Search in sources :

Example 31 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UserPrincipal method deleteUser.

public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    try {
        HttpCon con = this.createClient();
        try {
            if (principal.isPrimaryDomain()) {
                IPACall deleteUser = new IPACall();
                deleteUser.setId(0);
                deleteUser.setMethod("user_del");
                ArrayList<String> userArray = new ArrayList<String>();
                userArray.add(principal.getUid());
                deleteUser.getParams().add(userArray);
                HashMap<String, String> additionalParams = new HashMap<String, String>();
                deleteUser.getParams().add(additionalParams);
                IPAResponse resp = this.executeIPACall(deleteUser, con);
                this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "uid", user.getUserID());
            } else {
                IPACall idOveride = new IPACall();
                idOveride.setId(0);
                idOveride.setMethod("idoverrideuser_del");
                List<String> params = new ArrayList<String>();
                params.add(this.trustViewName);
                params.add(principal.getUPN());
                idOveride.getParams().add(params);
                Map<String, Object> param2 = new HashMap<String, Object>();
                idOveride.getParams().add(param2);
                try {
                    IPAResponse resp = this.executeIPACall(idOveride, con);
                } catch (IPAException e) {
                    if (!e.getMessage().equalsIgnoreCase("no modifications to be performed")) {
                        throw e;
                    }
                }
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not run search", e);
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 32 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UserPrincipal method addGroup.

@Override
public void addGroup(String name, Map<String, String> additionalAttributes, User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    IPACall groupSearch = new IPACall();
    groupSearch.setId(0);
    groupSearch.setMethod("group_add");
    ArrayList<String> groupArray = new ArrayList<String>();
    groupArray.add(name);
    groupSearch.getParams().add(groupArray);
    HashMap<String, String> additionalParams = new HashMap<String, String>();
    for (String key : additionalAttributes.keySet()) {
        additionalParams.put(key, additionalAttributes.get(key));
    }
    groupSearch.getParams().add(additionalParams);
    HttpCon con = null;
    try {
        con = this.createClient();
        IPAResponse resp = this.executeIPACall(groupSearch, con);
        this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "group-object", name);
    } catch (Exception e) {
        throw new ProvisioningException("Could not find groups", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 33 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UserPrincipal method syncUser.

public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    User fromIPA = null;
    HttpCon con = null;
    try {
        con = this.createClient();
        try {
            fromIPA = this.findUser(user.getUserID(), attributes, request);
        } catch (IPAException ipaException) {
            if (ipaException.getCode() != 4001) {
                throw ipaException;
            }
        }
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        if (fromIPA == null) {
            if (principal.isPrimaryDomain()) {
                this.createUser(user, attributes, request);
            }
        } else {
            if (!principal.isPrimaryDomain() && request.get("freeipa.exists") != null && ((Boolean) request.get("freeipa.exists")) == false) {
                this.createUser(user, attributes, request);
                return;
            }
            // check to see if the attributes from the incoming object match
            for (String attrName : attributes) {
                if (attrName.equalsIgnoreCase("uid")) {
                    continue;
                }
                Attribute attrNew = checkAttribute(principal, user, fromIPA, con, approvalID, workflow, attrName, addOnly);
            }
            if (!addOnly) {
                for (String attrToDel : fromIPA.getAttribs().keySet()) {
                    if (!attrToDel.equalsIgnoreCase("uid")) {
                        // These attributes were no longer on the user, delete them
                        this.deleteAttribute(principal, attrToDel, con, approvalID, workflow);
                        this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, attrToDel, "");
                    }
                }
            }
            // }
            // check groups
            HashSet<String> curGroups = new HashSet<String>();
            curGroups.addAll(fromIPA.getGroups());
            for (String group : user.getGroups()) {
                if (curGroups.contains(group)) {
                    curGroups.remove(group);
                } else {
                    this.addGroup(principal, group, con, approvalID, workflow);
                }
            }
            if (!addOnly) {
                for (String group : curGroups) {
                    this.removeGroup(principal, group, con, approvalID, workflow);
                }
            }
            if (principal.isPrimaryDomain()) {
                if (this.createShadowAccount) {
                    String password = new BigInteger(130, random).toString(32);
                    password = PBKDF2.generateHash(password);
                    user.setPassword(password);
                    this.setUserPassword(user, request);
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not sync user", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Attribute(com.tremolosecurity.saml.Attribute) Workflow(com.tremolosecurity.provisioning.core.Workflow) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) BigInteger(java.math.BigInteger) HashSet(java.util.HashSet)

Example 34 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UserPrincipal method setUserPassword.

public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    if (!principal.isPrimaryDomain()) {
        throw new ProvisioningException("Can not set password on users outside of the primary domain");
    }
    if (user.getPassword() != null && !user.getPassword().isEmpty()) {
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        try {
            HttpCon con = this.createClient();
            try {
                IPACall setPassword = new IPACall();
                setPassword.setId(0);
                setPassword.setMethod("passwd");
                ArrayList<String> userArray = new ArrayList<String>();
                userArray.add(principal.getUid());
                setPassword.getParams().add(userArray);
                HashMap<String, String> additionalParams = new HashMap<String, String>();
                additionalParams.put("password", user.getPassword());
                setPassword.getParams().add(additionalParams);
                IPAResponse resp = this.executeIPACall(setPassword, con);
                con.getBcm().shutdown();
                // no we need to reset the password, this is a hack.  right way is to tell IPA the user doesn't need to reset their password
                HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
                httppost.addHeader("Referer", this.url + "/ipa/ui/");
                List<NameValuePair> formparams = new ArrayList<NameValuePair>();
                formparams.add(new BasicNameValuePair("user", principal.getUid()));
                formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
                formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
                UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
                httppost.setEntity(entity);
                con = this.createClient(principal.getUid(), user.getPassword());
                CloseableHttpClient http = con.getHttp();
                CloseableHttpResponse httpResp = http.execute(httppost);
                if (logger.isDebugEnabled()) {
                    logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
                }
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
            } finally {
                if (con != null) {
                    con.getBcm().shutdown();
                }
            }
        } catch (Exception e) {
            throw new ProvisioningException("Could not run search", e);
        }
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HttpPost(org.apache.http.client.methods.HttpPost) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) NameValuePair(org.apache.http.NameValuePair) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)

Example 35 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class CallWorkflow method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    Workflow toCall = super.getConfigManager().getProvisioningEngine().getWorkflowCopy(this.workflowName);
    if (toCall == null) {
        throw new ProvisioningException("workflow '" + this.workflowName + "' does not exist");
    }
    ArrayList<WorkflowTask> tasksFromWf = toCall.getTasks();
    for (WorkflowTask task : tasksFromWf) {
        task.reInit(getConfigManager(), getWorkflow());
    }
    super.setOnSuccess(tasksFromWf);
    super.markComplete(true);
    // this.getOnSuccess().addAll(toCall.getTasks());
    boolean doContinue = super.runSubTasks(super.getOnSuccess(), user, request);
    return doContinue;
}
Also used : ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) WorkflowTask(com.tremolosecurity.provisioning.core.WorkflowTask)

Aggregations

Workflow (com.tremolosecurity.provisioning.core.Workflow)78 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)68 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)32 IOException (java.io.IOException)30 UnsupportedEncodingException (java.io.UnsupportedEncodingException)22 ClientProtocolException (org.apache.http.client.ClientProtocolException)21 Attribute (com.tremolosecurity.saml.Attribute)19 ArrayList (java.util.ArrayList)18 LDAPException (com.novell.ldap.LDAPException)17 HashMap (java.util.HashMap)17 User (com.tremolosecurity.provisioning.core.User)16 HashSet (java.util.HashSet)15 ParseException (org.json.simple.parser.ParseException)14 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)12 JSONObject (org.json.simple.JSONObject)12 Gson (com.google.gson.Gson)11 LDAPEntry (com.novell.ldap.LDAPEntry)11 LDAPAttribute (com.novell.ldap.LDAPAttribute)10 GitLabApiException (org.gitlab4j.api.GitLabApiException)10 SQLException (java.sql.SQLException)9