You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2006/04/13 10:50:31 UTC
svn commit: r393766 - in /directory/trunks/apacheds/server-sasl: ./ src/
src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/
src/main/java/org/apache/directory/
src/main/java/org/apache/directory/server/ src/main/java/org/apache/direc...
Author: trustin
Date: Thu Apr 13 01:50:28 2006
New Revision: 393766
URL: http://svn.apache.org/viewcvs?rev=393766&view=rev
Log:
* Added server-sasl implementation (not finished yet)
* I didn't add this module to the root POM due to it's incompleteness.
Added:
directory/trunks/apacheds/server-sasl/
directory/trunks/apacheds/server-sasl/pom.xml (with props)
directory/trunks/apacheds/server-sasl/src/
directory/trunks/apacheds/server-sasl/src/main/
directory/trunks/apacheds/server-sasl/src/main/java/
directory/trunks/apacheds/server-sasl/src/main/java/org/
directory/trunks/apacheds/server-sasl/src/main/java/org/apache/
directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/
directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/
directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/sasl/
directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/sasl/SaslBindHandler.java (with props)
directory/trunks/apacheds/server-sasl/src/test/
directory/trunks/apacheds/server-sasl/src/test/java/
directory/trunks/apacheds/server-sasl/src/test/java/org/
directory/trunks/apacheds/server-sasl/src/test/java/org/apache/
directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/
directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/
directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/sasl/
directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/sasl/SaslBindHandlerTest.java (with props)
Added: directory/trunks/apacheds/server-sasl/pom.xml
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/server-sasl/pom.xml?rev=393766&view=auto
==============================================================================
--- directory/trunks/apacheds/server-sasl/pom.xml (added)
+++ directory/trunks/apacheds/server-sasl/pom.xml Thu Apr 13 01:50:28 2006
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project>
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>build</artifactId>
+ <version>1.1.0-SNAPSHOT</version>
+ </parent>
+ <artifactId>apacheds-server-sasl</artifactId>
+ <name>ApacheDS Server SASL</name>
+ <description>
+ A SASL support module for ApacheDS
+ </description>
+ <packaging>jar</packaging>
+ <dependencies>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>nlog4j</artifactId>
+ <version>1.2.19</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.shared</groupId>
+ <artifactId>shared-ldap</artifactId>
+ <version>0.9.6-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-protocol-ldap</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-server-jndi</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-server-unit</artifactId>
+ <version>${pom.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.mina</groupId>
+ <artifactId>mina-filter-ssl</artifactId>
+ <version>0.9.2</version>
+ </dependency>
+ </dependencies>
+</project>
+
Propchange: directory/trunks/apacheds/server-sasl/pom.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/trunks/apacheds/server-sasl/pom.xml
------------------------------------------------------------------------------
svn:executable = *
Added: directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/sasl/SaslBindHandler.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/sasl/SaslBindHandler.java?rev=393766&view=auto
==============================================================================
--- directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/sasl/SaslBindHandler.java (added)
+++ directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/sasl/SaslBindHandler.java Thu Apr 13 01:50:28 2006
@@ -0,0 +1,179 @@
+package org.apache.directory.server.sasl;
+
+import java.util.Hashtable;
+
+import javax.naming.ldap.LdapContext;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslServer;
+
+import org.apache.directory.server.ldap.SessionRegistry;
+import org.apache.directory.server.ldap.support.BindHandler;
+import org.apache.directory.shared.ldap.message.BindRequest;
+import org.apache.directory.shared.ldap.message.BindResponse;
+import org.apache.directory.shared.ldap.message.LdapResult;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.apache.mina.common.IoSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SaslBindHandler extends BindHandler
+{
+ private static final String KEY_SASL_SERVER =
+ SaslBindHandler.class.getName() + ".saslServer";
+
+ private final Logger log = LoggerFactory.getLogger( SaslBindHandler.class );
+
+ public SaslBindHandler()
+ {
+ super();
+ }
+
+ public void messageReceived( IoSession session, Object message ) throws Exception
+ {
+ LdapContext ctx;
+ BindRequest req = ( BindRequest ) message;
+ LdapResult result = req.getResultResponse().getLdapResult();
+ Hashtable env = SessionRegistry.getSingleton().getEnvironment();
+
+ // If the bind request is simple, then forward the request to the
+ // original BindHandler implementation.
+ if( req.isSimple() )
+ {
+ super.messageReceived( session, message );
+ return;
+ }
+
+ SaslServer saslServer = ( SaslServer ) session.getAttribute( KEY_SASL_SERVER );
+ if( saslServer == null )
+ {
+ String mechanism = req.getSaslMechanism().toUpperCase();
+ if( mechanism.equals( "CRAM-MD5" ) || mechanism.equals( "DIGEST-MD5" ) )
+ {
+ // Create an instance of SaslServer
+ saslServer = Sasl.createSaslServer(
+ mechanism, "ldap",
+ "example.com", null, null);
+ session.setAttribute( KEY_SASL_SERVER, saslServer );
+ }
+ else
+ {
+ result.setResultCode( ResultCodeEnum.AUTHMETHODNOTSUPPORTED );
+ result.setErrorMessage( "Unsupported SASL mechanism: " + mechanism );
+ session.write( req.getResultResponse() );
+ return;
+ }
+ }
+
+ if( !saslServer.isComplete() ) {
+ // Generate a challenge
+ byte[] clientResponse = req.getCredentials();
+ if( clientResponse == null ) {
+ clientResponse = new byte[0];
+ }
+ byte[] challenge = saslServer.evaluateResponse( clientResponse );
+
+ // Return the challenge if not complete
+ if( !saslServer.isComplete() )
+ {
+ result.setResultCode( ResultCodeEnum.SASLBINDINPROGRESS );
+ BindResponse response = ( BindResponse ) req.getResultResponse();
+ response.setServerSaslCreds( challenge );
+ session.write( req.getResultResponse() );
+ }
+ }
+
+ // Wait for the next BindRequest if not complete yet.
+ if( !saslServer.isComplete() )
+ {
+ return;
+ }
+
+ // Remove the session attribute in case user initiates bind again.
+ session.removeAttribute( KEY_SASL_SERVER );
+
+ result.setResultCode( ResultCodeEnum.SUCCESS );
+ session.write( req.getResultResponse() );
+
+ /*
+ boolean emptyDn = StringTools.isEmpty( req.getName() );
+
+ // clone the environment first then add the required security settings
+ String dn = ( emptyDn ? "" : req.getName() );
+ byte[] creds = req.getCredentials();
+
+ Hashtable cloned = ( Hashtable ) env.clone();
+ cloned.put( Context.SECURITY_PRINCIPAL, dn );
+ cloned.put( Context.SECURITY_CREDENTIALS, creds );
+ cloned.put( Context.SECURITY_AUTHENTICATION, "simple" );
+
+ if ( req.getControls().containsKey( ManageDsaITControl.CONTROL_OID ) )
+ {
+ cloned.put( Context.REFERRAL, "ignore" );
+ }
+ else
+ {
+ cloned.put( Context.REFERRAL, "throw" );
+ }
+
+ try
+ {
+ if ( cloned.containsKey( "server.use.factory.instance" ) )
+ {
+ InitialContextFactory factory = ( InitialContextFactory ) cloned.get( "server.use.factory.instance" );
+
+ if ( factory == null )
+ {
+ throw new NullPointerException( "server.use.factory.instance was set in env but was null" );
+ }
+
+ // Bind is a special case where we have to use the referral property to deal
+ ctx = ( LdapContext ) factory.getInitialContext( cloned );
+ }
+ else
+ {
+ Control[] connCtls = ( Control[] ) req.getControls().values().toArray( EMPTY );
+ ctx = new InitialLdapContext( cloned, connCtls );
+ }
+ }
+ catch ( NamingException e )
+ {
+ ResultCodeEnum code;
+
+ if ( e instanceof LdapException )
+ {
+ code = ( ( LdapException ) e ).getResultCode();
+ result.setResultCode( code );
+ }
+ else
+ {
+ code = ResultCodeEnum.getBestEstimate( e, req.getType() );
+ result.setResultCode( code );
+ }
+
+ String msg = "Bind failed";
+ if ( log.isDebugEnabled() )
+ {
+ msg += ":\n" + ExceptionUtils.getStackTrace( e );
+ msg += "\n\nBindRequest = \n" + req.toString();
+ }
+
+ if ( ( e.getResolvedName() != null )
+ && ( ( code == ResultCodeEnum.NOSUCHOBJECT ) || ( code == ResultCodeEnum.ALIASPROBLEM )
+ || ( code == ResultCodeEnum.INVALIDDNSYNTAX ) || ( code == ResultCodeEnum.ALIASDEREFERENCINGPROBLEM ) ) )
+ {
+ result.setMatchedDn( e.getResolvedName().toString() );
+ }
+
+ result.setErrorMessage( msg );
+ session.write( req.getResultResponse() );
+ return;
+ }
+
+ SessionRegistry.getSingleton().setLdapContext( session, ctx );
+ result.setResultCode( ResultCodeEnum.SUCCESS );
+ session.write( req.getResultResponse() );
+ */
+ }
+
+
+}
Propchange: directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/sasl/SaslBindHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/trunks/apacheds/server-sasl/src/main/java/org/apache/directory/server/sasl/SaslBindHandler.java
------------------------------------------------------------------------------
svn:executable = *
Added: directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/sasl/SaslBindHandlerTest.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/sasl/SaslBindHandlerTest.java?rev=393766&view=auto
==============================================================================
--- directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/sasl/SaslBindHandlerTest.java (added)
+++ directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/sasl/SaslBindHandlerTest.java Thu Apr 13 01:50:28 2006
@@ -0,0 +1,78 @@
+package org.apache.directory.server.sasl;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Hashtable;
+
+import javax.naming.ldap.Control;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.StartTlsRequest;
+import javax.naming.ldap.StartTlsResponse;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.directory.server.unit.AbstractServerTest;
+
+/**
+ * Tests {@link SaslBindHandler}.
+ *
+ * @author Trustin Lee
+ * @version $Rev: 27 $, $Date: 2005-11-14 17:10:05 +0900 (Mon, 14 Nov 2005) $
+ */
+public class SaslBindHandlerTest extends AbstractServerTest
+{
+ private LdapContext ctx = null;
+
+ public SaslBindHandlerTest()
+ {
+ }
+
+ public void setUp() throws Exception
+ {
+ configuration.get
+ configuration.setExtendedOperationHandlers( extendedHandlers );
+
+ super.setUp();
+
+ Hashtable env = new Hashtable();
+ env.put( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
+ env.put( "java.naming.provider.url", "ldap://localhost:" + port + "/ou=system" );
+ env.put( "java.naming.security.principal", "uid=admin,ou=system" );
+ env.put( "java.naming.security.credentials", "secret" );
+ env.put( "java.naming.security.authentication", "simple" );
+ ctx = new InitialLdapContext( env, new Control[ 0 ] );
+ }
+
+ public void tearDown() throws Exception
+ {
+ ctx.close();
+ ctx = null;
+ super.tearDown();
+ }
+
+ public void testStartTLS() throws Exception
+ {
+ StartTlsResponse res =
+ ( StartTlsResponse ) ctx.extendedOperation( new StartTlsRequest() );
+
+ // Set the fake hostname verifier to pass the negotiation process.
+ res.setHostnameVerifier( new HostnameVerifier()
+ {
+ public boolean verify( String arg0, SSLSession arg1 )
+ {
+ return true;
+ }
+
+ });
+
+ SSLSocketFactory socketFactory = BogusSSLContextFactory.getInstance( false ).getSocketFactory();
+ res.negotiate( socketFactory );
+
+ res.close();
+ }
+}
Propchange: directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/sasl/SaslBindHandlerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/trunks/apacheds/server-sasl/src/test/java/org/apache/directory/server/sasl/SaslBindHandlerTest.java
------------------------------------------------------------------------------
svn:executable = *