Example 6 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDBEntrySet method getNextEntry.
private boolean getNextEntry() {
if (this.baseEntries != null && this.baseEntries.hasNext()) {
Entry tmpEntry = this.baseEntries.next();
if (filter.getRoot().checkEntry(tmpEntry.getEntry())) {
this.currEntry = tmpEntry;
this.entryFetched = false;
return true;
} else {
return getNextEntry();
}
} else if (this.userRes != null && this.userRes.hasNext()) {
Entry tmpEntry = createEntry(this.userRes.next(), true);
// if (filter.getRoot().checkEntry(tmpEntry.getEntry())) {
this.currEntry = tmpEntry;
this.entryFetched = false;
return true;
// } else {
// return getNextEntry();
// }
} else if (this.groupRes != null && this.groupRes.hasNext()) {
Entry tmpEntry = createEntry(this.groupRes.next(), false);
// if (filter.getRoot().checkEntry(tmpEntry.getEntry())) {
this.currEntry = tmpEntry;
this.entryFetched = false;
return true;
// } else {
// return getNextEntry();
// }
} else {
this.done = true;
return false;
}
}Example 7 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class AdminInsert method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
Entry luserEntry = new Entry(new LDAPEntry(userEntry.getDN(), (LDAPAttributeSet) userEntry.getAttributeSet().clone()));
Entry lrootEntry = new Entry(new LDAPEntry(userEntry.getDN(), (LDAPAttributeSet) userEntry.getAttributeSet().clone()));
ArrayList<Entry> res = new ArrayList<Entry>();
if (scope.getValue() == 0) {
if (base.getDN().toString().equalsIgnoreCase(rootEntry.getDN()) && filter.getRoot().checkEntry(rootEntry)) {
res.add(lrootEntry);
}
if (base.getDN().toString().equalsIgnoreCase(userEntry.getDN()) && filter.getRoot().checkEntry(userEntry)) {
res.add(luserEntry);
}
} else if (scope.getValue() == 1) {
if (base.getDN().toString().equalsIgnoreCase(rootEntry.getDN()) && filter.getRoot().checkEntry(userEntry)) {
res.add(luserEntry);
}
} else if (scope.getValue() == 2) {
if (base.getDN().toString().equalsIgnoreCase(rootEntry.getDN()) && filter.getRoot().checkEntry(rootEntry)) {
res.add(lrootEntry);
}
if (userEntry.getDN().toLowerCase().endsWith(base.getDN().toString().toLowerCase()) && filter.getRoot().checkEntry(userEntry)) {
res.add(luserEntry);
}
}
chain.addResult(results, new IteratorEntrySet(res.iterator()), base, scope, filter, attributes, typesOnly, constraints);
}
Also used :
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ArrayList(java.util.ArrayList)
Example 8 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class AuthLockoutInsert method bind.
@Override
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
Results results = new Results(null, chain.getPositionInChain(this) + 1);
SearchInterceptorChain schain = chain.createSearchChain(chain.getPositionInChain(this) + 1);
schain.nextSearch(new DistinguishedName(dn.getDN()), new Int(0), new Filter("(objectClass=*)"), new ArrayList<Attribute>(), new Bool(false), results, new LDAPSearchConstraints());
results.start();
if (!results.hasMore()) {
throw new LDAPException("No such object", LDAPException.NO_SUCH_OBJECT, "Could not find dn");
}
Entry entry = results.next();
while (results.hasMore()) {
results.next();
}
try {
chain.nextBind(dn, pwd, constraints);
LDAPAttribute lastFailed = entry.getEntry().getAttributeSet().getAttribute(this.lastFailedAttribute);
LDAPAttribute numFailures = entry.getEntry().getAttributeSet().getAttribute(this.numFailedAttribute);
if (lastFailed != null && numFailures != null) {
long lastFailedTS = Long.parseLong(lastFailed.getStringValue());
int numPrevFailures = Integer.parseInt(numFailures.getStringValue());
long now = new DateTime(DateTimeZone.UTC).getMillis();
long lockedUntil = lastFailedTS + this.maxLockoutTime;
if (logger.isDebugEnabled()) {
logger.debug("Num Failed : " + numPrevFailures);
logger.debug("Last Failed : '" + lastFailedTS + "'");
logger.info("Now : '" + now + "'");
logger.info("Locked Until : '" + lockedUntil + "'");
logger.info("locked >= now? : '" + (lockedUntil >= now) + "'");
logger.info("max fails? : '" + this.maxFailedAttempts + "'");
logger.info("too many fails : '" + (numPrevFailures >= this.maxFailedAttempts) + "'");
}
if (lockedUntil >= now && numPrevFailures >= this.maxFailedAttempts) {
this.updateFailedAttrs(entry.getEntry());
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "User locked out");
}
}
this.updateSuccessAttrs(entry.getEntry());
} catch (LDAPException e) {
if (e.getResultCode() == LDAPException.INVALID_CREDENTIALS) {
this.updateFailedAttrs(entry.getEntry());
}
throw e;
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
Int(net.sourceforge.myvd.types.Int)
DateTime(org.joda.time.DateTime)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
Results(net.sourceforge.myvd.types.Results)
Filter(net.sourceforge.myvd.types.Filter)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
Example 9 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDB method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
boolean addBase = false;
boolean addUser = false;
boolean addGroups = false;
boolean searchUsers = false;
boolean searchGroups = false;
Filter filterToUser = null;
Iterator<Item> userResults = null;
Iterator<Item> groupResults = null;
try {
filterToUser = new Filter((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
if (scope.getValue() == 0) {
if (base.getDN().equals(this.baseDN)) {
addBase = true;
} else if (base.getDN().equals(this.userDN)) {
addUser = true;
} else if (base.getDN().equals(this.groupDN)) {
addGroups = true;
} else if (base.getDN().toString().endsWith(this.userDN.toString())) {
searchUsers = true;
filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().toString().endsWith(this.groupDN.toString())) {
searchGroups = true;
filterToUser = this.addBaseToFilter(base, filterToUser);
} else {
throw new LDAPException("Object not found", LDAPException.NO_SUCH_OBJECT, base.getDN().toString());
}
} else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
addUser = true;
addGroups = true;
} else if (base.getDN().equals(userDN)) {
searchUsers = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(groupDN)) {
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
}
} else if (scope.getValue() == 2) {
if (base.getDN().equals(this.baseDN)) {
addBase = true;
addUser = true;
addGroups = true;
searchUsers = true;
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(userDN) || base.getDN().toString().endsWith(this.userDN.toString())) {
searchUsers = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(groupDN) || base.getDN().toString().endsWith(this.groupDN.toString())) {
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
}
}
ArrayList<Entry> baseEntries = new ArrayList<Entry>();
if (addBase) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
}
if (addUser) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.userDN)));
}
if (addGroups) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.groupDN)));
}
if (searchUsers) {
userResults = this.searchAmazonSimpleDB(true, filterToUser, attributes);
}
if (searchGroups) {
groupResults = this.searchAmazonSimpleDB(false, filterToUser, attributes);
}
chain.addResult(results, new AmazonSimpleDBEntrySet(this.baseDN.toString(), baseEntries.iterator(), userResults, groupResults, filterToUser), base, scope, filterToUser, attributes, typesOnly, constraints);
}
Also used :
Item(com.amazonaws.services.simpledb.model.Item)
Entry(net.sourceforge.myvd.types.Entry)
LDAPException(com.novell.ldap.LDAPException)
Filter(net.sourceforge.myvd.types.Filter)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
Example 10 with Entry
use of net.sourceforge.myvd.types.Entry in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDBEntrySet method createEntry.
private Entry createEntry(Item item, boolean user) {
StringBuffer dnBuff = new StringBuffer();
LDAPAttribute objClass = null;
if (user) {
dnBuff.append("uid=").append(item.getName()).append(",ou=users,").append(this.dnBase);
objClass = new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass());
} else {
dnBuff.append("cn=").append(item.getName()).append(",ou=groups,").append(this.dnBase);
objClass = new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupObjectClass());
}
LDAPAttributeSet attrs = new LDAPAttributeSet();
for (Attribute fromAmz : item.getAttributes()) {
LDAPAttribute attr = attrs.getAttribute(fromAmz.getName());
if (attr == null) {
attr = new LDAPAttribute(fromAmz.getName());
attrs.add(attr);
}
attr.addValue(fromAmz.getValue());
}
attrs.add(objClass);
return new Entry(new LDAPEntry(dnBuff.toString(), attrs));
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
Attribute(com.amazonaws.services.simpledb.model.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
Aggregations
Entry (net.sourceforge.myvd.types.Entry)16
LDAPEntry (com.novell.ldap.LDAPEntry)14
ArrayList (java.util.ArrayList)12
LDAPException (com.novell.ldap.LDAPException)11
LDAPAttribute (com.novell.ldap.LDAPAttribute)8
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)8
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)6
Filter (net.sourceforge.myvd.types.Filter)5
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)3
RDN (com.novell.ldap.util.RDN)3
User (com.okta.sdk.resource.user.User)3
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)3
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)3
FilterNode (net.sourceforge.myvd.types.FilterNode)3
Item (com.amazonaws.services.simpledb.model.Item)2
AuthenticationClient (com.okta.authn.sdk.client.AuthenticationClient)2
Client (com.okta.sdk.client.Client)2
ResourceException (com.okta.sdk.resource.ResourceException)2
UserList (com.okta.sdk.resource.user.UserList)2
K8sUser (com.tremolosecurity.myvd.dataObj.K8sUser)2
