Beispiel #1
0
  private void restUpdateLdapForm(
      final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
      throws IOException, PwmUnrecoverableException {
    final StoredConfigurationImpl storedConfiguration = configGuideBean.getStoredConfiguration();
    final Map<String, String> incomingFormData = pwmRequest.readBodyAsJsonStringMap();

    if (incomingFormData != null) {
      configGuideBean.getFormData().putAll(incomingFormData);
    }

    if (incomingFormData != null
        && incomingFormData.get(PARAM_TEMPLATE_NAME) != null
        && !incomingFormData.get(PARAM_TEMPLATE_NAME).isEmpty()) {
      try {
        final PwmSettingTemplate template =
            PwmSettingTemplate.valueOf(incomingFormData.get(PARAM_TEMPLATE_NAME));
        if (configGuideBean.getSelectedTemplate() != template) {
          LOGGER.debug(
              pwmRequest, "resetting form defaults using " + template.toString() + " template");
          final Map<String, String> defaultForm = defaultForm(template);
          configGuideBean.getFormData().putAll(defaultForm);
          configGuideBean.setSelectedTemplate(template);
          storedConfiguration.setTemplate(template);
        }
      } catch (Exception e) {
        LOGGER.error("unknown template set request: " + e.getMessage());
      }
    }

    final RestResultBean restResultBean = new RestResultBean();
    pwmRequest.outputJsonResult(restResultBean);
    convertFormToConfiguration(
        storedConfiguration, configGuideBean.getFormData(), incomingFormData);
    // LOGGER.info("config: " + storedConfiguration.toString());
  }
Beispiel #2
0
  private static String getLdapUrlFromFormConfig(final Map<String, String> ldapForm) {
    final String ldapServerIP = ldapForm.get(PARAM_LDAP_HOST);
    final String ldapServerPort = ldapForm.get(PARAM_LDAP_PORT);
    final boolean ldapServerSecure = "true".equalsIgnoreCase(ldapForm.get(PARAM_LDAP_SECURE));

    return "ldap" + (ldapServerSecure ? "s" : "") + "://" + ldapServerIP + ":" + ldapServerPort;
  }
Beispiel #3
0
  private void restBrowseLdap(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
      throws IOException, ServletException, PwmUnrecoverableException {
    final StoredConfigurationImpl storedConfiguration =
        StoredConfigurationImpl.copy(configGuideBean.getStoredConfiguration());
    if (configGuideBean.getStep() == STEP.LDAP_ADMIN) {
      storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, null);
      storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, null);
    }

    final Date startTime = new Date();
    final Map<String, String> inputMap =
        pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
    final String profile = inputMap.get("profile");
    final String dn = inputMap.containsKey("dn") ? inputMap.get("dn") : "";

    final LdapBrowser ldapBrowser = new LdapBrowser(storedConfiguration);
    final LdapBrowser.LdapBrowseResult result = ldapBrowser.doBrowse(profile, dn);
    ldapBrowser.close();

    LOGGER.trace(
        pwmRequest,
        "performed ldapBrowse operation in "
            + TimeDuration.fromCurrent(startTime).asCompactString()
            + ", result="
            + JsonUtil.serialize(result));

    pwmRequest.outputJsonResult(new RestResultBean(result));
  }
Beispiel #4
0
  public static void convertFormToConfiguration(
      final StoredConfigurationImpl storedConfiguration,
      final Map<String, String> ldapForm,
      final Map<String, String> incomingLdapForm)
      throws PwmUnrecoverableException {
    {
      final String newLdapURI = getLdapUrlFromFormConfig(ldapForm);
      final StringArrayValue newValue = new StringArrayValue(Collections.singletonList(newLdapURI));
      storedConfiguration.writeSetting(
          PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_KEY, newValue, null);
    }

    { // proxy/admin account
      final String ldapAdminDN = ldapForm.get(PARAM_LDAP_PROXY_DN);
      final String ldapAdminPW = ldapForm.get(PARAM_LDAP_PROXY_PW);
      storedConfiguration.writeSetting(
          PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, new StringValue(ldapAdminDN), null);
      final PasswordValue passwordValue =
          new PasswordValue(PasswordData.forStringValue(ldapAdminPW));
      storedConfiguration.writeSetting(
          PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, passwordValue, null);
    }

    storedConfiguration.writeSetting(
        PwmSetting.LDAP_CONTEXTLESS_ROOT,
        LDAP_PROFILE_KEY,
        new StringArrayValue(Collections.singletonList(ldapForm.get(PARAM_LDAP_CONTEXT))),
        null);

    {
      final String ldapContext = ldapForm.get(PARAM_LDAP_CONTEXT);
      storedConfiguration.writeSetting(
          PwmSetting.LDAP_CONTEXTLESS_ROOT,
          LDAP_PROFILE_KEY,
          new StringArrayValue(Collections.singletonList(ldapContext)),
          null);
    }

    {
      final String ldapTestUserDN = ldapForm.get(PARAM_LDAP_TEST_USER);
      storedConfiguration.writeSetting(
          PwmSetting.LDAP_TEST_USER_DN, LDAP_PROFILE_KEY, new StringValue(ldapTestUserDN), null);
    }

    { // set admin query
      final String groupDN = ldapForm.get(PARAM_LDAP_ADMIN_GROUP);
      final List<UserPermission> userPermissions =
          Collections.singletonList(
              new UserPermission(UserPermission.Type.ldapGroup, null, null, groupDN));
      storedConfiguration.writeSetting(
          PwmSetting.QUERY_MATCH_PWM_ADMIN, new UserPermissionValue(userPermissions), null);
    }

    // set context based on ldap dn
    if (incomingLdapForm.containsKey(PARAM_APP_SITEURL)) {
      ldapForm.put(PARAM_APP_SITEURL, incomingLdapForm.get(PARAM_APP_SITEURL));
    }
    storedConfiguration.writeSetting(
        PwmSetting.PWM_SITE_URL, new StringValue(ldapForm.get(PARAM_APP_SITEURL)), null);
  }
Beispiel #5
0
  static Set<TokenVerificationProgress.TokenChannel> determineTokenPhaseRequired(
      final PwmRequest pwmRequest,
      final UpdateProfileBean updateProfileBean,
      final UpdateAttributesProfile updateAttributesProfile)
      throws PwmUnrecoverableException {
    final Set<TokenVerificationProgress.TokenChannel> returnObj = new HashSet<>();

    final Map<String, String> userFormData = updateProfileBean.getFormData();
    Map<String, String> ldapData = null;

    if (updateAttributesProfile.readSettingAsBoolean(
        PwmSetting.UPDATE_PROFILE_EMAIL_VERIFICATION)) {
      final String emailAddressAttribute =
          pwmRequest.getConfig().readSettingAsString(PwmSetting.EMAIL_USER_MAIL_ATTRIBUTE);
      if (userFormData.containsKey(emailAddressAttribute)) {
        ldapData = formDataFromLdap(pwmRequest, updateAttributesProfile);
        if (userFormData.get(emailAddressAttribute) != null
            && !userFormData
                .get(emailAddressAttribute)
                .equalsIgnoreCase(ldapData.get(emailAddressAttribute))) {
          returnObj.add(TokenVerificationProgress.TokenChannel.EMAIL);
        }
      } else {
        LOGGER.warn(
            pwmRequest,
            "email verification enabled, but email attribute '"
                + emailAddressAttribute
                + "' is not in update form");
      }
    }

    if (updateAttributesProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_SMS_VERIFICATION)) {
      final String phoneNumberAttribute =
          pwmRequest.getConfig().readSettingAsString(PwmSetting.SMS_USER_PHONE_ATTRIBUTE);
      if (userFormData.containsKey(phoneNumberAttribute)) {
        if (ldapData == null) {
          ldapData = formDataFromLdap(pwmRequest, updateAttributesProfile);
        }
        if (userFormData.get(phoneNumberAttribute) != null
            && !userFormData
                .get(phoneNumberAttribute)
                .equalsIgnoreCase(ldapData.get(phoneNumberAttribute))) {
          returnObj.add(TokenVerificationProgress.TokenChannel.SMS);
        }
      } else {
        LOGGER.warn(
            pwmRequest,
            "sms verification enabled, but phone attribute '"
                + phoneNumberAttribute
                + "' is not in update form");
      }
    }

    return returnObj;
  }
  private void readFormParametersFromRequest(
      final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean)
      throws PwmUnrecoverableException, PwmDataValidationException, ChaiUnavailableException {
    final List<FormConfiguration> formFields =
        pwmRequest.getConfig().readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);

    final Map<FormConfiguration, String> existingForm = updateProfileBean.getFormData();

    // read the values from the request
    existingForm.putAll(
        FormUtility.readFormValuesFromRequest(pwmRequest, formFields, pwmRequest.getLocale()));
  }
  private static void readFromJsonRequest(
      final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean)
      throws PwmDataValidationException, PwmUnrecoverableException, IOException {
    final List<FormConfiguration> formFields =
        pwmRequest.getConfig().readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
    final Map<FormConfiguration, String> existingForm = updateProfileBean.getFormData();

    final Map<String, String> clientValues = pwmRequest.readBodyAsJsonStringMap();

    if (clientValues != null) {
      existingForm.putAll(
          FormUtility.readFormValuesFromMap(clientValues, formFields, pwmRequest.getLocale()));
    }
  }
  private void checkLdapServer(ConfigGuideBean configGuideBean)
      throws PwmOperationalException, IOException {
    final Map<String, String> formData = configGuideBean.getFormData();
    final String host = formData.get(PARAM_LDAP_HOST);
    final int port = Integer.parseInt(formData.get(PARAM_LDAP_PORT));
    if (Boolean.parseBoolean(formData.get(PARAM_LDAP_SECURE))) {
      X509Utils.readRemoteCertificates(host, port);
    } else {
      InetAddress addr = InetAddress.getByName(host);
      SocketAddress sockaddr = new InetSocketAddress(addr, port);
      Socket sock = new Socket();

      // this method will block for the defined number of milliseconds
      int timeout = 2000;
      sock.connect(sockaddr, timeout);
    }
  }
Beispiel #9
0
  static Map<FormConfiguration, String> formMapFromBean(
      final UpdateAttributesProfile updateAttributesProfile,
      final UpdateProfileBean updateProfileBean)
      throws PwmUnrecoverableException {

    final List<FormConfiguration> form =
        updateAttributesProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
    final Map<FormConfiguration, String> formValueMap = new HashMap<>();
    for (final FormConfiguration formConfiguration : form) {
      formValueMap.put(
          formConfiguration,
          updateProfileBean.getFormData().keySet().contains(formConfiguration.getName())
              ? updateProfileBean.getFormData().get(formConfiguration.getName())
              : "");
    }
    return formValueMap;
  }
Beispiel #10
0
  private void checkLdapServer(ConfigGuideBean configGuideBean)
      throws PwmOperationalException, IOException {
    final Map<String, String> formData = configGuideBean.getFormData();
    final String host = formData.get(PARAM_LDAP_HOST);
    final int port = Integer.parseInt(formData.get(PARAM_LDAP_PORT));

    { // socket test
      final InetAddress inetAddress = InetAddress.getByName(host);
      final SocketAddress socketAddress = new InetSocketAddress(inetAddress, port);
      final Socket socket = new Socket();

      final int timeout = 2000;
      socket.connect(socketAddress, timeout);
    }

    if (Boolean.parseBoolean(formData.get(PARAM_LDAP_SECURE))) {
      X509Utils.readRemoteCertificates(host, port);
    }
  }
Beispiel #11
0
  private void restUpdateLdapForm(
      final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
      throws IOException, PwmUnrecoverableException {
    final StoredConfiguration storedConfiguration = configGuideBean.getStoredConfiguration();
    final Map<String, String> incomingFormData = pwmRequest.readBodyAsJsonStringMap();

    if (incomingFormData != null) {
      configGuideBean.getFormData().putAll(incomingFormData);
    }

    if (incomingFormData != null
        && incomingFormData.get(PARAM_TEMPLATE_NAME) != null
        && !incomingFormData.get(PARAM_TEMPLATE_NAME).isEmpty()) {
      try {
        final PwmSettingTemplate template =
            PwmSettingTemplate.valueOf(incomingFormData.get(PARAM_TEMPLATE_NAME));
        if (configGuideBean.getSelectedTemplate() != template) {
          LOGGER.debug(
              pwmRequest, "resetting form defaults using " + template.toString() + " template");
          final Map<String, String> defaultForm = defaultForm(template);
          configGuideBean.getFormData().putAll(defaultForm);
          configGuideBean.setSelectedTemplate(template);
          storedConfiguration.setTemplate(template);
          {
            final String settingValue = AppProperty.LDAP_PROMISCUOUS_ENABLE.getKey() + "=true";
            storedConfiguration.writeSetting(
                PwmSetting.APP_PROPERTY_OVERRIDES,
                new StringArrayValue(Collections.singletonList(settingValue)),
                null);
          }
        }
      } catch (Exception e) {
        LOGGER.error("unknown template set request: " + e.getMessage());
      }
    }

    final RestResultBean restResultBean = new RestResultBean();
    pwmRequest.outputJsonResult(restResultBean);
    convertFormToConfiguration(
        storedConfiguration, configGuideBean.getFormData(), incomingFormData);
    // LOGGER.info("config: " + storedConfiguration.toString());
  }
Beispiel #12
0
 public static SchemaOperationResult extendSchema(
     ConfigGuideBean configGuideBean, final boolean doSchemaExtension) {
   final Map<String, String> form = configGuideBean.getFormData();
   final boolean ldapServerSecure = "true".equalsIgnoreCase(form.get(PARAM_LDAP_SECURE));
   final String ldapUrl =
       "ldap"
           + (ldapServerSecure ? "s" : "")
           + "://"
           + form.get(PARAM_LDAP_HOST)
           + ":"
           + form.get(PARAM_LDAP_PORT);
   try {
     final ChaiConfiguration chaiConfiguration =
         new ChaiConfiguration(
             ldapUrl, form.get(PARAM_LDAP_PROXY_DN), form.get(PARAM_LDAP_PROXY_PW));
     chaiConfiguration.setSetting(ChaiSetting.PROMISCUOUS_SSL, "true");
     final ChaiProvider chaiProvider = ChaiProviderFactory.createProvider(chaiConfiguration);
     if (doSchemaExtension) {
       return SchemaManager.extendSchema(chaiProvider);
     } else {
       return SchemaManager.checkExistingSchema(chaiProvider);
     }
   } catch (Exception e) {
     LOGGER.error("unable to create schema extender object: " + e.getMessage());
     return null;
   }
 }
Beispiel #13
0
  public static PwmPasswordPolicy readLdapPasswordPolicy(
      final PwmApplication pwmApplication, final ChaiUser theUser)
      throws PwmUnrecoverableException {
    try {
      final Map<String, String> ruleMap = new HashMap<>();
      final ChaiPasswordPolicy chaiPolicy;
      try {
        chaiPolicy = theUser.getPasswordPolicy();
      } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
      }
      if (chaiPolicy != null) {
        for (final String key : chaiPolicy.getKeys()) {
          ruleMap.put(key, chaiPolicy.getValue(key));
        }

        if (!"read"
            .equals(
                pwmApplication
                    .getConfig()
                    .readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY))) {
          ruleMap.put(
              PwmPasswordRule.CaseSensitive.getKey(),
              pwmApplication
                  .getConfig()
                  .readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY));
        }

        return PwmPasswordPolicy.createPwmPasswordPolicy(ruleMap, chaiPolicy);
      }
    } catch (ChaiOperationException e) {
      LOGGER.warn(
          "error reading password policy for user "
              + theUser.getEntryDN()
              + ", error: "
              + e.getMessage());
    }
    return PwmPasswordPolicy.defaultPolicy();
  }
Beispiel #14
0
 public static Map<String, Date> readIndividualReplicaLastPasswordTimes(
     final PwmApplication pwmApplication,
     final SessionLabel sessionLabel,
     final UserIdentity userIdentity)
     throws PwmUnrecoverableException {
   final Map<String, Date> returnValue = new LinkedHashMap<>();
   final ChaiProvider chaiProvider =
       pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
   final Collection<ChaiConfiguration> perReplicaConfigs =
       ChaiUtility.splitConfigurationPerReplica(
           chaiProvider.getChaiConfiguration(),
           Collections.singletonMap(ChaiSetting.FAILOVER_CONNECT_RETRIES, "1"));
   for (final ChaiConfiguration loopConfiguration : perReplicaConfigs) {
     final String loopReplicaUrl = loopConfiguration.getSetting(ChaiSetting.BIND_DN);
     ChaiProvider loopProvider = null;
     try {
       loopProvider = ChaiProviderFactory.createProvider(loopConfiguration);
       final Date lastModifiedDate =
           determinePwdLastModified(pwmApplication, sessionLabel, userIdentity);
       returnValue.put(loopReplicaUrl, lastModifiedDate);
     } catch (ChaiUnavailableException e) {
       LOGGER.error(sessionLabel, "unreachable server during replica password sync check");
       e.printStackTrace();
     } finally {
       if (loopProvider != null) {
         try {
           loopProvider.close();
         } catch (Exception e) {
           final String errorMsg =
               "error closing loopProvider to "
                   + loopReplicaUrl
                   + " while checking individual password sync status";
           LOGGER.error(sessionLabel, errorMsg);
         }
       }
     }
   }
   return returnValue;
 }
Beispiel #15
0
  public static Map<String, String> placeholderForm(PwmSettingTemplate template) {
    final Map<String, String> defaultLdapForm = new HashMap<>();

    try {
      final String defaultLdapUrlString = PwmSetting.LDAP_SERVER_URLS.getPlaceholder(template);
      final URI uri = new URI(defaultLdapUrlString);

      defaultLdapForm.put(PARAM_LDAP_HOST, uri.getHost());
      defaultLdapForm.put(PARAM_LDAP_PORT, String.valueOf(uri.getPort()));
      defaultLdapForm.put(
          PARAM_LDAP_SECURE, "ldaps".equalsIgnoreCase(uri.getScheme()) ? "true" : "false");

      defaultLdapForm.put(
          PARAM_LDAP_PROXY_DN, PwmSetting.LDAP_PROXY_USER_DN.getPlaceholder(template));
      defaultLdapForm.put(PARAM_LDAP_PROXY_PW, "");

      defaultLdapForm.put(
          PARAM_LDAP_CONTEXT, PwmSetting.LDAP_CONTEXTLESS_ROOT.getPlaceholder(template));
      defaultLdapForm.put(
          PARAM_LDAP_TEST_USER, PwmSetting.LDAP_TEST_USER_DN.getPlaceholder(template));
      defaultLdapForm.put(
          PARAM_LDAP_ADMIN_GROUP, PwmSetting.LDAP_TEST_USER_DN.getPlaceholder(template));

      defaultLdapForm.put(
          PARAM_CR_STORAGE_PREF,
          (String)
              PwmSetting.FORGOTTEN_PASSWORD_WRITE_PREFERENCE
                  .getDefaultValue(template)
                  .toNativeObject());

      defaultLdapForm.put(PARAM_CONFIG_PASSWORD, "");
      defaultLdapForm.put(PARAM_CONFIG_PASSWORD_VERIFY, "");
    } catch (Exception e) {
      LOGGER.error(
          "error building static form values using default configuration: " + e.getMessage());
      e.printStackTrace();
    }

    return Collections.unmodifiableMap(defaultLdapForm);
  }
Beispiel #16
0
  public static Map<String, String> defaultForm(PwmSettingTemplate template) {
    final Map<String, String> defaultLdapForm = new HashMap<>();

    try {
      final String defaultLdapUrlString =
          ((List<String>) PwmSetting.LDAP_SERVER_URLS.getDefaultValue(template).toNativeObject())
              .get(0);
      final URI uri = new URI(defaultLdapUrlString);

      defaultLdapForm.put(PARAM_LDAP_HOST, uri.getHost());
      defaultLdapForm.put(PARAM_LDAP_PORT, String.valueOf(uri.getPort()));
      defaultLdapForm.put(
          PARAM_LDAP_SECURE, "ldaps".equalsIgnoreCase(uri.getScheme()) ? "true" : "false");

      defaultLdapForm.put(
          PARAM_LDAP_ADMIN_DN,
          (String) PwmSetting.LDAP_PROXY_USER_DN.getDefaultValue(template).toNativeObject());
      defaultLdapForm.put(PARAM_LDAP_ADMIN_PW, "");

      defaultLdapForm.put(
          PARAM_LDAP_CONTEXT,
          ((List<String>)
                  PwmSetting.LDAP_CONTEXTLESS_ROOT.getDefaultValue(template).toNativeObject())
              .get(0));
      defaultLdapForm.put(
          PARAM_LDAP_TEST_USER,
          (String) PwmSetting.LDAP_TEST_USER_DN.getDefaultValue(template).toNativeObject());
      {
        List<UserPermission> userPermissions =
            (List<UserPermission>)
                PwmSetting.QUERY_MATCH_PWM_ADMIN.getDefaultValue(template).toNativeObject();
        final String groupDN =
            userPermissions != null && userPermissions.size() > 0
                ? userPermissions.get(0).getLdapBase()
                : "";
        defaultLdapForm.put(PARAM_LDAP_ADMIN_GROUP, groupDN);
      }

      defaultLdapForm.put(
          PARAM_CR_STORAGE_PREF,
          (String)
              PwmSetting.FORGOTTEN_PASSWORD_WRITE_PREFERENCE
                  .getDefaultValue(template)
                  .toNativeObject());

      defaultLdapForm.put(PARAM_CONFIG_PASSWORD, "");
      defaultLdapForm.put(PARAM_CONFIG_PASSWORD_VERIFY, "");
    } catch (Exception e) {
      LOGGER.error(
          "error building static form values using default configuration: " + e.getMessage());
      e.printStackTrace();
    }

    return Collections.unmodifiableMap(defaultLdapForm);
  }