Example 1 with FilterBuilder
use of org.apache.directory.ldap.client.api.search.FilterBuilder in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method lookupUser.
private void lookupUser(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception, LDAPException, IOException {
if (this.scaleMainConfig == null) {
UrlHolder holder = GlobalEntries.getGlobalEntries().getConfigManager().findURL(this.scaleMainURL);
for (HttpFilter filter : holder.getFilterChain()) {
if (filter instanceof ScaleMain) {
ScaleMain scaleMain = (ScaleMain) filter;
this.scaleMainConfig = scaleMain.scaleConfig;
}
}
}
String dn = request.getParameter("dn").getValues().get(0);
FilterBuilder baseFilter = (FilterBuilder) request.getAttribute("ops.search.filter");
String filter = "(objectClass=*)";
if (baseFilter != null) {
filter = baseFilter.toString();
}
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, filter, new ArrayList<String>());
if (!res.hasMore()) {
throw new Exception("Could not locate user '" + dn + "'");
}
LDAPEntry entry = res.next();
AuthInfo userData = new AuthInfo();
userData.setUserDN(entry.getDN());
LDAPAttributeSet attrs = entry.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
userData.getAttribs().put(attrib.getName(), attrib);
}
Set<String> allowedAttrs = null;
if (scaleMainConfig.getUiDecisions() != null) {
allowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
}
OpsUserData userToSend = new OpsUserData();
userToSend.setDn(userData.getUserDN());
for (String attrName : this.scaleMainConfig.getUserAttributeList()) {
if (allowedAttrs == null || allowedAttrs.contains(attrName)) {
Attribute attr = new Attribute(attrName);
Attribute fromUser = userData.getAttribs().get(attrName);
if (fromUser != null) {
attr.getValues().addAll(fromUser.getValues());
if (attrName.equalsIgnoreCase(this.scaleMainConfig.getUidAttributeName())) {
userToSend.setUid(fromUser.getValues().get(0));
}
}
userToSend.getAttributes().add(attr);
}
}
if (this.scaleMainConfig.getRoleAttribute() != null && !this.scaleMainConfig.getRoleAttribute().isEmpty()) {
Attribute fromUser = userData.getAttribs().get(this.scaleMainConfig.getRoleAttribute());
Attribute attr = new Attribute(this.scaleMainConfig.getRoleAttribute());
if (fromUser != null) {
attr.getValues().addAll(fromUser.getValues());
userToSend.getGroups().clear();
userToSend.getGroups().addAll(fromUser.getValues());
}
userToSend.getAttributes().add(attr);
}
ArrayList<String> attrNames = new ArrayList<String>();
attrNames.add("cn");
attrNames.add(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute());
res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), dn).toString(), attrNames);
net.sourceforge.myvd.types.Filter ldapFiltertoCheck = new net.sourceforge.myvd.types.Filter(equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), dn).toString());
while (res.hasMore()) {
entry = res.next();
if (ldapFiltertoCheck.getRoot().checkEntry(entry)) {
LDAPAttribute la = entry.getAttribute("cn");
if (la != null) {
String val = la.getStringValue();
if (!userToSend.getGroups().contains(val)) {
userToSend.getGroups().add(val);
}
}
}
}
if (scaleMainConfig.getUiDecisions() != null) {
Set<String> smAllowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
ScaleConfig local = new ScaleConfig(this.scaleMainConfig);
if (smAllowedAttrs != null) {
for (String attrName : this.scaleMainConfig.getAttributes().keySet()) {
if (!smAllowedAttrs.contains(attrName)) {
local.getAttributes().remove(attrName);
}
}
}
userToSend.setMetaData(local.getAttributes());
userToSend.setCanEditUser(this.scaleMainConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
} else {
userToSend.setMetaData(scaleMainConfig.getAttributes());
userToSend.setCanEditUser(scaleMainConfig.isCanEditUser());
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(userToSend).trim());
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
ArrayList(java.util.ArrayList)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
LDAPEntry(com.novell.ldap.LDAPEntry)
FilterBuilder(org.apache.directory.ldap.client.api.search.FilterBuilder)
HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
Filter(net.sourceforge.myvd.types.Filter)
OpsUserData(com.tremolosecurity.scalejs.operators.data.OpsUserData)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
LDAPException(com.novell.ldap.LDAPException)
IOException(java.io.IOException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
Filter(net.sourceforge.myvd.types.Filter)
HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter)
ScaleMain(com.tremolosecurity.scalejs.ws.ScaleMain)
ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)
Example 2 with FilterBuilder
use of org.apache.directory.ldap.client.api.search.FilterBuilder in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method runSearch.
private void runSearch(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception, LDAPException, IOException {
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
OpsSearch opsSearch = gson.fromJson(json, OpsSearch.class);
List<AttributeConfig> forSearch = opsSearch.getToSearch();
List<FilterBuilder> filter = new ArrayList<FilterBuilder>();
for (AttributeConfig attr : forSearch) {
if (attr.isPicked()) {
filter.add(equal(attr.getName(), attr.getValue()));
}
}
FilterBuilder[] fb = new FilterBuilder[filter.size()];
filter.toArray(fb);
FilterBuilder baseFilter = (FilterBuilder) request.getAttribute("ops.search.filter");
String filterString;
if (baseFilter != null) {
FilterBuilder localFilter = and(fb);
filterString = and(localFilter, baseFilter).toString();
} else {
filterString = and(fb).toString();
}
String searchBase = this.config.getBaseLabelToDN().get(opsSearch.getBase());
if (searchBase == null) {
throw new Exception("Invalid search base");
}
List<HashMap<String, String>> resList = new ArrayList<HashMap<String, String>>();
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(searchBase, 2, filterString, new ArrayList<String>());
while (res.hasMore()) {
HashMap<String, String> ret = new HashMap<String, String>();
resList.add(ret);
LDAPEntry entry = res.next();
ret.put("dn", entry.getDN());
for (AttributeConfig attr : this.config.getResultsAttributes()) {
if (entry.getAttribute(attr.getName()) != null) {
String val = entry.getAttribute(attr.getName()).getStringValue();
ret.put(attr.getName(), val);
} else {
ret.put(attr.getName(), "");
}
}
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(resList).trim());
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
LDAPException(com.novell.ldap.LDAPException)
IOException(java.io.IOException)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
FilterBuilder(org.apache.directory.ldap.client.api.search.FilterBuilder)
OpsSearch(com.tremolosecurity.scalejs.operators.data.OpsSearch)
AttributeConfig(com.tremolosecurity.scalejs.operators.config.AttributeConfig)
Example 3 with FilterBuilder
use of org.apache.directory.ldap.client.api.search.FilterBuilder in project OpenUnison by TremoloSecurity.
the class FreeIPAAz method listPossibleApprovers.
@Override
public List<String> listPossibleApprovers(String... params) throws AzException {
ConfigManager cfg = GlobalEntries.getGlobalEntries().getConfigManager();
try {
FreeIPATarget ipa = (FreeIPATarget) cfg.getProvisioningEngine().getTarget(this.targetName).getProvider();
IPACall showGroup = new IPACall();
showGroup.setId(0);
showGroup.setMethod("group_show");
ArrayList<String> groupName = new ArrayList<String>();
groupName.add(params[0]);
showGroup.getParams().add(groupName);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("no_members", "true");
showGroup.getParams().add(additionalParams);
IPAResponse resp = ipa.executeIPACall(showGroup);
ArrayList<FilterBuilder> checks = new ArrayList<FilterBuilder>();
if (((Map) resp.getResult().getResult()).containsKey("ipaexternalmember")) {
List<String> vals = (List<String>) ((Map) resp.getResult().getResult()).get("ipaexternalmember");
for (String val : vals) {
checks.add(equal(this.uidAttributeName, val));
}
}
FilterBuilder[] filters = new FilterBuilder[checks.size()];
checks.toArray(filters);
String filter = or(filters).toString();
ArrayList<String> attrsToGet = new ArrayList<String>();
attrsToGet.add("1.1");
LDAPSearchResults ldapSearch = cfg.getMyVD().search(cfg.getCfg().getLdapRoot(), 2, filter, attrsToGet);
ArrayList<String> approvers = new ArrayList<String>();
while (ldapSearch.hasMore()) {
approvers.add(ldapSearch.next().getDN());
}
return approvers;
} catch (Exception e) {
throw new AzException("Could not process authorization", e);
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
HashMap(java.util.HashMap)
AzException(com.tremolosecurity.proxy.az.AzException)
IPACall(com.tremolosecurity.unison.freeipa.json.IPACall)
ArrayList(java.util.ArrayList)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
AzException(com.tremolosecurity.proxy.az.AzException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
FilterBuilder(org.apache.directory.ldap.client.api.search.FilterBuilder)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 4 with FilterBuilder
use of org.apache.directory.ldap.client.api.search.FilterBuilder in project OpenUnison by TremoloSecurity.
the class GithubTeamRule method isAuthorized.
@Override
public boolean isAuthorized(AuthInfo subject, String... params) throws AzException {
if (params.length == 0) {
// No parameters, allways true
return true;
}
List<FilterBuilder> comps = new ArrayList<FilterBuilder>();
for (String param : params) {
if (param.endsWith("/")) {
comps.add(equal("githubOrgs", param.substring(0, param.indexOf("/"))));
} else {
comps.add(equal("githubTeams", param));
}
}
FilterBuilder[] ands = new FilterBuilder[comps.size()];
comps.toArray(ands);
String filterString = or(ands).toString();
net.sourceforge.myvd.types.Filter filter;
try {
filter = new net.sourceforge.myvd.types.Filter(filterString);
} catch (LDAPException e) {
throw new AzException("Could not build authorization rule", e);
}
return filter.getRoot().checkEntry(subject.createLDAPEntry());
}
Also used :
LDAPException(com.novell.ldap.LDAPException)
AzException(com.tremolosecurity.proxy.az.AzException)
FilterBuilder(org.apache.directory.ldap.client.api.search.FilterBuilder)
ArrayList(java.util.ArrayList)
Aggregations
ArrayList (java.util.ArrayList)4
FilterBuilder (org.apache.directory.ldap.client.api.search.FilterBuilder)4
LDAPException (com.novell.ldap.LDAPException)3
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)3
LDAPEntry (com.novell.ldap.LDAPEntry)2
AzException (com.tremolosecurity.proxy.az.AzException)2
IOException (java.io.IOException)2
HashMap (java.util.HashMap)2
LDAPAttribute (com.novell.ldap.LDAPAttribute)1
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)1
ConfigManager (com.tremolosecurity.config.util.ConfigManager)1
UrlHolder (com.tremolosecurity.config.util.UrlHolder)1
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1
HttpFilter (com.tremolosecurity.proxy.filter.HttpFilter)1
Attribute (com.tremolosecurity.saml.Attribute)1
ScaleConfig (com.tremolosecurity.scalejs.cfg.ScaleConfig)1
AttributeConfig (com.tremolosecurity.scalejs.operators.config.AttributeConfig)1
OpsSearch (com.tremolosecurity.scalejs.operators.data.OpsSearch)1
OpsUserData (com.tremolosecurity.scalejs.operators.data.OpsUserData)1
