Skip to content
Permalink
Browse files

[FIXED JENKINS-17923]

added form validation check to the ADSI codepath.
  • Loading branch information
kohsuke committed May 10, 2013
1 parent 89289c6 commit fbe42164339e5e399de5b8f37a328dbdabd64809
@@ -3,6 +3,7 @@
import com4j.COM4J;
import com4j.Com4jObject;
import com4j.ComException;
import com4j.ExecutionException;
import com4j.Variant;
import com4j.typelibs.activeDirectory.IADs;
import com4j.typelibs.activeDirectory.IADsGroup;
@@ -24,7 +25,9 @@
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.kohsuke.stapler.framework.io.IOException2;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
@@ -42,15 +45,19 @@
*/
private final _Connection con;

public ActiveDirectoryAuthenticationProvider() {
IADs rootDSE = COM4J.getObject(IADs.class, "LDAP://RootDSE", null);
public ActiveDirectoryAuthenticationProvider() throws IOException {
try {
IADs rootDSE = COM4J.getObject(IADs.class, "LDAP://RootDSE", null);

defaultNamingContext = (String)rootDSE.get("defaultNamingContext");
LOGGER.info("Active Directory domain is "+defaultNamingContext);
defaultNamingContext = (String)rootDSE.get("defaultNamingContext");
LOGGER.info("Active Directory domain is "+defaultNamingContext);

con = ClassFactory.createConnection();
con.provider("ADsDSOObject");
con.open("Active Directory Provider",""/*default*/,""/*default*/,-1/*default*/);
con = ClassFactory.createConnection();
con.provider("ADsDSOObject");
con.open("Active Directory Provider",""/*default*/,""/*default*/,-1/*default*/);
} catch (ExecutionException e) {
throw new IOException2("Failed to connect to Active Directory. Does this machine belong to Active Directory?",e);
}
}

/**
@@ -244,16 +244,28 @@ public FormValidation doValidate(@QueryParameter(fixEmpty = true) String domain,
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
try {
Functions.checkPermission(Hudson.ADMINISTER);
String n = Util.fixEmptyAndTrim(domain);
if (n==null) {// no value given yet
domain = Util.fixEmptyAndTrim(domain);

if (canDoNativeAuth() && domain==null) {
// this check must be identical to that of ActiveDirectory.groovy
try {
// make sure we can connect via ADSI
new ActiveDirectoryAuthenticationProvider();
return FormValidation.ok("OK");
} catch (Exception e) {
return FormValidation.error(e, "Failed to contact Active Directory");
}
}

if (domain==null) {// no value given yet
return FormValidation.error("No domain name set");
}

Secret password = Secret.fromString(bindPassword);
if (bindName!=null && password==null)
return FormValidation.error("DN is specified but not password");

String[] names = n.split(",");
String[] names = domain.split(",");
for (String name : names) {

if (!name.endsWith("."))
@@ -23,6 +23,9 @@
</f:nested>
</j:when>
<j:otherwise>
<f:nested>
<f:validateButton with="domain,server" title="${%Test}" method="validate"/>
</f:nested>
<f:advanced>
<f:entry title="${%Domain Name}" field="domain" help="/plugin/active-directory/help/domain-name-windows.html">
<f:textbox />

0 comments on commit fbe4216

Please sign in to comment.
You can’t perform that action at this time.