Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License.
018 *
019 */
020package org.apache.directory.server.ldap.handlers.sasl.cramMD5;
021
022
023import javax.naming.Context;
024import javax.security.sasl.AuthorizeCallback;
025
026import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
027import org.apache.directory.api.ldap.model.constants.SchemaConstants;
028import org.apache.directory.api.ldap.model.cursor.Cursor;
029import org.apache.directory.api.ldap.model.entry.Attribute;
030import org.apache.directory.api.ldap.model.entry.Entry;
031import org.apache.directory.api.ldap.model.filter.ExprNode;
032import org.apache.directory.api.ldap.model.filter.FilterParser;
033import org.apache.directory.api.ldap.model.message.AliasDerefMode;
034import org.apache.directory.api.ldap.model.message.BindRequest;
035import org.apache.directory.api.ldap.model.message.SearchScope;
036import org.apache.directory.api.ldap.model.name.Dn;
037import org.apache.directory.api.ldap.model.schema.SchemaManager;
038import org.apache.directory.server.core.api.CoreSession;
039import org.apache.directory.server.core.api.LdapPrincipal;
040import org.apache.directory.server.ldap.LdapSession;
041import org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler;
042import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
043import org.slf4j.Logger;
044import org.slf4j.LoggerFactory;
045
046
047/**
048 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
049 */
050public class CramMd5CallbackHandler extends AbstractSaslCallbackHandler
051{
052    private static final Logger LOG = LoggerFactory.getLogger( CramMd5CallbackHandler.class );
053
054    private String bindDn;
055
056    /** A SchemaManager instance */
057    private SchemaManager schemaManager;
058
059
060    /**
061     * Creates a new instance of CramMd5CallbackHandler.
062     *
063     * @param ldapSession the mina IoSession
064     * @param adminSession the admin session
065     * @param bindRequest the bind message
066     */
067    public CramMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, BindRequest bindRequest )
068    {
069        super( adminSession.getDirectoryService(), bindRequest );
070        this.ldapSession = ldapSession;
071        this.adminSession = adminSession;
072        schemaManager = adminSession.getDirectoryService().getSchemaManager();
073    }
074
075
076    protected Attribute lookupPassword( String username, String realm )
077    {
078        try
079        {
080            ExprNode filter = FilterParser.parse( schemaManager, "(uid=" + username + ")" );
081
082            bindDn = ( String ) ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN );
083
084            Dn baseDn = new Dn( bindDn );
085
086            Cursor<Entry> cursor = adminSession.search(
087                baseDn,
088                SearchScope.SUBTREE,
089                filter,
090                AliasDerefMode.DEREF_ALWAYS,
091                SchemaConstants.USER_PASSWORD_AT );
092
093            cursor.beforeFirst();
094
095            Entry entry = null;
096
097            while ( cursor.next() )
098            {
099                entry = cursor.get();
100                LdapPrincipal ldapPrincipal = new LdapPrincipal(
101                    schemaManager,
102                    entry.getDn(),
103                    AuthenticationLevel.STRONG,
104                    entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() );
105                ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal );
106            }
107
108            cursor.close();
109
110            if ( entry != null )
111            {
112                return entry.get( SchemaConstants.USER_PASSWORD_AT );
113            }
114            else
115            {
116                return null;
117            }
118        }
119        catch ( Exception e )
120        {
121            return null;
122        }
123    }
124
125
126    protected void authorize( AuthorizeCallback authorizeCB )
127    {
128        if ( LOG.isDebugEnabled() )
129        {
130            LOG.debug( "Converted username {} to Dn {}", getUsername(), bindDn );
131        }
132
133        ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn );
134
135        authorizeCB.setAuthorizedID( bindDn );
136        authorizeCB.setAuthorized( true );
137    }
138}