001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.ldap.handlers.bind.cramMD5; 021 022 023 import java.util.HashSet; 024 import java.util.Set; 025 026 import javax.naming.Context; 027 import javax.security.sasl.AuthorizeCallback; 028 029 import org.apache.directory.server.core.CoreSession; 030 import org.apache.directory.server.core.LdapPrincipal; 031 import org.apache.directory.server.core.entry.ClonedServerEntry; 032 import org.apache.directory.server.core.filtering.EntryFilteringCursor; 033 import org.apache.directory.server.ldap.LdapSession; 034 import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler; 035 import org.apache.directory.server.ldap.handlers.bind.SaslConstants; 036 import org.apache.directory.shared.ldap.constants.AuthenticationLevel; 037 import org.apache.directory.shared.ldap.constants.SchemaConstants; 038 import org.apache.directory.shared.ldap.entry.EntryAttribute; 039 import org.apache.directory.shared.ldap.filter.ExprNode; 040 import org.apache.directory.shared.ldap.filter.FilterParser; 041 import org.apache.directory.shared.ldap.filter.SearchScope; 042 import org.apache.directory.shared.ldap.message.AliasDerefMode; 043 import org.apache.directory.shared.ldap.message.internal.InternalBindRequest; 044 import org.apache.directory.shared.ldap.name.DN; 045 import org.apache.directory.shared.ldap.schema.AttributeType; 046 import org.apache.directory.shared.ldap.schema.AttributeTypeOptions; 047 import org.slf4j.Logger; 048 import org.slf4j.LoggerFactory; 049 050 051 /** 052 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 053 * @version $Rev$, $Date$ 054 */ 055 public class CramMd5CallbackHandler extends AbstractSaslCallbackHandler 056 { 057 private static final Logger LOG = LoggerFactory.getLogger( CramMd5CallbackHandler.class ); 058 059 private String bindDn; 060 //private String userPassword; 061 062 063 /** 064 * Creates a new instance of CramMd5CallbackHandler. 065 * 066 * @param session the mina IoSession 067 * @param bindRequest the bind message 068 * @param directoryService the directory service core 069 */ 070 public CramMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, InternalBindRequest bindRequest ) 071 { 072 super( adminSession.getDirectoryService(), bindRequest ); 073 this.ldapSession = ldapSession; 074 this.adminSession = adminSession; 075 } 076 077 078 protected EntryAttribute lookupPassword( String username, String realm ) 079 { 080 try 081 { 082 ExprNode filter = FilterParser.parse( "(uid=" + username + ")" ); 083 Set<AttributeTypeOptions> returningAttributes = new HashSet<AttributeTypeOptions>(); 084 085 AttributeType passwordAT = adminSession.getDirectoryService().getSchemaManager().lookupAttributeTypeRegistry( SchemaConstants.USER_PASSWORD_AT ); 086 returningAttributes.add( new AttributeTypeOptions( passwordAT) ); 087 bindDn = (String)ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN ); 088 089 DN baseDn = new DN( bindDn ); 090 091 EntryFilteringCursor cursor = adminSession.search( 092 baseDn, 093 SearchScope.SUBTREE, 094 filter, 095 AliasDerefMode.DEREF_ALWAYS, 096 returningAttributes ); 097 098 cursor.beforeFirst(); 099 100 ClonedServerEntry entry = null; 101 102 while ( cursor.next() ) 103 { 104 entry = cursor.get(); 105 LdapPrincipal ldapPrincipal = new LdapPrincipal( 106 entry.getDn(), 107 AuthenticationLevel.STRONG, 108 entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() ); 109 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal ); 110 } 111 112 return entry.get( passwordAT ); 113 } 114 catch ( Exception e ) 115 { 116 return null; 117 } 118 } 119 120 121 protected void authorize( AuthorizeCallback authorizeCB ) 122 { 123 if ( LOG.isDebugEnabled() ) 124 { 125 LOG.debug( "Converted username " + getUsername() + " to DN " + bindDn ); 126 } 127 128 ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn ); 129 130 authorizeCB.setAuthorizedID( bindDn ); 131 authorizeCB.setAuthorized( true ); 132 } 133 }