use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class UserPrincipal method deleteUser.
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
HttpCon con = this.createClient();
try {
if (principal.isPrimaryDomain()) {
IPACall deleteUser = new IPACall();
deleteUser.setId(0);
deleteUser.setMethod("user_del");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
deleteUser.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
deleteUser.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(deleteUser, con);
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "uid", user.getUserID());
} else {
IPACall idOveride = new IPACall();
idOveride.setId(0);
idOveride.setMethod("idoverrideuser_del");
List<String> params = new ArrayList<String>();
params.add(this.trustViewName);
params.add(principal.getUPN());
idOveride.getParams().add(params);
Map<String, Object> param2 = new HashMap<String, Object>();
idOveride.getParams().add(param2);
try {
IPAResponse resp = this.executeIPACall(idOveride, con);
} catch (IPAException e) {
if (!e.getMessage().equalsIgnoreCase("no modifications to be performed")) {
throw e;
}
}
}
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not run search", e);
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class UserPrincipal method addGroup.
@Override
public void addGroup(String name, Map<String, String> additionalAttributes, User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
IPACall groupSearch = new IPACall();
groupSearch.setId(0);
groupSearch.setMethod("group_add");
ArrayList<String> groupArray = new ArrayList<String>();
groupArray.add(name);
groupSearch.getParams().add(groupArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
for (String key : additionalAttributes.keySet()) {
additionalParams.put(key, additionalAttributes.get(key));
}
groupSearch.getParams().add(additionalParams);
HttpCon con = null;
try {
con = this.createClient();
IPAResponse resp = this.executeIPACall(groupSearch, con);
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "group-object", name);
} catch (Exception e) {
throw new ProvisioningException("Could not find groups", e);
} finally {
if (con != null) {
con.getBcm().close();
}
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class UserPrincipal method syncUser.
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
User fromIPA = null;
HttpCon con = null;
try {
con = this.createClient();
try {
fromIPA = this.findUser(user.getUserID(), attributes, request);
} catch (IPAException ipaException) {
if (ipaException.getCode() != 4001) {
throw ipaException;
}
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
if (fromIPA == null) {
if (principal.isPrimaryDomain()) {
this.createUser(user, attributes, request);
}
} else {
if (!principal.isPrimaryDomain() && request.get("freeipa.exists") != null && ((Boolean) request.get("freeipa.exists")) == false) {
this.createUser(user, attributes, request);
return;
}
// check to see if the attributes from the incoming object match
for (String attrName : attributes) {
if (attrName.equalsIgnoreCase("uid")) {
continue;
}
Attribute attrNew = checkAttribute(principal, user, fromIPA, con, approvalID, workflow, attrName, addOnly);
}
if (!addOnly) {
for (String attrToDel : fromIPA.getAttribs().keySet()) {
if (!attrToDel.equalsIgnoreCase("uid")) {
// These attributes were no longer on the user, delete them
this.deleteAttribute(principal, attrToDel, con, approvalID, workflow);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, attrToDel, "");
}
}
}
// }
// check groups
HashSet<String> curGroups = new HashSet<String>();
curGroups.addAll(fromIPA.getGroups());
for (String group : user.getGroups()) {
if (curGroups.contains(group)) {
curGroups.remove(group);
} else {
this.addGroup(principal, group, con, approvalID, workflow);
}
}
if (!addOnly) {
for (String group : curGroups) {
this.removeGroup(principal, group, con, approvalID, workflow);
}
}
if (principal.isPrimaryDomain()) {
if (this.createShadowAccount) {
String password = new BigInteger(130, random).toString(32);
password = PBKDF2.generateHash(password);
user.setPassword(password);
this.setUserPassword(user, request);
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not sync user", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class UserPrincipal method setUserPassword.
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
if (!principal.isPrimaryDomain()) {
throw new ProvisioningException("Can not set password on users outside of the primary domain");
}
if (user.getPassword() != null && !user.getPassword().isEmpty()) {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
HttpCon con = this.createClient();
try {
IPACall setPassword = new IPACall();
setPassword.setId(0);
setPassword.setMethod("passwd");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
setPassword.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("password", user.getPassword());
setPassword.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(setPassword, con);
con.getBcm().shutdown();
// no we need to reset the password, this is a hack. right way is to tell IPA the user doesn't need to reset their password
HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
httppost.addHeader("Referer", this.url + "/ipa/ui/");
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("user", principal.getUid()));
formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(entity);
con = this.createClient(principal.getUid(), user.getPassword());
CloseableHttpClient http = con.getHttp();
CloseableHttpResponse httpResp = http.execute(httppost);
if (logger.isDebugEnabled()) {
logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
}
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not run search", e);
}
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class CallWorkflow method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
Workflow toCall = super.getConfigManager().getProvisioningEngine().getWorkflowCopy(this.workflowName);
if (toCall == null) {
throw new ProvisioningException("workflow '" + this.workflowName + "' does not exist");
}
ArrayList<WorkflowTask> tasksFromWf = toCall.getTasks();
for (WorkflowTask task : tasksFromWf) {
task.reInit(getConfigManager(), getWorkflow());
}
super.setOnSuccess(tasksFromWf);
super.markComplete(true);
// this.getOnSuccess().addAll(toCall.getTasks());
boolean doContinue = super.runSubTasks(super.getOnSuccess(), user, request);
return doContinue;
}
Aggregations