summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/csadmin
diff options
context:
space:
mode:
authoralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2010-07-07 20:09:30 +0000
committeralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2010-07-07 20:09:30 +0000
commite5f83cbfceeac25ba1cdb532bf327c2f3e389d2f (patch)
tree6cb84d684417596b84f6a650a2acee01e819d958 /pki/base/common/src/com/netscape/cms/servlet/csadmin
parentc0e3cfede34e8b0dc0a31a5bebfdc4b67683b9be (diff)
downloadpki-e5f83cbfceeac25ba1cdb532bf327c2f3e389d2f.tar.gz
pki-e5f83cbfceeac25ba1cdb532bf327c2f3e389d2f.tar.xz
pki-e5f83cbfceeac25ba1cdb532bf327c2f3e389d2f.zip
Bugzilla BZ595391: session domain table to be moved to ldap (corrected BZ596391 to BZ595391 on 08/10/2010 by mharmsen)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1125 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java1
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java325
3 files changed, 327 insertions, 1 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index 1509d5b74..ae9acf9fe 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -546,6 +546,7 @@ public class DonePanel extends WizardPanelBase {
cs.putString("securitydomain.httpsadminport", ownadminsport);
cs.putString("securitydomain.httpsagentport", ownagentsport);
cs.putString("securitydomain.httpseeport", ownsport);
+ cs.putString("securitydomain.select", "new");
} catch (Exception e) {
CMS.debug("Caught exception trying to save security domain parameters for clone of a domain master");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
index bd4d6b7ab..f2b4589e3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
@@ -107,7 +107,7 @@ public class GetDomainXML extends CMSServlet {
try {
// get data from ldap
String[] entries = {};
- String filter = "objectclass=*";
+ String filter = "objectclass=pkiSecurityGroup";
LDAPSearchConstraints cons = null;
String[] attrs = null;
String dn = "ou=Security Domain," + basedn;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
new file mode 100644
index 000000000..55d39886e
--- /dev/null
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
@@ -0,0 +1,325 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.csadmin;
+
+import java.util.*;
+import java.io.*;
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.apps.*;
+import netscape.ldap.*;
+import com.netscape.cmsutil.password.*;
+
+/**
+ * This object stores the values for IP, uid and group based on the cookie id in LDAP.
+ * Entries are stored under ou=Security Domain, ou=sessions, $basedn
+ */
+public class LDAPSecurityDomainSessionTable
+ implements ISecurityDomainSessionTable {
+
+ private long m_timeToLive;
+
+ public LDAPSecurityDomainSessionTable(long timeToLive) {
+ m_timeToLive = timeToLive;
+ }
+
+ public void addEntry(String sessionId, String ip,
+ String uid, String group) {
+ IConfigStore cs = CMS.getConfigStore();
+ LDAPConnection conn = null;
+ boolean sessions_exists = true;
+
+ String basedn = null;
+ String sessionsdn = null;
+ try {
+ basedn = cs.getString("internaldb.basedn");
+ sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e);
+ return;
+ }
+
+ try {
+ // create session entry (if it does not exist)
+ conn = getLDAPConn();
+
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "organizationalUnit"));
+ attrs.add(new LDAPAttribute("ou", "sessions"));
+ entry = new LDAPEntry(sessionsdn, attrs);
+ conn.add(entry);
+ } catch (Exception e) {
+ if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) {
+ // continue
+ } else {
+ CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e);
+ sessions_exists = false;
+ }
+ }
+
+ // add new entry
+ try {
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ String entrydn = "cn=" + sessionId + "," + sessionsdn;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "securityDomainSessionEntry"));
+ attrs.add(new LDAPAttribute("cn", sessionId));
+ attrs.add(new LDAPAttribute("host", ip));
+ attrs.add(new LDAPAttribute("uid", uid));
+ attrs.add(new LDAPAttribute("cmsUserGroup", group));
+ attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime())));
+
+ entry = new LDAPEntry(entrydn, attrs);
+ if (sessions_exists) {
+ conn.add(entry);
+ }
+ CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
+ } catch(Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e);
+ }
+
+ try {
+ conn.disconnect();
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e);
+ }
+ }
+
+ public void removeEntry(String sessionId) {
+ IConfigStore cs = CMS.getConfigStore();
+ LDAPConnection conn = null;
+ try {
+ String basedn = cs.getString("internaldb.basedn");
+ String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn;
+ conn = getLDAPConn();
+ conn.delete(dn);
+ } catch (Exception e) {
+ if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) {
+ // continue
+ } else {
+ CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e);
+ }
+ }
+ try {
+ conn.disconnect();
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e);
+ }
+ }
+
+ public boolean isSessionIdExist(String sessionId) {
+ IConfigStore cs = CMS.getConfigStore();
+ LDAPConnection conn = null;
+ boolean ret = false;
+ try {
+ String basedn = cs.getString("internaldb.basedn");
+ String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
+ String filter = "(cn=" + sessionId + ")";
+ String[] attrs = { "cn" };
+
+ conn = getLDAPConn();
+ LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
+ if (res.getCount() > 0) ret = true;
+ } catch(Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
+ }
+
+ try {
+ conn.disconnect();
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e);
+ }
+ return ret;
+ }
+
+
+ public Enumeration getSessionIds() {
+ IConfigStore cs = CMS.getConfigStore();
+ LDAPConnection conn = null;
+ Vector ret = new Vector();
+
+ try {
+ String basedn = cs.getString("internaldb.basedn");
+ String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
+ String filter = "(objectclass=securityDomainSessionEntry)";
+ String[] attrs = { "cn" };
+
+ conn = getLDAPConn();
+ LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
+ while (res.hasMoreElements()) {
+ LDAPEntry entry = res.next();
+ ret.add(entry.getAttribute("cn").getStringValueArray()[0]);
+ }
+ } catch(Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
+ }
+
+ try {
+ conn.disconnect();
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e);
+ }
+
+ return ret.elements();
+ }
+
+ private String getStringValue(String sessionId, String attr) {
+ IConfigStore cs = CMS.getConfigStore();
+ LDAPConnection conn = null;
+ String ret = null;
+ try {
+ String basedn = cs.getString("internaldb.basedn");
+ String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
+ String filter = "(cn=" + sessionId + ")";
+ String[] attrs = { attr };
+ conn = getLDAPConn();
+ LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
+ if (res.getCount() > 0) {
+ LDAPEntry entry = res.next();
+ ret = entry.getAttribute(attr).getStringValueArray()[0];
+ }
+ } catch(Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
+ }
+
+ try {
+ conn.disconnect();
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e);
+ }
+ return ret;
+ }
+
+ public String getIP(String sessionId) {
+ return getStringValue(sessionId, "host");
+ }
+
+ public String getUID(String sessionId) {
+ return getStringValue(sessionId, "uid");
+ }
+
+ public String getGroup(String sessionId) {
+ return getStringValue(sessionId, "cmsUserGroup");
+ }
+
+ public long getBeginTime(String sessionId) {
+ String beginStr = getStringValue(sessionId, "dateOfCreate");
+ if (beginStr != null) {
+ return Long.parseLong(beginStr);
+ }
+ return -1;
+ }
+
+ public long getTimeToLive() {
+ return m_timeToLive;
+ }
+
+ public int getSize() {
+ IConfigStore cs = CMS.getConfigStore();
+ LDAPConnection conn = null;
+ int ret =0;
+
+ try {
+ String basedn = cs.getString("internaldb.basedn");
+ String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
+ String filter = "(objectclass=securityDomainSessionEntry)";
+ String[] attrs = { "cn" };
+
+ conn = getLDAPConn();
+ LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
+ ret = res.getCount();
+ } catch(Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
+ }
+
+ try {
+ conn.disconnect();
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e);
+ }
+
+ return ret;
+ }
+
+ private LDAPConnection getLDAPConn()
+ throws IOException
+ {
+ IConfigStore cs = CMS.getConfigStore();
+
+ String host = "";
+ String port = "";
+ String pwd = null;
+ String binddn = "";
+ String security = "";
+
+ IPasswordStore pwdStore = CMS.getPasswordStore();
+
+ if (pwdStore != null) {
+ //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available");
+ pwd = pwdStore.getPassword("internaldb");
+ }
+
+ if ( pwd == null) {
+ throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store");
+ }
+
+ try {
+ host = cs.getString("internaldb.ldapconn.host");
+ port = cs.getString("internaldb.ldapconn.port");
+ binddn = cs.getString("internaldb.ldapauth.bindDN");
+ security = cs.getString("internaldb.ldapconn.secureConn");
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: getLDAPConn" + e.toString());
+ throw new IOException(
+ "Failed to retrieve LDAP information from CS.cfg.");
+ }
+
+ int p = -1;
+
+ try {
+ p = Integer.parseInt(port);
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable getLDAPConn: " + e.toString());
+ throw new IOException("Port is not valid");
+ }
+
+ LDAPConnection conn = null;
+ if (security.equals("true")) {
+ //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ } else {
+ //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
+ }
+
+ //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p);
+ try {
+ conn.connect(host, p, binddn, pwd);
+ } catch (LDAPException e) {
+ CMS.debug("SecurityDomainSessionTable getLDAPConn: " + e.toString());
+ throw new IOException("Failed to connect to the internal database.");
+ }
+
+ return conn;
+ }
+
+}
generated by cgit (git 2.34.1) at 2024-06-22 01:40:44 +0000