Search in sources :

Example 1 with ChaiError

use of com.novell.ldapchai.exception.ChaiError in project pwm by pwm-project.

the class PwmPasswordRuleValidator method testPassword.

public boolean testPassword(final PasswordData password, final PasswordData oldPassword, final UserInfo userInfo, final ChaiUser user) throws PwmDataValidationException, ChaiUnavailableException, PwmUnrecoverableException {
    final List<ErrorInformation> errorResults = validate(password, oldPassword, userInfo);
    if (!errorResults.isEmpty()) {
        throw new PwmDataValidationException(errorResults.iterator().next());
    }
    if (user != null) {
        try {
            LOGGER.trace("calling chai directory password validation checker");
            user.testPasswordPolicy(password.getStringValue());
        } catch (UnsupportedOperationException e) {
            LOGGER.trace("Unsupported operation was thrown while validating password: " + e.toString());
        } catch (ChaiUnavailableException e) {
            pwmApplication.getStatisticsManager().incrementValue(Statistic.LDAP_UNAVAILABLE_COUNT);
            LOGGER.warn("ChaiUnavailableException was thrown while validating password: " + e.toString());
            throw e;
        } catch (ChaiPasswordPolicyException e) {
            final ChaiError passwordError = e.getErrorCode();
            final PwmError pwmError = PwmError.forChaiError(passwordError);
            final ErrorInformation info = new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError);
            LOGGER.trace("ChaiPasswordPolicyException was thrown while validating password: " + e.toString());
            errorResults.add(info);
        }
    }
    if (!errorResults.isEmpty()) {
        throw new PwmDataValidationException(errorResults.iterator().next());
    }
    return true;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiError(com.novell.ldapchai.exception.ChaiError) ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException) PwmError(password.pwm.error.PwmError)

Example 2 with ChaiError

use of com.novell.ldapchai.exception.ChaiError in project pwm by pwm-project.

the class LDAPStatusChecker method checkBasicLdapConnectivity.

public List<HealthRecord> checkBasicLdapConnectivity(final PwmApplication pwmApplication, final Configuration config, final LdapProfile ldapProfile, final boolean testContextlessRoot) {
    final List<HealthRecord> returnRecords = new ArrayList<>();
    ChaiProvider chaiProvider = null;
    try {
        final DirectoryVendor directoryVendor;
        try {
            final String proxyDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
            final PasswordData proxyPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
            if (proxyDN == null || proxyDN.length() < 1) {
                return Collections.singletonList(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Missing Proxy User DN"));
            }
            if (proxyPW == null) {
                return Collections.singletonList(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Missing Proxy User Password"));
            }
            chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyDN, proxyPW);
            final ChaiEntry adminEntry = chaiProvider.getEntryFactory().newChaiEntry(proxyDN);
            adminEntry.exists();
            directoryVendor = chaiProvider.getDirectoryVendor();
        } catch (ChaiException e) {
            final ChaiError chaiError = ChaiErrors.getErrorForMessage(e.getMessage());
            final PwmError pwmError = PwmError.forChaiError(chaiError);
            final StringBuilder errorString = new StringBuilder();
            final String profileName = ldapProfile.getIdentifier();
            errorString.append("error connecting to ldap directory (").append(profileName).append("), error: ").append(e.getMessage());
            if (chaiError != null && chaiError != ChaiError.UNKNOWN) {
                errorString.append(" (");
                errorString.append(chaiError.toString());
                if (pwmError != null && pwmError != PwmError.ERROR_UNKNOWN) {
                    errorString.append(" - ");
                    errorString.append(pwmError.getLocalizedMessage(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig()));
                }
                errorString.append(")");
            }
            returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString.toString()));
            pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, errorString.toString()));
            return returnRecords;
        } catch (Exception e) {
            final HealthRecord record = HealthRecord.forMessage(HealthMessage.LDAP_No_Connection, e.getMessage());
            returnRecords.add(record);
            pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, record.getDetail(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig())));
            return returnRecords;
        }
        if (directoryVendor != null && directoryVendor == DirectoryVendor.ACTIVE_DIRECTORY) {
            returnRecords.addAll(checkAd(pwmApplication, config, ldapProfile));
        }
        if (testContextlessRoot) {
            for (final String loopContext : ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_CONTEXTLESS_ROOT)) {
                try {
                    final ChaiEntry contextEntry = chaiProvider.getEntryFactory().newChaiEntry(loopContext);
                    final Set<String> objectClasses = contextEntry.readObjectClass();
                    if (objectClasses == null || objectClasses.isEmpty()) {
                        final String errorString = "ldap context setting '" + loopContext + "' is not valid";
                        returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
                    }
                } catch (Exception e) {
                    final String errorString = "ldap root context '" + loopContext + "' is not valid: " + e.getMessage();
                    returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
                }
            }
        }
    } finally {
        if (chaiProvider != null) {
            try {
                chaiProvider.close();
            } catch (Exception e) {
            /* ignore */
            }
        }
    }
    return returnRecords;
}
Also used : PwmError(password.pwm.error.PwmError) ArrayList(java.util.ArrayList) ChaiEntry(com.novell.ldapchai.ChaiEntry) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PasswordData(password.pwm.util.PasswordData) ChaiError(com.novell.ldapchai.exception.ChaiError) DirectoryVendor(com.novell.ldapchai.provider.DirectoryVendor) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 3 with ChaiError

use of com.novell.ldapchai.exception.ChaiError in project pwm by pwm-project.

the class HelpdeskServlet method restUnlockIntruder.

@ActionHandler(action = "unlockIntruder")
private ProcessStatus restUnlockIntruder(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
    if (userKey.length() < 1) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing");
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
    if (!helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_UNLOCK)) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "password unlock request, but helpdesk unlock is not enabled");
        LOGGER.error(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation);
        return ProcessStatus.Halt;
    }
    // clear pwm intruder setting.
    {
        final IntruderManager intruderManager = pwmRequest.getPwmApplication().getIntruderManager();
        intruderManager.convenience().clearUserIdentity(userIdentity);
    }
    try {
        final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
        // send notice email
        HelpdeskServletUtil.sendUnlockNoticeEmail(pwmRequest, helpdeskProfile, userIdentity, chaiUser);
        chaiUser.unlockPassword();
        {
            // mark the event log
            final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_UNLOCK_PASSWORD, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
            pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        }
    } catch (ChaiPasswordPolicyException e) {
        final ChaiError passwordError = e.getErrorCode();
        final PwmError pwmError = PwmError.forChaiError(passwordError);
        pwmRequest.respondWithError(new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError));
        LOGGER.trace(pwmRequest, "ChaiPasswordPolicyException was thrown while resetting password: " + e.toString());
        return ProcessStatus.Halt;
    } catch (ChaiOperationException e) {
        final PwmError returnMsg = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
        final ErrorInformation error = new ErrorInformation(returnMsg, e.getMessage());
        pwmRequest.respondWithError(error);
        LOGGER.warn(pwmRequest, "error resetting password for user '" + userIdentity.toDisplayString() + "'' " + error.toDebugStr() + ", " + e.getMessage());
        return ProcessStatus.Halt;
    }
    final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : UserIdentity(password.pwm.bean.UserIdentity) PwmError(password.pwm.error.PwmError) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) ChaiError(com.novell.ldapchai.exception.ChaiError) ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException) IntruderManager(password.pwm.svc.intruder.IntruderManager) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) RestResultBean(password.pwm.ws.server.RestResultBean)

Aggregations

ChaiError (com.novell.ldapchai.exception.ChaiError)3 ErrorInformation (password.pwm.error.ErrorInformation)3 PwmError (password.pwm.error.PwmError)3 ChaiPasswordPolicyException (com.novell.ldapchai.exception.ChaiPasswordPolicyException)2 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)2 ChaiEntry (com.novell.ldapchai.ChaiEntry)1 ChaiUser (com.novell.ldapchai.ChaiUser)1 ChaiException (com.novell.ldapchai.exception.ChaiException)1 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)1 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)1 DirectoryVendor (com.novell.ldapchai.provider.DirectoryVendor)1 MalformedURLException (java.net.MalformedURLException)1 UnknownHostException (java.net.UnknownHostException)1 ArrayList (java.util.ArrayList)1 UserIdentity (password.pwm.bean.UserIdentity)1 HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)1 PwmDataValidationException (password.pwm.error.PwmDataValidationException)1 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)1 AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)1 HelpdeskAuditRecord (password.pwm.svc.event.HelpdeskAuditRecord)1