diff options
Diffstat (limited to 'base/server/cmscore/src/com')
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java | 80 |
1 files changed, 30 insertions, 50 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/base/server/cmscore/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java index 692dc49d6..07092aa07 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java +++ b/base/server/cmscore/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java @@ -17,12 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPSearchResults; -import netscape.ldap.LDAPv2; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.AuthToken; import com.netscape.certsrv.authentication.EInvalidCredentials; @@ -38,10 +32,11 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmscore.dbs.DBSubsystem; import com.netscape.cmscore.ldapconn.LdapAnonConnFactory; -import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; import com.netscape.cmscore.ldapconn.LdapConnInfo; import com.netscape.cmscore.usrgrp.UGSubsystem; -import com.netscape.cmscore.util.Debug; + +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPException; /** * Certificate Server admin authentication. @@ -64,8 +59,6 @@ public class PasswdUserDBAuthentication implements IAuthManager, IPasswdUserDBAu private String mName = null; private String mImplName = null; private IConfigStore mConfig; - private String mBaseDN = null; - private LdapBoundConnFactory mConnFactory = null; private LdapAnonConnFactory mAnonConnFactory = null; private ILogger mLogger = CMS.getLogger(); @@ -94,8 +87,6 @@ public class PasswdUserDBAuthentication implements IAuthManager, IPasswdUserDBAu if (ldapinfo == null && CMS.isPreOpMode()) return; - mBaseDN = dbs.getBaseDN(); - mConnFactory = new LdapBoundConnFactory("PasswdUserDBAuthentication", 3, 20, ldapinfo, dbs.getLdapAuthInfo()); mAnonConnFactory = new LdapAnonConnFactory("PasswdUserDBAuthentication", 3, 20, ldapinfo); log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_INIT_AUTH", mName)); @@ -124,76 +115,66 @@ public class PasswdUserDBAuthentication implements IAuthManager, IPasswdUserDBAu // make sure the required credentials are provided String uid = (String) authCred.get(CRED_UID); - CMS.debug("Authentication: UID=" + uid); + CMS.debug("PasswdUserDBAuthentication: UID: " + uid); if (uid == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_MISSING_UID")); throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID)); } - String pwd = (String) authCred.get(CRED_PWD); + String pwd = (String) authCred.get(CRED_PWD); if (pwd == null) { log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NULL_PW", uid)); throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD)); } + // don't allow anonymous binding if (pwd == "") { log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_EMPTY_PW", uid)); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - String userdn = null; - LDAPConnection conn = null; + UGSubsystem ug = UGSubsystem.getInstance(); + IUser user; + + try { + user = ug.getUser(uid); + } catch (EBaseException e) { + CMS.debug(e); + // not a user in our user/group database. + log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString())); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL") + " " + e.getMessage()); + } + + if (user == null) { + CMS.debug("PasswdUserDBAuthentication: User not found: " + uid); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", + "Failure in User Group subsystem.")); + } + + String userdn = user.getUserDN(); + CMS.debug("PasswdUserDBAuthentication: DN: " + userdn); + LDAPConnection anonConn = null; try { - conn = mConnFactory.getConn(); - // do anonymous search for the user's dn. - LDAPSearchResults res = conn.search(mBaseDN, - LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false); - - if (res.hasMoreElements()) { - LDAPEntry entry = (LDAPEntry) res.nextElement(); - - userdn = entry.getDN(); - } - if (userdn == null) { - log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_ADMIN_NOT_FOUND", uid)); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); - } anonConn = mAnonConnFactory.getConn(); anonConn.authenticate(userdn, pwd); + } catch (LDAPException e) { log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, e.toString())); throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + } finally { - if (conn != null) - mConnFactory.returnConn(conn); if (anonConn != null) mAnonConnFactory.returnConn(anonConn); } - UGSubsystem ug = UGSubsystem.getInstance(); - authToken.set(TOKEN_USERDN, userdn); authToken.set(CRED_UID, uid); // return original uid for info - IUser user = null; - - try { - user = ug.getUser(uid); - } catch (EBaseException e) { - if (Debug.ON) - e.printStackTrace(); - // not a user in our user/group database. - log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString())); - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL") + " " + e.getMessage()); - } - if (user == null) { - throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", - "Failure in User Group subsystem.")); - } authToken.set(TOKEN_USERDN, user.getUserDN()); authToken.set(TOKEN_USERID, user.getUserID()); + log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid)); return authToken; @@ -241,7 +222,6 @@ public class PasswdUserDBAuthentication implements IAuthManager, IPasswdUserDBAu public void shutdown() { try { // disconnect all outstanding connections in the factory - if (mConnFactory != null) mConnFactory.reset(); if (mAnonConnFactory != null) mAnonConnFactory.reset(); } catch (ELdapException e) { log(ILogger.LL_FAILURE, e.toString()); |