1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.bind.gssapi;
21
22
23 import org.apache.directory.server.core.DirectoryService;
24 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
25 import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
26 import org.apache.directory.server.ldap.LdapSession;
27 import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler;
28 import org.apache.directory.shared.ldap.entry.EntryAttribute;
29 import org.apache.directory.shared.ldap.message.BindRequest;
30 import org.apache.directory.shared.ldap.name.LdapDN;
31 import org.slf4j.Logger;
32 import org.slf4j.LoggerFactory;
33
34 import javax.naming.Context;
35 import javax.naming.ldap.LdapContext;
36 import javax.security.auth.kerberos.KerberosPrincipal;
37 import javax.security.sasl.AuthorizeCallback;
38 import java.util.Hashtable;
39
40
41
42
43
44
45 public class GssapiCallbackHandler extends AbstractSaslCallbackHandler
46 {
47 private static final Logger LOG = LoggerFactory.getLogger( GssapiCallbackHandler.class );
48
49 private LdapSession ldapSession;
50
51
52
53
54
55
56
57
58
59 public GssapiCallbackHandler( DirectoryService directoryService, LdapSession ldapSession, BindRequest bindRequest )
60 {
61 super( directoryService, bindRequest );
62 this.ldapSession = ldapSession;
63 }
64
65
66 protected EntryAttribute lookupPassword( String username, String password )
67 {
68
69 return null;
70 }
71
72
73 protected void authorize( AuthorizeCallback authorizeCB ) throws Exception
74 {
75 LOG.debug( "Processing conversion of principal name to DN." );
76
77 Hashtable<String, Object> env = getEnvironment( ldapSession.getIoSession() );
78
79 LdapContext ctx = getContext( ldapSession.getIoSession(), bindRequest, env );
80
81 String username = authorizeCB.getAuthorizationID();
82
83 GetPrincipal getPrincipal = new GetPrincipal( new KerberosPrincipal( username ) );
84 PrincipalStoreEntry entry = ( PrincipalStoreEntry ) getPrincipal.execute( ldapSession.getCoreSession(), new LdapDN() );
85 String bindDn = entry.getDistinguishedName();
86
87 LOG.debug( "Converted username {} to DN {}.", username, bindDn );
88 ldapSession.getIoSession().setAttribute( Context.SECURITY_PRINCIPAL, bindDn );
89
90 authorizeCB.setAuthorizedID( bindDn );
91 authorizeCB.setAuthorized( true );
92 }
93 }