Search in sources :

Example 1 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class LDAPStatusChecker method checkLdapDNSyntaxValues.

private static List<HealthRecord> checkLdapDNSyntaxValues(final PwmApplication pwmApplication) {
    final List<HealthRecord> returnList = new ArrayList<>();
    final Configuration config = pwmApplication.getConfig();
    try {
        for (final PwmSetting pwmSetting : PwmSetting.values()) {
            if (!pwmSetting.isHidden() && pwmSetting.getCategory() == PwmSettingCategory.LDAP_PROFILE && pwmSetting.getFlags().contains(PwmSettingFlag.ldapDNsyntax)) {
                for (final String profile : config.getLdapProfiles().keySet()) {
                    if (pwmSetting.getSyntax() == PwmSettingSyntax.STRING) {
                        final String value = config.getLdapProfiles().get(profile).readSettingAsString(pwmSetting);
                        if (value != null && !value.isEmpty()) {
                            final String errorMsg = validateDN(pwmApplication, value, profile);
                            if (errorMsg != null) {
                                returnList.add(HealthRecord.forMessage(HealthMessage.Config_DNValueValidity, pwmSetting.toMenuLocationDebug(profile, PwmConstants.DEFAULT_LOCALE), errorMsg));
                            }
                        }
                    } else if (pwmSetting.getSyntax() == PwmSettingSyntax.STRING_ARRAY) {
                        final List<String> values = config.getLdapProfiles().get(profile).readSettingAsStringArray(pwmSetting);
                        if (values != null) {
                            for (final String value : values) {
                                final String errorMsg = validateDN(pwmApplication, value, profile);
                                if (errorMsg != null) {
                                    returnList.add(HealthRecord.forMessage(HealthMessage.Config_DNValueValidity, pwmSetting.toMenuLocationDebug(profile, PwmConstants.DEFAULT_LOCALE), errorMsg));
                                }
                            }
                        }
                    }
                }
            }
        }
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn("error while checking DN ldap syntax values: " + e.getMessage());
    }
    return returnList;
}
Also used : PwmSetting(password.pwm.config.PwmSetting) Configuration(password.pwm.config.Configuration) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 2 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class LDAPStatusChecker method checkUserPermissionValues.

private static List<HealthRecord> checkUserPermissionValues(final PwmApplication pwmApplication) {
    final List<HealthRecord> returnList = new ArrayList<>();
    final Configuration config = pwmApplication.getConfig();
    for (final PwmSetting pwmSetting : PwmSetting.values()) {
        if (!pwmSetting.isHidden() && pwmSetting.getSyntax() == PwmSettingSyntax.USER_PERMISSION) {
            if (!pwmSetting.getCategory().hasProfiles()) {
                final List<UserPermission> userPermissions = config.readSettingAsUserPermission(pwmSetting);
                for (final UserPermission userPermission : userPermissions) {
                    try {
                        returnList.addAll(checkUserPermission(pwmApplication, userPermission, pwmSetting));
                    } catch (PwmUnrecoverableException e) {
                        LOGGER.error("error checking configured permission settings:" + e.getMessage());
                    }
                }
            }
        }
    }
    return returnList;
}
Also used : PwmSetting(password.pwm.config.PwmSetting) Configuration(password.pwm.config.Configuration) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserPermission(password.pwm.config.value.data.UserPermission)

Example 3 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class LDAPStatusChecker method doLdapTestUserCheck.

@SuppressWarnings("checkstyle:MethodLength")
public List<HealthRecord> doLdapTestUserCheck(final Configuration config, final LdapProfile ldapProfile, final PwmApplication pwmApplication) {
    String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
    String proxyUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
    final PasswordData proxyUserPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
    final List<HealthRecord> returnRecords = new ArrayList<>();
    if (testUserDN == null || testUserDN.length() < 1) {
        return returnRecords;
    }
    try {
        testUserDN = ldapProfile.readCanonicalDN(pwmApplication, testUserDN);
        proxyUserDN = ldapProfile.readCanonicalDN(pwmApplication, proxyUserDN);
    } catch (PwmUnrecoverableException e) {
        final String msgString = e.getMessage();
        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
        return returnRecords;
    }
    if (proxyUserDN.equalsIgnoreCase(testUserDN)) {
        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_ProxyTestSameUser, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_PROXY_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE)));
        return returnRecords;
    }
    ChaiUser theUser = null;
    ChaiProvider chaiProvider = null;
    try {
        try {
            chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyUserDN, proxyUserPW);
            theUser = chaiProvider.getEntryFactory().newChaiUser(testUserDN);
        } catch (ChaiUnavailableException e) {
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnavailable, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
            return returnRecords;
        } catch (Throwable e) {
            final String msgString = e.getMessage();
            LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
            return returnRecords;
        }
        try {
            theUser.readObjectClass();
        } catch (ChaiException e) {
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
            return returnRecords;
        }
        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning process to check ldap test user password read/write operations for profile " + ldapProfile.getIdentifier());
        try {
            final boolean readPwdEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_USER_PWD) && theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY;
            if (readPwdEnabled) {
                try {
                    theUser.readPassword();
                } catch (Exception e) {
                    LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "error reading user password from directory " + e.getMessage());
                    returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserReadPwError, PwmSetting.EDIRECTORY_READ_USER_PWD.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
                    return returnRecords;
                }
            } else {
                final Locale locale = PwmConstants.DEFAULT_LOCALE;
                final UserIdentity userIdentity = new UserIdentity(testUserDN, ldapProfile.getIdentifier());
                final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, null, userIdentity, theUser, locale);
                boolean doPasswordChange = true;
                final int minLifetimeSeconds = passwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MinimumLifetime);
                if (minLifetimeSeconds > 0) {
                    final Instant pwdLastModified = PasswordUtility.determinePwdLastModified(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, userIdentity);
                    final PasswordStatus passwordStatus;
                    {
                        final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, locale, userIdentity, chaiProvider);
                        passwordStatus = userInfo.getPasswordStatus();
                    }
                    {
                        final boolean withinMinLifetime = PasswordUtility.isPasswordWithinMinimumLifetimeImpl(theUser, SessionLabel.HEALTH_SESSION_LABEL, passwordPolicy, pwdLastModified, passwordStatus);
                        if (withinMinLifetime) {
                            LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "skipping test user password set due to password being within minimum lifetime");
                            doPasswordChange = false;
                        }
                    }
                }
                if (doPasswordChange) {
                    final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(null, passwordPolicy, pwmApplication);
                    try {
                        theUser.setPassword(newPassword.getStringValue());
                        LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "set random password on test user " + userIdentity.toDisplayString());
                    } catch (ChaiException e) {
                        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserWritePwError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
                        return returnRecords;
                    }
                }
            }
        } catch (Exception e) {
            final String msg = "error setting test user password: " + JavaHelper.readHostileExceptionMessage(e);
            LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, msg, e);
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msg));
            return returnRecords;
        }
        try {
            final UserIdentity userIdentity = new UserIdentity(theUser.getEntryDN(), ldapProfile.getIdentifier());
            final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, PwmConstants.DEFAULT_LOCALE, userIdentity, chaiProvider);
            userInfo.getPasswordStatus();
            userInfo.getAccountExpirationTime();
            userInfo.getResponseInfoBean();
            userInfo.getPasswordPolicy();
            userInfo.getChallengeProfile();
            userInfo.getProfileIDs();
            userInfo.getOtpUserRecord();
            userInfo.getUserGuid();
            userInfo.getUsername();
            userInfo.getUserEmailAddress();
            userInfo.getUserSmsNumber();
        } catch (PwmUnrecoverableException e) {
            returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), "unable to read test user data: " + e.getMessage()));
            return returnRecords;
        }
    } finally {
        if (chaiProvider != null) {
            try {
                chaiProvider.close();
            } catch (Exception e) {
            // ignore
            }
        }
    }
    returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserOK, ldapProfile.getDisplayName(PwmConstants.DEFAULT_LOCALE)));
    return returnRecords;
}
Also used : Locale(java.util.Locale) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UserIdentity(password.pwm.bean.UserIdentity) Instant(java.time.Instant) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ChaiUser(com.novell.ldapchai.ChaiUser) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) PasswordStatus(password.pwm.bean.PasswordStatus) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 4 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class ContextManager method getContextManager.

public static ContextManager getContextManager(final ServletContext theContext) throws PwmUnrecoverableException {
    // context manager is initialized at servlet context startup.
    final Object theManager = theContext.getAttribute(PwmConstants.CONTEXT_ATTR_CONTEXT_MANAGER);
    if (theManager == null) {
        final String errorMsg = "unable to load the context manager from servlet context";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_APP_UNAVAILABLE, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    return (ContextManager) theManager;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 5 with PwmUnrecoverableException

use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.

the class HttpEventManager method sessionDestroyed.

public void sessionDestroyed(final HttpSessionEvent httpSessionEvent) {
    final HttpSession httpSession = httpSessionEvent.getSession();
    try {
        if (httpSession.getAttribute(PwmConstants.SESSION_ATTR_PWM_SESSION) != null) {
            final PwmSession pwmSession = PwmSessionWrapper.readPwmSession(httpSession);
            if (pwmSession != null) {
                pwmSession.unauthenticateUser(null);
            }
            final PwmApplication pwmApplication = ContextManager.getPwmApplication(httpSession);
            if (pwmApplication != null) {
                pwmApplication.getSessionTrackService().removeSessionData(pwmSession);
            }
            LOGGER.trace(pwmSession, "destroyed session");
        } else {
            LOGGER.trace("invalidated uninitialized session");
        }
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn("error during httpSessionDestroyed: " + e.getMessage());
    }
}
Also used : PwmApplication(password.pwm.PwmApplication) HttpSession(javax.servlet.http.HttpSession) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Aggregations

PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)282 ErrorInformation (password.pwm.error.ErrorInformation)201 PwmOperationalException (password.pwm.error.PwmOperationalException)85 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)75 IOException (java.io.IOException)72 PwmException (password.pwm.error.PwmException)69 PwmApplication (password.pwm.PwmApplication)48 UserIdentity (password.pwm.bean.UserIdentity)48 Configuration (password.pwm.config.Configuration)43 ServletException (javax.servlet.ServletException)38 LinkedHashMap (java.util.LinkedHashMap)37 Instant (java.time.Instant)35 ArrayList (java.util.ArrayList)31 PwmSession (password.pwm.http.PwmSession)30 Map (java.util.Map)28 ChaiUser (com.novell.ldapchai.ChaiUser)26 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25 FormConfiguration (password.pwm.config.value.data.FormConfiguration)24 HashMap (java.util.HashMap)23 ChaiException (com.novell.ldapchai.exception.ChaiException)22