Example 51 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class BasicDB method setUserPassword.
/* (non-Javadoc)
* @see com.tremolosecurity.provisioning.core.providers.BasicDB#setUserPassword(com.tremolosecurity.provisioning.core.User, java.util.Map)
*/
@Override
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
Workflow workflow = (Workflow) request.get("WORKFLOW");
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
if (this.supportPasswords) {
Connection con = null;
try {
con = this.ds.getConnection();
StringBuffer sql = new StringBuffer();
sql.append("UPDATE ");
if (!this.beginEscape.isEmpty()) {
sql.append(this.beginEscape);
}
sql.append(this.userTable);
if (!this.endEscape.isEmpty()) {
sql.append(this.endEscape);
}
sql.append(" SET ");
if (!this.beginEscape.isEmpty()) {
sql.append(this.beginEscape);
}
sql.append(this.passwordField);
if (!this.endEscape.isEmpty()) {
sql.append(this.endEscape);
}
sql.append(" = ? WHERE ");
if (!this.beginEscape.isEmpty()) {
sql.append(this.beginEscape);
}
sql.append(this.userName);
if (!this.endEscape.isEmpty()) {
sql.append(this.endEscape);
}
sql.append(" = ?");
if (logger.isDebugEnabled()) {
logger.debug("update password sql : " + sql.toString());
}
PreparedStatement ps = con.prepareStatement(sql.toString());
ps.setString(1, PBKDF2.generateHash(user.getPassword(), 64));
ps.setString(2, user.getUserID());
int results = ps.executeUpdate();
if (results == 1) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********");
} else if (results > 1) {
throw new ProvisioningException("Multiple accounts updated");
}
ps.close();
} catch (Exception e) {
throw new ProvisioningException("could not update password", e);
} finally {
if (con != null) {
try {
con.close();
} catch (SQLException e) {
}
}
}
}
}
Also used :
SQLException(java.sql.SQLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Connection(java.sql.Connection)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
PreparedStatement(java.sql.PreparedStatement)
LDAPException(com.novell.ldap.LDAPException)
PropertyVetoException(java.beans.PropertyVetoException)
SQLException(java.sql.SQLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 52 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class ADProvider method doDelete.
private void doDelete(User user, StringBuffer filter, LDAPConnection con, Map<String, Object> request) throws LDAPException, ProvisioningException {
boolean isExternal = false;
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
String dn = null;
Workflow workflow = (Workflow) request.get("WORKFLOW");
LDAPSearchResults res = con.search(searchBase, 2, filter.toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
if (this.supportExternalUsers) {
LDAPEntry entry = getMyVDUser(filter);
if (entry == null) {
StringBuffer b = new StringBuffer("User does not exist ").append(user.getUserID());
throw new ProvisioningException(b.toString());
} else {
dn = entry.getDN();
isExternal = true;
}
} else {
StringBuffer b = new StringBuffer();
b.append("User does not exist ").append(user.getUserID());
throw new ProvisioningException(b.toString());
}
} else {
try {
dn = res.next().getDN();
while (res.hasMore()) res.next();
} catch (LDAPReferralException e) {
}
}
if (dn == null) {
if (this.supportExternalUsers) {
LDAPEntry entry = getMyVDUser(filter);
if (entry == null) {
StringBuffer b = new StringBuffer();
b.append("User does not exist ").append(user.getUserID());
throw new ProvisioningException(b.toString());
} else {
dn = entry.getDN();
isExternal = true;
}
} else {
StringBuffer b = new StringBuffer();
b.append("User does not exist ").append(user.getUserID());
throw new ProvisioningException(b.toString());
}
}
if (!isExternal) {
con.delete(dn);
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "dn", dn);
} else {
for (String groupName : user.getGroups()) {
StringBuffer b = new StringBuffer();
b.append("(CN=").append(groupName).append(")");
res = con.search(this.searchBase, LDAPConnection.SCOPE_SUB, b.toString(), new String[] { "1.1" }, false);
if (res.hasMore()) {
LDAPEntry entry = res.next();
if (entry != null) {
String groupdn = entry.getDN();
LDAPAttribute attr = new LDAPAttribute(this.externalGroupAttr, dn);
LDAPModification mod = new LDAPModification(LDAPModification.DELETE, attr);
con.modify(groupdn, mod);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, this.externalGroupAttr, groupdn);
}
}
}
}
}
Also used :
LDAPReferralException(com.novell.ldap.LDAPReferralException)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPModification(com.novell.ldap.LDAPModification)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Example 53 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class ADProvider method addGroup.
@Override
public void addGroup(String name, Map<String, String> additionalAttributes, User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
String dn = new StringBuilder("cn=").append(name).append(",").append(additionalAttributes.get("base")).toString();
LDAPEntry entry = new LDAPEntry(dn);
entry.getAttributeSet().add(new LDAPAttribute("objectClass", "group"));
entry.getAttributeSet().add(new LDAPAttribute("cn", name));
try {
LdapConnection con;
try {
con = this.ldapPool.getConnection();
} catch (Exception e) {
throw new ProvisioningException("Could not get LDAP connection " + user.getUserID(), e);
}
try {
con.getConnection().add(entry);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "domain-group", name);
} finally {
con.returnCon();
}
} catch (Exception e) {
throw new ProvisioningException("Could not set user's password", e);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
LDAPEntry(com.novell.ldap.LDAPEntry)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
LDAPReferralException(com.novell.ldap.LDAPReferralException)
LdapConnection(com.tremolosecurity.provisioning.util.ldap.pool.LdapConnection)
Example 54 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class ADProvider method doCreate.
private void doCreate(User user, String dn, LDAPAttributeSet attrs, LDAPConnection con, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
if (logger.isDebugEnabled()) {
logger.debug("To Add : '" + attrs + "'");
}
con.add(new LDAPEntry(dn, attrs));
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "dn", dn);
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
String[] vals = attr.getStringValueArray();
for (String val : vals) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attr.getName(), val);
}
}
} catch (LDAPException e) {
StringBuffer b = new StringBuffer();
b.append("Could not add user ").append(user.getUserID());
throw new ProvisioningException(b.toString(), e);
}
if (this.createShadowAccounts) {
StringBuffer password = new StringBuffer();
GenPasswd gp = new GenPasswd(15);
password.append('"').append(gp.getPassword()).append('"');
byte[] unicodePwd;
try {
unicodePwd = password.toString().getBytes("UTF-16LE");
} catch (UnsupportedEncodingException e) {
throw new ProvisioningException("Could not generate password", e);
}
LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("unicodePwd", unicodePwd));
try {
con.modify(dn, mod);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "unicodePwd", "*******");
} catch (LDAPException e) {
throw new ProvisioningException("Could not set password", e);
}
try {
LDAPSearchResults res = con.search(dn, 0, "(objectClass=*)", new String[] { "userAccountControl" }, false);
res.hasMore();
LDAPEntry entry = res.next();
LDAPAttribute attr = entry.getAttribute("userAccountControl");
int val = Integer.parseInt(attr.getStringValue());
if ((val & 2) == 2) {
val -= 2;
}
if ((val & 65536) != 65536) {
val += 65536;
}
mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("userAccountControl", Integer.toString(val)));
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userAccountControl", Integer.toString(val));
con.modify(dn, mod);
} catch (LDAPException e) {
throw new ProvisioningException("Could not set userAccountControl", e);
}
}
try {
Iterator<String> groupNames = user.getGroups().iterator();
while (groupNames.hasNext()) {
String groupName = groupNames.next();
StringBuffer b = new StringBuffer();
b.append("(cn=").append(groupName).append(")");
LDAPSearchResults res = con.search(searchBase, 2, b.toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
b.setLength(0);
b.append("Group ").append(groupName).append(" does not exist");
throw new ProvisioningException(b.toString());
}
String groupDN = res.next().getDN();
try {
while (res.hasMore()) res.next();
} catch (LDAPReferralException e) {
}
LDAPAttribute attr = new LDAPAttribute("member", dn);
LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr);
con.modify(groupDN, mod);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
} catch (LDAPException e) {
StringBuffer b = new StringBuffer();
b.append("Could not provision groups for user ").append(user.getUserID());
throw new ProvisioningException(b.toString(), e);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
LDAPReferralException(com.novell.ldap.LDAPReferralException)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
LDAPModification(com.novell.ldap.LDAPModification)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 55 with Workflow
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class ADProvider method deleteGroup.
@Override
public void deleteGroup(String name, User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
LdapConnection con;
try {
con = this.ldapPool.getConnection();
} catch (Exception e) {
throw new ProvisioningException("Could not get LDAP connection " + user.getUserID(), e);
}
try {
LDAPSearchResults res = con.getConnection().search(this.searchBase, 2, and(equal("objectClass", "group"), equal("cn", name)).toString(), new String[] { "1.1" }, false);
if (res.hasMore()) {
LDAPEntry entry = res.next();
con.getConnection().delete(entry.getDN());
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "domain-group", name);
}
} finally {
con.returnCon();
}
} catch (Exception e) {
throw new ProvisioningException("Could not set user's password", e);
}
}
Also used :
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
LDAPReferralException(com.novell.ldap.LDAPReferralException)
LdapConnection(com.tremolosecurity.provisioning.util.ldap.pool.LdapConnection)
Aggregations
Workflow (com.tremolosecurity.provisioning.core.Workflow)78
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)68
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)32
IOException (java.io.IOException)30
UnsupportedEncodingException (java.io.UnsupportedEncodingException)22
ClientProtocolException (org.apache.http.client.ClientProtocolException)21
Attribute (com.tremolosecurity.saml.Attribute)19
ArrayList (java.util.ArrayList)18
LDAPException (com.novell.ldap.LDAPException)17
HashMap (java.util.HashMap)17
User (com.tremolosecurity.provisioning.core.User)16
HashSet (java.util.HashSet)15
ParseException (org.json.simple.parser.ParseException)14
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)12
JSONObject (org.json.simple.JSONObject)12
Gson (com.google.gson.Gson)11
LDAPEntry (com.novell.ldap.LDAPEntry)11
LDAPAttribute (com.novell.ldap.LDAPAttribute)10
GitLabApiException (org.gitlab4j.api.GitLabApiException)10
SQLException (java.sql.SQLException)9
