View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.directory.server.ldap.handlers.bind.gssapi;
21  
22  
23  import org.apache.directory.server.ldap.LdapSession;
24  import org.apache.directory.server.ldap.handlers.bind.AbstractMechanismHandler;
25  import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
26  import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
27  import org.apache.directory.shared.ldap.message.BindRequest;
28  
29  import javax.security.auth.Subject;
30  import javax.security.auth.callback.CallbackHandler;
31  import javax.security.sasl.Sasl;
32  import javax.security.sasl.SaslServer;
33  import java.security.PrivilegedExceptionAction;
34  import java.util.Map;
35  
36  
37  /**
38   * The GSSAPI Sasl mechanism handler.
39   *
40   * @org.apache.xbean.XBean
41   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
42   * @version $Rev$, $Date$
43   */
44  public class GssapiMechanismHandler extends AbstractMechanismHandler
45  {
46      public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
47      {
48          SaslServer ss = (SaslServer)ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
49  
50          if ( ss == null )
51          {
52              Subject subject = ( Subject ) ldapSession.getIoSession().getAttribute( "saslSubject" );
53  
54              final Map<String, String> saslProps = ( Map<String, String> ) ldapSession.getIoSession().getAttribute( "saslProps" );
55              final String saslHost = ( String ) ldapSession.getIoSession().getAttribute( "saslHost" );
56  
57              final CallbackHandler callbackHandler = new GssapiCallbackHandler( 
58                  ldapSession.getCoreSession().getDirectoryService(), ldapSession, bindRequest );
59  
60              ss = ( SaslServer ) Subject.doAs( subject, new PrivilegedExceptionAction<SaslServer>()
61              {
62                  public SaslServer run() throws Exception
63                  {
64                      return Sasl.createSaslServer( SupportedSaslMechanisms.GSSAPI, SaslConstants.LDAP_PROTOCOL, saslHost, saslProps, callbackHandler );
65                  }
66              } );
67  
68              ldapSession.getIoSession().setAttribute( SaslConstants.SASL_SERVER, ss );
69          }
70  
71          return ss;
72      }
73  
74      
75      /**
76       * {@inheritDoc}
77       */
78      public void init( LdapSession ldapSession )
79      {
80          // Store the host in the ldap session
81          String saslHost = ldapSession.getLdapServer().getSaslHost();
82          ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
83      }
84  
85  
86      /**
87       * Remove the Host, UserBaseDn, props and Mechanism property.
88       * 
89       * @param ldapSession the Ldapsession instance
90       */
91      public void cleanup( LdapSession ldapSession )
92      {
93          // Inject the Sasl Filter
94          insertSaslFilter( ldapSession );
95  
96          // and remove the useless informations
97          ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
98          ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
99          ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );
100         ldapSession.removeSaslProperty( SaslConstants.SASL_PROPS );
101         ldapSession.removeSaslProperty( SaslConstants.SASL_AUTHENT_USER );
102     }
103 }