View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.directory.server.ldap.handlers.bind.cramMD5;
21  
22  
23  import java.util.HashSet;
24  import java.util.Set;
25  
26  import org.apache.directory.server.core.CoreSession;
27  import org.apache.directory.server.core.authn.LdapPrincipal;
28  import org.apache.directory.server.core.entry.ClonedServerEntry;
29  import org.apache.directory.server.core.filtering.EntryFilteringCursor;
30  import org.apache.directory.server.ldap.LdapSession;
31  import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler;
32  import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
33  import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
34  import org.apache.directory.shared.ldap.constants.SchemaConstants;
35  import org.apache.directory.shared.ldap.entry.EntryAttribute;
36  import org.apache.directory.shared.ldap.filter.ExprNode;
37  import org.apache.directory.shared.ldap.filter.FilterParser;
38  import org.apache.directory.shared.ldap.filter.SearchScope;
39  import org.apache.directory.shared.ldap.message.AliasDerefMode;
40  import org.apache.directory.shared.ldap.message.BindRequest;
41  import org.apache.directory.shared.ldap.name.LdapDN;
42  import org.apache.directory.shared.ldap.schema.AttributeType;
43  import org.apache.directory.shared.ldap.schema.AttributeTypeOptions;
44  
45  import org.slf4j.Logger;
46  import org.slf4j.LoggerFactory;
47  
48  import javax.naming.Context;
49  import javax.security.sasl.AuthorizeCallback;
50  
51  
52  /**
53   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
54   * @version $Rev$, $Date$
55   */
56  public class CramMd5CallbackHandler extends AbstractSaslCallbackHandler
57  {
58      private static final Logger LOG = LoggerFactory.getLogger( CramMd5CallbackHandler.class );
59  
60      private String bindDn;
61      //private String userPassword;
62  
63  
64      /**
65       * Creates a new instance of CramMd5CallbackHandler.
66       *
67       * @param session the mina IoSession
68       * @param bindRequest the bind message
69       * @param directoryService the directory service core
70       */
71      public CramMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, BindRequest bindRequest )
72      {
73          super( adminSession.getDirectoryService(), bindRequest );
74          this.ldapSession = ldapSession;
75          this.adminSession = adminSession;
76      }
77  
78  
79      protected EntryAttribute lookupPassword( String username, String realm )
80      {
81          try
82          {
83              ExprNode filter = FilterParser.parse( "(uid=" + username + ")" );
84              Set<AttributeTypeOptions> returningAttributes = new HashSet<AttributeTypeOptions>();
85              
86              AttributeType passwordAT = adminSession.getDirectoryService().getRegistries().getAttributeTypeRegistry().lookup( SchemaConstants.USER_PASSWORD_AT );
87              returningAttributes.add( new AttributeTypeOptions( passwordAT) );
88              bindDn = (String)ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN );
89              
90              LdapDN baseDn = new LdapDN( bindDn );
91  
92              EntryFilteringCursor cursor = adminSession.search( 
93                  baseDn, 
94                  SearchScope.SUBTREE, 
95                  filter, 
96                  AliasDerefMode.DEREF_ALWAYS, 
97                  returningAttributes );
98              
99              cursor.beforeFirst();
100             
101             ClonedServerEntry entry = null;
102             
103             while ( cursor.next() )
104             {
105                 entry = cursor.get();
106                 LdapPrincipal ldapPrincipal = new LdapPrincipal( 
107                     entry.getDn(), 
108                     AuthenticationLevel.STRONG, 
109                     entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() );
110                 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
111             }
112 
113             return entry.get( passwordAT );
114         }
115         catch ( Exception e )
116         {
117             return null;
118         }
119     }
120 
121 
122     protected void authorize( AuthorizeCallback authorizeCB )
123     {
124         if ( LOG.isDebugEnabled() )
125         {
126             LOG.debug( "Converted username " + getUsername() + " to DN " + bindDn );
127         }
128 
129         ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn );
130 
131         authorizeCB.setAuthorizedID( bindDn );
132         authorizeCB.setAuthorized( true );
133     }
134 }