You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/06/06 09:40:44 UTC
svn commit: r663847 - in /directory/apacheds/branches/bigbang:
core-integ/src/test/java/org/apache/directory/server/core/authn/
core/src/main/java/org/apache/directory/server/core/
core/src/main/java/org/apache/directory/server/core/authn/ core/src/mai...
Author: akarasulu
Date: Fri Jun 6 00:40:43 2008
New Revision: 663847
URL: http://svn.apache.org/viewvc?rev=663847&view=rev
Log:
fixing authentication issues due to problems with bind context not having some parameters usually expected
Modified:
directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
Modified: directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java (original)
+++ directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java Fri Jun 6 00:40:43 2008
@@ -22,6 +22,8 @@
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.integ.CiRunner;
+import org.apache.directory.server.core.jndi.ServerLdapContext;
+
import static org.apache.directory.server.core.integ.IntegrationUtils.*;
import org.apache.directory.shared.ldap.message.AttributeImpl;
import org.apache.directory.shared.ldap.message.ModificationItemImpl;
@@ -131,11 +133,11 @@
* @throws NamingException if there are failures
*/
@Test
- @Ignore ( "broken until authentication is fixed" )
public void testAdminAccountCreation() throws Exception
{
String userDn = "uid=admin,ou=system";
- LdapContext ctx = null; // TODO service.getJndiContext( new LdapDN( userDn ), userDn, "secret".getBytes(), "simple", "ou=system" );
+ LdapContext ctx = new ServerLdapContext( service,
+ service.getSession( new LdapDN( userDn ), "secret".getBytes() ), new LdapDN( "ou=system" ) );
Attributes attrs = ctx.getAttributes( "uid=admin" );
performAdminAccountChecks( attrs );
assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), StringTools.getBytesUtf8( "secret" ) ) );
@@ -144,7 +146,8 @@
service.shutdown();
service.startup();
- ctx = null; // TODO service.getJndiContext( new LdapDN( userDn ), userDn, "secret".getBytes(), "simple", "ou=system" );
+ ctx = new ServerLdapContext( service,
+ service.getSession( new LdapDN( userDn ), "secret".getBytes() ), new LdapDN( "ou=system" ) );
attrs = ctx.getAttributes( "uid=admin" );
performAdminAccountChecks( attrs );
assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), StringTools.getBytesUtf8( "secret" ) ) );
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java Fri Jun 6 00:40:43 2008
@@ -571,6 +571,12 @@
}
+ public CoreSession getAdminSession()
+ {
+ return adminSession;
+ }
+
+
public CoreSession getSession()
{
return new DefaultCoreSession( new LdapPrincipal(), this );
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java Fri Jun 6 00:40:43 2008
@@ -138,6 +138,9 @@
boolean isStarted();
+ CoreSession getAdminSession() throws Exception;
+
+
/**
* Gets a logical session to perform operations on this DirectoryService
* as the anonymous user. This bypasses authentication without
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Fri Jun 6 00:40:43 2008
@@ -417,7 +417,7 @@
}
// pick the first matching authenticator type
- Collection<Authenticator> authenticators = getAuthenticators( opContext.getSaslMechanism() );
+ Collection<Authenticator> authenticators = getAuthenticators( opContext.getAuthenticationLevel().getName() );
if ( authenticators == null )
{
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Fri Jun 6 00:40:43 2008
@@ -35,12 +35,14 @@
import org.apache.commons.collections.map.LRUMap;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.normalization.NormalizationInterceptor;
import org.apache.directory.server.core.referral.ReferralInterceptor;
import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
import org.apache.directory.server.core.exception.ExceptionInterceptor;
import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
+import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.core.schema.SchemaInterceptor;
import org.apache.directory.server.core.subtree.SubentryInterceptor;
import org.apache.directory.server.core.collective.CollectiveAttributeInterceptor;
@@ -101,12 +103,14 @@
/** Declare a default for this cache. 100 entries seems to be enough */
private static final int DEFAULT_CACHE_SIZE = 100;
-
+
/**
* Define the interceptors we should *not* go through when we will have to request the backend
* about a userPassword.
*/
private static final Collection<String> USERLOOKUP_BYPASS;
+
+
static
{
Set<String> c = new HashSet<String>();
@@ -136,6 +140,7 @@
credentialCache = new LRUMap( DEFAULT_CACHE_SIZE );
}
+
/**
* Creates a new instance, with an initial cache size
* @param cacheSize the size of the credential cache
@@ -147,6 +152,7 @@
credentialCache = new LRUMap( cacheSize > 0 ? cacheSize : DEFAULT_CACHE_SIZE );
}
+
/**
* A private class to store all informations about the existing
* password found in the cache or get from the backend.
@@ -177,6 +183,7 @@
}
}
+
/**
* Get the password either from cache or from backend.
* @param principalDN The DN from which we want the password
@@ -326,12 +333,14 @@
}
}
+
private static void split( byte[] all, int offset, byte[] left, byte[] right )
{
System.arraycopy( all, offset, left, 0, left.length );
System.arraycopy( all, offset + left.length, right, 0, right.length );
}
+
/**
* Decopose the stored password in an algorithm, an eventual salt
* and the password itself.
@@ -402,6 +411,7 @@
}
}
+
/**
* Get the algorithm from the stored password.
* It can be found on the beginning of the stored password, between
@@ -457,6 +467,7 @@
}
}
+
/**
* Compute the hashed password given an algorithm, the credentials and
* an optional salt.
@@ -491,6 +502,7 @@
}
}
+
private byte[] encryptPassword( byte[] credentials, EncryptionMethod encryptionMethod )
{
byte[] salt = encryptionMethod.salt;
@@ -527,6 +539,7 @@
}
}
+
/**
* Local function which request the password from the backend
* @param principalDn the principal to lookup
@@ -540,7 +553,17 @@
try
{
- userEntry = opContext.lookup( opContext.getDn(), USERLOOKUP_BYPASS );
+ /*
+ * NOTE: at this point the BindOperationContext does not has a
+ * null session since the user has not yet authenticated so we
+ * cannot use opContext.lookup() yet. This is a very special
+ * case where we cannot rely on the opContext to perform a new
+ * sub operation.
+ */
+ LookupOperationContext lookupContext =
+ new LookupOperationContext( getDirectoryService().getAdminSession(), opContext.getDn() );
+ lookupContext.setByPassed( USERLOOKUP_BYPASS );
+ userEntry = getDirectoryService().getOperationManager().lookup( lookupContext );
if ( userEntry == null )
{
@@ -580,6 +603,7 @@
}
}
+
/**
* Get the algorithm of a password, which is stored in the form "{XYZ}...".
* The method returns null, if the argument is not in this form. It returns
@@ -675,6 +699,7 @@
}
}
+
/**
* Remove the principal form the cache. This is used when the user changes
* his password.
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java Fri Jun 6 00:40:43 2008
@@ -33,6 +33,7 @@
import org.apache.directory.server.core.authn.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.entry.ServerEntry;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.message.MessageTypeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
@@ -92,6 +93,22 @@
}
+ public AuthenticationLevel getAuthenticationLevel()
+ {
+ if ( saslMechanism == null && dn.isEmpty() )
+ {
+ return AuthenticationLevel.NONE;
+ }
+
+ if ( saslMechanism != null )
+ {
+ return AuthenticationLevel.STRONG;
+ }
+
+ return AuthenticationLevel.SIMPLE;
+ }
+
+
/**
* @return the SASL mechanisms
*/
Modified: directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java (original)
+++ directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java Fri Jun 6 00:40:43 2008
@@ -777,6 +777,12 @@
{
return null;
}
+
+ public CoreSession getAdminSession() throws Exception
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
Modified: directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java (original)
+++ directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java Fri Jun 6 00:40:43 2008
@@ -589,5 +589,11 @@
{
return null;
}
+
+
+ public CoreSession getAdminSession() throws Exception
+ {
+ return null;
+ }
}
}