IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
18bccade63
DocSpace-buildtools/common/ASC.ActiveDirectory/ComplexOperations/LdapOperation.cs
Vashchuk Nikita 18bccade63 fix
2022-03-14 12:02:43 +03:00

483 lines
18 KiB
C#
Raw Blame History

/*
*
* (c) Copyright Ascensio System Limited 2010-2021
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
using System.Globalization;
using System.Security;
using ASC.ActiveDirectory.Base;
using ASC.ActiveDirectory.Base.Settings;
using ASC.ActiveDirectory.Novell;
using ASC.Common.Logging;
using ASC.Common.Security.Authorizing;
using ASC.Common.Threading;
using ASC.Core;
using ASC.Core.Tenants;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using SecurityContext = ASC.Core.SecurityContext;
namespace ASC.ActiveDirectory.ComplexOperations
{
public abstract class LdapOperation
{
public const string OWNER = "LDAPOwner";
public const string OPERATION_TYPE = "LDAPOperationType";
public const string SOURCE = "LDAPSource";
public const string PROGRESS = "LDAPProgress";
public const string RESULT = "LDAPResult";
public const string ERROR = "LDAPError";
public const string WARNING = "LDAPWarning";
public const string CERT_REQUEST = "LDAPCertRequest";
public const string FINISHED = "LDAPFinished";
private string _culture;
public LdapSettings LDAPSettings { get; private set; }
protected LdapUserImporter Importer { get; private set; }
public LdapUserManager LDAPUserManager { get; private set; }
protected DistributedTask TaskInfo { get; private set; }
protected int Progress { get; private set; }
protected string Source { get; private set; }
protected string Status { get; set; }
protected string Error { get; set; }
protected string Warning { get; set; }
protected Tenant CurrentTenant { get; private set; }
protected ILog Logger { get; private set; }
protected CancellationToken CancellationToken { get; private set; }
public LdapOperationType OperationType { get; private set; }
public static LdapLocalization Resource { get; private set; }
protected IOptionsMonitor<ILog> Options { get; private set; }
protected TenantManager TenantManager { get; private set; }
protected SecurityContext SecurityContext { get; private set; }
protected NovellLdapHelper NovellLdapHelper { get; }
private readonly IServiceProvider _serviceProvider;
protected LdapOperation(IServiceProvider serviceProvider, IOptionsMonitor<ILog> options)
{
_serviceProvider = serviceProvider;
Options = options;
Logger = Options.Get("ASC");
}
public void Init(
LdapSettings settings,
Tenant tenant,
LdapOperationType operationType,
LdapLocalization resource = null)
{
CurrentTenant = tenant;
OperationType = operationType;
_culture = Thread.CurrentThread.CurrentCulture.Name;
LDAPSettings = settings;
Source = "";
Progress = 0;
Status = "";
Error = "";
Warning = "";
Source = "";
TaskInfo = new DistributedTask();
Resource = resource ?? new LdapLocalization();
}
public void RunJob(DistributedTask _, CancellationToken cancellationToken)
{
using var scope = _serviceProvider.CreateScope();
TenantManager = scope.ServiceProvider.GetService<TenantManager>();
SecurityContext = scope.ServiceProvider.GetService<SecurityContext>();
LDAPUserManager = scope.ServiceProvider.GetService<LdapUserManager>();
LDAPUserManager.Init(Resource);
Importer = scope.ServiceProvider.GetService<NovellLdapUserImporter>();
try
{
CancellationToken = cancellationToken;
TenantManager.SetCurrentTenant(CurrentTenant);
SecurityContext.AuthenticateMe(Core.Configuration.Constants.CoreSystem);
Thread.CurrentThread.CurrentCulture = CultureInfo.GetCultureInfo(_culture);
Thread.CurrentThread.CurrentUICulture = CultureInfo.GetCultureInfo(_culture);
if (LDAPSettings == null)
{
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
Logger.Error("Can't save default LDAP settings.");
return;
}
switch (OperationType)
{
case LdapOperationType.Save:
case LdapOperationType.SaveTest:
Logger.InfoFormat("Start '{0}' operation",
Enum.GetName(typeof(LdapOperationType), OperationType));
SetProgress(1, Resource.LdapSettingsStatusCheckingLdapSettings);
Logger.Debug("PrepareSettings()");
PrepareSettings(LDAPSettings);
if (!string.IsNullOrEmpty(Error))
{
Logger.DebugFormat("PrepareSettings() Error: {0}", Error);
return;
}
Importer.Init(LDAPSettings, Resource);
if (LDAPSettings.EnableLdapAuthentication)
{
var ldapSettingsChecker = scope.ServiceProvider.GetService<NovellLdapSettingsChecker>();
ldapSettingsChecker.Init(Importer);
SetProgress(5, Resource.LdapSettingsStatusLoadingBaseInfo);
var result = ldapSettingsChecker.CheckSettings();
if (result != LdapSettingsStatus.Ok)
{
if (result == LdapSettingsStatus.CertificateRequest)
{
TaskInfo.SetProperty(CERT_REQUEST,
ldapSettingsChecker.CertificateConfirmRequest);
}
Error = GetError(result);
Logger.DebugFormat("ldapSettingsChecker.CheckSettings() Error: {0}", Error);
return;
}
}
break;
case LdapOperationType.Sync:
case LdapOperationType.SyncTest:
Logger.InfoFormat("Start '{0}' operation",
Enum.GetName(typeof(LdapOperationType), OperationType));
Importer.Init(LDAPSettings, Resource);
break;
default:
throw new ArgumentOutOfRangeException();
}
Do();
}
catch (AuthorizingException authError)
{
Error = Resource.ErrorAccessDenied;
Logger.Error(Error, new SecurityException(Error, authError));
}
catch (AggregateException ae)
{
ae.Flatten().Handle(e => e is TaskCanceledException || e is OperationCanceledException);
}
catch (TenantQuotaException e)
{
Error = Resource.LdapSettingsTenantQuotaSettled;
Logger.ErrorFormat("TenantQuotaException. {0}", e);
}
catch (FormatException e)
{
Error = Resource.LdapSettingsErrorCantCreateUsers;
Logger.ErrorFormat("FormatException error. {0}", e);
}
catch (Exception e)
{
Error = Resource.LdapSettingsInternalServerError;
Logger.ErrorFormat("Internal server error. {0}", e);
}
finally
{
try
{
TaskInfo.SetProperty(FINISHED, true);
PublishTaskInfo();
SecurityContext.Logout();
}
catch (Exception ex)
{
Logger.ErrorFormat("LdapOperation finalization problem. {0}", ex);
}
}
}
public virtual DistributedTask GetDistributedTask()
{
FillDistributedTask();
return TaskInfo;
}
protected virtual void FillDistributedTask()
{
TaskInfo.SetProperty(SOURCE, Source);
TaskInfo.SetProperty(OPERATION_TYPE, OperationType);
TaskInfo.SetProperty(OWNER, CurrentTenant.TenantId);
TaskInfo.SetProperty(PROGRESS, Progress < 100 ? Progress : 100);
TaskInfo.SetProperty(RESULT, Status);
TaskInfo.SetProperty(ERROR, Error);
TaskInfo.SetProperty(WARNING, Warning);
//TaskInfo.SetProperty(PROCESSED, successProcessed);
}
protected int GetProgress()
{
return Progress;
}
const string PROGRESS_STRING = "Progress: {0}% {1} {2}";
public void SetProgress(int? currentPercent = null, string currentStatus = null, string currentSource = null)
{
if (!currentPercent.HasValue && currentStatus == null && currentSource == null)
return;
if (currentPercent.HasValue)
Progress = currentPercent.Value;
if (currentStatus != null)
Status = currentStatus;
if (currentSource != null)
Source = currentSource;
Logger.InfoFormat(PROGRESS_STRING, Progress, Status, Source);
PublishTaskInfo();
}
protected void PublishTaskInfo()
{
FillDistributedTask();
TaskInfo.PublishChanges();
}
protected abstract void Do();
private void PrepareSettings(LdapSettings settings)
{
if (settings == null)
{
Logger.Error("Wrong LDAP settings were received from client.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
if (!settings.EnableLdapAuthentication)
{
settings.Password = string.Empty;
return;
}
if (!string.IsNullOrWhiteSpace(settings.Server))
settings.Server = settings.Server.Trim();
else
{
Logger.Error("settings.Server is null or empty.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
if (!settings.Server.StartsWith("LDAP://"))
settings.Server = "LDAP://" + settings.Server.Trim();
if (!string.IsNullOrWhiteSpace(settings.UserDN))
settings.UserDN = settings.UserDN.Trim();
else
{
Logger.Error("settings.UserDN is null or empty.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
if (!string.IsNullOrWhiteSpace(settings.LoginAttribute))
settings.LoginAttribute = settings.LoginAttribute.Trim();
else
{
Logger.Error("settings.LoginAttribute is null or empty.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
if (!string.IsNullOrWhiteSpace(settings.UserFilter))
settings.UserFilter = settings.UserFilter.Trim();
if (!string.IsNullOrWhiteSpace(settings.FirstNameAttribute))
settings.FirstNameAttribute = settings.FirstNameAttribute.Trim();
if (!string.IsNullOrWhiteSpace(settings.SecondNameAttribute))
settings.SecondNameAttribute = settings.SecondNameAttribute.Trim();
if (!string.IsNullOrWhiteSpace(settings.MailAttribute))
settings.MailAttribute = settings.MailAttribute.Trim();
if (!string.IsNullOrWhiteSpace(settings.TitleAttribute))
settings.TitleAttribute = settings.TitleAttribute.Trim();
if (!string.IsNullOrWhiteSpace(settings.MobilePhoneAttribute))
settings.MobilePhoneAttribute = settings.MobilePhoneAttribute.Trim();
if (settings.GroupMembership)
{
if (!string.IsNullOrWhiteSpace(settings.GroupDN))
settings.GroupDN = settings.GroupDN.Trim();
else
{
Logger.Error("settings.GroupDN is null or empty.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
if (!string.IsNullOrWhiteSpace(settings.GroupFilter))
settings.GroupFilter = settings.GroupFilter.Trim();
if (!string.IsNullOrWhiteSpace(settings.GroupAttribute))
settings.GroupAttribute = settings.GroupAttribute.Trim();
else
{
Logger.Error("settings.GroupAttribute is null or empty.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
if (!string.IsNullOrWhiteSpace(settings.UserAttribute))
settings.UserAttribute = settings.UserAttribute.Trim();
else
{
Logger.Error("settings.UserAttribute is null or empty.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
}
if (!settings.Authentication)
{
settings.Password = string.Empty;
return;
}
if (!string.IsNullOrWhiteSpace(settings.Login))
settings.Login = settings.Login.Trim();
else
{
Logger.Error("settings.Login is null or empty.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
if (settings.PasswordBytes == null || !settings.PasswordBytes.Any())
{
if (!string.IsNullOrEmpty(settings.Password))
{
settings.PasswordBytes = NovellLdapHelper.GetPasswordBytes(settings.Password);
if (settings.PasswordBytes == null)
{
Logger.Error("settings.PasswordBytes is null.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
}
else
{
Logger.Error("settings.Password is null or empty.");
Error = Resource.LdapSettingsErrorCantGetLdapSettings;
return;
}
}
settings.Password = string.Empty;
}
private static string GetError(LdapSettingsStatus result)
{
switch (result)
{
case LdapSettingsStatus.Ok:
return string.Empty;
case LdapSettingsStatus.WrongServerOrPort:
return Resource.LdapSettingsErrorWrongServerOrPort;
case LdapSettingsStatus.WrongUserDn:
return Resource.LdapSettingsErrorWrongUserDn;
case LdapSettingsStatus.IncorrectLDAPFilter:
return Resource.LdapSettingsErrorIncorrectLdapFilter;
case LdapSettingsStatus.UsersNotFound:
return Resource.LdapSettingsErrorUsersNotFound;
case LdapSettingsStatus.WrongLoginAttribute:
return Resource.LdapSettingsErrorWrongLoginAttribute;
case LdapSettingsStatus.WrongGroupDn:
return Resource.LdapSettingsErrorWrongGroupDn;
case LdapSettingsStatus.IncorrectGroupLDAPFilter:
return Resource.LdapSettingsErrorWrongGroupFilter;
case LdapSettingsStatus.GroupsNotFound:
return Resource.LdapSettingsErrorGroupsNotFound;
case LdapSettingsStatus.WrongGroupAttribute:
return Resource.LdapSettingsErrorWrongGroupAttribute;
case LdapSettingsStatus.WrongUserAttribute:
return Resource.LdapSettingsErrorWrongUserAttribute;
case LdapSettingsStatus.WrongGroupNameAttribute:
return Resource.LdapSettingsErrorWrongGroupNameAttribute;
case LdapSettingsStatus.CredentialsNotValid:
return Resource.LdapSettingsErrorCredentialsNotValid;
case LdapSettingsStatus.ConnectError:
return Resource.LdapSettingsConnectError;
case LdapSettingsStatus.StrongAuthRequired:
return Resource.LdapSettingsStrongAuthRequired;
case LdapSettingsStatus.WrongSidAttribute:
return Resource.LdapSettingsWrongSidAttribute;
case LdapSettingsStatus.TlsNotSupported:
return Resource.LdapSettingsTlsNotSupported;
case LdapSettingsStatus.DomainNotFound:
return Resource.LdapSettingsErrorDomainNotFound;
case LdapSettingsStatus.CertificateRequest:
return Resource.LdapSettingsStatusCertificateVerification;
default:
return Resource.LdapSettingsErrorUnknownError;
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink