Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 35314 invoked from network); 6 Aug 2008 01:39:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Aug 2008 01:39:00 -0000 Received: (qmail 32359 invoked by uid 500); 6 Aug 2008 01:38:59 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 32324 invoked by uid 500); 6 Aug 2008 01:38:59 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 32315 invoked by uid 99); 6 Aug 2008 01:38:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Aug 2008 18:38:59 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Aug 2008 01:38:03 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id B64902388A04; Tue, 5 Aug 2008 18:38:00 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r683079 - in /directory/apacheds/branches/bigbang: protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/ server-integ/src/test/java/org/apache/directory/server/operations/bind/ server-integ/src/test/java/org/apache/di... Date: Wed, 06 Aug 2008 01:38:00 -0000 To: commits@directory.apache.org From: akarasulu@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080806013800.B64902388A04@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: akarasulu Date: Tue Aug 5 18:37:59 2008 New Revision: 683079 URL: http://svn.apache.org/viewvc?rev=683079&view=rev Log: adding test for Bind operation with referrals as well as small referral handling code - consolidated some tests from server-unit Added: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java Removed: directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java?rev=683079&r1=683078&r2=683079&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java (original) +++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java Tue Aug 5 18:37:59 2008 @@ -31,6 +31,7 @@ import org.apache.directory.server.core.CoreSession; import org.apache.directory.server.core.DirectoryService; +import org.apache.directory.server.core.entry.ClonedServerEntry; import org.apache.directory.server.core.entry.ServerEntry; import org.apache.directory.server.core.interceptor.context.BindOperationContext; import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; @@ -119,7 +120,45 @@ try { - // And call the OperationManager bind operation. + /* + * Referral handling as specified by RFC 3296 here: + * + * http://www.faqs.org/rfcs/rfc3296.html + * + * See section 5.6.1 where if the bind principal DN is a referral + * we return an invalidCredentials result response. Optionally we + * could support delegated authentication in the future with this + * potential. See the following JIRA for more on this possibility: + * + * https://issues.apache.org/jira/browse/DIRSERVER-1217 + * + * NOTE: if this is done then this handler should extend the + * a modified form of the SingleReplyRequestHandler so it can + * detect conditions where ancestors of the DN are referrals + * and delegate appropriately. + */ + ClonedServerEntry principalEntry = getLdapServer().getDirectoryService() + .getAdminSession().lookup( bindRequest.getName() ); + if ( principalEntry == null || + principalEntry.getOriginalEntry().contains( SchemaConstants.OBJECT_CLASS_AT, + SchemaConstants.REFERRAL_OC ) ) + { + LdapResult result = bindRequest.getResultResponse().getLdapResult(); + result.setErrorMessage( "Bind principalDn points to referral." ); + result.setMatchedDn( bindRequest.getName() ); + result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS ); + ldapSession.getIoSession().write( bindRequest.getResultResponse() ); + return; + } + + // TODO - might cause issues since lookups are not returning all + // attributes right now - this is an optimization that can be + // enabled later after determining whether or not this will cause + // issues. + // reuse the looked up entry so we don't incur another lookup + // opContext.setEntry( principalEntry ); + + // And call the OperationManager bind operation. getLdapServer().getDirectoryService().getOperationManager().bind( opContext ); // As a result, store the created session in the Core Session Added: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java?rev=683079&view=auto ============================================================================== --- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java (added) +++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java Tue Aug 5 18:37:59 2008 @@ -0,0 +1,141 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.operations.bind; + + +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPConstraints; +import netscape.ldap.LDAPControl; +import netscape.ldap.LDAPException; + +import org.apache.directory.server.core.integ.Level; +import org.apache.directory.server.core.integ.annotations.ApplyLdifs; +import org.apache.directory.server.core.integ.annotations.CleanupLevel; +import org.apache.directory.server.integ.SiRunner; +import org.apache.directory.server.newldap.LdapServer; +import org.junit.Test; +import org.junit.runner.RunWith; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; + + +/** + * Tests the server to make sure standard compare operations work properly. + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +@RunWith ( SiRunner.class ) +@CleanupLevel ( Level.SUITE ) +@ApplyLdifs( { + // Entry # 1 + "dn: uid=akarasulu,ou=users,ou=system\n" + + "objectClass: uidObject\n" + + "objectClass: person\n" + + "objectClass: top\n" + + "uid: akarasulu\n" + + "cn: Alex Karasulu\n" + + "sn: karasulu\n\n" + + // Entry # 2 + "dn: ou=Computers,uid=akarasulu,ou=users,ou=system\n" + + "objectClass: organizationalUnit\n" + + "objectClass: top\n" + + "ou: computers\n" + + "description: Computers for Alex\n" + + "seeAlso: ou=Machines,uid=akarasulu,ou=users,ou=system\n\n" + + // Entry # 3 + "dn: uid=akarasuluref,ou=users,ou=system\n" + + "objectClass: extensibleObject\n" + + "objectClass: uidObject\n" + + "objectClass: referral\n" + + "objectClass: top\n" + + "uid: akarasuluref\n" + + "userPassword: secret\n" + + "ref: ldap://localhost:10389/uid=akarasulu,ou=users,ou=system\n" + + "ref: ldap://foo:10389/uid=akarasulu,ou=users,ou=system\n" + + "ref: ldap://bar:10389/uid=akarasulu,ou=users,ou=system\n\n" + } +) +public class BindIT +{ + public static LdapServer ldapServer; + + + @Test + public void testConnectWithIllegalLDAPVersion() throws Exception + { + LDAPConnection conn = null; + + try + { + conn = new LDAPConnection(); + conn.connect( 100, "localhost", ldapServer.getIpPort(), "uid=admin,ou=system", "secret" ); + fail( "try to connect with illegal version number should fail" ); + } + catch ( LDAPException e ) + { + assertEquals( "statuscode", LDAPException.PROTOCOL_ERROR, e.getLDAPResultCode() ); + } + finally + { + if ( conn != null ) + { + conn.disconnect(); + } + } + } + + + /** + * Tests bind operation on referral entry. + */ + @Test + public void testOnReferralWithOrWithoutManageDsaItControl() throws Exception + { + LDAPConnection conn = new LDAPConnection(); + LDAPConstraints constraints = new LDAPConstraints(); + constraints.setClientControls( new LDAPControl( LDAPControl.MANAGEDSAIT, true, new byte[0] ) ); + constraints.setServerControls( new LDAPControl( LDAPControl.MANAGEDSAIT, true, new byte[0] ) ); + conn.setConstraints( constraints ); + + try + { + conn.connect( 3, "localhost", ldapServer.getIpPort(), + "uid=akarasuluref,ou=users,ou=system", "secret", constraints ); + fail( "try to connect with illegal version number should fail" ); + } + catch( LDAPException e ) + { + assertEquals( "statuscode", LDAPException.INVALID_CREDENTIALS, e.getLDAPResultCode() ); + } + + try + { + conn.connect( 3, "localhost", ldapServer.getIpPort(), + "uid=akarasuluref,ou=users,ou=system", "secret" ); + fail( "try to connect with illegal version number should fail" ); + } + catch( LDAPException e ) + { + assertEquals( "statuscode", LDAPException.INVALID_CREDENTIALS, e.getLDAPResultCode() ); + } + } +} Modified: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java?rev=683079&r1=683078&r2=683079&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java (original) +++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java Tue Aug 5 18:37:59 2008 @@ -27,6 +27,7 @@ import org.apache.directory.server.integ.SiSuite; import org.apache.directory.server.operations.add.AddIT; import org.apache.directory.server.operations.add.AddingEntriesWithSpecialCharactersInRDNIT; +import org.apache.directory.server.operations.bind.BindIT; import org.apache.directory.server.operations.compare.CompareIT; import org.apache.directory.server.operations.compare.MatchingRuleCompareIT; import org.apache.directory.server.operations.delete.DeleteIT; @@ -60,7 +61,8 @@ ModifyRemoveIT.class, ModifyReplaceIT.class, ModifyRdnIT.class, - ModifyDnReferralIT.class + ModifyDnReferralIT.class, + BindIT.class } ) @CleanupLevel ( Level.SUITE ) @Mode ( SetupMode.ROLLBACK )