1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.bind.digestMD5;
21
22
23 import org.apache.directory.server.core.CoreSession;
24 import org.apache.directory.server.ldap.LdapService;
25 import org.apache.directory.server.ldap.LdapSession;
26 import org.apache.directory.server.ldap.handlers.bind.AbstractMechanismHandler;
27 import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
28 import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
29 import org.apache.directory.shared.ldap.message.BindRequest;
30
31 import javax.security.auth.callback.CallbackHandler;
32 import javax.security.sasl.Sasl;
33 import javax.security.sasl.SaslServer;
34
35 import java.util.HashMap;
36 import java.util.Map;
37
38
39
40
41
42
43
44
45
46 public class DigestMd5MechanismHandler extends AbstractMechanismHandler
47 {
48
49
50
51
52
53
54 private String getActiveRealms( LdapService ldapService )
55 {
56 StringBuilder realms = new StringBuilder();
57 boolean isFirst = true;
58
59 for ( String realm:ldapService.getSaslRealms() )
60 {
61 if ( isFirst )
62 {
63 isFirst = false;
64 }
65 else
66 {
67 realms.append( ' ' );
68 }
69
70 realms.append( realm );
71 }
72
73 return realms.toString();
74 }
75
76
77
78 public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
79 {
80 SaslServer ss = (SaslServer)ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
81
82 if ( ss == null )
83 {
84 CoreSession adminSession = ldapSession.getLdapServer().getDirectoryService().getAdminSession();
85
86 CallbackHandler callbackHandler = new DigestMd5CallbackHandler( ldapSession, adminSession, bindRequest );
87
88 ss = Sasl.createSaslServer(
89 SupportedSaslMechanisms.DIGEST_MD5,
90 SaslConstants.LDAP_PROTOCOL,
91 (String)ldapSession.getSaslProperty( SaslConstants.SASL_HOST ),
92 (Map<String, String>)ldapSession.getSaslProperty( SaslConstants.SASL_PROPS ),
93 callbackHandler );
94 ldapSession.putSaslProperty( SaslConstants.SASL_SERVER, ss );
95 }
96
97 return ss;
98 }
99
100
101
102
103
104 public void init( LdapSession ldapSession )
105 {
106
107 String saslHost = ldapSession.getLdapServer().getSaslHost();
108 String userBaseDn = ldapSession.getLdapServer().getSearchBaseDn();
109
110
111 ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
112 ldapSession.putSaslProperty( SaslConstants.SASL_USER_BASE_DN, userBaseDn );
113
114 Map<String, String> saslProps = new HashMap<String, String>();
115 saslProps.put( Sasl.QOP, ldapSession.getLdapServer().getSaslQopString() );
116 saslProps.put( "com.sun.security.sasl.digest.realm", getActiveRealms( ldapSession.getLdapServer() ) );
117 ldapSession.putSaslProperty( SaslConstants.SASL_PROPS, saslProps );
118 }
119
120
121
122
123
124
125
126 public void cleanup( LdapSession ldapSession )
127 {
128
129 insertSaslFilter( ldapSession );
130
131
132 ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
133 ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
134 ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );
135 ldapSession.removeSaslProperty( SaslConstants.SASL_PROPS );
136 ldapSession.removeSaslProperty( SaslConstants.SASL_AUTHENT_USER );
137 }
138 }