1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.sasl.cramMD5;
21
22
23 import javax.naming.Context;
24 import javax.security.sasl.AuthorizeCallback;
25
26 import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
27 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
28 import org.apache.directory.api.ldap.model.cursor.Cursor;
29 import org.apache.directory.api.ldap.model.entry.Attribute;
30 import org.apache.directory.api.ldap.model.entry.Entry;
31 import org.apache.directory.api.ldap.model.filter.ExprNode;
32 import org.apache.directory.api.ldap.model.filter.FilterParser;
33 import org.apache.directory.api.ldap.model.message.AliasDerefMode;
34 import org.apache.directory.api.ldap.model.message.BindRequest;
35 import org.apache.directory.api.ldap.model.message.SearchScope;
36 import org.apache.directory.api.ldap.model.name.Dn;
37 import org.apache.directory.api.ldap.model.schema.SchemaManager;
38 import org.apache.directory.server.core.api.CoreSession;
39 import org.apache.directory.server.core.api.LdapPrincipal;
40 import org.apache.directory.server.ldap.LdapSession;
41 import org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler;
42 import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
43 import org.slf4j.Logger;
44 import org.slf4j.LoggerFactory;
45
46
47
48
49
50 public class CramMd5CallbackHandler extends AbstractSaslCallbackHandler
51 {
52 private static final Logger LOG = LoggerFactory.getLogger( CramMd5CallbackHandler.class );
53
54 private String bindDn;
55
56
57 private SchemaManager schemaManager;
58
59
60
61
62
63
64
65
66
67 public CramMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, BindRequest bindRequest )
68 {
69 super( adminSession.getDirectoryService(), bindRequest );
70 this.ldapSession = ldapSession;
71 this.adminSession = adminSession;
72 schemaManager = adminSession.getDirectoryService().getSchemaManager();
73 }
74
75
76 protected Attribute lookupPassword( String username, String realm )
77 {
78 try
79 {
80 ExprNode filter = FilterParser.parse( schemaManager, "(uid=" + username + ")" );
81
82 bindDn = ( String ) ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN );
83
84 Dn baseDn = new Dn( bindDn );
85
86 Cursor<Entry> cursor = adminSession.search(
87 baseDn,
88 SearchScope.SUBTREE,
89 filter,
90 AliasDerefMode.DEREF_ALWAYS,
91 SchemaConstants.USER_PASSWORD_AT );
92
93 cursor.beforeFirst();
94
95 Entry entry = null;
96
97 while ( cursor.next() )
98 {
99 entry = cursor.get();
100 LdapPrincipalre/api/LdapPrincipal.html#LdapPrincipal">LdapPrincipal ldapPrincipal = new LdapPrincipal(
101 schemaManager,
102 entry.getDn(),
103 AuthenticationLevel.STRONG,
104 entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() );
105 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
106 }
107
108 cursor.close();
109
110 if ( entry != null )
111 {
112 return entry.get( SchemaConstants.USER_PASSWORD_AT );
113 }
114 else
115 {
116 return null;
117 }
118 }
119 catch ( Exception e )
120 {
121 return null;
122 }
123 }
124
125
126 protected void authorize( AuthorizeCallback authorizeCB )
127 {
128 if ( LOG.isDebugEnabled() )
129 {
130 LOG.debug( "Converted username {} to Dn {}", getUsername(), bindDn );
131 }
132
133 ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn );
134
135 authorizeCB.setAuthorizedID( bindDn );
136 authorizeCB.setAuthorized( true );
137 }
138 }