BindOperationBasis.java revision 65e99be301d5a19db33f25841f671756e8dbb9b5
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2007-2008 Sun Microsystems, Inc.
*/
/**
* This class defines an operation that may be used to authenticate a user to
* the Directory Server. Note that for security restrictions, response messages
* that may be returned to the client must be carefully cleaned to ensure that
* they do not provide a malicious client with information that may be useful in
* an attack. This does impact the debugability of the server, but that can
* be addressed by calling the <CODE>setAuthFailureReason</CODE> method, which
* can provide a reason for a failure in a form that will not be returned to the
* client but may be written to a log file.
*/
public class BindOperationBasis
extends AbstractOperation
implements BindOperation, PreParseBindOperation
{
/**
* The tracer object for the debug logger.
*/
// The credentials used for SASL authentication.
private ASN1OctetString saslCredentials;
// The server SASL credentials provided to the client in the response.
private ASN1OctetString serverSASLCredentials;
// The authentication info for this bind operation.
// The authentication type used for this bind operation.
private AuthenticationType authType;
// The raw, unprocessed bind DN as contained in the client request.
private ByteString rawBindDN;
// The password used for simple authentication.
private ByteString simplePassword;
// The bind DN used for this bind operation.
// The DN of the user entry that is attempting to authenticate.
private DN userEntryDN;
// The DN of the user as whom a SASL authentication was attempted (regardless
// of whether the authentication was successful) for the purpose of updating
// password policy state information.
private Entry saslAuthUserEntry;
// The set of response controls for this bind operation.
// A message explaining the reason for the authentication failure.
private Message authFailureReason;
// The SASL mechanism used for SASL authentication.
private String saslMechanism;
// A string representation of the protocol version for this bind operation.
private String protocolVersion;
/**
* Creates a new simple bind operation with the provided information.
*
* @param clientConnection The client connection with which this operation
* is associated.
* @param operationID The operation ID for this operation.
* @param messageID The message ID of the request with which this
* operation is associated.
* @param requestControls The set of controls included in the request.
* @param protocolVersion The string representation of the protocol version
* associated with this bind request.
* @param rawBindDN The raw, unprocessed bind DN as provided in the
* request from the client.
* @param simplePassword The password to use for the simple
* authentication.
*/
{
this.protocolVersion = protocolVersion;
this.saslMechanism = null;
this.saslCredentials = null;
{
this.rawBindDN = new ASN1OctetString();
}
else
{
}
if (simplePassword == null)
{
this.simplePassword = new ASN1OctetString();
}
else
{
this.simplePassword = simplePassword;
}
userEntryDN = null;
}
/**
* Creates a new SASL bind operation with the provided information.
*
* @param clientConnection The client connection with which this operation
* is associated.
* @param operationID The operation ID for this operation.
* @param messageID The message ID of the request with which this
* operation is associated.
* @param requestControls The set of controls included in the request.
* @param protocolVersion The string representation of the protocol version
* associated with this bind request.
* @param rawBindDN The raw, unprocessed bind DN as provided in the
* request from the client.
* @param saslMechanism The SASL mechanism included in the request.
* @param saslCredentials The optional SASL credentials included in the
* request.
*/
{
this.protocolVersion = protocolVersion;
this.saslMechanism = saslMechanism;
this.saslCredentials = saslCredentials;
this.simplePassword = null;
{
this.rawBindDN = new ASN1OctetString();
}
else
{
}
userEntryDN = null;
}
/**
* Creates a new simple bind operation with the provided information.
*
* @param clientConnection The client connection with which this operation
* is associated.
* @param operationID The operation ID for this operation.
* @param messageID The message ID of the request with which this
* operation is associated.
* @param requestControls The set of controls included in the request.
* @param protocolVersion The string representation of the protocol version
* associated with this bind request.
* @param bindDN The bind DN for this bind operation.
* @param simplePassword The password to use for the simple
* authentication.
*/
{
this.protocolVersion = protocolVersion;
this.saslMechanism = null;
this.saslCredentials = null;
{
rawBindDN = new ASN1OctetString();
}
else
{
}
if (simplePassword == null)
{
this.simplePassword = new ASN1OctetString();
}
else
{
this.simplePassword = simplePassword;
}
userEntryDN = null;
}
/**
* Creates a new SASL bind operation with the provided information.
*
* @param clientConnection The client connection with which this operation
* is associated.
* @param operationID The operation ID for this operation.
* @param messageID The message ID of the request with which this
* operation is associated.
* @param requestControls The set of controls included in the request.
* @param protocolVersion The string representation of the protocol version
* associated with this bind request.
* @param bindDN The bind DN for this bind operation.
* @param saslMechanism The SASL mechanism included in the request.
* @param saslCredentials The optional SASL credentials included in the
* request.
*/
{
this.protocolVersion = protocolVersion;
this.saslMechanism = saslMechanism;
this.saslCredentials = saslCredentials;
this.simplePassword = null;
{
rawBindDN = new ASN1OctetString();
}
else
{
}
userEntryDN = null;
}
/**
* {@inheritDoc}
*/
public final AuthenticationType getAuthenticationType()
{
return authType;
}
/**
* {@inheritDoc}
*/
public final ByteString getRawBindDN()
{
return rawBindDN;
}
/**
* {@inheritDoc}
*/
{
{
this.rawBindDN = new ASN1OctetString();
}
else
{
}
}
/**
* {@inheritDoc}
*/
{
try
{
{
}
}
catch (DirectoryException de)
{
if (debugEnabled())
{
}
}
return bindDN;
}
/**
* {@inheritDoc}
*/
public final ByteString getSimplePassword()
{
return simplePassword;
}
/**
* {@inheritDoc}
*/
{
if (simplePassword == null)
{
this.simplePassword = new ASN1OctetString();
}
else
{
this.simplePassword = simplePassword;
}
}
/**
* {@inheritDoc}
*/
public final String getSASLMechanism()
{
return saslMechanism;
}
/**
* {@inheritDoc}
*/
public final ASN1OctetString getSASLCredentials()
{
return saslCredentials;
}
/**
* {@inheritDoc}
*/
{
this.saslMechanism = saslMechanism;
this.saslCredentials = saslCredentials;
}
/**
* {@inheritDoc}
*/
public final ASN1OctetString getServerSASLCredentials()
{
return serverSASLCredentials;
}
/**
* {@inheritDoc}
*/
public final void setServerSASLCredentials(ASN1OctetString
{
}
/**
* {@inheritDoc}
*/
public final Entry getSASLAuthUserEntry()
{
return saslAuthUserEntry;
}
/**
* {@inheritDoc}
*/
{
this.saslAuthUserEntry = saslAuthUserEntry;
}
/**
* {@inheritDoc}
*/
public final Message getAuthFailureReason()
{
return authFailureReason;
}
/**
* {@inheritDoc}
*/
{
{
}
else
{
}
}
/**
* {@inheritDoc}
*/
public final DN getUserEntryDN()
{
return userEntryDN;
}
/**
* {@inheritDoc}
*/
public final AuthenticationInfo getAuthenticationInfo()
{
return authInfo;
}
/**
* {@inheritDoc}
*/
{
}
/**
* {@inheritDoc}
*/
@Override()
public final OperationType getOperationType()
{
// Note that no debugging will be done in this method because it is a likely
// candidate for being called by the logging subsystem.
return OperationType.BIND;
}
/**
* {@inheritDoc}
*/
@Override()
)
{
message);
}
/**
* {@inheritDoc}
*/
@Override()
public final String[][] getRequestLogElements()
{
// Note that no debugging will be done in this method because it is a likely
// candidate for being called by the logging subsystem.
{
return new String[][]
{
};
}
else
{
return new String[][]
{
};
}
}
/**
* {@inheritDoc}
*/
@Override()
public final String[][] getResponseLogElements()
{
// Note that no debugging will be done in this method because it is a likely
// candidate for being called by the logging subsystem.
if (errorMessageBuffer == null)
{
errorMessage = null;
}
else
{
}
{
matchedDNStr = null;
}
else
{
}
{
}
else
{
{
}
}
return new String[][]
{
};
}
/**
* {@inheritDoc}
*/
@Override()
{
return responseControls;
}
/**
* {@inheritDoc}
*/
@Override()
{
}
/**
* {@inheritDoc}
*/
@Override()
{
}
/**
* {@inheritDoc}
*/
@Override()
{
return CancelResult.CANNOT_CANCEL;
}
/**
* {@inheritDoc}
*/
@Override()
public final CancelRequest getCancelRequest()
{
return null;
}
/**
* {@inheritDoc}
*/
@Override()
public
{
// Bind operations cannot be canceled.
return false;
}
/**
* {@inheritDoc}
*/
@Override()
{
}
/**
* {@inheritDoc}
*/
{
this.userEntryDN = userEntryDN;
}
/**
* {@inheritDoc}
*/
public String getProtocolVersion()
{
return protocolVersion;
}
/**
* {@inheritDoc}
*/
{
this.protocolVersion = protocolVersion;
}
/**
* {@inheritDoc}
*/
public final void run()
{
// Start the processing timer and initially set the result to indicate that
// the result is unknown.
// Set a flag to indicate that a bind operation is in progress. This should
// ensure that no new operations will be accepted for this client until the
// bind is complete.
// Wipe out any existing authentication for the client connection and create
// a placeholder that will be used if the bind is successful.
// Abandon any operations that may be in progress for the client.
// Get the plugin config manager that will be used for invoking plugins.
// This flag is set to true as soon as a workflow has been executed.
boolean workflowExecuted = false;
// Create a labeled block of code that we can break out of if a problem is
// detected.
{
// Invoke the pre-parse bind plugins.
{
// There's no point in continuing with anything. Log the request and
// result and return.
logBindRequest(this);
logBindResponse(this);
clientConnection.setBindInProgress(false);
return;
}
else if (preParseResult.sendResponseImmediately())
{
logBindRequest(this);
break bindProcessing;
}
else if (preParseResult.skipCoreProcessing())
{
break bindProcessing;
}
// Log the bind request message.
logBindRequest(this);
// Process the bind DN to convert it from the raw form as provided by the
// client into the form required for the rest of the bind processing.
break bindProcessing;
}
// If this is a simple bind
// Then check wether the bind DN is actually one of the alternate root DNs
// defined in the server. If so, then replace it with the actual DN
// for that user.
switch (getAuthenticationType())
{
case SIMPLE:
if (actualRootDN != null)
{
}
}
// Retrieve the network group attached to the client connection
// and get a workflow to process the operation.
{
// We have found no workflow for the requested base DN, just return
// a no such entry result code and stop the processing.
break bindProcessing;
}
workflowExecuted = true;
} // end of processing block
// Check for a terminated connection.
{
// Stop the processing timer.
// Log the bind response message.
logBindResponse(this);
return;
}
// If the bind processing is finished, then unset the "bind in progress"
// flag to allow other operations to be processed on the connection.
{
clientConnection.setBindInProgress(false);
}
// Stop the processing timer.
// Send the bind response to the client.
clientConnection.sendResponse(this);
// Log the bind response.
logBindResponse(this);
// Invoke the post-response bind plugins.
}
/**
* Invokes the post response plugins. If a workflow has been executed
* then invoke the post response plugins provided by the workflow
* elements of the worklfow, otherwise invoke the post reponse plugins
* that have been registered with the current operation.
*
* @param workflowExecuted <code>true</code> if a workflow has been
* executed
*/
private void invokePostResponsePlugins(boolean workflowExecuted)
{
// Get the plugin config manager that will be used for invoking plugins.
// Invoke the post response plugins
if (workflowExecuted)
{
// The post responses are provided by the workflow elements of the
// workflow.
if (localOperations != null)
{
{
// Invoke the post-response bind plugins.
}
}
else
{
// The current operation does not implement any bind post response
// interface so we cannot invoke any post-response plugin.
}
}
}
/**
* Updates the error message and the result code of the operation.
*
* This method is called because no workflows were found to process
* the operation.
*/
private void updateOperationErrMsgAndResCode()
{
}
}