remove hsadmin password reset, dependency updates

This commit is contained in:
Peter Hormanns 2021-12-03 19:15:34 +01:00
parent 0b810b00e6
commit 8f09343b2c
11 changed files with 11 additions and 361 deletions

13
pom.xml
View File

@ -5,7 +5,7 @@
<groupId>de.jalin.ldapadmin</groupId>
<artifactId>ldapadmin</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<version>1.0.1</version>
<name>LDAP Admin Webapp</name>
<properties>
@ -55,12 +55,7 @@
<dependency>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
<version>3.6</version>
</dependency>
<dependency>
<groupId>org.apache.xmlrpc</groupId>
<artifactId>xmlrpc-client</artifactId>
<version>3.1.3</version>
<version>3.8.0</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
@ -70,12 +65,12 @@
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-service</artifactId>
<version>2.0.0.AM25</version>
<version>2.0.0.AM26</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<version>4.13.2</version>
<scope>test</scope>
</dependency>
</dependencies>

View File

@ -1,98 +0,0 @@
package de.jalin.ldapadmin.hsadmin;
import java.io.IOException;
import java.io.Serializable;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.xmlrpc.XmlRpcException;
import org.apache.xmlrpc.client.XmlRpcClient;
import org.apache.xmlrpc.client.XmlRpcClientConfigImpl;
public class EMailAddressDAO {
private TicketProvider ticketBox;
private XmlRpcClient rpcClient;
public EMailAddressDAO(final TicketProvider ticketBox) throws IOException {
this.ticketBox = ticketBox;
final XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
config.setServerURL(new URL("https://config.hostsharing.net:443/hsar/xmlrpc/hsadmin"));
config.setEnabledForExtensions(true);
this.rpcClient = new XmlRpcClient();
this.rpcClient.setConfig(config);
}
public void assertEMailAddressExists(final String emailAddress, final String target) throws IOException, XmlRpcException, EMailAddressNotFound {
final String[] parts = emailAddress.split("@");
if (parts.length == 2) {
final String localpart = parts[0];
final String domain = parts[1];
final String pac = ticketBox.getAdminLogin();
try {
getEMailAddress(pac, localpart, domain);
updateEMailAddress(pac, localpart, domain, target);
} catch (EMailAddressNotFound e) {
createEMailAddress(pac, localpart, domain, target);
}
}
}
private String createEMailAddress(String pac, String localpart, String domain, String target) throws EMailAddressNotFound, XmlRpcException, IOException {
final List<Serializable> xmlRpcParamsList = new ArrayList<Serializable>();
xmlRpcParamsList.add(pac);
xmlRpcParamsList.add(ticketBox.getTicket());
final HashMap<String, Serializable> setParamsMap = new HashMap<String, Serializable>();
xmlRpcParamsList.add(setParamsMap);
setParamsMap.put("localpart", localpart);
setParamsMap.put("domain", domain);
setParamsMap.put("target", target);
final Object[] rpcResult = (Object[])rpcClient.execute("emailaddress.add", xmlRpcParamsList);
if (rpcResult.length == 1) {
@SuppressWarnings("unchecked")
final Map<String, Object> emailAddressMap = (Map<String, Object>) rpcResult[0];
return (String) emailAddressMap.get("emailaddress");
}
throw new EMailAddressNotFound();
}
private String updateEMailAddress(String pac, String localpart, String domain, String target) throws IOException, XmlRpcException, EMailAddressNotFound {
final List<Serializable> xmlRpcParamsList = new ArrayList<Serializable>();
xmlRpcParamsList.add(pac);
xmlRpcParamsList.add(ticketBox.getTicket());
final HashMap<String, Serializable> whereParamsMap = new HashMap<String, Serializable>();
xmlRpcParamsList.add(whereParamsMap);
final HashMap<String, Serializable> setParamsMap = new HashMap<String, Serializable>();
xmlRpcParamsList.add(setParamsMap);
whereParamsMap.put("localpart", localpart);
whereParamsMap.put("domain", domain);
setParamsMap.put("target", target);
final Object[] rpcResult = (Object[])rpcClient.execute("emailaddress.update", xmlRpcParamsList);
if (rpcResult.length == 1) {
@SuppressWarnings("unchecked")
final Map<String, Object> emailAddressMap = (Map<String, Object>) rpcResult[0];
return (String) emailAddressMap.get("emailaddress");
}
throw new EMailAddressNotFound();
}
private String getEMailAddress(String pac, String localpart, String domain) throws EMailAddressNotFound, IOException, XmlRpcException {
final List<Serializable> xmlRpcParamsList = new ArrayList<Serializable>();
xmlRpcParamsList.add(pac);
xmlRpcParamsList.add(ticketBox.getTicket());
final HashMap<String, Serializable> whereParamsMap = new HashMap<String, Serializable>();
xmlRpcParamsList.add(whereParamsMap);
whereParamsMap.put("localpart", localpart);
whereParamsMap.put("domain", domain);
final Object[] rpcResult = (Object[])rpcClient.execute("emailaddress.search", xmlRpcParamsList);
if (rpcResult.length == 1) {
@SuppressWarnings("unchecked")
final Map<String, Object> emailAddressMap = (Map<String, Object>) rpcResult[0];
return (String) emailAddressMap.get("emailaddress");
}
throw new EMailAddressNotFound();
}
}

View File

@ -1,7 +0,0 @@
package de.jalin.ldapadmin.hsadmin;
public class EMailAddressNotFound extends Exception {
private static final long serialVersionUID = 1L;
}

View File

@ -1,107 +0,0 @@
package de.jalin.ldapadmin.hsadmin;
import java.io.IOException;
import java.io.Serializable;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.xmlrpc.XmlRpcException;
import org.apache.xmlrpc.client.XmlRpcClient;
import org.apache.xmlrpc.client.XmlRpcClientConfigImpl;
public class MailboxDAO {
private final TicketProvider ticketBox;
private final XmlRpcClient rpcClient;
public MailboxDAO(final TicketProvider ticketBox) throws IOException {
this.ticketBox = ticketBox;
final XmlRpcClientConfigImpl config = new XmlRpcClientConfigImpl();
config.setServerURL(new URL("https://config.hostsharing.net:443/hsar/xmlrpc/hsadmin"));
config.setEnabledForExtensions(true);
this.rpcClient = new XmlRpcClient();
this.rpcClient.setConfig(config);
}
public void assertMailboxExists(final String emailAddress, final String comment) throws IOException, XmlRpcException {
final String[] parts = emailAddress.split("@");
if (parts.length == 2) {
final String localpart = parts[0];
final String domain = parts[1];
final String pac = ticketBox.getAdminLogin();
try {
getMailbox(pac, localpart);
} catch (MailboxNotFound e) {
try {
createMailbox(pac, localpart, comment);
} catch (MailboxNotFound e1) {
}
}
}
}
private String getMailbox(String pac, String localpart) throws IOException, XmlRpcException, MailboxNotFound {
final String mailboxPostfix = localpart.replace('-', '_');
final String mailboxIdentifier = pac + "-" + mailboxPostfix;
final List<Serializable> xmlRpcParamsList = new ArrayList<Serializable>();
xmlRpcParamsList.add(pac);
xmlRpcParamsList.add(ticketBox.getTicket());
final HashMap<String, Serializable> whereParamsMap = new HashMap<String, Serializable>();
xmlRpcParamsList.add(whereParamsMap);
whereParamsMap.put("name", mailboxIdentifier);
final Object[] rpcResult = (Object[])rpcClient.execute("user.search", xmlRpcParamsList);
if (rpcResult.length == 1) {
@SuppressWarnings("unchecked")
final Map<String, Object> userAsMap = (Map<String, Object>) rpcResult[0];
return (String) userAsMap.get("name");
}
throw new MailboxNotFound("mailbox for " + localpart + " not found");
}
public void changePassword(String pac, String localpart, String newPassword) throws IOException, XmlRpcException, MailboxNotFound {
final String mailbox = getMailbox(pac, localpart);
final List<Serializable> xmlRpcParamsList = new ArrayList<Serializable>();
xmlRpcParamsList.add(pac);
xmlRpcParamsList.add(ticketBox.getTicket());
final HashMap<String, Serializable> setParamsMap = new HashMap<String, Serializable>();
xmlRpcParamsList.add(setParamsMap);
setParamsMap.put("password", newPassword);
final HashMap<String, Serializable> whereParamsMap = new HashMap<String, Serializable>();
xmlRpcParamsList.add(whereParamsMap);
whereParamsMap.put("name", mailbox);
final Object[] rpcResult = (Object[])rpcClient.execute("user.update", xmlRpcParamsList);
if (rpcResult.length != 1) {
throw new MailboxNotFound("mailbox for " + localpart + " not found");
}
}
private void createMailbox(String pac, String localpart, String comment) throws IOException, XmlRpcException, MailboxNotFound {
final List<Serializable> xmlRpcParamsList = new ArrayList<Serializable>();
xmlRpcParamsList.add(pac);
xmlRpcParamsList.add(ticketBox.getTicket());
final HashMap<String, Serializable> setParamsMap = new HashMap<String, Serializable>();
xmlRpcParamsList.add(setParamsMap);
setParamsMap.put("name", pac + "-" + localpart);
setParamsMap.put("password", pwGen());
setParamsMap.put("comment", comment);
@SuppressWarnings("unused")
final Object rpcResult = rpcClient.execute("user.add", xmlRpcParamsList);
}
private String pwGen() {
final String pwCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-.,_:;?!#+&%$=";
final StringBuffer buffer = new StringBuffer();
for (int loop=0; loop<64; loop++) {
final int length = pwCharacters.length() - 1;
double rand = Math.random() * length;
int idx = (new Double(rand)).intValue();
buffer.append(pwCharacters.charAt(idx));
}
return buffer.toString();
}
}

View File

@ -1,11 +0,0 @@
package de.jalin.ldapadmin.hsadmin;
public class MailboxNotFound extends Exception {
private static final long serialVersionUID = 1L;
public MailboxNotFound(String message) {
super(message);
}
}

View File

@ -1,83 +0,0 @@
package de.jalin.ldapadmin.hsadmin;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLEncoder;
import javax.net.ssl.HttpsURLConnection;
public class TicketProvider {
private final String adminLogin;
private final String adminPassword;
private String grantingTicket = null;
public TicketProvider(final String login, final String password) {
this.adminLogin = login;
this.adminPassword = password;
}
public String getAdminLogin() {
return adminLogin;
}
public String getTicket() throws IOException {
if (grantingTicket == null) {
grantingTicket = getGrantingTicket();
}
String ticket = null;
while (ticket == null) {
final String serviceParam = "service=" + URLEncoder.encode("https://config.hostsharing.net:443/hsar/backend", "UTF-8");
final URL url = new URL(grantingTicket);
final HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-type", "application/x-www-form-urlencoded; charset=UTF-8");
connection.setDoInput(true);
connection.setDoOutput(true);
connection.setUseCaches(false);
connection.setAllowUserInteraction(false);
final BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(connection.getOutputStream()));
writer.write(serviceParam);
writer.close();
connection.connect();
int httpResponseCode = connection.getResponseCode();
if (200 == httpResponseCode) {
final BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
ticket = reader.readLine();
String readLine = reader.readLine();
do {
readLine = reader.readLine();
} while (readLine != null);
}
if (httpResponseCode >= 400) {
grantingTicket = getGrantingTicket();
}
}
return ticket;
}
private String getGrantingTicket() throws IOException {
final String userParam = "username=" + URLEncoder.encode(adminLogin, "UTF-8");
final String passwordParam = "password=" + URLEncoder.encode(adminPassword, "UTF-8");
final String encodedData = userParam + "&" + passwordParam;
final URL url = new URL("https://login.hostsharing.net/cas/v1/tickets");
final HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-type", "application/x-www-form-urlencoded; charset=UTF-8");
connection.setDoInput(true);
connection.setDoOutput(true);
connection.setUseCaches(false);
connection.setAllowUserInteraction(false);
final BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(connection.getOutputStream()));
writer.write(encodedData);
writer.close();
connection.connect();
return connection.getHeaderField("Location");
}
}

View File

@ -3,12 +3,10 @@ package de.jalin.ldapadmin.ldap;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
import net.sf.ehcache.Cache;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.server.core.api.CacheService;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
@ -66,7 +64,7 @@ public class DirectoryServiceRunner {
directoryService.setShutdownHookEnabled(true);
directoryService.getChangeLog().setEnabled(false);
directoryService.setAllowAnonymousAccess(false);
directoryService.setAccessControlEnabled(false);
directoryService.setAccessControlEnabled(true);
directoryService.setPasswordHidden(false);
return directoryService;
}
@ -74,9 +72,7 @@ public class DirectoryServiceRunner {
private void addPartition(final String dnString, final String partitionId, final String partitionPath) throws LdapInvalidDnException, Exception {
final JdbmPartitionFactory partitionFactory = new JdbmPartitionFactory();
final SchemaManager schemaManager = service.getSchemaManager();
final CacheService cacheService = service.getCacheService();
final Cache cache = cacheService.getCache("dnCache");
final DefaultDnFactory defaultDnFactory = new DefaultDnFactory(schemaManager, cache);
final DefaultDnFactory defaultDnFactory = new DefaultDnFactory(schemaManager, 4096);
final String parPath = partitionPath != null ? partitionPath : "ldap-data." + Double.valueOf(Math.random()).hashCode();
final Partition partition =
partitionFactory.createPartition(schemaManager, defaultDnFactory, partitionId, dnString, 400, new File(parPath));

View File

@ -10,7 +10,6 @@ import javax.servlet.http.HttpSession;
import de.jalin.ldapadmin.beans.Group;
import de.jalin.ldapadmin.beans.User;
import de.jalin.ldapadmin.hsadmin.TicketProvider;
import de.jalin.ldapadmin.ldap.LDAPConfig;
import de.jalin.ldapadmin.ldap.LDAPSession;
import de.jalin.ldapadmin.ldap.LDAPSessionException;
@ -28,7 +27,6 @@ public class AbstractLDAPServlet extends HttpServlet {
protected LDAPSession ldapSession;
protected LDAPConfig config;
protected TicketProvider ticketProvider = null;
protected void loadData() {
users = new TreeMap<>();
@ -76,13 +74,4 @@ public class AbstractLDAPServlet extends HttpServlet {
httpSession.removeAttribute("servletexception");
}
protected TicketProvider getTicketProvider() {
if (ticketProvider == null) {
final String pacAdmin = config.getPacAdmin();
final String pacPassword = config.getPacPassword();
ticketProvider = new TicketProvider(pacAdmin, pacPassword);
}
return ticketProvider;
}
}

View File

@ -12,12 +12,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.xmlrpc.XmlRpcException;
import de.jalin.ldapadmin.beans.User;
import de.jalin.ldapadmin.beans.ValidationException;
import de.jalin.ldapadmin.hsadmin.MailboxDAO;
import de.jalin.ldapadmin.hsadmin.MailboxNotFound;
import de.jalin.ldapadmin.ldap.GroupsDAO;
import de.jalin.ldapadmin.ldap.LDAPSessionException;
import de.jalin.ldapadmin.ldap.SimplePasswordException;
@ -28,12 +24,9 @@ public class ProfileServlet extends AbstractLDAPServlet {
private static final long serialVersionUID = 1L;
private String pacAdmin;
@Override
public void init() throws ServletException {
super.init();
pacAdmin = config.getPacAdmin();
}
@Override
@ -93,12 +86,6 @@ public class ProfileServlet extends AbstractLDAPServlet {
throw new ValidationException("password2", messages.getString("ProfileServlet.passwords_donot_match"));
} else {
usr.setAndValidatePassword(password);
final MailboxDAO hsadminMailboxDAO = new MailboxDAO(getTicketProvider());
try {
hsadminMailboxDAO.changePassword(pacAdmin, usr.getLogin(), password);
} catch (XmlRpcException | MailboxNotFound e) {
System.out.println(e.getLocalizedMessage());
}
}
}
} catch (SimplePasswordException e) {

View File

@ -18,15 +18,11 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.CharEncoding;
import org.apache.commons.net.smtp.SMTPClient;
import org.apache.commons.net.smtp.SMTPReply;
import org.apache.commons.net.smtp.SimpleSMTPHeader;
import org.apache.xmlrpc.XmlRpcException;
import de.jalin.ldapadmin.beans.User;
import de.jalin.ldapadmin.hsadmin.MailboxDAO;
import de.jalin.ldapadmin.hsadmin.MailboxNotFound;
import de.jalin.ldapadmin.ldap.LDAPSessionException;
import de.jalin.ldapadmin.ldap.SimplePasswordException;
import de.jalin.ldapadmin.ldap.UsersDAO;
@ -39,7 +35,6 @@ public class ResetPasswordServlet extends AbstractLDAPServlet {
private String smtpHost;
private String smtpPort;
private String smtpFrom;
private String hsadminPacAdmin;
private String tempDir;
@Override
@ -48,7 +43,6 @@ public class ResetPasswordServlet extends AbstractLDAPServlet {
smtpHost = config.getSmtpHost();
smtpPort = config.getSmtpPort();
smtpFrom = config.getSmtpFromAddress();
hsadminPacAdmin = config.getPacAdmin();
tempDir = config.getTempDir();
}
@ -88,7 +82,7 @@ public class ResetPasswordServlet extends AbstractLDAPServlet {
final UsersDAO usrDAO = new UsersDAO(ldapSession);
final String loginParam = req.getParameter("login");
final User sessUsr = (User) httpSession.getAttribute("user");
final MailboxDAO hsMailboxDAO = new MailboxDAO(getTicketProvider());
// final MailboxDAO hsMailboxDAO = new MailboxDAO(getTicketProvider());
if (loginParam != null && sessUsr != null && loginParam.equals(sessUsr.getLogin())) {
final String password1 = req.getParameter("password");
final String password2 = req.getParameter("password2");
@ -101,11 +95,6 @@ public class ResetPasswordServlet extends AbstractLDAPServlet {
try {
sessUsr.setAndValidatePassword(password1);
usrDAO.update(sessUsr);
try {
hsMailboxDAO.changePassword(hsadminPacAdmin, sessUsr.getLogin(), password1);
} catch (XmlRpcException | MailboxNotFound e) {
System.out.println(e.getLocalizedMessage());
}
httpSession.setAttribute("successmessage", messages.getString("ResetPasswordServlet.password_changed"));
req.getRequestDispatcher("/new-password.jsp").forward(req, resp);
return;
@ -187,7 +176,7 @@ public class ResetPasswordServlet extends AbstractLDAPServlet {
}
private static void smtpSend(final String smtpHost, final String smtpPort, final Messages messages, final String fromAddress, final String toAddress, final String subject, final String text) throws IOException {
final SMTPClient client = new SMTPClient(CharEncoding.ISO_8859_1);
final SMTPClient client = new SMTPClient();
final String canonicalHostName = InetAddress.getLocalHost().getHostName();
client.connect(smtpHost, Integer.parseInt(smtpPort));
int reply = client.getReplyCode();

View File

@ -48,7 +48,7 @@
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admins</role-name>
<role-name>ldapadmin</role-name>
<role-name>login</role-name>
</auth-constraint>
</security-constraint>
@ -65,7 +65,7 @@
<url-pattern>/groups/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admins</role-name>
<role-name>ldapadmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
@ -77,7 +77,7 @@
</form-login-config>
</login-config>
<security-role>
<role-name>admins</role-name>
<role-name>ldapadmin</role-name>
</security-role>
<security-role>
<role-name>login</role-name>