directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r682787 - in /directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers: ./ bind/ bind/cramMD5/ bind/digestMD5/ bind/gssapi/ bind/ntlm/ bind/plain/
Date Tue, 05 Aug 2008 16:48:33 GMT
Author: elecharny
Date: Tue Aug  5 09:48:33 2008
New Revision: 682787

URL: http://svn.apache.org/viewvc?rev=682787&view=rev
Log:
Some more cleanup, with the creation of an AbstractMechanismHandler, to move the SaslFilter
insertion
out of the Bind handler.

Added:
    directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/AbstractMechanismHandler.java
Modified:
    directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
    directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5MechanismHandler.java
    directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5MechanismHandler.java
    directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/gssapi/GssapiMechanismHandler.java
    directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmMechanismHandler.java
    directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/plain/PlainMechanismHandler.java

Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java?rev=682787&r1=682786&r2=682787&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
Tue Aug  5 09:48:33 2008
@@ -57,6 +57,7 @@
 import org.apache.directory.shared.ldap.util.StringTools;
 import org.apache.mina.common.IoFilterChain;
 import org.apache.mina.common.IoSession;
+import org.hamcrest.core.IsEqual;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -217,7 +218,7 @@
         // SaslServer will throw an exception if the credentials are null.
         if ( bindRequest.getCredentials() == null )
         {
-            bindRequest.setCredentials( new byte[0] );
+            bindRequest.setCredentials( StringTools.EMPTY_BYTES );
         }
 
         try
@@ -367,11 +368,14 @@
         // First, check that we have the same mechanism
         String saslMechanism = bindRequest.getSaslMechanism();
         
-        if ( !ldapSession.getSaslProperty( SaslConstants.SASL_MECH ).equals( saslMechanism
) )
+        // The empty mechanism is also a request for a new Bind session
+        if ( StringTools.isEmpty( saslMechanism ) || 
+            !ldapSession.getSaslProperty( SaslConstants.SASL_MECH ).equals( saslMechanism
) )
         {
             sendAuthMethNotSupported( ldapSession, bindRequest );
             return;
         }
+        
         // We have already received a first BindRequest, and sent back some challenge.
         // First, check if the mechanism is the same
         MechanismHandler mechanismHandler = handlers.get( saslMechanism );
@@ -379,79 +383,63 @@
         if ( mechanismHandler == null )
         {
             String message = "Handler unavailable for " + saslMechanism;
+            
+            // Clear the saslProperties, and move to the anonymous state
+            ldapSession.clearSaslProperties();
+            ldapSession.setAnonymous();
+            
             LOG.error( message );
             throw new IllegalArgumentException( message );
         }
 
+        // Get the previously created SaslServer instance
         SaslServer ss = mechanismHandler.handleMechanism( ldapSession, bindRequest );
         
-        if ( !ss.isComplete() )
+        /*
+         * SaslServer will throw an exception if the credentials are null.
+         */
+        if ( bindRequest.getCredentials() == null )
+        {
+            bindRequest.setCredentials( StringTools.EMPTY_BYTES );
+        }
+        
+        byte[] tokenBytes = ss.evaluateResponse( bindRequest.getCredentials() );
+        
+        if ( ss.isComplete() )
         {
-            /*
-             * SaslServer will throw an exception if the credentials are null.
-             */
-            if ( bindRequest.getCredentials() == null )
+            if ( tokenBytes != null )
             {
-                bindRequest.setCredentials( new byte[0] );
+                /*
+                 * There may be a token to return to the client.  We set it here
+                 * so it will be returned in a SUCCESS message, after an LdapContext
+                 * has been initialized for the client.
+                 */
+                ldapSession.putSaslProperty( SaslConstants.SASL_CREDS, tokenBytes );
             }
             
-            byte[] tokenBytes = ss.evaluateResponse( bindRequest.getCredentials() );
-            
-            if ( ss.isComplete() )
+            // Create the user's coreSession
+            try
             {
-                if ( tokenBytes != null )
-                {
-                    /*
-                     * There may be a token to return to the client.  We set it here
-                     * so it will be returned in a SUCCESS message, after an LdapContext
-                     * has been initialized for the client.
-                     */
-                    ldapSession.putSaslProperty( SaslConstants.SASL_CREDS, tokenBytes );
-                }
+                ServerEntry userEntry = (ServerEntry)ldapSession.getSaslProperty( SaslConstants.SASL_AUTHENT_USER
);
                 
-                // Create the user's coreSession
-                try
-                {
-                    ServerEntry userEntry = (ServerEntry)ldapSession.getSaslProperty( SaslConstants.SASL_AUTHENT_USER
);
-                    
-                    CoreSession userSession = ds.getSession( userEntry.getDn(), userEntry.get(
SchemaConstants.USER_PASSWORD_AT ).getBytes(), saslMechanism, null );
-                    
-                    ldapSession.setCoreSession( userSession );
-                    
-                    // Mark the user as authenticated
-                    ldapSession.setAuthenticated();
-                    
-                    /*
-                     * If the SASL mechanism is DIGEST-MD5 or GSSAPI, we insert a SASLFilter.
-                     */
-                    if ( saslMechanism.equals( SupportedSaslMechanisms.DIGEST_MD5 ) ||
-                         saslMechanism.equals( SupportedSaslMechanisms.GSSAPI ) )
-                    {
-                        LOG.debug( "Inserting SaslFilter to engage negotiated security layer."
);
-                        IoSession ioSession = ldapSession.getIoSession();
-
-                        IoFilterChain chain = ioSession.getFilterChain();
-                        
-                        if ( !chain.contains( "SASL_FILTER" ) )
-                        {
-                            SaslServer saslServer = ( SaslServer ) ldapSession.getSaslProperty(
SaslConstants.SASL_SERVER );
-                            chain.addBefore( "codec", "SASL_FILTER", new SaslFilter( saslServer
) );
-                        }
-
-                        /*
-                         * We disable the SASL security layer once, to write the outbound
SUCCESS
-                         * message without SASL security layer processing.
-                         */
-                        ioSession.setAttribute( SaslFilter.DISABLE_SECURITY_LAYER_ONCE, Boolean.TRUE
);
-                    }
+                CoreSession userSession = ds.getSession( userEntry.getDn(), userEntry.get(
SchemaConstants.USER_PASSWORD_AT ).getBytes(), saslMechanism, null );
+                
+                ldapSession.setCoreSession( userSession );
+                
+                // Mark the user as authenticated
+                ldapSession.setAuthenticated();
+                
+                // Call the cleanup method for the selected mechanism
+                MechanismHandler handler = (MechanismHandler)ldapSession.getSaslProperty(
SaslConstants.SASL_MECH_HANDLER );
 
-                    // And send a Success response
-                    sendBindSuccess( ldapSession, bindRequest, tokenBytes );
-                }
-                catch ( Exception e )
-                {
-                    
-                }
+                handler.cleanup( ldapSession );
+
+                // And send a Success response
+                sendBindSuccess( ldapSession, bindRequest, tokenBytes );
+            }
+            catch ( Exception e )
+            {
+                
             }
         }
     }
@@ -525,9 +513,10 @@
                 // Get the handler for this mechanism
                 MechanismHandler mechanismHandler = handlers.get( saslMechanism );
                 
-                // Stor ethe mechanism handler in the salsProperties
+                // Store the mechanism handler in the salsProperties
                 ldapSession.putSaslProperty( SaslConstants.SASL_MECH_HANDLER, mechanismHandler
);
                 
+                // Initialize the mechanism specific data
                 mechanismHandler.init( ldapSession );
 
                 // Get the SaslServer instance which manage the C/R exchange
@@ -550,6 +539,7 @@
             {
                 sendInvalidCredentials( ldapSession, bindRequest, se );
             }
+            
             return;
         }
     }

Added: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/AbstractMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/AbstractMechanismHandler.java?rev=682787&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/AbstractMechanismHandler.java
(added)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/AbstractMechanismHandler.java
Tue Aug  5 09:48:33 2008
@@ -0,0 +1,71 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.directory.server.newldap.handlers.bind;
+
+import javax.security.sasl.SaslServer;
+
+import org.apache.directory.server.newldap.LdapSession;
+import org.apache.mina.common.IoFilterChain;
+import org.apache.mina.common.IoSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * 
+ * An abstract class for all the MechanismHandlers, implementing some common methods
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public abstract class AbstractMechanismHandler implements MechanismHandler
+{
+    /** A logger for this class **/
+    private static final Logger LOG = LoggerFactory.getLogger( AbstractMechanismHandler.class
);
+
+    
+    /**
+     * Inject a SaslFilter into the Filter chain, to deal with modified
+     * PDU sent when some mechanisms have been negotiated (DIGEST-MD5, GSSAPI, 
+     * for instance)
+     *
+     * @param ldapSession the LdapSession instance
+     */
+    protected void insertSaslFilter( LdapSession ldapSession )
+    {
+        LOG.debug( "Inserting SaslFilter to engage negotiated security layer." );
+        IoSession ioSession = ldapSession.getIoSession();
+    
+        // get the Io chain
+        IoFilterChain chain = ioSession.getFilterChain();
+        
+        if ( !chain.contains( SaslConstants.SASL_FILTER ) )
+        {
+            SaslServer saslServer = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER
);
+            chain.addBefore( "codec", SaslConstants.SASL_FILTER, new SaslFilter( saslServer
) );
+        }
+    
+        /*
+         * We disable the SASL security layer once, to write the outbound SUCCESS
+         * message without SASL security layer processing.
+         */
+        ioSession.setAttribute( SaslFilter.DISABLE_SECURITY_LAYER_ONCE, Boolean.TRUE );
+    }
+}

Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5MechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5MechanismHandler.java?rev=682787&r1=682786&r2=682787&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5MechanismHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5MechanismHandler.java
Tue Aug  5 09:48:33 2008
@@ -22,7 +22,7 @@
 
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.newldap.LdapSession;
-import org.apache.directory.server.newldap.handlers.bind.MechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.AbstractMechanismHandler;
 import org.apache.directory.server.newldap.handlers.bind.SaslConstants;
 import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
 import org.apache.directory.shared.ldap.message.BindRequest;
@@ -41,7 +41,7 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class CramMd5MechanismHandler implements MechanismHandler
+public class CramMd5MechanismHandler extends AbstractMechanismHandler
 {
     public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest )
throws Exception
     {

Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5MechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5MechanismHandler.java?rev=682787&r1=682786&r2=682787&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5MechanismHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5MechanismHandler.java
Tue Aug  5 09:48:33 2008
@@ -23,7 +23,7 @@
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.newldap.LdapServer;
 import org.apache.directory.server.newldap.LdapSession;
-import org.apache.directory.server.newldap.handlers.bind.MechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.AbstractMechanismHandler;
 import org.apache.directory.server.newldap.handlers.bind.SaslConstants;
 import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
 import org.apache.directory.shared.ldap.message.BindRequest;
@@ -43,7 +43,7 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class DigestMd5MechanismHandler implements MechanismHandler
+public class DigestMd5MechanismHandler extends AbstractMechanismHandler
 {
     /**
      * Create a list of all the configured realms.
@@ -121,10 +121,14 @@
     /**
      * Remove the Host, UserBaseDn, props and Mechanism property.
      * 
-     * @param ldapSession the Ldapsession instance
+     * @param ldapSession the LdapSession instance
      */
     public void cleanup( LdapSession ldapSession )
     {
+        // Inject the Sasl Filter
+        insertSaslFilter( ldapSession );
+        
+        // and cleanup the useless informations
         ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
         ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
         ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );

Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/gssapi/GssapiMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/gssapi/GssapiMechanismHandler.java?rev=682787&r1=682786&r2=682787&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/gssapi/GssapiMechanismHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/gssapi/GssapiMechanismHandler.java
Tue Aug  5 09:48:33 2008
@@ -21,7 +21,7 @@
 
 
 import org.apache.directory.server.newldap.LdapSession;
-import org.apache.directory.server.newldap.handlers.bind.MechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.AbstractMechanismHandler;
 import org.apache.directory.server.newldap.handlers.bind.SaslConstants;
 import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
 import org.apache.directory.shared.ldap.message.BindRequest;
@@ -41,7 +41,7 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class GssapiMechanismHandler implements MechanismHandler
+public class GssapiMechanismHandler extends AbstractMechanismHandler
 {
     public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest )
throws Exception
     {
@@ -90,6 +90,10 @@
      */
     public void cleanup( LdapSession ldapSession )
     {
+        // Inject the Sasl Filter
+        insertSaslFilter( ldapSession );
+
+        // and remove the useless informations
         ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
         ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
         ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );

Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmMechanismHandler.java?rev=682787&r1=682786&r2=682787&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmMechanismHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmMechanismHandler.java
Tue Aug  5 09:48:33 2008
@@ -21,7 +21,7 @@
 
 
 import org.apache.directory.server.newldap.LdapSession;
-import org.apache.directory.server.newldap.handlers.bind.MechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.AbstractMechanismHandler;
 import org.apache.directory.server.newldap.handlers.bind.SaslConstants;
 import org.apache.directory.shared.ldap.message.BindRequest;
 
@@ -37,7 +37,7 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class NtlmMechanismHandler implements MechanismHandler
+public class NtlmMechanismHandler extends AbstractMechanismHandler
 {
     private String providerFqcn;
     private NtlmProvider provider;

Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/plain/PlainMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/plain/PlainMechanismHandler.java?rev=682787&r1=682786&r2=682787&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/plain/PlainMechanismHandler.java
(original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/plain/PlainMechanismHandler.java
Tue Aug  5 09:48:33 2008
@@ -22,7 +22,7 @@
 
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.newldap.LdapSession;
-import org.apache.directory.server.newldap.handlers.bind.MechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.AbstractMechanismHandler;
 import org.apache.directory.server.newldap.handlers.bind.SaslConstants;
 import org.apache.directory.shared.ldap.message.BindRequest;
 
@@ -36,7 +36,7 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class PlainMechanismHandler implements MechanismHandler
+public class PlainMechanismHandler extends AbstractMechanismHandler
 {
     
     /**



Mime
View raw message