directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r999888 - in /directory: apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/ shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/ shared/trunk/ldap-client-api/src/main/java/org/...
Date Wed, 22 Sep 2010 12:07:12 GMT
Author: elecharny
Date: Wed Sep 22 12:07:11 2010
New Revision: 999888

URL: http://svn.apache.org/viewvc?rev=999888&view=rev
Log:
o When we can't find a SaslFactory for a mechanism, throw an exception instead of forging
a BindResponse object
o Added some comments
o Included Kiran's patch for DIRAPI-30
o Fixed some potential NPE

Modified:
    directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
    directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
    directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
    directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java

Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java?rev=999888&r1=999887&r2=999888&view=diff
==============================================================================
--- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
(original)
+++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
Wed Sep 22 12:07:11 2010
@@ -22,6 +22,7 @@ package org.apache.directory.server.oper
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 import java.lang.reflect.Field;
 import java.net.InetAddress;
@@ -253,8 +254,16 @@ public class SaslBindIT extends Abstract
         bindReq.setSaslMechanism( "" ); // invalid mechanism
         bindReq.setSimple( false );
 
-        BindResponse resp = connection.bind( bindReq );
-        assertEquals( ResultCodeEnum.AUTH_METHOD_NOT_SUPPORTED, resp.getLdapResult().getResultCode()
);
+        try
+        {
+            connection.bind( bindReq );
+            fail();
+        }
+        catch ( LdapException le )
+        {
+            //expected
+        }
+
         connection.close();
     }
 
@@ -433,6 +442,7 @@ public class SaslBindIT extends Abstract
         for ( int i = 0; i < 1000; i++ )
         {
             System.out.println( "try " + i );
+
             // Digest-MD5
             connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
             resp = connection.bindDigestMd5( userDn.getName(), "secret", null, ldapServer.getSaslRealms()

Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=999888&r1=999887&r2=999888&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Wed Sep 22 12:07:11 2010
@@ -87,7 +87,6 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.message.BindRequest;
 import org.apache.directory.shared.ldap.message.BindRequestImpl;
 import org.apache.directory.shared.ldap.message.BindResponse;
-import org.apache.directory.shared.ldap.message.BindResponseImpl;
 import org.apache.directory.shared.ldap.message.CompareRequest;
 import org.apache.directory.shared.ldap.message.CompareRequestImpl;
 import org.apache.directory.shared.ldap.message.CompareResponse;
@@ -1022,6 +1021,7 @@ public class LdapNetworkConnection exten
         try
         {
             DN dn = new DN( name );
+
             return createBindRequest( dn, credentials, saslMechanism, controls );
         }
         catch ( LdapInvalidDnException ine )
@@ -1042,9 +1042,6 @@ public class LdapNetworkConnection exten
     private BindRequest createBindRequest( DN name, byte[] credentials, String saslMechanism,
Control... controls )
         throws LdapException
     {
-        // clear the mappings if any (in case of a second call to bind() without calling
unBind())
-        //clearMaps();
-
         // Set the new messageId
         BindRequest bindRequest = new BindRequestImpl();
 
@@ -1266,7 +1263,7 @@ public class LdapNetworkConnection exten
     public BindResponse bindGssApi( String name, byte[] credentials, String realmName, String
kdcHost, int kdcPort, Control... ctrls )
         throws LdapException, IOException
     {
-        BindRequest bindReq = createBindRequest( name, credentials, SupportedSaslMechanisms.GSSAPI,
ctrls );
+        BindRequest bindRequest = createBindRequest( name, credentials, SupportedSaslMechanisms.GSSAPI,
ctrls );
         
         String krbConfPath = createKrbConfFile( realmName, kdcHost, kdcPort );
         System.setProperty( "java.security.krb5.conf", krbConfPath );
@@ -1274,18 +1271,21 @@ public class LdapNetworkConnection exten
         Configuration.setConfiguration( new Krb5LoginConfiguration() );
         System.setProperty( "javax.security.auth.useSubjectCredsOnly", "true" );
 
-        final SaslRequest saslReq = new SaslRequest( bindReq );
+        final SaslRequest saslRequest = new SaslRequest( bindRequest );
 
         try
         {
-            LoginContext lc = new LoginContext( "ldapnetworkconnection", new SaslCallbackHandler(
saslReq ) );
-            lc.login();
+            LoginContext loginContext = new LoginContext( "ldapnetworkconnection",
+                new SaslCallbackHandler( saslRequest ) );
+            loginContext.login();
 
-            BindFuture future = ( BindFuture ) Subject.doAs( lc.getSubject(), new PrivilegedExceptionAction<Object>()
+            // Now, bind by calling the internal bindSasl method
+            BindFuture future = ( BindFuture ) Subject.doAs( loginContext.getSubject(),
+                new PrivilegedExceptionAction<Object>()
             {
                 public Object run() throws Exception
                 {
-                    return bindSasl( saslReq );
+                    return bindSasl( saslRequest );
                 }
             } );
 
@@ -3438,7 +3438,12 @@ public class LdapNetworkConnection exten
     }
 
 
-    private BindFuture bindSasl( SaslRequest saslReq ) throws LdapException, IOException
+    /**
+     * Process the SASL Bind. It's a dialog with the server, we will send a first BindRequest,
receive
+     * a response and the, if this response is a challenge, continue by sending a new BindRequest
with
+     * the requested informations.
+     */
+    private BindFuture bindSasl( SaslRequest saslRequest ) throws LdapException, IOException
     {
         // First switch to anonymous state
         authenticated.set( false );
@@ -3449,7 +3454,7 @@ public class LdapNetworkConnection exten
         // If the session has not been establish, or is closed, we get out immediately
         checkSession();
 
-        BindRequest bindRequest = saslReq.getBindReq();
+        BindRequest bindRequest = saslRequest.getBindRequest();
 
         // Update the messageId
         int newId = messageId.incrementAndGet();
@@ -3461,6 +3466,7 @@ public class LdapNetworkConnection exten
         // Create a future for this Bind operation
         BindFuture bindFuture = new BindFuture( this, newId );
 
+        // Store it in the future Map
         addToFutureMap( newId, bindFuture );
 
         try
@@ -3469,49 +3475,72 @@ public class LdapNetworkConnection exten
             byte[] response = null;
             ResultCodeEnum result = null;
 
-            SaslClient sc = Sasl.createSaslClient( new String[]
-            { bindRequest.getSaslMechanism() }, saslReq.getAuthorizationId(), "ldap", config.getLdapHost(),
-                saslReq.getSaslMechProps(), new SaslCallbackHandler( saslReq ) );
+            SaslClient sc = Sasl.createSaslClient(
+                new String[]
+                    { bindRequest.getSaslMechanism() },
+                saslRequest.getAuthorizationId(),
+                "ldap",
+                config.getLdapHost(),
+                saslRequest.getSaslMechProps(),
+                new SaslCallbackHandler( saslRequest ) );
 
-            // handcode bindresponse and return
+            // If the SaslClient wasn't created, that means we can't create the SASL client
+            // for the requested mechanism. We then produce an Exception
             if ( sc == null )
             {
-                removeFromFutureMaps( newId );
-                bindResponse = new BindResponseImpl( newId );
-                bindResponse.getLdapResult().setResultCode( ResultCodeEnum.AUTH_METHOD_NOT_SUPPORTED
);
-                bindFuture.set( bindResponse );
-
-                return bindFuture;
+                String message = "Cannot find a SASL factory for the " + bindRequest.getSaslMechanism()
+ " mechanism";
+                LOG.error( message );
+                throw new LdapException( message );
             }
 
+            // Corner case : the SASL mech might send an initial challenge, and we have to

+            // deal with it immediately.
             if ( sc.hasInitialResponse() )
             {
-                response = sc.evaluateChallenge( new byte[0] );
+                byte[] challengeResponse = sc.evaluateChallenge( new byte[0] );
 
-                bindRequest.setCredentials( response );
+                // Stores the challenge's response, and send it to the server 
+                bindRequest.setCredentials( challengeResponse );
                 writeBindRequest( bindRequest );
 
+                // Get the server's response, blocking
                 bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );
+
+                if ( bindResponse == null )
+                {
+                    // We didn't received anything : this is an error
+                    LOG.error( "bind failed : timeout occured" );
+                    throw new LdapException( TIME_OUT_ERROR );
+                }
+
                 result = bindResponse.getLdapResult().getResultCode();
             }
             else
             {
-                // clone the bindRequest without setting the credentials
-                BindRequest clonedReq = new BindRequestImpl( newId );
-                clonedReq.setName( bindRequest.getName() );
-                clonedReq.setSaslMechanism( bindRequest.getSaslMechanism() );
-                clonedReq.setSimple( bindRequest.isSimple() );
-                clonedReq.setVersion3( bindRequest.getVersion3() );
-                clonedReq.addAllControls( bindRequest.getControls().values().toArray( new
Control[0] ) );
+                // Copy the bindRequest without setting the credentials
+                BindRequest bindRequestCopy = new BindRequestImpl( newId );
+                bindRequestCopy.setName( bindRequest.getName() );
+                bindRequestCopy.setSaslMechanism( bindRequest.getSaslMechanism() );
+                bindRequestCopy.setSimple( bindRequest.isSimple() );
+                bindRequestCopy.setVersion3( bindRequest.getVersion3() );
+                bindRequestCopy.addAllControls( bindRequest.getControls().values().toArray(
new Control[0] ) );
 
-                writeBindRequest( clonedReq );
+                writeBindRequest( bindRequestCopy );
 
                 bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );
+
+                if ( bindResponse == null )
+                {
+                    // We didn't received anything : this is an error
+                    LOG.error( "bind failed : timeout occured" );
+                    throw new LdapException( TIME_OUT_ERROR );
+                }
+
                 result = bindResponse.getLdapResult().getResultCode();
             }
 
             while ( !sc.isComplete()
-                && ( result == ResultCodeEnum.SASL_BIND_IN_PROGRESS || result ==
ResultCodeEnum.SUCCESS ) )
+                && ( ( result == ResultCodeEnum.SASL_BIND_IN_PROGRESS ) || ( result
== ResultCodeEnum.SUCCESS ) ) )
             {
                 response = sc.evaluateChallenge( bindResponse.getServerSaslCreds() );
 
@@ -3524,6 +3553,8 @@ public class LdapNetworkConnection exten
                 }
                 else
                 {
+                    newId = messageId.incrementAndGet();
+                    bindRequest.setMessageId( newId );
                     bindRequest.setCredentials( response );
 
                     addToFutureMap( newId, bindFuture );
@@ -3531,12 +3562,20 @@ public class LdapNetworkConnection exten
                     writeBindRequest( bindRequest );
 
                     bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );
+
+                    if ( bindResponse == null )
+                    {
+                        // We didn't received anything : this is an error
+                        LOG.error( "bind failed : timeout occured" );
+                        throw new LdapException( TIME_OUT_ERROR );
+                    }
+
                     result = bindResponse.getLdapResult().getResultCode();
                 }
-
             }
 
             bindFuture.set( bindResponse );
+
             return bindFuture;
         }
         catch ( LdapException e )
@@ -3569,16 +3608,17 @@ public class LdapNetworkConnection exten
         }
     }
 
-    
+
     /**
      * method to write the kerberos config in the standard MIT kerberos format
      * 
      * This is required cause the JGSS api is not able to recognize the port value set 
      * in the system property java.security.krb5.kdc this issue makes it impossible
-     * to set a kdc running non standard port(other than 88)
+     * to set a kdc running non standard ports (other than 88)
      *  
      * e.g localhost:6088
      * 
+     * <pre>
      * [libdefaults]
      *     default_realm = EXAMPLE.COM
      *
@@ -3586,7 +3626,8 @@ public class LdapNetworkConnection exten
      *     EXAMPLE.COM = {
      *         kdc = localhost:6088
      *     }
-     *     
+     * </pre>
+     * 
      * @return the full path of the config file
      */
     private String createKrbConfFile( String realmName, String kdcHost, int kdcPort ) throws
IOException

Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java?rev=999888&r1=999887&r2=999888&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
(original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
Wed Sep 22 12:07:11 2010
@@ -25,6 +25,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.apache.directory.shared.ldap.message.BindRequest;
+import org.apache.directory.shared.ldap.util.StringTools;
 
 
 /**
@@ -35,7 +36,7 @@ import org.apache.directory.shared.ldap.
 public class SaslRequest
 {
     /** the bind request */
-    private BindRequest bindReq;
+    private BindRequest bindRequest;
 
     /** the sasl mechaism's properties */
     private Map<String, String> saslMechProps = new HashMap<String, String>();
@@ -47,57 +48,110 @@ public class SaslRequest
     private String authorizationId;
 
 
-    protected SaslRequest( BindRequest bindReq )
+    /**
+     * Creates a new instance of SaslRequest.
+     *
+     * @param bindReq The included BindRequest
+     */
+    protected SaslRequest( BindRequest bindRequest )
     {
-        this.bindReq = bindReq;
+        this.bindRequest = bindRequest;
     }
 
 
-    public BindRequest getBindReq()
+    /**
+     * @return The interned BindRequest
+     */
+    public BindRequest getBindRequest()
     {
-        return bindReq;
+        return bindRequest;
     }
 
 
+    /**
+     * @return The supported SASL mechanisms
+     */
     public Map<String, String> getSaslMechProps()
     {
         return saslMechProps;
     }
 
 
+    /**
+     * Set the supported SASL mechanisms
+     *
+     * @param saslMechProps The list of supported mechanisms
+     */
     public void setSaslMechProps( Map<String, String> saslMechProps )
     {
         this.saslMechProps = saslMechProps;
     }
 
 
+    /**
+     * @return The realm name
+     */
     public String getRealmName()
     {
         return realmName;
     }
 
 
+    /**
+     * Set the realm Name
+     * @param realmName The realm name
+     */
     public void setRealmName( String realmName )
     {
         this.realmName = realmName;
     }
 
 
+    /**
+     * @return The authorization Id
+     */
     public String getAuthorizationId()
     {
         return authorizationId;
     }
 
 
+    /**
+     * Sets the Authorization ID
+     *
+     * @param authorizationId The authorization ID
+     */
     public void setAuthorizationId( String authorizationId )
     {
         this.authorizationId = authorizationId;
     }
 
 
-    public void setBindReq( BindRequest bindReq )
-    {
-        this.bindReq = bindReq;
+    /**
+     * Sets the interned BindRequest
+     *
+     * @param bindRequest The interned BindRequest
+     */
+    public void setBindRequest( BindRequest bindRequest )
+    {
+        this.bindRequest = bindRequest;
     }
 
+
+    /**
+     * @return the credentials
+     */
+    public byte[] getCredentials()
+    {
+        byte[] credentials = bindRequest.getCredentials();
+
+        if ( credentials != null )
+        {
+            return credentials;
+        }
+        else
+        {
+            return StringTools.EMPTY_BYTES;
+        }
+    }
 }

Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java?rev=999888&r1=999887&r2=999888&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
(original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
Wed Sep 22 12:07:11 2010
@@ -62,7 +62,7 @@ public class SaslCallbackHandler impleme
             {
                 NameCallback ncb = ( NameCallback ) cb;
                 
-                String name = saslReq.getBindReq().getName().getRdn().getUpValue().getString();
+                String name = saslReq.getBindRequest().getName().getRdn().getUpValue().getString();
                 LOG.debug( "sending name {} in the NameCallback", name );
                 
                 ncb.setName( name );
@@ -72,7 +72,7 @@ public class SaslCallbackHandler impleme
             {
                 PasswordCallback pcb = ( PasswordCallback ) cb;
                 LOG.debug( "sending credentials in the PasswordCallback" );
-                pcb.setPassword( StringTools.utf8ToString( saslReq.getBindReq().getCredentials()
).toCharArray() );
+                pcb.setPassword( StringTools.utf8ToString( saslReq.getCredentials() ).toCharArray()
);
             }
             
             else if( cb instanceof RealmCallback )
@@ -82,7 +82,7 @@ public class SaslCallbackHandler impleme
                 if( saslReq.getRealmName() != null )
                 {
                     LOG.debug( "sending the user specified realm value {} in the RealmCallback",
saslReq.getRealmName() );
-                    rcb.setText( saslReq.getRealmName() );                    
+                    rcb.setText( saslReq.getRealmName() );
                 }
                 else
                 {



Mime
View raw message