Search in sources :

Example 6 with IPACall

use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.

the class UserPrincipal method setUserPassword.

public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    if (!principal.isPrimaryDomain()) {
        throw new ProvisioningException("Can not set password on users outside of the primary domain");
    }
    if (user.getPassword() != null && !user.getPassword().isEmpty()) {
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        try {
            HttpCon con = this.createClient();
            try {
                IPACall setPassword = new IPACall();
                setPassword.setId(0);
                setPassword.setMethod("passwd");
                ArrayList<String> userArray = new ArrayList<String>();
                userArray.add(principal.getUid());
                setPassword.getParams().add(userArray);
                HashMap<String, String> additionalParams = new HashMap<String, String>();
                additionalParams.put("password", user.getPassword());
                setPassword.getParams().add(additionalParams);
                IPAResponse resp = this.executeIPACall(setPassword, con);
                con.getBcm().shutdown();
                // no we need to reset the password, this is a hack.  right way is to tell IPA the user doesn't need to reset their password
                HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
                httppost.addHeader("Referer", this.url + "/ipa/ui/");
                List<NameValuePair> formparams = new ArrayList<NameValuePair>();
                formparams.add(new BasicNameValuePair("user", principal.getUid()));
                formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
                formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
                UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
                httppost.setEntity(entity);
                con = this.createClient(principal.getUid(), user.getPassword());
                CloseableHttpClient http = con.getHttp();
                CloseableHttpResponse httpResp = http.execute(httppost);
                if (logger.isDebugEnabled()) {
                    logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
                }
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
            } finally {
                if (con != null) {
                    con.getBcm().shutdown();
                }
            }
        } catch (Exception e) {
            throw new ProvisioningException("Could not run search", e);
        }
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HttpPost(org.apache.http.client.methods.HttpPost) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) NameValuePair(org.apache.http.NameValuePair) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)

Example 7 with IPACall

use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.

the class UserPrincipal method findUser.

private User findUser(String userID, Set<String> attributes, HttpCon con, Map<String, Object> request) throws IPAException, ClientProtocolException, IOException {
    UserPrincipal principal = new UserPrincipal(userID, multiDomain, primaryDomain);
    if (principal.isPrimaryDomain()) {
        IPACall userSearch = new IPACall();
        userSearch.setId(0);
        userSearch.setMethod("user_show");
        ArrayList<String> userArray = new ArrayList<String>();
        userArray.add(principal.getUid());
        userSearch.getParams().add(userArray);
        HashMap<String, String> additionalParams = new HashMap<String, String>();
        additionalParams.put("all", "true");
        additionalParams.put("rights", "true");
        userSearch.getParams().add(additionalParams);
        IPAResponse resp = this.executeIPACall(userSearch, con);
        User user = new User();
        user.setUserID(userID);
        Map<String, Object> results = (Map<String, Object>) resp.getResult().getResult();
        for (String attributeName : attributes) {
            if (attributeName.equalsIgnoreCase("uid")) {
                Attribute a = user.getAttribs().get(attributeName);
                if (a == null) {
                    a = new Attribute(attributeName);
                    user.getAttribs().put(attributeName, a);
                }
                StringBuilder s = new StringBuilder().append((String) ((List) results.get(attributeName)).get(0));
                if (this.multiDomain) {
                    s.append('@').append(principal.getDomain());
                }
                a.getValues().add(s.toString());
            } else {
                if (results.get(attributeName) != null) {
                    if (results.get(attributeName) instanceof List) {
                        Attribute a = user.getAttribs().get(attributeName);
                        if (a == null) {
                            a = new Attribute(attributeName);
                            user.getAttribs().put(attributeName, a);
                        }
                        List l = (List) results.get(attributeName);
                        for (Object o : l) {
                            a.getValues().add((String) o);
                        }
                    } else {
                        Attribute a = user.getAttribs().get(attributeName);
                        if (a == null) {
                            a = new Attribute(attributeName);
                            user.getAttribs().put(attributeName, a);
                        }
                        a.getValues().add((String) results.get(attributeName));
                    }
                }
            }
        }
        if (results != null && results.get("memberof_group") != null) {
            for (Object o : ((List) results.get("memberof_group"))) {
                String groupName = (String) o;
                user.getGroups().add(groupName);
            }
        }
        return user;
    } else {
        IPACall listGroups = new IPACall();
        listGroups.setId(0);
        listGroups.setMethod("group_find");
        ArrayList<String> userArray = new ArrayList<String>();
        userArray.add("");
        listGroups.getParams().add(userArray);
        HashMap<String, String> additionalParams = new HashMap<String, String>();
        additionalParams.put("pkey_only", "true");
        additionalParams.put("sizelimit", "0");
        listGroups.getParams().add(additionalParams);
        IPAResponse resp = this.executeIPACall(listGroups, con);
        List<Map> groups = (List<Map>) resp.getResult().getResult();
        List<IPACall> groupsToFind = new ArrayList<IPACall>();
        for (Map group : groups) {
            IPACall showGroup = new IPACall();
            showGroup.setId(0);
            showGroup.setMethod("group_show");
            ArrayList<String> groupName = new ArrayList<String>();
            groupName.add(((List) group.get("cn")).get(0).toString());
            showGroup.getParams().add(groupName);
            additionalParams = new HashMap<String, String>();
            additionalParams.put("no_members", "true");
            showGroup.getParams().add(additionalParams);
            groupsToFind.add(showGroup);
        }
        IPACall groupDetails = new IPACall();
        groupDetails.setId(0);
        groupDetails.setMethod("batch");
        groupDetails.getParams().add(groupsToFind);
        additionalParams = new HashMap<String, String>();
        groupDetails.getParams().add(additionalParams);
        IPABatchResponse batchResp = this.executeIPABatchCall(groupDetails, con);
        User user = new User();
        user.setUserID(userID);
        user.getAttribs().put("uid", new Attribute("uid", userID));
        if (batchResp.getResult() != null) {
            for (IPATopResult res : batchResp.getResult().getResults()) {
                String groupName = (String) res.getValue();
                if (((Map) res.getResult()).containsKey("ipaexternalmember")) {
                    List<String> vals = (List<String>) ((Map) res.getResult()).get("ipaexternalmember");
                    for (String val : vals) {
                        if (val.equalsIgnoreCase(userID)) {
                            user.getGroups().add(groupName);
                            break;
                        }
                    }
                }
            }
        }
        // call id_override
        IPACall idOveride = new IPACall();
        idOveride.setId(0);
        idOveride.setMethod("idoverrideuser_show");
        List<String> params = new ArrayList<String>();
        params.add(this.trustViewName);
        params.add(userID);
        idOveride.getParams().add(params);
        Map<String, Object> param2 = new HashMap<String, Object>();
        param2.put("all", true);
        param2.put("rights", false);
        idOveride.getParams().add(param2);
        resp = null;
        try {
            resp = this.executeIPACall(idOveride, con);
            Map<String, List<String>> attrFromIpa = (Map<String, List<String>>) resp.getResult().getResult();
            for (String attrName : attrFromIpa.keySet()) {
                if (attributes.contains(attrName)) {
                    Attribute attrToAdd = new Attribute(attrName);
                    attrToAdd.getValues().addAll(attrFromIpa.get(attrName));
                    user.getAttribs().put(attrName, attrToAdd);
                }
            }
        } catch (IPAException e) {
            if (!e.getMessage().contains("User ID override not found")) {
                throw e;
            } else {
                request.put("freeipa.exists", false);
            }
        }
        return user;
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) User(com.tremolosecurity.provisioning.core.User) HashMap(java.util.HashMap) Attribute(com.tremolosecurity.saml.Attribute) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList) IPATopResult(com.tremolosecurity.unison.freeipa.json.IPATopResult) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) IPABatchResponse(com.tremolosecurity.unison.freeipa.json.IPABatchResponse) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map)

Example 8 with IPACall

use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.

the class FreeIPAAz method listPossibleApprovers.

@Override
public List<String> listPossibleApprovers(String... params) throws AzException {
    ConfigManager cfg = GlobalEntries.getGlobalEntries().getConfigManager();
    try {
        FreeIPATarget ipa = (FreeIPATarget) cfg.getProvisioningEngine().getTarget(this.targetName).getProvider();
        IPACall showGroup = new IPACall();
        showGroup.setId(0);
        showGroup.setMethod("group_show");
        ArrayList<String> groupName = new ArrayList<String>();
        groupName.add(params[0]);
        showGroup.getParams().add(groupName);
        HashMap<String, String> additionalParams = new HashMap<String, String>();
        additionalParams.put("no_members", "true");
        showGroup.getParams().add(additionalParams);
        IPAResponse resp = ipa.executeIPACall(showGroup);
        ArrayList<FilterBuilder> checks = new ArrayList<FilterBuilder>();
        if (((Map) resp.getResult().getResult()).containsKey("ipaexternalmember")) {
            List<String> vals = (List<String>) ((Map) resp.getResult().getResult()).get("ipaexternalmember");
            for (String val : vals) {
                checks.add(equal(this.uidAttributeName, val));
            }
        }
        FilterBuilder[] filters = new FilterBuilder[checks.size()];
        checks.toArray(filters);
        String filter = or(filters).toString();
        ArrayList<String> attrsToGet = new ArrayList<String>();
        attrsToGet.add("1.1");
        LDAPSearchResults ldapSearch = cfg.getMyVD().search(cfg.getCfg().getLdapRoot(), 2, filter, attrsToGet);
        ArrayList<String> approvers = new ArrayList<String>();
        while (ldapSearch.hasMore()) {
            approvers.add(ldapSearch.next().getDN());
        }
        return approvers;
    } catch (Exception e) {
        throw new AzException("Could not process authorization", e);
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HashMap(java.util.HashMap) AzException(com.tremolosecurity.proxy.az.AzException) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) AzException(com.tremolosecurity.proxy.az.AzException) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) FilterBuilder(org.apache.directory.ldap.client.api.search.FilterBuilder) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map)

Example 9 with IPACall

use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.

the class UserPrincipal method addGroup.

private void addGroup(UserPrincipal principal, String groupName, HttpCon con, int approvalID, Workflow workflow) throws Exception {
    if (principal.isPrimaryDomain()) {
        IPACall addGroup = new IPACall();
        addGroup.setId(0);
        addGroup.setMethod("group_add_member");
        ArrayList<String> groupNames = new ArrayList<String>();
        groupNames.add(groupName);
        addGroup.getParams().add(groupNames);
        HashMap<String, Object> nvps = new HashMap<String, Object>();
        ArrayList<String> users = new ArrayList<String>();
        users.add(principal.getUid());
        nvps.put("user", users);
        addGroup.getParams().add(nvps);
        IPAResponse resp = this.executeIPACall(addGroup, con);
        this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
    } else {
        IPACall addGroup = new IPACall();
        addGroup.setId(0);
        addGroup.setMethod("group_add_member");
        ArrayList<String> groupNames = new ArrayList<String>();
        groupNames.add(groupName);
        addGroup.getParams().add(groupNames);
        HashMap<String, Object> nvps = new HashMap<String, Object>();
        ArrayList<String> users = new ArrayList<String>();
        users.add(principal.getUid());
        nvps.put("ipaexternalmember", principal.getUPN());
        addGroup.getParams().add(nvps);
        IPAResponse resp = this.executeIPACall(addGroup, con);
        this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList)

Example 10 with IPACall

use of com.tremolosecurity.unison.freeipa.json.IPACall in project OpenUnison by TremoloSecurity.

the class UserPrincipal method deleteAttribute.

private void deleteAttribute(UserPrincipal principal, String attrName, HttpCon con, int approvalID, Workflow workflow) throws Exception {
    if (principal.isPrimaryDomain()) {
        IPACall modify = new IPACall();
        modify.setId(0);
        modify.setMethod("user_mod");
        ArrayList<String> userArray = new ArrayList<String>();
        userArray.add(principal.getUid());
        modify.getParams().add(userArray);
        HashMap<String, Object> additionalParams = new HashMap<String, Object>();
        additionalParams.put(attrName, "");
        modify.getParams().add(additionalParams);
        IPAResponse resp = this.executeIPACall(modify, con);
    } else {
        IPACall idOveride = new IPACall();
        idOveride.setId(0);
        idOveride.setMethod("idoverrideuser_mod");
        List<String> params = new ArrayList<String>();
        params.add(this.trustViewName);
        params.add(principal.getUPN());
        idOveride.getParams().add(params);
        Map<String, Object> param2 = new HashMap<String, Object>();
        param2.put("all", true);
        param2.put("rights", false);
        param2.put(attrName, "");
        idOveride.getParams().add(param2);
        try {
            IPAResponse resp = this.executeIPACall(idOveride, con);
        } catch (IPAException e) {
            if (!e.getMessage().equalsIgnoreCase("no modifications to be performed")) {
                throw e;
            }
        }
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList)

Aggregations

IPACall (com.tremolosecurity.unison.freeipa.json.IPACall)12 IPAResponse (com.tremolosecurity.unison.freeipa.json.IPAResponse)12 ArrayList (java.util.ArrayList)12 HashMap (java.util.HashMap)12 IPAException (com.tremolosecurity.unison.freeipa.util.IPAException)9 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)7 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)6 IOException (java.io.IOException)6 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 ClientProtocolException (org.apache.http.client.ClientProtocolException)6 Workflow (com.tremolosecurity.provisioning.core.Workflow)5 List (java.util.List)3 Attribute (com.tremolosecurity.saml.Attribute)2 Map (java.util.Map)2 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1 ConfigManager (com.tremolosecurity.config.util.ConfigManager)1 User (com.tremolosecurity.provisioning.core.User)1 AzException (com.tremolosecurity.proxy.az.AzException)1 IPABatchResponse (com.tremolosecurity.unison.freeipa.json.IPABatchResponse)1 IPATopResult (com.tremolosecurity.unison.freeipa.json.IPATopResult)1