001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.ldap.handlers.sasl.cramMD5; 021 022 023import javax.naming.Context; 024import javax.security.sasl.AuthorizeCallback; 025 026import org.apache.directory.api.ldap.model.constants.AuthenticationLevel; 027import org.apache.directory.api.ldap.model.constants.SchemaConstants; 028import org.apache.directory.api.ldap.model.cursor.Cursor; 029import org.apache.directory.api.ldap.model.entry.Attribute; 030import org.apache.directory.api.ldap.model.entry.Entry; 031import org.apache.directory.api.ldap.model.filter.ExprNode; 032import org.apache.directory.api.ldap.model.filter.FilterParser; 033import org.apache.directory.api.ldap.model.message.AliasDerefMode; 034import org.apache.directory.api.ldap.model.message.BindRequest; 035import org.apache.directory.api.ldap.model.message.SearchScope; 036import org.apache.directory.api.ldap.model.name.Dn; 037import org.apache.directory.api.ldap.model.schema.SchemaManager; 038import org.apache.directory.server.core.api.CoreSession; 039import org.apache.directory.server.core.api.LdapPrincipal; 040import org.apache.directory.server.ldap.LdapSession; 041import org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler; 042import org.apache.directory.server.ldap.handlers.sasl.SaslConstants; 043import org.slf4j.Logger; 044import org.slf4j.LoggerFactory; 045 046 047/** 048 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 049 */ 050public class CramMd5CallbackHandler extends AbstractSaslCallbackHandler 051{ 052 private static final Logger LOG = LoggerFactory.getLogger( CramMd5CallbackHandler.class ); 053 054 private String bindDn; 055 056 /** A SchemaManager instance */ 057 private SchemaManager schemaManager; 058 059 060 /** 061 * Creates a new instance of CramMd5CallbackHandler. 062 * 063 * @param ldapSession the mina IoSession 064 * @param adminSession the admin session 065 * @param bindRequest the bind message 066 */ 067 public CramMd5CallbackHandler( LdapSession ldapSession, CoreSession adminSession, BindRequest bindRequest ) 068 { 069 super( adminSession.getDirectoryService(), bindRequest ); 070 this.ldapSession = ldapSession; 071 this.adminSession = adminSession; 072 schemaManager = adminSession.getDirectoryService().getSchemaManager(); 073 } 074 075 076 protected Attribute lookupPassword( String username, String realm ) 077 { 078 try 079 { 080 ExprNode filter = FilterParser.parse( schemaManager, "(uid=" + username + ")" ); 081 082 bindDn = ( String ) ldapSession.getSaslProperty( SaslConstants.SASL_USER_BASE_DN ); 083 084 Dn baseDn = new Dn( bindDn ); 085 086 Cursor<Entry> cursor = adminSession.search( 087 baseDn, 088 SearchScope.SUBTREE, 089 filter, 090 AliasDerefMode.DEREF_ALWAYS, 091 SchemaConstants.USER_PASSWORD_AT ); 092 093 cursor.beforeFirst(); 094 095 Entry entry = null; 096 097 while ( cursor.next() ) 098 { 099 entry = cursor.get(); 100 LdapPrincipal ldapPrincipal = new LdapPrincipal( 101 schemaManager, 102 entry.getDn(), 103 AuthenticationLevel.STRONG, 104 entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() ); 105 ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal ); 106 } 107 108 cursor.close(); 109 110 if ( entry != null ) 111 { 112 return entry.get( SchemaConstants.USER_PASSWORD_AT ); 113 } 114 else 115 { 116 return null; 117 } 118 } 119 catch ( Exception e ) 120 { 121 return null; 122 } 123 } 124 125 126 protected void authorize( AuthorizeCallback authorizeCB ) 127 { 128 if ( LOG.isDebugEnabled() ) 129 { 130 LOG.debug( "Converted username {} to Dn {}", getUsername(), bindDn ); 131 } 132 133 ldapSession.putSaslProperty( Context.SECURITY_PRINCIPAL, bindDn ); 134 135 authorizeCB.setAuthorizedID( bindDn ); 136 authorizeCB.setAuthorized( true ); 137 } 138}