Beispiel #1
0
        public static byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer)
        {
            if (!settings.EnableLdapAuthentication)
            {
                return(OPERATION_OK);
            }
            string password;

            try
            {
                password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
            }
            catch
            {
                password = string.Empty;
            }
            try
            {
                if (settings.Authentication)
                {
                    CheckCredentials(settings.Login, password, settings.Server, settings.PortNumber);
                }
                if (!CheckServerAndPort(settings.Server, settings.PortNumber,
                                        settings.Authentication, settings.Login, password))
                {
                    return(WRONG_SERVER_OR_PORT);
                }
            }
            catch (DirectoryServicesCOMException)
            {
                return(CREDENTIALS_NOT_VALID);
            }
            catch (COMException)
            {
                return(WRONG_SERVER_OR_PORT);
            }

            if (!CheckUserDN(settings.UserDN, settings.Server, settings.PortNumber,
                             settings.Authentication, settings.Login, password))
            {
                return(WRONG_USER_DN);
            }
            try
            {
                importer.AllDomainUsers = GetUsersByAttributes(settings);
            }
            catch (ArgumentException)
            {
                _log.ErrorFormat("Incorrect filter. userFilter = {0}", settings.UserFilter);
                return(INCORRECT_LDAP_FILTER);
            }
            if (importer.AllDomainUsers == null || importer.AllDomainUsers.Count == 0)
            {
                _log.ErrorFormat("Any user is not found. userDN = {0}", settings.UserDN);
                return(USERS_NOT_FOUND);
            }
            if (!CheckLoginAttribute(importer.AllDomainUsers[0], settings.LoginAttribute))
            {
                return(WRONG_LOGIN_ATTRIBUTE);
            }
            if (settings.GroupMembership)
            {
                if (!CheckGroupDNAndGroupName(settings.GroupDN, settings.GroupName, settings.Server,
                                              settings.PortNumber, settings.Authentication, settings.Login, password))
                {
                    return(WRONG_GROUP_DN_OR_GROUP_NAME);
                }

                importer.DomainGroups = GetGroupsByParameter(settings);
                if (importer.DomainGroups == null || importer.DomainGroups.Count == 0)
                {
                    return(GROUPS_NOT_FOUND);
                }

                if (!CheckGroupAttribute(importer.DomainGroups[0], settings.GroupAttribute))
                {
                    return(WRONG_GROUP_ATTRIBUTE);
                }
                if (!CheckUserAttribute(importer.AllDomainUsers[0], settings.UserAttribute))
                {
                    return(WRONG_USER_ATTRIBUTE);
                }
            }
            return(OPERATION_OK);
        }
        public static bool TryLdapAuth(string login, string password)
        {
            if (!SetupInfo.IsVisibleSettings(ManagementType.LdapSettings.ToString()))
            {
                return false;
            }
            
            var settings = SettingsManager.Instance.LoadSettings<LDAPSupportSettings>(TenantProvider.CurrentTenantID);
            if (!settings.EnableLdapAuthentication)
            {
                return false;
            }
            try
            {
                var importer = new LDAPUserImporter();
                try
                {
                    ADDomain.CheckCredentials(login, password, settings.Server, settings.PortNumber);
                }
                catch (Exception)
                {
                    return false;
                }

                var sid = importer.GetSidOfCurrentUser(login, settings);
                if (sid == null)
                {
                    return false;
                }
                importer.GetDiscoveredGroupsByAttributes(settings);
                var userInfo = CoreContext.UserManager.GetUserBySid( "l" + sid);
                if (userInfo == ASC.Core.Users.Constants.LostUser)
                {
                    userInfo = CoreContext.UserManager.GetUserBySid(sid);
                    if (userInfo == ASC.Core.Users.Constants.LostUser)
                    {
                        userInfo = importer.GetDiscoveredUser(settings, sid);
                        if (userInfo == ASC.Core.Users.Constants.LostUser)
                        {
                            return false;
                        }
                        try
                        {
                            SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
                            if (TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers)
                            {
                                userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false);
                            }
                            else
                            {
                                userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false, true);
                            }
                            importer.AddUserIntoGroups(userInfo, settings);
                            importer.AddUserInCacheGroups(userInfo);
                        }
                        finally
                        {
                            SecurityContext.Logout();
                        }
                    }
                }
                else
                {
                    if (importer.GetDiscoveredUser(settings, sid) == ASC.Core.Users.Constants.LostUser)
                    {
                        return false;
                    }
                    userInfo.Sid = sid;
                    try
                    {
                        SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
                        if (TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers)
                        {
                            userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false);
                        }
                        else
                        {
                            userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false, true);
                        }
                    }
                    finally
                    {
                        SecurityContext.Logout();
                    }
                }
                var cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID);
                CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey);
                return true;
            }
            catch (Exception e)
            {
                ADDomain.LogError(e.Message);
                return false;
            }
        }
 public abstract byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer, bool acceptCertificate = false);
Beispiel #4
0
        public static byte CheckSettings(LDAPSupportSettings settings, LDAPUserImporter importer)
        {
            if (!settings.EnableLdapAuthentication)
            {
                return OPERATION_OK;
            }
            string password;
            try
            {
                password = new UnicodeEncoding().GetString(InstanceCrypto.Decrypt(settings.PasswordBytes));
            }
            catch
            {
                password = string.Empty;
            }
            try
            {
                if (settings.Authentication)
                {
                    CheckCredentials(settings.Login, password, settings.Server, settings.PortNumber);
                }
                if (!CheckServerAndPort(settings.Server, settings.PortNumber,
                        settings.Authentication, settings.Login, password))
                {
                    return WRONG_SERVER_OR_PORT;
                }
            }
            catch (DirectoryServicesCOMException)
            {
                return CREDENTIALS_NOT_VALID;
            }
            catch (COMException)
            {
                return WRONG_SERVER_OR_PORT;
            }
            
            if (!CheckUserDN(settings.UserDN, settings.Server, settings.PortNumber,
                    settings.Authentication, settings.Login, password))
            {
                return WRONG_USER_DN;
            }
            try
            {
                importer.AllDomainUsers = GetUsersByAttributes(settings);
            }
            catch (ArgumentException)
            {
                _log.ErrorFormat("Incorrect filter. userFilter = {0}", settings.UserFilter);
                return INCORRECT_LDAP_FILTER;
            }
            if (importer.AllDomainUsers == null || importer.AllDomainUsers.Count == 0)
            {
                _log.ErrorFormat("Any user is not found. userDN = {0}", settings.UserDN);
                return USERS_NOT_FOUND;
            }
            if (!CheckLoginAttribute(importer.AllDomainUsers[0], settings.LoginAttribute))
            {
                return WRONG_LOGIN_ATTRIBUTE;
            }
            if (settings.GroupMembership)
            {
                if (!CheckGroupDNAndGroupName(settings.GroupDN, settings.GroupName, settings.Server,
                    settings.PortNumber, settings.Authentication, settings.Login, password))
                {
                    return WRONG_GROUP_DN_OR_GROUP_NAME;
                }

                importer.DomainGroups = GetGroupsByParameter(settings);
                if (importer.DomainGroups == null || importer.DomainGroups.Count == 0)
                {
                    return GROUPS_NOT_FOUND;
                }

                if (!CheckGroupAttribute(importer.DomainGroups[0], settings.GroupAttribute))
                {
                    return WRONG_GROUP_ATTRIBUTE;
                }
                if (!CheckUserAttribute(importer.AllDomainUsers[0], settings.UserAttribute))
                {
                    return WRONG_USER_ATTRIBUTE;
                }
            }
            return OPERATION_OK;
        }