void restUploadWordlist(final PwmRequest pwmRequest)
throws IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final HttpServletRequest req = pwmRequest.getHttpServletRequest();
if (!ServletFileUpload.isMultipartContent(req)) {
final ErrorInformation errorInformation =
new ErrorInformation(PwmError.ERROR_UNKNOWN, "no file found in upload");
pwmRequest.outputJsonResult(RestResultBean.fromError(errorInformation, pwmRequest));
LOGGER.error(pwmRequest, "error during import: " + errorInformation.toDebugStr());
return;
}
final InputStream inputStream =
ServletHelper.readFileUpload(pwmRequest.getHttpServletRequest(), "uploadFile");
try {
pwmApplication.getWordlistManager().populate(inputStream);
} catch (PwmUnrecoverableException e) {
final ErrorInformation errorInfo =
new ErrorInformation(PwmError.ERROR_UNKNOWN, e.getMessage());
final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
LOGGER.debug(pwmRequest, errorInfo.toDebugStr());
pwmRequest.outputJsonResult(restResultBean);
return;
}
pwmRequest.outputJsonResult(
RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown));
}
public static String makeClientEtag(final PwmRequest pwmRequest)
throws PwmUnrecoverableException {
return makeClientEtag(
pwmRequest.getPwmApplication(),
pwmRequest.getPwmSession(),
pwmRequest.getHttpServletRequest());
}
public static void saveConfiguration(
final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration)
throws PwmUnrecoverableException {
{
final List<String> errorStrings = storedConfiguration.validateValues();
if (errorStrings != null && !errorStrings.isEmpty()) {
final String errorString = errorStrings.get(0);
throw new PwmUnrecoverableException(
new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, null, new String[] {errorString}));
}
}
try {
ContextManager contextManager =
ContextManager.getContextManager(
pwmRequest.getHttpServletRequest().getSession().getServletContext());
contextManager
.getConfigReader()
.saveConfiguration(
storedConfiguration,
contextManager.getPwmApplication(),
pwmRequest.getSessionLabel());
contextManager.requestPwmApplicationRestart();
} catch (Exception e) {
final String errorString = "error saving file: " + e.getMessage();
LOGGER.error(pwmRequest, errorString);
throw new PwmUnrecoverableException(
new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, null, new String[] {errorString}));
}
}
public static StoredConfigurationImpl readCurrentConfiguration(final PwmRequest pwmRequest)
throws PwmUnrecoverableException {
final ContextManager contextManager =
ContextManager.getContextManager(pwmRequest.getHttpServletRequest().getSession());
final ConfigurationReader runningConfigReader = contextManager.getConfigReader();
final StoredConfigurationImpl runningConfig = runningConfigReader.getStoredConfiguration();
return StoredConfigurationImpl.copy(runningConfig);
}
static void forwardToJSP(final PwmRequest pwmRequest)
throws IOException, ServletException, PwmUnrecoverableException {
final HttpServletRequest req = pwmRequest.getHttpServletRequest();
final ServletContext servletContext = req.getSession().getServletContext();
final ConfigGuideBean configGuideBean =
pwmRequest.getPwmSession().getSessionBean(ConfigGuideBean.class);
String destURL = '/' + PwmConstants.URL_JSP_CONFIG_GUIDE;
destURL = destURL.replace("%1%", configGuideBean.getStep().toString().toLowerCase());
servletContext
.getRequestDispatcher(destURL)
.forward(req, pwmRequest.getPwmResponse().getHttpServletResponse());
}
public static void restUploadConfig(final PwmRequest pwmRequest)
throws PwmUnrecoverableException, IOException, ServletException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HttpServletRequest req = pwmRequest.getHttpServletRequest();
if (pwmApplication.getApplicationMode() == PwmApplication.MODE.RUNNING) {
final String errorMsg = "config upload is not permitted when in running mode";
final ErrorInformation errorInformation =
new ErrorInformation(PwmError.CONFIG_UPLOAD_FAILURE, errorMsg, new String[] {errorMsg});
pwmRequest.respondWithError(errorInformation, true);
return;
}
if (ServletFileUpload.isMultipartContent(req)) {
final InputStream uploadedFile = ServletHelper.readFileUpload(req, "uploadFile");
if (uploadedFile != null) {
try {
final StoredConfigurationImpl storedConfig =
StoredConfigurationImpl.fromXml(uploadedFile);
final List<String> configErrors = storedConfig.validateValues();
if (configErrors != null && !configErrors.isEmpty()) {
throw new PwmOperationalException(
new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, configErrors.get(0)));
}
writeConfig(ContextManager.getContextManager(req.getSession()), storedConfig);
LOGGER.trace(pwmSession, "read config from file: " + storedConfig.toString());
final RestResultBean restResultBean = new RestResultBean();
restResultBean.setSuccessMessage("read message");
pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
req.getSession().invalidate();
} catch (PwmException e) {
final RestResultBean restResultBean =
RestResultBean.fromError(e.getErrorInformation(), pwmRequest);
pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
}
} else {
final ErrorInformation errorInformation =
new ErrorInformation(
PwmError.CONFIG_UPLOAD_FAILURE,
"error reading config file: no file present in upload");
final RestResultBean restResultBean =
RestResultBean.fromError(errorInformation, pwmRequest);
pwmRequest.getPwmResponse().outputJsonResult(restResultBean);
LOGGER.error(pwmSession, errorInformation.toDebugStr());
}
}
}
@Override
protected void processAction(final PwmRequest pwmRequest)
throws ServletException, IOException, ChaiUnavailableException, PwmUnrecoverableException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
if ((pwmSession.getSessionBean(ConfigGuideBean.class)).getStep() == STEP.START) {
pwmSession.clearSessionBeans();
pwmSession.getSessionStateBean().setTheme(null);
}
final ConfigGuideBean configGuideBean = pwmSession.getSessionBean(ConfigGuideBean.class);
if (pwmApplication.getApplicationMode() != PwmApplication.MODE.NEW) {
final ErrorInformation errorInformation =
new ErrorInformation(
PwmError.ERROR_SERVICE_NOT_AVAILABLE, "ConfigGuide unavailable unless in NEW mode");
LOGGER.error(pwmSession, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
return;
}
if (!configGuideBean.getFormData().containsKey(PARAM_APP_SITEURL)) {
final URI uri = URI.create(pwmRequest.getHttpServletRequest().getRequestURL().toString());
final int port = Helper.portForUriSchema(uri);
final String newUri =
uri.getScheme() + "://" + uri.getHost() + ":" + port + pwmRequest.getContextPath();
configGuideBean.getFormData().put(PARAM_APP_SITEURL, newUri);
}
pwmSession.setSessionTimeout(
pwmRequest.getHttpServletRequest().getSession(),
Integer.parseInt(
pwmApplication.getConfig().readAppProperty(AppProperty.CONFIG_GUIDE_IDLE_TIMEOUT)));
if (configGuideBean.getStep() == STEP.LDAP_CERT) {
final String ldapServerString =
((List<String>)
configGuideBean
.getStoredConfiguration()
.readSetting(PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_KEY)
.toNativeObject())
.get(0);
try {
final URI ldapServerUri = new URI(ldapServerString);
if ("ldaps".equalsIgnoreCase(ldapServerUri.getScheme())) {
configGuideBean.setLdapCertificates(X509Utils.readRemoteCertificates(ldapServerUri));
configGuideBean.setCertsTrustedbyKeystore(
X509Utils.testIfLdapServerCertsInDefaultKeystore(ldapServerUri));
} else {
configGuideBean.setLdapCertificates(null);
configGuideBean.setCertsTrustedbyKeystore(false);
}
} catch (Exception e) {
LOGGER.error("error reading/testing ldap server certificates: " + e.getMessage());
}
}
final ConfigGuideAction action = readProcessAction(pwmRequest);
if (action != null) {
pwmRequest.validatePwmFormID();
switch (action) {
case ldapHealth:
restLdapHealth(pwmRequest, configGuideBean);
return;
case updateForm:
restUpdateLdapForm(pwmRequest, configGuideBean);
return;
case gotoStep:
restGotoStep(pwmRequest, configGuideBean);
return;
case useConfiguredCerts:
restUseConfiguredCerts(pwmRequest, configGuideBean);
return;
case uploadConfig:
restUploadConfig(pwmRequest);
return;
case extendSchema:
restExtendSchema(pwmRequest, configGuideBean);
return;
case viewAdminMatches:
restViewAdminMatches(pwmRequest, configGuideBean);
return;
case browseLdap:
restBrowseLdap(pwmRequest, configGuideBean);
}
}
if (!pwmRequest.getPwmResponse().getHttpServletResponse().isCommitted()) {
forwardToJSP(pwmRequest);
}
}
static boolean checkAuthentication(
final PwmRequest pwmRequest, final ConfigManagerBean configManagerBean)
throws IOException, PwmUnrecoverableException, ServletException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final ConfigurationReader runningConfigReader =
ContextManager.getContextManager(pwmRequest.getHttpServletRequest().getSession())
.getConfigReader();
final StoredConfigurationImpl storedConfig = runningConfigReader.getStoredConfiguration();
boolean authRequired = false;
if (storedConfig.hasPassword()) {
authRequired = true;
}
if (PwmApplication.MODE.RUNNING == pwmRequest.getPwmApplication().getApplicationMode()) {
if (!pwmSession.getSessionStateBean().isAuthenticated()) {
throw new PwmUnrecoverableException(PwmError.ERROR_AUTHENTICATION_REQUIRED);
}
if (!pwmRequest
.getPwmSession()
.getSessionManager()
.checkPermission(pwmRequest.getPwmApplication(), Permission.PWMADMIN)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED);
pwmRequest.respondWithError(errorInformation);
return true;
}
if (pwmSession.getLoginInfoBean().getAuthenticationType()
!= AuthenticationType.AUTHENTICATED) {
throw new PwmUnrecoverableException(
new ErrorInformation(
PwmError.ERROR_AUTHENTICATION_REQUIRED,
"Username/Password authentication is required to edit configuration. This session has not been authenticated using a user password (SSO or other method used)."));
}
}
if (PwmApplication.MODE.CONFIGURATION != pwmRequest.getPwmApplication().getApplicationMode()) {
authRequired = true;
}
if (!authRequired) {
return false;
}
if (!storedConfig.hasPassword()) {
final String errorMsg = "config file does not have a configuration password";
final ErrorInformation errorInformation =
new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, errorMsg, new String[] {errorMsg});
pwmRequest.respondWithError(errorInformation, true);
return true;
}
if (configManagerBean.isPasswordVerified()) {
return false;
}
String persistentLoginValue = null;
boolean persistentLoginAccepted = false;
boolean persistentLoginEnabled = false;
if (pwmRequest.getConfig().isDefaultValue(PwmSetting.PWM_SECURITY_KEY)) {
LOGGER.debug(pwmRequest, "security not available, persistent login not possible.");
} else {
persistentLoginEnabled = true;
final PwmSecurityKey securityKey = pwmRequest.getConfig().getSecurityKey();
if (PwmApplication.MODE.RUNNING == pwmRequest.getPwmApplication().getApplicationMode()) {
persistentLoginValue =
SecureEngine.hash(
storedConfig.readConfigProperty(ConfigurationProperty.PASSWORD_HASH)
+ pwmSession.getUserInfoBean().getUserIdentity().toDelimitedKey(),
PwmHashAlgorithm.SHA512);
} else {
persistentLoginValue =
SecureEngine.hash(
storedConfig.readConfigProperty(ConfigurationProperty.PASSWORD_HASH),
PwmHashAlgorithm.SHA512);
}
{
final String cookieStr =
ServletHelper.readCookie(
pwmRequest.getHttpServletRequest(), PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN);
if (securityKey != null && cookieStr != null && !cookieStr.isEmpty()) {
try {
final String jsonStr = pwmApplication.getSecureService().decryptStringValue(cookieStr);
final PersistentLoginInfo persistentLoginInfo =
JsonUtil.deserialize(jsonStr, PersistentLoginInfo.class);
if (persistentLoginInfo != null && persistentLoginValue != null) {
if (persistentLoginInfo.getExpireDate().after(new Date())) {
if (persistentLoginValue.equals(persistentLoginInfo.getPassword())) {
persistentLoginAccepted = true;
LOGGER.debug(
pwmRequest,
"accepting persistent config login from cookie (expires "
+ PwmConstants.DEFAULT_DATETIME_FORMAT.format(
persistentLoginInfo.getExpireDate())
+ ")");
}
}
}
} catch (Exception e) {
LOGGER.error(
pwmRequest, "error examining persistent config login cookie: " + e.getMessage());
}
if (!persistentLoginAccepted) {
Cookie removalCookie = new Cookie(PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN, null);
removalCookie.setMaxAge(0);
pwmRequest.getPwmResponse().addCookie(removalCookie);
LOGGER.debug(pwmRequest, "removing non-working persistent config login cookie");
}
}
}
}
final String password = pwmRequest.readParameterAsString("password");
boolean passwordAccepted = false;
if (!persistentLoginAccepted) {
if (password != null && password.length() > 0) {
if (storedConfig.verifyPassword(password)) {
passwordAccepted = true;
LOGGER.trace(pwmRequest, "valid configuration password accepted");
updateLoginHistory(pwmRequest, pwmRequest.getUserInfoIfLoggedIn(), true);
} else {
LOGGER.trace(pwmRequest, "configuration password is not correct");
pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
pwmApplication
.getIntruderManager()
.mark(
RecordType.USERNAME,
PwmConstants.CONFIGMANAGER_INTRUDER_USERNAME,
pwmSession.getLabel());
final ErrorInformation errorInformation =
new ErrorInformation(PwmError.ERROR_WRONGPASSWORD);
pwmRequest.setResponseError(errorInformation);
updateLoginHistory(pwmRequest, pwmRequest.getUserInfoIfLoggedIn(), false);
}
}
}
if ((persistentLoginAccepted || passwordAccepted)) {
configManagerBean.setPasswordVerified(true);
pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
pwmApplication
.getIntruderManager()
.clear(RecordType.USERNAME, PwmConstants.CONFIGMANAGER_INTRUDER_USERNAME);
if (persistentLoginEnabled
&& !persistentLoginAccepted
&& "on".equals(pwmRequest.readParameterAsString("remember"))) {
final int persistentSeconds = figureMaxLoginSeconds(pwmRequest);
if (persistentSeconds > 0) {
final Date expirationDate =
new Date(System.currentTimeMillis() + (persistentSeconds * 1000));
final PersistentLoginInfo persistentLoginInfo =
new PersistentLoginInfo(expirationDate, persistentLoginValue);
final String jsonPersistentLoginInfo = JsonUtil.serialize(persistentLoginInfo);
final String cookieValue =
pwmApplication.getSecureService().encryptToString(jsonPersistentLoginInfo);
pwmRequest
.getPwmResponse()
.writeCookie(
PwmConstants.COOKIE_PERSISTENT_CONFIG_LOGIN, cookieValue, persistentSeconds);
LOGGER.debug(
pwmRequest,
"set persistent config login cookie (expires "
+ PwmConstants.DEFAULT_DATETIME_FORMAT.format(expirationDate)
+ ")");
}
}
if (configManagerBean.getPrePasswordEntryUrl() != null) {
final String originalUrl = configManagerBean.getPrePasswordEntryUrl();
configManagerBean.setPrePasswordEntryUrl(null);
pwmRequest.getPwmResponse().sendRedirect(originalUrl);
return true;
}
return false;
}
if (configManagerBean.getPrePasswordEntryUrl() == null) {
configManagerBean.setPrePasswordEntryUrl(
pwmRequest.getHttpServletRequest().getRequestURL().toString());
}
forwardToJsp(pwmRequest);
return true;
}
static void forwardToEditor(final PwmRequest pwmRequest)
throws IOException, ServletException, PwmUnrecoverableException {
final String url =
pwmRequest.getHttpServletRequest().getContextPath() + "/private/config/ConfigEditor";
pwmRequest.sendRedirect(url);
}