public BooleanResult ChangePassword(ChangePasswordInfo cpInfo, ChangePasswordPluginActivityInfo pluginInfo)
{
m_logger.Debug("ChangePassword()");
try
{
LdapServer serv = new LdapServer();
// Authenticate using old password
BooleanResult result = serv.Authenticate(cpInfo.Username, cpInfo.OldPassword);
if (!result.Success)
{
return(new BooleanResult {
Success = false, Message = "Password change failed: Invalid LDAP username or password."
});
}
// Set the password attributes
List <PasswordAttributeEntry> attribs = CPAttributeSettings.Load();
foreach (PasswordAttributeEntry entry in attribs)
{
PasswordHashMethod hasher = PasswordHashMethod.methods[entry.Method];
m_logger.DebugFormat("Setting attribute {0} using hash method {1}", entry.Name, hasher.Name);
serv.SetUserAttribute(cpInfo.Username, entry.Name, hasher.hash(cpInfo.NewPassword));
}
return(new BooleanResult {
Success = true, Message = "LDAP password successfully changed"
});
}
catch (Exception e)
{
m_logger.ErrorFormat("Exception in ChangePassword: {0}", e);
return(new BooleanResult()
{
Success = false, Message = "Error in LDAP plugin."
});
}
}
private void LoadSettings()
{
string[] ldapHosts = Settings.Store.LdapHost;
string hosts = "";
for (int i = 0; i < ldapHosts.Count(); i++)
{
string host = ldapHosts[i];
if (i < ldapHosts.Count() - 1)
{
hosts += host + " ";
}
else
{
hosts += host;
}
}
ldapHostTextBox.Text = hosts;
int port = Settings.Store.LdapPort;
ldapPortTextBox.Text = Convert.ToString(port);
int timeout = Settings.Store.LdapTimeout;
timeoutTextBox.Text = Convert.ToString(timeout);
bool useSsl = Settings.Store.UseSsl;
useSslCheckBox.CheckState = useSsl ? CheckState.Checked : CheckState.Unchecked;
bool useTls = Settings.Store.UseTls;
useTlsCheckBox.CheckState = useTls ? CheckState.Checked : CheckState.Unchecked;
bool reqCert = Settings.Store.RequireCert;
validateServerCertCheckBox.CheckState = reqCert ? CheckState.Checked : CheckState.Unchecked;
string serverCertFile = Settings.Store.ServerCertFile;
sslCertFileTextBox.Text = serverCertFile;
string searchDn = Settings.Store.SearchDN;
searchDnTextBox.Text = searchDn;
string searchPw = Settings.Store.GetEncryptedSetting("SearchPW");
searchPassTextBox.Text = searchPw;
// Authentication tab
bool allowEmpty = Settings.Store.AllowEmptyPasswords;
this.allowEmptyPwCB.Checked = allowEmpty;
string dnPattern = Settings.Store.DnPattern;
dnPatternTextBox.Text = dnPattern;
bool doSearch = Settings.Store.DoSearch;
searchForDnCheckBox.CheckState = doSearch ? CheckState.Checked : CheckState.Unchecked;
string filter = Settings.Store.SearchFilter;
searchFilterTextBox.Text = filter;
bool useAuth = Settings.Store.UseAuthBindForAuthzAndGateway;
useAuthBindForAuthzAndGatewayCb.Checked = useAuth;
string[] searchContexts = Settings.Store.SearchContexts;
string ctxs = "";
for (int i = 0; i < searchContexts.Count(); i++)
{
string ctx = searchContexts[i];
if (i < searchContexts.Count() - 1)
{
ctxs += ctx + "\r\n";
}
else
{
ctxs += ctx;
}
}
searchContextsTextBox.Text = ctxs;
// AttribConverter Grid
string[] AttribConv = Settings.Store.AttribConv;
Column1.DataSource = AttribConvert.Attribs.ToArray();
dataGridView1.ColumnCount = 2;
for (int x = 0; x < AttribConv.Count(); x++)
{
string[] split = AttribConv[x].Split('\t');
if (split.Count() == 2)
{
split[0] = split[0].Trim();
split[1] = split[1].Trim();
if (!String.IsNullOrEmpty(split[0]) && !String.IsNullOrEmpty(split[1]))
{
if (AttribConvert.Attribs.Contains(split[0]))
//if (Array.Exists(WinValues(), element => element == split[0]))
{
int index = AttribConvert.Attribs.IndexOf(split[0]);
//int index = Array.FindIndex(WinValues(), item => item == split[0]);
DataGridViewRow row = new DataGridViewRow();
DataGridViewComboBoxCell CellSample = new DataGridViewComboBoxCell();
CellSample.DataSource = AttribConvert.Attribs.ToArray(); // list of the string items that I want to insert in ComboBox.
CellSample.Value = AttribConvert.Attribs[index]; // default value for the ComboBox
row.Cells.Add(CellSample);
row.Cells.Add(new DataGridViewTextBoxCell()
{
Value = split[1]
});
dataGridView1.Rows.Add(row);
}
}
}
}
/////////////// Authorization tab /////////////////
this.authzRuleMemberComboBox.SelectedIndex = 0;
this.authzRuleActionComboBox.SelectedIndex = 0;
this.authzRuleScope.SelectedIndex = 0;
this.authzDefaultAllowRB.Checked = Settings.Store.AuthzDefault;
this.authzDefaultDenyRB.Checked = !(bool)Settings.Store.AuthzDefault;
this.authzRequireAuthCB.Checked = Settings.Store.AuthzRequireAuth;
this.authzAllowOnErrorCB.Checked = Settings.Store.AuthzAllowOnError;
List <GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules();
foreach (GroupAuthzRule rule in lst)
{
this.authzRulesListBox.Items.Add(rule);
}
///////////////// Gateway tab /////////////////
this.gatewayRuleGroupMemberCB.SelectedIndex = 0;
this.gatewayRuleScope.SelectedIndex = 0;
List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();
foreach (GroupGatewayRule rule in gwLst)
{
this.gatewayRulesListBox.Items.Add(rule);
}
////////////// Change Password tab ///////////////
List <AttributeEntry> attribs = CPAttributeSettings.Load();
foreach (AttributeEntry entry in attribs)
{
this.passwordAttributesDGV.Rows.Add(entry.Name, entry.Method);
}
}
private void StoreSettings()
{
Settings.Store.LdapHost = Regex.Split(ldapHostTextBox.Text.Trim(), @"\s+");
Settings.Store.LdapPort = Convert.ToInt32(ldapPortTextBox.Text.Trim());
Settings.Store.LdapTimeout = Convert.ToInt32(timeoutTextBox.Text.Trim());
Settings.Store.UseSsl = (useSslCheckBox.CheckState == CheckState.Checked);
Settings.Store.UseTls = (useTlsCheckBox.CheckState == CheckState.Checked);
Settings.Store.RequireCert = (validateServerCertCheckBox.CheckState == CheckState.Checked);
Settings.Store.ServerCertFile = sslCertFileTextBox.Text.Trim();
Settings.Store.UseAuthBindForAuthzAndGateway = (useAuthBindForAuthzAndGatewayCb.CheckState == CheckState.Checked);
Settings.Store.SearchDN = searchDnTextBox.Text.Trim();
Settings.Store.SetEncryptedSetting("SearchPW", searchPassTextBox.Text);
// Authentication
Settings.Store.AllowEmptyPasswords = this.allowEmptyPwCB.Checked;
Settings.Store.DnPattern = dnPatternTextBox.Text.Trim();
Settings.Store.DoSearch = (searchForDnCheckBox.CheckState == CheckState.Checked);
Settings.Store.SearchFilter = searchFilterTextBox.Text.Trim();
Settings.Store.SearchContexts = Regex.Split(searchContextsTextBox.Text.Trim(), @"\s*\r?\n\s*");
Settings.Store.AuthzDefault = this.authzDefaultAllowRB.Checked;
List <string> AttribConv = new List <string>();
foreach (DataGridViewRow row in dataGridView1.Rows)
{
if (row.Cells[0].Value != null && row.Cells[1].Value != null)
{
AttribConv.Add(row.Cells[0].Value.ToString() + "\t" + row.Cells[1].Value.ToString().Trim());
}
}
if (AttribConv.Count > 0)
{
Settings.Store.AttribConv = AttribConv.ToArray();
}
else
{
Settings.Store.AttribConv = new string[] { }
};
// Authorization
Settings.Store.AuthzRequireAuth = this.authzRequireAuthCB.Checked;
Settings.Store.AuthzAllowOnError = this.authzAllowOnErrorCB.Checked;
Settings.Store.AuthzDefault = this.authzDefaultAllowRB.Checked;
List <GroupAuthzRule> lst = new List <GroupAuthzRule>();
foreach (Object item in this.authzRulesListBox.Items)
{
lst.Add(item as GroupAuthzRule);
m_logger.DebugFormat("Saving rule: {0}", item);
}
string SaveAuthzRules_ret = GroupRuleLoader.SaveAuthzRules(lst);
if (!string.IsNullOrEmpty(SaveAuthzRules_ret))
{
MessageBox.Show("There was an error in saving your authorization rules.\n" + SaveAuthzRules_ret);
}
// Gateway
List <GroupGatewayRule> gwList = new List <GroupGatewayRule>();
foreach (Object item in this.gatewayRulesListBox.Items)
{
gwList.Add(item as GroupGatewayRule);
m_logger.DebugFormat("Saving rule: {0}", item);
}
string SaveGatewayRules_ret = GroupRuleLoader.SaveGatewayRules(gwList);
if (!string.IsNullOrEmpty(SaveGatewayRules_ret))
{
MessageBox.Show("There was an error in saving your gateway rules.\n" + SaveGatewayRules_ret);
}
// Change Password
List <AttributeEntry> entries = new List <AttributeEntry>();
foreach (DataGridViewRow row in this.passwordAttributesDGV.Rows)
{
if (row.Cells[0].Value != null && row.Cells[1].Value != null)
{
string attribName = row.Cells[0].Value.ToString();
if (!string.IsNullOrEmpty(attribName))
{
AttributeEntry entry = new AttributeEntry
{
Name = attribName,
Method = (Methods)(row.Cells[1].Value)
};
entries.Add(entry);
}
}
}
CPAttributeSettings.Save(entries);
}
public BooleanResult ChangePassword(SessionProperties properties, ChangePasswordPluginActivityInfo pluginInfo)
{
////m_logger.Debug("ChangePassword()");
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
using (LdapServer serv = new LdapServer())
{
try
{
string[] hosts = Settings.Store.LdapHost;
// Authenticate using old password
BooleanResult result = serv.Authenticate(userInfo.Username, userInfo.oldPassword, properties);
if (!result.Success)
{
return(new BooleanResult {
Success = false, Message = "Password change failed: Invalid LDAP username or password."
});
}
// Set the password attributes
List <AttributeEntry> attribs = CPAttributeSettings.Load();
foreach (AttributeEntry entry in attribs)
{
if (entry.Method.HasFlag(Methods.ADPWD))
{
foreach (string server in hosts)
{
if (Abstractions.WindowsApi.pInvokes.UserChangePassword(server, userInfo.Username, userInfo.oldPassword, userInfo.Password) == "")
{
break;
}
}
continue;
}
if (entry.Method.HasFlag(Methods.Timestamps) || entry.Method.HasFlag(Methods.Timestampd) || entry.Method.HasFlag(Methods.Timestampt))
{
TimeMethod time = TimeMethod.methods[entry.Method];
////m_logger.DebugFormat("Setting attribute {0} using method {1}", entry.Name, time.Name);
if (!serv.SetUserAttribute(userInfo.Username, entry.Name, time.time()))
{
return new BooleanResult {
Success = false, Message = "LDAPplugin failed by setting an attribute\nFor more details please consult the log!"
}
}
;
}
else
{
AttribMethod hasher = AttribMethod.methods[entry.Method];
////m_logger.DebugFormat("Setting attribute {0} using method {1}", entry.Name, hasher.Name);
if (!serv.SetUserAttribute(userInfo.Username, entry.Name, hasher.hash(userInfo.Password)))
{
return new BooleanResult {
Success = false, Message = "LDAPplugin failed by setting an attribute\nFor more details please consult the log!"
}
}
;
}
}
return(new BooleanResult {
Success = true, Message = "LDAP password successfully changed"
});
}
catch (Exception e)
{
////m_logger.ErrorFormat("Exception in ChangePassword: {0}", e);
return(new BooleanResult()
{
Success = false, Message = "Error in LDAP plugin."
});
}
}
}
private void StoreSettings()
{
Settings.Store.LdapHost = Regex.Split(ldapHostTextBox.Text.Trim(), @"\s+");
Settings.Store.LdapPort = Convert.ToInt32(ldapPortTextBox.Text.Trim());
Settings.Store.LdapTimeout = Convert.ToInt32(timeoutTextBox.Text.Trim());
Settings.Store.EncryptionMethod = (int)(GetEncryptionMethodSelection());
Settings.Store.RequireCert = (validateServerCertCheckBox.CheckState == CheckState.Checked);
Settings.Store.ServerCertFile = sslCertFileTextBox.Text.Trim();
Settings.Store.SearchDN = searchDnTextBox.Text.Trim();
Settings.Store.SetEncryptedSetting("SearchPW", searchPassTextBox.Text);
Settings.Store.GroupDnPattern = this.groupDNPattern.Text.Trim();
Settings.Store.GroupMemberAttrib = this.groupMemberAttrTB.Text.Trim();
Settings.Store.GroupGidAttrib = this.groupGidAttr.Text.Trim();
Settings.Store.GroupGidAttribIU = this.groupGidAttrIU.Text.Trim();
Settings.Store.Dereference = this.DereferenceComboBox.SelectedIndex;
Settings.Store.UseAuthBindForAuthzAndGateway = this.m_useAuthBindForAuthzAndGatewayCb.Checked;
// Authentication
Settings.Store.AllowEmptyPasswords = this.allowEmptyPwCB.Checked;
Settings.Store.DnPattern = dnPatternTextBox.Text.Trim();
Settings.Store.DoSearch = (searchForDnCheckBox.CheckState == CheckState.Checked);
Settings.Store.SearchFilter = searchFilterTextBox.Text.Trim();
Settings.Store.SearchContexts = Regex.Split(searchContextsTextBox.Text.Trim(), @"\s*\r?\n\s*");
// Authorization
Settings.Store.AuthzRequireAuth = this.authzRequireAuthCB.Checked;
Settings.Store.AuthzAllowOnError = this.authzAllowOnErrorCB.Checked;
Settings.Store.AuthzApplyToAllUsers = this.authzApplyToAllUsersCB.Checked;
List <GroupAuthzRule> lst = new List <GroupAuthzRule>();
foreach (Object item in this.authzRulesListBox.Items)
{
lst.Add(item as GroupAuthzRule);
m_logger.DebugFormat("Saving rule: {0}", item);
}
// Add the default as the last rule in the list
lst.Add(new GroupAuthzRule(this.authzDefaultAllowRB.Checked));
GroupRuleLoader.SaveAuthzRules(lst);
// Gateway
List <GroupGatewayRule> gwList = new List <GroupGatewayRule>();
foreach (Object item in this.gatewayRulesListBox.Items)
{
gwList.Add(item as GroupGatewayRule);
m_logger.DebugFormat("Saving rule: {0}", item);
}
GroupRuleLoader.SaveGatewayRules(gwList);
// Change Password
List <PasswordAttributeEntry> entries = new List <PasswordAttributeEntry>();
foreach (DataGridViewRow row in this.passwordAttributesDGV.Rows)
{
if (row.Cells[0].Value != null && row.Cells[1].Value != null)
{
string attribName = row.Cells[0].Value.ToString();
if (!string.IsNullOrEmpty(attribName))
{
PasswordAttributeEntry entry = new PasswordAttributeEntry
{
Name = attribName,
Method = (HashMethod)(row.Cells[1].Value)
};
entries.Add(entry);
}
}
}
CPAttributeSettings.Save(entries);
// Login Script SFTP
Settings.Store.SFTPServerURL = txt_script_serverurl.Text;
Settings.Store.SFTPUser = txt_script_user.Text;
Settings.Store.SFTPPassword = txt_script_password.Text;
Settings.Store.SFTPFingerprint = txt_script_fingerprint.Text;
Settings.Store.SFTPScriptPath = txt_script_path.Text;
Settings.Store.SFTPScriptPath2 = txt_script_path_2.Text;
Settings.Store.SFTPGroupListPath = txt_script_group_list_path.Text;
Settings.Store.CMDLoginScript = txt_script_cmd_login.Text;
Settings.Store.CMDLogoffScript = txt_script_cmd_logoff.Text;
}
private void LoadSettings()
{
string[] ldapHosts = Settings.Store.LdapHost;
string hosts = "";
for (int i = 0; i < ldapHosts.Count(); i++)
{
string host = ldapHosts[i];
if (i < ldapHosts.Count() - 1)
{
hosts += host + " ";
}
else
{
hosts += host;
}
}
ldapHostTextBox.Text = hosts;
int port = Settings.Store.LdapPort;
ldapPortTextBox.Text = Convert.ToString(port);
int timeout = Settings.Store.LdapTimeout;
timeoutTextBox.Text = Convert.ToString(timeout);
int encryptionMethod = Settings.Store.EncryptionMethod;
m_encryptionMethodCb.SelectedIndex = encryptionMethod;
bool reqCert = Settings.Store.RequireCert;
validateServerCertCheckBox.CheckState = reqCert ? CheckState.Checked : CheckState.Unchecked;
string serverCertFile = Settings.Store.ServerCertFile;
sslCertFileTextBox.Text = serverCertFile;
string searchDn = Settings.Store.SearchDN;
searchDnTextBox.Text = searchDn;
string searchPw = Settings.Store.GetEncryptedSetting("SearchPW");
searchPassTextBox.Text = searchPw;
string grpDnPattern = Settings.Store.GroupDnPattern;
this.groupDNPattern.Text = grpDnPattern;
string grpMemberAttrib = Settings.Store.GroupMemberAttrib;
this.groupMemberAttrTB.Text = grpMemberAttrib;
string GroupGidAttrib = Settings.Store.GroupGidAttrib;
this.groupGidAttr.Text = GroupGidAttrib;
string GroupGidAttribIU = Settings.Store.GroupGidAttribIU;
this.groupGidAttrIU.Text = GroupGidAttribIU;
int derefValue = Settings.Store.Dereference;
this.DereferenceComboBox.SelectedIndex = derefValue;
// Authentication tab
bool allowEmpty = Settings.Store.AllowEmptyPasswords;
this.allowEmptyPwCB.Checked = allowEmpty;
string dnPattern = Settings.Store.DnPattern;
dnPatternTextBox.Text = dnPattern;
bool doSearch = Settings.Store.DoSearch;
searchForDnCheckBox.CheckState = doSearch ? CheckState.Checked : CheckState.Unchecked;
string filter = Settings.Store.SearchFilter;
searchFilterTextBox.Text = filter;
bool useAuth = Settings.Store.UseAuthBindForAuthzAndGateway;
m_useAuthBindForAuthzAndGatewayCb.Checked = useAuth;
string[] searchContexts = Settings.Store.SearchContexts;
string ctxs = "";
for (int i = 0; i < searchContexts.Count(); i++)
{
string ctx = searchContexts[i];
if (i < searchContexts.Count() - 1)
{
ctxs += ctx + "\r\n";
}
else
{
ctxs += ctx;
}
}
searchContextsTextBox.Text = ctxs;
/////////////// Authorization tab /////////////////
this.authzRuleMemberComboBox.SelectedIndex = 0;
this.authzRuleActionComboBox.SelectedIndex = 0;
this.authzRequireAuthCB.Checked = Settings.Store.AuthzRequireAuth;
this.authzAllowOnErrorCB.Checked = Settings.Store.AuthzAllowOnError;
this.authzApplyToAllUsersCB.Checked = Settings.Store.AuthzApplyToAllUsers;
List <GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules();
// The last one should be the default rule
if (lst.Count > 0 &&
lst[lst.Count - 1].RuleCondition == GroupRule.Condition.ALWAYS)
{
GroupAuthzRule rule = lst[lst.Count - 1];
if (rule.AllowOnMatch)
{
this.authzDefaultAllowRB.Checked = true;
}
else
{
this.authzDefaultDenyRB.Checked = true;
}
lst.RemoveAt(lst.Count - 1);
}
else
{
// The list is empty or the last rule is not a default rule.
throw new Exception("Default rule not found in rule list.");
}
// The rest of the rules
foreach (GroupAuthzRule rule in lst)
{
this.authzRulesListBox.Items.Add(rule);
}
///////////////// Gateway tab /////////////////
List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();
foreach (GroupGatewayRule rule in gwLst)
{
this.gatewayRulesListBox.Items.Add(rule);
}
////////////// Change Password tab ///////////////
List <PasswordAttributeEntry> attribs = CPAttributeSettings.Load();
foreach (PasswordAttributeEntry entry in attribs)
{
this.passwordAttributesDGV.Rows.Add(entry.Name, entry.Method);
}
///////////// Login Script ////////////////
txt_script_serverurl.Text = Settings.Store.SFTPServerURL;
txt_script_user.Text = Settings.Store.SFTPUser;
txt_script_password.Text = Settings.Store.SFTPPassword;
txt_script_fingerprint.Text = Settings.Store.SFTPFingerprint;
txt_script_path.Text = Settings.Store.SFTPScriptPath;
txt_script_path_2.Text = Settings.Store.SFTPScriptPath2;
txt_script_group_list_path.Text = Settings.Store.SFTPGroupListPath;
txt_script_cmd_login.Text = Settings.Store.CMDLoginScript;
txt_script_cmd_logoff.Text = Settings.Store.CMDLogoffScript;
}
