.searchAmazonSimpleDB(false, filterToUser, attributes);
}
chain.addResult(results, new AmazonSimpleDBEntrySet(this.baseDN.toString(), baseEntries.iterator(), userResults, groupResults, filterToUser), base, scope, filterToUser, attributes, typesOnly, constraints);
}
Also used :
Item(com.amazonaws.services.simpledb.model.Item)
Entry(net.sourceforge.myvd.types.Entry)
LDAPException(com.novell.ldap.LDAPException)
Filter(net.sourceforge.myvd.types.Filter)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
Example 10 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class MongoInsert method search.
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
boolean addBase = false;
boolean addCollection = false;
boolean oneEntry = false;
boolean listCollections = false;
boolean searchUsers = false;
Bson mongoFilter = null;
Filter filterToUser = null;
try {
filterToUser = new Filter((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
String localBase = this.getLocalBase(base.getDN().toString());
String collectionName = this.getCollection(localBase);
Attribute rdn = null;
if (!localBase.isEmpty()) {
rdn = this.getRDN(localBase);
}
if (scope.getValue() == 0) {
if (localBase.isEmpty()) {
addBase = true;
} else if (rdn == null) {
addCollection = true;
} else {
oneEntry = true;
}
} else if (scope.getValue() == 1) {
addBase = false;
if (localBase.isEmpty()) {
listCollections = true;
} else {
searchUsers = true;
}
} else {
// scope == 2
addBase = true;
if (localBase.isEmpty()) {
listCollections = true;
}
searchUsers = true;
}
// create results
ArrayList<Entry> res = new ArrayList<Entry>();
StringBuffer b = new StringBuffer();
if (addBase) {
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(this.nameSpace.getBase().getDN().toString()))), filter, res);
}
if (listCollections) {
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
b.setLength(0);
b.append("ou=").append(ou).append(",").append(this.nameSpace.getBase().getDN().toString());
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(b.toString()))), filter, res);
}
}
if (addCollection) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
b.setLength(0);
b.append("ou=").append(ou).append(",").append(this.nameSpace.getBase().getDN().toString());
this.addToEntry(new Entry(EntryUtil.createBaseEntry(new DN(b.toString()))), filter, res);
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
}
if (oneEntry) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
// first see if we get results with the filter
ArrayList<FilterNode> children = new ArrayList<FilterNode>();
children.add(new FilterNode(FilterType.EQUALS, rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
children.add(filterToUser.getRoot());
FilterNode and = new FilterNode(FilterType.AND, children);
mongoFilter = this.convertFilterToMongo(and);
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(mongoFilter);
if (searchRes == null) {
// nothing, need to know if the object exists or if its just the filter that didn't match
searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(eq(rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
if (searchRes == null) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
Document doc = searchRes.first();
if (doc == null) {
// nothing, need to know if the object exists or if its just the filter that didn't match
searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(eq(rdn.getAttribute().getName(), rdn.getAttribute().getStringValue()));
if (searchRes.first() == null) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
res.add(createEntry(doc, collectionName));
}
}
}
if (searchUsers) {
mongoFilter = this.convertFilterToMongo(filter.getRoot());
if (collectionName != null) {
boolean found = false;
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
if (ou.equalsIgnoreCase(collectionName)) {
found = true;
}
}
if (!found) {
throw new LDAPException("Could not find object", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(collectionName).find(mongoFilter);
for (Document doc : searchRes) {
res.add(createEntry(doc, collectionName));
}
} else {
for (String ou : mongo.getDatabase(this.database).listCollectionNames()) {
FindIterable<Document> searchRes = mongo.getDatabase(this.database).getCollection(ou).find(mongoFilter);
for (Document doc : searchRes) {
res.add(createEntry(doc, ou));
}
}
}
}
chain.addResult(results, new IteratorEntrySet(res.iterator()), base, scope, filterToUser, attributes, typesOnly, constraints);
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
DN(com.novell.ldap.util.DN)
Document(org.bson.Document)
Bson(org.bson.conversions.Bson)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
Filter(net.sourceforge.myvd.types.Filter)
Aggregations
Filter (net.sourceforge.myvd.types.Filter)11
ArrayList (java.util.ArrayList)10
LDAPException (com.novell.ldap.LDAPException)8
LDAPAttribute (com.novell.ldap.LDAPAttribute)6
FilterNode (net.sourceforge.myvd.types.FilterNode)6
LDAPEntry (com.novell.ldap.LDAPEntry)5
Entry (net.sourceforge.myvd.types.Entry)5
Attribute (net.sourceforge.myvd.types.Attribute)4
LDAPSearchConstraints (com.novell.ldap.LDAPSearchConstraints)3
RDN (com.novell.ldap.util.RDN)3
SearchInterceptorChain (net.sourceforge.myvd.chain.SearchInterceptorChain)3
Bool (net.sourceforge.myvd.types.Bool)3
DistinguishedName (net.sourceforge.myvd.types.DistinguishedName)3
Int (net.sourceforge.myvd.types.Int)3
Results (net.sourceforge.myvd.types.Results)3
Item (com.amazonaws.services.simpledb.model.Item)2
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)2
DN (com.novell.ldap.util.DN)2
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)2
Gson (com.google.gson.Gson)1
