001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2006-2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.core; 028 import org.opends.messages.Message; 029 030 import org.opends.server.protocols.asn1.ASN1OctetString; 031 import org.opends.server.types.AuthenticationInfo; 032 import org.opends.server.types.AuthenticationType; 033 import org.opends.server.types.ByteString; 034 import org.opends.server.types.DN; 035 import org.opends.server.types.Entry; 036 import org.opends.server.types.Operation; 037 038 039 /** 040 * This interface defines an operation that may be used to authenticate a user 041 * to the Directory Server. Note that for security restrictions, response 042 * messages that may be returned to the client must be carefully cleaned to 043 * ensure that they do not provide a malicious client with information that may 044 * be useful in an attack. This does impact the debugability of the server, 045 * but that can be addressed by calling the <CODE>setAuthFailureReason</CODE> 046 * method, which can provide a reason for a failure in a form that will not be 047 * returned to the client but may be written to a log file. 048 */ 049 public interface BindOperation extends Operation 050 { 051 052 /** 053 * Retrieves the authentication type for this bind operation. 054 * 055 * @return The authentication type for this bind operation. 056 */ 057 public abstract AuthenticationType getAuthenticationType(); 058 059 /** 060 * Retrieves the raw, unprocessed bind DN for this bind operation as contained 061 * in the client request. The value may not actually contain a valid DN, as 062 * no validation will have been performed. 063 * 064 * @return The raw, unprocessed bind DN for this bind operation as contained 065 * in the client request. 066 */ 067 public abstract ByteString getRawBindDN(); 068 069 /** 070 * Specifies the raw, unprocessed bind DN for this bind operation. This 071 * should only be called by pre-parse plugins. 072 * 073 * @param rawBindDN The raw, unprocessed bind DN for this bind operation. 074 */ 075 public abstract void setRawBindDN(ByteString rawBindDN); 076 077 /** 078 * Retrieves a string representation of the protocol version associated with 079 * this bind request. 080 * 081 * @return A string representation of the protocol version associated with 082 * this bind request. 083 */ 084 public String getProtocolVersion(); 085 086 /** 087 * Specifies the string representation of the protocol version associated with 088 * this bind request. 089 * 090 * @param protocolVersion The string representation of the protocol version 091 * associated with this bind request. 092 */ 093 public void setProtocolVersion(String protocolVersion); 094 095 /** 096 * Retrieves the bind DN for this bind operation. This method should not be 097 * called by pre-parse plugins, as the raw value will not have been processed 098 * by that time. Instead, pre-parse plugins should call the 099 * <CODE>getRawBindDN</CODE> method. 100 * 101 * @return The bind DN for this bind operation, or <CODE>null</CODE> if the 102 * raw DN has not yet been processed. 103 */ 104 public abstract DN getBindDN(); 105 106 /** 107 * Retrieves the simple authentication password for this bind operation. 108 * 109 * @return The simple authentication password for this bind operation. 110 */ 111 public abstract ByteString getSimplePassword(); 112 113 /** 114 * Specifies the simple authentication password for this bind operation. 115 * 116 * @param simplePassword The simple authentication password for this bind 117 * operation. 118 */ 119 public abstract void setSimplePassword(ByteString simplePassword); 120 121 /** 122 * Retrieves the SASL mechanism for this bind operation. 123 * 124 * @return The SASL mechanism for this bind operation, or <CODE>null</CODE> 125 * if the bind does not use SASL authentication. 126 */ 127 public abstract String getSASLMechanism(); 128 129 /** 130 * Retrieves the SASL credentials for this bind operation. 131 * 132 * @return The SASL credentials for this bind operation, or <CODE>null</CODE> 133 * if there are none or if the bind does not use SASL authentication. 134 */ 135 public abstract ASN1OctetString getSASLCredentials(); 136 137 /** 138 * Specifies the SASL credentials for this bind operation. 139 * 140 * @param saslMechanism The SASL mechanism for this bind operation. 141 * @param saslCredentials The SASL credentials for this bind operation, or 142 * <CODE>null</CODE> if there are none. 143 */ 144 public abstract void setSASLCredentials(String saslMechanism, 145 ASN1OctetString saslCredentials); 146 147 /** 148 * Retrieves the set of server SASL credentials to include in the bind 149 * response. 150 * 151 * @return The set of server SASL credentials to include in the bind 152 * response, or <CODE>null</CODE> if there are none. 153 */ 154 public abstract ASN1OctetString getServerSASLCredentials(); 155 156 /** 157 * Specifies the set of server SASL credentials to include in the bind 158 * response. 159 * 160 * @param serverSASLCredentials The set of server SASL credentials to 161 * include in the bind response. 162 */ 163 public abstract void setServerSASLCredentials( 164 ASN1OctetString serverSASLCredentials); 165 166 /** 167 * Retrieves the user entry associated with the SASL authentication attempt. 168 * This should be set by any SASL mechanism in which the processing was able 169 * to get far enough to make this determination, regardless of whether the 170 * authentication was ultimately successful. 171 * 172 * @return The user entry associated with the SASL authentication attempt, or 173 * <CODE>null</CODE> if it was not a SASL authentication or the SASL 174 * processing was not able to map the request to a user. 175 */ 176 public abstract Entry getSASLAuthUserEntry(); 177 178 /** 179 * Specifies the user entry associated with the SASL authentication attempt. 180 * This should be set by any SASL mechanism in which the processing was able 181 * to get far enough to make this determination, regardless of whether the 182 * authentication was ultimately successful. 183 * 184 * @param saslAuthUserEntry The user entry associated with the SASL 185 * authentication attempt. 186 */ 187 public abstract void setSASLAuthUserEntry(Entry saslAuthUserEntry); 188 189 /** 190 * Retrieves a human-readable message providing the reason that the 191 * authentication failed, if available. 192 * 193 * @return A human-readable message providing the reason that the 194 * authentication failed, or <CODE>null</CODE> if none is available. 195 */ 196 public abstract Message getAuthFailureReason(); 197 198 /** 199 * Specifies the reason that the authentication failed. 200 * 201 * @param message providing the reason that the 202 * authentication failed. 203 */ 204 public abstract void setAuthFailureReason(Message message); 205 206 /** 207 * Retrieves the user entry DN for this bind operation. It will only be 208 * available if the bind processing has proceeded far enough to identify the 209 * user attempting to authenticate. 210 * 211 * @return The user entry DN for this bind operation, or <CODE>null</CODE> if 212 * the bind processing has not progressed far enough to identify the 213 * user or if the user DN could not be determined. 214 */ 215 public abstract DN getUserEntryDN(); 216 217 /** 218 * Retrieves the authentication info that resulted from processing this bind 219 * operation. It will only be valid if the bind processing was successful. 220 * 221 * @return The authentication info that resulted from processing this bind 222 * operation. 223 */ 224 public abstract AuthenticationInfo getAuthenticationInfo(); 225 226 /** 227 * Specifies the authentication info that resulted from processing this bind 228 * operation. This method must only be called by SASL mechanism handlers 229 * during the course of processing the {@code processSASLBind} method. 230 * 231 * @param authInfo The authentication info that resulted from processing 232 * this bind operation. 233 */ 234 public abstract void setAuthenticationInfo(AuthenticationInfo authInfo); 235 236 /** 237 * Set the user entry DN for this bind operation. 238 * 239 * @param userEntryDN The user entry DN for this bind operation, or 240 * <CODE>null</CODE> if the bind processing has not 241 * progressed far enough to identify the user or if 242 * the user DN could not be determined. 243 */ 244 public abstract void setUserEntryDN(DN userEntryDN); 245 246 247 }