Beispiel #1
0
        public BooleanResult ChangePassword(ChangePasswordInfo cpInfo, ChangePasswordPluginActivityInfo pluginInfo)
        {
            m_logger.Debug("ChangePassword()");

            try
            {
                LdapServer serv = new LdapServer();

                // Authenticate using old password
                BooleanResult result = serv.Authenticate(cpInfo.Username, cpInfo.OldPassword);
                if (!result.Success)
                {
                    return(new BooleanResult {
                        Success = false, Message = "Password change failed: Invalid LDAP username or password."
                    });
                }

                // Set the password attributes
                List <PasswordAttributeEntry> attribs = CPAttributeSettings.Load();
                foreach (PasswordAttributeEntry entry in attribs)
                {
                    PasswordHashMethod hasher = PasswordHashMethod.methods[entry.Method];

                    m_logger.DebugFormat("Setting attribute {0} using hash method {1}", entry.Name, hasher.Name);
                    serv.SetUserAttribute(cpInfo.Username, entry.Name, hasher.hash(cpInfo.NewPassword));
                }

                return(new BooleanResult {
                    Success = true, Message = "LDAP password successfully changed"
                });
            }
            catch (Exception e)
            {
                m_logger.ErrorFormat("Exception in ChangePassword: {0}", e);
                return(new BooleanResult()
                {
                    Success = false, Message = "Error in LDAP plugin."
                });
            }
        }
Beispiel #2
0
        private void LoadSettings()
        {
            string[] ldapHosts = Settings.Store.LdapHost;
            string   hosts     = "";

            for (int i = 0; i < ldapHosts.Count(); i++)
            {
                string host = ldapHosts[i];
                if (i < ldapHosts.Count() - 1)
                {
                    hosts += host + " ";
                }
                else
                {
                    hosts += host;
                }
            }
            ldapHostTextBox.Text = hosts;

            int port = Settings.Store.LdapPort;

            ldapPortTextBox.Text = Convert.ToString(port);

            int timeout = Settings.Store.LdapTimeout;

            timeoutTextBox.Text = Convert.ToString(timeout);

            bool useSsl = Settings.Store.UseSsl;

            useSslCheckBox.CheckState = useSsl ? CheckState.Checked : CheckState.Unchecked;

            bool useTls = Settings.Store.UseTls;

            useTlsCheckBox.CheckState = useTls ? CheckState.Checked : CheckState.Unchecked;

            bool reqCert = Settings.Store.RequireCert;

            validateServerCertCheckBox.CheckState = reqCert ? CheckState.Checked : CheckState.Unchecked;

            string serverCertFile = Settings.Store.ServerCertFile;

            sslCertFileTextBox.Text = serverCertFile;

            string searchDn = Settings.Store.SearchDN;

            searchDnTextBox.Text = searchDn;

            string searchPw = Settings.Store.GetEncryptedSetting("SearchPW");

            searchPassTextBox.Text = searchPw;

            // Authentication tab
            bool allowEmpty = Settings.Store.AllowEmptyPasswords;

            this.allowEmptyPwCB.Checked = allowEmpty;

            string dnPattern = Settings.Store.DnPattern;

            dnPatternTextBox.Text = dnPattern;

            bool doSearch = Settings.Store.DoSearch;

            searchForDnCheckBox.CheckState = doSearch ? CheckState.Checked : CheckState.Unchecked;

            string filter = Settings.Store.SearchFilter;

            searchFilterTextBox.Text = filter;

            bool useAuth = Settings.Store.UseAuthBindForAuthzAndGateway;

            useAuthBindForAuthzAndGatewayCb.Checked = useAuth;

            string[] searchContexts = Settings.Store.SearchContexts;
            string   ctxs           = "";

            for (int i = 0; i < searchContexts.Count(); i++)
            {
                string ctx = searchContexts[i];
                if (i < searchContexts.Count() - 1)
                {
                    ctxs += ctx + "\r\n";
                }
                else
                {
                    ctxs += ctx;
                }
            }
            searchContextsTextBox.Text = ctxs;

            // AttribConverter Grid
            string[] AttribConv = Settings.Store.AttribConv;
            Column1.DataSource        = AttribConvert.Attribs.ToArray();
            dataGridView1.ColumnCount = 2;
            for (int x = 0; x < AttribConv.Count(); x++)
            {
                string[] split = AttribConv[x].Split('\t');
                if (split.Count() == 2)
                {
                    split[0] = split[0].Trim();
                    split[1] = split[1].Trim();
                    if (!String.IsNullOrEmpty(split[0]) && !String.IsNullOrEmpty(split[1]))
                    {
                        if (AttribConvert.Attribs.Contains(split[0]))
                        //if (Array.Exists(WinValues(), element => element == split[0]))
                        {
                            int index = AttribConvert.Attribs.IndexOf(split[0]);
                            //int index = Array.FindIndex(WinValues(), item => item == split[0]);

                            DataGridViewRow          row        = new DataGridViewRow();
                            DataGridViewComboBoxCell CellSample = new DataGridViewComboBoxCell();
                            CellSample.DataSource = AttribConvert.Attribs.ToArray(); // list of the string items that I want to insert in ComboBox.
                            CellSample.Value      = AttribConvert.Attribs[index];    // default value for the ComboBox
                            row.Cells.Add(CellSample);

                            row.Cells.Add(new DataGridViewTextBoxCell()
                            {
                                Value = split[1]
                            });
                            dataGridView1.Rows.Add(row);
                        }
                    }
                }
            }

            /////////////// Authorization tab /////////////////
            this.authzRuleMemberComboBox.SelectedIndex = 0;
            this.authzRuleActionComboBox.SelectedIndex = 0;
            this.authzRuleScope.SelectedIndex          = 0;
            this.authzDefaultAllowRB.Checked           = Settings.Store.AuthzDefault;
            this.authzDefaultDenyRB.Checked            = !(bool)Settings.Store.AuthzDefault;
            this.authzRequireAuthCB.Checked            = Settings.Store.AuthzRequireAuth;
            this.authzAllowOnErrorCB.Checked           = Settings.Store.AuthzAllowOnError;

            List <GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules();

            foreach (GroupAuthzRule rule in lst)
            {
                this.authzRulesListBox.Items.Add(rule);
            }

            ///////////////// Gateway tab /////////////////
            this.gatewayRuleGroupMemberCB.SelectedIndex = 0;
            this.gatewayRuleScope.SelectedIndex         = 0;

            List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();

            foreach (GroupGatewayRule rule in gwLst)
            {
                this.gatewayRulesListBox.Items.Add(rule);
            }

            ////////////// Change Password tab ///////////////
            List <AttributeEntry> attribs = CPAttributeSettings.Load();

            foreach (AttributeEntry entry in attribs)
            {
                this.passwordAttributesDGV.Rows.Add(entry.Name, entry.Method);
            }
        }
Beispiel #3
0
        private void StoreSettings()
        {
            Settings.Store.LdapHost       = Regex.Split(ldapHostTextBox.Text.Trim(), @"\s+");
            Settings.Store.LdapPort       = Convert.ToInt32(ldapPortTextBox.Text.Trim());
            Settings.Store.LdapTimeout    = Convert.ToInt32(timeoutTextBox.Text.Trim());
            Settings.Store.UseSsl         = (useSslCheckBox.CheckState == CheckState.Checked);
            Settings.Store.UseTls         = (useTlsCheckBox.CheckState == CheckState.Checked);
            Settings.Store.RequireCert    = (validateServerCertCheckBox.CheckState == CheckState.Checked);
            Settings.Store.ServerCertFile = sslCertFileTextBox.Text.Trim();
            Settings.Store.UseAuthBindForAuthzAndGateway = (useAuthBindForAuthzAndGatewayCb.CheckState == CheckState.Checked);
            Settings.Store.SearchDN = searchDnTextBox.Text.Trim();
            Settings.Store.SetEncryptedSetting("SearchPW", searchPassTextBox.Text);

            // Authentication
            Settings.Store.AllowEmptyPasswords = this.allowEmptyPwCB.Checked;
            Settings.Store.DnPattern           = dnPatternTextBox.Text.Trim();
            Settings.Store.DoSearch            = (searchForDnCheckBox.CheckState == CheckState.Checked);
            Settings.Store.SearchFilter        = searchFilterTextBox.Text.Trim();
            Settings.Store.SearchContexts      = Regex.Split(searchContextsTextBox.Text.Trim(), @"\s*\r?\n\s*");
            Settings.Store.AuthzDefault        = this.authzDefaultAllowRB.Checked;

            List <string> AttribConv = new List <string>();

            foreach (DataGridViewRow row in dataGridView1.Rows)
            {
                if (row.Cells[0].Value != null && row.Cells[1].Value != null)
                {
                    AttribConv.Add(row.Cells[0].Value.ToString() + "\t" + row.Cells[1].Value.ToString().Trim());
                }
            }
            if (AttribConv.Count > 0)
            {
                Settings.Store.AttribConv = AttribConv.ToArray();
            }
            else
            {
                Settings.Store.AttribConv = new string[] { }
            };

            // Authorization
            Settings.Store.AuthzRequireAuth  = this.authzRequireAuthCB.Checked;
            Settings.Store.AuthzAllowOnError = this.authzAllowOnErrorCB.Checked;
            Settings.Store.AuthzDefault      = this.authzDefaultAllowRB.Checked;
            List <GroupAuthzRule> lst = new List <GroupAuthzRule>();

            foreach (Object item in this.authzRulesListBox.Items)
            {
                lst.Add(item as GroupAuthzRule);
                m_logger.DebugFormat("Saving rule: {0}", item);
            }
            string SaveAuthzRules_ret = GroupRuleLoader.SaveAuthzRules(lst);

            if (!string.IsNullOrEmpty(SaveAuthzRules_ret))
            {
                MessageBox.Show("There was an error in saving your authorization rules.\n" + SaveAuthzRules_ret);
            }

            // Gateway
            List <GroupGatewayRule> gwList = new List <GroupGatewayRule>();

            foreach (Object item in this.gatewayRulesListBox.Items)
            {
                gwList.Add(item as GroupGatewayRule);
                m_logger.DebugFormat("Saving rule: {0}", item);
            }
            string SaveGatewayRules_ret = GroupRuleLoader.SaveGatewayRules(gwList);

            if (!string.IsNullOrEmpty(SaveGatewayRules_ret))
            {
                MessageBox.Show("There was an error in saving your gateway rules.\n" + SaveGatewayRules_ret);
            }

            // Change Password
            List <AttributeEntry> entries = new List <AttributeEntry>();

            foreach (DataGridViewRow row in this.passwordAttributesDGV.Rows)
            {
                if (row.Cells[0].Value != null && row.Cells[1].Value != null)
                {
                    string attribName = row.Cells[0].Value.ToString();
                    if (!string.IsNullOrEmpty(attribName))
                    {
                        AttributeEntry entry = new AttributeEntry
                        {
                            Name   = attribName,
                            Method = (Methods)(row.Cells[1].Value)
                        };
                        entries.Add(entry);
                    }
                }
            }
            CPAttributeSettings.Save(entries);
        }
Beispiel #4
0
        public BooleanResult ChangePassword(SessionProperties properties, ChangePasswordPluginActivityInfo pluginInfo)
        {
            ////m_logger.Debug("ChangePassword()");

            UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();

            using (LdapServer serv = new LdapServer())
            {
                try
                {
                    string[] hosts = Settings.Store.LdapHost;

                    // Authenticate using old password
                    BooleanResult result = serv.Authenticate(userInfo.Username, userInfo.oldPassword, properties);
                    if (!result.Success)
                    {
                        return(new BooleanResult {
                            Success = false, Message = "Password change failed: Invalid LDAP username or password."
                        });
                    }

                    // Set the password attributes
                    List <AttributeEntry> attribs = CPAttributeSettings.Load();
                    foreach (AttributeEntry entry in attribs)
                    {
                        if (entry.Method.HasFlag(Methods.ADPWD))
                        {
                            foreach (string server in hosts)
                            {
                                if (Abstractions.WindowsApi.pInvokes.UserChangePassword(server, userInfo.Username, userInfo.oldPassword, userInfo.Password) == "")
                                {
                                    break;
                                }
                            }
                            continue;
                        }

                        if (entry.Method.HasFlag(Methods.Timestamps) || entry.Method.HasFlag(Methods.Timestampd) || entry.Method.HasFlag(Methods.Timestampt))
                        {
                            TimeMethod time = TimeMethod.methods[entry.Method];

                            ////m_logger.DebugFormat("Setting attribute {0} using method {1}", entry.Name, time.Name);
                            if (!serv.SetUserAttribute(userInfo.Username, entry.Name, time.time()))
                            {
                                return new BooleanResult {
                                           Success = false, Message = "LDAPplugin failed by setting an attribute\nFor more details please consult the log!"
                                }
                            }
                            ;
                        }
                        else
                        {
                            AttribMethod hasher = AttribMethod.methods[entry.Method];

                            ////m_logger.DebugFormat("Setting attribute {0} using method {1}", entry.Name, hasher.Name);
                            if (!serv.SetUserAttribute(userInfo.Username, entry.Name, hasher.hash(userInfo.Password)))
                            {
                                return new BooleanResult {
                                           Success = false, Message = "LDAPplugin failed by setting an attribute\nFor more details please consult the log!"
                                }
                            }
                            ;
                        }
                    }
                    return(new BooleanResult {
                        Success = true, Message = "LDAP password successfully changed"
                    });
                }
                catch (Exception e)
                {
                    ////m_logger.ErrorFormat("Exception in ChangePassword: {0}", e);
                    return(new BooleanResult()
                    {
                        Success = false, Message = "Error in LDAP plugin."
                    });
                }
            }
        }
Beispiel #5
0
        private void StoreSettings()
        {
            Settings.Store.LdapHost         = Regex.Split(ldapHostTextBox.Text.Trim(), @"\s+");
            Settings.Store.LdapPort         = Convert.ToInt32(ldapPortTextBox.Text.Trim());
            Settings.Store.LdapTimeout      = Convert.ToInt32(timeoutTextBox.Text.Trim());
            Settings.Store.EncryptionMethod = (int)(GetEncryptionMethodSelection());
            Settings.Store.RequireCert      = (validateServerCertCheckBox.CheckState == CheckState.Checked);
            Settings.Store.ServerCertFile   = sslCertFileTextBox.Text.Trim();
            Settings.Store.SearchDN         = searchDnTextBox.Text.Trim();
            Settings.Store.SetEncryptedSetting("SearchPW", searchPassTextBox.Text);
            Settings.Store.GroupDnPattern                = this.groupDNPattern.Text.Trim();
            Settings.Store.GroupMemberAttrib             = this.groupMemberAttrTB.Text.Trim();
            Settings.Store.GroupGidAttrib                = this.groupGidAttr.Text.Trim();
            Settings.Store.GroupGidAttribIU              = this.groupGidAttrIU.Text.Trim();
            Settings.Store.Dereference                   = this.DereferenceComboBox.SelectedIndex;
            Settings.Store.UseAuthBindForAuthzAndGateway = this.m_useAuthBindForAuthzAndGatewayCb.Checked;

            // Authentication
            Settings.Store.AllowEmptyPasswords = this.allowEmptyPwCB.Checked;
            Settings.Store.DnPattern           = dnPatternTextBox.Text.Trim();
            Settings.Store.DoSearch            = (searchForDnCheckBox.CheckState == CheckState.Checked);
            Settings.Store.SearchFilter        = searchFilterTextBox.Text.Trim();
            Settings.Store.SearchContexts      = Regex.Split(searchContextsTextBox.Text.Trim(), @"\s*\r?\n\s*");

            // Authorization
            Settings.Store.AuthzRequireAuth     = this.authzRequireAuthCB.Checked;
            Settings.Store.AuthzAllowOnError    = this.authzAllowOnErrorCB.Checked;
            Settings.Store.AuthzApplyToAllUsers = this.authzApplyToAllUsersCB.Checked;
            List <GroupAuthzRule> lst = new List <GroupAuthzRule>();

            foreach (Object item in this.authzRulesListBox.Items)
            {
                lst.Add(item as GroupAuthzRule);
                m_logger.DebugFormat("Saving rule: {0}", item);
            }
            // Add the default as the last rule in the list
            lst.Add(new GroupAuthzRule(this.authzDefaultAllowRB.Checked));

            GroupRuleLoader.SaveAuthzRules(lst);

            // Gateway
            List <GroupGatewayRule> gwList = new List <GroupGatewayRule>();

            foreach (Object item in this.gatewayRulesListBox.Items)
            {
                gwList.Add(item as GroupGatewayRule);
                m_logger.DebugFormat("Saving rule: {0}", item);
            }
            GroupRuleLoader.SaveGatewayRules(gwList);

            // Change Password
            List <PasswordAttributeEntry> entries = new List <PasswordAttributeEntry>();

            foreach (DataGridViewRow row in this.passwordAttributesDGV.Rows)
            {
                if (row.Cells[0].Value != null && row.Cells[1].Value != null)
                {
                    string attribName = row.Cells[0].Value.ToString();
                    if (!string.IsNullOrEmpty(attribName))
                    {
                        PasswordAttributeEntry entry = new PasswordAttributeEntry
                        {
                            Name   = attribName,
                            Method = (HashMethod)(row.Cells[1].Value)
                        };
                        entries.Add(entry);
                    }
                }
            }
            CPAttributeSettings.Save(entries);

            // Login Script SFTP
            Settings.Store.SFTPServerURL     = txt_script_serverurl.Text;
            Settings.Store.SFTPUser          = txt_script_user.Text;
            Settings.Store.SFTPPassword      = txt_script_password.Text;
            Settings.Store.SFTPFingerprint   = txt_script_fingerprint.Text;
            Settings.Store.SFTPScriptPath    = txt_script_path.Text;
            Settings.Store.SFTPScriptPath2   = txt_script_path_2.Text;
            Settings.Store.SFTPGroupListPath = txt_script_group_list_path.Text;
            Settings.Store.CMDLoginScript    = txt_script_cmd_login.Text;
            Settings.Store.CMDLogoffScript   = txt_script_cmd_logoff.Text;
        }
Beispiel #6
0
        private void LoadSettings()
        {
            string[] ldapHosts = Settings.Store.LdapHost;
            string   hosts     = "";

            for (int i = 0; i < ldapHosts.Count(); i++)
            {
                string host = ldapHosts[i];
                if (i < ldapHosts.Count() - 1)
                {
                    hosts += host + " ";
                }
                else
                {
                    hosts += host;
                }
            }
            ldapHostTextBox.Text = hosts;

            int port = Settings.Store.LdapPort;

            ldapPortTextBox.Text = Convert.ToString(port);

            int timeout = Settings.Store.LdapTimeout;

            timeoutTextBox.Text = Convert.ToString(timeout);

            int encryptionMethod = Settings.Store.EncryptionMethod;

            m_encryptionMethodCb.SelectedIndex = encryptionMethod;

            bool reqCert = Settings.Store.RequireCert;

            validateServerCertCheckBox.CheckState = reqCert ? CheckState.Checked : CheckState.Unchecked;

            string serverCertFile = Settings.Store.ServerCertFile;

            sslCertFileTextBox.Text = serverCertFile;

            string searchDn = Settings.Store.SearchDN;

            searchDnTextBox.Text = searchDn;

            string searchPw = Settings.Store.GetEncryptedSetting("SearchPW");

            searchPassTextBox.Text = searchPw;

            string grpDnPattern = Settings.Store.GroupDnPattern;

            this.groupDNPattern.Text = grpDnPattern;

            string grpMemberAttrib = Settings.Store.GroupMemberAttrib;

            this.groupMemberAttrTB.Text = grpMemberAttrib;

            string GroupGidAttrib = Settings.Store.GroupGidAttrib;

            this.groupGidAttr.Text = GroupGidAttrib;

            string GroupGidAttribIU = Settings.Store.GroupGidAttribIU;

            this.groupGidAttrIU.Text = GroupGidAttribIU;

            int derefValue = Settings.Store.Dereference;

            this.DereferenceComboBox.SelectedIndex = derefValue;

            // Authentication tab
            bool allowEmpty = Settings.Store.AllowEmptyPasswords;

            this.allowEmptyPwCB.Checked = allowEmpty;

            string dnPattern = Settings.Store.DnPattern;

            dnPatternTextBox.Text = dnPattern;

            bool doSearch = Settings.Store.DoSearch;

            searchForDnCheckBox.CheckState = doSearch ? CheckState.Checked : CheckState.Unchecked;

            string filter = Settings.Store.SearchFilter;

            searchFilterTextBox.Text = filter;

            bool useAuth = Settings.Store.UseAuthBindForAuthzAndGateway;

            m_useAuthBindForAuthzAndGatewayCb.Checked = useAuth;

            string[] searchContexts = Settings.Store.SearchContexts;
            string   ctxs           = "";

            for (int i = 0; i < searchContexts.Count(); i++)
            {
                string ctx = searchContexts[i];
                if (i < searchContexts.Count() - 1)
                {
                    ctxs += ctx + "\r\n";
                }
                else
                {
                    ctxs += ctx;
                }
            }
            searchContextsTextBox.Text = ctxs;

            /////////////// Authorization tab /////////////////
            this.authzRuleMemberComboBox.SelectedIndex = 0;
            this.authzRuleActionComboBox.SelectedIndex = 0;

            this.authzRequireAuthCB.Checked     = Settings.Store.AuthzRequireAuth;
            this.authzAllowOnErrorCB.Checked    = Settings.Store.AuthzAllowOnError;
            this.authzApplyToAllUsersCB.Checked = Settings.Store.AuthzApplyToAllUsers;

            List <GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules();

            // The last one should be the default rule
            if (lst.Count > 0 &&
                lst[lst.Count - 1].RuleCondition == GroupRule.Condition.ALWAYS)
            {
                GroupAuthzRule rule = lst[lst.Count - 1];
                if (rule.AllowOnMatch)
                {
                    this.authzDefaultAllowRB.Checked = true;
                }
                else
                {
                    this.authzDefaultDenyRB.Checked = true;
                }
                lst.RemoveAt(lst.Count - 1);
            }
            else
            {
                // The list is empty or the last rule is not a default rule.
                throw new Exception("Default rule not found in rule list.");
            }
            // The rest of the rules
            foreach (GroupAuthzRule rule in lst)
            {
                this.authzRulesListBox.Items.Add(rule);
            }

            ///////////////// Gateway tab /////////////////
            List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();

            foreach (GroupGatewayRule rule in gwLst)
            {
                this.gatewayRulesListBox.Items.Add(rule);
            }

            ////////////// Change Password tab ///////////////
            List <PasswordAttributeEntry> attribs = CPAttributeSettings.Load();

            foreach (PasswordAttributeEntry entry in attribs)
            {
                this.passwordAttributesDGV.Rows.Add(entry.Name, entry.Method);
            }

            ///////////// Login Script ////////////////
            txt_script_serverurl.Text       = Settings.Store.SFTPServerURL;
            txt_script_user.Text            = Settings.Store.SFTPUser;
            txt_script_password.Text        = Settings.Store.SFTPPassword;
            txt_script_fingerprint.Text     = Settings.Store.SFTPFingerprint;
            txt_script_path.Text            = Settings.Store.SFTPScriptPath;
            txt_script_path_2.Text          = Settings.Store.SFTPScriptPath2;
            txt_script_group_list_path.Text = Settings.Store.SFTPGroupListPath;
            txt_script_cmd_login.Text       = Settings.Store.CMDLoginScript;
            txt_script_cmd_logoff.Text      = Settings.Store.CMDLogoffScript;
        }