Example 1 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class AmazonDynamoDB method addBaseToFilter.
private Filter addBaseToFilter(DistinguishedName base, Filter filter) {
String rdnName, rdnVal;
RDN rdn = (RDN) base.getDN().getRDNs().get(0);
rdnName = rdn.getType();
rdnVal = rdn.getValue();
ArrayList<FilterNode> ands = new ArrayList<FilterNode>();
ands.add(new FilterNode(FilterType.EQUALS, rdnName, rdnVal));
try {
ands.add((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
FilterNode newroot = new FilterNode(FilterType.AND, ands);
filter = new Filter(newroot);
return filter;
}
Also used :
Filter(net.sourceforge.myvd.types.Filter)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
RDN(com.novell.ldap.util.RDN)
Example 2 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class AmazonDynamoDB method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
boolean addBase = false;
boolean addUser = false;
boolean addGroups = false;
boolean searchUsers = false;
boolean searchGroups = false;
Filter filterToUser = null;
Iterator<Item> userResults = null;
Iterator<Item> groupResults = null;
try {
filterToUser = new Filter((FilterNode) filter.getRoot().clone());
} catch (CloneNotSupportedException e) {
}
if (scope.getValue() == 0) {
if (base.getDN().equals(this.baseDN)) {
addBase = true;
} else if (base.getDN().equals(this.userDN)) {
addUser = true;
} else if (base.getDN().equals(this.groupDN)) {
addGroups = true;
} else if (base.getDN().toString().endsWith(this.userDN.toString())) {
searchUsers = true;
filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().toString().endsWith(this.groupDN.toString())) {
searchGroups = true;
filterToUser = this.addBaseToFilter(base, filterToUser);
} else {
throw new LDAPException("Object not found", LDAPException.NO_SUCH_OBJECT, base.getDN().toString());
}
} else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
addUser = true;
addGroups = true;
} else if (base.getDN().equals(userDN)) {
searchUsers = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(groupDN)) {
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
}
} else if (scope.getValue() == 2) {
if (base.getDN().equals(this.baseDN)) {
addBase = true;
addUser = true;
addGroups = true;
searchUsers = true;
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(userDN) || base.getDN().toString().endsWith(this.userDN.toString())) {
searchUsers = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
} else if (base.getDN().equals(groupDN) || base.getDN().toString().endsWith(this.groupDN.toString())) {
searchGroups = true;
// filterToUser = this.addBaseToFilter(base, filterToUser);
}
}
ArrayList<Entry> baseEntries = new ArrayList<Entry>();
if (addBase) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
}
if (addUser) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.userDN)));
}
if (addGroups) {
baseEntries.add(new Entry(EntryUtil.createBaseEntry(this.groupDN)));
}
}
Also used :
Item(com.amazonaws.services.simpledb.model.Item)
Entry(net.sourceforge.myvd.types.Entry)
LDAPException(com.novell.ldap.LDAPException)
Filter(net.sourceforge.myvd.types.Filter)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
Example 3 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method lookupUser.
private void lookupUser(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception, LDAPException, IOException {
if (this.scaleMainConfig == null) {
UrlHolder holder = GlobalEntries.getGlobalEntries().getConfigManager().findURL(this.scaleMainURL);
for (HttpFilter filter : holder.getFilterChain()) {
if (filter instanceof ScaleMain) {
ScaleMain scaleMain = (ScaleMain) filter;
this.scaleMainConfig = scaleMain.scaleConfig;
}
}
}
String dn = request.getParameter("dn").getValues().get(0);
FilterBuilder baseFilter = (FilterBuilder) request.getAttribute("ops.search.filter");
String filter = "(objectClass=*)";
if (baseFilter != null) {
filter = baseFilter.toString();
}
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, filter, new ArrayList<String>());
if (!res.hasMore()) {
throw new Exception("Could not locate user '" + dn + "'");
}
LDAPEntry entry = res.next();
AuthInfo userData = new AuthInfo();
userData.setUserDN(entry.getDN());
LDAPAttributeSet attrs = entry.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
userData.getAttribs().put(attrib.getName(), attrib);
}
Set<String> allowedAttrs = null;
if (scaleMainConfig.getUiDecisions() != null) {
allowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
}
OpsUserData userToSend = new OpsUserData();
userToSend.setDn(userData.getUserDN());
for (String attrName : this.scaleMainConfig.getUserAttributeList()) {
if (allowedAttrs == null || allowedAttrs.contains(attrName)) {
Attribute attr = new Attribute(attrName);
Attribute fromUser = userData.getAttribs().get(attrName);
if (fromUser != null) {
attr.getValues().addAll(fromUser.getValues());
if (attrName.equalsIgnoreCase(this.scaleMainConfig.getUidAttributeName())) {
userToSend.setUid(fromUser.getValues().get(0));
}
}
userToSend.getAttributes().add(attr);
}
}
if (this.scaleMainConfig.getRoleAttribute() != null && !this.scaleMainConfig.getRoleAttribute().isEmpty()) {
Attribute fromUser = userData.getAttribs().get(this.scaleMainConfig.getRoleAttribute());
Attribute attr = new Attribute(this.scaleMainConfig.getRoleAttribute());
if (fromUser != null) {
attr.getValues().addAll(fromUser.getValues());
userToSend.getGroups().clear();
userToSend.getGroups().addAll(fromUser.getValues());
}
userToSend.getAttributes().add(attr);
}
ArrayList<String> attrNames = new ArrayList<String>();
attrNames.add("cn");
attrNames.add(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute());
res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), dn).toString(), attrNames);
net.sourceforge.myvd.types.Filter ldapFiltertoCheck = new net.sourceforge.myvd.types.Filter(equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), dn).toString());
while (res.hasMore()) {
entry = res.next();
if (ldapFiltertoCheck.getRoot().checkEntry(entry)) {
LDAPAttribute la = entry.getAttribute("cn");
if (la != null) {
String val = la.getStringValue();
if (!userToSend.getGroups().contains(val)) {
userToSend.getGroups().add(val);
}
}
}
}
if (scaleMainConfig.getUiDecisions() != null) {
Set<String> smAllowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
ScaleConfig local = new ScaleConfig(this.scaleMainConfig);
if (smAllowedAttrs != null) {
for (String attrName : this.scaleMainConfig.getAttributes().keySet()) {
if (!smAllowedAttrs.contains(attrName)) {
local.getAttributes().remove(attrName);
}
}
}
userToSend.setMetaData(local.getAttributes());
userToSend.setCanEditUser(this.scaleMainConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
} else {
userToSend.setMetaData(scaleMainConfig.getAttributes());
userToSend.setCanEditUser(scaleMainConfig.isCanEditUser());
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(userToSend).trim());
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
ArrayList(java.util.ArrayList)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
LDAPEntry(com.novell.ldap.LDAPEntry)
FilterBuilder(org.apache.directory.ldap.client.api.search.FilterBuilder)
HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
Filter(net.sourceforge.myvd.types.Filter)
OpsUserData(com.tremolosecurity.scalejs.operators.data.OpsUserData)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
LDAPException(com.novell.ldap.LDAPException)
IOException(java.io.IOException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
Filter(net.sourceforge.myvd.types.Filter)
HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter)
ScaleMain(com.tremolosecurity.scalejs.ws.ScaleMain)
ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)
Example 4 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class ExternalGroupMembers method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
boolean add = false;
for (Attribute attr : attributes) {
if (attr.getAttribute().getName().equalsIgnoreCase(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute())) {
add = true;
}
}
if (add) {
ArrayList<Attribute> nattrs = new ArrayList<Attribute>();
nattrs.addAll(attributes);
Attribute attr = new Attribute(this.externalGroupAttrName);
nattrs.add(attr);
attributes = nattrs;
}
Filter nfilter = null;
try {
FilterNode nroot = (FilterNode) filter.getRoot().clone();
nfilter = new Filter(nroot);
} catch (CloneNotSupportedException e) {
throw new LDAPException("Could not clone filter", LDAPException.OPERATIONS_ERROR, "Could not clone filter", e);
}
this.searchExternal(nfilter.getRoot());
chain.nextSearch(base, scope, nfilter, attributes, typesOnly, results, constraints);
}
Also used :
LDAPException(com.novell.ldap.LDAPException)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
Filter(net.sourceforge.myvd.types.Filter)
FilterNode(net.sourceforge.myvd.types.FilterNode)
ArrayList(java.util.ArrayList)
Example 5 with Filter
use of net.sourceforge.myvd.types.Filter in project OpenUnison by TremoloSecurity.
the class AuthLockoutInsert method bind.
@Override
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
Results results = new Results(null, chain.getPositionInChain(this) + 1);
SearchInterceptorChain schain = chain.createSearchChain(chain.getPositionInChain(this) + 1);
schain.nextSearch(new DistinguishedName(dn.getDN()), new Int(0), new Filter("(objectClass=*)"), new ArrayList<Attribute>(), new Bool(false), results, new LDAPSearchConstraints());
results.start();
if (!results.hasMore()) {
throw new LDAPException("No such object", LDAPException.NO_SUCH_OBJECT, "Could not find dn");
}
Entry entry = results.next();
while (results.hasMore()) {
results.next();
}
try {
chain.nextBind(dn, pwd, constraints);
LDAPAttribute lastFailed = entry.getEntry().getAttributeSet().getAttribute(this.lastFailedAttribute);
LDAPAttribute numFailures = entry.getEntry().getAttributeSet().getAttribute(this.numFailedAttribute);
if (lastFailed != null && numFailures != null) {
long lastFailedTS = Long.parseLong(lastFailed.getStringValue());
int numPrevFailures = Integer.parseInt(numFailures.getStringValue());
long now = new DateTime(DateTimeZone.UTC).getMillis();
long lockedUntil = lastFailedTS + this.maxLockoutTime;
if (logger.isDebugEnabled()) {
logger.debug("Num Failed : " + numPrevFailures);
logger.debug("Last Failed : '" + lastFailedTS + "'");
logger.info("Now : '" + now + "'");
logger.info("Locked Until : '" + lockedUntil + "'");
logger.info("locked >= now? : '" + (lockedUntil >= now) + "'");
logger.info("max fails? : '" + this.maxFailedAttempts + "'");
logger.info("too many fails : '" + (numPrevFailures >= this.maxFailedAttempts) + "'");
}
if (lockedUntil >= now && numPrevFailures >= this.maxFailedAttempts) {
this.updateFailedAttrs(entry.getEntry());
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "User locked out");
}
}
this.updateSuccessAttrs(entry.getEntry());
} catch (LDAPException e) {
if (e.getResultCode() == LDAPException.INVALID_CREDENTIALS) {
this.updateFailedAttrs(entry.getEntry());
}
throw e;
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
Int(net.sourceforge.myvd.types.Int)
DateTime(org.joda.time.DateTime)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
Results(net.sourceforge.myvd.types.Results)
Filter(net.sourceforge.myvd.types.Filter)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
Aggregations
Filter (net.sourceforge.myvd.types.Filter)11
ArrayList (java.util.ArrayList)10
LDAPException (com.novell.ldap.LDAPException)8
LDAPAttribute (com.novell.ldap.LDAPAttribute)6
FilterNode (net.sourceforge.myvd.types.FilterNode)6
LDAPEntry (com.novell.ldap.LDAPEntry)5
Entry (net.sourceforge.myvd.types.Entry)5
Attribute (net.sourceforge.myvd.types.Attribute)4
LDAPSearchConstraints (com.novell.ldap.LDAPSearchConstraints)3
RDN (com.novell.ldap.util.RDN)3
SearchInterceptorChain (net.sourceforge.myvd.chain.SearchInterceptorChain)3
Bool (net.sourceforge.myvd.types.Bool)3
DistinguishedName (net.sourceforge.myvd.types.DistinguishedName)3
Int (net.sourceforge.myvd.types.Int)3
Results (net.sourceforge.myvd.types.Results)3
Item (com.amazonaws.services.simpledb.model.Item)2
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)2
DN (com.novell.ldap.util.DN)2
IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)2
Gson (com.google.gson.Gson)1
