Example 6 with IPAResponse
use of com.tremolosecurity.unison.freeipa.json.IPAResponse in project OpenUnison by TremoloSecurity.
the class UserPrincipal method executeIPACall.
private IPAResponse executeIPACall(IPACall ipaCall, HttpCon con) throws IPAException, ClientProtocolException, IOException {
Gson gson = new Gson();
String json = gson.toJson(ipaCall);
if (logger.isDebugEnabled()) {
logger.debug("Outbound JSON : '" + json + "'");
}
HttpClient http = con.getHttp();
StringEntity str = new StringEntity(json, ContentType.APPLICATION_JSON);
HttpPost httppost = new HttpPost(this.url + "/ipa/session/json");
httppost.addHeader("Referer", this.url + "/ipa/ui/");
httppost.setEntity(str);
HttpResponse resp = http.execute(httppost);
BufferedReader in = new BufferedReader(new InputStreamReader(resp.getEntity().getContent()));
StringBuffer b = new StringBuffer();
String line = null;
while ((line = in.readLine()) != null) {
b.append(line);
}
if (logger.isDebugEnabled()) {
logger.debug("Inbound JSON : " + b.toString());
}
EntityUtils.consumeQuietly(resp.getEntity());
httppost.completed();
IPAResponse ipaResponse = gson.fromJson(b.toString(), IPAResponse.class);
if (ipaResponse.getError() != null) {
IPAException ipaException = new IPAException(ipaResponse.getError().getMessage());
ipaException.setCode(ipaResponse.getError().getCode());
ipaException.setName(ipaResponse.getError().getName());
throw ipaException;
} else {
return ipaResponse;
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
StringEntity(org.apache.http.entity.StringEntity)
HttpPost(org.apache.http.client.methods.HttpPost)
IPAException(com.tremolosecurity.unison.freeipa.util.IPAException)
InputStreamReader(java.io.InputStreamReader)
HttpClient(org.apache.http.client.HttpClient)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
BufferedReader(java.io.BufferedReader)
Gson(com.google.gson.Gson)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
HttpResponse(org.apache.http.HttpResponse)
Example 7 with IPAResponse
use of com.tremolosecurity.unison.freeipa.json.IPAResponse in project OpenUnison by TremoloSecurity.
the class UserPrincipal method setUserPassword.
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
if (!principal.isPrimaryDomain()) {
throw new ProvisioningException("Can not set password on users outside of the primary domain");
}
if (user.getPassword() != null && !user.getPassword().isEmpty()) {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
HttpCon con = this.createClient();
try {
IPACall setPassword = new IPACall();
setPassword.setId(0);
setPassword.setMethod("passwd");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
setPassword.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("password", user.getPassword());
setPassword.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(setPassword, con);
con.getBcm().shutdown();
// no we need to reset the password, this is a hack. right way is to tell IPA the user doesn't need to reset their password
HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
httppost.addHeader("Referer", this.url + "/ipa/ui/");
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("user", principal.getUid()));
formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(entity);
con = this.createClient(principal.getUid(), user.getPassword());
CloseableHttpClient http = con.getHttp();
CloseableHttpResponse httpResp = http.execute(httppost);
if (logger.isDebugEnabled()) {
logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
}
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not run search", e);
}
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
HttpPost(org.apache.http.client.methods.HttpPost)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
NameValuePair(org.apache.http.NameValuePair)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
HashMap(java.util.HashMap)
IPACall(com.tremolosecurity.unison.freeipa.json.IPACall)
ArrayList(java.util.ArrayList)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
IPAException(com.tremolosecurity.unison.freeipa.util.IPAException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
Example 8 with IPAResponse
use of com.tremolosecurity.unison.freeipa.json.IPAResponse in project OpenUnison by TremoloSecurity.
the class UserPrincipal method findUser.
private User findUser(String userID, Set<String> attributes, HttpCon con, Map<String, Object> request) throws IPAException, ClientProtocolException, IOException {
UserPrincipal principal = new UserPrincipal(userID, multiDomain, primaryDomain);
if (principal.isPrimaryDomain()) {
IPACall userSearch = new IPACall();
userSearch.setId(0);
userSearch.setMethod("user_show");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
userSearch.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("all", "true");
additionalParams.put("rights", "true");
userSearch.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(userSearch, con);
User user = new User();
user.setUserID(userID);
Map<String, Object> results = (Map<String, Object>) resp.getResult().getResult();
for (String attributeName : attributes) {
if (attributeName.equalsIgnoreCase("uid")) {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
StringBuilder s = new StringBuilder().append((String) ((List) results.get(attributeName)).get(0));
if (this.multiDomain) {
s.append('@').append(principal.getDomain());
}
a.getValues().add(s.toString());
} else {
if (results.get(attributeName) != null) {
if (results.get(attributeName) instanceof List) {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
List l = (List) results.get(attributeName);
for (Object o : l) {
a.getValues().add((String) o);
}
} else {
Attribute a = user.getAttribs().get(attributeName);
if (a == null) {
a = new Attribute(attributeName);
user.getAttribs().put(attributeName, a);
}
a.getValues().add((String) results.get(attributeName));
}
}
}
}
if (results != null && results.get("memberof_group") != null) {
for (Object o : ((List) results.get("memberof_group"))) {
String groupName = (String) o;
user.getGroups().add(groupName);
}
}
return user;
} else {
IPACall listGroups = new IPACall();
listGroups.setId(0);
listGroups.setMethod("group_find");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add("");
listGroups.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("pkey_only", "true");
additionalParams.put("sizelimit", "0");
listGroups.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(listGroups, con);
List<Map> groups = (List<Map>) resp.getResult().getResult();
List<IPACall> groupsToFind = new ArrayList<IPACall>();
for (Map group : groups) {
IPACall showGroup = new IPACall();
showGroup.setId(0);
showGroup.setMethod("group_show");
ArrayList<String> groupName = new ArrayList<String>();
groupName.add(((List) group.get("cn")).get(0).toString());
showGroup.getParams().add(groupName);
additionalParams = new HashMap<String, String>();
additionalParams.put("no_members", "true");
showGroup.getParams().add(additionalParams);
groupsToFind.add(showGroup);
}
IPACall groupDetails = new IPACall();
groupDetails.setId(0);
groupDetails.setMethod("batch");
groupDetails.getParams().add(groupsToFind);
additionalParams = new HashMap<String, String>();
groupDetails.getParams().add(additionalParams);
IPABatchResponse batchResp = this.executeIPABatchCall(groupDetails, con);
User user = new User();
user.setUserID(userID);
user.getAttribs().put("uid", new Attribute("uid", userID));
if (batchResp.getResult() != null) {
for (IPATopResult res : batchResp.getResult().getResults()) {
String groupName = (String) res.getValue();
if (((Map) res.getResult()).containsKey("ipaexternalmember")) {
List<String> vals = (List<String>) ((Map) res.getResult()).get("ipaexternalmember");
for (String val : vals) {
if (val.equalsIgnoreCase(userID)) {
user.getGroups().add(groupName);
break;
}
}
}
}
}
// call id_override
IPACall idOveride = new IPACall();
idOveride.setId(0);
idOveride.setMethod("idoverrideuser_show");
List<String> params = new ArrayList<String>();
params.add(this.trustViewName);
params.add(userID);
idOveride.getParams().add(params);
Map<String, Object> param2 = new HashMap<String, Object>();
param2.put("all", true);
param2.put("rights", false);
idOveride.getParams().add(param2);
resp = null;
try {
resp = this.executeIPACall(idOveride, con);
Map<String, List<String>> attrFromIpa = (Map<String, List<String>>) resp.getResult().getResult();
for (String attrName : attrFromIpa.keySet()) {
if (attributes.contains(attrName)) {
Attribute attrToAdd = new Attribute(attrName);
attrToAdd.getValues().addAll(attrFromIpa.get(attrName));
user.getAttribs().put(attrName, attrToAdd);
}
}
} catch (IPAException e) {
if (!e.getMessage().contains("User ID override not found")) {
throw e;
} else {
request.put("freeipa.exists", false);
}
}
return user;
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
User(com.tremolosecurity.provisioning.core.User)
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
IPACall(com.tremolosecurity.unison.freeipa.json.IPACall)
ArrayList(java.util.ArrayList)
IPATopResult(com.tremolosecurity.unison.freeipa.json.IPATopResult)
IPAException(com.tremolosecurity.unison.freeipa.util.IPAException)
IPABatchResponse(com.tremolosecurity.unison.freeipa.json.IPABatchResponse)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 9 with IPAResponse
use of com.tremolosecurity.unison.freeipa.json.IPAResponse in project OpenUnison by TremoloSecurity.
the class FreeIPAAz method listPossibleApprovers.
@Override
public List<String> listPossibleApprovers(String... params) throws AzException {
ConfigManager cfg = GlobalEntries.getGlobalEntries().getConfigManager();
try {
FreeIPATarget ipa = (FreeIPATarget) cfg.getProvisioningEngine().getTarget(this.targetName).getProvider();
IPACall showGroup = new IPACall();
showGroup.setId(0);
showGroup.setMethod("group_show");
ArrayList<String> groupName = new ArrayList<String>();
groupName.add(params[0]);
showGroup.getParams().add(groupName);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("no_members", "true");
showGroup.getParams().add(additionalParams);
IPAResponse resp = ipa.executeIPACall(showGroup);
ArrayList<FilterBuilder> checks = new ArrayList<FilterBuilder>();
if (((Map) resp.getResult().getResult()).containsKey("ipaexternalmember")) {
List<String> vals = (List<String>) ((Map) resp.getResult().getResult()).get("ipaexternalmember");
for (String val : vals) {
checks.add(equal(this.uidAttributeName, val));
}
}
FilterBuilder[] filters = new FilterBuilder[checks.size()];
checks.toArray(filters);
String filter = or(filters).toString();
ArrayList<String> attrsToGet = new ArrayList<String>();
attrsToGet.add("1.1");
LDAPSearchResults ldapSearch = cfg.getMyVD().search(cfg.getCfg().getLdapRoot(), 2, filter, attrsToGet);
ArrayList<String> approvers = new ArrayList<String>();
while (ldapSearch.hasMore()) {
approvers.add(ldapSearch.next().getDN());
}
return approvers;
} catch (Exception e) {
throw new AzException("Could not process authorization", e);
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
HashMap(java.util.HashMap)
AzException(com.tremolosecurity.proxy.az.AzException)
IPACall(com.tremolosecurity.unison.freeipa.json.IPACall)
ArrayList(java.util.ArrayList)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
AzException(com.tremolosecurity.proxy.az.AzException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
FilterBuilder(org.apache.directory.ldap.client.api.search.FilterBuilder)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 10 with IPAResponse
use of com.tremolosecurity.unison.freeipa.json.IPAResponse in project OpenUnison by TremoloSecurity.
the class UserPrincipal method addGroup.
private void addGroup(UserPrincipal principal, String groupName, HttpCon con, int approvalID, Workflow workflow) throws Exception {
if (principal.isPrimaryDomain()) {
IPACall addGroup = new IPACall();
addGroup.setId(0);
addGroup.setMethod("group_add_member");
ArrayList<String> groupNames = new ArrayList<String>();
groupNames.add(groupName);
addGroup.getParams().add(groupNames);
HashMap<String, Object> nvps = new HashMap<String, Object>();
ArrayList<String> users = new ArrayList<String>();
users.add(principal.getUid());
nvps.put("user", users);
addGroup.getParams().add(nvps);
IPAResponse resp = this.executeIPACall(addGroup, con);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
} else {
IPACall addGroup = new IPACall();
addGroup.setId(0);
addGroup.setMethod("group_add_member");
ArrayList<String> groupNames = new ArrayList<String>();
groupNames.add(groupName);
addGroup.getParams().add(groupNames);
HashMap<String, Object> nvps = new HashMap<String, Object>();
ArrayList<String> users = new ArrayList<String>();
users.add(principal.getUid());
nvps.put("ipaexternalmember", principal.getUPN());
addGroup.getParams().add(nvps);
IPAResponse resp = this.executeIPACall(addGroup, con);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
HashMap(java.util.HashMap)
IPACall(com.tremolosecurity.unison.freeipa.json.IPACall)
ArrayList(java.util.ArrayList)
Aggregations
IPAResponse (com.tremolosecurity.unison.freeipa.json.IPAResponse)13
IPACall (com.tremolosecurity.unison.freeipa.json.IPACall)12
ArrayList (java.util.ArrayList)12
HashMap (java.util.HashMap)12
IPAException (com.tremolosecurity.unison.freeipa.util.IPAException)10
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)7
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)6
IOException (java.io.IOException)6
UnsupportedEncodingException (java.io.UnsupportedEncodingException)6
ClientProtocolException (org.apache.http.client.ClientProtocolException)6
Workflow (com.tremolosecurity.provisioning.core.Workflow)5
List (java.util.List)3
Attribute (com.tremolosecurity.saml.Attribute)2
Map (java.util.Map)2
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2
HttpPost (org.apache.http.client.methods.HttpPost)2
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)2
Gson (com.google.gson.Gson)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
ConfigManager (com.tremolosecurity.config.util.ConfigManager)1
