Java > Open Source Codes > org > jsmtpd > plugins > smtpExtension > LdapAuthenticator


1 /*
2  *
3  * Jsmtpd, Java SMTP daemon
4  * Copyright (C) 2005 Jean-Francois POUX, jf.poux@laposte.net
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2
9  * of the License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19  *
20  */
21 package org.jsmtpd.plugins.smtpExtension;
22
23 import java.io.UnsupportedEncodingException ;
24 import java.security.MessageDigest ;
25 import java.security.NoSuchAlgorithmException ;
26 import java.util.Hashtable ;
27
28 import javax.naming.Context ;
29 import javax.naming.InitialContext ;
30 import javax.naming.NamingEnumeration ;
31 import javax.naming.NamingException ;
32 import javax.naming.directory.Attribute ;
33 import javax.naming.directory.Attributes ;
34 import javax.naming.directory.DirContext ;
35 import javax.naming.directory.SearchControls ;
36 import javax.naming.directory.SearchResult ;
37
38 import org.apache.commons.logging.Log;
39 import org.apache.commons.logging.LogFactory;
40 import org.jsmtpd.core.common.PluginInitException;
41 import org.vps.crypt.Crypt;
42
43 import sun.misc.BASE64Encoder;
44 /**
45  * 1/04/06 : Change to query primary mail by fixed attribute, not by uid (for multiple domains and outgoing)
46  * @author jf poux
47  *
48  */
49 public class LdapAuthenticator extends SmtpAuthenticator {
50     private static Log log = LogFactory.getLog(LdapAuthenticator.class);
51     
52     private String adminBindDn; // ex cn=administrator,dc=jsmtpd,dc=org
53 private String adminBindPassword;
54     private String ldapUrl;
55     
56     // How to query the user db
57 private String ldapUserProvider;
58     private String ldapUserPassword;
59     /**
60      * By default, will use uid attribute (posix/shadow account schema), in this case login = uid
61      * If you want vdom, set to primary mail attribute (should be unique in the directory).
62      * Users will then provide their primary mail as login.
63      */
64     private String ldapUserLogin="uid";
65     private MessageDigest md;
66     
67     protected boolean performAuth(String login, byte[] password) {
68         Hashtable <String ,String > environnement;
69         environnement = new Hashtable <String ,String >();
70         environnement.put(Context.SECURITY_PRINCIPAL,adminBindDn);
71         environnement.put(Context.SECURITY_CREDENTIALS,adminBindPassword);
72         
73         InitialContext initialContext;
74         try {
75             initialContext = new InitialContext (environnement);
76             DirContext ctx = (DirContext ) initialContext.lookup(ldapUrl);
77             SearchControls searchControl = new SearchControls ();
78             NamingEnumeration <SearchResult > namingEnumeration = ctx.search(ldapUserProvider,"("+ldapUserLogin+"="+login+")",searchControl);
79             while (namingEnumeration.hasMore()) {
80                 SearchResult result = namingEnumeration.next();
81                 Attributes attributes = result.getAttributes();
82                 Attribute ldapAttrPass = attributes.get(ldapUserPassword);
83                 String ldapPass = new String ((byte[])ldapAttrPass.get(), "UTF8");
84                 if (ldapPass==null)
85                     return false;
86                 
87                 if (ldapPass.startsWith("{md5}")) {
88                     String pwd=ldapPass.substring(5);
89                     byte[] bytePass = md.digest(password);
90                     BASE64Encoder b = new BASE64Encoder();
91                     String inputPass = b.encode(bytePass);
92                     if (pwd.equals(inputPass)) {
93                         log.debug("user "+login+" authenticated (md5 password)");
94                         return true;
95                     } else {
96                         log.debug("user "+login+" authentication failed (md5 password)");
97                         return false;
98                     }
99                 }
100                 
101                 if (ldapPass.startsWith("{crypt}")) {
102                     String full = ldapPass.substring(7);
103                     String salt = full.substring(0,2);
104                     String rv = Crypt.crypt(salt.getBytes(),password);
105
106                     if (rv.equals(full)) {
107                         log.debug("user "+login+" authenticated (crypt password)");
108                         return true;
109                     } else {
110                         log.debug("user "+login+" authentication failed (crypt password)");
111                         return false;
112                     }
113                 }
114                 
115                 log.error("I don't know how to handle encryption for user "+login+" in ldap entry");
116             }
117         } catch (NamingException e) {
118             log.error("Can't query server for aliases",e);
119         } catch (UnsupportedEncodingException e) {
120             log.error("Can't convert enc password",e);
121         }
122         
123         return false;
124     }
125
126     public String getPluginName() {
127         return "Ldap Authenticator for Jsmtpd";
128     }
129
130     public void initPlugin() throws PluginInitException {
131         try {
132             md= MessageDigest.getInstance("md5");
133         } catch (NoSuchAlgorithmException e) {
134             throw new PluginInitException("No md5 available");
135         }
136     }
137
138     public void shutdownPlugin() {
139     }
140
141     public void setLdapUrl(String ldapUrl) {
142         this.ldapUrl = ldapUrl;
143     }
144
145     public void setLdapUserLogin(String ldapUserLogin) {
146         this.ldapUserLogin = ldapUserLogin;
147     }
148
149     public void setLdapUserPassword(String ldapUserPassword) {
150         this.ldapUserPassword = ldapUserPassword;
151     }
152
153     public void setLdapUserProvider(String ldapUserProvider) {
154         this.ldapUserProvider = ldapUserProvider;
155     }
156     
157     public void setAdminBindDn(String adminBindDn) {
158         this.adminBindDn = adminBindDn;
159     }
160     
161     public void setAdminBindPassword(String adminBindPassword) {
162         this.adminBindPassword = adminBindPassword;
163     }
164
165 }
166

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags