Commit 8d296ca8 authored by michael.simon's avatar michael.simon
Browse files

import passwords from ldap

parent 77e9a594
......@@ -5,12 +5,16 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
@ApplicationScoped
public class PasswordUtil {
@Inject
private Logger logger;
public String generatePassword(String hashMethod, String password)
throws NoSuchAlgorithmException, UnsupportedEncodingException {
......@@ -22,7 +26,36 @@ public class PasswordUtil {
return hash;
}
// public Boolean comparePassword(String password1, String password2) {
//
// }
public Boolean comparePassword(String plainPassword, String hashPassword) {
String hashMethod = getHashMethod(hashPassword);
if (hashMethod == null)
return Boolean.FALSE;
if (hashMethod.equals("SSHA")) {
//@TODO Implement apacheds style salted sha-1
return Boolean.FALSE;
}
else {
String comparePassword;
try {
comparePassword = generatePassword(hashMethod, plainPassword);
} catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
logger.warn("No Algo found", e);
return Boolean.FALSE;
}
return comparePassword.equals(hashPassword);
}
}
private String getHashMethod(String hashPassword) {
if (hashPassword.matches("^{(.*)|(.*)}$")) {
return hashPassword.split("|")[0].substring(1);
}
else if (hashPassword.matches("^{(.*)}(.*)$")) {
return hashPassword.split("}")[0].substring(1);
}
else
return null;
}
}
......@@ -14,6 +14,7 @@ import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
......@@ -249,6 +250,13 @@ public abstract class AbstractLdapRegisterWorkflow
LdapWorker ldapWorker = new LdapWorker(prop, auditor, isSambaEnabled());
ldapWorker.reconUser(cn, sn, givenName, mail, localUid, uidNumber, gidNumber, homeDir, description);
if (! registry.getRegistryValues().containsKey("userPassword")) {
List<String> pwList = ldapWorker.getPasswords(localUid);
if (pwList.size() > 0) {
logger.debug("userPassword is not set in registry but in LDAP ({}). Importing from LDAP", pwList.size());
registry.getRegistryValues().put("userPassword", pwList.get(0));
}
}
ldapWorker.closeConnections();
}
......
......@@ -185,48 +185,7 @@ public class LdapWorker {
}
}
}
/*
public void reconGroups(String uid, Set<String> groups) {
for (Ldap ldap : connectionManager.getConnections()) {
try {
Set<String> ldapGroups = new HashSet<String>();
Iterator<SearchResult> iterator = ldap.search(new SearchFilter("memberUid=" + uid), new String[] {"cn"});
while (iterator.hasNext()) {
SearchResult sr = iterator.next();
Attribute cnAttr = sr.getAttributes().get("cn");
String cn = (String) cnAttr.get();
ldapGroups.add(cn);
}
Set<String> addGroups = new HashSet<String>(groups);
addGroups.removeAll(ldapGroups);
Set<String> removeGroups = new HashSet<String>(ldapGroups);
removeGroups.removeAll(groups);
for (String group : addGroups) {
logger.info("Adding member {} to group {}", uid, group);
ldap.modifyAttributes("cn=" + group + "," + ldapGroupBase, AttributeModification.ADD,
AttributesFactory.createAttributes("memberUid", uid));
auditor.logAction(uid, "ADD LDAP GROUP MEMBER", group, "Added member on " + ldap.getLdapConfig().getLdapUrl(), AuditStatus.SUCCESS);
}
for (String group : removeGroups) {
logger.info("Removing member {} from group {}", uid, group);
ldap.modifyAttributes("cn=" + group + "," + ldapGroupBase, AttributeModification.REMOVE,
AttributesFactory.createAttributes("memberUid", uid));
auditor.logAction(uid, "REMOVE LDAP GROUP MEMBER", group, "Removed member on " + ldap.getLdapConfig().getLdapUrl(), AuditStatus.SUCCESS);
}
} catch (NamingException e) {
if (ldap.getLdapConfig() != null)
logger.info("Group action failed for connection " + ldap.getLdapConfig().getLdapUrl(), e);
else
logger.info("Group action failed, and oh no, ldapConfig is null!", e);
}
}
}
*/
public void reconUser(String cn, String sn, String givenName, String mail, String uid, String uidNumber, String gidNumber,
String homeDir, String description) {
for (Ldap ldap : connectionManager.getConnections()) {
......@@ -383,6 +342,29 @@ public class LdapWorker {
}
}
public List<String> getPasswords(String uid) {
List<String> pwList = new ArrayList<String>();
for (Ldap ldap : connectionManager.getConnections()) {
try {
String ldapDn = "uid=" + uid + "," + ldapUserBase;
Attributes attrs = ldap.getAttributes(ldapDn);
Attribute attr = attrs.get("userPassword");
if (attr != null) {
for (int i=0; i<attr.size(); i++) {
Object attrObject = attr.get(i);
if (attrObject != null)
pwList.add(new String((byte[]) attrObject));
}
}
} catch (NamingException e) {
logger.warn("FAILED: Getting password for User {} in ldap {}: {}",
new Object[] {uid, ldapUserBase, e.getMessage()});
}
}
return pwList;
}
public void setPassword(String uid, String password) {
for (Ldap ldap : connectionManager.getConnections()) {
try {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment