1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.bind.gssapi;
21
22
23 import org.apache.directory.server.ldap.LdapSession;
24 import org.apache.directory.server.ldap.handlers.bind.AbstractMechanismHandler;
25 import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
26 import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
27 import org.apache.directory.shared.ldap.message.BindRequest;
28
29 import javax.security.auth.Subject;
30 import javax.security.auth.callback.CallbackHandler;
31 import javax.security.sasl.Sasl;
32 import javax.security.sasl.SaslServer;
33 import java.security.PrivilegedExceptionAction;
34 import java.util.Map;
35
36
37
38
39
40
41
42
43
44 public class GssapiMechanismHandler extends AbstractMechanismHandler
45 {
46 public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
47 {
48 SaslServer ss = (SaslServer)ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
49
50 if ( ss == null )
51 {
52 Subject subject = ( Subject ) ldapSession.getIoSession().getAttribute( "saslSubject" );
53
54 final Map<String, String> saslProps = ( Map<String, String> ) ldapSession.getIoSession().getAttribute( "saslProps" );
55 final String saslHost = ( String ) ldapSession.getIoSession().getAttribute( "saslHost" );
56
57 final CallbackHandler callbackHandler = new GssapiCallbackHandler(
58 ldapSession.getCoreSession().getDirectoryService(), ldapSession, bindRequest );
59
60 ss = ( SaslServer ) Subject.doAs( subject, new PrivilegedExceptionAction<SaslServer>()
61 {
62 public SaslServer run() throws Exception
63 {
64 return Sasl.createSaslServer( SupportedSaslMechanisms.GSSAPI, SaslConstants.LDAP_PROTOCOL, saslHost, saslProps, callbackHandler );
65 }
66 } );
67
68 ldapSession.getIoSession().setAttribute( SaslConstants.SASL_SERVER, ss );
69 }
70
71 return ss;
72 }
73
74
75
76
77
78 public void init( LdapSession ldapSession )
79 {
80
81 String saslHost = ldapSession.getLdapServer().getSaslHost();
82 ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
83 }
84
85
86
87
88
89
90
91 public void cleanup( LdapSession ldapSession )
92 {
93
94 insertSaslFilter( ldapSession );
95
96
97 ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
98 ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
99 ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );
100 ldapSession.removeSaslProperty( SaslConstants.SASL_PROPS );
101 ldapSession.removeSaslProperty( SaslConstants.SASL_AUTHENT_USER );
102 }
103 }