directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pamarce...@apache.org
Subject svn commit: r1028841 - in /directory: apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/ shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/ shared/trunk/ldap-client-api/src/main/java/org...
Date Fri, 29 Oct 2010 16:59:06 GMT
Author: pamarcelot
Date: Fri Oct 29 16:59:05 2010
New Revision: 1028841

URL: http://svn.apache.org/viewvc?rev=1028841&view=rev
Log:
Fix for DIRAPI-37 (Refactor the SASL bind methods to accept the username as a String and not
a DN).

Modified:
    directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
    directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
    directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
    directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java

Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java?rev=1028841&r1=1028840&r2=1028841&view=diff
==============================================================================
--- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
(original)
+++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
Fri Oct 29 16:59:05 2010
@@ -93,6 +93,7 @@ import org.slf4j.LoggerFactory;
         "objectClass: organizationalUnit",
         "objectClass: top",
         "ou: users\n",
+
         // Entry # 2
         "dn: uid=hnelson,ou=users,dc=example,dc=com",
         "objectClass: inetOrgPerson",
@@ -107,7 +108,7 @@ import org.slf4j.LoggerFactory;
         "krb5KeyVersionNumber: 0",
         "cn: Horatio Nelson",
         "sn: Nelson",
-    
+
         // krbtgt
         "dn: uid=krbtgt,ou=users,dc=example,dc=com",
         "objectClass: inetOrgPerson",
@@ -122,7 +123,7 @@ import org.slf4j.LoggerFactory;
         "krb5KeyVersionNumber: 0",
         "cn: KDC Service",
         "sn: Service",
-        
+
         // ldap per host
         "dn: uid=ldap,ou=users,dc=example,dc=com",
         "objectClass: inetOrgPerson",
@@ -136,16 +137,15 @@ import org.slf4j.LoggerFactory;
         "krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
         "krb5KeyVersionNumber: 0",
         "cn: LDAP Service",
-        "sn: Service"
-    })
+        "sn: Service" })
 @CreateDS(allowAnonAccess = false, name = "SaslBindIT-class", partitions =
     { @CreatePartition(name = "example", suffix = "dc=example,dc=com", contextEntry = @ContextEntry(entryLdif
= "dn: dc=example,dc=com\n"
         + "dc: example\n" + "objectClass: top\n" + "objectClass: domain\n\n"), indexes =
         { @CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute
= "ou") }) },
-additionalInterceptors = { KeyDerivationInterceptor.class }
-)
+    additionalInterceptors =
+        { KeyDerivationInterceptor.class })
 @CreateLdapServer(transports =
-    { @CreateTransport(protocol = "LDAP") }, saslHost = "localhost", saslPrincipal="ldap/localhost@EXAMPLE.COM",
saslMechanisms =
+    { @CreateTransport(protocol = "LDAP") }, saslHost = "localhost", saslPrincipal = "ldap/localhost@EXAMPLE.COM",
saslMechanisms =
     { @SaslMechanism(name = SupportedSaslMechanisms.PLAIN, implClass = PlainMechanismHandler.class),
         @SaslMechanism(name = SupportedSaslMechanisms.CRAM_MD5, implClass = CramMd5MechanismHandler.class),
         @SaslMechanism(name = SupportedSaslMechanisms.DIGEST_MD5, implClass = DigestMd5MechanismHandler.class),
@@ -153,11 +153,11 @@ additionalInterceptors = { KeyDerivation
         @SaslMechanism(name = SupportedSaslMechanisms.NTLM, implClass = NtlmMechanismHandler.class),
         @SaslMechanism(name = SupportedSaslMechanisms.GSS_SPNEGO, implClass = NtlmMechanismHandler.class)
}, extendedOpHandlers =
     { StoredProcedureExtendedOperationHandler.class }, ntlmProvider = BogusNtlmProvider.class)
-@CreateKdcServer ( 
-    transports = 
+@CreateKdcServer(
+    transports =
     {
-        @CreateTransport( protocol = "UDP", port = 6088 ),
-        @CreateTransport( protocol = "TCP", port = 6088 )
+        @CreateTransport(protocol = "UDP", port = 6088),
+        @CreateTransport(protocol = "TCP", port = 6088)
     })
 public class SaslBindIT extends AbstractLdapTestUnit
 {
@@ -244,6 +244,7 @@ public class SaslBindIT extends Abstract
      * Test a SASL bind with an empty mechanism 
      */
     @Test
+    @Ignore("Activate and fix when DIRAPI-36 (Provide a SaslBindRequest extending BindRequest
that can be used in LdapConnection.bind(...) method) is solved")
     public void testSaslBindNoMech() throws Exception
     {
         DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
@@ -277,7 +278,7 @@ public class SaslBindIT extends Abstract
         DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
         LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort()
);
 
-        BindResponse resp = connection.bindCramMd5( userDn.getName(), "secret", null );
+        BindResponse resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(),
"secret", null );
         assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
 
         Entry entry = connection.lookup( userDn );
@@ -296,7 +297,7 @@ public class SaslBindIT extends Abstract
         DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
         LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort()
);
 
-        BindResponse resp = connection.bindCramMd5( userDn.getName(), "badsecret", null );
+        BindResponse resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(),
"badsecret", null );
         assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode()
);
         connection.close();
     }
@@ -311,7 +312,8 @@ public class SaslBindIT extends Abstract
         DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
         LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort()
);
 
-        BindResponse resp = connection.bindDigestMd5( userDn.getName(), "secret", null, ldapServer.getSaslRealms()
+        BindResponse resp = connection.bindDigestMd5( userDn.getRdn().getUpValue().getString(),
"secret", null,
+            ldapServer.getSaslRealms()
                 .get( 0 ) );
         assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
 
@@ -331,7 +333,8 @@ public class SaslBindIT extends Abstract
         DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
         LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort()
);
 
-        BindResponse resp = connection.bindGssApi( userDn.getName(), "secret", ldapServer.getSaslRealms().get(
0 )
+        BindResponse resp = connection.bindGssApi( userDn.getRdn().getUpValue().getString(),
"secret", ldapServer
+            .getSaslRealms().get( 0 )
             .toUpperCase(), "localhost", 6088 );
         assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
 
@@ -341,7 +344,7 @@ public class SaslBindIT extends Abstract
         connection.close();
     }
 
-    
+
     /**
      * Tests to make sure DIGEST-MD5 binds below the RootDSE fail if the realm is bad.
      */
@@ -445,7 +448,8 @@ public class SaslBindIT extends Abstract
 
             // Digest-MD5
             connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
-            resp = connection.bindDigestMd5( userDn.getName(), "secret", null, ldapServer.getSaslRealms()
+            resp = connection.bindDigestMd5( userDn.getRdn().getUpValue().getString(), "secret",
null, ldapServer
+                .getSaslRealms()
                 .get( 0 ) );
             assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
             entry = connection.lookup( userDn );
@@ -454,7 +458,7 @@ public class SaslBindIT extends Abstract
 
             // Cram-MD5
             connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
-            resp = connection.bindCramMd5( userDn.getName(), "secret", null );
+            resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(), "secret",
null );
             assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
             entry = connection.lookup( userDn );
             assertEquals( "hnelson", entry.get( "uid" ).getString() );
@@ -462,7 +466,8 @@ public class SaslBindIT extends Abstract
 
             // GSSAPI
             connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
-            resp = connection.bindGssApi( userDn.getName(), "secret", ldapServer.getSaslRealms().get(
0 )
+            resp = connection.bindGssApi( userDn.getRdn().getUpValue().getString(), "secret",
ldapServer
+                .getSaslRealms().get( 0 )
                 .toUpperCase(), "localhost", 6088 );
             assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
             entry = connection.lookup( userDn );
@@ -595,9 +600,10 @@ public class SaslBindIT extends Abstract
         return provider;
     }
 
-    
+
     ////////////////////////
-    protected Entry getPrincipalAttributes( String dn, String sn, String cn, String uid,
String userPassword, String principal ) throws LdapException
+    protected Entry getPrincipalAttributes( String dn, String sn, String cn, String uid,
String userPassword,
+        String principal ) throws LdapException
     {
         Entry entry = new DefaultEntry( new DN( dn ) );
         entry.add( SchemaConstants.OBJECT_CLASS_AT, "person", "inetOrgPerson", "krb5principal",
"krb5kdcentry" );

Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1028841&r1=1028840&r2=1028841&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Fri Oct 29 16:59:05 2010
@@ -1138,29 +1138,22 @@ public class LdapNetworkConnection exten
         // If the session has not been establish, or is closed, we get out immediately
         checkSession();
 
-        if ( bindRequest.isSimple() )
-        {
-            // Update the messageId
-            int newId = messageId.incrementAndGet();
-            bindRequest.setMessageId( newId );
+        // Update the messageId
+        int newId = messageId.incrementAndGet();
+        bindRequest.setMessageId( newId );
 
-            LOG.debug( "-----------------------------------------------------------------"
);
-            LOG.debug( "Sending request \n{}", bindRequest );
+        LOG.debug( "-----------------------------------------------------------------" );
+        LOG.debug( "Sending request \n{}", bindRequest );
 
-            // Create a future for this Bind operation
-            BindFuture bindFuture = new BindFuture( this, newId );
+        // Create a future for this Bind operation
+        BindFuture bindFuture = new BindFuture( this, newId );
 
-            addToFutureMap( newId, bindFuture );
+        addToFutureMap( newId, bindFuture );
 
-            writeBindRequest( bindRequest );
+        writeBindRequest( bindRequest );
 
-            // Ok, done return the future
-            return bindFuture;
-        }
-        else
-        {
-            return bindSasl( new SaslRequest( bindRequest ) );
-        }
+        // Ok, done return the future
+        return bindFuture;
     }
 
 
@@ -1342,31 +1335,34 @@ public class LdapNetworkConnection exten
         Control... ctrls )
         throws LdapException, IOException
     {
-        BindRequest bindRequest = createBindRequest( name, credentials, SupportedSaslMechanisms.GSSAPI,
ctrls );
-
         String krbConfPath = createKrbConfFile( realmName, kdcHost, kdcPort );
         System.setProperty( "java.security.krb5.conf", krbConfPath );
 
         Configuration.setConfiguration( new Krb5LoginConfiguration() );
         System.setProperty( "javax.security.auth.useSubjectCredsOnly", "true" );
 
-        final SaslRequest saslRequest = new SaslRequest( bindRequest );
+        final SaslRequest saslRequest = new SaslRequest();
+        saslRequest.setUsername( name );
+        saslRequest.setCredentials( credentials );
+        saslRequest.setSaslMechanism( SupportedSaslMechanisms.GSSAPI );
+        saslRequest.setRealmName( realmName );
+        saslRequest.addAllControls( ctrls );
 
         try
         {
             LoginContext loginContext = new LoginContext( "ldapnetworkconnection",
-                new SaslCallbackHandler( saslRequest ) );
+                        new SaslCallbackHandler( saslRequest ) );
             loginContext.login();
 
             // Now, bind by calling the internal bindSasl method
             BindFuture future = ( BindFuture ) Subject.doAs( loginContext.getSubject(),
-                new PrivilegedExceptionAction<Object>()
-            {
-                public Object run() throws Exception
-                {
-                    return bindSasl( saslRequest );
-                }
-            } );
+                        new PrivilegedExceptionAction<Object>()
+                    {
+                        public Object run() throws Exception
+                        {
+                            return bindSasl( saslRequest );
+                        }
+                    } );
 
             return future.get();
         }
@@ -3485,13 +3481,15 @@ public class LdapNetworkConnection exten
         Control... ctrls )
         throws LdapException, IOException
     {
-        BindRequest bindReq = createBindRequest( name, credentials, saslMech, ctrls );
-
-        SaslRequest saslReq = new SaslRequest( bindReq );
-        saslReq.setRealmName( realmName );
-        saslReq.setAuthorizationId( authzId );
+        SaslRequest saslRequest = new SaslRequest();
+        saslRequest.setUsername( name );
+        saslRequest.setCredentials( credentials );
+        saslRequest.setSaslMechanism( saslMech );
+        saslRequest.setAuthorizationId( authzId );
+        saslRequest.setRealmName( realmName );
+        saslRequest.addAllControls( ctrls );
 
-        return bindSasl( saslReq );
+        return bindSasl( saslRequest );
     }
 
 
@@ -3511,7 +3509,8 @@ public class LdapNetworkConnection exten
         // If the session has not been establish, or is closed, we get out immediately
         checkSession();
 
-        BindRequest bindRequest = saslRequest.getBindRequest();
+        BindRequest bindRequest = createBindRequest( ( String ) null, null, saslRequest.getSaslMechanism(),
saslRequest
+            .getControls() );
 
         // Update the messageId
         int newId = messageId.incrementAndGet();
@@ -3538,7 +3537,7 @@ public class LdapNetworkConnection exten
                 saslRequest.getAuthorizationId(),
                 "ldap",
                 config.getLdapHost(),
-                saslRequest.getSaslMechProps(),
+                null,
                 new SaslCallbackHandler( saslRequest ) );
 
             // If the SaslClient wasn't created, that means we can't create the SASL client

Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java?rev=1028841&r1=1028840&r2=1028841&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
(original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
Fri Oct 29 16:59:05 2010
@@ -21,10 +21,11 @@
 package org.apache.directory.ldap.client.api;
 
 
-import java.util.HashMap;
-import java.util.Map;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 
-import org.apache.directory.shared.ldap.message.BindRequest;
+import org.apache.directory.shared.ldap.message.control.Control;
 import org.apache.directory.shared.ldap.util.StringTools;
 
 
@@ -35,61 +36,91 @@ import org.apache.directory.shared.ldap.
  */
 public class SaslRequest
 {
-    /** the bind request */
-    private BindRequest bindRequest;
+    /** The list of controls */
+    private List<Control> controls = new ArrayList<Control>();
 
-    /** the sasl mechaism's properties */
-    private Map<String, String> saslMechProps = new HashMap<String, String>();
+    /** The username */
+    private String username;
+
+    /** The credentials */
+    private byte[] credentials;
 
     /** SASL realm name on the server */
     private String realmName;
 
-    /** the authorization ID of the entity */
+    /** The authorization ID of the entity */
     private String authorizationId;
 
+    /** The mechanism used to decode user identity */
+    private String saslMechanism;
+
 
     /**
-     * Creates a new instance of SaslRequest.
+     * Adds the given controls.
      *
-     * @param bindRequest The included BindRequest
+     * @param controls the controls
      */
-    protected SaslRequest( BindRequest bindRequest )
+    public void addAllControls( Control[] controls )
     {
-        this.bindRequest = bindRequest;
+        this.controls.addAll( Arrays.asList( controls ) );
     }
 
 
     /**
-     * @return The interned BindRequest
+     * Adds the given control.
+     *
+     * @param control the control
      */
-    public BindRequest getBindRequest()
+    public void addControl( Control control )
     {
-        return bindRequest;
+        this.controls.add( control );
     }
 
 
     /**
-     * @return The supported SASL mechanisms
+     * Gets the authorization ID.
+     *
+     * @return the authorization ID
      */
-    public Map<String, String> getSaslMechProps()
+    public String getAuthorizationId()
     {
-        return saslMechProps;
+        return authorizationId;
     }
 
 
     /**
-     * Set the supported SASL mechanisms
+     * Gets the controls.
      *
-     * @param saslMechProps The list of supported mechanisms
+     * @return the controls
      */
-    public void setSaslMechProps( Map<String, String> saslMechProps )
+    public Control[] getControls()
     {
-        this.saslMechProps = saslMechProps;
+        return controls.toArray( new Control[0] );
     }
 
 
     /**
-     * @return The realm name
+     * Gets the crendentials
+     *
+     * @return the credentials
+     */
+    public byte[] getCredentials()
+    {
+        if ( credentials != null )
+        {
+            return credentials;
+        }
+        else
+        {
+            return StringTools.EMPTY_BYTES;
+        }
+    }
+
+
+    /**
+     * Gets realm name.
+     *
+     * @return the realm name
      */
     public String getRealmName()
     {
@@ -98,21 +129,24 @@ public class SaslRequest
 
 
     /**
-     * Set the realm Name
-     * @param realmName The realm name
+     * Gets the SASL mechanism.
+     *
+     * @return the SASL mechanism
      */
-    public void setRealmName( String realmName )
+    public String getSaslMechanism()
     {
-        this.realmName = realmName;
+        return saslMechanism;
     }
 
 
     /**
-     * @return The authorization Id
+     * Gets the username.
+     *
+     * @return the username
      */
-    public String getAuthorizationId()
+    public String getUsername()
     {
-        return authorizationId;
+        return username;
     }
 
 
@@ -128,30 +162,45 @@ public class SaslRequest
 
 
     /**
-     * Sets the interned BindRequest
+     * Sets the credentials.
      *
-     * @param bindRequest The interned BindRequest
+     * @param credentials the credentials
      */
-    public void setBindRequest( BindRequest bindRequest )
+    public void setCredentials( byte[] credentials )
     {
-        this.bindRequest = bindRequest;
+        this.credentials = credentials;
     }
 
 
     /**
-     * @return the credentials
+     * Sets the realm name.
+     * 
+     * @param realmName The realm name
      */
-    public byte[] getCredentials()
+    public void setRealmName( String realmName )
     {
-        byte[] credentials = bindRequest.getCredentials();
+        this.realmName = realmName;
+    }
 
-        if ( credentials != null )
-        {
-            return credentials;
-        }
-        else
-        {
-            return StringTools.EMPTY_BYTES;
-        }
+
+    /**
+     * Sets the SASL mechanism
+     *
+     * @param saslMechanism the SASL mechanism
+     */
+    public void setSaslMechanism( String saslMechanism )
+    {
+        this.saslMechanism = saslMechanism;
+    }
+
+
+    /**
+     * Sets the username.
+     *
+     * @param username the username
+     */
+    public void setUsername( String username )
+    {
+        this.username = username;
     }
 }

Modified: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java?rev=1028841&r1=1028840&r2=1028841&view=diff
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
(original)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
Fri Oct 29 16:59:05 2010
@@ -73,19 +73,17 @@ public class SaslCallbackHandler impleme
             {
                 NameCallback ncb = ( NameCallback ) cb;
 
-                String name = saslReq.getBindRequest().getName().getRdn().getUpValue().getString();
+                String name = saslReq.getUsername();
                 LOG.debug( "sending name {} in the NameCallback", name );
-
                 ncb.setName( name );
             }
-
             else if ( cb instanceof PasswordCallback )
             {
                 PasswordCallback pcb = ( PasswordCallback ) cb;
+
                 LOG.debug( "sending credentials in the PasswordCallback" );
                 pcb.setPassword( StringTools.utf8ToString( saslReq.getCredentials() ).toCharArray()
);
             }
-
             else if ( cb instanceof RealmCallback )
             {
                 RealmCallback rcb = ( RealmCallback ) cb;



Mime
View raw message