1 21 package org.jsmtpd.plugins.smtpExtension; 22 23 import java.io.UnsupportedEncodingException ; 24 import java.security.MessageDigest ; 25 import java.security.NoSuchAlgorithmException ; 26 import java.util.Hashtable ; 27 28 import javax.naming.Context ; 29 import javax.naming.InitialContext ; 30 import javax.naming.NamingEnumeration ; 31 import javax.naming.NamingException ; 32 import javax.naming.directory.Attribute ; 33 import javax.naming.directory.Attributes ; 34 import javax.naming.directory.DirContext ; 35 import javax.naming.directory.SearchControls ; 36 import javax.naming.directory.SearchResult ; 37 38 import org.apache.commons.logging.Log; 39 import org.apache.commons.logging.LogFactory; 40 import org.jsmtpd.core.common.PluginInitException; 41 import org.vps.crypt.Crypt; 42 43 import sun.misc.BASE64Encoder; 44 49 public class LdapAuthenticator extends SmtpAuthenticator { 50 private static Log log = LogFactory.getLog(LdapAuthenticator.class); 51 52 private String adminBindDn; private String adminBindPassword; 54 private String ldapUrl; 55 56 private String ldapUserProvider; 58 private String ldapUserPassword; 59 64 private String ldapUserLogin="uid"; 65 private MessageDigest md; 66 67 protected boolean performAuth(String login, byte[] password) { 68 Hashtable <String ,String > environnement; 69 environnement = new Hashtable <String ,String >(); 70 environnement.put(Context.SECURITY_PRINCIPAL,adminBindDn); 71 environnement.put(Context.SECURITY_CREDENTIALS,adminBindPassword); 72 73 InitialContext initialContext; 74 try { 75 initialContext = new InitialContext (environnement); 76 DirContext ctx = (DirContext ) initialContext.lookup(ldapUrl); 77 SearchControls searchControl = new SearchControls (); 78 NamingEnumeration <SearchResult > namingEnumeration = ctx.search(ldapUserProvider,"("+ldapUserLogin+"="+login+")",searchControl); 79 while (namingEnumeration.hasMore()) { 80 SearchResult result = namingEnumeration.next(); 81 Attributes attributes = result.getAttributes(); 82 Attribute ldapAttrPass = attributes.get(ldapUserPassword); 83 String ldapPass = new String ((byte[])ldapAttrPass.get(), "UTF8"); 84 if (ldapPass==null) 85 return false; 86 87 if (ldapPass.startsWith("{md5}")) { 88 String pwd=ldapPass.substring(5); 89 byte[] bytePass = md.digest(password); 90 BASE64Encoder b = new BASE64Encoder(); 91 String inputPass = b.encode(bytePass); 92 if (pwd.equals(inputPass)) { 93 log.debug("user "+login+" authenticated (md5 password)"); 94 return true; 95 } else { 96 log.debug("user "+login+" authentication failed (md5 password)"); 97 return false; 98 } 99 } 100 101 if (ldapPass.startsWith("{crypt}")) { 102 String full = ldapPass.substring(7); 103 String salt = full.substring(0,2); 104 String rv = Crypt.crypt(salt.getBytes(),password); 105 106 if (rv.equals(full)) { 107 log.debug("user "+login+" authenticated (crypt password)"); 108 return true; 109 } else { 110 log.debug("user "+login+" authentication failed (crypt password)"); 111 return false; 112 } 113 } 114 115 log.error("I don't know how to handle encryption for user "+login+" in ldap entry"); 116 } 117 } catch (NamingException e) { 118 log.error("Can't query server for aliases",e); 119 } catch (UnsupportedEncodingException e) { 120 log.error("Can't convert enc password",e); 121 } 122 123 return false; 124 } 125 126 public String getPluginName() { 127 return "Ldap Authenticator for Jsmtpd"; 128 } 129 130 public void initPlugin() throws PluginInitException { 131 try { 132 md= MessageDigest.getInstance("md5"); 133 } catch (NoSuchAlgorithmException e) { 134 throw new PluginInitException("No md5 available"); 135 } 136 } 137 138 public void shutdownPlugin() { 139 } 140 141 public void setLdapUrl(String ldapUrl) { 142 this.ldapUrl = ldapUrl; 143 } 144 145 public void setLdapUserLogin(String ldapUserLogin) { 146 this.ldapUserLogin = ldapUserLogin; 147 } 148 149 public void setLdapUserPassword(String ldapUserPassword) { 150 this.ldapUserPassword = ldapUserPassword; 151 } 152 153 public void setLdapUserProvider(String ldapUserProvider) { 154 this.ldapUserProvider = ldapUserProvider; 155 } 156 157 public void setAdminBindDn(String adminBindDn) { 158 this.adminBindDn = adminBindDn; 159 } 160 161 public void setAdminBindPassword(String adminBindPassword) { 162 this.adminBindPassword = adminBindPassword; 163 } 164 165 } 166 | Popular Tags |