001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.ldap.handlers.bind.digestMD5; 021 022 023 import java.util.HashSet; 024 import java.util.Set; 025 026 import javax.naming.Context; 027 import javax.security.sasl.AuthorizeCallback; 028 029 import org.apache.directory.server.core.CoreSession; 030 import org.apache.directory.server.core.LdapPrincipal; 031 import org.apache.directory.server.core.entry.ClonedServerEntry; 032 import org.apache.directory.server.core.filtering.EntryFilteringCursor; 033 import org.apache.directory.server.ldap.LdapSession; 034 import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler; 035 import org.apache.directory.server.ldap.handlers.bind.SaslConstants; 036 import org.apache.directory.shared.ldap.constants.AuthenticationLevel; 037 import org.apache.directory.shared.ldap.constants.SchemaConstants; 038 import org.apache.directory.shared.ldap.entry.EntryAttribute; 039 import org.apache.directory.shared.ldap.filter.ExprNode; 040 import org.apache.directory.shared.ldap.filter.FilterParser; 041 import org.apache.directory.shared.ldap.filter.SearchScope; 042 import org.apache.directory.shared.ldap.message.AliasDerefMode; 043 import org.apache.directory.shared.ldap.message.internal.InternalBindRequest; 044 import org.apache.directory.shared.ldap.name.DN; 045 import org.apache.directory.shared.ldap.schema.AttributeType; 046 import org.apache.directory.shared.ldap.schema.AttributeTypeOptions; 047 import org.slf4j.Logger; 048 import org.slf4j.LoggerFactory; 049 050 051 /** 052 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 053 * @version $Rev$, $Date$ 054 */ 055 public class DigestMd5CallbackHandler extends AbstractSaslCallbackHandler 056 { 057 private static final Logger LOG = LoggerFactory.getLogger( DigestMd5CallbackHandler.class ); 058 059 private String bindDn; 060 private String userPassword; 061 062 063 /** 064 * Creates a new instance of DigestMd5CallbackHandler. 065 * 066 * @param session the mina IoSession 067 * @param bindRequest the bind message 068 * @param directoryService the directory service core 069 */ 070 public DigestMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, InternalBindRequest bindRequest ) 071 { 072 super( adminSession.getDirectoryService(), bindRequest ); 073 this.ldapSession = ldapSession; 074 this.adminSession = adminSession; 075 } 076 077 078 // TODO - should return not be a byte[] 079 protected EntryAttribute lookupPassword( String username, String realm ) 080 { 081 try 082 { 083 ExprNode filter = FilterParser.parse( "(uid=" + username + ")" ); 084 Set<AttributeTypeOptions> returningAttributes = new HashSet<AttributeTypeOptions>(); 085 086 AttributeType passwordAT = adminSession.getDirectoryService().getSchemaManager().lookupAttributeTypeRegistry( SchemaConstants.USER_PASSWORD_AT ); 087 returningAttributes.add( new AttributeTypeOptions( passwordAT) ); 088 bindDn = (String)ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN ); 089 090 DN baseDn = new DN( bindDn ); 091 092 EntryFilteringCursor cursor = adminSession.search( 093 baseDn, 094 SearchScope.SUBTREE, 095 filter, 096 AliasDerefMode.DEREF_ALWAYS, 097 returningAttributes ); 098 099 cursor.beforeFirst(); 100 101 ClonedServerEntry entry = null; 102 103 while ( cursor.next() ) 104 { 105 entry = cursor.get(); 106 LdapPrincipal ldapPrincipal = new LdapPrincipal( 107 entry.getDn(), 108 AuthenticationLevel.STRONG, 109 entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() ); 110 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal ); 111 } 112 113 return entry.get( passwordAT ); 114 } 115 catch ( Exception e ) 116 { 117 return null; 118 } 119 } 120 121 122 protected void authorize( AuthorizeCallback authorizeCB ) 123 { 124 if ( LOG.isDebugEnabled() ) 125 { 126 LOG.debug( "Converted username " + getUsername() + " to DN " + bindDn + " with password " + userPassword + "." ); 127 } 128 129 ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn ); 130 131 authorizeCB.setAuthorizedID( bindDn ); 132 authorizeCB.setAuthorized( true ); 133 } 134 }