path: root/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java

package org.openslx.taskmanager.tasks;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Random;

import org.apache.commons.io.FileUtils;
import org.openslx.taskmanager.api.SystemCommandTask;

import com.google.gson.annotations.Expose;

public class LdapSearch extends SystemCommandTask
{

	@Expose
	private String server = null;
	@Expose
	private String searchbase = null;
	@Expose
	private String binddn = null;
	@Expose
	private String bindpw = null;
	@Expose
	private String username = null;
	@Expose
	private boolean plainldap = false;

	private String fifo = null;

	private boolean getDn = false;

	private volatile int userCount = 0;

	private Output status = new Output();

	@Override
	protected boolean initTask()
	{
		this.setStatusObject( this.status );
		if ( this.server == null || this.searchbase == null ) {
			status.messages = "Missing parameter";
			return false;
		}
		if ( this.binddn == null )
			this.binddn = "";
		if ( this.bindpw == null )
			this.bindpw = "";
		this.timeoutSeconds = 5;
		return true;
	}

	@Override
	protected String[] initCommandLine()
	{
		if ( !this.bindpw.isEmpty() ) {
			this.fifo = String.format( "/tmp/bwlp-%s-%s.ldap", System.currentTimeMillis(), new Random().nextInt() );
			File pwFile = new File( this.fifo );
			FileUtils.deleteQuietly( pwFile );
			try {
				pwFile.createNewFile();
				pwFile.setReadable( false, false );
				pwFile.setReadable( true, true );
				FileUtils.writeStringToFile( pwFile, this.bindpw, StandardCharsets.UTF_8 );
			} catch ( IOException e ) {
				FileUtils.deleteQuietly( pwFile );
				status.messages = e.toString();
				return null;
			}
		}
		if ( this.username == null ) {
			status.addMessage( "Trying to find 4 random AD users to verify everything is all right..." );
			this.username = "*";
		} else {
			this.getDn = true;
		}
		String filter;
		String wantedAttr;
		if ( this.plainldap ) {
			filter = "(&(objectClass=posixAccount)(uid=" + this.username + "))";
			wantedAttr = "uid";
		} else {
			filter = "(&(objectClass=user)(objectClass=person)(sAMAccountName=" + this.username + "))";
			wantedAttr = "sAMAccountName";
		}

		// As we don't care about the certificate here, you might want to put TLS_REQCERT never
		// in /etc/ldap/ldap.conf
		if ( this.binddn.isEmpty() ) {
			return new String[] {
					"ldapsearch",
					"-x", // Simple auth
					"-LLL", // No additional stuff
					"-H", this.server, // Host
					"-b", this.searchbase, // SB
					"-l", "4", // Time limit in seconds
					"-o", "nettimeout=4",
					"-z", "4", // Max number of results
					"-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch
					filter,
					wantedAttr, // Find account name
					"dn" // And dn
			};
		}
		return new String[] {
				"ldapsearch",
				"-x", // Simple auth
				"-LLL", // No additional stuff
				"-y", this.fifo, // Password from file
				"-H", this.server, // Host
				"-b", this.searchbase, // SB
				"-D", this.binddn, // DN
				"-l", "4", // Time limit in seconds
				"-o", "nettimeout=4",
				"-z", "4", // Max number of results
				"-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch
				filter,
				wantedAttr, // Find account name
				"dn" // And dn
		};
	}

	@Override
	protected boolean processEnded( int exitCode )
	{
		if ( this.fifo != null ) {
			FileUtils.deleteQuietly( new File( this.fifo ) );
		}
		if ( exitCode == 4 ) // Means size limit exceeded, ignore
			exitCode = 0;
		if ( exitCode != 0 )
			status.addMessage( "Exit code is " + exitCode );
		if ( exitCode == 0 && this.userCount < 4 && !this.getDn )
			status.addMessage( "Found less than 4 users. Are you sure you got the right credentials?" );
		return this.userCount >= 4 || ( this.getDn && status.dn != null );
	}

	@Override
	protected void processStdOut( String line )
	{
		if ( this.plainldap ) {
			if ( line.startsWith( "uid: " ) ) {
				status.addMessage( "Found LDAP user " + line.substring( 5 ) + " :-)" );
				this.userCount++;
			}
			if ( line.startsWith( "uid:: " ) ) {
				status.addMessage( "Found LDAP user " + line.substring( 6 ) + " :-)" );
				this.userCount++;
			}
		} else {
			if ( line.startsWith( "sAMAccountName: " ) ) {
				status.addMessage( "Found AD user " + line.substring( 16 ) + " :-)" );
				this.userCount++;
			}
			if ( line.startsWith( "sAMAccountName:: " ) ) {
				status.addMessage( "Found AD user " + line.substring( 17 ) + " :-)" );
				this.userCount++;
			}
		}
		if ( line.startsWith( "dn: " ) ) {
			status.dn = line.substring( 4 );
		}
	}

	@Override
	protected void processStdErr( String line )
	{
		if ( line.contains( "Size limit exceeded" ) )
			return;
		status.addMessage( "Error: " + line );
	}

	class Output
	{
		private String messages = null;
		public String dn = null;

		private synchronized void addMessage( String str )
		{
			if ( messages == null ) {
				messages = str;
			} else {
				messages += "\n" + str;
			}
		}
	}

}