use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.
the class UserPrincipal method setUserPassword.
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
if (!principal.isPrimaryDomain()) {
throw new ProvisioningException("Can not set password on users outside of the primary domain");
}
if (user.getPassword() != null && !user.getPassword().isEmpty()) {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
HttpCon con = this.createClient();
try {
IPACall setPassword = new IPACall();
setPassword.setId(0);
setPassword.setMethod("passwd");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
setPassword.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("password", user.getPassword());
setPassword.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(setPassword, con);
con.getBcm().shutdown();
// no we need to reset the password, this is a hack. right way is to tell IPA the user doesn't need to reset their password
HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
httppost.addHeader("Referer", this.url + "/ipa/ui/");
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("user", principal.getUid()));
formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(entity);
con = this.createClient(principal.getUid(), user.getPassword());
CloseableHttpClient http = con.getHttp();
CloseableHttpResponse httpResp = http.execute(httppost);
if (logger.isDebugEnabled()) {
logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
}
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not run search", e);
}
}
}
use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.
the class UserPrincipal method findUser.
private User findUser(String userID, Set<String> attributes, HttpCon con, Map<String, Object> request) throws IPAException, ClientProtocolException, IOException {
UserPrincipal principal = new UserPrincipal(userID, multiDomain, primaryDomain);
if (principal.isPrimaryDomain()) {
IPACall userSearch = new IPACall();
userSearch.setId(0);
userSearch.setMethod("user_show");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
userSearch.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("all", "true");
additionalParams.put("rights", "true");
userSearch.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(userSearch, con);
User user = new User();
user.setUserID(userID);
Map<String, Object> results = (Map<String, Object>) resp.getResult().getResult();
for (String attributeName : attributes) {
if (attributeName.equalsIgnoreCase("uid")) {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
StringBuilder s = new StringBuilder().append((String) ((List) results.get(attributeName)).get(0));
if (this.multiDomain) {
s.append('@').append(principal.getDomain());
}
a.getValues().add(s.toString());
} else {
if (results.get(attributeName) != null) {
if (results.get(attributeName) instanceof List) {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
List l = (List) results.get(attributeName);
for (Object o : l) {
a.getValues().add((String) o);
}
} else {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
a.getValues().add((String) results.get(attributeName));
}
}
}
}
if (results != null && results.get("memberof_group") != null) {
for (Object o : ((List) results.get("memberof_group"))) {
String groupName = (String) o;
user.getGroups().add(groupName);
}
}
return user;
} else {
IPACall listGroups = new IPACall();
listGroups.setId(0);
listGroups.setMethod("group_find");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add("");
listGroups.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("pkey_only", "true");
additionalParams.put("sizelimit", "0");
listGroups.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(listGroups, con);
List<Map> groups = (List<Map>) resp.getResult().getResult();
List<IPACall> groupsToFind = new ArrayList<IPACall>();
for (Map group : groups) {
IPACall showGroup = new IPACall();
showGroup.setId(0);
showGroup.setMethod("group_show");
ArrayList<String> groupName = new ArrayList<String>();
groupName.add(((List) group.get("cn")).get(0).toString());
showGroup.getParams().add(groupName);
additionalParams = new HashMap<String, String>();
additionalParams.put("no_members", "true");
showGroup.getParams().add(additionalParams);
groupsToFind.add(showGroup);
}
IPACall groupDetails = new IPACall();
groupDetails.setId(0);
groupDetails.setMethod("batch");
groupDetails.getParams().add(groupsToFind);
additionalParams = new HashMap<String, String>();
groupDetails.getParams().add(additionalParams);
IPABatchResponse batchResp = this.executeIPABatchCall(groupDetails, con);
User user = new User();
user.setUserID(userID);
user.getAttribs().put("uid", new Attribute("uid", userID));
if (batchResp.getResult() != null) {
for (IPATopResult res : batchResp.getResult().getResults()) {
String groupName = (String) res.getValue();
if (((Map) res.getResult()).containsKey("ipaexternalmember")) {
List<String> vals = (List<String>) ((Map) res.getResult()).get("ipaexternalmember");
for (String val : vals) {
if (val.equalsIgnoreCase(userID)) {
user.getGroups().add(groupName);
break;
}
}
}
}
}
// call id_override
IPACall idOveride = new IPACall();
idOveride.setId(0);
idOveride.setMethod("idoverrideuser_show");
List<String> params = new ArrayList<String>();
params.add(this.trustViewName);
params.add(userID);
idOveride.getParams().add(params);
Map<String, Object> param2 = new HashMap<String, Object>();
param2.put("all", true);
param2.put("rights", false);
idOveride.getParams().add(param2);
resp = null;
try {
resp = this.executeIPACall(idOveride, con);
Map<String, List<String>> attrFromIpa = (Map<String, List<String>>) resp.getResult().getResult();
for (String attrName : attrFromIpa.keySet()) {
if (attributes.contains(attrName)) {
Attribute attrToAdd = new Attribute(attrName);
attrToAdd.getValues().addAll(attrFromIpa.get(attrName));
user.getAttribs().put(attrName, attrToAdd);
}
}
} catch (IPAException e) {
if (!e.getMessage().contains("User ID override not found")) {
throw e;
} else {
request.put("freeipa.exists", false);
}
}
return user;
}
}
use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.
the class FreeIPAAz method listPossibleApprovers.
@Override
public List<String> listPossibleApprovers(String... params) throws AzException {
ConfigManager cfg = GlobalEntries.getGlobalEntries().getConfigManager();
try {
FreeIPATarget ipa = (FreeIPATarget) cfg.getProvisioningEngine().getTarget(this.targetName).getProvider();
IPACall showGroup = new IPACall();
showGroup.setId(0);
showGroup.setMethod("group_show");
ArrayList<String> groupName = new ArrayList<String>();
groupName.add(params[0]);
showGroup.getParams().add(groupName);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("no_members", "true");
showGroup.getParams().add(additionalParams);
IPAResponse resp = ipa.executeIPACall(showGroup);
ArrayList<FilterBuilder> checks = new ArrayList<FilterBuilder>();
if (((Map) resp.getResult().getResult()).containsKey("ipaexternalmember")) {
List<String> vals = (List<String>) ((Map) resp.getResult().getResult()).get("ipaexternalmember");
for (String val : vals) {
checks.add(equal(this.uidAttributeName, val));
}
}
FilterBuilder[] filters = new FilterBuilder[checks.size()];
checks.toArray(filters);
String filter = or(filters).toString();
ArrayList<String> attrsToGet = new ArrayList<String>();
attrsToGet.add("1.1");
LDAPSearchResults ldapSearch = cfg.getMyVD().search(cfg.getCfg().getLdapRoot(), 2, filter, attrsToGet);
ArrayList<String> approvers = new ArrayList<String>();
while (ldapSearch.hasMore()) {
approvers.add(ldapSearch.next().getDN());
}
return approvers;
} catch (Exception e) {
throw new AzException("Could not process authorization", e);
}
}
use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.
the class UserPrincipal method addGroup.
private void addGroup(UserPrincipal principal, String groupName, HttpCon con, int approvalID, Workflow workflow) throws Exception {
if (principal.isPrimaryDomain()) {
IPACall addGroup = new IPACall();
addGroup.setId(0);
addGroup.setMethod("group_add_member");
ArrayList<String> groupNames = new ArrayList<String>();
groupNames.add(groupName);
addGroup.getParams().add(groupNames);
HashMap<String, Object> nvps = new HashMap<String, Object>();
ArrayList<String> users = new ArrayList<String>();
users.add(principal.getUid());
nvps.put("user", users);
addGroup.getParams().add(nvps);
IPAResponse resp = this.executeIPACall(addGroup, con);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
} else {
IPACall addGroup = new IPACall();
addGroup.setId(0);
addGroup.setMethod("group_add_member");
ArrayList<String> groupNames = new ArrayList<String>();
groupNames.add(groupName);
addGroup.getParams().add(groupNames);
HashMap<String, Object> nvps = new HashMap<String, Object>();
ArrayList<String> users = new ArrayList<String>();
users.add(principal.getUid());
nvps.put("ipaexternalmember", principal.getUPN());
addGroup.getParams().add(nvps);
IPAResponse resp = this.executeIPACall(addGroup, con);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.
the class UserPrincipal method deleteAttribute.
private void deleteAttribute(UserPrincipal principal, String attrName, HttpCon con, int approvalID, Workflow workflow) throws Exception {
if (principal.isPrimaryDomain()) {
IPACall modify = new IPACall();
modify.setId(0);
modify.setMethod("user_mod");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
modify.getParams().add(userArray);
HashMap<String, Object> additionalParams = new HashMap<String, Object>();
additionalParams.put(attrName, "");
modify.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(modify, con);
} else {
IPACall idOveride = new IPACall();
idOveride.setId(0);
idOveride.setMethod("idoverrideuser_mod");
List<String> params = new ArrayList<String>();
params.add(this.trustViewName);
params.add(principal.getUPN());
idOveride.getParams().add(params);
Map<String, Object> param2 = new HashMap<String, Object>();
param2.put("all", true);
param2.put("rights", false);
param2.put(attrName, "");
idOveride.getParams().add(param2);
try {
IPAResponse resp = this.executeIPACall(idOveride, con);
} catch (IPAException e) {
if (!e.getMessage().equalsIgnoreCase("no modifications to be performed")) {
throw e;
}
}
}
}
Aggregations