directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r654367 - in /directory/apacheds/branches/bigbang: protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/ server-unit/src/main/java/org/apache/directory/server/unit/ server-unit/src/test/java/org/apache/directory/s...
Date Thu, 08 May 2008 01:14:09 GMT
Author: akarasulu
Date: Wed May  7 18:14:08 2008
New Revision: 654367

URL: http://svn.apache.org/viewvc?rev=654367&view=rev
Log:
making sasl ntlm and gss-spengo work

 o the shared sasl server for these mechanisms now sets the principal into the
   session which is what is expected - this prevents a NPE from be thrown
 o the shared sasl server needs access to the bind request and the session 
 o added simple client for some pass thru plumbing tests without actually using
   a valid NTLM provider of which all options are LGPL at this point


Modified:
    directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java
    directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java
    directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java
    directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java

Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java?rev=654367&r1=654366&r2=654367&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmMechanismHandler.java
Wed May  7 18:14:08 2008
@@ -69,7 +69,7 @@
                 initProvider();
             }
             
-            ss = new NtlmSaslServer( provider );
+            ss = new NtlmSaslServer( provider, bindRequest, session );
             session.setAttribute( SASL_CONTEXT, ss );
         }
 

Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java?rev=654367&r1=654366&r2=654367&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/ntlm/NtlmSaslServer.java
Wed May  7 18:14:08 2008
@@ -21,7 +21,10 @@
 
 
 import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
+import org.apache.directory.shared.ldap.message.BindRequest;
+import org.apache.mina.common.IoSession;
 
+import javax.naming.Context;
 import javax.security.sasl.SaslServer;
 import javax.security.sasl.SaslException;
 
@@ -40,10 +43,14 @@
 
     private NegotiationState state = NegotiationState.INITIALIZED;
     private final NtlmProvider provider;
+    private final BindRequest request;
+    private final IoSession session;
 
-
-    public NtlmSaslServer( NtlmProvider provider )
+    
+    public NtlmSaslServer( NtlmProvider provider, BindRequest request, IoSession session
)
     {
+        this.session = session;
+        this.request = request;
         this.provider = provider;
     }
 
@@ -82,10 +89,12 @@
                 throw new IllegalStateException( "Cannot send Type 2 challenge before Type
1 response." );
             case TYPE_1_RECEIVED:
                 state = NegotiationState.TYPE_2_SENT;
+                break;
             case TYPE_2_SENT:
                 throw new IllegalStateException( "Cannot send Type 2 after it's already sent."
);
             case TYPE_3_RECEIVED:
                 state = NegotiationState.COMPLETED;
+                break;
             case COMPLETED:
                 throw new IllegalStateException( "Sasl challenge response already completed."
);
         }
@@ -124,6 +133,8 @@
                 try
                 {
                     result = provider.authenticate( response );
+                    retval = result.getResponse();
+                    session.setAttribute( Context.SECURITY_PRINCIPAL, request.getName().toString()
);
                 }
                 catch ( Exception e )
                 {

Modified: directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java?rev=654367&r1=654366&r2=654367&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java
(original)
+++ directory/apacheds/branches/bigbang/server-unit/src/main/java/org/apache/directory/server/unit/AbstractServerTest.java
Wed May  7 18:14:08 2008
@@ -254,8 +254,11 @@
         directoryService.startup();
 
         configureLdapServer();
+
+        // TODO shouldn't this be before calling configureLdapServer() ???
         ldapServer.addExtendedOperationHandler( new StartTlsHandler() );
         ldapServer.addExtendedOperationHandler( new StoredProcedureExtendedOperationHandler()
);
+
         ldapServer.start();
         setContexts( ServerDNConstants.ADMIN_SYSTEM_DN, "secret" );
     }

Modified: directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java?rev=654367&r1=654366&r2=654367&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java
(original)
+++ directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/SaslBindITest.java
Wed May  7 18:14:08 2008
@@ -20,17 +20,30 @@
 package org.apache.directory.server;
 
 
+import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.net.SocketClient;
 import org.apache.directory.server.core.entry.DefaultServerEntry;
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.partition.Partition;
 import org.apache.directory.server.core.partition.impl.btree.Index;
 import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex;
 import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
+import org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmAuthenticationResult;
+import org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmMechanismHandler;
+import org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmProvider;
 import org.apache.directory.server.unit.AbstractServerTest;
 import org.apache.directory.shared.ldap.message.AttributeImpl;
 import org.apache.directory.shared.ldap.message.AttributesImpl;
+import org.apache.directory.shared.ldap.message.BindRequestImpl;
+import org.apache.directory.shared.ldap.message.BindResponse;
+import org.apache.directory.shared.ldap.message.MessageDecoder;
+import org.apache.directory.shared.ldap.message.MessageEncoder;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.apache.directory.shared.ldap.message.spi.BinaryAttributeDetector;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
@@ -39,6 +52,7 @@
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
+
 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.Set;
@@ -53,7 +67,9 @@
  */
 public class SaslBindITest extends AbstractServerTest
 {
+    private static final Logger LOG = LoggerFactory.getLogger( SaslBindITest.class );
     private DirContext ctx;
+    private BogusNtlmProvider provider;
 
 
     /**
@@ -62,6 +78,7 @@
      */
     public void setUp() throws Exception
     {
+        provider = new BogusNtlmProvider();
         super.setUp();
         setAllowAnonymousAccess( false );
 
@@ -85,7 +102,6 @@
     @Override
     protected void configureDirectoryService() throws NamingException
     {
-
         Set<Partition> partitions = new HashSet<Partition>();
         JdbmPartition partition = new JdbmPartition();
         partition.setId( "example" );
@@ -114,8 +130,17 @@
     protected void configureLdapServer()
     {
         ldapServer.setSaslHost( "localhost" );
+        
+        NtlmMechanismHandler ntlmMechanismHandler = new NtlmMechanismHandler();
+        ntlmMechanismHandler.setNtlmProvider( provider  );
+        
+        ldapServer.removeSaslMechanismHandler( SupportedSaslMechanisms.NTLM );
+        ldapServer.addSaslMechanismHandler( SupportedSaslMechanisms.NTLM, ntlmMechanismHandler
);
+        ldapServer.removeSaslMechanismHandler( SupportedSaslMechanisms.GSS_SPNEGO );
+        ldapServer.addSaslMechanismHandler( SupportedSaslMechanisms.GSS_SPNEGO, ntlmMechanismHandler
);
     }
 
+    
     /**
      * Tear down.
      */
@@ -495,4 +520,175 @@
             assertTrue( e.getMessage().contains( "Invalid response" ) );
         }
     }
+
+
+    /**
+     * Tests that the plumbing for NTLM bind works.
+     */
+    public void testNtlmBind() throws Exception
+    {
+        NtlmSaslBindClient client = new NtlmSaslBindClient( SupportedSaslMechanisms.NTLM
);
+        BindResponse type2response = client.bindType1( "type1_test".getBytes() );
+        assertEquals( 1, type2response.getMessageId() );
+        assertEquals( ResultCodeEnum.SASL_BIND_IN_PROGRESS, type2response.getLdapResult().getResultCode()
);
+        assertTrue( ArrayUtils.isEquals( "type1_test".getBytes(), provider.getType1Response()
) );
+        assertTrue( ArrayUtils.isEquals( "challenge".getBytes(), type2response.getServerSaslCreds()
) );
+        
+        BindResponse finalResponse = client.bindType3( "type3_test".getBytes() );
+        assertEquals( 2, finalResponse.getMessageId() );
+        assertEquals( ResultCodeEnum.SUCCESS, finalResponse.getLdapResult().getResultCode()
);
+        assertTrue( ArrayUtils.isEquals( "type3_test".getBytes(), provider.getType3Response()
) );
+        assertTrue( ArrayUtils.isEquals( "results".getBytes(), finalResponse.getServerSaslCreds()
) );
+    }
+
+
+    /**
+     * Tests that the plumbing for NTLM bind works.
+     */
+    public void testGssSpnegoBind() throws Exception
+    {
+        NtlmSaslBindClient client = new NtlmSaslBindClient( SupportedSaslMechanisms.GSS_SPNEGO
);
+        BindResponse type2response = client.bindType1( "type1_test".getBytes() );
+        assertEquals( 1, type2response.getMessageId() );
+        assertEquals( ResultCodeEnum.SASL_BIND_IN_PROGRESS, type2response.getLdapResult().getResultCode()
);
+        assertTrue( ArrayUtils.isEquals( "type1_test".getBytes(), provider.getType1Response()
) );
+        assertTrue( ArrayUtils.isEquals( "challenge".getBytes(), type2response.getServerSaslCreds()
) );
+        
+        BindResponse finalResponse = client.bindType3( "type3_test".getBytes() );
+        assertEquals( 2, finalResponse.getMessageId() );
+        assertEquals( ResultCodeEnum.SUCCESS, finalResponse.getLdapResult().getResultCode()
);
+        assertTrue( ArrayUtils.isEquals( "type3_test".getBytes(), provider.getType3Response()
) );
+        assertTrue( ArrayUtils.isEquals( "results".getBytes(), finalResponse.getServerSaslCreds()
) );
+    }
+
+
+    class BogusNtlmProvider implements NtlmProvider
+    {
+        private byte[] type1response;
+        private byte[] type3response;
+        
+        
+        public NtlmAuthenticationResult authenticate( byte[] type3response ) throws Exception
+        {
+            this.type3response = type3response;
+            return new NtlmAuthenticationResult( "results".getBytes(), true );
+        }
+
+
+        public byte[] generateChallenge( byte[] type1reponse ) throws Exception
+        {
+            this.type1response = type1reponse;
+            return "challenge".getBytes();
+        }
+        
+        
+        public byte[] getType1Response()
+        {
+            return type1response;
+        }
+        
+        
+        public byte[] getType3Response()
+        {
+            return type3response;
+        }
+    }
+
+
+    class NtlmSaslBindClient extends SocketClient
+    {
+        private final String mechanism;
+        
+        
+        NtlmSaslBindClient( String mechanism ) throws Exception
+        {
+            this.mechanism = mechanism;
+            setDefaultPort( port );
+            connect( "localhost", port );
+            setTcpNoDelay( false );
+            
+            LOG.debug( "isConnected() = {}", _isConnected_ );
+            LOG.debug( "LocalPort     = {}", getLocalPort() );
+            LOG.debug( "LocalAddress  = {}", getLocalAddress() );
+            LOG.debug( "RemotePort    = {}", getRemotePort() );
+            LOG.debug( "RemoteAddress = {}", getRemoteAddress() );
+        }
+
+        
+        BindResponse bindType1( byte[] type1response ) throws Exception
+        {
+            if ( ! isConnected() )
+            {
+                throw new IllegalStateException( "Client is not connected." );
+            }
+            
+            // Setup the bind request
+            BindRequestImpl request = new BindRequestImpl( 1 ) ;
+            request.setName( new LdapDN( "uid=admin,ou=system" ) ) ;
+            request.setSimple( false ) ;
+            request.setCredentials( type1response ) ;
+            request.setSaslMechanism( mechanism );
+            request.setVersion3( true ) ;
+            
+            // Setup the ASN1 Enoder and Decoder
+            MessageEncoder encoder = new MessageEncoder();
+            MessageDecoder decoder = new MessageDecoder( new BinaryAttributeDetector() {
+                public boolean isBinary( String attributeId )
+                {
+                    return false;
+                }
+            } );
+     
+            // Send encoded request to server
+            encoder.encodeBlocking( null, _output_, request );
+            _output_.flush();
+            
+            while ( _input_.available() <= 0 )
+            {
+                Thread.sleep( 100 );
+            }
+            
+            // Retrieve the response back from server to my last request.
+            return ( BindResponse ) decoder.decode( null, _input_ );
+        }
+        
+        
+        BindResponse bindType3( byte[] type3response ) throws Exception
+        {
+            if ( ! isConnected() )
+            {
+                throw new IllegalStateException( "Client is not connected." );
+            }
+            
+            // Setup the bind request
+            BindRequestImpl request = new BindRequestImpl( 2 ) ;
+            request.setName( new LdapDN( "uid=admin,ou=system" ) ) ;
+            request.setSimple( false ) ;
+            request.setCredentials( type3response ) ;
+            request.setSaslMechanism( mechanism );
+            request.setVersion3( true ) ;
+            
+            // Setup the ASN1 Enoder and Decoder
+            MessageEncoder encoder = new MessageEncoder();
+            MessageDecoder decoder = new MessageDecoder( new BinaryAttributeDetector() {
+                public boolean isBinary( String attributeId )
+                {
+                    return false;
+                }
+            } );
+     
+            // Send encoded request to server
+            encoder.encodeBlocking( null, _output_, request );
+            
+            _output_.flush();
+            
+            while ( _input_.available() <= 0 )
+            {
+                Thread.sleep( 100 );
+            }
+            
+            // Retrieve the response back from server to my last request.
+            return ( BindResponse ) decoder.decode( null, _input_ );
+        }
+    }
 }



Mime
View raw message