Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConnections.java +2 −2 Original line number Diff line number Diff line Loading @@ -248,7 +248,7 @@ class LdapConnections } if (autoConfigUnboundReadOnlyConn != null) { log.debug("Releasing read only auto config connection."); log.debug("Releasing unbound read only auto config connection."); persistence.releaseConnection(LdapPersistence.POOL_UNBOUNDREADONLY, autoConfigUnboundReadOnlyConn); profiler.checkpoint("Release read only connection"); } Loading @@ -267,7 +267,7 @@ class LdapConnections } if (manualConfigUnboundReadOnlyConn != null) { log.debug("Releasing read only manual config connection."); log.debug("Releasing unbound read only manual config connection."); unboundReadOnlyPool.releaseConnection(manualConfigUnboundReadOnlyConn); } } Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +12 −9 Original line number Diff line number Diff line Loading @@ -808,18 +808,21 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO throw new AccessControlException("Given user and authenticating user do not match"); } ProxiedAuthorizationV2RequestControl control = new ProxiedAuthorizationV2RequestControl("dn:" + getSubjectDN().toNormalizedString()); Control[] controls = new Control[] {control}; String username = null; for (Principal p : user.getIdentities()) { if (p instanceof HttpPrincipal) username = p.getName(); } BindRequest bindRequest = new SimpleBindRequest( getUserDN(username, config.getUsersDN()), oldPassword); LDAPConnection conn = this.getUnboundReadConnection(); conn.bind(bindRequest); PasswordModifyExtendedRequest passwordModifyRequest = new PasswordModifyExtendedRequest( userDN.toNormalizedString(), oldPassword, newPassword, controls); LdapConfig ldapConfig = LdapConfig.getLdapConfig(); String server = ldapConfig.getReadWritePool().getServers().get(0); int port = ldapConfig.getPort(); LDAPConnection conn = new LDAPConnection(LdapDAO.getSocketFactory(ldapConfig), server, port); userDN.toNormalizedString(), oldPassword, newPassword); PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) conn.processExtendedOperation(passwordModifyRequest); Loading projects/cadcAccessControl/scripts/cadcGMSClient 0 → 100755 +41 −0 Original line number Diff line number Diff line #!/bin/bash # environment # # CADC_ROOT : location of installed CADC/CANFAR sofwtare # CADC_EXT : location of external java/lib (default: /usr/cadc/external) # C2SRV : name of the service environment to use (default: www, supported: demo, rc, dev) # # location of jar files CL=$CADC_ROOT/lib EL=/usr/cadc/external/java/lib if [ ! -z $CADC_EXT ]; then EL=$CADC_EXT/java/lib fi # classpath echo EP="${EL}/jdom2.jar:${EL}/log4j.jar:${EL}/xerces.jar" CP="${CL}/cadcUtil.jar:${CL}/cadcRegistryClient.jar:${CL}/cadcAccessControl.jar" echo "classpath: ${CP}:${EP}" echo # service environment LOCAL="" if [ "$C2SRV" == "www" ]; then # no-op LOCAL="" elif [ "$C2SRV" == "demo" ]; then LOCAL="-Dca.nrc.cadc.reg.client.RegistryClient.shortHostname=demo" elif [ "$C2SRV" == "rc" ]; then LOCAL="-Dca.nrc.cadc.reg.client.RegistryClient.shortHostname=rc" elif [ "$C2SRV" == "dev" ]; then LOCAL="-Dca.nrc.cadc.reg.client.RegistryClient.host=$(whoami).cadc.dao.nrc.ca" fi echo "registry hack: $LOCAL" echo java $LOCAL -cp "${CP}:${EP}" ca.nrc.cadc.ac.client.GMSClientMain "$@" projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClientMain.java +17 −0 Original line number Diff line number Diff line Loading @@ -101,6 +101,7 @@ public class GMSClientMain implements PrivilegedAction<Object> private static Logger log = Logger.getLogger(GMSClientMain.class); public static final String ARG_ADD_MEMBER = "add-member"; public static final String ARG_DEL_MEMBER = "remove-member"; public static final String ARG_CREATE_GROUP = "create"; public static final String ARG_GET_GROUP = "get"; public static final String ARG_DELETE_GROUP = "delete"; Loading Loading @@ -186,12 +187,16 @@ public class GMSClientMain implements PrivilegedAction<Object> if (argMap.isSet(ARG_DELETE_GROUP)) return ARG_DELETE_GROUP; if (argMap.isSet(ARG_DEL_MEMBER)) return ARG_DEL_MEMBER; throw new IllegalArgumentException("No valid commands"); } private static void usage() { System.out.println("--add-member --group=<g> --userid=<u>"); System.out.println("--remove-member --group=<g> --userid=<u>"); System.out.println("--create --group=<g>"); System.out.println("--get --group=<g>"); System.out.println("--delete --group=<g>"); Loading @@ -217,6 +222,18 @@ public class GMSClientMain implements PrivilegedAction<Object> client.addUserMember(group, new HttpPrincipal(userID)); } else if (command.equals(ARG_DEL_MEMBER)) { String group = argMap.getValue(ARG_GROUP); if (group == null) throw new IllegalArgumentException("No group specified"); String member = argMap.getValue(ARG_USERID); if (member == null) throw new IllegalArgumentException("No user specified"); client.removeUserMember(group, new HttpPrincipal(member)); } else if (command.equals(ARG_CREATE_GROUP)) { String group = argMap.getValue(ARG_GROUP); Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConnections.java +2 −2 Original line number Diff line number Diff line Loading @@ -248,7 +248,7 @@ class LdapConnections } if (autoConfigUnboundReadOnlyConn != null) { log.debug("Releasing read only auto config connection."); log.debug("Releasing unbound read only auto config connection."); persistence.releaseConnection(LdapPersistence.POOL_UNBOUNDREADONLY, autoConfigUnboundReadOnlyConn); profiler.checkpoint("Release read only connection"); } Loading @@ -267,7 +267,7 @@ class LdapConnections } if (manualConfigUnboundReadOnlyConn != null) { log.debug("Releasing read only manual config connection."); log.debug("Releasing unbound read only manual config connection."); unboundReadOnlyPool.releaseConnection(manualConfigUnboundReadOnlyConn); } } Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +12 −9 Original line number Diff line number Diff line Loading @@ -808,18 +808,21 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO throw new AccessControlException("Given user and authenticating user do not match"); } ProxiedAuthorizationV2RequestControl control = new ProxiedAuthorizationV2RequestControl("dn:" + getSubjectDN().toNormalizedString()); Control[] controls = new Control[] {control}; String username = null; for (Principal p : user.getIdentities()) { if (p instanceof HttpPrincipal) username = p.getName(); } BindRequest bindRequest = new SimpleBindRequest( getUserDN(username, config.getUsersDN()), oldPassword); LDAPConnection conn = this.getUnboundReadConnection(); conn.bind(bindRequest); PasswordModifyExtendedRequest passwordModifyRequest = new PasswordModifyExtendedRequest( userDN.toNormalizedString(), oldPassword, newPassword, controls); LdapConfig ldapConfig = LdapConfig.getLdapConfig(); String server = ldapConfig.getReadWritePool().getServers().get(0); int port = ldapConfig.getPort(); LDAPConnection conn = new LDAPConnection(LdapDAO.getSocketFactory(ldapConfig), server, port); userDN.toNormalizedString(), oldPassword, newPassword); PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) conn.processExtendedOperation(passwordModifyRequest); Loading
projects/cadcAccessControl/scripts/cadcGMSClient 0 → 100755 +41 −0 Original line number Diff line number Diff line #!/bin/bash # environment # # CADC_ROOT : location of installed CADC/CANFAR sofwtare # CADC_EXT : location of external java/lib (default: /usr/cadc/external) # C2SRV : name of the service environment to use (default: www, supported: demo, rc, dev) # # location of jar files CL=$CADC_ROOT/lib EL=/usr/cadc/external/java/lib if [ ! -z $CADC_EXT ]; then EL=$CADC_EXT/java/lib fi # classpath echo EP="${EL}/jdom2.jar:${EL}/log4j.jar:${EL}/xerces.jar" CP="${CL}/cadcUtil.jar:${CL}/cadcRegistryClient.jar:${CL}/cadcAccessControl.jar" echo "classpath: ${CP}:${EP}" echo # service environment LOCAL="" if [ "$C2SRV" == "www" ]; then # no-op LOCAL="" elif [ "$C2SRV" == "demo" ]; then LOCAL="-Dca.nrc.cadc.reg.client.RegistryClient.shortHostname=demo" elif [ "$C2SRV" == "rc" ]; then LOCAL="-Dca.nrc.cadc.reg.client.RegistryClient.shortHostname=rc" elif [ "$C2SRV" == "dev" ]; then LOCAL="-Dca.nrc.cadc.reg.client.RegistryClient.host=$(whoami).cadc.dao.nrc.ca" fi echo "registry hack: $LOCAL" echo java $LOCAL -cp "${CP}:${EP}" ca.nrc.cadc.ac.client.GMSClientMain "$@"
projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClientMain.java +17 −0 Original line number Diff line number Diff line Loading @@ -101,6 +101,7 @@ public class GMSClientMain implements PrivilegedAction<Object> private static Logger log = Logger.getLogger(GMSClientMain.class); public static final String ARG_ADD_MEMBER = "add-member"; public static final String ARG_DEL_MEMBER = "remove-member"; public static final String ARG_CREATE_GROUP = "create"; public static final String ARG_GET_GROUP = "get"; public static final String ARG_DELETE_GROUP = "delete"; Loading Loading @@ -186,12 +187,16 @@ public class GMSClientMain implements PrivilegedAction<Object> if (argMap.isSet(ARG_DELETE_GROUP)) return ARG_DELETE_GROUP; if (argMap.isSet(ARG_DEL_MEMBER)) return ARG_DEL_MEMBER; throw new IllegalArgumentException("No valid commands"); } private static void usage() { System.out.println("--add-member --group=<g> --userid=<u>"); System.out.println("--remove-member --group=<g> --userid=<u>"); System.out.println("--create --group=<g>"); System.out.println("--get --group=<g>"); System.out.println("--delete --group=<g>"); Loading @@ -217,6 +222,18 @@ public class GMSClientMain implements PrivilegedAction<Object> client.addUserMember(group, new HttpPrincipal(userID)); } else if (command.equals(ARG_DEL_MEMBER)) { String group = argMap.getValue(ARG_GROUP); if (group == null) throw new IllegalArgumentException("No group specified"); String member = argMap.getValue(ARG_USERID); if (member == null) throw new IllegalArgumentException("No user specified"); client.removeUserMember(group, new HttpPrincipal(member)); } else if (command.equals(ARG_CREATE_GROUP)) { String group = argMap.getValue(ARG_GROUP); Loading
