private void restUpdateLdapForm( final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean) throws IOException, PwmUnrecoverableException { final StoredConfigurationImpl storedConfiguration = configGuideBean.getStoredConfiguration(); final Map<String, String> incomingFormData = pwmRequest.readBodyAsJsonStringMap(); if (incomingFormData != null) { configGuideBean.getFormData().putAll(incomingFormData); } if (incomingFormData != null && incomingFormData.get(PARAM_TEMPLATE_NAME) != null && !incomingFormData.get(PARAM_TEMPLATE_NAME).isEmpty()) { try { final PwmSettingTemplate template = PwmSettingTemplate.valueOf(incomingFormData.get(PARAM_TEMPLATE_NAME)); if (configGuideBean.getSelectedTemplate() != template) { LOGGER.debug( pwmRequest, "resetting form defaults using " + template.toString() + " template"); final Map<String, String> defaultForm = defaultForm(template); configGuideBean.getFormData().putAll(defaultForm); configGuideBean.setSelectedTemplate(template); storedConfiguration.setTemplate(template); } } catch (Exception e) { LOGGER.error("unknown template set request: " + e.getMessage()); } } final RestResultBean restResultBean = new RestResultBean(); pwmRequest.outputJsonResult(restResultBean); convertFormToConfiguration( storedConfiguration, configGuideBean.getFormData(), incomingFormData); // LOGGER.info("config: " + storedConfiguration.toString()); }
private static String getLdapUrlFromFormConfig(final Map<String, String> ldapForm) { final String ldapServerIP = ldapForm.get(PARAM_LDAP_HOST); final String ldapServerPort = ldapForm.get(PARAM_LDAP_PORT); final boolean ldapServerSecure = "true".equalsIgnoreCase(ldapForm.get(PARAM_LDAP_SECURE)); return "ldap" + (ldapServerSecure ? "s" : "") + "://" + ldapServerIP + ":" + ldapServerPort; }
private void restBrowseLdap(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean) throws IOException, ServletException, PwmUnrecoverableException { final StoredConfigurationImpl storedConfiguration = StoredConfigurationImpl.copy(configGuideBean.getStoredConfiguration()); if (configGuideBean.getStep() == STEP.LDAP_ADMIN) { storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, null); storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, null); } final Date startTime = new Date(); final Map<String, String> inputMap = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation); final String profile = inputMap.get("profile"); final String dn = inputMap.containsKey("dn") ? inputMap.get("dn") : ""; final LdapBrowser ldapBrowser = new LdapBrowser(storedConfiguration); final LdapBrowser.LdapBrowseResult result = ldapBrowser.doBrowse(profile, dn); ldapBrowser.close(); LOGGER.trace( pwmRequest, "performed ldapBrowse operation in " + TimeDuration.fromCurrent(startTime).asCompactString() + ", result=" + JsonUtil.serialize(result)); pwmRequest.outputJsonResult(new RestResultBean(result)); }
public static void convertFormToConfiguration( final StoredConfigurationImpl storedConfiguration, final Map<String, String> ldapForm, final Map<String, String> incomingLdapForm) throws PwmUnrecoverableException { { final String newLdapURI = getLdapUrlFromFormConfig(ldapForm); final StringArrayValue newValue = new StringArrayValue(Collections.singletonList(newLdapURI)); storedConfiguration.writeSetting( PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_KEY, newValue, null); } { // proxy/admin account final String ldapAdminDN = ldapForm.get(PARAM_LDAP_PROXY_DN); final String ldapAdminPW = ldapForm.get(PARAM_LDAP_PROXY_PW); storedConfiguration.writeSetting( PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, new StringValue(ldapAdminDN), null); final PasswordValue passwordValue = new PasswordValue(PasswordData.forStringValue(ldapAdminPW)); storedConfiguration.writeSetting( PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, passwordValue, null); } storedConfiguration.writeSetting( PwmSetting.LDAP_CONTEXTLESS_ROOT, LDAP_PROFILE_KEY, new StringArrayValue(Collections.singletonList(ldapForm.get(PARAM_LDAP_CONTEXT))), null); { final String ldapContext = ldapForm.get(PARAM_LDAP_CONTEXT); storedConfiguration.writeSetting( PwmSetting.LDAP_CONTEXTLESS_ROOT, LDAP_PROFILE_KEY, new StringArrayValue(Collections.singletonList(ldapContext)), null); } { final String ldapTestUserDN = ldapForm.get(PARAM_LDAP_TEST_USER); storedConfiguration.writeSetting( PwmSetting.LDAP_TEST_USER_DN, LDAP_PROFILE_KEY, new StringValue(ldapTestUserDN), null); } { // set admin query final String groupDN = ldapForm.get(PARAM_LDAP_ADMIN_GROUP); final List<UserPermission> userPermissions = Collections.singletonList( new UserPermission(UserPermission.Type.ldapGroup, null, null, groupDN)); storedConfiguration.writeSetting( PwmSetting.QUERY_MATCH_PWM_ADMIN, new UserPermissionValue(userPermissions), null); } // set context based on ldap dn if (incomingLdapForm.containsKey(PARAM_APP_SITEURL)) { ldapForm.put(PARAM_APP_SITEURL, incomingLdapForm.get(PARAM_APP_SITEURL)); } storedConfiguration.writeSetting( PwmSetting.PWM_SITE_URL, new StringValue(ldapForm.get(PARAM_APP_SITEURL)), null); }
static Set<TokenVerificationProgress.TokenChannel> determineTokenPhaseRequired( final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean, final UpdateAttributesProfile updateAttributesProfile) throws PwmUnrecoverableException { final Set<TokenVerificationProgress.TokenChannel> returnObj = new HashSet<>(); final Map<String, String> userFormData = updateProfileBean.getFormData(); Map<String, String> ldapData = null; if (updateAttributesProfile.readSettingAsBoolean( PwmSetting.UPDATE_PROFILE_EMAIL_VERIFICATION)) { final String emailAddressAttribute = pwmRequest.getConfig().readSettingAsString(PwmSetting.EMAIL_USER_MAIL_ATTRIBUTE); if (userFormData.containsKey(emailAddressAttribute)) { ldapData = formDataFromLdap(pwmRequest, updateAttributesProfile); if (userFormData.get(emailAddressAttribute) != null && !userFormData .get(emailAddressAttribute) .equalsIgnoreCase(ldapData.get(emailAddressAttribute))) { returnObj.add(TokenVerificationProgress.TokenChannel.EMAIL); } } else { LOGGER.warn( pwmRequest, "email verification enabled, but email attribute '" + emailAddressAttribute + "' is not in update form"); } } if (updateAttributesProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_SMS_VERIFICATION)) { final String phoneNumberAttribute = pwmRequest.getConfig().readSettingAsString(PwmSetting.SMS_USER_PHONE_ATTRIBUTE); if (userFormData.containsKey(phoneNumberAttribute)) { if (ldapData == null) { ldapData = formDataFromLdap(pwmRequest, updateAttributesProfile); } if (userFormData.get(phoneNumberAttribute) != null && !userFormData .get(phoneNumberAttribute) .equalsIgnoreCase(ldapData.get(phoneNumberAttribute))) { returnObj.add(TokenVerificationProgress.TokenChannel.SMS); } } else { LOGGER.warn( pwmRequest, "sms verification enabled, but phone attribute '" + phoneNumberAttribute + "' is not in update form"); } } return returnObj; }
private void readFormParametersFromRequest( final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean) throws PwmUnrecoverableException, PwmDataValidationException, ChaiUnavailableException { final List<FormConfiguration> formFields = pwmRequest.getConfig().readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM); final Map<FormConfiguration, String> existingForm = updateProfileBean.getFormData(); // read the values from the request existingForm.putAll( FormUtility.readFormValuesFromRequest(pwmRequest, formFields, pwmRequest.getLocale())); }
private static void readFromJsonRequest( final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean) throws PwmDataValidationException, PwmUnrecoverableException, IOException { final List<FormConfiguration> formFields = pwmRequest.getConfig().readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM); final Map<FormConfiguration, String> existingForm = updateProfileBean.getFormData(); final Map<String, String> clientValues = pwmRequest.readBodyAsJsonStringMap(); if (clientValues != null) { existingForm.putAll( FormUtility.readFormValuesFromMap(clientValues, formFields, pwmRequest.getLocale())); } }
private void checkLdapServer(ConfigGuideBean configGuideBean) throws PwmOperationalException, IOException { final Map<String, String> formData = configGuideBean.getFormData(); final String host = formData.get(PARAM_LDAP_HOST); final int port = Integer.parseInt(formData.get(PARAM_LDAP_PORT)); if (Boolean.parseBoolean(formData.get(PARAM_LDAP_SECURE))) { X509Utils.readRemoteCertificates(host, port); } else { InetAddress addr = InetAddress.getByName(host); SocketAddress sockaddr = new InetSocketAddress(addr, port); Socket sock = new Socket(); // this method will block for the defined number of milliseconds int timeout = 2000; sock.connect(sockaddr, timeout); } }
static Map<FormConfiguration, String> formMapFromBean( final UpdateAttributesProfile updateAttributesProfile, final UpdateProfileBean updateProfileBean) throws PwmUnrecoverableException { final List<FormConfiguration> form = updateAttributesProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM); final Map<FormConfiguration, String> formValueMap = new HashMap<>(); for (final FormConfiguration formConfiguration : form) { formValueMap.put( formConfiguration, updateProfileBean.getFormData().keySet().contains(formConfiguration.getName()) ? updateProfileBean.getFormData().get(formConfiguration.getName()) : ""); } return formValueMap; }
private void checkLdapServer(ConfigGuideBean configGuideBean) throws PwmOperationalException, IOException { final Map<String, String> formData = configGuideBean.getFormData(); final String host = formData.get(PARAM_LDAP_HOST); final int port = Integer.parseInt(formData.get(PARAM_LDAP_PORT)); { // socket test final InetAddress inetAddress = InetAddress.getByName(host); final SocketAddress socketAddress = new InetSocketAddress(inetAddress, port); final Socket socket = new Socket(); final int timeout = 2000; socket.connect(socketAddress, timeout); } if (Boolean.parseBoolean(formData.get(PARAM_LDAP_SECURE))) { X509Utils.readRemoteCertificates(host, port); } }
private void restUpdateLdapForm( final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean) throws IOException, PwmUnrecoverableException { final StoredConfiguration storedConfiguration = configGuideBean.getStoredConfiguration(); final Map<String, String> incomingFormData = pwmRequest.readBodyAsJsonStringMap(); if (incomingFormData != null) { configGuideBean.getFormData().putAll(incomingFormData); } if (incomingFormData != null && incomingFormData.get(PARAM_TEMPLATE_NAME) != null && !incomingFormData.get(PARAM_TEMPLATE_NAME).isEmpty()) { try { final PwmSettingTemplate template = PwmSettingTemplate.valueOf(incomingFormData.get(PARAM_TEMPLATE_NAME)); if (configGuideBean.getSelectedTemplate() != template) { LOGGER.debug( pwmRequest, "resetting form defaults using " + template.toString() + " template"); final Map<String, String> defaultForm = defaultForm(template); configGuideBean.getFormData().putAll(defaultForm); configGuideBean.setSelectedTemplate(template); storedConfiguration.setTemplate(template); { final String settingValue = AppProperty.LDAP_PROMISCUOUS_ENABLE.getKey() + "=true"; storedConfiguration.writeSetting( PwmSetting.APP_PROPERTY_OVERRIDES, new StringArrayValue(Collections.singletonList(settingValue)), null); } } } catch (Exception e) { LOGGER.error("unknown template set request: " + e.getMessage()); } } final RestResultBean restResultBean = new RestResultBean(); pwmRequest.outputJsonResult(restResultBean); convertFormToConfiguration( storedConfiguration, configGuideBean.getFormData(), incomingFormData); // LOGGER.info("config: " + storedConfiguration.toString()); }
public static SchemaOperationResult extendSchema( ConfigGuideBean configGuideBean, final boolean doSchemaExtension) { final Map<String, String> form = configGuideBean.getFormData(); final boolean ldapServerSecure = "true".equalsIgnoreCase(form.get(PARAM_LDAP_SECURE)); final String ldapUrl = "ldap" + (ldapServerSecure ? "s" : "") + "://" + form.get(PARAM_LDAP_HOST) + ":" + form.get(PARAM_LDAP_PORT); try { final ChaiConfiguration chaiConfiguration = new ChaiConfiguration( ldapUrl, form.get(PARAM_LDAP_PROXY_DN), form.get(PARAM_LDAP_PROXY_PW)); chaiConfiguration.setSetting(ChaiSetting.PROMISCUOUS_SSL, "true"); final ChaiProvider chaiProvider = ChaiProviderFactory.createProvider(chaiConfiguration); if (doSchemaExtension) { return SchemaManager.extendSchema(chaiProvider); } else { return SchemaManager.checkExistingSchema(chaiProvider); } } catch (Exception e) { LOGGER.error("unable to create schema extender object: " + e.getMessage()); return null; } }
public static PwmPasswordPolicy readLdapPasswordPolicy( final PwmApplication pwmApplication, final ChaiUser theUser) throws PwmUnrecoverableException { try { final Map<String, String> ruleMap = new HashMap<>(); final ChaiPasswordPolicy chaiPolicy; try { chaiPolicy = theUser.getPasswordPolicy(); } catch (ChaiUnavailableException e) { throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode())); } if (chaiPolicy != null) { for (final String key : chaiPolicy.getKeys()) { ruleMap.put(key, chaiPolicy.getValue(key)); } if (!"read" .equals( pwmApplication .getConfig() .readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY))) { ruleMap.put( PwmPasswordRule.CaseSensitive.getKey(), pwmApplication .getConfig() .readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY)); } return PwmPasswordPolicy.createPwmPasswordPolicy(ruleMap, chaiPolicy); } } catch (ChaiOperationException e) { LOGGER.warn( "error reading password policy for user " + theUser.getEntryDN() + ", error: " + e.getMessage()); } return PwmPasswordPolicy.defaultPolicy(); }
public static Map<String, Date> readIndividualReplicaLastPasswordTimes( final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException { final Map<String, Date> returnValue = new LinkedHashMap<>(); final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID()); final Collection<ChaiConfiguration> perReplicaConfigs = ChaiUtility.splitConfigurationPerReplica( chaiProvider.getChaiConfiguration(), Collections.singletonMap(ChaiSetting.FAILOVER_CONNECT_RETRIES, "1")); for (final ChaiConfiguration loopConfiguration : perReplicaConfigs) { final String loopReplicaUrl = loopConfiguration.getSetting(ChaiSetting.BIND_DN); ChaiProvider loopProvider = null; try { loopProvider = ChaiProviderFactory.createProvider(loopConfiguration); final Date lastModifiedDate = determinePwdLastModified(pwmApplication, sessionLabel, userIdentity); returnValue.put(loopReplicaUrl, lastModifiedDate); } catch (ChaiUnavailableException e) { LOGGER.error(sessionLabel, "unreachable server during replica password sync check"); e.printStackTrace(); } finally { if (loopProvider != null) { try { loopProvider.close(); } catch (Exception e) { final String errorMsg = "error closing loopProvider to " + loopReplicaUrl + " while checking individual password sync status"; LOGGER.error(sessionLabel, errorMsg); } } } } return returnValue; }
public static Map<String, String> placeholderForm(PwmSettingTemplate template) { final Map<String, String> defaultLdapForm = new HashMap<>(); try { final String defaultLdapUrlString = PwmSetting.LDAP_SERVER_URLS.getPlaceholder(template); final URI uri = new URI(defaultLdapUrlString); defaultLdapForm.put(PARAM_LDAP_HOST, uri.getHost()); defaultLdapForm.put(PARAM_LDAP_PORT, String.valueOf(uri.getPort())); defaultLdapForm.put( PARAM_LDAP_SECURE, "ldaps".equalsIgnoreCase(uri.getScheme()) ? "true" : "false"); defaultLdapForm.put( PARAM_LDAP_PROXY_DN, PwmSetting.LDAP_PROXY_USER_DN.getPlaceholder(template)); defaultLdapForm.put(PARAM_LDAP_PROXY_PW, ""); defaultLdapForm.put( PARAM_LDAP_CONTEXT, PwmSetting.LDAP_CONTEXTLESS_ROOT.getPlaceholder(template)); defaultLdapForm.put( PARAM_LDAP_TEST_USER, PwmSetting.LDAP_TEST_USER_DN.getPlaceholder(template)); defaultLdapForm.put( PARAM_LDAP_ADMIN_GROUP, PwmSetting.LDAP_TEST_USER_DN.getPlaceholder(template)); defaultLdapForm.put( PARAM_CR_STORAGE_PREF, (String) PwmSetting.FORGOTTEN_PASSWORD_WRITE_PREFERENCE .getDefaultValue(template) .toNativeObject()); defaultLdapForm.put(PARAM_CONFIG_PASSWORD, ""); defaultLdapForm.put(PARAM_CONFIG_PASSWORD_VERIFY, ""); } catch (Exception e) { LOGGER.error( "error building static form values using default configuration: " + e.getMessage()); e.printStackTrace(); } return Collections.unmodifiableMap(defaultLdapForm); }
public static Map<String, String> defaultForm(PwmSettingTemplate template) { final Map<String, String> defaultLdapForm = new HashMap<>(); try { final String defaultLdapUrlString = ((List<String>) PwmSetting.LDAP_SERVER_URLS.getDefaultValue(template).toNativeObject()) .get(0); final URI uri = new URI(defaultLdapUrlString); defaultLdapForm.put(PARAM_LDAP_HOST, uri.getHost()); defaultLdapForm.put(PARAM_LDAP_PORT, String.valueOf(uri.getPort())); defaultLdapForm.put( PARAM_LDAP_SECURE, "ldaps".equalsIgnoreCase(uri.getScheme()) ? "true" : "false"); defaultLdapForm.put( PARAM_LDAP_ADMIN_DN, (String) PwmSetting.LDAP_PROXY_USER_DN.getDefaultValue(template).toNativeObject()); defaultLdapForm.put(PARAM_LDAP_ADMIN_PW, ""); defaultLdapForm.put( PARAM_LDAP_CONTEXT, ((List<String>) PwmSetting.LDAP_CONTEXTLESS_ROOT.getDefaultValue(template).toNativeObject()) .get(0)); defaultLdapForm.put( PARAM_LDAP_TEST_USER, (String) PwmSetting.LDAP_TEST_USER_DN.getDefaultValue(template).toNativeObject()); { List<UserPermission> userPermissions = (List<UserPermission>) PwmSetting.QUERY_MATCH_PWM_ADMIN.getDefaultValue(template).toNativeObject(); final String groupDN = userPermissions != null && userPermissions.size() > 0 ? userPermissions.get(0).getLdapBase() : ""; defaultLdapForm.put(PARAM_LDAP_ADMIN_GROUP, groupDN); } defaultLdapForm.put( PARAM_CR_STORAGE_PREF, (String) PwmSetting.FORGOTTEN_PASSWORD_WRITE_PREFERENCE .getDefaultValue(template) .toNativeObject()); defaultLdapForm.put(PARAM_CONFIG_PASSWORD, ""); defaultLdapForm.put(PARAM_CONFIG_PASSWORD_VERIFY, ""); } catch (Exception e) { LOGGER.error( "error building static form values using default configuration: " + e.getMessage()); e.printStackTrace(); } return Collections.unmodifiableMap(defaultLdapForm); }