directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r663847 - in /directory/apacheds/branches/bigbang: core-integ/src/test/java/org/apache/directory/server/core/authn/ core/src/main/java/org/apache/directory/server/core/ core/src/main/java/org/apache/directory/server/core/authn/ core/src/mai...
Date Fri, 06 Jun 2008 07:40:44 GMT
Author: akarasulu
Date: Fri Jun  6 00:40:43 2008
New Revision: 663847

URL: http://svn.apache.org/viewvc?rev=663847&view=rev
Log:
fixing authentication issues due to problems with bind context not having some parameters
usually expected

Modified:
    directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
    directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
    directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java

Modified: directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java
(original)
+++ directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java
Fri Jun  6 00:40:43 2008
@@ -22,6 +22,8 @@
 
 import org.apache.directory.server.core.DirectoryService;
 import org.apache.directory.server.core.integ.CiRunner;
+import org.apache.directory.server.core.jndi.ServerLdapContext;
+
 import static org.apache.directory.server.core.integ.IntegrationUtils.*;
 import org.apache.directory.shared.ldap.message.AttributeImpl;
 import org.apache.directory.shared.ldap.message.ModificationItemImpl;
@@ -131,11 +133,11 @@
      * @throws NamingException if there are failures
      */
     @Test
-    @Ignore ( "broken until authentication is fixed" )
     public void testAdminAccountCreation() throws Exception
     {
         String userDn = "uid=admin,ou=system";
-        LdapContext ctx = null; // TODO service.getJndiContext( new LdapDN( userDn ), userDn,
"secret".getBytes(), "simple", "ou=system" );
+        LdapContext ctx = new ServerLdapContext( service, 
+            service.getSession( new LdapDN( userDn ), "secret".getBytes() ), new LdapDN(
"ou=system" ) );
         Attributes attrs = ctx.getAttributes( "uid=admin" );
         performAdminAccountChecks( attrs );
         assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), StringTools.getBytesUtf8(
"secret" ) ) );
@@ -144,7 +146,8 @@
         service.shutdown();
         service.startup();
 
-        ctx = null; // TODO service.getJndiContext( new LdapDN( userDn ), userDn, "secret".getBytes(),
"simple", "ou=system" );
+        ctx = new ServerLdapContext( service, 
+            service.getSession( new LdapDN( userDn ), "secret".getBytes() ), new LdapDN(
"ou=system" ) );
         attrs = ctx.getAttributes( "uid=admin" );
         performAdminAccountChecks( attrs );
         assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), StringTools.getBytesUtf8(
"secret" ) ) );

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
Fri Jun  6 00:40:43 2008
@@ -571,6 +571,12 @@
     }
 
     
+    public CoreSession getAdminSession()
+    {
+        return adminSession;
+    }
+    
+    
     public CoreSession getSession() 
     {
         return new DefaultCoreSession( new LdapPrincipal(), this );

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java
Fri Jun  6 00:40:43 2008
@@ -138,6 +138,9 @@
     boolean isStarted();
 
     
+    CoreSession getAdminSession() throws Exception;
+    
+    
     /**
      * Gets a logical session to perform operations on this DirectoryService
      * as the anonymous user.  This bypasses authentication without 

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Fri Jun  6 00:40:43 2008
@@ -417,7 +417,7 @@
         }
         
         // pick the first matching authenticator type
-        Collection<Authenticator> authenticators = getAuthenticators( opContext.getSaslMechanism()
);
+        Collection<Authenticator> authenticators = getAuthenticators( opContext.getAuthenticationLevel().getName()
);
 
         if ( authenticators == null )
         {

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Fri Jun  6 00:40:43 2008
@@ -35,12 +35,14 @@
 
 import org.apache.commons.collections.map.LRUMap;
 import org.apache.directory.server.core.interceptor.context.BindOperationContext;
+import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
 import org.apache.directory.server.core.normalization.NormalizationInterceptor;
 import org.apache.directory.server.core.referral.ReferralInterceptor;
 import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
 import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
 import org.apache.directory.server.core.exception.ExceptionInterceptor;
 import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
+import org.apache.directory.server.core.partition.PartitionNexus;
 import org.apache.directory.server.core.schema.SchemaInterceptor;
 import org.apache.directory.server.core.subtree.SubentryInterceptor;
 import org.apache.directory.server.core.collective.CollectiveAttributeInterceptor;
@@ -101,12 +103,14 @@
     
     /** Declare a default for this cache. 100 entries seems to be enough */
     private static final int DEFAULT_CACHE_SIZE = 100;
-
+    
     /**
      * Define the interceptors we should *not* go through when we will have to request the
backend
      * about a userPassword.
      */
     private static final Collection<String> USERLOOKUP_BYPASS;
+    
+    
     static
     {
         Set<String> c = new HashSet<String>();
@@ -136,6 +140,7 @@
         credentialCache = new LRUMap( DEFAULT_CACHE_SIZE );
     }
 
+    
     /**
      * Creates a new instance, with an initial cache size
      * @param cacheSize the size of the credential cache
@@ -147,6 +152,7 @@
         credentialCache = new LRUMap( cacheSize > 0 ? cacheSize : DEFAULT_CACHE_SIZE );
     }
 
+    
     /**
      * A private class to store all informations about the existing
      * password found in the cache or get from the backend.
@@ -177,6 +183,7 @@
         }
     }
     
+    
     /**
      * Get the password either from cache or from backend.
      * @param principalDN The DN from which we want the password
@@ -326,12 +333,14 @@
         }
     }
     
+    
     private static void split( byte[] all, int offset, byte[] left, byte[] right )
     {
         System.arraycopy( all, offset, left, 0, left.length );
         System.arraycopy( all, offset + left.length, right, 0, right.length );
     }
 
+    
     /**
      * Decopose the stored password in an algorithm, an eventual salt
      * and the password itself.
@@ -402,6 +411,7 @@
         }
     }
     
+    
     /**
      * Get the algorithm from the stored password. 
      * It can be found on the beginning of the stored password, between 
@@ -457,6 +467,7 @@
         }
     }
 
+    
     /**
      * Compute the hashed password given an algorithm, the credentials and 
      * an optional salt.
@@ -491,6 +502,7 @@
         }
     }
 
+    
     private byte[] encryptPassword( byte[] credentials, EncryptionMethod encryptionMethod
)
     {
         byte[] salt = encryptionMethod.salt;
@@ -527,6 +539,7 @@
         }
     }
 
+    
     /**
      * Local function which request the password from the backend
      * @param principalDn the principal to lookup
@@ -540,7 +553,17 @@
 
         try
         {
-            userEntry = opContext.lookup( opContext.getDn(), USERLOOKUP_BYPASS );
+            /*
+             * NOTE: at this point the BindOperationContext does not has a 
+             * null session since the user has not yet authenticated so we
+             * cannot use opContext.lookup() yet.  This is a very special
+             * case where we cannot rely on the opContext to perform a new
+             * sub operation.
+             */
+            LookupOperationContext lookupContext = 
+                new LookupOperationContext( getDirectoryService().getAdminSession(), opContext.getDn()
);
+            lookupContext.setByPassed( USERLOOKUP_BYPASS );
+            userEntry = getDirectoryService().getOperationManager().lookup( lookupContext
);
 
             if ( userEntry == null )
             {
@@ -580,6 +603,7 @@
         }
     }
 
+    
     /**
      * Get the algorithm of a password, which is stored in the form "{XYZ}...".
      * The method returns null, if the argument is not in this form. It returns
@@ -675,6 +699,7 @@
         }
     }
 
+    
     /**
      * Remove the principal form the cache. This is used when the user changes
      * his password.

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java
Fri Jun  6 00:40:43 2008
@@ -33,6 +33,7 @@
 import org.apache.directory.server.core.authn.LdapPrincipal;
 import org.apache.directory.server.core.entry.ClonedServerEntry;
 import org.apache.directory.server.core.entry.ServerEntry;
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.Modification;
 import org.apache.directory.shared.ldap.message.MessageTypeEnum;
 import org.apache.directory.shared.ldap.name.LdapDN;
@@ -92,6 +93,22 @@
     }
 
     
+    public AuthenticationLevel getAuthenticationLevel()
+    {
+        if ( saslMechanism == null && dn.isEmpty() )
+        {
+            return AuthenticationLevel.NONE;
+        }
+        
+        if ( saslMechanism != null )
+        {
+            return AuthenticationLevel.STRONG;
+        }
+        
+        return AuthenticationLevel.SIMPLE;
+    }
+    
+    
     /**
      * @return the SASL mechanisms
      */

Modified: directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java
Fri Jun  6 00:40:43 2008
@@ -777,6 +777,12 @@
         {
             return null;
         }
+
+        public CoreSession getAdminSession() throws Exception
+        {
+            // TODO Auto-generated method stub
+            return null;
+        }
     }
 
     

Modified: directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java?rev=663847&r1=663846&r2=663847&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
(original)
+++ directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
Fri Jun  6 00:40:43 2008
@@ -589,5 +589,11 @@
         {
             return null;
         }
+
+
+        public CoreSession getAdminSession() throws Exception
+        {
+            return null;
+        }
     }
 }



Mime
View raw message