From 13417cf9c6eec555b51da49742e47939d2f5715b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 19 Oct 2012 22:47:33 -0400
Subject: [PATCH] Exclude submodules from zip downloads (issue 151)

---
 src/com/gitblit/LdapUserService.java |  135 ++++++++++++++++++++++++++++----------------
 1 files changed, 86 insertions(+), 49 deletions(-)

diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java
index bba943d..9ce18f6 100644
--- a/src/com/gitblit/LdapUserService.java
+++ b/src/com/gitblit/LdapUserService.java
@@ -30,12 +30,15 @@
 import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.StringUtils;
 import com.unboundid.ldap.sdk.Attribute;
+import com.unboundid.ldap.sdk.ExtendedResult;
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPException;
 import com.unboundid.ldap.sdk.LDAPSearchException;
+import com.unboundid.ldap.sdk.ResultCode;
 import com.unboundid.ldap.sdk.SearchResult;
 import com.unboundid.ldap.sdk.SearchResultEntry;
 import com.unboundid.ldap.sdk.SearchScope;
+import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
 import com.unboundid.util.ssl.SSLUtil;
 import com.unboundid.util.ssl.TrustAllTrustManager;
 
@@ -81,10 +84,22 @@
 				if (ldapPort == -1)	// Default Port
 					ldapPort = 389;
 				
-				return new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
+				LDAPConnection conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
+
+				if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
+					SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
+
+					ExtendedResult extendedResult = conn.processExtendedOperation(
+						new StartTLSExtendedRequest(sslUtil.createSSLContext()));
+
+					if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
+						throw new LDAPException(extendedResult.getResultCode());
+					}
+				}
+				return conn;
 			}
 		} catch (URISyntaxException e) {
-			logger.error("Bad LDAP URL, should be in the form: ldap(s)://<server>:<port>", e);
+			logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
 		} catch (GeneralSecurityException e) {
 			logger.error("Unable to create SSL Connection", e);
 		} catch (LDAPException e) {
@@ -145,62 +160,78 @@
 	public UserModel authenticate(String username, char[] password) {
 		String simpleUsername = getSimpleUsername(username);
 		
-		LDAPConnection ldapConnection = getLdapConnection();		
+		LDAPConnection ldapConnection = getLdapConnection();
 		if (ldapConnection != null) {
-			// Find the logging in user's DN
-			String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
-			String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
-			accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
+			try {
+				// Find the logging in user's DN
+				String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
+				String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
+				accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
 
-			SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);
-			if (result != null && result.getEntryCount() == 1) {
-				SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
-				String loggingInUserDN = loggingInUser.getDN();
-				
-				if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
-					logger.debug("LDAP authenticated: " + username);
-					
-					UserModel user = getUserModel(simpleUsername);
-					if (user == null)	// create user object for new authenticated user
-						user = new UserModel(simpleUsername);
+				SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);
+				if (result != null && result.getEntryCount() == 1) {
+					SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
+					String loggingInUserDN = loggingInUser.getDN();
 
-					// create a user cookie
-					if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
-						user.cookie = StringUtils.getSHA1(user.username + new String(password));
+					if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
+						logger.debug("LDAP authenticated: " + username);
+
+						UserModel user = getUserModel(simpleUsername);
+						if (user == null)	// create user object for new authenticated user
+							user = new UserModel(simpleUsername);
+
+						// create a user cookie
+						if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
+							user.cookie = StringUtils.getSHA1(user.username + new String(password));
+						}
+
+						if (!supportsTeamMembershipChanges())
+							getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
+
+						// Get User Attributes
+						setUserAttributes(user, loggingInUser);
+
+						// Push the ldap looked up values to backing file
+						super.updateUserModel(user);
+						if (!supportsTeamMembershipChanges()) {
+							for (TeamModel userTeam : user.teams)
+								updateTeamModel(userTeam);
+						}
+
+						return user;
 					}
-					
-					if (!supportsTeamMembershipChanges())
-						getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
-					
-					// Get User Attributes
-					setUserAttributes(user, loggingInUser);
-
-					// Push the ldap looked up values to backing file
-					super.updateUserModel(user);
-					if (!supportsTeamMembershipChanges()) {
-						for (TeamModel userTeam : user.teams)
-							updateTeamModel(userTeam);
-					}
-							
-					return user;
 				}
+			} finally {
+				ldapConnection.close();
 			}
 		}
-		
 		return null;		
 	}
 
+	/**
+	 * Set the admin attribute from team memberships retrieved from LDAP.
+	 * If we are not storing teams in LDAP and/or we have not defined any
+	 * administrator teams, then do not change the admin flag.
+	 * 
+	 * @param user
+	 */
 	private void setAdminAttribute(UserModel user) {
-	    user.canAdmin = false;
-	    List<String>  admins = settings.getStrings(Keys.realm.ldap.admins);
-	    for (String admin : admins) {
-	        if (admin.startsWith("@")) { // Team
-	            if (user.getTeam(admin.substring(1)) != null)
-	                user.canAdmin = true;
-	        } else
-	            if (user.getName().equalsIgnoreCase(admin))
-	                user.canAdmin = true;
-	    }
+		if (!supportsTeamMembershipChanges()) {
+			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
+			// if we have defined administrative teams, then set admin flag
+			// otherwise leave admin flag unchanged
+			if (!ArrayUtils.isEmpty(admins)) {
+				user.canAdmin = false;
+				for (String admin : admins) {
+					if (admin.startsWith("@")) { // Team
+						if (user.getTeam(admin.substring(1)) != null)
+							user.canAdmin = true;
+					} else
+						if (user.getName().equalsIgnoreCase(admin))
+							user.canAdmin = true;
+				}
+			}
+		}
 	}
 	
 	private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {
@@ -220,7 +251,10 @@
 
 				user.displayName = displayName;
 			} else {
-				user.displayName = userEntry.getAttribute(displayName).getValue();
+				Attribute attribute = userEntry.getAttribute(displayName);
+				if (attribute != null && attribute.hasValue()) {
+					user.displayName = attribute.getValue();
+				}
 			}
 		}
 		
@@ -233,7 +267,10 @@
 
 				user.emailAddress = email;
 			} else {
-				user.emailAddress = userEntry.getAttribute(email).getValue();
+				Attribute attribute = userEntry.getAttribute(email);
+				if (attribute != null && attribute.hasValue()) {
+					user.emailAddress = attribute.getValue();
+				}
 			}
 		}
 	}

--
Gitblit v1.9.1