You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/05/05 11:23:18 UTC
svn commit: r653379 - in /directory:
apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/
apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/
apacheds/branches/bigbang/protocol-lda...
Author: akarasulu
Date: Mon May 5 02:23:18 2008
New Revision: 653379
URL: http://svn.apache.org/viewvc?rev=653379&view=rev
Log:
Added NTLM SASL Mechanism and fixed bugs and issues with bind handling:
o added provider based NTLM SASL Mechanism even though this
is not supported by the JDK SASL provider
o fixed situation where sasl mechanisms were not really used to
actually configure the sasl mechanisms supported by the server
o the server now will report those mechanisms that are configured
o fixed nasty use of SupportedSASLMechanisms.ATTRIBUTE -
this is gone now!
o added new NTLM mech constant to SupportedSASLMechanisms
o added supportedSaslMechanisms to SchemaConstants
o added some configuration tests for LdapServer
o fixed issue Steve Hammond was complaining about regarding
improper configuration issues of extendedOperationHandlers
via the addExtendedOperationHandler() method
o exposed configuration of bind handler via setters for
dependency injection
o exposed means to set supportedSaslMechanisms from
LdapServer and adjusted configuration in server.xml to reflect
these now configuration options
o no longer hard coding the mechanisms in RootDSE - now
using new registration mechanism to expose these attribute
values in the rootDSE
o all mechanism handler implementations use setter based
dependency injection now so we can configure them via the
server.xml - some of the gssapi specific settings on the
LdapServer should be pushed back into the
GssapiMechanismHandler
o fixed test cases to make sure they include the new
configuration mechanism
Added:
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/SimpleMechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationException.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java
- copied, changed from r653289, directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmNegotiationException.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java
directory/apacheds/branches/bigbang/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java
directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java (contents, props changed)
- copied, changed from r653288, directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSASLMechanisms.java
Removed:
directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSASLMechanisms.java
Modified:
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/DefaultPartitionNexus.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexus.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexusProxy.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultBindHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/DigestMd5MechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/GssapiMechanismHandler.java
directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java
directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java
directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml
directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SchemaConstants.java
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/DefaultPartitionNexus.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/DefaultPartitionNexus.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/DefaultPartitionNexus.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/DefaultPartitionNexus.java Mon May 5 02:23:18 2008
@@ -58,7 +58,6 @@
import org.apache.directory.shared.ldap.MultiException;
import org.apache.directory.shared.ldap.NotImplementedException;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.apache.directory.shared.ldap.constants.SupportedSASLMechanisms;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeIdentifierException;
@@ -155,6 +154,7 @@
*
* @see <a href="http://www.faqs.org/rfcs/rfc3045.html">Vendor Information</a>
* @param rootDSE the root entry for the DSA
+ * @throws javax.naming.NamingException on failure to initialize
*/
public DefaultPartitionNexus( ServerEntry rootDSE ) throws NamingException
{
@@ -167,12 +167,6 @@
rootDSE.put( SchemaConstants.SUPPORTED_FEATURES_AT, SchemaConstants.FEATURE_ALL_OPERATIONAL_ATTRIBUTES );
rootDSE.put( SchemaConstants.SUPPORTED_EXTENSION_AT, NoticeOfDisconnect.EXTENSION_OID );
- // Add the supportedSASLMechanisms attribute to rootDSE
- rootDSE.put( SupportedSASLMechanisms.ATTRIBUTE,
- SupportedSASLMechanisms.GSSAPI,
- SupportedSASLMechanisms.DIGEST_MD5,
- SupportedSASLMechanisms.CRAM_MD5 );
-
// Add the supported controls
rootDSE.put( SchemaConstants.SUPPORTED_CONTROL_AT,
PersistentSearchControl.CONTROL_OID,
@@ -1145,23 +1139,36 @@
}
- // ------------------------------------------------------------------------
- // Private Methods
- // ------------------------------------------------------------------------
-
-
public void registerSupportedExtensions( Set<String> extensionOids ) throws NamingException
{
EntryAttribute supportedExtension = rootDSE.get( SchemaConstants.SUPPORTED_EXTENSION_AT );
-
+
if ( supportedExtension == null )
{
rootDSE.set( SchemaConstants.SUPPORTED_EXTENSION_AT );
+ supportedExtension = rootDSE.get( SchemaConstants.SUPPORTED_EXTENSION_AT );
}
-
+
for ( String extensionOid : extensionOids )
{
supportedExtension.add( extensionOid );
}
}
+
+
+ public void registerSupportedSaslMechanisms( Set<String> supportedSaslMechanisms ) throws NamingException
+ {
+ EntryAttribute supportedSaslMechanismsAttribute = rootDSE.get( SchemaConstants.SUPPORTED_SASL_MECHANISMS_AT );
+
+ if ( supportedSaslMechanismsAttribute == null )
+ {
+ rootDSE.set( SchemaConstants.SUPPORTED_SASL_MECHANISMS_AT );
+ supportedSaslMechanismsAttribute = rootDSE.get( SchemaConstants.SUPPORTED_SASL_MECHANISMS_AT );
+ }
+
+ for ( String saslMechanism : supportedSaslMechanisms )
+ {
+ supportedSaslMechanismsAttribute.add( saslMechanism );
+ }
+ }
}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexus.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexus.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexus.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexus.java Mon May 5 02:23:18 2008
@@ -247,4 +247,7 @@
* attribute in the RootDSE
*/
public abstract void registerSupportedExtensions( Set<String> extensionOids ) throws NamingException;
+
+
+ public abstract void registerSupportedSaslMechanisms( Set<String> strings ) throws NamingException;
}
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexusProxy.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexusProxy.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexusProxy.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/partition/PartitionNexusProxy.java Mon May 5 02:23:18 2008
@@ -863,6 +863,13 @@
service.getPartitionNexus().registerSupportedExtensions( extensionOids );
}
+
+ public void registerSupportedSaslMechanisms( Set<String> supportedSaslMechanisms ) throws NamingException
+ {
+ service.getPartitionNexus().registerSupportedSaslMechanisms( supportedSaslMechanisms );
+ }
+
+
// -----------------------------------------------------------------------
// EventContext and EventDirContext notification methods
// -----------------------------------------------------------------------
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/LdapServer.java Mon May 5 02:23:18 2008
@@ -25,14 +25,7 @@
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
import javax.naming.Context;
import javax.naming.NamingException;
@@ -61,15 +54,14 @@
import org.apache.directory.server.ldap.handlers.ModifyHandler;
import org.apache.directory.server.ldap.handlers.SearchHandler;
import org.apache.directory.server.ldap.handlers.UnbindHandler;
+import org.apache.directory.server.ldap.handlers.bind.*;
import org.apache.directory.server.ldap.handlers.ssl.LdapsInitializer;
import org.apache.directory.server.protocol.shared.DirectoryBackedService;
import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
import org.apache.directory.shared.asn1.codec.Asn1CodecDecoder;
import org.apache.directory.shared.asn1.codec.Asn1CodecEncoder;
import org.apache.directory.shared.ldap.constants.SaslQoP;
-import org.apache.directory.shared.ldap.constants.SupportedSASLMechanisms;
import org.apache.directory.shared.ldap.exception.LdapConfigurationException;
-import org.apache.directory.shared.ldap.exception.LdapNamingException;
import org.apache.directory.shared.ldap.message.AbandonRequest;
import org.apache.directory.shared.ldap.message.AddRequest;
import org.apache.directory.shared.ldap.message.BindRequest;
@@ -126,6 +118,7 @@
*/
public class LdapServer extends DirectoryBackedService
{
+ @SuppressWarnings( { "UnusedDeclaration" } )
private static final long serialVersionUID = 3757127143811666817L;
/** logger for this class */
@@ -169,10 +162,12 @@
private boolean allowAnonymousAccess = true; // allow by default
/** The extended operation handlers. */
- private final Collection<ExtendedOperationHandler> extendedOperationHandlers = new ArrayList<ExtendedOperationHandler>();
+ private final Collection<ExtendedOperationHandler> extendedOperationHandlers =
+ new ArrayList<ExtendedOperationHandler>();
/** The supported authentication mechanisms. */
- private Set<String> supportedMechanisms;
+ private Map<String, MechanismHandler> saslMechanismHandlers =
+ new HashMap<String, MechanismHandler>();
/** The name of this host, validated during SASL negotiation. */
private String saslHost = "ldap.example.com";
@@ -221,12 +216,6 @@
super.setServiceId( SERVICE_PID_DEFAULT );
super.setServiceName( SERVICE_NAME_DEFAULT );
- supportedMechanisms = new HashSet<String>();
- supportedMechanisms.add( SupportedSASLMechanisms.SIMPLE );
- supportedMechanisms.add( SupportedSASLMechanisms.CRAM_MD5 );
- supportedMechanisms.add( SupportedSASLMechanisms.DIGEST_MD5 );
- supportedMechanisms.add( SupportedSASLMechanisms.GSSAPI );
-
saslQop = new HashSet<String>();
saslQop.add( SaslQoP.QOP_AUTH );
saslQop.add( SaslQoP.QOP_AUTH_INT );
@@ -244,6 +233,7 @@
this.supportedControls.add( CascadeControl.CONTROL_OID );
}
+
/**
* Install the LDAP request handlers.
*/
@@ -261,7 +251,10 @@
if ( getBindHandler() == null )
{
- setBindHandler( new DefaultBindHandler( getDirectoryService(), registry ) );
+ DefaultBindHandler handler = new DefaultBindHandler();
+ handler.setSessionRegistry( registry );
+ handler.setSaslMechanismHandlers( saslMechanismHandlers );
+ setBindHandler( handler );
}
if ( getCompareHandler() == null )
@@ -407,17 +400,20 @@
private void startLDAP0( int port, IoFilterChainBuilder chainBuilder )
- throws LdapNamingException, LdapConfigurationException, NamingException
+ throws NamingException
{
- for ( ExtendedOperationHandler h : getExtendedOperationHandlers() )
+ PartitionNexus nexus = getDirectoryService().getPartitionNexus();
+
+ for ( ExtendedOperationHandler h : extendedOperationHandlers )
{
- addExtendedOperationHandler( h );
+ extendedHandler.addHandler( h );
LOG.info( "Added Extended Request Handler: " + h.getOid() );
h.setLdapProvider( this );
- PartitionNexus nexus = getDirectoryService().getPartitionNexus();
nexus.registerSupportedExtensions( h.getExtensionOids() );
}
+ nexus.registerSupportedSaslMechanisms( saslMechanismHandlers.keySet() );
+
try
{
SocketAcceptorConfig acceptorCfg = new SocketAcceptorConfig();
@@ -477,14 +473,21 @@
* protocol provider to provide a specific LDAP extended operation.
*
* @param eoh an extended operation handler
+ * @throws NamingException on failure to add the handler
*/
- public void addExtendedOperationHandler( ExtendedOperationHandler eoh )
+ public void addExtendedOperationHandler( ExtendedOperationHandler eoh ) throws NamingException
{
- if ( extendedHandler == null )
+ if ( started )
{
- setExtendedHandler( new DefaultExtendedHandler() );
+ extendedHandler.addHandler( eoh );
+ eoh.setLdapProvider( this );
+ PartitionNexus nexus = getDirectoryService().getPartitionNexus();
+ nexus.registerSupportedExtensions( eoh.getExtensionOids() );
+ }
+ else
+ {
+ extendedOperationHandlers.add( eoh );
}
- extendedHandler.addHandler( eoh );
}
@@ -497,7 +500,27 @@
*/
public void removeExtendedOperationHandler( String oid )
{
- extendedHandler.removeHandler( oid );
+ if ( started )
+ {
+ extendedHandler.removeHandler( oid );
+
+ // need to do something like this to make this work right
+ // PartitionNexus nexus = getDirectoryService().getPartitionNexus();
+ // nexus.unregisterSupportedExtensions( eoh.getExtensionOids() );
+ }
+ else
+ {
+ ExtendedOperationHandler handler = null;
+ for ( ExtendedOperationHandler h : extendedOperationHandlers )
+ {
+ if ( h.getOid().equals( oid ) )
+ {
+ handler = h;
+ break;
+ }
+ }
+ extendedOperationHandlers.remove( handler );
+ }
}
@@ -511,7 +534,22 @@
*/
public ExtendedOperationHandler getExtendedOperationHandler( String oid )
{
- return extendedHandler.getHandler( oid );
+ if ( started )
+ {
+ return extendedHandler.getHandler( oid );
+ }
+ else
+ {
+ for ( ExtendedOperationHandler h : extendedOperationHandlers )
+ {
+ if ( h.getOid().equals( oid ) )
+ {
+ return h;
+ }
+ }
+ }
+
+ return null;
}
@@ -763,27 +801,39 @@
}
- /**
- * Returns the list of supported authentication mechanisms.
- *
- * @return The list of supported authentication mechanisms.
- */
- public Set<String> getSupportedMechanisms()
+ public void setSaslMechanismHandlers( Map<String, MechanismHandler> saslMechanismHandlers )
{
- return supportedMechanisms;
+ this.saslMechanismHandlers = saslMechanismHandlers;
}
- /**
- * Sets the list of supported authentication mechanisms.
- *
- * @org.apache.xbean.Property propertyEditor="ListEditor" nestedType="java.lang.String"
- *
- * @param supportedMechanisms The list of supported authentication mechanisms.
- */
- public void setSupportedMechanisms( Set<String> supportedMechanisms )
+ public Map<String, MechanismHandler> getSaslMechanismHandlers()
+ {
+ return saslMechanismHandlers;
+ }
+
+
+ public MechanismHandler addSaslMechanismHandler( String mechanism, MechanismHandler handler )
+ {
+ return this.saslMechanismHandlers.put( mechanism, handler );
+ }
+
+
+ public MechanismHandler removeSaslMechanismHandler( String mechanism )
+ {
+ return this.saslMechanismHandlers.remove( mechanism );
+ }
+
+
+ public MechanismHandler getMechanismHandler( String mechanism )
+ {
+ return this.saslMechanismHandlers.get( mechanism );
+ }
+
+
+ public Set<String> getSupportedMechanisms()
{
- this.supportedMechanisms = supportedMechanisms;
+ return saslMechanismHandlers.keySet();
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/SessionRegistry.java Mon May 5 02:23:18 2008
@@ -64,8 +64,8 @@
/**
* Creates a singleton session state object for the system.
*
+ * @param ldapServer the ldap server instance
* @param env the properties associated with this SessionRegistry
- * @param ldapServer the ldap configuration
*/
public SessionRegistry( LdapServer ldapServer, Hashtable<String, Object> env )
{
@@ -256,7 +256,7 @@
if ( ctx == null && allowAnonymous )
{
// if configuration says disable anonymous binds we throw exception
- if ( !ldapServer.isAllowAnonymousAccess() )
+ if ( ! ldapServer.isAllowAnonymousAccess() )
{
throw new LdapNoPermissionException( "Anonymous binds have been disabled!" );
}
@@ -300,7 +300,7 @@
// if the user principal is anonymous and the configuration does not allow anonymous binds we
// prevent the operation by blowing a NoPermissionsException
- if ( isAnonymousUser && !ldapServer.isAllowAnonymousAccess() )
+ if ( isAnonymousUser && ! ldapServer.isAllowAnonymousAccess() )
{
throw new LdapNoPermissionException( "Anonymous binds have been disabled!" );
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultBindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultBindHandler.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultBindHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/DefaultBindHandler.java Mon May 5 02:23:18 2008
@@ -30,14 +30,11 @@
import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.SessionRegistry;
-import org.apache.directory.server.ldap.handlers.bind.CramMd5MechanismHandler;
-import org.apache.directory.server.ldap.handlers.bind.DigestMd5MechanismHandler;
-import org.apache.directory.server.ldap.handlers.bind.GssapiMechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.MechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.SaslFilter;
import org.apache.directory.server.protocol.shared.ServiceConfigurationException;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
-import org.apache.directory.shared.ldap.constants.SupportedSASLMechanisms;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.directory.shared.ldap.message.BindResponse;
@@ -65,7 +62,6 @@
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
-import java.util.Collections;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
@@ -93,21 +89,27 @@
/**
* A Hashed Adapter mapping SASL mechanisms to their handlers.
*/
- private final Map<String, MechanismHandler> handlers;
+ private Map<String, MechanismHandler> handlers;
- private final SessionRegistry registry;
+ private SessionRegistry registry;
+
/**
* Creates a new instance of BindHandler.
*/
- public DefaultBindHandler( DirectoryService directoryService, SessionRegistry registry )
+ public DefaultBindHandler()
+ {
+ }
+
+
+ public void setSaslMechanismHandlers( Map<String, MechanismHandler> handlers )
+ {
+ this.handlers = handlers;
+ }
+
+
+ public void setSessionRegistry( SessionRegistry registry )
{
- Map<String, MechanismHandler> map = new HashMap<String, MechanismHandler>();
- map.put( SupportedSASLMechanisms.CRAM_MD5, new CramMd5MechanismHandler( directoryService ) );
- map.put( SupportedSASLMechanisms.DIGEST_MD5, new DigestMd5MechanismHandler( directoryService ) );
- map.put( SupportedSASLMechanisms.GSSAPI, new GssapiMechanismHandler( directoryService ) );
- handlers = Collections.unmodifiableMap( map );
-
this.registry = registry;
}
@@ -115,7 +117,7 @@
public void setDirectoryService( DirectoryService directoryService )
{
}
-
+
/**
* Create an environment object and inject the Bond informations collected
@@ -265,7 +267,7 @@
// First, deal with Simple Authentication
// Guard clause: Reject SIMPLE mechanism.
- if ( !supportedMechanisms.contains( SupportedSASLMechanisms.SIMPLE ) )
+ if ( !supportedMechanisms.contains( SupportedSaslMechanisms.SIMPLE ) )
{
LOG.error( "Bind error : SIMPLE authentication not supported. Please check the server.xml configuration file (supportedMechanisms field)" );
@@ -311,7 +313,7 @@
Set<String> activeMechanisms = ldapServer.getSupportedMechanisms();
- if ( activeMechanisms.contains( SupportedSASLMechanisms.GSSAPI ) )
+ if ( activeMechanisms.contains( SupportedSaslMechanisms.GSSAPI ) )
{
try
{
@@ -351,7 +353,7 @@
{
String sessionMechanism = bindRequest.getSaslMechanism();
- if ( sessionMechanism.equals( SupportedSASLMechanisms.SIMPLE ) )
+ if ( sessionMechanism.equals( SupportedSaslMechanisms.SIMPLE ) )
{
/*
* This is the principal name that will be used to bind to the DIT.
@@ -639,8 +641,8 @@
/*
* If the SASL mechanism is DIGEST-MD5 or GSSAPI, we insert a SASLFilter.
*/
- if ( sessionMechanism.equals( SupportedSASLMechanisms.DIGEST_MD5 ) ||
- sessionMechanism.equals( SupportedSASLMechanisms.GSSAPI ) )
+ if ( sessionMechanism.equals( SupportedSaslMechanisms.DIGEST_MD5 ) ||
+ sessionMechanism.equals( SupportedSaslMechanisms.GSSAPI ) )
{
LOG.debug( "Inserting SaslFilter to engage negotiated security layer." );
@@ -671,7 +673,7 @@
*/
private String getAuthenticationLevel( String sessionMechanism )
{
- if ( sessionMechanism.equals( SupportedSASLMechanisms.SIMPLE ) )
+ if ( sessionMechanism.equals( SupportedSaslMechanisms.SIMPLE ) )
{
return AuthenticationLevel.SIMPLE.toString();
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java Mon May 5 02:23:18 2008
@@ -21,7 +21,7 @@
import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.shared.ldap.constants.SupportedSASLMechanisms;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.mina.common.IoSession;
@@ -33,20 +33,23 @@
/**
+ * The CRAM-MD Sasl mechanism handler.
+ *
+ * @org.apache.xbean.XBean
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
public class CramMd5MechanismHandler implements MechanismHandler
{
- private final DirectoryService directoryService;
+ private DirectoryService directoryService;
- public CramMd5MechanismHandler( DirectoryService directoryService )
+ public void setDirectoryService( DirectoryService directoryService )
{
this.directoryService = directoryService;
}
-
+
public SaslServer handleMechanism( IoSession session, BindRequest bindRequest ) throws Exception
{
SaslServer ss;
@@ -67,7 +70,7 @@
CallbackHandler callbackHandler = new CramMd5CallbackHandler( directoryService, session, bindRequest );
- ss = Sasl.createSaslServer( SupportedSASLMechanisms.CRAM_MD5, "ldap", saslHost, saslProps, callbackHandler );
+ ss = Sasl.createSaslServer( SupportedSaslMechanisms.CRAM_MD5, "ldap", saslHost, saslProps, callbackHandler );
session.setAttribute( SASL_CONTEXT, ss );
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/DigestMd5MechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/DigestMd5MechanismHandler.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/DigestMd5MechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/DigestMd5MechanismHandler.java Mon May 5 02:23:18 2008
@@ -21,7 +21,7 @@
import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.shared.ldap.constants.SupportedSASLMechanisms;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.mina.common.IoSession;
@@ -32,15 +32,18 @@
/**
+ * The DIGEST-MD5 mechanism handler.
+ *
+ * @org.apache.xbean.XBean
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
public class DigestMd5MechanismHandler implements MechanismHandler
{
- private final DirectoryService directoryService;
+ private DirectoryService directoryService;
- public DigestMd5MechanismHandler( DirectoryService directoryService )
+ public void setDirectoryService( DirectoryService directoryService )
{
this.directoryService = directoryService;
}
@@ -61,7 +64,7 @@
CallbackHandler callbackHandler = new DigestMd5CallbackHandler( directoryService, session, bindRequest );
- ss = Sasl.createSaslServer( SupportedSASLMechanisms.DIGEST_MD5, "ldap", saslHost, saslProps, callbackHandler );
+ ss = Sasl.createSaslServer( SupportedSaslMechanisms.DIGEST_MD5, "ldap", saslHost, saslProps, callbackHandler );
session.setAttribute( SASL_CONTEXT, ss );
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/GssapiMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/GssapiMechanismHandler.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/GssapiMechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/GssapiMechanismHandler.java Mon May 5 02:23:18 2008
@@ -21,7 +21,7 @@
import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.shared.ldap.constants.SupportedSASLMechanisms;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.mina.common.IoSession;
@@ -34,19 +34,23 @@
/**
+ * The GSSAPI Sasl mechanism handler.
+ *
+ * @org.apache.xbean.XBean
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
public class GssapiMechanismHandler implements MechanismHandler
{
- private final DirectoryService directoryService;
+ private DirectoryService directoryService;
- public GssapiMechanismHandler( DirectoryService directoryService )
+ public void setDirectoryService( DirectoryService directoryService )
{
this.directoryService = directoryService;
}
+
public SaslServer handleMechanism( IoSession session, BindRequest bindRequest ) throws Exception
{
SaslServer ss;
@@ -68,7 +72,7 @@
{
public SaslServer run() throws Exception
{
- return Sasl.createSaslServer( SupportedSASLMechanisms.GSSAPI, "ldap", saslHost, saslProps, callbackHandler );
+ return Sasl.createSaslServer( SupportedSaslMechanisms.GSSAPI, "ldap", saslHost, saslProps, callbackHandler );
}
} );
Added: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/SimpleMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/SimpleMechanismHandler.java?rev=653379&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/SimpleMechanismHandler.java (added)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/SimpleMechanismHandler.java Mon May 5 02:23:18 2008
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.ldap.handlers.bind;
+
+
+import org.apache.mina.common.IoSession;
+import org.apache.directory.shared.ldap.message.BindRequest;
+
+import javax.security.sasl.SaslServer;
+
+
+/**
+ * A Dummy mechanism handler for Simple mechanism: not really used but needed
+ * for the mechanism map.
+ *
+ * @org.apache.xbean.XBean
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $$Rev$$
+ */
+public class SimpleMechanismHandler implements MechanismHandler
+{
+ public SaslServer handleMechanism( IoSession session, BindRequest bindRequest ) throws Exception
+ {
+ return null;
+ }
+}
Added: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationException.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationException.java?rev=653379&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationException.java (added)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationException.java Mon May 5 02:23:18 2008
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.ldap.handlers.bind.ntlm;
+
+
+/**
+ * On authentication failure.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $$Rev$$
+ */
+public class NtlmAuthenticationException extends Exception
+{
+}
Copied: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java (from r653289, directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java?p2=directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java&p1=directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java&r1=653289&r2=653379&rev=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/CramMd5MechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java Mon May 5 02:23:18 2008
@@ -17,33 +17,38 @@
* under the License.
*
*/
-package org.apache.directory.server.ldap.handlers.bind;
+package org.apache.directory.server.ldap.handlers.bind.ntlm;
-import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.shared.ldap.constants.SupportedSASLMechanisms;
+import org.apache.directory.server.ldap.handlers.bind.MechanismHandler;
import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.mina.common.IoSession;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.sasl.Sasl;
import javax.security.sasl.SaslServer;
-import java.util.HashMap;
-import java.util.Map;
/**
+ * A handler for the NTLM Sasl mechanism.
+ *
+ * @org.apache.xbean.XBean
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class CramMd5MechanismHandler implements MechanismHandler
+public class NtlmMechanismHandler implements MechanismHandler
{
- private final DirectoryService directoryService;
+ private String providerFqcn;
+ private NtlmProvider provider;
+
+
+ public void setNtlmProvider( NtlmProvider provider )
+ {
+ this.provider = provider;
+ }
- public CramMd5MechanismHandler( DirectoryService directoryService )
+ public void setNtlmProviderFqcn( String fqcnProvider )
{
- this.directoryService = directoryService;
+ this.providerFqcn = fqcnProvider;
}
@@ -57,20 +62,21 @@
}
else
{
- String saslHost = ( String ) session.getAttribute( "saslHost" );
-
- /*
- * Sasl will throw an exception is Sasl.QOP properties are set.
- * CRAM-MD5 doesn't support QoP.
- */
- Map<String, String> saslProps = new HashMap<String, String>();
-
- CallbackHandler callbackHandler = new CramMd5CallbackHandler( directoryService, session, bindRequest );
-
- ss = Sasl.createSaslServer( SupportedSASLMechanisms.CRAM_MD5, "ldap", saslHost, saslProps, callbackHandler );
+ if ( provider == null )
+ {
+ initProvider();
+ }
+
+ ss = new NtlmSaslServer( provider );
session.setAttribute( SASL_CONTEXT, ss );
}
return ss;
}
-}
+
+
+ private void initProvider() throws Exception
+ {
+ provider = ( NtlmProvider ) Class.forName( providerFqcn ).newInstance();
+ }
+}
\ No newline at end of file
Added: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmNegotiationException.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmNegotiationException.java?rev=653379&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmNegotiationException.java (added)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmNegotiationException.java Mon May 5 02:23:18 2008
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.ldap.handlers.bind.ntlm;
+
+
+/**
+ * On any kind of negotionation or io failure.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $$Rev$$
+ */
+public class NtlmNegotiationException extends Exception
+{
+}
\ No newline at end of file
Added: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java?rev=653379&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java (added)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java Mon May 5 02:23:18 2008
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.ldap.handlers.bind.ntlm;
+
+
+/**
+ * An NTLM authentication service provider. Multiple providers may be
+ * utilized to conduct the NTLM negotiation over various protocols or by
+ * calling native SSPI interfaces.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $$Rev$$
+ */
+public interface NtlmProvider
+{
+ /**
+ * Handles a Type 1 NTLM response from the client to generate an NTLM
+ * Type 2 challenge message.
+ *
+ * @param type1reponse the Type 1 NTLM response from client
+ * @return the NTLM Type 2 message with the challenge
+ * @throws NtlmNegotiationException if there are communication, message
+ * format or NTLM negotiation exceptions
+ */
+ byte[] generateChallenge( byte[] type1reponse ) throws NtlmNegotiationException;
+
+
+ /**
+ * Handles a Type 3 NTLM reponse from the client.
+ *
+ * @param type3response the Type 3 NTLM reponse from the client
+ * @return the result of the successful authentication from the server
+ * @throws NtlmNegotiationException if there are communication, message
+ * format or NTLM negotiation exceptions
+ * @throws NtlmAuthenticationException if authentication fails for the user
+ */
+ byte[] authenticate( byte[] type3response ) throws NtlmAuthenticationException, NtlmNegotiationException;
+}
Added: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java?rev=653379&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java (added)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java Mon May 5 02:23:18 2008
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.ldap.handlers.bind.ntlm;
+
+
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
+
+import javax.security.sasl.SaslServer;
+import javax.security.sasl.SaslException;
+
+
+/**
+ * A SaslServer implementation for NTLM based SASL mechanism. This is
+ * required unfortunately because the JDK's SASL provider does not support
+ * this mechanism.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $$Rev$$
+ */
+public class NtlmSaslServer implements SaslServer
+{
+ enum NegotiationState { INITIALIZED, TYPE_1_RECEIVED, TYPE_2_SENT, TYPE_3_RECEIVED, COMPLETED }
+
+ private NegotiationState state = NegotiationState.INITIALIZED;
+ private final NtlmProvider provider;
+
+
+ public NtlmSaslServer( NtlmProvider provider )
+ {
+ this.provider = provider;
+ }
+
+
+ public String getMechanismName()
+ {
+ return SupportedSaslMechanisms.NTLM;
+ }
+
+
+ protected void responseRecieved()
+ {
+ switch ( state )
+ {
+ case INITIALIZED:
+ state = NegotiationState.TYPE_1_RECEIVED;
+ break;
+ case TYPE_1_RECEIVED:
+ throw new IllegalStateException( "Cannot receive NTLM message before sending Type 2 challenge." );
+ case TYPE_2_SENT:
+ state = NegotiationState.TYPE_3_RECEIVED;
+ break;
+ case TYPE_3_RECEIVED:
+ throw new IllegalStateException( "Cannot receive NTLM message after Type 3 has been received." );
+ case COMPLETED:
+ throw new IllegalStateException( "Sasl challenge response already completed." );
+ }
+ }
+
+
+ protected void responseSent()
+ {
+ switch ( state )
+ {
+ case INITIALIZED:
+ throw new IllegalStateException( "Cannot send Type 2 challenge before Type 1 response." );
+ case TYPE_1_RECEIVED:
+ state = NegotiationState.TYPE_2_SENT;
+ case TYPE_2_SENT:
+ throw new IllegalStateException( "Cannot send Type 2 after it's already sent." );
+ case TYPE_3_RECEIVED:
+ state = NegotiationState.COMPLETED;
+ case COMPLETED:
+ throw new IllegalStateException( "Sasl challenge response already completed." );
+ }
+ }
+
+
+ public byte[] evaluateResponse( byte[] response ) throws SaslException
+ {
+ if ( response == null )
+ {
+ throw new NullPointerException( "response was null" );
+ }
+
+ if ( response.length == 0 )
+ {
+ throw new IllegalArgumentException( "response with zero bytes" );
+ }
+
+ responseRecieved();
+ byte[] retval = null;
+
+ switch ( state )
+ {
+ case TYPE_1_RECEIVED:
+ try
+ {
+ retval = provider.generateChallenge( response );
+ }
+ catch ( NtlmNegotiationException e )
+ {
+ throw new SaslException( "NTLM negotiation failed.", e );
+ }
+ break;
+ case TYPE_3_RECEIVED:
+ try
+ {
+ retval = provider.authenticate( response );
+ }
+ catch ( NtlmNegotiationException e )
+ {
+ throw new SaslException( "NTLM negotiation failed.", e );
+ }
+ catch ( NtlmAuthenticationException e )
+ {
+ throw new SaslException( "Authentication failed.", e );
+ }
+ break;
+ }
+ responseSent();
+ return retval;
+ }
+
+
+ public boolean isComplete()
+ {
+ return state == NegotiationState.COMPLETED;
+ }
+
+
+ // --- NOT USED ---
+ public String getAuthorizationID()
+ {
+ return "";
+ }
+
+
+ public byte[] unwrap( byte[] incoming, int offset, int len ) throws SaslException
+ {
+ return new byte[0];
+ }
+
+
+ public byte[] wrap( byte[] outgoing, int offset, int len ) throws SaslException
+ {
+ return new byte[0];
+ }
+
+
+ public Object getNegotiatedProperty( String propName )
+ {
+ return "";
+ }
+
+
+ public void dispose() throws SaslException
+ {
+ }
+}
Added: directory/apacheds/branches/bigbang/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java?rev=653379&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java (added)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/test/java/org/apache/directory/server/ldap/LdapServerSettingsTest.java Mon May 5 02:23:18 2008
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.ldap;
+
+
+import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
+import org.apache.directory.server.ldap.handlers.bind.MechanismHandler;
+import org.apache.directory.server.ldap.handlers.bind.SimpleMechanismHandler;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
+
+import javax.naming.NamingException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+
+
+/**
+ * Test to confirm correct behavoir for settings on LdapServer bean.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $$Rev$$
+ */
+public class LdapServerSettingsTest
+{
+ @Test
+ public void testAddExtendedOperationHandler() throws NamingException
+ {
+ LdapServer server = new LdapServer();
+ StartTlsHandler handler = new StartTlsHandler();
+ server.addExtendedOperationHandler( handler );
+ assertEquals( handler, server.getExtendedOperationHandler( handler.getOid() ) );
+ server.removeExtendedOperationHandler( handler.getOid() );
+ assertNull( server.getExtendedOperationHandler( handler.getOid() ) );
+ }
+
+
+ @Test
+ public void testSetExtendedOperationHandlers()
+ {
+ LdapServer server = new LdapServer();
+ StartTlsHandler handler = new StartTlsHandler();
+ List<ExtendedOperationHandler> handlers = new ArrayList<ExtendedOperationHandler>();
+ handlers.add( handler );
+ server.setExtendedOperationHandlers( handlers );
+ assertEquals( handler, server.getExtendedOperationHandler( handler.getOid() ) );
+ server.removeExtendedOperationHandler( handler.getOid() );
+ assertNull( server.getExtendedOperationHandler( handler.getOid() ) );
+ }
+
+
+ @Test
+ public void testSetSaslMechanismHandlers()
+ {
+ LdapServer server = new LdapServer();
+ Map<String, MechanismHandler> handlers = new HashMap<String,MechanismHandler>();
+ MechanismHandler handler = new SimpleMechanismHandler();
+ handlers.put( SupportedSaslMechanisms.SIMPLE, handler );
+ server.setSaslMechanismHandlers( handlers );
+ assertEquals( handler, server.getMechanismHandler( SupportedSaslMechanisms.SIMPLE ) );
+ assertTrue( server.getSupportedMechanisms().contains( SupportedSaslMechanisms.SIMPLE ) );
+ server.removeSaslMechanismHandler( SupportedSaslMechanisms.SIMPLE );
+ assertNull( server.getMechanismHandler( SupportedSaslMechanisms.SIMPLE ) );
+ }
+}
Modified: directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java (original)
+++ directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java Mon May 5 02:23:18 2008
@@ -30,11 +30,14 @@
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
import org.apache.directory.server.ldap.handlers.extended.StoredProcedureExtendedOperationHandler;
+import org.apache.directory.server.ldap.handlers.bind.*;
+import org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmMechanismHandler;
import org.apache.directory.server.protocol.shared.SocketAcceptor;
import org.apache.directory.shared.ldap.exception.LdapConfigurationException;
import org.apache.directory.shared.ldap.ldif.LdifEntry;
import org.apache.directory.shared.ldap.ldif.LdifReader;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.mina.util.AvailablePortFinder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -49,11 +52,7 @@
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
+import java.util.*;
/**
@@ -248,6 +247,32 @@
ldapServer.setDirectoryService( directoryService );
ldapServer.setIpPort( port = AvailablePortFinder.getNextAvailable( 1024 ) );
+ Map<String, MechanismHandler> mechanismHandlerMap = new HashMap<String,MechanismHandler>();
+
+ mechanismHandlerMap.put( SupportedSaslMechanisms.SIMPLE, new SimpleMechanismHandler() );
+
+ CramMd5MechanismHandler cramMd5MechanismHandler = new CramMd5MechanismHandler();
+ cramMd5MechanismHandler.setDirectoryService( directoryService );
+ mechanismHandlerMap.put( SupportedSaslMechanisms.CRAM_MD5, cramMd5MechanismHandler );
+
+ DigestMd5MechanismHandler digestMd5MechanismHandler = new DigestMd5MechanismHandler();
+ digestMd5MechanismHandler.setDirectoryService( directoryService );
+ mechanismHandlerMap.put( SupportedSaslMechanisms.DIGEST_MD5, digestMd5MechanismHandler );
+
+ GssapiMechanismHandler gssapiMechanismHandler = new GssapiMechanismHandler();
+ gssapiMechanismHandler.setDirectoryService( directoryService );
+ mechanismHandlerMap.put( SupportedSaslMechanisms.GSSAPI, gssapiMechanismHandler );
+
+ NtlmMechanismHandler ntlmMechanismHandler = new NtlmMechanismHandler();
+ // TODO - set some sort of default NtlmProvider implementation here
+ // ntlmMechanismHandler.setNtlmProvider( provider );
+ // TODO - or set FQCN of some sort of default NtlmProvider implementation here
+ // ntlmMechanismHandler.setNtlmProviderFqcn( "com.foo.BarNtlmProvider" );
+ mechanismHandlerMap.put( SupportedSaslMechanisms.NTLM, ntlmMechanismHandler );
+
+ ldapServer.setSaslMechanismHandlers( mechanismHandlerMap );
+
+
doDelete( directoryService.getWorkingDirectory() );
configureDirectoryService();
directoryService.startup();
Modified: directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java (original)
+++ directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java Mon May 5 02:23:18 2008
@@ -30,6 +30,7 @@
import org.apache.directory.shared.ldap.message.AttributeImpl;
import org.apache.directory.shared.ldap.message.AttributesImpl;
import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
@@ -175,19 +176,13 @@
{ "supportedSASLMechanisms" } );
NamingEnumeration<? extends Attribute> answer = attrs.getAll();
-
- if ( answer.hasMore() )
- {
- Attribute result = answer.next();
- assertTrue( result.size() == 3 );
- assertTrue( result.contains( "GSSAPI" ) );
- assertTrue( result.contains( "DIGEST-MD5" ) );
- assertTrue( result.contains( "CRAM-MD5" ) );
- }
- else
- {
- fail( "Should have returned 3 SASL mechanisms." );
- }
+ Attribute result = answer.next();
+ assertTrue( result.size() == 5 );
+ assertTrue( result.contains( SupportedSaslMechanisms.GSSAPI ) );
+ assertTrue( result.contains( SupportedSaslMechanisms.DIGEST_MD5 ) );
+ assertTrue( result.contains( SupportedSaslMechanisms.CRAM_MD5 ) );
+ assertTrue( result.contains( SupportedSaslMechanisms.NTLM ) );
+ assertTrue( result.contains( SupportedSaslMechanisms.SIMPLE ) );
}
catch ( NamingException e )
{
Modified: directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml (original)
+++ directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml Mon May 5 02:23:18 2008
@@ -142,6 +142,7 @@
<socketAcceptor>#socketAcceptor</socketAcceptor>
</ldapServer>
+
<ldapServer id="ldapServer"
ipPort="10389"
allowAnonymousAccess="false"
@@ -153,13 +154,25 @@
<directoryService>#directoryService</directoryService>
<socketAcceptor>#socketAcceptor</socketAcceptor>
+
<!-- The list of supported authentication mechanisms. -->
- <supportedMechanisms>
- <s:value>SIMPLE</s:value>
- <s:value>CRAM-MD5</s:value>
- <s:value>DIGEST-MD5</s:value>
- <!--<s:value>GSSAPI</s:value>-->
- </supportedMechanisms>
+ <saslMechanismHandlers>
+ <s:entry key="SIMPLE">
+ <simpleMechanismHandler/>
+ </s:entry>
+ <s:entry key="CRAM-MD5">
+ <cramMd5MechanismHandler directoryService="#directoryService"/>
+ </s:entry>
+ <s:entry key="DIGEST-MD5">
+ <digestMd5MechanismHandler directoryService="#directoryService" />
+ </s:entry>
+ <s:entry key="GSSAPI">
+ <gssapiMechanismHandler directoryService="#directoryService" />
+ </s:entry>
+ <s:entry key="NTLM">
+ <ntlmMechanismHandler ntlmProviderFqcn="com.foo.Bar" />
+ </s:entry>
+ </saslMechanismHandlers>
<!-- The desired quality-of-protection, used by DIGEST-MD5 and GSSAPI. -->
<saslQop>
Modified: directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SchemaConstants.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SchemaConstants.java?rev=653379&r1=653378&r2=653379&view=diff
==============================================================================
--- directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SchemaConstants.java (original)
+++ directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SchemaConstants.java Mon May 5 02:23:18 2008
@@ -264,6 +264,10 @@
// SupportedExtension
String SUPPORTED_EXTENSION_AT = "supportedExtension";
String SUPPORTED_EXTENSION_AT_OID = "1.3.6.1.4.1.1466.101.120.7";
+
+ // supportedSASLMechanisms
+ String SUPPORTED_SASL_MECHANISMS_AT = "supportedSASLMechanisms";
+ String SUPPORTED_SASL_MECHANISMS_AT_OID = "1.3.6.1.4.1.1466.101.120.14";
// supportedControl
String SUPPORTED_CONTROL_AT = "supportedControl";
Copied: directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java (from r653288, directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSASLMechanisms.java)
URL: http://svn.apache.org/viewvc/directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java?p2=directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java&p1=directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSASLMechanisms.java&r1=653288&r2=653379&rev=653379&view=diff
==============================================================================
--- directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSASLMechanisms.java (original)
+++ directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java Mon May 5 02:23:18 2008
@@ -26,10 +26,8 @@
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$
*/
-public interface SupportedSASLMechanisms
+public interface SupportedSaslMechanisms
{
- String ATTRIBUTE = "supportedSASLMechanisms";
-
String CRAM_MD5 = "CRAM-MD5";
String DIGEST_MD5 = "DIGEST-MD5";
String GSSAPI = "GSSAPI";
Propchange: directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java
------------------------------------------------------------------------------
svn:eol-style = native