You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2008/08/06 12:39:44 UTC
svn commit: r683215 - in
/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers:
./ bind/cramMD5/ bind/digestMD5/ bind/ntlm/
Author: elecharny
Date: Wed Aug 6 03:39:42 2008
New Revision: 683215
URL: http://svn.apache.org/viewvc?rev=683215&view=rev
Log:
Store a LdapPrincipal instea dof a serverEntry in the SASL_AUTHENT_USER, as we may not have a ServerEntry for external users.
Modified:
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java?rev=683215&r1=683214&r2=683215&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java Wed Aug 6 03:39:42 2008
@@ -32,8 +32,8 @@
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.authn.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
-import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
@@ -464,9 +464,9 @@
// Create the user's coreSession
try
{
- ServerEntry userEntry = (ServerEntry)ldapSession.getSaslProperty( SaslConstants.SASL_AUTHENT_USER );
+ LdapPrincipal ldapPrincipal = (LdapPrincipal)ldapSession.getSaslProperty( SaslConstants.SASL_AUTHENT_USER );
- CoreSession userSession = ds.getSession( userEntry.getDn(), userEntry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes(), saslMechanism, null );
+ CoreSession userSession = ds.getSession( ldapPrincipal.getJndiName(), ldapPrincipal.getUserPassword(), saslMechanism, null );
ldapSession.setCoreSession( userSession );
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java?rev=683215&r1=683214&r2=683215&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java Wed Aug 6 03:39:42 2008
@@ -24,11 +24,13 @@
import java.util.Set;
import org.apache.directory.server.core.CoreSession;
+import org.apache.directory.server.core.authn.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.newldap.LdapSession;
import org.apache.directory.server.newldap.handlers.bind.AbstractSaslCallbackHandler;
import org.apache.directory.server.newldap.handlers.bind.SaslConstants;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.filter.ExprNode;
@@ -39,6 +41,7 @@
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.schema.AttributeType;
import org.apache.directory.shared.ldap.schema.AttributeTypeOptions;
+import org.apache.directory.shared.ldap.util.StringTools;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -101,7 +104,11 @@
while ( cursor.next() )
{
entry = cursor.get();
- ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, entry );
+ LdapPrincipal ldapPrincipal = new LdapPrincipal(
+ entry.getDn(),
+ AuthenticationLevel.STRONG,
+ entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() );
+ ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
}
return entry.get( passwordAT );
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java?rev=683215&r1=683214&r2=683215&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java Wed Aug 6 03:39:42 2008
@@ -24,11 +24,13 @@
import java.util.Set;
import org.apache.directory.server.core.CoreSession;
+import org.apache.directory.server.core.authn.LdapPrincipal;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.newldap.LdapSession;
import org.apache.directory.server.newldap.handlers.bind.AbstractSaslCallbackHandler;
import org.apache.directory.server.newldap.handlers.bind.SaslConstants;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.filter.ExprNode;
@@ -101,7 +103,11 @@
while ( cursor.next() )
{
entry = cursor.get();
- ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, entry );
+ LdapPrincipal ldapPrincipal = new LdapPrincipal(
+ entry.getDn(),
+ AuthenticationLevel.STRONG,
+ entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() );
+ ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
}
return entry.get( passwordAT );
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java?rev=683215&r1=683214&r2=683215&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java Wed Aug 6 03:39:42 2008
@@ -20,12 +20,18 @@
package org.apache.directory.server.newldap.handlers.bind.ntlm;
+import org.apache.directory.server.core.CoreSession;
+import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.server.newldap.LdapSession;
import org.apache.directory.server.newldap.handlers.bind.AbstractSaslServer;
+import org.apache.directory.server.newldap.handlers.bind.SaslConstants;
import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.directory.shared.ldap.message.BindRequest;
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.util.StringTools;
import javax.naming.Context;
+import javax.naming.InvalidNameException;
import javax.security.sasl.SaslException;
@@ -148,7 +154,8 @@
try
{
result = provider.authenticate( getLdapSession().getIoSession(), response );
- getLdapSession().getIoSession().setAttribute( Context.SECURITY_PRINCIPAL, getBindRequest().getName().toString() );
+
+ getLdapSession().putSaslProperty( Context.SECURITY_PRINCIPAL, getBindRequest().getName().toString() );
}
catch ( Exception e )
{
@@ -169,6 +176,21 @@
/**
+ * Try to authenticate the usr against the underlying LDAP server.
+ */
+ private CoreSession authenticate( String user, String password ) throws InvalidNameException, Exception
+ {
+ BindOperationContext bindContext = new BindOperationContext( getLdapSession().getCoreSession() );
+ bindContext.setDn( new LdapDN( user ) );
+ bindContext.setCredentials( StringTools.getBytesUtf8( password ) );
+
+ getAdminSession().getDirectoryService().getOperationManager().bind( bindContext );
+
+ return bindContext.getSession();
+ }
+
+
+ /**
* {@inheritDoc}
*/
public boolean isComplete()