use of net.sourceforge.myvd.types.Results in project OpenUnison by TremoloSecurity.
the class AuthLockoutInsert method bind.
@Override
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
Results results = new Results(null, chain.getPositionInChain(this) + 1);
SearchInterceptorChain schain = chain.createSearchChain(chain.getPositionInChain(this) + 1);
schain.nextSearch(new DistinguishedName(dn.getDN()), new Int(0), new Filter("(objectClass=*)"), new ArrayList<Attribute>(), new Bool(false), results, new LDAPSearchConstraints());
results.start();
if (!results.hasMore()) {
throw new LDAPException("No such object", LDAPException.NO_SUCH_OBJECT, "Could not find dn");
}
Entry entry = results.next();
while (results.hasMore()) {
results.next();
}
try {
chain.nextBind(dn, pwd, constraints);
LDAPAttribute lastFailed = entry.getEntry().getAttributeSet().getAttribute(this.lastFailedAttribute);
LDAPAttribute numFailures = entry.getEntry().getAttributeSet().getAttribute(this.numFailedAttribute);
if (lastFailed != null && numFailures != null) {
long lastFailedTS = Long.parseLong(lastFailed.getStringValue());
int numPrevFailures = Integer.parseInt(numFailures.getStringValue());
long now = new DateTime(DateTimeZone.UTC).getMillis();
long lockedUntil = lastFailedTS + this.maxLockoutTime;
if (logger.isDebugEnabled()) {
logger.debug("Num Failed : " + numPrevFailures);
logger.debug("Last Failed : '" + lastFailedTS + "'");
logger.info("Now : '" + now + "'");
logger.info("Locked Until : '" + lockedUntil + "'");
logger.info("locked >= now? : '" + (lockedUntil >= now) + "'");
logger.info("max fails? : '" + this.maxFailedAttempts + "'");
logger.info("too many fails : '" + (numPrevFailures >= this.maxFailedAttempts) + "'");
}
if (lockedUntil >= now && numPrevFailures >= this.maxFailedAttempts) {
this.updateFailedAttrs(entry.getEntry());
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "User locked out");
}
}
this.updateSuccessAttrs(entry.getEntry());
} catch (LDAPException e) {
if (e.getResultCode() == LDAPException.INVALID_CREDENTIALS) {
this.updateFailedAttrs(entry.getEntry());
}
throw e;
}
}
use of net.sourceforge.myvd.types.Results in project OpenUnison by TremoloSecurity.
the class AuthTOTPInsert method bind.
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
DistinguishedName localdn = new DistinguishedName(new DN(dn.getDN().toString()));
logger.debug("In bind");
SearchInterceptorChain schain = chain.createSearchChain();
ArrayList<Attribute> searchattrs = new ArrayList<Attribute>();
// searchattrs.add(new Attribute(this.attribute));
logger.debug("searching...");
Results res = new Results(chain.getInterceptors(), chain.getPos());
logger.debug("Created res");
schain.nextSearch(localdn, new Int(0), new Filter("(objectClass=*)"), searchattrs, new Bool(false), res, new LDAPSearchConstraints());
logger.debug("ran search");
res.start();
logger.debug("res started");
if (!res.hasMore()) {
logger.debug("user not found");
throw new LDAPException("Could not find " + localdn.getDN().toString(), LDAPException.NO_SUCH_OBJECT, "Could not find " + localdn.getDN().toString());
}
logger.debug("user found");
LDAPEntry entry = res.next().getEntry();
LDAPAttribute key = entry.getAttribute(this.attribute);
if (key == null) {
logger.debug("No key");
throw new LDAPException("Invalid Credentials", LDAPException.NO_SUCH_OBJECT, "Invalid Credentials");
}
try {
String keyjson = key.getStringValue();
if (logger.isDebugEnabled())
logger.debug("token json : '" + keyjson + "'");
Gson gson = new Gson();
Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(this.encyrptionKey), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String totpJson = new String(cipher.doFinal(encBytes));
if (logger.isDebugEnabled())
logger.debug("totp json : '" + totpJson + "'");
TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
b.setWindowSize(this.window);
GoogleAuthenticatorConfig cfg = b.build();
GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
String spwd = new String(pwd.getValue());
if (spwd.indexOf(':') == -1) {
logger.debug("no colon");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
String scode = spwd.substring(spwd.indexOf(':') + 1);
int code = Integer.parseInt(scode);
if (!ga.authorize(totp.getSecretKey(), code)) {
logger.debug("Verify failed");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
logger.debug("verify succeeded");
pwd.setValue(spwd.substring(0, spwd.indexOf(':')).getBytes("UTF-8"));
chain.nextBind(dn, pwd, constraints);
} catch (Exception e) {
logger.error("Could not work", e);
if (e instanceof LDAPException) {
throw ((LDAPException) e);
} else {
throw new LDAPException("Could not decrypt key", LDAPException.OPERATIONS_ERROR, "Could not decrypt key", e);
}
}
}
use of net.sourceforge.myvd.types.Results in project OpenUnison by TremoloSecurity.
the class MyVDConnection method search.
public LDAPSearchResults search(String base, int scope, String filter, ArrayList<String> attributes) throws LDAPException {
HashMap<Object, Object> request = new HashMap<Object, Object>();
HashMap<Object, Object> session = new HashMap<Object, Object>();
session.put(SessionVariables.BOUND_INTERCEPTORS, new ArrayList<String>());
session.put("MYVD_BINDDN", new DistinguishedName("cn=TremoloAdmin"));
session.put("MYVD_BINDPASS", new Password());
ArrayList<net.sourceforge.myvd.types.Attribute> lattribs = new ArrayList<net.sourceforge.myvd.types.Attribute>();
Iterator<String> it = attributes.iterator();
while (it.hasNext()) {
lattribs.add(new net.sourceforge.myvd.types.Attribute(it.next()));
}
SearchInterceptorChain chain = new SearchInterceptorChain(new DistinguishedName("cn=TremoloAdmin"), new Password(), 0, core.getGlobalChain(), session, request, core.getRouter());
DistinguishedName baseDN = new DistinguishedName(base);
if (filter.contains("\\,")) {
filter = filter.replaceAll("[\\\\][,]", "\\\\5C,");
}
Filter searchFilter = new Filter(filter);
Results res = new Results(core.getGlobalChain(), 0);
chain.nextSearch(baseDN, new Int(scope), searchFilter, lattribs, new Bool(false), res, new LDAPSearchConstraints());
return new EntrySetSearchResults(res);
}
Aggregations