1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.bind.cramMD5;
21
22
23 import java.util.HashSet;
24 import java.util.Set;
25
26 import org.apache.directory.server.core.CoreSession;
27 import org.apache.directory.server.core.authn.LdapPrincipal;
28 import org.apache.directory.server.core.entry.ClonedServerEntry;
29 import org.apache.directory.server.core.filtering.EntryFilteringCursor;
30 import org.apache.directory.server.ldap.LdapSession;
31 import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler;
32 import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
33 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
34 import org.apache.directory.shared.ldap.constants.SchemaConstants;
35 import org.apache.directory.shared.ldap.entry.EntryAttribute;
36 import org.apache.directory.shared.ldap.filter.ExprNode;
37 import org.apache.directory.shared.ldap.filter.FilterParser;
38 import org.apache.directory.shared.ldap.filter.SearchScope;
39 import org.apache.directory.shared.ldap.message.AliasDerefMode;
40 import org.apache.directory.shared.ldap.message.BindRequest;
41 import org.apache.directory.shared.ldap.name.LdapDN;
42 import org.apache.directory.shared.ldap.schema.AttributeType;
43 import org.apache.directory.shared.ldap.schema.AttributeTypeOptions;
44
45 import org.slf4j.Logger;
46 import org.slf4j.LoggerFactory;
47
48 import javax.naming.Context;
49 import javax.security.sasl.AuthorizeCallback;
50
51
52
53
54
55
56 public class CramMd5CallbackHandler extends AbstractSaslCallbackHandler
57 {
58 private static final Logger LOG = LoggerFactory.getLogger( CramMd5CallbackHandler.class );
59
60 private String bindDn;
61
62
63
64
65
66
67
68
69
70
71 public CramMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, BindRequest bindRequest )
72 {
73 super( adminSession.getDirectoryService(), bindRequest );
74 this.ldapSession = ldapSession;
75 this.adminSession = adminSession;
76 }
77
78
79 protected EntryAttribute lookupPassword( String username, String realm )
80 {
81 try
82 {
83 ExprNode filter = FilterParser.parse( "(uid=" + username + ")" );
84 Set<AttributeTypeOptions> returningAttributes = new HashSet<AttributeTypeOptions>();
85
86 AttributeType passwordAT = adminSession.getDirectoryService().getRegistries().getAttributeTypeRegistry().lookup( SchemaConstants.USER_PASSWORD_AT );
87 returningAttributes.add( new AttributeTypeOptions( passwordAT) );
88 bindDn = (String)ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN );
89
90 LdapDN baseDn = new LdapDN( bindDn );
91
92 EntryFilteringCursor cursor = adminSession.search(
93 baseDn,
94 SearchScope.SUBTREE,
95 filter,
96 AliasDerefMode.DEREF_ALWAYS,
97 returningAttributes );
98
99 cursor.beforeFirst();
100
101 ClonedServerEntry entry = null;
102
103 while ( cursor.next() )
104 {
105 entry = cursor.get();
106 LdapPrincipal ldapPrincipal = new LdapPrincipal(
107 entry.getDn(),
108 AuthenticationLevel.STRONG,
109 entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() );
110 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
111 }
112
113 return entry.get( passwordAT );
114 }
115 catch ( Exception e )
116 {
117 return null;
118 }
119 }
120
121
122 protected void authorize( AuthorizeCallback authorizeCB )
123 {
124 if ( LOG.isDebugEnabled() )
125 {
126 LOG.debug( "Converted username " + getUsername() + " to DN " + bindDn );
127 }
128
129 ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn );
130
131 authorizeCB.setAuthorizedID( bindDn );
132 authorizeCB.setAuthorized( true );
133 }
134 }