/** * Get back a session for a given user bound with SASL Bind */ public CoreSession getSession( Dn principalDn, byte[] credentials, String saslMechanism, String saslAuthId ) throws Exception { synchronized ( this ) { if ( !started ) { throw new IllegalStateException( "Service has not started." ); } } BindOperationContext bindContext = new BindOperationContext( null ); bindContext.setCredentials( credentials ); bindContext.setDn( principalDn.apply( schemaManager ) ); bindContext.setSaslMechanism( saslMechanism ); bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) ); operationManager.bind( bindContext ); return bindContext.getSession(); }
/** * Used to encapsulate [de]marshalling of controls before and after bind operations. * * @param bindDn The user's Dn * @param credentials The credentials * @param saslMechanism The SASL mechanism to use * @param saslAuthId The SASL authorization ID * @return A BindOperationContext instance * @throws Exception If the Bind failed */ protected BindOperationContext doBindOperation( Dn bindDn, byte[] credentials, String saslMechanism, String saslAuthId ) throws Exception { // setup the op context and populate with request controls BindOperationContext bindContext = new BindOperationContext( null ); bindContext.setDn( bindDn ); bindContext.setCredentials( credentials ); bindContext.setSaslMechanism( saslMechanism ); bindContext.setSaslAuthId( saslAuthId ); bindContext.addRequestControls( convertControls( true, requestControls ) ); bindContext.setInterceptors( getDirectoryService().getInterceptors( OperationEnum.BIND ) ); // execute bind operation OperationManager operationManager = service.getOperationManager(); operationManager.bind( bindContext ); // clear the request controls and set the response controls requestControls = EMPTY_CONTROLS; responseControls = JndiUtils.toJndiControls( getDirectoryService().getLdapCodecService(), bindContext.getResponseControls() ); return bindContext; }
LOG.debug( "Authenticating {}", bindContext.getDn() ); byte[] credentials = bindContext.getCredentials(); IoSession session = bindContext.getIoSession(); try checkPwdPolicy( bindContext.getEntry() ); LOG.debug( "{} Authentication failed: {}", bindContext.getDn(), ppe.getMessage() ); throw ppe; LOG.debug( "{} Authenticated", bindContext.getDn() ); String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() ); LOG.info( message ); throw new LdapAuthenticationException( message );
BindOperationContext bindContext = new BindOperationContext( null ); bindContext.setCredentials( bindRequest.getCredentials() ); bindContext.setDn( bindDn ); bindContext.setInterceptors( directoryService.getInterceptors( OperationEnum.BIND ) ); bindContext.addRequestControl( control ); bindContext.setSaslMechanism( bindRequest.getSaslMechanism() ); session = bindContext.getSession(); bindResp.addAllControls( bindContext.getResponseControls() );
BindOperationContext bindContext = new BindOperationContext( null ); bindContext.setDn( bindRequest.getDn() ); bindContext.setCredentials( bindRequest.getCredentials() ); bindContext.setIoSession( ldapSession.getIoSession() ); bindContext.setInterceptors( directoryService.getInterceptors( OperationEnum.BIND ) ); bindContext.setInterceptors( directoryService.getInterceptors( OperationEnum.BIND ) ); directoryService.getOperationManager().bind( bindContext ); CoreSession coreSession = bindContext.getSession(); ldapSession.setCoreSession( coreSession ); ( ( DefaultCoreSession ) coreSession ).setIoSession( bindContext.getIoSession() ); bindRequest.getResultResponse().addAllControls( bindContext.getResponseControls() ); sendBindSuccess( ldapSession, bindRequest, null ); bindRequest.getResultResponse().addAllControls( bindContext.getResponseControls() );
CoreSession session = bindContext.getSession(); Dn bindDn = bindContext.getDn(); bindContext.setCredentials( null ); AuthenticationLevel level = bindContext.getAuthenticationLevel(); boolean isPPolicyReqCtrlPresent = bindContext.hasRequestControl( PasswordPolicy.OID ); PasswordPolicyDecorator pwdRespCtrl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); bindContext.setCredentials( null ); clonedPrincipal.setUserPassword( Strings.EMPTY_BYTES ); bindContext.setSession( newSession ); LOG.info( "Authenticator {} failed to authenticate: {}", authenticator, bindContext.getDn() ); LOG.info( "Unexpected failure for Authenticator {} : {}", authenticator, bindContext.getDn() ); bindContext.addResponseControl( pwdRespCtrl ); Entry userEntry = bindContext.getEntry(); lookupContext.setPartition( bindContext.getPartition() ); lookupContext.setTransaction( bindContext.getTransaction() ); bindContext.getSession().setPwdMustChange( true );
BindOperationContext bindContext = new BindOperationContext( adminSession ); bindContext.setDn( userDn ); bindContext.setCredentials( oldPassword );
bindContext.getDn(), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES ); lookupContext.setPartition( bindContext.getPartition() ); lookupContext.setTransaction( bindContext.getTransaction() ); Dn dn = bindContext.getDn(); String upDn = dn == null ? "" : dn.getName(); bindContext.setEntry( new ClonedServerEntry( userEntry ) );
/** * Creates a new instance of BindOperationContext. * * @param session The session to use */ public BindOperationContext( CoreSession session ) { super( session ); if ( session != null ) { setInterceptors( session.getDirectoryService().getInterceptors( OperationEnum.BIND ) ); } }
LOG.debug( "Authenticating {}", bindContext.getDn() ); Dn bindDn = bindContext.getDn(); ldapConnection.bind( bindDn, Strings.utf8ToString( bindContext.getCredentials() ) ); bindContext.getCredentials() ); IoSession session = bindContext.getIoSession();
props.getSaslMechanism(), props.getSaslAuthId() ); session = bindContext.getSession(); OperationManager operationManager = service.getOperationManager();
/** * User has already been authenticated during SASL negotiation. Set the authentication level * to strong and return an {@link LdapPrincipal}. */ @Override public LdapPrincipal authenticate( BindOperationContext bindContext ) throws LdapAuthenticationException { // Possibly check if user account is disabled, other account checks. LdapPrincipal principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(), AuthenticationLevel.STRONG ); IoSession session = bindContext.getIoSession(); if ( session != null ) { SocketAddress clientAddress = session.getRemoteAddress(); principal.setClientAddress( clientAddress ); SocketAddress serverAddress = session.getServiceAddress(); principal.setServerAddress( serverAddress ); } return principal; } }
/** * @see Object#toString() */ public String toString() { return "BindContext for Dn '" + getDn().getName() + "', credentials <" + ( credentials != null ? Strings.dumpBytes( credentials ) : "" ) + ">" + ( saslMechanism != null ? ", saslMechanism : <" + saslMechanism + ">" : "" ) + ( saslAuthId != null ? ", saslAuthId <" + saslAuthId + ">" : "" ); }
LdapPrincipal principal = getDirectoryService().getAdminSession().getAnonymousPrincipal(); IoSession session = bindContext.getIoSession();
principal = ( LdapPrincipal ) credentialCache.get( bindContext.getDn() ); principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(), AuthenticationLevel.SIMPLE ); principal.setUserPassword( storedPasswords ); credentialCache.put( bindContext.getDn().getNormName(), principal );
/** * Get back a session for the give user and credentials bound with Simple Bind */ public CoreSession getSession( Dn principalDn, byte[] credentials ) throws LdapException { synchronized ( this ) { if ( !started ) { throw new IllegalStateException( "Service has not started." ); } } BindOperationContext bindContext = new BindOperationContext( null ); bindContext.setCredentials( credentials ); bindContext.setDn( principalDn.apply( schemaManager ) ); bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) ); operationManager.bind( bindContext ); return bindContext.getSession(); }
/** * Try to authenticate the usr against the underlying LDAP server. */ private CoreSession authenticate( String user, String password ) throws InvalidNameException, Exception { BindOperationContext bindContext = new BindOperationContext( getLdapSession().getCoreSession() ); bindContext.setDn( new Dn( user ) ); bindContext.setCredentials( Strings.getBytesUtf8( password ) ); getAdminSession().getDirectoryService().getOperationManager().bind( bindContext ); return bindContext.getSession(); }
BindOperationContext bindContext = new BindOperationContext( ldapSession.getCoreSession() ); bindContext.setDn( entry.getDn() ); bindContext.setCredentials( Strings.getBytesUtf8( password ) ); bindContext.setIoSession( ldapSession.getIoSession() ); bindContext.setInterceptors( directoryService.getInterceptors( OperationEnum.BIND ) ); return bindContext.getSession();
BindOperationContext bindContext = new BindOperationContext( null ); bindContext.setDn( bindRequest.getDn() ); bindContext.setCredentials( bindRequest.getCredentials() ); bindContext.setInterceptors( ldapSession.getLdapServer().getDirectoryService() .getInterceptors( OperationEnum.BIND ) ); ldapSession.setCoreSession( bindContext.getSession() );