You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/05/06 22:17:06 UTC
svn commit: r653903 - in /directory: apacheds/branches/bigbang/apacheds-jdbm/
apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/
apacheds/branches/bigbang/server-unit/src/main/java/org/apache/dire...
Author: akarasulu
Date: Tue May 6 13:17:05 2008
New Revision: 653903
URL: http://svn.apache.org/viewvc?rev=653903&view=rev
Log:
adding NtlmAuthenticationResult return type and using NtlmMechanismHandler for GSS-SPNEGO
Added:
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationResult.java
Modified:
directory/apacheds/branches/bigbang/apacheds-jdbm/ (props changed)
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java
directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java
directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java
directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml
directory/apacheds/branches/bigbang/xbean-spring/ (props changed)
directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java
Propchange: directory/apacheds/branches/bigbang/apacheds-jdbm/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Tue May 6 13:17:05 2008
@@ -1,4 +1,5 @@
.classpath
+*.iml
.project
.settings
target
Added: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationResult.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationResult.java?rev=653903&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationResult.java (added)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmAuthenticationResult.java Tue May 6 13:17:05 2008
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.ldap.handlers.bind.ntlm;
+
+
+/**
+ * The results of an NTLM authentication attempt.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $$Rev$$
+ */
+public class NtlmAuthenticationResult
+{
+ private final boolean success;
+ private final byte[] response;
+
+
+ public NtlmAuthenticationResult( byte[] response, boolean success )
+ {
+ this.response = response;
+ this.success = success;
+ }
+
+
+ /**
+ * Gets whether or not authentication was a success.
+ *
+ * @return true if authentication succeeded, or false if it failed
+ */
+ public boolean isSuccess()
+ {
+ return success;
+ }
+
+
+ /**
+ * Gets a copy of the response to return so it cannot be altered.
+ *
+ * @return a copy of the authentication response
+ */
+ public byte[] getResponse()
+ {
+ byte[] copy = new byte[response.length];
+ System.arraycopy( response, 0, copy, 0, response.length );
+ return copy;
+ }
+}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java?rev=653903&r1=653902&r2=653903&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java Tue May 6 13:17:05 2008
@@ -28,7 +28,9 @@
/**
- * A handler for the NTLM Sasl mechanism.
+ * A handler for the NTLM Sasl and GSS-SPNEGO mechanism. Note that both
+ * mechanisms require an NTLM mechanism provider which could be implemented
+ * using jCIFS or native Win32 system calls via a JNI wrapper.
*
* @org.apache.xbean.XBean
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java?rev=653903&r1=653902&r2=653903&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmProvider.java Tue May 6 13:17:05 2008
@@ -36,10 +36,8 @@
*
* @param type1reponse the Type 1 NTLM response from client
* @return the NTLM Type 2 message with the challenge
- * @throws NtlmNegotiationException if there are communication, message
- * format or NTLM negotiation exceptions
*/
- byte[] generateChallenge( byte[] type1reponse ) throws NtlmNegotiationException;
+ byte[] generateChallenge( byte[] type1reponse ) throws Exception;
/**
@@ -47,9 +45,6 @@
*
* @param type3response the Type 3 NTLM reponse from the client
* @return the result of the successful authentication from the server
- * @throws NtlmNegotiationException if there are communication, message
- * format or NTLM negotiation exceptions
- * @throws NtlmAuthenticationException if authentication fails for the user
*/
- byte[] authenticate( byte[] type3response ) throws NtlmAuthenticationException, NtlmNegotiationException;
+ NtlmAuthenticationResult authenticate( byte[] type3response ) throws Exception;
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java?rev=653903&r1=653902&r2=653903&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java Tue May 6 13:17:05 2008
@@ -114,26 +114,28 @@
{
retval = provider.generateChallenge( response );
}
- catch ( NtlmNegotiationException e )
+ catch ( Exception e )
{
- throw new SaslException( "NTLM negotiation failed.", e );
+ throw new SaslException( "There was a failure during NTLM Type 1 message handling.", e );
}
break;
case TYPE_3_RECEIVED:
+ NtlmAuthenticationResult result = null;
try
{
- retval = provider.authenticate( response );
+ result = provider.authenticate( response );
}
- catch ( NtlmNegotiationException e )
+ catch ( Exception e )
{
- throw new SaslException( "NTLM negotiation failed.", e );
+ throw new SaslException( "There was a failure during NTLM Type 3 message handling.", e );
}
- catch ( NtlmAuthenticationException e )
+
+ if ( ! result.isSuccess() )
{
- throw new SaslException( "Authentication failed.", e );
+ throw new SaslException( "Authentication occurred but the credentials were invalid." );
}
break;
- }
+ }
responseSent();
return retval;
}
Modified: directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java?rev=653903&r1=653902&r2=653903&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java (original)
+++ directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java Tue May 6 13:17:05 2008
@@ -247,6 +247,22 @@
ldapServer.setDirectoryService( directoryService );
ldapServer.setIpPort( port = AvailablePortFinder.getNextAvailable( 1024 ) );
+ setupSaslMechanisms( ldapServer );
+
+ doDelete( directoryService.getWorkingDirectory() );
+ configureDirectoryService();
+ directoryService.startup();
+
+ configureLdapServer();
+ ldapServer.addExtendedOperationHandler( new StartTlsHandler() );
+ ldapServer.addExtendedOperationHandler( new StoredProcedureExtendedOperationHandler() );
+ ldapServer.start();
+ setContexts( ServerDNConstants.ADMIN_SYSTEM_DN, "secret" );
+ }
+
+
+ private void setupSaslMechanisms( LdapServer server )
+ {
Map<String, MechanismHandler> mechanismHandlerMap = new HashMap<String,MechanismHandler>();
mechanismHandlerMap.put( SupportedSaslMechanisms.SIMPLE, new SimpleMechanismHandler() );
@@ -269,35 +285,29 @@
// TODO - or set FQCN of some sort of default NtlmProvider implementation here
// ntlmMechanismHandler.setNtlmProviderFqcn( "com.foo.BarNtlmProvider" );
mechanismHandlerMap.put( SupportedSaslMechanisms.NTLM, ntlmMechanismHandler );
+ mechanismHandlerMap.put( SupportedSaslMechanisms.GSS_SPNEGO, ntlmMechanismHandler );
ldapServer.setSaslMechanismHandlers( mechanismHandlerMap );
-
-
- doDelete( directoryService.getWorkingDirectory() );
- configureDirectoryService();
- directoryService.startup();
-
- configureLdapServer();
- ldapServer.addExtendedOperationHandler( new StartTlsHandler() );
- ldapServer.addExtendedOperationHandler( new StoredProcedureExtendedOperationHandler() );
- ldapServer.start();
- setContexts( ServerDNConstants.ADMIN_SYSTEM_DN, "secret" );
}
+
protected void configureDirectoryService() throws NamingException
{
}
+
protected void configureLdapServer()
{
}
+
protected void setAllowAnonymousAccess( boolean anonymousAccess )
{
directoryService.setAllowAnonymousAccess( anonymousAccess );
ldapServer.setAllowAnonymousAccess( anonymousAccess );
}
+
/**
* Deletes the Eve working directory.
* @param wkdir the directory to delete
Modified: directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java?rev=653903&r1=653902&r2=653903&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java (original)
+++ directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java Tue May 6 13:17:05 2008
@@ -183,6 +183,7 @@
assertTrue( result.contains( SupportedSaslMechanisms.CRAM_MD5 ) );
assertTrue( result.contains( SupportedSaslMechanisms.NTLM ) );
assertTrue( result.contains( SupportedSaslMechanisms.SIMPLE ) );
+ assertTrue( result.contains( SupportedSaslMechanisms.GSS_SPNEGO ) );
}
catch ( NamingException e )
{
Modified: directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml?rev=653903&r1=653902&r2=653903&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml (original)
+++ directory/apacheds/branches/bigbang/server-xml/src/main/resources/server.xml Tue May 6 13:17:05 2008
@@ -172,6 +172,9 @@
<s:entry key="NTLM">
<ntlmMechanismHandler ntlmProviderFqcn="com.foo.Bar" />
</s:entry>
+ <s:entry key="GSS-SPNEGO">
+ <ntlmMechanismHandler ntlmProviderFqcn="com.foo.Bar" />
+ </s:entry>
</saslMechanismHandlers>
<!-- The desired quality-of-protection, used by DIGEST-MD5 and GSSAPI. -->
Propchange: directory/apacheds/branches/bigbang/xbean-spring/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Tue May 6 13:17:05 2008
@@ -1,4 +1,5 @@
target
+*.iml
*.ipr
*.iws
.classpath
Modified: directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java?rev=653903&r1=653902&r2=653903&view=diff
==============================================================================
--- directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java (original)
+++ directory/shared/branches/bigbang/ldap-constants/src/main/java/org/apache/directory/shared/ldap/constants/SupportedSaslMechanisms.java Tue May 6 13:17:05 2008
@@ -35,4 +35,6 @@
/** Not a SASL JDK supported mechanism */
String NTLM = "NTLM";
+ /** Not a SASL JDK supported mechanism */
+ String GSS_SPNEGO = "GSS-SPNEGO";
}