Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 70251 invoked from network); 6 Aug 2008 10:40:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Aug 2008 10:40:47 -0000 Received: (qmail 61173 invoked by uid 500); 6 Aug 2008 10:40:38 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 61085 invoked by uid 500); 6 Aug 2008 10:40:37 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 60981 invoked by uid 99); 6 Aug 2008 10:40:37 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Aug 2008 03:40:36 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Aug 2008 10:39:48 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 1E648238889D; Wed, 6 Aug 2008 03:39:45 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r683215 - in /directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers: ./ bind/cramMD5/ bind/digestMD5/ bind/ntlm/ Date: Wed, 06 Aug 2008 10:39:44 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080806103945.1E648238889D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Wed Aug 6 03:39:42 2008 New Revision: 683215 URL: http://svn.apache.org/viewvc?rev=683215&view=rev Log: Store a LdapPrincipal instea dof a serverEntry in the SASL_AUTHENT_USER, as we may not have a ServerEntry for external users. Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java?rev=683215&r1=683214&r2=683215&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java (original) +++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java Wed Aug 6 03:39:42 2008 @@ -32,8 +32,8 @@ import org.apache.directory.server.core.CoreSession; import org.apache.directory.server.core.DirectoryService; +import org.apache.directory.server.core.authn.LdapPrincipal; import org.apache.directory.server.core.entry.ClonedServerEntry; -import org.apache.directory.server.core.entry.ServerEntry; import org.apache.directory.server.core.interceptor.context.BindOperationContext; import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; @@ -464,9 +464,9 @@ // Create the user's coreSession try { - ServerEntry userEntry = (ServerEntry)ldapSession.getSaslProperty( SaslConstants.SASL_AUTHENT_USER ); + LdapPrincipal ldapPrincipal = (LdapPrincipal)ldapSession.getSaslProperty( SaslConstants.SASL_AUTHENT_USER ); - CoreSession userSession = ds.getSession( userEntry.getDn(), userEntry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes(), saslMechanism, null ); + CoreSession userSession = ds.getSession( ldapPrincipal.getJndiName(), ldapPrincipal.getUserPassword(), saslMechanism, null ); ldapSession.setCoreSession( userSession ); Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java?rev=683215&r1=683214&r2=683215&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java (original) +++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/cramMD5/CramMd5CallbackHandler.java Wed Aug 6 03:39:42 2008 @@ -24,11 +24,13 @@ import java.util.Set; import org.apache.directory.server.core.CoreSession; +import org.apache.directory.server.core.authn.LdapPrincipal; import org.apache.directory.server.core.entry.ClonedServerEntry; import org.apache.directory.server.core.filtering.EntryFilteringCursor; import org.apache.directory.server.newldap.LdapSession; import org.apache.directory.server.newldap.handlers.bind.AbstractSaslCallbackHandler; import org.apache.directory.server.newldap.handlers.bind.SaslConstants; +import org.apache.directory.shared.ldap.constants.AuthenticationLevel; import org.apache.directory.shared.ldap.constants.SchemaConstants; import org.apache.directory.shared.ldap.entry.EntryAttribute; import org.apache.directory.shared.ldap.filter.ExprNode; @@ -39,6 +41,7 @@ import org.apache.directory.shared.ldap.name.LdapDN; import org.apache.directory.shared.ldap.schema.AttributeType; import org.apache.directory.shared.ldap.schema.AttributeTypeOptions; +import org.apache.directory.shared.ldap.util.StringTools; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -101,7 +104,11 @@ while ( cursor.next() ) { entry = cursor.get(); - ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, entry ); + LdapPrincipal ldapPrincipal = new LdapPrincipal( + entry.getDn(), + AuthenticationLevel.STRONG, + entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() ); + ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal ); } return entry.get( passwordAT ); Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java?rev=683215&r1=683214&r2=683215&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java (original) +++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/digestMD5/DigestMd5CallbackHandler.java Wed Aug 6 03:39:42 2008 @@ -24,11 +24,13 @@ import java.util.Set; import org.apache.directory.server.core.CoreSession; +import org.apache.directory.server.core.authn.LdapPrincipal; import org.apache.directory.server.core.entry.ClonedServerEntry; import org.apache.directory.server.core.filtering.EntryFilteringCursor; import org.apache.directory.server.newldap.LdapSession; import org.apache.directory.server.newldap.handlers.bind.AbstractSaslCallbackHandler; import org.apache.directory.server.newldap.handlers.bind.SaslConstants; +import org.apache.directory.shared.ldap.constants.AuthenticationLevel; import org.apache.directory.shared.ldap.constants.SchemaConstants; import org.apache.directory.shared.ldap.entry.EntryAttribute; import org.apache.directory.shared.ldap.filter.ExprNode; @@ -101,7 +103,11 @@ while ( cursor.next() ) { entry = cursor.get(); - ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, entry ); + LdapPrincipal ldapPrincipal = new LdapPrincipal( + entry.getDn(), + AuthenticationLevel.STRONG, + entry.get( SchemaConstants.USER_PASSWORD_AT ).getBytes() ); + ldapSession.putSaslProperty( SaslConstants.SASL_AUTHENT_USER, ldapPrincipal ); } return entry.get( passwordAT ); Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java?rev=683215&r1=683214&r2=683215&view=diff ============================================================================== --- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java (original) +++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/bind/ntlm/NtlmSaslServer.java Wed Aug 6 03:39:42 2008 @@ -20,12 +20,18 @@ package org.apache.directory.server.newldap.handlers.bind.ntlm; +import org.apache.directory.server.core.CoreSession; +import org.apache.directory.server.core.interceptor.context.BindOperationContext; import org.apache.directory.server.newldap.LdapSession; import org.apache.directory.server.newldap.handlers.bind.AbstractSaslServer; +import org.apache.directory.server.newldap.handlers.bind.SaslConstants; import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms; import org.apache.directory.shared.ldap.message.BindRequest; +import org.apache.directory.shared.ldap.name.LdapDN; +import org.apache.directory.shared.ldap.util.StringTools; import javax.naming.Context; +import javax.naming.InvalidNameException; import javax.security.sasl.SaslException; @@ -148,7 +154,8 @@ try { result = provider.authenticate( getLdapSession().getIoSession(), response ); - getLdapSession().getIoSession().setAttribute( Context.SECURITY_PRINCIPAL, getBindRequest().getName().toString() ); + + getLdapSession().putSaslProperty( Context.SECURITY_PRINCIPAL, getBindRequest().getName().toString() ); } catch ( Exception e ) { @@ -169,6 +176,21 @@ /** + * Try to authenticate the usr against the underlying LDAP server. + */ + private CoreSession authenticate( String user, String password ) throws InvalidNameException, Exception + { + BindOperationContext bindContext = new BindOperationContext( getLdapSession().getCoreSession() ); + bindContext.setDn( new LdapDN( user ) ); + bindContext.setCredentials( StringTools.getBytesUtf8( password ) ); + + getAdminSession().getDirectoryService().getOperationManager().bind( bindContext ); + + return bindContext.getSession(); + } + + + /** * {@inheritDoc} */ public boolean isComplete()