1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.sasl.digestMD5;
21
22
23 import java.util.HashMap;
24 import java.util.Map;
25
26 import javax.security.auth.callback.CallbackHandler;
27 import javax.security.sasl.Sasl;
28 import javax.security.sasl.SaslServer;
29
30 import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
31 import org.apache.directory.api.ldap.model.message.BindRequest;
32 import org.apache.directory.server.core.api.CoreSession;
33 import org.apache.directory.server.ldap.LdapServer;
34 import org.apache.directory.server.ldap.LdapSession;
35 import org.apache.directory.server.ldap.handlers.sasl.AbstractMechanismHandler;
36 import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
37
38
39
40
41
42
43
44 public class DigestMd5MechanismHandler extends AbstractMechanismHandler
45 {
46
47
48
49
50
51
52 private String getActiveRealms( LdapServer ldapServer )
53 {
54 StringBuilder realms = new StringBuilder();
55 boolean isFirst = true;
56
57 for ( String realm : ldapServer.getSaslRealms() )
58 {
59 if ( isFirst )
60 {
61 isFirst = false;
62 }
63 else
64 {
65 realms.append( ' ' );
66 }
67
68 realms.append( realm );
69 }
70
71 return realms.toString();
72 }
73
74
75 public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
76 {
77 SaslServer ss = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
78
79 if ( ss == null )
80 {
81 CoreSession adminSession = ldapSession.getLdapServer().getDirectoryService().getAdminSession();
82
83 CallbackHandler callbackHandler = new DigestMd5CallbackHandler( ldapSession, adminSession, bindRequest );
84
85 ss = Sasl.createSaslServer(
86 SupportedSaslMechanisms.DIGEST_MD5,
87 SaslConstants.LDAP_PROTOCOL,
88 ( String ) ldapSession.getSaslProperty( SaslConstants.SASL_HOST ),
89 ( Map<String, String> ) ldapSession.getSaslProperty( SaslConstants.SASL_PROPS ),
90 callbackHandler );
91 ldapSession.putSaslProperty( SaslConstants.SASL_SERVER, ss );
92 }
93
94 return ss;
95 }
96
97
98
99
100
101 public void init( LdapSession ldapSession )
102 {
103
104 String saslHost = ldapSession.getLdapServer().getSaslHost();
105 String userBaseDn = ldapSession.getLdapServer().getSearchBaseDn();
106
107 ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
108 ldapSession.putSaslProperty( SaslConstants.SASL_USER_BASE_DN, userBaseDn );
109
110 Map<String, String> saslProps = new HashMap<>();
111 saslProps.put( Sasl.QOP, ldapSession.getLdapServer().getSaslQopString() );
112 saslProps.put( "com.sun.security.sasl.digest.realm", getActiveRealms( ldapSession.getLdapServer() ) );
113 ldapSession.putSaslProperty( SaslConstants.SASL_PROPS, saslProps );
114 }
115
116
117
118
119
120
121
122 public void cleanup( LdapSession ldapSession )
123 {
124
125 insertSaslFilter( ldapSession );
126
127
128 ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
129 ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
130 ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );
131 ldapSession.removeSaslProperty( SaslConstants.SASL_PROPS );
132 ldapSession.removeSaslProperty( SaslConstants.SASL_AUTHENT_USER );
133 }
134 }