Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 50685 invoked from network); 6 Jun 2008 07:41:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Jun 2008 07:41:05 -0000 Received: (qmail 74153 invoked by uid 500); 6 Jun 2008 07:41:08 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 74107 invoked by uid 500); 6 Jun 2008 07:41:08 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 74097 invoked by uid 99); 6 Jun 2008 07:41:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2008 00:41:08 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2008 07:40:27 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 88EB323889C1; Fri, 6 Jun 2008 00:40:44 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r663847 - in /directory/apacheds/branches/bigbang: core-integ/src/test/java/org/apache/directory/server/core/authn/ core/src/main/java/org/apache/directory/server/core/ core/src/main/java/org/apache/directory/server/core/authn/ core/src/mai... Date: Fri, 06 Jun 2008 07:40:44 -0000 To: commits@directory.apache.org From: akarasulu@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080606074044.88EB323889C1@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: akarasulu Date: Fri Jun 6 00:40:43 2008 New Revision: 663847 URL: http://svn.apache.org/viewvc?rev=663847&view=rev Log: fixing authentication issues due to problems with bind context not having some parameters usually expected Modified: directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java Modified: directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java?rev=663847&r1=663846&r2=663847&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java (original) +++ directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authn/SimpleAuthenticationIT.java Fri Jun 6 00:40:43 2008 @@ -22,6 +22,8 @@ import org.apache.directory.server.core.DirectoryService; import org.apache.directory.server.core.integ.CiRunner; +import org.apache.directory.server.core.jndi.ServerLdapContext; + import static org.apache.directory.server.core.integ.IntegrationUtils.*; import org.apache.directory.shared.ldap.message.AttributeImpl; import org.apache.directory.shared.ldap.message.ModificationItemImpl; @@ -131,11 +133,11 @@ * @throws NamingException if there are failures */ @Test - @Ignore ( "broken until authentication is fixed" ) public void testAdminAccountCreation() throws Exception { String userDn = "uid=admin,ou=system"; - LdapContext ctx = null; // TODO service.getJndiContext( new LdapDN( userDn ), userDn, "secret".getBytes(), "simple", "ou=system" ); + LdapContext ctx = new ServerLdapContext( service, + service.getSession( new LdapDN( userDn ), "secret".getBytes() ), new LdapDN( "ou=system" ) ); Attributes attrs = ctx.getAttributes( "uid=admin" ); performAdminAccountChecks( attrs ); assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), StringTools.getBytesUtf8( "secret" ) ) ); @@ -144,7 +146,8 @@ service.shutdown(); service.startup(); - ctx = null; // TODO service.getJndiContext( new LdapDN( userDn ), userDn, "secret".getBytes(), "simple", "ou=system" ); + ctx = new ServerLdapContext( service, + service.getSession( new LdapDN( userDn ), "secret".getBytes() ), new LdapDN( "ou=system" ) ); attrs = ctx.getAttributes( "uid=admin" ); performAdminAccountChecks( attrs ); assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), StringTools.getBytesUtf8( "secret" ) ) ); Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java?rev=663847&r1=663846&r2=663847&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java (original) +++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java Fri Jun 6 00:40:43 2008 @@ -571,6 +571,12 @@ } + public CoreSession getAdminSession() + { + return adminSession; + } + + public CoreSession getSession() { return new DefaultCoreSession( new LdapPrincipal(), this ); Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java?rev=663847&r1=663846&r2=663847&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java (original) +++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/DirectoryService.java Fri Jun 6 00:40:43 2008 @@ -138,6 +138,9 @@ boolean isStarted(); + CoreSession getAdminSession() throws Exception; + + /** * Gets a logical session to perform operations on this DirectoryService * as the anonymous user. This bypasses authentication without Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=663847&r1=663846&r2=663847&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original) +++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Fri Jun 6 00:40:43 2008 @@ -417,7 +417,7 @@ } // pick the first matching authenticator type - Collection authenticators = getAuthenticators( opContext.getSaslMechanism() ); + Collection authenticators = getAuthenticators( opContext.getAuthenticationLevel().getName() ); if ( authenticators == null ) { Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=663847&r1=663846&r2=663847&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original) +++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Fri Jun 6 00:40:43 2008 @@ -35,12 +35,14 @@ import org.apache.commons.collections.map.LRUMap; import org.apache.directory.server.core.interceptor.context.BindOperationContext; +import org.apache.directory.server.core.interceptor.context.LookupOperationContext; import org.apache.directory.server.core.normalization.NormalizationInterceptor; import org.apache.directory.server.core.referral.ReferralInterceptor; import org.apache.directory.server.core.authz.AciAuthorizationInterceptor; import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor; import org.apache.directory.server.core.exception.ExceptionInterceptor; import org.apache.directory.server.core.operational.OperationalAttributeInterceptor; +import org.apache.directory.server.core.partition.PartitionNexus; import org.apache.directory.server.core.schema.SchemaInterceptor; import org.apache.directory.server.core.subtree.SubentryInterceptor; import org.apache.directory.server.core.collective.CollectiveAttributeInterceptor; @@ -101,12 +103,14 @@ /** Declare a default for this cache. 100 entries seems to be enough */ private static final int DEFAULT_CACHE_SIZE = 100; - + /** * Define the interceptors we should *not* go through when we will have to request the backend * about a userPassword. */ private static final Collection USERLOOKUP_BYPASS; + + static { Set c = new HashSet(); @@ -136,6 +140,7 @@ credentialCache = new LRUMap( DEFAULT_CACHE_SIZE ); } + /** * Creates a new instance, with an initial cache size * @param cacheSize the size of the credential cache @@ -147,6 +152,7 @@ credentialCache = new LRUMap( cacheSize > 0 ? cacheSize : DEFAULT_CACHE_SIZE ); } + /** * A private class to store all informations about the existing * password found in the cache or get from the backend. @@ -177,6 +183,7 @@ } } + /** * Get the password either from cache or from backend. * @param principalDN The DN from which we want the password @@ -326,12 +333,14 @@ } } + private static void split( byte[] all, int offset, byte[] left, byte[] right ) { System.arraycopy( all, offset, left, 0, left.length ); System.arraycopy( all, offset + left.length, right, 0, right.length ); } + /** * Decopose the stored password in an algorithm, an eventual salt * and the password itself. @@ -402,6 +411,7 @@ } } + /** * Get the algorithm from the stored password. * It can be found on the beginning of the stored password, between @@ -457,6 +467,7 @@ } } + /** * Compute the hashed password given an algorithm, the credentials and * an optional salt. @@ -491,6 +502,7 @@ } } + private byte[] encryptPassword( byte[] credentials, EncryptionMethod encryptionMethod ) { byte[] salt = encryptionMethod.salt; @@ -527,6 +539,7 @@ } } + /** * Local function which request the password from the backend * @param principalDn the principal to lookup @@ -540,7 +553,17 @@ try { - userEntry = opContext.lookup( opContext.getDn(), USERLOOKUP_BYPASS ); + /* + * NOTE: at this point the BindOperationContext does not has a + * null session since the user has not yet authenticated so we + * cannot use opContext.lookup() yet. This is a very special + * case where we cannot rely on the opContext to perform a new + * sub operation. + */ + LookupOperationContext lookupContext = + new LookupOperationContext( getDirectoryService().getAdminSession(), opContext.getDn() ); + lookupContext.setByPassed( USERLOOKUP_BYPASS ); + userEntry = getDirectoryService().getOperationManager().lookup( lookupContext ); if ( userEntry == null ) { @@ -580,6 +603,7 @@ } } + /** * Get the algorithm of a password, which is stored in the form "{XYZ}...". * The method returns null, if the argument is not in this form. It returns @@ -675,6 +699,7 @@ } } + /** * Remove the principal form the cache. This is used when the user changes * his password. Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java?rev=663847&r1=663846&r2=663847&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java (original) +++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/interceptor/context/BindOperationContext.java Fri Jun 6 00:40:43 2008 @@ -33,6 +33,7 @@ import org.apache.directory.server.core.authn.LdapPrincipal; import org.apache.directory.server.core.entry.ClonedServerEntry; import org.apache.directory.server.core.entry.ServerEntry; +import org.apache.directory.shared.ldap.constants.AuthenticationLevel; import org.apache.directory.shared.ldap.entry.Modification; import org.apache.directory.shared.ldap.message.MessageTypeEnum; import org.apache.directory.shared.ldap.name.LdapDN; @@ -92,6 +93,22 @@ } + public AuthenticationLevel getAuthenticationLevel() + { + if ( saslMechanism == null && dn.isEmpty() ) + { + return AuthenticationLevel.NONE; + } + + if ( saslMechanism != null ) + { + return AuthenticationLevel.STRONG; + } + + return AuthenticationLevel.SIMPLE; + } + + /** * @return the SASL mechanisms */ Modified: directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java?rev=663847&r1=663846&r2=663847&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java (original) +++ directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/authz/support/MaxImmSubFilterTest.java Fri Jun 6 00:40:43 2008 @@ -777,6 +777,12 @@ { return null; } + + public CoreSession getAdminSession() throws Exception + { + // TODO Auto-generated method stub + return null; + } } Modified: directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java?rev=663847&r1=663846&r2=663847&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java (original) +++ directory/apacheds/branches/bigbang/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java Fri Jun 6 00:40:43 2008 @@ -589,5 +589,11 @@ { return null; } + + + public CoreSession getAdminSession() throws Exception + { + return null; + } } }