From 79cad53bba094cffa1d25581edbf4972a5158cd4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 29 Nov 2013 11:03:01 -0500
Subject: [PATCH] Update to Moxie 0.9.1

---
 src/main/java/com/gitblit/LdapUserService.java |   91 ++++++++++++++++++++++++++++-----------------
 1 files changed, 57 insertions(+), 34 deletions(-)

diff --git a/src/main/java/com/gitblit/LdapUserService.java b/src/main/java/com/gitblit/LdapUserService.java
index db38c52..e6951b4 100644
--- a/src/main/java/com/gitblit/LdapUserService.java
+++ b/src/main/java/com/gitblit/LdapUserService.java
@@ -20,6 +20,7 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.security.GeneralSecurityException;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -30,19 +31,23 @@
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.Constants.AccountType;
+import com.gitblit.manager.IRuntimeManager;
 import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.StringUtils;
 import com.unboundid.ldap.sdk.Attribute;
+import com.unboundid.ldap.sdk.DereferencePolicy;
 import com.unboundid.ldap.sdk.ExtendedResult;
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPException;
 import com.unboundid.ldap.sdk.LDAPSearchException;
 import com.unboundid.ldap.sdk.ResultCode;
+import com.unboundid.ldap.sdk.SearchRequest;
 import com.unboundid.ldap.sdk.SearchResult;
 import com.unboundid.ldap.sdk.SearchResultEntry;
 import com.unboundid.ldap.sdk.SearchScope;
+import com.unboundid.ldap.sdk.SimpleBindRequest;
 import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
 import com.unboundid.util.ssl.SSLUtil;
 import com.unboundid.util.ssl.TrustAllTrustManager;
@@ -79,7 +84,8 @@
 	public void setup(IStoredSettings settings) {
 		this.settings = settings;
 		String file = settings.getString(Keys.realm.ldap.backingUserService, "${baseFolder}/users.conf");
-		File realmFile = GitBlit.getFileOrFolder(file);
+		IRuntimeManager runtimeManager = GitBlit.getManager(IRuntimeManager.class);
+		File realmFile = runtimeManager.getFileOrFolder(file);
 
 		serviceImpl = createUserService(realmFile);
 		logger.info("LDAP User Service backed by " + serviceImpl.toString());
@@ -161,46 +167,42 @@
 
 	private LDAPConnection getLdapConnection() {
 		try {
+			
 			URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
+			String ldapHost = ldapUrl.getHost();
+			int ldapPort = ldapUrl.getPort();
 			String bindUserName = settings.getString(Keys.realm.ldap.username, "");
 			String bindPassword = settings.getString(Keys.realm.ldap.password, "");
-			int ldapPort = ldapUrl.getPort();
 
+			
+			LDAPConnection conn;
 			if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {	// SSL
-				if (ldapPort == -1)	// Default Port
-					ldapPort = 636;
-
-				LDAPConnection conn;
 				SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
-				if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
-					 conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort);
-				} else {
-					 conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
-				}
-				return conn;
+				conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
+			} else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {	// no encryption or StartTLS
+				conn = new LDAPConnection();
 			} else {
-				if (ldapPort == -1)	// Default Port
-					ldapPort = 389;
-
-				LDAPConnection conn;
-				if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
-					conn = new LDAPConnection(ldapUrl.getHost(), ldapPort);
-				} else {
-					conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
-				}
-
-				if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
-					SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
-
-					ExtendedResult extendedResult = conn.processExtendedOperation(
-						new StartTLSExtendedRequest(sslUtil.createSSLContext()));
-
-					if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
-						throw new LDAPException(extendedResult.getResultCode());
-					}
-				}
-				return conn;
+				logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
+				return null;
 			}
+			
+			conn.connect(ldapHost, ldapPort);
+			
+			if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
+				SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
+				ExtendedResult extendedResult = conn.processExtendedOperation(
+						new StartTLSExtendedRequest(sslUtil.createSSLContext()));
+				if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
+					throw new LDAPException(extendedResult.getResultCode());
+				}
+			}
+
+			if ( ! StringUtils.isEmpty(bindUserName) || ! StringUtils.isEmpty(bindPassword)) {
+				conn.bind(new SimpleBindRequest(bindUserName, bindPassword));
+			}
+			
+			return conn;
+
 		} catch (URISyntaxException e) {
 			logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
 		} catch (GeneralSecurityException e) {
@@ -407,7 +409,7 @@
 		for (Attribute userAttribute : loggingInUser.getAttributes())
 			groupMemberPattern = StringUtils.replace(groupMemberPattern, "${" + userAttribute.getName() + "}", escapeLDAPSearchFilter(userAttribute.getValue()));
 
-		SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, groupMemberPattern);
+		SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, true, groupMemberPattern, Arrays.asList("cn"));
 		if (teamMembershipResult != null && teamMembershipResult.getEntryCount() > 0) {
 			for (int i = 0; i < teamMembershipResult.getEntryCount(); i++) {
 				SearchResultEntry teamEntry = teamMembershipResult.getSearchEntries().get(i);
@@ -439,7 +441,28 @@
 			return null;
 		}
 	}
+	
+	private SearchResult doSearch(LDAPConnection ldapConnection, String base, boolean dereferenceAliases, String filter, List<String> attributes) {
+		try {
+			SearchRequest searchRequest = new SearchRequest(base, SearchScope.SUB, filter);
+			if ( dereferenceAliases ) {
+				searchRequest.setDerefPolicy(DereferencePolicy.SEARCHING);
+			}
+			if (attributes != null) {
+				searchRequest.setAttributes(attributes);
+			}
+			return ldapConnection.search(searchRequest);
 
+		} catch (LDAPSearchException e) {
+			logger.error("Problem Searching LDAP", e);
+
+			return null;
+		} catch (LDAPException e) {
+			logger.error("Problem creating LDAP search", e);
+			return null;
+		}
+	}
+	
 	private boolean isAuthenticated(LDAPConnection ldapConnection, String userDn, String password) {
 		try {
 			// Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN

--
Gitblit v1.9.1