use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class LdapGroupBackend method suggestLdap.
private Set<GroupReference> suggestLdap(String name) {
if (name.isEmpty()) {
return Collections.emptySet();
}
Set<GroupReference> out = Sets.newTreeSet(GROUP_REF_NAME_COMPARATOR);
try {
DirContext ctx = helper.open();
try {
// Do exact lookups until there are at least 3 characters.
name = Rdn.escapeValue(name) + ((name.length() >= 3) ? "*" : "");
LdapSchema schema = helper.getSchema(ctx);
ParameterizedString filter = ParameterizedString.asis(schema.groupPattern.replace(GROUPNAME, name).toString());
Set<String> returnAttrs = new HashSet<>(schema.groupName.getParameterNames());
Map<String, String> params = Collections.emptyMap();
for (String groupBase : schema.groupBases) {
LdapQuery query = new LdapQuery(groupBase, schema.groupScope, filter, returnAttrs);
for (LdapQuery.Result res : query.query(ctx, params, helper.getGroupSearchLatencyTimer())) {
out.add(groupReference(schema.groupName, res));
}
}
} finally {
helper.close(ctx);
}
} catch (IOException | NamingException | LoginException e) {
logger.atWarning().withCause(e).log("Cannot query LDAP for groups matching requested name");
}
return out;
}
use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class LdapRealm method authenticate.
@Override
public AuthRequest authenticate(AuthRequest who) throws AccountException {
if (config.getBoolean("ldap", "localUsernameToLowerCase", false)) {
who.setLocalUser(who.getLocalUser().toLowerCase(Locale.US));
}
final String username = who.getLocalUser();
try {
final DirContext ctx;
if (authConfig.getAuthType() == AuthType.LDAP_BIND) {
ctx = helper.authenticate(username, who.getPassword());
} else {
ctx = helper.open();
}
try {
final Helper.LdapSchema schema = helper.getSchema(ctx);
LdapQuery.Result m;
who.setAuthProvidesAccountActiveStatus(true);
m = helper.findAccount(schema, ctx, username, fetchMemberOfEagerly);
who.setActive(true);
if (authConfig.getAuthType() == AuthType.LDAP && !who.isSkipAuthentication()) {
// We found the user account, but we need to verify
// the password matches it before we can continue.
//
helper.close(helper.authenticate(m.getDN(), who.getPassword()));
}
who.setDisplayName(apply(schema.accountFullName, m));
who.setUserName(apply(schema.accountSshUserName, m));
if (schema.accountEmailAddress != null) {
who.setEmailAddress(apply(schema.accountEmailAddress, m));
} else if (emailExpander.canExpand(username)) {
// If LDAP cannot give us a valid email address for this user
// try expanding it through the older email expander code which
// assumes a user name within a domain.
//
who.setEmailAddress(emailExpander.expand(username));
}
//
if (fetchMemberOfEagerly || mandatoryGroup != null) {
Set<AccountGroup.UUID> groups = helper.queryForGroups(ctx, username, m);
if (mandatoryGroup != null) {
GroupReference mandatoryGroupRef = GroupBackends.findExactSuggestion(groupBackend, mandatoryGroup);
if (mandatoryGroupRef == null) {
throw new AccountException("Could not identify mandatory group: " + mandatoryGroup);
}
if (!groups.contains(mandatoryGroupRef.getUUID())) {
throw new AccountException("Not member of mandatory LDAP group: " + mandatoryGroupRef.getName());
}
}
// Regardless if we enabled fetchMemberOfEagerly, we already have the
// groups and it would be a waste not to cache them.
membershipCache.put(username, groups);
}
return who;
} finally {
helper.close(ctx);
}
} catch (IOException | NamingException e) {
logger.atSevere().withCause(e).log("Cannot query LDAP to authenticate user");
throw new AuthenticationUnavailableException("Cannot query LDAP for account", e);
} catch (LoginException e) {
logger.atSevere().withCause(e).log("Cannot authenticate server via JAAS");
throw new AuthenticationUnavailableException("Cannot query LDAP for account", e);
}
}
use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class ProjectOperationsImpl method newRule.
private static PermissionRule.Builder newRule(ProjectConfig project, AccountGroup.UUID groupUUID) {
GroupReference group = GroupReference.create(groupUUID, groupUUID.get());
group = project.resolve(group);
return PermissionRule.builder(group);
}
use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class ChangeQueryBuilder method ownerin.
@Operator
public Predicate<ChangeData> ownerin(String group) throws QueryParseException, IOException {
GroupReference g = GroupBackends.findBestSuggestion(args.groupBackend, group);
if (g == null) {
throw error("Group " + group + " not found");
}
AccountGroup.UUID groupId = g.getUUID();
GroupDescription.Basic groupDescription = args.groupBackend.get(groupId);
if (!(groupDescription instanceof GroupDescription.Internal)) {
return new OwnerinPredicate(args.userFactory, groupId);
}
Set<Account.Id> accounts = getMembers(groupId);
List<Predicate<ChangeData>> p = Lists.newArrayListWithCapacity(accounts.size());
for (Account.Id id : accounts) {
p.add(ChangePredicates.owner(id));
}
return Predicate.or(p);
}
use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class ListGroups method suggestGroups.
private List<GroupInfo> suggestGroups() throws BadRequestException, PermissionBackendException {
if (conflictingSuggestParameters()) {
throw new BadRequestException("You should only have no more than one --project and -n with --suggest");
}
List<GroupReference> groupRefs = groupBackend.suggest(suggest, projects.stream().findFirst().orElse(null)).stream().limit(limit <= 0 ? 10 : Math.min(limit, 10)).collect(toList());
List<GroupInfo> groupInfos = Lists.newArrayListWithCapacity(groupRefs.size());
for (GroupReference ref : groupRefs) {
GroupDescription.Basic desc = groupBackend.get(ref.getUUID());
if (desc != null) {
groupInfos.add(json.addOptions(options).format(desc));
}
}
return groupInfos;
}
Aggregations