src/de/superx/bin/LdapLockout.java

@@ -1,69 +0,0 @@
-package de.superx.bin;
-
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileWriter;
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.Statement;
-
-import de.memtext.util.GetOpts;
-import de.superx.servlet.LdapPasswordChecker;
-/**
- * Klasse zum Sperren von Benutzern, die in LDAP gesperrt sind
- * Erwartet Eintrag LdapLockoutFilter in superx_standalone_ldap.properties
- * 
- *
- */
-public class LdapLockout {
-	private static String usage = "Gebrauch: java de.superx.bin.LdapLockout -dbproperties=<<Pfad zu db.properties>> -ldapconfig=<<Pfad zu superx_standalone_ldap.properties>>";
-	public static void main(String[] args) {
-		GetOpts.setOpts(args);
-		String isdrin = GetOpts.isAllRequiredOptionsPresent("-dbproperties,-ldapconfig");
-		if (isdrin != null) {
-			System.err.println("Folgende Optionen fehlen: " + isdrin);
-			System.err.println(usage);
-			System.exit(1);
-		}
-
-		try {
-			File f = new File("LdapLockout.log");
-			if (f.exists())
-			{
-				f.delete();
-			}
-		    LdapPasswordChecker.setup(new File(GetOpts.getValue("-ldapconfig")));
-			checkUsers(GetOpts.getValue("-dbproperties"));
-		    
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
-
-	private static void checkUsers(String dbpropfile) throws Exception {
-		SxConnection myConnection = new SxConnection();
-		myConnection.setPropfile(dbpropfile);
-		Connection con = myConnection.getConnection();
-		Statement stm = con.createStatement();
-		ResultSet rs = stm.executeQuery("select benutzer from userinfo order by 1");
-		PreparedStatement pst = con.prepareStatement(
-				"update userinfo set max_versuch=0,passwd_sha=null, gueltig_bis=today()-1, info='deaktiviert am '||today() where benutzer=? and max_versuch>0");
-		LdapPasswordChecker ldappwc = new LdapPasswordChecker();
-		while (rs.next()) {
-			String benutzer = rs.getString("benutzer");
-		      System.out.println("Pruefe Nutzer " + benutzer);
-			if (ldappwc.isUserLocked(benutzer)) {
-				System.out.println(" - Benutzer " + benutzer + " wird gesperrt");
-				pst.clearParameters();
-				pst.setString(1, benutzer);
-				pst.executeUpdate();
-			}
-		}
-		rs.close();
-		stm.close();
-		pst.close();
-		myConnection.close();
-		ldappwc.closeServiceCtxForLockout();
-	}
-}

src/de/superx/servlet/LdapPasswordChecker.java

@@ -37,8 +37,6 @@ public class LdapPasswordChecker {
 	private static boolean hasLdapServiceUserDN = false;
 	private static boolean wasSetupTestOK = false;
 	private static boolean isStandaloneTest = false;
-	//wird nur für Lockout-Funktion benötigt
-	private DirContext serviceCtxForLockout = null;
 
 	public static void main(String[] args) {
 		isStandaloneTest = true;
@@ -49,8 +47,8 @@ public class LdapPasswordChecker {
 
 		try {
 			setup(new File(args[0]));
-			LdapPasswordChecker lpc = new LdapPasswordChecker();
-			lpc.isLdapPasswordOK(false, "default", args[1], args[2]);
+		LdapPasswordChecker lpc=new LdapPasswordChecker();
+	    lpc.isLdapPasswordOK(false, "default", args[1], args[2]);
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
@@ -65,13 +63,12 @@ public class LdapPasswordChecker {
 		checkProperty(superxStandaloneLdapConfigFile, "LdapIdentifyingAttribute");
 		if (!StringUtils.isNullOrEmpty(props.getProperty("LdapServiceUserDN"))) {
 			hasLdapServiceUserDN = true;
-			System.out.println(
-					" LDAP Passwortkontrolle ServiceUser " + props.getProperty("LdapServiceUserDN") + " aktiviert");
+			System.out.println(" LDAP Passwortkontrolle ServiceUser "+props.getProperty("LdapServiceUserDN")+" aktiviert");
 			// momentan keine Prüfung ob LdapServiceUserPassword null oder Leerstring
 		}
 		// we don't need all attributes, just let it get the identifying one
 		LdapPasswordChecker.attributeFilter[0] = props.getProperty("LdapIdentifyingAttribute");
-		
+
 		// Verbindungstest wirft Exception bei Fehler
 		boolean isJustSetupTest = true;
 		String mandantenIDNichtRelevant = "default";
@@ -95,27 +92,6 @@ public class LdapPasswordChecker {
 					" Property \"" + name + "\" ist in Datei " + superxStandaloneLdapConfigFile + " nicht konfiguiert");
 	}
 
-	public boolean isUserLocked(String benutzer) throws Exception {
-		if (props.size() == 0)
-			throw new IllegalStateException(
-					"LDAP Passwordchecker nicht konfiguiert, setup Methode muss vorher aufgerufen werden");
-		boolean result = false;
-        //lazy init, da viele User abgefragt werden
-		if (serviceCtxForLockout == null) {
-			serviceCtxForLockout = initContext();
-		}
-
-		NamingEnumeration<SearchResult> searchResults = searchForUserLockedStatus(serviceCtxForLockout, benutzer);
-		if (searchResults.hasMoreElements()) {
-			result = true;
-		}
-		return result;
-	}
-
-	public void closeServiceCtxForLockout() throws NamingException {
-		serviceCtxForLockout.close();
-	}
-
 	/**
 	 * Prüft via LDAP ob ein Passwort OK ist
 	 * 
@@ -137,7 +113,7 @@ public class LdapPasswordChecker {
 		try {
 			serviceCtx = initContext();
 			if (isStandaloneTest) {
-				System.out.println("Reine Kontrolle, ob User " + username + " existiert");
+				System.out.println("Reine Kontrolle, ob User "+username+ " existiert");
 			}
 			NamingEnumeration<SearchResult> searchResults = searchForUser(serviceCtx, username);
 			if (!isJustSetupTest) {
@@ -163,27 +139,11 @@ public class LdapPasswordChecker {
 				}
 
 			}
-			// System.out.println(new Date().getTime() - start.getTime());
+			//System.out.println(new Date().getTime() - start.getTime());
 		}
 		return false;
 	}
 
-	private NamingEnumeration<SearchResult> searchForUserLockedStatus(DirContext serviceCtx, String username)
-			throws NamingException {
-		SearchControls sc = new SearchControls();
-		sc.setReturningAttributes(attributeFilter);
-		sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
-
-		// use a search filter to find only the user we want to authenticate
-		if (StringUtils.isNullOrEmpty(props.getProperty("LdapLockoutFilter")))
-		{
-			throw new NamingException("LdapLockoutFilter ist nicht definiert");
-		}
-		String searchFilter = StringUtils.replace(props.getProperty("LdapLockoutFilter"), "${0}", username);
-
-		return serviceCtx.search(props.getProperty("LdapBase"), searchFilter, sc);
-	}
-
 	private NamingEnumeration<SearchResult> searchForUser(DirContext serviceCtx, String username)
 			throws NamingException {
 		SearchControls sc = new SearchControls();
@@ -192,13 +152,16 @@ public class LdapPasswordChecker {
 
 		// use a search filter to find only the user we want to authenticate
 		String searchFilter = "";
-		if (props.getProperty("LdapSearchFilter") != null) {
-			searchFilter = StringUtils.replace(props.getProperty("LdapSearchFilter"), "${0}", username);
-		} else {
-			searchFilter = "(" + props.getProperty("LdapIdentifyingAttribute") + "=" + username + ")";
+		if (props.getProperty("LdapSearchFilter")!=null)
+		{
+		    searchFilter=StringUtils.replace(props.getProperty("LdapSearchFilter"),"${0}", username );
 		}
-		// searchFilter="(&(uid="+username+")(mail=boyle@ldap.forumsys.com))";
-
+		else
+		{
+		 searchFilter="(" + props.getProperty("LdapIdentifyingAttribute") + "=" + username + ")";
+		}
+		//searchFilter="(&(uid="+username+")(mail=boyle@ldap.forumsys.com))";
+		
 		return serviceCtx.search(props.getProperty("LdapBase"), searchFilter, sc);
 	}
 
@@ -218,10 +181,8 @@ public class LdapPasswordChecker {
 			SearchResult result = searchResults.next();
 			String distinguishedName = result.getNameInNamespace();
 			if (isStandaloneTest) {
-				System.out.println(
-						" User " + username + " gefunden - distingushedName(DN/nameInNamespace):" + distinguishedName);
-				System.out
-						.println(" versuche Authentifizierung für " + distinguishedName + " mit eingegebenen Passwort");
+				System.out.println(" User "+username +" gefunden - distingushedName(DN/nameInNamespace):"+distinguishedName);
+				System.out.println(" versuche Authentifizierung für "+distinguishedName+" mit eingegebenen Passwort");
 			}
 			// attempt another authentication, now with the user, throws exception if
 			// problem

src/de/superx/servlet/UserInitializer.java

@@ -3,7 +3,6 @@ package de.superx.servlet;
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
 import java.sql.Connection;
-import java.sql.DatabaseMetaData;
 import java.sql.Date;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -509,7 +508,6 @@ public class UserInitializer {
 		String client_ip = request.getRemoteAddr();
 		String client_dns = request.getRemoteHost();
 		String protend = "";
-		
 		userid = null;
 		// System.out.println("c1");
 		if (SxPools.get(mandantenID).getSqlDialect().equals("Postgres")) {
@@ -520,14 +518,10 @@ public class UserInitializer {
 		Connection myConnection = null;
 		try {
 			myConnection = SxPools.getConnection(mandantenID);
-			boolean isUserinfoMitGueltigkeit=checkUserinfoMitGueltigkeit(myConnection);
-			String select="select tid, passwd_sha, administration, kennwort,akt_versuch,max_versuch from userinfo where benutzer = ? ";
-			if (isUserinfoMitGueltigkeit) {
-				select+= "and ( (gueltig_von is null or gueltig_von<=today()) and (gueltig_bis is null or gueltig_bis>=today()) )";
-			}
 			Statement stm = myConnection.createStatement();
 			PreparedStatement pst = myConnection
-					.prepareStatement(select);
+					.prepareStatement("select tid, passwd_sha, administration, kennwort,akt_versuch,max_versuch"
+							+ " from userinfo where benutzer = ?");
 			pst.setString(1, user);
 			ResultSet rs = pst.executeQuery();
 			while (rs.next()) {
@@ -549,7 +543,7 @@ public class UserInitializer {
 				int akt_versuch = rs.getInt(5);
 				int max_versuch = rs.getInt(6);
 
-				if (akt_versuch > max_versuch|| max_versuch==0) {
+				if (akt_versuch > max_versuch) {
 					rs.close();
 					pst.close();
 					stm.close();
@@ -567,7 +561,7 @@ public class UserInitializer {
 						+ "'" + protend);
 				stm.close();
 				myConnection.close();
-				throw new NichtAngemeldetException("Kein gültiger Benutzer " + user + " in Datenbank vorhanden");
+				throw new NichtAngemeldetException("Kein Benutzer " + user + " in Datenbank vorhanden");
 			}
 			if (passwort == null)
 				passwort = "dummy"; // bei LDAP oder so
@@ -624,22 +618,7 @@ public class UserInitializer {
 
 		}
 	}
-	private boolean checkUserinfoMitGueltigkeit(Connection dbConnection) throws SQLException
-	{
-		boolean result=false;
-		Statement stm = dbConnection.createStatement();
-			DatabaseMetaData md = dbConnection.getMetaData();
-	
-			ResultSet	rs = md.getColumns(null, null, "userinfo", null);
-			while (rs.next()) {
-					if (rs.getString(4).equals("gueltig_von")) {
-					result=true;	
-				}
-			}
-			rs.close();
-			return result;
-			
-	}
+
 	private void updateLastLogin(Connection myConnection) throws SQLException {
 		PreparedStatement pst3 = myConnection.prepareStatement("select count(*) from user_pw where userinfo_id=?");
 		pst3.setInt(1, userid.intValue());

superx/WEB-INF/conf/edustore/db/bin/sx_ldap_lockout.x

@@ -1,6 +0,0 @@
-#!/bin/bash
-if [ "$1" = "" ]
-   then echo "Aufruf: sx_ldap_lockout.x Pfad/zu/db.properties pfad/zu/superx_standalone_ldap.properties"
-	exit 0
-fi
-java -cp "$JDBC_CLASSPATH" de.superx.bin.LdapLockout -dbproperties:$1 -ldapconfig:$2

superx/WEB-INF/conf/edustore/db/install/conf/kern.xml

@@ -1728,8 +1728,6 @@
 				default ="0" notnull ="false" description="Darf der User Projekte sehen" />
 				<column name="extern_role_id" type="INTEGER" size="9"
                     default="" notnull="false" />
-                <column name="gueltig_von" type="date" description="Beginn Gültigkeit"/>
-                <column name="gueltig_bis" type="date" description="Ende Gültigkeit"/>
 			</columns>
 			<indexes>
 				<index name="i_userinfo" type="unique">
@@ -10541,8 +10539,6 @@ Außerdem können Sie hier dem Benutzer Berechtigungen über Gruppen, Sachgebiet
 <customfield name="name" nullFieldValue=""/>
 <customfield name="email" nullFieldValue=""/>
 <customfield name="admin" type="include" path="/edit/kern/userinfo_edit_admin.inc"/>
-<customfield name="gueltig_von" nullFieldValue=""/>
-<customfield name="gueltig_bis" nullFieldValue=""/>
 <customfield name="max_versuch" nullFieldValue=""/>
 <customfield name="akt_versuch" nullFieldValue=""/>
 <customfield name="password" type="include" path="/edit/kern/userinfo_edit_pw.inc"/>