View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.directory.server.ldap.handlers.sasl.cramMD5;
21  
22  
23  import javax.naming.Context;
24  import javax.security.sasl.AuthorizeCallback;
25  
26  import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
27  import org.apache.directory.api.ldap.model.constants.SchemaConstants;
28  import org.apache.directory.api.ldap.model.cursor.Cursor;
29  import org.apache.directory.api.ldap.model.entry.Attribute;
30  import org.apache.directory.api.ldap.model.entry.Entry;
31  import org.apache.directory.api.ldap.model.filter.ExprNode;
32  import org.apache.directory.api.ldap.model.filter.FilterParser;
33  import org.apache.directory.api.ldap.model.message.AliasDerefMode;
34  import org.apache.directory.api.ldap.model.message.BindRequest;
35  import org.apache.directory.api.ldap.model.message.SearchScope;
36  import org.apache.directory.api.ldap.model.name.Dn;
37  import org.apache.directory.api.ldap.model.schema.SchemaManager;
38  import org.apache.directory.server.core.api.CoreSession;
39  import org.apache.directory.server.core.api.LdapPrincipal;
40  import org.apache.directory.server.ldap.LdapSession;
41  import org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler;
42  import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
43  import org.slf4j.Logger;
44  import org.slf4j.LoggerFactory;
45  
46  
47  /**
48   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
49   */
50  public class CramMd5CallbackHandler extends AbstractSaslCallbackHandler
51  {
52      private static final Logger LOG = LoggerFactory.getLogger( CramMd5CallbackHandler.class );
53  
54      private String bindDn;
55  
56      /** A SchemaManager instance */
57      private SchemaManager schemaManager;
58  
59  
60      /**
61       * Creates a new instance of CramMd5CallbackHandler.
62       *
63       * @param ldapSession the mina IoSession
64       * @param adminSession the admin session
65       * @param bindRequest the bind message
66       */
67      public CramMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, BindRequest bindRequest )
68      {
69          super( adminSession.getDirectoryService(), bindRequest );
70          this.ldapSession = ldapSession;
71          this.adminSession = adminSession;
72          schemaManager = adminSession.getDirectoryService().getSchemaManager();
73      }
74  
75  
76      protected Attribute lookupPassword( String username, String realm )
77      {
78          try
79          {
80              ExprNode filter = FilterParser.parse( schemaManager, "(uid=" + username + ")" );
81  
82              bindDn = ( String ) ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN );
83  
84              Dn baseDn = new Dn( bindDn );
85  
86              Cursor<Entry> cursor = adminSession.search(
87                  baseDn,
88                  SearchScope.SUBTREE,
89                  filter,
90                  AliasDerefMode.DEREF_ALWAYS,
91                  SchemaConstants.USER_PASSWORD_AT );
92  
93              cursor.beforeFirst();
94  
95              Entry entry = null;
96  
97              while ( cursor.next() )
98              {
99                  entry = cursor.get();
100                 LdapPrincipalre/api/LdapPrincipal.html#LdapPrincipal">LdapPrincipal ldapPrincipal = new LdapPrincipal(
101                     schemaManager,
102                     entry.getDn(),
103                     AuthenticationLevel.STRONG,
104                     entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() );
105                 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
106             }
107 
108             cursor.close();
109 
110             if ( entry != null )
111             {
112                 return entry.get( SchemaConstants.USER_PASSWORD_AT );
113             }
114             else
115             {
116                 return null;
117             }
118         }
119         catch ( Exception e )
120         {
121             return null;
122         }
123     }
124 
125 
126     protected void authorize( AuthorizeCallback authorizeCB )
127     {
128         if ( LOG.isDebugEnabled() )
129         {
130             LOG.debug( "Converted username {} to Dn {}", getUsername(), bindDn );
131         }
132 
133         ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn );
134 
135         authorizeCB.setAuthorizedID( bindDn );
136         authorizeCB.setAuthorized( true );
137     }
138 }