* @param bindRequest
*/
private void generateSaslChallengeOrComplete( LdapSession ldapSession, SaslServer ss,
InternalBindRequest bindRequest ) throws Exception
{
InternalLdapResult result = bindRequest.getResultResponse().getLdapResult();
// SaslServer will throw an exception if the credentials are null.
if ( bindRequest.getCredentials() == null )
{
bindRequest.setCredentials( StringTools.EMPTY_BYTES );
}
try
{
// Compute the challenge
byte[] tokenBytes = ss.evaluateResponse( bindRequest.getCredentials() );
if ( ss.isComplete() )
{
// This is the end of the C/R exchange
if ( tokenBytes != null )
{
/*
* There may be a token to return to the client. We set it here
* so it will be returned in a SUCCESS message, after an LdapContext
* has been initialized for the client.
*/
ldapSession.putSaslProperty( SaslConstants.SASL_CREDS, tokenBytes );
}
LdapPrincipal ldapPrincipal = ( LdapPrincipal ) ldapSession
.getSaslProperty( SaslConstants.SASL_AUTHENT_USER );
if ( ldapPrincipal != null )
{
DirectoryService ds = ldapSession.getLdapServer().getDirectoryService();
String saslMechanism = bindRequest.getSaslMechanism();
CoreSession userSession = ds.getSession( ldapPrincipal.getClonedName(), ldapPrincipal
.getUserPassword(), saslMechanism, null );
// Set the user session into the ldap session
ldapSession.setCoreSession( userSession );
}
// Mark the user as authenticated
ldapSession.setAuthenticated();
// Call the cleanup method for the selected mechanism
MechanismHandler handler = ( MechanismHandler ) ldapSession
.getSaslProperty( SaslConstants.SASL_MECH_HANDLER );
handler.cleanup( ldapSession );
// Return the successful response
sendBindSuccess( ldapSession, bindRequest, tokenBytes );
}
else
{
// The SASL bind must continue, we are sending the computed challenge
LOG.info( "Continuation token had length " + tokenBytes.length );
// Build the response
result.setResultCode( ResultCodeEnum.SASL_BIND_IN_PROGRESS );
InternalBindResponse resp = ( InternalBindResponse ) bindRequest.getResultResponse();
// Store the challenge
resp.setServerSaslCreds( tokenBytes );