You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pa...@apache.org on 2010/10/29 18:59:06 UTC
svn commit: r1028841 - in /directory:
apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/
shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/
shared/trunk/ldap-client-api/src/main/java/org...
Author: pamarcelot
Date: Fri Oct 29 16:59:05 2010
New Revision: 1028841
URL: http://svn.apache.org/viewvc?rev=1028841&view=rev
Log:
Fix for DIRAPI-37 (Refactor the SASL bind methods to accept the username as a String and not a DN).
Modified:
directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java?rev=1028841&r1=1028840&r2=1028841&view=diff
==============================================================================
--- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java (original)
+++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java Fri Oct 29 16:59:05 2010
@@ -93,6 +93,7 @@ import org.slf4j.LoggerFactory;
"objectClass: organizationalUnit",
"objectClass: top",
"ou: users\n",
+
// Entry # 2
"dn: uid=hnelson,ou=users,dc=example,dc=com",
"objectClass: inetOrgPerson",
@@ -107,7 +108,7 @@ import org.slf4j.LoggerFactory;
"krb5KeyVersionNumber: 0",
"cn: Horatio Nelson",
"sn: Nelson",
-
+
// krbtgt
"dn: uid=krbtgt,ou=users,dc=example,dc=com",
"objectClass: inetOrgPerson",
@@ -122,7 +123,7 @@ import org.slf4j.LoggerFactory;
"krb5KeyVersionNumber: 0",
"cn: KDC Service",
"sn: Service",
-
+
// ldap per host
"dn: uid=ldap,ou=users,dc=example,dc=com",
"objectClass: inetOrgPerson",
@@ -136,16 +137,15 @@ import org.slf4j.LoggerFactory;
"krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
"krb5KeyVersionNumber: 0",
"cn: LDAP Service",
- "sn: Service"
- })
+ "sn: Service" })
@CreateDS(allowAnonAccess = false, name = "SaslBindIT-class", partitions =
{ @CreatePartition(name = "example", suffix = "dc=example,dc=com", contextEntry = @ContextEntry(entryLdif = "dn: dc=example,dc=com\n"
+ "dc: example\n" + "objectClass: top\n" + "objectClass: domain\n\n"), indexes =
{ @CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou") }) },
-additionalInterceptors = { KeyDerivationInterceptor.class }
-)
+ additionalInterceptors =
+ { KeyDerivationInterceptor.class })
@CreateLdapServer(transports =
- { @CreateTransport(protocol = "LDAP") }, saslHost = "localhost", saslPrincipal="ldap/localhost@EXAMPLE.COM", saslMechanisms =
+ { @CreateTransport(protocol = "LDAP") }, saslHost = "localhost", saslPrincipal = "ldap/localhost@EXAMPLE.COM", saslMechanisms =
{ @SaslMechanism(name = SupportedSaslMechanisms.PLAIN, implClass = PlainMechanismHandler.class),
@SaslMechanism(name = SupportedSaslMechanisms.CRAM_MD5, implClass = CramMd5MechanismHandler.class),
@SaslMechanism(name = SupportedSaslMechanisms.DIGEST_MD5, implClass = DigestMd5MechanismHandler.class),
@@ -153,11 +153,11 @@ additionalInterceptors = { KeyDerivation
@SaslMechanism(name = SupportedSaslMechanisms.NTLM, implClass = NtlmMechanismHandler.class),
@SaslMechanism(name = SupportedSaslMechanisms.GSS_SPNEGO, implClass = NtlmMechanismHandler.class) }, extendedOpHandlers =
{ StoredProcedureExtendedOperationHandler.class }, ntlmProvider = BogusNtlmProvider.class)
-@CreateKdcServer (
- transports =
+@CreateKdcServer(
+ transports =
{
- @CreateTransport( protocol = "UDP", port = 6088 ),
- @CreateTransport( protocol = "TCP", port = 6088 )
+ @CreateTransport(protocol = "UDP", port = 6088),
+ @CreateTransport(protocol = "TCP", port = 6088)
})
public class SaslBindIT extends AbstractLdapTestUnit
{
@@ -244,6 +244,7 @@ public class SaslBindIT extends Abstract
* Test a SASL bind with an empty mechanism
*/
@Test
+ @Ignore("Activate and fix when DIRAPI-36 (Provide a SaslBindRequest extending BindRequest that can be used in LdapConnection.bind(...) method) is solved")
public void testSaslBindNoMech() throws Exception
{
DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
@@ -277,7 +278,7 @@ public class SaslBindIT extends Abstract
DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
- BindResponse resp = connection.bindCramMd5( userDn.getName(), "secret", null );
+ BindResponse resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(), "secret", null );
assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
Entry entry = connection.lookup( userDn );
@@ -296,7 +297,7 @@ public class SaslBindIT extends Abstract
DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
- BindResponse resp = connection.bindCramMd5( userDn.getName(), "badsecret", null );
+ BindResponse resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(), "badsecret", null );
assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode() );
connection.close();
}
@@ -311,7 +312,8 @@ public class SaslBindIT extends Abstract
DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
- BindResponse resp = connection.bindDigestMd5( userDn.getName(), "secret", null, ldapServer.getSaslRealms()
+ BindResponse resp = connection.bindDigestMd5( userDn.getRdn().getUpValue().getString(), "secret", null,
+ ldapServer.getSaslRealms()
.get( 0 ) );
assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
@@ -331,7 +333,8 @@ public class SaslBindIT extends Abstract
DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
- BindResponse resp = connection.bindGssApi( userDn.getName(), "secret", ldapServer.getSaslRealms().get( 0 )
+ BindResponse resp = connection.bindGssApi( userDn.getRdn().getUpValue().getString(), "secret", ldapServer
+ .getSaslRealms().get( 0 )
.toUpperCase(), "localhost", 6088 );
assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
@@ -341,7 +344,7 @@ public class SaslBindIT extends Abstract
connection.close();
}
-
+
/**
* Tests to make sure DIGEST-MD5 binds below the RootDSE fail if the realm is bad.
*/
@@ -445,7 +448,8 @@ public class SaslBindIT extends Abstract
// Digest-MD5
connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
- resp = connection.bindDigestMd5( userDn.getName(), "secret", null, ldapServer.getSaslRealms()
+ resp = connection.bindDigestMd5( userDn.getRdn().getUpValue().getString(), "secret", null, ldapServer
+ .getSaslRealms()
.get( 0 ) );
assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
entry = connection.lookup( userDn );
@@ -454,7 +458,7 @@ public class SaslBindIT extends Abstract
// Cram-MD5
connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
- resp = connection.bindCramMd5( userDn.getName(), "secret", null );
+ resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(), "secret", null );
assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
entry = connection.lookup( userDn );
assertEquals( "hnelson", entry.get( "uid" ).getString() );
@@ -462,7 +466,8 @@ public class SaslBindIT extends Abstract
// GSSAPI
connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
- resp = connection.bindGssApi( userDn.getName(), "secret", ldapServer.getSaslRealms().get( 0 )
+ resp = connection.bindGssApi( userDn.getRdn().getUpValue().getString(), "secret", ldapServer
+ .getSaslRealms().get( 0 )
.toUpperCase(), "localhost", 6088 );
assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
entry = connection.lookup( userDn );
@@ -595,9 +600,10 @@ public class SaslBindIT extends Abstract
return provider;
}
-
+
////////////////////////
- protected Entry getPrincipalAttributes( String dn, String sn, String cn, String uid, String userPassword, String principal ) throws LdapException
+ protected Entry getPrincipalAttributes( String dn, String sn, String cn, String uid, String userPassword,
+ String principal ) throws LdapException
{
Entry entry = new DefaultEntry( new DN( dn ) );
entry.add( SchemaConstants.OBJECT_CLASS_AT, "person", "inetOrgPerson", "krb5principal", "krb5kdcentry" );
Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1028841&r1=1028840&r2=1028841&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java (original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java Fri Oct 29 16:59:05 2010
@@ -1138,29 +1138,22 @@ public class LdapNetworkConnection exten
// If the session has not been establish, or is closed, we get out immediately
checkSession();
- if ( bindRequest.isSimple() )
- {
- // Update the messageId
- int newId = messageId.incrementAndGet();
- bindRequest.setMessageId( newId );
+ // Update the messageId
+ int newId = messageId.incrementAndGet();
+ bindRequest.setMessageId( newId );
- LOG.debug( "-----------------------------------------------------------------" );
- LOG.debug( "Sending request \n{}", bindRequest );
+ LOG.debug( "-----------------------------------------------------------------" );
+ LOG.debug( "Sending request \n{}", bindRequest );
- // Create a future for this Bind operation
- BindFuture bindFuture = new BindFuture( this, newId );
+ // Create a future for this Bind operation
+ BindFuture bindFuture = new BindFuture( this, newId );
- addToFutureMap( newId, bindFuture );
+ addToFutureMap( newId, bindFuture );
- writeBindRequest( bindRequest );
+ writeBindRequest( bindRequest );
- // Ok, done return the future
- return bindFuture;
- }
- else
- {
- return bindSasl( new SaslRequest( bindRequest ) );
- }
+ // Ok, done return the future
+ return bindFuture;
}
@@ -1342,31 +1335,34 @@ public class LdapNetworkConnection exten
Control... ctrls )
throws LdapException, IOException
{
- BindRequest bindRequest = createBindRequest( name, credentials, SupportedSaslMechanisms.GSSAPI, ctrls );
-
String krbConfPath = createKrbConfFile( realmName, kdcHost, kdcPort );
System.setProperty( "java.security.krb5.conf", krbConfPath );
Configuration.setConfiguration( new Krb5LoginConfiguration() );
System.setProperty( "javax.security.auth.useSubjectCredsOnly", "true" );
- final SaslRequest saslRequest = new SaslRequest( bindRequest );
+ final SaslRequest saslRequest = new SaslRequest();
+ saslRequest.setUsername( name );
+ saslRequest.setCredentials( credentials );
+ saslRequest.setSaslMechanism( SupportedSaslMechanisms.GSSAPI );
+ saslRequest.setRealmName( realmName );
+ saslRequest.addAllControls( ctrls );
try
{
LoginContext loginContext = new LoginContext( "ldapnetworkconnection",
- new SaslCallbackHandler( saslRequest ) );
+ new SaslCallbackHandler( saslRequest ) );
loginContext.login();
// Now, bind by calling the internal bindSasl method
BindFuture future = ( BindFuture ) Subject.doAs( loginContext.getSubject(),
- new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- return bindSasl( saslRequest );
- }
- } );
+ new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ return bindSasl( saslRequest );
+ }
+ } );
return future.get();
}
@@ -3485,13 +3481,15 @@ public class LdapNetworkConnection exten
Control... ctrls )
throws LdapException, IOException
{
- BindRequest bindReq = createBindRequest( name, credentials, saslMech, ctrls );
-
- SaslRequest saslReq = new SaslRequest( bindReq );
- saslReq.setRealmName( realmName );
- saslReq.setAuthorizationId( authzId );
+ SaslRequest saslRequest = new SaslRequest();
+ saslRequest.setUsername( name );
+ saslRequest.setCredentials( credentials );
+ saslRequest.setSaslMechanism( saslMech );
+ saslRequest.setAuthorizationId( authzId );
+ saslRequest.setRealmName( realmName );
+ saslRequest.addAllControls( ctrls );
- return bindSasl( saslReq );
+ return bindSasl( saslRequest );
}
@@ -3511,7 +3509,8 @@ public class LdapNetworkConnection exten
// If the session has not been establish, or is closed, we get out immediately
checkSession();
- BindRequest bindRequest = saslRequest.getBindRequest();
+ BindRequest bindRequest = createBindRequest( ( String ) null, null, saslRequest.getSaslMechanism(), saslRequest
+ .getControls() );
// Update the messageId
int newId = messageId.incrementAndGet();
@@ -3538,7 +3537,7 @@ public class LdapNetworkConnection exten
saslRequest.getAuthorizationId(),
"ldap",
config.getLdapHost(),
- saslRequest.getSaslMechProps(),
+ null,
new SaslCallbackHandler( saslRequest ) );
// If the SaslClient wasn't created, that means we can't create the SASL client
Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java?rev=1028841&r1=1028840&r2=1028841&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java (original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java Fri Oct 29 16:59:05 2010
@@ -21,10 +21,11 @@
package org.apache.directory.ldap.client.api;
-import java.util.HashMap;
-import java.util.Map;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
-import org.apache.directory.shared.ldap.message.BindRequest;
+import org.apache.directory.shared.ldap.message.control.Control;
import org.apache.directory.shared.ldap.util.StringTools;
@@ -35,61 +36,91 @@ import org.apache.directory.shared.ldap.
*/
public class SaslRequest
{
- /** the bind request */
- private BindRequest bindRequest;
+ /** The list of controls */
+ private List<Control> controls = new ArrayList<Control>();
- /** the sasl mechaism's properties */
- private Map<String, String> saslMechProps = new HashMap<String, String>();
+ /** The username */
+ private String username;
+
+ /** The credentials */
+ private byte[] credentials;
/** SASL realm name on the server */
private String realmName;
- /** the authorization ID of the entity */
+ /** The authorization ID of the entity */
private String authorizationId;
+ /** The mechanism used to decode user identity */
+ private String saslMechanism;
+
/**
- * Creates a new instance of SaslRequest.
+ * Adds the given controls.
*
- * @param bindRequest The included BindRequest
+ * @param controls the controls
*/
- protected SaslRequest( BindRequest bindRequest )
+ public void addAllControls( Control[] controls )
{
- this.bindRequest = bindRequest;
+ this.controls.addAll( Arrays.asList( controls ) );
}
/**
- * @return The interned BindRequest
+ * Adds the given control.
+ *
+ * @param control the control
*/
- public BindRequest getBindRequest()
+ public void addControl( Control control )
{
- return bindRequest;
+ this.controls.add( control );
}
/**
- * @return The supported SASL mechanisms
+ * Gets the authorization ID.
+ *
+ * @return the authorization ID
*/
- public Map<String, String> getSaslMechProps()
+ public String getAuthorizationId()
{
- return saslMechProps;
+ return authorizationId;
}
/**
- * Set the supported SASL mechanisms
+ * Gets the controls.
*
- * @param saslMechProps The list of supported mechanisms
+ * @return the controls
*/
- public void setSaslMechProps( Map<String, String> saslMechProps )
+ public Control[] getControls()
{
- this.saslMechProps = saslMechProps;
+ return controls.toArray( new Control[0] );
}
/**
- * @return The realm name
+ * Gets the crendentials
+ *
+ * @return the credentials
+ */
+ public byte[] getCredentials()
+ {
+ if ( credentials != null )
+ {
+ return credentials;
+ }
+ else
+ {
+ return StringTools.EMPTY_BYTES;
+ }
+ }
+
+
+ /**
+ * Gets realm name.
+ *
+ * @return the realm name
*/
public String getRealmName()
{
@@ -98,21 +129,24 @@ public class SaslRequest
/**
- * Set the realm Name
- * @param realmName The realm name
+ * Gets the SASL mechanism.
+ *
+ * @return the SASL mechanism
*/
- public void setRealmName( String realmName )
+ public String getSaslMechanism()
{
- this.realmName = realmName;
+ return saslMechanism;
}
/**
- * @return The authorization Id
+ * Gets the username.
+ *
+ * @return the username
*/
- public String getAuthorizationId()
+ public String getUsername()
{
- return authorizationId;
+ return username;
}
@@ -128,30 +162,45 @@ public class SaslRequest
/**
- * Sets the interned BindRequest
+ * Sets the credentials.
*
- * @param bindRequest The interned BindRequest
+ * @param credentials the credentials
*/
- public void setBindRequest( BindRequest bindRequest )
+ public void setCredentials( byte[] credentials )
{
- this.bindRequest = bindRequest;
+ this.credentials = credentials;
}
/**
- * @return the credentials
+ * Sets the realm name.
+ *
+ * @param realmName The realm name
*/
- public byte[] getCredentials()
+ public void setRealmName( String realmName )
{
- byte[] credentials = bindRequest.getCredentials();
+ this.realmName = realmName;
+ }
- if ( credentials != null )
- {
- return credentials;
- }
- else
- {
- return StringTools.EMPTY_BYTES;
- }
+
+ /**
+ * Sets the SASL mechanism
+ *
+ * @param saslMechanism the SASL mechanism
+ */
+ public void setSaslMechanism( String saslMechanism )
+ {
+ this.saslMechanism = saslMechanism;
+ }
+
+
+ /**
+ * Sets the username.
+ *
+ * @param username the username
+ */
+ public void setUsername( String username )
+ {
+ this.username = username;
}
}
Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java?rev=1028841&r1=1028840&r2=1028841&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java (original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java Fri Oct 29 16:59:05 2010
@@ -73,19 +73,17 @@ public class SaslCallbackHandler impleme
{
NameCallback ncb = ( NameCallback ) cb;
- String name = saslReq.getBindRequest().getName().getRdn().getUpValue().getString();
+ String name = saslReq.getUsername();
LOG.debug( "sending name {} in the NameCallback", name );
-
ncb.setName( name );
}
-
else if ( cb instanceof PasswordCallback )
{
PasswordCallback pcb = ( PasswordCallback ) cb;
+
LOG.debug( "sending credentials in the PasswordCallback" );
pcb.setPassword( StringTools.utf8ToString( saslReq.getCredentials() ).toCharArray() );
}
-
else if ( cb instanceof RealmCallback )
{
RealmCallback rcb = ( RealmCallback ) cb;