We use cookies to ensure you get the best experience on our website
Halaman utama Jelajahi Bantuan
Daftar Masuk
0ct0pu5
/
pwm
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Pohon: 918c0b3e98
Ranting Tag
pwm
/
server
/
src
/
main
/
java
/
password
/
pwm
/
svc
/
node
/
LDAPNodeDataService.java

LDAPNodeDataService.java 8.2 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209 
  1. /*
    2. 

  2.  * Password Management Servlets (PWM)
    3. 

  3.  * http://www.pwm-project.org
    4. 

  4.  *
    5. 

  5.  * Copyright (c) 2006-2009 Novell, Inc.
    6. 

  6.  * Copyright (c) 2009-2021 The PWM Project
    7. 

  7.  *
    8. 

  8.  * Licensed under the Apache License, Version 2.0 (the "License");
    9. 

  9.  * you may not use this file except in compliance with the License.
    10. 

  10.  * You may obtain a copy of the License at
    11. 

  11.  *
    12. 

  12.  *     http://www.apache.org/licenses/LICENSE-2.0
    13. 

  13.  *
    14. 

  14.  * Unless required by applicable law or agreed to in writing, software
    15. 

  15.  * distributed under the License is distributed on an "AS IS" BASIS,
    16. 

  16.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    17. 

  17.  * See the License for the specific language governing permissions and
    18. 

  18.  * limitations under the License.
    19. 

  19.  */
    20. 

  20. 

  21. package password.pwm.svc.node;
    22. 

  22. 

  23. import com.novell.ldapchai.ChaiUser;
    24. 

  24. import com.novell.ldapchai.exception.ChaiException;
    25. 

  25. import lombok.Value;
    26. 

  26. import password.pwm.PwmDomain;
    27. 

  27. import password.pwm.bean.ProfileID;
    28. 

  28. import password.pwm.bean.UserIdentity;
    29. 

  29. import password.pwm.config.PwmSetting;
    30. 

  30. import password.pwm.config.profile.LdapProfile;
    31. 

  31. import password.pwm.error.ErrorInformation;
    32. 

  32. import password.pwm.error.PwmError;
    33. 

  33. import password.pwm.error.PwmUnrecoverableException;
    34. 

  34. import password.pwm.util.java.LazySupplier;
    35. 

  35. import password.pwm.util.json.JsonFactory;
    36. 

  36. import password.pwm.util.java.StringUtil;
    37. 

  37. import password.pwm.util.java.TimeDuration;
    38. 

  38. import password.pwm.util.logging.PwmLogger;
    39. 

  39. 

  40. import java.util.LinkedHashMap;
    41. 

  41. import java.util.Map;
    42. 

  42. import java.util.Objects;
    43. 

  43. import java.util.Set;
    44. 

  44. 

  45. class LDAPNodeDataService implements NodeDataServiceProvider
    46. 

  46. {
    47. 

  47.     private static final PwmLogger LOGGER = PwmLogger.forClass( LDAPNodeDataService.class );
    48. 

  48. 

  49.     private final PwmDomain pwmDomain;
    50. 

  50.     private static final String VALUE_PREFIX = "0006#.#.#";
    51. 

  51.     private final NodeService nodeService;
    52. 

  52.     private final LazySupplier.CheckedSupplier<LDAPHelper, PwmUnrecoverableException> ldapHelperSupplier;
    53. 

  53. 

  54.     LDAPNodeDataService( final NodeService nodeService, final PwmDomain pwmDomain )
    55. 

  55.             throws PwmUnrecoverableException
    56. 

  56.     {
    57. 

  57.         this.nodeService = nodeService;
    58. 

  58.         this.pwmDomain = Objects.requireNonNull( pwmDomain );
    59. 

  59. 

  60.         final LdapProfile ldapProfile = pwmDomain.getConfig().getDefaultLdapProfile();
    61. 

  61.         final String testUser = ldapProfile.readSettingAsString( PwmSetting.LDAP_TEST_USER_DN );
    62. 

  62. 

  63.         if ( StringUtil.isEmpty( testUser ) )
    64. 

  64.         {
    65. 

  65.             final String msg = "ldap node service requires that setting "
    66. 

  66.                     + PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug( ldapProfile.getId(), null )
    67. 

  67.                     + " is configured";
    68. 

  68.             throw PwmUnrecoverableException.newException( PwmError.ERROR_NODE_SERVICE_ERROR, msg );
    69. 

  69.         }
    70. 

  70. 

  71.         ldapHelperSupplier = LazySupplier.checked( () -> LDAPHelper.createLDAPHelper( nodeService, pwmDomain ) );
    72. 

  72.     }
    73. 

  73. 

  74.     @Override
    75. 

  75.     public Map<String, StoredNodeData> readStoredData( ) throws PwmUnrecoverableException
    76. 

  76.     {
    77. 

  77.         final Map<String, StoredNodeData> returnData = new LinkedHashMap<>(  );
    78. 

  78. 

  79.         final LDAPHelper ldapHelper = ldapHelperSupplier.call();
    80. 

  80.         try
    81. 

  81.         {
    82. 

  82.             final Set<String> values = ldapHelper.getChaiUser().readMultiStringAttribute( ldapHelper.getAttr() );
    83. 

  83.             for ( final String value : values )
    84. 

  84.             {
    85. 

  85.                 if ( value.startsWith( VALUE_PREFIX ) )
    86. 

  86.                 {
    87. 

  87.                     final String rawValue = value.substring( VALUE_PREFIX.length() );
    88. 

  88.                     final StoredNodeData storedNodeData = JsonFactory.get().deserialize( rawValue, StoredNodeData.class );
    89. 

  89.                     returnData.put( storedNodeData.getInstanceID(),  storedNodeData );
    90. 

  90.                 }
    91. 

  91.             }
    92. 

  92.         }
    93. 

  93.         catch ( final ChaiException e )
    94. 

  94.         {
    95. 

  95.             throw new PwmUnrecoverableException( PwmError.ERROR_LDAP_DATA_ERROR, "error reading node service data "
    96. 

  96.                     + ldapHelper.debugInfo() + ", error: " + e.getMessage() );
    97. 

  97.         }
    98. 

  98. 

  99.         return returnData;
    100. 

  100.     }
    101. 

  101. 

  102.     @Override
    103. 

  103.     public void writeNodeStatus( final StoredNodeData storedNodeData ) throws PwmUnrecoverableException
    104. 

  104.     {
    105. 

  105.         final Map<String, StoredNodeData> currentServerData = readStoredData();
    106. 

  106.         final StoredNodeData removeNode = currentServerData.get( storedNodeData.getInstanceID() );
    107. 

  107. 

  108.         final LDAPHelper ldapHelper = ldapHelperSupplier.call();
    109. 

  109. 

  110.         final String newRawValue = VALUE_PREFIX + JsonFactory.get().serialize( storedNodeData );
    111. 

  111. 

  112.         try
    113. 

  113.         {
    114. 

  114.             if ( removeNode != null )
    115. 

  115.             {
    116. 

  116.                 final String oldRawValue = VALUE_PREFIX + JsonFactory.get().serialize( removeNode );
    117. 

  117.                 ldapHelper.getChaiUser().replaceAttribute( ldapHelper.getAttr(), oldRawValue, newRawValue );
    118. 

  118.             }
    119. 

  119.             else
    120. 

  120.             {
    121. 

  121.                 ldapHelper.getChaiUser().addAttribute( ldapHelper.getAttr(), newRawValue );
    122. 

  122.             }
    123. 

  123.         }
    124. 

  124.         catch ( final ChaiException e )
    125. 

  125.         {
    126. 

  126.             throw new PwmUnrecoverableException( PwmError.ERROR_LDAP_DATA_ERROR, "error writing node service data "
    127. 

  127.                     + ldapHelper.debugInfo() + ", error: " + e.getMessage() );
    128. 

  128.         }
    129. 

  129. 

  130.     }
    131. 

  131. 

  132.     @Override
    133. 

  133.     public int purgeOutdatedNodes( final TimeDuration maxNodeAge ) throws PwmUnrecoverableException
    134. 

  134.     {
    135. 

  135.         final LDAPHelper ldapHelper = ldapHelperSupplier.call();
    136. 

  136. 

  137.         int nodesPurged = 0;
    138. 

  138. 

  139.         final Map<String, StoredNodeData> nodeDatas = readStoredData();
    140. 

  140. 

  141.         for ( final StoredNodeData storedNodeData : nodeDatas.values() )
    142. 

  142.         {
    143. 

  143.             final TimeDuration recordAge = TimeDuration.fromCurrent( storedNodeData.getTimestamp() );
    144. 

  144.             final String instanceID = storedNodeData.getInstanceID();
    145. 

  145. 

  146.             if ( recordAge.isLongerThan( maxNodeAge ) )
    147. 

  147.             {
    148. 

  148.                 // purge outdated records
    149. 

  149.                 LOGGER.debug( () -> "purging outdated node reference to instanceID '" + instanceID + "'" );
    150. 

  150. 

  151.                 try
    152. 

  152.                 {
    153. 

  153.                     final String oldRawValue = VALUE_PREFIX + JsonFactory.get().serialize( storedNodeData );
    154. 

  154.                     ldapHelper.getChaiUser().deleteAttribute( ldapHelper.getAttr(), oldRawValue );
    155. 

  155.                     nodesPurged++;
    156. 

  156.                 }
    157. 

  157.                 catch ( final ChaiException e )
    158. 

  158.                 {
    159. 

  159.                     throw new PwmUnrecoverableException( PwmError.ERROR_LDAP_DATA_ERROR, "error purging node service data "
    160. 

  160.                             + ldapHelper.debugInfo() + ", error: " + e.getMessage() );
    161. 

  161.                 }
    162. 

  162.             }
    163. 

  163.         }
    164. 

  164. 

  165.         return nodesPurged;
    166. 

  166. 

  167.     }
    168. 

  168. 

  169.     @Value
    170. 

  170.     private static class LDAPHelper
    171. 

  171.     {
    172. 

  172.         private final NodeService nodeService;
    173. 

  173.         private final PwmDomain pwmDomain;
    174. 

  174.         private final UserIdentity userIdentity;
    175. 

  175.         private final ChaiUser chaiUser;
    176. 

  176.         private final String attr;
    177. 

  177. 

  178.         private LDAPHelper( final NodeService nodeService, final PwmDomain pwmDomain )
    179. 

  179.                 throws PwmUnrecoverableException
    180. 

  180.         {
    181. 

  181.             this.nodeService = nodeService;
    182. 

  182.             this.pwmDomain = pwmDomain;
    183. 

  183. 

  184.             final ProfileID ldapProfileID = pwmDomain.getConfig().getDefaultLdapProfile().getId();
    185. 

  185. 

  186.             userIdentity = pwmDomain.getConfig().getDefaultLdapProfile().getTestUser( nodeService.getSessionLabel(), pwmDomain )
    187. 

  187.                     .orElseThrow( () ->
    188. 

  188.                     {
    189. 

  189.                         final String errorMsg = "a test user is not configured for ldap profile '" + ldapProfileID + "'";
    190. 

  190.                         final ErrorInformation errorInformation = new ErrorInformation( PwmError.CONFIG_FORMAT_ERROR, errorMsg );
    191. 

  191.                         return new PwmUnrecoverableException( errorInformation );
    192. 

  192.                     } );
    193. 

  193. 

  194.             chaiUser = pwmDomain.getProxiedChaiUser( nodeService.getSessionLabel(), userIdentity );
    195. 

  195. 

  196.             attr = userIdentity.getLdapProfile( pwmDomain.getPwmApplication().getConfig() ).readSettingAsString( PwmSetting.LDAP_ATTRIBUTE_PWNOTIFY );
    197. 

  197.         }
    198. 

  198. 

  199.         static LDAPHelper createLDAPHelper( final NodeService nodeService, final PwmDomain pwmDomain ) throws PwmUnrecoverableException
    200. 

  200.         {
    201. 

  201.             return new LDAPHelper( nodeService, pwmDomain );
    202. 

  202.         }
    203. 

  203. 

  204.         String debugInfo()
    205. 

  205.         {
    206. 

  206.             return "user '" + this.userIdentity.toDisplayString() + "' attribute '" + attr  + "'";
    207. 

  207.         }
    208. 

  208.     }
    209. 

  209. }
    210.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5