1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.ldap.handlers.sasl.gssapi;
21
22
23 import javax.naming.Context;
24 import javax.security.auth.kerberos.KerberosPrincipal;
25 import javax.security.sasl.AuthorizeCallback;
26
27 import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
28 import org.apache.directory.api.ldap.model.entry.Attribute;
29 import org.apache.directory.api.ldap.model.message.BindRequest;
30 import org.apache.directory.api.ldap.model.name.Dn;
31 import org.apache.directory.api.util.Strings;
32 import org.apache.directory.server.core.api.CoreSession;
33 import org.apache.directory.server.core.api.LdapPrincipal;
34 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
35 import org.apache.directory.server.protocol.shared.kerberos.GetPrincipal;
36 import org.apache.directory.server.ldap.LdapSession;
37 import org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler;
38 import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
39 import org.slf4j.Logger;
40 import org.slf4j.LoggerFactory;
41
42
43
44
45
46 public class GssapiCallbackHandler extends AbstractSaslCallbackHandler
47 {
48 private static final Logger LOG = LoggerFactory.getLogger( GssapiCallbackHandler.class );
49
50
51
52
53
54
55
56
57
58 public GssapiCallbackHandler( LdapSession ldapSession, CoreSession adminSession, BindRequest bindRequest )
59 {
60 super( adminSession.getDirectoryService(), bindRequest );
61 this.ldapSession = ldapSession;
62 this.adminSession = adminSession;
63 }
64
65
66 protected Attribute lookupPassword( String username, String password )
67 {
68
69 return null;
70 }
71
72
73 protected void authorize( AuthorizeCallback authorizeCB ) throws Exception
74 {
75 LOG.debug( "Processing conversion of principal name to Dn." );
76
77 String username = authorizeCB.getAuthorizationID();
78
79
80 GetPrincipalprotocol/shared/kerberos/GetPrincipal.html#GetPrincipal">GetPrincipal getPrincipal = new GetPrincipal( new KerberosPrincipal( username ) );
81 PrincipalStoreEntry./../../../org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.html#PrincipalStoreEntry">PrincipalStoreEntry entry = ( PrincipalStoreEntry ) getPrincipal.execute( adminSession, new Dn( ldapSession
82 .getLdapServer().getSearchBaseDn() ) );
83 String bindDn = entry.getDistinguishedName();
84
85 LOG.debug( "Converted username {} to Dn {}.", username, bindDn );
86
87 LdapPrincipalre/api/LdapPrincipal.html#LdapPrincipal">LdapPrincipal ldapPrincipal = new LdapPrincipal( adminSession.getDirectoryService().getSchemaManager(),
88 new Dn( entry.getDistinguishedName() ),
89 AuthenticationLevel.STRONG, Strings.EMPTY_BYTES );
90 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
91 ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn );
92
93 authorizeCB.setAuthorizedID( bindDn );
94 authorizeCB.setAuthorized( true );
95 }
96 }