View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.directory.server.ldap.handlers.bind.digestMD5;
21  
22  
23  import java.util.HashSet;
24  import java.util.Set;
25  
26  import org.apache.directory.server.core.CoreSession;
27  import org.apache.directory.server.core.authn.LdapPrincipal;
28  import org.apache.directory.server.core.entry.ClonedServerEntry;
29  import org.apache.directory.server.core.filtering.EntryFilteringCursor;
30  import org.apache.directory.server.ldap.LdapSession;
31  import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler;
32  import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
33  import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
34  import org.apache.directory.shared.ldap.constants.SchemaConstants;
35  import org.apache.directory.shared.ldap.entry.EntryAttribute;
36  import org.apache.directory.shared.ldap.filter.ExprNode;
37  import org.apache.directory.shared.ldap.filter.FilterParser;
38  import org.apache.directory.shared.ldap.filter.SearchScope;
39  import org.apache.directory.shared.ldap.message.AliasDerefMode;
40  import org.apache.directory.shared.ldap.message.BindRequest;
41  import org.apache.directory.shared.ldap.name.LdapDN;
42  import org.apache.directory.shared.ldap.schema.AttributeType;
43  import org.apache.directory.shared.ldap.schema.AttributeTypeOptions;
44  import org.slf4j.Logger;
45  import org.slf4j.LoggerFactory;
46  
47  import javax.naming.Context;
48  import javax.security.sasl.AuthorizeCallback;
49  
50  
51  /**
52   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
53   * @version $Rev$, $Date$
54   */
55  public class DigestMd5CallbackHandler extends AbstractSaslCallbackHandler
56  {
57      private static final Logger LOG = LoggerFactory.getLogger( DigestMd5CallbackHandler.class );
58  
59      private String bindDn;
60      private String userPassword;
61  
62  
63      /**
64       * Creates a new instance of DigestMd5CallbackHandler.
65       *
66       * @param session the mina IoSession
67       * @param bindRequest the bind message
68       * @param directoryService the directory service core
69       */
70      public DigestMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, BindRequest bindRequest )
71      {
72          super( adminSession.getDirectoryService(), bindRequest );
73          this.ldapSession = ldapSession;
74          this.adminSession = adminSession;
75      }
76  
77  
78      // TODO - should return not be a byte[]
79      protected EntryAttribute lookupPassword( String username, String realm )
80      {
81          try
82          {
83              ExprNode filter = FilterParser.parse( "(uid=" + username + ")" );
84              Set<AttributeTypeOptions> returningAttributes = new HashSet<AttributeTypeOptions>();
85              
86              AttributeType passwordAT = adminSession.getDirectoryService().getRegistries().getAttributeTypeRegistry().lookup( SchemaConstants.USER_PASSWORD_AT );
87              returningAttributes.add( new AttributeTypeOptions( passwordAT) );
88              bindDn = (String)ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN );
89              
90              LdapDN baseDn = new LdapDN( bindDn );
91  
92              EntryFilteringCursor cursor = adminSession.search( 
93                  baseDn, 
94                  SearchScope.SUBTREE, 
95                  filter, 
96                  AliasDerefMode.DEREF_ALWAYS, 
97                  returningAttributes );
98              
99              cursor.beforeFirst();
100             
101             ClonedServerEntry entry = null;
102             
103             while ( cursor.next() )
104             {
105                 entry = cursor.get();
106                 LdapPrincipal ldapPrincipal = new LdapPrincipal( 
107                     entry.getDn(), 
108                     AuthenticationLevel.STRONG, 
109                     entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() );
110                 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
111             }
112 
113             return entry.get( passwordAT );
114         }
115         catch ( Exception e )
116         {
117             return null;
118         }
119     }
120 
121 
122     protected void authorize( AuthorizeCallback authorizeCB )
123     {
124         if ( LOG.isDebugEnabled() )
125         {
126             LOG.debug( "Converted username " + getUsername() + " to DN " + bindDn + " with password " + userPassword + "." );
127         }
128 
129         ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn );
130 
131         authorizeCB.setAuthorizedID( bindDn );
132         authorizeCB.setAuthorized( true );
133     }
134 }